Simple ES6 feature: Number constructor extras
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-28  Diego Pino Garcia  <dpino@igalia.com>
2
3         Simple ES6 feature: Number constructor extras
4         https://bugs.webkit.org/show_bug.cgi?id=131707
5
6         Reviewed by Darin Adler.
7
8         * runtime/CommonIdentifiers.h:
9         * runtime/NumberConstructor.cpp:
10         (JSC::NumberConstructor::finishCreation): Setup constants and
11         functions.
12         (JSC::numberConstructorFuncIsFinite): Added.
13         (JSC::numberConstructorFuncIsInteger): Added.
14         (JSC::numberConstructorFuncIsNaN): Added.
15         (JSC::numberConstructorFuncIsSafeInteger): Added.
16         (JSC::NumberConstructor::getOwnPropertySlot): Deleted.
17         (JSC::numberConstructorNaNValue): Deleted.
18         (JSC::numberConstructorNegInfinity): Deleted.
19         (JSC::numberConstructorPosInfinity): Deleted.
20         (JSC::numberConstructorMaxValue): Deleted.
21         (JSC::numberConstructorMinValue): Deleted.
22         * runtime/NumberConstructor.h:
23
24 2014-09-26  Filip Pizlo  <fpizlo@apple.com>
25
26         Disable function.arguments
27         https://bugs.webkit.org/show_bug.cgi?id=137167
28
29         Rubber stamped by Geoffrey Garen.
30         
31         Add an option to disable function.arguments. Add a test for disabling it.
32         
33         Disabling function.arguments means that it returns an Arguments object that claims that
34         there were zero arguments. All other Arguments functionality still works, so any code
35         that tries to inspect this object will still think that it is looking at a perfectly
36         valid Arguments object.
37         
38         This also makes function.arguments disabled by default. Note that the RJST harness will
39         enable them by default, to continue to get test coverage for the code that implements
40         the feature.
41         
42         We will rip out that code once we're confident that it's really safe to remove this
43         feature. Only once we rip out that support will we be able to do optimizations to
44         leverage the lack of this feature. It's important to keep the support code, and the test
45         infrastructure, in place before we are confident. The logic to keep this working touches
46         the entire compiler and a large chunk of the runtime, so reimplementing it - or even
47         merging it back in - would be a nightmare. That's also basically the reason why we want
48         to rip it out if at all possible. It's a lot of terrible code.
49
50         * interpreter/StackVisitor.cpp:
51         (JSC::StackVisitor::Frame::createArguments):
52         * runtime/Arguments.h:
53         (JSC::Arguments::create):
54         (JSC::Arguments::finishCreation):
55         * runtime/Options.h:
56         * tests/stress/disable-function-dot-arguments.js: Added.
57         (foo):
58         (bar):
59
60 2014-09-26  Joseph Pecoraro  <pecoraro@apple.com>
61
62         Web Inspector: Automatic Inspection should continue once all breakpoints are loaded
63         https://bugs.webkit.org/show_bug.cgi?id=137038
64
65         Reviewed by Timothy Hatcher.
66
67         Add a new protocol command "Inspector.initialized" that signifies to the backend
68         when the frontend has sent all its initialization messages to the backend. This
69         can include information like breakpoints, which we would want to have loaded
70         before any JavaScript evaluates in the context.
71
72         * inspector/protocol/InspectorDomain.json:
73         New protocol command, Inspector.initialized.
74
75         * inspector/agents/InspectorAgent.h:
76         * inspector/agents/InspectorAgent.cpp:
77         (Inspector::InspectorAgent::InspectorAgent):
78         (Inspector::InspectorAgent::initialized):
79         Tell the InspectorEnvironment (the Controller) the frontend has initialized.
80
81         * inspector/InspectorEnvironment.h:
82         Abstract virtual method to handle frontend initialization. To be
83         implemented by all of the InspectorControllers.
84
85         * inspector/JSGlobalObjectInspectorController.h:
86         * inspector/JSGlobalObjectInspectorController.cpp:
87         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
88         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
89         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
90         (Inspector::JSGlobalObjectInspectorController::frontendInitialized):
91         When a frontend is initialized, if it was automatic inspection unpause the debuggable.
92
93         * inspector/remote/RemoteInspectorDebuggable.cpp:
94         (Inspector::RemoteInspectorDebuggable::unpauseForInitializedInspector):
95         Complete setup for this debuggable.
96
97         * inspector/remote/RemoteInspectorDebuggable.h:
98         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
99         (Inspector::RemoteInspectorDebuggableConnection::setup):
100         Move the setup complete to later, when the frontend sends an "initialized" message.
101
102         * inspector/remote/RemoteInspector.h:
103         * inspector/remote/RemoteInspector.mm:
104         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
105         Provide a longer timeout now that the frontend must send messages after the connection
106         has established. The longest I have seen in  600ms, but the average tends to be 200ms.
107         So bump the timeout to 800ms for a buffer.
108
109         (Inspector::RemoteInspector::setupSucceeded): Deleted.
110         (Inspector::RemoteInspector::setupCompleted):
111         Rename, as this happens at a slightly different time.
112
113 2014-09-26  Filip Pizlo  <fpizlo@apple.com>
114
115         DFG shouldn't insert store barriers when it has it on good authority that we're not storing a cell
116         https://bugs.webkit.org/show_bug.cgi?id=137161
117
118         Reviewed by Mark Hahnenberg.
119         
120         This looks like a 1% Octane speed-up.
121
122         * bytecode/SpeculatedType.h:
123         (JSC::isNotCellSpeculation):
124         * dfg/DFGFixupPhase.cpp:
125         (JSC::DFG::FixupPhase::fixupNode):
126         (JSC::DFG::FixupPhase::insertStoreBarrier):
127         (JSC::DFG::FixupPhase::insertCheck):
128         * dfg/DFGNode.h:
129         (JSC::DFG::Node::shouldSpeculateNotCell):
130
131 2014-09-26  Peter Varga  <pvarga@webkit.org>
132
133         Fix typo in YARR at BOL check
134         https://bugs.webkit.org/show_bug.cgi?id=137144
135
136         Reviewed by Darin Adler.
137
138         * yarr/YarrPattern.cpp: replace bitwise and operator by logical and
139         (JSC::Yarr::YarrPatternConstructor::assertionBOL):
140
141 2014-09-25  Saam Barati  <saambarati1@gmail.com>
142
143         Web Inspector: console.assert(bitString) TypeSet:50 
144         https://bugs.webkit.org/show_bug.cgi?id=137051
145
146         Reviewed by Joseph Pecoraro.
147
148         This patch creates stricter requirements on a TypeDescription
149         being valid. To be valid, a TypeDescription now ensures that 
150         the TypeSet it describes has non null type information.
151
152         * inspector/agents/InspectorRuntimeAgent.cpp:
153         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
154         * runtime/TypeSet.h:
155         (JSC::TypeSet::isEmpty):
156
157 2014-09-25  Filip Pizlo  <fpizlo@apple.com>
158
159         FTL should sink object allocations
160         https://bugs.webkit.org/show_bug.cgi?id=136330
161
162         Reviewed by Oliver Hunt.
163         
164         This adds a comprehensive infrastructure for sinking object allocations in DFG SSA form. The
165         ultimate goal of sinking is to sink an allocation "past the points of its death" - i.e. to
166         eliminate it completely. The way sinking reasons about the CFG means that it resembles a
167         partial escape analysis: we create paths through a function where some allocation(s) don't
168         have to be done at all even if there are other paths along which those allocations still have
169         to happen. But it also produces other side benefits. Even if an allocation isn't eliminated
170         along any path, the act of sinking reduces the number of barriers that have to execute.
171         
172         Because this was a fairly ambituous SSA analysis and transformation, I added a bunch of C++11
173         sugar to the DFG's internal APIs to allow for easier iteration over blocks, nodes, and
174         successors; and to add more functor goodness to allow for more lambdas.
175         
176         This is just the beginning. The bug has a bunch of other bugs that depend on it. So far this
177         is a spectacular speed-up on microbenchmarks but it's still too limited to affect big
178         benchmarks. For example, doing o == p makes the sinking phase think that o and p escape.
179         That's just an omission and there are likely others; we can easily fix them. I think it's
180         best to land it in its current form and then to worry about the big benchmarks in subsequent
181         work (see bug 137126).
182
183         * CMakeLists.txt:
184         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
185         * JavaScriptCore.xcodeproj/project.pbxproj:
186         * bytecode/StructureSet.h:
187         (JSC::StructureSet::iterator::iterator):
188         (JSC::StructureSet::iterator::operator*):
189         (JSC::StructureSet::iterator::operator++):
190         (JSC::StructureSet::iterator::operator==):
191         (JSC::StructureSet::iterator::operator!=):
192         (JSC::StructureSet::begin):
193         (JSC::StructureSet::end):
194         * dfg/DFGAbstractInterpreter.h:
195         (JSC::DFG::AbstractInterpreter::phiChildren):
196         * dfg/DFGAbstractInterpreterInlines.h:
197         (JSC::DFG::AbstractInterpreter<AbstractStateType>::AbstractInterpreter):
198         (JSC::DFG::AbstractInterpreter<AbstractStateType>::startExecuting):
199         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
200         (JSC::DFG::AbstractInterpreter<AbstractStateType>::execute):
201         * dfg/DFGAvailability.h:
202         (JSC::DFG::Availability::shouldUseNode):
203         (JSC::DFG::Availability::isFlushUseful):
204         (JSC::DFG::Availability::isDead):
205         (JSC::DFG::Availability::operator!=):
206         * dfg/DFGAvailabilityMap.cpp: Added.
207         (JSC::DFG::AvailabilityMap::prune):
208         (JSC::DFG::AvailabilityMap::clear):
209         (JSC::DFG::AvailabilityMap::dump):
210         (JSC::DFG::AvailabilityMap::operator==):
211         (JSC::DFG::AvailabilityMap::merge):
212         * dfg/DFGAvailabilityMap.h: Added.
213         (JSC::DFG::AvailabilityMap::forEachAvailability):
214         * dfg/DFGBasicBlock.cpp:
215         (JSC::DFG::BasicBlock::SSAData::SSAData):
216         * dfg/DFGBasicBlock.h:
217         (JSC::DFG::BasicBlock::begin):
218         (JSC::DFG::BasicBlock::end):
219         (JSC::DFG::BasicBlock::SuccessorsIterable::SuccessorsIterable):
220         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::iterator):
221         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator*):
222         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator++):
223         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator==):
224         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator!=):
225         (JSC::DFG::BasicBlock::SuccessorsIterable::begin):
226         (JSC::DFG::BasicBlock::SuccessorsIterable::end):
227         (JSC::DFG::BasicBlock::successors):
228         * dfg/DFGClobberize.h:
229         (JSC::DFG::clobberize):
230         * dfg/DFGConstantFoldingPhase.cpp:
231         (JSC::DFG::ConstantFoldingPhase::foldConstants):
232         * dfg/DFGDoesGC.cpp:
233         (JSC::DFG::doesGC):
234         * dfg/DFGFixupPhase.cpp:
235         (JSC::DFG::FixupPhase::fixupNode):
236         * dfg/DFGFlushedAt.cpp:
237         (JSC::DFG::FlushedAt::dump):
238         * dfg/DFGFlushedAt.h:
239         (JSC::DFG::FlushedAt::FlushedAt):
240         * dfg/DFGGraph.cpp:
241         (JSC::DFG::Graph::dump):
242         (JSC::DFG::Graph::dumpBlockHeader):
243         (JSC::DFG::Graph::mergeRelevantToOSR):
244         (JSC::DFG::Graph::invalidateCFG):
245         * dfg/DFGGraph.h:
246         (JSC::DFG::Graph::NaturalBlockIterable::NaturalBlockIterable):
247         (JSC::DFG::Graph::NaturalBlockIterable::iterator::iterator):
248         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator*):
249         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator++):
250         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator==):
251         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator!=):
252         (JSC::DFG::Graph::NaturalBlockIterable::iterator::findNext):
253         (JSC::DFG::Graph::NaturalBlockIterable::begin):
254         (JSC::DFG::Graph::NaturalBlockIterable::end):
255         (JSC::DFG::Graph::blocksInNaturalOrder):
256         (JSC::DFG::Graph::doToChildrenWithNode):
257         (JSC::DFG::Graph::doToChildren):
258         * dfg/DFGHeapLocation.cpp:
259         (WTF::printInternal):
260         * dfg/DFGHeapLocation.h:
261         * dfg/DFGInsertOSRHintsForUpdate.cpp: Added.
262         (JSC::DFG::insertOSRHintsForUpdate):
263         * dfg/DFGInsertOSRHintsForUpdate.h: Added.
264         * dfg/DFGInsertionSet.h:
265         (JSC::DFG::InsertionSet::graph):
266         * dfg/DFGMayExit.cpp:
267         (JSC::DFG::mayExit):
268         * dfg/DFGNode.h:
269         (JSC::DFG::Node::convertToPutByOffsetHint):
270         (JSC::DFG::Node::convertToPutStructureHint):
271         (JSC::DFG::Node::convertToPhantomNewObject):
272         (JSC::DFG::Node::isCellConstant):
273         (JSC::DFG::Node::castConstant):
274         (JSC::DFG::Node::hasIdentifier):
275         (JSC::DFG::Node::hasStorageAccessData):
276         (JSC::DFG::Node::hasObjectMaterializationData):
277         (JSC::DFG::Node::objectMaterializationData):
278         (JSC::DFG::Node::isPhantomObjectAllocation):
279         * dfg/DFGNodeType.h:
280         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
281         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
282         (JSC::DFG::LocalOSRAvailabilityCalculator::endBlock):
283         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
284         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
285         * dfg/DFGObjectAllocationSinkingPhase.cpp: Added.
286         (JSC::DFG::ObjectAllocationSinkingPhase::ObjectAllocationSinkingPhase):
287         (JSC::DFG::ObjectAllocationSinkingPhase::run):
288         (JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
289         (JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
290         (JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
291         (JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
292         (JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):
293         (JSC::DFG::ObjectAllocationSinkingPhase::resolve):
294         (JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
295         (JSC::DFG::ObjectAllocationSinkingPhase::createMaterialize):
296         (JSC::DFG::ObjectAllocationSinkingPhase::populateMaterialize):
297         (JSC::DFG::performObjectAllocationSinking):
298         * dfg/DFGObjectAllocationSinkingPhase.h: Added.
299         * dfg/DFGObjectMaterializationData.cpp: Added.
300         (JSC::DFG::PhantomPropertyValue::dump):
301         (JSC::DFG::ObjectMaterializationData::dump):
302         (JSC::DFG::ObjectMaterializationData::oneWaySimilarityScore):
303         (JSC::DFG::ObjectMaterializationData::similarityScore):
304         * dfg/DFGObjectMaterializationData.h: Added.
305         (JSC::DFG::PhantomPropertyValue::PhantomPropertyValue):
306         (JSC::DFG::PhantomPropertyValue::operator==):
307         * dfg/DFGPhantomCanonicalizationPhase.cpp:
308         (JSC::DFG::PhantomCanonicalizationPhase::run):
309         * dfg/DFGPhantomRemovalPhase.cpp:
310         (JSC::DFG::PhantomRemovalPhase::run):
311         * dfg/DFGPhiChildren.cpp: Added.
312         (JSC::DFG::PhiChildren::PhiChildren):
313         (JSC::DFG::PhiChildren::~PhiChildren):
314         (JSC::DFG::PhiChildren::upsilonsOf):
315         * dfg/DFGPhiChildren.h: Added.
316         (JSC::DFG::PhiChildren::forAllIncomingValues):
317         (JSC::DFG::PhiChildren::forAllTransitiveIncomingValues):
318         * dfg/DFGPlan.cpp:
319         (JSC::DFG::Plan::compileInThreadImpl):
320         * dfg/DFGPrePostNumbering.cpp: Added.
321         (JSC::DFG::PrePostNumbering::PrePostNumbering):
322         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
323         (JSC::DFG::PrePostNumbering::compute):
324         (WTF::printInternal):
325         * dfg/DFGPrePostNumbering.h: Added.
326         (JSC::DFG::PrePostNumbering::preNumber):
327         (JSC::DFG::PrePostNumbering::postNumber):
328         (JSC::DFG::PrePostNumbering::isStrictAncestorOf):
329         (JSC::DFG::PrePostNumbering::isAncestorOf):
330         (JSC::DFG::PrePostNumbering::isStrictDescendantOf):
331         (JSC::DFG::PrePostNumbering::isDescendantOf):
332         (JSC::DFG::PrePostNumbering::edgeKind):
333         * dfg/DFGPredictionPropagationPhase.cpp:
334         (JSC::DFG::PredictionPropagationPhase::propagate):
335         * dfg/DFGPromoteHeapAccess.h: Added.
336         (JSC::DFG::promoteHeapAccess):
337         * dfg/DFGPromotedHeapLocation.cpp: Added.
338         (JSC::DFG::PromotedLocationDescriptor::dump):
339         (JSC::DFG::PromotedHeapLocation::createHint):
340         (JSC::DFG::PromotedHeapLocation::dump):
341         (WTF::printInternal):
342         * dfg/DFGPromotedHeapLocation.h: Added.
343         (JSC::DFG::PromotedLocationDescriptor::PromotedLocationDescriptor):
344         (JSC::DFG::PromotedLocationDescriptor::operator!):
345         (JSC::DFG::PromotedLocationDescriptor::kind):
346         (JSC::DFG::PromotedLocationDescriptor::info):
347         (JSC::DFG::PromotedLocationDescriptor::hash):
348         (JSC::DFG::PromotedLocationDescriptor::operator==):
349         (JSC::DFG::PromotedLocationDescriptor::operator!=):
350         (JSC::DFG::PromotedLocationDescriptor::isHashTableDeletedValue):
351         (JSC::DFG::PromotedHeapLocation::PromotedHeapLocation):
352         (JSC::DFG::PromotedHeapLocation::operator!):
353         (JSC::DFG::PromotedHeapLocation::kind):
354         (JSC::DFG::PromotedHeapLocation::base):
355         (JSC::DFG::PromotedHeapLocation::info):
356         (JSC::DFG::PromotedHeapLocation::descriptor):
357         (JSC::DFG::PromotedHeapLocation::hash):
358         (JSC::DFG::PromotedHeapLocation::operator==):
359         (JSC::DFG::PromotedHeapLocation::isHashTableDeletedValue):
360         (JSC::DFG::PromotedHeapLocationHash::hash):
361         (JSC::DFG::PromotedHeapLocationHash::equal):
362         * dfg/DFGSSACalculator.cpp:
363         (JSC::DFG::SSACalculator::reset):
364         * dfg/DFGSSACalculator.h:
365         * dfg/DFGSafeToExecute.h:
366         (JSC::DFG::safeToExecute):
367         * dfg/DFGSpeculativeJIT.cpp:
368         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
369         * dfg/DFGSpeculativeJIT32_64.cpp:
370         (JSC::DFG::SpeculativeJIT::compile):
371         * dfg/DFGSpeculativeJIT64.cpp:
372         (JSC::DFG::SpeculativeJIT::compile):
373         * dfg/DFGStructureRegistrationPhase.cpp:
374         (JSC::DFG::StructureRegistrationPhase::run):
375         * dfg/DFGValidate.cpp:
376         (JSC::DFG::Validate::validate):
377         * ftl/FTLCapabilities.cpp:
378         (JSC::FTL::canCompile):
379         * ftl/FTLExitPropertyValue.cpp: Added.
380         (JSC::FTL::ExitPropertyValue::dump):
381         * ftl/FTLExitPropertyValue.h: Added.
382         (JSC::FTL::ExitPropertyValue::ExitPropertyValue):
383         (JSC::FTL::ExitPropertyValue::operator!):
384         (JSC::FTL::ExitPropertyValue::location):
385         (JSC::FTL::ExitPropertyValue::value):
386         * ftl/FTLExitTimeObjectMaterialization.cpp: Added.
387         (JSC::FTL::ExitTimeObjectMaterialization::ExitTimeObjectMaterialization):
388         (JSC::FTL::ExitTimeObjectMaterialization::~ExitTimeObjectMaterialization):
389         (JSC::FTL::ExitTimeObjectMaterialization::add):
390         (JSC::FTL::ExitTimeObjectMaterialization::get):
391         (JSC::FTL::ExitTimeObjectMaterialization::dump):
392         * ftl/FTLExitTimeObjectMaterialization.h: Added.
393         (JSC::FTL::ExitTimeObjectMaterialization::type):
394         (JSC::FTL::ExitTimeObjectMaterialization::properties):
395         * ftl/FTLExitValue.cpp:
396         (JSC::FTL::ExitValue::materializeNewObject):
397         (JSC::FTL::ExitValue::dumpInContext):
398         * ftl/FTLExitValue.h:
399         (JSC::FTL::ExitValue::isObjectMaterialization):
400         (JSC::FTL::ExitValue::objectMaterialization):
401         (JSC::FTL::ExitValue::withVirtualRegister):
402         (JSC::FTL::ExitValue::valueFormat):
403         * ftl/FTLLowerDFGToLLVM.cpp:
404         (JSC::FTL::LowerDFGToLLVM::compileNode):
405         (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
406         (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
407         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
408         (JSC::FTL::LowerDFGToLLVM::compileNewObject):
409         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
410         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
411         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
412         (JSC::FTL::LowerDFGToLLVM::compileCheckStructureImmediate):
413         (JSC::FTL::LowerDFGToLLVM::compileMaterializeNewObject):
414         (JSC::FTL::LowerDFGToLLVM::checkStructure):
415         (JSC::FTL::LowerDFGToLLVM::allocateCell):
416         (JSC::FTL::LowerDFGToLLVM::storeStructure):
417         (JSC::FTL::LowerDFGToLLVM::allocateObject):
418         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID):
419         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
420         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
421         (JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
422         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
423         (JSC::FTL::LowerDFGToLLVM::weakStructureID):
424         (JSC::FTL::LowerDFGToLLVM::weakStructure):
425         (JSC::FTL::LowerDFGToLLVM::availabilityMap):
426         (JSC::FTL::LowerDFGToLLVM::availability): Deleted.
427         * ftl/FTLOSRExit.h:
428         * ftl/FTLOSRExitCompiler.cpp:
429         (JSC::FTL::compileRecovery):
430         (JSC::FTL::compileStub):
431         * ftl/FTLOperations.cpp: Added.
432         (JSC::FTL::operationNewObjectWithButterfly):
433         (JSC::FTL::operationMaterializeObjectInOSR):
434         * ftl/FTLOperations.h: Added.
435         * ftl/FTLSwitchCase.h:
436         (JSC::FTL::SwitchCase::SwitchCase):
437         * runtime/JSObject.h:
438         (JSC::JSObject::finishCreation):
439         (JSC::JSFinalObject::JSFinalObject):
440         (JSC::JSFinalObject::create):
441         * runtime/Structure.cpp:
442         (JSC::Structure::canUseForAllocationsOf):
443         * runtime/Structure.h:
444         * tests/stress/elidable-new-object-roflcopter-then-exit.js: Added.
445         (sumOfArithSeries):
446         (foo):
447         * tests/stress/elide-new-object-dag-then-exit.js: Added.
448         (sumOfArithSeries):
449         (bar):
450         (verify):
451         (foo):
452         * tests/stress/obviously-elidable-new-object-then-exit.js: Added.
453         (sumOfArithSeries):
454         (foo):
455
456 2014-09-25  Brian J. Burg  <burg@cs.washington.edu>
457
458         Web Replay: Check event loop input extents during replaying too
459         https://bugs.webkit.org/show_bug.cgi?id=136316
460
461         Reviewed by Timothy Hatcher.
462
463         Sometimes we see different nondeterminism during capture and replay
464         executions, so we should add determinism checks during replay too.
465
466         Move the withinEventLoopInputExtent flag to the base class, and tighten
467         the assertion to address <http://webkit.org/b/133019>.
468
469         * replay/InputCursor.h:
470         (JSC::InputCursor::InputCursor):
471         (JSC::InputCursor::setWithinEventLoopInputExtent): Added.
472         This assertion is slightly wrong because it does not account for nested run loops.
473         We can be within two input extents when a nested run loop processes additional
474         user inputs while the debugger is paused.
475
476         This should only be the case when execution is being neither captured or
477         replayed. The debugger should not pause when capturing, and we should not replay
478         event loop inputs while in a nested run loop.
479
480         (JSC::InputCursor::withinEventLoopInputExtent): Added.
481
482 2014-09-25  Csaba Osztrogonác  <ossy@webkit.org>
483
484         Remove WinCE port from trunk
485         https://bugs.webkit.org/show_bug.cgi?id=136951
486
487         Reviewed by Alex Christensen.
488
489         * assembler/ARMAssembler.h:
490         (JSC::ARMAssembler::cacheFlush):
491         * assembler/ARMv7Assembler.h:
492         (JSC::ARMv7Assembler::cacheFlush):
493         * config.h:
494         * heap/MachineStackMarker.cpp:
495         (JSC::MachineThreads::gatherFromCurrentThread):
496         (JSC::MachineThreads::gatherFromOtherThread):
497         (JSC::swapIfBackwards): Deleted.
498         * jit/ExecutableAllocator.h:
499         * jsc.cpp:
500         (main):
501         * runtime/DateConstructor.cpp:
502         * runtime/Options.cpp:
503         (JSC::overrideOptionWithHeuristic):
504         * runtime/VM.cpp:
505         (JSC::VM::VM):
506         * testRegExp.cpp:
507         (main):
508         * tools/CodeProfiling.cpp:
509         (JSC::CodeProfiling::notifyAllocator):
510
511 2014-09-24  Brian J. Burg  <burg@cs.washington.edu>
512
513         Web Inspector: subtract elapsed time while debugger is paused from profile nodes
514         https://bugs.webkit.org/show_bug.cgi?id=136796
515
516         Reviewed by Timothy Hatcher.
517
518         Rather than accruing no time to any profile node created while the debugger is paused,
519         we can instead count a node's elapsed time and exclude time elapsed while paused.
520
521         Time for a node may elapse in a non-contiguous fashion depending on the interleaving of
522         didPause, didContinue, willExecute, and didExecute. A node's start time is set to the
523         start of the last such interval that accrues elapsed time.
524
525         * profiler/ProfileGenerator.cpp:
526         (JSC::ProfileGenerator::ProfileGenerator):
527         (JSC::ProfileGenerator::beginCallEntry):
528         (JSC::ProfileGenerator::endCallEntry):
529         (JSC::ProfileGenerator::didPause): Added.
530         (JSC::ProfileGenerator::didContinue): Added.
531         * profiler/ProfileGenerator.h:
532         (JSC::ProfileGenerator::didPause): Deleted.
533         (JSC::ProfileGenerator::didContinue): Deleted.
534         * profiler/ProfileNode.h: Rename totalTime to elapsedTime.
535         (JSC::ProfileNode::Call::Call):
536         (JSC::ProfileNode::Call::elapsedTime): Added.
537         (JSC::ProfileNode::Call::setElapsedTime): Added.
538         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
539         (JSC::ProfileNode::Call::totalTime): Deleted.
540         (JSC::ProfileNode::Call::setTotalTime): Deleted.
541
542 2014-09-24  Commit Queue  <commit-queue@webkit.org>
543
544         Unreviewed, rolling out r173839.
545         https://bugs.webkit.org/show_bug.cgi?id=137062
546
547         NumberConstruct should no longer use static tables (Requested
548         by dpino on #webkit).
549
550         Reverted changeset:
551
552         "Simple ES6 feature: Number constructor extras"
553         https://bugs.webkit.org/show_bug.cgi?id=131707
554         http://trac.webkit.org/changeset/173839
555
556 2014-09-23  Mark Lam  <mark.lam@apple.com>
557
558         DebuggerCallFrame::invalidate() should invalidate all DebuggerScope chains.
559         <https://webkit.org/b/137045>
560
561         Reviewed by Geoffrey Garen.
562
563         DebuggerCallFrame::invalidate() currently invalidates all DebuggerCallFrames
564         in the debugger stack, but only invalidates the DebuggerScope chain of the
565         top most frame.  We should also invalidate all the DebuggerScope chains of
566         the other frames in the debugger stack.
567
568         * debugger/DebuggerCallFrame.cpp:
569         (JSC::DebuggerCallFrame::invalidate):
570         * debugger/DebuggerScope.cpp:
571         (JSC::DebuggerScope::invalidateChain):
572
573 2014-09-23  Mark Lam  <mark.lam@apple.com>
574
575         Renamed DebuggerCallFrameScope to DebuggerPausedScope.
576         <https://webkit.org/b/137042>
577
578         Reviewed by Michael Saboff.
579
580         DebuggerPausedScope is a better name for this data structure because it
581         is meant for tracking the period within which the debugger is paused,
582         and doing clean ups after the pause ends.
583
584         * debugger/Debugger.cpp:
585         (JSC::DebuggerPausedScope::DebuggerPausedScope):
586         (JSC::DebuggerPausedScope::~DebuggerPausedScope):
587         (JSC::Debugger::pauseIfNeeded):
588         (JSC::DebuggerCallFrameScope::DebuggerCallFrameScope): Deleted.
589         (JSC::DebuggerCallFrameScope::~DebuggerCallFrameScope): Deleted.
590         * debugger/Debugger.h:
591         * debugger/DebuggerCallFrame.h:
592
593 2014-09-23  Tomas Popela  <tpopela@redhat.com>
594
595         [CLoop] - Fix CLoop on the 32-bit Big-Endians
596         https://bugs.webkit.org/show_bug.cgi?id=137020
597
598         Reviewed by Mark Lam.
599
600         * llint/LowLevelInterpreter.asm:
601         * llint/LowLevelInterpreter32_64.asm:
602
603 2014-09-23  Joseph Pecoraro  <pecoraro@apple.com>
604
605         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
606         https://bugs.webkit.org/show_bug.cgi?id=136893
607
608         Reviewed by Timothy Hatcher.
609
610         Adds new remote inspector protocol handling for automatic inspection.
611         Debuggers can signal they have enabled automatic inspection, and
612         when debuggables are created the current application will pause to
613         see if the debugger will inspect or decline to inspect the debuggable.
614
615         * inspector/remote/RemoteInspectorConstants.h:
616         * inspector/remote/RemoteInspector.h:
617         * inspector/remote/RemoteInspector.mm:
618         (Inspector::globalAutomaticInspectionState):
619         (Inspector::RemoteInspector::RemoteInspector):
620         (Inspector::RemoteInspector::start):
621         When first starting, check the global "is there an auto-inspect" debugger state.
622         This is necessary so that the current application knows if it should pause or
623         not when a debuggable is created, even without having connected to webinspectord yet.
624
625         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
626         When a debuggable has enabled remote inspection, take this path to propose
627         it as an automatic inspection candidate if there is an auto-inspect debugger.
628
629         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
630         Send the automatic inspection candidate message.
631
632         (Inspector::RemoteInspector::receivedSetupMessage):
633         (Inspector::RemoteInspector::setupFailed):
634         (Inspector::RemoteInspector::setupSucceeded):
635         After attempting to open an inspector, unpause if it was for the
636         automatic inspection candidate.
637
638         (Inspector::RemoteInspector::waitingForAutomaticInspection):
639         When running a nested runloop, check if we should remain paused.
640
641         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
642         If by the time we connect to webinspectord we have a candidate, then
643         immediately send the candidate message.
644
645         (Inspector::RemoteInspector::stopInternal):
646         (Inspector::RemoteInspector::xpcConnectionFailed):
647         In error cases, clear our state.
648
649         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
650         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
651         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
652         Update state when receiving new messages.
653
654
655         * inspector/remote/RemoteInspectorDebuggable.h:
656         * inspector/remote/RemoteInspectorDebuggable.cpp:
657         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
658         Special case when a debuggable is newly allowed to be debuggable.
659
660         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
661         Run a nested run loop while this is an automatic inspection candidate.
662
663         * inspector/JSGlobalObjectInspectorController.h:
664         * inspector/JSGlobalObjectInspectorController.cpp:
665         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
666         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
667         When the inspector starts via automatic inspection automatically pause.
668         We plan on removing this condition by having the frontend signal to the
669         backend when it is completely initialized.
670         
671         * inspector/remote/RemoteInspectorDebuggableConnection.h:
672         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
673         (Inspector::RemoteInspectorDebuggableConnection::setup):
674         Pass on the flag of whether or not this was automatic inspection.
675
676         * runtime/JSGlobalObjectDebuggable.h:
677         * runtime/JSGlobalObjectDebuggable.cpp:
678         (JSC::JSGlobalObjectDebuggable::connect):
679         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
680         When pausing in a JSGlobalObject we need to release the API lock.
681
682 2014-09-22  Filip Pizlo  <fpizlo@apple.com>
683
684         FTL allocatePropertyStorage code should involve less copy-paste
685         https://bugs.webkit.org/show_bug.cgi?id=137006
686
687         Reviewed by Michael Saboff.
688
689         * ftl/FTLLowerDFGToLLVM.cpp:
690         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
691         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
692         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorageWithSizeImpl):
693
694 2014-09-22  Diego Pino Garcia  <dpino@igalia.com>
695
696         Simple ES6 feature: Number constructor extras
697         https://bugs.webkit.org/show_bug.cgi?id=131707
698
699         Reviewed by Darin Adler.
700
701         * runtime/CommonIdentifiers.h: Added new identifiers.
702         * runtime/NumberConstructor.cpp:
703         (JSC::NumberConstructor::getOwnPropertySlot):
704         (JSC::NumberConstructor::isFunction): Added.
705         (JSC::numberConstructorEpsilonValue): Added.
706         (JSC::numberConstructorNegInfinity): Added.
707         (JSC::numberConstructorPosInfinity): Added.
708         (JSC::numberConstructorMaxValue): Added.
709         (JSC::numberConstructorMinValue): Added.
710         (JSC::numberConstructorMaxSafeInteger): Added.
711         (JSC::numberConstructorMinSafeInteger): Added.
712         (JSC::numberConstructorFuncIsFinite): Added.
713         (JSC::numberConstructorFuncIsInteger): Added.
714         (JSC::numberConstructorFuncIsNaN): Added.
715         (JSC::numberConstructorFuncIsSafeInteger): Added.
716         * runtime/NumberConstructor.h:
717
718 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
719
720         FTL should store the four bytes of the cell header using a 32-bit store rather than four 8-bit stores
721         https://bugs.webkit.org/show_bug.cgi?id=136992
722
723         Reviewed by Sam Weinig.
724         
725         LLVM ought to be able to do this optimization for us given how the code was written, but
726         any such lower-level attempts to optimize this would get into trouble with the weird
727         object materialization logic I'll be introducing in bug 136330. So, this brings the
728         merging of the byte stores into the FTL lowering so that we can control it explicitly.
729
730         * ftl/FTLAbstractHeap.h:
731         (JSC::FTL::AbstractHeap::changeParent):
732         * ftl/FTLAbstractHeapRepository.cpp:
733         (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
734         * ftl/FTLAbstractHeapRepository.h:
735         * ftl/FTLLowerDFGToLLVM.cpp:
736         (JSC::FTL::LowerDFGToLLVM::allocateCell):
737
738 2014-09-21  Saam Barati  <saambarati1@gmail.com>
739
740         Web Inspector: fix TypeSet hierarchy in TypeTokenView
741         https://bugs.webkit.org/show_bug.cgi?id=136982
742
743         Reviewed by Joseph Pecoraro.
744
745         TypeSet was computing the set of type booleans in the Inspector::Protocol::Runtime::TypeSet 
746         object incorrectly because it was calling TypeSet::doesTypeConformTo(T) which checks if the 
747         type set has only been of type T. It now checks '(m_seenTypes & T) != TypeNothing' to see 
748         if type T is in the set of seen types, but not the entire set itself.
749
750         * runtime/TypeSet.cpp:
751         (JSC::TypeSet::inspectorTypeSet):
752
753 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
754
755         Structure should have a method for concurrently getting all of the property map entries, and this method shouldn't involve copy-paste
756         https://bugs.webkit.org/show_bug.cgi?id=136983
757
758         Reviewed by Mark Hahnenberg.
759
760         * runtime/PropertyMapHashTable.h:
761         (JSC::PropertyMapEntry::PropertyMapEntry): Moved PropertyMapEntry struct to Structure.h so that Structure can refer to it.
762         * runtime/Structure.cpp:
763         (JSC::Structure::getConcurrently): Switch to using the new forEachPropertyConcurrently() method.
764         (JSC::Structure::getPropertiesConcurrently): The subject of this patch. It will be useful for object allocation sinking (bug 136330).
765         (JSC::Structure::dump): Switch to using the new forEachPropertyConcurrently() method.
766         * runtime/Structure.h:
767         (JSC::PropertyMapEntry::PropertyMapEntry): Moved from PropertyMapHashTable.h.
768         * runtime/StructureInlines.h:
769         (JSC::Structure::forEachPropertyConcurrently): Capture this very common concurrent structure iteration pattern into a template method.
770
771 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
772
773         Structure::getConcurrently() doesn't need to take a VM& argument.
774
775         Rubber stamped by Dan Bernstein.
776         
777         Removed the extra argument, and then removed similar arguments from other methods until
778         I could build successfully again. It turned out that many methods took a VM& argument
779         just for calling getConcurrently().
780
781         * bytecode/CodeBlock.cpp:
782         (JSC::dumpStructure):
783         (JSC::dumpChain):
784         (JSC::CodeBlock::printGetByIdCacheStatus):
785         (JSC::CodeBlock::printPutByIdCacheStatus):
786         * bytecode/ComplexGetStatus.cpp:
787         (JSC::ComplexGetStatus::computeFor):
788         * bytecode/GetByIdStatus.cpp:
789         (JSC::GetByIdStatus::computeFromLLInt):
790         (JSC::GetByIdStatus::computeForStubInfo):
791         (JSC::GetByIdStatus::computeFor):
792         * bytecode/GetByIdStatus.h:
793         * bytecode/PutByIdStatus.cpp:
794         (JSC::PutByIdStatus::computeFromLLInt):
795         (JSC::PutByIdStatus::computeForStubInfo):
796         (JSC::PutByIdStatus::computeFor):
797         * bytecode/PutByIdStatus.h:
798         * dfg/DFGAbstractInterpreterInlines.h:
799         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
800         * dfg/DFGByteCodeParser.cpp:
801         (JSC::DFG::ByteCodeParser::parseBlock):
802         * dfg/DFGConstantFoldingPhase.cpp:
803         (JSC::DFG::ConstantFoldingPhase::foldConstants):
804         * dfg/DFGFixupPhase.cpp:
805         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
806         * runtime/IntendedStructureChain.cpp:
807         (JSC::IntendedStructureChain::mayInterceptStoreTo):
808         * runtime/IntendedStructureChain.h:
809         * runtime/Structure.cpp:
810         (JSC::Structure::getConcurrently):
811         * runtime/Structure.h:
812         * runtime/StructureInlines.h:
813         (JSC::Structure::getConcurrently):
814
815 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
816
817         FTL OSRExit construction should be based on methods that return ExitValues rather than methods that add ExitValues to OSRExit
818         https://bugs.webkit.org/show_bug.cgi?id=136978
819
820         Reviewed by Dean Jackson.
821
822         * ftl/FTLLowerDFGToLLVM.cpp:
823         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
824         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
825         (JSC::FTL::LowerDFGToLLVM::exitArgument):
826         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): Deleted.
827         (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument): Deleted.
828         (JSC::FTL::LowerDFGToLLVM::addExitArgument): Deleted.
829
830 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
831
832         FTL OSR exit should do reboxing and value recovery in the same pass
833         https://bugs.webkit.org/show_bug.cgi?id=136977
834
835         Reviewed by Oliver Hunt.
836         
837         It's conceptually simpler to have all of the logic in one place. After the
838         recover-and-rebox loop is done, all of the exit values are in the form that the baseline
839         JIT would want them to be in; the only remaining task is to move them into the right
840         place on the stack after we do all of the necessary stack adjustments.
841
842         * ftl/FTLOSRExitCompiler.cpp:
843         (JSC::FTL::compileStub):
844
845 2014-09-19  Filip Pizlo  <fpizlo@apple.com>
846
847         StorageAccessData should be referenced in a sensible way
848         https://bugs.webkit.org/show_bug.cgi?id=136963
849
850         Reviewed and rubber stamped by Michael Saboff.
851
852         * dfg/DFGAbstractInterpreterInlines.h:
853         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
854         * dfg/DFGByteCodeParser.cpp:
855         (JSC::DFG::ByteCodeParser::handleGetByOffset):
856         (JSC::DFG::ByteCodeParser::handlePutByOffset):
857         (JSC::DFG::ByteCodeParser::handlePutById):
858         * dfg/DFGClobberize.h:
859         (JSC::DFG::clobberize):
860         * dfg/DFGConstantFoldingPhase.cpp:
861         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
862         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
863         * dfg/DFGGraph.cpp:
864         (JSC::DFG::Graph::dump):
865         * dfg/DFGGraph.h:
866         * dfg/DFGNode.h:
867         (JSC::DFG::Node::convertToGetByOffset):
868         (JSC::DFG::Node::convertToPutByOffset):
869         (JSC::DFG::Node::storageAccessData):
870         (JSC::DFG::Node::storageAccessDataIndex): Deleted.
871         * dfg/DFGSafeToExecute.h:
872         (JSC::DFG::safeToExecute):
873         * dfg/DFGSpeculativeJIT32_64.cpp:
874         (JSC::DFG::SpeculativeJIT::compile):
875         * dfg/DFGSpeculativeJIT64.cpp:
876         (JSC::DFG::SpeculativeJIT::compile):
877         * ftl/FTLLowerDFGToLLVM.cpp:
878         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
879         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
880
881 2014-09-19  Ryosuke Niwa  <rniwa@webkit.org>
882
883         Leak of mallocs under StructureSet::OutOfLineList::create
884         https://bugs.webkit.org/show_bug.cgi?id=136970
885
886         Reviewed by Filip Pizlo.
887
888         addOutOfLine should free the old list when expanding the capacity.
889
890         * bytecode/StructureSet.cpp:
891         (JSC::StructureSet::addOutOfLine):
892
893 2014-09-19  Daniel Bates  <dabates@apple.com>
894
895         Always assume internal SDK when building configuration Production
896         https://bugs.webkit.org/show_bug.cgi?id=136925
897         <rdar://problem/18362399>
898
899         Reviewed by Dan Bernstein.
900
901         As a side effect of this change we will always enable ENABLE_TOUCH_EVENTS, ENABLE_IOS_{GESTURE, TOUCH}_EVENTS,
902         and ENABLE_XSLT when either building configuration Production or building with the Internal SDK.
903
904         * Configurations/Base.xcconfig:
905
906 2014-09-19  Diego Pino Garcia  <dpino@igalia.com>
907
908         Simple ES6 feature:String prototype additions
909         https://bugs.webkit.org/show_bug.cgi?id=131704
910
911         Reviewed by Darin Adler.
912
913         * runtime/StringPrototype.cpp:
914         (JSC::StringPrototype::finishCreation):
915         (JSC::stringProtoFuncStartsWith): Added.
916         (JSC::stringProtoFuncEndsWith): Added.
917         (JSC::stringProtoFuncContains): Added.
918
919 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
920
921         Unreviewed rollout r173731. Broke multiple builds.
922
923         * inspector/JSGlobalObjectInspectorController.cpp:
924         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
925         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
926         * inspector/JSGlobalObjectInspectorController.h:
927         * inspector/remote/RemoteInspector.h:
928         * inspector/remote/RemoteInspector.mm:
929         (Inspector::RemoteInspector::RemoteInspector):
930         (Inspector::RemoteInspector::setupFailed):
931         (Inspector::RemoteInspector::start):
932         (Inspector::RemoteInspector::stopInternal):
933         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
934         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
935         (Inspector::RemoteInspector::xpcConnectionFailed):
936         (Inspector::RemoteInspector::receivedSetupMessage):
937         (Inspector::globalAutomaticInspectionState): Deleted.
938         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
939         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage): Deleted.
940         (Inspector::RemoteInspector::setupSucceeded): Deleted.
941         (Inspector::RemoteInspector::waitingForAutomaticInspection): Deleted.
942         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage): Deleted.
943         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage): Deleted.
944         * inspector/remote/RemoteInspectorConstants.h:
945         * inspector/remote/RemoteInspectorDebuggable.cpp:
946         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
947         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection): Deleted.
948         * inspector/remote/RemoteInspectorDebuggable.h:
949         * inspector/remote/RemoteInspectorDebuggableConnection.h:
950         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
951         (Inspector::RemoteInspectorDebuggableConnection::setup):
952         * runtime/JSGlobalObjectDebuggable.cpp:
953         (JSC::JSGlobalObjectDebuggable::connect):
954         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection): Deleted.
955         * runtime/JSGlobalObjectDebuggable.h:
956
957 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
958
959         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
960         https://bugs.webkit.org/show_bug.cgi?id=136893
961
962         Reviewed by Timothy Hatcher.
963
964         Adds new remote inspector protocol handling for automatic inspection.
965         Debuggers can signal they have enabled automatic inspection, and
966         when debuggables are created the current application will pause to
967         see if the debugger will inspect or decline to inspect the debuggable.
968
969         * inspector/remote/RemoteInspectorConstants.h:
970         * inspector/remote/RemoteInspector.h:
971         * inspector/remote/RemoteInspector.mm:
972         (Inspector::globalAutomaticInspectionState):
973         (Inspector::RemoteInspector::RemoteInspector):
974         (Inspector::RemoteInspector::start):
975         When first starting, check the global "is there an auto-inspect" debugger state.
976         This is necessary so that the current application knows if it should pause or
977         not when a debuggable is created, even without having connected to webinspectord yet.
978
979         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
980         When a debuggable has enabled remote inspection, take this path to propose
981         it as an automatic inspection candidate if there is an auto-inspect debugger.
982
983         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
984         Send the automatic inspection candidate message.
985
986         (Inspector::RemoteInspector::receivedSetupMessage):
987         (Inspector::RemoteInspector::setupFailed):
988         (Inspector::RemoteInspector::setupSucceeded):
989         After attempting to open an inspector, unpause if it was for the
990         automatic inspection candidate.
991
992         (Inspector::RemoteInspector::waitingForAutomaticInspection):
993         When running a nested runloop, check if we should remain paused.
994
995         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
996         If by the time we connect to webinspectord we have a candidate, then
997         immediately send the candidate message.
998
999         (Inspector::RemoteInspector::stopInternal):
1000         (Inspector::RemoteInspector::xpcConnectionFailed):
1001         In error cases, clear our state.
1002
1003         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
1004         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
1005         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
1006         Update state when receiving new messages.
1007
1008
1009         * inspector/remote/RemoteInspectorDebuggable.h:
1010         * inspector/remote/RemoteInspectorDebuggable.cpp:
1011         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
1012         Special case when a debuggable is newly allowed to be debuggable.
1013
1014         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
1015         Run a nested run loop while this is an automatic inspection candidate.
1016
1017         * inspector/JSGlobalObjectInspectorController.h:
1018         * inspector/JSGlobalObjectInspectorController.cpp:
1019         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1020         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1021         When the inspector starts via automatic inspection automatically pause.
1022         We plan on removing this condition by having the frontend signal to the
1023         backend when it is completely initialized.
1024         
1025         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1026         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1027         (Inspector::RemoteInspectorDebuggableConnection::setup):
1028         Pass on the flag of whether or not this was automatic inspection.
1029
1030         * runtime/JSGlobalObjectDebuggable.h:
1031         * runtime/JSGlobalObjectDebuggable.cpp:
1032         (JSC::JSGlobalObjectDebuggable::connect):
1033         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
1034         When pausing in a JSGlobalObject we need to release the API lock.
1035
1036 2014-09-18  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
1037
1038         Fix "Tools/Scripts/build-webkit --efl --no-inspector" build
1039         https://bugs.webkit.org/show_bug.cgi?id=136912
1040
1041         Reviewed by Darin Adler.
1042
1043         * runtime/TypeSet.cpp:
1044         (JSC::TypeSet::leastCommonAncestor):
1045
1046 2014-09-17  Michael Saboff  <msaboff@apple.com>
1047
1048         Change CallFrame to use Callee instead of JSScope to implement vm()
1049         https://bugs.webkit.org/show_bug.cgi?id=136894
1050
1051         Reviewed by Geoffrey Garen.
1052
1053         Added JSCell::vm() method that can be used on any JSObject.  Changed CallFrame::vm() to
1054         use JSCell::vm with the Callee.  Made similar changes in the LLInt.
1055         In support of this, changed JSGlobalObject::init() to take a VM& parameter, as there is
1056         a chicken/egg problem with trying to use the Callee in the global exec before the Callee
1057         has been create.  Besides, the vm is readily available in finishCreation(), the caller of
1058         init().
1059
1060         * llint/LowLevelInterpreter32_64.asm:
1061         * llint/LowLevelInterpreter64.asm:
1062         Changed the calculation of CallFrame::VM to use the Callee instead of JSScope.
1063
1064         * runtime/JSCell.h:
1065         * runtime/JSCellInlines.h:
1066         (JSC::JSCell::vm): New method for getting VM from the pointer.
1067         (JSC::ExecState::vm): Moved this method from JSScope.h to here since this file
1068         contains the implementation of JSCell::vm(), this file is included by all users
1069         of CallFrame::vm, and lastly putting it in CallFrameInlines.h required changing
1070         many other .h files and possible the WebCore generator generate-bindings.pl.
1071
1072         * runtime/JSGlobalObject.cpp:
1073         (JSC::JSGlobalObject::init):
1074         * runtime/JSGlobalObject.h:
1075         (JSC::JSGlobalObject::finishCreation):
1076         Changed init() to take a VM parameter.
1077
1078         * runtime/JSScope.h:
1079         (JSC::ExecState::vm): Deleted.
1080
1081 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
1082
1083         Unreviewed, disable native inlining because it causes build failures.
1084
1085         * JavaScriptCore.xcodeproj/project.pbxproj:
1086
1087 2014-09-16  Joseph Pecoraro  <pecoraro@apple.com>
1088
1089         Web Inspector: Reduce a bit of churn setting initial remote inspection state
1090         https://bugs.webkit.org/show_bug.cgi?id=136875
1091
1092         Reviewed by Timothy Hatcher.
1093
1094         * API/JSContextRef.cpp:
1095         (JSGlobalContextCreateInGroup):
1096         Set the defaultl remote debuggable state at the API boundary.
1097
1098         * runtime/JSGlobalObject.cpp:
1099         (JSC::JSGlobalObject::init):
1100         Do not set remote debuggable state here. Let clients set it.
1101
1102 2014-09-16  Yusuke Suzuki  <utatane.tea@gmail.com>
1103
1104         Promise: Drop Promise.cast
1105         https://bugs.webkit.org/show_bug.cgi?id=136222
1106
1107         Reviewed by Sam Weinig.
1108
1109         Promise.cast is dropped and Promise.resolve is replaced with old Promise.cast.
1110
1111         * runtime/CommonIdentifiers.h:
1112         * runtime/JSPromiseConstructor.cpp:
1113         (JSC::JSPromiseConstructorFuncResolve):
1114         (JSC::JSPromiseConstructorFuncRace):
1115         (JSC::JSPromiseConstructorFuncAll):
1116         (JSC::JSPromiseConstructorFuncCast): Deleted.
1117
1118 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
1119
1120         Local OSR availability calculation should be reusable
1121         https://bugs.webkit.org/show_bug.cgi?id=136860
1122
1123         Reviewed by Oliver Hunt.
1124         
1125         Previously, the FTL lowering repeated some of the logic of the OSR availability analysis
1126         phase. Humorously, it actually did this logic a bit differently; for example the phase
1127         would claim that a SetLocal makes both the flush and the node available while the FTL
1128         only claimed that the flush was available. This different was benign, but still: yuck!
1129         
1130         Also, previously if you wanted to use availability information then you'd have to repeat
1131         some of the logic that both the phase itself and the FTL lowering already had.
1132         Presumably, you could get epic style points for finding other benign ways in which to
1133         make your copy of the logic different from the other two!
1134         
1135         This reduces the amount of style points one could conceivably get in the future when
1136         hacking JSC, by creating a single reusable thingy for computing local OSR availability.
1137
1138         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
1139         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
1140         (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
1141         (JSC::DFG::LocalOSRAvailabilityCalculator::~LocalOSRAvailabilityCalculator):
1142         (JSC::DFG::LocalOSRAvailabilityCalculator::beginBlock):
1143         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
1144         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
1145         * ftl/FTLLowerDFGToLLVM.cpp:
1146         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
1147         (JSC::FTL::LowerDFGToLLVM::compileBlock):
1148         (JSC::FTL::LowerDFGToLLVM::compileNode):
1149         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
1150         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
1151         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
1152         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
1153         (JSC::FTL::LowerDFGToLLVM::availability):
1154         (JSC::FTL::LowerDFGToLLVM::compileMovHint): Deleted.
1155         (JSC::FTL::LowerDFGToLLVM::compileZombieHint): Deleted.
1156         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock): Deleted.
1157
1158 2014-09-16  Csaba Osztrogonác  <ossy@webkit.org>
1159
1160         JSC test gardening
1161         https://bugs.webkit.org/show_bug.cgi?id=136823
1162
1163         Reviewed by Geoffrey Garen.
1164
1165         * tests/mozilla/mozilla-tests.yaml: Unskip passing tests.
1166
1167 2014-09-15  Michael Saboff  <msaboff@apple.com>
1168
1169         Create a JSCallee for GlobalExec object
1170         https://bugs.webkit.org/show_bug.cgi?id=136840
1171
1172         Reviewed by Geoffrey Garen.
1173
1174         Added m_globalCallee, initialized it and then used it to set the globalExec's callee.
1175
1176         * runtime/JSGlobalObject.cpp:
1177         (JSC::JSGlobalObject::init):
1178         (JSC::JSGlobalObject::visitChildren):
1179         * runtime/JSGlobalObject.h:
1180
1181 2014-09-14  Filip Pizlo  <fpizlo@apple.com>
1182
1183         DFG ref count calculation should be reusable
1184         https://bugs.webkit.org/show_bug.cgi?id=136811
1185
1186         Reviewed by Oliver Hunt.
1187         
1188         Henceforth if you call Graph::computeRefCounts(), a nifty O(n) operation, every Node
1189         will be able to tell you how many places it is used from. Currently only DCE uses this,
1190         but it will be useful for https://bugs.webkit.org/show_bug.cgi?id=136330.
1191
1192         * dfg/DFGDCEPhase.cpp:
1193         (JSC::DFG::DCEPhase::run):
1194         (JSC::DFG::DCEPhase::findTypeCheckRoot): Deleted.
1195         (JSC::DFG::DCEPhase::countNode): Deleted.
1196         (JSC::DFG::DCEPhase::countEdge): Deleted.
1197         * dfg/DFGGraph.cpp:
1198         (JSC::DFG::Graph::computeRefCounts):
1199         * dfg/DFGGraph.h:
1200
1201 2014-09-12  Michael Saboff  <msaboff@apple.com>
1202
1203         Merge JSGlobalObject::reset() into ::init()
1204         https://bugs.webkit.org/show_bug.cgi?id=136800
1205
1206         Reviewed by Oliver Hunt.
1207
1208         Moved the contents of reset() into init().
1209         Note that the diff shows more changes.
1210
1211         * runtime/JSGlobalObject.cpp:
1212         (JSC::JSGlobalObject::init): Moved body of reset() into init.
1213         (JSC::JSGlobalObject::put):
1214         (JSC::JSGlobalObject::defineOwnProperty):
1215         (JSC::JSGlobalObject::addGlobalVar):
1216         (JSC::JSGlobalObject::addFunction):
1217         (JSC::lastInPrototypeChain):
1218         (JSC::JSGlobalObject::reset): Deleted.
1219         * runtime/JSGlobalObject.h:
1220
1221 2014-09-12  Michael Saboff  <msaboff@apple.com>
1222
1223         Add JSCallee to program and eval CallFrames
1224         https://bugs.webkit.org/show_bug.cgi?id=136785
1225
1226         Reviewed by Mark Lam.
1227
1228         Populated Callee slot for program and call eval CallFrames with a JSCallee objects.
1229         Made supporting changes including adding a JSCallee structure to global object and adding
1230         JSCallee::create() method.  Added code so that the newly added callee object won't be
1231         returned by Function.caller.  Changed null pointer checks of callee to check the if
1232         the type is JSFunction* or JSCallee*.
1233
1234         * debugger/DebuggerCallFrame.cpp:
1235         (JSC::DebuggerCallFrame::functionName):
1236         (JSC::DebuggerCallFrame::type):
1237         * profiler/LegacyProfiler.cpp:
1238         (JSC::LegacyProfiler::createCallIdentifier):
1239         * interpreter/Interpreter.cpp:
1240         (JSC::unwindCallFrame):
1241         Changed checks of callee is a JSFunction* or JSCallee* instead of just checking
1242         if it is null or not.
1243
1244         * interpreter/Interpreter.cpp:
1245         (JSC::Interpreter::execute): Create and use JSCallee objects for execute(EvalExecutable, ...)
1246         and execute(ProgramExecutable, ...)
1247
1248         * jit/JITCode.cpp:
1249         (JSC::JITCode::execute): Use jsDynamicCast to cast only JSFunctions.
1250
1251         * runtime/JSCallee.cpp:
1252         (JSC::JSCallee::create): Not used, therefore deleted.
1253
1254         * runtime/JSCallee.h:
1255         (JSC::JSCallee::create): Added.
1256
1257         * runtime/JSFunction.cpp:
1258         (JSC::JSFunction::callerGetter): Added test to return null for JSCallee's that aren't
1259         JSFunction's.  This can only be the case when the JSCallee comes from a program or
1260         call eval CallFrame.
1261
1262         * runtime/JSGlobalObject.cpp:
1263         (JSC::JSGlobalObject::reset):
1264         (JSC::JSGlobalObject::visitChildren):
1265         * runtime/JSGlobalObject.h:
1266         (JSC::JSGlobalObject::calleeStructure):
1267         Added new JSCallee structure.
1268
1269 2014-09-10  Jon Honeycutt  <jhoneycutt@apple.com>
1270
1271         Re-add the request autocomplete feature
1272
1273         <https://bugs.webkit.org/show_bug.cgi?id=136730>
1274
1275         This feature was rolled out in r148731 because it was only used by
1276         Chromium. As we consider supporting this feature, roll it back in, but
1277         leave it disabled.
1278
1279         This rolls out r148731 (which removed the feature) with small changes
1280         needed to make the code build in ToT, to match modern style, to make
1281         the tests run, and to remove unused code.
1282
1283         Reviewed by Andy Estes.
1284
1285         * Configurations/FeatureDefines.xcconfig:
1286
1287 2014-09-12  Julien Brianceau  <jbriance@cisco.com>
1288
1289         [x86] moveDoubleToInts() does not clobber its source register anymore
1290         https://bugs.webkit.org/show_bug.cgi?id=131690
1291
1292         Reviewed by Oliver Hunt.
1293
1294         * assembler/MacroAssemblerX86.h:
1295         (JSC::MacroAssemblerX86::moveDoubleToInts):
1296         * dfg/DFGSpeculativeJIT.cpp:
1297         (JSC::DFG::SpeculativeJIT::compileValueRep):
1298         * jit/SpecializedThunkJIT.h:
1299         (JSC::SpecializedThunkJIT::returnDouble):
1300
1301 2014-09-12  Mark Lam  <mark.lam@apple.com>
1302
1303         Unreviewed build fix for CLOOP build.
1304
1305         * runtime/JSCallee.h:
1306
1307 2014-09-12  Michael Saboff  <msaboff@apple.com>
1308
1309         Remove unneeded declarations from JSCallee.h
1310         https://bugs.webkit.org/show_bug.cgi?id=136783
1311
1312         Reviewed by Mark Lam.
1313
1314         * runtime/JSCallee.h:
1315         (JSCallee::name): Deleted.
1316         (JSCallee::displayName): Deleted.
1317         (JSCallee::calculatedDisplayName): Deleted.
1318
1319 2014-09-11  Brian J. Burg  <burg@cs.washington.edu>
1320
1321         Web Inspector: disambiguate double and integer primitive types in the protocol
1322         https://bugs.webkit.org/show_bug.cgi?id=136606
1323
1324         Reviewed by Timothy Hatcher.
1325
1326         Right now it's really easy to mix up doubles and integers when serializing or deserializing
1327         values for the inspector protocol. This patch disambiguates setting/getting doubles and integers
1328         so that it is clearer as to which type is intended.
1329
1330         A new InspectorValue::Type is added for Integer types, and the Number type is renamed to Double.
1331         The existing callsites for asNumber/getNumber/setNumber have been fixed.
1332
1333         Address various integration points to make sure the right type tag is assigned to InspectorValues.
1334
1335         * bindings/ScriptValue.cpp:
1336         (Deprecated::jsToInspectorValue): Make an Integer if the JSValue is Int52 or smaller.
1337         * inspector/InjectedScriptManager.cpp:
1338         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
1339         * inspector/InspectorBackendDispatcher.cpp:
1340         (Inspector::InspectorBackendDispatcher::dispatch):
1341         (Inspector::InspectorBackendDispatcher::sendResponse):
1342         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1343         (Inspector::AsMethodBridges::asInteger):
1344         (Inspector::AsMethodBridges::asDouble):
1345         (Inspector::InspectorBackendDispatcher::getInteger):
1346         (Inspector::InspectorBackendDispatcher::getDouble):
1347         (Inspector::AsMethodBridges::asInt): Deleted.
1348         (Inspector::InspectorBackendDispatcher::getInt): Deleted.
1349         * inspector/InspectorBackendDispatcher.h:
1350         * inspector/InspectorProtocolTypes.h: Remove the special case for checking int type tags.
1351         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw):
1352         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw):
1353         (Inspector::Protocol::BindingTraits<int>::assertValueHasExpectedType): Deleted.
1354         * inspector/InspectorValues.cpp: Allow integers and doubles to be convertible using asInteger/asDouble.
1355         (Inspector::InspectorValue::asDouble):
1356         (Inspector::InspectorValue::asInteger):
1357         (Inspector::InspectorBasicValue::asDouble):
1358         (Inspector::InspectorBasicValue::asInteger):
1359         (Inspector::InspectorBasicValue::writeJSON):
1360         (Inspector::InspectorValue::asNumber): Deleted.
1361         (Inspector::InspectorBasicValue::asNumber): Deleted.
1362         * inspector/InspectorValues.h:
1363         (Inspector::InspectorObjectBase::setInteger):
1364         (Inspector::InspectorObjectBase::setDouble):
1365         (Inspector::InspectorArrayBase::pushInteger):
1366         (Inspector::InspectorArrayBase::pushDouble):
1367         (Inspector::InspectorObjectBase::setNumber): Deleted.
1368         (Inspector::InspectorArrayBase::pushInt): Deleted.
1369         (Inspector::InspectorArrayBase::pushNumber): Deleted.
1370         * inspector/agents/InspectorDebuggerAgent.cpp:
1371         (Inspector::buildObjectForBreakpointCookie):
1372         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
1373         (Inspector::parseLocation):
1374         (Inspector::InspectorDebuggerAgent::didParseSource):
1375         * inspector/agents/InspectorRuntimeAgent.cpp:
1376         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1377         * inspector/scripts/codegen/generator.py: Update emitted code and rebaseline test results.
1378         (Generator.keyed_get_method_for_type):
1379         (Generator.keyed_set_method_for_type):
1380         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1381         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1382         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1383         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1384         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1385         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1386         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1387         * replay/EncodedValue.cpp:
1388         (JSC::EncodedValue::convertTo<double>):
1389         (JSC::EncodedValue::convertTo<float>):
1390         (JSC::EncodedValue::convertTo<int32_t>):
1391         (JSC::EncodedValue::convertTo<int64_t>):
1392         (JSC::EncodedValue::convertTo<uint32_t>):
1393         (JSC::EncodedValue::convertTo<uint64_t>):
1394
1395 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1396
1397         Web Inspector: Occasional ASSERT closing web inspector
1398         https://bugs.webkit.org/show_bug.cgi?id=136762
1399
1400         Reviewed by Timothy Hatcher.
1401
1402         It is harmless, and indeed possible to have an empty set of listeners
1403         now that each Page gets its own PageDebugServer instead of a shared
1404         global. So we should replace the null checks with isEmpty checks.
1405         Since nobody was ever returning null, convert to references as well.
1406
1407         * inspector/JSGlobalObjectScriptDebugServer.h:
1408         * inspector/ScriptDebugServer.cpp:
1409         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
1410         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1411         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
1412         (Inspector::ScriptDebugServer::sourceParsed):
1413         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
1414         (Inspector::ScriptDebugServer::notifyDoneProcessingDebuggerEvents):
1415         (Inspector::ScriptDebugServer::handlePause):
1416         (Inspector::ScriptDebugServer::needPauseHandling): Deleted.
1417         * inspector/ScriptDebugServer.h:
1418
1419 2014-09-10  Michael Saboff  <msaboff@apple.com>
1420
1421         Move JSScope out of JSFunction into separate JSCallee class
1422         https://bugs.webkit.org/show_bug.cgi?id=136725
1423
1424         Reviewed by Oliver Hunt.
1425
1426         Created new JSCallee class that contains a JSScope*.  Changed JSFunction to inherit from
1427         JSCallee.
1428
1429         * CMakeLists.txt:
1430         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1431         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1432         * JavaScriptCore.xcodeproj/project.pbxproj:
1433         Build changes.  Added JSCallee.cpp and JSCallee.h.
1434
1435         * runtime/JSCallee.cpp: Added.
1436         (JSC::JSCallee::create):
1437         (JSC::JSCallee::destroy):
1438         (JSC::JSCallee::JSCallee):
1439         (JSC::JSCallee::finishCreation):
1440         (JSC::JSCallee::visitChildren):
1441         (JSC::JSCallee::getOwnPropertySlot): Pass through wrapper function.
1442         (JSC::JSCallee::getOwnNonIndexPropertyNames): Pass through wrapper function.
1443         (JSC::JSCallee::put): Pass through wrapper function.
1444         (JSC::JSCallee::deleteProperty): Pass through wrapper function.
1445         (JSC::JSCallee::defineOwnProperty): Pass through wrapper function.
1446
1447         * runtime/JSCallee.h: Added.
1448         (JSC::JSCallee::scope):
1449         (JSC::JSCallee::scopeUnchecked):
1450         (JSC::JSCallee::setScope):
1451         (JSC::JSCallee::createStructure):
1452         (JSC::JSCallee::offsetOfScopeChain):
1453
1454         * runtime/JSFunction.cpp:
1455         (JSC::JSFunction::JSFunction):
1456         (JSC::JSFunction::addNameScopeIfNeeded):
1457         (JSC::JSFunction::visitChildren):
1458         * runtime/JSFunction.h:
1459         (JSC::JSFunction::scope): Deleted.
1460         (JSC::JSFunction::scopeUnchecked): Deleted.
1461         (JSC::JSFunction::setScope): Deleted.
1462         (JSC::JSFunction::offsetOfScopeChain): Deleted.
1463         * runtime/JSFunctionInlines.h:
1464         (JSC::JSFunction::JSFunction):
1465         Changed to reference JSCallee and its methods.
1466
1467         * runtime/JSType.h: Added JSCallee as a TypeEnum.
1468
1469 2014-09-11  Filip Pizlo  <fpizlo@apple.com>
1470
1471         REGRESSION (r172129): Vine pages load as blank
1472         https://bugs.webkit.org/show_bug.cgi?id=136655
1473         rdar://problem/18281215
1474
1475         Reviewed by Michael Saboff.
1476         
1477         If lastNode is something that is subject to DCE, then removing the Phantom's reference to something
1478         that lastNode references means that the thing being referenced may no longer be kept alive for OSR.
1479         Teach PhantomRemovalPhase that it's only safe to do this if lastNode is a Phantom. That's probably too
1480         conservative, but that's fine since this is mainly just an optimization to make the IR sane to read and
1481         reasonably compact; it's OK if we miss cases here.
1482
1483         * dfg/DFGPhantomRemovalPhase.cpp:
1484         (JSC::DFG::PhantomRemovalPhase::run):
1485         * tests/stress/remove-phantom-after-setlocal.js: Added.
1486
1487 2014-09-11  Bear Travis  <betravis@adobe.com>
1488
1489         [CSS Font Loading] Enable CSS Font Loading on Mac
1490         https://bugs.webkit.org/show_bug.cgi?id=135473
1491
1492         Reviewed by Antti Koivisto.
1493
1494         Enable CSS Font Loading in FeatureDefines.
1495
1496         * Configurations/FeatureDefines.xcconfig:
1497
1498 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1499
1500         Unreviewed rebaseline of inspector generator test results after r173120.
1501
1502         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1503         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1504         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1505         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1506
1507 2014-09-11  Oliver Hunt  <oliver@apple.com>
1508
1509         Rename activation to be more in line with spec language
1510         https://bugs.webkit.org/show_bug.cgi?id=136721
1511
1512         Reviewed by Michael Saboff.
1513
1514         Somewhat bigger than the last one, but still just a rename.
1515
1516         * CMakeLists.txt:
1517         * JavaScriptCore.order:
1518         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1519         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1520         * JavaScriptCore.xcodeproj/project.pbxproj:
1521         * bytecode/BytecodeList.json:
1522         * bytecode/BytecodeUseDef.h:
1523         (JSC::computeUsesForBytecodeOffset):
1524         (JSC::computeDefsForBytecodeOffset):
1525         * bytecode/CallVariant.h:
1526         * bytecode/CodeBlock.cpp:
1527         (JSC::CodeBlock::dumpBytecode):
1528         (JSC::CodeBlock::CodeBlock):
1529         (JSC::CodeBlock::finalizeUnconditionally):
1530         (JSC::CodeBlock::isCaptured):
1531         (JSC::CodeBlock::nameForRegister):
1532         * bytecode/CodeBlock.h:
1533         (JSC::CodeBlock::setActivationRegister):
1534         (JSC::CodeBlock::activationRegister):
1535         (JSC::CodeBlock::uncheckedActivationRegister):
1536         (JSC::CodeBlock::needsActivation):
1537         * bytecode/Instruction.h:
1538         * bytecode/UnlinkedCodeBlock.h:
1539         (JSC::UnlinkedCodeBlock::setActivationRegister):
1540         (JSC::UnlinkedCodeBlock::activationRegister):
1541         (JSC::UnlinkedCodeBlock::hasActivationRegister):
1542         * bytecompiler/BytecodeGenerator.cpp:
1543         (JSC::BytecodeGenerator::BytecodeGenerator):
1544         (JSC::BytecodeGenerator::emitReturn):
1545         * bytecompiler/BytecodeGenerator.h:
1546         * debugger/DebuggerCallFrame.cpp:
1547         (JSC::DebuggerCallFrame::scope):
1548         * debugger/DebuggerScope.cpp:
1549         (JSC::DebuggerScope::isFunctionOrEvalScope):
1550         * dfg/DFGByteCodeParser.cpp:
1551         (JSC::DFG::ByteCodeParser::parseBlock):
1552         * dfg/DFGCapabilities.cpp:
1553         (JSC::DFG::capabilityLevel):
1554         * dfg/DFGGraph.cpp:
1555         (JSC::DFG::Graph::tryGetActivation):
1556         (JSC::DFG::Graph::tryGetRegisters):
1557         * dfg/DFGGraph.h:
1558         * dfg/DFGNodeType.h:
1559         * dfg/DFGOperations.cpp:
1560         * dfg/DFGSpeculativeJIT32_64.cpp:
1561         (JSC::DFG::SpeculativeJIT::compile):
1562         * dfg/DFGSpeculativeJIT64.cpp:
1563         (JSC::DFG::SpeculativeJIT::compile):
1564         * interpreter/CallFrame.cpp:
1565         (JSC::CallFrame::lexicalEnvironment):
1566         (JSC::CallFrame::setActivation):
1567         (JSC::CallFrame::activation): Deleted.
1568         * interpreter/CallFrame.h:
1569         * interpreter/Interpreter.cpp:
1570         (JSC::unwindCallFrame):
1571         * interpreter/Register.h:
1572         * jit/JIT.cpp:
1573         (JSC::JIT::privateCompileMainPass):
1574         * jit/JIT.h:
1575         * jit/JITOpcodes.cpp:
1576         (JSC::JIT::emit_op_tear_off_lexical_environment):
1577         (JSC::JIT::emit_op_tear_off_arguments):
1578         (JSC::JIT::emit_op_create_lexical_environment):
1579         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1580         (JSC::JIT::emit_op_create_activation): Deleted.
1581         * jit/JITOpcodes32_64.cpp:
1582         (JSC::JIT::emit_op_tear_off_lexical_environment):
1583         (JSC::JIT::emit_op_tear_off_arguments):
1584         (JSC::JIT::emit_op_create_lexical_environment):
1585         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1586         (JSC::JIT::emit_op_create_activation): Deleted.
1587         * jit/JITOperations.cpp:
1588         * jit/JITOperations.h:
1589         * llint/LLIntSlowPaths.cpp:
1590         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1591         * llint/LLIntSlowPaths.h:
1592         * llint/LowLevelInterpreter32_64.asm:
1593         * llint/LowLevelInterpreter64.asm:
1594         * runtime/Arguments.cpp:
1595         (JSC::Arguments::visitChildren):
1596         (JSC::Arguments::tearOff):
1597         (JSC::Arguments::didTearOffActivation):
1598         * runtime/Arguments.h:
1599         (JSC::Arguments::offsetOfActivation):
1600         (JSC::Arguments::argument):
1601         (JSC::Arguments::finishCreation):
1602         * runtime/CommonSlowPaths.cpp:
1603         * runtime/JSFunction.h:
1604         * runtime/JSGlobalObject.cpp:
1605         (JSC::JSGlobalObject::reset):
1606         (JSC::JSGlobalObject::visitChildren):
1607         * runtime/JSGlobalObject.h:
1608         (JSC::JSGlobalObject::activationStructure):
1609         * runtime/JSLexicalEnvironment.cpp: Renamed from Source/JavaScriptCore/runtime/JSActivation.cpp.
1610         (JSC::JSLexicalEnvironment::visitChildren):
1611         (JSC::JSLexicalEnvironment::symbolTableGet):
1612         (JSC::JSLexicalEnvironment::symbolTablePut):
1613         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
1614         (JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
1615         (JSC::JSLexicalEnvironment::getOwnPropertySlot):
1616         (JSC::JSLexicalEnvironment::put):
1617         (JSC::JSLexicalEnvironment::deleteProperty):
1618         (JSC::JSLexicalEnvironment::toThis):
1619         (JSC::JSLexicalEnvironment::argumentsGetter):
1620         * runtime/JSLexicalEnvironment.h: Renamed from Source/JavaScriptCore/runtime/JSActivation.h.
1621         (JSC::JSLexicalEnvironment::create):
1622         (JSC::JSLexicalEnvironment::createStructure):
1623         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
1624         (JSC::asActivation):
1625         (JSC::Register::lexicalEnvironment):
1626         (JSC::JSLexicalEnvironment::registersOffset):
1627         (JSC::JSLexicalEnvironment::tearOff):
1628         (JSC::JSLexicalEnvironment::isTornOff):
1629         (JSC::JSLexicalEnvironment::storageOffset):
1630         (JSC::JSLexicalEnvironment::storage):
1631         (JSC::JSLexicalEnvironment::allocationSize):
1632         (JSC::JSLexicalEnvironment::isValidIndex):
1633         (JSC::JSLexicalEnvironment::isValid):
1634         (JSC::JSLexicalEnvironment::registerAt):
1635         * runtime/JSObject.h:
1636         * runtime/JSScope.cpp:
1637         (JSC::abstractAccess):
1638         * runtime/JSScope.h:
1639         (JSC::ResolveOp::ResolveOp):
1640         * runtime/JSSymbolTableObject.cpp:
1641         * runtime/StrictEvalActivation.h:
1642         (JSC::StrictEvalActivation::create):
1643         * runtime/VM.cpp:
1644
1645 2014-09-11  László Langó  <llango.u-szeged@partner.samsung.com>
1646
1647         [JavaScriptCore] Fix FTL on platform EFL.
1648         https://bugs.webkit.org/show_bug.cgi?id=133571
1649
1650         Reviewed by Filip Pizlo.
1651
1652         There are no compact_unwind sections on Linux systems so FTL crashes.
1653         We have to parse eh_frame in FTLUnwindInfo instead of compact_unwind
1654         and get the information for stack unwinding from there.
1655
1656         * CMakeLists.txt: Revert r169181.
1657         * ftl/FTLCompile.cpp:
1658         Change section name literals to use SECTION_NAME macro, because of architecture differencies.
1659         (JSC::FTL::mmAllocateCodeSection):
1660         (JSC::FTL::mmAllocateDataSection):
1661         (JSC::FTL::compile):
1662         * ftl/FTLJITCode.h:
1663         We need the SECTION_NAME macro in FTLCompile and FTLLink, so we define it here.
1664         * ftl/FTLLink.cpp:
1665         (JSC::FTL::link):
1666         * ftl/FTLState.h:
1667         * ftl/FTLState.cpp:
1668         (JSC::FTL::State::State):
1669         * ftl/FTLUnwindInfo.h:
1670         * ftl/FTLUnwindInfo.cpp:
1671         Lift the eh_frame parsing method from LLVM/libcxxabi project and modify it for our purposes.
1672         Parse eh_frame on Linux instead of compact_unwind.
1673         (JSC::FTL::UnwindInfo::parse):
1674
1675 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1676
1677         Web Inspector: Modify the type profiler runtime protocol to transfer some computation into the WebInspector
1678         https://bugs.webkit.org/show_bug.cgi?id=136500
1679
1680         Reviewed by Joseph Pecoraro.
1681
1682         This patch changes the type profiler protocol to the Web Inspector
1683         by moving the work of calculating computed properties that effect the UI 
1684         into the Web Inspector. This makes the Web Inspector have control over the 
1685         strings it displays as UI elements representing type information to the user 
1686         instead of JavaScriptCore deciding on a convention for these strings.
1687         JavaScriptCore now sends enough information to the Web Inspector so that 
1688         it can compute the properties JavaScriptCore used to compute.
1689
1690         * inspector/agents/InspectorRuntimeAgent.cpp:
1691         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1692         * inspector/protocol/Runtime.json:
1693         * runtime/TypeProfiler.cpp:
1694         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector): Deleted.
1695         * runtime/TypeProfiler.h:
1696         * runtime/TypeSet.cpp:
1697         (JSC::TypeSet::inspectorTypeSet):
1698         (JSC::StructureShape::leastCommonAncestor):
1699         (JSC::StructureShape::inspectorRepresentation):
1700         * runtime/TypeSet.h:
1701
1702 2014-09-10  Akos Kiss  <akiss@inf.u-szeged.hu>
1703
1704         Apply ARM64-specific lowering to load/store instructions in offlineasm
1705         https://bugs.webkit.org/show_bug.cgi?id=136569
1706
1707         Reviewed by Michael Saboff.
1708
1709         The standard risc lowering of load/store instructions with base +
1710         immediate offset addresses is to move the offset to a temporary, add the
1711         base to the temporary, and then change the load/store to use the
1712         temporary + 0 immediate offset address. However, on ARM64, base +
1713         register offset addressing mode is available, so it is unnecessary to
1714         perform explicit register additions but it is enough to change load/store
1715         to use base + temporary as the address.
1716
1717         * offlineasm/arm64.rb: Added arm64LowerMalformedLoadStoreAddresses
1718
1719 2014-09-10  Oliver Hunt  <oliver@apple.com>
1720
1721         Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec
1722         https://bugs.webkit.org/show_bug.cgi?id=136710
1723
1724         Reviewed by Anders Carlsson.
1725
1726         This is a trivial rename.
1727
1728         * CMakeLists.txt:
1729         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1730         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1731         * JavaScriptCore.xcodeproj/project.pbxproj:
1732         * dfg/DFGAbstractHeap.h:
1733         * dfg/DFGClobberize.h:
1734         (JSC::DFG::clobberize):
1735         * dfg/DFGSpeculativeJIT32_64.cpp:
1736         (JSC::DFG::SpeculativeJIT::compile):
1737         * dfg/DFGSpeculativeJIT64.cpp:
1738         (JSC::DFG::SpeculativeJIT::compile):
1739         * ftl/FTLAbstractHeapRepository.cpp:
1740         * ftl/FTLAbstractHeapRepository.h:
1741         * ftl/FTLLowerDFGToLLVM.cpp:
1742         (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
1743         * jit/JITOpcodes32_64.cpp:
1744         * jit/JITPropertyAccess.cpp:
1745         (JSC::JIT::emitGetClosureVar):
1746         (JSC::JIT::emitPutClosureVar):
1747         * jit/JITPropertyAccess32_64.cpp:
1748         (JSC::JIT::emitGetClosureVar):
1749         (JSC::JIT::emitPutClosureVar):
1750         * llint/LLIntOffsetsExtractor.cpp:
1751         * llint/LowLevelInterpreter32_64.asm:
1752         * llint/LowLevelInterpreter64.asm:
1753         * runtime/JSActivation.cpp:
1754         (JSC::JSActivation::getOwnNonIndexPropertyNames):
1755         * runtime/JSActivation.h:
1756         * runtime/JSEnvironmentRecord.cpp: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.cpp.
1757         * runtime/JSEnvironmentRecord.h: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.h.
1758         (JSC::JSEnvironmentRecord::registers):
1759         (JSC::JSEnvironmentRecord::registerAt):
1760         (JSC::JSEnvironmentRecord::addressOfRegisters):
1761         (JSC::JSEnvironmentRecord::offsetOfRegisters):
1762         (JSC::JSEnvironmentRecord::JSEnvironmentRecord):
1763         * runtime/JSNameScope.h:
1764         * runtime/JSSegmentedVariableObject.h:
1765
1766 2014-09-10  Julien Brianceau   <jbriance@cisco.com>
1767
1768         [mips] Add missing parts and fix LLINT mips backend
1769         https://bugs.webkit.org/show_bug.cgi?id=136706
1770
1771         Reviewed by Michael Saboff.
1772
1773         * llint/LowLevelInterpreter.asm: Fix invalid CalleeSave register number.
1774         Implement initPCRelative and setEntryAddress macros.
1775         * llint/LowLevelInterpreter32_64.asm: Fix register distribution in
1776         doVMEntry macro.
1777
1778 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1779
1780         TypeSet needs a mode where it no longer profiles structure shapes
1781         https://bugs.webkit.org/show_bug.cgi?id=136263
1782
1783         Reviewed by Filip Pizlo.
1784
1785         The TypeSet data structure used to gather as many StructureShape
1786         objects as it encountered during type profiling. But, this meant 
1787         that there was no upper limit on how many objects it could allocate. 
1788         This patch places a fixed upper bound on the number of StructureShapes
1789         allocated per TypeSet to prevent using too much memory for little gain
1790         in type profiling usefulness.
1791
1792         StructureShape objects are now also aware of when they are created
1793         from Structures which are dictionaries.
1794
1795         In total, this patch lays the final groundwork needed in refactoring 
1796         the inspector protocol for the type profiler.
1797
1798         * runtime/Structure.cpp:
1799         (JSC::Structure::toStructureShape):
1800         * runtime/TypeProfiler.cpp:
1801         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
1802         * runtime/TypeSet.cpp:
1803         (JSC::TypeSet::TypeSet):
1804         (JSC::TypeSet::addTypeInformation):
1805         (JSC::StructureShape::StructureShape):
1806         (JSC::StructureShape::toJSONString):
1807         (JSC::StructureShape::enterDictionaryMode):
1808         * runtime/TypeSet.h:
1809         (JSC::TypeSet::isOverflown):
1810         * tests/typeProfiler/dictionary-mode.js: Added.
1811         (wrapper):
1812         * tests/typeProfiler/driver/driver.js:
1813         * tests/typeProfiler/overflow.js: Added.
1814         (wrapper.Proto):
1815         (wrapper):
1816
1817 2014-09-10  Peter Gal  <galpeter@inf.u-szeged.hu>
1818
1819         [MIPS] branch32WithPatch missing
1820         https://bugs.webkit.org/show_bug.cgi?id=136696
1821
1822         Reviewed by Michael Saboff.
1823
1824         Added the missing branch32WithPatch. The implementation
1825         is currently the same as the branchPtrithPatch because
1826         the macro assembler supports only 32 bit MIPS.
1827
1828         * assembler/MacroAssemblerMIPS.h:
1829         (JSC::MacroAssemblerMIPS::branch32WithPatch):
1830
1831 2014-09-10  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
1832
1833         Fix !ENABLE(DFG_JIT) build
1834         https://bugs.webkit.org/show_bug.cgi?id=136702
1835
1836         Reviewed by Michael Saboff.
1837
1838         * bytecode/CallEdgeProfile.h:
1839
1840 2014-09-09  Benjamin Poulain  <bpoulain@apple.com>
1841
1842         Disable the "unreachable-code" warning
1843         https://bugs.webkit.org/show_bug.cgi?id=136677
1844
1845         Reviewed by Darin Adler.
1846
1847         * Configurations/Base.xcconfig:
1848
1849 2014-09-08  Filip Pizlo  <fpizlo@apple.com>
1850
1851         DFG should have a reusable SSA builder
1852         https://bugs.webkit.org/show_bug.cgi?id=136331
1853
1854         Reviewed by Oliver Hunt.
1855         
1856         We want to implement sophisticated SSA transformations like object allocation sinking
1857         (https://bugs.webkit.org/show_bug.cgi?id=136330), but to do that, we need to be able to do
1858         updates to SSA that require inserting new Phi's. This requires calculating where Phis go.
1859         Previously, our Phi calculation was based on Aycock and Horspool's algorithm, and our
1860         implementation of this algorithm only worked when doing CPS->SSA conversion. The code
1861         could not be reused for cases where some phase happens to know that it introduced a few
1862         defs in some blocks and it wants to figure out where the Phis should go. Moreover, even
1863         the general algorithm of Aycock and Horspool is not well suited to such targetted SSA
1864         updates, since it requires first inserting maximal Phis. That scales well when the Phis
1865         were already there (like in our CPS form) but otherwise it's quite unnatural and may be
1866         difficult to make efficient.
1867         
1868         The usual way of handling both SSA conversion and SSA update is to use Cytron et al's
1869         algorithm based on dominance frontiers. For a while now, I've been working on creating a
1870         Cytron-based SSA calculator that can be used both as a replacement for our current SSA
1871         converter and as a reusable tool for any phase that needs to do SSA update. I previously
1872         optimized our dominator calculation and representation to use dominator trees computed
1873         using Lengauer and Tarjan's algorithm - mainly to make it more scalable to enumerate over
1874         the set of blocks that dominate you or vice-versa, and then I implemented a dominance
1875         frontier calculator. This patch implements the final step towards making SSA update
1876         available to all SSA phases: it implements an SSACalculator that can tell you where Phis
1877         go when given an arbitrary set of Defs. To keep things simple, and to ensure that we have
1878         good test coverage for this SSACalculator, this patch replaces the old Aycock-Horspool
1879         SSA converter with one based on the SSACalculator.
1880         
1881         This has no observable impact. It does reduce the amount of code in SSAConversionPhase.
1882         But even better, it makes SSAConversionPhase have significantly less tricky logic. It
1883         mostly just relies on SSACalculator to do the tricky stuff, and SSAConversionPhase mostly
1884         just reasons about the weirdnesses unique to the ThreadedCPS form that it sees as input.
1885         In fact, using the Cytron et al approach means that there isn't really any "smoke and
1886         mirrors" trickyness related to SSA. SSACalculator's only "tricks" are using the pruned
1887         iterated dominance frontier to place Phi's and using the dom tree to find reaching defs.
1888         The complexity is mostly confined to Dominators, which computes various dominator-related
1889         properties over the control flow graph. That class can be difficult to understand, but at
1890         least it follows well-known graph theory wisdom.
1891
1892         * CMakeLists.txt:
1893         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1894         * JavaScriptCore.xcodeproj/project.pbxproj:
1895         * dfg/DFGAnalysis.h:
1896         * dfg/DFGCSEPhase.cpp:
1897         * dfg/DFGDCEPhase.cpp:
1898         (JSC::DFG::DCEPhase::run):
1899         * dfg/DFGDominators.h:
1900         (JSC::DFG::Dominators::immediateDominatorOf):
1901         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
1902         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf):
1903         * dfg/DFGGraph.cpp:
1904         (JSC::DFG::Graph::dump):
1905         (JSC::DFG::Graph::blocksInPreOrder):
1906         (JSC::DFG::Graph::blocksInPostOrder):
1907         (JSC::DFG::Graph::getBlocksInPreOrder): Deleted.
1908         (JSC::DFG::Graph::getBlocksInPostOrder): Deleted.
1909         * dfg/DFGGraph.h:
1910         * dfg/DFGLICMPhase.cpp:
1911         (JSC::DFG::LICMPhase::run):
1912         * dfg/DFGNodeFlags.h:
1913         * dfg/DFGPhase.cpp:
1914         (JSC::DFG::Phase::beginPhase):
1915         (JSC::DFG::Phase::endPhase):
1916         * dfg/DFGPhase.h:
1917         * dfg/DFGSSACalculator.cpp: Added.
1918         (JSC::DFG::SSACalculator::Variable::dump):
1919         (JSC::DFG::SSACalculator::Variable::dumpVerbose):
1920         (JSC::DFG::SSACalculator::Def::dump):
1921         (JSC::DFG::SSACalculator::SSACalculator):
1922         (JSC::DFG::SSACalculator::~SSACalculator):
1923         (JSC::DFG::SSACalculator::newVariable):
1924         (JSC::DFG::SSACalculator::newDef):
1925         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1926         (JSC::DFG::SSACalculator::reachingDefAtTail):
1927         (JSC::DFG::SSACalculator::dump):
1928         * dfg/DFGSSACalculator.h: Added.
1929         (JSC::DFG::SSACalculator::Variable::index):
1930         (JSC::DFG::SSACalculator::Variable::Variable):
1931         (JSC::DFG::SSACalculator::Def::variable):
1932         (JSC::DFG::SSACalculator::Def::block):
1933         (JSC::DFG::SSACalculator::Def::value):
1934         (JSC::DFG::SSACalculator::Def::Def):
1935         (JSC::DFG::SSACalculator::variable):
1936         (JSC::DFG::SSACalculator::computePhis):
1937         (JSC::DFG::SSACalculator::phisForBlock):
1938         (JSC::DFG::SSACalculator::reachingDefAtHead):
1939         * dfg/DFGSSAConversionPhase.cpp:
1940         (JSC::DFG::SSAConversionPhase::SSAConversionPhase):
1941         (JSC::DFG::SSAConversionPhase::run):
1942         (JSC::DFG::SSAConversionPhase::forwardPhiChildren): Deleted.
1943         (JSC::DFG::SSAConversionPhase::forwardPhi): Deleted.
1944         (JSC::DFG::SSAConversionPhase::forwardPhiEdge): Deleted.
1945         (JSC::DFG::SSAConversionPhase::deduplicateChildren): Deleted.
1946         * dfg/DFGSSAConversionPhase.h:
1947         * dfg/DFGValidate.cpp:
1948         (JSC::DFG::Validate::Validate):
1949         (JSC::DFG::Validate::dumpGraphIfAppropriate):
1950         (JSC::DFG::validate):
1951         * dfg/DFGValidate.h:
1952         * ftl/FTLLowerDFGToLLVM.cpp:
1953         (JSC::FTL::LowerDFGToLLVM::lower):
1954         * runtime/Options.h:
1955
1956 2014-09-08  Commit Queue  <commit-queue@webkit.org>
1957
1958         Unreviewed, rolling out r173402.
1959         https://bugs.webkit.org/show_bug.cgi?id=136649
1960
1961         Breaking buildw with error "unable to restore file position to
1962         0x00000c60 for section __DWARF.__debug_info (errno = 9)"
1963         (Requested by mlam_ on #webkit).
1964
1965         Reverted changeset:
1966
1967         "Move CallFrame and Register inlines functions out of
1968         JSScope.h."
1969         https://bugs.webkit.org/show_bug.cgi?id=136579
1970         http://trac.webkit.org/changeset/173402
1971
1972 2014-09-08  Mark Lam  <mark.lam@apple.com>
1973
1974         Move CallFrame and Register inlines functions out of JSScope.h.
1975         <https://webkit.org/b/136579>
1976
1977         Reviewed by Geoffrey Garen.
1978
1979         This include fixing up some files to #include JSCInlines.h to pick up
1980         these inline functions.  I also added JSCellInlines.h to JSCInlines.h
1981         since it is included from many of the affected .cpp files.
1982
1983         * API/ObjCCallbackFunction.mm:
1984         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1985         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1986         * JavaScriptCore.xcodeproj/project.pbxproj:
1987         * bindings/ScriptValue.cpp:
1988         * inspector/InjectedScriptHost.cpp:
1989         * inspector/InjectedScriptManager.cpp:
1990         * inspector/JSGlobalObjectInspectorController.cpp:
1991         * inspector/JSJavaScriptCallFrame.cpp:
1992         * inspector/ScriptDebugServer.cpp:
1993         * interpreter/CallFrameInlines.h:
1994         (JSC::CallFrame::vm):
1995         (JSC::CallFrame::lexicalGlobalObject):
1996         (JSC::CallFrame::globalThisValue):
1997         * interpreter/RegisterInlines.h: Added.
1998         (JSC::Register::operator=):
1999         (JSC::Register::scope):
2000         * runtime/ArgumentsIteratorConstructor.cpp:
2001         * runtime/JSArrayIterator.cpp:
2002         * runtime/JSCInlines.h:
2003         * runtime/JSCJSValue.cpp:
2004         * runtime/JSMapIterator.cpp:
2005         * runtime/JSPromiseConstructor.cpp:
2006         * runtime/JSPromiseDeferred.cpp:
2007         * runtime/JSPromiseFunctions.cpp:
2008         * runtime/JSPromisePrototype.cpp:
2009         * runtime/JSPromiseReaction.cpp:
2010         * runtime/JSScope.h:
2011         (JSC::Register::operator=): Deleted.
2012         (JSC::Register::scope): Deleted.
2013         (JSC::ExecState::vm): Deleted.
2014         (JSC::ExecState::lexicalGlobalObject): Deleted.
2015         (JSC::ExecState::globalThisValue): Deleted.
2016         * runtime/JSSetIterator.cpp:
2017         * runtime/MapConstructor.cpp:
2018         * runtime/MapData.cpp:
2019         * runtime/MapIteratorPrototype.cpp:
2020         * runtime/MapPrototype.cpp:
2021         * runtime/SetConstructor.cpp:
2022         * runtime/SetIteratorPrototype.cpp:
2023         * runtime/SetPrototype.cpp:
2024         * runtime/WeakMapConstructor.cpp:
2025         * runtime/WeakMapPrototype.cpp:
2026
2027 2014-09-08  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2028
2029         Remove FILTERS flag
2030         https://bugs.webkit.org/show_bug.cgi?id=136571
2031
2032         Reviewed by Darin Adler.
2033
2034         * Configurations/FeatureDefines.xcconfig:
2035
2036 2014-09-08  Saam Barati  <saambarati1@gmail.com>
2037
2038         Merge StructureShapes that share the same prototype chain
2039         https://bugs.webkit.org/show_bug.cgi?id=136549
2040
2041         Reviewed by Filip Pizlo.
2042
2043         Instead of keeping track of many discrete StructureShapes that share
2044         the same prototype chain, TypeSet should merge StructureShapes that 
2045         have the same prototype chain and provide a new member variable for 
2046         optional structure fields. This provides a cleaner and more concise
2047         interface for dealing with StructureShapes within TypeSet. Instead
2048         of having many discrete shapes that are almost identical, almost 
2049         identical shapes will be merged together with an interface for 
2050         understanding what fields the shapes being merged together differ in.
2051
2052         * runtime/TypeSet.cpp:
2053         (JSC::TypeSet::addTypeInformation):
2054         (JSC::StructureShape::addProperty):
2055         (JSC::StructureShape::toJSONString):
2056         (JSC::StructureShape::inspectorRepresentation):
2057         (JSC::StructureShape::hasSamePrototypeChain):
2058         (JSC::StructureShape::merge):
2059         * runtime/TypeSet.h:
2060         * tests/typeProfiler/optional-fields.js: Added.
2061         (wrapper.func):
2062         (wrapper):
2063
2064 2014-09-08  Jessie Berlin  <jberlin@apple.com>
2065
2066         More 32-bit Release build fixes after r173364.
2067
2068         * dfg/DFGSpeculativeJIT32_64.cpp:
2069         (JSC::DFG::SpeculativeJIT::compile):
2070
2071 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
2072
2073         Fix typos in last patch to fix build.
2074
2075         Unreviewed build fix.
2076
2077         * dfg/DFGSpeculativeJIT.cpp:
2078         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2079         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2080
2081 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
2082
2083         Introduce COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE) and use it
2084         https://bugs.webkit.org/show_bug.cgi?id=136616
2085
2086         Reviewed by Darin Adler.
2087         
2088         Many compilers will analyze unrechable code paths (e.g. after an
2089         unreachable code path), so sometimes they need dead code initializations.
2090         But clang with suitable warnings will complain about unreachable code. So
2091         use the quirk to include it conditionally.
2092
2093         * bytecode/CodeBlock.cpp:
2094         (JSC::CodeBlock::printGetByIdOp):
2095         * dfg/DFGOSRExitCompilerCommon.cpp:
2096         (JSC::DFG::handleExitCounts):
2097         * dfg/DFGPlan.cpp:
2098         (JSC::DFG::Plan::compileInThread):
2099         * dfg/DFGSpeculativeJIT.cpp:
2100         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2101         * jsc.cpp:
2102         * runtime/JSArray.cpp:
2103         (JSC::JSArray::fillArgList):
2104         (JSC::JSArray::copyToArguments):
2105         * runtime/RegExp.cpp:
2106         (JSC::RegExp::compile):
2107         (JSC::RegExp::compileMatchOnly):
2108
2109 2014-09-06  Darin Adler  <darin@apple.com>
2110
2111         Make updates suggested by new version of Xcode
2112         https://bugs.webkit.org/show_bug.cgi?id=136603
2113
2114         Reviewed by Mark Rowe.
2115
2116         * Configurations/Base.xcconfig: Added CLANG_WARN_UNREACHABLE_CODE, COMBINE_HIDPI_IMAGES,
2117         and ENABLE_STRICT_OBJC_MSGSEND as suggested by Xcode upgrade check.
2118
2119         * JavaScriptCore.xcodeproj/project.pbxproj: Update LastUpgradeCheck.
2120
2121         * dfg/DFGSpeculativeJIT.cpp:
2122         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): Compile out unreachable code
2123         for clang, since it understands the code is unreachable.
2124         * runtime/JSArray.cpp:
2125         (JSC::JSArray::fillArgList): Ditto.
2126         (JSC::JSArray::copyToArguments): Ditto.
2127
2128 2014-09-05  Matt Baker  <mattbaker@apple.com>
2129
2130         Web Inspector: breakpoint actions should work regardless of Content Security Policy
2131         https://bugs.webkit.org/show_bug.cgi?id=136542
2132
2133         Reviewed by Mark Lam.
2134
2135         Added JSC::DebuggerEvalEnabler, an RAII object which enables eval on a 
2136         JSGlobalObject for the duration of a scope, returning the eval enabled state to its
2137         original value when the scope exits. Used by JSC::DebuggerCallFrame::evaluate 
2138         to allow breakpoint actions to execute JS in pages with a Content Security Policy
2139         that would normally prohibit this (such as Inspector's Main.html).
2140
2141         Refactored Inspector::InjectedScriptBase to use the RAII object instead of manually
2142         setting eval enabled and then resetting the original eval enabled state.
2143
2144         NOTE: The JS::DebuggerEvalEnabler constructor checks the passed in ExecState pointer
2145         for null to be equivalent with the original code in Inspector::InjectedScriptBase.
2146         InjectedScriptBase is getting the ExecState from ScriptObject::scriptState(), which
2147         can currently be null.
2148
2149         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2150         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2151         * JavaScriptCore.xcodeproj/project.pbxproj:
2152         * debugger/DebuggerCallFrame.cpp:
2153         (JSC::DebuggerCallFrame::evaluate):
2154         * debugger/DebuggerEvalEnabler.h: Added.
2155         (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
2156         (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
2157         * inspector/InjectedScriptBase.cpp:
2158         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
2159
2160 2014-09-05  peavo@outlook.com  <peavo@outlook.com>
2161
2162         [WinCairo] jsc.exe won't run.
2163         https://bugs.webkit.org/show_bug.cgi?id=136481
2164
2165         Reviewed by Alex Christensen.
2166         
2167         We need to define WIN_CAIRO to avoid looking for the AAS folder.
2168
2169         * JavaScriptCore.vcxproj/jsc/DLLLauncherWinCairo.props: Added.
2170         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
2171         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
2172         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
2173         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
2174
2175 2014-09-05  David Kilzer  <ddkilzer@apple.com>
2176
2177         JavaScriptCore should build with newer clang
2178         <http://webkit.org/b/136002>
2179         <rdar://problem/18020616>
2180
2181         Reviewed by Geoffrey Garen.
2182
2183         Other than the JSC::SourceProvider::asID() change (which simply
2184         removes code that the optimizing compiler would have discarded
2185         in Release builds), we move the |this| checks in OpaqueJSString
2186         to NULL checks in to JSBase, JSObjectRef, JSScriptRef,
2187         JSStringRef{CF} and JSValueRef.
2188
2189         Note that the following function arguments are _not_ NULL-checked
2190         since doing so would just cover up bugs (and were not needed to
2191         prevent any tests from failing):
2192         - |script| in JSEvaluateScript(), JSCheckScriptSyntax();
2193         - |body| in JSObjectMakeFunction();
2194         - |source| in JSScriptCreateReferencingImmortalASCIIText()
2195           (which is a const char* anyway);
2196         - |source| in JSScriptCreateFromString().
2197
2198         * API/JSBase.cpp:
2199         (JSEvaluateScript): Add NULL check for |sourceURL|.
2200         (JSCheckScriptSyntax): Ditto.
2201         * API/JSObjectRef.cpp:
2202         (JSObjectMakeFunction): Ditto.
2203         * API/JSScriptRef.cpp:
2204         (JSScriptCreateReferencingImmortalASCIIText): Ditto.
2205         (JSScriptCreateFromString): Add NULL check for |url|.
2206         * API/JSStringRef.cpp:
2207         (JSStringGetLength): Return early if NULL pointer is passed in.
2208         (JSStringGetCharactersPtr): Ditto.
2209         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2210         * API/JSStringRefCF.cpp:
2211         (JSStringCopyCFString): Ditto.
2212         * API/JSValueRef.cpp:
2213         (JSValueMakeString): Add NULL check for |string|.
2214
2215         * API/OpaqueJSString.cpp:
2216         (OpaqueJSString::string): Remove code that checks |this|.
2217         (OpaqueJSString::identifier): Ditto.
2218         (OpaqueJSString::characters): Ditto.
2219         * API/OpaqueJSString.h:
2220         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2221         (OpaqueJSString::characters8): Ditto.
2222         (OpaqueJSString::characters16): Ditto.
2223         (OpaqueJSString::length): Ditto.
2224
2225         * parser/SourceProvider.h:
2226         (JSC::SourceProvider::asID): Remove code that checks |this|.
2227
2228 2014-06-06  Jer Noble  <jer.noble@apple.com>
2229
2230         Refactoring: make MediaTime the primary time type for audiovisual times.
2231         https://bugs.webkit.org/show_bug.cgi?id=133579
2232
2233         Reviewed by Eric Carlson.
2234
2235         Add a utility function which converts a MediaTime to a JSNumber.
2236
2237         * runtime/JSCJSValue.h:
2238         (JSC::jsNumber):
2239
2240 2014-09-04  Michael Saboff  <msaboff@apple.com>
2241
2242         ARM: Add more coverage to ARMv7 disassembler
2243         https://bugs.webkit.org/show_bug.cgi?id=136565
2244
2245         Reviewed by Mark Lam.
2246
2247         Added ARMV7 disassembler support for Push/Pop multiple and floating point instructions
2248         VCMP, VCVT[R] between floating point and integer, and VLDR.
2249
2250         * disassembler/ARMv7/ARMv7DOpcode.cpp:
2251         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::appendRegisterList):
2252         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPopMultiple::format):
2253         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushMultiple::format):
2254         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::format):
2255         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::format):
2256         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::format):
2257         * disassembler/ARMv7/ARMv7DOpcode.h:
2258         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::registerList):
2259         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::condition):
2260         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::condition):
2261         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::dBit):
2262         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vd):
2263         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::szBit):
2264         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::eBit):
2265         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::mBit):
2266         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vm):
2267         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::condition):
2268         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::dBit):
2269         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op2):
2270         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vd):
2271         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::szBit):
2272         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op):
2273         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::mBit):
2274         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vm):
2275         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::condition):
2276         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::uBit):
2277         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::rn):
2278         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::vd):
2279         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::doubleReg):
2280         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::immediate8):
2281
2282 2014-09-04  Mark Lam  <mark.lam@apple.com>
2283
2284         Move PropertySlot's inline functions back to PropertySlot.h.
2285         <https://webkit.org/b/136547>
2286
2287         Reviewed by Filip Pizlo.
2288
2289         * runtime/JSObject.h:
2290         (JSC::PropertySlot::getValue): Deleted.
2291         * runtime/PropertySlot.h:
2292         (JSC::PropertySlot::getValue):
2293
2294 2014-09-04  Filip Pizlo  <fpizlo@apple.com>
2295
2296         Make sure that deleting all code first processes the call edge log, and reenable call edge profiling.
2297
2298         Rubber stamped by Sam Weinig.
2299
2300         * debugger/Debugger.cpp:
2301         (JSC::Debugger::forEachCodeBlock):
2302         (JSC::Debugger::setSteppingMode):
2303         (JSC::Debugger::recompileAllJSFunctions):
2304         * inspector/agents/InspectorRuntimeAgent.cpp:
2305         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2306         * runtime/Options.h: Reenable call edge profiling.
2307         * runtime/VM.cpp:
2308         (JSC::VM::prepareToDiscardCode): Make sure this also processes the call edge log, in case any call edge profiles are about to be destroyed.
2309         (JSC::VM::discardAllCode):
2310         (JSC::VM::releaseExecutableMemory):
2311         (JSC::VM::setEnabledProfiler):
2312         (JSC::VM::waitForCompilationsToComplete): Deleted.
2313         * runtime/VM.h: Rename waitForCompilationsToComplete() back to prepareToDiscardCode() because the purpose of the method - now as ever - is to do all of the things that need to be done to ensure that code may be safely deleted.
2314
2315 2014-09-04  Akos Kiss  <akiss@inf.u-szeged.hu>
2316
2317         Ensure that the call frame set up by vmEntryToNative does not overlap with the stack of the callee
2318         https://bugs.webkit.org/show_bug.cgi?id=136485
2319
2320         Reviewed by Michael Saboff.
2321
2322         Changed makeHostFunctionCall to keep the stack pointer above the call
2323         frame set up by doVMEntry. Thus the callee will/can not override the top
2324         of the call frame.
2325
2326         Refactored the two (32_64 and 64) versions of makeHostFunctionCall to be
2327         more alike to help future maintenance.
2328
2329         * llint/LowLevelInterpreter32_64.asm:
2330         * llint/LowLevelInterpreter64.asm:
2331
2332 2014-09-04  Michael Saboff  <msaboff@apple.com>
2333
2334         REGRESSION(r173031): crashes during run-layout-jsc on x86/Linux
2335         https://bugs.webkit.org/show_bug.cgi?id=136436
2336
2337         Reviewed by Geoffrey Garen.
2338
2339         Instead of trying to calculate a stack pointer that allows for possible
2340         stacked argument space, just use the "home" stack pointer location.
2341         That stack pointer provides space for the worst case number of stacked
2342         arguments on architectures that use stacked arguments.  It also provides
2343         stack space so that the return PC and caller frame pointer that are stored
2344         as part of making the call to operationCallEval will not override any part
2345         of the callee frame created on the stack.
2346
2347         Changed compileCallEval() to use the stackPointer value of the calling
2348         function.  That stack pointer is calculated to have enough space for
2349         outgoing stacked arguments.  By moving the stack pointer to its "home"
2350         position, the caller frame and return PC are not set as part of making
2351         the call to operationCallEval().  Moved the explicit setting of the
2352         callerFrame field of the callee CallFrame from operationCallEval() to
2353         compileCallEval() since it has been the artifact of making a call for
2354         most architectures.  Simplified the exception logic in compileCallEval()
2355         as a result of the change.  To be compliant with the stack state
2356         expected by virtualCallThunkGenerator(), moved the stack pointer to
2357         point above the CallerFrameAndPC of the callee CallFrame.
2358
2359         * jit/JIT.h: Changed callOperationNoExceptionCheck(J_JITOperation_EE, ...)
2360         to callOperation(J_JITOperation_EE, ...) as it now can do a typical exception
2361         check.
2362         * jit/JITCall.cpp & jit/JITCall32_64.cpp:
2363         (JSC::JIT::compileCallEval): Use the home stack pointer when making the call
2364         to operationCallEval.  Since the stack pointer adjustment no longer needs
2365         to be done after making the call to operationCallEval(), the exception check
2366         logic can be simplified.
2367         (JSC::JIT::compileCallEvalSlowCase): Restored the stack pointer to point
2368         to above the calleeFrame as this is what the generated thunk expects.
2369         * jit/JITInlines.h:
2370         (JSC::JIT::callOperation): Refactor of callOperationNoExceptionCheck
2371         with the addition of a standard exception check.
2372         (JSC::JIT::callOperationNoExceptionCheck): Deleted.
2373         * jit/JITOperations.cpp:
2374         (JSC::operationCallEval): Eliminated the explicit setting of caller frame
2375         as that is now done in the code generated by compileCallEval().
2376
2377 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2378
2379         Beef up the DFG's CFG analyses to include iterated dominance frontiers and more user-friendly BlockSets
2380         https://bugs.webkit.org/show_bug.cgi?id=136520
2381
2382         Reviewed by Geoffrey Garen.
2383         
2384         Add code to compute iterated dominance frontiers. This involves using BlockSet a lot, so
2385         this patch also makes BlockSet a lot more user-friendly.
2386
2387         * CMakeLists.txt:
2388         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2389         * JavaScriptCore.xcodeproj/project.pbxproj:
2390         * dfg/DFGBasicBlock.h:
2391         * dfg/DFGBlockSet.cpp: Added.
2392         (JSC::DFG::BlockSet::dump):
2393         * dfg/DFGBlockSet.h:
2394         (JSC::DFG::BlockSet::iterator::iterator):
2395         (JSC::DFG::BlockSet::iterator::operator++):
2396         (JSC::DFG::BlockSet::iterator::operator==):
2397         (JSC::DFG::BlockSet::iterator::operator!=):
2398         (JSC::DFG::BlockSet::Iterable::Iterable):
2399         (JSC::DFG::BlockSet::Iterable::begin):
2400         (JSC::DFG::BlockSet::Iterable::end):
2401         (JSC::DFG::BlockSet::iterable):
2402         (JSC::DFG::BlockAdder::BlockAdder):
2403         (JSC::DFG::BlockAdder::operator()):
2404         * dfg/DFGBlockSetInlines.h: Added.
2405         (JSC::DFG::BlockSet::iterator::operator*):
2406         * dfg/DFGDominators.cpp:
2407         (JSC::DFG::Dominators::strictDominatorsOf):
2408         (JSC::DFG::Dominators::dominatorsOf):
2409         (JSC::DFG::Dominators::blocksStrictlyDominatedBy):
2410         (JSC::DFG::Dominators::blocksDominatedBy):
2411         (JSC::DFG::Dominators::dominanceFrontierOf):
2412         (JSC::DFG::Dominators::iteratedDominanceFrontierOf):
2413         * dfg/DFGDominators.h:
2414         (JSC::DFG::Dominators::forAllStrictDominatorsOf):
2415         (JSC::DFG::Dominators::forAllDominatorsOf):
2416         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy):
2417         (JSC::DFG::Dominators::forAllBlocksDominatedBy):
2418         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf):
2419         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
2420         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl):
2421         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl):
2422         * dfg/DFGGraph.cpp:
2423         (JSC::DFG::Graph::dumpBlockHeader):
2424         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2425         (JSC::DFG::InvalidationPointInjectionPhase::run):
2426
2427 2014-09-04  Mark Lam  <mark.lam@apple.com>
2428
2429         Fixed indentations and some style warnings in JavaScriptCore/runtime.
2430         <https://webkit.org/b/136518>
2431
2432         Reviewed by Michael Saboff.
2433
2434         Also removed some superflous spaces.  There are no semantic changes.
2435
2436         * runtime/Completion.h:
2437         * runtime/ConstructData.h:
2438         * runtime/DateConstructor.h:
2439         * runtime/DateInstance.h:
2440         * runtime/DateInstanceCache.h:
2441         * runtime/DatePrototype.h:
2442         * runtime/Error.h:
2443         * runtime/ErrorConstructor.h:
2444         * runtime/ErrorInstance.h:
2445         * runtime/ErrorPrototype.h:
2446         * runtime/FunctionConstructor.h:
2447         * runtime/FunctionPrototype.h:
2448         * runtime/GetterSetter.h:
2449         * runtime/Identifier.h:
2450         * runtime/InitializeThreading.h:
2451         * runtime/InternalFunction.h:
2452         * runtime/JSAPIValueWrapper.h:
2453         * runtime/JSFunction.h:
2454         * runtime/JSLock.h:
2455         * runtime/JSNotAnObject.h:
2456         * runtime/JSONObject.h:
2457         * runtime/JSString.h:
2458         * runtime/JSTypeInfo.h:
2459         * runtime/JSWrapperObject.h:
2460         * runtime/Lookup.h:
2461         * runtime/MathObject.h:
2462         * runtime/NativeErrorConstructor.h:
2463         * runtime/NativeErrorPrototype.h:
2464         * runtime/NumberConstructor.h:
2465         * runtime/NumberObject.h:
2466         * runtime/NumberPrototype.h:
2467         * runtime/NumericStrings.h:
2468         * runtime/ObjectConstructor.h:
2469         * runtime/ObjectPrototype.h:
2470         * runtime/PropertyDescriptor.h:
2471         * runtime/Protect.h:
2472         * runtime/PutPropertySlot.h:
2473         * runtime/RegExp.h:
2474         * runtime/RegExpCachedResult.h:
2475         * runtime/RegExpConstructor.h:
2476         * runtime/RegExpMatchesArray.h:
2477         * runtime/RegExpObject.h:
2478         * runtime/RegExpPrototype.h:
2479         * runtime/SmallStrings.h:
2480         * runtime/StringConstructor.h:
2481         * runtime/StringObject.h:
2482         * runtime/StringPrototype.h:
2483         * runtime/StructureChain.h:
2484         * runtime/VM.h:
2485
2486 2014-09-04  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2487
2488         Remove CSS_FILTERS flag
2489         https://bugs.webkit.org/show_bug.cgi?id=136529
2490
2491         Reviewed by Dirk Schulze.
2492
2493         * Configurations/FeatureDefines.xcconfig:
2494
2495 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2496
2497         Unreviewed, rolling out r173248.
2498         https://bugs.webkit.org/show_bug.cgi?id=136536
2499
2500         call edge profiling and polymorphic call inlining are still
2501         causing crashes (Requested by eric_carlson on #webkit).
2502
2503         Reverted changeset:
2504
2505         "Reenable call edge profiling and polymorphic call inlining,
2506         now that a bunch of the bugs"
2507         http://trac.webkit.org/changeset/173248
2508
2509 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2510
2511         Web Inspector: the profiler should not accrue time to nodes while the debugger is paused
2512         https://bugs.webkit.org/show_bug.cgi?id=136352
2513
2514         Reviewed by Timothy Hatcher.
2515
2516         Hook up pause/continue events to the LegacyProfiler and any active
2517         ProfilerGenerators. If the debugger is paused, all intervening call
2518         entries will be created with totalTime as 0.0.
2519
2520         * inspector/ScriptDebugServer.cpp:
2521         (Inspector::ScriptDebugServer::handlePause):
2522         * profiler/LegacyProfiler.cpp: Move from typedef'd callbacks to using
2523         std::function. This allows callbacks to take different argument types.
2524
2525         (JSC::callFunctionForProfilesWithGroup):
2526         (JSC::LegacyProfiler::willExecute):
2527         (JSC::LegacyProfiler::didExecute):
2528         (JSC::LegacyProfiler::exceptionUnwind):
2529         (JSC::LegacyProfiler::didPause):
2530         (JSC::LegacyProfiler::didContinue):
2531         (JSC::dispatchFunctionToProfiles): Deleted.
2532         * profiler/LegacyProfiler.h:
2533         * profiler/ProfileGenerator.cpp:
2534         (JSC::ProfileGenerator::ProfileGenerator):
2535         (JSC::ProfileGenerator::endCallEntry):
2536         (JSC::ProfileGenerator::didExecute): Deleted.
2537         * profiler/ProfileGenerator.h:
2538         (JSC::ProfileGenerator::didPause):
2539         (JSC::ProfileGenerator::didContinue):
2540
2541 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2542
2543         Unreviewed, rolling out r173245.
2544         https://bugs.webkit.org/show_bug.cgi?id=136533
2545
2546         Broke JSC tests. (Requested by ddkilzer on #webkit).
2547
2548         Reverted changeset:
2549
2550         "JavaScriptCore should build with newer clang"
2551         https://bugs.webkit.org/show_bug.cgi?id=136002
2552         http://trac.webkit.org/changeset/173245
2553
2554 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2555
2556         LegacyProfiler: ProfileNodes should be used more like structs
2557         https://bugs.webkit.org/show_bug.cgi?id=136381
2558
2559         Reviewed by Timothy Hatcher.
2560
2561         Previously, both the profile generator and individual profile nodes
2562         were collectively responsible for creating new Call entries and
2563         maintaining data structure invariants. This complexity is unnecessary.
2564
2565         This patch centralizes profile data creation inside the profile generator.
2566         The profile nodes manage nextSibling and parent pointers, but do not
2567         collect the current time or create new Call entries themselves.
2568
2569         Since ProfileNode::nextSibling and its callers are only used within
2570         debug printing code, it should be compiled out for release builds.
2571
2572         * profiler/ProfileGenerator.cpp:
2573         (JSC::ProfileGenerator::ProfileGenerator):
2574         (JSC::AddParentForConsoleStartFunctor::operator()):
2575         (JSC::ProfileGenerator::beginCallEntry): create a new Call entry.
2576         (JSC::ProfileGenerator::endCallEntry): finish the last Call entry.
2577         (JSC::ProfileGenerator::willExecute): inline ProfileNode::willExecute()
2578         (JSC::ProfileGenerator::didExecute): inline ProfileNode::didExecute()
2579         (JSC::ProfileGenerator::stopProfiling): Only walk up the spine.
2580         (JSC::ProfileGenerator::removeProfileStart):
2581         (JSC::ProfileGenerator::removeProfileEnd):
2582         * profiler/ProfileGenerator.h:
2583         * profiler/ProfileNode.cpp:
2584         (JSC::ProfileNode::ProfileNode):
2585         (JSC::ProfileNode::addChild):
2586         (JSC::ProfileNode::removeChild):
2587         (JSC::ProfileNode::spliceNode): Renamed from insertNode.
2588         (JSC::ProfileNode::debugPrintRecursively):
2589         (JSC::ProfileNode::willExecute): Deleted.
2590         (JSC::ProfileNode::insertNode): Deleted.
2591         (JSC::ProfileNode::stopProfiling): Deleted.
2592         (JSC::ProfileNode::traverseNextNodePostOrder):
2593         (JSC::ProfileNode::endAndRecordCall): Deleted.
2594         (JSC::ProfileNode::debugPrintDataSampleStyle):
2595         * profiler/ProfileNode.h:
2596         (JSC::ProfileNode::Call::setStartTime):
2597         (JSC::ProfileNode::Call::setTotalTime):
2598         (JSC::ProfileNode::appendCall):
2599         (JSC::ProfileNode::firstChild):
2600         (JSC::ProfileNode::lastChild):
2601         (JSC::ProfileNode::nextSibling):
2602         (JSC::ProfileNode::setNextSibling):
2603
2604 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2605
2606         Web Inspector: fix prefixes for subclasses of JSC::ConsoleClient
2607         https://bugs.webkit.org/show_bug.cgi?id=136476
2608
2609         Reviewed by Timothy Hatcher.
2610
2611         * CMakeLists.txt:
2612         * JavaScriptCore.xcodeproj/project.pbxproj:
2613         * inspector/JSGlobalObjectConsoleClient.cpp: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.cpp.
2614         * inspector/JSGlobalObjectConsoleClient.h: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.h.
2615         * inspector/JSGlobalObjectInspectorController.cpp:
2616         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2617         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2618         * inspector/JSGlobalObjectInspectorController.h:
2619
2620 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2621
2622         Reenable call edge profiling and polymorphic call inlining, now that a bunch of the bugs
2623         are fixed.
2624
2625         * runtime/Options.h:
2626
2627 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2628
2629         JavaScriptCore should build with newer clang
2630         <http://webkit.org/b/136002>
2631         <rdar://problem/18020616>
2632
2633         Reviewed by Geoffrey Garen.
2634
2635         Other than the JSC::SourceProvider::asID() change (which simply
2636         removes code that the optimizing compiler would have discarded
2637         in Release builds), we move the |this| checks in OpaqueJSString
2638         to NULL checks in to JSBase, JSScriptRef, JSStringRef{CF} and
2639         JSValueRef.
2640
2641         * API/JSBase.cpp:
2642         (JSEvaluateScript): Use String() in case |script| or |sourceURL|
2643         are NULL.
2644         * API/JSScriptRef.cpp:
2645         (JSScriptCreateReferencingImmortalASCIIText): Use String() in
2646         case |url| is NULL.
2647         * API/JSStringRef.cpp:
2648         (JSStringGetLength): Return early if NULL pointer is passed in.
2649         (JSStringGetCharactersPtr): Ditto.
2650         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2651         * API/JSStringRefCF.cpp:
2652         (JSStringCopyCFString): Ditto.
2653         * API/JSValueRef.cpp:
2654         (JSValueMakeString): Use String() in case |string| is NULL.
2655
2656         * API/OpaqueJSString.cpp:
2657         (OpaqueJSString::string): Remove code that checks |this|.
2658         (OpaqueJSString::identifier): Ditto.
2659         (OpaqueJSString::characters): Ditto.
2660         * API/OpaqueJSString.h:
2661         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2662         (OpaqueJSString::characters8): Ditto.
2663         (OpaqueJSString::characters16): Ditto.
2664         (OpaqueJSString::length): Ditto.
2665
2666         * parser/SourceProvider.h:
2667         (JSC::SourceProvider::asID): Remove code that checks |this|.
2668
2669 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2670
2671         CallEdgeProfile::visitWeak() shouldn't attempt to despecify empty profiles
2672         https://bugs.webkit.org/show_bug.cgi?id=136511
2673
2674         Reviewed by Geoffrey Garen.
2675
2676         * bytecode/CallEdgeProfile.cpp:
2677         (JSC::CallEdgeProfile::worthDespecifying):
2678         (JSC::CallEdgeProfile::visitWeak):
2679         (JSC::CallEdgeProfile::mergeBack):
2680
2681 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2682
2683         REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction.h was removed
2684         <http://webkit.org/b/136509>
2685
2686         Reviewed by Daniel Bates.
2687
2688         * JavaScriptCore.xcodeproj/project.pbxproj: Remove the (null)
2689         entry left behind when JSBoundFunction.h was removed.
2690
2691 2014-09-03  Joseph Pecoraro  <pecoraro@apple.com>
2692
2693         Avoid warning if a process does not have access to com.apple.webinspector
2694         https://bugs.webkit.org/show_bug.cgi?id=136473
2695
2696         Reviewed by Alexey Proskuryakov.
2697
2698         Pre-check for access to the mach port to avoid emitting warnings
2699         in syslog for processes that do not have access.
2700
2701         * inspector/remote/RemoteInspector.mm:
2702         (Inspector::canAccessWebInspectorMachPort):
2703         (Inspector::RemoteInspector::shared):
2704
2705 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2706
2707         Temporarily disable call edge profiling. It is causing crashes and I'm still investigating
2708         them.
2709
2710         * runtime/Options.h:
2711
2712 2014-09-03  Balazs Kilvady  <kilvadyb@homejinni.com>
2713
2714         [MIPS] Wrong register usage in LLInt op_catch.
2715         https://bugs.webkit.org/show_bug.cgi?id=125168
2716
2717         Reviewed by Geoffrey Garen.
2718
2719         Fix register usage and add PIC header to all the ops in LLInt.
2720
2721         * offlineasm/instructions.rb:
2722         * offlineasm/mips.rb:
2723
2724 2014-09-03  Saam Barati  <saambarati1@gmail.com>
2725
2726         Create tests for type profiling
2727         https://bugs.webkit.org/show_bug.cgi?id=136161
2728
2729         Reviewed by Geoffrey Garen.
2730
2731         The type profiler is now being tested. These are basic tests that don't 
2732         check every edge case, but will catch any major failures in the type profiler. 
2733         These tests cover:
2734         - The basic, inheritance-based type system in TypeSet.
2735         - Function return types.
2736         - Correct merging of types for multiple assignments to one variable.
2737
2738         This patch also provides an API for writing new tests for
2739         the type profiler. The API works by passing in a function and a 
2740         unique substring of an expression contained in that function, and 
2741         returns an object representing type information for that expression.
2742
2743         * jsc.cpp:
2744         (GlobalObject::finishCreation):
2745         (functionFindTypeForExpression):
2746         (functionReturnTypeFor):
2747         * runtime/TypeProfiler.cpp:
2748         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
2749         * runtime/TypeProfiler.h:
2750         * runtime/TypeProfilerLog.h:
2751         * runtime/TypeSet.cpp:
2752         (JSC::TypeSet::toJSONString):
2753         (JSC::StructureShape::toJSONString):
2754         * runtime/TypeSet.h:
2755         * tests/typeProfiler: Added.
2756         * tests/typeProfiler.yaml: Added.
2757         * tests/typeProfiler/basic.js: Added.
2758         (wrapper.foo):
2759         (wrapper):
2760         * tests/typeProfiler/captured.js: Added.
2761         (wrapper.changeFoo):
2762         (wrapper):
2763         * tests/typeProfiler/driver: Added.
2764         * tests/typeProfiler/driver/driver.js: Added.
2765         (assert):
2766         * tests/typeProfiler/inheritance.js: Added.
2767         (wrapper.A):
2768         (wrapper.B):
2769         (wrapper.C):
2770         (wrapper):
2771         * tests/typeProfiler/return.js: Added.
2772         (foo):
2773         (Ctor):
2774
2775 2014-09-03  Julien Brianceau   <jbriance@cisco.com>
2776
2777         Add missing implementations to fix build for sh4 architecture
2778         https://bugs.webkit.org/show_bug.cgi?id=136455
2779
2780         Reviewed by Geoffrey Garen.
2781
2782         * assembler/MacroAssemblerSH4.h:
2783         (JSC::MacroAssemblerSH4::store8):
2784         (JSC::MacroAssemblerSH4::moveWithPatch):
2785         (JSC::MacroAssemblerSH4::branchAdd32):
2786         (JSC::MacroAssemblerSH4::branch32WithPatch):
2787         (JSC::MacroAssemblerSH4::abortWithReason):
2788         (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranch32WithPatch):
2789         (JSC::MacroAssemblerSH4::startOfPatchableBranch32WithPatchOnAddress):
2790         (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranch32WithPatch):
2791         * jit/AssemblyHelpers.h:
2792         (JSC::AssemblyHelpers::emitFunctionPrologue):
2793         (JSC::AssemblyHelpers::emitFunctionEpilogue):
2794
2795 2014-09-03  Dan Bernstein  <mitz@apple.com>
2796
2797         Get rid of HIGH_DPI_CANVAS leftovers
2798         https://bugs.webkit.org/show_bug.cgi?id=136491
2799
2800         Reviewed by Benjamin Poulain.
2801
2802         * Configurations/FeatureDefines.xcconfig: Removed definition of ENABLE_HIGH_DPI_CANVAS
2803         and removed it from FEATURE_DEFINES.
2804
2805 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2806
2807         CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
2808         https://bugs.webkit.org/show_bug.cgi?id=136490
2809
2810         Reviewed by Geoffrey Garen.
2811
2812         * bytecode/CallEdgeProfile.cpp:
2813         (JSC::CallEdgeProfile::visitWeak):
2814
2815 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2816
2817         FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
2818         https://bugs.webkit.org/show_bug.cgi?id=136488
2819
2820         Reviewed by Mark Hahnenberg.
2821
2822         * ftl/FTLCompile.cpp:
2823         (JSC::FTL::generateCheckInICFastPath): The call is in the slow path.
2824         * tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.
2825         (foo):
2826
2827 2014-09-03  Akos Kiss  <akiss@inf.u-szeged.hu>
2828
2829         Don't generate superfluous mov instructions for move immediate on ARM64.
2830         https://bugs.webkit.org/show_bug.cgi?id=136435
2831
2832         Reviewed by Michael Saboff.
2833
2834         On ARM64, the size of an immediate operand for a mov instruction is 16
2835         bits. Thus, a move immediate offlineasm instruction may potentially be
2836         split up to several machine level instructions. The current
2837         implementation always emits a mov for the least significant 16 bits of
2838         the value. However, if any of the bits 63:16 are significant then the
2839         first emitted mov already filled bits 15:0 with zeroes (or ones, for
2840         negative values). So, if bits 15:0 of the value are all zeroes (or ones)
2841         then the last mov does not need to be emitted.
2842
2843         * offlineasm/arm64.rb:
2844
2845 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2846
2847         LegacyProfiler: remove redundant ProfileNode members and other cleanup
2848         https://bugs.webkit.org/show_bug.cgi?id=136380
2849
2850         Reviewed by Timothy Hatcher.
2851
2852         ProfileNode's selfTime and totalTime members are redundant and only used
2853         for dumping profile data from debug-only code. Remove the members and compute
2854         the same data on-demand when necessary using a postorder traversal functor.
2855
2856         Remove ProfileNode.head since it is only used to calculate percentages for
2857         dumped profile data. This can be explicitly passed around when needed.
2858
2859         Rename Profile.head to Profile.rootNode, and other various renamings.
2860
2861         Rearrange some header includes so that touching LegacyProfiler-related headers
2862         will no longer cause a full rebuild.
2863
2864         * inspector/JSConsoleClient.cpp: Add header include.
2865         * inspector/agents/InspectorProfilerAgent.cpp:
2866         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
2867         * inspector/protocol/Profiler.json: Remove unused Profile.idleTime member.
2868         * jit/JIT.h: Remove header include.
2869         * jit/JITCode.h: Remove header include.
2870         * jit/JITOperations.cpp: Sort and add header include.
2871         * llint/LLIntSlowPaths.cpp: Sort and add header include.
2872         * profiler/Profile.cpp: Rename the debug dumping functions. Move the node
2873         postorder traversal code to ProfileNode so we can traverse any subtree.
2874         (JSC::Profile::Profile):
2875         (JSC::Profile::debugPrint):
2876         (JSC::Profile::debugPrintSampleStyle):
2877         (JSC::Profile::forEach): Deleted.
2878         (JSC::Profile::debugPrintData): Deleted.
2879         (JSC::Profile::debugPrintDataSampleStyle): Deleted.
2880         * profiler/Profile.h:
2881         * profiler/ProfileGenerator.cpp:
2882         (JSC::ProfileGenerator::ProfileGenerator):
2883         (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
2884         (JSC::AddParentForConsoleStartFunctor::operator()):
2885         (JSC::ProfileGenerator::addParentForConsoleStart):
2886         (JSC::ProfileGenerator::didExecute):
2887         (JSC::StopProfilingFunctor::operator()):
2888         (JSC::ProfileGenerator::stopProfiling):
2889         (JSC::ProfileGenerator::removeProfileStart):
2890         (JSC::ProfileGenerator::removeProfileEnd):
2891         * profiler/ProfileGenerator.h:
2892         * profiler/ProfileNode.cpp:
2893         (JSC::ProfileNode::ProfileNode):
2894         (JSC::ProfileNode::willExecute):
2895         (JSC::ProfileNode::removeChild):
2896         (JSC::ProfileNode::stopProfiling):
2897         (JSC::ProfileNode::endAndRecordCall):
2898         (JSC::ProfileNode::debugPrint):
2899         (JSC::ProfileNode::debugPrintSampleStyle):
2900         (JSC::ProfileNode::debugPrintRecursively):
2901         (JSC::ProfileNode::debugPrintSampleStyleRecursively):
2902         (JSC::ProfileNode::debugPrintData): Deleted.
2903         (JSC::ProfileNode::debugPrintDataSampleStyle): Deleted.
2904         * profiler/ProfileNode.h: Calculate per-node self and total times using a postorder traversal.
2905         The forEachNodePostorder functor traverses the subtree rooted at |this|.
2906         (JSC::ProfileNode::create):
2907         (JSC::ProfileNode::calls):
2908         (JSC::ProfileNode::forEachNodePostorder):
2909         (JSC::CalculateProfileSubtreeDataFunctor::returnValue):
2910         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
2911         (JSC::ProfileNode::head): Deleted.
2912         (JSC::ProfileNode::setHead): Deleted.
2913         (JSC::ProfileNode::totalTime): Deleted.
2914         (JSC::ProfileNode::setTotalTime): Deleted.
2915         (JSC::ProfileNode::selfTime): Deleted.
2916         (JSC::ProfileNode::setSelfTime): Deleted.
2917         (JSC::ProfileNode::totalPercent): Deleted.
2918         (JSC::ProfileNode::selfPercent): Deleted.
2919         * runtime/ConsoleClient.h: Remove header include.
2920
2921 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2922
2923         Web Inspector: remove ProfilerAgent and legacy profiler files in the frontend
2924         https://bugs.webkit.org/show_bug.cgi?id=136462
2925
2926         Reviewed by Timothy Hatcher.
2927
2928         It's not used by the frontend anymore.
2929
2930         * CMakeLists.txt:
2931         * DerivedSources.make:
2932         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2933         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2934         * JavaScriptCore.xcodeproj/project.pbxproj:
2935
2936         * inspector/JSConsoleClient.cpp:
2937         (Inspector::JSConsoleClient::JSConsoleClient): Stub out console.profile/profileEnd
2938         methods since they didn't work for JSContexts anyway.
2939         (Inspector::JSConsoleClient::profile):
2940         (Inspector::JSConsoleClient::profileEnd):
2941         * inspector/JSConsoleClient.h:
2942
2943         * inspector/JSGlobalObjectInspectorController.cpp:
2944         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2945         * inspector/agents/InspectorProfilerAgent.cpp: Removed.
2946         * inspector/agents/InspectorProfilerAgent.h: Removed.
2947         * inspector/agents/JSGlobalObjectProfilerAgent.cpp: Removed.
2948         * inspector/agents/JSGlobalObjectProfilerAgent.h: Removed.
2949         * inspector/protocol/Profiler.json: Removed.
2950
2951 2014-09-02  Andreas Kling  <akling@apple.com>
2952
2953         Optimize own property GetByVals with rope string subscripts.
2954         <https://webkit.org/b/136458>
2955
2956         For simple JSObjects that don't override getOwnPropertySlot to implement
2957         custom properties, we have a fast path that grabs directly at the object
2958         property storage.
2959
2960         Make this fast path even faster when the property name is an unresolved
2961         rope string by using JSString::toExistingAtomicString(). This is faster
2962         because it avoids allocating a new StringImpl if the string is already
2963         a known Identifier, which is guaranteed to be the case if it's present
2964         as an own property on the object.)
2965
2966         ~10% speed-up on Dromaeo/dom-attr.html
2967
2968         Reviewed by Geoffrey Garen.
2969
2970         * dfg/DFGOperations.cpp:
2971         * jit/JITOperations.cpp:
2972         (JSC::getByVal):
2973         * llint/LLIntSlowPaths.cpp:
2974         (JSC::LLInt::getByVal):
2975
2976             When using the fastGetOwnProperty() optimization, get the String
2977             out of JSString by using toExistingAtomicString(). This avoids
2978             StringImpl allocation and lets us bypass the PropertyTable lookup
2979             entirely if no AtomicString is found.
2980
2981         * runtime/JSCell.h:
2982         * runtime/JSCellInlines.h:
2983         (JSC::JSCell::fastGetOwnProperty):
2984
2985             Make fastGetOwnProperty() take a PropertyName instead of a String.
2986             This avoids churning the ref count, since we don't need to create
2987             a temporary wrapper around the AtomicStringImpl* found in GetByVal.
2988
2989         * runtime/PropertyName.h:
2990         (JSC::PropertyName::PropertyName):
2991
2992             Add constructor: PropertyName(AtomicStringImpl*)
2993
2994         * runtime/PropertyMapHashTable.h:
2995         (JSC::PropertyTable::get):
2996         (JSC::PropertyTable::findWithString): Deleted.
2997         * runtime/Structure.h:
2998         * runtime/StructureInlines.h:
2999         (JSC::Structure::get):
3000
3001             Remove code for querying a PropertyTable with an unhashed string key
3002             since the only client is now gone.
3003
3004 2014-09-02  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
3005
3006         [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
3007         https://bugs.webkit.org/show_bug.cgi?id=136429
3008
3009         Reviewed by Csaba Osztrogonác.
3010
3011         Changed test32 to use tst to check if reg is zero, instead of cmp.
3012
3013         * assembler/MacroAssemblerARM.h:
3014         (JSC::MacroAssemblerARM::test32):
3015
3016 2014-09-02  Michael Saboff  <msaboff@apple.com>
3017
3018         Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
3019         https://bugs.webkit.org/show_bug.cgi?id=136305
3020
3021         Reviewed by Filip Pizlo.
3022
3023         While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
3024         and then JITCode::execute() calls the normal entrypoint.  This is incompatible
3025         with the expectation of FTL generated functions.  Changed ProtoCallFrame to not 
3026         perform the arity fix, but just flag an arity mismatch.  now JITCode::execute()
3027         uses that arity mismatch condition to select the normal or arity check
3028         entrypoint.  The entrypoint selection is only done for functions, programs
3029         and eval always have one parameter.
3030
3031         * interpreter/ProtoCallFrame.cpp:
3032         (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
3033         * interpreter/ProtoCallFrame.h:
3034         (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
3035         should be called.
3036         * jit/JITCode.cpp:
3037         (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
3038
3039 2014-09-02  peavo@outlook.com  <peavo@outlook.com>
3040
3041         [WinCairo] testapi.exe is not built.
3042         https://bugs.webkit.org/show_bug.cgi?id=136369
3043
3044         Reviewed by Alex Christensen.
3045
3046         The testapi project should be of type Application.
3047
3048         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
3049         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
3050         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
3051         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
3052
3053 2014-09-01  Akos Kiss  <akiss@inf.u-szeged.hu>
3054
3055         [CMAKE] Add missing offlineasm dependencies
3056         https://bugs.webkit.org/show_bug.cgi?id=136437
3057
3058         Reviewed by Csaba Osztrogonác.
3059
3060         Add the ARM64, MIPS and SH4 backends to the dependencies.
3061
3062         * CMakeLists.txt:
3063
3064 2014-09-01  Brian J. Burg  <burg@cs.washington.edu>
3065
3066         Provide column numbers to DTrace willExecute/didExecute probes
3067         https://bugs.webkit.org/show_bug.cgi?id=136434
3068
3069         Reviewed by Antti Koivisto.
3070
3071         Provide the columnNumber and update stubs for !HAVE(DTRACE).
3072
3073         * profiler/ProfileGenerator.cpp:
3074         (JSC::ProfileGenerator::willExecute):
3075         (JSC::ProfileGenerator::didExecute):
3076         * runtime/Tracing.d:
3077         * runtime/Tracing.h:
3078
3079 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3080
3081         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
3082         https://bugs.webkit.org/show_bug.cgi?id=136194
3083
3084         Reviewed by Csaba Osztrogonác.
3085
3086         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
3087
3088         * CMakeLists.txt:
3089
3090 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
3091
3092         Use RetainPtr::autorelease in some places where it seems appropriate
3093         https://bugs.webkit.org/show_bug.cgi?id=136280
3094
3095         Reviewed by Darin Adler.
3096
3097         * API/JSContext.mm:
3098         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
3099         * API/JSValue.mm:
3100         (valueToString): Make appropriate use of RetainPtr
3101
3102 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
3103
3104         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
3105         https://bugs.webkit.org/show_bug.cgi?id=136391
3106
3107         Reviewed by Michael Saboff.
3108
3109         Do not rely on calling conventions to fill in the CallerFrame component
3110         of the ExecState* parameter of the called function.
3111
3112         * llint/LowLevelInterpreter32_64.asm:
3113         * llint/LowLevelInterpreter64.asm:
3114
3115 2014-08-29  Saam Barati  <sbarati@apple.com>
3116
3117         emit op_profile_type for deconstruction assignments
3118         https://bugs.webkit.org/show_bug.cgi?id=136274
3119
3120         Reviewed by Filip Pizlo.
3121
3122         Enable type profiling for ES6 deconstruction expressions.
3123
3124         * bytecompiler/NodesCodegen.cpp:
3125         (JSC::BindingNode::bindValue):
3126
3127 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
3128
3129         JavaScriptCore: Use ASCIILiteral where possible
3130         https://bugs.webkit.org/show_bug.cgi?id=136179
3131
3132         Reviewed by Michael Saboff.
3133
3134         General string / character related changes. Use ASCIILiteral where
3135         possible, jsNontrivialString where possible, and replace string
3136         literals with character literals in some places.
3137
3138         No new tests, no changes to functionality.
3139
3140         * bytecode/CodeBlock.cpp:
3141         (JSC::CodeBlock::nameForRegister):
3142         * bytecompiler/NodesCodegen.cpp:
3143         (JSC::PostfixNode::emitBytecode):
3144         (JSC::PrefixNode::emitBytecode):
3145         (JSC::AssignErrorNode::emitBytecode):
3146         (JSC::ForInNode::emitMultiLoopBytecode):
3147         (JSC::ForOfNode::emitBytecode):
3148         (JSC::ObjectPatternNode::toString):
3149         * dfg/DFGFunctionWhitelist.cpp:
3150         (JSC::DFG::FunctionWhitelist::contains):
3151         * dfg/DFGOperations.cpp:
3152         (JSC::DFG::newTypedArrayWithSize):
3153         (JSC::DFG::newTypedArrayWithOneArgument):
3154         * inspector/ConsoleMessage.cpp:
3155         (Inspector::ConsoleMessage::addToFrontend):
3156         * inspector/InspectorBackendDispatcher.cpp:
3157         (Inspector::InspectorBackendDispatcher::dispatch):
3158         * inspector/ScriptCallStackFactory.cpp:
3159         (Inspector::extractSourceInformationFromException):
3160         * inspector/scripts/codegen/generator_templates.py:
3161         * interpreter/StackVisitor.cpp:
3162         (JSC::StackVisitor::Frame::functionName):
3163         (JSC::StackVisitor::Frame::sourceURL):
3164         * jit/JITOperations.cpp:
3165         * jsc.cpp:
3166         (functionDescribeArray):
3167         (functionRun):
3168         (functionLoad):
3169         (functionReadFile):
3170         (functionCheckSyntax):
3171         (functionTransferArrayBuffer):
3172         (runWithScripts):
3173         (runInteractive):
3174         * parser/Lexer.cpp:
3175         (JSC::Lexer<T>::invalidCharacterMessage):
3176         (JSC::Lexer<T>::parseString):
3177         (JSC::Lexer<T>::parseStringSlowCase):
3178         (JSC::Lexer<T>::lex):
3179         * profiler/Profile.cpp:
3180         (JSC::Profile::Profile):
3181         * runtime/Arguments.cpp:
3182         (JSC::argumentsFuncIterator):
3183         * runtime/ArrayPrototype.cpp:
3184         (JSC::performSlowSort):
3185         (JSC::arrayProtoFuncSort):
3186         * runtime/ExceptionHelpers.cpp:
3187         (JSC::createError):
3188         (JSC::createInvalidParameterError):
3189         (JSC::createNotAConstructorError):
3190         (JSC::createNotAFunctionError):
3191         (JSC::createNotAnObjectError):
3192         (JSC::createErrorForInvalidGlobalAssignment):
3193         * runtime/FunctionPrototype.cpp:
3194         (JSC::insertSemicolonIfNeeded):
3195         * runtime/JSArray.cpp:
3196         (JSC::JSArray::defineOwnProperty):
3197         (JSC::JSArray::pop):
3198         (JSC::JSArray::push):
3199         * runtime/JSArrayBufferConstructor.cpp:
3200         (JSC::JSArrayBufferConstructor::finishCreation):
3201         * runtime/JSArrayBufferPrototype.cpp:
3202         (JSC::arrayBufferProtoFuncSlice):
3203         * runtime/JSDataView.cpp:
3204         (JSC::JSDataView::create):
3205         * runtime/JSDataViewPrototype.cpp:
3206         (JSC::getData):
3207         (JSC::setData):
3208         * runtime/JSGlobalObject.cpp:
3209         (JSC::JSGlobalObject::reset):
3210         * runtime/JSGlobalObjectFunctions.cpp:
3211         (JSC::globalFuncProtoSetter):
3212         * runtime/JSPromiseConstructor.cpp:
3213         (JSC::JSPromiseConstructor::finishCreation):
3214         * runtime/LiteralParser.cpp:
3215         (JSC::LiteralParser<CharType>::Lexer::lex):
3216         (JSC::LiteralParser<CharType>::Lexer::lexString):
3217         (JSC::LiteralParser<CharType>::parse):
3218         * runtime/LiteralParser.h:
3219         (JSC::LiteralParser::getErrorMessage):
3220         * runtime/TypeSet.cpp:
3221         (JSC::TypeSet::seenTypes):
3222         (JSC::TypeSet::displayName):
3223         (JSC::TypeSet::allPrimitiveTypeNames):
3224         (JSC::StructureShape::propertyHash):
3225         (JSC::StructureShape::stringRepresentation):
3226
3227 2014-08-29  Csaba Osztrogonác  <ossy@webkit.org>
3228
3229         Unreviwed, remove empty directories.
3230
3231         * qt: Removed.
3232
3233 2014-08-28  Mark Lam  <mark.lam@apple.com>
3234
3235         DebuggerCallFrame::scope() should return a DebuggerScope.
3236         <https://webkit.org/b/134420>
3237
3238         Reviewed by Geoffrey Garen.
3239
3240         Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
3241
3242         Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
3243         peers) which the WebInspector will use to introspect CallFrame variables.
3244         Instead, we should be returning a DebuggerScope as an abstraction layer that
3245         provides the introspection functionality that the WebInspector needs.  This
3246         is the first step towards not forcing every frame to have a JSActivation
3247         object just because the debugger is enabled.
3248
3249         1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
3250            instead of the VM.  This allows JSObject::globalObject() to be able to
3251            return the global object for the DebuggerScope.
3252
3253         2. On the DebuggerScope's life-cycle management:
3254
3255            The DebuggerCallFrame is designed to be "valid" only during a debugging session
3256            (while the debugger is broken) through the use of a DebuggerCallFrameScope in
3257            Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
3258            DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
3259            We can't guarantee (from this code alone) that the Inspector code isn't still
3260            holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
3261            the frame will be invalidated, and any attempt to query it will return null values.
3262            This is pre-existing behavior.
3263
3264            Now, we're adding the DebuggerScope into the picture.  While a single debugger
3265            pause session is in progress, the Inspector may request the scope from the
3266            DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
3267            DebuggerCallFrame::scope() to always return the same DebuggerScope object.
3268            This is why we hold on to the DebuggerScope with a strong ref.
3269
3270            If we use a weak ref instead, the following cooky behavior can manifest:
3271            1. The Inspector calls Debugger::scope() to get the top scope.
3272            2. The Inspector iterates down the scope chain and is now only holding a
3273               reference to a parent scope.  It is no longer referencing the top scope.
3274            3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
3275               gets cleared.
3276            4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
3277               a different DebuggerScope instance.
3278            5. The Inspector iterates down the scope chain but never sees the parent scope
3279               instance that retained a ref to in step 2 above.  This is because when iterating
3280               this new DebuggerScope instance (which has no knowledge of the previous parent
3281               DebuggerScope instance), a new DebuggerScope instance will get created for the
3282               same parent scope. 
3283
3284            Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
3285            However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
3286            When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
3287            instantiated) will also get invalidated.  This is why we need the
3288            DebuggerScope::invalidateChain() method.  The Inspector should not be using the
3289            DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
3290            those methods will do nothing or returned a failed status.
3291
3292         Fix for <https://webkit.org/b/135656>:
3293         3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
3294            m_thisValue in the returned slot to the wrapped scope object.  Previously,
3295            it was pointing to the DebuggerScope though the rest of the fields in the
3296            returned slot will be set to data pertaining the wrapped scope object.
3297
3298         4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
3299            wrapped scope.  This is because JSObject::getPropertySlot() cannot be
3300            overridden, and when called on a DebuggerScope, will not know to look in
3301            the ptototype chain of the DebuggerScope's wrapped scope.  Hence, we'll
3302            treat all properties in the wrapped scope as own properties in the
3303            DebuggerScope.  This is fine because the WebInspector does not presently
3304            care about where in the prototype chain the scope property comes from.
3305
3306            Note that the DebuggerScope and the JSActivation objects that it wraps do
3307            not have prototypes.  They are always jsNull().  This works perfectly with
3308            the above change to use getPropertySlot() instead of getOwnPropertySlot().
3309            To make this an explicit invariant, I also changed DebuggerScope::createStructure()
3310            and JSActivation::createStructure() to not take a prototype argument, and
3311            to always use jsNull() for their prototype value.
3312
3313         * debugger/Debugger.h:
3314         * debugger/DebuggerCallFrame.cpp:
3315         (JSC::DebuggerCallFrame::scope):
3316         (JSC::DebuggerCallFrame::evaluate):
3317         (JSC::DebuggerCallFrame::invalidate):
3318         * debugger/DebuggerCallFrame.h:
3319         * debugger/DebuggerScope.cpp:
3320         (JSC::DebuggerScope::DebuggerScope):
3321         (JSC::DebuggerScope::finishCreation):
3322         (JSC::DebuggerScope::visitChildren):
3323         (JSC::DebuggerScope::className):
3324         (JSC::DebuggerScope::getOwnPropertySlot):
3325         (JSC::DebuggerScope::put):
3326         (JSC::DebuggerScope::deleteProperty):
3327         (JSC::DebuggerScope::getOwnPropertyNames):
3328         (JSC::DebuggerScope::defineOwnProperty):
3329         (JSC::DebuggerScope::next):
3330         (JSC::DebuggerScope::invalidateChain):
3331         (JSC::DebuggerScope::isWithScope):
3332         (JSC::DebuggerScope::isGlobalScope):
3333         (JSC::DebuggerScope::isFunctionOrEvalScope):
3334         * debugger/DebuggerScope.h:
3335         (JSC::DebuggerScope::create):
3336         (JSC::DebuggerScope::createStructure):
3337         (JSC::DebuggerScope::iterator::iterator):
3338         (JSC::DebuggerScope::iterator::get):
3339         (JSC::DebuggerScope::iterator::operator++):
3340         (JSC::DebuggerScope::iterator::operator==):
3341         (JSC::DebuggerScope::iterator::operator!=):
3342         (JSC::DebuggerScope::isValid):
3343         (JSC::DebuggerScope::jsScope):
3344         (JSC::DebuggerScope::begin):
3345         (JSC::DebuggerScope::end):
3346         * inspector/JSJavaScriptCallFrame.cpp:
3347         (Inspector::JSJavaScriptCallFrame::scopeType):
3348         (Inspector::JSJavaScriptCallFrame::scopeChain):
3349         * inspector/JavaScriptCallFrame.h:
3350         (Inspector::JavaScriptCallFrame::scopeChain):
3351         * inspector/ScriptDebugServer.cpp:
3352         * runtime/JSActivation.h:
3353         (JSC::JSActivation::createStructure):
3354         * runtime/JSGlobalObject.cpp:
3355         (JSC::JSGlobalObject::reset):