put_by_val_direct need to check the property is index or not for using putDirect...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
4         https://bugs.webkit.org/show_bug.cgi?id=140426
5
6         Reviewed by Geoffrey Garen.
7
8         In the put_by_val_direct operation, we use JSObject::putDirect.
9         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
10         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
11         It forces callers to check the value is index or not explicitly.
12         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
13
14         * bytecode/GetByIdStatus.cpp:
15         (JSC::GetByIdStatus::computeFor):
16         * bytecode/PutByIdStatus.cpp:
17         (JSC::PutByIdStatus::computeFor):
18         * bytecompiler/BytecodeGenerator.cpp:
19         (JSC::BytecodeGenerator::emitDirectPutById):
20         * dfg/DFGOperations.cpp:
21         (JSC::DFG::operationPutByValInternal):
22         * jit/JITOperations.cpp:
23         * jit/Repatch.cpp:
24         (JSC::emitPutTransitionStubAndGetOldStructure):
25         * jsc.cpp:
26         * llint/LLIntSlowPaths.cpp:
27         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
28         * runtime/Arguments.cpp:
29         (JSC::Arguments::getOwnPropertySlot):
30         (JSC::Arguments::put):
31         (JSC::Arguments::deleteProperty):
32         (JSC::Arguments::defineOwnProperty):
33         * runtime/ArrayPrototype.cpp:
34         (JSC::arrayProtoFuncSort):
35         * runtime/JSArray.cpp:
36         (JSC::JSArray::defineOwnProperty):
37         * runtime/JSCJSValue.cpp:
38         (JSC::JSValue::putToPrimitive):
39         * runtime/JSGenericTypedArrayViewInlines.h:
40         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
41         (JSC::JSGenericTypedArrayView<Adaptor>::put):
42         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
43         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
44         * runtime/JSObject.cpp:
45         (JSC::JSObject::put):
46         (JSC::JSObject::putDirectAccessor):
47         (JSC::JSObject::putDirectCustomAccessor):
48         (JSC::JSObject::deleteProperty):
49         (JSC::JSObject::putDirectMayBeIndex):
50         (JSC::JSObject::defineOwnProperty):
51         * runtime/JSObject.h:
52         (JSC::JSObject::getOwnPropertySlot):
53         (JSC::JSObject::getPropertySlot):
54         (JSC::JSObject::putDirectInternal):
55         * runtime/JSString.cpp:
56         (JSC::JSString::getStringPropertyDescriptor):
57         * runtime/JSString.h:
58         (JSC::JSString::getStringPropertySlot):
59         * runtime/LiteralParser.cpp:
60         (JSC::LiteralParser<CharType>::parse):
61         * runtime/PropertyName.h:
62         (JSC::toUInt32FromCharacters):
63         (JSC::toUInt32FromStringImpl):
64         (JSC::PropertyName::asIndex):
65         * runtime/PropertyNameArray.cpp:
66         (JSC::PropertyNameArray::add):
67         * runtime/StringObject.cpp:
68         (JSC::StringObject::deleteProperty):
69         * runtime/Structure.cpp:
70         (JSC::Structure::prototypeChainMayInterceptStoreTo):
71
72 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
73
74         Consolidate out arguments of parseFunctionInfo into a struct
75         https://bugs.webkit.org/show_bug.cgi?id=140754
76
77         Reviewed by Oliver Hunt.
78
79         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
80
81         * JavaScriptCore.xcodeproj/project.pbxproj:
82         * parser/ASTBuilder.h:
83         (JSC::ASTBuilder::createFunctionExpr):
84         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
85         ParserFunctionInfo since the property name and the function name could differ.
86         (JSC::ASTBuilder::createFuncDeclStatement):
87         * parser/Parser.cpp:
88         (JSC::Parser<LexerType>::parseFunctionInfo):
89         (JSC::Parser<LexerType>::parseFunctionDeclaration):
90         (JSC::Parser<LexerType>::parseProperty):
91         (JSC::Parser<LexerType>::parseMemberExpression):
92         * parser/Parser.h:
93         * parser/ParserFunctionInfo.h: Added.
94         * parser/SyntaxChecker.h:
95         (JSC::SyntaxChecker::createFunctionExpr):
96         (JSC::SyntaxChecker::createFuncDeclStatement):
97         (JSC::SyntaxChecker::createClassDeclStatement):
98         (JSC::SyntaxChecker::createGetterOrSetterProperty):
99
100 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
101
102         Change Heap::m_compiledCode to use a Vector
103         https://bugs.webkit.org/show_bug.cgi?id=140717
104
105         Reviewed by Andreas Kling.
106
107         Right now it's a DoublyLinkedList, which is iterated during each
108         collection. This contributes to some of the longish Eden pause times.
109         A Vector would be more appropriate and would also allow ExecutableBase
110         to be 2 pointers smaller.
111
112         * heap/Heap.cpp:
113         (JSC::Heap::deleteAllCompiledCode):
114         (JSC::Heap::deleteAllUnlinkedFunctionCode):
115         (JSC::Heap::clearUnmarkedExecutables):
116         * heap/Heap.h:
117         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
118
119 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
120
121         BytecodeGenerator shouldn't expose all of its member variables
122         https://bugs.webkit.org/show_bug.cgi?id=140752
123
124         Reviewed by Mark Lam.
125
126         Added "private:" and removed unused data members as detected by clang.
127
128         * bytecompiler/BytecodeGenerator.cpp:
129         (JSC::BytecodeGenerator::BytecodeGenerator):
130         * bytecompiler/BytecodeGenerator.h:
131         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
132         * bytecompiler/NodesCodegen.cpp:
133         (JSC::BinaryOpNode::emitBytecode):
134
135 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
136
137         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
138         https://bugs.webkit.org/show_bug.cgi?id=140746
139
140         Reviewed by Timothy Hatcher.
141
142         * inspector/InjectedScriptSource.js:
143         Do not add impure properties to the descriptor object that will
144         eventually be sent to the frontend.
145
146 2015-01-21  Matthew Mirman  <mmirman@apple.com>
147
148         Updated split such that it does not include the empty end of input string match.
149         https://bugs.webkit.org/show_bug.cgi?id=138129
150         <rdar://problem/18807403>
151
152         Reviewed by Filip Pizlo.
153
154         * runtime/StringPrototype.cpp:
155         (JSC::stringProtoFuncSplit):
156         * tests/stress/empty_eos_regex_split.js: Added.
157
158 2015-01-21  Michael Saboff  <msaboff@apple.com>
159
160         Eliminate Scope slot from JavaScript CallFrame
161         https://bugs.webkit.org/show_bug.cgi?id=136724
162
163         Reviewed by Geoffrey Garen.
164
165         This finishes the removal of the scope chain slot from the call frame header.
166
167         * dfg/DFGOSRExitCompilerCommon.cpp:
168         (JSC::DFG::reifyInlinedCallFrames):
169         * dfg/DFGPreciseLocalClobberize.h:
170         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
171         * dfg/DFGSpeculativeJIT32_64.cpp:
172         (JSC::DFG::SpeculativeJIT::emitCall):
173         * dfg/DFGSpeculativeJIT64.cpp:
174         (JSC::DFG::SpeculativeJIT::emitCall):
175         * ftl/FTLJSCall.cpp:
176         (JSC::FTL::JSCall::emit):
177         * ftl/FTLLowerDFGToLLVM.cpp:
178         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
179         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
180         * interpreter/JSStack.h:
181         * interpreter/VMInspector.cpp:
182         (JSC::VMInspector::dumpFrame):
183         * jit/JITCall.cpp:
184         (JSC::JIT::compileOpCall):
185         * jit/JITCall32_64.cpp:
186         (JSC::JIT::compileOpCall):
187         * jit/JITOpcodes32_64.cpp:
188         (JSC::JIT::privateCompileCTINativeCall):
189         * jit/Repatch.cpp:
190         (JSC::generateByIdStub):
191         (JSC::linkClosureCall):
192         * jit/ThunkGenerators.cpp:
193         (JSC::virtualForThunkGenerator):
194         (JSC::nativeForGenerator):
195         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
196         read or set.  In most cases this was where we make JS calls.
197
198         * interpreter/CallFrameClosure.h:
199         (JSC::CallFrameClosure::setArgument):
200         (JSC::CallFrameClosure::resetCallFrame): Deleted.
201         * interpreter/Interpreter.cpp:
202         (JSC::Interpreter::execute):
203         (JSC::Interpreter::executeCall):
204         (JSC::Interpreter::executeConstruct):
205         (JSC::Interpreter::prepareForRepeatCall):
206         * interpreter/ProtoCallFrame.cpp:
207         (JSC::ProtoCallFrame::init):
208         * interpreter/ProtoCallFrame.h:
209         (JSC::ProtoCallFrame::scope): Deleted.
210         (JSC::ProtoCallFrame::setScope): Deleted.
211         * llint/LLIntData.cpp:
212         (JSC::LLInt::Data::performAssertions):
213         * llint/LowLevelInterpreter.asm:
214         * llint/LowLevelInterpreter64.asm:
215         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
216         registers that needed to be copied from the ProtoCallFrame to a callee's frame
217         from 5 to 4.
218
219         * llint/LowLevelInterpreter32_64.asm:
220         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
221
222 2015-01-21  Michael Saboff  <msaboff@apple.com>
223
224         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
225         https://bugs.webkit.org/show_bug.cgi?id=140708
226
227         Reviewed by Mark Lam.
228
229         Eliminated construct methods and change getConstructData() for both classes to return
230         ConstructTypeNone as they can never be called.
231
232         * runtime/NullGetterFunction.cpp:
233         (JSC::NullGetterFunction::getConstructData):
234         (JSC::constructReturnUndefined): Deleted.
235         * runtime/NullSetterFunction.cpp:
236         (JSC::NullSetterFunction::getConstructData):
237         (JSC::constructReturnUndefined): Deleted.
238
239 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
240
241         Remove ENABLE(INSPECTOR) ifdef guards
242         https://bugs.webkit.org/show_bug.cgi?id=140668
243
244         Reviewed by Darin Adler.
245
246         * Configurations/FeatureDefines.xcconfig:
247         * bindings/ScriptValue.cpp:
248         (Deprecated::ScriptValue::toInspectorValue):
249         * bindings/ScriptValue.h:
250         * inspector/ConsoleMessage.cpp:
251         * inspector/ConsoleMessage.h:
252         * inspector/ContentSearchUtilities.cpp:
253         * inspector/ContentSearchUtilities.h:
254         * inspector/IdentifiersFactory.cpp:
255         * inspector/IdentifiersFactory.h:
256         * inspector/InjectedScript.cpp:
257         * inspector/InjectedScript.h:
258         * inspector/InjectedScriptBase.cpp:
259         * inspector/InjectedScriptBase.h:
260         * inspector/InjectedScriptHost.cpp:
261         * inspector/InjectedScriptHost.h:
262         * inspector/InjectedScriptManager.cpp:
263         * inspector/InjectedScriptManager.h:
264         * inspector/InjectedScriptModule.cpp:
265         * inspector/InjectedScriptModule.h:
266         * inspector/InspectorAgentRegistry.cpp:
267         * inspector/InspectorBackendDispatcher.cpp:
268         * inspector/InspectorBackendDispatcher.h:
269         * inspector/InspectorProtocolTypes.h:
270         * inspector/JSGlobalObjectConsoleClient.cpp:
271         * inspector/JSGlobalObjectInspectorController.cpp:
272         * inspector/JSGlobalObjectInspectorController.h:
273         * inspector/JSGlobalObjectScriptDebugServer.cpp:
274         * inspector/JSGlobalObjectScriptDebugServer.h:
275         * inspector/JSInjectedScriptHost.cpp:
276         * inspector/JSInjectedScriptHost.h:
277         * inspector/JSInjectedScriptHostPrototype.cpp:
278         * inspector/JSInjectedScriptHostPrototype.h:
279         * inspector/JSJavaScriptCallFrame.cpp:
280         * inspector/JSJavaScriptCallFrame.h:
281         * inspector/JSJavaScriptCallFramePrototype.cpp:
282         * inspector/JSJavaScriptCallFramePrototype.h:
283         * inspector/JavaScriptCallFrame.cpp:
284         * inspector/JavaScriptCallFrame.h:
285         * inspector/ScriptCallFrame.cpp:
286         (Inspector::ScriptCallFrame::buildInspectorObject):
287         * inspector/ScriptCallFrame.h:
288         * inspector/ScriptCallStack.cpp:
289         (Inspector::ScriptCallStack::buildInspectorArray):
290         * inspector/ScriptCallStack.h:
291         * inspector/ScriptDebugServer.cpp:
292         * inspector/agents/InspectorAgent.cpp:
293         * inspector/agents/InspectorAgent.h:
294         * inspector/agents/InspectorConsoleAgent.cpp:
295         * inspector/agents/InspectorConsoleAgent.h:
296         * inspector/agents/InspectorDebuggerAgent.cpp:
297         * inspector/agents/InspectorDebuggerAgent.h:
298         * inspector/agents/InspectorRuntimeAgent.cpp:
299         * inspector/agents/InspectorRuntimeAgent.h:
300         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
301         * inspector/agents/JSGlobalObjectConsoleAgent.h:
302         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
303         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
304         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
305         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
306         * inspector/scripts/codegen/cpp_generator_templates.py:
307         (CppGeneratorTemplates):
308         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
309         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
310         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
311         * inspector/scripts/tests/expected/enum-values.json-result:
312         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
313         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
314         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
315         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
316         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
317         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
318         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
319         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
320         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
321         * runtime/TypeSet.cpp:
322         (JSC::TypeSet::inspectorTypeSet):
323         (JSC::StructureShape::inspectorRepresentation):
324
325 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
326
327         Web Inspector: Clean up InjectedScriptSource.js
328         https://bugs.webkit.org/show_bug.cgi?id=140709
329
330         Reviewed by Timothy Hatcher.
331
332         This patch includes some relevant Blink patches and small changes.
333         
334         Patch by <aandrey@chromium.org>
335         DevTools: Remove console last result $_ on console clear.
336         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
337
338         Patch by <eustas@chromium.org>
339         [Inspect DOM properties] incorrect CSS Selector Syntax
340         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
341
342         * inspector/InjectedScriptSource.js:
343
344 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
345
346         Web Inspector: Cleanup RuntimeAgent a bit
347         https://bugs.webkit.org/show_bug.cgi?id=140706
348
349         Reviewed by Timothy Hatcher.
350
351         * inspector/InjectedScript.h:
352         * inspector/InspectorBackendDispatcher.h:
353         * inspector/ScriptCallFrame.cpp:
354         * inspector/agents/InspectorRuntimeAgent.cpp:
355         (Inspector::InspectorRuntimeAgent::evaluate):
356         (Inspector::InspectorRuntimeAgent::getProperties):
357         (Inspector::InspectorRuntimeAgent::run):
358         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
359         (Inspector::recompileAllJSFunctionsForTypeProfiling):
360         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
361
362 2015-01-20  Matthew Mirman  <mmirman@apple.com>
363
364         Made Identity in the DFG allocate a new temp register and move 
365         the old data to it.
366         https://bugs.webkit.org/show_bug.cgi?id=140700
367         <rdar://problem/19339106>
368
369         Reviewed by Filip Pizlo.
370
371         * dfg/DFGSpeculativeJIT64.cpp:
372         (JSC::DFG::SpeculativeJIT::compile): 
373         Added scratch registers for Identity. 
374         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
375
376 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
377
378         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
379         https://bugs.webkit.org/show_bug.cgi?id=137306
380
381         Reviewed by Timothy Hatcher.
382
383         Provide another optional parameter to getProperties, to gather a list
384         of all own and getter properties.
385
386         * inspector/InjectedScript.cpp:
387         (Inspector::InjectedScript::getProperties):
388         * inspector/InjectedScript.h:
389         * inspector/InjectedScriptSource.js:
390         * inspector/agents/InspectorRuntimeAgent.cpp:
391         (Inspector::InspectorRuntimeAgent::getProperties):
392         * inspector/agents/InspectorRuntimeAgent.h:
393         * inspector/protocol/Runtime.json:
394
395 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
396
397         Web Inspector: Should show dynamic specificity values
398         https://bugs.webkit.org/show_bug.cgi?id=140647
399
400         Reviewed by Benjamin Poulain.
401
402         * inspector/protocol/CSS.json:
403         Clarify CSSSelector optional values and add "dynamic" property indicating
404         if the selector can be dynamic based on the element it is matched against.
405
406 2015-01-20  Commit Queue  <commit-queue@webkit.org>
407
408         Unreviewed, rolling out r178751.
409         https://bugs.webkit.org/show_bug.cgi?id=140694
410
411         Caused 32-bit JSC test failures (Requested by JoePeck on
412         #webkit).
413
414         Reverted changeset:
415
416         "put_by_val_direct need to check the property is index or not
417         for using putDirect / putDirectIndex"
418         https://bugs.webkit.org/show_bug.cgi?id=140426
419         http://trac.webkit.org/changeset/178751
420
421 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
422
423         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
424         https://bugs.webkit.org/show_bug.cgi?id=140426
425
426         Reviewed by Geoffrey Garen.
427
428         In the put_by_val_direct operation, we use JSObject::putDirect.
429         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
430         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
431         It forces callers to check the value is index or not explicitly.
432         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
433
434         * bytecode/GetByIdStatus.cpp:
435         (JSC::GetByIdStatus::computeFor):
436         * bytecode/PutByIdStatus.cpp:
437         (JSC::PutByIdStatus::computeFor):
438         * bytecompiler/BytecodeGenerator.cpp:
439         (JSC::BytecodeGenerator::emitDirectPutById):
440         * dfg/DFGOperations.cpp:
441         (JSC::DFG::operationPutByValInternal):
442         * jit/JITOperations.cpp:
443         * jit/Repatch.cpp:
444         (JSC::emitPutTransitionStubAndGetOldStructure):
445         * jsc.cpp:
446         * llint/LLIntSlowPaths.cpp:
447         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
448         * runtime/Arguments.cpp:
449         (JSC::Arguments::getOwnPropertySlot):
450         (JSC::Arguments::put):
451         (JSC::Arguments::deleteProperty):
452         (JSC::Arguments::defineOwnProperty):
453         * runtime/ArrayPrototype.cpp:
454         (JSC::arrayProtoFuncSort):
455         * runtime/JSArray.cpp:
456         (JSC::JSArray::defineOwnProperty):
457         * runtime/JSCJSValue.cpp:
458         (JSC::JSValue::putToPrimitive):
459         * runtime/JSGenericTypedArrayViewInlines.h:
460         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
461         (JSC::JSGenericTypedArrayView<Adaptor>::put):
462         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
463         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
464         * runtime/JSObject.cpp:
465         (JSC::JSObject::put):
466         (JSC::JSObject::putDirectAccessor):
467         (JSC::JSObject::putDirectCustomAccessor):
468         (JSC::JSObject::deleteProperty):
469         (JSC::JSObject::putDirectMayBeIndex):
470         (JSC::JSObject::defineOwnProperty):
471         * runtime/JSObject.h:
472         (JSC::JSObject::getOwnPropertySlot):
473         (JSC::JSObject::getPropertySlot):
474         (JSC::JSObject::putDirectInternal):
475         * runtime/JSString.cpp:
476         (JSC::JSString::getStringPropertyDescriptor):
477         * runtime/JSString.h:
478         (JSC::JSString::getStringPropertySlot):
479         * runtime/LiteralParser.cpp:
480         (JSC::LiteralParser<CharType>::parse):
481         * runtime/PropertyName.h:
482         (JSC::toUInt32FromCharacters):
483         (JSC::toUInt32FromStringImpl):
484         (JSC::PropertyName::asIndex):
485         * runtime/PropertyNameArray.cpp:
486         (JSC::PropertyNameArray::add):
487         * runtime/StringObject.cpp:
488         (JSC::StringObject::deleteProperty):
489         * runtime/Structure.cpp:
490         (JSC::Structure::prototypeChainMayInterceptStoreTo):
491
492 2015-01-20  Michael Saboff  <msaboff@apple.com>
493
494         REGRESSION(178696): Sporadic crashes while garbage collecting
495         https://bugs.webkit.org/show_bug.cgi?id=140688
496
497         Reviewed by Geoffrey Garen.
498
499         Added missing visitor.append(&thisObject->m_nullSetterFunction).
500
501         * runtime/JSGlobalObject.cpp:
502         (JSC::JSGlobalObject::visitChildren):
503
504 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
505
506         Web Replay: code generator should take supplemental specifications and allow cross-framework references
507         https://bugs.webkit.org/show_bug.cgi?id=136312
508
509         Reviewed by Joseph Pecoraro.
510
511         Some types are shared between replay inputs from different frameworks.
512         Previously, these type declarations were duplicated in every input
513         specification file in which they were used. This caused some type encoding
514         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
515
516         This patch teaches the replay inputs code generator to accept multiple
517         input specification files. Inputs can freely reference types from other
518         frameworks without duplicating declarations.
519
520         On the code generation side, the model could contain types and inputs from
521         frameworks that are not the target framework. Only generate code for the
522         target framework.
523
524         To properly generate cross-framework type encoding traits, use
525         Type.encoding_type_argument in more places, and add the export macro for WebCore
526         and the Test framework.
527
528         Adjust some tests so that enum coverage is preserved by moving the enum types
529         into "Test" (the target framework for tests).
530
531         * JavaScriptCore.vcxproj/copy-files.cmd:
532         For Windows, copy over JSInputs.json as if it were a private header.
533
534         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
535         * replay/JSInputs.json:
536         Put all primitive types and WTF types in this specification file.
537
538         * replay/scripts/CodeGeneratorReplayInputs.py:
539         (Input.__init__):
540         (InputsModel.__init__): Keep track of the input's framework.
541         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
542         and allow either types or inputs to be missing from a single file.
543
544         (InputsModel.parse_type_with_framework):
545         (InputsModel.parse_input_with_framework):
546         (Generator.should_generate_item): Added helper method.
547         (Generator.generate_header): Filter inputs to generate.
548         (Generator.generate_implementation): Filter inputs to generate.
549         (Generator.generate_enum_trait_declaration): Filter enums to generate.
550         Add WEBCORE_EXPORT macro to enum encoding traits.
551
552         (Generator.generate_for_each_macro): Filter inputs to generate.
553         (Generator.generate_enum_trait_implementation): Filter enums to generate.
554         (generate_from_specifications): Added.
555         (generate_from_specifications.parse_json_from_file):
556         (InputsModel.parse_toplevel): Deleted.
557         (InputsModel.parse_type_with_framework_name): Deleted.
558         (InputsModel.parse_input): Deleted.
559         (generate_from_specification): Deleted.
560         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
561         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
562         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
563         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
564         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
565         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
566         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
567         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
568         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
569         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
570         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
571         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
572         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
573         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
574         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
575         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
576         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
577         * replay/scripts/tests/fail-on-duplicate-input-names.json:
578         * replay/scripts/tests/fail-on-duplicate-type-names.json:
579         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
580         * replay/scripts/tests/fail-on-missing-input-member-name.json:
581         * replay/scripts/tests/fail-on-missing-input-name.json:
582         * replay/scripts/tests/fail-on-missing-input-queue.json:
583         * replay/scripts/tests/fail-on-missing-type-mode.json:
584         * replay/scripts/tests/fail-on-missing-type-name.json:
585         * replay/scripts/tests/fail-on-no-inputs.json:
586         Removed, no longer required to be in a single file.
587
588         * replay/scripts/tests/fail-on-no-types.json:
589         Removed, no longer required to be in a single file.
590
591         * replay/scripts/tests/fail-on-unknown-input-queue.json:
592         * replay/scripts/tests/fail-on-unknown-member-type.json:
593         * replay/scripts/tests/fail-on-unknown-type-mode.json:
594         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
595         * replay/scripts/tests/generate-enum-encoding-helpers.json:
596         * replay/scripts/tests/generate-enum-with-guard.json:
597         Include enums that are and are not generated.
598
599         * replay/scripts/tests/generate-enums-with-same-base-name.json:
600         * replay/scripts/tests/generate-event-loop-shape-types.json:
601         * replay/scripts/tests/generate-input-with-guard.json:
602         * replay/scripts/tests/generate-input-with-vector-members.json:
603         * replay/scripts/tests/generate-inputs-with-flags.json:
604         * replay/scripts/tests/generate-memoized-type-modes.json:
605
606 2015-01-20  Tomas Popela  <tpopela@redhat.com>
607
608         [GTK] Cannot compile 2.7.3 on PowerPC machines
609         https://bugs.webkit.org/show_bug.cgi?id=140616
610
611         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
612
613         Reviewed by Csaba Osztrogonác.
614
615         * runtime/BasicBlockLocation.cpp:
616
617 2015-01-19  Michael Saboff  <msaboff@apple.com>
618
619         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
620         https://bugs.webkit.org/show_bug.cgi?id=139418
621
622         Reviewed by Filip Pizlo.
623
624         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
625         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
626
627         * CMakeLists.txt:
628         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
629         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
630         * JavaScriptCore.xcodeproj/project.pbxproj:
631         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
632
633         * runtime/GetterSetter.h:
634         (JSC::GetterSetter::GetterSetter):
635         (JSC::GetterSetter::isSetterNull):
636         (JSC::GetterSetter::setSetter):
637         Change setter instances from using NullGetterFunction to using NullSetterFunction.
638
639         * runtime/JSGlobalObject.cpp:
640         (JSC::JSGlobalObject::init):
641         * runtime/JSGlobalObject.h:
642         (JSC::JSGlobalObject::nullSetterFunction):
643         Added m_nullSetterFunction and accessor.
644
645         * runtime/NullSetterFunction.cpp: Added.
646         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
647         (JSC::GetCallerStrictnessFunctor::operator()):
648         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
649         (JSC::callerIsStrict):
650         Method to determine if the caller is in strict mode.
651
652         (JSC::callReturnUndefined):
653         (JSC::constructReturnUndefined):
654         (JSC::NullSetterFunction::getCallData):
655         (JSC::NullSetterFunction::getConstructData):
656         * runtime/NullSetterFunction.h: Added.
657         (JSC::NullSetterFunction::create):
658         (JSC::NullSetterFunction::createStructure):
659         (JSC::NullSetterFunction::NullSetterFunction):
660         Class with handlers for a null setter.
661
662 2015-01-19  Saam Barati  <saambarati1@gmail.com>
663
664         Web Inspector: Provide a front end for JSC's Control Flow Profiler
665         https://bugs.webkit.org/show_bug.cgi?id=138454
666
667         Reviewed by Timothy Hatcher.
668
669         This patch puts the final touches on what JSC needs to provide
670         for the Web Inspector to show a UI for the control flow profiler.
671
672         * inspector/agents/InspectorRuntimeAgent.cpp:
673         (Inspector::recompileAllJSFunctionsForTypeProfiling):
674         * runtime/ControlFlowProfiler.cpp:
675         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
676         * runtime/FunctionHasExecutedCache.cpp:
677         (JSC::FunctionHasExecutedCache::getFunctionRanges):
678         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
679         * runtime/FunctionHasExecutedCache.h:
680
681 2015-01-19  David Kilzer  <ddkilzer@apple.com>
682
683         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
684         <http://webkit.org/b/140658>
685
686         Reviewed by Filip Pizlo.
687
688         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
689         only when building for 64-bit architectures.
690
691 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
692
693         ClosureCallStubRoutine no longer needs codeOrigin
694         https://bugs.webkit.org/show_bug.cgi?id=140659
695
696         Reviewed by Michael Saboff.
697         
698         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
699         would start with the CodeBlock according to the caller frame's call frame header. But if the
700         call was a closure call, the return PC would be inside some closure call stub. So if the
701         CodeBlock search failed, we would search *all* closure call stub routines to see which one
702         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
703         object. This was all a bunch of madness, and we actually got rid of it - we now determine
704         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
705         argument count.
706         
707         This patch removes the final vestiges of the madness:
708         
709         - Remove the totally unused method declaration for the thing that did the closure call stub
710           search.
711         
712         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
713           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
714           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
715           anymore.
716
717         * bytecode/CodeBlock.h:
718         * jit/ClosureCallStubRoutine.cpp:
719         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
720         * jit/ClosureCallStubRoutine.h:
721         (JSC::ClosureCallStubRoutine::executable):
722         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
723         * jit/Repatch.cpp:
724         (JSC::linkClosureCall):
725
726 2015-01-19  Saam Barati  <saambarati1@gmail.com>
727
728         Basic block start offsets should never be larger than end offsets in the control flow profiler
729         https://bugs.webkit.org/show_bug.cgi?id=140377
730
731         Reviewed by Filip Pizlo.
732
733         The bytecode generator will emit code more than once for some AST nodes. For instance, 
734         the finally block of TryNode will emit two code paths for its finally block: one for 
735         the normal path, and another for the path where an exception is thrown in the catch block. 
736         
737         This repeated code emission of the same AST node previously broke how the control 
738         flow profiler computed text ranges of basic blocks because when the same AST node 
739         is emitted multiple times, there is a good chance that there are ranges that span 
740         from the end offset of one of these duplicated nodes back to the start offset of 
741         the same duplicated node. This caused a basic block range to report a larger start 
742         offset than end offset. This was incorrect. Now, when this situation is encountered 
743         while linking a CodeBlock, the faulty range in question is ignored.
744
745         * bytecode/CodeBlock.cpp:
746         (JSC::CodeBlock::CodeBlock):
747         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
748         * bytecode/CodeBlock.h:
749         * bytecompiler/NodesCodegen.cpp:
750         (JSC::ForInNode::emitMultiLoopBytecode):
751         (JSC::ForOfNode::emitBytecode):
752         (JSC::TryNode::emitBytecode):
753         * parser/Parser.cpp:
754         (JSC::Parser<LexerType>::parseConditionalExpression):
755         * runtime/ControlFlowProfiler.cpp:
756         (JSC::ControlFlowProfiler::ControlFlowProfiler):
757         * runtime/ControlFlowProfiler.h:
758         (JSC::ControlFlowProfiler::dummyBasicBlock):
759
760 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
761
762         [SVG -> OTF Converter] Flip the switch on
763         https://bugs.webkit.org/show_bug.cgi?id=140592
764
765         Reviewed by Antti Koivisto.
766
767         * Configurations/FeatureDefines.xcconfig:
768
769 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
770
771         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
772         https://bugs.webkit.org/show_bug.cgi?id=140512
773
774         Reviewed by Chris Dumez.
775
776         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
777         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
778         input types, and the type traits macro is defined in namespace WTF.
779
780         * replay/NondeterministicInput.h: Make overridden methods public.
781         * replay/scripts/CodeGeneratorReplayInputs.py:
782         (Generator.generate_header):
783         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
784         (Generator.generate_input_type_trait_declaration): Added.
785         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
786         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
787         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
788         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
789         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
790         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
791         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
792         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
793         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
794
795 2015-01-19  Commit Queue  <commit-queue@webkit.org>
796
797         Unreviewed, rolling out r178653.
798         https://bugs.webkit.org/show_bug.cgi?id=140634
799
800         Broke multiple SVG tests on Mountain Lion (Requested by ap on
801         #webkit).
802
803         Reverted changeset:
804
805         "[SVG -> OTF Converter] Flip the switch on"
806         https://bugs.webkit.org/show_bug.cgi?id=140592
807         http://trac.webkit.org/changeset/178653
808
809 2015-01-18  Dean Jackson  <dino@apple.com>
810
811         ES6: Support Array.of construction
812         https://bugs.webkit.org/show_bug.cgi?id=140605
813         <rdar://problem/19513655>
814
815         Reviewed by Geoffrey Garen.
816
817         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
818         specification (15 Jan 2015). The Array.of() method creates a new Array
819         instance with a variable number of arguments, regardless of number or type
820         of the arguments.
821
822         * runtime/ArrayConstructor.cpp:
823         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
824         over the arguments, setting them to the appropriate index.
825
826 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
827
828         [SVG -> OTF Converter] Flip the switch on
829         https://bugs.webkit.org/show_bug.cgi?id=140592
830
831         Reviewed by Antti Koivisto.
832
833         * Configurations/FeatureDefines.xcconfig:
834
835 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
836
837         Web Inspector: highlight data for overlay should use protocol type builders
838         https://bugs.webkit.org/show_bug.cgi?id=129441
839
840         Reviewed by Timothy Hatcher.
841
842         Add a new domain for overlay types.
843
844         * CMakeLists.txt:
845         * DerivedSources.make:
846         * inspector/protocol/OverlayTypes.json: Added.
847
848 2015-01-17  Michael Saboff  <msaboff@apple.com>
849
850         Crash in JSScope::resolve() on tools.ups.com
851         https://bugs.webkit.org/show_bug.cgi?id=140579
852
853         Reviewed by Geoffrey Garen.
854
855         For op_resolve_scope of a global property or variable that needs to check for the var
856         injection check watchpoint, we need to keep the scope around with a Phantom.  The
857         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
858         fired.
859
860         * dfg/DFGByteCodeParser.cpp:
861         (JSC::DFG::ByteCodeParser::parseBlock):
862
863 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
864
865         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
866         https://bugs.webkit.org/show_bug.cgi?id=140557
867
868         Reviewed by Joseph Pecoraro.
869
870         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
871         This makes it longwinded and confusing to use the type in C++ code.
872
873         This patch adds a typedef for array type declarations, so types such as Console::CallStack
874         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
875
876         Some tests were updated to cover array type declarations used as parameters and type members.
877
878         * inspector/ScriptCallStack.cpp: Use the new typedef.
879         (Inspector::ScriptCallStack::buildInspectorArray):
880         * inspector/ScriptCallStack.h:
881         * inspector/scripts/codegen/cpp_generator.py:
882         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
883         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
884         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
885         (_generate_typedefs_for_domain.Inspector):
886         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
887         (ArrayType.__init__):
888         (Protocol.resolve_types):
889         (Protocol.lookup_type_reference):
890         * inspector/scripts/tests/commands-with-async-attribute.json:
891         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
892         * inspector/scripts/tests/events-with-optional-parameters.json:
893         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
894         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
895         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
896         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
897         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
898         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
899         * inspector/scripts/tests/type-declaration-object-type.json:
900
901 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
902
903         Web Replay: purge remaining PassRefPtr uses and minor cleanup
904         https://bugs.webkit.org/show_bug.cgi?id=140456
905
906         Reviewed by Andreas Kling.
907
908         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
909         Remove mistaken uses of AtomicString that were not removed as part of r174113.
910
911         * replay/EmptyInputCursor.h:
912         * replay/InputCursor.h:
913         (JSC::InputCursor::InputCursor):
914
915 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
916
917         Web Inspector: code generator should fail on duplicate parameter and member names
918         https://bugs.webkit.org/show_bug.cgi?id=140555
919
920         Reviewed by Timothy Hatcher.
921
922         * inspector/scripts/codegen/models.py:
923         (find_duplicates): Add a helper function to find duplicates in a list.
924         (Protocol.parse_type_declaration):
925         (Protocol.parse_command):
926         (Protocol.parse_event):
927         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
928         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
929         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
930         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
931         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
932         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
933         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
934         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
935
936 2015-01-16  Michael Saboff  <msaboff@apple.com>
937
938         REGRESSION (r174226): Header on huffingtonpost.com is too large
939         https://bugs.webkit.org/show_bug.cgi?id=140306
940
941         Reviewed by Filip Pizlo.
942
943         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
944         arguments register or whether we need to resolve "arguments".  If the arguments have
945         been captured, then they are stored in the lexical environment and the arguments
946         register is not used.
947
948         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
949         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
950         better indicate what we are checking.
951
952         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
953         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
954         incorrectly calculated the location of the reified callee frame.  This alignment resulted
955         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
956
957         * bytecompiler/BytecodeGenerator.cpp:
958         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
959         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
960         (JSC::BytecodeGenerator::emitCall):
961         (JSC::BytecodeGenerator::emitConstruct):
962         (JSC::BytecodeGenerator::emitEnumeration):
963         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
964         * bytecompiler/BytecodeGenerator.h:
965         * bytecompiler/NodesCodegen.cpp:
966         (JSC::BracketAccessorNode::emitBytecode):
967         (JSC::DotAccessorNode::emitBytecode):
968         (JSC::getArgumentByVal):
969         (JSC::ApplyFunctionCallDotNode::emitBytecode):
970         (JSC::ArrayPatternNode::emitDirectBinding):
971         * dfg/DFGOSRExitCompilerCommon.cpp:
972         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
973         * dfg/DFGOperations.cpp:
974         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
975         * dfg/DFGOperations.h:
976         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
977
978 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
979
980         Remove ENABLE(SQL_DATABASE) guards
981         https://bugs.webkit.org/show_bug.cgi?id=140434
982
983         Reviewed by Darin Adler.
984
985         * CMakeLists.txt:
986         * Configurations/FeatureDefines.xcconfig:
987         * DerivedSources.make:
988         * inspector/protocol/Database.json:
989
990 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
991
992         Web Inspector and regular console use different source code locations for messages
993         https://bugs.webkit.org/show_bug.cgi?id=140478
994
995         Reviewed by Brian Burg.
996
997         * inspector/ConsoleMessage.h: Expose computed source location.
998
999         * inspector/agents/InspectorConsoleAgent.cpp:
1000         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1001         (Inspector::InspectorConsoleAgent::stopTiming):
1002         (Inspector::InspectorConsoleAgent::count):
1003         * inspector/agents/InspectorConsoleAgent.h:
1004         addMessageToConsole() now takes a pre-made ConsoleMessage object.
1005
1006         * inspector/JSGlobalObjectConsoleClient.cpp:
1007         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1008         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
1009         * inspector/JSGlobalObjectInspectorController.cpp:
1010         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1011         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1012         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1013         Updated for the above changes.
1014
1015 2015-01-15  Mark Lam  <mark.lam@apple.com>
1016
1017         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
1018         <https://webkit.org/b/140093>
1019
1020         Reviewed by Geoffrey Garen.
1021
1022         * interpreter/StackVisitor.cpp:
1023         (JSC::StackVisitor::Frame::createArguments):
1024         - We should not fetching the lexicalEnvironment here.  The reason we've
1025           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
1026           may not be available to us at this point.  Instead, we'll just pass a nullptr.
1027
1028         * runtime/Arguments.cpp:
1029         (JSC::Arguments::tearOffForCloning):
1030         * runtime/Arguments.h:
1031         (JSC::Arguments::finishCreation):
1032         - Use the new tearOffForCloning() to tear off arguments right out of the values
1033           passed on the stack.  tearOff() is not appropriate for this purpose because
1034           it takes slowArgumentsData into account.
1035
1036 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1037
1038         Removed accidental commit of "invalid_array.js" 
1039         http://trac.webkit.org/changeset/178439
1040
1041         * tests/stress/invalid_array.js: Removed.
1042
1043 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1044
1045         Fixes operationPutByIdOptimizes such that they check that the put didn't
1046         change the structure of the object who's property access is being
1047         cached.  Also removes uses of the new base value from the cache generation code.
1048         https://bugs.webkit.org/show_bug.cgi?id=139500
1049
1050         Reviewed by Filip Pizlo.
1051
1052         * jit/JITOperations.cpp:
1053         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
1054         (JSC::operationPutByIdNonStrictOptimize): ditto.
1055         (JSC::operationPutByIdDirectStrictOptimize): ditto.
1056         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
1057         * jit/Repatch.cpp:
1058         (JSC::generateByIdStub):
1059         (JSC::tryCacheGetByID):
1060         (JSC::tryBuildGetByIDList):
1061         (JSC::emitPutReplaceStub):
1062         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
1063         (JSC::tryCachePutByID):
1064         (JSC::repatchPutByID):
1065         (JSC::tryBuildPutByIdList):
1066         (JSC::tryRepatchIn):
1067         (JSC::emitPutTransitionStub): Deleted.
1068         * jit/Repatch.h:
1069         * llint/LLIntSlowPaths.cpp:
1070         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1071         * runtime/JSPropertyNameEnumerator.h:
1072         (JSC::genericPropertyNameEnumerator):
1073         * runtime/Operations.h:
1074         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
1075         (JSC::normalizePrototypeChain): restructured to not use the base value.
1076         * tests/mozilla/mozilla-tests.yaml:
1077         * tests/stress/proto-setter.js: Added.
1078         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
1079         Added test that fails without this patch.
1080
1081 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
1082
1083         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
1084         https://bugs.webkit.org/show_bug.cgi?id=140404
1085
1086         Reviewed by Timothy Hatcher.
1087
1088         * inspector/protocol/Timeline.json:
1089
1090 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1091
1092         DFG can call PutByValDirect for generic arrays
1093         https://bugs.webkit.org/show_bug.cgi?id=140389
1094
1095         Reviewed by Geoffrey Garen.
1096
1097         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
1098         However, current DFG asserts that put_by_val_direct is not used for the generic array,
1099         the assertion failure is raised.
1100         This patch allow DFG to use put_by_val_direct to generic arrays.
1101
1102         And fix the DFG put_by_val_direct implementation for string properties.
1103         At first, put_by_val_direct is inteded to be used for spread elements.
1104         So the property keys were limited to numbers (indexes).
1105         But now, it's also used for computed properties in object initializers.
1106
1107         * dfg/DFGOperations.cpp:
1108         (JSC::DFG::operationPutByValInternal):
1109         * dfg/DFGSpeculativeJIT64.cpp:
1110         (JSC::DFG::SpeculativeJIT::compile):
1111
1112 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
1113
1114         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
1115         https://bugs.webkit.org/show_bug.cgi?id=140397
1116
1117         Reviewed by Geoffrey Garen.
1118
1119         Patch by Alexey Proskuryakov.
1120
1121         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
1122
1123         No performance change.
1124
1125         No test, since this is a small past-the-end read, which is very
1126         difficult to turn into a reproducible failing test -- and existing tests
1127         crash reliably using ASan.
1128
1129         * bytecompiler/NodesCodegen.cpp:
1130         (JSC::BracketAccessorNode::emitBytecode):
1131         (JSC::DotAccessorNode::emitBytecode):
1132         (JSC::FunctionCallBracketNode::emitBytecode):
1133         (JSC::PostfixNode::emitResolve):
1134         (JSC::DeleteBracketNode::emitBytecode):
1135         (JSC::DeleteDotNode::emitBytecode):
1136         (JSC::PrefixNode::emitResolve):
1137         (JSC::UnaryOpNode::emitBytecode):
1138         (JSC::BitwiseNotNode::emitBytecode):
1139         (JSC::BinaryOpNode::emitBytecode):
1140         (JSC::EqualNode::emitBytecode):
1141         (JSC::StrictEqualNode::emitBytecode):
1142         (JSC::ThrowableBinaryOpNode::emitBytecode):
1143         (JSC::AssignDotNode::emitBytecode):
1144         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1145         register used across a call to a function that might allocate a new
1146         temporary register must be held in a RefPtr.
1147
1148 2015-01-12  Michael Saboff  <msaboff@apple.com>
1149
1150         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1151         https://bugs.webkit.org/show_bug.cgi?id=140348
1152
1153         Reviewed by Mark Lam.
1154
1155         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1156         because those registers may have been spilled on the stack and replaced with other values by
1157         the time we call down to gatherFromCurrentThread().
1158
1159         Now we get the register contents at the same place that we demarcate the current top of
1160         stack using the address of a local variable, in Heap::markRoots().  The register contents
1161         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1162         in the call tree and no lower, as markRoots() calls various functions that visit object
1163         pointers that may be latter proven dead.  Any of those pointers that are left on the
1164         stack or in registers could be incorrectly marked as live if we scan the stack contents
1165         from a called function or one of its callees.  The stack demarcation pointer and register
1166         saving need to be done in the same function so that we have a consistent stack, active
1167         and spilled registers.
1168
1169         Because we don't want to make unnecessary calls to get the register contents, we use
1170         a macro to allocated, and possibly align, the register structure and get the actual
1171         register contents.
1172
1173
1174         * heap/Heap.cpp:
1175         (JSC::Heap::markRoots):
1176         (JSC::Heap::gatherStackRoots):
1177         * heap/Heap.h:
1178         * heap/MachineStackMarker.cpp:
1179         (JSC::MachineThreads::gatherFromCurrentThread):
1180         (JSC::MachineThreads::gatherConservativeRoots):
1181         * heap/MachineStackMarker.h:
1182
1183 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1184
1185         Add basic pattern matching support to the url filters
1186         https://bugs.webkit.org/show_bug.cgi?id=140283
1187
1188         Reviewed by Andreas Kling.
1189
1190         * JavaScriptCore.xcodeproj/project.pbxproj:
1191         Make YarrParser.h private in order to use it from WebCore.
1192
1193 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1194
1195         Out of bounds read in IdentifierArena::makeIdentifier
1196         https://bugs.webkit.org/show_bug.cgi?id=140376
1197
1198         Patch by Alexey Proskuryakov.
1199
1200         Reviewed and ChangeLogged by Geoffrey Garen.
1201
1202         No test, since this is a small past-the-end read, which is very
1203         difficult to turn into a reproducible failing test -- and existing tests
1204         crash reliably using ASan.
1205
1206         * parser/ParserArena.h:
1207         (JSC::IdentifierArena::makeIdentifier):
1208         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1209         zero-length string input, like we do in the literal parser, since it is
1210         not valid to dereference characters in a zero-length string.
1211
1212         A zero-length string is allowed in JavaScript -- for example, "".
1213
1214 2015-01-11  Sam Weinig  <sam@webkit.org>
1215
1216         Remove support for SharedWorkers
1217         https://bugs.webkit.org/show_bug.cgi?id=140344
1218
1219         Reviewed by Anders Carlsson.
1220
1221         * Configurations/FeatureDefines.xcconfig:
1222
1223 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1224
1225         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1226         https://bugs.webkit.org/show_bug.cgi?id=136769
1227
1228         Reviewed by Antti Koivisto.
1229
1230         * Configurations/FeatureDefines.xcconfig:
1231
1232 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1233
1234         Unreviewed, rolling out r178266.
1235         https://bugs.webkit.org/show_bug.cgi?id=140363
1236
1237         Broke a JSC test (Requested by ap on #webkit).
1238
1239         Reverted changeset:
1240
1241         "Local JSArray* "keys" in objectConstructorKeys() is not
1242         marked during garbage collection"
1243         https://bugs.webkit.org/show_bug.cgi?id=140348
1244         http://trac.webkit.org/changeset/178266
1245
1246 2015-01-12  Michael Saboff  <msaboff@apple.com>
1247
1248         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1249         https://bugs.webkit.org/show_bug.cgi?id=140348
1250
1251         Reviewed by Mark Lam.
1252
1253         Move the address of the local variable that is used to demarcate the top of the stack for 
1254         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1255         the register values using setjmp().  That way we don't lose any callee save register
1256         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1257         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1258         erroneously.
1259
1260         * heap/Heap.cpp:
1261         (JSC::Heap::markRoots):
1262         (JSC::Heap::gatherStackRoots):
1263         * heap/Heap.h:
1264         * heap/MachineStackMarker.cpp:
1265         (JSC::MachineThreads::gatherFromCurrentThread):
1266         (JSC::MachineThreads::gatherConservativeRoots):
1267         * heap/MachineStackMarker.h:
1268
1269 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1270
1271         Fix typo in testate.c error messages
1272         https://bugs.webkit.org/show_bug.cgi?id=140305
1273
1274         Reviewed by Geoffrey Garen.
1275
1276         * API/tests/testapi.c:
1277         (main): "... script did not timed out ..." -> "... script did not time out ..."
1278
1279 2015-01-09  Michael Saboff  <msaboff@apple.com>
1280
1281         Breakpoint doesn't fire in this HTML5 game
1282         https://bugs.webkit.org/show_bug.cgi?id=140269
1283
1284         Reviewed by Mark Lam.
1285
1286         When parsing a single line cached function, use the lineStartOffset of the
1287         location where we found the cached function instead of the cached lineStartOffset.
1288         The cache location's lineStartOffset has not been adjusted for any possible
1289         containing functions.
1290
1291         This change is not needed for multi-line cached functions.  Consider the
1292         single line source:
1293
1294         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1295
1296         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1297         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1298         character is at outer()'s outermost open brace.  That is what we should use for
1299         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1300         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1301         to use the value of lineStartOffset before we started parsing inner1().  That is
1302         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1303
1304         For a multi-line function, the close brace is guaranteed to be on a different line
1305         than the open brace.  Hence, its lineStartOffset will not change with the change of
1306         the SourceCode start character
1307
1308         * parser/Parser.cpp:
1309         (JSC::Parser<LexerType>::parseFunctionInfo):
1310
1311 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1312
1313         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1314         https://bugs.webkit.org/show_bug.cgi?id=140279
1315         rdar://problem/19422299
1316
1317         Reviewed by Oliver Hunt.
1318
1319         * runtime/MapData.cpp:
1320         (JSC::MapData::replaceAndPackBackingStore):
1321         The cell table also needs to have its values fixed.
1322
1323 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1324
1325         Web Inspector: Remove or use TimelineAgent Resource related event types
1326         https://bugs.webkit.org/show_bug.cgi?id=140155
1327
1328         Reviewed by Timothy Hatcher.
1329
1330         Remove unused / stale Timeline event types.
1331
1332         * inspector/protocol/Timeline.json:
1333
1334 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1335
1336         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1337         https://bugs.webkit.org/show_bug.cgi?id=140098
1338
1339         Reviewed by Brian Burg.
1340
1341         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1342
1343 2015-01-08  Mark Lam  <mark.lam@apple.com>
1344
1345         Argument object created by "Function dot arguments" should use a clone of the argument values.
1346         <https://webkit.org/b/140093>
1347
1348         Reviewed by Geoffrey Garen.
1349
1350         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1351         test will crash.  The relevant code which manifests the issue is as follows:
1352
1353             function bar() {
1354                 return foo.arguments;
1355             }
1356
1357             function foo(p) {
1358                 var x = 42;
1359                 if (p)
1360                     return (function() { return x; });
1361                 else
1362                     return bar();
1363             }
1364
1365         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1366         has dead code eliminated the SetLocal that stores it into its designated local.
1367         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1368         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1369         but instead, finds it to be uninitialized.  This results in a null pointer access
1370         which causes a crash.
1371
1372         This can be resolved by having bar() instantiate a clone of the Arguments object
1373         instead, and populate its elements with values fetched directly from foo's frame.
1374         There's no need to reference foo's LexicalEnvironment (whether present or not).
1375
1376         * interpreter/StackVisitor.cpp:
1377         (JSC::StackVisitor::Frame::createArguments):
1378         * runtime/Arguments.h:
1379         (JSC::Arguments::finishCreation):
1380
1381 2015-01-08  Mark Lam  <mark.lam@apple.com>
1382
1383         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1384         <https://webkit.org/b/140236>
1385
1386         Reviewed by Geoffrey Garen.
1387
1388         Will change the DFG to use the operand on a subsequent pass.  For now,
1389         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1390         retain the old behavior of getting the lexicalEnviroment from the
1391         ExecState.
1392
1393         * bytecompiler/BytecodeGenerator.cpp:
1394         (JSC::BytecodeGenerator::BytecodeGenerator):
1395         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1396         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1397         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1398           instead of an empty JSValue as the lexicalEnvironment operand.
1399
1400         * dfg/DFGOperations.cpp:
1401         - Use the lexicalEnvironment from the ExecState for now.
1402
1403         * dfg/DFGSpeculativeJIT32_64.cpp:
1404         (JSC::DFG::SpeculativeJIT::compile):
1405         * dfg/DFGSpeculativeJIT64.cpp:
1406         (JSC::DFG::SpeculativeJIT::compile):
1407         - Use the operationCreateArgumentsForDFG() thunk for now.
1408
1409         * interpreter/CallFrame.cpp:
1410         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1411         * interpreter/CallFrame.h:
1412         - Added this convenience function to return either the
1413           lexicalEnvironment or a nullptr so that we don't need to do a
1414           conditional check on codeBlock->needsActivation() at multiple sites.
1415
1416         * interpreter/StackVisitor.cpp:
1417         (JSC::StackVisitor::Frame::createArguments):
1418         * jit/JIT.h:
1419         * jit/JITInlines.h:
1420         (JSC::JIT::callOperation):
1421         * jit/JITOpcodes.cpp:
1422         (JSC::JIT::emit_op_create_arguments):
1423         (JSC::JIT::emitSlow_op_get_argument_by_val):
1424         * jit/JITOpcodes32_64.cpp:
1425         (JSC::JIT::emit_op_create_arguments):
1426         (JSC::JIT::emitSlow_op_get_argument_by_val):
1427         * jit/JITOperations.cpp:
1428         * jit/JITOperations.h:
1429         * llint/LLIntSlowPaths.cpp:
1430         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1431         * runtime/Arguments.h:
1432         (JSC::Arguments::create):
1433         (JSC::Arguments::finishCreation):
1434         * runtime/CommonSlowPaths.cpp:
1435         (JSC::SLOW_PATH_DECL):
1436         * runtime/JSLexicalEnvironment.cpp:
1437         (JSC::JSLexicalEnvironment::argumentsGetter):
1438
1439 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1440
1441         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1442         https://bugs.webkit.org/show_bug.cgi?id=138991
1443
1444         Reviewed by Timothy Hatcher.
1445
1446         * debugger/Debugger.cpp:
1447         (JSC::Debugger::Debugger):
1448         (JSC::Debugger::pauseIfNeeded):
1449         (JSC::Debugger::didReachBreakpoint):
1450         When actually pausing, if we hit a breakpoint ensure the reason
1451         is PausedForBreakpoint, otherwise use the current reason.
1452
1453         * debugger/Debugger.h:
1454         Make pause reason and pausing breakpoint ID public.
1455
1456         * inspector/agents/InspectorDebuggerAgent.h:
1457         * inspector/agents/InspectorDebuggerAgent.cpp:
1458         (Inspector::buildAssertPauseReason):
1459         (Inspector::buildCSPViolationPauseReason):
1460         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1461         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1462         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1463         (Inspector::buildObjectForBreakpointCookie):
1464         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1465         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1466         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1467         (Inspector::InspectorDebuggerAgent::pause):
1468         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1469         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1470         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1471         Clean up creation of pause reason objects and other cleanup
1472         of PassRefPtr use and InjectedScript use.
1473
1474         (Inspector::InspectorDebuggerAgent::didPause):
1475         Clean up so that we first check for an Exception, and then fall
1476         back to including a Pause Reason derived from the Debugger.
1477
1478         * inspector/protocol/Debugger.json:
1479         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1480
1481 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1482
1483         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1484         https://bugs.webkit.org/show_bug.cgi?id=140209
1485
1486         Reviewed by Timothy Hatcher.
1487
1488         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1489         when the user can set an array of objects. Previously we were only type checking
1490         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1491
1492         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1493         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1494         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1495         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1496         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1497         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1498         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1499         * inspector/scripts/codegen/objc_generator.py:
1500         (ObjCGenerator.objc_class_for_array_type):
1501         (ObjCGenerator):
1502
1503 2015-01-07  Mark Lam  <mark.lam@apple.com>
1504
1505         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1506         <https://webkit.org/b/140233>
1507
1508         Reviewed by Filip Pizlo.
1509
1510         This patch only adds the operand to the bytecode.  It is not in use yet.
1511
1512         * bytecode/BytecodeList.json:
1513         * bytecode/BytecodeUseDef.h:
1514         (JSC::computeUsesForBytecodeOffset):
1515         * bytecode/CodeBlock.cpp:
1516         (JSC::CodeBlock::dumpBytecode):
1517         * bytecompiler/BytecodeGenerator.cpp:
1518         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1519         * llint/LowLevelInterpreter32_64.asm:
1520         * llint/LowLevelInterpreter64.asm:
1521
1522 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1523
1524         Investigate the character type of repeated string instead of checking is8Bit flag
1525         https://bugs.webkit.org/show_bug.cgi?id=140139
1526
1527         Reviewed by Darin Adler.
1528
1529         Instead of checking is8Bit flag of the repeated string, investigate
1530         the actual value of the repeated character since i8Bit flag give a false negative case.
1531
1532         * runtime/StringPrototype.cpp:
1533         (JSC::repeatCharacter):
1534         (JSC::stringProtoFuncRepeat):
1535         (JSC::repeatSmallString): Deleted.
1536
1537 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1538
1539         Web Inspector: ObjC Generate types from the GenericTypes domain
1540         https://bugs.webkit.org/show_bug.cgi?id=140229
1541
1542         Reviewed by Timothy Hatcher.
1543
1544         Generate types from the GenericTypes domain, as they are expected
1545         by other domains (like Page domain). Also, don't include the @protocol
1546         forward declaration for a domain if it doesn't have any commands.
1547
1548         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1549         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1550         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1551         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1552         * inspector/scripts/codegen/objc_generator.py:
1553         (ObjCGenerator):
1554         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1555         * inspector/scripts/tests/expected/enum-values.json-result:
1556         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1557         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1558         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1559         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1560         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1561         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1562         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1563         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1564         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1565
1566 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1567
1568         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1569         https://bugs.webkit.org/show_bug.cgi?id=140228
1570
1571         Reviewed by Timothy Hatcher.
1572
1573         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1574         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1575         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1576         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1577         * inspector/scripts/tests/expected/enum-values.json-result:
1578         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1579
1580 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1581
1582         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1583         https://bugs.webkit.org/show_bug.cgi?id=140165
1584
1585         Reviewed by Michael Saboff.
1586
1587         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1588         into the LLInt speeds up type profiling.
1589
1590         * llint/LLIntOffsetsExtractor.cpp:
1591         * llint/LowLevelInterpreter.asm:
1592         * llint/LowLevelInterpreter32_64.asm:
1593         * llint/LowLevelInterpreter64.asm:
1594         * runtime/CommonSlowPaths.cpp:
1595         (JSC::SLOW_PATH_DECL):
1596         * runtime/CommonSlowPaths.h:
1597         * runtime/TypeProfilerLog.h:
1598         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1599
1600 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1601
1602         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1603         https://bugs.webkit.org/show_bug.cgi?id=140053
1604
1605         Reviewed by Andreas Kling.
1606
1607         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1608         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1609         references are always non-null. These two refactorings have been combined since
1610         they tend to require similar changes to the code.
1611
1612         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1613         have been updated to take a Ref instead of RefPtr.
1614
1615         Builders for typed protocol objects now return a Ref. Since there is no implicit
1616         call to operator&, callsites now must explicitly call .release() to convert a
1617         builder object into the corresponding protocol object once required fields are set.
1618         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1619
1620         Tests for inspector protocol and replay inputs have been rebaselined.
1621
1622         * bindings/ScriptValue.cpp:
1623         (Deprecated::jsToInspectorValue):
1624         (Deprecated::ScriptValue::toInspectorValue):
1625         * bindings/ScriptValue.h:
1626         * inspector/ConsoleMessage.cpp:
1627         (Inspector::ConsoleMessage::addToFrontend):
1628         * inspector/ContentSearchUtilities.cpp:
1629         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1630         (Inspector::ContentSearchUtilities::searchInTextByLines):
1631         * inspector/ContentSearchUtilities.h:
1632         * inspector/InjectedScript.cpp:
1633         (Inspector::InjectedScript::getFunctionDetails):
1634         (Inspector::InjectedScript::getProperties):
1635         (Inspector::InjectedScript::getInternalProperties):
1636         (Inspector::InjectedScript::wrapCallFrames):
1637         (Inspector::InjectedScript::wrapObject):
1638         (Inspector::InjectedScript::wrapTable):
1639         * inspector/InjectedScript.h:
1640         * inspector/InjectedScriptBase.cpp:
1641         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1642         * inspector/InspectorBackendDispatcher.cpp:
1643         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1644         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1645         (Inspector::InspectorBackendDispatcher::create):
1646         (Inspector::InspectorBackendDispatcher::dispatch):
1647         (Inspector::InspectorBackendDispatcher::sendResponse):
1648         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1649         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1650         (Inspector::InspectorBackendDispatcher::getInteger):
1651         (Inspector::InspectorBackendDispatcher::getDouble):
1652         (Inspector::InspectorBackendDispatcher::getString):
1653         (Inspector::InspectorBackendDispatcher::getBoolean):
1654         (Inspector::InspectorBackendDispatcher::getObject):
1655         (Inspector::InspectorBackendDispatcher::getArray):
1656         (Inspector::InspectorBackendDispatcher::getValue):
1657         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1658         protocol error strings.
1659         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1660         Convert the supplemental dispatcher's reference to Ref since it is never null.
1661         * inspector/InspectorEnvironment.h:
1662         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1663         StructItemTraits. Add more versions of addItem to handle pushing various types.
1664         (Inspector::Protocol::Array::openAccessors):
1665         (Inspector::Protocol::Array::addItem):
1666         (Inspector::Protocol::Array::create):
1667         (Inspector::Protocol::StructItemTraits::push):
1668         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1669         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1670         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1671         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1672         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1673         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1674         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1675         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1676         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1677         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1678         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1679         the same call signature as other getters. Use Ref where possible.
1680         (Inspector::InspectorObjectBase::getBoolean):
1681         (Inspector::InspectorObjectBase::getString):
1682         (Inspector::InspectorObjectBase::getObject):
1683         (Inspector::InspectorObjectBase::getArray):
1684         (Inspector::InspectorObjectBase::getValue):
1685         (Inspector::InspectorObjectBase::writeJSON):
1686         (Inspector::InspectorArrayBase::get):
1687         (Inspector::InspectorObject::create):
1688         (Inspector::InspectorArray::create):
1689         (Inspector::InspectorValue::null):
1690         (Inspector::InspectorString::create):
1691         (Inspector::InspectorBasicValue::create):
1692         (Inspector::InspectorObjectBase::get): Deleted.
1693         * inspector/InspectorValues.h:
1694         (Inspector::InspectorObjectBase::setValue):
1695         (Inspector::InspectorObjectBase::setObject):
1696         (Inspector::InspectorObjectBase::setArray):
1697         (Inspector::InspectorArrayBase::pushValue):
1698         (Inspector::InspectorArrayBase::pushObject):
1699         (Inspector::InspectorArrayBase::pushArray):
1700         * inspector/JSGlobalObjectConsoleClient.cpp:
1701         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1702         (Inspector::JSGlobalObjectConsoleClient::count):
1703         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1704         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1705         * inspector/JSGlobalObjectConsoleClient.h:
1706         * inspector/JSGlobalObjectInspectorController.cpp:
1707         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1708         * inspector/JSGlobalObjectInspectorController.h:
1709         * inspector/ScriptCallFrame.cpp:
1710         (Inspector::ScriptCallFrame::buildInspectorObject):
1711         * inspector/ScriptCallFrame.h:
1712         * inspector/ScriptCallStack.cpp:
1713         (Inspector::ScriptCallStack::create):
1714         (Inspector::ScriptCallStack::buildInspectorArray):
1715         * inspector/ScriptCallStack.h:
1716         * inspector/agents/InspectorAgent.cpp:
1717         (Inspector::InspectorAgent::enable):
1718         (Inspector::InspectorAgent::inspect):
1719         (Inspector::InspectorAgent::activateExtraDomain):
1720         * inspector/agents/InspectorAgent.h:
1721         * inspector/agents/InspectorDebuggerAgent.cpp:
1722         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1723         (Inspector::buildObjectForBreakpointCookie):
1724         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1725         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1726         (Inspector::InspectorDebuggerAgent::continueToLocation):
1727         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1728         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1729         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1730         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1731         (Inspector::InspectorDebuggerAgent::didParseSource):
1732         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1733         (Inspector::InspectorDebuggerAgent::breakProgram):
1734         * inspector/agents/InspectorDebuggerAgent.h:
1735         * inspector/agents/InspectorRuntimeAgent.cpp:
1736         (Inspector::buildErrorRangeObject):
1737         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1738         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1739         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1740         * inspector/agents/InspectorRuntimeAgent.h:
1741         * inspector/scripts/codegen/cpp_generator.py:
1742         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1743         (CppGenerator.cpp_type_for_type_with_name):
1744         (CppGenerator.cpp_type_for_formal_async_parameter):
1745         (CppGenerator.should_use_references_for_type):
1746         (CppGenerator):
1747         * inspector/scripts/codegen/cpp_generator_templates.py:
1748         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1749         (CppBackendDispatcherHeaderGenerator.generate_output):
1750         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1751         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1752         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1753         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1754         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1755         (CppFrontendDispatcherHeaderGenerator.generate_output):
1756         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1757         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1758         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1759         (CppProtocolTypesHeaderGenerator.generate_output):
1760         (_generate_class_for_object_declaration):
1761         (_generate_unchecked_setter_for_member):
1762         (_generate_forward_declarations_for_binding_traits):
1763         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1764         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1765         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1766         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1767         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1768         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1769         (ObjCProtocolTypesImplementationGenerator.generate_output):
1770         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1771         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1772         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1773         * inspector/scripts/tests/expected/enum-values.json-result:
1774         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1775         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1776         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1777         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1778         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1779         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1780         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1781         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1782         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1783         * replay/EncodedValue.cpp:
1784         (JSC::EncodedValue::asObject):
1785         (JSC::EncodedValue::asArray):
1786         (JSC::EncodedValue::put<EncodedValue>):
1787         (JSC::EncodedValue::append<EncodedValue>):
1788         (JSC::EncodedValue::get<EncodedValue>):
1789         * replay/EncodedValue.h:
1790         * replay/scripts/CodeGeneratorReplayInputs.py:
1791         (Type.borrow_type):
1792         (Type.argument_type):
1793         (Generator.generate_member_move_expression):
1794         * runtime/ConsoleClient.cpp:
1795         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1796         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1797         (JSC::ConsoleClient::logWithLevel):
1798         (JSC::ConsoleClient::clear):
1799         (JSC::ConsoleClient::dir):
1800         (JSC::ConsoleClient::dirXML):
1801         (JSC::ConsoleClient::table):
1802         (JSC::ConsoleClient::trace):
1803         (JSC::ConsoleClient::assertCondition):
1804         (JSC::ConsoleClient::group):
1805         (JSC::ConsoleClient::groupCollapsed):
1806         (JSC::ConsoleClient::groupEnd):
1807         * runtime/ConsoleClient.h:
1808         * runtime/TypeSet.cpp:
1809         (JSC::TypeSet::allStructureRepresentations):
1810         (JSC::TypeSet::inspectorTypeSet):
1811         (JSC::StructureShape::inspectorRepresentation):
1812         * runtime/TypeSet.h:
1813
1814 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1815
1816         Unreviewed, rolling out r178039.
1817         https://bugs.webkit.org/show_bug.cgi?id=140187
1818
1819         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1820         #webkit).
1821
1822         Reverted changeset:
1823
1824         "Web Inspector: purge PassRefPtr from Inspector code and use
1825         Ref for typed and untyped protocol objects"
1826         https://bugs.webkit.org/show_bug.cgi?id=140053
1827         http://trac.webkit.org/changeset/178039
1828
1829 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1830
1831         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1832         https://bugs.webkit.org/show_bug.cgi?id=140053
1833
1834         Reviewed by Andreas Kling.
1835
1836         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1837         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1838         references are always non-null. These two refactorings have been combined since
1839         they tend to require similar changes to the code.
1840
1841         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1842         have been updated to take a Ref instead of RefPtr.
1843
1844         Builders for typed protocol objects now return a Ref. Since there is no implicit
1845         call to operator&, callsites now must explicitly call .release() to convert a
1846         builder object into the corresponding protocol object once required fields are set.
1847         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1848
1849         Tests for inspector protocol and replay inputs have been rebaselined.
1850
1851         * bindings/ScriptValue.cpp:
1852         (Deprecated::jsToInspectorValue):
1853         (Deprecated::ScriptValue::toInspectorValue):
1854         * bindings/ScriptValue.h:
1855         * inspector/ConsoleMessage.cpp:
1856         (Inspector::ConsoleMessage::addToFrontend):
1857         * inspector/ContentSearchUtilities.cpp:
1858         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1859         (Inspector::ContentSearchUtilities::searchInTextByLines):
1860         * inspector/ContentSearchUtilities.h:
1861         * inspector/InjectedScript.cpp:
1862         (Inspector::InjectedScript::getFunctionDetails):
1863         (Inspector::InjectedScript::getProperties):
1864         (Inspector::InjectedScript::getInternalProperties):
1865         (Inspector::InjectedScript::wrapCallFrames):
1866         (Inspector::InjectedScript::wrapObject):
1867         (Inspector::InjectedScript::wrapTable):
1868         * inspector/InjectedScript.h:
1869         * inspector/InjectedScriptBase.cpp:
1870         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1871         * inspector/InspectorBackendDispatcher.cpp:
1872         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1873         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1874         (Inspector::InspectorBackendDispatcher::create):
1875         (Inspector::InspectorBackendDispatcher::dispatch):
1876         (Inspector::InspectorBackendDispatcher::sendResponse):
1877         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1878         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1879         (Inspector::InspectorBackendDispatcher::getInteger):
1880         (Inspector::InspectorBackendDispatcher::getDouble):
1881         (Inspector::InspectorBackendDispatcher::getString):
1882         (Inspector::InspectorBackendDispatcher::getBoolean):
1883         (Inspector::InspectorBackendDispatcher::getObject):
1884         (Inspector::InspectorBackendDispatcher::getArray):
1885         (Inspector::InspectorBackendDispatcher::getValue):
1886         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1887         protocol error strings.
1888         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1889         Convert the supplemental dispatcher's reference to Ref since it is never null.
1890         * inspector/InspectorEnvironment.h:
1891         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1892         StructItemTraits. Add more versions of addItem to handle pushing various types.
1893         (Inspector::Protocol::Array::openAccessors):
1894         (Inspector::Protocol::Array::addItem):
1895         (Inspector::Protocol::Array::create):
1896         (Inspector::Protocol::StructItemTraits::push):
1897         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1898         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1899         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1900         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1901         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1902         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1903         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1904         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1905         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1906         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1907         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1908         the same call signature as other getters. Use Ref where possible.
1909         (Inspector::InspectorObjectBase::getBoolean):
1910         (Inspector::InspectorObjectBase::getString):
1911         (Inspector::InspectorObjectBase::getObject):
1912         (Inspector::InspectorObjectBase::getArray):
1913         (Inspector::InspectorObjectBase::getValue):
1914         (Inspector::InspectorObjectBase::writeJSON):
1915         (Inspector::InspectorArrayBase::get):
1916         (Inspector::InspectorObject::create):
1917         (Inspector::InspectorArray::create):
1918         (Inspector::InspectorValue::null):
1919         (Inspector::InspectorString::create):
1920         (Inspector::InspectorBasicValue::create):
1921         (Inspector::InspectorObjectBase::get): Deleted.
1922         * inspector/InspectorValues.h:
1923         (Inspector::InspectorObjectBase::setValue):
1924         (Inspector::InspectorObjectBase::setObject):
1925         (Inspector::InspectorObjectBase::setArray):
1926         (Inspector::InspectorArrayBase::pushValue):
1927         (Inspector::InspectorArrayBase::pushObject):
1928         (Inspector::InspectorArrayBase::pushArray):
1929         * inspector/JSGlobalObjectConsoleClient.cpp:
1930         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1931         (Inspector::JSGlobalObjectConsoleClient::count):
1932         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1933         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1934         * inspector/JSGlobalObjectConsoleClient.h:
1935         * inspector/JSGlobalObjectInspectorController.cpp:
1936         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1937         * inspector/JSGlobalObjectInspectorController.h:
1938         * inspector/ScriptCallFrame.cpp:
1939         (Inspector::ScriptCallFrame::buildInspectorObject):
1940         * inspector/ScriptCallFrame.h:
1941         * inspector/ScriptCallStack.cpp:
1942         (Inspector::ScriptCallStack::create):
1943         (Inspector::ScriptCallStack::buildInspectorArray):
1944         * inspector/ScriptCallStack.h:
1945         * inspector/agents/InspectorAgent.cpp:
1946         (Inspector::InspectorAgent::enable):
1947         (Inspector::InspectorAgent::inspect):
1948         (Inspector::InspectorAgent::activateExtraDomain):
1949         * inspector/agents/InspectorAgent.h:
1950         * inspector/agents/InspectorDebuggerAgent.cpp:
1951         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1952         (Inspector::buildObjectForBreakpointCookie):
1953         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1954         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1955         (Inspector::InspectorDebuggerAgent::continueToLocation):
1956         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1957         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1958         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1959         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1960         (Inspector::InspectorDebuggerAgent::didParseSource):
1961         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1962         (Inspector::InspectorDebuggerAgent::breakProgram):
1963         * inspector/agents/InspectorDebuggerAgent.h:
1964         * inspector/agents/InspectorRuntimeAgent.cpp:
1965         (Inspector::buildErrorRangeObject):
1966         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1967         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1968         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1969         * inspector/agents/InspectorRuntimeAgent.h:
1970         * inspector/scripts/codegen/cpp_generator.py:
1971         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1972         (CppGenerator.cpp_type_for_type_with_name):
1973         (CppGenerator.cpp_type_for_formal_async_parameter):
1974         (CppGenerator.should_use_references_for_type):
1975         (CppGenerator):
1976         * inspector/scripts/codegen/cpp_generator_templates.py:
1977         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1978         (CppBackendDispatcherHeaderGenerator.generate_output):
1979         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1980         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1981         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1982         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1983         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1984         (CppFrontendDispatcherHeaderGenerator.generate_output):
1985         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1986         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1987         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1988         (CppProtocolTypesHeaderGenerator.generate_output):
1989         (_generate_class_for_object_declaration):
1990         (_generate_unchecked_setter_for_member):
1991         (_generate_forward_declarations_for_binding_traits):
1992         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1993         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1994         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1995         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1996         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1997         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1998         (ObjCProtocolTypesImplementationGenerator.generate_output):
1999         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2000         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2001         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2002         * inspector/scripts/tests/expected/enum-values.json-result:
2003         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2004         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2005         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2006         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2007         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2008         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2009         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2010         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2011         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2012         * replay/EncodedValue.cpp:
2013         (JSC::EncodedValue::asObject):
2014         (JSC::EncodedValue::asArray):
2015         (JSC::EncodedValue::put<EncodedValue>):
2016         (JSC::EncodedValue::append<EncodedValue>):
2017         (JSC::EncodedValue::get<EncodedValue>):
2018         * replay/EncodedValue.h:
2019         * replay/scripts/CodeGeneratorReplayInputs.py:
2020         (Type.borrow_type):
2021         (Type.argument_type):
2022         (Generator.generate_member_move_expression):
2023         * runtime/ConsoleClient.cpp:
2024         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2025         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2026         (JSC::ConsoleClient::logWithLevel):
2027         (JSC::ConsoleClient::clear):
2028         (JSC::ConsoleClient::dir):
2029         (JSC::ConsoleClient::dirXML):
2030         (JSC::ConsoleClient::table):
2031         (JSC::ConsoleClient::trace):
2032         (JSC::ConsoleClient::assertCondition):
2033         (JSC::ConsoleClient::group):
2034         (JSC::ConsoleClient::groupCollapsed):
2035         (JSC::ConsoleClient::groupEnd):
2036         * runtime/ConsoleClient.h:
2037         * runtime/TypeSet.cpp:
2038         (JSC::TypeSet::allStructureRepresentations):
2039         (JSC::TypeSet::inspectorTypeSet):
2040         (JSC::StructureShape::inspectorRepresentation):
2041         * runtime/TypeSet.h:
2042
2043 2015-01-06  Chris Dumez  <cdumez@apple.com>
2044
2045         Drop ResourceResponseBase::connectionID and connectionReused members
2046         https://bugs.webkit.org/show_bug.cgi?id=140158
2047
2048         Reviewed by Sam Weinig.
2049
2050         Drop ResourceResponseBase::connectionID and connectionReused members.
2051         Those were needed by the Chromium port but are no longer used.
2052
2053         * inspector/protocol/Network.json:
2054
2055 2015-01-06  Mark Lam  <mark.lam@apple.com>
2056
2057         Add the lexicalEnvironment as an operand to op_create_arguments.
2058         <https://webkit.org/b/140148>
2059
2060         Reviewed by Geoffrey Garen.
2061
2062         This patch only adds the operand to the bytecode.  It is not in use yet.
2063
2064         * bytecode/BytecodeList.json:
2065         * bytecode/BytecodeUseDef.h:
2066         (JSC::computeUsesForBytecodeOffset):
2067         * bytecode/CodeBlock.cpp:
2068         (JSC::CodeBlock::dumpBytecode):
2069         * bytecompiler/BytecodeGenerator.cpp:
2070         (JSC::BytecodeGenerator::BytecodeGenerator):
2071         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2072         - Adds the lexicalEnvironment register (if present) as an operand to
2073           op_create_arguments.  Else, adds a constant empty JSValue.
2074         * llint/LowLevelInterpreter32_64.asm:
2075         * llint/LowLevelInterpreter64.asm:
2076
2077 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
2078
2079         ADDRESS_SANITIZER macro is overloaded
2080         https://bugs.webkit.org/show_bug.cgi?id=140130
2081
2082         Reviewed by Anders Carlsson.
2083
2084         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
2085         This code is nearly unused (only compiled in when JIT is disabled at build time),
2086         however I've been told that it's best to keep it.
2087
2088 2015-01-06  Mark Lam  <mark.lam@apple.com>
2089
2090         Fix Use details for op_create_arguments.
2091         <https://webkit.org/b/140110>
2092
2093         Rubber stamped by Filip Pizlo.
2094
2095         The previous patch was wrong about op_create_arguments not using its 1st operand.
2096         It does read from it (hence, used) to check if the Arguments object has already
2097         been created or not.  This patch reverts the change for op_create_arguments.
2098
2099         * bytecode/BytecodeUseDef.h:
2100         (JSC::computeUsesForBytecodeOffset):
2101
2102 2015-01-06  Mark Lam  <mark.lam@apple.com>
2103
2104         Fix Use details for op_create_lexical_environment and op_create_arguments.
2105         <https://webkit.org/b/140110>
2106
2107         Reviewed by Filip Pizlo.
2108
2109         The current "Use" details for op_create_lexical_environment and
2110         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
2111         1st operand (the output local).  op_create_lexical_environment uses its 2nd
2112         operand (the scope chain) instead of the 1st (the output local).
2113         This patch fixes them to specify the proper uses.
2114
2115         * bytecode/BytecodeUseDef.h:
2116         (JSC::computeUsesForBytecodeOffset):
2117
2118 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2119
2120         Implement ES6 String.prototype.repeat(count)
2121         https://bugs.webkit.org/show_bug.cgi?id=140047
2122
2123         Reviewed by Darin Adler.
2124
2125         Introducing ES6 String.prototype.repeat(count) function.
2126
2127         * runtime/JSString.h:
2128         * runtime/StringPrototype.cpp:
2129         (JSC::StringPrototype::finishCreation):
2130         (JSC::repeatSmallString):
2131         (JSC::stringProtoFuncRepeat):
2132
2133 2015-01-03  Michael Saboff  <msaboff@apple.com>
2134
2135         Crash in operationNewFunction when scrolling on Google+
2136         https://bugs.webkit.org/show_bug.cgi?id=140033
2137
2138         Reviewed by Oliver Hunt.
2139
2140         In DFG code, the scope register can be eliminated because all uses have been
2141         dead code eliminated.  In the case where one of the uses was creating a function
2142         that is never used, the baseline code will still create the function.  If we OSR
2143         exit to a path where that function gets created, check the scope register value
2144         and set the new, but dead, function to undefined instead of creating a new function.
2145
2146         * jit/JITOpcodes.cpp:
2147         (JSC::JIT::emit_op_new_func_exp):
2148
2149 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2150
2151         String includes methods perform toString on searchString before toInt32 on a offset
2152         https://bugs.webkit.org/show_bug.cgi?id=140031
2153
2154         Reviewed by Darin Adler.
2155
2156         * runtime/StringPrototype.cpp:
2157         (JSC::stringProtoFuncStartsWith):
2158         (JSC::stringProtoFuncEndsWith):
2159         (JSC::stringProtoFuncIncludes):
2160
2161 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2162
2163         Change to return std::unique_ptr<> in fooCreate()
2164         https://bugs.webkit.org/show_bug.cgi?id=139983
2165
2166         Reviewed by Darin Adler.
2167
2168         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2169
2170         * create_regex_tables:
2171         * yarr/YarrPattern.h:
2172         (JSC::Yarr::YarrPattern::reset):
2173         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2174         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2175         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2176         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2177         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2178         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2179         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2180
2181 2015-01-01  Jeff Miller  <jeffm@apple.com>
2182
2183         Update user-visible copyright strings to include 2015
2184         https://bugs.webkit.org/show_bug.cgi?id=139880
2185
2186         Reviewed by Darin Adler.
2187
2188         * Info.plist:
2189
2190 2015-01-01  Darin Adler  <darin@apple.com>
2191
2192         We often misspell identifier as "identifer"
2193         https://bugs.webkit.org/show_bug.cgi?id=140025
2194
2195         Reviewed by Michael Saboff.
2196
2197         * runtime/ArrayConventions.h: Fix it.
2198
2199 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2200
2201         Move JavaScriptCore/yarr to std::unique_ptr
2202         https://bugs.webkit.org/show_bug.cgi?id=139621
2203
2204         Reviewed by Anders Carlsson.
2205
2206         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2207
2208         * yarr/YarrInterpreter.cpp:
2209         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2210         * yarr/YarrInterpreter.h:
2211         (JSC::Yarr::BytecodePattern::BytecodePattern):
2212         * yarr/YarrJIT.cpp:
2213         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2214         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2215         (JSC::Yarr::YarrGenerator::opCompileBody):
2216         * yarr/YarrPattern.cpp:
2217         (JSC::Yarr::CharacterClassConstructor::charClass):
2218         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2219         (JSC::Yarr::YarrPatternConstructor::reset):
2220         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2221         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2222         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2223         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2224         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2225         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2226         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2227         * yarr/YarrPattern.h:
2228         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2229         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2230         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2231         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2232         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2233         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2234         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2235         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2236
2237 2014-12-26  Dan Bernstein  <mitz@apple.com>
2238
2239         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2240         https://bugs.webkit.org/show_bug.cgi?id=139950
2241
2242         Reviewed by David Kilzer.
2243
2244         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2245         in a manner that works with Xcode 5.1.1.
2246
2247 2014-12-22  Mark Lam  <mark.lam@apple.com>
2248
2249         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2250         <https://webkit.org/b/139892>
2251
2252         Reviewed by Michael Saboff.
2253
2254         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2255         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2256         This patch changes it to use the helper function consistently.
2257
2258         * jit/JITOperations.cpp:
2259
2260 2014-12-22  Mark Lam  <mark.lam@apple.com>
2261
2262         Fix some typos in a comment.
2263         <https://webkit.org/b/139882>
2264
2265         Reviewed by Michael Saboff.
2266
2267         * jit/JITPropertyAccess.cpp:
2268         (JSC::JIT::emit_op_get_by_val):
2269
2270 2014-12-22  Mark Lam  <mark.lam@apple.com>
2271
2272         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2273         <https://webkit.org/b/138118>
2274
2275         Reviewed by Michael Saboff.
2276
2277         * runtime/JSObject.cpp:
2278         (JSC::JSObject::convertInt32ToArrayStorage):
2279         (JSC::JSObject::convertDoubleToArrayStorage):
2280         (JSC::JSObject::convertContiguousToArrayStorage):
2281
2282 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2283
2284         [iOS] add optimized fullscreen API
2285         https://bugs.webkit.org/show_bug.cgi?id=139833
2286         <rdar://problem/18844486>
2287
2288         Reviewed by Simon Fraser.
2289
2290         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2291
2292 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2293
2294         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2295         <http://webkit.org/b/139463>
2296
2297         Reviewed by Mark Rowe.
2298
2299         * Configurations/JavaScriptCore.xcconfig:
2300         - Simplify SECTORDER_FLAGS.
2301
2302 2014-12-19  Andreas Kling  <akling@apple.com>
2303
2304         Plug leak below LLVMCopyStringRepOfTargetData().
2305         <https://webkit.org/b/139832>
2306
2307         Reviewed by Michael Saboff.
2308
2309         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2310         to free() it after we're done using it.
2311
2312         * ftl/FTLCompile.cpp:
2313         (JSC::FTL::mmAllocateDataSection):
2314
2315 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2316
2317         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2318         https://bugs.webkit.org/show_bug.cgi?id=139797
2319
2320         Reviewed by Mark Lam.
2321
2322         * debugger/Debugger.h:
2323         * debugger/Debugger.cpp:
2324         (JSC::Debugger::isAttached):
2325         Check if we are the debugger for a particular global object.
2326         (JSC::Debugger::pauseIfNeeded):
2327         Pass the global object on when hitting a brekapoint.
2328
2329         * inspector/ScriptDebugServer.h:
2330         * inspector/ScriptDebugServer.cpp:
2331         (Inspector::ScriptDebugServer::handleBreakpointHit):
2332         Stop evaluting breakpoint actions if a previous action caused the
2333         debugger to detach from this global object.
2334         (Inspector::ScriptDebugServer::handlePause):
2335         Standardize on passing JSGlobalObject parameter first.
2336
2337 2014-12-19  Mark Lam  <mark.lam@apple.com>
2338
2339         [Win] Endless compiler warnings created by DFGEdge.h.
2340         <https://webkit.org/b/139801>
2341
2342         Reviewed by Brent Fulgham.
2343
2344         Add a cast to fix the type just the way the 64-bit version does.
2345
2346         * dfg/DFGEdge.h:
2347         (JSC::DFG::Edge::makeWord):
2348
2349 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2350
2351         Unreviewed, rolling out r177574.
2352         https://bugs.webkit.org/show_bug.cgi?id=139821
2353
2354         "Broke Production builds by installing
2355         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2356         by ddkilzer on #webkit).
2357
2358         Reverted changeset:
2359
2360         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2361         WebInspectorUI, WebKit, WebKit2"
2362         https://bugs.webkit.org/show_bug.cgi?id=139463
2363         http://trac.webkit.org/changeset/177574
2364
2365 2014-12-19  Michael Saboff  <msaboff@apple.com>
2366
2367         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2368         https://bugs.webkit.org/show_bug.cgi?id=139808
2369
2370         Reviewed by Oliver Hunt.
2371
2372         There are three changes here.
2373         1) Create a VariableWatchpointSet for captured arguments variables.
2374         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2375         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2376
2377         * bytecompiler/BytecodeGenerator.cpp:
2378         (JSC::BytecodeGenerator::BytecodeGenerator):
2379         * llint/LowLevelInterpreter32_64.asm:
2380         * llint/LowLevelInterpreter64.asm:
2381
2382 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2383
2384         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2385         <http://webkit.org/b/139463>
2386
2387         Reviewed by Mark Rowe.
2388
2389         * Configurations/JavaScriptCore.xcconfig:
2390         - Simplify SECTORDER_FLAGS.
2391
2392 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2393
2394         Unreviewed build fix.
2395
2396         * jsc.cpp: Remove typo.
2397
2398 2014-12-17  Michael Saboff  <msaboff@apple.com>
2399
2400         Tests with infinite recursion frequently crash
2401         https://bugs.webkit.org/show_bug.cgi?id=139548
2402
2403         Reviewed by Geoffrey Garen.
2404
2405         While unwinding, if the call frame doesn't have a codeblock, then we
2406         are in native code, handle appropriately.
2407
2408         * interpreter/Interpreter.cpp:
2409         (JSC::unwindCallFrame):
2410         (JSC::UnwindFunctor::operator()):
2411         Added checks for null CodeBlock.
2412
2413         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2414
2415 2014-12-17  Chris Dumez  <cdumez@apple.com>
2416
2417         [iOS] Make it possible to toggle FeatureCounter support at runtime
2418         https://bugs.webkit.org/show_bug.cgi?id=139688
2419         <rdar://problem/19266254>
2420
2421         Reviewed by Andreas Kling.
2422
2423         Stop linking against AppSupport framework as the functionality is no
2424         longer in WTF (it was moved to WebCore).
2425
2426         * Configurations/JavaScriptCore.xcconfig:
2427
2428 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2429
2430         [Win] Correct DebugSuffix builds under MSBuild
2431         https://bugs.webkit.org/show_bug.cgi?id=139733
2432         <rdar://problem/19276880>
2433
2434         Reviewed by Simon Fraser.
2435
2436         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2437         '_debug' suffix when building the DebugSuffix target.
2438
2439 2014-12-16  Enrica Casucci  <enrica@apple.com>
2440
2441         Fix iOS builders for 8.0
2442         https://bugs.webkit.org/show_bug.cgi?id=139495
2443
2444         Reviewed by Michael Saboff.
2445
2446         * Configurations/LLVMForJSC.xcconfig:
2447         * llvm/library/LLVMExports.cpp:
2448         (initializeAndGetJSCLLVMAPI):
2449
2450 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2451
2452         Unreviewed, rolling out r177380.
2453         https://bugs.webkit.org/show_bug.cgi?id=139707
2454
2455         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2456         msaboff_ on #webkit).
2457
2458         Reverted changeset:
2459
2460         "Fixes operationPutByIdOptimizes such that they check that the
2461         put didn't"
2462         https://bugs.webkit.org/show_bug.cgi?id=139500
2463         http://trac.webkit.org/changeset/177380
2464
2465 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2466
2467         Fixes operationPutByIdOptimizes such that they check that the put didn't
2468         change the structure of the object who's property access is being
2469         cached.
2470         https://bugs.webkit.org/show_bug.cgi?id=139500
2471
2472         Reviewed by Geoffrey Garen.
2473
2474         * jit/JITOperations.cpp:
2475         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2476         (JSC::operationPutByIdNonStrictOptimize): ditto.
2477         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2478         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2479         * jit/Repatch.cpp:
2480         (JSC::tryCachePutByID): Added argument for the old structure
2481         (JSC::repatchPutByID): Added argument for the old structure
2482         * jit/Repatch.h:
2483         * tests/stress/put-by-id-build-list-order-recurse.js: 
2484         Added test that fails without this patch.
2485
2486 2014-12-15  Chris Dumez  <cdumez@apple.com>
2487
2488         [iOS] Add feature counting support
2489         https://bugs.webkit.org/show_bug.cgi?id=139652
2490         <rdar://problem/19255690>
2491
2492         Reviewed by Gavin Barraclough.
2493
2494         Link against AppSupport framework on iOS as we need it to implement
2495         the new FeatureCounter API in WTF.
2496
2497         * Configurations/JavaScriptCore.xcconfig:
2498
2499 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2500
2501         Unreviewed, rolling out r177284.
2502         https://bugs.webkit.org/show_bug.cgi?id=139658
2503
2504         "Breaks API tests and LayoutTests on Yosemite Debug"
2505         (Requested by msaboff on #webkit).
2506
2507         Reverted changeset:
2508
2509         "Make sure range based iteration of Vector<> still receives
2510         bounds checking"
2511         https://bugs.webkit.org/show_bug.cgi?id=138821
2512         http://trac.webkit.org/changeset/177284
2513
2514 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2515
2516         [EFL] FTL JIT not working on ARM64
2517         https://bugs.webkit.org/show_bug.cgi?id=139295
2518
2519         Reviewed by Michael Saboff.
2520
2521         Added the missing code for stack unwinding and some additional small fixes
2522         to get FTL working correctly.
2523
2524         * ftl/FTLCompile.cpp:
2525         (JSC::FTL::mmAllocateDataSection):
2526         * ftl/FTLUnwindInfo.cpp:
2527         (JSC::FTL::UnwindInfo::parse):
2528
2529 2014-12-15  Oliver Hunt  <oliver@apple.com>
2530
2531         Make sure range based iteration of Vector<> still receives bounds checking
2532         https://bugs.webkit.org/show_bug.cgi?id=138821
2533
2534         Reviewed by Mark Lam.
2535
2536         Update code to deal with slightly changed iterator semantics.
2537
2538         * bytecode/UnlinkedCodeBlock.cpp:
2539         (JSC::UnlinkedCodeBlock::visitChildren):
2540         * bytecompiler/BytecodeGenerator.cpp:
2541         (JSC::BytecodeGenerator::emitComplexPopScopes):
2542         * dfg/DFGSpeculativeJIT.cpp:
2543         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2544         * ftl/FTLAbbreviations.h:
2545         (JSC::FTL::mdNode):
2546         (JSC::FTL::buildCall):
2547         * llint/LLIntData.cpp:
2548         (JSC::LLInt::Data::performAssertions):
2549         * parser/Parser.h:
2550         (JSC::Scope::Scope):
2551         * runtime/JSArray.cpp:
2552         (JSC::JSArray::setLengthWithArrayStorage):
2553         (JSC::JSArray::sortCompactedVector):
2554         * tools/ProfileTreeNode.h:
2555         (JSC::ProfileTreeNode::dumpInternal):
2556         * yarr/YarrJIT.cpp:
2557         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2558
2559 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2560
2561         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2562         https://bugs.webkit.org/show_bug.cgi?id=139630
2563
2564         Reviewed by Oliver Hunt.
2565         
2566         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2567         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2568         deferral worked so I wrote my discoveries down.
2569
2570         * dfg/DFGInsertionSet.h:
2571         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2572         * dfg/DFGPutLocalSinkingPhase.cpp:
2573         * tests/stress/put-local-conservative.js: Added.
2574         (foo):
2575         (.result):
2576         (bar):
2577
2578 2014-12-14  Andreas Kling  <akling@apple.com>
2579
2580         Replace PassRef with Ref/Ref&& across the board.
2581         <https://webkit.org/b/139587>
2582
2583         Reviewed by Darin Adler.
2584
2585         * runtime/Identifier.cpp:
2586         (JSC::Identifier::add):
2587         (JSC::Identifier::add8):
2588         * runtime/Identifier.h:
2589         (JSC::Identifier::add):
2590         * runtime/IdentifierInlines.h:
2591         (JSC::Identifier::add):
2592
2593 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2594
2595         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2596         https://bugs.webkit.org/show_bug.cgi?id=139598
2597         <rdar://problem/18779367>
2598
2599         Reviewed by Filip Pizlo.
2600
2601         * runtime/JSArray.cpp:
2602         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2603         * tests/stress/sparse_splice.js: Added.
2604
2605 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2606
2607         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2608         https://bugs.webkit.org/show_bug.cgi?id=139532
2609
2610         Reviewed by Mark Lam.
2611
2612         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2613
2614         * builtins/BuiltinExecutables.h:
2615         * bytecode/CodeBlock.h:
2616         * bytecode/UnlinkedCodeBlock.cpp:
2617         (JSC::generateFunctionCodeBlock):
2618         * ftl/FTLAbstractHeap.cpp:
2619         (JSC::FTL::IndexedAbstractHeap::atSlow):
2620         * ftl/FTLAbstractHeap.h:
2621         * ftl/FTLCompile.cpp:
2622         (JSC::FTL::mmAllocateDataSection):
2623         * ftl/FTLJITFinalizer.h:
2624         * jsc.cpp:
2625         (jscmain):
2626         * parser/Lexer.h:
2627         * runtime/PropertyMapHashTable.h:
2628         (JSC::PropertyTable::clearDeletedOffsets):
2629         (JSC::PropertyTable::addDeletedOffset):
2630         * runtime/PropertyTable.cpp:
2631         (JSC::PropertyTable::PropertyTable):
2632         * runtime/RegExpObject.cpp:
2633         * runtime/SmallStrings.cpp:
2634         * runtime/Structure.cpp:
2635         * runtime/StructureIDTable.cpp:
2636         (JSC::StructureIDTable::StructureIDTable):
2637         (JSC::StructureIDTable::resize):
2638         * runtime/StructureIDTable.h:
2639         * runtime/StructureTransitionTable.h:
2640         * runtime/VM.cpp:
2641         (JSC::VM::VM):
2642         (JSC::VM::~VM):
2643         * runtime/VM.h:
2644         * tools/CodeProfile.h:
2645         (JSC::CodeProfile::CodeProfile):
2646         (JSC::CodeProfile::addChild):
2647
2648 2014-12-11  Dan Bernstein  <mitz@apple.com>
2649
2650         iOS Simulator production build fix.
2651
2652         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2653         Simulator, as we did prior to 177027.
2654
2655 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2656
2657         Explicitly export somre more RWIProtocol classes.
2658         rdar://problem/19220408
2659
2660         Unreviewed build fix.
2661
2662         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2663         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2664         * inspector/scripts/codegen/generate_objc_header.py:
2665         (ObjCHeaderGenerator._generate_event_interfaces):
2666         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2667         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2668         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2669         * inspector/scripts/tests/expected/enum-values.json-result:
2670         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2671         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2672         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2673         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2674         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2675         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2676         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2677         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2678         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2679
2680 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2681
2682         Explicitly export some RWIProtocol classes
2683         rdar://problem/19220408
2684
2685         * inspector/scripts/codegen/generate_objc_header.py:
2686         (ObjCHeaderGenerator._generate_type_interface):
2687         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2688         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2689         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2690         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2691         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2692         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2693         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2694
2695 2014-12-11  Mark Lam  <mark.lam@apple.com>
2696
2697         Fix broken build after r177146.
2698         https://bugs.webkit.org/show_bug.cgi?id=139533 
2699
2700         Not reviewed.
2701
2702         * interpreter/CallFrame.h:
2703         (JSC::ExecState::init):
2704         - Restored CallFrame::init() minus the unused JSScope* arg.
2705         * runtime/JSGlobalObject.cpp:
2706         (JSC::JSGlobalObject::init):
2707         - Remove JSScope* arg when calling CallFrame::init().
2708
2709 2014-12-11  Michael Saboff  <msaboff@apple.com>
2710
2711         REGRESSION: Use of undefined CallFrame::ScopeChain value
2712         https://bugs.webkit.org/show_bug.cgi?id=139533
2713
2714         Reviewed by Mark Lam.
2715
2716         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2717         all usages of these funcitons.  In some cases the scope is passed in or determined
2718         another way.  In some cases the scope is used to calculate other values.  Lastly
2719         were places where these functions where used that are no longer needed.  For
2720         example when making a call, the caller's ScopeChain was copied to the callee's
2721         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2722         That slot will be removed in a future patch.
2723
2724         * dfg/DFGByteCodeParser.cpp:
2725         (JSC::DFG::ByteCodeParser::parseBlock):
2726         * dfg/DFGSpeculativeJIT32_64.cpp:
2727         (JSC::DFG::SpeculativeJIT::compile):
2728         * dfg/DFGSpeculativeJIT64.cpp:
2729         (JSC::DFG::SpeculativeJIT::compile):
2730         * dfg/DFGSpeculativeJIT.h:
2731         (JSC::DFG::SpeculativeJIT::callOperation):
2732         * jit/JIT.h:
2733         * jit/JITInlines.h:
2734         (JSC::JIT::callOperation):
2735         * runtime/JSLexicalEnvironment.h:
2736         (JSC::JSLexicalEnvironment::create):
2737         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2738         * jit/JITOpcodes.cpp:
2739         (JSC::JIT::emit_op_create_lexical_environment):
2740         * jit/JITOpcodes32_64.cpp:
2741         (JSC::JIT::emit_op_create_lexical_environment):
2742         * jit/JITOperations.cpp:
2743         * jit/JITOperations.h:
2744         * llint/LLIntSlowPaths.cpp:
2745         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2746         (JSC::LLInt::handleHostCall):
2747         (JSC::LLInt::setUpCall):
2748         (JSC::LLInt::llint_throw_stack_overflow_error):
2749         Pass the current scope value to the helper operationCreateActivation() and
2750         the call to JSLexicalEnvironment::create() instead of using the stack frame
2751         scope chain value.
2752
2753         * dfg/DFGFixupPhase.cpp:
2754         (JSC::DFG::FixupPhase::fixupNode):
2755         CreateActivation now has a second child, the scope.
2756
2757         * interpreter/CallFrame.h:
2758         (JSC::ExecState::init): Deleted.  This is dead code.
2759         (JSC::ExecState::scope): Deleted.
2760         (JSC::ExecState::setScope): Deleted.
2761
2762         * interpreter/Interpreter.cpp:
2763         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2764         chain slot.  
2765         
2766         (JSC::Interpreter::execute):
2767         (JSC::Interpreter::executeCall):
2768         (JSC::Interpreter::executeConstruct):
2769         Changed process to find JSScope values on the stack or by some other means.
2770
2771         * runtime/JSWithScope.h:
2772         (JSC::JSWithScope::JSWithScope): Deleted.
2773         Eliminated unused constructor.
2774
2775         * runtime/StrictEvalActivation.cpp:
2776         (JSC::StrictEvalActivation::StrictEvalActivation):
2777         * runtime/StrictEvalActivation.h:
2778         (JSC::StrictEvalActivation::create):
2779         Changed to pass in the current scope.
2780
2781 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2782
2783         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2784         https://bugs.webkit.org/show_bug.cgi?id=139351
2785
2786         Reviewed by Filip Pizlo.
2787
2788         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2789
2790         * bytecode/SamplingTool.h:
2791         (JSC::SamplingTool::SamplingTool):
2792         * heap/CopiedBlock.h:
2793         (JSC::CopiedBlock::didSurviveGC):
2794         (JSC::CopiedBlock::pin):
2795         * heap/CopiedBlockInlines.h:
2796         (JSC::CopiedBlock::reportLiveBytes):
2797         * heap/GCActivityCallback.h:
2798         * heap/GCThread.cpp:
2799         * heap/Heap.h:
2800         * heap/HeapInlines.h:
2801         (JSC::Heap::markListSet):
2802         * jit/ExecutableAllocator.cpp:
2803         * jit/JIT.cpp:
2804         (JSC::JIT::privateCompile):
2805         * jit/JIT.h:
2806         * jit/JITThunks.cpp:
2807         (JSC::JITThunks::JITThunks):
2808         (JSC::JITThunks::clearHostFunctionStubs):
2809         * jit/JITThunks.h:
2810         * parser/Parser.cpp:
2811         (JSC::Parser<LexerType>::Parser):
2812         * parser/Parser.h:
2813         (JSC::Scope::Scope):
2814         (JSC::Scope::pushLabel):
2815         * parser/ParserArena.cpp:
2816         * parser/ParserArena.h:
2817         (JSC::ParserArena::identifierArena):
2818         * parser/SourceProviderCache.h:
2819         * runtime/CodeCache.h:
2820         * runtime/Executable.h:
2821         * runtime/JSArray.cpp:
2822         (JSC::JSArray::sortVector):
2823         * runtime/JSGlobalObject.h:
2824
2825 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2826
2827         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2828         https://bugs.webkit.org/show_bug.cgi?id=139501
2829
2830         Reviewed by Gavin Barraclough.
2831
2832         NSVersionOfLinkTimeLibrary only works if you link directly against
2833         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2834
2835         It's easy enough just to disable this check on Apple TV, since it has no
2836         backwards compatibility requirement.
2837
2838         * API/JSWrapperMap.mm:
2839         (supportsInitMethodConstructors):
2840
2841 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2842
2843         Fixes operationPutByIds such that they check that the put didn't
2844         change the structure of the object who's property access is being
2845         cached.
2846         https://bugs.webkit.org/show_bug.cgi?id=139196
2847
2848         Reviewed by Filip Pizlo.
2849
2850         * jit/JITOperations.cpp:
2851         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2852         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2853         (JSC::operationPutByIdNonStrictBuildList): ditto.
2854         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2855         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2856         * jit/Repatch.cpp:
2857         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2858         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2859         is the same as the new.
2860         (JSC::buildPutByIdList): Added an argument
2861         * jit/Repatch.h: 
2862         (JSC::buildPutByIdList): Added an argument
2863         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2864
2865 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2866
2867         URTBF after r177030.
2868
2869         Fix linking failure occured on ARM buildbots:
2870         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2871
2872         * runtime/NullGetterFunction.cpp:
2873
2874 2014-12-09  Michael Saboff  <msaboff@apple.com>
2875
2876         DFG Tries using an inner object's getter/setter when one hasn't been defined
2877         https://bugs.webkit.org/show_bug.cgi?id=139229
2878
2879         Reviewed by Filip Pizlo.
2880
2881         Added a new NullGetterFunction singleton class to use for getters and setters that
2882         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2883         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2884         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2885         helper methods.  
2886
2887         * CMakeLists.txt:
2888         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2889         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2890         * JavaScriptCore.xcodeproj/project.pbxproj:
2891         Added NullGetterFunction.cpp & .h to build files.
2892
2893         * dfg/DFGAbstractInterpreterInlines.h:
2894         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2895         * runtime/ObjectPrototype.cpp:
2896         (JSC::objectProtoFuncLookupGetter):
2897         (JSC::objectProtoFuncLookupSetter):
2898         * runtime/PropertyDescriptor.cpp:
2899         (JSC::PropertyDescriptor::setDescriptor):
2900         (JSC::PropertyDescriptor::setAccessorDescriptor):
2901         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
2902         helpers.
2903
2904         * inspector/JSInjectedScriptHostPrototype.cpp:
2905         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
2906         * inspector/JSJavaScriptCallFramePrototype.cpp:
2907         * jit/JITOperations.cpp:
2908         * llint/LLIntSlowPaths.cpp:
2909         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2910         * runtime/JSObject.cpp:
2911         (JSC::JSObject::putIndexedDescriptor):
2912         (JSC::putDescriptor):
2913         (JSC::JSObject::defineOwnNonIndexProperty):
2914         * runtime/MapPrototype.cpp:
2915         (JSC::MapPrototype::finishCreation):
2916         * runtime/SetPrototype.cpp:
2917         (JSC::SetPrototype::finishCreation):
2918         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
2919         and withSetter() to provide a global object.
2920
2921         * runtime/GetterSetter.cpp:
2922         (JSC::GetterSetter::withGetter):
2923         (JSC::GetterSetter::withSetter):
2924         (JSC::callGetter):
2925         (JSC::callSetter):
2926         * runtime/GetterSetter.h:
2927         (JSC::GetterSetter::GetterSetter):
2928         (JSC::GetterSetter::create):
2929         (JSC::GetterSetter::isGetterNull):
2930         (JSC::GetterSetter::isSetterNull):
2931         (JSC::GetterSetter::setGetter):
2932         (JSC::GetterSetter::setSetter):
2933         Changed to use NullGetterFunction for unspecified getters / setters.
2934
2935         * runtime/JSGlobalObject.cpp:
2936         (JSC::JSGlobalObject::init):
2937         (JSC::JSGlobalObject::createThrowTypeError):
2938         (JSC::JSGlobalObject::visitChildren):
2939         * runtime/JSGlobalObject.h:
2940         (JSC::JSGlobalObject::nullGetterFunction):
2941         (JSC::JSGlobalObject::evalFunction):
2942         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
2943         setGetter() and setSetter() to provide a global object.
2944
2945         * runtime/NullGetterFunction.cpp: Added.
2946         (JSC::callReturnUndefined):
2947         (JSC::constructReturnUndefined):
2948         (JSC::NullGetterFunction::getCallData):
2949         (JSC::NullGetterFunction::getConstructData):
2950         * runtime/NullGetterFunction.h: Added.
2951         (JSC::NullGetterFunction::create):
2952         (JSC::NullGetterFunction::createStructure):
2953         (JSC::NullGetterFunction::NullGetterFunction):
2954         New singleton class that returns undefined when called.
2955
2956 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
2957
2958         Re-enable function.arguments
2959         https://bugs.webkit.org/show_bug.cgi?id=139452
2960         <rdar://problem/18848149>
2961
2962         Reviewed by Sam Weinig.
2963
2964         Disabling function.arguments broke a few websites, and we don't have
2965         time right now to work through the details.
2966
2967         I'm re-enabling function.arguments but leaving in the infrastructure
2968         to re-disable it, so we can try this experiment again in the future.
2969
2970         * runtime/Options.h:
2971
2972 2014-12-09  David Kilzer  <ddkilzer@apple.com>
2973
2974         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
2975         <http://webkit.org/b/139212>
2976
2977         Reviewed by Joseph Pecoraro.
2978
2979         * Configurations/Base.xcconfig:
2980         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
2981           on OS X.
2982         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
2983           OS X.
2984         - Set JAVASCRIPTCORE_CONTENTS_DIR and
2985           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
2986
2987         * Configurations/DebugRelease.xcconfig:
2988         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
2989
2990         * Configurations/JSC.xcconfig:
2991         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
2992
2993         * Configurations/JavaScriptCore.xcconfig:
2994         - Set OTHER_LDFLAGS separately for iOS and OS X.
2995         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
2996           Production builds.
2997         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
2998
2999         * Configurations/LLVMForJSC.xcconfig:
3000         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
3001         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
3002           separately for iOS hardware and OS X.
3003         - Fix curly braces in LIBRARY_SEARCH_PATHS.
3004         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
3005           done before this patch.)
3006
3007         * Configurations/ToolExecutable.xcconfig:
3008         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
3009         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
3010         - Add missing newline.
3011
3012         * Configurations/Version.xcconfig:
3013         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
3014
3015 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3016
3017         Fix EFL build fix since r177001
3018         https://bugs.webkit.org/show_bug.cgi?id=139428
3019
3020         Unreviewed, EFL build fix.
3021
3022         Do not inherit duplicated class. ExpressionNode is already
3023         child of ParserArenaFreeable class.
3024
3025         * parser/Nodes.h:
3026
3027 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
3028
3029         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
3030         https://bugs.webkit.org/show_bug.cgi?id=139384
3031
3032         Reviewed by Mark Lam.
3033
3034         Fix Build Warning by using dataLog() function instead of dataLogF() function.
3035
3036         * runtime/ControlFlowProfiler.cpp:
3037         (JSC::ControlFlowProfiler::dumpData):
3038
3039 2014-12-08  Saam Barati  <saambarati1@gmail.com>
3040
3041         Web Inspector: Enable runtime API for JSC's control flow profiler
3042         https://bugs.webkit.org/show_bug.cgi?id=139346
3043
3044         Reviewed by Joseph Pecoraro.
3045
3046         This patch creates an API that the Web Inspector can use
3047         to get information about which basic blocks have exectued
3048         from JSC's control flow profiler.
3049
3050         * inspector/agents/InspectorRuntimeAgent.cpp:
3051         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3052         * inspector/agents/InspectorRuntimeAgent.h:
3053         * inspector/protocol/Runtime.json:
3054
3055 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
3056
3057         Removed some allocation and cruft from the parser
3058         https://bugs.webkit.org/show_bug.cgi?id=139416
3059
3060         Reviewed by Mark Lam.
3061
3062         Now, the only AST nodes that require a destructor are the ones that
3063         relate to pickling a function's arguments -- which will required some
3064         deeper thinking to resolve.
3065
3066         This is a < 1% parser speedup.
3067
3068         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3069         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3070         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
3071         was unused.
3072
3073         * bytecompiler/NodesCodegen.cpp:
3074         (JSC::CommaNode::emitBytecode):
3075         (JSC::SourceElements::lastStatement):
3076         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
3077
3078         * parser/ASTBuilder.h:
3079         (JSC::ASTBuilder::ASTBuilder):
3080         (JSC::ASTBuilder::varDeclarations):
3081         (JSC::ASTBuilder::funcDeclarations):
3082         (JSC::ASTBuilder::createFuncDeclStatement):
3083         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
3084         it wasn't buying us anything. We can just use Vector directly.
3085
3086         (JSC::ASTBuilder::createCommaExpr):
3087         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
3088         of a vector, to avoid allocating a vector with inline capacity in the
3089         common case in which an expression is not followed by a vector.
3090
3091         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
3092         up a Vector*.
3093
3094         (JSC::ASTBuilder::appendToComma): Deleted.
3095         (JSC::ASTBuilder::combineCommaNodes): Deleted.
3096
3097         * parser/Lexer.cpp:
3098
3099         * parser/NodeConstructors.h:
3100         (JSC::StatementNode::StatementNode):
3101         (JSC::CommaNode::CommaNode):
3102         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
3103
3104         * parser/NodeInfo.h: Removed.
3105
3106         * parser/Nodes.cpp:
3107         (JSC::SourceElements::append):
3108         (JSC::SourceElements::singleStatement): Use a linked list instead of a
3109         vector to track the statements in a list. This removes some allocation
3110         and it means that we don't need a destructor anymore.
3111
3112         (JSC::ScopeNode::ScopeNode):
3113         (JSC::ProgramNode::ProgramNode):
3114         (JSC::EvalNode::EvalNode):
3115         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
3116         since these values are never null.
3117
3118         * parser/Nodes.h:
3119         (JSC::StatementNode::next):
3120         (JSC::StatementNode::setNext):
3121         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
3122
3123         * parser/Parser.cpp:
3124         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
3125
3126         (JSC::Parser<LexerType>::parseVarDeclarationList):
3127         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
3128         an explicit list of CommaNodes, removing a use of vector and a destructor.
3129
3130         * parser/Parser.h:
3131         (JSC::Parser<LexerType>::parse):
3132         * parser/SyntaxChecker.h:
3133         (JSC::SyntaxChecker::createCommaExpr):
3134         (JSC::SyntaxChecker::appendToCommaExpr):
3135         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
3136
3137 2014-12-08  Commit Queue  <commit-queue@webkit.org>
3138
3139         Unreviewed, rolling out r176979.
3140         https://bugs.webkit.org/show_bug.cgi?id=139424
3141
3142         "New JSC test in this patch is failing" (Requested by mlam on
3143         #webkit).
3144
3145         Reverted changeset:
3146
3147         "Fixes operationPutByIds such that they check that the put
3148         didn't"
3149         https://bugs.webkit.org/show_bug.cgi?id=139196
3150         http://trac.webkit.org/changeset/176979
3151
3152 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3153
3154         Fixes operationPutByIds such that they check that the put didn't
3155         change the structure of the object who's property access is being
3156         cached.
3157         https://bugs.webkit.org/show_bug.cgi?id=139196
3158
3159         Reviewed by Filip Pizlo.
3160
3161         * jit/JITOperations.cpp:
3162         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3163         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3164         (JSC::operationPutByIdNonStrictBuildList): ditto.
3165         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3166         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3167         * jit/Repatch.cpp:
3168         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3169         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3170         is the same as the new.
3171         (JSC::buildPutByIdList): Added an argument
3172         * jit/Repatch.h: 
3173         (JSC::buildPutByIdList): Added an argument
3174         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3175         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3176
3177  
3178 2014-12-08  Anders Carlsson  <andersca@apple.com>
3179
3180         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3181         https://bugs.webkit.org/show_bug.cgi?id=139410
3182
3183         Reviewed by Andreas Kling.
3184
3185         * API/JSContextRef.cpp:
3186         (JSContextGroupSetExecutionTimeLimit):
3187         (JSContextGroupClearExecutionTimeLimit):
3188         * runtime/Watchdog.cpp:
3189         (JSC::Watchdog::setTimeLimit):
3190         (JSC::Watchdog::didFire):
3191         (JSC::Watchdog::startCountdownIfNeeded):
3192         (JSC::Watchdog::startCountdown):
3193         * runtime/Watchdog.h:
3194         * runtime/WatchdogMac.cpp:
3195         (JSC::Watchdog::startTimer):
3196
3197 2014-12-08  Mark Lam  <mark.lam@apple.com>
3198
3199         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3200         <https://webkit.org/b/139327>
3201
3202         Reviewed by Michael Saboff.
3203
3204         The code generator and runtime slow paths expects otherwise.  This patch fixes
3205         CFA to match the code generator's expectation.
3206
3207         * dfg/DFGArrayMode.h:
3208         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3209         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3210
3211 2014-12-08  Chris Dumez  <cdumez@apple.com>
3212
3213         Revert r176293 & r176275
3214
3215         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3216         instead of size_t. There is some disagreement regarding the long-term direction
3217         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3218         while making a decision.
3219
3220         * bytecode/PreciseJumpTargets.cpp:
3221         * replay/EncodedValue.h:
3222
3223 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3224
3225         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3226         https://bugs.webkit.org/show_bug.cgi?id=139373
3227
3228         Reviewed by Sam Weinig.
3229
3230         * interpreter/Interpreter.cpp:
3231
3232 2014-12-06  Anders Carlsson  <andersca@apple.com>
3233
3234         Fix build with newer versions of clang.
3235         rdar://problem/18978716
3236
3237         * ftl/FTLJITCode.h:
3238         Add missing overrides.
3239
3240 2014-12-05  Roger Fong  <roger_fong@apple.com>
3241
3242         [Win] proj files copying over too many resources..
3243         https://bugs.webkit.org/show_bug.cgi?id=139315.
3244         <rdar://problem/19148278>
3245
3246         Reviewed by Brent Fulgham.
3247
3248         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3249
3250 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3251
3252         [JSC][FTL] Add the data layout to the module and fix the pass order.
3253         https://bugs.webkit.org/show_bug.cgi?id=138748
3254
3255         Reviewed by Oliver Hunt.
3256
3257         This adds the data layout to the module, so it can be used by all
3258         optimization passes in the LLVM optimizer pipeline. This also allows
3259         FastISel to select more instructions, because less non-legal types are
3260         generated.
3261         
3262         Also fix the order of the alias analysis passes in the optimization
3263         pipeline.
3264
3265         * ftl/FTLCompile.cpp:
3266         (JSC::FTL::mmAllocateDataSection):
3267
3268 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3269
3270         Removed an unused function.
3271
3272         Reviewed by Michael Saboff.
3273
3274         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3275
3276         * parser/ParserArena.h:
3277
3278 2014-12-05  David Kilzer  <ddkilzer@apple.com>
3279
3280         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
3281         <http://webkit.org/b/139286>
3282
3283         Reviewed by Daniel Bates.
3284
3285         * Configurations/FeatureDefines.xcconfig: Switch back to using
3286         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
3287
3288 2014-12-04  Mark Rowe  <mrowe@apple.com>
3289
3290         Build fix after r176836.
3291
3292         Reviewed by Mark Lam.
3293
3294         * runtime/VM.h:
3295         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
3296         Doing so results in a weak external symbol being generated.
3297
3298 2014-12-04  Saam Barati  <saambarati1@gmail.com>
3299
3300         JavaScript Control Flow Profiler
3301         https://bugs.webkit.org/show_bug.cgi?id=137785
3302
3303         Reviewed by Filip Pizlo.
3304
3305         This patch introduces a mechanism for JavaScriptCore to profile
3306         which basic blocks have executed. This mechanism will then be
3307         used by the Web Inspector to indicate which basic blocks
3308         have and have not executed.
3309         
3310         The profiling works by compiling in an op_profile_control_flow
3311         at the start of every basic block. Then, whenever this op code 
3312         executes, we know that a particular basic block has executed.
3313         
3314         When we tier up a CodeBlock that contains an op_profile_control_flow
3315         that corresponds to an already executed basic block, we don't
3316         have to emit code for that particular op_profile_control_flow
3317         because the internal data structures used to keep track of 
3318         basic block locations has already recorded that the corresponding
3319         op_profile_control_flow has executed.
3320
3321         * CMakeLists.txt:
3322         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3323         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3324         * JavaScriptCore.xcodeproj/project.pbxproj:
3325         * bytecode/BytecodeList.json:
3326         * bytecode/BytecodeUseDef.h:
3327         (JSC::computeUsesForBytecodeOffset):
3328         (JSC::computeDefsForBytecodeOffset):
3329         * bytecode/CodeBlock.cpp:
3330         (JSC::CodeBlock::dumpBytecode):
3331         (JSC::CodeBlock::CodeBlock):
3332         * bytecode/Instruction.h:
3333         * bytecode/UnlinkedCodeBlock.cpp:
3334         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3335         * bytecode/UnlinkedCodeBlock.h:
3336         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3337         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
3338         * bytecompiler/BytecodeGenerator.cpp:
3339         (JSC::BytecodeGenerator::emitProfileControlFlow):
3340         * bytecompiler/BytecodeGenerator.h:
3341         * bytecompiler/NodesCodegen.cpp:
3342         (JSC::ConditionalNode::emitBytecode):
3343         (JSC::IfElseNode::emitBytecode):
3344         (JSC::WhileNode::emitBytecode):
3345         (JSC::ForNode::emitBytecode):
3346         (JSC::ContinueNode::emitBytecode):
3347         (JSC::BreakNode::emitBytecode):
3348         (JSC::ReturnNode::emitBytecode):
3349         (JSC::CaseClauseNode::emitBytecode):
3350         (JSC::SwitchNode::emitBytecode):
3351         (JSC::ThrowNode::emitBytecode):
3352         (JSC::TryNode::emitBytecode):
3353         (JSC::ProgramNode::emitBytecode):
3354         (JSC::FunctionNode::emitBytecode):
3355         * dfg/DFGAbstractInterpreterInlines.h:
3356         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3357         * dfg/DFGByteCodeParser.cpp:
3358         (JSC::DFG::ByteCodeParser::parseBlock):
3359         * dfg/DFGCapabilities.cpp:
3360         (JSC::DFG::capabilityLevel):
3361         * dfg/DFGClobberize.h:
3362         (JSC::DFG::clobberize):
3363         * dfg/DFGDoesGC.cpp:
3364         (JSC::DFG::doesGC):
3365         * dfg/DFGFixupPhase.cpp:
3366         (JSC::DFG::FixupPhase::fixupNode):
3367         * dfg/DFGNode.h:
3368         (JSC::DFG::Node::basicBlockLocation):
3369         * dfg/DFGNodeType.h:
3370         * dfg/DFGPredictionPropagationPhase.cpp:
3371         (JSC::DFG::PredictionPropagationPhase::propagate):
3372         * dfg/DFGSafeToExecute.h:
3373         (JSC::DFG::safeToExecute):
3374         * dfg/DFGSpeculativeJIT32_64.cpp:
3375         (JSC::DFG::SpeculativeJIT::compile):
3376         * dfg/DFGSpeculativeJIT64.cpp:
3377         (JSC::DFG::SpeculativeJIT::compile):
3378         * inspector/agents/InspectorRuntimeAgent.cpp:
3379         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3380         * jit/JIT.cpp:
3381         (JSC::JIT::privateCompileMainPass):
3382         * jit/JIT.h:
3383         * jit/JITOpcodes.cpp:
3384         (JSC::JIT::emit_op_profile_control_flow):
3385         * jit/JITOpcodes32_64.cpp:
3386         (JSC::JIT::emit_op_profile_control_flow):