Replace PassRef with Ref/Ref&& across the board.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-12-14  Andreas Kling  <akling@apple.com>
2
3         Replace PassRef with Ref/Ref&& across the board.
4         <https://webkit.org/b/139587>
5
6         Reviewed by Darin Adler.
7
8         * runtime/Identifier.cpp:
9         (JSC::Identifier::add):
10         (JSC::Identifier::add8):
11         * runtime/Identifier.h:
12         (JSC::Identifier::add):
13         * runtime/IdentifierInlines.h:
14         (JSC::Identifier::add):
15
16 2014-12-12  Matthew Mirman  <mmirman@apple.com>
17
18         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
19         https://bugs.webkit.org/show_bug.cgi?id=139598
20         <rdar://problem/18779367>
21
22         Reviewed by Filip Pizlo.
23
24         * runtime/JSArray.cpp:
25         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
26         * tests/stress/sparse_splice.js: Added.
27
28 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
29
30         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
31         https://bugs.webkit.org/show_bug.cgi?id=139532
32
33         Reviewed by Mark Lam.
34
35         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
36
37         * builtins/BuiltinExecutables.h:
38         * bytecode/CodeBlock.h:
39         * bytecode/UnlinkedCodeBlock.cpp:
40         (JSC::generateFunctionCodeBlock):
41         * ftl/FTLAbstractHeap.cpp:
42         (JSC::FTL::IndexedAbstractHeap::atSlow):
43         * ftl/FTLAbstractHeap.h:
44         * ftl/FTLCompile.cpp:
45         (JSC::FTL::mmAllocateDataSection):
46         * ftl/FTLJITFinalizer.h:
47         * jsc.cpp:
48         (jscmain):
49         * parser/Lexer.h:
50         * runtime/PropertyMapHashTable.h:
51         (JSC::PropertyTable::clearDeletedOffsets):
52         (JSC::PropertyTable::addDeletedOffset):
53         * runtime/PropertyTable.cpp:
54         (JSC::PropertyTable::PropertyTable):
55         * runtime/RegExpObject.cpp:
56         * runtime/SmallStrings.cpp:
57         * runtime/Structure.cpp:
58         * runtime/StructureIDTable.cpp:
59         (JSC::StructureIDTable::StructureIDTable):
60         (JSC::StructureIDTable::resize):
61         * runtime/StructureIDTable.h:
62         * runtime/StructureTransitionTable.h:
63         * runtime/VM.cpp:
64         (JSC::VM::VM):
65         (JSC::VM::~VM):
66         * runtime/VM.h:
67         * tools/CodeProfile.h:
68         (JSC::CodeProfile::CodeProfile):
69         (JSC::CodeProfile::addChild):
70
71 2014-12-11  Dan Bernstein  <mitz@apple.com>
72
73         iOS Simulator production build fix.
74
75         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
76         Simulator, as we did prior to 177027.
77
78 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
79
80         Explicitly export somre more RWIProtocol classes.
81         rdar://problem/19220408
82
83         Unreviewed build fix.
84
85         * inspector/scripts/codegen/generate_objc_configuration_header.py:
86         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
87         * inspector/scripts/codegen/generate_objc_header.py:
88         (ObjCHeaderGenerator._generate_event_interfaces):
89         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
90         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
91         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
92         * inspector/scripts/tests/expected/enum-values.json-result:
93         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
94         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
95         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
96         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
97         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
98         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
99         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
100         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
101         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
102
103 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
104
105         Explicitly export some RWIProtocol classes
106         rdar://problem/19220408
107
108         * inspector/scripts/codegen/generate_objc_header.py:
109         (ObjCHeaderGenerator._generate_type_interface):
110         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
111         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
112         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
113         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
114         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
115         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
116         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
117
118 2014-12-11  Mark Lam  <mark.lam@apple.com>
119
120         Fix broken build after r177146.
121         https://bugs.webkit.org/show_bug.cgi?id=139533 
122
123         Not reviewed.
124
125         * interpreter/CallFrame.h:
126         (JSC::ExecState::init):
127         - Restored CallFrame::init() minus the unused JSScope* arg.
128         * runtime/JSGlobalObject.cpp:
129         (JSC::JSGlobalObject::init):
130         - Remove JSScope* arg when calling CallFrame::init().
131
132 2014-12-11  Michael Saboff  <msaboff@apple.com>
133
134         REGRESSION: Use of undefined CallFrame::ScopeChain value
135         https://bugs.webkit.org/show_bug.cgi?id=139533
136
137         Reviewed by Mark Lam.
138
139         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
140         all usages of these funcitons.  In some cases the scope is passed in or determined
141         another way.  In some cases the scope is used to calculate other values.  Lastly
142         were places where these functions where used that are no longer needed.  For
143         example when making a call, the caller's ScopeChain was copied to the callee's
144         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
145         That slot will be removed in a future patch.
146
147         * dfg/DFGByteCodeParser.cpp:
148         (JSC::DFG::ByteCodeParser::parseBlock):
149         * dfg/DFGSpeculativeJIT32_64.cpp:
150         (JSC::DFG::SpeculativeJIT::compile):
151         * dfg/DFGSpeculativeJIT64.cpp:
152         (JSC::DFG::SpeculativeJIT::compile):
153         * dfg/DFGSpeculativeJIT.h:
154         (JSC::DFG::SpeculativeJIT::callOperation):
155         * jit/JIT.h:
156         * jit/JITInlines.h:
157         (JSC::JIT::callOperation):
158         * runtime/JSLexicalEnvironment.h:
159         (JSC::JSLexicalEnvironment::create):
160         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
161         * jit/JITOpcodes.cpp:
162         (JSC::JIT::emit_op_create_lexical_environment):
163         * jit/JITOpcodes32_64.cpp:
164         (JSC::JIT::emit_op_create_lexical_environment):
165         * jit/JITOperations.cpp:
166         * jit/JITOperations.h:
167         * llint/LLIntSlowPaths.cpp:
168         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
169         (JSC::LLInt::handleHostCall):
170         (JSC::LLInt::setUpCall):
171         (JSC::LLInt::llint_throw_stack_overflow_error):
172         Pass the current scope value to the helper operationCreateActivation() and
173         the call to JSLexicalEnvironment::create() instead of using the stack frame
174         scope chain value.
175
176         * dfg/DFGFixupPhase.cpp:
177         (JSC::DFG::FixupPhase::fixupNode):
178         CreateActivation now has a second child, the scope.
179
180         * interpreter/CallFrame.h:
181         (JSC::ExecState::init): Deleted.  This is dead code.
182         (JSC::ExecState::scope): Deleted.
183         (JSC::ExecState::setScope): Deleted.
184
185         * interpreter/Interpreter.cpp:
186         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
187         chain slot.  
188         
189         (JSC::Interpreter::execute):
190         (JSC::Interpreter::executeCall):
191         (JSC::Interpreter::executeConstruct):
192         Changed process to find JSScope values on the stack or by some other means.
193
194         * runtime/JSWithScope.h:
195         (JSC::JSWithScope::JSWithScope): Deleted.
196         Eliminated unused constructor.
197
198         * runtime/StrictEvalActivation.cpp:
199         (JSC::StrictEvalActivation::StrictEvalActivation):
200         * runtime/StrictEvalActivation.h:
201         (JSC::StrictEvalActivation::create):
202         Changed to pass in the current scope.
203
204 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
205
206         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
207         https://bugs.webkit.org/show_bug.cgi?id=139351
208
209         Reviewed by Filip Pizlo.
210
211         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
212
213         * bytecode/SamplingTool.h:
214         (JSC::SamplingTool::SamplingTool):
215         * heap/CopiedBlock.h:
216         (JSC::CopiedBlock::didSurviveGC):
217         (JSC::CopiedBlock::pin):
218         * heap/CopiedBlockInlines.h:
219         (JSC::CopiedBlock::reportLiveBytes):
220         * heap/GCActivityCallback.h:
221         * heap/GCThread.cpp:
222         * heap/Heap.h:
223         * heap/HeapInlines.h:
224         (JSC::Heap::markListSet):
225         * jit/ExecutableAllocator.cpp:
226         * jit/JIT.cpp:
227         (JSC::JIT::privateCompile):
228         * jit/JIT.h:
229         * jit/JITThunks.cpp:
230         (JSC::JITThunks::JITThunks):
231         (JSC::JITThunks::clearHostFunctionStubs):
232         * jit/JITThunks.h:
233         * parser/Parser.cpp:
234         (JSC::Parser<LexerType>::Parser):
235         * parser/Parser.h:
236         (JSC::Scope::Scope):
237         (JSC::Scope::pushLabel):
238         * parser/ParserArena.cpp:
239         * parser/ParserArena.h:
240         (JSC::ParserArena::identifierArena):
241         * parser/SourceProviderCache.h:
242         * runtime/CodeCache.h:
243         * runtime/Executable.h:
244         * runtime/JSArray.cpp:
245         (JSC::JSArray::sortVector):
246         * runtime/JSGlobalObject.h:
247
248 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
249
250         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
251         https://bugs.webkit.org/show_bug.cgi?id=139501
252
253         Reviewed by Gavin Barraclough.
254
255         NSVersionOfLinkTimeLibrary only works if you link directly against
256         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
257
258         It's easy enough just to disable this check on Apple TV, since it has no
259         backwards compatibility requirement.
260
261         * API/JSWrapperMap.mm:
262         (supportsInitMethodConstructors):
263
264 2014-12-10  Matthew Mirman  <mmirman@apple.com>
265
266         Fixes operationPutByIds such that they check that the put didn't
267         change the structure of the object who's property access is being
268         cached.
269         https://bugs.webkit.org/show_bug.cgi?id=139196
270
271         Reviewed by Filip Pizlo.
272
273         * jit/JITOperations.cpp:
274         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
275         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
276         (JSC::operationPutByIdNonStrictBuildList): ditto.
277         (JSC::operationPutByIdDirectStrictBuildList): ditto.
278         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
279         * jit/Repatch.cpp:
280         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
281         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
282         is the same as the new.
283         (JSC::buildPutByIdList): Added an argument
284         * jit/Repatch.h: 
285         (JSC::buildPutByIdList): Added an argument
286         * tests/stress/put-by-id-strict-build-list-order.js: Added.
287
288 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
289
290         URTBF after r177030.
291
292         Fix linking failure occured on ARM buildbots:
293         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
294
295         * runtime/NullGetterFunction.cpp:
296
297 2014-12-09  Michael Saboff  <msaboff@apple.com>
298
299         DFG Tries using an inner object's getter/setter when one hasn't been defined
300         https://bugs.webkit.org/show_bug.cgi?id=139229
301
302         Reviewed by Filip Pizlo.
303
304         Added a new NullGetterFunction singleton class to use for getters and setters that
305         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
306         and createReturnUndefined() methods return undefined.  Changed all null checks of the
307         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
308         helper methods.  
309
310         * CMakeLists.txt:
311         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
312         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
313         * JavaScriptCore.xcodeproj/project.pbxproj:
314         Added NullGetterFunction.cpp & .h to build files.
315
316         * dfg/DFGAbstractInterpreterInlines.h:
317         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
318         * runtime/ObjectPrototype.cpp:
319         (JSC::objectProtoFuncLookupGetter):
320         (JSC::objectProtoFuncLookupSetter):
321         * runtime/PropertyDescriptor.cpp:
322         (JSC::PropertyDescriptor::setDescriptor):
323         (JSC::PropertyDescriptor::setAccessorDescriptor):
324         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
325         helpers.
326
327         * inspector/JSInjectedScriptHostPrototype.cpp:
328         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
329         * inspector/JSJavaScriptCallFramePrototype.cpp:
330         * jit/JITOperations.cpp:
331         * llint/LLIntSlowPaths.cpp:
332         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
333         * runtime/JSObject.cpp:
334         (JSC::JSObject::putIndexedDescriptor):
335         (JSC::putDescriptor):
336         (JSC::JSObject::defineOwnNonIndexProperty):
337         * runtime/MapPrototype.cpp:
338         (JSC::MapPrototype::finishCreation):
339         * runtime/SetPrototype.cpp:
340         (JSC::SetPrototype::finishCreation):
341         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
342         and withSetter() to provide a global object.
343
344         * runtime/GetterSetter.cpp:
345         (JSC::GetterSetter::withGetter):
346         (JSC::GetterSetter::withSetter):
347         (JSC::callGetter):
348         (JSC::callSetter):
349         * runtime/GetterSetter.h:
350         (JSC::GetterSetter::GetterSetter):
351         (JSC::GetterSetter::create):
352         (JSC::GetterSetter::isGetterNull):
353         (JSC::GetterSetter::isSetterNull):
354         (JSC::GetterSetter::setGetter):
355         (JSC::GetterSetter::setSetter):
356         Changed to use NullGetterFunction for unspecified getters / setters.
357
358         * runtime/JSGlobalObject.cpp:
359         (JSC::JSGlobalObject::init):
360         (JSC::JSGlobalObject::createThrowTypeError):
361         (JSC::JSGlobalObject::visitChildren):
362         * runtime/JSGlobalObject.h:
363         (JSC::JSGlobalObject::nullGetterFunction):
364         (JSC::JSGlobalObject::evalFunction):
365         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
366         setGetter() and setSetter() to provide a global object.
367
368         * runtime/NullGetterFunction.cpp: Added.
369         (JSC::callReturnUndefined):
370         (JSC::constructReturnUndefined):
371         (JSC::NullGetterFunction::getCallData):
372         (JSC::NullGetterFunction::getConstructData):
373         * runtime/NullGetterFunction.h: Added.
374         (JSC::NullGetterFunction::create):
375         (JSC::NullGetterFunction::createStructure):
376         (JSC::NullGetterFunction::NullGetterFunction):
377         New singleton class that returns undefined when called.
378
379 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
380
381         Re-enable function.arguments
382         https://bugs.webkit.org/show_bug.cgi?id=139452
383         <rdar://problem/18848149>
384
385         Reviewed by Sam Weinig.
386
387         Disabling function.arguments broke a few websites, and we don't have
388         time right now to work through the details.
389
390         I'm re-enabling function.arguments but leaving in the infrastructure
391         to re-disable it, so we can try this experiment again in the future.
392
393         * runtime/Options.h:
394
395 2014-12-09  David Kilzer  <ddkilzer@apple.com>
396
397         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
398         <http://webkit.org/b/139212>
399
400         Reviewed by Joseph Pecoraro.
401
402         * Configurations/Base.xcconfig:
403         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
404           on OS X.
405         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
406           OS X.
407         - Set JAVASCRIPTCORE_CONTENTS_DIR and
408           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
409
410         * Configurations/DebugRelease.xcconfig:
411         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
412
413         * Configurations/JSC.xcconfig:
414         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
415
416         * Configurations/JavaScriptCore.xcconfig:
417         - Set OTHER_LDFLAGS separately for iOS and OS X.
418         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
419           Production builds.
420         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
421
422         * Configurations/LLVMForJSC.xcconfig:
423         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
424         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
425           separately for iOS hardware and OS X.
426         - Fix curly braces in LIBRARY_SEARCH_PATHS.
427         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
428           done before this patch.)
429
430         * Configurations/ToolExecutable.xcconfig:
431         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
432         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
433         - Add missing newline.
434
435         * Configurations/Version.xcconfig:
436         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
437
438 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
439
440         Fix EFL build fix since r177001
441         https://bugs.webkit.org/show_bug.cgi?id=139428
442
443         Unreviewed, EFL build fix.
444
445         Do not inherit duplicated class. ExpressionNode is already
446         child of ParserArenaFreeable class.
447
448         * parser/Nodes.h:
449
450 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
451
452         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
453         https://bugs.webkit.org/show_bug.cgi?id=139384
454
455         Reviewed by Mark Lam.
456
457         Fix Build Warning by using dataLog() function instead of dataLogF() function.
458
459         * runtime/ControlFlowProfiler.cpp:
460         (JSC::ControlFlowProfiler::dumpData):
461
462 2014-12-08  Saam Barati  <saambarati1@gmail.com>
463
464         Web Inspector: Enable runtime API for JSC's control flow profiler
465         https://bugs.webkit.org/show_bug.cgi?id=139346
466
467         Reviewed by Joseph Pecoraro.
468
469         This patch creates an API that the Web Inspector can use
470         to get information about which basic blocks have exectued
471         from JSC's control flow profiler.
472
473         * inspector/agents/InspectorRuntimeAgent.cpp:
474         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
475         * inspector/agents/InspectorRuntimeAgent.h:
476         * inspector/protocol/Runtime.json:
477
478 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
479
480         Removed some allocation and cruft from the parser
481         https://bugs.webkit.org/show_bug.cgi?id=139416
482
483         Reviewed by Mark Lam.
484
485         Now, the only AST nodes that require a destructor are the ones that
486         relate to pickling a function's arguments -- which will required some
487         deeper thinking to resolve.
488
489         This is a < 1% parser speedup.
490
491         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
492         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
493         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
494         was unused.
495
496         * bytecompiler/NodesCodegen.cpp:
497         (JSC::CommaNode::emitBytecode):
498         (JSC::SourceElements::lastStatement):
499         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
500
501         * parser/ASTBuilder.h:
502         (JSC::ASTBuilder::ASTBuilder):
503         (JSC::ASTBuilder::varDeclarations):
504         (JSC::ASTBuilder::funcDeclarations):
505         (JSC::ASTBuilder::createFuncDeclStatement):
506         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
507         it wasn't buying us anything. We can just use Vector directly.
508
509         (JSC::ASTBuilder::createCommaExpr):
510         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
511         of a vector, to avoid allocating a vector with inline capacity in the
512         common case in which an expression is not followed by a vector.
513
514         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
515         up a Vector*.
516
517         (JSC::ASTBuilder::appendToComma): Deleted.
518         (JSC::ASTBuilder::combineCommaNodes): Deleted.
519
520         * parser/Lexer.cpp:
521
522         * parser/NodeConstructors.h:
523         (JSC::StatementNode::StatementNode):
524         (JSC::CommaNode::CommaNode):
525         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
526
527         * parser/NodeInfo.h: Removed.
528
529         * parser/Nodes.cpp:
530         (JSC::SourceElements::append):
531         (JSC::SourceElements::singleStatement): Use a linked list instead of a
532         vector to track the statements in a list. This removes some allocation
533         and it means that we don't need a destructor anymore.
534
535         (JSC::ScopeNode::ScopeNode):
536         (JSC::ProgramNode::ProgramNode):
537         (JSC::EvalNode::EvalNode):
538         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
539         since these values are never null.
540
541         * parser/Nodes.h:
542         (JSC::StatementNode::next):
543         (JSC::StatementNode::setNext):
544         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
545
546         * parser/Parser.cpp:
547         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
548
549         (JSC::Parser<LexerType>::parseVarDeclarationList):
550         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
551         an explicit list of CommaNodes, removing a use of vector and a destructor.
552
553         * parser/Parser.h:
554         (JSC::Parser<LexerType>::parse):
555         * parser/SyntaxChecker.h:
556         (JSC::SyntaxChecker::createCommaExpr):
557         (JSC::SyntaxChecker::appendToCommaExpr):
558         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
559
560 2014-12-08  Commit Queue  <commit-queue@webkit.org>
561
562         Unreviewed, rolling out r176979.
563         https://bugs.webkit.org/show_bug.cgi?id=139424
564
565         "New JSC test in this patch is failing" (Requested by mlam on
566         #webkit).
567
568         Reverted changeset:
569
570         "Fixes operationPutByIds such that they check that the put
571         didn't"
572         https://bugs.webkit.org/show_bug.cgi?id=139196
573         http://trac.webkit.org/changeset/176979
574
575 2014-12-08  Matthew Mirman  <mmirman@apple.com>
576
577         Fixes operationPutByIds such that they check that the put didn't
578         change the structure of the object who's property access is being
579         cached.
580         https://bugs.webkit.org/show_bug.cgi?id=139196
581
582         Reviewed by Filip Pizlo.
583
584         * jit/JITOperations.cpp:
585         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
586         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
587         (JSC::operationPutByIdNonStrictBuildList): ditto.
588         (JSC::operationPutByIdDirectStrictBuildList): ditto.
589         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
590         * jit/Repatch.cpp:
591         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
592         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
593         is the same as the new.
594         (JSC::buildPutByIdList): Added an argument
595         * jit/Repatch.h: 
596         (JSC::buildPutByIdList): Added an argument
597         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
598         * tests/stress/put-by-id-strict-build-list-order.js: Added.
599
600  
601 2014-12-08  Anders Carlsson  <andersca@apple.com>
602
603         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
604         https://bugs.webkit.org/show_bug.cgi?id=139410
605
606         Reviewed by Andreas Kling.
607
608         * API/JSContextRef.cpp:
609         (JSContextGroupSetExecutionTimeLimit):
610         (JSContextGroupClearExecutionTimeLimit):
611         * runtime/Watchdog.cpp:
612         (JSC::Watchdog::setTimeLimit):
613         (JSC::Watchdog::didFire):
614         (JSC::Watchdog::startCountdownIfNeeded):
615         (JSC::Watchdog::startCountdown):
616         * runtime/Watchdog.h:
617         * runtime/WatchdogMac.cpp:
618         (JSC::Watchdog::startTimer):
619
620 2014-12-08  Mark Lam  <mark.lam@apple.com>
621
622         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
623         <https://webkit.org/b/139327>
624
625         Reviewed by Michael Saboff.
626
627         The code generator and runtime slow paths expects otherwise.  This patch fixes
628         CFA to match the code generator's expectation.
629
630         * dfg/DFGArrayMode.h:
631         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
632         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
633
634 2014-12-08  Chris Dumez  <cdumez@apple.com>
635
636         Revert r176293 & r176275
637
638         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
639         instead of size_t. There is some disagreement regarding the long-term direction
640         of the API and we shouldn’t leave the API partly transitioned to unsigned type
641         while making a decision.
642
643         * bytecode/PreciseJumpTargets.cpp:
644         * replay/EncodedValue.h:
645
646 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
647
648         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
649         https://bugs.webkit.org/show_bug.cgi?id=139373
650
651         Reviewed by Sam Weinig.
652
653         * interpreter/Interpreter.cpp:
654
655 2014-12-06  Anders Carlsson  <andersca@apple.com>
656
657         Fix build with newer versions of clang.
658         rdar://problem/18978716
659
660         * ftl/FTLJITCode.h:
661         Add missing overrides.
662
663 2014-12-05  Roger Fong  <roger_fong@apple.com>
664
665         [Win] proj files copying over too many resources..
666         https://bugs.webkit.org/show_bug.cgi?id=139315.
667         <rdar://problem/19148278>
668
669         Reviewed by Brent Fulgham.
670
671         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
672
673 2014-12-05  Juergen Ributzka  <juergen@apple.com>
674
675         [JSC][FTL] Add the data layout to the module and fix the pass order.
676         https://bugs.webkit.org/show_bug.cgi?id=138748
677
678         Reviewed by Oliver Hunt.
679
680         This adds the data layout to the module, so it can be used by all
681         optimization passes in the LLVM optimizer pipeline. This also allows
682         FastISel to select more instructions, because less non-legal types are
683         generated.
684         
685         Also fix the order of the alias analysis passes in the optimization
686         pipeline.
687
688         * ftl/FTLCompile.cpp:
689         (JSC::FTL::mmAllocateDataSection):
690
691 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
692
693         Removed an unused function.
694
695         Reviewed by Michael Saboff.
696
697         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
698
699         * parser/ParserArena.h:
700
701 2014-12-05  David Kilzer  <ddkilzer@apple.com>
702
703         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
704         <http://webkit.org/b/139286>
705
706         Reviewed by Daniel Bates.
707
708         * Configurations/FeatureDefines.xcconfig: Switch back to using
709         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
710
711 2014-12-04  Mark Rowe  <mrowe@apple.com>
712
713         Build fix after r176836.
714
715         Reviewed by Mark Lam.
716
717         * runtime/VM.h:
718         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
719         Doing so results in a weak external symbol being generated.
720
721 2014-12-04  Saam Barati  <saambarati1@gmail.com>
722
723         JavaScript Control Flow Profiler
724         https://bugs.webkit.org/show_bug.cgi?id=137785
725
726         Reviewed by Filip Pizlo.
727
728         This patch introduces a mechanism for JavaScriptCore to profile
729         which basic blocks have executed. This mechanism will then be
730         used by the Web Inspector to indicate which basic blocks
731         have and have not executed.
732         
733         The profiling works by compiling in an op_profile_control_flow
734         at the start of every basic block. Then, whenever this op code 
735         executes, we know that a particular basic block has executed.
736         
737         When we tier up a CodeBlock that contains an op_profile_control_flow
738         that corresponds to an already executed basic block, we don't
739         have to emit code for that particular op_profile_control_flow
740         because the internal data structures used to keep track of 
741         basic block locations has already recorded that the corresponding
742         op_profile_control_flow has executed.
743
744         * CMakeLists.txt:
745         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
746         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
747         * JavaScriptCore.xcodeproj/project.pbxproj:
748         * bytecode/BytecodeList.json:
749         * bytecode/BytecodeUseDef.h:
750         (JSC::computeUsesForBytecodeOffset):
751         (JSC::computeDefsForBytecodeOffset):
752         * bytecode/CodeBlock.cpp:
753         (JSC::CodeBlock::dumpBytecode):
754         (JSC::CodeBlock::CodeBlock):
755         * bytecode/Instruction.h:
756         * bytecode/UnlinkedCodeBlock.cpp:
757         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
758         * bytecode/UnlinkedCodeBlock.h:
759         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
760         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
761         * bytecompiler/BytecodeGenerator.cpp:
762         (JSC::BytecodeGenerator::emitProfileControlFlow):
763         * bytecompiler/BytecodeGenerator.h:
764         * bytecompiler/NodesCodegen.cpp:
765         (JSC::ConditionalNode::emitBytecode):
766         (JSC::IfElseNode::emitBytecode):
767         (JSC::WhileNode::emitBytecode):
768         (JSC::ForNode::emitBytecode):
769         (JSC::ContinueNode::emitBytecode):
770         (JSC::BreakNode::emitBytecode):
771         (JSC::ReturnNode::emitBytecode):
772         (JSC::CaseClauseNode::emitBytecode):
773         (JSC::SwitchNode::emitBytecode):
774         (JSC::ThrowNode::emitBytecode):
775         (JSC::TryNode::emitBytecode):
776         (JSC::ProgramNode::emitBytecode):
777         (JSC::FunctionNode::emitBytecode):
778         * dfg/DFGAbstractInterpreterInlines.h:
779         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
780         * dfg/DFGByteCodeParser.cpp:
781         (JSC::DFG::ByteCodeParser::parseBlock):
782         * dfg/DFGCapabilities.cpp:
783         (JSC::DFG::capabilityLevel):
784         * dfg/DFGClobberize.h:
785         (JSC::DFG::clobberize):
786         * dfg/DFGDoesGC.cpp:
787         (JSC::DFG::doesGC):
788         * dfg/DFGFixupPhase.cpp:
789         (JSC::DFG::FixupPhase::fixupNode):
790         * dfg/DFGNode.h:
791         (JSC::DFG::Node::basicBlockLocation):
792         * dfg/DFGNodeType.h:
793         * dfg/DFGPredictionPropagationPhase.cpp:
794         (JSC::DFG::PredictionPropagationPhase::propagate):
795         * dfg/DFGSafeToExecute.h:
796         (JSC::DFG::safeToExecute):
797         * dfg/DFGSpeculativeJIT32_64.cpp:
798         (JSC::DFG::SpeculativeJIT::compile):
799         * dfg/DFGSpeculativeJIT64.cpp:
800         (JSC::DFG::SpeculativeJIT::compile):
801         * inspector/agents/InspectorRuntimeAgent.cpp:
802         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
803         * jit/JIT.cpp:
804         (JSC::JIT::privateCompileMainPass):
805         * jit/JIT.h:
806         * jit/JITOpcodes.cpp:
807         (JSC::JIT::emit_op_profile_control_flow):
808         * jit/JITOpcodes32_64.cpp:
809         (JSC::JIT::emit_op_profile_control_flow):
810         * jsc.cpp:
811         (GlobalObject::finishCreation):
812         (functionFindTypeForExpression):
813         (functionReturnTypeFor):
814         (functionDumpBasicBlockExecutionRanges):
815         * llint/LowLevelInterpreter.asm:
816         * parser/ASTBuilder.h:
817         (JSC::ASTBuilder::createFunctionExpr):
818         (JSC::ASTBuilder::createGetterOrSetterProperty):
819         (JSC::ASTBuilder::createFuncDeclStatement):
820         (JSC::ASTBuilder::endOffset):
821         (JSC::ASTBuilder::setStartOffset):
822         * parser/NodeConstructors.h:
823         (JSC::Node::Node):
824         * parser/Nodes.h:
825         (JSC::CaseClauseNode::setStartOffset):
826         * parser/Parser.cpp:
827         (JSC::Parser<LexerType>::parseSwitchClauses):
828         (JSC::Parser<LexerType>::parseSwitchDefaultClause):
829         (JSC::Parser<LexerType>::parseBlockStatement):
830         (JSC::Parser<LexerType>::parseStatement):
831         (JSC::Parser<LexerType>::parseFunctionDeclaration):
832         (JSC::Parser<LexerType>::parseIfStatement):
833         (JSC::Parser<LexerType>::parseExpression):
834         (JSC::Parser<LexerType>::parseConditionalExpression):
835         (JSC::Parser<LexerType>::parseProperty):
836         (JSC::Parser<LexerType>::parseMemberExpression):
837         * parser/SyntaxChecker.h:
838         (JSC::SyntaxChecker::createFunctionExpr):
839         (JSC::SyntaxChecker::createFuncDeclStatement):
840         (JSC::SyntaxChecker::createGetterOrSetterProperty):
841         (JSC::SyntaxChecker::operatorStackPop):
842         * runtime/BasicBlockLocation.cpp: Added.
843         (JSC::BasicBlockLocation::BasicBlockLocation):
844         (JSC::BasicBlockLocation::insertGap):
845         (JSC::BasicBlockLocation::getExecutedRanges):
846         (JSC::BasicBlockLocation::dumpData):
847         (JSC::BasicBlockLocation::emitExecuteCode):
848         * runtime/BasicBlockLocation.h: Added.
849         (JSC::BasicBlockLocation::startOffset):
850         (JSC::BasicBlockLocation::endOffset):
851         (JSC::BasicBlockLocation::setStartOffset):
852         (JSC::BasicBlockLocation::setEndOffset):
853         (JSC::BasicBlockLocation::hasExecuted):
854         * runtime/CodeCache.cpp:
855         (JSC::CodeCache::getGlobalCodeBlock):
856         * runtime/ControlFlowProfiler.cpp: Added.
857         (JSC::ControlFlowProfiler::~ControlFlowProfiler):
858         (JSC::ControlFlowProfiler::getBasicBlockLocation):
859         (JSC::ControlFlowProfiler::dumpData):
860         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
861         * runtime/ControlFlowProfiler.h: Added. This class is in 
862         charge of generating BasicBlockLocations and also
863         providing an interface that the Web Inspector can use to ping
864         which basic blocks have executed based on the source id of a script.
865
866         (JSC::BasicBlockKey::BasicBlockKey):
867         (JSC::BasicBlockKey::isHashTableDeletedValue):
868         (JSC::BasicBlockKey::operator==):
869         (JSC::BasicBlockKey::hash):
870         (JSC::BasicBlockKeyHash::hash):
871         (JSC::BasicBlockKeyHash::equal):
872         * runtime/Executable.cpp:
873         (JSC::ProgramExecutable::ProgramExecutable):
874         (JSC::ProgramExecutable::initializeGlobalProperties):
875         * runtime/FunctionHasExecutedCache.cpp:
876         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges):
877         * runtime/FunctionHasExecutedCache.h:
878         * runtime/Options.h:
879         * runtime/TypeProfiler.cpp:
880         (JSC::TypeProfiler::logTypesForTypeLocation):
881         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
882         (JSC::TypeProfiler::findLocation):
883         (JSC::TypeProfiler::dumpTypeProfilerData):
884         * runtime/TypeProfiler.h:
885         (JSC::TypeProfiler::functionHasExecutedCache): Deleted.
886         * runtime/VM.cpp:
887         (JSC::VM::VM):
888         (JSC::enableProfilerWithRespectToCount):
889         (JSC::disableProfilerWithRespectToCount):
890         (JSC::VM::enableTypeProfiler):
891         (JSC::VM::disableTypeProfiler):
892         (JSC::VM::enableControlFlowProfiler):
893         (JSC::VM::disableControlFlowProfiler):
894         (JSC::VM::dumpTypeProfilerData):
895         * runtime/VM.h:
896         (JSC::VM::functionHasExecutedCache):
897         (JSC::VM::controlFlowProfiler):
898
899 2014-12-04  Filip Pizlo  <fpizlo@apple.com>
900
901         printInternal(PrintStream& out, JSC::JITCode::JITType type) ends up dumping a literal %s
902         https://bugs.webkit.org/show_bug.cgi?id=139274
903
904         Reviewed by Geoffrey Garen.
905
906         * jit/JITCode.cpp:
907         (WTF::printInternal):
908
909 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
910
911         Removed the concept of ParserArenaRefCounted
912         https://bugs.webkit.org/show_bug.cgi?id=139277
913
914         Reviewed by Oliver Hunt.
915
916         This is a step toward a parser speedup.
917
918         Now that we have a clear root node type for each parse tree, there's no
919         need to have a concept for "I might be refcounted or arena allocated".
920         Instead, we can just use unique_ptr to manage the tree as a whole.
921
922         * API/JSScriptRef.cpp:
923         (parseScript):
924         * builtins/BuiltinExecutables.cpp:
925         (JSC::BuiltinExecutables::createBuiltinExecutable): Updated for type change.
926
927         * bytecode/UnlinkedCodeBlock.cpp:
928         (JSC::generateFunctionCodeBlock): Use unique_ptr. No need to call
929         destroyData() explicitly: the unique_ptr destructor will do everything
930         we need, as Bjarne intended.
931
932         * parser/NodeConstructors.h:
933         (JSC::ParserArenaRoot::ParserArenaRoot):
934         (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Deleted.
935
936         * parser/Nodes.cpp:
937         (JSC::ScopeNode::ScopeNode):
938         (JSC::ProgramNode::ProgramNode):
939         (JSC::EvalNode::EvalNode):
940         (JSC::FunctionNode::FunctionNode):
941         (JSC::ProgramNode::create): Deleted.
942         (JSC::EvalNode::create): Deleted.
943         (JSC::FunctionNode::create): Deleted. All special create semantics can
944         just go away now that we play by C++ constructor / destructor rules.
945
946         * parser/Nodes.h:
947         (JSC::ParserArenaRoot::parserArena):
948         (JSC::ParserArenaRoot::~ParserArenaRoot): Just a normal class now, which
949         holds onto the whole parse tree by virtue of owning the arena in which
950         all the parsed nodes (except for itself) were allocated.
951
952         (JSC::ProgramNode::closedVariables):
953         (JSC::ParserArenaRefCounted::~ParserArenaRefCounted): Deleted.
954
955         (JSC::ScopeNode::destroyData): Deleted. No need to destroy anything
956         explicitly anymore -- we can just rely on destructors.
957
958         (JSC::ScopeNode::parserArena): Deleted.
959
960         * parser/Parser.h:
961         (JSC::Parser<LexerType>::parse):
962         (JSC::parse): unique_ptr all the things.
963
964         * parser/ParserArena.cpp:
965         (JSC::ParserArena::reset):
966         (JSC::ParserArena::isEmpty):
967         (JSC::ParserArena::contains): Deleted.
968         (JSC::ParserArena::last): Deleted.
969         (JSC::ParserArena::removeLast): Deleted.
970         (JSC::ParserArena::derefWithArena): Deleted.
971         * parser/ParserArena.h:
972         (JSC::ParserArena::swap): Much delete. Such wow.
973
974         * runtime/CodeCache.cpp:
975         (JSC::CodeCache::getGlobalCodeBlock):
976         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
977         * runtime/Completion.cpp:
978         (JSC::checkSyntax):
979         * runtime/Executable.cpp:
980         (JSC::ProgramExecutable::checkSyntax): unique_ptr all the things.
981
982 2014-12-04  Andreas Kling  <akling@apple.com>
983
984         REGRESSION(r173188): Text inserted when trying to delete a word from the Twitter message box.
985         <https://webkit.org/b/139076>
986
987         Reviewed by Geoffrey Garen.
988
989         The StringImpl* -> Weak<JSString> cache used by the DOM bindings
990         had a bug where the key could become a stale pointer if the cached
991         JSString had its internal StringImpl atomicized.
992
993         If a new StringImpl was then later constructed at the exact same
994         address as the stale key, before the Weak<JSString> got booted out
995         of the string cache, we'd now have a situation where asking the
996         string cache for that key would return the old JSString.
997
998         Solve this by not allowing JSString::toExistingAtomicString() to
999         change the JSString's internal StringImpl unless it's resolving a
1000         rope string. (The StringImpl nullity determines rope state.)
1001
1002         This means that calling toExistingAtomicString() may now have to
1003         query the AtomicString table on each call rather than just once.
1004         All clients of this API would be forced to do this regardless,
1005         since they return value will be used to key into containers with
1006         AtomicStringImpl* keys.
1007
1008         No test because this relies on malloc putting two StringImpls
1009         at the same address at different points in time and we have no
1010         mechanism to reliably test that.
1011
1012         * runtime/JSString.h:
1013         (JSC::JSString::toExistingAtomicString):
1014
1015 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
1016
1017         Marked some final things final.
1018
1019         Reviewed by Andreas Kling.
1020
1021         * parser/Nodes.h:
1022
1023 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
1024
1025         Split out FunctionNode from FunctionBodyNode
1026         https://bugs.webkit.org/show_bug.cgi?id=139273
1027
1028         Reviewed by Andreas Kling.
1029
1030         This is step toward a parser speedup.
1031
1032         We used to use FunctionBodyNode for two different purposes:
1033
1034         (1) "I am the root function you are currently parsing";
1035
1036         (2) "I am a lazy record of a nested function, which you will parse later".
1037
1038         This made for awkward lifetime semantics and interfaces.
1039
1040         Now, case (1) is handled by FunctionBodyNode, and case (2) is handled by
1041         a new node named FunctionNode.
1042
1043         Since case (1) no longer needs to handle being the root of the parse
1044         tree, FunctionBodyNode can be a normal arena-allocated node.
1045
1046         * bytecode/UnlinkedCodeBlock.cpp:
1047         (JSC::generateFunctionCodeBlock): Use FunctionNode instead of
1048         FunctionBodyNode, since we are producing the root of the function parse
1049         tree.
1050
1051         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Removed
1052         some unused data, and default-initialized other data, which isn't filled
1053         in meaningfully until recordParse() is called. (The previous values were
1054         incorrect / meaningless, since the FunctionBodyNode didn't have
1055         meaningful values in this case.)
1056
1057         * bytecode/UnlinkedCodeBlock.h: Ditto.
1058
1059         (JSC::UnlinkedFunctionExecutable::forceUsesArguments): Deleted.
1060
1061         * bytecompiler/BytecodeGenerator.cpp:
1062         (JSC::BytecodeGenerator::BytecodeGenerator): Use FunctionNode instead of
1063         FunctionBodyNode, since we are generating code starting at the root of
1064         the parse tree.
1065
1066         (JSC::BytecodeGenerator::resolveCallee):
1067         (JSC::BytecodeGenerator::addCallee):
1068         * bytecompiler/BytecodeGenerator.h: Ditto.
1069
1070         * bytecompiler/NodesCodegen.cpp:
1071         (JSC::FunctionBodyNode::emitBytecode):
1072         (JSC::FunctionNode::emitBytecode): Moved the emitBytecode implementation
1073         to FunctionNode, since we never generate code for FunctionBodyNode,
1074         since it's just a placeholder in the AST.
1075
1076         * parser/ASTBuilder.h:
1077         (JSC::ASTBuilder::createFunctionBody):
1078         (JSC::ASTBuilder::setUsesArguments): Deleted. Updated for interface
1079         changes.
1080
1081         * parser/Nodes.cpp:
1082         (JSC::FunctionBodyNode::FunctionBodyNode):
1083         (JSC::FunctionBodyNode::finishParsing):
1084         (JSC::FunctionBodyNode::setEndPosition):
1085         (JSC::FunctionNode::FunctionNode):
1086         (JSC::FunctionNode::create):
1087         (JSC::FunctionNode::finishParsing):
1088         (JSC::FunctionBodyNode::create): Deleted.
1089
1090         * parser/Nodes.h:
1091         (JSC::FunctionBodyNode::parameters):
1092         (JSC::FunctionBodyNode::source):
1093         (JSC::FunctionBodyNode::startStartOffset):
1094         (JSC::FunctionBodyNode::isInStrictContext):
1095         (JSC::FunctionNode::parameters):
1096         (JSC::FunctionNode::ident):
1097         (JSC::FunctionNode::functionMode):
1098         (JSC::FunctionNode::startColumn):
1099         (JSC::FunctionNode::endColumn):
1100         (JSC::ScopeNode::setSource): Deleted.
1101         (JSC::FunctionBodyNode::parameterCount): Deleted. Split out the differences
1102         between FunctionNode and FunctionBodyNode.
1103
1104         * parser/SyntaxChecker.h:
1105         (JSC::SyntaxChecker::createClauseList):
1106         (JSC::SyntaxChecker::setUsesArguments): Deleted. Removed setUsesArguments
1107         since it wasn't used.
1108
1109         * runtime/Executable.cpp:
1110         (JSC::ProgramExecutable::checkSyntax): Removed a branch that was always
1111         false.
1112
1113 2014-12-02  Brian J. Burg  <burg@cs.washington.edu>
1114
1115         Web Inspector: timeline probe records have inaccurate per-probe hit counts
1116         https://bugs.webkit.org/show_bug.cgi?id=138976
1117
1118         Reviewed by Joseph Pecoraro.
1119
1120         Previously, the DebuggerAgent was responsible for assigning unique ids to samples.
1121         However, this makes it impossible for the frontend's Timeline manager to associate
1122         a Probe Sample timeline record with the corresponding probe sample data. The record
1123         only included the probe batchId (misnamed as hitCount in ScriptDebugServer).
1124
1125         This patch moves both the batchId and sampleId counters into ScriptDebugServer, so
1126         any client of ScriptDebugListener will get the correct sampleId for each sample.
1127
1128         * inspector/ScriptDebugListener.h:
1129         * inspector/ScriptDebugServer.cpp:
1130         (Inspector::ScriptDebugServer::ScriptDebugServer):
1131         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
1132         (Inspector::ScriptDebugServer::handleBreakpointHit):
1133         * inspector/ScriptDebugServer.h:
1134         * inspector/agents/InspectorDebuggerAgent.cpp:
1135         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
1136         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1137         * inspector/agents/InspectorDebuggerAgent.h:
1138
1139 2014-12-04  Oliver Hunt  <oliver@apple.com>
1140
1141         Serialization of MapData object provides unsafe access to internal types
1142         https://bugs.webkit.org/show_bug.cgi?id=138653
1143
1144         Reviewed by Geoffrey Garen.
1145
1146         Converting these ASSERTs into RELEASE_ASSERTs, as it is now obvious
1147         that despite trying hard to be safe in all cases it's simply to easy
1148         to use an iterator in an unsafe state.
1149
1150         * runtime/MapData.h:
1151         (JSC::MapData::const_iterator::key):
1152         (JSC::MapData::const_iterator::value):
1153
1154 2014-12-03  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1155
1156         Move JavaScriptCore/dfg to std::unique_ptr
1157         https://bugs.webkit.org/show_bug.cgi?id=139169
1158
1159         Reviewed by Filip Pizlo.
1160
1161         Use std::unique_ptr<>|std::make_unique<> in JavaScriptCore/dfg directory.
1162
1163         * dfg/DFGBasicBlock.h:
1164         * dfg/DFGJITCompiler.cpp:
1165         (JSC::DFG::JITCompiler::JITCompiler):
1166         (JSC::DFG::JITCompiler::compile):
1167         (JSC::DFG::JITCompiler::link):
1168         (JSC::DFG::JITCompiler::compileFunction):
1169         (JSC::DFG::JITCompiler::linkFunction):
1170         * dfg/DFGJITCompiler.h:
1171         * dfg/DFGPlan.cpp:
1172         (JSC::DFG::Plan::compileInThreadImpl):
1173         (JSC::DFG::Plan::cancel):
1174         * dfg/DFGPlan.h:
1175         * dfg/DFGSlowPathGenerator.h:
1176         * dfg/DFGWorklist.h:
1177         * ftl/FTLFail.cpp:
1178         (JSC::FTL::fail):
1179         * ftl/FTLState.cpp:
1180         (JSC::FTL::State::State):
1181
1182 2014-12-03  Michael Saboff  <msaboff@apple.com>
1183
1184         REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests
1185         https://bugs.webkit.org/show_bug.cgi?id=139246
1186
1187         Reviewed by Geoffrey Garen.
1188
1189         * ftl/FTLLowerDFGToLLVM.cpp:
1190         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
1191         The DFG_ASSERT that checks liveness at exit time doesn't properly
1192         handle the case where the local is not available at OSR exit time,
1193         but the local is live in the bytecode.  This now happens with the
1194         allocated scope register when we are compiling for FTLForOSREntryMode
1195         due to DCE done when the control flow was changed and a new entrypoint
1196         was added in the OSR entrypoint creation phase.  Therefore we silence
1197         the assert when compiling for FTLForOSREntryMode.
1198
1199 2014-12-03  Geoffrey Garen  <ggaren@apple.com>
1200
1201         Removed the global parser arena
1202         https://bugs.webkit.org/show_bug.cgi?id=139236
1203
1204         Reviewed by Sam Weinig.
1205
1206         Simplifies parser lifetime logic.
1207
1208         There's no need to keep a global arena. We can create a new arena
1209         each time we parse.
1210
1211         * bytecompiler/BytecodeGenerator.h: Global replace to pass around a
1212         ParserArena instead of VM*, since the VM no longer owns the arena.
1213         (JSC::BytecodeGenerator::parserArena):
1214
1215         * bytecompiler/NodesCodegen.cpp: Ditto.
1216         (JSC::ArrayNode::toArgumentList):
1217         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1218         * parser/ASTBuilder.h: Ditto.
1219         (JSC::ASTBuilder::ASTBuilder):
1220         (JSC::ASTBuilder::createSourceElements):
1221         (JSC::ASTBuilder::createCommaExpr):
1222         (JSC::ASTBuilder::createLogicalNot):
1223         (JSC::ASTBuilder::createUnaryPlus):
1224         (JSC::ASTBuilder::createVoid):
1225         (JSC::ASTBuilder::thisExpr):
1226         (JSC::ASTBuilder::createResolve):
1227         (JSC::ASTBuilder::createObjectLiteral):
1228         (JSC::ASTBuilder::createArray):
1229         (JSC::ASTBuilder::createNumberExpr):
1230         (JSC::ASTBuilder::createString):
1231         (JSC::ASTBuilder::createBoolean):
1232         (JSC::ASTBuilder::createNull):
1233         (JSC::ASTBuilder::createBracketAccess):
1234         (JSC::ASTBuilder::createDotAccess):
1235         (JSC::ASTBuilder::createSpreadExpression):
1236         (JSC::ASTBuilder::createRegExp):
1237         (JSC::ASTBuilder::createNewExpr):
1238         (JSC::ASTBuilder::createConditionalExpr):
1239         (JSC::ASTBuilder::createAssignResolve):
1240         (JSC::ASTBuilder::createFunctionExpr):
1241         (JSC::ASTBuilder::createFunctionBody):
1242         (JSC::ASTBuilder::createGetterOrSetterProperty):
1243         (JSC::ASTBuilder::createArguments):
1244         (JSC::ASTBuilder::createArgumentsList):
1245         (JSC::ASTBuilder::createProperty):
1246         (JSC::ASTBuilder::createPropertyList):
1247         (JSC::ASTBuilder::createElementList):
1248         (JSC::ASTBuilder::createFormalParameterList):
1249         (JSC::ASTBuilder::createClause):
1250         (JSC::ASTBuilder::createClauseList):
1251         (JSC::ASTBuilder::createFuncDeclStatement):
1252         (JSC::ASTBuilder::createBlockStatement):
1253         (JSC::ASTBuilder::createExprStatement):
1254         (JSC::ASTBuilder::createIfStatement):
1255         (JSC::ASTBuilder::createForLoop):
1256         (JSC::ASTBuilder::createForInLoop):
1257         (JSC::ASTBuilder::createForOfLoop):
1258         (JSC::ASTBuilder::createEmptyStatement):
1259         (JSC::ASTBuilder::createVarStatement):
1260         (JSC::ASTBuilder::createEmptyVarExpression):
1261         (JSC::ASTBuilder::createReturnStatement):
1262         (JSC::ASTBuilder::createBreakStatement):
1263         (JSC::ASTBuilder::createContinueStatement):
1264         (JSC::ASTBuilder::createTryStatement):
1265         (JSC::ASTBuilder::createSwitchStatement):
1266         (JSC::ASTBuilder::createWhileStatement):
1267         (JSC::ASTBuilder::createDoWhileStatement):
1268         (JSC::ASTBuilder::createLabelStatement):
1269         (JSC::ASTBuilder::createWithStatement):
1270         (JSC::ASTBuilder::createThrowStatement):
1271         (JSC::ASTBuilder::createDebugger):
1272         (JSC::ASTBuilder::createConstStatement):
1273         (JSC::ASTBuilder::appendConstDecl):
1274         (JSC::ASTBuilder::combineCommaNodes):
1275         (JSC::ASTBuilder::createDeconstructingAssignment):
1276         (JSC::ASTBuilder::Scope::Scope):
1277         (JSC::ASTBuilder::createNumber):
1278         (JSC::ASTBuilder::makeTypeOfNode):
1279         (JSC::ASTBuilder::makeDeleteNode):
1280         (JSC::ASTBuilder::makeNegateNode):
1281         (JSC::ASTBuilder::makeBitwiseNotNode):
1282         (JSC::ASTBuilder::makeMultNode):
1283         (JSC::ASTBuilder::makeDivNode):
1284         (JSC::ASTBuilder::makeModNode):
1285         (JSC::ASTBuilder::makeAddNode):
1286         (JSC::ASTBuilder::makeSubNode):
1287         (JSC::ASTBuilder::makeLeftShiftNode):
1288         (JSC::ASTBuilder::makeRightShiftNode):
1289         (JSC::ASTBuilder::makeURightShiftNode):
1290         (JSC::ASTBuilder::makeBitOrNode):
1291         (JSC::ASTBuilder::makeBitAndNode):
1292         (JSC::ASTBuilder::makeBitXOrNode):
1293         (JSC::ASTBuilder::makeFunctionCallNode):
1294         (JSC::ASTBuilder::makeBinaryNode):
1295         (JSC::ASTBuilder::makeAssignNode):
1296         (JSC::ASTBuilder::makePrefixNode):
1297         (JSC::ASTBuilder::makePostfixNode):
1298
1299         * parser/NodeConstructors.h: Ditto.
1300         (JSC::ParserArenaFreeable::operator new):
1301         (JSC::ParserArenaDeletable::operator new):
1302         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
1303
1304         * parser/Nodes.cpp: Ditto.
1305         (JSC::ScopeNode::ScopeNode):
1306         (JSC::ProgramNode::ProgramNode):
1307         (JSC::ProgramNode::create):
1308         (JSC::EvalNode::EvalNode):
1309         (JSC::EvalNode::create):
1310         (JSC::FunctionBodyNode::FunctionBodyNode):
1311         (JSC::FunctionBodyNode::create):
1312
1313         * parser/Nodes.h: Ditto.
1314         (JSC::ScopeNode::parserArena):
1315
1316         * parser/Parser.cpp:
1317         (JSC::Parser<LexerType>::Parser):
1318         (JSC::Parser<LexerType>::parseInner):
1319         (JSC::Parser<LexerType>::parseProperty): The parser now owns its own
1320         arena, and transfers ownership of its contents when invoking the ScopeNode
1321         constructor.
1322
1323         * parser/Parser.h:
1324         (JSC::Parser<LexerType>::parse): No need to explicitly reset the arena,
1325         since its lifetime is tied to the parser's lifetime now.
1326
1327         * parser/SyntaxChecker.h:
1328         (JSC::SyntaxChecker::createProperty):
1329         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1330
1331         * runtime/VM.cpp:
1332         (JSC::VM::VM):
1333         * runtime/VM.h: The point of the patch: no more global.
1334
1335 2014-12-03  Geoffrey Garen  <ggaren@apple.com>
1336
1337         The parser should allocate all pieces of the AST
1338         https://bugs.webkit.org/show_bug.cgi?id=139230
1339
1340         Reviewed by Oliver Hunt.
1341
1342         This is a step toward a 14% parsing speedup.
1343
1344         Previously, allocation was split between the parser and certain node
1345         constructor functions. This made for some duplicated code and circular
1346         dependencies.
1347
1348         * parser/ASTBuilder.h:
1349         (JSC::ASTBuilder::createGetterOrSetterProperty): No need to pass through
1350         the VM, since our callee no longer needs to allocate anything.
1351
1352         (JSC::ASTBuilder::createProperty): Allocate the identifier for our
1353         callee, since that is simpler than requiring our callee to notice that
1354         we didn't do so, and do it for us.
1355
1356         (JSC::ASTBuilder::createForInLoop): Allocate the DeconstructingAssignmentNode
1357         for our callee, since that is simpler than requiring our callee to notice
1358         that we didn't do so, and do it for us.
1359
1360         Also, reuse some code instead of duplicating it.
1361
1362         (JSC::ASTBuilder::createForOfLoop): Ditto.
1363
1364         (JSC::ASTBuilder::createArrayPattern):
1365         (JSC::ASTBuilder::createObjectPattern):
1366         (JSC::ASTBuilder::createBindingLocation): No need to pass through a VM
1367         pointer, since our callee no longer needs to allocate anything.
1368
1369         (JSC::ASTBuilder::createBreakStatement): Deleted.
1370         (JSC::ASTBuilder::createContinueStatement): Deleted.
1371
1372         * parser/NodeConstructors.h:
1373         (JSC::PropertyNode::PropertyNode):
1374         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
1375         (JSC::ArrayPatternNode::ArrayPatternNode):
1376         (JSC::ArrayPatternNode::create):
1377         (JSC::ObjectPatternNode::ObjectPatternNode):
1378         (JSC::ObjectPatternNode::create):
1379         (JSC::BindingNode::create):
1380         (JSC::BindingNode::BindingNode):
1381         (JSC::ContinueNode::ContinueNode): Deleted.
1382         (JSC::BreakNode::BreakNode): Deleted.
1383         (JSC::EnumerationNode::EnumerationNode): Deleted.
1384         (JSC::ForInNode::ForInNode): Deleted.
1385         (JSC::ForOfNode::ForOfNode): Deleted. Deleted a bunch of special cases
1386         that don't exist anymore, now that the parser allocates all pieces of
1387         the AST unconditionally.
1388
1389         * parser/Nodes.h: Ditto.
1390
1391         * parser/Parser.cpp:
1392         (JSC::Parser<LexerType>::parseBreakStatement):
1393         (JSC::Parser<LexerType>::parseContinueStatement): Allocate the null
1394         identifier for our callee, since that is simpler than requiring our
1395         callee to notice that we didn't do so, and do it for us.
1396
1397         (JSC::Parser<LexerType>::parseProperty):
1398         * parser/SyntaxChecker.h:
1399         (JSC::SyntaxChecker::createProperty): No need to pass through a VM
1400         pointer, since our callee no longer needs to allocate anything.
1401
1402 2014-12-03  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>
1403
1404         Remove unused JSC runtime options
1405         https://bugs.webkit.org/show_bug.cgi?id=133070
1406
1407         Reviewed by Csaba Osztrogonác.
1408
1409         * runtime/Options.h:
1410
1411 2014-12-02  Mark Lam  <mark.lam@apple.com>
1412
1413         Rolling out r176592, r176603, r176616, and r176705 until build and perf issues are resolved.
1414         https://bugs.webkit.org/show_bug.cgi?id=138821
1415
1416         Not reviewed.
1417
1418         * bytecode/UnlinkedCodeBlock.cpp:
1419         (JSC::UnlinkedCodeBlock::visitChildren):
1420         * bytecompiler/BytecodeGenerator.cpp:
1421         (JSC::BytecodeGenerator::emitComplexPopScopes):
1422         * dfg/DFGSpeculativeJIT.cpp:
1423         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
1424         * ftl/FTLAbbreviations.h:
1425         (JSC::FTL::mdNode):
1426         (JSC::FTL::buildCall):
1427         * llint/LLIntData.cpp:
1428         (JSC::LLInt::Data::performAssertions):
1429         * parser/Parser.h:
1430         (JSC::Scope::Scope):
1431         * runtime/JSArray.cpp:
1432         (JSC::JSArray::setLengthWithArrayStorage):
1433         (JSC::JSArray::sortCompactedVector):
1434         * tools/ProfileTreeNode.h:
1435         (JSC::ProfileTreeNode::dumpInternal):
1436         * yarr/YarrJIT.cpp:
1437         (JSC::Yarr::YarrGenerator::matchCharacterClass):
1438
1439 2014-12-02  Michael Saboff  <msaboff@apple.com>
1440
1441         Change CallFrame::globalThisValue() to not use CallFrame::scope()
1442         https://bugs.webkit.org/show_bug.cgi?id=139202
1443
1444         Reviewed by Mark Lam.
1445
1446         Changed to use the globalThis() on the globalObject associated with the
1447         callee.  Moved the inline definition to JSGlobalObject.h instead of
1448         including JSGlobalObject.h in JSScope.h.  Also moved it as JSScope
1449         objects are no longer involved in getting the value.
1450
1451         * runtime/JSGlobalObject.h:
1452         (JSC::ExecState::globalThisValue):
1453         * runtime/JSScope.h:
1454         (JSC::ExecState::globalThisValue): Deleted.
1455
1456 2014-12-02  Matthew Mirman  <mmirman@apple.com>
1457
1458         Fixes inline cache fast path accessing nonexistant getters.
1459         <rdar://problem/18416918>
1460         https://bugs.webkit.org/show_bug.cgi?id=136961
1461
1462         Reviewed by Filip Pizlo.
1463
1464         Fixes a bug in inline caching where getters would have been able to 
1465         modify the property they are getting during 
1466         building the inline cache and then accessing that 
1467         property through the inline cache site causing a recursive 
1468         inline cache building and allowing the fast path of the cache to 
1469         try to load a getter for the property that no longer exists.
1470                 
1471         * jit/JITOperations.cpp: Switched use of get to getPropertySlot.
1472         * runtime/JSCJSValue.h: 
1473         added getPropertySlot for when you don't want to perform the get quite yet but want 
1474         to fill out the slot.
1475         * runtime/JSCJSValueInlines.h: Added implementation for getPropertySlot
1476         (JSC::JSValue::get): changed to simply call getPropertySlot
1477         (JSC::JSValue::getPropertySlot): added.
1478         * tests/stress/recursive_property_redefine_during_inline_caching.js: Added test case for bug.
1479         (test):
1480         
1481 2014-12-01  Michael Saboff  <msaboff@apple.com>
1482
1483         Remove GetMyScope node from DFG
1484         https://bugs.webkit.org/show_bug.cgi?id=139166
1485
1486         Reviewed by Oliver Hunt.
1487
1488         Eliminated GetMyScope DFG node type.
1489
1490         * dfg/DFGAbstractInterpreterInlines.h:
1491         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1492         * dfg/DFGClobberize.h:
1493         (JSC::DFG::clobberize):
1494         * dfg/DFGDoesGC.cpp:
1495         (JSC::DFG::doesGC):
1496         * dfg/DFGFixupPhase.cpp:
1497         (JSC::DFG::FixupPhase::fixupNode):
1498         * dfg/DFGGraph.cpp:
1499         (JSC::DFG::Graph::isLiveInBytecode):
1500         * dfg/DFGNodeType.h:
1501         * dfg/DFGPredictionPropagationPhase.cpp:
1502         (JSC::DFG::PredictionPropagationPhase::propagate):
1503         * dfg/DFGSafeToExecute.h:
1504         (JSC::DFG::safeToExecute):
1505         * dfg/DFGSpeculativeJIT32_64.cpp:
1506         (JSC::DFG::SpeculativeJIT::compile):
1507         * dfg/DFGSpeculativeJIT64.cpp:
1508         (JSC::DFG::SpeculativeJIT::compile):
1509         * ftl/FTLCapabilities.cpp:
1510         (JSC::FTL::canCompile):
1511         * ftl/FTLLowerDFGToLLVM.cpp:
1512         (JSC::FTL::LowerDFGToLLVM::compileNode):
1513         (JSC::FTL::LowerDFGToLLVM::compileGetMyScope): Deleted.
1514
1515 2014-12-01  Michael Saboff  <msaboff@apple.com>
1516
1517         Crash (integer overflow) beneath ByteCodeParser::handleGetById typing in search field on weather.com
1518         https://bugs.webkit.org/show_bug.cgi?id=139165
1519
1520         Reviewed by Oliver Hunt.
1521
1522         If we don't have any getById or putById variants, emit non-cached versions of these operations.
1523
1524         * dfg/DFGByteCodeParser.cpp:
1525         (JSC::DFG::ByteCodeParser::handleGetById):
1526         (JSC::DFG::ByteCodeParser::handlePutById):
1527
1528 2014-12-01  Andreas Kling  <akling@apple.com>
1529
1530         Optimize constructing JSC::Identifier from AtomicString.
1531         <https://webkit.org/b/139157>
1532
1533         Reviewed by Michael Saboff.
1534
1535         Add constructors for Identifier taking AtomicString and AtomicStringImpl.
1536         This avoids branching on the string's isAtomic flag, which is obviously
1537         always true for AtomicString & AtomicStringImpl.
1538
1539         Had to add a Identifier(const char*) constructor to resolve implicit
1540         ambiguity between String / AtomicString.
1541
1542         Also made PrivateName::uid() return AtomicStringImpl* to take advantage
1543         of the new constructor in a few places.
1544
1545         * runtime/Identifier.h:
1546         (JSC::Identifier::Identifier):
1547         * runtime/IdentifierInlines.h:
1548         (JSC::Identifier::Identifier):
1549         * runtime/PrivateName.h:
1550         (JSC::PrivateName::uid):
1551
1552 2014-12-01  Alexey Proskuryakov  <ap@apple.com>
1553
1554         Several JavaScriptCore date tests are flaky, because they expect time to be frozen during execution
1555         https://bugs.webkit.org/show_bug.cgi?id=139138
1556
1557         Reviewed by Mark Lam.
1558
1559         Merged a fix by Bob Clary.
1560
1561         * tests/mozilla/ecma/Date/15.9.1.1-1.js:
1562         * tests/mozilla/ecma/Date/15.9.1.1-2.js:
1563         * tests/mozilla/ecma/Date/15.9.2.1.js:
1564         * tests/mozilla/ecma/Date/15.9.2.2-1.js:
1565         * tests/mozilla/ecma/Date/15.9.2.2-2.js:
1566         * tests/mozilla/ecma/Date/15.9.2.2-3.js:
1567         * tests/mozilla/ecma/Date/15.9.2.2-4.js:
1568         * tests/mozilla/ecma/Date/15.9.2.2-5.js:
1569         * tests/mozilla/ecma/Date/15.9.2.2-6.js:
1570
1571 2014-11-17  Oliver Hunt  <oliver@apple.com>
1572
1573         Make sure range based iteration of Vector<> still receives bounds checking
1574         https://bugs.webkit.org/show_bug.cgi?id=138821
1575
1576         Reviewed by Mark Lam.
1577
1578         There are a few uses of begin()/end() that explicitly require pointers,
1579         so we use getPtr() to extract the underlying pointer generically.
1580
1581         * bytecode/UnlinkedCodeBlock.cpp:
1582         (JSC::UnlinkedCodeBlock::visitChildren):
1583         * bytecompiler/BytecodeGenerator.cpp:
1584         (JSC::BytecodeGenerator::emitComplexPopScopes):
1585         * dfg/DFGSpeculativeJIT.cpp:
1586         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
1587         * ftl/FTLAbbreviations.h:
1588         (JSC::FTL::mdNode):
1589         (JSC::FTL::buildCall):
1590         * llint/LLIntData.cpp:
1591         (JSC::LLInt::Data::performAssertions):
1592         * parser/Parser.h:
1593         (JSC::Scope::Scope):
1594         * profiler/ProfileNode.cpp:
1595         (JSC::ProfileNode::debugPrintRecursively):
1596         * runtime/JSArray.cpp:
1597         (JSC::JSArray::setLengthWithArrayStorage):
1598         (JSC::JSArray::sortCompactedVector):
1599         * tools/ProfileTreeNode.h:
1600         (JSC::ProfileTreeNode::dumpInternal):
1601         * yarr/YarrJIT.cpp:
1602         (JSC::Yarr::YarrGenerator::matchCharacterClass):
1603
1604 2014-11-29  Andreas Kling  <akling@apple.com>
1605
1606         PropertyTable keys should be AtomicStringImpl.
1607         <https://webkit.org/b/139096>
1608
1609         Reviewed by Sam Weinig.
1610
1611         Since PropertyTable keys are really always Identifiers, switch the key
1612         type from StringImpl* to AtomicStringImpl*.
1613
1614         We have code in the GetByVal opcode implementations that assumes things
1615         about this, so this change adds confidence to those algorithms.
1616
1617         * bytecode/ComplexGetStatus.cpp:
1618         (JSC::ComplexGetStatus::computeFor):
1619         * bytecode/ComplexGetStatus.h:
1620         * bytecode/GetByIdStatus.cpp:
1621         (JSC::GetByIdStatus::computeFromLLInt):
1622         (JSC::GetByIdStatus::computeFor):
1623         (JSC::GetByIdStatus::computeForStubInfo):
1624         * bytecode/GetByIdStatus.h:
1625         * bytecode/PutByIdStatus.cpp:
1626         (JSC::PutByIdStatus::computeFromLLInt):
1627         (JSC::PutByIdStatus::computeFor):
1628         (JSC::PutByIdStatus::computeForStubInfo):
1629         * bytecode/PutByIdStatus.h:
1630         * dfg/DFGByteCodeParser.cpp:
1631         (JSC::DFG::ByteCodeParser::parseBlock):
1632         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1633         * dfg/DFGDesiredIdentifiers.cpp:
1634         (JSC::DFG::DesiredIdentifiers::addLazily):
1635         (JSC::DFG::DesiredIdentifiers::at):
1636         * dfg/DFGDesiredIdentifiers.h:
1637         (JSC::DFG::DesiredIdentifiers::operator[]):
1638         * dfg/DFGFixupPhase.cpp:
1639         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
1640         * runtime/Identifier.h:
1641         (JSC::Identifier::impl):
1642         * runtime/IntendedStructureChain.cpp:
1643         (JSC::IntendedStructureChain::mayInterceptStoreTo):
1644         * runtime/IntendedStructureChain.h:
1645         * runtime/PropertyMapHashTable.h:
1646         * runtime/Structure.cpp:
1647         (JSC::StructureTransitionTable::contains):
1648         (JSC::StructureTransitionTable::get):
1649         (JSC::Structure::addPropertyTransitionToExistingStructureImpl):
1650         (JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
1651         (JSC::Structure::getConcurrently):
1652         (JSC::Structure::add):
1653         (JSC::Structure::remove):
1654         * runtime/Structure.h:
1655         (JSC::PropertyMapEntry::PropertyMapEntry):
1656         * runtime/StructureInlines.h:
1657         (JSC::Structure::getConcurrently):
1658         * runtime/StructureTransitionTable.h:
1659         (JSC::StructureTransitionTable::Hash::hash):
1660
1661 2014-11-28  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1662
1663         Use std::unique_ptr<>|make_unique<> in ftl, bytecode of JSC
1664         https://bugs.webkit.org/show_bug.cgi?id=139063
1665
1666         Reviewed by Andreas Kling.
1667
1668         Clean up OwnPtr and PassOwnPtr in JSC.
1669
1670         * bytecode/StructureStubClearingWatchpoint.cpp:
1671         (JSC::StructureStubClearingWatchpoint::push):
1672         * bytecode/StructureStubClearingWatchpoint.h:
1673         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
1674         * ftl/FTLCompile.cpp:
1675         (JSC::FTL::mmAllocateDataSection):
1676         * ftl/FTLJITFinalizer.h:
1677         * ftl/FTLLink.cpp:
1678         (JSC::FTL::link):
1679         * parser/SourceProviderCacheItem.h:
1680
1681 2014-11-27  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1682
1683         Use std::unique_ptr instead of OwnPtr in JSC classes
1684         https://bugs.webkit.org/show_bug.cgi?id=139009
1685
1686         Reviewed by Filip Pizlo.
1687
1688         As a step of using std::unique_ptr<>, this patch replaces OwnPtr with
1689         std::unique_ptr<>|std::make_unique<>.
1690
1691         * bytecode/DFGExitProfile.cpp:
1692         (JSC::DFG::ExitProfile::add):
1693         * bytecode/DFGExitProfile.h:
1694         * bytecode/LazyOperandValueProfile.cpp:
1695         (JSC::CompressedLazyOperandValueProfileHolder::add):
1696         * bytecode/LazyOperandValueProfile.h:
1697         * heap/MarkedBlock.cpp:
1698         (JSC::MarkedBlock::specializedSweep):
1699         (JSC::MarkedBlock::stopAllocating):
1700         * heap/MarkedBlock.h:
1701         (JSC::MarkedBlock::clearNewlyAllocated):
1702         * inspector/ContentSearchUtilities.cpp:
1703         (Inspector::ContentSearchUtilities::findMagicComment):
1704         * runtime/RegExp.cpp:
1705         (JSC::RegExp::invalidateCode):
1706         * runtime/RegExp.h:
1707         * yarr/RegularExpression.cpp:
1708         (JSC::Yarr::RegularExpression::Private::compile):
1709         (JSC::Yarr::RegularExpression::isValid):
1710         * yarr/YarrInterpreter.cpp:
1711         (JSC::Yarr::ByteCompiler::compile):
1712         (JSC::Yarr::ByteCompiler::regexBegin):
1713         (JSC::Yarr::byteCompile):
1714         * yarr/YarrInterpreter.h:
1715         (JSC::Yarr::BytecodePattern::BytecodePattern):
1716
1717 2014-11-24  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1718
1719         Clean up OwnPtr and PassOwnPtr in JSC - bytecode, jit, inspector, and interpreter
1720         https://bugs.webkit.org/show_bug.cgi?id=139022
1721
1722         Reviewed by Filip Pizlo.
1723
1724         As a step of using std::unique_ptr<>, this patch replaces OwnPtr with
1725         std::unique_ptr<>|std::make_unique<>.
1726
1727         * bytecode/DFGExitProfile.cpp:
1728         (JSC::DFG::ExitProfile::add):
1729         * bytecode/DFGExitProfile.h:
1730         * dfg/DFGJITCompiler.cpp:
1731         (JSC::DFG::JITCompiler::link):
1732         (JSC::DFG::JITCompiler::linkFunction):
1733         * dfg/DFGJITFinalizer.cpp:
1734         (JSC::DFG::JITFinalizer::JITFinalizer):
1735         * dfg/DFGJITFinalizer.h:
1736         * heap/IncrementalSweeper.h:
1737         * inspector/ContentSearchUtilities.cpp:
1738         (Inspector::ContentSearchUtilities::findMagicComment):
1739         * inspector/agents/InspectorDebuggerAgent.h:
1740         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
1741         * interpreter/Interpreter.cpp:
1742         (JSC::Interpreter::enableSampler):
1743         * interpreter/Interpreter.h:
1744         * jit/ExecutableAllocator.cpp:
1745         (JSC::ExecutableAllocator::ExecutableAllocator):
1746         * jit/ExecutableAllocator.h:
1747
1748 2014-11-22  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1749
1750         Clean up OwnPtr and PassOwnPtr in some of JS classes
1751         https://bugs.webkit.org/show_bug.cgi?id=138724
1752
1753         Reviewed by Filip Pizlo.
1754
1755         As a step to use std::unique_ptr<> and std::make_unique<>, this patch replaces
1756         OwnPtr with std::unique_ptr<>. Besides create() factory function is removed as well.
1757
1758         * builtins/BuiltinExecutables.h:
1759         (JSC::BuiltinExecutables::create): Deleted.
1760         * bytecode/CodeBlock.h:
1761         (JSC::CodeBlock::createRareDataIfNecessary):
1762         * bytecode/StructureStubInfo.h:
1763         * bytecode/UnlinkedCodeBlock.h:
1764         (JSC::UnlinkedCodeBlock::hasRareData):
1765         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary):
1766         * runtime/CodeCache.cpp:
1767         (JSC::CodeCache::getGlobalCodeBlock):
1768         * runtime/CodeCache.h:
1769         (JSC::CodeCache::create): Deleted.
1770         * runtime/JSGlobalObject.cpp:
1771         (JSC::JSGlobalObject::clearRareData):
1772         * runtime/JSGlobalObject.h:
1773         (JSC::JSGlobalObject::createRareDataIfNeeded):
1774         * runtime/RegExpConstructor.h:
1775         * runtime/SmallStrings.cpp:
1776         (JSC::SmallStrings::createSingleCharacterString):
1777         (JSC::SmallStrings::singleCharacterStringRep):
1778         * runtime/SmallStrings.h:
1779         * runtime/VM.cpp:
1780         (JSC::VM::VM):
1781         * runtime/VM.h:
1782
1783 2014-11-21  Michael Saboff  <msaboff@apple.com>
1784
1785         r176455: ASSERT(!m_vector.isEmpty()) in IntendedStructureChain.cpp(143)
1786         https://bugs.webkit.org/show_bug.cgi?id=139000
1787
1788         Reviewed by Darin Adler.
1789
1790         Check that the chainCount is non-zero before using a StructureChain.
1791
1792         * bytecode/ComplexGetStatus.cpp:
1793         (JSC::ComplexGetStatus::computeFor):
1794
1795 2014-11-21  Michael Saboff  <msaboff@apple.com>
1796
1797         Allocate local ScopeChain register
1798         https://bugs.webkit.org/show_bug.cgi?id=138793
1799
1800         Reviewed by Geoffrey Garen.
1801
1802         Now we allocate the scope register as a local.  The allocated register is stored in the 
1803         CodeBlock for use by other components.  Update the DFG to work with a local scope register.
1804         Changed usage of JSStack::ScopeChain access to the CallFrame header to use the allocated
1805         local register.
1806
1807         * bytecode/BytecodeUseDef.h:
1808         (JSC::computeUsesForBytecodeOffset):
1809         (JSC::computeDefsForBytecodeOffset):
1810         Updated to properly represent the operand inputs and bytecode result.
1811
1812         * bytecode/CodeBlock.cpp:
1813         (JSC::CodeBlock::CodeBlock):
1814         * bytecode/CodeBlock.h:
1815         (JSC::CodeBlock::setScopeRegister):
1816         (JSC::CodeBlock::scopeRegister):
1817         * bytecode/UnlinkedCodeBlock.h:
1818         (JSC::UnlinkedCodeBlock::setScopeRegister):
1819         (JSC::UnlinkedCodeBlock::scopeRegister):
1820         Added scope register member and accessors.
1821
1822         * bytecompiler/BytecodeGenerator.cpp:
1823         (JSC::BytecodeGenerator::BytecodeGenerator):
1824         (JSC::BytecodeGenerator::allocateAndEmitScope):
1825         * bytecompiler/BytecodeGenerator.h:
1826         (JSC::BytecodeGenerator::scopeRegister):
1827         Change m_scopeRegister to an allocated register.  Added allocateAndEmitScope helper to
1828         allocate the scope register, set the CodeBlock with its value and emit op_get_scope.
1829
1830         * debugger/DebuggerCallFrame.cpp:
1831         (JSC::DebuggerCallFrame::scope): Changed to access the scope using the new convention.
1832
1833         * dfg/DFGByteCodeParser.cpp:
1834         (JSC::DFG::ByteCodeParser::get):
1835         (JSC::DFG::ByteCodeParser::flush):
1836         (JSC::DFG::ByteCodeParser::inlineCall):
1837         (JSC::DFG::ByteCodeParser::parseBlock):
1838         Changed op_create_lexical_environment to set the scope VirtualRegister operand.
1839         Filled out op_get_scope processing to emit a GetScope node putting the result in
1840         the scope VirtualRegister result operand.
1841         Added Phantoms where appropriate to keep the Scope register alive in places where
1842         it use is optimized away, but where the baseline JIT would need to use its value.
1843         Eliminated uses of JSStack::ScopeChain.
1844
1845         * dfg/DFGStackLayoutPhase.cpp:
1846         (JSC::DFG::StackLayoutPhase::run):
1847         Make sure that the scope register stack location is allocated using the same place
1848         that the codeBlock expects. 
1849
1850         * dfg/DFGStrengthReductionPhase.cpp:
1851         (JSC::DFG::StrengthReductionPhase::handleNode):
1852         Allow strength reduction of Flush to skip of GetScope nodes looking for a prior
1853         corresponding SetLocal.
1854
1855         * interpreter/CallFrame.h:
1856         (JSC::ExecState::scope):
1857         (JSC::ExecState::setScope):
1858         Added new scope() and setScope() helpers that take a VirtualRegister offset.
1859
1860         * interpreter/Interpreter.cpp:
1861         (JSC::eval):
1862         Changed eval() to get the scope from the caller's scope register instead of from the
1863         temporary frame created for eval.
1864
1865         * interpreter/Interpreter.cpp:
1866         (JSC::Interpreter::unwind):
1867         Changed unwind() to manipulate the scope n the allocated register instead of from the
1868         call frame slot.
1869
1870         * interpreter/StackVisitor.cpp:
1871         (JSC::StackVisitor::readNonInlinedFrame):
1872         (JSC::StackVisitor::readInlinedFrame):
1873         * interpreter/StackVisitor.h:
1874         (JSC::StackVisitor::Frame::callee):
1875         (JSC::StackVisitor::Frame::scope): Deleted.
1876         Eliminated the scope member as it needed to change and no StackVisitor users use it.
1877
1878         * jit/JITOperations.cpp:
1879         (JSC::operationPushNameScope):
1880         (JSC::operationPushWithScope):
1881         * runtime/JSNameScope.h:
1882         (JSC::JSNameScope::create):
1883         * runtime/JSWithScope.h:
1884         (JSC::JSWithScope::create): Deleted.
1885         * llint/LLIntSlowPaths.cpp:
1886         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1887         Deleted JSNameScope::create() and JSWithScope::create() flavors tht used the ScopeChain slot
1888         in the CallFrame header.  Changed the only user of these function, op_push_name_scope and
1889         op_push_with_scope helpers, to use the remaining create variants that require explicit scope.  
1890         Those operations get the scope from the register pointed to by their scope operands.
1891
1892         * llint/LowLevelInterpreter32_64.asm:
1893         * llint/LowLevelInterpreter64.asm:
1894         Changed resolveScope to use the allocated register.
1895
1896 2014-11-21  Csaba Osztrogonác  <ossy@webkit.org>
1897
1898         [JSC] Disable verifyHeap
1899         https://bugs.webkit.org/show_bug.cgi?id=138962
1900
1901         Reviewed by Mark Lam.
1902
1903         * runtime/Options.h:
1904
1905 2014-11-20  Mark Lam  <mark.lam@apple.com>
1906
1907         Add some comments to describe the DFG UseKind representations.
1908         <https://webkit.org/b/138934>
1909
1910         Reviewed by Filip Pizlo.
1911
1912         * dfg/DFGUseKind.h:
1913         - Also regrouped the UseKind enums by representation to be more readable.
1914
1915 2014-11-20  Mark Lam  <mark.lam@apple.com>
1916
1917         Add Heap verification infrastructure.
1918         <https://webkit.org/b/138851>
1919
1920         Reviewed by Geoffrey Garen.
1921
1922         The verification infrastructure code is always built in but disabled by
1923         default.  When disabled, the cost is minimal:
1924         1. Heap has a m_verifier field.
1925         2. GC does a few "if (m_verifier)" checks that should fail.
1926         3. HeapVerifier takes up code space though not used.
1927
1928         When enabled:
1929         1. The HeapVerifier will keep N number of GC cycle data.
1930            Each GC cycle will contain a "before marking" and "after marking" live
1931            object list.
1932            The GC cycles is a circular buffer.  Only data for the last N GC cycles
1933            will be retained.
1934         2. During GC, the current GC cycle's live objects lists will be populated
1935            before and after marking.
1936         3. The current GC cycle's live object lists will be validated before GC,
1937            after marking, and after GC.
1938
1939         Currently, the only validation being done is to verify that object
1940         butterflies are allocated from valid blocks in the Storage (aka Copied)
1941         space.
1942
1943         * CMakeLists.txt:
1944         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1945         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1946         * JavaScriptCore.xcodeproj/project.pbxproj:
1947         * heap/Heap.cpp:
1948         (JSC::Heap::Heap):
1949         (JSC::Heap::collect):
1950         * heap/Heap.h:
1951         * heap/HeapVerifier.cpp: Added.
1952         (JSC::LiveObjectList::findObject):
1953         (JSC::HeapVerifier::HeapVerifier):
1954         (JSC::HeapVerifier::collectionTypeName):
1955         (JSC::HeapVerifier::phaseName):
1956         (JSC::getButterflyDetails):
1957         (JSC::HeapVerifier::initializeGCCycle):
1958         (JSC::GatherLiveObjFunctor::GatherLiveObjFunctor):
1959         (JSC::GatherLiveObjFunctor::operator()):
1960         (JSC::HeapVerifier::gatherLiveObjects):
1961         (JSC::HeapVerifier::liveObjectListForGathering):
1962         (JSC::trimDeadObjectsFromList):
1963         (JSC::HeapVerifier::trimDeadObjects):
1964         (JSC::HeapVerifier::verifyButterflyIsInStorageSpace):
1965         (JSC::HeapVerifier::verify):
1966         (JSC::HeapVerifier::reportObject):
1967         (JSC::HeapVerifier::checkIfRecorded):
1968         * heap/HeapVerifier.h: Added.
1969         (JSC::LiveObjectData::LiveObjectData):
1970         (JSC::LiveObjectList::LiveObjectList):
1971         (JSC::LiveObjectList::reset):
1972         (JSC::HeapVerifier::GCCycle::GCCycle):
1973         (JSC::HeapVerifier::GCCycle::collectionTypeName):
1974         (JSC::HeapVerifier::incrementCycle):
1975         (JSC::HeapVerifier::currentCycle):
1976         (JSC::HeapVerifier::cycleForIndex):
1977         * runtime/Options.h:
1978
1979 2014-11-20  Yusuke Suzuki  <utatane.tea@gmail.com>
1980
1981         Rename String.prototype.contains to String.prototype.includes
1982         https://bugs.webkit.org/show_bug.cgi?id=138923
1983
1984         As per the latest TC39 meeting[1, 2], String.prototype.contains is
1985         renamed to String.prototype.includes. This is because the name
1986         `contains` breaks the web since it conflicts with existing `contains`
1987         implementations in major libraries.
1988
1989         [1]: https://github.com/mathiasbynens/String.prototype.includes
1990         [2]: https://github.com/tc39/test262/pull/119
1991
1992         Reviewed by Geoffrey Garen.
1993
1994         * runtime/StringPrototype.cpp:
1995         (JSC::StringPrototype::finishCreation):
1996         (JSC::stringProtoFuncIncludes):
1997         (JSC::stringProtoFuncContains): Deleted.
1998
1999 2014-11-19  Mark Lam  <mark.lam@apple.com>
2000
2001         WTFCrashWithSecurityImplication under SpeculativeJIT::compile() when loading a page from theblaze.com.
2002         <https://webkit.org/b/137642>
2003
2004         Reviewed by Filip Pizlo.
2005
2006         In the DFG, we have a ConstantFolding phase that occurs after all LocalCSE
2007         phases have already transpired.  Hence, Identity nodes introduced in the
2008         ConstantFolding phase will be left in the node graph.  Subsequently, the
2009         DFG code generator asserts that CSE phases have consumed all Identity nodes.
2010         This turns out to not be true.  Hence, the crash.  We fix this by teaching
2011         the DFG code generator to emit code for Identity nodes.
2012
2013         Unlike the DFG, the FTL does not have this issue.  That is because the FTL
2014         plan has GlobalCSE phases that come after ConstantFolding and any other
2015         phases that can generate Identity nodes.  Hence, for the FTL, it is true that
2016         CSE will consume all Identity nodes, and the code generator should not see any
2017         Identity nodes.
2018
2019         * dfg/DFGSpeculativeJIT32_64.cpp:
2020         (JSC::DFG::SpeculativeJIT::compile):
2021         * dfg/DFGSpeculativeJIT64.cpp:
2022         (JSC::DFG::SpeculativeJIT::compile):
2023
2024 2014-11-19  Joseph Pecoraro  <pecoraro@apple.com>
2025
2026         Web Inspector: JSContext inspection Resource search does not work
2027         https://bugs.webkit.org/show_bug.cgi?id=131252
2028
2029         Reviewed by Timothy Hatcher.
2030
2031         * inspector/agents/InspectorDebuggerAgent.cpp:
2032         (Inspector::InspectorDebuggerAgent::searchInContent):
2033         * inspector/protocol/Debugger.json:
2034         Do some cleanup of the description and implementation of content searching.
2035
2036 2014-11-19  Joseph Pecoraro  <pecoraro@apple.com>
2037
2038         Web Inspector: Provide $exception in the console for the thrown exception value
2039         https://bugs.webkit.org/show_bug.cgi?id=138726
2040
2041         Reviewed by Timothy Hatcher.
2042
2043         * debugger/DebuggerScope.cpp:
2044         (JSC::DebuggerScope::caughtValue):
2045         * debugger/DebuggerScope.h:
2046         Access the caught value if this scope is a catch scope.
2047
2048         * runtime/JSNameScope.h:
2049         (JSC::JSNameScope::isFunctionNameScope):
2050         (JSC::JSNameScope::isCatchScope):
2051         (JSC::JSNameScope::value):
2052         Provide an accessor for the single value in the JSNameScope (with / catch block).
2053
2054         * inspector/InjectedScriptSource.js:
2055         Save the exception value and expose it via $exception. Since the command line api
2056         is recreated on each evaluation, $exception is essentially readonly.
2057
2058         * inspector/ScriptDebugServer.h:
2059         * inspector/ScriptDebugServer.cpp:
2060         (Inspector::ScriptDebugServer::dispatchDidPause):
2061         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
2062         When pausing, get the exception or caught value. The exception will be provided
2063         if we are breaking on an explicit exception. When inside of a catch block, we
2064         can get the caught value by walking up the scope chain.
2065
2066         * inspector/agents/InspectorDebuggerAgent.h:
2067         * inspector/agents/InspectorDebuggerAgent.cpp:
2068         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
2069         (Inspector::InspectorDebuggerAgent::resume):
2070         (Inspector::InspectorDebuggerAgent::stepOver):
2071         (Inspector::InspectorDebuggerAgent::stepInto):
2072         (Inspector::InspectorDebuggerAgent::stepOut):
2073         Clearing state can be done in didContinue.
2074
2075         (Inspector::InspectorDebuggerAgent::didPause):
2076         Set the exception value explicitly in the injected script when we have it.
2077
2078         (Inspector::InspectorDebuggerAgent::didContinue):
2079         Clear state saved when we had paused, including clearly an exception value if needed.
2080
2081         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
2082         (Inspector::InspectorDebuggerAgent::clearExceptionValue):
2083         Call into the injected script only when needed.
2084
2085         * inspector/InjectedScript.cpp:
2086         (Inspector::InjectedScript::setExceptionValue):
2087         (Inspector::InjectedScript::clearExceptionValue):
2088         * inspector/InjectedScript.h:
2089         * inspector/InjectedScriptManager.cpp:
2090         (Inspector::InjectedScriptManager::clearExceptionValue):
2091         * inspector/InjectedScriptManager.h:
2092         Clear on all injected scripts.
2093
2094 2014-11-19  Joseph Pecoraro  <pecoraro@apple.com>
2095
2096         Unreviewed build fixes after r176329.
2097
2098           - export all of the codegen python files as they are included by the main generator
2099           - update the imports of the main generator to match __init__.py
2100           - remove bundling the python scripts as framework resources, just have them PrivateHeaders
2101
2102         * JavaScriptCore.xcodeproj/project.pbxproj:
2103         * inspector/scripts/generate-inspector-protocol-bindings.py:
2104
2105 2014-11-18  Brian J. Burg  <burg@cs.washington.edu>
2106
2107         Web Inspector: standardize language-specific protocol generator file, class, and method prefixes
2108         https://bugs.webkit.org/show_bug.cgi?id=138237
2109
2110         Reviewed by Joseph Pecoraro.
2111
2112         Settle on cpp/objc/js file prefixes and Cpp/ObjC/JS class prefixes for generators.
2113         Move C++-specific static methods into CppGenerator and add cpp_ prefixes where relevant.
2114         Split the templates file into language-specific template files.
2115
2116         * CMakeLists.txt:
2117         * DerivedSources.make:
2118         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2119         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2120         * JavaScriptCore.xcodeproj/project.pbxproj:
2121         * inspector/scripts/codegen/__init__.py:
2122         * inspector/scripts/codegen/cpp_generator.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generator.py.
2123         * inspector/scripts/codegen/cpp_generator_templates.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generator_templates.py.
2124         (CppGeneratorTemplates):
2125         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py.
2126         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_backend_dispatcher_header.py.
2127         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_backend_dispatcher_implementation.py.
2128         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_frontend_dispatcher_header.py.
2129         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py.
2130         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_protocol_types_header.py.
2131         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_protocol_types_implementation.py.
2132         * inspector/scripts/codegen/generate_js_backend_commands.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_backend_commands.py.
2133         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_backend_dispatcher_header.py.
2134         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_backend_dispatcher_implementation.py.
2135         * inspector/scripts/codegen/generate_objc_configuration_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_configuration_header.py.
2136         * inspector/scripts/codegen/generate_objc_configuration_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_configuration_implementation.py.
2137         * inspector/scripts/codegen/generate_objc_conversion_helpers.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_conversion_helpers.py.
2138         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_frontend_dispatcher_implementation.py.
2139         * inspector/scripts/codegen/generate_objc_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_header.py.
2140         * inspector/scripts/codegen/generate_objc_internal_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_internal_header.py.
2141         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_types_implementation.py.
2142         * inspector/scripts/codegen/generator.py:
2143         * inspector/scripts/codegen/generator_templates.py:
2144         * inspector/scripts/codegen/objc_generator.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c.py.
2145         * inspector/scripts/codegen/objc_generator_templates.py: Added.
2146         * inspector/scripts/generate-inspector-protocol-bindings.py:
2147
2148 2014-11-19  Juergen Ributzka  <juergen@apple.com>
2149
2150         Update WebKit to build with LLVM TOT
2151         https://bugs.webkit.org/show_bug.cgi?id=138519
2152
2153         Reviewed by Alexey Proskuryakov.
2154
2155         * Configurations/LLVMForJSC.xcconfig:
2156         * llvm/LLVMAPIFunctions.h:
2157         * llvm/library/LLVMExports.cpp:
2158         (initializeAndGetJSCLLVMAPI):
2159
2160 2014-11-18  David Kilzer  <ddkilzer@apple.com>
2161
2162         FeatureDefines.xcconfig: Switch from using PLATFORM_NAME to SDK selectors
2163         <http://webkit.org/b/138813>
2164
2165         Reviewed by Mark Rowe.
2166
2167         * Configurations/FeatureDefines.xcconfig: Switch to using SDK
2168         selectors.
2169
2170 2014-11-18  Chris Dumez  <cdumez@apple.com>
2171
2172         Update the Vector API to deal with unsigned types instead of size_t
2173         https://bugs.webkit.org/show_bug.cgi?id=138824
2174
2175         Reviewed by Andreas Kling.
2176
2177         Update code base to fix build errors related to the typing changes
2178         in the Vector API (size_t -> unsigned).
2179
2180         * bytecode/PreciseJumpTargets.cpp:
2181         * replay/EncodedValue.h:
2182
2183 2014-11-18  Commit Queue  <commit-queue@webkit.org>
2184
2185         Unreviewed, rolling out r176207.
2186         https://bugs.webkit.org/show_bug.cgi?id=138836
2187
2188         Not ready yet (Requested by ap on #webkit).
2189
2190         Reverted changeset:
2191
2192         "Update WebKit to build with LLVM TOT"
2193         https://bugs.webkit.org/show_bug.cgi?id=138519
2194         http://trac.webkit.org/changeset/176207
2195
2196 2014-11-17  Mark Lam  <mark.lam@apple.com>
2197
2198         Add printing functionality in JITted code for debugging purposes.
2199         <https://webkit.org/b/138660>
2200
2201         Reviewed by Geoffrey Garen.
2202
2203         Sometimes, for debugging, it'd be nice to be able to just print the
2204         values of constants or registers used in JITted code, or even just
2205         a string to log that certain pieces of JITted code have been executed.
2206         Using the JIT probe mechanism, we can make this happen.
2207
2208         * assembler/ARMv7Assembler.h:
2209         * assembler/AbstractMacroAssembler.h:
2210         (JSC::AbstractMacroAssembler::CPUState::registerName):
2211         (JSC::AbstractMacroAssembler::CPUState::registerValue):
2212         (JSC::AbstractMacroAssembler::print):
2213         (JSC::AbstractMacroAssembler::PrintArg::PrintArg):
2214         (JSC::AbstractMacroAssembler::appendPrintArg):
2215         (JSC::AbstractMacroAssembler::printInternal):
2216         (JSC::AbstractMacroAssembler::printCallback):
2217         * assembler/MacroAssemblerARM.cpp:
2218         (JSC::MacroAssemblerARM::printCPURegisters):
2219         (JSC::MacroAssemblerARM::printRegister):
2220         * assembler/MacroAssemblerARM.h:
2221         * assembler/MacroAssemblerARMv7.cpp:
2222         (JSC::MacroAssemblerARMv7::printCPURegisters):
2223         (JSC::MacroAssemblerARMv7::printRegister):
2224         * assembler/MacroAssemblerARMv7.h:
2225         * assembler/MacroAssemblerX86Common.cpp:
2226         (JSC::MacroAssemblerX86Common::printRegister):
2227         * assembler/MacroAssemblerX86Common.h:
2228
2229 2014-11-17  Anders Carlsson  <andersca@apple.com>
2230
2231         Fix JavaScriptCore build with newer versions of clang.
2232         <rdar://problem/18978716>
2233
2234         * heap/Heap.cpp:
2235         (JSC::Heap::visitTempSortVectors):
2236         (JSC::Heap::deleteAllCompiledCode): Deleted.
2237         * inspector/agents/InspectorConsoleAgent.h:
2238
2239 2014-11-17  Juergen Ributzka  <juergen@apple.com>
2240
2241         Update WebKit to build with LLVM TOT
2242         https://bugs.webkit.org/show_bug.cgi?id=138519
2243
2244         Reviewed by Alexey Proskuryakov.
2245
2246         * Configurations/LLVMForJSC.xcconfig:
2247         * llvm/LLVMAPIFunctions.h:
2248         * llvm/library/LLVMExports.cpp:
2249         (initializeAndGetJSCLLVMAPI):
2250
2251 2014-11-14  Benjamin Poulain  <bpoulain@apple.com>
2252
2253         STRH can store values with the wrong offset
2254         https://bugs.webkit.org/show_bug.cgi?id=138723
2255
2256         Reviewed by Michael Saboff.
2257
2258         This is the counterpart of r176083 for the str instruction.
2259
2260         I believe this code is currently unreachable because there is only one client of strh()
2261         in the MacroAssembler and it always setup the scale explicitely.
2262
2263         * assembler/ARMv7Assembler.h:
2264         (JSC::ARMv7Assembler::strh):
2265
2266 2014-11-13  Mark Lam  <mark.lam@apple.com>
2267
2268         Reduce amount of cut-and-paste needed for probe mechanism implementations.
2269         <https://webkit.org/b/138671>
2270
2271         Reviewed by Geoffrey Garen.
2272
2273         The existing code requires that each MacroAssembler implementation provide
2274         their own copy of all of the probe implementations even when most of it is
2275         identical.  This patch hoists the common parts into AbstractMacroAssembler
2276         (with some minor renaming).  Each target specific MacroAssembler now only
2277         need to implement a few target specific methods that are expected by and
2278         documented in AbstractMacroAssembler.h in the ENABLE(MASM_PROBE) section.
2279
2280         In this patch, I also simplified the X86 and X86_64 ports to use the same
2281         port implementation.  The ARMv7 probe implementation should not conditionally
2282         exclude the higher FP registers (since the JIT doesn't).  Fixed the ARMv7
2283         probe code to include the higher FP registers always. 
2284
2285         This is all done in preparation to add printing functionality in JITted code
2286         for debugging.
2287
2288         * assembler/AbstractMacroAssembler.h:
2289         (JSC::AbstractMacroAssembler::Label::Label):
2290         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
2291         (JSC::AbstractMacroAssembler::DataLabelPtr::DataLabelPtr):
2292         (JSC::AbstractMacroAssembler::DataLabel32::DataLabel32):
2293         (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
2294         (JSC::AbstractMacroAssembler::Jump::link):
2295         (JSC::AbstractMacroAssembler::Jump::linkTo):
2296         (JSC::AbstractMacroAssembler::JumpList::link):
2297         (JSC::AbstractMacroAssembler::JumpList::linkTo):
2298         (JSC::AbstractMacroAssembler::ProbeContext::print):
2299         (JSC::AbstractMacroAssembler::printIndent):
2300         (JSC::AbstractMacroAssembler::printCPU):
2301         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
2302         - Except for the 3 printing methods (which are for the probe), the rest
2303           are touched simply because we need to add the MacroAssemblerType to the
2304           template args.
2305           The MacroAssemblerType is used by the abstract probe code to call the
2306           few probe methods that need to have CPU specific implementations.
2307
2308         * assembler/MacroAssemblerARM.cpp:
2309         (JSC::MacroAssemblerARM::printCPURegisters):
2310         - This was refactored from ProbeContext::dumpCPURegisters() which no
2311           longer exists.
2312         (JSC::MacroAssemblerARM::ProbeContext::dumpCPURegisters): Deleted.
2313         (JSC::MacroAssemblerARM::ProbeContext::dump): Deleted.
2314
2315         * assembler/MacroAssemblerARM.h:
2316         * assembler/MacroAssemblerARM64.h:
2317
2318         * assembler/MacroAssemblerARMv7.cpp:
2319         (JSC::MacroAssemblerARMv7::printCPURegisters):
2320         - This was refactored from ProbeContext::dumpCPURegisters() which no
2321           longer exists.
2322         (JSC::MacroAssemblerARMv7::ProbeContext::dumpCPURegisters): Deleted.
2323         (JSC::MacroAssemblerARMv7::ProbeContext::dump): Deleted.
2324
2325         * assembler/MacroAssemblerARMv7.h:
2326         * assembler/MacroAssemblerMIPS.h:
2327         * assembler/MacroAssemblerSH4.h:
2328         * assembler/MacroAssemblerX86.h:
2329         (JSC::MacroAssemblerX86::trustedImm32FromPtr): Deleted.
2330         (JSC::MacroAssemblerX86::probe): Deleted.
2331
2332         * assembler/MacroAssemblerX86Common.cpp:
2333         (JSC::MacroAssemblerX86Common::printCPURegisters):
2334         - This was refactored from ProbeContext::dumpCPURegisters() which no
2335           longer exists.
2336         (JSC::MacroAssemblerX86Common::probe):
2337         - This implementation of probe() is based on the one originally in
2338           MacroAssemblerX86_64.h.  It is generic and should work for both
2339           32-bit and 64-bit.
2340         (JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters): Deleted.
2341         (JSC::MacroAssemblerX86Common::ProbeContext::dump): Deleted.
2342
2343         * assembler/MacroAssemblerX86Common.h:
2344         * assembler/MacroAssemblerX86_64.h:
2345         (JSC::MacroAssemblerX86_64::trustedImm64FromPtr): Deleted.
2346         (JSC::MacroAssemblerX86_64::probe): Deleted.
2347         * jit/JITStubsARMv7.h:
2348
2349 2014-11-13  Michael Saboff  <msaboff@apple.com>
2350
2351         Add scope operand to op_new_func* byte codes
2352         https://bugs.webkit.org/show_bug.cgi?id=138707
2353
2354         Reviewed by Mark Lam.
2355
2356         Added scope operand to op_new_func and op_new_func_expr to replace the implicit use
2357         of exec->scope().
2358
2359         * bytecode/BytecodeList.json: Increased size of op_new_func & op_new_func_expr bytecodes.
2360
2361         * bytecode/CodeBlock.cpp:
2362         (JSC::CodeBlock::dumpBytecode): Added scope operand to dump output.
2363
2364         * bytecompiler/BytecodeGenerator.cpp:
2365         (JSC::BytecodeGenerator::emitNewFunctionInternal):
2366         (JSC::BytecodeGenerator::emitNewFunctionExpression):
2367         Emit scope operand.
2368
2369         * dfg/DFGByteCodeParser.cpp:
2370         (JSC::DFG::ByteCodeParser::parseBlock):
2371         * dfg/DFGFixupPhase.cpp:
2372         (JSC::DFG::FixupPhase::fixupNode):
2373         Added new scope source nodes to NewFunction, NewFunctionExpression & NewFunctionNoCheck.
2374         
2375         * dfg/DFGSpeculativeJIT.cpp:
2376         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
2377         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
2378         * dfg/DFGSpeculativeJIT32_64.cpp:
2379         (JSC::DFG::SpeculativeJIT::compile):
2380         * dfg/DFGSpeculativeJIT64.cpp:
2381         (JSC::DFG::SpeculativeJIT::compile):
2382         Use scope children when making new function JIT_Operation calls.  Use JSScope* value instead of
2383         exec->scope().
2384
2385         * dfg/DFGOperations.h:
2386         * dfg/DFGOperations.cpp:
2387         * dfg/DFGSpeculativeJIT.h:
2388         (JSC::DFG::SpeculativeJIT::callOperation):
2389         * jit/JIT.h:
2390         * jit/JITInlines.h:
2391         (JSC::JIT::callOperation):
2392         * jit/JITOpcodes.cpp:
2393         (JSC::JIT::emit_op_new_func):
2394         (JSC::JIT::emit_op_new_func_exp):
2395         * jit/JITOperations.cpp:
2396         * jit/JITOperations.h:
2397         Added new Jsc JIT_Operation parameter type for JSScope* values.  Created declarations and
2398         definitions for new JIT_Operations with Jsc parameters.  Use the JSScope* parameters in lieu
2399         of exec->scope() in operationNewFunction().
2400         Removed comment for unused Jsa (JSLexicalEnvironment*) JIT_Operation parameter type.
2401
2402         * llint/LLIntSlowPaths.cpp:
2403         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2404         Use the scope operand instead of exec->scope().
2405
2406         * llint/LowLevelInterpreter.asm:
2407         * llint/LowLevelInterpreter32_64.asm:
2408         * llint/LowLevelInterpreter64.asm:
2409         Changed the operand indecies for added scope operand.
2410
2411 2014-11-13  Mark Lam  <mark.lam@apple.com>
2412
2413         Change X86/64 JIT probes to save/restore xmm regs as double instead of __m128. [Follow up]
2414         <https://webkit.org/b/138708>
2415
2416         Reviewed by Michael Saboff.
2417
2418         Removed a stale comment and a now unnecessary #include. 
2419
2420         * assembler/X86Assembler.h:
2421
2422 2014-11-13  Commit Queue  <commit-queue@webkit.org>
2423
2424         Unreviewed, rolling out r176087.
2425         https://bugs.webkit.org/show_bug.cgi?id=138714
2426
2427         Broke the build (Requested by ap on #webkit).
2428
2429         Reverted changeset:
2430
2431         "Update WebKit to build with LLVM TOT"
2432         https://bugs.webkit.org/show_bug.cgi?id=138519
2433         http://trac.webkit.org/changeset/176087
2434
2435 2014-11-13  Mark Lam  <mark.lam@apple.com>
2436
2437         Change X86/64 JIT probes to save/restore xmm regs as double instead of __m128.
2438         <https://webkit.org/b/138708>
2439
2440         Reviewed by Michael Saboff.
2441
2442         The JIT code only uses the xmm regs as double registers.  This patch changes
2443         the storage types of the FP registers in X86Assembler.h to double instead of
2444         __m128, and updates the X86 and X86_64 JIT probe implementations accordingly.
2445
2446         Also made some minor cosmetic changes in the output of the probe dump functions.
2447
2448         * assembler/MacroAssemblerX86Common.cpp:
2449         (JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):
2450         * assembler/X86Assembler.h:
2451         * jit/JITStubsX86.h:
2452         * jit/JITStubsX86Common.h:
2453         * jit/JITStubsX86_64.h:
2454
2455 2014-11-13  Juergen Ributzka  <juergen@apple.com>
2456
2457         Update WebKit to build with LLVM TOT
2458         https://bugs.webkit.org/show_bug.cgi?id=138519
2459
2460         Reviewed by Geoffrey Garen.
2461
2462         * Configurations/LLVMForJSC.xcconfig:
2463         * llvm/LLVMAPIFunctions.h:
2464         * llvm/library/LLVMExports.cpp:
2465         (initializeAndGetJSCLLVMAPI):
2466
2467 2014-11-13  Benjamin Poulain  <benjamin@webkit.org>
2468
2469         ARMv7(s) Assembler: LDRH with immediate offset is loading from the wrong offset
2470         https://bugs.webkit.org/show_bug.cgi?id=136914
2471
2472         Reviewed by Michael Saboff.
2473
2474         TLDR: the immediate offset of half-word load was divided by 2.
2475
2476         Story time: So I started getting those weird reports of :nth-child() behaving bizarrely
2477         on ARMv7 and ARMv7s. To make things worse, the behavior changes depending on style updates.
2478
2479         I started looking the disassembly on the tests cases...
2480
2481         The first thing I noticed was that the computation of An+B looked wrong. For example,
2482         in the case of n+6, the instruction should have been:
2483             subs r1, r1, #6
2484         but was
2485             subs r1, r1, #2
2486
2487         After spending a lot of time trying to find the error in the assembler, I discovered
2488         the problem was not real, but just a bug in the disassembler.
2489         This is the first fix: ARMv7DOpcodeAddSubtractImmediate3's immediate3() was truncating
2490         the value to 2 bits instead of 3 bits.
2491
2492         The disassembler being fixed, I still have no lead on the weird bug. Some disassembly later,
2493         I realize the LDRH instruction is not decoded at all. The reason is that both LDRH and STRH
2494         were under the umbrella ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord but the pattern
2495         only matched SRTH.
2496
2497         I fix that next, ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord is split into
2498         ARMv7DOpcodeStoreRegisterImmediateHalfWord and ARMv7DOpcodeLoadRegisterImmediateHalfWord,
2499         each with their own pattern and their instruction group.
2500
2501         Now that I can see the LDRHs correctly, there is something fishy about them, their offset
2502         is way too small for the data I load.
2503
2504         This time, looking at the binary, the generated code is indeed incorrect. It turns out that
2505         the ARMv7 assembler shifted the offset of half-word load as if they were byte load: divided by 4.
2506         As a result, all the load of half-words with more than zero offset were loading
2507         values with a smaller offset than what they should have.
2508
2509         That being fixed, I dump the assembly: still wrong. I am ready to throw my keyboard through
2510         my screen at that point.
2511
2512         Looking at the disassembler, there is yet again a bug. The computation of the scale() adjustment
2513         of the offset was incorrect for anything but word loads.
2514         I replaced it by a switch-case to make it explicit.
2515
2516         STRH is likely incorrect too. I'll fix that in a follow up, I want to survey all the 16 bits cases
2517         that are not directly used by the CSS JIT.
2518
2519         * assembler/ARMv7Assembler.h:
2520         (JSC::ARMv7Assembler::ldrh):
2521         Fix the immediate scaling. Add an assertion to make sure the alignment of the input is correct.
2522
2523         * disassembler/ARMv7/ARMv7DOpcode.cpp:
2524         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
2525         Fix the scaling code. Just hardcode instruction-to-scale table.
2526
2527         * disassembler/ARMv7/ARMv7DOpcode.h:
2528         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
2529         The mask for a 3 bits immediate is not 3 :)
2530
2531         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale): Deleted.
2532
2533 2014-11-13  Andreas Kling  <akling@apple.com>
2534
2535         Generate put_by_id for bracket assignment with constant string subscript.
2536         <https://webkit.org/b/138702>
2537
2538         Reviewed by Geoffrey Garen.
2539
2540         Transform o["f"]=x to o.f=x when generating bytecode. This allows our JIT
2541         to inline-cache those accesses instead of always dropping out to C++.
2542
2543         Just like the get_by_id transformations, this gets a bunch of use on
2544         real-web content (and Speedometer) but little/none on raw JS benchmarks.
2545
2546         * bytecompiler/NodesCodegen.cpp:
2547         (JSC::AssignBracketNode::emitBytecode):
2548
2549 2014-11-12  Mark Lam  <mark.lam@apple.com>
2550
2551         Create canonical lists of registers used by both the Assemblers and the JIT probes.
2552         <https://webkit.org/b/138681>
2553
2554         Reviewed by Filip Pizlo.
2555
2556         * assembler/ARMAssembler.h:
2557         * assembler/ARMv7Assembler.h:
2558         * assembler/X86Assembler.h:
2559         - The FP register storage type is still defined as __m128 because the JIT
2560           probe code still expects that amount of storage to be available.  Will
2561           change this to double when the JIT probe code is updated accordingly in a
2562           later patch.
2563
2564 2014-11-12  Andreas Kling  <akling@apple.com>
2565
2566         Generate get_by_id for bracket access with constant string subscript.
2567         <https://webkit.org/b/138663>
2568
2569         Reviewed by Michael Saboff.
2570
2571         Transform o["f"] into o.f when generating bytecode. This allows our JIT
2572         to inline-cache those accesses instead of always dropping out to C++.
2573
2574         This is surprisingly common in real-web content, less so in benchmarks.
2575         Interestingly, Speedometer does hit the optimization quite a bit.
2576
2577         * bytecompiler/NodesCodegen.cpp:
2578         (JSC::BracketAccessorNode::emitBytecode):
2579
2580 2014-11-12  Mark Lam  <mark.lam@apple.com>
2581
2582         Rename USE(MASM_PROBE) to ENABLE(MASM_PROBE).
2583         <https://webkit.org/b/138661>
2584
2585         Reviewed by Michael Saboff.
2586
2587         Also move the switch for enabling the use of MASM_PROBE from JavaScriptCore's
2588         config.h to WTF's Platform.h.  This ensures that the setting is consistently
2589         applied even when building WebCore parts as well.
2590
2591         * assembler/ARMAssembler.h:
2592         * assembler/ARMv7Assembler.h:
2593         * assembler/MacroAssemblerARM.cpp:
2594         * assembler/MacroAssemblerARM.h:
2595         * assembler/MacroAssemblerARMv7.cpp:
2596         * assembler/MacroAssemblerARMv7.h:
2597         * assembler/MacroAssemblerX86.h:
2598         * assembler/MacroAssemblerX86Common.cpp:
2599         * assembler/MacroAssemblerX86Common.h:
2600         * assembler/MacroAssemblerX86_64.h:
2601         * assembler/X86Assembler.h:
2602         * config.h:
2603         * jit/JITStubs.h:
2604         * jit/JITStubsARM.h:
2605         * jit/JITStubsARMv7.h:
2606         * jit/JITStubsX86.h:
2607         * jit/JITStubsX86Common.h:
2608         * jit/JITStubsX86_64.h:
2609
2610 2014-11-12  peavo@outlook.com  <peavo@outlook.com>
2611
2612         [WinCairo] Incorrect names for test executables in debug mode.
2613         https://bugs.webkit.org/show_bug.cgi?id=138659
2614
2615         Reviewed by Alex Christensen.
2616
2617         In debug mode, jsc.exe, and testapi.exe are not created, causing JSC test failures.
2618
2619         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
2620         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
2621
2622 2014-11-11  Michael Saboff  <msaboff@apple.com>
2623
2624         Change DFG to use scope operand for op_resolve_scope
2625         https://bugs.webkit.org/show_bug.cgi?id=138651
2626
2627         Reviewed by Geoffrey Garen.
2628
2629         Changed to use the provided scope VirtualRegister.
2630
2631         * dfg/DFGByteCodeParser.cpp:
2632         (JSC::DFG::ByteCodeParser::getScope): Changed to use an argument scope register.
2633         (JSC::DFG::ByteCodeParser::parseBlock): Created VirtualRegister from scope operand.
2634
2635 2014-11-11  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2636
2637         Remove IncrementalSweeper::create()
2638         https://bugs.webkit.org/show_bug.cgi?id=138243
2639
2640         Reviewed by Filip Pizlo.
2641
2642         As a step to use std::unique_ptr<> and std::make_unique<>, this patch removes
2643         IncrementalSweeper::create(), then set constructor of IncrementalSweeper to public.
2644         Now we begins to use std::make_unique<> to create IncrementalSweeper instance.
2645
2646         * heap/Heap.cpp:
2647         (JSC::Heap::Heap):
2648         (JSC::Heap::setIncrementalSweeper):
2649         * heap/Heap.h:
2650         * heap/IncrementalSweeper.cpp:
2651         (JSC::IncrementalSweeper::create): Deleted.
2652         * heap/IncrementalSweeper.h:
2653
2654 2014-11-11  Joseph Pecoraro  <pecoraro@apple.com>
2655
2656         Web Inspector: Handle activating extra agents properly after inspector has connected
2657         https://bugs.webkit.org/show_bug.cgi?id=138639
2658
2659         Reviewed by Timothy Hatcher.
2660
2661         Instead of having the protocol configuration directly add the extra agent
2662         to the inspector registry, isntead go through the augmentable controller.
2663         The controller will initialize as required if we are already connected or not,
2664         and will add to the registry.
2665
2666         The functional change here is that the frontend can be notified to activate
2667         extra agents multiple times as agents eventually become available.
2668
2669         * inspector/JSGlobalObjectInspectorController.cpp:
2670         (Inspector::JSGlobalObjectInspectorController::appendExtraAgent):
2671         * inspector/JSGlobalObjectInspectorController.h:
2672         * inspector/agents/InspectorAgent.cpp:
2673         (Inspector::InspectorAgent::activateExtraDomain):
2674         * inspector/agents/InspectorAgent.h:
2675         * inspector/augmentable/AugmentableInspectorController.h:
2676         * inspector/scripts/codegen/generator_templates.py:
2677         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2678         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2679         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2680         * inspector/scripts/tests/expected/enum-values.json-result:
2681         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2682         Rebased results.
2683
2684 2014-11-11  Michael Saboff  <msaboff@apple.com>
2685
2686         Use scope register when processing op_resolve_scope in LLInt and Baseline JIT
2687         https://bugs.webkit.org/show_bug.cgi?id=138637
2688
2689         Reviewed by Mark Lam.
2690
2691         Filled out op_resolve_scope processing to use the scope operand to access the current
2692         scope chain.
2693
2694         * jit/JIT.h:
2695         * jit/JITInlines.h:
2696         (JSC::JIT::callOperation):
2697         * jit/JITOperations.cpp:
2698         * jit/JITOperations.h:
2699         Added scope virtual register parameter to emitResolveClosure().  Added new callOperation() to
2700         support the additional argument.
2701
2702         * jit/JITPropertyAccess.cpp:
2703         (JSC::JIT::emitResolveClosure):
2704         (JSC::JIT::emit_op_resolve_scope):
2705         (JSC::JIT::emitSlow_op_resolve_scope):
2706         * jit/JITPropertyAccess32_64.cpp:
2707         (JSC::JIT::emitResolveClosure):
2708         (JSC::JIT::emit_op_resolve_scope):
2709         (JSC::JIT::emitSlow_op_resolve_scope):
2710         * llint/LLIntSlowPaths.cpp:
2711         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2712         Added "scope" parameter to emitResolveClosure().  Passed scope register index to slow path.
2713         Used scope virtual register instead of JSStack::ScopeChain.
2714
2715 2014-11-11  Joseph Pecoraro  <pecoraro@apple.com>
2716
2717         Web Inspector: Don't require a debugger be attached for inspector auto attach
2718         https://bugs.webkit.org/show_bug.cgi?id=138638
2719
2720         Reviewed by Timothy Hatcher.
2721
2722         * inspector/remote/RemoteInspector.mm:
2723         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
2724
2725 2014-11-11  Akos Kiss  <akiss@inf.u-szeged.hu>
2726
2727         Handle cases in StackVisitor::Frame::existingArguments() when lexicalEnvironment and/or unmodifiedArgumentsRegister is not set up yet
2728         https://bugs.webkit.org/show_bug.cgi?id=138543
2729
2730         Reviewed by Geoffrey Garen.
2731
2732         Exception fuzzing may may raise exceptions in places where they would be
2733         otherwise impossible. Therefore, a callFrame may lack activation even if
2734         the codeBlock signals need of activation. Also, even if codeBlock
2735         signals the use of arguments, the unmodifiedArgumentsRegister may not be
2736         initialized yet (neither locally nor in lexicalEnvironment).
2737
2738         If codeBlock()->needsActivation() is false, unmodifiedArgumentsRegister
2739         is already checked for Undefined. This patch applies the same check when
2740         the condition is true (and also checks whether
2741         callFrame()->hasActivation()).
2742
2743         * interpreter/CallFrame.h:
2744         (JSC::ExecState::hasActivation):
2745         Moved to interpreter/CallFrameInlines.h.
2746         * interpreter/CallFrameInlines.h:
2747         (JSC::CallFrame::hasActivation):
2748         Fixed to verify that the JSValue returned by uncheckedActivation() is a
2749         cell.
2750         * interpreter/StackVisitor.cpp:
2751         (JSC::StackVisitor::Frame::existingArguments):
2752
2753 2014-11-11  Andreas Kling  <akling@apple.com>
2754
2755         Another assertion fix for debug builds after r175846.
2756
2757         generateByIdStub() can now be called with an empty prototype chain
2758         if kind == GetUndefined, so tweak the assertion to cover that.
2759
2760         * jit/Repatch.cpp:
2761         (JSC::generateByIdStub):
2762
2763 2014-11-10  Andreas Kling  <akling@apple.com>
2764
2765         Assertion fix for debug builds after r175846.
2766
2767         PropertySlot::slotBase() will assert if the slot is unset, so reorder
2768         the tests to check for isCacheableValue() first.
2769
2770         * jit/Repatch.cpp:
2771         (JSC::tryCacheGetByID):
2772
2773 2014-11-10  Andreas Kling  <akling@apple.com>
2774
2775         The JIT should cache property lookup misses.
2776         <https://webkit.org/b/135578>
2777
2778         Add support for inline caching of missed property lookups.
2779         Previously this would banish us to C++ slow path.
2780
2781         It's implemented as a simple GetById cache that returns jsUndefined()
2782         as long as the Structure chain check passes. There's no DFG exploitation
2783         of this knowledge in this patch.
2784
2785         Test: js/regress/undefined-property-access.js (~5.5x speedup)
2786
2787         Reviewed by Filip Pizlo.
2788
2789         * bytecode/PolymorphicGetByIdList.h:
2790         * bytecode/GetByIdStatus.cpp:
2791         (JSC::GetByIdStatus::computeForStubInfo):
2792
2793             Add GetByIdAccess::SimpleMiss so we can communicate to the DFG that
2794             the access has been cached.
2795
2796         * jit/Repatch.cpp:
2797         (JSC::toString):
2798         (JSC::kindFor):
2799         (JSC::generateByIdStub):
2800         (JSC::tryCacheGetByID):
2801         (JSC::tryBuildGetByIDList):
2802
2803             Added a GetUndefined stub kind, just a simple "store jsUndefined()" snippet.
2804             Use this to cache missed lookups, piggybacking mostly on the GetValue kind.
2805
2806         * runtime/PropertySlot.h:
2807         (JSC::PropertySlot::isUnset):
2808
2809             Exposed the unset state so PropertySlot can communicate that lookup failed.
2810
2811 2014-11-10  Michael Saboff  <msaboff@apple.com>
2812
2813         Add scope operand to op_create_lexical_environment
2814         https://bugs.webkit.org/show_bug.cgi?id=138588
2815
2816         Reviewed by Geoffrey Garen.
2817
2818         Added a second operand to op_create_lexical_environment that contains the scope register
2819         to update.  Note that the DFG relies on operationCreateActivation() to update the
2820         scope register since we can't issue a set() with a non-local, non-argument register.
2821         This is temporary until the scope register is allocated as a local.
2822
2823         * bytecode/BytecodeList.json:
2824         * bytecode/CodeBlock.cpp:
2825         (JSC::CodeBlock::dumpBytecode):
2826         Added the scope register operand.
2827
2828         * bytecompiler/BytecodeGenerator.cpp:
2829         (JSC::BytecodeGenerator::BytecodeGenerator):
2830         Filled in the scope register operand.
2831
2832         * jit/JITOpcodes.cpp:
2833         (JSC::JIT::emit_op_create_lexical_environment):
2834         * jit/JITOpcodes32_64.cpp:
2835         (JSC::JIT::emit_op_create_lexical_environment):
2836         * llint/LLIntSlowPaths.cpp:
2837         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2838         * llint/LowLevelInterpreter32_64.asm:
2839         * llint/LowLevelInterpreter64.asm:
2840         Set the scope register with the result of the appropriate create activation slow call.
2841
2842 2014-11-09  Akos Kiss  <akiss@inf.u-szeged.hu>
2843
2844         Fix 'noreturn' function does return warning in LLVMOverrides.cpp
2845         https://bugs.webkit.org/show_bug.cgi?id=138306
2846
2847         Reviewed by Filip Pizlo.
2848
2849         Adding NO_RETURN where needed.
2850
2851         * llvm/library/LLVMExports.cpp:
2852         (initializeAndGetJSCLLVMAPI):
2853         * llvm/library/LLVMOverrides.cpp:
2854         * llvm/library/LLVMTrapCallback.h:
2855
2856 2014-11-07  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2857
2858         Fix an alignment issue with operationPushCatchScope on ARMv7
2859         https://bugs.webkit.org/show_bug.cgi?id=138510
2860
2861         Reviewed by Csaba Osztrogonác.
2862
2863         * jit/CCallHelpers.h:
2864         (JSC::CCallHelpers::setupArgumentsWithExecState):
2865         * jit/JITInlines.h:
2866         (JSC::JIT::callOperation):
2867
2868 2014-11-07  Michael Saboff  <msaboff@apple.com>
2869
2870         Update scope related slow path code to use scope register added to opcodes
2871         https://bugs.webkit.org/show_bug.cgi?id=138254
2872
2873         Reviewed by Mark Lam.
2874
2875         Updated slow paths for op_pop_scope, op_push_name_scope and op_push_with_scope.
2876         Added scope register index parameter to the front of the relevant argument lists of the
2877         slow functions.  In the case of op_push_name_scope for x86 (32 bit), there aren't enough
2878         registers to accomodate all the parameters.  Therefore, added two new JSVALUE32_64 slow
2879         paths called operationPushCatchScope() and operationPushFunctionNameScope() to eliminate
2880         the last "type" argument.
2881         
2882
2883         * assembler/MacroAssemblerCodeRef.h:
2884         (JSC::FunctionPtr::FunctionPtr): Added a new template to take 6 arguments.
2885
2886         * jit/CCallHelpers.h:
2887         (JSC::CCallHelpers::setupArgumentsWithExecState):
2888         * jit/JIT.h:
2889         * jit/JITInlines.h:
2890         (JSC::JIT::callOperation):
2891         New variants of setupArgumentsWithExecState() and callOperation() to handle the new
2892         combinations of argument types and counts.
2893
2894         * jit/JITOpcodes.cpp:
2895         (JSC::JIT::emit_op_push_with_scope):
2896         (JSC::JIT::emit_op_pop_scope):
2897         (JSC::JIT::emit_op_push_name_scope):
2898         * jit/JITOpcodes32_64.cpp:
2899         (JSC::JIT::emit_op_push_with_scope):
2900         (JSC::JIT::emit_op_pop_scope):
2901         (JSC::JIT::emit_op_push_name_scope):
2902         Use the new slow paths.
2903
2904         * jit/JITOperations.cpp:
2905         * jit/JITOperations.h:
2906         Updates to set the scope result using the scope register index.  Added operationPushCatchScope()
2907         and operationPushFunctionNameScope().
2908
2909         * llint/LLIntSlowPaths.cpp:
2910         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2911         Updated the scope slow paths to use the scope register index in the instruction to read and
2912         write the register instead of using CallFrame::scope() and CallFrame::setScope().
2913
2914 2014-11-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2915
2916         Apply std::unique_ptr to slowPathCall()
2917         https://bugs.webkit.org/show_bug.cgi?id=138489
2918
2919         Reviewed by Mark Lam.
2920
2921         As a step to use std::unique_ptr<>, this patch makes slowPathCall() use std::unique_ptr<>,
2922         std::make_unique<>, and WTF::move(). 
2923
2924         * dfg/DFGSlowPathGenerator.h:
2925         (JSC::DFG::slowPathCall):
2926         (JSC::DFG::slowPathMove):
2927         * dfg/DFGSpeculativeJIT.cpp:
2928         (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
2929         (JSC::DFG::SpeculativeJIT::addSlowPathGenerator):
2930         (JSC::DFG::SpeculativeJIT::arrayify):
2931         (JSC::DFG::SpeculativeJIT::compileIn):
2932         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
2933         * dfg/DFGSpeculativeJIT.h:
2934         * dfg/DFGSpeculativeJIT32_64.cpp:
2935         (JSC::DFG::SpeculativeJIT::cachedGetById):
2936         (JSC::DFG::SpeculativeJIT::cachedPutById):
2937         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2938         (JSC::DFG::SpeculativeJIT::compile):
2939         * dfg/DFGSpeculativeJIT64.cpp:
2940         (JSC::DFG::SpeculativeJIT::cachedGetById):
2941         (JSC::DFG::SpeculativeJIT::cachedPutById):
2942         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2943         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2944         (JSC::DFG::SpeculativeJIT::compile):
2945
2946 2014-11-06  Mark Lam  <mark.lam@apple.com>
2947
2948         slow_path_get_direct_pname() needs to be hardened against a constant baseValue.
2949         <https://webkit.org/b/138476>
2950
2951         Reviewed by Michael Saboff.
2952
2953         slow_path_get_direct_pname() currently assumes that the baseValue is always a
2954         non-constant virtual register.  However, this is not always the case like in the
2955         following:
2956
2957             function foo() {
2958                 var o = { a:1 };
2959                 for (var n in o)
2960                     0[n];
2961             }
2962             foo();
2963
2964         This patch fixes it to also check for constant virtual register indexes.
2965
2966         * runtime/CommonSlowPaths.cpp:
2967         (JSC::SLOW_PATH_DECL):
2968
2969 2014-11-06  Michael Saboff  <msaboff@apple.com>
2970
2971         REGRESSION (r174985-174986): Site display disappears 
2972         https://bugs.webkit.org/show_bug.cgi?id=138082
2973
2974         Reviewed by Geoffrey Garen.
2975
2976         In support of the change in WebCore, this adds a new functor class to unwind to our
2977         caller's frame possibly skipping of intermediate C++ frames.
2978
2979         * interpreter/StackVisitor.h:
2980         (JSC::CallerFunctor::CallerFunctor):
2981         (JSC::CallerFunctor::callerFrame):
2982         (JSC::CallerFunctor::operator()):
2983
2984 2014-11-06  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2985
2986         Use std::unique_ptr in CodeBlock class
2987         https://bugs.webkit.org/show_bug.cgi?id=138395
2988
2989         Reviewed by Darin Adler.
2990
2991         * bytecode/CodeBlock.h: Use std::unique_ptr.
2992         (JSC::CodeBlock::setJITCodeMap):
2993         * jit/CompactJITCodeMap.h: Use std::unique_ptr instead of OwnPtr|PassOwnPtr.
2994         (JSC::CompactJITCodeMap::CompactJITCodeMap):
2995         (JSC::CompactJITCodeMap::Encoder::finish): Use std::unique_ptr instead of PassOwnPtr.
2996
2997 2014-11-05  Mark Lam  <mark.lam@apple.com>
2998
2999         PutById inline caches should have a store barrier when it triggers a structure transition.
3000         <https://webkit.org/b/138441>
3001
3002         Reviewed by Geoffrey Garen.
3003
3004         After r174025, we no longer insert DFG store barriers when the payload of a
3005         PutById operation is not a cell.  However, this can lead to a crash when we have
3006         PutById inline cache code transitioning the structure and re-allocating the
3007         butterfly of an old gen object.  The lack of a store barrier in that inline
3008         cache results in the old gen object not being noticed during an eden GC scan.
3009         As a result, its newly allocated butterfly will not be kept alive, which leads
3010         to a stale butterfly pointer and, eventually, a crash.
3011
3012         It is also possible that the new structure can be collected by the eden GC if
3013         (at GC time):
3014         1. It is in the eden gen.
3015         2. The inline cache that installed it has been evicted.
3016         3. There are no live eden gen objects referring to it.
3017
3018         The chances of this should be more rare than the butterfly re-allocation, but
3019         it is still possible.  Hence, the fix is to always add a store barrier if the
3020         inline caches performs a structure transition.
3021
3022         * jit/Repatch.cpp:
3023         (JSC::emitPutTransitionStub):
3024         - Added store barrier code based on SpeculativeJIT::storeToWriteBarrierBuffer()'s
3025           implementation.
3026
3027 2014-11-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3028
3029         Use std::unique_ptr in JSClassRef and JSCallbackObject
3030         https://bugs.webkit.org/show_bug.cgi?id=138402
3031
3032         Reviewed by Geoffrey Garen.
3033
3034         * API/JSCallbackObject.h: Use std::unique_ptr instead of OwnPtr|PassOwnPtr.
3035         (JSC::JSCallbackObjectData::setPrivateProperty): ditto.
3036         * API/JSClassRef.cpp: ditto.
3037         * API/JSClassRef.h: ditto.
3038
3039 2014-11-05  Michael Saboff  <msaboff@apple.com>
3040
3041         Disable flakey float32-repeat-out-of-bounds.js and int8-repeat-out-of-bounds.js tests for ARM64
3042         https://bugs.webkit.org/show_bug.cgi?id=138381
3043
3044         Reviewed by Mark Lam.
3045
3046         Disabled these test for ARM64.  Will address the failures and then re-enable.
3047
3048         * tests/stress/float32-repeat-out-of-bounds.js:
3049         * tests/stress/int8-repeat-out-of-bounds.js:
3050
3051 2014-11-05  Alexey Proskuryakov  <ap@apple.com>
3052
3053         Incorrect sandbox_check in RemoteInspector.mm
3054         https://bugs.webkit.org/show_bug.cgi?id=138408
3055
3056         Reviewed by Joseph Pecoraro.
3057
3058         * inspector/remote/RemoteInspector.mm:
3059         (Inspector::canAccessWebInspectorMachPort):
3060
3061 2014-11-03  Dean Jackson  <dino@apple.com>
3062
3063         Add ENABLE_FILTERS_LEVEL_2 feature guard.
3064         https://bugs.webkit.org/show_bug.cgi?id=138362
3065
3066         Reviewed by Tim Horton.
3067
3068         Add a new feature define for Level 2 of CSS Filters.
3069         http://dev.w3.org/fxtf/filters-2/
3070
3071         * Configurations/FeatureDefines.xcconfig:
3072
3073 2014-11-04  Mark Lam  <mark.lam@apple.com>
3074
3075         Rename checkMarkByte() to jumpIfIsRememberedOrInEden().
3076         <https://webkit.org/b/138369>
3077
3078         Reviewed by Geoffrey Garen.
3079
3080         Write barriers are needed for GC Eden collections so that we can scan pointers
3081         pointing from old generation objects to eden generation objects.  The barrier
3082         currently checks the mark byte in a cell to see if we should skip adding the
3083         cell to the GC remembered set.  The addition should be skipped if:
3084
3085         1. The cell is in the young generation.  It has no old to eden pointers by
3086            definition.
3087         2. The cell is already in the remembered set.  While it is ok to add the cell
3088            to the GC remembered set more than once, it would be redundant.  Hence,
3089            we skip this as an optimization to avoid doing unnecessary work.
3090
3091         The barrier currently names this check as checkMarkByte().  We should rename it
3092         to jumpIfIsRememberedOrInEden() to be clearer about its intent.
3093
3094         Similarly, Jump results of this check are currently named
3095         ownerNotMarkedOrAlreadyRemembered.  This can be misinterpreted as the owner is
3096         not marked or not already remembered.  We should rename it to
3097         ownerIsRememberedOrInEden which is clearer about the intent of the
3098         check.  What we are really checking for is that the cell is in the eden gen,
3099         which is implied by it being "not marked".
3100
3101         * dfg/DFGOSRExitCompilerCommon.cpp:
3102         (JSC::DFG::osrWriteBarrier):
3103         * dfg/DFGSpeculativeJIT.cpp:
3104         (JSC::DFG::SpeculativeJIT::writeBarrier):
3105         * dfg/DFGSpeculativeJIT32_64.cpp:
3106         (JSC::DFG::SpeculativeJIT::writeBarrier):
3107         * dfg/DFGSpeculativeJIT64.cpp:
3108         (JSC::DFG::SpeculativeJIT::writeBarrier):
3109         * jit/AssemblyHelpers.h:
3110         (JSC::AssemblyHelpers::jumpIfIsRememberedOrInEden):
3111         (JSC::AssemblyHelpers::checkMarkByte): Deleted.
3112         * jit/JITPropertyAccess.cpp:
3113         (JSC::JIT::emitWriteBarrier):
3114         * llint/LowLevelInterpreter.asm:
3115         * llint/LowLevelInterpreter32_64.asm:
3116         * llint/LowLevelInterpreter64.asm:
3117         * runtime/JSCell.h:
3118
3119 2014-11-04  Joseph Pecoraro  <pecoraro@apple.com>
3120
3121         Web Inspector: Pause on exceptions should show the actual exception
3122         https://bugs.webkit.org/show_bug.cgi?id=63096
3123
3124         Reviewed by Timothy Hatcher.
3125
3126         * debugger/Debugger.h:
3127         Expose accessor for the pause reason to subclasses.
3128
3129         * inspector/JSInjectedScriptHost.cpp:
3130         (Inspector::JSInjectedScriptHost::type):
3131         New "error" subtype for error objects.
3132
3133         * inspector/InjectedScriptSource.js:
3134         When an object is an error object, use toString to provide a richer description.
3135
3136         * inspector/protocol/Runtime.json:
3137         Expose a new "error" subtype for Error types (TypeError, ReferenceError, EvalError, etc).
3138
3139         * inspector/protocol/Debugger.json:
3140         Provide type checked objects for different Debugger.pause pause reasons.
3141         An exception provides the thrown object, but assert / CSP pauses provide
3142         a richer typed object as the auxiliary data.
3143
3144         * inspector/ScriptDebugServer.cpp:
3145         (Inspector::ScriptDebugServer::dispatchDidPause):
3146         When paused because of an exception, pass the exception on.
3147
3148         * inspector/agents/InspectorDebuggerAgent.h:
3149         * inspector/agents/InspectorDebuggerAgent.cpp:
3150         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3151         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3152         Provide richer data in pause events.
3153
3154         * inspector/scripts/codegen/generate_backend_commands.py:
3155         (BackendCommandsGenerator.generate_domain.is_anonymous_enum_param):
3156         (BackendCommandsGenerator.generate_domain):
3157         * inspector/scripts/tests/expected/enum-values.json-result:
3158         Generate frontend enums for anonymous enum event parameters.
3159
3160 2014-11-04  Michael Saboff  <msaboff@apple.com>
3161
3162         Disable flakey float32-repeat-out-of-bounds.js and int8-repeat-out-of-bounds.js tests for ARM64
3163         https://bugs.webkit.org/show_bug.cgi?id=138381
3164
3165         Reviewed by Mark Lam.
3166
3167         Disabled these test for ARM64.  Will address the failures and then re-enable.
3168
3169         * tests/stress/float32-repeat-out-of-bounds.js:
3170         * tests/stress/int8-repeat-out-of-bounds.js:
3171
3172 2014-11-04  Joseph Pecoraro  <pecoraro@apple.com>
3173
3174         Web Inspector: Enum value collisions between different generators
3175         https://bugs.webkit.org/show_bug.cgi?id=138343
3176
3177         Reviewed by Brian Burg.
3178
3179         Each generator was using its own filtered list of domains_to_generate
3180         to build the shared unique list of enum value encodings. This list
3181         was slightly different across different generators. Instead always
3182         use the list of all non-supplemental domains to generate the shared
3183         list of enum values.
3184
3185         * inspector/scripts/codegen/generator.py:
3186         (Generator.non_supplemental_domains):
3187         (Generator.domains_to_generate):
3188         (Generator._traverse_and_assign_enum_values):
3189         * inspector/scripts/tests/enum-values.json: Added.
3190         * inspector/scripts/tests/expected/enum-values.json-result: Added.
3191
3192 2014-11-03  Akos Kiss  <akiss@inf.u-szeged.hu>
3193
3194         Workaround for Cortex-A53 erratum 835769
3195         https://bugs.webkit.org/show_bug.cgi?id=138315
3196
3197         Reviewed by Filip Pizlo.
3198
3199         This patch introduces CMake variable and preprocessor macro
3200         WTF_CPU_ARM64_CORTEXA53 with the aim of enabling Cortex-A53-specific
3201         code paths, if set true. The patch also implements one case where such
3202         code paths are needed: the workaround for Cortex-A53 erratum 835769. If
3203         WTF_CPU_ARM64_CORTEXA53 is set then:
3204         - CMake checks whether the compiler already has support for a workaround
3205           and adds -mfix-cortex-a53-835769 to the compiler flags if so,
3206         - the ARM64 backend of offlineasm inserts a nop between memory and
3207           multiply-accumulate instructions, and
3208         - the ARM64 assembler also inserts a nop between memory and (64-bit) 
3209           multiply-accumulate instructions.
3210
3211         * assembler/ARM64Assembler.h:
3212         (JSC::ARM64Assembler::madd):
3213         Call nopCortexA53Fix835769() to insert a nop if CPU(ARM64_CORTEXA53) and
3214         if necessary.
3215         (JSC::ARM64Assembler::msub): Likewise.
3216         (JSC::ARM64Assembler::smaddl): Likewise.
3217         (JSC::ARM64Assembler::smsubl): Likewise.
3218         (JSC::ARM64Assembler::umaddl): Likewise.
3219         (JSC::ARM64Assembler::umsubl): Likewise.
3220         (JSC::ARM64Assembler::nopCortexA53Fix835769):
3221         Added. Insert a nop if the previously emitted instruction was a load, a
3222         store, or a prefetch, and if the current instruction is 64-bit.
3223         * offlineasm/arm64.rb:
3224         Add the arm64CortexA53Fix835769 phase and call it from
3225         getModifiedListARM64 to insert nopCortexA53Fix835769 between appropriate
3226         macro instructions. Also, lower nopCortexA53Fix835769 to nop if
3227         CPU(ARM64_CORTEXA53), to nothing otherwise.
3228         * offlineasm/instructions.rb:
3229         Define macro instruction nopFixCortexA53Err835769.
3230
3231 2014-11-03  Commit Queue  <commit-queue@webkit.org>
3232
3233         Unreviewed, rolling out r175509.
3234         https://bugs.webkit.org/show_bug.cgi?id=138349
3235
3236         broke some builds (Requested by msaboff on #webkit).
3237
3238         Reverted changeset:
3239
3240         "Update scope related slow path code to use scope register
3241         added to opcodes"
3242         https://bugs.webkit.org/show_bug.cgi?id=138254
3243         http://trac.webkit.org/changeset/175509
3244
3245 2014-11-03  Michael Saboff  <msaboff@apple.com>
3246
3247         Update scope related slow path code to use scope register added to opcodes
3248         https://bugs.webkit.org/show_bug.cgi?id=138254
3249
3250         Reviewed by Mark Lam.
3251
3252         Updated slow paths for op_pop_scope, op_push_name_scope and op_push_with_scope.
3253         Added scope register index parameter to the front of the relevant argument lists of the
3254         slow functions.  In the case of op_push_name_scope for x86 (32 bit), there aren't enough
3255         registers to accomodate all the parameters.  Therefore, added two new JSVALUE32_64 slow
3256         paths called operationPushCatchScope() and operationPushFunctionNameScope() to eliminate
3257         the last "type" argument.
3258         
3259
3260         * assembler/MacroAssemblerCodeRef.h:
3261         (JSC::FunctionPtr::FunctionPtr): Added a new template to take 6 arguments.
3262
3263         * jit/CCallHelpers.h:
3264         (JSC::CCallHelpers::setupArgumentsWithExecState):
3265         * jit/JIT.h:
3266         * jit/JITInlines.h:
3267         (JSC::JIT::callOperation):
3268         New variants of setupArgumentsWithExecState() and callOperation() to handle the new
3269         combinations of argument types and counts.
3270
3271         * jit/JITOpcodes.cpp:
3272         (JSC::JIT::emit_op_push_with_scope):
3273         (JSC::JIT::emit_op_pop_scope):
3274         (JSC::JIT::emit_op_push_name_scope):
3275         * jit/JITOpcodes32_64.cpp:
3276         (JSC::JIT::emit_op_push_with_scope):
3277         (JSC::JIT::emit_op_pop_scope):
3278         (JSC::JIT::emit_op_push_name_scope):
3279         Use the new slow paths.
3280
3281         * jit/JITOperations.cpp:
3282         * jit/JITOperations.h:
3283         Updates to set the scope result using the scope register index.  Added operationPushCatchScope()
3284         and operationPushFunctionNameScope().
3285
3286         * llint/LLIntSlowPaths.cpp:
3287         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3288         Updated the scope slow paths to use the scope register index in the instruction to read and
3289         write the register instead of using CallFrame::scope() and CallFrame::setScope().
3290
3291 2014-11-03  Michael Saboff  <msaboff@apple.com>
3292
3293         Add "get scope" byte code
3294         https://bugs.webkit.org/show_bug.cgi?id=138326
3295
3296         Reviewed by Mark Lam.
3297
3298         Added op_get_scope.  Added implementations for the LLInt and baseline JIT.
3299         Provided nop implementation for DFG and FTL.  The new byte code is emitted
3300         after op_enter for any function, program or eval.  It is expected that the
3301         DFG will be implemented such that unneeded op_get_scope would be eliminated
3302         during DFG compilation.
3303
3304         * bytecode/BytecodeList.json:
3305         * bytecode/BytecodeUseDef.h:
3306         (JSC::computeUsesForBytecodeOffset):
3307         (JSC::computeDefsForBytecodeOffset):
3308         Added new op_get_scope bytecode.
3309
3310         * bytecompiler/BytecodeGenerator.cpp:
3311         (JSC::BytecodeGenerator::BytecodeGenerator):
3312         (JSC::BytecodeGenerator::emitGetScope):
3313         * bytecompiler/BytecodeGenerator.h:
3314         Emit new op_get_scope bytecode.
3315
3316         * dfg/DFGByteCodeParser.cpp:
3317         (JSC::DFG::ByteCodeParser::parseBlock):
3318         * dfg/DFGCapabilities.cpp:
3319         (JSC::DFG::capabilityLevel):
3320         Added framework for new op_get_scope bytecode.
3321
3322         * bytecode/CodeBlock.cpp:
3323         (JSC::CodeBlock::dumpBytecode):
3324         * jit/JIT.cpp:
3325         (JSC::JIT::privateCompileMainPass):
3326         * jit/JIT.h:
3327         * jit/JITOpcodes.cpp:
3328         (JSC::JIT::emit_op_get_scope):
3329         * jit/JITOpcodes32_64.cpp:
3330         (JSC::JIT::emit_op_get_scope):
3331         * llint/LowLevelInterpreter32_64.asm:
3332         * llint/LowLevelInterpreter64.asm:
3333         Implementation of op_get_scope bytecode.
3334
3335 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
3336
3337         Web Inspector: Fix RWIProtocol 64-to-32 bit conversion warnings
3338         https://bugs.webkit.org/show_bug.cgi?id=138325
3339
3340         Reviewed by Timothy Hatcher.
3341
3342         * inspector/InspectorValues.h:
3343         Vector's length really is an unsigned, so a static_cast here is fine.
3344
3345         * inspector/scripts/codegen/generate_objective_c.py:
3346         (ObjCGenerator.objc_type_for_raw_name):
3347         Use int instead of NSInteger for APIs that eventually map to
3348         InspectorObject's setInteger, which takes an int.
3349
3350         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3351         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3352         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3353         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3354         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3355         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3356         Rebaselined results with the type change.
3357
3358 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
3359
3360         Web Inspector: Show Selector's Specificity
3361         https://bugs.webkit.org/show_bug.cgi?id=138189
3362
3363         Reviewed by Timothy Hatcher.
3364
3365         * inspector/protocol/CSS.json:
3366         Create a new named type CSSSelector to include a selector's text and specificity.
3367         The specificity tuple is optional as it may soon be made dynamic in some cases.
3368
3369 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
3370
3371         Web Inspector: ObjC Protocol Interfaces should throw exceptions for nil arguments
3372         https://bugs.webkit.org/show_bug.cgi?id=138221
3373
3374         Reviewed by Timothy Hatcher.
3375
3376         The RWIProtocol APIs will now raise exceptions when:
3377
3378           - any properties are set on a type with a nil value or key (handled by RWIProtocolJSONObject)
3379           - required parameters in type constructors have nil value
3380           - required or optional command return parameters have nil values
3381           - required or optional event parameters have nil values
3382
3383         The exceptions include the name of the field when possible.
3384
3385         * inspector/scripts/codegen/generate_objective_c.py:
3386         (ObjCGenerator.is_type_objc_pointer_type):
3387         Provide a quick check to see if type would be a pointer or not
3388         in the ObjC API. Enums for example are not pointers in the API
3389         because we manage converting them to/from strings.
3390
3391         * inspector/scripts/codegen/generate_objective_c_backend_dispatcher_implementation.py:
3392         (ObjectiveCConfigurationImplementationGenerator._generate_success_block_for_command):
3393         * inspector/scripts/codegen/generate_objective_c_frontend_dispatcher_implementation.py:
3394         (ObjectiveCFrontendDispatcherImplementationGenerator._generate_event):
3395         * inspector/scripts/codegen/generate_objective_c_types_implementation.py:
3396         (ObjectiveCTypesImplementationGenerator._generate_init_method_for_required_members):
3397         (ObjectiveCTypesImplementationGenerator._generate_setter_for_member):
3398         Throw exceptions when nil values are disallowed.
3399
3400         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3401         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result: