Move some commands from ./CMakeLists.txt to Source/cmake
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-13  Alex Christensen  <achristensen@webkit.org>
2
3         Move some commands from ./CMakeLists.txt to Source/cmake
4         https://bugs.webkit.org/show_bug.cgi?id=148003
5
6         Reviewed by Brent Fulgham.
7
8         * CMakeLists.txt:
9         Added commands needed to build JSC by itself.
10
11 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
12
13         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
14         https://bugs.webkit.org/show_bug.cgi?id=147353
15
16         Reviewed by Saam Barati.
17
18         This is the follow-up patch after r188355.
19         It includes the following changes.
20
21         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
22         - Make SourceParseMode to C++ strongly-typed enum.
23         - Fix the comments.
24         - Rename ModuleSpecifier to ModuleName.
25         - Add the type name `ImportEntry` before the C++11 uniform initialization.
26         - Fix the thrown message for duplicate 'default' names.
27         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
28
29         * API/JSScriptRef.cpp:
30         (parseScript):
31         * builtins/BuiltinExecutables.cpp:
32         (JSC::BuiltinExecutables::createExecutableInternal):
33         * bytecode/UnlinkedFunctionExecutable.cpp:
34         (JSC::generateFunctionCodeBlock):
35         * bytecode/UnlinkedFunctionExecutable.h:
36         * bytecompiler/BytecodeGenerator.h:
37         (JSC::BytecodeGenerator::makeFunction):
38         * parser/ASTBuilder.h:
39         (JSC::ASTBuilder::createFunctionMetadata):
40         (JSC::ASTBuilder::createModuleName):
41         (JSC::ASTBuilder::createImportDeclaration):
42         (JSC::ASTBuilder::createExportAllDeclaration):
43         (JSC::ASTBuilder::createExportNamedDeclaration):
44         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
45         * parser/ModuleAnalyzer.cpp:
46         (JSC::ModuleAnalyzer::analyze):
47         * parser/NodeConstructors.h:
48         (JSC::ModuleNameNode::ModuleNameNode):
49         (JSC::ImportDeclarationNode::ImportDeclarationNode):
50         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
51         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
52         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
53         * parser/Nodes.cpp:
54         (JSC::FunctionMetadataNode::FunctionMetadataNode):
55         * parser/Nodes.h:
56         (JSC::StatementNode::isModuleDeclarationNode):
57         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
58         (JSC::ImportDeclarationNode::moduleName):
59         (JSC::ExportAllDeclarationNode::moduleName):
60         (JSC::ExportNamedDeclarationNode::moduleName):
61         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
62         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
63         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
64         * parser/NodesAnalyzeModule.cpp:
65         (JSC::SourceElements::analyzeModule):
66         (JSC::ImportDeclarationNode::analyzeModule):
67         (JSC::ExportAllDeclarationNode::analyzeModule):
68         (JSC::ExportNamedDeclarationNode::analyzeModule):
69         * parser/Parser.cpp:
70         (JSC::Parser<LexerType>::Parser):
71         (JSC::Parser<LexerType>::parseInner):
72         (JSC::Parser<LexerType>::parseModuleSourceElements):
73         (JSC::Parser<LexerType>::parseFunctionBody):
74         (JSC::stringForFunctionMode):
75         (JSC::Parser<LexerType>::parseFunctionParameters):
76         (JSC::Parser<LexerType>::parseFunctionInfo):
77         (JSC::Parser<LexerType>::parseFunctionDeclaration):
78         (JSC::Parser<LexerType>::parseClass):
79         (JSC::Parser<LexerType>::parseModuleName):
80         (JSC::Parser<LexerType>::parseImportDeclaration):
81         (JSC::Parser<LexerType>::parseExportDeclaration):
82         (JSC::Parser<LexerType>::parsePropertyMethod):
83         (JSC::Parser<LexerType>::parseGetterSetter):
84         (JSC::Parser<LexerType>::parsePrimaryExpression):
85         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
86         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
87         * parser/Parser.h:
88         (JSC::Parser<LexerType>::parse):
89         (JSC::parse):
90         * parser/ParserModes.h:
91         (JSC::isFunctionParseMode):
92         (JSC::isModuleParseMode):
93         (JSC::isProgramParseMode):
94         * parser/SyntaxChecker.h:
95         (JSC::SyntaxChecker::createFunctionMetadata):
96         (JSC::SyntaxChecker::createModuleName):
97         (JSC::SyntaxChecker::createImportDeclaration):
98         (JSC::SyntaxChecker::createExportAllDeclaration):
99         (JSC::SyntaxChecker::createExportNamedDeclaration):
100         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
101         * runtime/CodeCache.cpp:
102         (JSC::CodeCache::getGlobalCodeBlock):
103         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
104         * runtime/Completion.cpp:
105         (JSC::checkSyntax):
106         (JSC::checkModuleSyntax):
107         * runtime/Executable.cpp:
108         (JSC::ProgramExecutable::checkSyntax):
109         * tests/stress/modules-syntax-error-with-names.js:
110
111 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
112
113         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
114         https://bugs.webkit.org/show_bug.cgi?id=147966
115
116         Reviewed by Timothy Hatcher.
117
118         * inspector/InjectedScriptSource.js:
119         (InjectedScript.prototype._initialPreview):
120         Renamed to initial preview. This is not a complete preview for
121         this object, and it needs some processing in order to be a
122         complete accurate preview.
123
124         (InjectedScript.RemoteObject.prototype._emptyPreview):
125         This attempts to be an accurate empty preview for the given object.
126         For types with entries, it adds an empty entries list and updates
127         the overflow and lossless properties.
128
129         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
130         Take a generatePreview parameter to generate a full preview or empty preview.
131
132         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
133         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
134         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
135         Take care to avoid cycles.
136
137 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
138
139         Periodic code deletion should delete RegExp code
140         https://bugs.webkit.org/show_bug.cgi?id=147990
141
142         Reviewed by Filip Pizlo.
143
144         The RegExp code cache was created for the sake of simple loops that
145         re-created the same RegExps. It's reasonable to delete it periodically.
146
147         * heap/Heap.cpp:
148         (JSC::Heap::deleteOldCode):
149
150 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
151
152         RegExpCache::finalize should not delete code
153         https://bugs.webkit.org/show_bug.cgi?id=147987
154
155         Reviewed by Mark Lam.
156
157         The RegExp object already knows how to delete its own code in its
158         destructor. Our job is just to clear our stale pointer.
159
160         * runtime/RegExpCache.cpp:
161         (JSC::RegExpCache::finalize):
162         (JSC::RegExpCache::addToStrongCache):
163
164 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
165
166         Standardize on the phrase "delete code"
167         https://bugs.webkit.org/show_bug.cgi?id=147984
168
169         Reviewed by Mark Lam.
170
171         Use "delete" when we talk about throwing away code, as opposed to
172         "invalidate" or "discard".
173
174         * debugger/Debugger.cpp:
175         (JSC::Debugger::forEachCodeBlock):
176         (JSC::Debugger::setSteppingMode):
177         (JSC::Debugger::recompileAllJSFunctions):
178         * heap/Heap.cpp:
179         (JSC::Heap::deleteAllCompiledCode):
180         * inspector/agents/InspectorRuntimeAgent.cpp:
181         (Inspector::recompileAllJSFunctionsForTypeProfiling):
182         * runtime/RegExp.cpp:
183         (JSC::RegExp::match):
184         (JSC::RegExp::deleteCode):
185         (JSC::RegExp::invalidateCode): Deleted.
186         * runtime/RegExp.h:
187         * runtime/RegExpCache.cpp:
188         (JSC::RegExpCache::finalize):
189         (JSC::RegExpCache::addToStrongCache):
190         (JSC::RegExpCache::deleteAllCode):
191         (JSC::RegExpCache::invalidateCode): Deleted.
192         * runtime/RegExpCache.h:
193         * runtime/VM.cpp:
194         (JSC::VM::stopSampling):
195         (JSC::VM::prepareToDeleteCode):
196         (JSC::VM::deleteAllCode):
197         (JSC::VM::setEnabledProfiler):
198         (JSC::VM::prepareToDiscardCode): Deleted.
199         (JSC::VM::discardAllCode): Deleted.
200         * runtime/VM.h:
201         (JSC::VM::apiLock):
202         (JSC::VM::codeCache):
203         * runtime/Watchdog.cpp:
204         (JSC::Watchdog::setTimeLimit):
205
206 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
207
208         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
209         https://bugs.webkit.org/show_bug.cgi?id=147930
210
211         Reviewed by Saam Barati.
212
213         When the passed prototype object to be set is the same to the existing
214         prototype object, [[SetPrototypeOf]] just finishes its operation even
215         if the extensibility of the target object is `false`.
216
217         * runtime/JSGlobalObjectFunctions.cpp:
218         (JSC::globalFuncProtoSetter):
219         * runtime/ObjectConstructor.cpp:
220         (JSC::objectConstructorSetPrototypeOf):
221         * runtime/ReflectObject.cpp:
222         (JSC::reflectObjectSetPrototypeOf):
223         * tests/stress/set-same-prototype.js: Added.
224         (shouldBe):
225         (shouldThrow):
226
227 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
228
229         Removed clearEvalCodeCache()
230         https://bugs.webkit.org/show_bug.cgi?id=147957
231
232         Reviewed by Filip Pizlo.
233
234         It was unused.
235
236         * bytecode/CodeBlock.cpp:
237         (JSC::CodeBlock::linkIncomingCall):
238         (JSC::CodeBlock::install):
239         (JSC::CodeBlock::clearEvalCache): Deleted.
240         * bytecode/CodeBlock.h:
241         (JSC::CodeBlock::numberOfJumpTargets):
242         (JSC::CodeBlock::jumpTarget):
243         (JSC::CodeBlock::numberOfArgumentValueProfiles):
244
245 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
246
247         [ES6] Implement Reflect.defineProperty
248         https://bugs.webkit.org/show_bug.cgi?id=147943
249
250         Reviewed by Saam Barati.
251
252         This patch implements Reflect.defineProperty.
253         The difference from the Object.defineProperty is,
254
255         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
256         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
257         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
258
259         And this patch comments the links to the ES6 spec.
260
261         * builtins/ReflectObject.js:
262         * runtime/ObjectConstructor.cpp:
263         (JSC::toPropertyDescriptor):
264         * runtime/ObjectConstructor.h:
265         * runtime/ReflectObject.cpp:
266         (JSC::reflectObjectDefineProperty):
267         * tests/stress/reflect-define-property.js: Added.
268         (shouldBe):
269         (shouldThrow):
270         (.set getter):
271         (setter):
272         (.get testDescriptor):
273         (.set get var):
274         (.set testDescriptor):
275         (.set get testDescriptor):
276         (.set get shouldThrow):
277         (.get var):
278
279 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
280
281         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
282         https://bugs.webkit.org/show_bug.cgi?id=147950
283
284         Reviewed by Michael Saboff.
285
286         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
287         responsible for memory corruption, since it would sometimes install watchpoints on structures that
288         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
289         entirely since later phases also do constant folding, and they do it without introducing the bug.
290         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
291         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
292         be maximally aggressive in constant-folding whenever possible.
293
294         So, this change now brings back that constant folding rule - for loads from object constants that
295         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
296         tryGetConstantProperty() if we have registered the structure set.
297
298         * dfg/DFGByteCodeParser.cpp:
299         (JSC::DFG::ByteCodeParser::load):
300
301 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
302
303         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
304         https://bugs.webkit.org/show_bug.cgi?id=147353
305
306         Reviewed by Geoffrey Garen.
307
308         This patch implements ModuleRecord and ModuleAnalyzer.
309         ModuleAnalyzer analyzes the produced AST from the parser.
310         By collaborating with the parser, ModuleAnalyzer collects the information
311         that is necessary to request the loading for the dependent modules and
312         construct module's environment and namespace object before executing the actual
313         module body.
314
315         In the parser, we annotate which variable is imported binding and which variable
316         is exported from the current module. This information is leveraged in the ModuleAnalyzer
317         to categorize the export entries.
318
319         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
320         instead of introducing a new TreeContext type. This is because only 2 users use the
321         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
322         enough to switch the context to the SyntaxChecker when parsing the non-module related
323         statement in the preparsing phase.
324
325         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
326         into the JSC shell. By specifying this, the result of analysis is dumped when the module
327         is parsed and analyzed.
328
329         * CMakeLists.txt:
330         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
331         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
332         * JavaScriptCore.xcodeproj/project.pbxproj:
333         * builtins/BuiltinNames.h:
334         * parser/ASTBuilder.h:
335         (JSC::ASTBuilder::createExportDefaultDeclaration):
336         * parser/ModuleAnalyzer.cpp: Added.
337         (JSC::ModuleAnalyzer::ModuleAnalyzer):
338         (JSC::ModuleAnalyzer::exportedBinding):
339         (JSC::ModuleAnalyzer::declareExportAlias):
340         (JSC::ModuleAnalyzer::exportVariable):
341         (JSC::ModuleAnalyzer::analyze):
342         * parser/ModuleAnalyzer.h: Added.
343         (JSC::ModuleAnalyzer::vm):
344         (JSC::ModuleAnalyzer::moduleRecord):
345         * parser/ModuleRecord.cpp: Added.
346         (JSC::printableName):
347         (JSC::ModuleRecord::dump):
348         * parser/ModuleRecord.h: Added.
349         (JSC::ModuleRecord::ImportEntry::isNamespace):
350         (JSC::ModuleRecord::create):
351         (JSC::ModuleRecord::appendRequestedModule):
352         (JSC::ModuleRecord::addImportEntry):
353         (JSC::ModuleRecord::addExportEntry):
354         (JSC::ModuleRecord::addStarExportEntry):
355         * parser/NodeConstructors.h:
356         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
357         (JSC::ImportDeclarationNode::ImportDeclarationNode):
358         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
359         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
360         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
361         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
362         * parser/Nodes.h:
363         (JSC::ExportDefaultDeclarationNode::localName):
364         * parser/NodesAnalyzeModule.cpp: Added.
365         (JSC::ScopeNode::analyzeModule):
366         (JSC::SourceElements::analyzeModule):
367         (JSC::ImportDeclarationNode::analyzeModule):
368         (JSC::ExportAllDeclarationNode::analyzeModule):
369         (JSC::ExportDefaultDeclarationNode::analyzeModule):
370         (JSC::ExportLocalDeclarationNode::analyzeModule):
371         (JSC::ExportNamedDeclarationNode::analyzeModule):
372         * parser/Parser.cpp:
373         (JSC::Parser<LexerType>::parseInner):
374         (JSC::Parser<LexerType>::parseModuleSourceElements):
375         (JSC::Parser<LexerType>::parseVariableDeclarationList):
376         (JSC::Parser<LexerType>::createBindingPattern):
377         (JSC::Parser<LexerType>::parseFunctionDeclaration):
378         (JSC::Parser<LexerType>::parseClassDeclaration):
379         (JSC::Parser<LexerType>::parseImportClauseItem):
380         (JSC::Parser<LexerType>::parseExportSpecifier):
381         (JSC::Parser<LexerType>::parseExportDeclaration):
382         * parser/Parser.h:
383         (JSC::Scope::lexicalVariables):
384         (JSC::Scope::declareLexicalVariable):
385         (JSC::Parser::declareVariable):
386         (JSC::Parser::exportName):
387         (JSC::Parser<LexerType>::parse):
388         (JSC::parse):
389         * parser/ParserModes.h:
390         * parser/SyntaxChecker.h:
391         (JSC::SyntaxChecker::createExportDefaultDeclaration):
392         * parser/VariableEnvironment.cpp:
393         (JSC::VariableEnvironment::markVariableAsImported):
394         (JSC::VariableEnvironment::markVariableAsExported):
395         * parser/VariableEnvironment.h:
396         (JSC::VariableEnvironmentEntry::isExported):
397         (JSC::VariableEnvironmentEntry::isImported):
398         (JSC::VariableEnvironmentEntry::setIsExported):
399         (JSC::VariableEnvironmentEntry::setIsImported):
400         * runtime/CommonIdentifiers.h:
401         * runtime/Completion.cpp:
402         (JSC::checkModuleSyntax):
403         * runtime/Options.h:
404
405 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
406
407         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
408
409         * jit/ExecutableAllocator.h:
410         * jsc.cpp:
411         (GlobalObject::finishCreation):
412         (functionAddressOf):
413         (functionVersion):
414         (functionReleaseExecutableMemory): Deleted.
415         * runtime/VM.cpp:
416         (JSC::StackPreservingRecompiler::operator()):
417         (JSC::VM::throwException):
418         (JSC::VM::updateFTLLargestStackSize):
419         (JSC::VM::gatherConservativeRoots):
420         (JSC::VM::releaseExecutableMemory): Deleted.
421         (JSC::releaseExecutableMemory): Deleted.
422         * runtime/VM.h:
423         (JSC::VM::isCollectorBusy):
424         * runtime/Watchdog.cpp:
425         (JSC::Watchdog::setTimeLimit):
426
427 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
428
429         Roll out r188339, which broke the build.
430
431         Unreviewed.
432
433         * jit/ExecutableAllocator.h:
434         * jsc.cpp:
435         (GlobalObject::finishCreation):
436         (functionReleaseExecutableMemory):
437         * runtime/VM.cpp:
438         (JSC::StackPreservingRecompiler::visit):
439         (JSC::StackPreservingRecompiler::operator()):
440         (JSC::VM::releaseExecutableMemory):
441         (JSC::releaseExecutableMemory):
442         * runtime/VM.h:
443         * runtime/Watchdog.cpp:
444         (JSC::Watchdog::setTimeLimit):
445
446 2015-08-12  Alex Christensen  <achristensen@webkit.org>
447
448         Fix Debug CMake builds on Windows
449         https://bugs.webkit.org/show_bug.cgi?id=147940
450
451         Reviewed by Chris Dumez.
452
453         * PlatformWin.cmake:
454         Copy the plist to the JavaScriptCore.resources directory.
455
456 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
457
458         Remove VM::releaseExecutableMemory
459         https://bugs.webkit.org/show_bug.cgi?id=147915
460
461         Reviewed by Saam Barati.
462
463         releaseExecutableMemory() was only used in one place, where discardAllCode()
464         would work just as well.
465
466         It's confusing to have two slightly different ways to discard code. Also,
467         releaseExecutableMemory() is unused in any production code, and it seems
468         to have bit-rotted.
469
470         * jit/ExecutableAllocator.h:
471         * jsc.cpp:
472         (GlobalObject::finishCreation):
473         (functionAddressOf):
474         (functionVersion):
475         (functionReleaseExecutableMemory): Deleted.
476         * runtime/VM.cpp:
477         (JSC::StackPreservingRecompiler::operator()):
478         (JSC::VM::throwException):
479         (JSC::VM::updateFTLLargestStackSize):
480         (JSC::VM::gatherConservativeRoots):
481         (JSC::VM::releaseExecutableMemory): Deleted.
482         (JSC::releaseExecutableMemory): Deleted.
483         * runtime/VM.h:
484         (JSC::VM::isCollectorBusy):
485         * runtime/Watchdog.cpp:
486         (JSC::Watchdog::setTimeLimit):
487
488 2015-08-12  Mark Lam  <mark.lam@apple.com>
489
490         Add a JSC option to enable the watchdog for testing.
491         https://bugs.webkit.org/show_bug.cgi?id=147939
492
493         Reviewed by Michael Saboff.
494
495         * API/JSContextRef.cpp:
496         (JSContextGroupSetExecutionTimeLimit):
497         (createWatchdogIfNeeded): Deleted.
498         * runtime/Options.h:
499         * runtime/VM.cpp:
500         (JSC::VM::VM):
501         (JSC::VM::~VM):
502         (JSC::VM::sharedInstanceInternal):
503         (JSC::VM::ensureWatchdog):
504         (JSC::thunkGeneratorForIntrinsic):
505         * runtime/VM.h:
506
507 2015-08-11  Mark Lam  <mark.lam@apple.com>
508
509         Implementation JavaScript watchdog using WTF::WorkQueue.
510         https://bugs.webkit.org/show_bug.cgi?id=147107
511
512         Reviewed by Geoffrey Garen.
513
514         How the Watchdog works?
515         ======================
516
517         1. When do we start the Watchdog?
518            =============================
519            The watchdog should only be started if both the following conditions are true:
520            1. A time limit has been set.
521            2. We have entered the VM.
522  
523         2. CPU time vs Wall Clock time
524            ===========================
525            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
526
527            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
528            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
529            indicates the wall clock time point when the WorkQueue timer is expected to fire.
530
531            The time limit for which we allow JS code to run should be measured in CPU time, which can
532            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
533            should fire.
534
535            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
536            we need to check if m_cpuDeadline has been reached.
537
538            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
539
540            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
541            code to continue to run for.  Hence, we need to start a new timer to fire again after
542            Tremainder microseconds.
543     
544            See Watchdog::didFireSlow().
545
546         3. Spurious wake ups
547            =================
548            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
549            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
550            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
551            wake ups are considered to be spurious and will be ignored.
552  
553            See Watchdog::didFireSlow().
554  
555         4. Minimizing Timer creation cost
556            ==============================
557            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
558            than this.
559  
560            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
561            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
562            time limit. Consider the following example:
563  
564                |---|-----|---|----------------|---------|
565                t0  t1    t2  t3            t0 + L    t2 + L 
566
567                |<--- T1 --------------------->|
568                          |<--- T2 --------------------->|
569                |<-- Td ->|                    |<-- Td ->|
570
571            1. The user initializes the watchdog with time limit L.
572            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
573               The timer is set to expire at t0 + L.
574            3. At t1, we exit the VM.
575            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
576          
577               However, we can note that the expiration time for T2 would be after the expiration time
578               of T1. Specifically, T2 would have expired at Td after T1 expires.
579          
580               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
581               for a period or Td instead.
582
583            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
584            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
585            automatically take care of starting a new timer for the difference Td in the example above.
586            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
587            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
588
589            The benefit:
590
591            1. we minimize the number of timer instances we have queued in the workqueue at the same time
592               (ideally only 1 or 0), and use less peak memory usage.
593
594            2. we minimize the frequency of instantiating timer instances. By waiting for the current
595               active timer to expire first, on average, we get to start one timer per time limit
596               (which is infrequent because time limits tend to be long) instead of one timer per
597               VM entry (which tends to be frequent).
598
599            See Watchdog::startTimer().
600
601         * API/JSContextRef.cpp:
602         (createWatchdogIfNeeded):
603         (JSContextGroupClearExecutionTimeLimit):
604         - No need to create the watchdog (if not already created) just to clear it.
605           If the watchdog is not created yet, then it is effectively cleared.
606
607         * API/tests/ExecutionTimeLimitTest.cpp:
608         (currentCPUTimeAsJSFunctionCallback):
609         (testExecutionTimeLimit):
610         (currentCPUTime): Deleted.
611         * API/tests/testapi.c:
612         (main):
613         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
614         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
615         - Enable watchdog tests for all platforms.
616
617         * CMakeLists.txt:
618         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
619         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
620         * JavaScriptCore.xcodeproj/project.pbxproj:
621         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
622
623         * PlatformEfl.cmake:
624
625         * dfg/DFGByteCodeParser.cpp:
626         (JSC::DFG::ByteCodeParser::parseBlock):
627         * dfg/DFGSpeculativeJIT32_64.cpp:
628         * dfg/DFGSpeculativeJIT64.cpp:
629         * interpreter/Interpreter.cpp:
630         (JSC::Interpreter::execute):
631         (JSC::Interpreter::executeCall):
632         (JSC::Interpreter::executeConstruct):
633         * jit/JITOpcodes.cpp:
634         (JSC::JIT::emit_op_loop_hint):
635         (JSC::JIT::emitSlow_op_loop_hint):
636         * jit/JITOperations.cpp:
637         * llint/LLIntOffsetsExtractor.cpp:
638         * llint/LLIntSlowPaths.cpp:
639         * runtime/VM.cpp:
640         - #include Watchdog.h in these files directly instead of doing it via VM.h.
641           These saves us from having to recompile the world when we change Watchdog.h.
642
643         * runtime/VM.h:
644         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
645           thread-safe ref counted.
646
647         * runtime/VMEntryScope.cpp:
648         (JSC::VMEntryScope::VMEntryScope):
649         (JSC::VMEntryScope::~VMEntryScope):
650         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
651           Instead, the VMEntryScope will inform the watchdog of when we have entered and
652           exited the VM.
653
654         * runtime/Watchdog.cpp:
655         (JSC::currentWallClockTime):
656         (JSC::Watchdog::Watchdog):
657         (JSC::Watchdog::hasStartedTimer):
658         (JSC::Watchdog::setTimeLimit):
659         (JSC::Watchdog::didFireSlow):
660         (JSC::Watchdog::hasTimeLimit):
661         (JSC::Watchdog::fire):
662         (JSC::Watchdog::enteredVM):
663         (JSC::Watchdog::exitedVM):
664
665         (JSC::Watchdog::startTimer):
666         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
667           (from a different thread) even after the VM shuts down.  We need to keep it
668           alive until the WorkQueue callback completes.
669
670           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
671           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
672           is done with it.  This ensures that the Watchdog is kept alive until all
673           WorkQueue callbacks are done.
674
675         (JSC::Watchdog::stopTimer):
676         (JSC::Watchdog::~Watchdog): Deleted.
677         (JSC::Watchdog::didFire): Deleted.
678         (JSC::Watchdog::isEnabled): Deleted.
679         (JSC::Watchdog::arm): Deleted.
680         (JSC::Watchdog::disarm): Deleted.
681         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
682         (JSC::Watchdog::startCountdown): Deleted.
683         (JSC::Watchdog::stopCountdown): Deleted.
684         * runtime/Watchdog.h:
685         (JSC::Watchdog::didFire):
686         (JSC::Watchdog::timerDidFireAddress):
687         (JSC::Watchdog::isArmed): Deleted.
688         (JSC::Watchdog::Scope::Scope): Deleted.
689         (JSC::Watchdog::Scope::~Scope): Deleted.
690         * runtime/WatchdogMac.cpp:
691         (JSC::Watchdog::initTimer): Deleted.
692         (JSC::Watchdog::destroyTimer): Deleted.
693         (JSC::Watchdog::startTimer): Deleted.
694         (JSC::Watchdog::stopTimer): Deleted.
695         * runtime/WatchdogNone.cpp:
696         (JSC::Watchdog::initTimer): Deleted.
697         (JSC::Watchdog::destroyTimer): Deleted.
698         (JSC::Watchdog::startTimer): Deleted.
699         (JSC::Watchdog::stopTimer): Deleted.
700
701 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
702
703         Always use a byte-sized lock implementation
704         https://bugs.webkit.org/show_bug.cgi?id=147908
705
706         Reviewed by Geoffrey Garen.
707
708         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
709
710 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
711
712         Make ASan build not depend on asan.xcconfig
713         https://bugs.webkit.org/show_bug.cgi?id=147840
714         rdar://problem/21093702
715
716         Reviewed by Daniel Bates.
717
718         * dfg/DFGOSREntry.cpp:
719         (JSC::DFG::OSREntryData::dump):
720         (JSC::DFG::prepareOSREntry):
721         * ftl/FTLOSREntry.cpp:
722         (JSC::FTL::prepareOSREntry):
723         * heap/ConservativeRoots.cpp:
724         (JSC::ConservativeRoots::genericAddPointer):
725         (JSC::ConservativeRoots::genericAddSpan):
726         * heap/MachineStackMarker.cpp:
727         (JSC::MachineThreads::removeThreadIfFound):
728         (JSC::MachineThreads::gatherFromCurrentThread):
729         (JSC::MachineThreads::Thread::captureStack):
730         (JSC::copyMemory):
731         * interpreter/Register.h:
732         (JSC::Register::operator=):
733         (JSC::Register::asanUnsafeJSValue):
734         (JSC::Register::jsValue):
735
736 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
737
738         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
739         https://bugs.webkit.org/show_bug.cgi?id=147480
740
741         Reviewed by Filip Pizlo.
742
743         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
744         The IC site only caches one id. After checking that the given id is the same to the
745         cached one, we perform the get_by_id IC onto it.
746         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
747         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
748         operations when the given get_by_val leverages the property load with the cached id.
749
750         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
751         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
752         This can be leveraged to optimize symbol operations in DFG.
753
754         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
755         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
756         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
757         argument ArrayProfile* in the operations with ByValInfo*.
758
759         * bytecode/ByValInfo.h:
760         (JSC::ByValInfo::ByValInfo):
761         * bytecode/CodeBlock.cpp:
762         (JSC::CodeBlock::getByValInfoMap):
763         (JSC::CodeBlock::addByValInfo):
764         * bytecode/CodeBlock.h:
765         (JSC::CodeBlock::getByValInfo): Deleted.
766         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
767         (JSC::CodeBlock::numberOfByValInfos): Deleted.
768         (JSC::CodeBlock::byValInfo): Deleted.
769         * bytecode/ExitKind.cpp:
770         (JSC::exitKindToString):
771         * bytecode/ExitKind.h:
772         * bytecode/GetByIdStatus.cpp:
773         (JSC::GetByIdStatus::computeFor):
774         (JSC::GetByIdStatus::computeForStubInfo):
775         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
776         * bytecode/GetByIdStatus.h:
777         * dfg/DFGAbstractInterpreterInlines.h:
778         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
779         * dfg/DFGByteCodeParser.cpp:
780         (JSC::DFG::ByteCodeParser::parseBlock):
781         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
782         * dfg/DFGClobberize.h:
783         (JSC::DFG::clobberize):
784         * dfg/DFGConstantFoldingPhase.cpp:
785         (JSC::DFG::ConstantFoldingPhase::foldConstants):
786         * dfg/DFGDoesGC.cpp:
787         (JSC::DFG::doesGC):
788         * dfg/DFGFixupPhase.cpp:
789         (JSC::DFG::FixupPhase::fixupNode):
790         (JSC::DFG::FixupPhase::observeUseKindOnNode):
791         * dfg/DFGNode.h:
792         (JSC::DFG::Node::hasUidOperand):
793         (JSC::DFG::Node::uidOperand):
794         * dfg/DFGNodeType.h:
795         * dfg/DFGPredictionPropagationPhase.cpp:
796         (JSC::DFG::PredictionPropagationPhase::propagate):
797         * dfg/DFGSafeToExecute.h:
798         (JSC::DFG::SafeToExecuteEdge::operator()):
799         (JSC::DFG::safeToExecute):
800         * dfg/DFGSpeculativeJIT.cpp:
801         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
802         (JSC::DFG::SpeculativeJIT::speculateSymbol):
803         (JSC::DFG::SpeculativeJIT::speculate):
804         * dfg/DFGSpeculativeJIT.h:
805         * dfg/DFGSpeculativeJIT32_64.cpp:
806         (JSC::DFG::SpeculativeJIT::compile):
807         * dfg/DFGSpeculativeJIT64.cpp:
808         (JSC::DFG::SpeculativeJIT::compile):
809         * dfg/DFGUseKind.cpp:
810         (WTF::printInternal):
811         * dfg/DFGUseKind.h:
812         (JSC::DFG::typeFilterFor):
813         (JSC::DFG::isCell):
814         * ftl/FTLAbstractHeapRepository.h:
815         * ftl/FTLCapabilities.cpp:
816         (JSC::FTL::canCompile):
817         * ftl/FTLLowerDFGToLLVM.cpp:
818         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
819         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
820         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
821         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
822         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
823         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
824         * jit/JIT.cpp:
825         (JSC::JIT::privateCompile):
826         * jit/JIT.h:
827         (JSC::ByValCompilationInfo::ByValCompilationInfo):
828         (JSC::JIT::compileGetByValWithCachedId):
829         * jit/JITInlines.h:
830         (JSC::JIT::callOperation):
831         * jit/JITOpcodes.cpp:
832         (JSC::JIT::emit_op_has_indexed_property):
833         (JSC::JIT::emitSlow_op_has_indexed_property):
834         * jit/JITOpcodes32_64.cpp:
835         (JSC::JIT::emit_op_has_indexed_property):
836         (JSC::JIT::emitSlow_op_has_indexed_property):
837         * jit/JITOperations.cpp:
838         (JSC::getByVal):
839         * jit/JITOperations.h:
840         * jit/JITPropertyAccess.cpp:
841         (JSC::JIT::emit_op_get_by_val):
842         (JSC::JIT::emitGetByValWithCachedId):
843         (JSC::JIT::emitSlow_op_get_by_val):
844         (JSC::JIT::emit_op_put_by_val):
845         (JSC::JIT::emitSlow_op_put_by_val):
846         (JSC::JIT::privateCompileGetByVal):
847         (JSC::JIT::privateCompileGetByValWithCachedId):
848         * jit/JITPropertyAccess32_64.cpp:
849         (JSC::JIT::emit_op_get_by_val):
850         (JSC::JIT::emitGetByValWithCachedId):
851         (JSC::JIT::emitSlow_op_get_by_val):
852         (JSC::JIT::emit_op_put_by_val):
853         (JSC::JIT::emitSlow_op_put_by_val):
854         * runtime/Symbol.h:
855         * tests/stress/get-by-val-with-string-constructor.js: Added.
856         (Hello):
857         (get Hello.prototype.generate):
858         (ok):
859         * tests/stress/get-by-val-with-string-exit.js: Added.
860         (shouldBe):
861         (getByVal):
862         (getStr1):
863         (getStr2):
864         * tests/stress/get-by-val-with-string-generated.js: Added.
865         (shouldBe):
866         (getByVal):
867         (getStr1):
868         (getStr2):
869         * tests/stress/get-by-val-with-string-getter.js: Added.
870         (object.get hello):
871         (ok):
872         * tests/stress/get-by-val-with-string.js: Added.
873         (shouldBe):
874         (getByVal):
875         (getStr1):
876         (getStr2):
877         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
878         (Hello):
879         (get Hello.prototype.generate):
880         (ok):
881         * tests/stress/get-by-val-with-symbol-exit.js: Added.
882         (shouldBe):
883         (getByVal):
884         (getSym1):
885         (getSym2):
886         * tests/stress/get-by-val-with-symbol-getter.js: Added.
887         (object.get hello):
888         (.get ok):
889         * tests/stress/get-by-val-with-symbol.js: Added.
890         (shouldBe):
891         (getByVal):
892         (getSym1):
893         (getSym2):
894
895 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
896
897         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
898         https://bugs.webkit.org/show_bug.cgi?id=147891
899         rdar://problem/22129447
900
901         Reviewed by Mark Lam.
902
903         * dfg/DFGByteCodeParser.cpp:
904         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
905         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
906         * dfg/DFGGraph.cpp:
907         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
908         * dfg/DFGStructureRegistrationPhase.cpp:
909         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
910
911 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
912
913         [Win] Switch Windows build to Visual Studio 2015
914         https://bugs.webkit.org/show_bug.cgi?id=147887
915         <rdar://problem/22235098>
916
917         Reviewed by Alex Christensen.
918
919         Update Visual Studio project file settings to use the current Visual
920         Studio and compiler. Continue targeting binaries to run on our minimum
921         supported configuration of Windows 7.
922
923         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
924         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
925         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
926         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
927         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
928         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
929         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
930         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
931         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
932         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
933         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
934         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
935
936 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
937
938         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
939         https://bugs.webkit.org/show_bug.cgi?id=147665
940
941         Reviewed by Mark Lam.
942
943         Replace ByteSpinLock with ByteLock.
944
945         * runtime/ConcurrentJITLock.h:
946
947 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
948
949         Numeric setter on prototype doesn't get called.
950         https://bugs.webkit.org/show_bug.cgi?id=144252
951
952         Reviewed by Darin Adler.
953
954         When switching the blank indexing type to the other one in putByIndex,
955         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
956         it to the slow put indexing type and reloop the putByIndex since there may
957         be some indexing accessor in the prototype chain. Previously, we just set
958         the value into the allocated vector.
959
960         In the putDirectIndex case, we just store the value to the vector.
961         This is because putDirectIndex is the operation to store the own property
962         and it does not check the accessors in the prototype chain.
963
964         * runtime/JSObject.cpp:
965         (JSC::JSObject::putByIndexBeyondVectorLength):
966         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
967         (shouldBe):
968         (Trace):
969         (Trace.prototype.trace):
970         (Trace.prototype.get count):
971         (.):
972         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
973         (shouldBe):
974         (Trace):
975         (Trace.prototype.trace):
976         (Trace.prototype.get count):
977         (.):
978         * tests/stress/numeric-setter-on-prototype.js: Added.
979         (shouldBe):
980         (Trace):
981         (Trace.prototype.trace):
982         (Trace.prototype.get count):
983         (.z.__proto__.set 3):
984         * tests/stress/numeric-setter-on-self.js: Added.
985         (shouldBe):
986         (Trace):
987         (Trace.prototype.trace):
988         (Trace.prototype.get count):
989         (.y.set 2):
990
991 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
992
993         [Win] Unreviewed gardening.
994
995         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
996         file references so they appear in the proper IDE locations.
997
998 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
999
1000         Unreviewed windows build fix for VS2015.
1001
1002         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
1003
1004 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1005
1006         [ES6] Implement Reflect.has
1007         https://bugs.webkit.org/show_bug.cgi?id=147875
1008
1009         Reviewed by Sam Weinig.
1010
1011         This patch implements Reflect.has[1].
1012         Since the semantics is the same to the `in` operator in the JS[2],
1013         we can implement it in builtin JS code.
1014
1015         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1016         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1017
1018         * builtins/ReflectObject.js:
1019         (has):
1020         * runtime/ReflectObject.cpp:
1021         * tests/stress/reflect-has.js: Added.
1022         (shouldBe):
1023         (shouldThrow):
1024
1025 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1026
1027         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1028         https://bugs.webkit.org/show_bug.cgi?id=147874
1029
1030         Reviewed by Darin Adler.
1031
1032         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1033         The difference from the Object.* one is
1034
1035         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1036         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1037
1038         * runtime/ObjectConstructor.cpp:
1039         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1040         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1041         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1042         (JSC::objectConstructorGetPrototypeOf):
1043         * runtime/ObjectConstructor.h:
1044         * runtime/ReflectObject.cpp:
1045         (JSC::reflectObjectGetPrototypeOf):
1046         (JSC::reflectObjectSetPrototypeOf):
1047         * tests/stress/reflect-get-prototype-of.js: Added.
1048         (shouldBe):
1049         (shouldThrow):
1050         (Base):
1051         (Derived):
1052         * tests/stress/reflect-set-prototype-of.js: Added.
1053         (shouldBe):
1054         (shouldThrow):
1055
1056 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1057
1058         Fix debug build when optimization is enabled
1059         https://bugs.webkit.org/show_bug.cgi?id=147816
1060
1061         Reviewed by Alexey Proskuryakov.
1062
1063         * llint/LLIntEntrypoint.cpp:
1064         * runtime/FunctionExecutableDump.cpp:
1065
1066 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1067
1068         Ensure that Reflect.enumerate does not produce the deleted keys
1069         https://bugs.webkit.org/show_bug.cgi?id=147677
1070
1071         Reviewed by Darin Adler.
1072
1073         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1074
1075         * tests/stress/reflect-enumerate.js:
1076
1077 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1078
1079         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1080         https://bugs.webkit.org/show_bug.cgi?id=147856
1081
1082         Reviewed by Saam Barati.
1083
1084         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1085
1086         * CMakeLists.txt:
1087         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1088         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1089         * JavaScriptCore.xcodeproj/project.pbxproj:
1090         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1091         (JSC::ExecutableInfo::ExecutableInfo):
1092         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1093         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1094         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1095         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1096         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1097         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1098         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1099         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1100         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1101         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1102         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1103         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1104         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1105         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1106         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1107         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1108         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1109         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1110         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1111         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1112         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1113         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1114         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1115         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1116         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1117         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1118         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1119         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1120         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1121         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1122         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1123         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1124         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1125         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1126         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1127         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1128         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1129         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1130         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1131         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1132         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1133         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1134         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1135         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1136         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1137         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1138         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1139         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1140         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1141         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1142         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1143         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1144         (JSC::UnlinkedCodeBlock::vm): Deleted.
1145         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1146         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1147         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1148         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1149         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1150         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1151         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1152         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1153         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1154         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1155         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1156         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1157         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1158         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1159         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1160         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1161         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1162         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1163         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1164         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1165         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1166         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1167         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1168         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1169         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1170         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1171         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1172         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1173         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1174         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1175         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1176         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1177         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1178         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1179         * bytecode/UnlinkedCodeBlock.cpp:
1180         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1181         (JSC::generateFunctionCodeBlock): Deleted.
1182         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1183         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1184         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1185         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1186         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1187         * bytecode/UnlinkedCodeBlock.h:
1188         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1189         (JSC::ExecutableInfo::needsActivation): Deleted.
1190         (JSC::ExecutableInfo::usesEval): Deleted.
1191         (JSC::ExecutableInfo::isStrictMode): Deleted.
1192         (JSC::ExecutableInfo::isConstructor): Deleted.
1193         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1194         (JSC::ExecutableInfo::constructorKind): Deleted.
1195         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1196         (JSC::generateFunctionCodeBlock):
1197         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1198         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1199         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1200         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1201         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1202         (JSC::dumpLineColumnEntry): Deleted.
1203         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1204         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1205         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1206         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1207         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1208         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1209         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1210         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1211         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1212         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1213         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1214         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1215         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1216         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1217         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1218         (JSC::ExecutableInfo::needsActivation): Deleted.
1219         (JSC::ExecutableInfo::usesEval): Deleted.
1220         (JSC::ExecutableInfo::isStrictMode): Deleted.
1221         (JSC::ExecutableInfo::isConstructor): Deleted.
1222         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1223         (JSC::ExecutableInfo::constructorKind): Deleted.
1224         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1225         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1226         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1227         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1228         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1229         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1230         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1231         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1232         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1233         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1234         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1235         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1236         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1237         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1238         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1239         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1240         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1241         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1242         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1243         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1244         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1245         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1246         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1247         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1248         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1249         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1250         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1251         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1252         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1253         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1254         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1255         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1256         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1257         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1258         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1259         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1260         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1261         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1262         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1263         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1264         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1265         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1266         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1267         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1268         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1269         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1270         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1271         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1272         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1273         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1274         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1275         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1276         (JSC::UnlinkedCodeBlock::vm): Deleted.
1277         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1278         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1279         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1280         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1281         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1282         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1283         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1284         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1285         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1286         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1287         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1288         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1289         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1290         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1291         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1292         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1293         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1294         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1295         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1296         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1297         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1298         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1299         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1300         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1301         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1302         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1303         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1304         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1305         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1306         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1307         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1308         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1309         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1310         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1311         * runtime/Executable.h:
1312
1313 2015-08-10  Mark Lam  <mark.lam@apple.com>
1314
1315         Refactor LiveObjectList and LiveObjectData into their own files.
1316         https://bugs.webkit.org/show_bug.cgi?id=147843
1317
1318         Reviewed by Saam Barati.
1319
1320         There is no behavior change in this patch.
1321
1322         * CMakeLists.txt:
1323         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1324         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1325         * JavaScriptCore.xcodeproj/project.pbxproj:
1326         * heap/HeapVerifier.cpp:
1327         (JSC::HeapVerifier::HeapVerifier):
1328         (JSC::LiveObjectList::findObject): Deleted.
1329         * heap/HeapVerifier.h:
1330         (JSC::LiveObjectData::LiveObjectData): Deleted.
1331         (JSC::LiveObjectList::LiveObjectList): Deleted.
1332         (JSC::LiveObjectList::reset): Deleted.
1333         * heap/LiveObjectData.h: Added.
1334         (JSC::LiveObjectData::LiveObjectData):
1335         * heap/LiveObjectList.cpp: Added.
1336         (JSC::LiveObjectList::findObject):
1337         * heap/LiveObjectList.h: Added.
1338         (JSC::LiveObjectList::LiveObjectList):
1339         (JSC::LiveObjectList::reset):
1340
1341 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1342
1343         Let's rename FunctionBodyNode
1344         https://bugs.webkit.org/show_bug.cgi?id=147292
1345
1346         Reviewed by Mark Lam & Saam Barati.
1347
1348         FunctionBodyNode => FunctionMetadataNode
1349
1350         Make FunctionMetadataNode inherit from Node instead of StatementNode
1351         because a FunctionMetadataNode can appear in expression context and does
1352         not have a next statement.
1353
1354         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1355         and to retain "Node" in its name, because it really is a parsing
1356         construct, and we transform its data before consuming it elsewhere.
1357
1358         There is still room for a future patch to distill and simplify the
1359         metadata we track about functions between FunDeclNode/FuncExprNode,
1360         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1361
1362         * builtins/BuiltinExecutables.cpp:
1363         (JSC::BuiltinExecutables::createExecutableInternal):
1364         * bytecode/UnlinkedCodeBlock.cpp:
1365         (JSC::generateFunctionCodeBlock):
1366         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1367         * bytecode/UnlinkedCodeBlock.h:
1368         * bytecompiler/BytecodeGenerator.cpp:
1369         (JSC::BytecodeGenerator::generate):
1370         (JSC::BytecodeGenerator::BytecodeGenerator):
1371         (JSC::BytecodeGenerator::emitNewArray):
1372         (JSC::BytecodeGenerator::emitNewFunction):
1373         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1374         * bytecompiler/BytecodeGenerator.h:
1375         (JSC::BytecodeGenerator::makeFunction):
1376         * bytecompiler/NodesCodegen.cpp:
1377         (JSC::EvalNode::emitBytecode):
1378         (JSC::FunctionNode::emitBytecode):
1379         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1380         * parser/ASTBuilder.h:
1381         (JSC::ASTBuilder::createFunctionExpr):
1382         (JSC::ASTBuilder::createFunctionBody):
1383         * parser/NodeConstructors.h:
1384         (JSC::FunctionParameters::FunctionParameters):
1385         (JSC::FuncExprNode::FuncExprNode):
1386         (JSC::FuncDeclNode::FuncDeclNode):
1387         * parser/Nodes.cpp:
1388         (JSC::EvalNode::EvalNode):
1389         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1390         (JSC::FunctionMetadataNode::finishParsing):
1391         (JSC::FunctionMetadataNode::setEndPosition):
1392         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1393         (JSC::FunctionBodyNode::finishParsing): Deleted.
1394         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1395         * parser/Nodes.h:
1396         (JSC::FuncExprNode::body):
1397         (JSC::FuncDeclNode::body):
1398         * parser/Parser.h:
1399         (JSC::Parser::isFunctionMetadataNode):
1400         (JSC::Parser::next):
1401         (JSC::Parser<LexerType>::parse):
1402         (JSC::Parser::isFunctionBodyNode): Deleted.
1403         * runtime/CodeCache.cpp:
1404         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1405         * runtime/CodeCache.h:
1406
1407 2015-08-09  Chris Dumez  <cdumez@apple.com>
1408
1409         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1410         https://bugs.webkit.org/show_bug.cgi?id=147818
1411
1412         Unreviewed, roll out r188105.
1413
1414         * bytecode/ByValInfo.h:
1415         (JSC::ByValInfo::ByValInfo):
1416         * bytecode/CodeBlock.cpp:
1417         (JSC::CodeBlock::getByValInfoMap): Deleted.
1418         (JSC::CodeBlock::addByValInfo): Deleted.
1419         * bytecode/CodeBlock.h:
1420         (JSC::CodeBlock::getByValInfo):
1421         (JSC::CodeBlock::setNumberOfByValInfos):
1422         (JSC::CodeBlock::numberOfByValInfos):
1423         (JSC::CodeBlock::byValInfo):
1424         * bytecode/ExitKind.cpp:
1425         (JSC::exitKindToString): Deleted.
1426         * bytecode/ExitKind.h:
1427         * bytecode/GetByIdStatus.cpp:
1428         (JSC::GetByIdStatus::computeFor):
1429         (JSC::GetByIdStatus::computeForStubInfo):
1430         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1431         * bytecode/GetByIdStatus.h:
1432         * dfg/DFGAbstractInterpreterInlines.h:
1433         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1434         * dfg/DFGByteCodeParser.cpp:
1435         (JSC::DFG::ByteCodeParser::parseBlock):
1436         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1437         * dfg/DFGClobberize.h:
1438         (JSC::DFG::clobberize): Deleted.
1439         * dfg/DFGConstantFoldingPhase.cpp:
1440         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1441         * dfg/DFGDoesGC.cpp:
1442         (JSC::DFG::doesGC): Deleted.
1443         * dfg/DFGFixupPhase.cpp:
1444         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1445         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1446         * dfg/DFGNode.h:
1447         (JSC::DFG::Node::hasUidOperand): Deleted.
1448         (JSC::DFG::Node::uidOperand): Deleted.
1449         * dfg/DFGNodeType.h:
1450         * dfg/DFGPredictionPropagationPhase.cpp:
1451         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1452         * dfg/DFGSafeToExecute.h:
1453         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1454         (JSC::DFG::safeToExecute): Deleted.
1455         * dfg/DFGSpeculativeJIT.cpp:
1456         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1457         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1458         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1459         * dfg/DFGSpeculativeJIT.h:
1460         * dfg/DFGSpeculativeJIT32_64.cpp:
1461         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1462         * dfg/DFGSpeculativeJIT64.cpp:
1463         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1464         * dfg/DFGUseKind.cpp:
1465         (WTF::printInternal): Deleted.
1466         * dfg/DFGUseKind.h:
1467         (JSC::DFG::typeFilterFor): Deleted.
1468         (JSC::DFG::isCell): Deleted.
1469         * ftl/FTLAbstractHeapRepository.h:
1470         * ftl/FTLCapabilities.cpp:
1471         (JSC::FTL::canCompile): Deleted.
1472         * ftl/FTLLowerDFGToLLVM.cpp:
1473         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1474         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1475         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1476         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1477         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1478         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1479         * jit/JIT.cpp:
1480         (JSC::JIT::privateCompile):
1481         * jit/JIT.h:
1482         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1483         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1484         * jit/JITInlines.h:
1485         (JSC::JIT::callOperation): Deleted.
1486         * jit/JITOpcodes.cpp:
1487         (JSC::JIT::emit_op_has_indexed_property):
1488         (JSC::JIT::emitSlow_op_has_indexed_property):
1489         * jit/JITOpcodes32_64.cpp:
1490         (JSC::JIT::emit_op_has_indexed_property):
1491         (JSC::JIT::emitSlow_op_has_indexed_property):
1492         * jit/JITOperations.cpp:
1493         (JSC::getByVal):
1494         * jit/JITOperations.h:
1495         * jit/JITPropertyAccess.cpp:
1496         (JSC::JIT::emit_op_get_by_val):
1497         (JSC::JIT::emitSlow_op_get_by_val):
1498         (JSC::JIT::emit_op_put_by_val):
1499         (JSC::JIT::emitSlow_op_put_by_val):
1500         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1501         (JSC::JIT::privateCompileGetByVal): Deleted.
1502         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1503         * jit/JITPropertyAccess32_64.cpp:
1504         (JSC::JIT::emit_op_get_by_val):
1505         (JSC::JIT::emitSlow_op_get_by_val):
1506         (JSC::JIT::emit_op_put_by_val):
1507         (JSC::JIT::emitSlow_op_put_by_val):
1508         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1509         * runtime/Symbol.h:
1510         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1511         * tests/stress/get-by-val-with-string-exit.js: Removed.
1512         * tests/stress/get-by-val-with-string-generated.js: Removed.
1513         * tests/stress/get-by-val-with-string-getter.js: Removed.
1514         * tests/stress/get-by-val-with-string.js: Removed.
1515         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1516         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1517         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1518         * tests/stress/get-by-val-with-symbol.js: Removed.
1519
1520 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1521
1522         Reduce uses of PassRefPtr in bindings
1523         https://bugs.webkit.org/show_bug.cgi?id=147781
1524
1525         Reviewed by Chris Dumez.
1526
1527         Use RefPtr when function can return null or an instance. If not, Ref is used.
1528
1529         * runtime/JSGenericTypedArrayView.h:
1530         (JSC::toNativeTypedView):
1531
1532 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1533
1534         Build more testing binaries with CMake on Windows
1535         https://bugs.webkit.org/show_bug.cgi?id=147799
1536
1537         Reviewed by Brent Fulgham.
1538
1539         * shell/PlatformWin.cmake: Added.
1540         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1541
1542 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1543
1544         Lightweight locks should be adaptive
1545         https://bugs.webkit.org/show_bug.cgi?id=147545
1546
1547         Reviewed by Geoffrey Garen.
1548
1549         * dfg/DFGCommon.cpp:
1550         (JSC::DFG::startCrashing):
1551         * heap/CopiedBlock.h:
1552         (JSC::CopiedBlock::workListLock):
1553         * heap/CopiedBlockInlines.h:
1554         (JSC::CopiedBlock::shouldReportLiveBytes):
1555         (JSC::CopiedBlock::reportLiveBytes):
1556         * heap/CopiedSpace.cpp:
1557         (JSC::CopiedSpace::doneFillingBlock):
1558         * heap/CopiedSpace.h:
1559         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1560         * heap/CopiedSpaceInlines.h:
1561         (JSC::CopiedSpace::recycleEvacuatedBlock):
1562         * heap/GCThreadSharedData.cpp:
1563         (JSC::GCThreadSharedData::didStartCopying):
1564         * heap/GCThreadSharedData.h:
1565         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1566         * heap/ListableHandler.h:
1567         (JSC::ListableHandler::List::addThreadSafe):
1568         (JSC::ListableHandler::List::addNotThreadSafe):
1569         * heap/MachineStackMarker.cpp:
1570         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1571         * heap/SlotVisitorInlines.h:
1572         (JSC::SlotVisitor::copyLater):
1573         * parser/SourceProvider.cpp:
1574         (JSC::SourceProvider::~SourceProvider):
1575         (JSC::SourceProvider::getID):
1576         * profiler/ProfilerDatabase.cpp:
1577         (JSC::Profiler::Database::addDatabaseToAtExit):
1578         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1579         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1580         * runtime/TypeProfilerLog.h:
1581
1582 2015-08-07  Mark Lam  <mark.lam@apple.com>
1583
1584         Rename some variables in the JSC watchdog implementation.
1585         https://bugs.webkit.org/show_bug.cgi?id=147790
1586
1587         Rubber stamped by Benjamin Poulain.
1588
1589         This is just a refactoring patch to give the variable better names that describe their
1590         intended use.  There is no behavior change.
1591
1592         * runtime/Watchdog.cpp:
1593         (JSC::Watchdog::Watchdog):
1594         (JSC::Watchdog::setTimeLimit):
1595         (JSC::Watchdog::didFire):
1596         (JSC::Watchdog::isEnabled):
1597         (JSC::Watchdog::fire):
1598         (JSC::Watchdog::startCountdownIfNeeded):
1599         * runtime/Watchdog.h:
1600
1601 2015-08-07  Saam barati  <saambarati1@gmail.com>
1602
1603         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1604         https://bugs.webkit.org/show_bug.cgi?id=147666
1605
1606         Reviewed by Geoffrey Garen.
1607
1608         If we make the bytecode generator know about every local scope it 
1609         creates, and if we give each local scope a unique register, the
1610         bytecode generator has all the information it needs to assign
1611         the correct scope to a catch handler. Because the bytecode generator
1612         knows this information, it's a better separation of responsibilties
1613         for it to set up the proper scope instead of relying on the exception
1614         handling runtime to find the scope.
1615
1616         * bytecode/BytecodeList.json:
1617         * bytecode/BytecodeUseDef.h:
1618         (JSC::computeUsesForBytecodeOffset):
1619         * bytecode/CodeBlock.cpp:
1620         (JSC::CodeBlock::dumpBytecode):
1621         (JSC::CodeBlock::CodeBlock):
1622         * bytecode/HandlerInfo.h:
1623         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1624         (JSC::HandlerInfo::initialize):
1625         * bytecompiler/BytecodeGenerator.cpp:
1626         (JSC::BytecodeGenerator::generate):
1627         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1628         (JSC::BytecodeGenerator::emitGetScope):
1629         (JSC::BytecodeGenerator::emitPushWithScope):
1630         (JSC::BytecodeGenerator::emitGetParentScope):
1631         (JSC::BytecodeGenerator::emitPopScope):
1632         (JSC::BytecodeGenerator::emitPopWithScope):
1633         (JSC::BytecodeGenerator::allocateAndEmitScope):
1634         (JSC::BytecodeGenerator::emitComplexPopScopes):
1635         (JSC::BytecodeGenerator::pushTry):
1636         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1637         (JSC::BytecodeGenerator::localScopeDepth):
1638         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1639         * bytecompiler/BytecodeGenerator.h:
1640         * bytecompiler/NodesCodegen.cpp:
1641         (JSC::WithNode::emitBytecode):
1642         * interpreter/Interpreter.cpp:
1643         (JSC::Interpreter::unwind):
1644         * jit/JITOpcodes.cpp:
1645         (JSC::JIT::emit_op_push_with_scope):
1646         (JSC::JIT::compileOpStrictEq):
1647         * jit/JITOpcodes32_64.cpp:
1648         (JSC::JIT::emit_op_push_with_scope):
1649         (JSC::JIT::emit_op_to_number):
1650         * jit/JITOperations.cpp:
1651         * jit/JITOperations.h:
1652         * llint/LLIntSlowPaths.cpp:
1653         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1654         * llint/LLIntSlowPaths.h:
1655         * llint/LowLevelInterpreter.asm:
1656         * runtime/CommonSlowPaths.cpp:
1657         (JSC::SLOW_PATH_DECL):
1658         * runtime/CommonSlowPaths.h:
1659         * runtime/JSScope.cpp:
1660         (JSC::JSScope::objectAtScope):
1661         (JSC::isUnscopable):
1662         (JSC::JSScope::depth): Deleted.
1663         * runtime/JSScope.h:
1664
1665 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1666
1667         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1668         https://bugs.webkit.org/show_bug.cgi?id=147761
1669
1670         Reviewed by Mark Lam.
1671
1672         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1673         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1674         it truncates the immediate pointer into the 32bit immediate.
1675         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1676
1677         * assembler/MacroAssemblerARM64.h:
1678         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1679         (JSC::MacroAssemblerARM64::patchableBranch64):
1680         * assembler/MacroAssemblerX86_64.h:
1681         (JSC::MacroAssemblerX86_64::patchableBranch64):
1682         * jit/JIT.h:
1683         * jit/JITInlines.h:
1684         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1685         * jit/JITPropertyAccess.cpp:
1686         (JSC::JIT::emit_op_get_by_val):
1687
1688 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1689
1690         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1691         https://bugs.webkit.org/show_bug.cgi?id=147480
1692
1693         Reviewed by Filip Pizlo.
1694
1695         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1696         The IC site only caches one id. After checking that the given id is the same to the
1697         cached one, we perform the get_by_id IC onto it.
1698         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1699         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1700         operations when the given get_by_val leverages the property load with the cached id.
1701
1702         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1703         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1704         This can be leveraged to optimize symbol operations in DFG.
1705
1706         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1707         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1708         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1709         argument ArrayProfile* in the operations with ByValInfo*.
1710
1711         * bytecode/ByValInfo.h:
1712         (JSC::ByValInfo::ByValInfo):
1713         * bytecode/CodeBlock.cpp:
1714         (JSC::CodeBlock::getByValInfoMap):
1715         (JSC::CodeBlock::addByValInfo):
1716         * bytecode/CodeBlock.h:
1717         (JSC::CodeBlock::getByValInfo): Deleted.
1718         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1719         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1720         (JSC::CodeBlock::byValInfo): Deleted.
1721         * bytecode/ExitKind.cpp:
1722         (JSC::exitKindToString):
1723         * bytecode/ExitKind.h:
1724         * bytecode/GetByIdStatus.cpp:
1725         (JSC::GetByIdStatus::computeFor):
1726         (JSC::GetByIdStatus::computeForStubInfo):
1727         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1728         * bytecode/GetByIdStatus.h:
1729         * dfg/DFGAbstractInterpreterInlines.h:
1730         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1731         * dfg/DFGByteCodeParser.cpp:
1732         (JSC::DFG::ByteCodeParser::parseBlock):
1733         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1734         * dfg/DFGClobberize.h:
1735         (JSC::DFG::clobberize):
1736         * dfg/DFGConstantFoldingPhase.cpp:
1737         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1738         * dfg/DFGDoesGC.cpp:
1739         (JSC::DFG::doesGC):
1740         * dfg/DFGFixupPhase.cpp:
1741         (JSC::DFG::FixupPhase::fixupNode):
1742         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1743         * dfg/DFGNode.h:
1744         (JSC::DFG::Node::hasUidOperand):
1745         (JSC::DFG::Node::uidOperand):
1746         * dfg/DFGNodeType.h:
1747         * dfg/DFGPredictionPropagationPhase.cpp:
1748         (JSC::DFG::PredictionPropagationPhase::propagate):
1749         * dfg/DFGSafeToExecute.h:
1750         (JSC::DFG::SafeToExecuteEdge::operator()):
1751         (JSC::DFG::safeToExecute):
1752         * dfg/DFGSpeculativeJIT.cpp:
1753         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1754         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1755         (JSC::DFG::SpeculativeJIT::speculate):
1756         * dfg/DFGSpeculativeJIT.h:
1757         * dfg/DFGSpeculativeJIT32_64.cpp:
1758         (JSC::DFG::SpeculativeJIT::compile):
1759         * dfg/DFGSpeculativeJIT64.cpp:
1760         (JSC::DFG::SpeculativeJIT::compile):
1761         * dfg/DFGUseKind.cpp:
1762         (WTF::printInternal):
1763         * dfg/DFGUseKind.h:
1764         (JSC::DFG::typeFilterFor):
1765         (JSC::DFG::isCell):
1766         * ftl/FTLAbstractHeapRepository.h:
1767         * ftl/FTLCapabilities.cpp:
1768         (JSC::FTL::canCompile):
1769         * ftl/FTLLowerDFGToLLVM.cpp:
1770         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1771         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1772         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1773         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1774         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1775         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1776         * jit/JIT.cpp:
1777         (JSC::JIT::privateCompile):
1778         * jit/JIT.h:
1779         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1780         (JSC::JIT::compileGetByValWithCachedId):
1781         * jit/JITInlines.h:
1782         (JSC::JIT::callOperation):
1783         * jit/JITOpcodes.cpp:
1784         (JSC::JIT::emit_op_has_indexed_property):
1785         (JSC::JIT::emitSlow_op_has_indexed_property):
1786         * jit/JITOpcodes32_64.cpp:
1787         (JSC::JIT::emit_op_has_indexed_property):
1788         (JSC::JIT::emitSlow_op_has_indexed_property):
1789         * jit/JITOperations.cpp:
1790         (JSC::getByVal):
1791         * jit/JITOperations.h:
1792         * jit/JITPropertyAccess.cpp:
1793         (JSC::JIT::emit_op_get_by_val):
1794         (JSC::JIT::emitGetByValWithCachedId):
1795         (JSC::JIT::emitSlow_op_get_by_val):
1796         (JSC::JIT::emit_op_put_by_val):
1797         (JSC::JIT::emitSlow_op_put_by_val):
1798         (JSC::JIT::privateCompileGetByVal):
1799         (JSC::JIT::privateCompileGetByValWithCachedId):
1800         * jit/JITPropertyAccess32_64.cpp:
1801         (JSC::JIT::emit_op_get_by_val):
1802         (JSC::JIT::emitGetByValWithCachedId):
1803         (JSC::JIT::emitSlow_op_get_by_val):
1804         (JSC::JIT::emit_op_put_by_val):
1805         (JSC::JIT::emitSlow_op_put_by_val):
1806         * runtime/Symbol.h:
1807         * tests/stress/get-by-val-with-string-constructor.js: Added.
1808         (Hello):
1809         (get Hello.prototype.generate):
1810         (ok):
1811         * tests/stress/get-by-val-with-string-exit.js: Added.
1812         (shouldBe):
1813         (getByVal):
1814         (getStr1):
1815         (getStr2):
1816         * tests/stress/get-by-val-with-string-generated.js: Added.
1817         (shouldBe):
1818         (getByVal):
1819         (getStr1):
1820         (getStr2):
1821         * tests/stress/get-by-val-with-string-getter.js: Added.
1822         (object.get hello):
1823         (ok):
1824         * tests/stress/get-by-val-with-string.js: Added.
1825         (shouldBe):
1826         (getByVal):
1827         (getStr1):
1828         (getStr2):
1829         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1830         (Hello):
1831         (get Hello.prototype.generate):
1832         (ok):
1833         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1834         (shouldBe):
1835         (getByVal):
1836         (getSym1):
1837         (getSym2):
1838         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1839         (object.get hello):
1840         (.get ok):
1841         * tests/stress/get-by-val-with-symbol.js: Added.
1842         (shouldBe):
1843         (getByVal):
1844         (getSym1):
1845         (getSym2):
1846
1847 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1848
1849         Parse the entire WebAssembly modules
1850         https://bugs.webkit.org/show_bug.cgi?id=147393
1851
1852         Reviewed by Geoffrey Garen.
1853
1854         Parse the entire WebAssembly modules from files produced by pack-asmjs
1855         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1856         parse modules whose function definition section contains only functions that
1857         have "return 0;" as their only statement. Parsing of any functions will be
1858         implemented in a subsequent patch.
1859
1860         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1861         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1862         * JavaScriptCore.xcodeproj/project.pbxproj:
1863         * wasm/JSWASMModule.cpp:
1864         (JSC::JSWASMModule::destroy):
1865         * wasm/JSWASMModule.h:
1866         (JSC::JSWASMModule::i32Constants):
1867         (JSC::JSWASMModule::f32Constants):
1868         (JSC::JSWASMModule::f64Constants):
1869         (JSC::JSWASMModule::signatures):
1870         (JSC::JSWASMModule::functionImports):
1871         (JSC::JSWASMModule::functionImportSignatures):
1872         (JSC::JSWASMModule::globalVariableTypes):
1873         (JSC::JSWASMModule::functionDeclarations):
1874         (JSC::JSWASMModule::functionPointerTables):
1875         * wasm/WASMFormat.h: Added.
1876         * wasm/WASMModuleParser.cpp:
1877         (JSC::WASMModuleParser::parse):
1878         (JSC::WASMModuleParser::parseModule):
1879         (JSC::WASMModuleParser::parseConstantPoolSection):
1880         (JSC::WASMModuleParser::parseSignatureSection):
1881         (JSC::WASMModuleParser::parseFunctionImportSection):
1882         (JSC::WASMModuleParser::parseGlobalSection):
1883         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
1884         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
1885         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
1886         (JSC::WASMModuleParser::parseFunctionDefinition):
1887         (JSC::WASMModuleParser::parseExportSection):
1888         * wasm/WASMModuleParser.h:
1889         * wasm/WASMReader.cpp:
1890         (JSC::WASMReader::readUInt32):
1891         (JSC::WASMReader::readCompactUInt32):
1892         (JSC::WASMReader::readString):
1893         (JSC::WASMReader::readType):
1894         (JSC::WASMReader::readExpressionType):
1895         (JSC::WASMReader::readExportFormat):
1896         (JSC::WASMReader::readByte):
1897         (JSC::WASMReader::readUnsignedInt32): Deleted.
1898         * wasm/WASMReader.h:
1899
1900 2015-08-06  Keith Miller  <keith_miller@apple.com>
1901
1902         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
1903         https://bugs.webkit.org/show_bug.cgi?id=147749
1904
1905         Reviewed by Filip Pizlo.
1906
1907         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
1908         thus no one calls this code.
1909
1910         * ftl/FTLLowerDFGToLLVM.cpp:
1911         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
1912
1913 2015-08-06  Keith Miller  <keith_miller@apple.com>
1914
1915         The JSONP parser incorrectly parsers -0 as +0.
1916         https://bugs.webkit.org/show_bug.cgi?id=147590
1917
1918         Reviewed by Michael Saboff.
1919
1920         In the LiteralParser we should use a double to store the accumulator for numerical tokens
1921         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
1922
1923         * runtime/LiteralParser.cpp:
1924         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
1925
1926 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
1927
1928         Structures used for tryGetConstantProperty() should be registered first
1929         https://bugs.webkit.org/show_bug.cgi?id=147750
1930
1931         Reviewed by Saam Barati and Michael Saboff.
1932
1933         * dfg/DFGGraph.cpp:
1934         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
1935         * dfg/DFGGraph.h:
1936         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
1937         * dfg/DFGStructureRegistrationPhase.cpp:
1938         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
1939         (JSC::DFG::StructureRegistrationPhase::registerStructures):
1940         (JSC::DFG::StructureRegistrationPhase::registerStructure):
1941         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
1942         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
1943         (JSC::DFG::performStructureRegistration):
1944
1945 2015-08-06  Keith Miller  <keith_miller@apple.com>
1946
1947         Remove UnspecifiedBoolType from JSC
1948         https://bugs.webkit.org/show_bug.cgi?id=147597
1949
1950         Reviewed by Mark Lam.
1951
1952         We were using the safe bool pattern in the code base for implicit casting to booleans.
1953         With C++11 this is no longer necessary and we can instead create an operator bool.
1954
1955         * API/JSRetainPtr.h:
1956         (JSRetainPtr::operator bool):
1957         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
1958         * dfg/DFGEdge.h:
1959         (JSC::DFG::Edge::operator bool):
1960         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
1961         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1962         * heap/Weak.h:
1963         * heap/WeakInlines.h:
1964         (JSC::bool):
1965         (JSC::UnspecifiedBoolType): Deleted.
1966
1967 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
1968
1969         [ES6] Class parser does not allow methods named set and get.
1970         https://bugs.webkit.org/show_bug.cgi?id=147150
1971
1972         Reviewed by Oliver Hunt.
1973
1974         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
1975         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
1976         so that we only treat them as such when it's followed by another token that could be a method name.
1977
1978         * parser/Parser.cpp:
1979         (JSC::Parser<LexerType>::parseClass):
1980
1981 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
1982
1983         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
1984
1985         * bytecode/SamplingTool.cpp:
1986         (JSC::SamplingTool::doRun):
1987         (JSC::SamplingTool::notifyOfScope):
1988         * bytecode/SamplingTool.h:
1989         * dfg/DFGThreadData.h:
1990         * dfg/DFGWorklist.cpp:
1991         (JSC::DFG::Worklist::~Worklist):
1992         (JSC::DFG::Worklist::isActiveForVM):
1993         (JSC::DFG::Worklist::enqueue):
1994         (JSC::DFG::Worklist::compilationState):
1995         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1996         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1997         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1998         (JSC::DFG::Worklist::visitWeakReferences):
1999         (JSC::DFG::Worklist::removeDeadPlans):
2000         (JSC::DFG::Worklist::queueLength):
2001         (JSC::DFG::Worklist::dump):
2002         (JSC::DFG::Worklist::runThread):
2003         * dfg/DFGWorklist.h:
2004         * disassembler/Disassembler.cpp:
2005         * heap/CopiedSpace.cpp:
2006         (JSC::CopiedSpace::doneFillingBlock):
2007         (JSC::CopiedSpace::doneCopying):
2008         * heap/CopiedSpace.h:
2009         * heap/CopiedSpaceInlines.h:
2010         (JSC::CopiedSpace::recycleBorrowedBlock):
2011         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2012         * heap/HeapTimer.h:
2013         * heap/MachineStackMarker.cpp:
2014         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2015         (JSC::ActiveMachineThreadsManager::add):
2016         (JSC::ActiveMachineThreadsManager::remove):
2017         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2018         (JSC::MachineThreads::~MachineThreads):
2019         (JSC::MachineThreads::addCurrentThread):
2020         (JSC::MachineThreads::removeThreadIfFound):
2021         (JSC::MachineThreads::tryCopyOtherThreadStack):
2022         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2023         (JSC::MachineThreads::gatherConservativeRoots):
2024         * heap/MachineStackMarker.h:
2025         * interpreter/JSStack.cpp:
2026         (JSC::stackStatisticsMutex):
2027         (JSC::JSStack::addToCommittedByteCount):
2028         (JSC::JSStack::committedByteCount):
2029         * jit/JITThunks.h:
2030         * profiler/ProfilerDatabase.h:
2031
2032 2015-08-05  Saam barati  <saambarati1@gmail.com>
2033
2034         Bytecodegenerator emits crappy code for returns in a lexical scope.
2035         https://bugs.webkit.org/show_bug.cgi?id=147688
2036
2037         Reviewed by Mark Lam.
2038
2039         When returning, we only need to emit complex pop scopes if we're in 
2040         a finally block. Otherwise, we can just return like normal. This saves
2041         us from inefficiently emitting unnecessary pop scopes.
2042
2043         * bytecompiler/BytecodeGenerator.h:
2044         (JSC::BytecodeGenerator::isInFinallyBlock):
2045         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2046         * bytecompiler/NodesCodegen.cpp:
2047         (JSC::ReturnNode::emitBytecode):
2048
2049 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2050
2051         Add the Intl API to the status page
2052
2053         * features.json:
2054         Andy VanWagoner landed the skeleton of the API and it is
2055         enabled by default.
2056
2057 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2058
2059         Rename Mutex to DeprecatedMutex
2060         https://bugs.webkit.org/show_bug.cgi?id=147675
2061
2062         Reviewed by Geoffrey Garen.
2063
2064         * bytecode/SamplingTool.cpp:
2065         (JSC::SamplingTool::doRun):
2066         (JSC::SamplingTool::notifyOfScope):
2067         * bytecode/SamplingTool.h:
2068         * dfg/DFGThreadData.h:
2069         * dfg/DFGWorklist.cpp:
2070         (JSC::DFG::Worklist::~Worklist):
2071         (JSC::DFG::Worklist::isActiveForVM):
2072         (JSC::DFG::Worklist::enqueue):
2073         (JSC::DFG::Worklist::compilationState):
2074         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2075         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2076         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2077         (JSC::DFG::Worklist::visitWeakReferences):
2078         (JSC::DFG::Worklist::removeDeadPlans):
2079         (JSC::DFG::Worklist::queueLength):
2080         (JSC::DFG::Worklist::dump):
2081         (JSC::DFG::Worklist::runThread):
2082         * dfg/DFGWorklist.h:
2083         * disassembler/Disassembler.cpp:
2084         * heap/CopiedSpace.cpp:
2085         (JSC::CopiedSpace::doneFillingBlock):
2086         (JSC::CopiedSpace::doneCopying):
2087         * heap/CopiedSpace.h:
2088         * heap/CopiedSpaceInlines.h:
2089         (JSC::CopiedSpace::recycleBorrowedBlock):
2090         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2091         * heap/HeapTimer.h:
2092         * heap/MachineStackMarker.cpp:
2093         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2094         (JSC::ActiveMachineThreadsManager::add):
2095         (JSC::ActiveMachineThreadsManager::remove):
2096         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2097         (JSC::MachineThreads::~MachineThreads):
2098         (JSC::MachineThreads::addCurrentThread):
2099         (JSC::MachineThreads::removeThreadIfFound):
2100         (JSC::MachineThreads::tryCopyOtherThreadStack):
2101         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2102         (JSC::MachineThreads::gatherConservativeRoots):
2103         * heap/MachineStackMarker.h:
2104         * interpreter/JSStack.cpp:
2105         (JSC::stackStatisticsMutex):
2106         (JSC::JSStack::addToCommittedByteCount):
2107         (JSC::JSStack::committedByteCount):
2108         * jit/JITThunks.h:
2109         * profiler/ProfilerDatabase.h:
2110
2111 2015-08-05  Saam barati  <saambarati1@gmail.com>
2112
2113         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2114         https://bugs.webkit.org/show_bug.cgi?id=147657
2115
2116         Reviewed by Mark Lam.
2117
2118         This kills the last of the name scope objects. Function name scopes are
2119         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2120         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2121         function name scoped variable carefully depending on if the function is in
2122         strict mode. If we're in strict mode, then we treat the variable exactly
2123         like a "const" variable. If we're not in strict mode, we can't treat
2124         this variable like like ES6 "const" because that would cause the bytecode
2125         generator to throw an exception when it shouldn't.
2126
2127         * CMakeLists.txt:
2128         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2129         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2130         * JavaScriptCore.xcodeproj/project.pbxproj:
2131         * bytecode/BytecodeList.json:
2132         * bytecode/BytecodeUseDef.h:
2133         (JSC::computeUsesForBytecodeOffset):
2134         (JSC::computeDefsForBytecodeOffset):
2135         * bytecode/CodeBlock.cpp:
2136         (JSC::CodeBlock::dumpBytecode):
2137         * bytecompiler/BytecodeGenerator.cpp:
2138         (JSC::BytecodeGenerator::BytecodeGenerator):
2139         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2140         (JSC::BytecodeGenerator::pushLexicalScope):
2141         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2142         (JSC::BytecodeGenerator::variable):
2143         (JSC::BytecodeGenerator::resolveType):
2144         (JSC::BytecodeGenerator::emitThrowTypeError):
2145         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2146         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2147         (JSC::BytecodeGenerator::emitPushCatchScope):
2148         * bytecompiler/BytecodeGenerator.h:
2149         * bytecompiler/NodesCodegen.cpp:
2150         * debugger/DebuggerScope.cpp:
2151         * dfg/DFGOperations.cpp:
2152         * interpreter/Interpreter.cpp:
2153         * jit/JIT.cpp:
2154         (JSC::JIT::privateCompileMainPass):
2155         * jit/JIT.h:
2156         * jit/JITOpcodes.cpp:
2157         (JSC::JIT::emit_op_to_string):
2158         (JSC::JIT::emit_op_catch):
2159         (JSC::JIT::emit_op_push_name_scope): Deleted.
2160         * jit/JITOpcodes32_64.cpp:
2161         (JSC::JIT::emitSlow_op_to_string):
2162         (JSC::JIT::emit_op_catch):
2163         (JSC::JIT::emit_op_push_name_scope): Deleted.
2164         * jit/JITOperations.cpp:
2165         (JSC::pushNameScope): Deleted.
2166         * llint/LLIntSlowPaths.cpp:
2167         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2168         * llint/LLIntSlowPaths.h:
2169         * llint/LowLevelInterpreter.asm:
2170         * parser/Nodes.cpp:
2171         * runtime/CommonSlowPaths.cpp:
2172         * runtime/Executable.cpp:
2173         (JSC::ScriptExecutable::newCodeBlockFor):
2174         * runtime/JSFunctionNameScope.cpp: Removed.
2175         * runtime/JSFunctionNameScope.h: Removed.
2176         * runtime/JSGlobalObject.cpp:
2177         (JSC::JSGlobalObject::init):
2178         (JSC::JSGlobalObject::visitChildren):
2179         * runtime/JSGlobalObject.h:
2180         (JSC::JSGlobalObject::withScopeStructure):
2181         (JSC::JSGlobalObject::strictEvalActivationStructure):
2182         (JSC::JSGlobalObject::activationStructure):
2183         (JSC::JSGlobalObject::directArgumentsStructure):
2184         (JSC::JSGlobalObject::scopedArgumentsStructure):
2185         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2186         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2187         * runtime/JSNameScope.cpp: Removed.
2188         * runtime/JSNameScope.h: Removed.
2189         * runtime/JSObject.cpp:
2190         (JSC::JSObject::toThis):
2191         (JSC::JSObject::seal):
2192         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2193         * runtime/JSObject.h:
2194         * runtime/JSScope.cpp:
2195         (JSC::JSScope::isCatchScope):
2196         (JSC::JSScope::isFunctionNameScopeObject):
2197         (JSC::resolveModeName):
2198         * runtime/JSScope.h:
2199         * runtime/JSSymbolTableObject.cpp:
2200         * runtime/SymbolTable.h:
2201         * runtime/VM.cpp:
2202
2203 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2204
2205         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2206         https://bugs.webkit.org/show_bug.cgi?id=147679
2207
2208         Reviewed by Timothy Hatcher.
2209
2210         Improve native iterator support for the PropertyName Iterator by
2211         allowing inspection of the internal object within the iterator
2212         and peeking of the next upcoming values of the iterator.
2213
2214         * inspector/JSInjectedScriptHost.cpp:
2215         (Inspector::JSInjectedScriptHost::subtype):
2216         (Inspector::JSInjectedScriptHost::getInternalProperties):
2217         (Inspector::JSInjectedScriptHost::iteratorEntries):
2218         * runtime/JSPropertyNameIterator.h:
2219         (JSC::JSPropertyNameIterator::iteratedValue):
2220
2221 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2222
2223         [Win] Update Apple Windows build for VS2015
2224         https://bugs.webkit.org/show_bug.cgi?id=147653
2225
2226         Reviewed by Dean Jackson.
2227
2228         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2229         Show JSC files in proper project locations in IDE.
2230
2231 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2232
2233         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2234         https://bugs.webkit.org/show_bug.cgi?id=147328
2235
2236         Reviewed by Timothy Hatcher.
2237
2238         * inspector/InjectedScriptSource.js:
2239         Use classList and classList.toString instead of className.
2240
2241 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2242
2243         [ES6] Support Module Syntax
2244         https://bugs.webkit.org/show_bug.cgi?id=147422
2245
2246         Reviewed by Saam Barati.
2247
2248         This patch introduces ES6 Modules syntax parsing part.
2249         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2250         and this patch does not include the code generator part.
2251
2252         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2253         and do not execute the body or construct the AST. And after analyzing all the dependent
2254         modules, we will parse the dependent modules next.
2255         After all analyzing part is done, we will start the second pass. In the second pass, we
2256         will parse the module, produce the AST, and execute the body.
2257         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2258         because the given module can be executed after the all dependent modules are executed. It
2259         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2260         the dependent modules' information.
2261
2262         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2263         This patch aims at just implementing the syntax parsing functionality correctly.
2264         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2265         to collect the dependent modules fast[1].
2266
2267         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2268         By using this, we can parse the given string as the module.
2269
2270         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2271
2272         * bytecompiler/NodesCodegen.cpp:
2273         (JSC::ModuleProgramNode::emitBytecode):
2274         (JSC::ImportDeclarationNode::emitBytecode):
2275         (JSC::ExportAllDeclarationNode::emitBytecode):
2276         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2277         (JSC::ExportLocalDeclarationNode::emitBytecode):
2278         (JSC::ExportNamedDeclarationNode::emitBytecode):
2279         * jsc.cpp:
2280         (GlobalObject::finishCreation):
2281         (functionCheckModuleSyntax):
2282         * parser/ASTBuilder.h:
2283         (JSC::ASTBuilder::createModuleSpecifier):
2284         (JSC::ASTBuilder::createImportSpecifier):
2285         (JSC::ASTBuilder::createImportSpecifierList):
2286         (JSC::ASTBuilder::appendImportSpecifier):
2287         (JSC::ASTBuilder::createImportDeclaration):
2288         (JSC::ASTBuilder::createExportAllDeclaration):
2289         (JSC::ASTBuilder::createExportDefaultDeclaration):
2290         (JSC::ASTBuilder::createExportLocalDeclaration):
2291         (JSC::ASTBuilder::createExportNamedDeclaration):
2292         (JSC::ASTBuilder::createExportSpecifier):
2293         (JSC::ASTBuilder::createExportSpecifierList):
2294         (JSC::ASTBuilder::appendExportSpecifier):
2295         * parser/Keywords.table:
2296         * parser/NodeConstructors.h:
2297         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2298         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2299         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2300         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2301         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2302         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2303         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2304         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2305         * parser/Nodes.cpp:
2306         (JSC::ModuleProgramNode::ModuleProgramNode):
2307         * parser/Nodes.h:
2308         (JSC::ModuleProgramNode::startColumn):
2309         (JSC::ModuleProgramNode::endColumn):
2310         (JSC::ModuleSpecifierNode::moduleName):
2311         (JSC::ImportSpecifierNode::importedName):
2312         (JSC::ImportSpecifierNode::localName):
2313         (JSC::ImportSpecifierListNode::specifiers):
2314         (JSC::ImportSpecifierListNode::append):
2315         (JSC::ImportDeclarationNode::specifierList):
2316         (JSC::ImportDeclarationNode::moduleSpecifier):
2317         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2318         (JSC::ExportDefaultDeclarationNode::declaration):
2319         (JSC::ExportLocalDeclarationNode::declaration):
2320         (JSC::ExportSpecifierNode::exportedName):
2321         (JSC::ExportSpecifierNode::localName):
2322         (JSC::ExportSpecifierListNode::specifiers):
2323         (JSC::ExportSpecifierListNode::append):
2324         (JSC::ExportNamedDeclarationNode::specifierList):
2325         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2326         * parser/Parser.cpp:
2327         (JSC::Parser<LexerType>::Parser):
2328         (JSC::Parser<LexerType>::parseInner):
2329         (JSC::Parser<LexerType>::parseModuleSourceElements):
2330         (JSC::Parser<LexerType>::parseVariableDeclaration):
2331         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2332         (JSC::Parser<LexerType>::createBindingPattern):
2333         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2334         (JSC::Parser<LexerType>::parseDestructuringPattern):
2335         (JSC::Parser<LexerType>::parseForStatement):
2336         (JSC::Parser<LexerType>::parseFormalParameters):
2337         (JSC::Parser<LexerType>::parseFunctionParameters):
2338         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2339         (JSC::Parser<LexerType>::parseClassDeclaration):
2340         (JSC::Parser<LexerType>::parseModuleSpecifier):
2341         (JSC::Parser<LexerType>::parseImportClauseItem):
2342         (JSC::Parser<LexerType>::parseImportDeclaration):
2343         (JSC::Parser<LexerType>::parseExportSpecifier):
2344         (JSC::Parser<LexerType>::parseExportDeclaration):
2345         (JSC::Parser<LexerType>::parseMemberExpression):
2346         * parser/Parser.h:
2347         (JSC::isIdentifierOrKeyword):
2348         (JSC::ModuleScopeData::create):
2349         (JSC::ModuleScopeData::exportedBindings):
2350         (JSC::ModuleScopeData::exportName):
2351         (JSC::ModuleScopeData::exportBinding):
2352         (JSC::Scope::Scope):
2353         (JSC::Scope::setIsModule):
2354         (JSC::Scope::moduleScopeData):
2355         (JSC::Parser::matchContextualKeyword):
2356         (JSC::Parser::matchIdentifierOrKeyword):
2357         (JSC::Parser::isofToken): Deleted.
2358         * parser/ParserModes.h:
2359         * parser/ParserTokens.h:
2360         * parser/SyntaxChecker.h:
2361         (JSC::SyntaxChecker::createModuleSpecifier):
2362         (JSC::SyntaxChecker::createImportSpecifier):
2363         (JSC::SyntaxChecker::createImportSpecifierList):
2364         (JSC::SyntaxChecker::appendImportSpecifier):
2365         (JSC::SyntaxChecker::createImportDeclaration):
2366         (JSC::SyntaxChecker::createExportAllDeclaration):
2367         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2368         (JSC::SyntaxChecker::createExportLocalDeclaration):
2369         (JSC::SyntaxChecker::createExportNamedDeclaration):
2370         (JSC::SyntaxChecker::createExportSpecifier):
2371         (JSC::SyntaxChecker::createExportSpecifierList):
2372         (JSC::SyntaxChecker::appendExportSpecifier):
2373         * runtime/CommonIdentifiers.cpp:
2374         (JSC::CommonIdentifiers::CommonIdentifiers):
2375         * runtime/CommonIdentifiers.h:
2376         * runtime/Completion.cpp:
2377         (JSC::checkModuleSyntax):
2378         * runtime/Completion.h:
2379         * tests/stress/modules-syntax-error-with-names.js: Added.
2380         (shouldThrow):
2381         * tests/stress/modules-syntax-error.js: Added.
2382         (shouldThrow):
2383         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2384         * tests/stress/modules-syntax.js: Added.
2385         (prototype.checkModuleSyntax):
2386         (checkModuleSyntax):
2387         * tests/stress/tagged-templates-syntax.js:
2388
2389 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2390
2391         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2392         https://bugs.webkit.org/show_bug.cgi?id=146833
2393
2394         Reviewed by Alexey Proskuryakov.
2395
2396         * assembler/ARM64Assembler.h:
2397         * assembler/ARMAssembler.h:
2398         (JSC::ARMAssembler::cacheFlush):
2399         * assembler/MacroAssemblerARM.cpp:
2400         (JSC::isVFPPresent):
2401         * assembler/MacroAssemblerX86Common.h:
2402         (JSC::MacroAssemblerX86Common::isSSE2Present):
2403         * heap/MachineStackMarker.h:
2404         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2405         (JSC::logF):
2406         * jit/HostCallReturnValue.h:
2407         * jit/JIT.h:
2408         * jit/JITOperations.cpp:
2409         * jit/JITStubsARM.h:
2410         * jit/JITStubsARMv7.h:
2411         * jit/JITStubsX86.h:
2412         * jit/JITStubsX86Common.h:
2413         * jit/JITStubsX86_64.h:
2414         * jit/ThunkGenerators.cpp:
2415         * runtime/JSExportMacros.h:
2416         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2417         (JSC::clz32):
2418
2419 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2420
2421         Unreviewed, fix uninitialized property leading to an assert.
2422
2423         * runtime/PutPropertySlot.h:
2424         (JSC::PutPropertySlot::PutPropertySlot):
2425
2426 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2427
2428         Unreviewed, fix Windows.
2429
2430         * bytecode/ObjectPropertyConditionSet.h:
2431         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2432
2433 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2434
2435         DFG should have adaptive structure watchpoints
2436         https://bugs.webkit.org/show_bug.cgi?id=146929
2437
2438         Reviewed by Geoffrey Garen.
2439
2440         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2441         property, you'd check that the object still has the structure that you first saw the object have. We
2442         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2443         elide the structure check.
2444
2445         But this approach fails when that object frequently has new properties added to it. This would
2446         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2447         we'd have to recompile either the IC or an entire code block.
2448
2449         This change introduces a new concept: an object property condition. This value describes some
2450         condition involving a property on some object. There are four kinds: presence, absence,
2451         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2452         object has some property at some offset with some attributes. This allows us to implement a new kind
2453         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2454         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2455         on the new structure.
2456
2457         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2458         and prototype accesses. They are also used for any DFG accesses to object constants, including
2459         global property accesses.
2460
2461         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2462         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2463         chain situation. It's also a small speed-up on getter-richards.
2464
2465         * CMakeLists.txt:
2466         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2467         * JavaScriptCore.xcodeproj/project.pbxproj:
2468         * bytecode/CodeBlock.cpp:
2469         (JSC::CodeBlock::printGetByIdCacheStatus):
2470         (JSC::CodeBlock::printPutByIdCacheStatus):
2471         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2472         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2473         * bytecode/ComplexGetStatus.cpp:
2474         (JSC::ComplexGetStatus::computeFor):
2475         * bytecode/ComplexGetStatus.h:
2476         (JSC::ComplexGetStatus::ComplexGetStatus):
2477         (JSC::ComplexGetStatus::takesSlowPath):
2478         (JSC::ComplexGetStatus::kind):
2479         (JSC::ComplexGetStatus::offset):
2480         (JSC::ComplexGetStatus::conditionSet):
2481         (JSC::ComplexGetStatus::attributes): Deleted.
2482         (JSC::ComplexGetStatus::specificValue): Deleted.
2483         (JSC::ComplexGetStatus::chain): Deleted.
2484         * bytecode/ConstantStructureCheck.cpp: Removed.
2485         * bytecode/ConstantStructureCheck.h: Removed.
2486         * bytecode/GetByIdStatus.cpp:
2487         (JSC::GetByIdStatus::computeForStubInfo):
2488         * bytecode/GetByIdVariant.cpp:
2489         (JSC::GetByIdVariant::GetByIdVariant):
2490         (JSC::GetByIdVariant::~GetByIdVariant):
2491         (JSC::GetByIdVariant::operator=):
2492         (JSC::GetByIdVariant::attemptToMerge):
2493         (JSC::GetByIdVariant::dumpInContext):
2494         (JSC::GetByIdVariant::baseStructure): Deleted.
2495         * bytecode/GetByIdVariant.h:
2496         (JSC::GetByIdVariant::operator!):
2497         (JSC::GetByIdVariant::structureSet):
2498         (JSC::GetByIdVariant::conditionSet):
2499         (JSC::GetByIdVariant::offset):
2500         (JSC::GetByIdVariant::callLinkStatus):
2501         (JSC::GetByIdVariant::constantChecks): Deleted.
2502         (JSC::GetByIdVariant::alternateBase): Deleted.
2503         * bytecode/ObjectPropertyCondition.cpp: Added.
2504         (JSC::ObjectPropertyCondition::dumpInContext):
2505         (JSC::ObjectPropertyCondition::dump):
2506         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2507         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2508         (JSC::ObjectPropertyCondition::isStillValid):
2509         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2510         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2511         (JSC::ObjectPropertyCondition::isWatchable):
2512         (JSC::ObjectPropertyCondition::isStillLive):
2513         (JSC::ObjectPropertyCondition::validateReferences):
2514         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2515         * bytecode/ObjectPropertyCondition.h: Added.
2516         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2517         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2518         (JSC::ObjectPropertyCondition::presence):
2519         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2520         (JSC::ObjectPropertyCondition::absence):
2521         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2522         (JSC::ObjectPropertyCondition::absenceOfSetter):
2523         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2524         (JSC::ObjectPropertyCondition::equivalence):
2525         (JSC::ObjectPropertyCondition::operator!):
2526         (JSC::ObjectPropertyCondition::object):
2527         (JSC::ObjectPropertyCondition::condition):
2528         (JSC::ObjectPropertyCondition::kind):
2529         (JSC::ObjectPropertyCondition::uid):
2530         (JSC::ObjectPropertyCondition::hasOffset):
2531         (JSC::ObjectPropertyCondition::offset):
2532         (JSC::ObjectPropertyCondition::hasAttributes):
2533         (JSC::ObjectPropertyCondition::attributes):
2534         (JSC::ObjectPropertyCondition::hasPrototype):
2535         (JSC::ObjectPropertyCondition::prototype):
2536         (JSC::ObjectPropertyCondition::hasRequiredValue):
2537         (JSC::ObjectPropertyCondition::requiredValue):
2538         (JSC::ObjectPropertyCondition::hash):
2539         (JSC::ObjectPropertyCondition::operator==):
2540         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2541         (JSC::ObjectPropertyCondition::isCompatibleWith):
2542         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2543         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2544         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2545         (JSC::ObjectPropertyConditionHash::hash):
2546         (JSC::ObjectPropertyConditionHash::equal):
2547         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2548         (JSC::ObjectPropertyConditionSet::forObject):
2549         (JSC::ObjectPropertyConditionSet::forConditionKind):
2550         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2551         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2552         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2553         (JSC::ObjectPropertyConditionSet::mergedWith):
2554         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2555         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2556         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2557         (JSC::ObjectPropertyConditionSet::areStillLive):
2558         (JSC::ObjectPropertyConditionSet::dumpInContext):
2559         (JSC::ObjectPropertyConditionSet::dump):
2560         (JSC::generateConditionsForPropertyMiss):
2561         (JSC::generateConditionsForPropertySetterMiss):
2562         (JSC::generateConditionsForPrototypePropertyHit):
2563         (JSC::generateConditionsForPrototypePropertyHitCustom):
2564         (JSC::generateConditionsForPropertySetterMissConcurrently):
2565         * bytecode/ObjectPropertyConditionSet.h: Added.
2566         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2567         (JSC::ObjectPropertyConditionSet::invalid):
2568         (JSC::ObjectPropertyConditionSet::nonEmpty):
2569         (JSC::ObjectPropertyConditionSet::isValid):
2570         (JSC::ObjectPropertyConditionSet::isEmpty):
2571         (JSC::ObjectPropertyConditionSet::begin):
2572         (JSC::ObjectPropertyConditionSet::end):
2573         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2574         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2575         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2576         (JSC::ObjectPropertyConditionSet::Data::Data):
2577         * bytecode/PolymorphicGetByIdList.cpp:
2578         (JSC::GetByIdAccess::GetByIdAccess):
2579         (JSC::GetByIdAccess::~GetByIdAccess):
2580         (JSC::GetByIdAccess::visitWeak):
2581         * bytecode/PolymorphicGetByIdList.h:
2582         (JSC::GetByIdAccess::GetByIdAccess):
2583         (JSC::GetByIdAccess::structure):
2584         (JSC::GetByIdAccess::conditionSet):
2585         (JSC::GetByIdAccess::stubRoutine):
2586         (JSC::GetByIdAccess::chain): Deleted.
2587         (JSC::GetByIdAccess::chainCount): Deleted.
2588         * bytecode/PolymorphicPutByIdList.cpp:
2589         (JSC::PutByIdAccess::fromStructureStubInfo):
2590         (JSC::PutByIdAccess::visitWeak):
2591         * bytecode/PolymorphicPutByIdList.h:
2592         (JSC::PutByIdAccess::PutByIdAccess):
2593         (JSC::PutByIdAccess::transition):
2594         (JSC::PutByIdAccess::setter):
2595         (JSC::PutByIdAccess::newStructure):
2596         (JSC::PutByIdAccess::conditionSet):
2597         (JSC::PutByIdAccess::stubRoutine):
2598         (JSC::PutByIdAccess::chain): Deleted.
2599         (JSC::PutByIdAccess::chainCount): Deleted.
2600         * bytecode/PropertyCondition.cpp: Added.
2601         (JSC::PropertyCondition::dumpInContext):
2602         (JSC::PropertyCondition::dump):
2603         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2604         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2605         (JSC::PropertyCondition::isStillValid):
2606         (JSC::PropertyCondition::isWatchableWhenValid):
2607         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2608         (JSC::PropertyCondition::isWatchable):
2609         (JSC::PropertyCondition::isStillLive):
2610         (JSC::PropertyCondition::validateReferences):
2611         (JSC::PropertyCondition::isValidValueForAttributes):
2612         (JSC::PropertyCondition::isValidValueForPresence):
2613         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2614         (WTF::printInternal):
2615         * bytecode/PropertyCondition.h: Added.
2616         (JSC::PropertyCondition::PropertyCondition):
2617         (JSC::PropertyCondition::presenceWithoutBarrier):
2618         (JSC::PropertyCondition::presence):
2619         (JSC::PropertyCondition::absenceWithoutBarrier):
2620         (JSC::PropertyCondition::absence):
2621         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2622         (JSC::PropertyCondition::absenceOfSetter):
2623         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2624         (JSC::PropertyCondition::equivalence):
2625         (JSC::PropertyCondition::operator!):
2626         (JSC::PropertyCondition::kind):
2627         (JSC::PropertyCondition::uid):
2628         (JSC::PropertyCondition::hasOffset):
2629         (JSC::PropertyCondition::offset):
2630         (JSC::PropertyCondition::hasAttributes):
2631         (JSC::PropertyCondition::attributes):
2632         (JSC::PropertyCondition::hasPrototype):
2633         (JSC::PropertyCondition::prototype):
2634         (JSC::PropertyCondition::hasRequiredValue):
2635         (JSC::PropertyCondition::requiredValue):
2636         (JSC::PropertyCondition::hash):
2637         (JSC::PropertyCondition::operator==):
2638         (JSC::PropertyCondition::isHashTableDeletedValue):
2639         (JSC::PropertyCondition::isCompatibleWith):
2640         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2641         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2642         (JSC::PropertyConditionHash::hash):
2643         (JSC::PropertyConditionHash::equal):
2644         * bytecode/PutByIdStatus.cpp:
2645         (JSC::PutByIdStatus::computeFromLLInt):
2646         (JSC::PutByIdStatus::computeFor):
2647         (JSC::PutByIdStatus::computeForStubInfo):
2648         * bytecode/PutByIdVariant.cpp:
2649         (JSC::PutByIdVariant::operator=):
2650         (JSC::PutByIdVariant::transition):
2651         (JSC::PutByIdVariant::setter):
2652         (JSC::PutByIdVariant::makesCalls):
2653         (JSC::PutByIdVariant::attemptToMerge):
2654         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2655         (JSC::PutByIdVariant::dumpInContext):
2656         (JSC::PutByIdVariant::baseStructure): Deleted.
2657         * bytecode/PutByIdVariant.h:
2658         (JSC::PutByIdVariant::PutByIdVariant):
2659         (JSC::PutByIdVariant::kind):
2660         (JSC::PutByIdVariant::structure):
2661         (JSC::PutByIdVariant::structureSet):
2662         (JSC::PutByIdVariant::oldStructure):
2663         (JSC::PutByIdVariant::conditionSet):
2664         (JSC::PutByIdVariant::offset):
2665         (JSC::PutByIdVariant::callLinkStatus):
2666         (JSC::PutByIdVariant::constantChecks): Deleted.
2667         (JSC::PutByIdVariant::alternateBase): Deleted.
2668         * bytecode/StructureStubClearingWatchpoint.cpp:
2669         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2670         (JSC::StructureStubClearingWatchpoint::push):
2671         (JSC::StructureStubClearingWatchpoint::fireInternal):
2672         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2673         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2674         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2675         * bytecode/StructureStubClearingWatchpoint.h:
2676         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2677         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2678         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2679         * bytecode/StructureStubInfo.cpp:
2680         (JSC::StructureStubInfo::deref):
2681         (JSC::StructureStubInfo::visitWeakReferences):
2682         * bytecode/StructureStubInfo.h:
2683         (JSC::StructureStubInfo::initPutByIdTransition):
2684         (JSC::StructureStubInfo::initPutByIdReplace):
2685         (JSC::StructureStubInfo::setSeen):
2686         (JSC::StructureStubInfo::addWatchpoint):
2687         * dfg/DFGAbstractInterpreterInlines.h:
2688         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2689         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2690         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2691         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2692         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2693         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2694         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2695         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2696         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2697         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2698         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2699         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2700         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2701         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2702         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2703         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2704         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2705         * dfg/DFGByteCodeParser.cpp:
2706         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2707         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2708         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2709         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2710         (JSC::DFG::ByteCodeParser::check):
2711         (JSC::DFG::ByteCodeParser::promoteToConstant):
2712         (JSC::DFG::ByteCodeParser::planLoad):
2713         (JSC::DFG::ByteCodeParser::load):
2714         (JSC::DFG::ByteCodeParser::presenceLike):
2715         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2716         (JSC::DFG::ByteCodeParser::store):
2717         (JSC::DFG::ByteCodeParser::handleGetById):
2718         (JSC::DFG::ByteCodeParser::handlePutById):
2719         (JSC::DFG::ByteCodeParser::parseBlock):
2720         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2721         * dfg/DFGCommonData.cpp:
2722         (JSC::DFG::CommonData::validateReferences):
2723         * dfg/DFGCommonData.h:
2724         * dfg/DFGConstantFoldingPhase.cpp:
2725         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2726         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2727         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2728         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2729         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2730         * dfg/DFGDesiredWatchpoints.cpp:
2731         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2732         (JSC::DFG::InferredValueAdaptor::add):
2733         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2734         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2735         (JSC::DFG::DesiredWatchpoints::addLazily):
2736         (JSC::DFG::DesiredWatchpoints::consider):
2737         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2738         (JSC::DFG::DesiredWatchpoints::areStillValid):
2739         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2740         * dfg/DFGDesiredWatchpoints.h:
2741         (JSC::DFG::SetPointerAdaptor::add):
2742         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2743         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2744         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2745         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2746         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2747         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2748         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2749         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2750         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2751         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2752         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2753         (JSC::DFG::DesiredWatchpoints::isWatched):
2754         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2755         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2756         * dfg/DFGDesiredWeakReferences.cpp:
2757         (JSC::DFG::DesiredWeakReferences::addLazily):
2758         (JSC::DFG::DesiredWeakReferences::contains):
2759         * dfg/DFGDesiredWeakReferences.h:
2760         * dfg/DFGGraph.cpp:
2761         (JSC::DFG::Graph::dump):
2762         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2763         (JSC::DFG::Graph::watchCondition):
2764         (JSC::DFG::Graph::isSafeToLoad):
2765         (JSC::DFG::Graph::livenessFor):
2766         (JSC::DFG::Graph::tryGetConstantProperty):
2767         (JSC::DFG::Graph::visitChildren):
2768         * dfg/DFGGraph.h:
2769         (JSC::DFG::Graph::identifiers):
2770         (JSC::DFG::Graph::watchpoints):
2771         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2772         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2773         (JSC::DFG::GetByOffsetMethod::dump):
2774         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2775         (JSC::DFG::MultiGetByOffsetCase::dump):
2776         (WTF::printInternal):
2777         * dfg/DFGMultiGetByOffsetData.h: Added.
2778         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2779         (JSC::DFG::GetByOffsetMethod::constant):
2780         (JSC::DFG::GetByOffsetMethod::load):
2781         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2782         (JSC::DFG::GetByOffsetMethod::operator!):
2783         (JSC::DFG::GetByOffsetMethod::kind):
2784         (JSC::DFG::GetByOffsetMethod::prototype):
2785         (JSC::DFG::GetByOffsetMethod::offset):
2786         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2787         (JSC::DFG::MultiGetByOffsetCase::set):
2788         (JSC::DFG::MultiGetByOffsetCase::method):
2789         * dfg/DFGNode.h:
2790         * dfg/DFGSafeToExecute.h:
2791         (JSC::DFG::safeToExecute):
2792         * dfg/DFGStructureRegistrationPhase.cpp:
2793         (JSC::DFG::StructureRegistrationPhase::run):
2794         * ftl/FTLLowerDFGToLLVM.cpp:
2795         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2796         * jit/Repatch.cpp:
2797         (JSC::repatchByIdSelfAccess):
2798         (JSC::checkObjectPropertyCondition):
2799         (JSC::checkObjectPropertyConditions):
2800         (JSC::replaceWithJump):
2801         (JSC::generateByIdStub):
2802         (JSC::actionForCell):
2803         (JSC::tryBuildGetByIDList):
2804         (JSC::emitPutReplaceStub):
2805         (JSC::emitPutTransitionStub):
2806         (JSC::tryCachePutByID):
2807         (JSC::tryBuildPutByIdList):
2808         (JSC::tryRepatchIn):
2809         (JSC::addStructureTransitionCheck): Deleted.
2810         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2811         * runtime/IntendedStructureChain.cpp: Removed.
2812         * runtime/IntendedStructureChain.h: Removed.
2813         * runtime/JSCJSValue.h:
2814         * runtime/JSObject.cpp:
2815         (JSC::throwTypeError):
2816         (JSC::JSObject::convertToDictionary):
2817         (JSC::JSObject::shiftButterflyAfterFlattening):
2818         * runtime/JSObject.h:
2819         (JSC::JSObject::flattenDictionaryObject):
2820         (JSC::JSObject::convertToDictionary): Deleted.
2821         * runtime/Operations.h:
2822         (JSC::normalizePrototypeChain):
2823         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2824         (JSC::isPrototypeChainNormalized): Deleted.
2825         * runtime/PropertySlot.h:
2826         (JSC::PropertySlot::PropertySlot):
2827         (JSC::PropertySlot::slotBase):
2828         * runtime/Structure.cpp:
2829         (JSC::Structure::addPropertyTransition):
2830         (JSC::Structure::attributeChangeTransition):
2831         (JSC::Structure::toDictionaryTransition):
2832         (JSC::Structure::toCacheableDictionaryTransition):
2833         (JSC::Structure::toUncacheableDictionaryTransition):
2834         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2835         (JSC::Structure::startWatchingPropertyForReplacements):
2836         (JSC::Structure::didCachePropertyReplacement):
2837         (JSC::Structure::dump):
2838         * runtime/Structure.h:
2839         * runtime/VM.h:
2840         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2841         (foo):
2842         (bar):
2843         (baz):
2844         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2845         (foo):
2846         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2847         (foo):
2848         * tests/stress/replacement-watchpoint.js: Added.
2849         (foo):
2850         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2851         (foo):
2852         * tests/stress/undefined-access-then-proto-change.js: Added.
2853         (foo):
2854
2855 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2856
2857         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2858         https://bugs.webkit.org/show_bug.cgi?id=147538
2859
2860         Reviewed by Geoffrey Garen.
2861
2862         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
2863         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
2864         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
2865
2866         * parser/ParserTokens.h:
2867         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
2868         (testSyntaxError):
2869
2870 2015-08-03  Keith Miller  <keith_miller@apple.com>
2871
2872         Clean up the naming for AST expression generation.
2873         https://bugs.webkit.org/show_bug.cgi?id=147581
2874
2875         Reviewed by Yusuke Suzuki.
2876
2877         * parser/ASTBuilder.h:
2878         (JSC::ASTBuilder::createThisExpr):
2879         (JSC::ASTBuilder::createSuperExpr):
2880         (JSC::ASTBuilder::createNewTargetExpr):
2881         (JSC::ASTBuilder::thisExpr): Deleted.
2882         (JSC::ASTBuilder::superExpr): Deleted.
2883         (JSC::ASTBuilder::newTargetExpr): Deleted.
2884         * parser/Parser.cpp:
2885         (JSC::Parser<LexerType>::parsePrimaryExpression):
2886         (JSC::Parser<LexerType>::parseMemberExpression):
2887         * parser/SyntaxChecker.h:
2888         (JSC::SyntaxChecker::createThisExpr):
2889         (JSC::SyntaxChecker::createSuperExpr):
2890         (JSC::SyntaxChecker::createNewTargetExpr):
2891         (JSC::SyntaxChecker::thisExpr): Deleted.
2892         (JSC::SyntaxChecker::superExpr): Deleted.
2893         (JSC::SyntaxChecker::newTargetExpr): Deleted.
2894
2895 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2896
2897         Don't set up the callsite to operationGetByValDefault when the optimization is already done
2898         https://bugs.webkit.org/show_bug.cgi?id=147577
2899
2900         Reviewed by Filip Pizlo.
2901
2902         operationGetByValDefault should be called only when the IC is not set.
2903         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
2904         operationGetByValDefault raises the assertion failure.
2905         In this patch, we change the callsite setting up code in operationGetByValString when
2906         the IC is already set. And to make the operation's meaning explicitly, we changed the
2907         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
2908         GetById case.
2909
2910         * jit/JITOperations.cpp:
2911         * jit/JITOperations.h:
2912         * jit/JITPropertyAccess.cpp:
2913         (JSC::JIT::emitSlow_op_get_by_val):
2914         * jit/JITPropertyAccess32_64.cpp:
2915         (JSC::JIT::emitSlow_op_get_by_val):
2916         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
2917         (hello):
2918
2919 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2920
2921         [FTL] Remove unused scripts related to native call inlining
2922         https://bugs.webkit.org/show_bug.cgi?id=147448
2923
2924         Reviewed by Filip Pizlo.
2925
2926         * build-symbol-table-index.py: Removed.
2927         * copy-llvm-ir-to-derived-sources.sh: Removed.
2928         * create-llvm-ir-from-source-file.py: Removed.
2929         * create-symbol-table-index.py: Removed.
2930
2931 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
2932
2933         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
2934         https://bugs.webkit.org/show_bug.cgi?id=118455
2935
2936         Reviewed by Filip Pizlo.
2937
2938         LivenessAnalysisPhase lights up like a christmas tree in profiles.
2939
2940         This patch cuts its cost by 4.
2941         About half of the gains come from removing many rehash() when copying
2942         the HashSet.
2943         The last quarter is achieved by having a special add() function for initializing
2944         a HashSet.
2945
2946         This makes benchmarks progress by 1-2% here and there. Nothing massive.
2947
2948         * dfg/DFGLivenessAnalysisPhase.cpp:
2949         (JSC::DFG::LivenessAnalysisPhase::process):
2950         The m_live HashSet is only useful per block. When we are done with it,
2951         we can transfer it to liveAtHead to avoid a copy.
2952
2953 2015-08-01  Saam barati  <saambarati1@gmail.com>
2954
2955         Unreviewed. Remove unintentional "print" statement in test case.
2956         https://bugs.webkit.org/show_bug.cgi?id=142567
2957
2958         * tests/stress/class-syntax-definition-semantics.js:
2959         (shouldBeSyntaxError):
2960
2961 2015-07-31  Alex Christensen  <achristensen@webkit.org>
2962
2963         Prepare for VS2015
2964         https://bugs.webkit.org/show_bug.cgi?id=146579
2965
2966         Reviewed by Jon Honeycutt.
2967
2968         * heap/Heap.h:
2969         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
2970
2971 2015-07-31  Saam barati  <saambarati1@gmail.com>
2972
2973         ES6 class syntax should use block scoping
2974         https://bugs.webkit.org/show_bug.cgi?id=142567
2975
2976         Reviewed by Geoffrey Garen.
2977
2978         We treat class declarations like we do "let" declarations.
2979         The class name is under TDZ until the class declaration
2980         statement is evaluated. Class declarations also follow
2981         the same rules as "let": No duplicate definitions inside
2982         a lexical environment.
2983
2984         * parser/ASTBuilder.h:
2985         (JSC::ASTBuilder::createClassDeclStatement):
2986         * parser/Parser.cpp:
2987         (JSC::Parser<LexerType>::parseClassDeclaration):
2988         * tests/stress/class-syntax-block-scoping.js: Added.
2989         (assert):
2990         (truth):
2991         (.):
2992         * tests/stress/class-syntax-definition-semantics.js: Added.
2993         (shouldBeSyntaxError):
2994         (shouldNotBeSyntaxError):
2995         (truth):
2996         * tests/stress/class-syntax-tdz.js:
2997         (assert):
2998         (shouldThrowTDZ):
2999         (truth):
3000         (.):
3001
3002 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3003
3004         Implement WebAssembly module parser
3005         https://bugs.webkit.org/show_bug.cgi?id=147293
3006
3007         Reviewed by Mark Lam.
3008
3009         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
3010         include file: 'JSWASMModule.h'" issue on Windows.
3011
3012         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3013         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3014         the magic number at the beginning of the files. Parsing of the rest will be
3015         implemented in a subsequent patch.
3016
3017         * CMakeLists.txt:
3018         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3019         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3020         * JavaScriptCore.xcodeproj/project.pbxproj:
3021         * jsc.cpp:
3022         (GlobalObject::finishCreation):
3023         (functionLoadWebAssembly):
3024         * parser/SourceProvider.h:
3025         (JSC::WebAssemblySourceProvider::create):
3026         (JSC::WebAssemblySourceProvider::data):
3027         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3028         * runtime/JSGlobalObject.cpp:
3029         (JSC::JSGlobalObject::init):
3030         (JSC::JSGlobalObject::visitChildren):
3031         * runtime/JSGlobalObject.h:
3032         (JSC::JSGlobalObject::wasmModuleStructure):
3033         * wasm/WASMMagicNumber.h: Added.
3034         * wasm/WASMModuleParser.cpp: Added.
3035         (JSC::WASMModuleParser::WASMModuleParser):
3036         (JSC::WASMModuleParser::parse):
3037         (JSC::WASMModuleParser::parseModule):
3038         (JSC::parseWebAssembly):
3039         * wasm/WASMModuleParser.h: Added.
3040         * wasm/WASMReader.cpp: Added.
3041         (JSC::WASMReader::readUnsignedInt32):
3042         (JSC::WASMReader::readFloat):
3043         (JSC::WASMReader::readDouble):
3044         * wasm/WASMReader.h: Added.
3045         (JSC::WASMReader::WASMReader):
3046
3047 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3048
3049         Add the "wasm" directory to the Additional Include Directories for jsc.exe
3050         https://bugs.webkit.org/show_bug.cgi?id=147443
3051
3052         Reviewed by Mark Lam.
3053
3054         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
3055         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
3056
3057         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
3058
3059 2015-07-30  Chris Dumez  <cdumez@apple.com>
3060
3061         Mark more classes as fast allocated
3062         https://bugs.webkit.org/show_bug.cgi?id=147440
3063
3064         Reviewed by Sam Weinig.
3065
3066         Mark more classes as fast allocated for performance. We heap-allocate
3067         objects of those types throughout the code base.
3068
3069         * API/JSCallbackObject.h:
3070         * API/ObjCCallbackFunction.mm:
3071         * bytecode/BytecodeKills.h:
3072         * bytecode/BytecodeLivenessAnalysis.h:
3073         * bytecode/CallLinkStatus.h:
3074         * bytecode/FullBytecodeLiveness.h:
3075         * bytecode/SamplingTool.h:
3076         * bytecompiler/BytecodeGenerator.h:
3077         * dfg/DFGBasicBlock.h:
3078         * dfg/DFGBlockMap.h:
3079         * dfg/DFGInPlaceAbstractState.h:
3080         * dfg/DFGThreadData.h:
3081         * heap/HeapVerifier.h:
3082         * heap/SlotVisitor.h:
3083         * parser/Lexer.h:
3084         * runtime/ControlFlowProfiler.h:
3085         * runtime/TypeProfiler.h:
3086         * runtime/TypeProfilerLog.h:
3087         * runtime/Watchdog.h:
3088
3089 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
3090
3091         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
3092         https://bugs.webkit.org/show_bug.cgi?id=147433
3093         rdar://problem/21668986
3094
3095         Reviewed by Mark Lam.
3096
3097         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
3098         currently that's not what it does - it emits a SetArgument for every argument that a varargs
3099         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
3100         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
3101         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
3102         have a PutStack.
3103
3104         This fixes the bug by removing the code to optimize away PutStacks in
3105         ArgumentsEliminationPhase.
3106
3107         * dfg/DFGArgumentsEliminationPhase.cpp:
3108         * tests/stress/varargs-inlining-underflow.js: Added.
3109         (baz):
3110         (bar):
3111         (foo):
3112
3113 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
3114
3115         Implement basic types for ECMAScript Internationalization API
3116         https://bugs.webkit.org/show_bug.cgi?id=146926
3117
3118         Reviewed by Benjamin Poulain.
3119
3120         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
3121         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
3122
3123         * CMakeLists.txt: Added new Intl files.
3124         * Configurations/FeatureDefines.xcconfig: Enable INTL.
3125         * DerivedSources.make: Added Intl files.
3126         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
3127         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
3128         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
3129         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
3130         * runtime/DateConstructor.cpp: Made Date.now public.
3131         * runtime/DateConstructor.h: Made Date.now public.
3132         * runtime/IntlCollator.cpp: Added.
3133         (JSC::IntlCollator::create):
3134         (JSC::IntlCollator::createStructure):
3135         (JSC::IntlCollator::IntlCollator):
3136         (JSC::IntlCollator::finishCreation):
3137         (JSC::IntlCollator::destroy):
3138         (JSC::IntlCollator::visitChildren):
3139         (JSC::IntlCollator::setBoundCompare):
3140         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
3141         * runtime/IntlCollator.h: Added.
3142         (JSC::IntlCollator::constructor):
3143         (JSC::IntlCollator::boundCompare):
3144         * runtime/IntlCollatorConstructor.cpp: Added.
3145         (JSC::IntlCollatorConstructor::create):
3146         (JSC::IntlCollatorConstructor::createStructure):
3147         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
3148         (JSC::IntlCollatorConstructor::finishCreation):
3149         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
3150         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
3151         (JSC::IntlCollatorConstructor::getConstructData):
3152         (JSC::IntlCollatorConstructor::getCallData):
3153         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
3154         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3155         (JSC::IntlCollatorConstructor::visitChildren):
3156         * runtime/IntlCollatorConstructor.h: Added.
3157         (JSC::IntlCollatorConstructor::collatorStructure):
3158         * runtime/IntlCollatorPrototype.cpp: Added.
3159         (JSC::IntlCollatorPrototype::create):
3160         (JSC::IntlCollatorPrototype::createStructure):
3161         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
3162         (JSC::IntlCollatorPrototype::finishCreation):
3163         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
3164         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
3165         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3166         * runtime/IntlCollatorPrototype.h: Added.
3167         * runtime/IntlDateTimeFormat.cpp: Added.
3168         (JSC::IntlDateTimeFormat::create):
3169         (JSC::IntlDateTimeFormat::createStructure):
3170         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
3171         (JSC::IntlDateTimeFormat::finishCreation):
3172         (JSC::IntlDateTimeFormat::destroy):
3173         (JSC::IntlDateTimeFormat::visitChildren):
3174         (JSC::IntlDateTimeFormat::setBoundFormat):
3175         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
3176         * runtime/IntlDateTimeFormat.h: Added.
3177         (JSC::IntlDateTimeFormat::constructor):
3178         (JSC::IntlDateTimeFormat::boundFormat):
3179         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
3180         (JSC::IntlDateTimeFormatConstructor::create):
3181         (JSC::IntlDateTimeFormatConstructor::createStructure):
3182         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
3183         (JSC::IntlDateTimeFormatConstructor::finishCreation):
3184         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3185         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3186         (JSC::IntlDateTimeFormatConstructor::getConstructData):
3187         (JSC::IntlDateTimeFormatConstructor::getCallData):
3188         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
3189         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3190         (JSC::IntlDateTimeFormatConstructor::visitChildren):
3191         * runtime/IntlDateTimeFormatConstructor.h: Added.
3192         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
3193         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
3194         (JSC::IntlDateTimeFormatPrototype::create):
3195         (JSC::IntlDateTimeFormatPrototype::createStructure):
3196         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
3197         (JSC::IntlDateTimeFormatPrototype::finishCreation):
3198         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
3199         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
3200         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3201         * runtime/IntlDateTimeFormatPrototype.h: Added.
3202         * runtime/IntlNumberFormat.cpp: Added.
3203         (JSC::IntlNumberFormat::create):
3204         (JSC::IntlNumberFormat::createStructure):
3205         (JSC::IntlNumberFormat::IntlNumberFormat):
3206         (JSC::IntlNumberFormat::finishCreation):
3207         (JSC::IntlNumberFormat::destroy):
3208         (JSC::IntlNumberFormat::visitChildren):
3209         (JSC::IntlNumberFormat::setBoundFormat):
3210         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
3211         * runtime/IntlNumberFormat.h: Added.
3212         (JSC::IntlNumberFormat::constructor):
3213         (JSC::IntlNumberFormat::boundFormat):
3214         * runtime/IntlNumberFormatConstructor.cpp: Added.
3215         (JSC::IntlNumberFormatConstructor::create):
3216         (JSC::IntlNumberFormatConstructor::createStructure):
3217         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
3218         (JSC::IntlNumberFormatConstructor::finishCreation):
3219         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3220         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3221         (JSC::IntlNumberFormatConstructor::getConstructData):
3222         (JSC::IntlNumberFormatConstructor::getCallData):
3223         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
3224         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3225         (JSC::IntlNumberFormatConstructor::visitChildren):
3226         * runtime/IntlNumberFormatConstructor.h: Added.
3227         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
3228         * runtime/IntlNumberFormatPrototype.cpp: Added.
3229         (JSC::IntlNumberFormatPrototype::create):
3230         (JSC::IntlNumberFormatPrototype::createStructure):
3231         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
3232         (JSC::IntlNumberFormatPrototype::finishCreation):
3233         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
3234         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
3235         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3236         * runtime/IntlNumberFormatPrototype.h: Added.
3237         * runtime/IntlObject.cpp:
3238         (JSC::IntlObject::create):
3239         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
3240         (JSC::IntlObject::visitChildren):
3241         * runtime/IntlObject.h:
3242         (JSC::IntlObject::collatorConstructor):
3243         (JSC::IntlObject::collatorPrototype):
3244         (JSC::IntlObject::collatorStructure):
3245         (JSC::IntlObject::numberFormatConstructor):
3246         (JSC::IntlObject::numberFormatPrototype):
3247         (JSC::IntlObject::numberFormatStructure):
3248         (JSC::IntlObject::dateTimeFormatConstructor):
3249         (JSC::IntlObject::dateTimeFormatPrototype):
3250         (JSC::IntlObject::dateTimeFormatStructure):
3251         * runtime/JSGlobalObject.cpp:
3252         (JSC::JSGlobalObject::init):
3253
3254 2015-07-29  Commit Queue  <commit-queue@webkit.org>
3255
3256         Unreviewed, rolling out r187550.
3257         https://bugs.webkit.org/show_bug.cgi?id=147420
3258
3259         Broke Windows build (again) (Requested by smfr on #webkit).
3260
3261         Reverted changeset:
3262
3263         "Implement WebAssembly module parser"
3264         https://bugs.webkit.org/show_bug.cgi?id=147293
3265         http://trac.webkit.org/changeset/187550
3266
3267 2015-07-29  Basile Clement  <basile_clement@apple.com>
3268
3269         Remove native call inlining
3270         https://bugs.webkit.org/show_bug.cgi?id=147417
3271
3272         Rubber Stamped by Filip Pizlo.
3273
3274         * CMakeLists.txt:
3275         * dfg/DFGAbstractInterpreterInlines.h:
3276         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
3277         * dfg/DFGByteCodeParser.cpp:
3278         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
3279         * dfg/DFGClobberize.h:
3280         (JSC::DFG::clobberize): Deleted.
3281         * dfg/DFGDoesGC.cpp:
3282         (JSC::DFG::doesGC): Deleted.
3283         * dfg/DFGFixupPhase.cpp:
3284         (JSC::DFG::FixupPhase::fixupNode): Deleted.
3285         * dfg/DFGNode.h:
3286         (JSC::DFG::Node::hasHeapPrediction): Deleted.
3287         (JSC::DFG::Node::hasCellOperand): Deleted.
3288         * dfg/DFGNodeType.h:
3289         * dfg/DFGPredictionPropagationPhase.cpp:
3290         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
3291         * dfg/DFGSafeToExecute.h:
3292         (JSC::DFG::safeToExecute): Deleted.
3293         * dfg/DFGSpeculativeJIT32_64.cpp:
3294         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3295         * dfg/DFGSpeculativeJIT64.cpp:
3296         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3297         * ftl/FTLCapabilities.cpp:
3298         (JSC::FTL::canCompile): Deleted.
3299         * ftl/FTLLowerDFGToLLVM.cpp:
3300         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
3301         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
3302         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
3303         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
3304         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
3305         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
3306         * ftl/FTLState.cpp:
3307         (JSC::FTL::State::State): Deleted.
3308         * ftl/FTLState.h:
3309         * runtime/BundlePath.cpp: Removed.
3310         (JSC::bundlePath): Deleted.
3311         * runtime/JSDataViewPrototype.cpp:
3312         (JSC::getData):
3313         (JSC::setData):
3314         * runtime/Options.h:
3315
3316 2015-07-29  Basile Clement  <basile_clement@apple.com>
3317
3318         Unreviewed, skipping a test that is too complex for its own good
3319         https://bugs.webkit.org/show_bug.cgi?id=147167
3320
3321         * tests/stress/math-pow-coherency.js:
3322
3323 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3324
3325         Implement WebAssembly module parser
3326         https://bugs.webkit.org/show_bug.cgi?id=147293
3327
3328         Reviewed by Mark Lam.
3329
3330         Reupload the patch, since r187539 should fix the "Cannot open include file:
3331         'JSWASMModule.h'" issue in the Windows build.
3332
3333         * CMakeLists.txt:
3334         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3335         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3336         * JavaScriptCore.xcodeproj/project.pbxproj:
3337         * jsc.cpp:
3338         (GlobalObject::finishCreation):
3339         (functionLoadWebAssembly):
3340         * parser/SourceProvider.h:
3341         (JSC::WebAssemblySourceProvider::create):
3342         (JSC::WebAssemblySourceProvider::data):
3343         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3344         * runtime/JSGlobalObject.cpp:
3345         (JSC::JSGlobalObject::init):
3346         (JSC::JSGlobalObject::visitChildren):
3347         * runtime/JSGlobalObject.h:
3348         (JSC::JSGlobalObject::wasmModuleStructure):
3349         * wasm/WASMMagicNumber.h: Added.
3350         * wasm/WASMModuleParser.cpp: Added.
3351         (JSC::WASMModuleParser::WASMModuleParser):