3695a4ad9a7b61311faa06034c8f8e6598e83952
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>
2
3         Web Inspector: Unskip many inspector/debugger tests
4         https://bugs.webkit.org/show_bug.cgi?id=151843
5
6         Reviewed by Timothy Hatcher.
7
8         * bindings/ScriptFunctionCall.cpp:
9         (Deprecated::ScriptFunctionCall::call):
10         Ignore TerminationExceptions, as those aren't real execution
11         exceptions and may be seen on Workers that have closed.
12
13 2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>
14
15         Web Inspector: Remove untested and unused Worker inspection
16         https://bugs.webkit.org/show_bug.cgi?id=151848
17
18         Reviewed by Brian Burg.
19
20         * CMakeLists.txt:
21         * DerivedSources.make:
22         * debugger/Debugger.cpp:
23         (JSC::Debugger::Debugger):
24         (JSC::Debugger::willExecuteProgram):
25         * debugger/Debugger.h:
26         * inspector/JSGlobalObjectScriptDebugServer.cpp:
27         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
28         * inspector/ScriptDebugServer.cpp:
29         (Inspector::ScriptDebugServer::ScriptDebugServer):
30         * inspector/ScriptDebugServer.h:
31         * inspector/agents/InspectorConsoleAgent.h:
32         * inspector/agents/InspectorRuntimeAgent.cpp:
33         (Inspector::InspectorRuntimeAgent::run): Deleted.
34         * inspector/agents/InspectorRuntimeAgent.h:
35         * inspector/agents/JSGlobalObjectConsoleAgent.h:
36         * inspector/protocol/Runtime.json:
37         * inspector/protocol/Worker.json: Removed.
38
39 2015-12-04  Joseph Pecoraro  <pecoraro@apple.com>
40
41         Web Inspector: Specifically Identify the Global Lexical Environment Scope
42         https://bugs.webkit.org/show_bug.cgi?id=151828
43
44         Reviewed by Brian Burg.
45
46         * inspector/InjectedScriptSource.js:
47         Include the new scope type.
48
49         * inspector/JSJavaScriptCallFrame.h:
50         * inspector/JSJavaScriptCallFrame.cpp:
51         (Inspector::JSJavaScriptCallFrame::scopeType):
52         Set the new value for the new scope type.
53
54         * inspector/JSJavaScriptCallFramePrototype.cpp:
55         (Inspector::JSJavaScriptCallFramePrototype::finishCreation): Deleted.
56         (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE): Deleted.
57         (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE): Deleted.
58         (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE): Deleted.
59         (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE): Deleted.
60         (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE): Deleted.
61         (Inspector::jsJavaScriptCallFrameConstantFUNCTION_NAME_SCOPE): Deleted.
62         Remove unused constants on the JavaScriptCallFrame object.
63         Currently they are just hardcoded in InjectedScriptSource
64         and they don't make sense on instances anyways.
65
66 2015-12-04  Keith Miller  <keith_miller@apple.com>
67
68         Add an option to emit instructions validating exceptions in the DFG rather than always emiting them.
69         https://bugs.webkit.org/show_bug.cgi?id=151841
70
71         Reviewed by Saam Barati.
72
73         Add a new option that validates the DFG execption checking. The default value for the option is
74         true in Debug builds and false in Release builds. Additionally, renamed jitAssertNoException to
75         jitReleaseAssertNoException for consistency with our ASSERT naming convention.
76
77         * dfg/DFGSpeculativeJIT.cpp:
78         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
79         * jit/AssemblyHelpers.cpp:
80         (JSC::AssemblyHelpers::jitReleaseAssertNoException):
81         (JSC::AssemblyHelpers::jitAssertNoException): Deleted.
82         * jit/AssemblyHelpers.h:
83         (JSC::AssemblyHelpers::jitAssertNoException): Deleted.
84         * runtime/Options.cpp:
85         (JSC::recomputeDependentOptions):
86         * runtime/Options.h:
87
88 2015-12-04  Csaba Osztrogonác  <ossy@webkit.org>
89
90         Fix the !ENABLE(DFG_JIT) build after r190735
91         https://bugs.webkit.org/show_bug.cgi?id=151617
92
93         Reviewed by Filip Pizlo.
94
95         * jit/GCAwareJITStubRoutine.cpp:
96         (JSC::GCAwareJITStubRoutineWithExceptionHandler::observeZeroRefCount):
97
98 2015-12-04  Csaba Osztrogonác  <ossy@webkit.org>
99
100         [cmake] Fix the B3 build after r192946
101         https://bugs.webkit.org/show_bug.cgi?id=151857
102
103         Reviewed by Michael Saboff.
104
105         * CMakeLists.txt:
106
107 2015-12-04  Csaba Osztrogonác  <ossy@webkit.org>
108
109         [AArch64] Typo fix after r189575
110         https://bugs.webkit.org/show_bug.cgi?id=151855
111
112         Reviewed by Michael Saboff.
113
114         * ftl/FTLUnwindInfo.cpp:
115         (JSC::FTL::parseUnwindInfo):
116
117 2015-12-03  Filip Pizlo  <fpizlo@apple.com>
118
119         B3 Patchpoint and Check opcodes should be able to specify WarmAny, ColdAny, and LateColdAny
120         https://bugs.webkit.org/show_bug.cgi?id=151335
121
122         Reviewed by Geoffrey Garen.
123
124         This removes ValueRep::Any and replaces it with ValueRep::WarmAny, ValueRep::ColdAny, and
125         ValueRep::LateColdAny. I think that conceptually the most obvious users of patchpoints are inline
126         caches, which would use WarmAny for their non-OSR inputs. For this reason, I make WarmAny the
127         default.
128
129         However, the StackmapValue optimization that provides a default ValueRep for any that are missing
130         was meant for OSR. So, this optimization now uses ColdAny.
131
132         This patch wires this change through the whole compiler and adds some tests.
133
134         * b3/B3CheckSpecial.cpp:
135         (JSC::B3::CheckSpecial::Key::Key):
136         (JSC::B3::CheckSpecial::Key::dump):
137         (JSC::B3::CheckSpecial::CheckSpecial):
138         * b3/B3CheckSpecial.h:
139         (JSC::B3::CheckSpecial::Key::Key):
140         (JSC::B3::CheckSpecial::Key::opcode):
141         (JSC::B3::CheckSpecial::Key::numArgs):
142         (JSC::B3::CheckSpecial::Key::stackmapRole):
143         * b3/B3CheckValue.cpp:
144         (JSC::B3::CheckValue::CheckValue):
145         * b3/B3ConstrainedValue.h:
146         (JSC::B3::ConstrainedValue::ConstrainedValue):
147         * b3/B3LowerToAir.cpp:
148         (JSC::B3::Air::LowerToAir::fillStackmap):
149         (JSC::B3::Air::LowerToAir::lower):
150         * b3/B3MoveConstants.cpp:
151         * b3/B3PatchpointSpecial.cpp:
152         (JSC::B3::PatchpointSpecial::forEachArg):
153         (JSC::B3::PatchpointSpecial::isValid):
154         (JSC::B3::PatchpointSpecial::admitsStack):
155         * b3/B3PatchpointValue.cpp:
156         (JSC::B3::PatchpointValue::PatchpointValue):
157         * b3/B3PatchpointValue.h:
158         * b3/B3StackmapSpecial.cpp:
159         (JSC::B3::StackmapSpecial::forEachArgImpl):
160         (JSC::B3::StackmapSpecial::admitsStackImpl):
161         (JSC::B3::StackmapSpecial::isArgValidForRep):
162         (WTF::printInternal):
163         * b3/B3StackmapSpecial.h:
164         * b3/B3StackmapValue.cpp:
165         (JSC::B3::StackmapValue::append):
166         (JSC::B3::StackmapValue::setConstraint):
167         * b3/B3StackmapValue.h:
168         * b3/B3Validate.cpp:
169         * b3/B3ValueRep.cpp:
170         (JSC::B3::ValueRep::dump):
171         (WTF::printInternal):
172         * b3/B3ValueRep.h:
173         (JSC::B3::ValueRep::ValueRep):
174         (JSC::B3::ValueRep::reg):
175         (JSC::B3::ValueRep::operator!=):
176         (JSC::B3::ValueRep::operator bool):
177         (JSC::B3::ValueRep::isAny):
178         (JSC::B3::ValueRep::isSomeRegister):
179         * b3/testb3.cpp:
180         (JSC::B3::compileAndRun):
181         (JSC::B3::add32):
182         (JSC::B3::test42):
183         (JSC::B3::testSimplePatchpoint):
184         (JSC::B3::testPatchpointWithEarlyClobber):
185         (JSC::B3::testPatchpointFixedRegister):
186         (JSC::B3::testPatchpointAny):
187         (JSC::B3::testPatchpointLotsOfLateAnys):
188         (JSC::B3::testPatchpointAnyImm):
189         (JSC::B3::testPatchpointManyImms):
190         (JSC::B3::testPatchpointWithRegisterResult):
191         (JSC::B3::testPatchpointWithAnyResult):
192         (JSC::B3::run):
193         * ftl/FTLLowerDFGToLLVM.cpp:
194         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
195
196 2015-12-03  Filip Pizlo  <fpizlo@apple.com>
197
198         B3 patchpoints should allow specifying output constraints
199         https://bugs.webkit.org/show_bug.cgi?id=151809
200
201         Reviewed by Benjamin Poulain.
202
203         JS call patchpoints should put their result into the result register, while most other patchpoints
204         should put their results into some register. I think that it's best if we just allow arbitrary
205         constraints on the result of a patchpoint. And by "arbitrary" I mean allowing the same kinds of
206         constraints as we allow on the stackmap children.
207
208         This also adds a large comment in B3StackmapValue.h that lays out the philosophy of our stackmaps
209         and patchpoints. I found it useful to write down the plan since it's pretty subtle.
210
211         * b3/B3LowerToAir.cpp:
212         (JSC::B3::Air::LowerToAir::lower):
213         * b3/B3PatchpointSpecial.cpp:
214         (JSC::B3::PatchpointSpecial::isValid):
215         (JSC::B3::PatchpointSpecial::admitsStack):
216         * b3/B3PatchpointValue.cpp:
217         (JSC::B3::PatchpointValue::~PatchpointValue):
218         (JSC::B3::PatchpointValue::dumpMeta):
219         (JSC::B3::PatchpointValue::PatchpointValue):
220         * b3/B3PatchpointValue.h:
221         (JSC::B3::PatchpointValue::accepts):
222         * b3/B3Procedure.h:
223         (JSC::B3::Procedure::code):
224         * b3/B3StackmapSpecial.cpp:
225         (JSC::B3::StackmapSpecial::isValidImpl):
226         (JSC::B3::StackmapSpecial::appendRepsImpl):
227         (JSC::B3::StackmapSpecial::isArgValidForValue):
228         (JSC::B3::StackmapSpecial::isArgValidForRep):
229         (JSC::B3::StackmapSpecial::repForArg):
230         * b3/B3StackmapSpecial.h:
231         * b3/B3StackmapValue.h:
232         * b3/B3Validate.cpp:
233         * b3/B3ValueRep.h:
234         (JSC::B3::ValueRep::doubleValue):
235         * b3/testb3.cpp:
236         (JSC::B3::testPatchpointManyImms):
237         (JSC::B3::testPatchpointWithRegisterResult):
238         (JSC::B3::testPatchpointWithStackArgumentResult):
239         (JSC::B3::testPatchpointWithAnyResult):
240         (JSC::B3::testSimpleCheck):
241         (JSC::B3::run):
242         * jit/RegisterSet.h:
243
244 2015-12-03  Anders Carlsson  <andersca@apple.com>
245
246         Remove Objective-C GC support
247         https://bugs.webkit.org/show_bug.cgi?id=151819
248         rdar://problem/23746991
249
250         Reviewed by Dan Bernstein.
251
252         * Configurations/Base.xcconfig:
253         * Configurations/ToolExecutable.xcconfig:
254
255 2015-12-03  Benjamin Poulain  <bpoulain@apple.com>
256
257         Attempt to fix GTK again after r193125
258
259         * assembler/MacroAssemblerX86Common.h:
260         (JSC::MacroAssemblerX86Common::supportsLZCNT):
261
262 2015-12-03  Benjamin Poulain  <bpoulain@apple.com>
263
264         Attempt to fix GTK after r193125
265
266         * assembler/MacroAssemblerX86Common.h:
267         (JSC::MacroAssemblerX86Common::supportsLZCNT):
268         GCC is unable to handle EBX correctly when clobbered by inline asm.
269
270 2015-12-03  Saam barati  <sbarati@apple.com>
271
272         FTL::OSRExitDescriptor should use less memory by having a companion object that dies after compilation
273         https://bugs.webkit.org/show_bug.cgi?id=151795
274
275         Reviewed by Geoffrey Garen.
276
277         There were a few fields on FTL::OSRExitDescriptor that are only
278         needed during compilation. This patch introduces OSRExitDescriptorImpl 
279         which is a struct that we create for each OSRExitDescriptor. The difference is 
280         that OSRExitDescriptorImpl lives off of FTL::State so it dies after we compile.
281         This way no unnecessary fields persist after the compilation.
282
283         * ftl/FTLCompile.cpp:
284         (JSC::FTL::mmAllocateDataSection):
285         * ftl/FTLExceptionHandlerManager.cpp:
286         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
287         (JSC::FTL::ExceptionHandlerManager::getCallOSRExitCommon):
288         * ftl/FTLLowerDFGToLLVM.cpp:
289         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
290         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
291         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
292         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
293         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
294         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
295         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
296         * ftl/FTLOSRExit.cpp:
297         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
298         (JSC::FTL::OSRExitDescriptor::validateReferences):
299         (JSC::FTL::OSRExitDescriptor::emitOSRExit):
300         (JSC::FTL::OSRExitDescriptor::emitOSRExitLater):
301         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
302         (JSC::FTL::OSRExit::OSRExit):
303         (JSC::FTL::OSRExit::codeLocationForRepatch):
304         (JSC::FTL::OSRExit::gatherRegistersToSpillForCallIfException):
305         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
306         (JSC::FTL::exceptionTypeWillArriveAtOSRExitFromGenericUnwind):
307         (JSC::FTL::OSRExit::willArriveAtOSRExitFromGenericUnwind):
308         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
309         (JSC::FTL::OSRExitDescriptor::isExceptionHandler): Deleted.
310         * ftl/FTLOSRExit.h:
311         (JSC::FTL::OSRExitDescriptorImpl::OSRExitDescriptorImpl):
312         * ftl/FTLOSRExitCompiler.cpp:
313         (JSC::FTL::compileFTLOSRExit):
314         * ftl/FTLState.h:
315
316 2015-12-03  Alex Christensen  <achristensen@webkit.org>
317
318         Fix 64-bit Windows build after r193125.
319         https://bugs.webkit.org/show_bug.cgi?id=151799
320
321         Reviewed by Michael Saboff.
322
323         * assembler/MacroAssemblerX86Common.h:
324         (JSC::MacroAssemblerX86Common::supportsLZCNT):
325         Use __cpuid intrinsic instead of inline assembly.
326
327 2015-12-02  Filip Pizlo  <fpizlo@apple.com>
328
329         FTL B3 should support OSR exit
330         https://bugs.webkit.org/show_bug.cgi?id=151710
331
332         Reviewed by Saam Barati.
333
334         This adds OSR exit support using the same style that I established with lazy slow paths. All of
335         the work is driven by FTL::LowerDFGToLLVM, and from there any work that needs to be deferred
336         until after B3 finishes is attached to the stackmap generator. In order to make it easy to port
337         all of the different forms of OSR exit - invalidation points, exceptions, etc. - the logic for
338         registering an OSR exit is abstracted behind OSRExitDescriptor and OSRExitHandle.
339
340         An issue that I encountered repeatedly in this patch is OSRExitDescriptor being passed as a
341         reference (&) rather than pointer (*). The new code uses a lot of lambdas that run after the
342         current frame pops, so the capture list cannot be [&]. I believe that always listing all of the
343         captured variables is not scalable considering how sophisticated our use of lambdas is. So, it
344         makes sense to use [=]. But anytime we captured a variable whose type was OSRExitDescriptor&, it
345         would be captured by value, because that's how references work. One has to be mindful of these
346         things whenever using [=]. Note that it's not enough to say that we should have listed the
347         captured variables explicitly - in that case, we still could have made the mistake by forgetting
348         to put & in front of the variant. The pattern that worked for me to reason about whether I'm
349         capturing an object or a pointer to an object is to always use pointer types for pointers: either
350         RefPtr<> when we also want the lambda to prolong the object's life, or * if we are confident that
351         the object will stay alive. For this reason, this patch changes all code that references
352         OSRExitDescriptor to use * instead of &. Consistency makes the code easier to grok, and it made
353         it easier to introduce the required uses of * in places where there were lambdas.
354
355         I tested this by running imaging-gaussian-blur, and running some tests that reqiure OSR exit. I'm
356         not promising that all kinds of exits work, but we have to begin somewhere.
357
358         * CMakeLists.txt:
359         * JavaScriptCore.xcodeproj/project.pbxproj:
360         * b3/B3Compilation.cpp:
361         (JSC::B3::Compilation::Compilation):
362         (JSC::B3::Compilation::~Compilation):
363         * b3/B3Procedure.cpp:
364         (JSC::B3::Procedure::addDataSection):
365         (JSC::B3::Procedure::frameSize):
366         (JSC::B3::Procedure::calleeSaveRegisters):
367         * b3/B3Procedure.h:
368         (JSC::B3::Procedure::releaseByproducts):
369         (JSC::B3::Procedure::code):
370         (JSC::B3::Procedure::takeByproducts): Deleted.
371         * b3/air/AirCode.h:
372         (JSC::B3::Air::Code::setFrameSize):
373         (JSC::B3::Air::Code::calleeSaveRegisters):
374         * b3/air/AirGenerationContext.h:
375         * ftl/FTLB3Compile.cpp:
376         (JSC::FTL::compile):
377         * ftl/FTLCompile.cpp:
378         (JSC::FTL::mmAllocateDataSection):
379         * ftl/FTLExceptionHandlerManager.cpp:
380         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
381         (JSC::FTL::ExceptionHandlerManager::getCallOSRExitCommon):
382         * ftl/FTLExitThunkGenerator.cpp:
383         * ftl/FTLExitThunkGenerator.h:
384         * ftl/FTLJITCode.cpp:
385         (JSC::FTL::JITCode::JITCode):
386         (JSC::FTL::JITCode::initializeB3Code):
387         (JSC::FTL::JITCode::initializeB3Byproducts):
388         (JSC::FTL::JITCode::initializeExitThunks):
389         (JSC::FTL::JITCode::validateReferences):
390         (JSC::FTL::JITCode::liveRegistersToPreserveAtExceptionHandlingCallSite):
391         * ftl/FTLJITCode.h:
392         * ftl/FTLJITFinalizer.cpp:
393         (JSC::FTL::JITFinalizer::finalizeFunction):
394         * ftl/FTLJITFinalizer.h:
395         * ftl/FTLJSCall.cpp:
396         (JSC::FTL::JSCall::emit):
397         * ftl/FTLJSCallBase.cpp:
398         (JSC::FTL::JSCallBase::emit):
399         * ftl/FTLJSTailCall.cpp:
400         (JSC::FTL::JSTailCall::JSTailCall):
401         (JSC::FTL::JSTailCall::emit):
402         (JSC::FTL::DFG::getRegisterWithAddend): Deleted.
403         (JSC::FTL::m_instructionOffset): Deleted.
404         * ftl/FTLJSTailCall.h:
405         (JSC::FTL::JSTailCall::patchpoint):
406         (JSC::FTL::JSTailCall::stackmapID):
407         (JSC::FTL::JSTailCall::estimatedSize):
408         (JSC::FTL::JSTailCall::operator<):
409         * ftl/FTLLowerDFGToLLVM.cpp:
410         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
411         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
412         (JSC::FTL::DFG::LowerDFGToLLVM::lowBlock):
413         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
414         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
415         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
416         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
417         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
418         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
419         (JSC::FTL::lowerDFGToLLVM):
420         * ftl/FTLOSRExit.cpp:
421         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
422         (JSC::FTL::OSRExitDescriptor::validateReferences):
423         (JSC::FTL::OSRExitDescriptor::appendOSRExit):
424         (JSC::FTL::OSRExitDescriptor::appendOSRExitLater):
425         (JSC::FTL::OSRExitDescriptor::prepareOSRExitHandle):
426         (JSC::FTL::OSRExit::OSRExit):
427         (JSC::FTL::OSRExit::codeLocationForRepatch):
428         (JSC::FTL::OSRExit::gatherRegistersToSpillForCallIfException):
429         (JSC::FTL::OSRExit::spillRegistersToSpillSlot):
430         (JSC::FTL::OSRExit::recoverRegistersFromSpillSlot):
431         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
432         * ftl/FTLOSRExit.h:
433         (JSC::FTL::OSRExit::considerAddingAsFrequentExitSite):
434         * ftl/FTLOSRExitCompilationInfo.h:
435         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
436         * ftl/FTLOSRExitCompiler.cpp:
437         (JSC::FTL::reboxAccordingToFormat):
438         (JSC::FTL::compileRecovery):
439         (JSC::FTL::compileStub):
440         (JSC::FTL::compileFTLOSRExit):
441         * ftl/FTLOSRExitHandle.cpp: Added.
442         (JSC::FTL::OSRExitHandle::emitExitThunk):
443         * ftl/FTLOSRExitHandle.h: Added.
444         (JSC::FTL::OSRExitHandle::OSRExitHandle):
445         * ftl/FTLState.cpp:
446         (JSC::FTL::State::State):
447         (JSC::FTL::State::~State):
448
449 2015-12-03  Joseph Pecoraro  <pecoraro@apple.com>
450
451         REGRESSION:(r192753): Remote Web Inspector: RemoteInspector::sendMessageToRemote with null connection
452         https://bugs.webkit.org/show_bug.cgi?id=151789
453
454         Reviewed by Timothy Hatcher.
455
456         * inspector/remote/RemoteInspector.mm:
457         (Inspector::RemoteInspector::sendMessageToRemote):
458         Bail if the connection is no longer available. It may have
459         been closed remotely.
460
461 2015-12-03  Joseph Pecoraro  <pecoraro@apple.com>
462
463         REGRESSION:(r192753): Remote Web Inspector: Window immediately closes after opening
464         https://bugs.webkit.org/show_bug.cgi?id=151788
465
466         Reviewed by Timothy Hatcher.
467
468         * inspector/remote/RemoteInspector.mm:
469         (Inspector::RemoteInspector::pushListingsNow):
470         The key at the outer level was not a string. Ensure it is a
471         string for backwards compatibility. One day we may use
472         non-numeric page identifiers as listing keys.
473
474 2015-12-03  Joseph Pecoraro  <pecoraro@apple.com>
475
476         REGRESSION(r192753): Remote Web Inspector: Enabling Remote Inspection on Auto Inspect candidate Debuggable doesn't show up in debuggers
477         https://bugs.webkit.org/show_bug.cgi?id=151792
478
479         Reviewed by Brian Burg.
480
481         * inspector/remote/RemoteInspector.mm:
482         (Inspector::RemoteInspector::updateAutomaticInspectionCandidate):
483         When m_debuggablesMap was split into both m_targetMap and m_listingMap
484         this particular case was missed in updating both the target and listing
485         when the target is updated. We should match RemoteInspector::updateTarget
486         and update the listing map as the debuggable may have changed to be
487         allowed to debug.
488
489 2015-12-03  Benjamin Poulain  <bpoulain@apple.com>
490
491         [JSC] Add CLZ support to B3
492         https://bugs.webkit.org/show_bug.cgi?id=151799
493
494         Reviewed by Michael Saboff.
495
496         Previously we were counting on LLVM to select LZCNT
497         when its available.
498         Since we have to do that ourself now, I added feature
499         detection based on the CPUID. The MacroAssembler just
500         pick the best available lowering based on the platform.
501
502         * assembler/MacroAssemblerX86Common.cpp:
503         * assembler/MacroAssemblerX86Common.h:
504         (JSC::MacroAssemblerX86Common::countLeadingZeros32):
505         (JSC::MacroAssemblerX86Common::supportsLZCNT):
506         (JSC::MacroAssemblerX86Common::clz32AfterBsr):
507         * assembler/MacroAssemblerX86_64.h:
508         (JSC::MacroAssemblerX86_64::countLeadingZeros64):
509         (JSC::MacroAssemblerX86_64::clz64AfterBsr):
510         * assembler/X86Assembler.h:
511         (JSC::X86Assembler::lzcnt_rr):
512         (JSC::X86Assembler::lzcnt_mr):
513         (JSC::X86Assembler::lzcntq_rr):
514         (JSC::X86Assembler::lzcntq_mr):
515         (JSC::X86Assembler::bsr_mr):
516         (JSC::X86Assembler::bsrq_rr):
517         (JSC::X86Assembler::bsrq_mr):
518         * b3/B3LowerToAir.cpp:
519         (JSC::B3::Air::LowerToAir::lower):
520         * b3/B3Opcode.cpp:
521         (WTF::printInternal):
522         * b3/B3Opcode.h:
523         * b3/B3Validate.cpp:
524         * b3/B3Value.cpp:
525         (JSC::B3::Value::effects):
526         (JSC::B3::Value::key):
527         (JSC::B3::Value::typeFor):
528         * b3/air/AirOpcode.opcodes:
529         * b3/testb3.cpp:
530         (JSC::B3::countLeadingZero):
531         (JSC::B3::testClzArg64):
532         (JSC::B3::testClzMem64):
533         (JSC::B3::testClzArg32):
534         (JSC::B3::testClzMem32):
535         (JSC::B3::doubleOperands):
536         (JSC::B3::run):
537         * ftl/FTLB3Output.h:
538         (JSC::FTL::Output::ctlz32):
539         * ftl/FTLLowerDFGToLLVM.cpp:
540         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithClz32):
541         * ftl/FTLOutput.h:
542         (JSC::FTL::Output::ctlz32):
543
544 2015-12-02  Mark Lam  <mark.lam@apple.com>
545
546         Polymorphic operand types for DFG and FTL mul.
547         https://bugs.webkit.org/show_bug.cgi?id=151746
548
549         Reviewed by Filip Pizlo.
550
551         Perf on benchmarks is neutral except for the newly added JSRegress ftl-object-mul
552         test which shows a 2.16x speed up on x86_64 FTL, 1.27x speed up on x86_64 DFG,
553         and 1.56x on x86 DFG. 
554
555         The speed up comes not from the mul operator itself, but from the fact that the
556         polymorphic operand types support now allow the test function to run without OSR
557         exiting, thereby realizing the DFG and FTL's speed up on other work that the test
558         function does.
559
560         This patch has passed the layout tests on x86_64 with a debug build.
561         It passed the JSC tests with x86 and x86_64 debug builds.
562
563         * dfg/DFGAbstractInterpreterInlines.h:
564         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
565         * dfg/DFGClobberize.h:
566         (JSC::DFG::clobberize):
567         * dfg/DFGFixupPhase.cpp:
568         (JSC::DFG::FixupPhase::fixupNode):
569         * dfg/DFGOperations.cpp:
570         * dfg/DFGOperations.h:
571         * dfg/DFGPredictionPropagationPhase.cpp:
572         (JSC::DFG::PredictionPropagationPhase::propagate):
573         * dfg/DFGSpeculativeJIT.cpp:
574         (JSC::DFG::SpeculativeJIT::compileArithMul):
575         * ftl/FTLCompile.cpp:
576         - Changed to call generateBinaryOpFastPath() instead now, and let it dispatch to
577           the appropriate snippet generator.
578
579         * ftl/FTLCompileBinaryOp.cpp:
580         (JSC::FTL::generateBinaryArithOpFastPath):
581         (JSC::FTL::generateBinaryOpFastPath):
582         (JSC::FTL::generateArithSubFastPath): Deleted.
583         (JSC::FTL::generateValueAddFastPath): Deleted.
584         - Refactored these functions to eliminate the need for copy-pasting every time
585           we add support for another binary arithmetic snippet.
586
587         * ftl/FTLCompileBinaryOp.h:
588         * ftl/FTLInlineCacheDescriptor.h:
589         * ftl/FTLInlineCacheDescriptorInlines.h:
590         (JSC::FTL::ArithMulDescriptor::ArithMulDescriptor):
591         (JSC::FTL::ArithMulDescriptor::icSize):
592         * ftl/FTLInlineCacheSize.cpp:
593         (JSC::FTL::sizeOfArithMul):
594         * ftl/FTLInlineCacheSize.h:
595         * ftl/FTLLowerDFGToLLVM.cpp:
596         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
597         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithMul):
598         * jit/JITMulGenerator.h:
599         (JSC::JITMulGenerator::JITMulGenerator):
600
601         * tests/stress/op_mul.js:
602         - Updated a test value: the interesting value for imminent overflow from an
603           int32 is 0x7fffffff, not 0x7ffffff.
604
605 2015-12-02  Joseph Pecoraro  <pecoraro@apple.com>
606
607         REGRESSION(r192753): Remote Web Inspector: Applications and Debuggables not showing up in debuggers
608         https://bugs.webkit.org/show_bug.cgi?id=151787
609
610         Reviewed by Brian Burg.
611
612         * inspector/remote/RemoteInspector.mm:
613         (Inspector::RemoteInspector::receivedIndicateMessage):
614         Removed lock that was unnecessarily added in r192753. It was
615         protecting nothing.
616
617 2015-12-02  Saam barati  <sbarati@apple.com>
618
619         Insert a FIXME comment FTLLazySlowPath.h to remind us to remove/refactor the ScratchRegisterAllocator field.
620
621         Rubber-stamped by Filip Pizlo.
622
623         * ftl/FTLLazySlowPath.h:
624
625 2015-12-02  Benjamin Poulain  <benjamin@webkit.org>
626
627         [JSC] Remove insertElement() from FTLB3Output
628         https://bugs.webkit.org/show_bug.cgi?id=151781
629
630         Reviewed by Sam Weinig.
631
632         * ftl/FTLB3Output.h:
633         (JSC::FTL::Output::insertElement): Deleted.
634         That's a LLVM concept.
635
636 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
637
638         [JSC] Remove stuffs related to alloca from FTLB3Output
639         https://bugs.webkit.org/show_bug.cgi?id=151780
640
641         Reviewed by Mark Lam.
642
643         We can use the Phis directly with B3 :)
644
645         * ftl/FTLB3Output.h:
646         (JSC::FTL::Output::alloca): Deleted.
647         (JSC::FTL::Output::get): Deleted.
648         (JSC::FTL::Output::set): Deleted.
649
650 2015-12-02  Benjamin Poulain  <benjamin@webkit.org>
651
652         [JSC] Add sin(), cos(), pow() and log() to B3
653         https://bugs.webkit.org/show_bug.cgi?id=151778
654
655         Reviewed by Geoffrey Garen.
656
657         * ftl/FTLB3Output.h:
658         (JSC::FTL::Output::doubleSin):
659         (JSC::FTL::Output::doubleCos):
660         (JSC::FTL::Output::doublePow):
661         (JSC::FTL::Output::doubleLog):
662         (JSC::FTL::Output::callWithoutSideEffects):
663
664 2015-12-02  Filip Pizlo  <fpizlo@apple.com>
665
666         Add a few obvious strength-reductions to Air
667         https://bugs.webkit.org/show_bug.cgi?id=151777
668
669         Reviewed by Mark Lam.
670
671         The absence of these optimizations was obnoxious.
672
673         * assembler/MacroAssemblerX86Common.h:
674         (JSC::MacroAssemblerX86Common::add32): lea 1(reg), reg -> add 1, reg.
675         * b3/air/AirGenerate.cpp:
676         (JSC::B3::Air::generate): Emit simpler prologue/epilogue if !frameSize.
677         * b3/air/AirOpcode.opcodes: We have matching for BranchMul32 with immediate, but we forgot to add the instruction form.
678         * jit/AssemblyHelpers.h: Support for the prologue/epilogue optimizations.
679         (JSC::AssemblyHelpers::emitFunctionPrologue):
680         (JSC::AssemblyHelpers::emitFunctionEpilogueWithEmptyFrame):
681         (JSC::AssemblyHelpers::emitFunctionEpilogue):
682
683 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
684
685         Update the interface added in r192967
686
687         * b3/B3CCallValue.h:
688         Filip prefers explicit effects.
689         * b3/testb3.cpp:
690         (JSC::B3::testCallSimplePure):
691
692 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
693
694         [JSC] Add a function attribute for Pure functions in B3
695         https://bugs.webkit.org/show_bug.cgi?id=151741
696
697         Reviewed by Geoffrey Garen.
698
699         We have plenty of functions without side effects
700         when lowering DFG.
701         This patch adds the "PureCall" flag to B3's CCall
702         to make sure those functions do not prevent optimizations.
703
704         * b3/B3CCallValue.h:
705         * b3/testb3.cpp:
706         (JSC::B3::testCallSimplePure):
707         (JSC::B3::run):
708
709 2015-12-02  Mark Lam  <mark.lam@apple.com>
710
711         Removed unnecessary #if USE(JSVALUE64).
712         https://bugs.webkit.org/show_bug.cgi?id=151733
713
714         Not reviewed.
715
716         * dfg/DFGClobberize.h:
717         (JSC::DFG::clobberize):
718
719 2015-12-02  Mark Lam  <mark.lam@apple.com>
720
721         Use the JITAddGenerator snippet in the FTL.
722         https://bugs.webkit.org/show_bug.cgi?id=151519
723
724         Reviewed by Geoffrey Garen.
725
726         One detail about how we choosing to handle operands to the binary snippets that
727         may be constant: the slow path call to a C++ function still needs the constant
728         operand loaded in a register.  To simplify things, we're choosing to always tell
729         LLVM to load the operands into registers even if they may be constant.  However,
730         even though a constant operand is preloaded in a register, the snippet generator
731         will not be made aware of it.  It will continue to load the constant as an
732         immediate.
733
734         * ftl/FTLCompile.cpp:
735         * ftl/FTLCompileBinaryOp.cpp:
736         (JSC::FTL::generateArithSubFastPath):
737         (JSC::FTL::generateValueAddFastPath):
738         - generateValueAddFastPath() currently is an exact copy of generateArithSubFastPath()
739           except that it uses JITAddGenerator instead of JITSubGenerator.  When we add
740           support for JITMulGenerator later, the code will start to vary.  We'll refactor
741           these functions then when we have more insight into what needs to vary between
742           the implementations.
743
744         * ftl/FTLCompileBinaryOp.h:
745         * ftl/FTLInlineCacheDescriptor.h:
746         * ftl/FTLInlineCacheDescriptorInlines.h:
747         (JSC::FTL::ValueAddDescriptor::ValueAddDescriptor):
748         (JSC::FTL::ValueAddDescriptor::icSize):
749         * ftl/FTLInlineCacheSize.cpp:
750         (JSC::FTL::sizeOfValueAdd):
751         * ftl/FTLInlineCacheSize.h:
752         * ftl/FTLLowerDFGToLLVM.cpp:
753         (JSC::FTL::DFG::LowerDFGToLLVM::lower):
754         (JSC::FTL::DFG::LowerDFGToLLVM::compileValueAdd):
755
756 2015-12-02  Mark Lam  <mark.lam@apple.com>
757
758         Teach DFG that ArithSub can now clobber the heap (and other things).
759         https://bugs.webkit.org/show_bug.cgi?id=151733
760
761         Reviewed by Geoffrey Garen.
762
763         * dfg/DFGAbstractInterpreterInlines.h:
764         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
765         * dfg/DFGClobberize.h:
766         (JSC::DFG::clobberize):
767         * dfg/DFGPredictionPropagationPhase.cpp:
768         (JSC::DFG::PredictionPropagationPhase::propagate):
769
770 2015-12-02  Benjamin Poulain  <bpoulain@apple.com>
771
772         [JSC] Handle x86 partial register stalls in Air
773         https://bugs.webkit.org/show_bug.cgi?id=151735
774
775         Reviewed by Filip Pizlo.
776
777         This patch adds a primitive false-dependency breaking
778         algorithm to Air. We look for redefinition of the same
779         variable that is too close to a partial definition.
780
781         There is not explicit dependency tracking going on,
782         but it is pretty fast and the extra xorps added on false-positives
783         are cheap anyway.
784
785         Typically, partial register stalls appear from instructions
786         interfering with themselves in small loops. Something like:
787
788           Label0:
789             cvtsi2sdq %eax, %xmm0
790             ...
791             jmp Label0
792
793         Those are correctly detected by propagating the local distance
794         information from block to block until no unsafe chain is found.
795
796         The test testInt32ToDoublePartialRegisterStall() checks the kind
797         of cases we typically find from JavaScript.
798         The execution time is 20% faster with a register reset (which is
799         astounding since the very next instruction has a real dependency).
800
801         Future tweaks will be needed when we can run more JavaScript:
802         -Handle function calls differently.
803         -Anything with a special can have hidden instructions.
804          We need to take them into account.
805
806         * JavaScriptCore.xcodeproj/project.pbxproj:
807         * assembler/MacroAssemblerX86Common.h:
808         (JSC::MacroAssemblerX86Common::moveZeroToDouble):
809         * assembler/X86Assembler.h:
810         (JSC::X86Assembler::xorps_rr):
811         (JSC::X86Assembler::xorpd_rr):
812         According to the documentation, starting with Sandy Bridge,
813         registers reset can be done in the frontend with xorps.
814
815         * b3/B3IndexSet.h:
816         (JSC::B3::IndexSet::remove):
817         * b3/air/AirFixPartialRegisterStalls.cpp: Added.
818         (JSC::B3::Air::fixPartialRegisterStalls):
819         * b3/air/AirFixPartialRegisterStalls.h: Added.
820         * b3/air/AirGenerate.cpp:
821         (JSC::B3::Air::prepareForGeneration):
822         * b3/testb3.cpp:
823         (JSC::B3::testInt32ToDoublePartialRegisterStall):
824         (JSC::B3::run):
825         * jit/FPRInfo.h:
826
827 2015-12-01  Yusuke Suzuki  <utatane.tea@gmail.com>
828
829         [ES6] Implement LLInt/Baseline Support for ES6 Generators and enable this feature
830         https://bugs.webkit.org/show_bug.cgi?id=150792
831
832         Reviewed by Saam Barati.
833
834         This patch implements basic functionality of ES6 Generators in LLInt and Baseline tiers.
835         While the implementation has some inefficient part, the implementation covers edge cases.
836         Later, we will make this efficient.
837
838             https://bugs.webkit.org/show_bug.cgi?id=151545
839             https://bugs.webkit.org/show_bug.cgi?id=151546
840             https://bugs.webkit.org/show_bug.cgi?id=151547
841             https://bugs.webkit.org/show_bug.cgi?id=151552
842             https://bugs.webkit.org/show_bug.cgi?id=151560
843             https://bugs.webkit.org/show_bug.cgi?id=151586
844
845         To encourage DFG / FTL later, we take the following design.
846
847         1. Use switch_imm to jump to the save/resume points.
848
849         Instead of saving / restoring instruction pointer to resume from it, we use switch_imm to jump to the resume point.
850         This limits one entry point to a given generator function. This design makes inlining easy.
851         The generated code becomes the following.
852
853             function @generatorNext(@generator, @generatorState, @generatorValue, @generatorResumeMode)
854             {
855                 switch (@generatorState) {
856                 case Initial:
857                     ...
858                     initial sequence.
859                     ...
860
861
862                     op_save(Yield_0);  // op_save contains *virtual* jump to Yield_0.
863                                        // CFG shows a jump edge to Yield_0 point, but it won't be actually used.
864                     return ...;
865
866                 case Yield_0:
867                     op_resume();
868                     if (@generatorResumeMode == Throw)
869                         ...
870                     else if (@generatorResumeMode == Return)
871                         ...
872                     ...
873                     // sentValue is a value sent from a caller by `generator.next(sentValue)`.
874                     sentValue = @generatorValue;
875                     ...
876                     op_save(Yield_1);
877                     return ...;
878
879                 case Yield_1:
880                     op_resume();
881                     if (@generatorResumeMode == Throw)
882                         ...
883                     else if (@generatorResumeMode == Return)
884                         ...
885                     ...
886                     sentValue = @generatorValue;
887                     ...
888
889                 ...
890                 }
891             }
892
893             Resume sequence should not be emitted per yield.
894             This should be done in https://bugs.webkit.org/show_bug.cgi?id=151552.
895
896         2. Store live frame registers to GeneratorFrame
897
898         To save and resume generator's state, we save all the live registers in GeneratorFrame.
899         And when resuming, we refill registers with saved ones.
900         Since saved register contains scope register, |this| etc., the environment including the scope chain will be recovered automatically.
901         While saving and resuming callee registers, we don't save parameter registers.
902         These registers will be used to control generator's resume behavior.
903
904         We perform BytecodeLivenessAnalysis in CodeBlock to determine actually *def*ined registers at that resume point.
905
906         3. GeneratorFunction will evaluate parameters before generating Generator
907
908         Generator's parameter should be evaluated before entering Generator's body. For example,
909
910             function hello() { ... }
911             function *gen(a, b = hello())
912             {
913                 yield b;
914             }
915             let g = gen(20);  // Now, hello should be called.
916
917         To enable this, we evaluate parameters in GeneratorFunction, and after that, we create a Generator and return it.
918         This can be explained by the following pseudo code.
919
920             function *gen(a, b = hello())
921             {
922                 // This is generator.
923                 return {
924                     @generatorNext: function (@generator, @generatorState, @generatorValue, @generatorResumeMode)
925                     {
926                         ...
927                     }
928                 }
929             }
930
931         4. op_save seems similar to conditional jump
932
933         We won't jump to elsewhere from op_save actually. But we add a *virtual* jump edge (flow) from op_save to the point so called *merge point*.
934         We construct the CFG as follows,
935
936             (global generator switch) -> (initial sequence) -> (op_save) ----+-> (merge point) -> (next sequence)*
937                    |                                              |          |
938                    |                                              v          |
939                    |                                           (op_ret)      |
940                    |                                                         |
941                    +------------------------------------------->(op_resume)--+
942
943         By constructing such a graph,
944
945             1. Since we have a flow from (op_save) to (merge point), at merge point, we can *use* locals that are defined before (op_save)
946             2. op_save should claim that it does not define anything. And claim that it *use*s locals that are used in (merge point).
947             3. at op_resume, we see *use*d locals at merge point and define all of them.
948
949         We can do the above things in use-def analysis because use-def analysis is backward analysis.
950         And after analyzing use-def chains, in op_save / op_resume, we only save / resume live registers at the head of merge point.
951
952         * API/JSScriptRef.cpp:
953         (parseScript):
954         * CMakeLists.txt:
955         * Configurations/FeatureDefines.xcconfig:
956         * DerivedSources.make:
957         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
958         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
959         * JavaScriptCore.xcodeproj/project.pbxproj:
960         * builtins/BuiltinExecutables.cpp:
961         (JSC::createExecutableInternal):
962         * builtins/GeneratorPrototype.js: Added.
963         (generatorResume):
964         (next):
965         (return):
966         (throw):
967         * bytecode/BytecodeBasicBlock.cpp:
968         (JSC::isBranch):
969         * bytecode/BytecodeList.json:
970         * bytecode/BytecodeLivenessAnalysis.cpp:
971         (JSC::stepOverInstruction):
972         (JSC::computeLocalLivenessForBytecodeOffset):
973         (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
974         (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
975         (JSC::BytecodeLivenessAnalysis::computeKills):
976         * bytecode/BytecodeUseDef.h:
977         (JSC::computeUsesForBytecodeOffset):
978         (JSC::computeDefsForBytecodeOffset):
979         * bytecode/CodeBlock.cpp:
980         (JSC::CodeBlock::dumpBytecode):
981         (JSC::CodeBlock::CodeBlock):
982         (JSC::CodeBlock::finishCreation):
983         (JSC::CodeBlock::shrinkToFit):
984         (JSC::CodeBlock::validate):
985         * bytecode/CodeBlock.h:
986         (JSC::CodeBlock::numCalleeLocals):
987         (JSC::CodeBlock::liveCalleeLocalsAtYield):
988         * bytecode/EvalCodeCache.h:
989         (JSC::EvalCodeCache::tryGet):
990         (JSC::EvalCodeCache::getSlow):
991         (JSC::EvalCodeCache::isCacheable):
992         * bytecode/ExecutableInfo.h:
993         (JSC::ExecutableInfo::ExecutableInfo):
994         (JSC::ExecutableInfo::generatorThisMode):
995         (JSC::ExecutableInfo::superBinding):
996         (JSC::ExecutableInfo::parseMode):
997         (JSC::ExecutableInfo::isArrowFunction): Deleted.
998         * bytecode/PreciseJumpTargets.cpp:
999         (JSC::getJumpTargetsForBytecodeOffset):
1000         * bytecode/UnlinkedCodeBlock.cpp:
1001         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1002         * bytecode/UnlinkedCodeBlock.h:
1003         (JSC::UnlinkedCodeBlock::parseMode):
1004         (JSC::UnlinkedCodeBlock::generatorThisMode):
1005         (JSC::UnlinkedCodeBlock::superBinding):
1006         (JSC::UnlinkedCodeBlock::isArrowFunction): Deleted.
1007         * bytecode/UnlinkedFunctionExecutable.cpp:
1008         (JSC::generateUnlinkedFunctionCodeBlock):
1009         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1010         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
1011         * bytecode/UnlinkedFunctionExecutable.h:
1012         * bytecompiler/BytecodeGenerator.cpp:
1013         (JSC::BytecodeGenerator::BytecodeGenerator):
1014         (JSC::BytecodeGenerator::initializeParameters):
1015         (JSC::BytecodeGenerator::newRegister):
1016         (JSC::BytecodeGenerator::reclaimFreeRegisters):
1017         (JSC::BytecodeGenerator::createVariable):
1018         (JSC::BytecodeGenerator::emitCreateThis):
1019         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1020         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1021         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
1022         (JSC::BytecodeGenerator::emitNewFunction):
1023         (JSC::BytecodeGenerator::emitIteratorNextWithValue):
1024         (JSC::BytecodeGenerator::emitYieldPoint):
1025         (JSC::BytecodeGenerator::emitSave):
1026         (JSC::BytecodeGenerator::emitResume):
1027         (JSC::BytecodeGenerator::emitYield):
1028         (JSC::BytecodeGenerator::emitDelegateYield):
1029         (JSC::BytecodeGenerator::emitGeneratorStateChange):
1030         (JSC::BytecodeGenerator::emitGeneratorStateLabel):
1031         (JSC::BytecodeGenerator::beginGenerator):
1032         (JSC::BytecodeGenerator::endGenerator):
1033         (JSC::BytecodeGenerator::emitNewFunctionInternal): Deleted.
1034         (JSC::BytecodeGenerator::emitNewFunctionCommon): Deleted.
1035         * bytecompiler/BytecodeGenerator.h:
1036         (JSC::BytecodeGenerator::generatorThisMode):
1037         (JSC::BytecodeGenerator::superBinding):
1038         (JSC::BytecodeGenerator::generatorRegister):
1039         (JSC::BytecodeGenerator::generatorStateRegister):
1040         (JSC::BytecodeGenerator::generatorValueRegister):
1041         (JSC::BytecodeGenerator::generatorResumeModeRegister):
1042         (JSC::BytecodeGenerator::parseMode):
1043         (JSC::BytecodeGenerator::registerFor):
1044         (JSC::BytecodeGenerator::makeFunction):
1045         * bytecompiler/NodesCodegen.cpp:
1046         (JSC::ThisNode::emitBytecode):
1047         (JSC::emitHomeObjectForCallee):
1048         (JSC::emitSuperBaseForCallee):
1049         (JSC::ReturnNode::emitBytecode):
1050         (JSC::FunctionNode::emitBytecode):
1051         (JSC::YieldExprNode::emitBytecode):
1052         * dfg/DFGByteCodeParser.cpp:
1053         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1054         (JSC::DFG::ByteCodeParser::inlineCall):
1055         (JSC::DFG::ByteCodeParser::handleGetById):
1056         (JSC::DFG::ByteCodeParser::handlePutById):
1057         * dfg/DFGForAllKills.h:
1058         (JSC::DFG::forAllKilledOperands):
1059         * dfg/DFGGraph.h:
1060         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
1061         * dfg/DFGOSREntrypointCreationPhase.cpp:
1062         (JSC::DFG::OSREntrypointCreationPhase::run):
1063         * dfg/DFGVariableEventStream.cpp:
1064         (JSC::DFG::VariableEventStream::reconstruct):
1065         * ftl/FTLForOSREntryJITCode.cpp:
1066         (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
1067         * ftl/FTLForOSREntryJITCode.h:
1068         * ftl/FTLOSREntry.cpp:
1069         (JSC::FTL::prepareOSREntry):
1070         * ftl/FTLState.cpp:
1071         (JSC::FTL::State::State):
1072         * heap/MarkedBlock.h:
1073         (JSC::MarkedBlock::isAtom):
1074         (JSC::MarkedBlock::isLiveCell):
1075         * interpreter/Interpreter.cpp:
1076         (JSC::eval):
1077         (JSC::Interpreter::dumpRegisters):
1078         * jit/JIT.cpp:
1079         (JSC::JIT::privateCompileMainPass):
1080         (JSC::JIT::frameRegisterCountFor):
1081         * jit/JIT.h:
1082         * jit/JITOpcodes.cpp:
1083         (JSC::JIT::emitNewFuncCommon):
1084         (JSC::JIT::emit_op_new_func):
1085         (JSC::JIT::emit_op_new_generator_func):
1086         (JSC::JIT::emitNewFuncExprCommon):
1087         (JSC::JIT::emit_op_new_func_exp):
1088         (JSC::JIT::emit_op_new_generator_func_exp):
1089         (JSC::JIT::emit_op_save):
1090         (JSC::JIT::emit_op_resume):
1091         * jit/JITOperations.cpp:
1092         (JSC::operationNewFunctionCommon):
1093         * jit/JITOperations.h:
1094         * llint/LLIntEntrypoint.cpp:
1095         (JSC::LLInt::frameRegisterCountFor):
1096         * llint/LLIntSlowPaths.cpp:
1097         (JSC::LLInt::traceFunctionPrologue):
1098         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1099         * llint/LLIntSlowPaths.h:
1100         * llint/LowLevelInterpreter.asm:
1101         * parser/ASTBuilder.h:
1102         (JSC::ASTBuilder::createYield):
1103         (JSC::ASTBuilder::createFunctionMetadata):
1104         (JSC::ASTBuilder::propagateArgumentsUse):
1105         * parser/Nodes.cpp:
1106         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1107         * parser/Nodes.h:
1108         * parser/Parser.cpp:
1109         (JSC::Parser<LexerType>::Parser):
1110         (JSC::Parser<LexerType>::parseInner):
1111         (JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
1112         (JSC::Parser<LexerType>::parseFunctionBody):
1113         (JSC::stringForFunctionMode):
1114         (JSC::Parser<LexerType>::createGeneratorParameters):
1115         (JSC::Parser<LexerType>::parseFunctionInfo):
1116         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1117         (JSC::Parser<LexerType>::parseClass):
1118         (JSC::Parser<LexerType>::parseAssignmentExpression):
1119         (JSC::Parser<LexerType>::parseYieldExpression):
1120         (JSC::Parser<LexerType>::parsePropertyMethod):
1121         (JSC::Parser<LexerType>::parseFunctionExpression):
1122         * parser/Parser.h:
1123         (JSC::Scope::Scope):
1124         (JSC::Scope::setSourceParseMode):
1125         (JSC::Scope::hasArguments):
1126         (JSC::Scope::collectFreeVariables):
1127         (JSC::Scope::setIsFunction):
1128         (JSC::Scope::setIsGeneratorFunction):
1129         (JSC::Scope::setIsGenerator):
1130         (JSC::parse):
1131         * parser/ParserModes.h:
1132         (JSC::isFunctionParseMode):
1133         (JSC::isModuleParseMode):
1134         (JSC::isProgramParseMode):
1135         * parser/SourceCodeKey.h: Added.
1136         (JSC::SourceCodeKey::SourceCodeKey):
1137         (JSC::SourceCodeKey::isHashTableDeletedValue):
1138         (JSC::SourceCodeKey::hash):
1139         (JSC::SourceCodeKey::length):
1140         (JSC::SourceCodeKey::isNull):
1141         (JSC::SourceCodeKey::string):
1142         (JSC::SourceCodeKey::operator==):
1143         (JSC::SourceCodeKeyHash::hash):
1144         (JSC::SourceCodeKeyHash::equal):
1145         (JSC::SourceCodeKeyHashTraits::isEmptyValue):
1146         * parser/SyntaxChecker.h:
1147         (JSC::SyntaxChecker::createYield):
1148         (JSC::SyntaxChecker::createFunctionMetadata):
1149         (JSC::SyntaxChecker::operatorStackPop):
1150         * runtime/CodeCache.cpp:
1151         (JSC::CodeCache::getGlobalCodeBlock):
1152         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1153         * runtime/CodeCache.h:
1154         (JSC::SourceCodeKey::SourceCodeKey): Deleted.
1155         (JSC::SourceCodeKey::isHashTableDeletedValue): Deleted.
1156         (JSC::SourceCodeKey::hash): Deleted.
1157         (JSC::SourceCodeKey::length): Deleted.
1158         (JSC::SourceCodeKey::isNull): Deleted.
1159         (JSC::SourceCodeKey::string): Deleted.
1160         (JSC::SourceCodeKey::operator==): Deleted.
1161         (JSC::SourceCodeKeyHash::hash): Deleted.
1162         (JSC::SourceCodeKeyHash::equal): Deleted.
1163         (JSC::SourceCodeKeyHashTraits::isEmptyValue): Deleted.
1164         * runtime/CommonIdentifiers.h:
1165         * runtime/CommonSlowPaths.cpp:
1166         (JSC::SLOW_PATH_DECL):
1167         * runtime/CommonSlowPaths.h:
1168         * runtime/Completion.cpp:
1169         (JSC::checkSyntax):
1170         (JSC::checkModuleSyntax):
1171         * runtime/Executable.cpp:
1172         (JSC::ScriptExecutable::newCodeBlockFor):
1173         (JSC::ProgramExecutable::checkSyntax):
1174         * runtime/Executable.h:
1175         * runtime/FunctionConstructor.cpp:
1176         (JSC::constructFunction):
1177         (JSC::constructFunctionSkippingEvalEnabledCheck):
1178         * runtime/FunctionConstructor.h:
1179         * runtime/GeneratorFrame.cpp: Added.
1180         (JSC::GeneratorFrame::GeneratorFrame):
1181         (JSC::GeneratorFrame::finishCreation):
1182         (JSC::GeneratorFrame::createStructure):
1183         (JSC::GeneratorFrame::create):
1184         (JSC::GeneratorFrame::save):
1185         (JSC::GeneratorFrame::resume):
1186         (JSC::GeneratorFrame::visitChildren):
1187         * runtime/GeneratorFrame.h: Added.
1188         (JSC::GeneratorFrame::locals):
1189         (JSC::GeneratorFrame::localAt):
1190         (JSC::GeneratorFrame::offsetOfLocals):
1191         (JSC::GeneratorFrame::allocationSizeForLocals):
1192         * runtime/GeneratorFunctionConstructor.cpp: Added.
1193         (JSC::GeneratorFunctionConstructor::GeneratorFunctionConstructor):
1194         (JSC::GeneratorFunctionConstructor::finishCreation):
1195         (JSC::callGeneratorFunctionConstructor):
1196         (JSC::constructGeneratorFunctionConstructor):
1197         (JSC::GeneratorFunctionConstructor::getCallData):
1198         (JSC::GeneratorFunctionConstructor::getConstructData):
1199         * runtime/GeneratorFunctionConstructor.h: Added.
1200         (JSC::GeneratorFunctionConstructor::create):
1201         (JSC::GeneratorFunctionConstructor::createStructure):
1202         * runtime/GeneratorFunctionPrototype.cpp: Added.
1203         (JSC::GeneratorFunctionPrototype::GeneratorFunctionPrototype):
1204         (JSC::GeneratorFunctionPrototype::finishCreation):
1205         * runtime/GeneratorFunctionPrototype.h: Added.
1206         (JSC::GeneratorFunctionPrototype::create):
1207         (JSC::GeneratorFunctionPrototype::createStructure):
1208         * runtime/GeneratorPrototype.cpp: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1209         (JSC::GeneratorPrototype::finishCreation):
1210         (JSC::GeneratorPrototype::getOwnPropertySlot):
1211         * runtime/GeneratorPrototype.h: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1212         (JSC::GeneratorPrototype::create):
1213         (JSC::GeneratorPrototype::createStructure):
1214         (JSC::GeneratorPrototype::GeneratorPrototype):
1215         * runtime/GeneratorThisMode.h: Added.
1216         * runtime/JSFunction.cpp:
1217         (JSC::JSFunction::getOwnPropertySlot):
1218         * runtime/JSGeneratorFunction.cpp: Added.
1219         (JSC::JSGeneratorFunction::JSGeneratorFunction):
1220         (JSC::JSGeneratorFunction::createImpl):
1221         (JSC::JSGeneratorFunction::create):
1222         (JSC::JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint):
1223         * runtime/JSGeneratorFunction.h: Added.
1224         (JSC::JSGeneratorFunction::allocationSize):
1225         (JSC::JSGeneratorFunction::createStructure):
1226         * runtime/JSGlobalObject.cpp:
1227         (JSC::JSGlobalObject::init):
1228         (JSC::JSGlobalObject::visitChildren):
1229         * runtime/JSGlobalObject.h:
1230         (JSC::JSGlobalObject::generatorFunctionPrototype):
1231         (JSC::JSGlobalObject::generatorPrototype):
1232         (JSC::JSGlobalObject::generatorFunctionStructure):
1233         * runtime/ModuleLoaderObject.cpp:
1234         (JSC::moduleLoaderObjectParseModule):
1235         * runtime/VM.cpp:
1236         (JSC::VM::VM):
1237         * runtime/VM.h:
1238         * tests/es6.yaml:
1239         * tests/es6/generators_yield_star_generic_iterables.js:
1240         (iterator.next):
1241         (iterable.Symbol.iterator):
1242         (__createIterableObject):
1243         * tests/es6/generators_yield_star_instances_of_iterables.js:
1244         (iterator.next):
1245         (iterable.Symbol.iterator):
1246         (__createIterableObject):
1247         * tests/es6/generators_yield_star_iterator_closing.js:
1248         (iterator.next):
1249         (iterable.Symbol.iterator):
1250         (__createIterableObject):
1251         * tests/es6/generators_yield_star_iterator_closing_via_throw.js:
1252         (iterator.next):
1253         (iterable.Symbol.iterator):
1254         (__createIterableObject):
1255         * tests/stress/generator-arguments-from-function.js: Added.
1256         (shouldBe):
1257         (test):
1258         * tests/stress/generator-arguments.js: Added.
1259         (shouldBe):
1260         (g1):
1261         * tests/stress/generator-class-methods-syntax.js: Added.
1262         (testSyntax):
1263         (testSyntaxError):
1264         (testSyntaxError.Cocoa):
1265         (testSyntax.Cocoa.prototype.ok):
1266         (testSyntax.Cocoa):
1267         (testSyntax.Cocoa.ok):
1268         * tests/stress/generator-class-methods.js: Added.
1269         (shouldBe):
1270         (prototype.gen):
1271         (staticGen):
1272         (shouldBe.g.next):
1273         * tests/stress/generator-eval-this.js: Added.
1274         (shouldBe):
1275         (shouldThrow):
1276         (B):
1277         (A):
1278         (C.prototype.generator):
1279         (C):
1280         (TypeError):
1281         * tests/stress/generator-function-constructor.js: Added.
1282         (shouldBe):
1283         (generatorFunctionConstructor):
1284         * tests/stress/generator-function-name.js: Added.
1285         (shouldBe):
1286         (ok):
1287         * tests/stress/generator-methods-with-non-generator.js: Added.
1288         (shouldThrow):
1289         * tests/stress/generator-relations.js: Added.
1290         (shouldBe):
1291         (generatorFunction):
1292         * tests/stress/generator-return-before-first-call.js: Added.
1293         (shouldBe):
1294         (shouldBeIteratorResult):
1295         * tests/stress/generator-return.js: Added.
1296         (shouldBe):
1297         (shouldBeIteratorResult):
1298         * tests/stress/generator-this.js: Added.
1299         (shouldBe):
1300         (shouldThrow):
1301         (gen):
1302         (shouldBe.g.next):
1303         * tests/stress/generator-throw-before-first-call.js: Added.
1304         (unreachable):
1305         (gen):
1306         (catch):
1307         * tests/stress/generator-throw.js: Added.
1308         (shouldBe):
1309         (shouldBeIteratorResult):
1310         * tests/stress/generator-with-new-target.js: Added.
1311         (shouldBe):
1312         (gen):
1313         * tests/stress/generator-with-super.js: Added.
1314         (shouldThrow):
1315         (test):
1316         (B.prototype.gen):
1317         (B):
1318         (A.prototype.gen):
1319         (A):
1320         * tests/stress/generator-yield-star.js: Added.
1321         (shouldBe):
1322         (shouldThrow):
1323         (prototype.call):
1324         (Arrays):
1325         (Arrays.prototype.Symbol.iterator):
1326         (Iterator.prototype.next):
1327         (Iterator.prototype.string_appeared_here):
1328         (Iterator.prototype.Symbol.iterator):
1329         (Iterator):
1330         (gen):
1331
1332 2015-12-01  Commit Queue  <commit-queue@webkit.org>
1333
1334         Unreviewed, rolling out r192914.
1335         https://bugs.webkit.org/show_bug.cgi?id=151734
1336
1337         JSC tests for this change are failing on 32 and 64-bit bots
1338         (Requested by ryanhaddad on #webkit).
1339
1340         Reverted changeset:
1341
1342         "[ES6] Implement LLInt/Baseline Support for ES6 Generators and
1343         enable this feature"
1344         https://bugs.webkit.org/show_bug.cgi?id=150792
1345         http://trac.webkit.org/changeset/192914
1346
1347 2015-12-01  Caitlin Potter  <caitpotter88@gmail.com>
1348
1349         [JSC] support CoverInitializedName in nested AssignmentPatterns
1350         https://bugs.webkit.org/show_bug.cgi?id=151595
1351
1352         Reviewed by Geoffrey Garen.
1353
1354         A regression introduced in bug https://bugs.webkit.org/show_bug.cgi?id=151026
1355         causes the parser to fail when attempting to parse nested
1356         ObjectAssignmentPatterns with CoverInitializedName destructuring targets.
1357
1358         * parser/Parser.cpp:
1359         (JSC::Parser<LexerType>::parseAssignmentExpressionOrPropagateErrorClass):
1360         (JSC::Parser<LexerType>::parseAssignmentExpression):
1361         (JSC::Parser<LexerType>::parseProperty):
1362         (JSC::Parser<LexerType>::parseArrayLiteral):
1363         * parser/Parser.h:
1364         (JSC::Parser::ExpressionErrorClassifier::propagateExpressionErrorClass):
1365         * tests/es6.yaml:
1366         * tests/es6/destructuring_assignment_nested_cover_initialized_name.js: Added.
1367         (test1):
1368         (test2):
1369
1370 2015-12-01  Juergen Ributzka  <juergen@apple.com>
1371
1372         Add new library dependency for LLVMForJavaScriptCore dylib
1373         https://bugs.webkit.org/show_bug.cgi?id=151687
1374         
1375         Changes on open source LLVM added a new dependency to libLLVMInstrumentation.a.
1376         Adding this dependency should be backwards compatible, since LLVM has built and
1377         shipped this library even before the creation of FTL.
1378
1379         Reviewed by Geoffrey Garen.
1380
1381         * Configurations/LLVMForJSC.xcconfig:
1382
1383 2015-12-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1384
1385         [ES6] Implement LLInt/Baseline Support for ES6 Generators and enable this feature
1386         https://bugs.webkit.org/show_bug.cgi?id=150792
1387
1388         Reviewed by Saam Barati.
1389
1390         This patch implements basic functionality of ES6 Generators in LLInt and Baseline tiers.
1391         While the implementation has some inefficient part, the implementation covers edge cases.
1392         Later, we will make this efficient.
1393
1394             https://bugs.webkit.org/show_bug.cgi?id=151545
1395             https://bugs.webkit.org/show_bug.cgi?id=151546
1396             https://bugs.webkit.org/show_bug.cgi?id=151547
1397             https://bugs.webkit.org/show_bug.cgi?id=151552
1398             https://bugs.webkit.org/show_bug.cgi?id=151560
1399             https://bugs.webkit.org/show_bug.cgi?id=151586
1400
1401         To encourage DFG / FTL later, we take the following design.
1402
1403         1. Use switch_imm to jump to the save/resume points.
1404
1405         Instead of saving / restoring instruction pointer to resume from it, we use switch_imm to jump to the resume point.
1406         This limits one entry point to a given generator function. This design makes inlining easy.
1407         The generated code becomes the following.
1408
1409             function @generatorNext(@generator, @generatorState, @generatorValue, @generatorResumeMode)
1410             {
1411                 switch (@generatorState) {
1412                 case Initial:
1413                     ...
1414                     initial sequence.
1415                     ...
1416
1417
1418                     op_save(Yield_0);  // op_save contains *virtual* jump to Yield_0.
1419                                        // CFG shows a jump edge to Yield_0 point, but it won't be actually used.
1420                     return ...;
1421
1422                 case Yield_0:
1423                     op_resume();
1424                     if (@generatorResumeMode == Throw)
1425                         ...
1426                     else if (@generatorResumeMode == Return)
1427                         ...
1428                     ...
1429                     // sentValue is a value sent from a caller by `generator.next(sentValue)`.
1430                     sentValue = @generatorValue;
1431                     ...
1432                     op_save(Yield_1);
1433                     return ...;
1434
1435                 case Yield_1:
1436                     op_resume();
1437                     if (@generatorResumeMode == Throw)
1438                         ...
1439                     else if (@generatorResumeMode == Return)
1440                         ...
1441                     ...
1442                     sentValue = @generatorValue;
1443                     ...
1444
1445                 ...
1446                 }
1447             }
1448
1449             Resume sequence should not be emitted per yield.
1450             This should be done in https://bugs.webkit.org/show_bug.cgi?id=151552.
1451
1452         2. Store live frame registers to GeneratorFrame
1453
1454         To save and resume generator's state, we save all the live registers in GeneratorFrame.
1455         And when resuming, we refill registers with saved ones.
1456         Since saved register contains scope register, |this| etc., the environment including the scope chain will be recovered automatically.
1457         While saving and resuming callee registers, we don't save parameter registers.
1458         These registers will be used to control generator's resume behavior.
1459
1460         We perform BytecodeLivenessAnalysis in CodeBlock to determine actually *def*ined registers at that resume point.
1461
1462         3. GeneratorFunction will evaluate parameters before generating Generator
1463
1464         Generator's parameter should be evaluated before entering Generator's body. For example,
1465
1466             function hello() { ... }
1467             function *gen(a, b = hello())
1468             {
1469                 yield b;
1470             }
1471             let g = gen(20);  // Now, hello should be called.
1472
1473         To enable this, we evaluate parameters in GeneratorFunction, and after that, we create a Generator and return it.
1474         This can be explained by the following pseudo code.
1475
1476             function *gen(a, b = hello())
1477             {
1478                 // This is generator.
1479                 return {
1480                     @generatorNext: function (@generator, @generatorState, @generatorValue, @generatorResumeMode)
1481                     {
1482                         ...
1483                     }
1484                 }
1485             }
1486
1487         4. op_save seems similar to conditional jump
1488
1489         We won't jump to elsewhere from op_save actually. But we add a *virtual* jump edge (flow) from op_save to the point so called *merge point*.
1490         We construct the CFG as follows,
1491
1492             (global generator switch) -> (initial sequence) -> (op_save) ----+-> (merge point) -> (next sequence)*
1493                    |                                              |          |
1494                    |                                              v          |
1495                    |                                           (op_ret)      |
1496                    |                                                         |
1497                    +------------------------------------------->(op_resume)--+
1498
1499         By constructing such a graph,
1500
1501             1. Since we have a flow from (op_save) to (merge point), at merge point, we can *use* locals that are defined before (op_save)
1502             2. op_save should claim that it does not define anything. And claim that it *use*s locals that are used in (merge point).
1503             3. at op_resume, we see *use*d locals at merge point and define all of them.
1504
1505         We can do the above things in use-def analysis because use-def analysis is backward analysis.
1506         And after analyzing use-def chains, in op_save / op_resume, we only save / resume live registers at the head of merge point.
1507
1508         * API/JSScriptRef.cpp:
1509         (parseScript):
1510         * CMakeLists.txt:
1511         * Configurations/FeatureDefines.xcconfig:
1512         * DerivedSources.make:
1513         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1514         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1515         * JavaScriptCore.xcodeproj/project.pbxproj:
1516         * builtins/BuiltinExecutables.cpp:
1517         (JSC::createExecutableInternal):
1518         * builtins/GeneratorPrototype.js: Added.
1519         (generatorResume):
1520         (next):
1521         (return):
1522         (throw):
1523         * bytecode/BytecodeBasicBlock.cpp:
1524         (JSC::isBranch):
1525         * bytecode/BytecodeList.json:
1526         * bytecode/BytecodeLivenessAnalysis.cpp:
1527         (JSC::stepOverInstruction):
1528         (JSC::computeLocalLivenessForBytecodeOffset):
1529         (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
1530         (JSC::BytecodeLivenessAnalysis::computeFullLiveness):
1531         (JSC::BytecodeLivenessAnalysis::computeKills):
1532         * bytecode/BytecodeUseDef.h:
1533         (JSC::computeUsesForBytecodeOffset):
1534         (JSC::computeDefsForBytecodeOffset):
1535         * bytecode/CodeBlock.cpp:
1536         (JSC::CodeBlock::dumpBytecode):
1537         (JSC::CodeBlock::CodeBlock):
1538         (JSC::CodeBlock::finishCreation):
1539         (JSC::CodeBlock::shrinkToFit):
1540         (JSC::CodeBlock::validate):
1541         * bytecode/CodeBlock.h:
1542         (JSC::CodeBlock::numCalleeLocals):
1543         (JSC::CodeBlock::liveCalleeLocalsAtYield):
1544         * bytecode/EvalCodeCache.h:
1545         (JSC::EvalCodeCache::tryGet):
1546         (JSC::EvalCodeCache::getSlow):
1547         (JSC::EvalCodeCache::isCacheable):
1548         * bytecode/ExecutableInfo.h:
1549         (JSC::ExecutableInfo::ExecutableInfo):
1550         (JSC::ExecutableInfo::generatorThisMode):
1551         (JSC::ExecutableInfo::superBinding):
1552         (JSC::ExecutableInfo::parseMode):
1553         (JSC::ExecutableInfo::isArrowFunction): Deleted.
1554         * bytecode/PreciseJumpTargets.cpp:
1555         (JSC::getJumpTargetsForBytecodeOffset):
1556         * bytecode/UnlinkedCodeBlock.cpp:
1557         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1558         * bytecode/UnlinkedCodeBlock.h:
1559         (JSC::UnlinkedCodeBlock::parseMode):
1560         (JSC::UnlinkedCodeBlock::generatorThisMode):
1561         (JSC::UnlinkedCodeBlock::superBinding):
1562         (JSC::UnlinkedCodeBlock::isArrowFunction): Deleted.
1563         * bytecode/UnlinkedFunctionExecutable.cpp:
1564         (JSC::generateUnlinkedFunctionCodeBlock):
1565         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1566         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
1567         * bytecode/UnlinkedFunctionExecutable.h:
1568         * bytecompiler/BytecodeGenerator.cpp:
1569         (JSC::BytecodeGenerator::BytecodeGenerator):
1570         (JSC::BytecodeGenerator::initializeParameters):
1571         (JSC::BytecodeGenerator::newRegister):
1572         (JSC::BytecodeGenerator::reclaimFreeRegisters):
1573         (JSC::BytecodeGenerator::createVariable):
1574         (JSC::BytecodeGenerator::emitCreateThis):
1575         (JSC::BytecodeGenerator::emitNewFunctionExpressionCommon):
1576         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1577         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
1578         (JSC::BytecodeGenerator::emitNewFunction):
1579         (JSC::BytecodeGenerator::emitIteratorNextWithValue):
1580         (JSC::BytecodeGenerator::emitYieldPoint):
1581         (JSC::BytecodeGenerator::emitSave):
1582         (JSC::BytecodeGenerator::emitResume):
1583         (JSC::BytecodeGenerator::emitYield):
1584         (JSC::BytecodeGenerator::emitDelegateYield):
1585         (JSC::BytecodeGenerator::emitGeneratorStateChange):
1586         (JSC::BytecodeGenerator::emitGeneratorStateLabel):
1587         (JSC::BytecodeGenerator::beginGenerator):
1588         (JSC::BytecodeGenerator::endGenerator):
1589         (JSC::BytecodeGenerator::emitNewFunctionInternal): Deleted.
1590         (JSC::BytecodeGenerator::emitNewFunctionCommon): Deleted.
1591         * bytecompiler/BytecodeGenerator.h:
1592         (JSC::BytecodeGenerator::generatorThisMode):
1593         (JSC::BytecodeGenerator::superBinding):
1594         (JSC::BytecodeGenerator::generatorRegister):
1595         (JSC::BytecodeGenerator::generatorStateRegister):
1596         (JSC::BytecodeGenerator::generatorValueRegister):
1597         (JSC::BytecodeGenerator::generatorResumeModeRegister):
1598         (JSC::BytecodeGenerator::parseMode):
1599         (JSC::BytecodeGenerator::registerFor):
1600         (JSC::BytecodeGenerator::makeFunction):
1601         * bytecompiler/NodesCodegen.cpp:
1602         (JSC::ThisNode::emitBytecode):
1603         (JSC::emitHomeObjectForCallee):
1604         (JSC::emitSuperBaseForCallee):
1605         (JSC::ReturnNode::emitBytecode):
1606         (JSC::FunctionNode::emitBytecode):
1607         (JSC::YieldExprNode::emitBytecode):
1608         * dfg/DFGByteCodeParser.cpp:
1609         (JSC::DFG::ByteCodeParser::ByteCodeParser):
1610         (JSC::DFG::ByteCodeParser::inlineCall):
1611         (JSC::DFG::ByteCodeParser::handleGetById):
1612         (JSC::DFG::ByteCodeParser::handlePutById):
1613         * dfg/DFGForAllKills.h:
1614         (JSC::DFG::forAllKilledOperands):
1615         * dfg/DFGGraph.h:
1616         (JSC::DFG::Graph::forAllLocalsLiveInBytecode):
1617         * dfg/DFGOSREntrypointCreationPhase.cpp:
1618         (JSC::DFG::OSREntrypointCreationPhase::run):
1619         * dfg/DFGVariableEventStream.cpp:
1620         (JSC::DFG::VariableEventStream::reconstruct):
1621         * ftl/FTLForOSREntryJITCode.cpp:
1622         (JSC::FTL::ForOSREntryJITCode::initializeEntryBuffer):
1623         * ftl/FTLForOSREntryJITCode.h:
1624         * ftl/FTLOSREntry.cpp:
1625         (JSC::FTL::prepareOSREntry):
1626         * ftl/FTLState.cpp:
1627         (JSC::FTL::State::State):
1628         * heap/MarkedBlock.h:
1629         (JSC::MarkedBlock::isAtom):
1630         (JSC::MarkedBlock::isLiveCell):
1631         * interpreter/Interpreter.cpp:
1632         (JSC::eval):
1633         (JSC::Interpreter::dumpRegisters):
1634         * jit/JIT.cpp:
1635         (JSC::JIT::privateCompileMainPass):
1636         (JSC::JIT::frameRegisterCountFor):
1637         * jit/JIT.h:
1638         * jit/JITOpcodes.cpp:
1639         (JSC::JIT::emitNewFuncCommon):
1640         (JSC::JIT::emit_op_new_func):
1641         (JSC::JIT::emit_op_new_generator_func):
1642         (JSC::JIT::emitNewFuncExprCommon):
1643         (JSC::JIT::emit_op_new_func_exp):
1644         (JSC::JIT::emit_op_new_generator_func_exp):
1645         (JSC::JIT::emit_op_save):
1646         (JSC::JIT::emit_op_resume):
1647         * jit/JITOperations.cpp:
1648         (JSC::operationNewFunctionCommon):
1649         * jit/JITOperations.h:
1650         * llint/LLIntEntrypoint.cpp:
1651         (JSC::LLInt::frameRegisterCountFor):
1652         * llint/LLIntSlowPaths.cpp:
1653         (JSC::LLInt::traceFunctionPrologue):
1654         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1655         * llint/LLIntSlowPaths.h:
1656         * llint/LowLevelInterpreter.asm:
1657         * parser/ASTBuilder.h:
1658         (JSC::ASTBuilder::createYield):
1659         (JSC::ASTBuilder::createFunctionMetadata):
1660         (JSC::ASTBuilder::propagateArgumentsUse):
1661         * parser/Nodes.cpp:
1662         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1663         * parser/Nodes.h:
1664         * parser/Parser.cpp:
1665         (JSC::Parser<LexerType>::Parser):
1666         (JSC::Parser<LexerType>::parseInner):
1667         (JSC::Parser<LexerType>::parseGeneratorFunctionSourceElements):
1668         (JSC::Parser<LexerType>::parseFunctionBody):
1669         (JSC::stringForFunctionMode):
1670         (JSC::Parser<LexerType>::createGeneratorParameters):
1671         (JSC::Parser<LexerType>::parseFunctionInfo):
1672         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1673         (JSC::Parser<LexerType>::parseClass):
1674         (JSC::Parser<LexerType>::parseAssignmentExpression):
1675         (JSC::Parser<LexerType>::parseYieldExpression):
1676         (JSC::Parser<LexerType>::parsePropertyMethod):
1677         (JSC::Parser<LexerType>::parseFunctionExpression):
1678         * parser/Parser.h:
1679         (JSC::Scope::Scope):
1680         (JSC::Scope::setSourceParseMode):
1681         (JSC::Scope::hasArguments):
1682         (JSC::Scope::collectFreeVariables):
1683         (JSC::Scope::setIsFunction):
1684         (JSC::Scope::setIsGeneratorFunction):
1685         (JSC::Scope::setIsGenerator):
1686         (JSC::parse):
1687         * parser/ParserModes.h:
1688         (JSC::isFunctionParseMode):
1689         (JSC::isModuleParseMode):
1690         (JSC::isProgramParseMode):
1691         * parser/SourceCodeKey.h: Added.
1692         (JSC::SourceCodeKey::SourceCodeKey):
1693         (JSC::SourceCodeKey::isHashTableDeletedValue):
1694         (JSC::SourceCodeKey::hash):
1695         (JSC::SourceCodeKey::length):
1696         (JSC::SourceCodeKey::isNull):
1697         (JSC::SourceCodeKey::string):
1698         (JSC::SourceCodeKey::operator==):
1699         (JSC::SourceCodeKeyHash::hash):
1700         (JSC::SourceCodeKeyHash::equal):
1701         (JSC::SourceCodeKeyHashTraits::isEmptyValue):
1702         * parser/SyntaxChecker.h:
1703         (JSC::SyntaxChecker::createYield):
1704         (JSC::SyntaxChecker::createFunctionMetadata):
1705         (JSC::SyntaxChecker::operatorStackPop):
1706         * runtime/CodeCache.cpp:
1707         (JSC::CodeCache::getGlobalCodeBlock):
1708         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1709         * runtime/CodeCache.h:
1710         (JSC::SourceCodeKey::SourceCodeKey): Deleted.
1711         (JSC::SourceCodeKey::isHashTableDeletedValue): Deleted.
1712         (JSC::SourceCodeKey::hash): Deleted.
1713         (JSC::SourceCodeKey::length): Deleted.
1714         (JSC::SourceCodeKey::isNull): Deleted.
1715         (JSC::SourceCodeKey::string): Deleted.
1716         (JSC::SourceCodeKey::operator==): Deleted.
1717         (JSC::SourceCodeKeyHash::hash): Deleted.
1718         (JSC::SourceCodeKeyHash::equal): Deleted.
1719         (JSC::SourceCodeKeyHashTraits::isEmptyValue): Deleted.
1720         * runtime/CommonIdentifiers.h:
1721         * runtime/CommonSlowPaths.cpp:
1722         (JSC::SLOW_PATH_DECL):
1723         * runtime/CommonSlowPaths.h:
1724         * runtime/Completion.cpp:
1725         (JSC::checkSyntax):
1726         (JSC::checkModuleSyntax):
1727         * runtime/Executable.cpp:
1728         (JSC::ScriptExecutable::newCodeBlockFor):
1729         (JSC::ProgramExecutable::checkSyntax):
1730         * runtime/Executable.h:
1731         * runtime/FunctionConstructor.cpp:
1732         (JSC::constructFunction):
1733         (JSC::constructFunctionSkippingEvalEnabledCheck):
1734         * runtime/FunctionConstructor.h:
1735         * runtime/GeneratorFrame.cpp: Added.
1736         (JSC::GeneratorFrame::GeneratorFrame):
1737         (JSC::GeneratorFrame::finishCreation):
1738         (JSC::GeneratorFrame::createStructure):
1739         (JSC::GeneratorFrame::create):
1740         (JSC::GeneratorFrame::save):
1741         (JSC::GeneratorFrame::resume):
1742         (JSC::GeneratorFrame::visitChildren):
1743         * runtime/GeneratorFrame.h: Added.
1744         (JSC::GeneratorFrame::locals):
1745         (JSC::GeneratorFrame::localAt):
1746         (JSC::GeneratorFrame::offsetOfLocals):
1747         (JSC::GeneratorFrame::allocationSizeForLocals):
1748         * runtime/GeneratorFunctionConstructor.cpp: Added.
1749         (JSC::GeneratorFunctionConstructor::GeneratorFunctionConstructor):
1750         (JSC::GeneratorFunctionConstructor::finishCreation):
1751         (JSC::callGeneratorFunctionConstructor):
1752         (JSC::constructGeneratorFunctionConstructor):
1753         (JSC::GeneratorFunctionConstructor::getCallData):
1754         (JSC::GeneratorFunctionConstructor::getConstructData):
1755         * runtime/GeneratorFunctionConstructor.h: Added.
1756         (JSC::GeneratorFunctionConstructor::create):
1757         (JSC::GeneratorFunctionConstructor::createStructure):
1758         * runtime/GeneratorFunctionPrototype.cpp: Added.
1759         (JSC::GeneratorFunctionPrototype::GeneratorFunctionPrototype):
1760         (JSC::GeneratorFunctionPrototype::finishCreation):
1761         * runtime/GeneratorFunctionPrototype.h: Added.
1762         (JSC::GeneratorFunctionPrototype::create):
1763         (JSC::GeneratorFunctionPrototype::createStructure):
1764         * runtime/GeneratorPrototype.cpp: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1765         (JSC::GeneratorPrototype::finishCreation):
1766         (JSC::GeneratorPrototype::getOwnPropertySlot):
1767         * runtime/GeneratorPrototype.h: Copied from Source/JavaScriptCore/ftl/FTLForOSREntryJITCode.cpp.
1768         (JSC::GeneratorPrototype::create):
1769         (JSC::GeneratorPrototype::createStructure):
1770         (JSC::GeneratorPrototype::GeneratorPrototype):
1771         * runtime/GeneratorThisMode.h: Added.
1772         * runtime/JSFunction.cpp:
1773         (JSC::JSFunction::getOwnPropertySlot):
1774         * runtime/JSGeneratorFunction.cpp: Added.
1775         (JSC::JSGeneratorFunction::JSGeneratorFunction):
1776         (JSC::JSGeneratorFunction::createImpl):
1777         (JSC::JSGeneratorFunction::create):
1778         (JSC::JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint):
1779         * runtime/JSGeneratorFunction.h: Added.
1780         (JSC::JSGeneratorFunction::allocationSize):
1781         (JSC::JSGeneratorFunction::createStructure):
1782         * runtime/JSGlobalObject.cpp:
1783         (JSC::JSGlobalObject::init):
1784         (JSC::JSGlobalObject::visitChildren):
1785         * runtime/JSGlobalObject.h:
1786         (JSC::JSGlobalObject::generatorFunctionPrototype):
1787         (JSC::JSGlobalObject::generatorPrototype):
1788         (JSC::JSGlobalObject::generatorFunctionStructure):
1789         * runtime/ModuleLoaderObject.cpp:
1790         (JSC::moduleLoaderObjectParseModule):
1791         * runtime/VM.cpp:
1792         (JSC::VM::VM):
1793         * runtime/VM.h:
1794         * tests/es6.yaml:
1795         * tests/es6/generators_yield_star_generic_iterables.js:
1796         (iterator.next):
1797         (iterable.Symbol.iterator):
1798         (__createIterableObject):
1799         * tests/es6/generators_yield_star_instances_of_iterables.js:
1800         (iterator.next):
1801         (iterable.Symbol.iterator):
1802         (__createIterableObject):
1803         * tests/es6/generators_yield_star_iterator_closing.js:
1804         (iterator.next):
1805         (iterable.Symbol.iterator):
1806         (__createIterableObject):
1807         * tests/es6/generators_yield_star_iterator_closing_via_throw.js:
1808         (iterator.next):
1809         (iterable.Symbol.iterator):
1810         (__createIterableObject):
1811         * tests/stress/generator-arguments-from-function.js: Added.
1812         (shouldBe):
1813         (test):
1814         * tests/stress/generator-arguments.js: Added.
1815         (shouldBe):
1816         (g1):
1817         * tests/stress/generator-class-methods-syntax.js: Added.
1818         (testSyntax):
1819         (testSyntaxError):
1820         (testSyntaxError.Cocoa):
1821         (testSyntax.Cocoa.prototype.ok):
1822         (testSyntax.Cocoa):
1823         (testSyntax.Cocoa.ok):
1824         * tests/stress/generator-class-methods.js: Added.
1825         (shouldBe):
1826         (prototype.gen):
1827         (staticGen):
1828         (shouldBe.g.next):
1829         * tests/stress/generator-eval-this.js: Added.
1830         (shouldBe):
1831         (shouldThrow):
1832         (B):
1833         (A):
1834         (C.prototype.generator):
1835         (C):
1836         (TypeError):
1837         * tests/stress/generator-function-constructor.js: Added.
1838         (shouldBe):
1839         (generatorFunctionConstructor):
1840         * tests/stress/generator-function-name.js: Added.
1841         (shouldBe):
1842         (ok):
1843         * tests/stress/generator-methods-with-non-generator.js: Added.
1844         (shouldThrow):
1845         * tests/stress/generator-relations.js: Added.
1846         (shouldBe):
1847         (generatorFunction):
1848         * tests/stress/generator-return-before-first-call.js: Added.
1849         (shouldBe):
1850         (shouldBeIteratorResult):
1851         * tests/stress/generator-return.js: Added.
1852         (shouldBe):
1853         (shouldBeIteratorResult):
1854         * tests/stress/generator-this.js: Added.
1855         (shouldBe):
1856         (shouldThrow):
1857         (gen):
1858         (shouldBe.g.next):
1859         * tests/stress/generator-throw-before-first-call.js: Added.
1860         (unreachable):
1861         (gen):
1862         (catch):
1863         * tests/stress/generator-throw.js: Added.
1864         (shouldBe):
1865         (shouldBeIteratorResult):
1866         * tests/stress/generator-with-new-target.js: Added.
1867         (shouldBe):
1868         (gen):
1869         * tests/stress/generator-with-super.js: Added.
1870         (shouldThrow):
1871         (test):
1872         (B.prototype.gen):
1873         (B):
1874         (A.prototype.gen):
1875         (A):
1876         * tests/stress/generator-yield-star.js: Added.
1877         (shouldBe):
1878         (shouldThrow):
1879         (prototype.call):
1880         (Arrays):
1881         (Arrays.prototype.Symbol.iterator):
1882         (Iterator.prototype.next):
1883         (Iterator.prototype.string_appeared_here):
1884         (Iterator.prototype.Symbol.iterator):
1885         (Iterator):
1886         (gen):
1887
1888 2015-12-01  Filip Pizlo  <fpizlo@apple.com>
1889
1890         Remove repetitive cruft from FTL OSR exit code in LowerDFGToLLVM
1891         https://bugs.webkit.org/show_bug.cgi?id=151718
1892
1893         Reviewed by Geoffrey Garen.
1894
1895         * b3/B3StackmapValue.h:
1896         * ftl/FTLLowerDFGToLLVM.cpp:
1897         (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
1898         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
1899         (JSC::FTL::DFG::LowerDFGToLLVM::lowBlock):
1900         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitDescriptor):
1901         (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
1902         (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
1903         (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
1904         (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
1905         (JSC::FTL::DFG::LowerDFGToLLVM::callStackmap):
1906
1907 2015-12-01  Caitlin Potter  <caitp@igalia.com>
1908
1909         [JSC] add missing RequireObjectCoercible() step in destructuring
1910         https://bugs.webkit.org/show_bug.cgi?id=151596
1911
1912         Reviewed by Darin Adler.
1913
1914         * bytecompiler/BytecodeGenerator.cpp:
1915         (JSC::BytecodeGenerator::emitRequireObjectCoercible):
1916         * bytecompiler/BytecodeGenerator.h:
1917         * bytecompiler/NodesCodegen.cpp:
1918         (JSC::ObjectPatternNode::bindValue):
1919         * tests/stress/destructuring-assignment-require-object-coercible.js: Added.
1920         (testTypeError):
1921         (testOK):
1922
1923 2015-12-01  Mark Lam  <mark.lam@apple.com>
1924
1925         Refactor FTL sub snippet code to support general binary op snippets.
1926         https://bugs.webkit.org/show_bug.cgi?id=151706
1927
1928         Reviewed by Geoffrey Garen.
1929
1930         * CMakeLists.txt:
1931         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1932         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1933         * JavaScriptCore.xcodeproj/project.pbxproj:
1934
1935         * ftl/FTLCompile.cpp:
1936         - Moved the BinarySnippetRegisterContext to FTLCompileBinaryOp.cpp verbatim.
1937         - Generalize generateArithSubICFastPath() to generateBinaryOpICFastPath().
1938           It now uses snippet specific helpers in FTLCompileBinaryOp.cpp to generate
1939           the fast paths.
1940
1941         * ftl/FTLCompileBinaryOp.cpp: Added.
1942         (JSC::FTL::BinarySnippetRegisterContext::BinarySnippetRegisterContext):
1943         (JSC::FTL::BinarySnippetRegisterContext::initializeRegisters):
1944         (JSC::FTL::BinarySnippetRegisterContext::restoreRegisters):
1945         - Moved here without changed from FTLCompile.cpp.
1946         (JSC::FTL::generateArithSubFastPath):
1947         * ftl/FTLCompileBinaryOp.h: Added.
1948
1949         * ftl/FTLInlineCacheDescriptor.h:
1950         (JSC::FTL::BinaryOpDescriptor::nodeType):
1951         (JSC::FTL::BinaryOpDescriptor::size):
1952         (JSC::FTL::BinaryOpDescriptor::name):
1953         (JSC::FTL::BinaryOpDescriptor::fastPathICName):
1954         (JSC::FTL::BinaryOpDescriptor::slowPathFunction):
1955         (JSC::FTL::BinaryOpDescriptor::leftOperand):
1956         (JSC::FTL::BinaryOpDescriptor::rightOperand):
1957         (JSC::FTL::BinaryOpDescriptor::BinaryOpDescriptor):
1958         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor): Deleted.
1959         (JSC::FTL::ArithSubDescriptor::leftType): Deleted.
1960         (JSC::FTL::ArithSubDescriptor::rightType): Deleted.
1961         - Refactor ArithSubDescriptor into BinaryOpDescriptor, and re-add a sub-class
1962           ArithSubDescriptor as specializations of BinaryOpDescriptor.
1963
1964         * ftl/FTLInlineCacheDescriptorInlines.h: Added.
1965         (JSC::FTL::ArithSubDescriptor::ArithSubDescriptor):
1966         (JSC::FTL::ArithSubDescriptor::icSize):
1967
1968         * ftl/FTLLowerDFGToLLVM.cpp:
1969         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
1970         * ftl/FTLOSRExit.cpp:
1971         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
1972         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
1973         * ftl/FTLOSRExit.h:
1974         * ftl/FTLState.h:
1975
1976 2015-12-01  Carlos Garcia Campos  <cgarcia@igalia.com>
1977
1978         Unreviewed, rolling out r192876.
1979
1980         It broke a lot of JSC and layout tests for GTK and EFL
1981
1982         Reverted changeset:
1983
1984         "[ES6] "super" and "this" should be lexically bound inside an
1985         arrow function and should live in a JSLexicalEnvironment"
1986         https://bugs.webkit.org/show_bug.cgi?id=149338
1987         http://trac.webkit.org/changeset/192876
1988
1989 2015-12-01 Aleksandr Skachkov   <gskachkov@gmail.com>
1990
1991         [ES6] "super" and "this" should be lexically bound inside an arrow function and should live in a JSLexicalEnvironment
1992         https://bugs.webkit.org/show_bug.cgi?id=149338
1993
1994         Reviewed by Saam Barati.
1995
1996         Implemented new version of the lexically bound 'this' in arrow function. In current version 
1997         'this' is stored inside of the lexical environment of the function. To store and load we use
1998         op_get_from_scope and op_put_to_scope operations. Also new implementation prevent raising TDZ
1999         error for arrow functions that are declared before super() but invoke after.
2000
2001         * builtins/BuiltinExecutables.cpp:
2002         (JSC::createExecutableInternal):
2003         * bytecode/BytecodeList.json:
2004         * bytecode/BytecodeUseDef.h:
2005         * bytecode/CodeBlock.cpp:
2006         (JSC::CodeBlock::dumpBytecode):
2007         * bytecode/EvalCodeCache.h:
2008         (JSC::EvalCodeCache::getSlow):
2009         * bytecode/ExecutableInfo.h:
2010         (JSC::ExecutableInfo::ExecutableInfo):
2011         (JSC::ExecutableInfo::isDerivedConstructorContext):
2012         (JSC::ExecutableInfo::isArrowFunctionContext):
2013         * bytecode/UnlinkedCodeBlock.cpp:
2014         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2015         * bytecode/UnlinkedCodeBlock.h:
2016         (JSC::UnlinkedCodeBlock::isDerivedConstructorContext):
2017         (JSC::UnlinkedCodeBlock::isArrowFunctionContext):
2018         * bytecode/UnlinkedFunctionExecutable.cpp:
2019         (JSC::generateUnlinkedFunctionCodeBlock):
2020         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2021         * bytecode/UnlinkedFunctionExecutable.h:
2022         * bytecompiler/BytecodeGenerator.cpp:
2023         (JSC::BytecodeGenerator::BytecodeGenerator):
2024         (JSC::BytecodeGenerator::initializeArrowFunctionContextScopeIfNeeded):
2025         (JSC::BytecodeGenerator::variable):
2026         (JSC::BytecodeGenerator::emitLoadArrowFunctionLexicalEnvironment):
2027         (JSC::BytecodeGenerator::emitLoadThisFromArrowFunctionLexicalEnvironment):
2028         (JSC::BytecodeGenerator::emitLoadNewTargetFromArrowFunctionLexicalEnvironment):
2029         (JSC::BytecodeGenerator::emitLoadDerivedConstructorFromArrowFunctionLexicalEnvironment):
2030         (JSC::BytecodeGenerator::emitPutNewTargetToArrowFunctionContextScope):
2031         (JSC::BytecodeGenerator::emitPutDerivedConstructorToArrowFunctionContextScope):
2032         (JSC::BytecodeGenerator::emitPutThisToArrowFunctionContextScope):
2033         * bytecompiler/BytecodeGenerator.h:
2034         (JSC::BytecodeGenerator::isDerivedConstructorContext):
2035         (JSC::BytecodeGenerator::usesArrowFunction):
2036         (JSC::BytecodeGenerator::needsToUpdateArrowFunctionContext):
2037         (JSC::BytecodeGenerator::usesEval):
2038         (JSC::BytecodeGenerator::usesThis):
2039         (JSC::BytecodeGenerator::newTarget):
2040         (JSC::BytecodeGenerator::makeFunction):
2041         * bytecompiler/NodesCodegen.cpp:
2042         (JSC::ThisNode::emitBytecode):
2043         (JSC::SuperNode::emitBytecode):
2044         (JSC::EvalFunctionCallNode::emitBytecode):
2045         (JSC::FunctionCallValueNode::emitBytecode):
2046         (JSC::FunctionNode::emitBytecode):
2047         * debugger/DebuggerCallFrame.cpp:
2048         (JSC::DebuggerCallFrame::evaluate):
2049         * dfg/DFGAbstractInterpreterInlines.h:
2050         * dfg/DFGByteCodeParser.cpp:
2051         (JSC::DFG::ByteCodeParser::parseBlock):
2052         * dfg/DFGCapabilities.cpp:
2053         * dfg/DFGClobberize.h:
2054         * dfg/DFGDoesGC.cpp:
2055         * dfg/DFGFixupPhase.cpp:
2056         * dfg/DFGNodeType.h:
2057         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2058         * dfg/DFGPredictionPropagationPhase.cpp:
2059         * dfg/DFGPromotedHeapLocation.cpp:
2060         * dfg/DFGPromotedHeapLocation.h:
2061         * dfg/DFGSafeToExecute.h:
2062         * dfg/DFGSpeculativeJIT.cpp:
2063         * dfg/DFGSpeculativeJIT.h:
2064         * dfg/DFGSpeculativeJIT32_64.cpp:
2065         * dfg/DFGSpeculativeJIT64.cpp:
2066         * ftl/FTLCapabilities.cpp:
2067         * ftl/FTLLowerDFGToLLVM.cpp:
2068         * ftl/FTLOperations.cpp:
2069         (JSC::FTL::operationMaterializeObjectInOSR):
2070         * interpreter/Interpreter.cpp:
2071         (JSC::eval):
2072         * jit/JIT.cpp:
2073         * jit/JIT.h:
2074         * jit/JITOpcodes.cpp:
2075         (JSC::JIT::emitNewFuncExprCommon):
2076         * jit/JITOpcodes32_64.cpp:
2077         * llint/LLIntSlowPaths.cpp:
2078         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2079         * llint/LowLevelInterpreter.asm:
2080         * llint/LowLevelInterpreter32_64.asm:
2081         * llint/LowLevelInterpreter64.asm:
2082         * parser/ASTBuilder.h:
2083         (JSC::ASTBuilder::createArrowFunctionExpr):
2084         (JSC::ASTBuilder::usesArrowFunction):
2085         * parser/Nodes.h:
2086         (JSC::ScopeNode::usesArrowFunction):
2087         * parser/Parser.cpp:
2088         (JSC::Parser<LexerType>::parseFunctionInfo):
2089         * parser/ParserModes.h:
2090         * runtime/CodeCache.cpp:
2091         (JSC::CodeCache::getGlobalCodeBlock):
2092         (JSC::CodeCache::getProgramCodeBlock):
2093         (JSC::CodeCache::getEvalCodeBlock):
2094         (JSC::CodeCache::getModuleProgramCodeBlock):
2095         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2096         * runtime/CodeCache.h:
2097         * runtime/CommonIdentifiers.h:
2098         * runtime/CommonSlowPaths.cpp:
2099         (JSC::SLOW_PATH_DECL):
2100         * runtime/Executable.cpp:
2101         (JSC::ScriptExecutable::ScriptExecutable):
2102         (JSC::EvalExecutable::create):
2103         (JSC::EvalExecutable::EvalExecutable):
2104         (JSC::ProgramExecutable::ProgramExecutable):
2105         (JSC::ModuleProgramExecutable::ModuleProgramExecutable):
2106         (JSC::FunctionExecutable::FunctionExecutable):
2107         * runtime/Executable.h:
2108         (JSC::ScriptExecutable::isArrowFunctionContext):
2109         (JSC::ScriptExecutable::isDerivedConstructorContext):
2110         * runtime/JSGlobalObject.cpp:
2111         (JSC::JSGlobalObject::createEvalCodeBlock):
2112         * runtime/JSGlobalObject.h:
2113         * runtime/JSGlobalObjectFunctions.cpp:
2114         (JSC::globalFuncEval):
2115         * tests/es6.yaml:
2116         * tests/stress/arrowfunction-activation-sink-osrexit.js:
2117         * tests/stress/arrowfunction-activation-sink.js:
2118         * tests/stress/arrowfunction-lexical-bind-newtarget.js: Added.
2119         * tests/stress/arrowfunction-lexical-bind-supercall-1.js: Added.
2120         * tests/stress/arrowfunction-lexical-bind-supercall-2.js: Added.
2121         * tests/stress/arrowfunction-lexical-bind-supercall-3.js: Added.
2122         * tests/stress/arrowfunction-lexical-bind-supercall-4.js: Added.
2123         * tests/stress/arrowfunction-lexical-bind-this-1.js:
2124         * tests/stress/arrowfunction-lexical-bind-this-7.js: Added.
2125         * tests/stress/arrowfunction-tdz-1.js: Added.
2126         * tests/stress/arrowfunction-tdz-2.js: Added.
2127         * tests/stress/arrowfunction-tdz-3.js: Added.
2128         * tests/stress/arrowfunction-tdz-4.js: Added.
2129         * tests/stress/arrowfunction-tdz.js: Removed.
2130
2131 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2132
2133         [Streams API] streams should not directly use Number and related methods
2134         https://bugs.webkit.org/show_bug.cgi?id=151499
2135
2136         Reviewed by Darin Adler.
2137
2138         * runtime/CommonIdentifiers.h: Adding isNaN as private symbol.
2139         * runtime/JSGlobalObject.cpp:
2140         (JSC::JSGlobalObject::init): Adding @isNaN function.
2141
2142 2015-12-01  Csaba Osztrogonác  <ossy@webkit.org>
2143
2144         Don't hide the argument name inside for block in AirIteratedRegisterCoalescing.cpp
2145         https://bugs.webkit.org/show_bug.cgi?id=151622
2146
2147         Reviewed by Darin Adler.
2148
2149         * b3/air/AirIteratedRegisterCoalescing.cpp:
2150         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
2151
2152 2015-12-01  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2153
2154         [Streams API] Remove use of @catch for exposed promises
2155         https://bugs.webkit.org/show_bug.cgi?id=151625
2156
2157         Reviewed by Darin Adler.
2158
2159         * runtime/JSPromisePrototype.cpp:
2160         (JSC::JSPromisePrototype::addOwnInternalSlots): Removing @catch from the prototype as it is not safe.
2161
2162 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2163
2164         B3::ValueRep::Any should translate into a Arg::ColdUse role in Air
2165         https://bugs.webkit.org/show_bug.cgi?id=151174
2166
2167         Reviewed by Geoffrey Garen and Benjamin Poulain.
2168
2169         This teaches the register allocator that it should pick spills based on whichever tmp has the
2170         highest score:
2171
2172             score(tmp) = degree(tmp) / sum(for each use of tmp, block->frequency)
2173
2174         In other words, the numerator is the number of edges in the inteference graph and the denominator
2175         is an estimate of the dynamic number of uses.
2176
2177         This also extends Arg::Role to know that there is such a thing as ColdUse, i.e. a Use that
2178         doesn't count as such for the above formula. Because LateUse is always used in contexts where we
2179         want it to be Cold, I've defined LateUse to imply ColdUse.
2180
2181         This gets rid of all spilling inside the hot loop in Kraken/imaging-gaussian-blur. But more
2182         importantly, it makes our register allocator use a well-known heuristic based on reusable
2183         building blocks like the new Air::UseCounts. Even if the heuristic is slightly wrong, the right
2184         heuristic probably uses the same building blocks.
2185
2186         * JavaScriptCore.xcodeproj/project.pbxproj:
2187         * b3/B3StackmapSpecial.cpp:
2188         (JSC::B3::StackmapSpecial::forEachArgImpl):
2189         * b3/B3ValueRep.h:
2190         * b3/air/AirArg.cpp:
2191         (WTF::printInternal):
2192         * b3/air/AirArg.h:
2193         (JSC::B3::Air::Arg::isAnyUse):
2194         (JSC::B3::Air::Arg::isColdUse):
2195         (JSC::B3::Air::Arg::isWarmUse):
2196         (JSC::B3::Air::Arg::isEarlyUse):
2197         (JSC::B3::Air::Arg::isDef):
2198         * b3/air/AirIteratedRegisterCoalescing.cpp:
2199         (JSC::B3::Air::iteratedRegisterCoalescing):
2200         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::IteratedRegisterCoalescingAllocator): Deleted.
2201         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocatedReg): Deleted.
2202         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::tmpArraySize): Deleted.
2203         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees): Deleted.
2204         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build): Deleted.
2205         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::selectSpill): Deleted.
2206         (JSC::B3::Air::isUselessMoveInst): Deleted.
2207         (JSC::B3::Air::assignRegisterToTmpInProgram): Deleted.
2208         (JSC::B3::Air::addSpillAndFillToProgram): Deleted.
2209         (JSC::B3::Air::iteratedRegisterCoalescingOnType): Deleted.
2210         * b3/air/AirLiveness.h:
2211         * b3/air/AirSpillEverything.cpp:
2212         (JSC::B3::Air::spillEverything):
2213         * b3/air/AirUseCounts.h: Added.
2214         (JSC::B3::Air::UseCounts::Counts::dump):
2215         (JSC::B3::Air::UseCounts::UseCounts):
2216         (JSC::B3::Air::UseCounts::operator[]):
2217         (JSC::B3::Air::UseCounts::dump):
2218         * runtime/Options.h:
2219
2220 2015-11-30  Csaba Osztrogonác  <ossy@webkit.org>
2221
2222         Fix the !ENABLE(DFG_JIT) build after r192699
2223         https://bugs.webkit.org/show_bug.cgi?id=151616
2224
2225         Reviewed by Darin Adler.
2226
2227         * assembler/MacroAssembler.h:
2228
2229 2015-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
2230
2231         Object::{freeze, seal} perform preventExtensionsTransition twice
2232         https://bugs.webkit.org/show_bug.cgi?id=151606
2233
2234         Reviewed by Darin Adler.
2235
2236         In Structure::{freezeTransition, sealTransition}, we perform preventExtensionsTransition.
2237         So it is unnecessary to perform preventExtensionsTransition before executing Structure::{freezeTransition, sealTransition}.
2238
2239         * runtime/JSObject.cpp:
2240         (JSC::JSObject::seal):
2241         (JSC::JSObject::freeze):
2242         (JSC::JSObject::preventExtensions):
2243         * tests/stress/freeze-and-seal-should-prevent-extensions.js: Added.
2244         (shouldBe):
2245         (shouldThrow):
2246
2247 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
2248
2249         [JSC] Add Sqrt to B3
2250         https://bugs.webkit.org/show_bug.cgi?id=151692
2251
2252         Reviewed by Geoffrey Garen.
2253
2254         * assembler/MacroAssemblerX86Common.h:
2255         (JSC::MacroAssemblerX86Common::sqrtDouble):
2256         * assembler/X86Assembler.h:
2257         (JSC::X86Assembler::sqrtsd_mr):
2258         * b3/B3LowerToAir.cpp:
2259         (JSC::B3::Air::LowerToAir::lower):
2260         * b3/B3Opcode.cpp:
2261         (WTF::printInternal):
2262         * b3/B3Opcode.h:
2263         * b3/B3Validate.cpp:
2264         * b3/B3Value.cpp:
2265         (JSC::B3::Value::effects):
2266         (JSC::B3::Value::key):
2267         (JSC::B3::Value::typeFor):
2268         * b3/air/AirOpcode.opcodes:
2269         * b3/testb3.cpp:
2270         (JSC::B3::testSqrtArg):
2271         (JSC::B3::testSqrtImm):
2272         (JSC::B3::testSqrtMem):
2273         (JSC::B3::run):
2274         * ftl/FTLB3Output.h:
2275         (JSC::FTL::Output::doubleSqrt):
2276
2277 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2278
2279         FTL lazy slow paths should work with B3
2280         https://bugs.webkit.org/show_bug.cgi?id=151667
2281
2282         Reviewed by Geoffrey Garen.
2283
2284         This adds all of the glue necessary to make FTL::LazySlowPath work with B3. The B3 approach
2285         allows us to put all of the code in FTL::LowerDFGToLLVM, instead of having supporting data
2286         structures on the side and a bunch of complex code in FTLCompile.cpp.
2287
2288         * b3/B3CheckSpecial.cpp:
2289         (JSC::B3::CheckSpecial::generate):
2290         * b3/B3LowerToAir.cpp:
2291         (JSC::B3::Air::LowerToAir::run):
2292         * b3/B3PatchpointSpecial.cpp:
2293         (JSC::B3::PatchpointSpecial::generate):
2294         * b3/B3StackmapValue.h:
2295         * ftl/FTLJSTailCall.cpp:
2296         (JSC::FTL::DFG::recoveryFor):
2297         (JSC::FTL::JSTailCall::emit):
2298         * ftl/FTLLazySlowPath.cpp:
2299         (JSC::FTL::LazySlowPath::LazySlowPath):
2300         (JSC::FTL::LazySlowPath::generate):
2301         * ftl/FTLLazySlowPath.h:
2302         (JSC::FTL::LazySlowPath::createGenerator):
2303         (JSC::FTL::LazySlowPath::patchableJump):
2304         (JSC::FTL::LazySlowPath::done):
2305         (JSC::FTL::LazySlowPath::patchpoint):
2306         (JSC::FTL::LazySlowPath::usedRegisters):
2307         (JSC::FTL::LazySlowPath::callSiteIndex):
2308         (JSC::FTL::LazySlowPath::stub):
2309         * ftl/FTLLocation.cpp:
2310         (JSC::FTL::Location::forValueRep):
2311         (JSC::FTL::Location::forStackmaps):
2312         (JSC::FTL::Location::dump):
2313         (JSC::FTL::Location::isGPR):
2314         (JSC::FTL::Location::gpr):
2315         (JSC::FTL::Location::isFPR):
2316         (JSC::FTL::Location::fpr):
2317         (JSC::FTL::Location::restoreInto):
2318         * ftl/FTLLocation.h:
2319         (JSC::FTL::Location::Location):
2320         (JSC::FTL::Location::forRegister):
2321         (JSC::FTL::Location::forIndirect):
2322         (JSC::FTL::Location::forConstant):
2323         (JSC::FTL::Location::kind):
2324         (JSC::FTL::Location::hasReg):
2325         (JSC::FTL::Location::reg):
2326         (JSC::FTL::Location::hasOffset):
2327         (JSC::FTL::Location::offset):
2328         (JSC::FTL::Location::hash):
2329         (JSC::FTL::Location::hasDwarfRegNum): Deleted.
2330         (JSC::FTL::Location::dwarfRegNum): Deleted.
2331         (JSC::FTL::Location::hasDwarfReg): Deleted.
2332         (JSC::FTL::Location::dwarfReg): Deleted.
2333         * ftl/FTLLowerDFGToLLVM.cpp:
2334         (JSC::FTL::DFG::LowerDFGToLLVM::LowerDFGToLLVM):
2335         (JSC::FTL::DFG::LowerDFGToLLVM::lazySlowPath):
2336         * jit/RegisterSet.cpp:
2337         (JSC::RegisterSet::stubUnavailableRegisters):
2338         (JSC::RegisterSet::macroScratchRegisters):
2339         (JSC::RegisterSet::calleeSaveRegisters):
2340         * jit/RegisterSet.h:
2341
2342 2015-11-30  Geoffrey Garen  <ggaren@apple.com>
2343
2344         Use a better RNG for Math.random()
2345         https://bugs.webkit.org/show_bug.cgi?id=151641
2346
2347         Reviewed by Anders Carlsson.
2348
2349         Updated for interface change.
2350
2351         * runtime/JSGlobalObject.cpp:
2352         (JSC::JSGlobalObject::setInputCursor):
2353
2354 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
2355
2356         [JSC] Speed up Air Liveness Analysis on Tmps
2357         https://bugs.webkit.org/show_bug.cgi?id=151556
2358
2359         Reviewed by Filip Pizlo.
2360
2361         Liveness Analysis scales poorly on large graphs like the ones
2362         generated by testComplex().
2363         This patch introduces a faster of Liveness using the continuous indices
2364         of values instead of the values themselves.
2365
2366         There are two main areas of improvements:
2367         1) Reduce the cost of doing a LocalCalc over a BasicBlock.
2368         2) Reduce how many LocalCalc are needed to converge to a solution.
2369
2370         Most of the costs of LocalCalc are from HashSet manipulations.
2371         The HashSet operations are O(1) but the constant is large enough
2372         to be a problem.
2373
2374         I used a similar trick as the Register Allocator to remove hashing
2375         and collision handling: the absolute value of the Tmp is used as an index
2376         into a flat array.
2377
2378         I used Briggs's Sparse Set implementation for the local live information
2379         at each instruction. It has great properties for doing the local calculation:
2380         -No memory reallocation.
2381         -O(1) add() and remove() with a small constant.
2382         -Strict O(n) iteration.
2383         -O(1) clear().
2384
2385         The values Live-At-Head are now stored into a Vector. The Sparse Set
2386         is used to maintain the Tmp uniqueness.
2387
2388         When forwarding new liveness at head to the predecessor, I start by removing
2389         everything that was already in live-at-head. We can assume that any value
2390         in that list has already been added to the predecessors.
2391         This leaves us with a small-ish number of Tmps to add to live-at-head
2392         and to the predecessors.
2393
2394         The speed up convergence, I used the same trick as DFG's liveness: keep
2395         a set of dirty blocks to process. In practice, all the blocks without
2396         back-edges converge quickly, and we only propagate liveness as needed.
2397
2398         This patch reduces the time taken by "testComplex(64, 384)" by another 5%.
2399
2400         The remaining things to do for Liveness are:
2401         -Skip the first block for the fix point (it is often large and doing a local
2402          calc on it is useless).
2403         -Find a better Data Structure for live-at-tail (updating the HashSet takes
2404          > 50% of the total convergence time).
2405
2406         * JavaScriptCore.xcodeproj/project.pbxproj:
2407         * b3/air/AirIteratedRegisterCoalescing.cpp:
2408         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build):
2409         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::getAlias):
2410         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::getAliasWhenSpilling):
2411         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocatedReg):
2412         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::tmpArraySize):
2413         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees):
2414         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
2415         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdge):
2416         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::makeWorkList):
2417         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::simplify):
2418         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::forEachAdjacent):
2419         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::hasBeenSimplified):
2420         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::decrementDegree):
2421         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::forEachNodeMoves):
2422         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::isMoveRelated):
2423         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::enableMovesOnValue):
2424         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::precoloredCoalescingHeuristic):
2425         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::conservativeHeuristic):
2426         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addWorkList):
2427         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::combine):
2428         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::freezeMoves):
2429         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::selectSpill):
2430         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::assignColors):
2431         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::dumpInterferenceGraphInDot):
2432         (JSC::B3::Air::iteratedRegisterCoalescingOnType):
2433         (JSC::B3::Air::iteratedRegisterCoalescing):
2434         (JSC::B3::Air::AbsoluteTmpHelper<Arg::GP>::absoluteIndex): Deleted.
2435         (JSC::B3::Air::AbsoluteTmpHelper<Arg::GP>::tmpFromAbsoluteIndex): Deleted.
2436         (JSC::B3::Air::AbsoluteTmpHelper<Arg::FP>::absoluteIndex): Deleted.
2437         (JSC::B3::Air::AbsoluteTmpHelper<Arg::FP>::tmpFromAbsoluteIndex): Deleted.
2438         * b3/air/AirReportUsedRegisters.cpp:
2439         (JSC::B3::Air::reportUsedRegisters):
2440         * b3/air/AirTmpInlines.h:
2441         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::absoluteIndex):
2442         (JSC::B3::Air::AbsoluteTmpMapper<Arg::GP>::tmpFromAbsoluteIndex):
2443         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::absoluteIndex):
2444         (JSC::B3::Air::AbsoluteTmpMapper<Arg::FP>::tmpFromAbsoluteIndex):
2445         * b3/air/AirLiveness.h: Added.
2446
2447 2015-11-30  Saam barati  <sbarati@apple.com>
2448
2449         FTL OSR Exits that are exception handlers should not have two different entrances. Instead, we should have two discrete OSR exits that do different things.
2450         https://bugs.webkit.org/show_bug.cgi?id=151404
2451
2452         Reviewed by Filip Pizlo.
2453
2454         * ftl/FTLCompile.cpp:
2455         (JSC::FTL::mmAllocateDataSection):
2456         * ftl/FTLExceptionHandlerManager.cpp:
2457         (JSC::FTL::ExceptionHandlerManager::addNewExit):
2458         (JSC::FTL::ExceptionHandlerManager::addNewCallOperationExit):
2459         (JSC::FTL::ExceptionHandlerManager::callOperationExceptionTarget):
2460         (JSC::FTL::ExceptionHandlerManager::lazySlowPathExceptionTarget):
2461         (JSC::FTL::ExceptionHandlerManager::callOperationOSRExit):
2462         (JSC::FTL::ExceptionHandlerManager::getByIdOSRExit): Deleted.
2463         (JSC::FTL::ExceptionHandlerManager::subOSRExit): Deleted.
2464         * ftl/FTLExceptionHandlerManager.h:
2465         * ftl/FTLExitThunkGenerator.cpp:
2466         (JSC::FTL::ExitThunkGenerator::emitThunk):
2467         * ftl/FTLOSRExit.cpp:
2468         (JSC::FTL::OSRExitDescriptor::OSRExitDescriptor):
2469         (JSC::FTL::OSRExitDescriptor::isExceptionHandler):
2470         (JSC::FTL::OSRExit::OSRExit):
2471         (JSC::FTL::OSRExit::spillRegistersToSpillSlot):
2472         (JSC::FTL::OSRExit::recoverRegistersFromSpillSlot):
2473         (JSC::FTL::OSRExit::willArriveAtExitFromIndirectExceptionCheck):
2474         (JSC::FTL::OSRExit::willArriveAtOSRExitFromGenericUnwind):
2475         (JSC::FTL::OSRExit::willArriveAtOSRExitFromCallOperation):
2476         (JSC::FTL::OSRExit::needsRegisterRecoveryOnGenericUnwindOSRExitPath):
2477         (JSC::FTL::OSRExitDescriptor::willArriveAtExitFromIndirectExceptionCheck): Deleted.
2478         (JSC::FTL::OSRExitDescriptor::mightArriveAtOSRExitFromGenericUnwind): Deleted.
2479         (JSC::FTL::OSRExitDescriptor::mightArriveAtOSRExitFromCallOperation): Deleted.
2480         (JSC::FTL::OSRExitDescriptor::needsRegisterRecoveryOnGenericUnwindOSRExitPath): Deleted.
2481         * ftl/FTLOSRExit.h:
2482         * ftl/FTLOSRExitCompilationInfo.h:
2483         (JSC::FTL::OSRExitCompilationInfo::OSRExitCompilationInfo):
2484         * ftl/FTLOSRExitCompiler.cpp:
2485         (JSC::FTL::compileFTLOSRExit):
2486
2487 2015-11-30  Mark Lam  <mark.lam@apple.com>
2488
2489         Refactor the op_add, op_sub, and op_mul snippets to use the SnippetOperand class.
2490         https://bugs.webkit.org/show_bug.cgi?id=151678
2491
2492         Reviewed by Geoffrey Garen.
2493
2494         * dfg/DFGSpeculativeJIT.cpp:
2495         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2496         (JSC::DFG::SpeculativeJIT::compileArithSub):
2497         * ftl/FTLCompile.cpp:
2498         * jit/JITAddGenerator.cpp:
2499         (JSC::JITAddGenerator::generateFastPath):
2500         * jit/JITAddGenerator.h:
2501         (JSC::JITAddGenerator::JITAddGenerator):
2502         * jit/JITArithmetic.cpp:
2503         (JSC::JIT::emit_op_add):
2504         (JSC::JIT::emit_op_mul):
2505         (JSC::JIT::emit_op_sub):
2506         * jit/JITMulGenerator.cpp:
2507         (JSC::JITMulGenerator::generateFastPath):
2508         * jit/JITMulGenerator.h:
2509         (JSC::JITMulGenerator::JITMulGenerator):
2510         * jit/JITSubGenerator.cpp:
2511         (JSC::JITSubGenerator::generateFastPath):
2512         * jit/JITSubGenerator.h:
2513         (JSC::JITSubGenerator::JITSubGenerator):
2514         * jit/SnippetOperand.h:
2515         (JSC::SnippetOperand::isPositiveConstInt32):
2516
2517 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2518
2519         B3 stackmaps should support early clobber
2520         https://bugs.webkit.org/show_bug.cgi?id=151668
2521
2522         Reviewed by Geoffrey Garen.
2523
2524         While starting work on FTL lazy slow paths, I realized that we needed some way to say that r11 is
2525         off limits. Not just that it's clobbered, but that it cannot be used for any input values to a
2526         stackmap.
2527
2528         In LLVM we do this by having the AnyRegCC forbid r11.
2529
2530         In B3, we want something more flexible. In this and other cases, what we really want is an early
2531         clobber set. B3 already supported a late clobber set for every stackmap value. Late clobber means
2532         that the act of performing the operation will cause garbage to be written into those registers.
2533         But here we want: assume that garbage magically appears in those registers in the moment before
2534         the operation executes. Any registers in that set will be off-limits to the inputs to the
2535         stackmap. This should be great for other things, like the way the we handle exceptions.
2536
2537         For the simple r11 issue, what we want is to call the StackmapValue::clobber() method, which now
2538         means both early and late clobber. It's the weapon of choice whenever you're unsure.
2539
2540         This adds the early clobber feature, does some minor Inst refactoring to make this less scary,
2541         and adds a test. The test is simple but it's very comprehensive - for example it tests the
2542         early-clobber-after-Move special case.
2543
2544         * b3/B3StackmapSpecial.cpp:
2545         (JSC::B3::StackmapSpecial::extraClobberedRegs):
2546         (JSC::B3::StackmapSpecial::extraEarlyClobberedRegs):
2547         (JSC::B3::StackmapSpecial::forEachArgImpl):
2548         * b3/B3StackmapSpecial.h:
2549         * b3/B3StackmapValue.cpp:
2550         (JSC::B3::StackmapValue::dumpMeta):
2551         (JSC::B3::StackmapValue::StackmapValue):
2552         * b3/B3StackmapValue.h:
2553         * b3/air/AirCCallSpecial.cpp:
2554         (JSC::B3::Air::CCallSpecial::extraClobberedRegs):
2555         (JSC::B3::Air::CCallSpecial::extraEarlyClobberedRegs):
2556         (JSC::B3::Air::CCallSpecial::dumpImpl):
2557         * b3/air/AirCCallSpecial.h:
2558         * b3/air/AirInst.h:
2559         * b3/air/AirInstInlines.h:
2560         (JSC::B3::Air::Inst::extraClobberedRegs):
2561         (JSC::B3::Air::Inst::extraEarlyClobberedRegs):
2562         (JSC::B3::Air::Inst::forEachTmpWithExtraClobberedRegs):
2563         (JSC::B3::Air::Inst::reportUsedRegisters):
2564         (JSC::B3::Air::Inst::forEachDefAndExtraClobberedTmp): Deleted.
2565         * b3/air/AirIteratedRegisterCoalescing.cpp:
2566         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::IteratedRegisterCoalescingAllocator):
2567         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::build):
2568         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::allocate):
2569         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::initializeDegrees):
2570         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdges):
2571         (JSC::B3::Air::IteratedRegisterCoalescingAllocator::addEdge):
2572         (JSC::B3::Air::iteratedRegisterCoalescingOnType):
2573         (JSC::B3::Air::iteratedRegisterCoalescing):
2574         * b3/air/AirSpecial.h:
2575         * b3/air/AirSpillEverything.cpp:
2576         (JSC::B3::Air::spillEverything):
2577         * b3/testb3.cpp:
2578         (JSC::B3::testSimplePatchpointWithoutOuputClobbersGPArgs):
2579         (JSC::B3::testSimplePatchpointWithOuputClobbersGPArgs):
2580         (JSC::B3::testSimplePatchpointWithoutOuputClobbersFPArgs):
2581         (JSC::B3::testSimplePatchpointWithOuputClobbersFPArgs):
2582         (JSC::B3::testPatchpointWithEarlyClobber):
2583         (JSC::B3::testPatchpointCallArg):
2584         (JSC::B3::run):
2585         * dfg/DFGCommon.h:
2586
2587 2015-11-30  Mark Lam  <mark.lam@apple.com>
2588
2589         Snippefy op_div for the baseline JIT.
2590         https://bugs.webkit.org/show_bug.cgi?id=151607
2591
2592         Reviewed by Geoffrey Garen.
2593
2594         * CMakeLists.txt:
2595         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2596         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2597         * JavaScriptCore.xcodeproj/project.pbxproj:
2598
2599         * jit/JIT.h:
2600         * jit/JITArithmetic.cpp:
2601         (JSC::JIT::emit_op_div):
2602         (JSC::JIT::emitSlow_op_div):
2603         (JSC::JIT::compileBinaryArithOpSlowCase): Deleted.
2604
2605         * jit/JITArithmetic32_64.cpp:
2606         (JSC::JIT::emitBinaryDoubleOp):
2607         (JSC::JIT::emit_op_div): Deleted.
2608         (JSC::JIT::emitSlow_op_div): Deleted.
2609         - Removed the 32-bit specific op_div implementation.  The 64-bit version with the
2610           op_div snippet can now service both 32-bit and 64-bit.
2611  
2612         * jit/JITDivGenerator.cpp: Added.
2613         (JSC::JITDivGenerator::loadOperand):
2614         (JSC::JITDivGenerator::generateFastPath):
2615         * jit/JITDivGenerator.h: Added.
2616         (JSC::JITDivGenerator::JITDivGenerator):
2617         (JSC::JITDivGenerator::didEmitFastPath):
2618         (JSC::JITDivGenerator::endJumpList):
2619         (JSC::JITDivGenerator::slowPathJumpList):
2620  
2621         * jit/JITInlines.h:
2622         (JSC::JIT::getOperandConstantDouble): Added.
2623  
2624         * jit/SnippetOperand.h: Added.
2625         (JSC::SnippetOperand::SnippetOperand):
2626         (JSC::SnippetOperand::mightBeNumber):
2627         (JSC::SnippetOperand::definitelyIsNumber):
2628         (JSC::SnippetOperand::isConst):
2629         (JSC::SnippetOperand::isConstInt32):
2630         (JSC::SnippetOperand::isConstDouble):
2631         (JSC::SnippetOperand::asRawBits):
2632         (JSC::SnippetOperand::asConstInt32):
2633         (JSC::SnippetOperand::asConstDouble):
2634         (JSC::SnippetOperand::setConstInt32):
2635         (JSC::SnippetOperand::setConstDouble):
2636         - The SnippetOperand encapsulates operand constness, const type, and profiling
2637           information.  As a result:
2638           1. The argument list to the JITDivGenerator constructor is now more concise.
2639           2. The logic of the JITDivGenerator is now less verbose and easier to express.
2640
2641         * parser/ResultType.h:
2642         (JSC::ResultType::isInt32):
2643         (JSC::ResultType::definitelyIsNumber):
2644         (JSC::ResultType::definitelyIsString):
2645         (JSC::ResultType::definitelyIsBoolean):
2646         (JSC::ResultType::mightBeNumber):
2647         (JSC::ResultType::isNotNumber):
2648         - Made these functions const because they were always meant to be const.
2649           This also allows me to enforce constness in the SnippetOperand.
2650
2651 2015-11-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2652
2653         Fix coding style of Intl code
2654         https://bugs.webkit.org/show_bug.cgi?id=151491
2655
2656         Reviewed by Darin Adler.
2657
2658         This patch does three things:
2659         1. Rename pointers and references to ExecState from "exec" to "state".
2660         2. Pass parameters by references instead of pointers if the parameters
2661            are required.
2662         3. Remove the word "get" from the names of functions that don't return
2663            values through out arguments.
2664
2665         * runtime/IntlCollator.cpp:
2666         (JSC::IntlCollatorFuncCompare):
2667         * runtime/IntlCollatorConstructor.cpp:
2668         (JSC::initializeCollator):
2669         (JSC::constructIntlCollator):
2670         (JSC::callIntlCollator):
2671         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2672         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf):
2673         * runtime/IntlDateTimeFormat.cpp:
2674         (JSC::IntlDateTimeFormatFuncFormatDateTime):
2675         * runtime/IntlDateTimeFormatConstructor.cpp:
2676         (JSC::constructIntlDateTimeFormat):
2677         (JSC::callIntlDateTimeFormat):
2678         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2679         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf):
2680         * runtime/IntlDateTimeFormatPrototype.cpp:
2681         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2682         (JSC::IntlDateTimeFormatPrototypeGetterFormat):
2683         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions):
2684         * runtime/IntlNumberFormat.cpp:
2685         (JSC::IntlNumberFormatFuncFormatNumber):
2686         * runtime/IntlNumberFormatConstructor.cpp:
2687         (JSC::constructIntlNumberFormat):
2688         (JSC::callIntlNumberFormat):
2689         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2690         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf):
2691         * runtime/IntlNumberFormatPrototype.cpp:
2692         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2693         (JSC::IntlNumberFormatPrototypeGetterFormat):
2694         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions):
2695         * runtime/IntlObject.cpp:
2696         (JSC::intlBooleanOption):
2697         (JSC::intlStringOption):
2698         (JSC::privateUseLangTag):
2699         (JSC::canonicalLangTag):
2700         (JSC::grandfatheredLangTag):
2701         (JSC::canonicalizeLanguageTag):
2702         (JSC::canonicalizeLocaleList):
2703         (JSC::lookupSupportedLocales):
2704         (JSC::bestFitSupportedLocales):
2705         (JSC::supportedLocales):
2706         (JSC::getIntlBooleanOption): Deleted.
2707         (JSC::getIntlStringOption): Deleted.
2708         (JSC::getPrivateUseLangTag): Deleted.
2709         (JSC::getCanonicalLangTag): Deleted.
2710         (JSC::getGrandfatheredLangTag): Deleted.
2711         * runtime/IntlObject.h:
2712
2713 2015-11-30  Benjamin Poulain  <bpoulain@apple.com>
2714
2715         [JSC] Simplify the loop that remove useless Air instructions
2716         https://bugs.webkit.org/show_bug.cgi?id=151652
2717
2718         Reviewed by Andreas Kling.
2719
2720         * b3/air/AirEliminateDeadCode.cpp:
2721         (JSC::B3::Air::eliminateDeadCode):
2722         Use Vector's removeAllMatching() instead of custom code.
2723
2724         It is likely faster too since we remove few values and Vector
2725         is good at doing that.
2726
2727 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2728
2729         B3 should be be clever about choosing which child to reuse for result in two-operand commutative operations
2730         https://bugs.webkit.org/show_bug.cgi?id=151321
2731
2732         Reviewed by Geoffrey Garen.
2733
2734         When lowering a commutative operation to a two-operand instruction, you have a choice of which
2735         child value to move into the result tmp. For example we might have:
2736
2737             @x = Add(@y, @z)
2738
2739         Assuming no three-operand add is available, we could either lower it to this:
2740
2741             Move %y, %x
2742             Add %z, %x
2743
2744         or to this:
2745
2746             Move %z, %x
2747             Add %y, %x
2748
2749         Which is better depends on the likelihood of coalescing with %x. If it's more likely that %y will
2750         coalesce with %x, then we want to use the first form. Otherwise, we should use the second form.
2751
2752         This implements two heuristics for selecting the right form, and makes those heuristics reusable
2753         within the B3->Air lowering by abstracting it as preferRightForResult(). For non-commutative
2754         operations we must use the first form, so the first form is the default. The heuristics are:
2755
2756         - If the right child has only one user, then use the second form instead. This is profitable because
2757           that means that @z dies at the Add, so using the second form means that the Move will be coalesced
2758           away.
2759
2760         - If one of the children is a Phi that this operation (the Add in this case) flows into via some
2761           Upsilon - possibly transitively through other Phis - then use the form that cases a Move on that
2762           child. This overrides everything else, and is meant to optimize variables that accumulate in a
2763           loop.
2764
2765         This required adding a reusable PhiChildren analysis, so I wrote one. It has an API that is mostly
2766         based on iterators, and a higher-level API for looking at transitive children that is based on
2767         functors.
2768
2769         I was originally implementing this for completeness, but when looking at how it interacted with
2770         imaging-gaussian-blur, I realized the need for some heuristic for the loop-accumulator case. This
2771         helps a lot on that benchmark. This widens the overall lead that B3 has on imaging-gaussian-blur, but
2772         steady-state runs that exclude compile latency still show a slight deficit. That will most likely get
2773         fixed by https://bugs.webkit.org/show_bug.cgi?id=151174.
2774
2775         No new tests because the commutativity appears to be covered by existing tests, and anyway, there are
2776         no correctness implications to commuting a commutative operation.
2777
2778         * CMakeLists.txt:
2779         * JavaScriptCore.xcodeproj/project.pbxproj:
2780         * b3/B3LowerToAir.cpp:
2781         (JSC::B3::Air::LowerToAir::LowerToAir):
2782         (JSC::B3::Air::LowerToAir::canBeInternal):
2783         (JSC::B3::Air::LowerToAir::appendUnOp):
2784         (JSC::B3::Air::LowerToAir::preferRightForResult):
2785         (JSC::B3::Air::LowerToAir::appendBinOp):
2786         (JSC::B3::Air::LowerToAir::lower):
2787         * b3/B3PhiChildren.cpp: Added.
2788         (JSC::B3::PhiChildren::PhiChildren):
2789         (JSC::B3::PhiChildren::~PhiChildren):
2790         * b3/B3PhiChildren.h: Added.
2791         (JSC::B3::PhiChildren::ValueCollection::ValueCollection):
2792         (JSC::B3::PhiChildren::ValueCollection::size):
2793         (JSC::B3::PhiChildren::ValueCollection::at):
2794         (JSC::B3::PhiChildren::ValueCollection::operator[]):
2795         (JSC::B3::PhiChildren::ValueCollection::contains):
2796         (JSC::B3::PhiChildren::ValueCollection::iterator::iterator):
2797         (JSC::B3::PhiChildren::ValueCollection::iterator::operator*):
2798         (JSC::B3::PhiChildren::ValueCollection::iterator::operator++):
2799         (JSC::B3::PhiChildren::ValueCollection::iterator::operator==):
2800         (JSC::B3::PhiChildren::ValueCollection::iterator::operator!=):
2801         (JSC::B3::PhiChildren::ValueCollection::begin):
2802         (JSC::B3::PhiChildren::ValueCollection::end):
2803         (JSC::B3::PhiChildren::UpsilonCollection::UpsilonCollection):
2804         (JSC::B3::PhiChildren::UpsilonCollection::size):
2805         (JSC::B3::PhiChildren::UpsilonCollection::at):
2806         (JSC::B3::PhiChildren::UpsilonCollection::operator[]):
2807         (JSC::B3::PhiChildren::UpsilonCollection::contains):
2808         (JSC::B3::PhiChildren::UpsilonCollection::begin):
2809         (JSC::B3::PhiChildren::UpsilonCollection::end):
2810         (JSC::B3::PhiChildren::UpsilonCollection::values):
2811         (JSC::B3::PhiChildren::UpsilonCollection::forAllTransitiveIncomingValues):
2812         (JSC::B3::PhiChildren::UpsilonCollection::transitivelyUses):
2813         (JSC::B3::PhiChildren::at):
2814         (JSC::B3::PhiChildren::operator[]):
2815         * b3/B3Procedure.cpp:
2816         (JSC::B3::Procedure::Procedure):
2817         * b3/B3Procedure.h:
2818         * b3/B3UseCounts.cpp:
2819         (JSC::B3::UseCounts::UseCounts):
2820         * b3/B3UseCounts.h:
2821         (JSC::B3::UseCounts::numUses):
2822         (JSC::B3::UseCounts::numUsingInstructions):
2823         (JSC::B3::UseCounts::operator[]): Deleted.
2824
2825 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2826
2827         REGRESSION(r192812): This change seems to have broken the iOS builds (Requested by ryanhaddad on #webkit).
2828         https://bugs.webkit.org/show_bug.cgi?id=151669
2829
2830         Unreviewed, fix build.
2831
2832         * dfg/DFGCommon.h:
2833
2834 2015-11-30  Saam barati  <sbarati@apple.com>
2835
2836         implement op_get_rest_length so that we can allocate the rest array with the right size from the start
2837         https://bugs.webkit.org/show_bug.cgi?id=151467
2838
2839         Reviewed by Geoffrey Garen and Mark Lam.
2840
2841         This patch implements op_get_rest_length which returns the length
2842         that the rest parameter array will be. We're implementing this because
2843         it might be a constant value in the presence of inlining in the DFG.
2844         We will take advantage of this optimization opportunity in a future patch:
2845         https://bugs.webkit.org/show_bug.cgi?id=151454
2846         to emit better code for op_copy_rest.
2847
2848         op_get_rest_length has two operands: 
2849         1) a destination
2850         2) A constant indicating the number of parameters to skip when copying the rest array.
2851
2852         op_get_rest_length lowers to a JSConstant node when we're inlined
2853         and not a varargs call (in this case, we statically know the arguments
2854         length). When that condition isn't met, we lower op_get_rest_length to 
2855         GetRestArray. GetRestArray produces its result as an int32.
2856
2857         * bytecode/BytecodeList.json:
2858         * bytecode/BytecodeUseDef.h:
2859         (JSC::computeUsesForBytecodeOffset):
2860         (JSC::computeDefsForBytecodeOffset):
2861         * bytecode/CodeBlock.cpp:
2862         (JSC::CodeBlock::dumpBytecode):
2863         * bytecompiler/BytecodeGenerator.cpp:
2864         (JSC::BytecodeGenerator::emitNewArray):
2865         (JSC::BytecodeGenerator::emitNewArrayWithSize):
2866         (JSC::BytecodeGenerator::emitNewFunction):
2867         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2868         (JSC::BytecodeGenerator::emitRestParameter):
2869         * bytecompiler/BytecodeGenerator.h:
2870         * bytecompiler/NodesCodegen.cpp:
2871         (JSC::RestParameterNode::emit):
2872         * dfg/DFGAbstractInterpreterInlines.h:
2873         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2874         * dfg/DFGByteCodeParser.cpp:
2875         (JSC::DFG::ByteCodeParser::parseBlock):
2876         * dfg/DFGCapabilities.cpp:
2877         (JSC::DFG::capabilityLevel):
2878         * dfg/DFGClobberize.h:
2879         (JSC::DFG::clobberize):
2880         * dfg/DFGDoesGC.cpp:
2881         (JSC::DFG::doesGC):
2882         * dfg/DFGFixupPhase.cpp:
2883         (JSC::DFG::FixupPhase::fixupNode):
2884         * dfg/DFGMayExit.cpp:
2885         (JSC::DFG::mayExit):
2886         * dfg/DFGNode.h:
2887         (JSC::DFG::Node::numberOfArgumentsToSkip):
2888         * dfg/DFGNodeType.h:
2889         * dfg/DFGOperations.cpp:
2890         * dfg/DFGOperations.h:
2891         * dfg/DFGPredictionPropagationPhase.cpp:
2892         (JSC::DFG::PredictionPropagationPhase::propagate):
2893         * dfg/DFGSafeToExecute.h:
2894         (JSC::DFG::safeToExecute):
2895         * dfg/DFGSpeculativeJIT.cpp:
2896         (JSC::DFG::SpeculativeJIT::compileCopyRest):
2897         (JSC::DFG::SpeculativeJIT::compileGetRestLength):
2898         (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
2899         * dfg/DFGSpeculativeJIT.h:
2900         (JSC::DFG::SpeculativeJIT::callOperation):
2901         * dfg/DFGSpeculativeJIT32_64.cpp:
2902         (JSC::DFG::SpeculativeJIT::compile):
2903         * dfg/DFGSpeculativeJIT64.cpp:
2904         (JSC::DFG::SpeculativeJIT::compile):
2905         * ftl/FTLCapabilities.cpp:
2906         (JSC::FTL::canCompile):
2907         * ftl/FTLLowerDFGToLLVM.cpp:
2908         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2909         (JSC::FTL::DFG::LowerDFGToLLVM::compileCopyRest):
2910         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetRestLength):
2911         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewObject):
2912         * jit/JIT.cpp:
2913         (JSC::JIT::privateCompileMainPass):
2914         * jit/JIT.h:
2915         * jit/JITOpcodes.cpp:
2916         (JSC::JIT::emit_op_copy_rest):
2917         (JSC::JIT::emit_op_get_rest_length):
2918         * llint/LowLevelInterpreter.asm:
2919         * llint/LowLevelInterpreter32_64.asm:
2920         * llint/LowLevelInterpreter64.asm:
2921         * runtime/CommonSlowPaths.cpp:
2922         (JSC::SLOW_PATH_DECL):
2923
2924 2015-11-30  Filip Pizlo  <fpizlo@apple.com>
2925
2926         MacroAssembler needs an API for disabling scratch registers
2927         https://bugs.webkit.org/show_bug.cgi?id=151010
2928
2929         Reviewed by Saam Barati and Michael Saboff.
2930
2931         This adds two scope classes, DisallowMacroScratchRegisterUsage and
2932         AllowMacroScratchRegisterUsage. The default is that the scratch registers are enabled. Air
2933         disables them before generation.
2934
2935         Henceforth the pattern inside B3 stackmap generator callbacks will be that you can only use
2936         AllowMacroScratchRegisterUsage if you've either supplied the scratch register as a clobbered
2937         register and arranged for all of the stackmap values to be late uses, or you're writing a test
2938         and you're OK with it being fragile with respect to scratch registers. The latter holds in most
2939         of testb3.
2940
2941         * JavaScriptCore.xcodeproj/project.pbxproj:
2942         * assembler/AbstractMacroAssembler.h:
2943         (JSC::optimizeForX86):
2944         (JSC::AbstractMacroAssembler::setTempRegisterValid):
2945         * assembler/AllowMacroScratchRegisterUsage.h: Added.
2946         (JSC::AllowMacroScratchRegisterUsage::AllowMacroScratchRegisterUsage):
2947         (JSC::AllowMacroScratchRegisterUsage::~AllowMacroScratchRegisterUsage):
2948         * assembler/DisallowMacroScratchRegisterUsage.h: Added.
2949         (JSC::DisallowMacroScratchRegisterUsage::DisallowMacroScratchRegisterUsage):
2950         (JSC::DisallowMacroScratchRegisterUsage::~DisallowMacroScratchRegisterUsage):
2951         * assembler/MacroAssemblerX86Common.h:
2952         (JSC::MacroAssemblerX86Common::scratchRegister):
2953         (JSC::MacroAssemblerX86Common::loadDouble):
2954         (JSC::MacroAssemblerX86Common::branchConvertDoubleToInt32):
2955         * assembler/MacroAssemblerX86_64.h:
2956         (JSC::MacroAssemblerX86_64::add32):
2957         (JSC::MacroAssemblerX86_64::and32):
2958         (JSC::MacroAssemblerX86_64::or32):
2959         (JSC::MacroAssemblerX86_64::sub32):
2960         (JSC::MacroAssemblerX86_64::load8):
2961         (JSC::MacroAssemblerX86_64::addDouble):
2962         (JSC::MacroAssemblerX86_64::convertInt32ToDouble):
2963         (JSC::MacroAssemblerX86_64::store32):
2964         (JSC::MacroAssemblerX86_64::store8):
2965         (JSC::MacroAssemblerX86_64::callWithSlowPathReturnType):
2966         (JSC::MacroAssemblerX86_64::call):
2967         (JSC::MacroAssemblerX86_64::jump):
2968         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
2969         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
2970         (JSC::MacroAssemblerX86_64::branchAdd32):
2971         (JSC::MacroAssemblerX86_64::add64):
2972         (JSC::MacroAssemblerX86_64::addPtrNoFlags):
2973         (JSC::MacroAssemblerX86_64::and64):
2974         (JSC::MacroAssemblerX86_64::lshift64):
2975         (JSC::MacroAssemblerX86_64::or64):
2976         (JSC::MacroAssemblerX86_64::sub64):
2977         (JSC::MacroAssemblerX86_64::store64):
2978         (JSC::MacroAssemblerX86_64::store64WithAddressOffsetPatch):
2979         (JSC::MacroAssemblerX86_64::branch64):
2980         (JSC::MacroAssemblerX86_64::branchPtr):
2981         (JSC::MacroAssemblerX86_64::branchTest64):
2982         (JSC::MacroAssemblerX86_64::test64):
2983         (JSC::MacroAssemblerX86_64::branchPtrWithPatch):
2984         (JSC::MacroAssemblerX86_64::branch32WithPatch):
2985         (JSC::MacroAssemblerX86_64::storePtrWithPatch):
2986         (JSC::MacroAssemblerX86_64::branch8):
2987         (JSC::MacroAssemblerX86_64::branchTest8):
2988         (JSC::MacroAssemblerX86_64::convertInt64ToDouble):
2989         (JSC::MacroAssemblerX86_64::readCallTarget):
2990         (JSC::MacroAssemblerX86_64::haveScratchRegisterForBlinding):
2991         (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
2992         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranchPtrWithPatch):
2993         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranch32WithPatch):
2994         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranchPtrWithPatch):
2995         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranch32WithPatch):
2996         (JSC::MacroAssemblerX86_64::revertJumpReplacementToBranchPtrWithPatch):
2997         (JSC::MacroAssemblerX86_64::repatchCall):
2998         (JSC::MacroAssemblerX86_64::add64AndSetFlags):
2999         * b3/air/AirGenerate.cpp:
3000         (JSC::B3::Air::generate):
3001         * b3/testb3.cpp:
3002         (JSC::B3::testSimplePatchpoint):
3003         (JSC::B3::testSimplePatchpointWithoutOuputClobbersGPArgs):
3004         (JSC::B3::testSimplePatchpointWithOuputClobbersGPArgs):
3005         (JSC::B3::testSimplePatchpointWithoutOuputClobbersFPArgs):
3006         (JSC::B3::testSimplePatchpointWithOuputClobbersFPArgs):
3007         (JSC::B3::testPatchpointCallArg):
3008         (JSC::B3::testPatchpointFixedRegister):
3009         (JSC::B3::testPatchpointAny):
3010         (JSC::B3::testPatchpointAnyImm):
3011         (JSC::B3::testSimpleCheck):
3012         (JSC::B3::testCheckLessThan):
3013         (JSC::B3::testCheckMegaCombo):
3014         (JSC::B3::testCheckAddImm):
3015         (JSC::B3::testCheckAddImmCommute):
3016         (JSC::B3::testCheckAddImmSomeRegister):
3017         (JSC::B3::testCheckAdd):
3018         (JSC::B3::testCheckAdd64):
3019         (JSC::B3::testCheckAddFoldFail):
3020         (JSC::B3::testCheckSubImm):
3021         (JSC::B3::testCheckSubBadImm):
3022         (JSC::B3::testCheckSub):
3023         (JSC::B3::testCheckSub64):
3024         (JSC::B3::testCheckSubFoldFail):
3025         (JSC::B3::testCheckNeg):
3026         (JSC::B3::testCheckNeg64):
3027         (JSC::B3::testCheckMul):
3028         (JSC::B3::testCheckMulMemory):
3029         (JSC::B3::testCheckMul2):
3030         (JSC::B3::testCheckMul64):
3031         (JSC::B3::testCheckMulFoldFail):
3032         (JSC::B3::genericTestCompare):
3033         * dfg/DFGCommon.h:
3034         * jit/GPRInfo.h:
3035         (JSC::GPRInfo::toRegister):
3036         (JSC::GPRInfo::reservedRegisters):
3037
3038 2015-11-26  Mark Lam  <mark.lam@apple.com>
3039
3040         [ARM64] stress/op_div.js is failing on some divide by 0 cases.
3041         https://bugs.webkit.org/show_bug.cgi?id=151515
3042
3043         Reviewed by Saam Barati.
3044
3045         * dfg/DFGSpeculativeJIT.cpp:
3046         (JSC::DFG::SpeculativeJIT::compileArithDiv):
3047         - Added a check for the divide by zero case.
3048         * tests/stress/op_div.js:
3049         - Un-skipped the test.
3050
3051 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3052
3053         [cmake] Add testb3 to the build system
3054         https://bugs.webkit.org/show_bug.cgi?id=151619
3055
3056         Reviewed by Gyuyoung Kim.
3057
3058         * shell/CMakeLists.txt:
3059
3060 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3061
3062         Use mark pragmas only if it is supported
3063         https://bugs.webkit.org/show_bug.cgi?id=151621
3064
3065         Reviewed by Mark Lam.
3066
3067         * b3/air/AirIteratedRegisterCoalescing.cpp:
3068
3069 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3070
3071         Fix the ENABLE(B3_JIT) build with GCC in B3Procedure.h
3072         https://bugs.webkit.org/show_bug.cgi?id=151620
3073
3074         Reviewed by Mark Lam.
3075
3076         * b3/B3Procedure.h:
3077
3078 2015-11-27  Csaba Osztrogonác  <ossy@webkit.org>
3079
3080         [cmake] Add new B3 source files to the build system
3081         https://bugs.webkit.org/show_bug.cgi?id=151618
3082
3083         Reviewed by Gyuyoung Kim.
3084
3085         * CMakeLists.txt:
3086
3087 2015-11-26  Carlos Garcia Campos  <cgarcia@igalia.com>
3088
3089         [GLIB] Implement garbage collector timers
3090         https://bugs.webkit.org/show_bug.cgi?id=151391
3091
3092         Reviewed by Žan Doberšek.
3093
3094         Add GLib implementation using GSource.
3095
3096         * heap/EdenGCActivityCallback.cpp:
3097         * heap/FullGCActivityCallback.cpp:
3098         * heap/GCActivityCallback.cpp:
3099         (JSC::GCActivityCallback::GCActivityCallback):
3100         (JSC::GCActivityCallback::scheduleTimer):
3101         (JSC::GCActivityCallback::cancelTimer):
3102         * heap/GCActivityCallback.h:
3103         * heap/Heap.cpp:
3104         (JSC::Heap::Heap):
3105         * heap/HeapTimer.cpp:
3106         (JSC::HeapTimer::HeapTimer):
3107         (JSC::HeapTimer::~HeapTimer):
3108         (JSC::HeapTimer::timerDidFire):
3109         * heap/HeapTimer.h:
3110         * heap/IncrementalSweeper.cpp:
3111         (JSC::IncrementalSweeper::IncrementalSweeper):
3112         (JSC::IncrementalSweeper::scheduleTimer):
3113         (JSC::IncrementalSweeper::cancelTimer):
3114         * heap/IncrementalSweeper.h:
3115
3116 2015-11-24  Caitlin Potter  <caitp@igalia.com>
3117
3118         [JSC] support Computed Property Names in destructuring Patterns
3119         https://bugs.webkit.org/show_bug.cgi?id=151494
3120
3121         Reviewed by Saam Barati.
3122
3123         Add support for computed property names in destructuring BindingPatterns
3124         and AssignmentPatterns.
3125
3126         Productions BindingProperty(1) and AssignmentProperty(2) allow for any valid
3127         PropertName(3), including ComputedPropertyName(4)
3128
3129         1: http://tc39.github.io/ecma262/#prod-BindingProperty
3130         2: http://tc39.github.io/ecma262/#prod-AssignmentProperty
3131         3: http://tc39.github.io/ecma262/#prod-PropertyName
3132         4: http://tc39.github.io/ecma262/#prod-ComputedPropertyName
3133
3134         * bytecompiler/NodesCodegen.cpp:
3135         (JSC::ObjectPatternNode::bindValue):
3136         * parser/ASTBuilder.h:
3137         (JSC::ASTBuilder::appendObjectPatternEntry):
3138         * parser/Nodes.h:
3139         (JSC::ObjectPatternNode::appendEntry):
3140         * parser/Parser.cpp:
3141         (JSC::Parser<LexerType>::parseDestructuringPattern):
3142         * parser/SyntaxChecker.h:
3143         (JSC::SyntaxChecker::operatorStackPop):
3144         * tests/es6.yaml:
3145         * tests/es6/destructuring_assignment_computed_properties.js: Added.
3146         (test):
3147         (test.computeName):
3148         (test.loadValue):
3149         (test.out.get a):
3150         (test.out.set a):
3151         (test.out.get b):
3152         (test.out.set b):
3153         (test.out.get c):
3154         (test.out.set c):
3155         (test.get var):
3156
3157 2015-11-24  Commit Queue  <commit-queue@webkit.org>
3158
3159         Unreviewed, rolling out r192536, r192722, and r192743.
3160         https://bugs.webkit.org/show_bug.cgi?id=151593
3161
3162         Still causing trouble. (Requested by kling on #webkit).
3163
3164         Reverted changesets:
3165
3166         "[JSC] JSPropertyNameEnumerator could be destructorless."
3167         https://bugs.webkit.org/show_bug.cgi?id=151242
3168         http://trac.webkit.org/changeset/192536
3169
3170         "REGRESSION(r192536): Null pointer dereference in
3171         JSPropertyNameEnumerator::visitChildren()."
3172         https://bugs.webkit.org/show_bug.cgi?id=151495
3173         http://trac.webkit.org/changeset/192722
3174
3175         "REGRESSION(r192536): Null pointer dereference in
3176         JSPropertyNameEnumerator::visitChildren()."
3177         https://bugs.webkit.org/show_bug.cgi?id=151495
3178         http://trac.webkit.org/changeset/192743
3179
3180 2015-11-23  Brian Burg  <bburg@apple.com>
3181
3182         Unreviewed, fix the Mac CMake build after r192793.
3183
3184         * PlatformMac.cmake:
3185
3186 2015-11-20  Brian Burg  <bburg@apple.com>
3187
3188         Web Inspector: RemoteInspector should track targets and connections for remote automation
3189         https://bugs.webkit.org/show_bug.cgi?id=151042
3190
3191         Reviewed by Joseph Pecoraro.
3192
3193         Refactor RemoteInspector so it can be used to send listings of different target types.
3194         First, rename Debuggable to RemoteInspectionTarget, and pull things not specific to
3195         remote inspection into the base class RemoteControllableTarget and its Connection class.
3196
3197         Add a new RemoteControllableTarget called RemoteAutomationTarget, used by UIProcess
3198         to support remote UI automation via webinspectord. On the protocol side, this target
3199         uses a new WIRTypeKey called WIRTypeAutomation to distiguish the listing from
3200         Web and JavaScript listings and avoid inventing a new listing mechanism.
3201
3202         * API/JSContextRef.cpp:
3203         (JSGlobalContextGetDebuggerRunLoop):
3204         (JSGlobalContextSetDebuggerRunLoop):
3205         * JavaScriptCore.xcodeproj/project.pbxproj:
3206         * inspector/InspectorFrontendChannel.h:
3207         * inspector/remote/RemoteAutomationTarget.cpp: Added.
3208         (Inspector::RemoteAutomationTarget::setAutomationAllowed): Added.
3209         * inspector/remote/RemoteAutomationTarget.h: Added.
3210         * inspector/remote/RemoteConnectionToTarget.h: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggableConnection.h.
3211         (Inspector::RemoteTargetBlock::RemoteTargetBlock):
3212         (Inspector::RemoteTargetBlock::~RemoteTargetBlock):
3213         (Inspector::RemoteTargetBlock::operator=):
3214         (Inspector::RemoteTargetBlock::operator()):
3215         * inspector/remote/RemoteConnectionToTarget.mm: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggableConnection.mm.
3216         (Inspector::RemoteTargetHandleRunSourceGlobal):
3217         (Inspector::RemoteTargetQueueTaskOnGlobalQueue):
3218         (Inspector::RemoteTargetInitializeGlobalQueue):
3219         (Inspector::RemoteTargetHandleRunSourceWithInfo):
3220         (Inspector::RemoteConnectionToTarget::RemoteConnectionToTarget):
3221         (Inspector::RemoteConnectionToTarget::~RemoteConnectionToTarget):
3222         (Inspector::RemoteConnectionToTarget::destination):
3223         (Inspector::RemoteConnectionToTarget::connectionIdentifier):
3224         (Inspector::RemoteConnectionToTarget::dispatchAsyncOnTarget):
3225         (Inspector::RemoteConnectionToTarget::setup):
3226         (Inspector::RemoteConnectionToTarget::targetClosed):
3227         (Inspector::RemoteConnectionToTarget::close):
3228         (Inspector::RemoteConnectionToTarget::sendMessageToTarget):
3229         (Inspector::RemoteConnectionToTarget::sendMessageToFrontend):
3230         (Inspector::RemoteConnectionToTarget::setupRunLoop):
3231         (Inspector::RemoteConnectionToTarget::teardownRunLoop):
3232         (Inspector::RemoteConnectionToTarget::queueTaskOnPrivateRunLoop):
3233         * inspector/remote/RemoteControllableTarget.cpp: Added.
3234         (Inspector::RemoteControllableTarget::~RemoteControllableTarget):
3235         (Inspector::RemoteControllableTarget::init):
3236         (Inspector::RemoteControllableTarget::update):
3237         * inspector/remote/RemoteControllableTarget.h: Added.
3238         * inspector/remote/RemoteInspectionTarget.cpp: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggable.cpp.
3239         (Inspector::RemoteInspectionTarget::remoteControlAllowed):
3240         (Inspector::RemoteInspectionTarget::setRemoteDebuggingAllowed):
3241         (Inspector::RemoteInspectionTarget::pauseWaitingForAutomaticInspection):
3242         (Inspector::RemoteInspectionTarget::unpauseForInitializedInspector):
3243         * inspector/remote/RemoteInspectionTarget.h: Renamed from Source/JavaScriptCore/inspector/remote/RemoteInspectorDebuggable.h.
3244         (isType):
3245         * inspector/remote/RemoteInspector.h:
3246
3247             Code to manage Debuggables now works with RemoteControllableTargets and doesn't
3248             care whether the target is for Inspection or Automation. Listing data with target-
3249             and type-specific information are captured when clients call into RemoteInspector
3250             since that's the easiest time to gather this information on the right thread.
3251             Use the is<> / downcast<> machinery when we need a concrete Target type.
3252
3253         * inspector/remote/RemoteInspector.mm:
3254         (Inspector::RemoteInspector::nextAvailableIdentifier):
3255         (Inspector::RemoteInspector::registerTarget): renamed from registerDebuggable.
3256         (Inspector::RemoteInspector::unregisterTarget): renamed from unregisterDebuggable.
3257         (Inspector::RemoteInspector::updateTarget): renamed from updateDebuggable.
3258         (Inspector::RemoteInspector::updateAutomaticInspectionCandidate):
3259         (Inspector::RemoteInspector::sendMessageToRemote):
3260         (Inspector::RemoteInspector::setupFailed):
3261         (Inspector::RemoteInspector::stopInternal):
3262         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
3263         (Inspector::RemoteInspector::xpcConnectionFailed):
3264         (Inspector::RemoteInspector::listingForTarget):
3265         (Inspector::RemoteInspector::listingForInspectionTarget):
3266         (Inspector::RemoteInspector::listingForAutomationTarget):
3267         (Inspector::RemoteInspector::pushListingsNow):
3268         (Inspector::RemoteInspector::pushListingsSoon):
3269         (Inspector::RemoteInspector::receivedSetupMessage):
3270         (Inspector::RemoteInspector::receivedDataMessage):
3271         (Inspector::RemoteInspector::receivedDidCloseMessage):
3272         (Inspector::RemoteInspector::receivedGetListingMessage):
3273         (Inspector::RemoteInspector::receivedIndicateMessage):
3274         (Inspector::RemoteInspector::receivedConnectionDiedMessage):
3275         (Inspector::RemoteInspector::RemoteInspector): Deleted.
3276         (Inspector::RemoteInspector::registerDebuggable): Deleted.
3277         (Inspector::RemoteInspector::unregisterDebuggable): Deleted.
3278         (Inspector::RemoteInspector::updateDebuggable): Deleted.
3279         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
3280         (Inspector::RemoteInspector::sendMessageToRemoteFrontend): Deleted.
3281         (Inspector::RemoteInspector::listingForDebuggable): Deleted.
3282         (Inspector::RemoteInspector::pushListingNow): Deleted.
3283         (Inspector::RemoteInspector::pushListingSoon): Deleted.
3284         * inspector/remote/RemoteInspectorConstants.h:
3285         * runtime/JSGlobalObjectDebuggable.cpp:
3286         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemote):
3287         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
3288         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend): Deleted.
3289         * runtime/JSGlobalObjectDebuggable.h:
3290
3291 2015-11-23  Brian Burg  <bburg@apple.com>
3292
3293         Rename JavaScriptCore builtins files to match exposed object names
3294         https://bugs.webkit.org/show_bug.cgi?id=151549
3295
3296         Reviewed by Youenn Fablet.
3297
3298         As a subtask of unifying code generation for WebCore and JSC builtins, we need to get rid of
3299         differences between builtins filenames (e.g., Promise.prototype.js) and the name of the
3300         generated Builtin object (PromisePrototype).
3301
3302         If we don't do this, then both build systems need special hacks to normalize the object name
3303         from the file name. It's easier to just normalize the filename.
3304
3305         * CMakeLists.txt:
3306         * DerivedSources.make:
3307         * JavaScriptCore.xcodeproj/project.pbxproj:
3308         * builtins/ArrayIteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/ArrayIterator.prototype.js.
3309         * builtins/ArrayPrototype.js: Renamed from Source/JavaScriptCore/builtins/Array.prototype.js.
3310         * builtins/FunctionPrototype.js: Renamed from Source/JavaScriptCore/builtins/Function.prototype.js.
3311         * builtins/IteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/Iterator.prototype.js.
3312         * builtins/PromiseOperations.js: Renamed from Source/JavaScriptCore/builtins/Operations.Promise.js.
3313         * builtins/PromisePrototype.js: Renamed from Source/JavaScriptCore/builtins/Promise.prototype.js.
3314         * builtins/StringIteratorPrototype.js: Renamed from Source/JavaScriptCore/builtins/StringIterator.prototype.js.
3315         * builtins/TypedArrayPrototype.js: Renamed from Source/JavaScriptCore/builtins/TypedArray.prototype.js.
3316
3317 2015-11-23  Andreas Kling  <akling@apple.com>
3318
3319         REGRESSION(r192536): Null pointer dereference in JSPropertyNameEnumerator::visitChildren().
3320         <https://webkit.org/b/151495>
3321
3322         Reviewed by Mark Lam
3323
3324         The test I added when fixing this bug the first time caught another bug when
3325         run on 32-bit: jsString() can also cause GC, so we have to make sure that
3326         JSPropertyNameEnumerator::m_propertyNames is null until after the array it
3327         points to has been populated.
3328
3329         Test: property-name-enumerator-gc-151495.js
3330
3331         * runtime/JSPropertyNameEnumerator.cpp:
3332         (JSC::JSPropertyNameEnumerator::finishCreation):
3333
3334 == Rolled over to ChangeLog-2015-11-21 ==