Fix for 128110
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-03  Brian Burg  <bburg@apple.com>
2
3         Web Replay: upstream base input classes and the input cursor interface
4         https://bugs.webkit.org/show_bug.cgi?id=128110
5
6         Reviewed by Joseph Pecoraro.
7
8         Add the base class for all replay inputs. Add InputTraits, a trait that
9         provides an input's queue, type, and encode/decode methods statically so
10         that they can be used within templated helper functions in InputCursor and
11         EncodedValue.
12
13         Add the InputCursor base class which mediates the saving and fetching of
14         replay inputs from a replay recording by instrumented nondeterministic code.
15
16         Add a dummy cursor implementation. This allows us to return a cursor reference
17         to clients even if no capturing or replaying is happening.
18
19         Add the ability to set an InputCursor instance on a JSGlobalObject. This
20         is the means for connecting a replay recording to a script context.
21
22         * JavaScriptCore.xcodeproj/project.pbxproj:
23         * replay/EmptyInputCursor.h: Added.
24         (JSC::EmptyInputCursor::~EmptyInputCursor):
25         (JSC::EmptyInputCursor::create):
26         (JSC::EmptyInputCursor::EmptyInputCursor):
27         * replay/InputCursor.h: Added.
28         (JSC::InputCursor::InputCursor):
29         (JSC::InputCursor::~InputCursor):
30         (JSC::InputCursor::appendInput):
31         (JSC::InputCursor::fetchInput):
32         * replay/NondeterministicInput.h: Added.
33         (JSC::NondeterministicInputBase::NondeterministicInputBase):
34         (JSC::NondeterministicInputBase::~NondeterministicInputBase):
35         * runtime/JSGlobalObject.cpp:
36         (JSC::JSGlobalObject::JSGlobalObject):
37         (JSC::JSGlobalObject::setInputCursor):
38         * runtime/JSGlobalObject.h:
39         (JSC::JSGlobalObject::inputCursor):
40
41 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
42
43         Fix the cloop due to GenGC
44         https://bugs.webkit.org/show_bug.cgi?id=128137
45
46         Reviewed by Geoffrey Garen.
47
48         * llint/LLIntSlowPaths.cpp:
49         (JSC::LLInt::llint_write_barrier_slow):
50         * llint/LLIntSlowPaths.h:
51         * llint/LowLevelInterpreter.cpp:
52         (JSC::CLoopRegister::operator JSCell*):
53         * llint/LowLevelInterpreter32_64.asm:
54         * llint/LowLevelInterpreter64.asm:
55         * offlineasm/cloop.rb:
56         * offlineasm/instructions.rb:
57
58 2014-02-03  Michael Saboff  <msaboff@apple.com>
59
60         REGRESSION (r163011-r163031): Web Inspector: Latest nightly crashes when showing the Web Inspector
61         https://bugs.webkit.org/show_bug.cgi?id=127901
62
63         Reviewed by Geoffrey Garen.
64
65         Set VM::topCallFrame before making calls to possible C++ code in
66         generateProtoChainAccessStub() and tryBuildGetByIDList().
67
68         * jit/Repatch.cpp:
69         (JSC::generateProtoChainAccessStub):
70         (JSC::tryBuildGetByIDList):
71
72 2014-02-03  Andreas Kling  <akling@apple.com>
73
74         Keep only captured symbols in CodeBlock symbol tables.
75         <https://webkit.org/b/128050>
76
77         Discard all uncaptured symbols at the end of codegen since only
78         the captured ones will be used after that point.
79
80         ~2MB progression on Membuster OSUS.
81
82         Reviewed by Geoffrey Garen.
83
84         * bytecode/UnlinkedCodeBlock.h:
85         (JSC::UnlinkedCodeBlock::setSymbolTable):
86         * bytecompiler/BytecodeGenerator.cpp:
87         (JSC::BytecodeGenerator::generate):
88
89 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
90
91         Fix the LLInt C loop
92
93         Rubber stamped by Mark Lam.
94
95         * llint/LLIntSlowPaths.cpp:
96         (JSC::LLInt::llint_write_barrier_slow):
97         * llint/LLIntSlowPaths.h:
98
99 2014-02-03  Dean Jackson  <dino@apple.com>
100
101         Feature flag for shape-inside
102         https://bugs.webkit.org/show_bug.cgi?id=128001
103
104         Reviewed by Simon Fraser.
105
106         Add CSS_SHAPE_INSIDE flag.
107
108         * Configurations/FeatureDefines.xcconfig:
109
110 2014-02-03  Oliver Hunt  <oliver@apple.com>
111
112         Deconstructed parameters aren't being placed in the correct scope
113         https://bugs.webkit.org/show_bug.cgi?id=128126
114
115         Reviewed by Antti Koivisto.
116
117         Make sure we declare the bound parameter names as variables when
118         we reparse.  In the BytecodeGenerator we now also directly ensure
119         that bound parameters are placed in the symbol table of the function
120         we're currently compiling.  We then delay binding until just before
121         we start codegen for the body of the function so that we can ensure
122         the function has completely initialised all scope details.
123
124         * bytecompiler/BytecodeGenerator.cpp:
125         (JSC::BytecodeGenerator::generate):
126         (JSC::BytecodeGenerator::BytecodeGenerator):
127         * bytecompiler/BytecodeGenerator.h:
128         * parser/Parser.cpp:
129         (JSC::Parser<LexerType>::Parser):
130         (JSC::Parser<LexerType>::createBindingPattern):
131
132 2014-02-03  Alexey Proskuryakov  <ap@apple.com>
133
134         Update JS whitespace definition for changes in Unicode 6.3
135         https://bugs.webkit.org/show_bug.cgi?id=127450
136
137         Reviewed by Oliver Hunt.
138
139         * parser/Lexer.h: (JSC::Lexer<UChar>::isWhiteSpace): Part 2 of the fix, update lexer too.
140
141 2014-02-03  Matthew Mirman  <mmirman@apple.com>
142
143         Added GetTypedArrayByteOffset to FTL
144         https://bugs.webkit.org/show_bug.cgi?id=127589
145
146         Reviewed by Filip Pizlo.
147
148         * ftl/FTLAbstractHeapRepository.h:
149         * ftl/FTLCapabilities.cpp:
150         (JSC::FTL::canCompile):
151         * ftl/FTLLowerDFGToLLVM.cpp:
152         (JSC::FTL::LowerDFGToLLVM::compileNode):
153         (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
154         * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
155         (foo):
156         * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
157         (foo):
158
159 2014-02-03  Mark Lam  <mark.lam@apple.com>
160
161         Debugger created JSActivations should account for CodeBlock::framePointerOffsetToGetActivationRegisters().
162         <https://webkit.org/b/128112>
163
164         Reviewed by Geoffrey Garen.
165
166         Currently, when the DebuggerCallFrame creates the JSActivation object
167         for a frame, it does not account for the framePointerOffsetToGetActivationRegisters()
168         offset that needs to be added for DFG frames.
169
170         Instead of special casing the fix in DebuggerCallFrame::scope(), we fix
171         this by adding CodeBlock::framePointerOffsetToGetActivationRegisters() to
172         callFrame->registers() in the JSActivation::create() method that does not
173         explicitly take a Register*. This ensures that JSActivation::create() will
174         always do the right thing instead of only being a special case for the
175         LLINT and baselineJIT.
176
177         Apart from the DebuggerCallFrame, this create() function is only called by
178         slow paths in the LLINT and baselineJIT. Hence, it is not performance
179         critical.
180
181         * runtime/JSActivation.h:
182         (JSC::JSActivation::create):
183
184 2014-01-31  Geoffrey Garen  <ggaren@apple.com>
185
186         Simplified name scope creation for function expressions
187         https://bugs.webkit.org/show_bug.cgi?id=128031
188
189         Reviewed by Mark Lam.
190
191         3X speedup on js/regress/script-tests/function-with-eval.js.
192
193         We used to emit bytecode to push a name into local scope every
194         time a function that needed such a name executed. Now, we push the name
195         into scope once on the function object, and leave it there.
196
197         This is faster, and it also reduces the number of variable resolution
198         modes you have to worry about when thinking about bytecode and the
199         debugger.
200
201         This patch is slightly complicated by the fact that we don't know if
202         a function needs a name scope until we parse its body. So, there's some
203         glue code in here to delay filling in a function's scope until we parse
204         its body for the first time.
205
206         * bytecode/UnlinkedCodeBlock.cpp:
207         (JSC::generateFunctionCodeBlock):
208         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
209         * bytecode/UnlinkedCodeBlock.h:
210         (JSC::UnlinkedFunctionExecutable::functionMode): Renamed
211         functionNameIsInScopeToggle to functionMode.
212
213         * bytecompiler/BytecodeGenerator.cpp:
214         (JSC::BytecodeGenerator::BytecodeGenerator): No need to emit convert_this
215         when debugging. The debugger will perform the conversion as needed.
216
217         (JSC::BytecodeGenerator::resolveCallee):
218         (JSC::BytecodeGenerator::addCallee): Simplified this code by removing
219         the "my function needs a name scope, but didn't allocate one" mode.
220
221         * interpreter/Interpreter.cpp:
222         (JSC::Interpreter::execute):
223         (JSC::Interpreter::executeCall):
224         (JSC::Interpreter::executeConstruct):
225         (JSC::Interpreter::prepareForRepeatCall): Pass a scope slot through to
226         CodeBlock generation, so we can add a function name scope if the parsed
227         function body requires one.
228
229         * jit/JITOperations.cpp:
230         * llint/LLIntSlowPaths.cpp:
231         (JSC::LLInt::setUpCall): Ditto.
232
233         * parser/NodeConstructors.h:
234         (JSC::FuncExprNode::FuncExprNode):
235         (JSC::FuncDeclNode::FuncDeclNode):
236         * parser/Nodes.cpp:
237         (JSC::FunctionBodyNode::finishParsing):
238         * parser/Nodes.h:
239         (JSC::FunctionBodyNode::functionMode): Updated for rename.
240
241         * parser/ParserModes.h:
242         (JSC::functionNameIsInScope):
243         (JSC::functionNameScopeIsDynamic): Helper functions for reasoning about
244         how crazy JavaScript language semantics are.
245
246         * runtime/ArrayPrototype.cpp:
247         (JSC::isNumericCompareFunction):
248         (JSC::attemptFastSort): Updated for interface changes above.
249
250         * runtime/Executable.cpp:
251         (JSC::ScriptExecutable::newCodeBlockFor):
252         (JSC::ScriptExecutable::prepareForExecutionImpl):
253         (JSC::FunctionExecutable::FunctionExecutable):
254         * runtime/Executable.h:
255         (JSC::ScriptExecutable::prepareForExecution):
256         (JSC::FunctionExecutable::functionMode):
257         * runtime/JSFunction.cpp:
258         (JSC::JSFunction::addNameScopeIfNeeded):
259         * runtime/JSFunction.h:
260         * runtime/JSNameScope.h:
261         (JSC::JSNameScope::create):
262         (JSC::JSNameScope::JSNameScope): Added machinery for pushing a function
263         name scope onto a function when we first discover that it's needed.
264
265 2014-01-25  Darin Adler  <darin@apple.com>
266
267         Stop using Unicode.h
268         https://bugs.webkit.org/show_bug.cgi?id=127633
269
270         Reviewed by Anders Carlsson.
271
272         * parser/Lexer.h:
273         * runtime/JSGlobalObjectFunctions.h:
274         * yarr/YarrCanonicalizeUCS2.h:
275         * yarr/YarrInterpreter.h:
276         * yarr/YarrParser.h:
277         * yarr/YarrPattern.h:
278         Removed includes of <wtf/unicode/Unicode.h>, adding includes of
279         ICU headers and <wtf/text/LChar.h> as needed to replace it.
280
281 2014-02-03  Dan Bernstein  <mitz@apple.com>
282
283         Correctly address Darin’s review comment on the last change.
284
285         * runtime/Watchdog.h: Changed an OS(DARWIN) guard around formerly PLATFORM(MAC)-only member
286         variables to the equivalent OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
287
288 2014-02-03  Dan Bernstein  <mitz@apple.com>
289
290         Stop using PLATFORM(MAC) in JavaScriptCore except where it means “OS X but not iOS”
291         https://bugs.webkit.org/show_bug.cgi?id=128098
292
293         Reviewed by Darin Adler.
294
295         * API/JSValueRef.cpp:
296         (JSValueUnprotect): Added an explicit !PLATFORM(IOS) in guards for the Evernote workaround,
297         which is only needed on OS X.
298
299         * API/tests/testapi.c:
300         (main): Changed PLATFORM(MAC) || PLATFORM(IOS) guards to OS(DARWIN), because they were
301         surrounding tests for code that is itself guarded by OS(DARWIN).
302
303         * runtime/Watchdog.h: Changed PLATFORM(MAC) to OS(DARWIN).
304
305         * tools/CodeProfiling.cpp:
306         (JSC::CodeProfiling::begin): Changed PLATFORM(MAC) to
307         OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
308         (JSC::CodeProfiling::end): Ditto.
309
310 2014-02-02  Mark Lam  <mark.lam@apple.com>
311
312         Repatch code is passing the wrong args to lookupExceptionHandler.
313         <https://webkit.org/b/128085>
314
315         Reviewed by Oliver Hunt.
316
317         lookupExceptionHandler() is expecting 2 args: VM*, ExecState*.
318         The repatch code was only passing an ExecState*. A crash ensues.
319         This is now fixed.
320
321         * jit/JIT.cpp:
322         (JSC::JIT::privateCompileExceptionHandlers):
323         * jit/Repatch.cpp:
324         (JSC::generateProtoChainAccessStub):
325
326 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
327
328         JSC profiler's stub info profiling support should work again
329         https://bugs.webkit.org/show_bug.cgi?id=128057
330
331         Reviewed by Mark Lam.
332
333         * bytecode/CodeBlock.cpp:
334         (JSC::CodeBlock::printGetByIdCacheStatus): We want to know if the cache was ever reset by GC, since the DFG uses this information.
335         (JSC::CodeBlock::printLocationAndOp): This shouldn't have been inline.
336         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Ditto.
337         (JSC::CodeBlock::dumpBytecode): Dump the profiling field, and make sure that the caller can pass a StubInfoMap, which is necessary for dumping StructureStubInfo profiling.
338         * bytecode/CodeBlock.h: Out-of-line some methods and add the StubInfoMap parameter.
339         * profiler/ProfilerBytecodeSequence.cpp:
340         (JSC::Profiler::BytecodeSequence::BytecodeSequence): Create a StubInfoMap before dumping bytecodes.
341
342 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
343
344         JSC profiler should show reasons for jettison
345         https://bugs.webkit.org/show_bug.cgi?id=128047
346
347         Reviewed by Geoffrey Garen.
348         
349         Henceforth if you want to jettison a CodeBlock, you gotta tell the Profiler why you did
350         it. This makes figuring out convergence issues - where some code seems to take a long
351         time to get into the top tier compiler - a lot easier.
352
353         * CMakeLists.txt:
354         * GNUmakefile.list.am:
355         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
356         * JavaScriptCore.xcodeproj/project.pbxproj:
357         * bytecode/CodeBlock.cpp:
358         (JSC::CodeBlock::finalizeUnconditionally):
359         (JSC::CodeBlock::jettison):
360         (JSC::CodeBlock::addBreakpoint):
361         (JSC::CodeBlock::setSteppingMode):
362         * bytecode/CodeBlock.h:
363         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
364         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
365         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
366         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
367         * dfg/DFGOperations.cpp:
368         * jit/JITOperations.cpp:
369         * profiler/ProfilerCompilation.cpp:
370         (JSC::Profiler::Compilation::Compilation):
371         (JSC::Profiler::Compilation::toJS):
372         * profiler/ProfilerCompilation.h:
373         (JSC::Profiler::Compilation::setJettisonReason):
374         * profiler/ProfilerJettisonReason.cpp: Added.
375         (WTF::printInternal):
376         * profiler/ProfilerJettisonReason.h: Added.
377         * runtime/CommonIdentifiers.h:
378         * runtime/VM.cpp:
379         (JSC::SetEnabledProfilerFunctor::operator()):
380
381 2014-02-01  Mark Lam  <mark.lam@apple.com>
382
383         Saying "jitType() == JITCode::DFGJIT" is almost never correct.
384         <http://webkit.org/b/128045>
385
386         Reviewed by Filip Pizlo.
387
388         JITCode::isOptimizingJIT(jitType()) is the right way to say it.
389
390         * bytecode/CodeBlock.cpp:
391         (JSC::CodeBlock::addBreakpoint):
392         (JSC::CodeBlock::setSteppingMode):
393         * runtime/VM.cpp:
394         (JSC::SetEnabledProfilerFunctor::operator()):
395
396 2014-02-01  Michael Saboff  <msaboff@apple.com>
397
398         REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.JavaScriptCore: JSC::ArrayProfile::computeUpdatedPrediction + 4
399         https://bugs.webkit.org/show_bug.cgi?id=128037
400
401         Reviewed by Mark Lam.
402
403         op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
404         change set r162739.
405
406         * bytecode/CodeBlock.cpp:
407         (JSC::CodeBlock::CodeBlock):
408         * bytecompiler/BytecodeGenerator.cpp:
409         (JSC::BytecodeGenerator::emitCallVarargs):
410
411 2014-01-31  Mark Lam  <mark.lam@apple.com>
412
413         Gardening: fix build breakage.
414
415         Not reviewed.
416
417         * interpreter/CallFrame.h:
418
419 2014-01-31  Mark Lam  <mark.lam@apple.com>
420
421         Gardening: Fix a merge problem to unbreak bots.
422
423         Not reviewed.
424
425         * bytecompiler/BytecodeGenerator.cpp:
426         (JSC::BytecodeGenerator::BytecodeGenerator):
427
428 2014-01-31  Oliver Hunt  <oliver@apple.com>
429
430         Rollout r163195 and related patches
431
432         * API/JSCallbackObjectFunctions.h:
433         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
434         (JSC::JSCallbackObject<Parent>::put):
435         (JSC::JSCallbackObject<Parent>::deleteProperty):
436         (JSC::JSCallbackObject<Parent>::getStaticValue):
437         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
438         (JSC::JSCallbackObject<Parent>::callbackGetter):
439         * CMakeLists.txt:
440         * DerivedSources.make:
441         * GNUmakefile.am:
442         * GNUmakefile.list.am:
443         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
444         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
445         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
446         * JavaScriptCore.vcxproj/copy-files.cmd:
447         * JavaScriptCore.xcodeproj/project.pbxproj:
448         * builtins/Array.prototype.js: Removed.
449         * builtins/BuiltinExecutables.cpp: Removed.
450         * builtins/BuiltinExecutables.h: Removed.
451         * bytecode/CodeBlock.cpp:
452         (JSC::CodeBlock::CodeBlock):
453         * bytecode/CodeBlock.h:
454         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
455         * bytecode/UnlinkedCodeBlock.cpp:
456         (JSC::generateFunctionCodeBlock):
457         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
458         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
459         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
460         * bytecode/UnlinkedCodeBlock.h:
461         (JSC::ExecutableInfo::ExecutableInfo):
462         (JSC::UnlinkedFunctionExecutable::create):
463         * bytecompiler/BytecodeGenerator.cpp:
464         (JSC::BytecodeGenerator::BytecodeGenerator):
465         * bytecompiler/BytecodeGenerator.h:
466         (JSC::BytecodeGenerator::makeFunction):
467         * bytecompiler/NodesCodegen.cpp:
468         (JSC::CallFunctionCallDotNode::emitBytecode):
469         (JSC::ApplyFunctionCallDotNode::emitBytecode):
470         * create_hash_table:
471         * dfg/DFGDominators.cpp:
472         * dfg/DFGJITCode.cpp:
473         * dfg/DFGOperations.cpp:
474         * generate-js-builtins: Removed.
475         * interpreter/CachedCall.h:
476         (JSC::CachedCall::CachedCall):
477         * interpreter/Interpreter.cpp:
478         * interpreter/ProtoCallFrame.cpp:
479         * jit/JITOpcodes.cpp:
480         * jit/JITOpcodes32_64.cpp:
481         * jit/JITOperations.cpp:
482         * jit/JITPropertyAccess.cpp:
483         * jit/JITPropertyAccess32_64.cpp:
484         * jsc.cpp:
485         * llint/LLIntOffsetsExtractor.cpp:
486         * llint/LLIntSlowPaths.cpp:
487         * parser/ASTBuilder.h:
488         (JSC::ASTBuilder::makeFunctionCallNode):
489         * parser/Lexer.cpp:
490         (JSC::Lexer<T>::Lexer):
491         (JSC::Lexer<LChar>::parseIdentifier):
492         (JSC::Lexer<UChar>::parseIdentifier):
493         (JSC::Lexer<T>::lex):
494         * parser/Lexer.h:
495         (JSC::Lexer<T>::lexExpectIdentifier):
496         * parser/Nodes.cpp:
497         * parser/Nodes.h:
498         * parser/Parser.cpp:
499         (JSC::Parser<LexerType>::Parser):
500         (JSC::Parser<LexerType>::parseInner):
501         (JSC::Parser<LexerType>::didFinishParsing):
502         (JSC::Parser<LexerType>::printUnexpectedTokenText):
503         * parser/Parser.h:
504         (JSC::parse):
505         * parser/ParserModes.h:
506         * parser/ParserTokens.h:
507         * runtime/Arguments.h:
508         * runtime/ArgumentsIteratorPrototype.cpp:
509         * runtime/ArrayPrototype.cpp:
510         (JSC::arrayProtoFuncEvery):
511         * runtime/CodeCache.cpp:
512         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
513         * runtime/CommonIdentifiers.cpp:
514         (JSC::CommonIdentifiers::CommonIdentifiers):
515         * runtime/CommonIdentifiers.h:
516         * runtime/CommonSlowPaths.cpp:
517         * runtime/CommonSlowPathsExceptions.cpp:
518         * runtime/ExceptionHelpers.cpp:
519         (JSC::createUndefinedVariableError):
520         * runtime/Executable.h:
521         (JSC::EvalExecutable::executableInfo):
522         (JSC::ProgramExecutable::executableInfo):
523         (JSC::isHostFunction):
524         * runtime/FunctionPrototype.cpp:
525         (JSC::functionProtoFuncToString):
526         * runtime/JSActivation.cpp:
527         (JSC::JSActivation::symbolTableGet):
528         (JSC::JSActivation::symbolTablePut):
529         (JSC::JSActivation::symbolTablePutWithAttributes):
530         * runtime/JSArgumentsIterator.cpp:
531         * runtime/JSArray.cpp:
532         * runtime/JSArrayIterator.cpp:
533         * runtime/JSCJSValue.cpp:
534         * runtime/JSCellInlines.h:
535         * runtime/JSFunction.cpp:
536         (JSC::JSFunction::calculatedDisplayName):
537         (JSC::JSFunction::sourceCode):
538         (JSC::JSFunction::callerGetter):
539         (JSC::JSFunction::getOwnPropertySlot):
540         (JSC::JSFunction::getOwnNonIndexPropertyNames):
541         (JSC::JSFunction::put):
542         (JSC::JSFunction::defineOwnProperty):
543         * runtime/JSFunction.h:
544         * runtime/JSFunctionInlines.h:
545         (JSC::JSFunction::nativeFunction):
546         (JSC::JSFunction::nativeConstructor):
547         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
548         * runtime/JSGenericTypedArrayViewInlines.h:
549         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
550         * runtime/JSGlobalObject.cpp:
551         (JSC::JSGlobalObject::reset):
552         (JSC::JSGlobalObject::visitChildren):
553         * runtime/JSGlobalObject.h:
554         (JSC::JSGlobalObject::symbolTableHasProperty):
555         * runtime/JSObject.cpp:
556         (JSC::getClassPropertyNames):
557         (JSC::JSObject::reifyStaticFunctionsForDelete):
558         * runtime/JSObject.h:
559         * runtime/JSPromiseConstructor.cpp:
560         * runtime/JSPromiseDeferred.cpp:
561         * runtime/JSPromisePrototype.cpp:
562         * runtime/JSPromiseReaction.h:
563         * runtime/JSPropertyNameIterator.cpp:
564         * runtime/JSPropertyNameIterator.h:
565         * runtime/JSString.h:
566         (JSC::JSString::getStringPropertySlot):
567         (JSC::inlineJSValueNotStringtoString):
568         (JSC::JSValue::toWTFStringInline):
569         * runtime/JSStringInlines.h: Removed.
570         * runtime/JSSymbolTableObject.cpp:
571         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
572         * runtime/JSSymbolTableObject.h:
573         (JSC::symbolTableGet):
574         (JSC::symbolTablePut):
575         (JSC::symbolTablePutWithAttributes):
576         * runtime/Lookup.cpp:
577         (JSC::setUpStaticFunctionSlot):
578         * runtime/Lookup.h:
579         (JSC::HashEntry::propertyGetter):
580         (JSC::HashEntry::propertyPutter):
581         (JSC::HashTable::entry):
582         (JSC::getStaticPropertySlot):
583         (JSC::getStaticValueSlot):
584         (JSC::putEntry):
585         * runtime/NativeErrorConstructor.cpp:
586         * runtime/NativeErrorConstructor.h:
587         (JSC::NativeErrorConstructor::finishCreation):
588         * runtime/PropertySlot.h:
589         * runtime/RegExpConstructor.cpp:
590         * runtime/RegExpPrototype.cpp:
591         * runtime/SetConstructor.cpp:
592         * runtime/StringObject.cpp:
593         * runtime/Structure.cpp:
594         * runtime/VM.cpp:
595         (JSC::VM::VM):
596         * runtime/VM.h:
597
598 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
599
600         DFG->FTL tier-up shouldn't assume that LoopHints stay at the tops of loops
601         https://bugs.webkit.org/show_bug.cgi?id=128030
602
603         Reviewed by Oliver Hunt.
604         
605         Remove a bogus assertion. The only thing that matters is that the LoopHint had at one
606         point in time been at the top of a loop header, and that it is now at the top of a
607         basic block. But the basic block that it's at the top of now doesn't have to be the
608         same as the loop header that it once was the top of.
609
610         * dfg/DFGTierUpCheckInjectionPhase.cpp:
611         (JSC::DFG::TierUpCheckInjectionPhase::run):
612         * tests/stress/tier-up-in-loop-with-cfg-simplification.js: Added.
613         (foo):
614
615 2014-01-31  Mark Lam  <mark.lam@apple.com>
616
617         Avoid eagerly creating the JSActivation when the debugger is attached.
618         <https://webkit.org/b/127910>
619
620         Reviewed by Oliver Hunt.
621
622         Octane scores for this patch:
623             baseline w/o WebInspector: 11621
624             patched  w/o WebInspector: 11801
625             baseline w/ WebInspector:  3295
626             patched  w/ WebInspector:  7070   2.1x improvement
627
628         1. Because debugger can potentially create a closure from any call frame,
629            we need every function to allocate an activation register and check for
630            the need to tear off the activation (if needed) on return.
631
632            However, we do not need to eagerly create the activation object.
633            This patch implements the optimization to defer creation of the
634            activation object until we actually need it i.e. when:
635
636            1. We encounter a "eval", "with", or "catch" statement.
637            2. We've paused in the debugger, and called DebuggerCallFrame::scope().
638
639         2. The UnlinkedCodeBlock provides a needsFullScopeChain flag that is used
640            to indicate whether the linked CodeBlock will need an activation
641            object or not. Under normal circumstances, needsFullScopeChain and
642            needsActivation are synonymous. However, with a debugger attached, we
643            want the CodeBlock to always allocate an activationRegister even if
644            it does not need a "full scope chain".
645
646            Hence, we apply the following definitions to the "flags":
647
648            1. UnlinkedCodeBlock::needsFullScopeChain() - this flag indicates that
649               the parser discovered JS artifacts (e.g. use of "eval", "with", etc.)
650               that requires an activation.
651
652               BytecodeGenerator's destinationForAssignResult() and leftHandSideNeedsCopy()
653               checks needsFullScopeChain().
654
655            2. UnlinkedCodeBlock::hasActivationRegister() - this flag indicates that
656               an activation register was created for the UnlinkedCodeBlock either
657               because it needsFullScopeChain() or because the debugger is attached.
658
659            3. CodeBlock::needsActivation() reflects UnlinkedCodeBlock's
660               hasActivationRegister().
661
662         3. Introduced BytecodeGenerator::emitPushFunctionNameScope() and
663            BytecodeGenerator::emitPushCatchScope() because the JSNameScope
664            pushed for a function name cannot be popped unlike the JSNameScope
665            pushed for a "catch". Hence, we have 2 functions to handle the 2 cases
666            differently.
667
668         4. Removed DebuggerCallFrame::evaluateWithCallFrame() and require that all
669            debugger evaluations go through the DebuggerCallFrame::evaluate(). This
670            ensures that debugger evaluations require a DebuggerCallFrame.
671
672            DebuggerCallFrame::evaluateWithCallFrame() was used previously because
673            we didn't want to instantiate a DebuggerCallFrame on every debug hook
674            callback. However, we now only call the debug hooks when needed, and
675            this no longer poses a performance problem.
676
677            In addition, when the debug hook does an eval to test a breakpoint
678            condition, it is incorrect to evaluate it without a DebuggerCallFrame
679            anyway.
680
681         5. Added some utility functions to the CallFrame to make it easier to work
682            with the activation register in the frame (if present). These utility
683            functions should only be called if the CodeBlock::needsActivation() is
684            true (which indicates the presence of the activation register). The
685            utlity functions are:
686
687            1. CallFrame::hasActivation()
688               - checks if the frame's activation object has been created.
689
690            2. CallFrame::activation()
691               - returns the frame's activation object.
692
693            3. CallFrame::uncheckedActivation()
694               - returns the JSValue in the frame's activation register. May be null.
695
696            4. CallFrame::setActivation()
697               - sets the frame's activation object.
698
699         * bytecode/CodeBlock.cpp:
700         (JSC::CodeBlock::dumpBytecode):
701         - added symbollic dumping of ResolveMode and ResolveType values for some
702           bytecodes.
703         (JSC::CodeBlock::CodeBlock):
704         * bytecode/CodeBlock.h:
705         (JSC::CodeBlock::activationRegister):
706         (JSC::CodeBlock::uncheckedActivationRegister):
707         (JSC::CodeBlock::needsActivation):
708         * bytecode/UnlinkedCodeBlock.h:
709         (JSC::UnlinkedCodeBlock::needsFullScopeChain):
710         (JSC::UnlinkedCodeBlock::hasActivationRegister):
711         * bytecompiler/BytecodeGenerator.cpp:
712         (JSC::BytecodeGenerator::BytecodeGenerator):
713         (JSC::BytecodeGenerator::resolveCallee):
714         (JSC::BytecodeGenerator::createActivationIfNecessary):
715         (JSC::BytecodeGenerator::emitCallEval):
716         (JSC::BytecodeGenerator::emitReturn):
717         (JSC::BytecodeGenerator::emitPushWithScope):
718         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
719         (JSC::BytecodeGenerator::emitPushCatchScope):
720         * bytecompiler/BytecodeGenerator.h:
721         * bytecompiler/NodesCodegen.cpp:
722         (JSC::TryNode::emitBytecode):
723         * debugger/Debugger.cpp:
724         (JSC::Debugger::hasBreakpoint):
725         (JSC::Debugger::pauseIfNeeded):
726         * debugger/DebuggerCallFrame.cpp:
727         (JSC::DebuggerCallFrame::scope):
728         (JSC::DebuggerCallFrame::evaluate):
729         * debugger/DebuggerCallFrame.h:
730         * dfg/DFGByteCodeParser.cpp:
731         (JSC::DFG::ByteCodeParser::parseCodeBlock):
732         * dfg/DFGGraph.h:
733         - Removed an unused function DFGGraph::needsActivation().
734         * interpreter/CallFrame.cpp:
735         (JSC::CallFrame::activation):
736         (JSC::CallFrame::setActivation):
737         * interpreter/CallFrame.h:
738         (JSC::ExecState::hasActivation):
739         (JSC::ExecState::registers):
740         * interpreter/CallFrameInlines.h:
741         (JSC::CallFrame::uncheckedActivation):
742         * interpreter/Interpreter.cpp:
743         (JSC::unwindCallFrame):
744         (JSC::Interpreter::unwind):
745         * jit/JITOperations.cpp:
746         * llint/LLIntSlowPaths.cpp:
747         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
748         * runtime/CommonSlowPaths.cpp:
749         (JSC::SLOW_PATH_DECL):
750
751         * runtime/JSScope.cpp:
752         * runtime/JSScope.h:
753         (JSC::resolveModeName):
754         (JSC::resolveTypeName):
755         - utility functions for decoding names of the ResolveMode and ResolveType.
756           These are used in CodeBlock::dumpBytecode().
757
758 2014-01-31  Michael Saboff  <msaboff@apple.com>
759
760         REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
761         https://bugs.webkit.org/show_bug.cgi?id=128017
762
763         Reviewed by Filip Pizlo.
764
765         Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
766         to JSLock and JSLock::DropAllLocks.  The saved data is now stored in per-thread in
767         WTFThreadData.
768
769         * runtime/InitializeThreading.cpp:
770         (JSC::initializeThreading):
771         * runtime/JSLock.cpp:
772         (JSC::JSLock::lock):
773         (JSC::JSLock::unlock):
774         (JSC::JSLock::DropAllLocks::DropAllLocks):
775         (JSC::JSLock::DropAllLocks::~DropAllLocks):
776         * runtime/JSLock.h:
777         * runtime/VMEntryScope.cpp:
778         (JSC::VMEntryScope::VMEntryScope):
779         (JSC::VMEntryScope::~VMEntryScope):
780         * runtime/VMEntryScope.h:
781
782 2014-01-31  Mark Lam  <mark.lam@apple.com>
783
784         Don't need a JSNameScope for the callee name just for the debugger.
785         <https://webkit.org/b/128024>
786
787         Reviewed by Geoffrey Garen.
788
789         Currently, in the bytecode for a function, we push a JSNamedScope for
790         the name of the function when a debugger is attached. The name scope for
791         the function name is only needed for evals which can redefine the name
792         to resolve to something else, and can later delete the redefined name
793         which should revert the resolution of the name to the original function.
794         The debugger does not need this feature because it declares all new vars
795         in a temporary nested scope. Hence, we can remove the presence of the
796         debugger as a criteria for pushing the JSNameScope.
797
798         * bytecompiler/BytecodeGenerator.cpp:
799         (JSC::BytecodeGenerator::resolveCallee):
800         (JSC::BytecodeGenerator::addCallee):
801
802 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
803
804         Unreviewed, build fix.
805
806         * ftl/FTLOSREntry.cpp:
807
808 2014-01-31  Oliver Hunt  <oliver@apple.com>
809
810         Fix windows
811
812         * generate-js-builtins:
813
814 2014-01-31  Oliver Hunt  <oliver@apple.com>
815
816         Fix 32bit.
817
818         * jit/JITPropertyAccess32_64.cpp:
819
820 2014-01-31  Mark Lam  <mark.lam@apple.com>
821
822         Add options to force debugger / profiler bytecode generation.
823         <https://webkit.org/b/128014>
824
825         Reviewed by Oliver Hunt.
826
827         Add Options::forceDebuggerBytecodeGeneration() and
828         Options::forceProfilerBytecodeGeneration(). These options make it more
829         convenient to do correctness testing when debugger / profiler bytecodes
830         are generated.
831
832         These options are disabled by default.
833
834         * bytecompiler/BytecodeGenerator.cpp:
835         (JSC::BytecodeGenerator::BytecodeGenerator):
836         * runtime/Options.h:
837
838 2014-01-29  Oliver Hunt  <oliver@apple.com>
839
840         Make it possible to implement JS builtins in JS
841         https://bugs.webkit.org/show_bug.cgi?id=127887
842
843         Reviewed by Michael Saboff.
844
845         This patch makes it possible to write builtin functions in JS.
846         The bindings, generators, and definitions are all created automatically
847         based on js files in the builtins/ directory.  This patch includes one
848         such case: Array.prototype.js with an implementation of every().
849
850         There's a lot of refactoring to make it possible for CommonIdentifiers
851         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
852         without breaking the offset extractor. The result of this refactoring
853         is that CommonIdentifiers, and a few other miscellaneous headers now
854         need to be included directly as they were formerly captured through other
855         paths.
856
857         In addition this adds a flag to the Lookup table's hashentry to indicate
858         that a static function is actually backed by JS. There is then a lot of
859         logic to thread the special nature of the functon to where it matters.
860         This allows toString(), .caller, etc to mimic the behaviour of a host
861         function.
862
863         Notes on writing builtins:
864          - Each function is compiled independently of the others, and those
865            implementations cannot currently capture all global properties (as
866            that could be potentially unsafe). If a function does capture a
867            global we will deliberately crash.
868          - For those "global" properties that we do want access to, we use
869            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
870            are private names, and behave just like regular properties, only
871            without the risk of adulteration. Again, in the @Object case, we
872            explicitly duplicate the ObjectConstructor reference on the GlobalObject
873            so that we have guaranteed access to the original version of the
874            constructor.
875          - call, apply, eval, and Function are all rejected identifiers, again
876            to prevent anything from accidentally using an adulterated object.
877            Instead @call and @apply are available, and happily they completely
878            drop the neq_ptr instruction as they're defined as always being the
879            original call/apply functions.
880
881         These restrictions are just intended to make it harder to accidentally
882         make changes that are incorrect (for instance calling whatever has been
883         assigned to global.Object, instead of the original constructor function).
884         However, making a mistake like this should result in a purely semantic
885         error as fundamentally these functions are treated as though they were
886         regular JS code in the host global, and have no more privileges than
887         any other JS.
888
889         The initial proof of concept is Array.prototype.every, this shows a 65%
890         performance improvement, and that improvement is significantly hurt by
891         our poor optimisation of op_in.
892
893         As this is such a limited function, we have not yet exported all symbols
894         that we could possibly need, but as we implement more, the likelihood
895         of encountering missing features will reduce.
896
897         This did require breaking out a JSStringInlines header, and required
898         fixing a few objects that were trying to using PropertyName::publicName
899         rather than PropertyName::uid.
900
901         * API/JSCallbackObjectFunctions.h:
902         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
903         (JSC::JSCallbackObject<Parent>::put):
904         (JSC::JSCallbackObject<Parent>::deleteProperty):
905         (JSC::JSCallbackObject<Parent>::getStaticValue):
906         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
907         (JSC::JSCallbackObject<Parent>::callbackGetter):
908         * CMakeLists.txt:
909         * DerivedSources.make:
910         * GNUmakefile.list.am:
911         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
912         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
913         * JavaScriptCore.xcodeproj/project.pbxproj:
914         * builtins/Array.prototype.js:
915         (every):
916         * builtins/BuiltinExecutables.cpp: Added.
917         (JSC::BuiltinExecutables::BuiltinExecutables):
918         (JSC::BuiltinExecutables::createBuiltinExecutable):
919         * builtins/BuiltinExecutables.h:
920         (JSC::BuiltinExecutables::create):
921         * bytecode/CodeBlock.cpp:
922         (JSC::CodeBlock::CodeBlock):
923         * bytecode/CodeBlock.h:
924         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
925         * bytecode/UnlinkedCodeBlock.cpp:
926         (JSC::generateFunctionCodeBlock):
927         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
928         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
929         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
930         * bytecode/UnlinkedCodeBlock.h:
931         (JSC::ExecutableInfo::ExecutableInfo):
932         (JSC::UnlinkedFunctionExecutable::create):
933         (JSC::UnlinkedFunctionExecutable::toStrictness):
934         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
935         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
936         * bytecompiler/BytecodeGenerator.cpp:
937         (JSC::BytecodeGenerator::BytecodeGenerator):
938         * bytecompiler/BytecodeGenerator.h:
939         (JSC::BytecodeGenerator::isBuiltinFunction):
940         (JSC::BytecodeGenerator::makeFunction):
941         * bytecompiler/NodesCodegen.cpp:
942         (JSC::CallFunctionCallDotNode::emitBytecode):
943         (JSC::ApplyFunctionCallDotNode::emitBytecode):
944         * create_hash_table:
945         * dfg/DFGOperations.cpp:
946         * generate-js-builtins: Added.
947         (getCopyright):
948         (getFunctions):
949         (generateCode):
950         (mangleName):
951         (FunctionExecutable):
952         (Identifier):
953         (JSGlobalObject):
954         (SourceCode):
955         (UnlinkedFunctionExecutable):
956         (VM):
957         * interpreter/Interpreter.cpp:
958         * interpreter/ProtoCallFrame.cpp:
959         * jit/JITOpcodes.cpp:
960         * jit/JITOpcodes32_64.cpp:
961         * jit/JITOperations.cpp:
962         * jit/JITPropertyAccess.cpp:
963         * jit/JITPropertyAccess32_64.cpp:
964         * jsc.cpp:
965         * llint/LLIntSlowPaths.cpp:
966         * parser/ASTBuilder.h:
967         (JSC::ASTBuilder::makeFunctionCallNode):
968         * parser/Lexer.cpp:
969         (JSC::Lexer<T>::Lexer):
970         (JSC::isSafeIdentifier):
971         (JSC::Lexer<LChar>::parseIdentifier):
972         (JSC::Lexer<UChar>::parseIdentifier):
973         (JSC::Lexer<T>::lex):
974         * parser/Lexer.h:
975         (JSC::isSafeIdentifier):
976         (JSC::Lexer<T>::lexExpectIdentifier):
977         * parser/Nodes.cpp:
978         (JSC::ProgramNode::setClosedVariables):
979         * parser/Nodes.h:
980         (JSC::ScopeNode::capturedVariables):
981         (JSC::ScopeNode::setClosedVariables):
982         (JSC::ProgramNode::closedVariables):
983         * parser/Parser.cpp:
984         (JSC::Parser<LexerType>::Parser):
985         (JSC::Parser<LexerType>::parseInner):
986         (JSC::Parser<LexerType>::didFinishParsing):
987         (JSC::Parser<LexerType>::printUnexpectedTokenText):
988         * parser/Parser.h:
989         (JSC::Scope::getUsedVariables):
990         (JSC::Parser::closedVariables):
991         (JSC::parse):
992         * parser/ParserModes.h:
993         * parser/ParserTokens.h:
994         * runtime/ArgList.cpp:
995         * runtime/Arguments.cpp:
996         * runtime/Arguments.h:
997         * runtime/ArgumentsIteratorConstructor.cpp:
998         * runtime/ArgumentsIteratorPrototype.cpp:
999         * runtime/ArrayPrototype.cpp:
1000         * runtime/CodeCache.cpp:
1001         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1002         * runtime/CommonIdentifiers.cpp:
1003         (JSC::CommonIdentifiers::CommonIdentifiers):
1004         (JSC::CommonIdentifiers::getPrivateName):
1005         (JSC::CommonIdentifiers::getPublicName):
1006         * runtime/CommonIdentifiers.h:
1007         * runtime/CommonSlowPaths.cpp:
1008         * runtime/CommonSlowPathsExceptions.cpp:
1009         * runtime/ExceptionHelpers.cpp:
1010         (JSC::createUndefinedVariableError):
1011         * runtime/Executable.h:
1012         (JSC::EvalExecutable::executableInfo):
1013         (JSC::ProgramExecutable::executableInfo):
1014         (JSC::FunctionExecutable::isBuiltinFunction):
1015         * runtime/FunctionPrototype.cpp:
1016         (JSC::functionProtoFuncToString):
1017         * runtime/JSActivation.cpp:
1018         (JSC::JSActivation::symbolTableGet):
1019         (JSC::JSActivation::symbolTablePut):
1020         (JSC::JSActivation::symbolTablePutWithAttributes):
1021         * runtime/JSArgumentsIterator.cpp:
1022         * runtime/JSArray.cpp:
1023         * runtime/JSArrayIterator.cpp:
1024         * runtime/JSCJSValue.cpp:
1025         * runtime/JSCellInlines.h:
1026         * runtime/JSFunction.cpp:
1027         (JSC::JSFunction::createBuiltinFunction):
1028         (JSC::JSFunction::calculatedDisplayName):
1029         (JSC::JSFunction::sourceCode):
1030         (JSC::JSFunction::isHostOrBuiltinFunction):
1031         (JSC::JSFunction::isBuiltinFunction):
1032         (JSC::JSFunction::callerGetter):
1033         (JSC::JSFunction::getOwnPropertySlot):
1034         (JSC::JSFunction::getOwnNonIndexPropertyNames):
1035         (JSC::JSFunction::put):
1036         (JSC::JSFunction::defineOwnProperty):
1037         * runtime/JSFunction.h:
1038         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1039         * runtime/JSGenericTypedArrayViewInlines.h:
1040         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1041         * runtime/JSGlobalObject.cpp:
1042         (JSC::JSGlobalObject::reset):
1043         (JSC::JSGlobalObject::visitChildren):
1044         * runtime/JSGlobalObject.h:
1045         (JSC::JSGlobalObject::objectConstructor):
1046         (JSC::JSGlobalObject::symbolTableHasProperty):
1047         * runtime/JSObject.cpp:
1048         (JSC::getClassPropertyNames):
1049         (JSC::JSObject::reifyStaticFunctionsForDelete):
1050         (JSC::JSObject::putDirectBuiltinFunction):
1051         * runtime/JSObject.h:
1052         * runtime/JSPropertyNameIterator.cpp:
1053         * runtime/JSPropertyNameIterator.h:
1054         * runtime/JSString.h:
1055         * runtime/JSStringInlines.h: Added.
1056         (JSC::JSString::getStringPropertySlot):
1057         (JSC::inlineJSValueNotStringtoString):
1058         (JSC::JSValue::toWTFStringInline):
1059         * runtime/JSSymbolTableObject.cpp:
1060         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
1061            Don't report private names.
1062         * runtime/JSSymbolTableObject.h:
1063         (JSC::symbolTableGet):
1064         (JSC::symbolTablePut):
1065         (JSC::symbolTablePutWithAttributes):
1066         * runtime/Lookup.cpp:
1067         (JSC::setUpStaticFunctionSlot):
1068         * runtime/Lookup.h:
1069         (JSC::HashEntry::builtinGenerator):
1070         (JSC::HashEntry::propertyGetter):
1071         (JSC::HashEntry::propertyPutter):
1072         (JSC::HashTable::entry):
1073         (JSC::getStaticPropertySlot):
1074         (JSC::getStaticValueSlot):
1075         (JSC::putEntry):
1076         * runtime/NativeErrorConstructor.cpp:
1077         (JSC::NativeErrorConstructor::finishCreation):
1078         * runtime/NativeErrorConstructor.h:
1079         * runtime/PropertySlot.h:
1080         * runtime/RegExpPrototype.cpp:
1081         * runtime/SetConstructor.cpp:
1082         * runtime/StringObject.cpp:
1083         * runtime/Structure.cpp:
1084         * runtime/VM.cpp:
1085         (JSC::VM::VM):
1086         * runtime/VM.h:
1087         (JSC::VM::builtinExecutables):
1088
1089 2014-01-31  Gabor Rapcsanyi  <rgabor@webkit.org>
1090
1091         Fix the ARM Thumb2 build after jsCStack branch merge
1092         https://bugs.webkit.org/show_bug.cgi?id=127903
1093
1094         Reviewed by Michael Saboff.
1095
1096         SP register cannot be used as a destination register of SUB or ADD on Thumb mode.
1097
1098         * llint/LowLevelInterpreter.asm:
1099         * llint/LowLevelInterpreter32_64.asm:
1100
1101 2014-01-31  Julien Brianceau  <jbriance@cisco.com>
1102
1103         [arm] Add missing pushPair/popPair implementations in MacroAssemblerARM.h
1104         https://bugs.webkit.org/show_bug.cgi?id=127904
1105
1106         Reviewed by Zoltan Herczeg.
1107
1108         * assembler/MacroAssemblerARM.h:
1109         (JSC::MacroAssemblerARM::popPair):
1110         (JSC::MacroAssemblerARM::pushPair):
1111
1112 2014-01-30  Martin Robinson  <mrobinson@igalia.com>
1113
1114         [GTK] [CMake] Add support for building against GTK+ 2
1115         https://bugs.webkit.org/show_bug.cgi?id=127959
1116
1117         Reviewed by Anders Carlsson.
1118
1119         * PlatformGTK.cmake: Use the new API version variable and don't use GTK3 directly.
1120
1121 2014-01-30  Andreas Kling  <akling@apple.com>
1122
1123         CodeBlock's cloned SymbolTables only need the captured names.
1124         <https://webkit.org/b/127978>
1125
1126         Renamed SymbolTable::clone() to SymbolTable::cloneCapturedNames()
1127         and make it skip over any symbols that aren't captured, since those
1128         won't be needed after codegen.
1129
1130         This is a first step towards getting rid of redundant symbol tables.
1131
1132         Reviewed by Geoffrey Garen.
1133
1134         * bytecode/CodeBlock.cpp:
1135         (JSC::CodeBlock::CodeBlock):
1136         * runtime/SymbolTable.cpp:
1137         (JSC::SymbolTable::cloneCapturedNames):
1138         * runtime/SymbolTable.h:
1139
1140 2014-01-28  Timothy Hatcher  <timothy@apple.com>
1141
1142         Add column number and call timing support to LegacyProfiler.
1143
1144         https://bugs.webkit.org/show_bug.cgi?id=127764
1145
1146         Reviewed by Joseph Pecoraro.
1147
1148         * interpreter/Interpreter.cpp:
1149         (JSC::Interpreter::execute):
1150         * profiler/CallIdentifier.h:
1151         (JSC::CallIdentifier::CallIdentifier):
1152         (JSC::CallIdentifier::functionName):
1153         (JSC::CallIdentifier::url):
1154         (JSC::CallIdentifier::lineNumber):
1155         (JSC::CallIdentifier::columnNumber):
1156         (JSC::CallIdentifier::operator==):
1157         (JSC::CallIdentifier::operator!=):
1158         (JSC::CallIdentifier::Hash::hash):
1159         (WTF::HashTraits<JSC::CallIdentifier>::constructDeletedValue):
1160         (WTF::HashTraits<JSC::CallIdentifier>::isDeletedValue):
1161         * profiler/LegacyProfiler.cpp:
1162         (JSC::LegacyProfiler::willExecute):
1163         (JSC::LegacyProfiler::didExecute):
1164         (JSC::LegacyProfiler::exceptionUnwind):
1165         (JSC::LegacyProfiler::createCallIdentifier):
1166         (JSC::createCallIdentifierFromFunctionImp):
1167         * profiler/LegacyProfiler.h:
1168         * profiler/Profile.cpp:
1169         (JSC::Profile::Profile):
1170         * profiler/Profile.h:
1171         (JSC::Profile::uid):
1172         (JSC::Profile::idleTime):
1173         (JSC::Profile::setIdleTime):
1174         * profiler/ProfileGenerator.cpp:
1175         (JSC::AddParentForConsoleStartFunctor::operator()):
1176         (JSC::ProfileGenerator::addParentForConsoleStart):
1177         (JSC::ProfileGenerator::willExecute):
1178         (JSC::ProfileGenerator::didExecute):
1179         (JSC::ProfileGenerator::stopProfiling):
1180         (JSC::ProfileGenerator::removeProfileStart):
1181         (JSC::ProfileGenerator::removeProfileEnd):
1182         * profiler/ProfileNode.cpp:
1183         (JSC::ProfileNode::ProfileNode):
1184         (JSC::ProfileNode::stopProfiling):
1185         (JSC::ProfileNode::endAndRecordCall):
1186         (JSC::ProfileNode::startTimer):
1187         (JSC::ProfileNode::debugPrintData):
1188         * profiler/ProfileNode.h:
1189         (JSC::ProfileNode::Call::Call):
1190         (JSC::ProfileNode::Call::startTime):
1191         (JSC::ProfileNode::Call::setStartTime):
1192         (JSC::ProfileNode::Call::totalTime):
1193         (JSC::ProfileNode::Call::setTotalTime):
1194         (JSC::ProfileNode::id):
1195         (JSC::ProfileNode::functionName):
1196         (JSC::ProfileNode::url):
1197         (JSC::ProfileNode::lineNumber):
1198         (JSC::ProfileNode::columnNumber):
1199         (JSC::ProfileNode::calls):
1200         (JSC::ProfileNode::lastCall):
1201         (JSC::ProfileNode::numberOfCalls):
1202
1203 2014-01-26  Timothy Hatcher  <timothy@apple.com>
1204
1205         Include profile with FunctionCall and EvaluateScript Timeline records.
1206
1207         https://bugs.webkit.org/show_bug.cgi?id=127663
1208
1209         Reviewed by Joseph Pecoraro.
1210
1211         * inspector/InjectedScriptBase.cpp:
1212         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
1213         * inspector/InspectorEnvironment.h:
1214         * inspector/JSGlobalObjectInspectorController.h:
1215
1216 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1217
1218         FTL should support GetById(Untyped:)
1219         https://bugs.webkit.org/show_bug.cgi?id=127750
1220
1221         Reviewed by Oliver Hunt.
1222         
1223         This was supposed to be easy. Indeed, the actual GetById UntypedUse case was easy. But
1224         then it expanded coverage by a lot and I got to deal with three bugs. So, this has
1225         some additional changes:
1226         
1227         Also make it safe for LLVM to duplicate calls to patchpoints and stackmaps. Previously
1228         we incorrectly assumed that if we emitted a patchpoint, then there would only be one
1229         copy of that patchpoint (with that ID) in the resulting machine code and in the
1230         stackmaps section. That's obviously a bad assumption - LLVM is allowed to do anything
1231         it wants so long as the outcome of executing the code has a semantically equivalent
1232         meaning to the IR we gave it, and duplicating code is trivially OK under this rule. We
1233         should be OK with it, too. The solution is to add Vectors in a bunch of places that
1234         previously just thought they only had one value. For example, an InlineCacheDescriptor
1235         now has a Vector of generators - one generator for each copy that LLVM stamped out.
1236         Normally there will only be one copy, of course - since duplication is usually
1237         unprofitable. But, if LLVM decides that copying would be groovy then we will no longer
1238         barf.
1239         
1240         Also fix SSA conversion. It turns out that we mishandled the case where a block had
1241         multiple Phi functions for the same local. If any of those CPS Phis fail to trivialize
1242         in the Aycock-Horspool fixpoint, we need to insert an SSA Phi. Previously, it was
1243         assuming that so long as the head CPS Phi was trivial, we could forego SSA Phi
1244         insertion. That's wrong if the head CPS Phi trivialized but ended up pointing to a
1245         non-trivial CPS Phi in the same block. This madness with trees of Phis occurs because
1246         we try to save on compile times: no Phi ever has more than three children even if the
1247         block has more than three predecessors; we just build out a tree of Phis to satisfy
1248         all predecessors. So weird.
1249         
1250         And finally, fix DFG->FTL OSR entry's reconstruction of 'this' in a constructor. That
1251         reconstruction code, JITCode::reconstruct(), had a work-around for the case where we
1252         were entering into a constructor at the prologue. In that case, 'this' is definitely
1253         unavailable. But the OSR code does reconstructions at LoopHints, which aren't at the
1254         prologue, and so 'this' should totally be available.
1255
1256         * dfg/DFGGraph.cpp:
1257         (JSC::DFG::Graph::dump):
1258         * dfg/DFGJITCode.cpp:
1259         (JSC::DFG::JITCode::reconstruct):
1260         * dfg/DFGNode.h:
1261         (JSC::DFG::Node::tryGetVariableAccessData):
1262         * dfg/DFGSSAConversionPhase.cpp:
1263         (JSC::DFG::SSAConversionPhase::run):
1264         * ftl/FTLCapabilities.cpp:
1265         (JSC::FTL::canCompile):
1266         * ftl/FTLCompile.cpp:
1267         (JSC::FTL::generateICFastPath):
1268         (JSC::FTL::fixFunctionBasedOnStackMaps):
1269         * ftl/FTLInlineCacheDescriptor.h:
1270         * ftl/FTLJITFinalizer.cpp:
1271         (JSC::FTL::JITFinalizer::codeSize):
1272         * ftl/FTLJSCall.cpp:
1273         (JSC::FTL::JSCall::JSCall):
1274         * ftl/FTLJSCall.h:
1275         * ftl/FTLLowerDFGToLLVM.cpp:
1276         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1277         (JSC::FTL::LowerDFGToLLVM::getById):
1278         * ftl/FTLOSREntry.cpp:
1279         (JSC::FTL::prepareOSREntry):
1280         * ftl/FTLStackMaps.cpp:
1281         (JSC::FTL::StackMaps::getRecordMap):
1282         * ftl/FTLStackMaps.h:
1283         * tests/stress/get-by-id-untyped.js: Added.
1284         (foo):
1285
1286 2014-01-30  Geoffrey Garen  <ggaren@apple.com>
1287
1288         Part 2: REGRESSION: JavascriptCore crash during OS Installation (due to
1289         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1290         https://bugs.webkit.org/show_bug.cgi?id=127950
1291
1292         Reviewed by Mark Hahnenberg.
1293
1294         Scope the APICallbackShim to make sure that we re-acquire the lock
1295         before putting the heap back into the "unsafe to allocate" state.
1296         Otherwise, the heap will seem to be in the "unsafe to allocate" state
1297         during any GC that happens before we re-acquire the lock.
1298
1299         No regression test because threads.
1300
1301         * heap/DelayedReleaseScope.h:
1302         (JSC::DelayedReleaseScope::~DelayedReleaseScope):
1303
1304 2014-01-30  Filip Pizlo  <fpizlo@apple.com>
1305
1306         Update FTL StackMaps parser to stackSize change
1307         https://bugs.webkit.org/show_bug.cgi?id=127933
1308
1309         Reviewed by Oliver Hunt.
1310
1311         * ftl/FTLStackMaps.cpp:
1312         (JSC::FTL::StackMaps::parse):
1313
1314 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1315
1316         [GTK] Only disable -ftree-dce optimization when compiling with GCC
1317         https://bugs.webkit.org/show_bug.cgi?id=127911
1318
1319         Reviewed by Carlos Garcia Campos.
1320
1321         * GNUmakefile.am: Only disable the -ftree-dce optimization when using the GCC compiler.
1322         Some Clang versions/configurations don't support the flag.
1323
1324 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1325
1326         [GTK] Disable optimizations for JSC that turned out malignant after jsCStack branch merge
1327         https://bugs.webkit.org/show_bug.cgi?id=127909
1328
1329         Reviewed by Carlos Garcia Campos.
1330
1331         * GNUmakefile.am: Disable the -fomit-frame-pointer optimization to achieve proper register usage
1332         in operationCallEval. Disable the -ftree-dce optimization since it is causing additional failures
1333         when using GCC 4.8, possibly due to a bug in the compiler itself.
1334
1335 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1336
1337         Remove ENABLE(JAVASCRIPT_DEBUGGER) leftovers
1338         https://bugs.webkit.org/show_bug.cgi?id=127845
1339
1340         Reviewed by Joseph Pecoraro.
1341
1342         * Configurations/FeatureDefines.xcconfig:
1343
1344 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1345
1346         Web Inspector: Play Breakpoint Sound in Frontend
1347         https://bugs.webkit.org/show_bug.cgi?id=127885
1348
1349         Reviewed by Timothy Hatcher.
1350
1351         * inspector/ScriptDebugListener.h:
1352         * inspector/ScriptDebugServer.cpp:
1353         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
1354         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1355         * inspector/ScriptDebugServer.h:
1356         Pass the breakpoint action identifier through when the
1357         sound breakpoint action is triggered.
1358
1359         * inspector/protocol/Debugger.json:
1360         New "playBreakpointActionSound" event when a "sound" breakpoint action triggers.
1361
1362         * inspector/agents/InspectorDebuggerAgent.h:
1363         * inspector/agents/InspectorDebuggerAgent.cpp:
1364         (Inspector::InspectorDebuggerAgent::breakpointActionSound):
1365         Send the new event so the frontend can handle it.
1366
1367 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1368
1369         Merge final changesets from the jsCStack branch (r162969, r162975, r162992, r163004, r163069).
1370
1371     2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1372     
1373             DFG ArrayPop double array mishandles the NaN hole installation
1374             https://bugs.webkit.org/show_bug.cgi?id=127813
1375     
1376             Reviewed by Mark Rowe.
1377             
1378             Our object model for arrays inferred double dictates that we use quiet NaN (QNaN) to
1379             mark holes. Holes, in this context, are any entries in the allocated array buffer
1380             (i.e. from index 0 up to the vectorLength) that don't currently hold a value. Popping
1381             creates a hole, since it deletes the value at publicLength - 1.
1382             
1383             But, because of some sloppy copy-and-paste, we were storing (int64_t)0 when creating
1384             the hole, instead of storing QNaN. That's likely because for other kinds of arrays,
1385             64-bit zero is the hole marker, instead of QNaN.
1386             
1387             The attached test case illustrates the problem. In the LLInt and Baseline JIT, the
1388             result returned from foo() is "1.5,2.5,,4.5", since array.pop() removes 3.5 and
1389             replaces it with a hole and then the assignment "array[3] = 4.5" creates an element
1390             just beyond that hole. But, once we tier-up to the DFG, the result previously became
1391             "1.5,2.5,0,4.5", which is wrong. The 0 appeared because the IEEE double
1392             interpretation of 64-bit zero is simply zero.
1393             
1394             This patch fixes that problem. Now the DFG agrees with the other engines.
1395             
1396             This patch also fixes style. For some reason that copy-pasted code wasn't even
1397             indented correctly.
1398     
1399             * dfg/DFGSpeculativeJIT64.cpp:
1400             (JSC::DFG::SpeculativeJIT::compile):
1401             * tests/stress/array-pop-double-hole.js: Added.
1402             (foo):
1403     
1404     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1405     
1406             FTL should support ArrayPush
1407             https://bugs.webkit.org/show_bug.cgi?id=127748
1408     
1409             Not reviewed, remove some debug code.
1410     
1411             * ftl/FTLLowerDFGToLLVM.cpp:
1412             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1413     
1414     2014-01-27  Filip Pizlo  <fpizlo@apple.com>
1415     
1416             FTL should support ArrayPush
1417             https://bugs.webkit.org/show_bug.cgi?id=127748
1418     
1419             Reviewed by Oliver Hunt.
1420     
1421             * ftl/FTLAbstractHeapRepository.h:
1422             (JSC::FTL::AbstractHeapRepository::forArrayType):
1423             * ftl/FTLCapabilities.cpp:
1424             (JSC::FTL::canCompile):
1425             * ftl/FTLIntrinsicRepository.h:
1426             * ftl/FTLLowerDFGToLLVM.cpp:
1427             (JSC::FTL::LowerDFGToLLVM::compileNode):
1428             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1429             * tests/stress/array-push-contiguous.js: Added.
1430             (foo):
1431             * tests/stress/array-push-double.js: Added.
1432             (foo):
1433     
1434     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1435     
1436             FTL should support ArrayPop
1437             https://bugs.webkit.org/show_bug.cgi?id=127749
1438     
1439             Reviewed by Geoffrey Garen.
1440     
1441             * ftl/FTLCapabilities.cpp:
1442             (JSC::FTL::canCompile):
1443             * ftl/FTLIntrinsicRepository.h:
1444             * ftl/FTLLowerDFGToLLVM.cpp:
1445             (JSC::FTL::LowerDFGToLLVM::compileNode):
1446             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1447             (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
1448             * tests/stress/array-pop-contiguous.js: Added.
1449             (foo):
1450             * tests/stress/array-pop-double.js: Added.
1451             (foo):
1452             * tests/stress/array-pop-int32.js: Added.
1453             (foo):
1454     
1455 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1456
1457         DFG::ByteCodeParser::m_dfgCodeBlock is sometimes uninitialized
1458         <rdar://problem/15939032>
1459
1460         Reviewed by Dan Bernstein.
1461
1462         * dfg/DFGByteCodeParser.cpp:
1463         (JSC::DFG::ByteCodeParser::parse):
1464
1465 2014-01-29  Geoffrey Garen  <ggaren@apple.com>
1466
1467         50% time on Dromaeo Selector * benchmark spent allocating oversized backing stores (but not in Chrome)
1468         https://bugs.webkit.org/show_bug.cgi?id=127879
1469
1470         Reviewed by Gavin Barraclough.
1471
1472         Let's not dynamically resize an array whose size is statically known,
1473         mmmkay?
1474
1475         * runtime/ArrayPrototype.cpp:
1476         (JSC::arrayProtoFuncConcat): Use nullptr to disambiguate vs the numeric
1477         argument.
1478
1479         (JSC::arrayProtoFuncSlice): The fix.
1480
1481         (JSC::arrayProtoFuncSort):
1482         (JSC::arrayProtoFuncSplice):
1483         (JSC::arrayProtoFuncFilter):
1484         (JSC::arrayProtoFuncMap): Use nullptr.
1485
1486 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1487
1488         Web Inspector: Run JSC Inspector EventLoop in a custom run loop mode to prevent default observers from running
1489         https://bugs.webkit.org/show_bug.cgi?id=127865
1490
1491         Reviewed by Geoffrey Garen.
1492
1493         When hitting a breakpoint in a JSContext Inspector we want to entirely
1494         pause the process and all access to the JSContext and only move forward
1495         based on debugger commands. Having the nested run loop run in a default
1496         mode allowed NSTimers scheduled on the thread to regularly run and
1497         evaluate code in the JSContext. Using a custom run loop mode gets us
1498         a bit closer to locking down the context. This doesn't handle scenarios
1499         where background threads also access the JSContext, but it handles the
1500         most common scenario.
1501
1502         * inspector/EventLoop.cpp:
1503         (Inspector::EventLoop::cycle):
1504
1505 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1506
1507         Web Inspector: Deadlock hitting breakpoint while inspecting JSContext
1508         https://bugs.webkit.org/show_bug.cgi?id=127864
1509
1510         Reviewed by Geoffrey Garen.
1511
1512         Temporarily drop the lock while we run the nested runloop.
1513
1514         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1515         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1516
1517 2014-01-28  Oliver Hunt  <oliver@apple.com>
1518
1519         Make DOM attributes appear to be faux accessor properties
1520         https://bugs.webkit.org/show_bug.cgi?id=127797
1521
1522         Reviewed by Michael Saboff.
1523
1524         Add flag so we can identify which properties should have the old
1525         custom property semantics vs. the new faux accessors. Update the
1526         inspector protocol accordingly.
1527
1528         These faux accessors produce descriptors with "get" and "set"
1529         properties, but both values are undefined so can't be used
1530         directly. A few custom properties actually require their
1531         existing magical behaviour, so we now have a flag to 
1532         distinguish the expected output.
1533
1534         * inspector/InjectedScriptSource.js:
1535         (.):
1536         * runtime/JSObject.cpp:
1537         (JSC::JSObject::getOwnPropertyDescriptor):
1538         * runtime/PropertyDescriptor.cpp:
1539         (JSC::PropertyDescriptor::setCustomDescriptor):
1540         * runtime/PropertyDescriptor.h:
1541         * runtime/PropertySlot.h:
1542
1543 2014-01-29  Beth Dakin  <bdakin@apple.com>
1544
1545         Build fix.
1546
1547         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1548         * llint/LowLevelInterpreter.cpp:
1549
1550 2014-01-29  Dan Bernstein  <mitz@apple.com>
1551
1552         Build fix.
1553
1554         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added a newline at the end of the
1555         file.
1556
1557 2014-01-28  Michael Saboff  <msaboff@apple.com>
1558
1559         Merge the jsCStack branch
1560         https://bugs.webkit.org/show_bug.cgi?id=127763
1561
1562         Reviewed by Mark Hahnenberg.
1563
1564         Changes from http://svn.webkit.org/repository/webkit/branches/jsCStack
1565         up to changeset 162958.
1566
1567 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1568
1569         Remove ENABLE(JAVASCRIPT_DEBUGGER) guards
1570         https://bugs.webkit.org/show_bug.cgi?id=127840
1571
1572         Reviewed by Mark Lam.
1573
1574         * inspector/scripts/CodeGeneratorInspector.py:
1575
1576 2014-01-28  Commit Queue  <commit-queue@webkit.org>
1577
1578         Unreviewed, rolling out r162987.
1579         http://trac.webkit.org/changeset/162987
1580         https://bugs.webkit.org/show_bug.cgi?id=127825
1581
1582         Broke Mountain Lion build (Requested by andersca on #webkit).
1583
1584         * inspector/InjectedScriptSource.js:
1585         (.):
1586         * runtime/JSObject.cpp:
1587         (JSC::JSObject::getOwnPropertyDescriptor):
1588         * runtime/PropertyDescriptor.cpp:
1589         * runtime/PropertyDescriptor.h:
1590         * runtime/PropertySlot.h:
1591
1592 2014-01-28  Oliver Hunt  <oliver@apple.com>
1593
1594         Make DOM attributes appear to be faux accessor properties
1595         https://bugs.webkit.org/show_bug.cgi?id=127797
1596
1597         Reviewed by Michael Saboff.
1598
1599         Add flag so we can identify which properties should have the old
1600         custom property semantics vs. the new faux accessors. Update the
1601         inspector protocol accordingly.
1602
1603         These faux accessors produce descriptors with "get" and "set"
1604         properties, but both values are undefined so can't be used
1605         directly. A few custom properties actually require their
1606         existing magical behaviour, so we now have a flag to 
1607         distinguish the expected output.
1608
1609         * inspector/InjectedScriptSource.js:
1610         (.):
1611         * runtime/JSObject.cpp:
1612         (JSC::JSObject::getOwnPropertyDescriptor):
1613         * runtime/PropertyDescriptor.cpp:
1614         (JSC::PropertyDescriptor::setCustomDescriptor):
1615         * runtime/PropertyDescriptor.h:
1616         * runtime/PropertySlot.h:
1617
1618 2014-01-28  Mark Lam  <mark.lam@apple.com>
1619
1620         Remove some unneeded debugger code.
1621         https://bugs.webkit.org/show_bug.cgi?id=127805.
1622
1623         Reviewed by Oliver Hunt.
1624
1625         JSC will now always support the debugger. Hence, the #if ENABLE(JAVASCRIPT_DEBUGGER)
1626         checks can be removed.
1627
1628         DebuggerCallFrame::callFrame() is also unused and will be removed.
1629
1630         * debugger/Breakpoint.h:
1631         * debugger/Debugger.cpp:
1632         * debugger/DebuggerCallFrame.h:
1633         * inspector/InjectedScript.cpp:
1634         (Inspector::InjectedScript::wrapCallFrames):
1635         * inspector/InjectedScript.h:
1636         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1637         * inspector/JSGlobalObjectScriptDebugServer.h:
1638         * inspector/JSJavaScriptCallFrame.cpp:
1639         * inspector/JSJavaScriptCallFrame.h:
1640         * inspector/JSJavaScriptCallFramePrototype.cpp:
1641         * inspector/JSJavaScriptCallFramePrototype.h:
1642         * inspector/JavaScriptCallFrame.cpp:
1643         * inspector/JavaScriptCallFrame.h:
1644         * inspector/ScriptDebugListener.h:
1645         * inspector/ScriptDebugServer.cpp:
1646         * inspector/ScriptDebugServer.h:
1647         * inspector/agents/InspectorDebuggerAgent.cpp:
1648         * inspector/agents/InspectorDebuggerAgent.h:
1649         * inspector/agents/InspectorRuntimeAgent.cpp:
1650         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
1651         (Inspector::setPauseOnExceptionsState):
1652         (Inspector::InspectorRuntimeAgent::evaluate):
1653         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1654         (Inspector::InspectorRuntimeAgent::getProperties):
1655         * inspector/agents/InspectorRuntimeAgent.h:
1656
1657 2014-01-28  Geoffrey Garen  <ggaren@apple.com>
1658
1659         REGRESSION: JavascriptCore crash during OS Installation (due to
1660         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1661         https://bugs.webkit.org/show_bug.cgi?id=127793
1662
1663         Reviewed by Mark Hahnenberg.
1664
1665         This was a mistaken ASSERT.
1666
1667         * API/tests/testapi.mm:
1668         (-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
1669         that GC from a DelayedReleaseScope doesn't crash.
1670
1671         * heap/DelayedReleaseScope.h:
1672         (JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
1673         it is valid to do anything while running a DelayedReleaseScope -dealloc
1674         method, so the Heap must be ready for new allocations and collections.
1675
1676         Change the Heap's operationInProgress value to NoOperation while running
1677         -dealloc methods, so that it doesn't ASSERT in the face of new allocations
1678         and collections.
1679
1680         * heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
1681         for m_operationInProgress seemed like the worse of the two options for
1682         encapsulation: we don't really want arbitrary clients to set the Heap's
1683         m_operationInProgress.
1684
1685 2014-01-28  Mark Lam  <mark.lam@apple.com>
1686
1687         Jettison DFG code when neither breakpoints or the profiler are active.
1688         <https://webkit.org/b/127766>
1689
1690         Reviewed by Geoffrey Garen.
1691
1692         We need to jettison the DFG CodeBlocks under the following circumstances:
1693         1. When adding breakpoints to a CodeBlock, jettison it if it is a DFG CodeBlock.
1694         2. When enabling stepping mode in a CodeBlock, jettison it if it a DFG CodeBlock.
1695         3. When settign the enabled profiler in the VM, we need to jettison all DFG
1696            CodeBlocks.
1697
1698         Instead of emitting speculation checks, the DFG code will now treat Breakpoint,
1699         ProfileWillCall, and ProfileDidCall as no-ops similar to a Phantom node. We
1700         still need to track these nodes so that they match the corresponding opcodes
1701         in the baseline JIT when we jettison and OSR exit. Without them, we would OSR
1702         exit to the wrong location in the baseline JIT code.
1703
1704         In DFGDriver's compileImpl() and DFGPlan's finalizeWithoutNotifyingCallback()
1705         we fail the compilation effort with a CompilationInvalidated result. This allows
1706         the DFG compiler to re-attampt the compilation of the function after some time
1707         if it is hot. The CompilationInvalidated result is supposed to cause the DFG
1708         to exercise an exponential back off before re-attempting compilation again
1709         (see runtime/CompilationResult.h).
1710
1711         This patch improves the Octane score from ~2950 to ~3067.
1712
1713         * bytecode/CodeBlock.cpp:
1714         (JSC::CodeBlock::addBreakpoint):
1715         (JSC::CodeBlock::setSteppingMode):
1716         * bytecode/CodeBlock.h:
1717         * debugger/Debugger.h:
1718         * dfg/DFGAbstractInterpreterInlines.h:
1719         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1720         * dfg/DFGClobberize.h:
1721         (JSC::DFG::clobberize):
1722         * dfg/DFGDriver.cpp:
1723         (JSC::DFG::compileImpl):
1724         * dfg/DFGPlan.cpp:
1725         (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
1726         * dfg/DFGSpeculativeJIT32_64.cpp:
1727         (JSC::DFG::SpeculativeJIT::compile):
1728         * dfg/DFGSpeculativeJIT64.cpp:
1729         (JSC::DFG::SpeculativeJIT::compile):
1730         * profiler/LegacyProfiler.cpp:
1731         (JSC::LegacyProfiler::startProfiling):
1732         (JSC::LegacyProfiler::stopProfiling):
1733         * runtime/VM.cpp:
1734         (JSC::VM::VM):
1735         (JSC::SetEnabledProfilerFunctor::operator()):
1736         (JSC::VM::setEnabledProfiler):
1737         * runtime/VM.h:
1738         (JSC::VM::enabledProfiler):
1739
1740 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1741
1742         -[JSContext evaluteScript:] calls JSEvaluteScript with startingLineNumber 0, later interpreted as a oneBasedInt
1743         https://bugs.webkit.org/show_bug.cgi?id=127648
1744
1745         Reviewed by Geoffrey Garen.
1746
1747         The actual bug being fixed here is that the line number for
1748         scripts evaluated via the JSC APIs is now sane. However,
1749         there is no good infrastructure in place right now to test that.
1750
1751         * API/tests/testapi.c:
1752         (main):
1753         * API/tests/testapi.mm:
1754         (testObjectiveCAPI):
1755         Add tests for exception line numbers and handling of bad
1756         startingLineNumbers in public APIs. These tests were already
1757         passing, I just add them to make sure they are not regressed
1758         in the future.
1759
1760         * API/JSBase.cpp:
1761         (JSEvaluateScript):
1762         (JSCheckScriptSyntax):
1763         * API/JSBase.h:
1764         * API/JSObjectRef.cpp:
1765         (JSObjectMakeFunction):
1766         * API/JSObjectRef.h:
1767         * API/JSScriptRef.cpp:
1768         * API/JSScriptRefPrivate.h:
1769         * API/JSStringRef.h:
1770         - Clarify documentation that startingLineNumber is 1 based and clamped.
1771         - Add clamping in the implementation to put sane values into JSC::SourceProvider.
1772
1773         * inspector/agents/InspectorDebuggerAgent.cpp:
1774         (Inspector::InspectorDebuggerAgent::didParseSource):
1775         Remove the FIXME now that the SourceProvider is giving us expected values.
1776
1777 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1778
1779         Web Inspector: CRASH when debugger closes remote inspecting JSContext
1780         https://bugs.webkit.org/show_bug.cgi?id=127738
1781
1782         Reviewed by Timothy Hatcher.
1783
1784         RemoteInspectorXPCConnection could be accessed in a background dispatch
1785         queue, while being deallocated on the main thread when a connection
1786         was suddenly terminated.
1787
1788         Make RemoteInspectorXPCConnection a ThreadSafeRefCounted object. Always
1789         keep the connection object ref'd until the main thread calls close()
1790         and removes its reference. At that point we can close the connection,
1791         queue, and deref safely on the background queue.
1792
1793         * inspector/remote/RemoteInspector.h:
1794         * inspector/remote/RemoteInspector.mm:
1795         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1796         (Inspector::RemoteInspector::xpcConnectionFailed):
1797         For simplicity RemoteInspectorXPCConnections's don't have any threading
1798         primatives to prevent client callbacks after they are closed. RemoteInspector
1799         does, so it just ignores possible callbacks from connections it no longer
1800         cares about.
1801
1802         * inspector/remote/RemoteInspectorXPCConnection.h:
1803         * inspector/remote/RemoteInspectorXPCConnection.mm:
1804         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
1805         (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
1806         (Inspector::RemoteInspectorXPCConnection::close):
1807         Keep the connection alive as long as the queue it can be used on
1808         is alive. Clean up everything on the queue when close() is called.
1809
1810         (Inspector::RemoteInspectorXPCConnection::handleEvent):
1811         Checking if closed here is not thread safe so it is meaningless.
1812         Remove the check.
1813
1814         (Inspector::RemoteInspectorXPCConnection::sendMessage):
1815         Bail based on the m_closed state.
1816
1817 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1818
1819         JavaScriptCore: Enable -Wimplicit-fallthrough and add FALLTHROUGH annotation where needed
1820         https://bugs.webkit.org/show_bug.cgi?id=127647
1821
1822         Reviewed by Anders Carlsson.
1823
1824         Explicitly annotate switch case fallthroughs in JavaScriptCore and
1825         enable warnings for unannotated fallthroughs.
1826
1827         * dfg/DFGArithMode.h:
1828         (doesOverflow):
1829         Only insert FALLTHROUGH in release builds. In debug builds, the
1830         FALLTHROUGH would be unreachable (due to the ASSERT_NOT_REACHED)
1831         and would through a warning.
1832
1833         * dfg/DFGSpeculativeJIT64.cpp:
1834         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
1835         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
1836         Due to the templatized nature of this function, a fallthrough
1837         in one of the template expansions would be unreachable. Disable
1838         the warning for this function.
1839
1840         * Configurations/Base.xcconfig:
1841         * bytecode/CodeBlock.cpp:
1842         (JSC::CodeBlock::CodeBlock):
1843         * dfg/DFGCFGSimplificationPhase.cpp:
1844         (JSC::DFG::CFGSimplificationPhase::run):
1845         * dfg/DFGValidate.cpp:
1846         (JSC::DFG::Validate::validateCPS):
1847         * parser/Lexer.cpp:
1848         (JSC::Lexer<T>::lex):
1849         * parser/Parser.cpp:
1850         (JSC::Parser<LexerType>::parseStatement):
1851         (JSC::Parser<LexerType>::parseProperty):
1852         * runtime/JSArray.cpp:
1853         (JSC::JSArray::push):
1854         * runtime/JSONObject.cpp:
1855         (JSC::Walker::walk):
1856         * runtime/JSObject.cpp:
1857         (JSC::JSObject::putByIndex):
1858         (JSC::JSObject::putByIndexBeyondVectorLength):
1859         * runtime/JSObject.h:
1860         (JSC::JSObject::setIndexQuickly):
1861         (JSC::JSObject::initializeIndex):
1862         * runtime/LiteralParser.cpp:
1863         (JSC::LiteralParser<CharType>::parse):
1864         * yarr/YarrInterpreter.cpp:
1865         (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
1866         (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
1867         * yarr/YarrParser.h:
1868         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
1869         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
1870         (JSC::Yarr::Parser::parseEscape):
1871         (JSC::Yarr::Parser::parseTokens):
1872
1873 2014-01-27  Andy Estes  <aestes@apple.com>
1874
1875         Scrub WebKit API headers of WTF macros
1876         https://bugs.webkit.org/show_bug.cgi?id=127706
1877
1878         Reviewed by David Kilzer.
1879
1880         * Configurations/FeatureDefines.xcconfig: Added ENABLE_INSPECTOR.
1881
1882 2014-01-27  Mark Lam  <mark.lam@apple.com>
1883
1884         Remove unused CodeBlock::createActivation().
1885         <https://webkit.org/b/127686>
1886
1887         Reviewed by Filip Pizlo.
1888
1889         * bytecode/CodeBlock.cpp:
1890         * bytecode/CodeBlock.h:
1891
1892 2014-01-26  Andreas Kling  <akling@apple.com>
1893
1894         JSC: Pack unlinked instructions harder.
1895         <https://webkit.org/b/127660>
1896
1897         Store UnlinkedCodeBlock's instructions in a variable-length stream
1898         to reduce memory usage. Compression rate ends up around 60-61%.
1899
1900         The format is very simple. Every instruction starts with a 1 byte
1901         opcode. It's followed by an opcode-dependent number of argument
1902         values, each encoded separately for maximum packing. There are
1903         7 packed value formats:
1904
1905             5-bit positive integer
1906             5-bit negative integer
1907             13-bit positive integer
1908             13-bit positive integer
1909             5-bit constant register index
1910             13-bit constant register index
1911             32-bit value (fallback)
1912
1913         27.5 MB progression on Membuster3. (~2% of total memory.)
1914
1915         Reviewed by Filip Pizlo.
1916
1917         * JavaScriptCore.xcodeproj/project.pbxproj:
1918         * bytecode/UnlinkedInstructionStream.h: Added.
1919         (JSC::UnlinkedInstructionStream::count):
1920         (JSC::UnlinkedInstructionStream::Reader::atEnd):
1921         * bytecode/UnlinkedInstructionStream.cpp: Added.
1922         (JSC::UnlinkedInstructionStream::Reader::Reader):
1923         (JSC::UnlinkedInstructionStream::Reader::read8):
1924         (JSC::UnlinkedInstructionStream::Reader::read32):
1925         (JSC::UnlinkedInstructionStream::Reader::next):
1926         (JSC::append8):
1927         (JSC::append32):
1928         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
1929         (JSC::UnlinkedInstructionStream::unpackForDebugging):
1930         * bytecompiler/BytecodeGenerator.cpp:
1931         * bytecode/CodeBlock.cpp:
1932         (JSC::CodeBlock::CodeBlock):
1933         * bytecode/UnlinkedCodeBlock.cpp:
1934         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1935         (JSC::dumpLineColumnEntry):
1936         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1937         (JSC::UnlinkedCodeBlock::setInstructions):
1938         (JSC::UnlinkedCodeBlock::instructions):
1939         * bytecode/UnlinkedCodeBlock.h:
1940         (JSC::BytecodeGenerator::generate):
1941
1942 2014-01-26  Joseph Pecoraro  <pecoraro@apple.com>
1943
1944         Web Inspector: Move InspectorDebuggerAgent into JavaScriptCore
1945         https://bugs.webkit.org/show_bug.cgi?id=127629
1946
1947         Rubber-stamped by Sam Weinig.
1948
1949         * CMakeLists.txt:
1950         * GNUmakefile.list.am:
1951         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1952         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1953         * JavaScriptCore.xcodeproj/project.pbxproj:
1954         - Add new files to the build.
1955         - Also, since non REMOTE_INSPECTOR ports cannot yet connect to a
1956           JSGlobalObject for inspection remove those files as they don't
1957           need to be built.
1958
1959         * inspector/EventLoop.cpp: Added.
1960         (Inspector::EventLoop::cycle):
1961         * inspector/EventLoop.h: Added.
1962         (Inspector::EventLoop::EventLoop):
1963         (Inspector::EventLoop::ended):
1964         Add a JavaScriptCore version of EventLoop. This is currently only
1965         used by the Mac port for JSGlobalObject remote inspection. Keep
1966         the WebCore/platform version alive because for the Mac port it does
1967         slightly different things involving AppKit.
1968
1969         * inspector/JSGlobalObjectInspectorController.cpp:
1970         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1971         Create DebuggerAgent and hook up ScriptDebugServer where needed.
1972
1973         * inspector/JSGlobalObjectScriptDebugServer.cpp: Added.
1974         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
1975         (Inspector::JSGlobalObjectScriptDebugServer::addListener):
1976         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
1977         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
1978         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1979         * inspector/JSGlobalObjectScriptDebugServer.h: Added.
1980         Simple implementation of ScriptDebugServer with a JSGlobalObject.
1981
1982         * inspector/agents/InspectorDebuggerAgent.cpp: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.cpp.
1983         * inspector/agents/InspectorDebuggerAgent.h: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.h.
1984         Copied from WebCore. A few methods need to be made virtual so that Web implementations
1985         can override and extend the funcitonality. E.g. sourceMapURLForScript and enable/disable.
1986         
1987         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp: Added.
1988         * inspector/agents/JSGlobalObjectDebuggerAgent.h: Added.
1989         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
1990         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer):
1991         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer):
1992         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
1993         Simple implementation of DebuggerAGent with a JSGlobalObject.
1994
1995 2014-01-25  Mark Lam  <mark.lam@apple.com>
1996
1997         Gardening: fix build breakage from previous commit.
1998
1999         Not reviewed.
2000
2001         * profiler/ProfileNode.cpp:
2002         (JSC::ProfileNode::debugPrintData):
2003         - Removed obsolete references to "visible" timers.
2004
2005 2014-01-25  Timothy Hatcher  <timothy@apple.com>
2006
2007         Remove dead code from the JSC profiler.
2008
2009         https://bugs.webkit.org/show_bug.cgi?id=127643
2010
2011         Reviewed by Mark Lam.
2012
2013         * profiler/Profile.cpp:
2014         * profiler/Profile.h:
2015         * profiler/ProfileGenerator.cpp:
2016         (JSC::ProfileGenerator::stopProfiling):
2017         * profiler/ProfileNode.cpp:
2018         (JSC::ProfileNode::ProfileNode):
2019         (JSC::ProfileNode::stopProfiling):
2020         (JSC::ProfileNode::endAndRecordCall):
2021         (JSC::ProfileNode::debugPrintData):
2022         (JSC::ProfileNode::debugPrintDataSampleStyle):
2023         * profiler/ProfileNode.h:
2024         (JSC::ProfileNode::totalTime):
2025         (JSC::ProfileNode::setTotalTime):
2026         (JSC::ProfileNode::selfTime):
2027         (JSC::ProfileNode::setSelfTime):
2028         (JSC::ProfileNode::totalPercent):
2029         (JSC::ProfileNode::selfPercent):
2030         Remove support for things like focus and exclude. The Inspector does those in JS now.
2031
2032 2014-01-25  Sam Weinig  <sam@webkit.org>
2033
2034         Remove unused support for DRAGGABLE_REGION
2035         https://bugs.webkit.org/show_bug.cgi?id=127642
2036
2037         Reviewed by Simon Fraser.
2038
2039         * Configurations/FeatureDefines.xcconfig:
2040
2041 2014-01-25  Darin Adler  <darin@apple.com>
2042
2043         Try to fix Mac build.
2044
2045         * runtime/DatePrototype.cpp: Put the include of <unicode/udat.h> inside
2046         a conditional since we don't have that header in our Mac build configuration.
2047
2048 2014-01-25  Darin Adler  <darin@apple.com>
2049
2050         Call deprecatedCharacters instead of characters at more call sites
2051         https://bugs.webkit.org/show_bug.cgi?id=127631
2052
2053         Reviewed by Sam Weinig.
2054
2055         * API/JSValueRef.cpp:
2056         (JSValueMakeFromJSONString):
2057         * API/OpaqueJSString.cpp:
2058         (OpaqueJSString::~OpaqueJSString):
2059         * bindings/ScriptValue.cpp:
2060         (Deprecated::jsToInspectorValue):
2061         * inspector/ContentSearchUtilities.cpp:
2062         (Inspector::ContentSearchUtilities::createSearchRegexSource):
2063         * inspector/InspectorValues.cpp:
2064         * runtime/Identifier.h:
2065         (JSC::Identifier::deprecatedCharacters):
2066         * runtime/JSStringBuilder.h:
2067         (JSC::JSStringBuilder::append):
2068         Use the new name.
2069
2070 2014-01-25  Darin Adler  <darin@apple.com>
2071
2072         Get rid of ICU_UNICODE and WCHAR_UNICODE remnants
2073         https://bugs.webkit.org/show_bug.cgi?id=127623
2074
2075         Reviewed by Anders Carlsson.
2076
2077         * runtime/DatePrototype.cpp: Removed USE(ICU_UNICODE) checks, since that's always true now.
2078
2079 2014-01-25  Darin Adler  <darin@apple.com>
2080
2081         [Mac] Rewrite locale-specific date formatting code to remove strange string creation
2082         https://bugs.webkit.org/show_bug.cgi?id=127624
2083
2084         Reviewed by Anders Carlsson.
2085
2086         * runtime/DatePrototype.cpp:
2087         (JSC::formatLocaleDate): Use some smart pointers and conversion operators we already
2088         have to do the formatting in a more straightforward way.
2089
2090 2014-01-25  Anders Carlsson  <andersca@apple.com>
2091
2092         Remove atomicIncrement/atomicDecrement
2093         https://bugs.webkit.org/show_bug.cgi?id=127625
2094
2095         Reviewed by Andreas Kling.
2096
2097         Replace atomicIncrement/atomicDecrement with std::atomic.
2098
2099         * bytecode/Watchpoint.h:
2100         * ftl/FTLLowerDFGToLLVM.cpp:
2101         (JSC::FTL::LowerDFGToLLVM::lower):
2102         * profiler/ProfilerDatabase.cpp:
2103         (JSC::Profiler::Database::Database):
2104         (JSC::Profiler::Database::addDatabaseToAtExit):
2105
2106 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2107
2108         Web Inspector: Move InspectorRuntimeAgent into JavaScriptCore
2109         https://bugs.webkit.org/show_bug.cgi?id=127605
2110
2111         Reviewed by Timothy Hatcher.
2112
2113         * CMakeLists.txt:
2114         * GNUmakefile.list.am:
2115         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2116         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2117         * JavaScriptCore.xcodeproj/project.pbxproj:
2118         Add new files to the build.
2119
2120         * inspector/agents/InspectorRuntimeAgent.h: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.h.
2121         * inspector/agents/InspectorRuntimeAgent.cpp: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.cpp.
2122         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
2123         (Inspector::InspectorRuntimeAgent::parse):
2124         (Inspector::InspectorRuntimeAgent::evaluate):
2125         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2126         (Inspector::InspectorRuntimeAgent::getProperties):
2127         - Move the agent into JavaScriptCore.
2128         - Modernize and cleanup.
2129         - Make globalVM a pure virtual function for subclasses to implement.
2130
2131         * inspector/agents/JSGlobalObjectRuntimeAgent.h: Added.
2132         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp: Added.
2133         (Inspector::JSGlobalObjectRuntimeAgent::JSGlobalObjectRuntimeAgent):
2134         (Inspector::JSGlobalObjectRuntimeAgent::didCreateFrontendAndBackend):
2135         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
2136         (Inspector::JSGlobalObjectRuntimeAgent::globalVM):
2137         (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
2138         Straightforward JSGlobalObject implementation.
2139
2140         * inspector/JSGlobalObjectInspectorController.cpp:
2141         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2142         Add a runtime agent when inspecting a JSContext!
2143
2144 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2145
2146         Move JavaScriptCallFrame and ScriptDebugServer into JavaScriptCore for inspector
2147         https://bugs.webkit.org/show_bug.cgi?id=127543
2148
2149         Reviewed by Geoffrey Garen.
2150
2151         * CMakeLists.txt:
2152         * GNUmakefile.list.am:
2153         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2154         * JavaScriptCore.xcodeproj/project.pbxproj:
2155         Add new files.
2156
2157         * inspector/ScriptDebugListener.h:
2158         Extract WebCore knowledge from ScriptDebugServer. This will
2159         eventually be made to work outside of WebCore.
2160
2161         * inspector/ScriptDebugServer.h: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.h.
2162         * inspector/ScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.cpp.
2163         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
2164         (Inspector::ScriptDebugServer::dispatchDidPause):
2165         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
2166         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
2167         (Inspector::ScriptDebugServer::sourceParsed):
2168         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
2169         (Inspector::ScriptDebugServer::handlePause):
2170         Modernize code, and call the new ScriptDebugListener callbacks where appropriate.
2171
2172         * inspector/JSJavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp.
2173         (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
2174         (Inspector::JSJavaScriptCallFrame::finishCreation):
2175         (Inspector::JSJavaScriptCallFrame::createPrototype):
2176         (Inspector::JSJavaScriptCallFrame::destroy):
2177         (Inspector::JSJavaScriptCallFrame::releaseImpl):
2178         (Inspector::JSJavaScriptCallFrame::~JSJavaScriptCallFrame):
2179         (Inspector::JSJavaScriptCallFrame::evaluate):
2180         (Inspector::JSJavaScriptCallFrame::scopeType):
2181         (Inspector::JSJavaScriptCallFrame::caller):
2182         (Inspector::JSJavaScriptCallFrame::sourceID):
2183         (Inspector::JSJavaScriptCallFrame::line):
2184         (Inspector::JSJavaScriptCallFrame::column):
2185         (Inspector::JSJavaScriptCallFrame::functionName):
2186         (Inspector::JSJavaScriptCallFrame::scopeChain):
2187         (Inspector::JSJavaScriptCallFrame::thisObject):
2188         (Inspector::JSJavaScriptCallFrame::type):
2189         (Inspector::toJS):
2190         (Inspector::toJSJavaScriptCallFrame):
2191         * inspector/JSJavaScriptCallFrame.h: Added.
2192         (Inspector::JSJavaScriptCallFrame::createStructure):
2193         (Inspector::JSJavaScriptCallFrame::create):
2194         (Inspector::JSJavaScriptCallFrame::impl):
2195         * inspector/JSJavaScriptCallFramePrototype.cpp: Added.
2196         (Inspector::JSJavaScriptCallFramePrototype::finishCreation):
2197         (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
2198         (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeType):
2199         (Inspector::jsJavaScriptCallFrameAttributeCaller):
2200         (Inspector::jsJavaScriptCallFrameAttributeSourceID):
2201         (Inspector::jsJavaScriptCallFrameAttributeLine):
2202         (Inspector::jsJavaScriptCallFrameAttributeColumn):
2203         (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
2204         (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
2205         (Inspector::jsJavaScriptCallFrameAttributeThisObject):
2206         (Inspector::jsJavaScriptCallFrameAttributeType):
2207         (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE):
2208         (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE):
2209         (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE):
2210         (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE):
2211         (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE):
2212         * inspector/JSJavaScriptCallFramePrototype.h: Added.
2213         (Inspector::JSJavaScriptCallFramePrototype::create):
2214         (Inspector::JSJavaScriptCallFramePrototype::createStructure):
2215         (Inspector::JSJavaScriptCallFramePrototype::JSJavaScriptCallFramePrototype):
2216         * inspector/JavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.cpp.
2217         (Inspector::JavaScriptCallFrame::caller):
2218         * inspector/JavaScriptCallFrame.h: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.h.
2219         Port of JavaScriptCallFrame.idl to a set of native JS classes.
2220
2221 2014-01-24  Mark Lam  <mark.lam@apple.com>
2222
2223         DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
2224         <https://webkit.org/b/127600>
2225
2226         Reviewed by Oliver Hunt.
2227
2228         In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
2229         is passed in is bad, it will fail to create an Executable i.e.
2230         EvalExecutable::create() returns a null pointer. However,
2231         DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
2232         exception and proceeded to execute the null pointer as an Executable.
2233         A crash ensues.
2234
2235         Now, if an exception is detected while creating the Executable, we
2236         abort instead.
2237
2238         * debugger/DebuggerCallFrame.cpp:
2239         (JSC::DebuggerCallFrame::evaluateWithCallFrame):
2240
2241 2014-01-24  Oliver Hunt  <oliver@apple.com>
2242
2243         Put functions need to take a base object and a this value, and perform type checks on |this|
2244         https://bugs.webkit.org/show_bug.cgi?id=127594
2245
2246         Reviewed by Geoffrey Garen.
2247
2248         Change the signature for static setter functions, and update uses
2249
2250         * create_hash_table:
2251         * runtime/Lookup.h:
2252         (JSC::putEntry):
2253         * runtime/PutPropertySlot.h:
2254         * runtime/RegExpConstructor.cpp:
2255         (JSC::setRegExpConstructorInput):
2256         (JSC::setRegExpConstructorMultiline):
2257
2258 2014-01-24  Oliver Hunt  <oliver@apple.com>
2259
2260         Generic JSObject::put should handle static properties in the classinfo hierarchy
2261         https://bugs.webkit.org/show_bug.cgi?id=127523
2262
2263         Reviewed by Geoffrey Garen.
2264
2265         This patch makes JSObject::put correctly call static setters
2266         defined by the ClassInfo.
2267
2268         To make this not clobber performance, the ClassInfo HashTable
2269         now includes a flag to indicate that it contains setters. This
2270         required updating the lut generator so that it tracked (and emitted)
2271         this.
2272
2273         The rest of the change was making a number of the methods take
2274         a VM rather than an ExecState*, so that Structure could set the
2275         getter/setter flags during construction (if necessary).
2276
2277         This also means most objects do not need to perform a lookupPut
2278         manually anymore, so most custom ::put's are no longer needed.
2279         DOMWindow is the only exception as it has interesting security
2280         related semantics.
2281
2282         * create_hash_table:
2283         * interpreter/CallFrame.h:
2284         (JSC::ExecState::arrayConstructorTable):
2285         (JSC::ExecState::arrayPrototypeTable):
2286         (JSC::ExecState::booleanPrototypeTable):
2287         (JSC::ExecState::dataViewTable):
2288         (JSC::ExecState::dateTable):
2289         (JSC::ExecState::dateConstructorTable):
2290         (JSC::ExecState::errorPrototypeTable):
2291         (JSC::ExecState::globalObjectTable):
2292         (JSC::ExecState::jsonTable):
2293         (JSC::ExecState::numberConstructorTable):
2294         (JSC::ExecState::numberPrototypeTable):
2295         (JSC::ExecState::objectConstructorTable):
2296         (JSC::ExecState::privateNamePrototypeTable):
2297         (JSC::ExecState::regExpTable):
2298         (JSC::ExecState::regExpConstructorTable):
2299         (JSC::ExecState::regExpPrototypeTable):
2300         (JSC::ExecState::stringConstructorTable):
2301         (JSC::ExecState::promisePrototypeTable):
2302         (JSC::ExecState::promiseConstructorTable):
2303         * runtime/ArrayConstructor.cpp:
2304         (JSC::ArrayConstructor::getOwnPropertySlot):
2305         * runtime/ArrayPrototype.cpp:
2306         (JSC::ArrayPrototype::getOwnPropertySlot):
2307         * runtime/BooleanPrototype.cpp:
2308         (JSC::BooleanPrototype::getOwnPropertySlot):
2309         * runtime/ClassInfo.h:
2310         (JSC::ClassInfo::propHashTable):
2311         * runtime/DateConstructor.cpp:
2312         (JSC::DateConstructor::getOwnPropertySlot):
2313         * runtime/DatePrototype.cpp:
2314         (JSC::DatePrototype::getOwnPropertySlot):
2315         * runtime/ErrorPrototype.cpp:
2316         (JSC::ErrorPrototype::getOwnPropertySlot):
2317         * runtime/JSDataViewPrototype.cpp:
2318         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2319         * runtime/JSGlobalObject.cpp:
2320         (JSC::JSGlobalObject::getOwnPropertySlot):
2321         * runtime/JSONObject.cpp:
2322         (JSC::JSONObject::getOwnPropertySlot):
2323         * runtime/JSObject.cpp:
2324         (JSC::JSObject::put):
2325         (JSC::JSObject::deleteProperty):
2326         * runtime/JSPromiseConstructor.cpp:
2327         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2328         * runtime/JSPromisePrototype.cpp:
2329         (JSC::JSPromisePrototype::getOwnPropertySlot):
2330         * runtime/Lookup.h:
2331         (JSC::HashTable::copy):
2332         (JSC::putEntry):
2333         (JSC::lookupPut):
2334         * runtime/NamePrototype.cpp:
2335         (JSC::NamePrototype::getOwnPropertySlot):
2336         * runtime/NumberConstructor.cpp:
2337         (JSC::NumberConstructor::getOwnPropertySlot):
2338         * runtime/NumberConstructor.h:
2339         * runtime/NumberPrototype.cpp:
2340         (JSC::NumberPrototype::getOwnPropertySlot):
2341         * runtime/ObjectConstructor.cpp:
2342         (JSC::ObjectConstructor::getOwnPropertySlot):
2343         * runtime/RegExpConstructor.cpp:
2344         (JSC::RegExpConstructor::getOwnPropertySlot):
2345         * runtime/RegExpConstructor.h:
2346         * runtime/RegExpObject.cpp:
2347         (JSC::RegExpObject::getOwnPropertySlot):
2348         (JSC::RegExpObject::put):
2349         * runtime/RegExpPrototype.cpp:
2350         (JSC::RegExpPrototype::getOwnPropertySlot):
2351         * runtime/StringConstructor.cpp:
2352         (JSC::StringConstructor::getOwnPropertySlot):
2353         * runtime/Structure.cpp:
2354         (JSC::Structure::Structure):
2355         (JSC::Structure::freezeTransition):
2356         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2357
2358 2014-01-24  Commit Queue  <commit-queue@webkit.org>
2359
2360         Unreviewed, rolling out r162713.
2361         http://trac.webkit.org/changeset/162713
2362         https://bugs.webkit.org/show_bug.cgi?id=127593
2363
2364         broke media/network-no-source-const-shadow (Requested by
2365         thorton on #webkit).
2366
2367         * create_hash_table:
2368         * interpreter/CallFrame.h:
2369         (JSC::ExecState::arrayConstructorTable):
2370         (JSC::ExecState::arrayPrototypeTable):
2371         (JSC::ExecState::booleanPrototypeTable):
2372         (JSC::ExecState::dataViewTable):
2373         (JSC::ExecState::dateTable):
2374         (JSC::ExecState::dateConstructorTable):
2375         (JSC::ExecState::errorPrototypeTable):
2376         (JSC::ExecState::globalObjectTable):
2377         (JSC::ExecState::jsonTable):
2378         (JSC::ExecState::numberConstructorTable):
2379         (JSC::ExecState::numberPrototypeTable):
2380         (JSC::ExecState::objectConstructorTable):
2381         (JSC::ExecState::privateNamePrototypeTable):
2382         (JSC::ExecState::regExpTable):
2383         (JSC::ExecState::regExpConstructorTable):
2384         (JSC::ExecState::regExpPrototypeTable):
2385         (JSC::ExecState::stringConstructorTable):
2386         (JSC::ExecState::promisePrototypeTable):
2387         (JSC::ExecState::promiseConstructorTable):
2388         * runtime/ArrayConstructor.cpp:
2389         (JSC::ArrayConstructor::getOwnPropertySlot):
2390         * runtime/ArrayPrototype.cpp:
2391         (JSC::ArrayPrototype::getOwnPropertySlot):
2392         * runtime/BooleanPrototype.cpp:
2393         (JSC::BooleanPrototype::getOwnPropertySlot):
2394         * runtime/ClassInfo.h:
2395         (JSC::ClassInfo::propHashTable):
2396         * runtime/DateConstructor.cpp:
2397         (JSC::DateConstructor::getOwnPropertySlot):
2398         * runtime/DatePrototype.cpp:
2399         (JSC::DatePrototype::getOwnPropertySlot):
2400         * runtime/ErrorPrototype.cpp:
2401         (JSC::ErrorPrototype::getOwnPropertySlot):
2402         * runtime/JSDataViewPrototype.cpp:
2403         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2404         * runtime/JSGlobalObject.cpp:
2405         (JSC::JSGlobalObject::getOwnPropertySlot):
2406         * runtime/JSONObject.cpp:
2407         (JSC::JSONObject::getOwnPropertySlot):
2408         * runtime/JSObject.cpp:
2409         (JSC::JSObject::put):
2410         (JSC::JSObject::deleteProperty):
2411         * runtime/JSPromiseConstructor.cpp:
2412         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2413         * runtime/JSPromisePrototype.cpp:
2414         (JSC::JSPromisePrototype::getOwnPropertySlot):
2415         * runtime/Lookup.h:
2416         (JSC::HashTable::copy):
2417         (JSC::putEntry):
2418         (JSC::lookupPut):
2419         * runtime/NamePrototype.cpp:
2420         (JSC::NamePrototype::getOwnPropertySlot):
2421         * runtime/NumberConstructor.cpp:
2422         (JSC::NumberConstructor::getOwnPropertySlot):
2423         (JSC::NumberConstructor::put):
2424         * runtime/NumberConstructor.h:
2425         * runtime/NumberPrototype.cpp:
2426         (JSC::NumberPrototype::getOwnPropertySlot):
2427         * runtime/ObjectConstructor.cpp:
2428         (JSC::ObjectConstructor::getOwnPropertySlot):
2429         * runtime/RegExpConstructor.cpp:
2430         (JSC::RegExpConstructor::getOwnPropertySlot):
2431         (JSC::RegExpConstructor::put):
2432         * runtime/RegExpConstructor.h:
2433         * runtime/RegExpObject.cpp:
2434         (JSC::RegExpObject::getOwnPropertySlot):
2435         (JSC::RegExpObject::put):
2436         * runtime/RegExpPrototype.cpp:
2437         (JSC::RegExpPrototype::getOwnPropertySlot):
2438         * runtime/StringConstructor.cpp:
2439         (JSC::StringConstructor::getOwnPropertySlot):
2440         * runtime/Structure.cpp:
2441         (JSC::Structure::Structure):
2442         (JSC::Structure::freezeTransition):
2443
2444 2014-01-24  Mark Lam  <mark.lam@apple.com>
2445
2446         ASSERT(!m_markedSpace.m_currentDelayedReleaseScope) reloading page in inspector.
2447         <https://webkit.org/b/127582>
2448
2449         Reviewed by Mark Hahnenberg.
2450
2451         1. We should not enter a HeapIterationScope when we iterate the CodeBlocks.
2452            Apparently, iterating the CodeBlocks does not count as heap iteration.
2453
2454         2. If we're detaching the debugger due to the JSGlobalObject destructing,
2455            then we don't need to clear the debugger requests in the associated
2456            CodeBlocks. The JSGlobalObject destructing would mean that those
2457            CodeBlocks would be destructing too, and it may not be safe to access
2458            them anyway at this point.
2459
2460         The assertion failure is because we had entered a HeapIterationScope
2461         while the JSGlobalObject is destructing, which in turn means that GC
2462         sweeping is in progress. It's not legal to iterate the heap while the GC
2463         is sweeping. Once we fixed the above 2 issues, we will no longer have
2464         the conditions that manifests this assertion failure.
2465
2466         * debugger/Debugger.cpp:
2467         (JSC::Debugger::detach):
2468         (JSC::Debugger::setSteppingMode):
2469         (JSC::Debugger::toggleBreakpoint):
2470         (JSC::Debugger::clearBreakpoints):
2471         (JSC::Debugger::clearDebuggerRequests):
2472         * debugger/Debugger.h:
2473         * runtime/JSGlobalObject.cpp:
2474         (JSC::JSGlobalObject::~JSGlobalObject):
2475
2476 2014-01-24  Brent Fulgham  <bfulgham@apple.com>
2477
2478         [Win] Convert some NMake files to MSBuild project files
2479         https://bugs.webkit.org/show_bug.cgi?id=127579
2480
2481         Reviewed by Tim Horton.
2482
2483         * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
2484         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.
2485
2486 2014-01-24  Mark Lam  <mark.lam@apple.com>
2487
2488         Fixed a bad assertion in CodeBlock::removeBreakpoint().
2489         <https://webkit.org/b/127581>
2490
2491         Reviewed by Joseph Pecoraro.
2492
2493         * bytecode/CodeBlock.h:
2494         (JSC::CodeBlock::removeBreakpoint):
2495
2496 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2497
2498         fast/profiler tests ASSERTing after moving recompileAllJSFunctions off a timer
2499         https://bugs.webkit.org/show_bug.cgi?id=127566
2500
2501         Reviewed by Oliver Hunt.
2502
2503         Make the VM handle recompilation as soon as possible after it is requested.
2504
2505         * debugger/Debugger.cpp:
2506         (JSC::Debugger::recompileAllJSFunctions):
2507         When in a JavaScript stack, mark for recompilation when possible.
2508
2509         * runtime/VMEntryScope.h:
2510         (JSC::VMEntryScope::setRecompilationNeeded):
2511         * runtime/VMEntryScope.cpp:
2512         (JSC::VMEntryScope::VMEntryScope):
2513         (JSC::VMEntryScope::~VMEntryScope):
2514         Handle recompilation when the top VMEntryScope is popped.
2515         Pass the needs recompilation flag up the stack if needed.
2516
2517 2014-01-24  Oliver Hunt  <oliver@apple.com>
2518
2519         Generic JSObject::put should handle static properties in the classinfo hierarchy
2520         https://bugs.webkit.org/show_bug.cgi?id=127523
2521
2522         Reviewed by Geoffrey Garen.
2523
2524         This patch makes JSObject::put correctly call static setters
2525         defined by the ClassInfo.
2526
2527         To make this not clobber performance, the ClassInfo HashTable
2528         now includes a flag to indicate that it contains setters. This
2529         required updating the lut generator so that it tracked (and emitted)
2530         this.
2531
2532         The rest of the change was making a number of the methods take
2533         a VM rather than an ExecState*, so that Structure could set the
2534         getter/setter flags during construction (if necessary).
2535
2536         This also means most objects do not need to perform a lookupPut
2537         manually anymore, so most custom ::put's are no longer needed.
2538         DOMWindow is the only exception as it has interesting security
2539         related semantics.
2540
2541         * create_hash_table:
2542         * interpreter/CallFrame.h:
2543         (JSC::ExecState::arrayConstructorTable):
2544         (JSC::ExecState::arrayPrototypeTable):
2545         (JSC::ExecState::booleanPrototypeTable):
2546         (JSC::ExecState::dataViewTable):
2547         (JSC::ExecState::dateTable):
2548         (JSC::ExecState::dateConstructorTable):
2549         (JSC::ExecState::errorPrototypeTable):
2550         (JSC::ExecState::globalObjectTable):
2551         (JSC::ExecState::jsonTable):
2552         (JSC::ExecState::numberConstructorTable):
2553         (JSC::ExecState::numberPrototypeTable):
2554         (JSC::ExecState::objectConstructorTable):
2555         (JSC::ExecState::privateNamePrototypeTable):
2556         (JSC::ExecState::regExpTable):
2557         (JSC::ExecState::regExpConstructorTable):
2558         (JSC::ExecState::regExpPrototypeTable):
2559         (JSC::ExecState::stringConstructorTable):
2560         (JSC::ExecState::promisePrototypeTable):
2561         (JSC::ExecState::promiseConstructorTable):
2562         * runtime/ArrayConstructor.cpp:
2563         (JSC::ArrayConstructor::getOwnPropertySlot):
2564         * runtime/ArrayPrototype.cpp:
2565         (JSC::ArrayPrototype::getOwnPropertySlot):
2566         * runtime/BooleanPrototype.cpp:
2567         (JSC::BooleanPrototype::getOwnPropertySlot):
2568         * runtime/ClassInfo.h:
2569         (JSC::ClassInfo::propHashTable):
2570         * runtime/DateConstructor.cpp:
2571         (JSC::DateConstructor::getOwnPropertySlot):
2572         * runtime/DatePrototype.cpp:
2573         (JSC::DatePrototype::getOwnPropertySlot):
2574         * runtime/ErrorPrototype.cpp:
2575         (JSC::ErrorPrototype::getOwnPropertySlot):
2576         * runtime/JSDataViewPrototype.cpp:
2577         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2578         * runtime/JSGlobalObject.cpp:
2579         (JSC::JSGlobalObject::getOwnPropertySlot):
2580         * runtime/JSONObject.cpp:
2581         (JSC::JSONObject::getOwnPropertySlot):
2582         * runtime/JSObject.cpp:
2583         (JSC::JSObject::put):
2584         (JSC::JSObject::deleteProperty):
2585         * runtime/JSPromiseConstructor.cpp:
2586         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2587         * runtime/JSPromisePrototype.cpp:
2588         (JSC::JSPromisePrototype::getOwnPropertySlot):
2589         * runtime/Lookup.h:
2590         (JSC::HashTable::copy):
2591         (JSC::putEntry):
2592         (JSC::lookupPut):
2593         * runtime/NamePrototype.cpp:
2594         (JSC::NamePrototype::getOwnPropertySlot):
2595         * runtime/NumberConstructor.cpp:
2596         (JSC::NumberConstructor::getOwnPropertySlot):
2597         * runtime/NumberConstructor.h:
2598         * runtime/NumberPrototype.cpp:
2599         (JSC::NumberPrototype::getOwnPropertySlot):
2600         * runtime/ObjectConstructor.cpp:
2601         (JSC::ObjectConstructor::getOwnPropertySlot):
2602         * runtime/RegExpConstructor.cpp:
2603         (JSC::RegExpConstructor::getOwnPropertySlot):
2604         * runtime/RegExpConstructor.h:
2605         * runtime/RegExpObject.cpp:
2606         (JSC::RegExpObject::getOwnPropertySlot):
2607         (JSC::RegExpObject::put):
2608         * runtime/RegExpPrototype.cpp:
2609         (JSC::RegExpPrototype::getOwnPropertySlot):
2610         * runtime/StringConstructor.cpp:
2611         (JSC::StringConstructor::getOwnPropertySlot):
2612         * runtime/Structure.cpp:
2613         (JSC::Structure::Structure):
2614         (JSC::Structure::freezeTransition):
2615         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2616
2617 2014-01-24  Mark Lam  <mark.lam@apple.com>
2618
2619         Skip op_profiler callbacks if !VM::m_enabledProfiler.
2620         https://bugs.webkit.org/show_bug.cgi?id=127567.
2621
2622         Reviewed by Geoffrey Garen.
2623
2624         The profiler may not be always active (recording). When it's not active
2625         (as in VM::m_enabledProfiler is null), then we might as well skip the
2626         op_profiler callbacks. The callbacks themselves were already previously
2627         gated by a VM::enabledProfiler() check. So, this change does not change
2628         any profiler behavior.
2629
2630         For the DFG, we'll turn the op_profiler handling into speculation checks
2631         and OSR exit to the baseline JIT if the profiler becomes active.
2632
2633         This brings the Octane score up to ~3000 from ~2840.
2634
2635         * dfg/DFGAbstractInterpreterInlines.h:
2636         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2637         * dfg/DFGByteCodeParser.cpp:
2638         (JSC::DFG::ByteCodeParser::parseBlock):
2639         * dfg/DFGClobberize.h:
2640         (JSC::DFG::clobberize):
2641         * dfg/DFGNodeType.h:
2642         * dfg/DFGSpeculativeJIT32_64.cpp:
2643         (JSC::DFG::SpeculativeJIT::compile):
2644         * dfg/DFGSpeculativeJIT64.cpp:
2645         (JSC::DFG::SpeculativeJIT::compile):
2646         * jit/JITOpcodes.cpp:
2647         (JSC::JIT::emit_op_profile_will_call):
2648         (JSC::JIT::emit_op_profile_did_call):
2649         * jit/JITOpcodes32_64.cpp:
2650         (JSC::JIT::emit_op_profile_will_call):
2651         (JSC::JIT::emit_op_profile_did_call):
2652         * llint/LowLevelInterpreter.asm:
2653         * runtime/VM.h:
2654         (JSC::VM::enabledProfilerAddress):
2655
2656 2014-01-24  Mark Lam  <mark.lam@apple.com>
2657
2658         Removing the need for Debugger* and m_shouldPause op_debug check.
2659         <https://webkit.org/b/127532>
2660
2661         Reviewed by Geoffrey Garen.
2662
2663         This patch replaces the checking of the Debugger::m_shouldPause flag
2664         with a procedure to set a SteppingMode flag on all CodeBlocks under
2665         the management of the debugger. This simplifies the op_debug checking
2666         logic in all the execution engines.
2667
2668         * bytecode/CodeBlock.cpp:
2669         * bytecode/CodeBlock.h:
2670         (JSC::CodeBlock::hasDebuggerRequests):
2671         (JSC::CodeBlock::debuggerRequestsAddress):
2672         (JSC::CodeBlock::setSteppingMode):
2673         (JSC::CodeBlock::clearDebuggerRequests):
2674         - CodeBlock::m_debuggerRequests is a union of m_numBreakpoints and the
2675           new m_steppingMode. The debugger can add/remove breakpoints to the
2676           CodeBlock as well as set the stepping mode. By having
2677           m_debuggerRequests as a union of the 2 bit fields, the op_debug code
2678           can now check if any of the 2 requests made on the CodeBlock is still
2679           in effect just by testing a single int.
2680
2681         * debugger/Debugger.cpp:
2682         (JSC::Debugger::Debugger):
2683         (JSC::Debugger::detach):
2684         - This was bug from before where I forgot to clear the CodeBlock
2685           breakpoints before detaching. We now take care of it by clearing all
2686           debugger requests made to the CodeBlock.
2687
2688         (JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
2689         (JSC::Debugger::SetSteppingModeFunctor::operator()):
2690         (JSC::Debugger::setSteppingMode):
2691         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
2692         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
2693         (JSC::Debugger::clearBreakpoints):
2694
2695         (JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
2696         (JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
2697         (JSC::Debugger::clearDebuggerRequests):
2698         - We need a distinct clearDebuggerRequests() from clearBreakpoints()
2699           because:
2700           1. When we detach a globalObject, we only want to clear the debugger
2701              requests in CodeBlocks from that global.
2702           2. Clearing the debugger requests in the CodeBlocks is not the same
2703              as clearing the breakpoints. The breakpoints are still in effect
2704              for the next time a globalObject is attached, or for other
2705              globalObjects that are still attached.
2706
2707         (JSC::Debugger::setPauseOnNextStatement):
2708         (JSC::Debugger::breakProgram):
2709         (JSC::Debugger::stepIntoStatement):
2710         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
2711         (JSC::Debugger::pauseIfNeeded):
2712         (JSC::Debugger::exception):
2713         (JSC::Debugger::willExecuteProgram):
2714         (JSC::Debugger::didReachBreakpoint):
2715         * debugger/Debugger.h:
2716         - We're always going to support the debugger. So, there's no longer
2717           a need to check ENABLE(JAVASCRIPT_DEBUGGER). Removed the unneeded code.
2718
2719         * dfg/DFGSpeculativeJIT32_64.cpp:
2720         (JSC::DFG::SpeculativeJIT::compile):
2721         * dfg/DFGSpeculativeJIT64.cpp:
2722         (JSC::DFG::SpeculativeJIT::compile):
2723         * interpreter/Interpreter.cpp:
2724         (JSC::Interpreter::debug):
2725         * jit/JITOpcodes.cpp:
2726         (JSC::JIT::emit_op_debug):
2727         * jit/JITOpcodes32_64.cpp:
2728         (JSC::JIT::emit_op_debug):
2729         * llint/LowLevelInterpreter.asm:
2730         * runtime/JSGlobalObject.h:
2731         (JSC::JSGlobalObject::setDebugger):
2732
2733 2014-01-24  Michael Saboff  <msaboff@apple.com>
2734
2735         ARM Offline assembler temporary register allocator has duplicate register when building fat binaries
2736         https://bugs.webkit.org/show_bug.cgi?id=127545
2737
2738         Reviewed by Mark Lam.
2739
2740         Eliminate the conditional addition of r11/r7 from getModifiedListARMCommon as the
2741         .concat will add the new register to ARM_EXTRA_GPRS.  If getModifiedListARMCommon is
2742         invoked a second time, there will be a second r11 or r7, which messes things up.
2743         Instead, r6 was added to ARM_EXTRA_GPRS.  r6 is currently an unused register.
2744
2745         * offlineasm/arm.rb:
2746
2747 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2748
2749         Move ContentSearchUtils, ScriptBreakpoint, and ScriptDebugListener into JavaScriptCore for inspector
2750         https://bugs.webkit.org/show_bug.cgi?id=127537
2751
2752         Reviewed by Timothy Hatcher.
2753
2754         * CMakeLists.txt:
2755         * GNUmakefile.list.am:
2756         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2757         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2758         * JavaScriptCore.xcodeproj/project.pbxproj:
2759         * inspector/ContentSearchUtilities.cpp: Renamed from Source/WebCore/inspector/ContentSearchUtils.cpp.
2760         (Inspector::ContentSearchUtilities::createSearchRegexSource):
2761         (Inspector::ContentSearchUtilities::sizetExtractor):
2762         (Inspector::ContentSearchUtilities::textPositionFromOffset):
2763         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
2764         (Inspector::ContentSearchUtilities::lineEndings):
2765         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2766         (Inspector::ContentSearchUtilities::createSearchRegex):
2767         (Inspector::ContentSearchUtilities::countRegularExpressionMatches):
2768         (Inspector::ContentSearchUtilities::searchInTextByLines):
2769         (Inspector::ContentSearchUtilities::scriptCommentPattern):
2770         (Inspector::ContentSearchUtilities::stylesheetCommentPattern):
2771         (Inspector::ContentSearchUtilities::findMagicComment):
2772         (Inspector::ContentSearchUtilities::findScriptSourceURL):
2773         (Inspector::ContentSearchUtilities::findScriptSourceMapURL):
2774         (Inspector::ContentSearchUtilities::findStylesheetSourceMapURL):
2775         * inspector/ContentSearchUtilities.h: Renamed from Source/WebCore/inspector/ContentSearchUtils.h.
2776         * inspector/ScriptBreakpoint.h: Renamed from Source/WebCore/inspector/ScriptBreakpoint.h.
2777         (Inspector::ScriptBreakpointAction::ScriptBreakpointAction):
2778         (Inspector::ScriptBreakpoint::ScriptBreakpoint):
2779         * inspector/ScriptDebugListener.h: Renamed from Source/WebCore/inspector/ScriptDebugListener.h.
2780         (Inspector::ScriptDebugListener::Script::Script):
2781         (Inspector::ScriptDebugListener::~ScriptDebugListener):
2782         * runtime/RegExp.cpp:
2783         (JSC::RegExp::match):
2784
2785 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2786
2787         Move RegularExpression into JavaScriptCore for inspector
2788         https://bugs.webkit.org/show_bug.cgi?id=127526
2789
2790         Reviewed by Geoffrey Garen.
2791
2792         Move RegularExpression into JavaScriptCore/yarr so it can
2793         be used later on by JavaScriptCore/inspector. Convert to
2794         the JSC::Yarr namespace.
2795
2796         * CMakeLists.txt:
2797         * GNUmakefile.list.am:
2798         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2799         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2800         * JavaScriptCore.xcodeproj/project.pbxproj:
2801         * yarr/RegularExpression.cpp: Renamed from Source/WebCore/platform/text/RegularExpression.cpp.
2802         (JSC::Yarr::RegularExpression::Private::create):
2803         (JSC::Yarr::RegularExpression::Private::Private):
2804         (JSC::Yarr::RegularExpression::Private::compile):
2805         (JSC::Yarr::RegularExpression::RegularExpression):
2806         (JSC::Yarr::RegularExpression::~RegularExpression):
2807         (JSC::Yarr::RegularExpression::operator=):
2808         (JSC::Yarr::RegularExpression::match):
2809         (JSC::Yarr::RegularExpression::searchRev):
2810         (JSC::Yarr::RegularExpression::matchedLength):
2811         (JSC::Yarr::replace):
2812         (JSC::Yarr::RegularExpression::isValid):
2813         * yarr/RegularExpression.h: Renamed from Source/WebCore/platform/text/RegularExpression.h.
2814
2815 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2816
2817         Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
2818         https://bugs.webkit.org/show_bug.cgi?id=127409
2819
2820         Reviewed by Geoffrey Garen.
2821
2822         * inspector/InspectorAgentBase.h:
2823         When disconnecting agents, provide a InspectorDisconnectReason for
2824         the disconnection. It could be that an inspector frontend is just
2825         disconnecting or that the inspected object is going away entirely
2826         and we can avoid doing some work.
2827
2828         * runtime/JSGlobalObjectDebuggable.h:
2829         * runtime/JSGlobalObjectDebuggable.cpp:
2830         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
2831         (JSC::JSGlobalObjectDebuggable::disconnect):
2832         (JSC::JSGlobalObjectDebuggable::disconnectInternal):
2833         Pass different reasons for the different disconnects.
2834
2835         * inspector/InspectorAgentRegistry.cpp:
2836         (Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend):
2837         * inspector/InspectorAgentRegistry.h:
2838         * inspector/JSGlobalObjectInspectorController.cpp:
2839         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
2840         * inspector/JSGlobalObjectInspectorController.h:
2841         * inspector/agents/InspectorAgent.cpp:
2842         (Inspector::InspectorAgent::willDestroyFrontendAndBackend):
2843         * inspector/agents/InspectorAgent.h:
2844         Pass InspectorDisconnectReason around where needed.
2845
2846 2014-01-23  Mark Lam  <mark.lam@apple.com>
2847
2848         Enable DFG for the Debugger and Profiler.
2849         <https://webkit.org/b/122847>
2850
2851         Reviewed by Geoffrey Garen.
2852
2853         In this patch, we implement DFG op_debug as a series of 3 checks:
2854         1. Check if the debugger pointer is non-null. This is needed in case
2855            the debugger has been detached but the DFG code is still running
2856            on the stack.
2857         2. Check if Debugger::m_shouldPause is true.
2858         3. Check if CodeBlock::m_numBreakpoints is non-zero.
2859
2860         These are the same 3 checks done in the LLINT and baselineJIT. But unlike
2861         the LLINT and baselineJIT, these DFG checks are implemented as
2862         speculationChecks. If the check fails, we OSR exit to the baselineJIT and
2863         let it do the work of servicing the op_debug callback.
2864
2865         Stepping through code in the debugger would work the same way. The top
2866         function being debugged has to be a LLINT or baselineJIT function because
2867         we would have OSR exited if there is a breakpoint in that function. When
2868         we step out of that function to its caller, we expect that the caller will
2869         call back to the debugger at the next op_debug. If the caller function is
2870         a DFG function, the op_debug site will fail its speculation check on
2871         Debugger::m_shouldPause and deopt into a baselineJIT function. Execution
2872         continues from there as usual, and the debugger gets its callback.
2873
2874         For the profile, op_profile_will_call and op_profile_did_call are
2875         implemented as simple runtime calls to service the profiler.
2876
2877         With this patch, Octane performance with the WebInspector open jump from
2878         ~2000 to ~2500 (25% progression).
2879
2880         * bytecode/CodeBlock.h:
2881         (JSC::CodeBlock::numBreakpointsAddress):
2882         * bytecode/ExitKind.cpp:
2883         (JSC::exitKindToString):
2884         * bytecode/ExitKind.h:
2885         * debugger/Debugger.cpp:
2886         (JSC::Debugger::toggleBreakpoint):
2887         - removed an obsolete assertion. The debugger can now handle DFG
2888           CodeBlocks too.
2889         * debugger/Debugger.h:
2890         * dfg/DFGAbstractInterpreterInlines.h:
2891         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2892         * dfg/DFGByteCodeParser.cpp:
2893         (JSC::DFG::ByteCodeParser::parseBlock):
2894         * dfg/DFGCapabilities.cpp:
2895         (JSC::DFG::capabilityLevel):
2896         * dfg/DFGClobberize.h:
2897         (JSC::DFG::clobberize):
2898         * dfg/DFGFixupPhase.cpp:
2899         (JSC::DFG::FixupPhase::fixupNode):
2900         * dfg/DFGNodeType.h:
2901         * dfg/DFGPredictionPropagationPhase.cpp:
2902         (JSC::DFG::PredictionPropagationPhase::propagate):
2903         * dfg/DFGSafeToExecute.h:
2904         (JSC::DFG::safeToExecute):
2905         * dfg/DFGSpeculativeJIT.h:
2906         (JSC::DFG::SpeculativeJIT::callOperation):
2907         * dfg/DFGSpeculativeJIT32_64.cpp:
2908         (JSC::DFG::SpeculativeJIT::compile):
2909         * dfg/DFGSpeculativeJIT64.cpp:
2910         (JSC::DFG::SpeculativeJIT::compile):
2911         * runtime/JSGlobalObject.h:
2912         (JSC::JSGlobalObject::debuggerAddress):
2913
2914 2014-01-23  Max Vujovic  <mvujovic@adobe.com>
2915
2916         Remove CSS Custom Filters code and tests
2917         https://bugs.webkit.org/show_bug.cgi?id=127382
2918
2919         Reviewed by Simon Fraser.
2920
2921         * Configurations/FeatureDefines.xcconfig:
2922
2923 2014-01-22  Brent Fulgham  <bfulgham@apple.com>
2924
2925         [Win] Update project and solution files for 64-bit builds.
2926         https://bugs.webkit.org/show_bug.cgi?id=127457
2927
2928         Reviewed by Eric Carlson.
2929
2930         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
2931         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
2932         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
2933         file from project view.
2934         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Update for VS2013
2935         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
2936         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
2937
2938 2014-01-22  Mark Lam  <mark.lam@apple.com>
2939
2940         Poor man's fast breakpoints for a 2.3x debugger speedup.
2941         <https://webkit.org/b/122836>
2942
2943         Reviewed by Geoffrey Garen.
2944
2945         Previously we gained back some performance (run at baseline JIT speeds)
2946         when the WebInspector is opened provided no breakpoints are set. This
2947         was achieved by simply skipping all op_debug callbacks to the debugger
2948         if no breakpoints are set. If any breakpoints are set, the debugger will
2949         set a m_needsOpDebugCallbacks flag which causes the callbacks to be
2950         called, and we don't get the baseline JIT speeds anymore.
2951
2952         With this patch, we will now track the number of breakpoints set in the
2953         CodeBlock that they are set in. The LLINT and baseline JIT code will
2954         check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
2955         need to be called. With this, we will only enable op_debug callbacks for
2956         CodeBlocks that need it i.e. those with breakpoints set in them.
2957
2958         Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
2959         JIT code still needs to check Debugger::m_shouldPause to determine if the
2960         debugger is in stepping mode and hence, needs op_debug callbacks enabled
2961         for everything until the debugger "continues" the run and exit stepping
2962         mode.
2963
2964         Also in this patch, I fixed a regression in DOM breakpoints which relies
2965         Debugger::breakProgram() to pause the debugger.
2966
2967         * bytecode/CodeBlock.cpp:
2968         (JSC::CodeBlock::dumpBytecode):
2969         - Missed accounting for op_debug's new hasBreakpointFlag operand here when
2970           it was added.
2971         (JSC::CodeBlock::CodeBlock):
2972         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2973         - This is needed in Debugger::toggleBreakpoint() to determine if a
2974           breakpoint falls within a CodeBlock or not. Simply checking the bounds
2975           of the CodeBlock is insufficient. For example, let's say we have the
2976           following JS code:
2977
2978               // begin global scope
2979               function f1() {
2980                   function f2() {
2981                      ... // set breakpoint here.
2982                   }
2983               }
2984               // end global scope
2985
2986           Using the CodeBlock bounds alone, the breakpoint above will to appear
2987           to be in the global program CodeBlock, and the CodeBlocks for function
2988           f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
2989           rule out the global program CodeBlock and f1(), and only apply the
2990           breakpoint to f2(0 where it belongs.
2991
2992           CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
2993           the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
2994           it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
2995           seach to get the line and column info for that op_debug. This is a
2996           N * log(N) algorithm. However, a quick hands on test using the
2997           WebInspector (with this patch applied) to exercise setting, breaking
2998           on, and clearing breakpoints, as well as stepping through some code
2999           shows no noticeable degradation of the user experience compared to the
3000           baseline without this patch.
3001
3002         * bytecode/CodeBlock.h:
3003         (JSC::CodeBlock::numBreakpoints):
3004         (JSC::CodeBlock::numBreakpointsOffset):
3005         (JSC::CodeBlock::addBreakpoint):
3006         (JSC::CodeBlock::removeBreakpoint):
3007         (JSC::CodeBlock::clearAllBreakpoints):
3008         * debugger/Breakpoint.h:
3009         - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
3010           when the WebInspector was setting a line breakpoint and did not provide
3011           a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
3012           information in order to loosen its matching criteria for op_debug
3013           bytecodes for the specified breakpoint line and column values provided
3014           by the debugger.
3015
3016           Previously, we just hijack a 0 value column as an unspecified column.
3017           However, the WebInspector operates on 0-based ints for column values.
3018           Hence, 0 should be a valid column value and should not be hijacked to
3019           mean an unspecified column.
3020
3021         * debugger/Debugger.cpp:
3022         (JSC::Debugger::Debugger):
3023         - added tracking of the VM that the debugger is used with. This is
3024           needed by Debugger::breakProgram().
3025
3026           The VM pointer is attained from the first JSGlobalObject that the debugger
3027           attaches to. When the debugger detaches from the last JSGlobalObject, it
3028           will nullify its VM pointer to allow a new one to be set on the next
3029           attach.
3030
3031           We were always only using each debugger instance with one VM. This change
3032           makes it explicit with an assert to ensure that all globalObjects that
3033           the debugger attaches to beongs to the same VM.
3034
3035         (JSC::Debugger::attach):
3036         (JSC::Debugger::detach):
3037         (JSC::Debugger::setShouldPause):
3038
3039         (JSC::Debugger::registerCodeBlock):
3040         (JSC::Debugger::unregisterCodeBlock):
3041         - registerCodeBlock() is responsible for applying pre-existing breakpoints
3042           to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
3043           clears the breakpoints.
3044
3045         (JSC::Debugger::toggleBreakpoint):
3046         - This is the workhorse function that checks if a breakpoint falls within
3047           a CodeBlock or not. If it does, then it can either enable or disable
3048           said breakpoint in the CodeBlock. In the current implementation,
3049           enabling/disabling the breakpoint simply means incrementing/decrementing
3050           the CodeBlock's m_numBreakpoints.
3051
3052         (JSC::Debugger::applyBreakpoints):
3053
3054         (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
3055         (JSC::Debugger::ToggleBreakpointFunctor::operator()):
3056         (JSC::Debugger::toggleBreakpoint):
3057         - Iterates all relevant CodeBlocks and apply the specified breakpoint
3058           if appropriate. This is called when a new breakpoint is being defined
3059           by the WebInspector and needs to be applied to an already installed
3060           CodeBlock.
3061
3062         (JSC::Debugger::setBreakpoint):
3063         (JSC::Debugger::removeBreakpoint):
3064         (JSC::Debugger::hasBreakpoint):
3065         (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
3066         (JSC::Debugger::ClearBreakpointsFunctor::operator()):
3067         (JSC::Debugger::clearBreakpoints):
3068
3069         (JSC::Debugger::breakProgram):
3070         - Fixed a regression that broke DOM breakpoints. The issue is that with
3071           the skipping of op_debug callbacks, we don't always have an updated
3072           m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
3073           in the op_debug callback. In this case, we can get the CallFrame* from
3074           m_vm->topCallFrame.
3075
3076         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
3077         (JSC::Debugger::pauseIfNeeded):
3078         (JSC::Debugger::willExecuteProgram):
3079         * debugger/Debugger.h:
3080         (JSC::Debugger::Debugger):
3081         (JSC::Debugger::shouldPause):
3082
3083         * heap/CodeBlockSet.h:
3084         (JSC::CodeBlockSet::iterate):
3085         * heap/Heap.h:
3086         (JSC::Heap::forEachCodeBlock):
3087         - Added utility to iterate all CodeBlocks in the heap / VM.
3088
3089         * interpreter/Interpreter.cpp:
3090         (JSC::Interpreter::debug):
3091
3092         * jit/JITOpcodes.cpp:
3093         (JSC::JIT::emit_op_debug):
3094         * jit/JITOpcodes32_64.cpp:
3095         (JSC::JIT::emit_op_debug):
3096         * llint/LowLevelInterpreter.asm:
3097         - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
3098           instead of Debugger::m_needsOpDebugCallbacks.
3099
3100         * runtime/Executable.cpp:
3101         (JSC::ScriptExecutable::installCode):
3102
3103 2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
3104
3105         Remove CSS3_TEXT_DECORATION define
3106         https://bugs.webkit.org/show_bug.cgi?id=127333
3107
3108         This is required for unprefixing the text-decoration-* CSS properties.
3109
3110         Reviewed by Simon Fraser.
3111
3112         * Configurations/FeatureDefines.xcconfig:
3113
3114 2014-01-22  Alexey Proskuryakov  <ap@apple.com>
3115
3116         Update JS whitespace definition for changes in Unicode 6.3
3117         https://bugs.webkit.org/show_bug.cgi?id=127450
3118         <rdar://15863457>
3119
3120         Reviewed by Oliver Hunt.
3121
3122         Covered by existing tests when running against a Unicode back-end that supports
3123         Unicode 6.3 or higher.
3124
3125         * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
3126         U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
3127         that used to be whitespace.
3128
3129 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3130
3131         Registers used in writeBarrierOnOperand can cause clobbering on some platforms
3132         https://bugs.webkit.org/show_bug.cgi?id=127357
3133
3134         Reviewed by Filip Pizlo.
3135
3136         Some platforms use t0 and t1 for their first two arguments, so using those to load the 
3137         cell for the write barrier is a bad idea because it will get clobbered.
3138
3139         * llint/LowLevelInterpreter32_64.asm:
3140         * llint/LowLevelInterpreter64.asm:
3141
3142 2014-01-21  Mark Rowe  <mrowe@apple.com>
3143
3144         Mac production build fix.
3145
3146         Move the shell script build phase to copy jsc into JavaScriptCore.framework
3147         out of the jsc target and in to the All target so that it's not run during
3148         production builds. Xcode appears to the parent directories of paths referenced
3149         in the Output Files of the build phase, which leads to problems when the
3150         SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.
3151
3152         I've also fixed the path to the Resources folder in the script while I'm here.
3153         On iOS the framework bundle is shallow so the correct destination is Resources/
3154         rather than Versions/A/Resources. This is handled by tweaking the
3155         JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
3156         a complete path so we can reuse it in the script. The references in JSC.xcconfig
3157         and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
3158         to preserve their former values.
3159
3160         * Configurations/Base.xcconfig:
3161         * Configurations/JSC.xcconfig:
3162         * Configurations/ToolExecutable.xcconfig:
3163         * JavaScriptCore.xcodeproj/project.pbxproj:
3164
3165 2014-01-19  Andreas Kling  <akling@apple.com>
3166
3167         JSC Parser: Shrink BindingNode.
3168         <https://webkit.org/b/127253>
3169
3170         The "divot" and "end" source locations are always identical for
3171         BindingNodes, so store only "start" and "end" instead.
3172
3173         1.19 MB progression on Membuster3.
3174
3175         Reviewed by Geoff Garen.
3176
3177         * bytecompiler/NodesCodegen.cpp:
3178         (JSC::BindingNode::bindValue):
3179         * parser/ASTBuilder.h:
3180         (JSC::ASTBuilder::createBindingLocation):
3181         * parser/NodeConstructors.h:
3182         (JSC::BindingNode::create):
3183         (JSC::BindingNode::BindingNode):
3184         * parser/Nodes.h:
3185         (JSC::BindingNode::divotStart):
3186         (JSC::BindingNode::divotEnd):
3187         * parser/Parser.cpp:
3188         (JSC::Parser<LexerType>::createBindingPattern):
3189         * parser/SyntaxChecker.h:
3190         (JSC::SyntaxChecker::operatorStackPop):
3191
3192 2014-01-20  Filip Pizlo  <fpizlo@apple.com>
3193
3194         op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
3195         https://bugs.webkit.org/show_bug.cgi?id=127311
3196         <rdar://problem/15853958>
3197
3198         Reviewed by Andreas Kling.
3199         
3200         This makes UnlinkedCodeBlocks use 32-bit instruction streams again.
3201
3202         * bytecode/CodeBlock.cpp:
3203         (JSC::CodeBlock::CodeBlock):
3204         * bytecode/UnlinkedCodeBlock.h:
3205         (JSC::UnlinkedInstruction::UnlinkedInstruction):
3206         * bytecompiler/BytecodeGenerator.cpp:
3207         (JSC::BytecodeGenerator::addVar):
3208         (JSC::BytecodeGenerator::emitInitLazyRegister):
3209         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3210         * bytecompiler/BytecodeGenerator.h:
3211         (JSC::BytecodeGenerator::watchableVariable):
3212         (JSC::BytecodeGenerator::hasWatchableVariable):
3213
3214 2014-01-20  Mark Lam  <mark.lam@apple.com>
3215
3216         Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
3217         <https://webkit.org/b/127321>
3218
3219         Reviewed by Geoffrey Garen.
3220
3221         We're changing plans and will be going with CodeBlock level breakpoints
3222         instead of bytecode level breakpoints. As a result, we no longer need
3223         the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
3224         friends). This patch will remove that unused code.
3225
3226         * GNUmakefile.list.am:
3227         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3228         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3229         * JavaScriptCore.xcodeproj/project.pbxproj:
3230         * bytecode/CodeBlock.cpp:
3231         * bytecode/CodeBlock.h:
3232         * bytecode/LineColumnInfo.h: Removed.
3233         * bytecode/UnlinkedCodeBlock.cpp:
3234         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
3235         * bytecode/UnlinkedCodeBlock.h:
3236
3237 2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3238
3239         CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
3240         https://bugs.webkit.org/show_bug.cgi?id=127301
3241
3242         Reviewed by Oliver Hunt.
3243
3244         We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
3245         on the ownerExecutable, which is unnecessary. 
3246
3247         * heap/CodeBlockSet.cpp:
3248         (JSC::CodeBlockSet::traceMarked):
3249
3250 2014-01-20  Anders Carlsson  <andersca@apple.com>
3251
3252         Fix build.
3253
3254         * heap/BlockAllocator.h:
3255
3256 2014-01-20  Anders Carlsson  <andersca@apple.com>
3257
3258         Stop using ThreadCondition in BlockAllocator
3259         https://bugs.webkit.org/show_bug.cgi?id=126313
3260
3261         Reviewed by Sam Weinig.
3262
3263         * heap/BlockAllocator.cpp:
3264         (JSC::BlockAllocator::~BlockAllocator):
3265         (JSC::BlockAllocator::waitForDuration):
3266         (JSC::BlockAllocator::blockFreeingThreadMain):
3267         * heap/BlockAllocator.h:
3268         (JSC::BlockAllocator::deallocate):
3269
3270 2014-01-19  Anders Carlsson  <andersca@apple.com>
3271
3272         Convert GCThreadSharedData over to STL threading primitives
3273         https://bugs.webkit.org/show_bug.cgi?id=127256
3274
3275         Reviewed by Andreas Kling.
3276
3277         * heap/GCThread.cpp:
3278         (JSC::GCThread::waitForNextPhase):
3279         (JSC::GCThread::gcThreadMain):
3280         * heap/GCThreadSharedData.cpp:
3281         (JSC::GCThreadSharedData::GCThreadSharedData):
3282         (JSC::GCThreadSharedData::~GCThreadSharedData):
3283         (JSC::GCThreadSharedData::startNextPhase):
3284         (JSC::GCThreadSharedData::endCurrentPhase):
3285         (JSC::GCThreadSharedData::didStartMarking):
3286         (JSC::GCThreadSharedData::didFinishMarking):
3287         * heap/GCThreadSharedData.h:
3288         * heap/SlotVisitor.cpp:
3289         (JSC::SlotVisitor::donateKnownParallel):
3290         (JSC::SlotVisitor::drainFromShared):
3291
3292 2014-01-18  Andreas Kling  <akling@apple.com>
3293
3294         CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
3295         <https://webkit.org/b/127239>
3296
3297         Reviewed by Anders Carlsson.
3298
3299         * bytecode/CodeBlock.h:
3300         (JSC::CodeBlock::setNumberOfByValInfos):
3301         (JSC::CodeBlock::setNumberOfCallLinkInfos):
3302
3303             Use resizeToFit() instead of grow() for these vectors, since
3304             we know the final size here.
3305
3306         * bytecode/CodeBlock.cpp:
3307         (JSC::CodeBlock::shrinkToFit):
3308
3309             No need to shrink here anymore. We were not even shrinking
3310             m_byValInfo before!
3311
3312 2014-01-18  Andreas Kling  <akling@apple.com>
3313
3314         CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
3315         <https://webkit.org/b/127238>
3316
3317         Reviewed by Anders Carlsson.
3318
3319         * bytecode/CodeBlock.cpp:
3320         (JSC::CodeBlock::CodeBlock):
3321
3322             Use resizeToFit() instead of grow() for m_functionExprs and
3323             m_functionDecls since we know they will never change size.
3324
3325         (JSC::CodeBlock::shrinkToFit):
3326
3327             No need to shrink them here anymore.
3328
3329 2014-01-18  Andreas Kling  <akling@apple.com>
3330
3331         Remove unused CodeBlock::m_additionalIdentifiers member.
3332         <https://webkit.org/b/127237>
3333
3334         Reviewed by Anders Carlsson.
3335
3336         * bytecode/CodeBlock.h:
3337         * bytecode/CodeBlock.cpp:
3338         (JSC::CodeBlock::CodeBlock):
3339         (JSC::CodeBlock::shrinkToFit):
3340
3341             Remove m_additionalIdentifiers, nothing uses it.
3342
3343 2014-01-18  Andreas Kling  <akling@apple.com>
3344
3345         Remove two unused CodeBlock functions.
3346         <https://webkit.org/b/127235>
3347
3348         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
3349         since they are not used.
3350
3351         Reviewed by Anders Carlsson.
3352
3353         * bytecode/CodeBlock.cpp:
3354         * bytecode/CodeBlock.h:
3355
3356 2014-01-18  Andreas Kling  <akling@apple.com>
3357
3358         CodeBlock: Size m_exceptionHandlers to fit from creation.
3359         <https://webkit.org/b/127234>
3360
3361         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
3362
3363         Reviewed by Anders Carlsson.
3364
3365         * bytecode/CodeBlock.h:
3366
3367             Removed unused CodeBlock::allocateHandlers() function.
3368
3369         * bytecode/CodeBlock.cpp:
3370         (JSC::CodeBlock::CodeBlock):
3371
3372             Use resizeToFit() instead of grow() for m_exceptionHandlers
3373             since we know it's never going to change size.
3374
3375         (JSC::CodeBlock::shrinkToFit):
3376
3377             No need to shrink m_exceptionHandlers here since it's already
3378             the perfect size.
3379
3380 2014-01-18  Mark Lam  <mark.lam@apple.com>
3381
3382