Remove WTF::SpinLock
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-19  Filip Pizlo  <fpizlo@apple.com>
2
3         Remove WTF::SpinLock
4         https://bugs.webkit.org/show_bug.cgi?id=148208
5
6         Reviewed by Geoffrey Garen.
7
8         Remove the one remaining use of SpinLock.
9
10         * API/JSValue.mm:
11         (handerForStructTag):
12
13 2015-08-19  Geoffrey Garen  <ggaren@apple.com>
14
15         clearCode() should clear code
16         https://bugs.webkit.org/show_bug.cgi?id=148203
17
18         Reviewed by Saam Barati.
19
20         Clearing code used to require two steps: clearCode() and
21         clearUnlinkedCodeForRecompilation(). Unsurprisingly, clients sometimes
22         did one or the other or both without much rhyme or reason.
23
24         This patch simplifies things by merging both functions into clearCode().
25
26         * bytecode/UnlinkedFunctionExecutable.h:
27         * debugger/Debugger.cpp:
28         * heap/Heap.cpp:
29         (JSC::Heap::deleteAllCompiledCode):
30         (JSC::Heap::clearUnmarkedExecutables):
31         (JSC::Heap::deleteAllUnlinkedFunctionCode): Deleted. No need for this
32         function anymore since it was only used by clients who already called
33         clearCode() (and it would be terribly wrong to use without doing both.)
34
35         * heap/Heap.h:
36         (JSC::Heap::sizeAfterLastFullCollection):
37         * inspector/agents/InspectorRuntimeAgent.cpp:
38         (Inspector::TypeRecompiler::visit):
39         (Inspector::TypeRecompiler::operator()):
40         * runtime/Executable.cpp:
41         (JSC::FunctionExecutable::visitChildren):
42         (JSC::FunctionExecutable::clearCode):
43         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation): Deleted.
44         * runtime/Executable.h:
45         * runtime/VM.cpp:
46         (JSC::VM::deleteAllCode):
47
48 2015-08-19  Alex Christensen  <achristensen@webkit.org>
49
50         CMake Windows build should not include files directly from other Source directories
51         https://bugs.webkit.org/show_bug.cgi?id=148198
52
53         Reviewed by Brent Fulgham.
54
55         * CMakeLists.txt:
56         JavaScriptCore_FORWARDING_HEADERS_FILES is no longer necessary because all the headers
57         that used to be in it are now in JavaScriptCore_FORWARDING_HEADERS_DIRECTORIES
58         * PlatformEfl.cmake:
59         * PlatformGTK.cmake:
60         * PlatformMac.cmake:
61         * PlatformWin.cmake:
62
63 2015-08-19  Eric Carlson  <eric.carlson@apple.com>
64
65         Remove ENABLE_WEBVTT_REGIONS
66         https://bugs.webkit.org/show_bug.cgi?id=148184
67
68         Reviewed by Jer Noble.
69
70         * Configurations/FeatureDefines.xcconfig: Remove ENABLE_WEBVTT_REGIONS.
71
72 2015-08-19  Joseph Pecoraro  <pecoraro@apple.com>
73
74         Web Inspector: Unexpected node preview format for an element with newlines in className attribute
75         https://bugs.webkit.org/show_bug.cgi?id=148192
76
77         Reviewed by Brian Burg.
78
79         * inspector/InjectedScriptSource.js:
80         (InjectedScript.prototype._nodePreview):
81         Replace whitespace blocks with single spaces to produce a simpler class string for previews.
82
83 2015-08-19  Mark Lam  <mark.lam@apple.com>
84
85         Add support for CheckWatchdogTimer as slow path in DFG and FTL.
86         https://bugs.webkit.org/show_bug.cgi?id=147968
87
88         Reviewed by Michael Saboff.
89
90         Re-implement the DFG's CheckWatchdogTimer as a slow path instead of a speculation
91         check.  Since the watchdog timer can fire spuriously, this allows the code to
92         stay optimized if all we have are spurious fires.
93
94         Implement the equivalent slow path for CheckWatchdogTimer in the FTL. 
95
96         The watchdog tests in ExecutionTimeLimitTest.cpp has already been updated in
97         https://bugs.webkit.org/show_bug.cgi?id=148125 to test for the FTL's watchdog
98         implementation.
99
100         * dfg/DFGSpeculativeJIT32_64.cpp:
101         (JSC::DFG::SpeculativeJIT::compile):
102         * dfg/DFGSpeculativeJIT64.cpp:
103         (JSC::DFG::SpeculativeJIT::compile):
104         * ftl/FTLCapabilities.cpp:
105         (JSC::FTL::canCompile):
106         * ftl/FTLLowerDFGToLLVM.cpp:
107         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
108         (JSC::FTL::DFG::LowerDFGToLLVM::compileMaterializeCreateActivation):
109         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckWatchdogTimer):
110         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize):
111
112         * jit/JIT.h:
113         * jit/JITInlines.h:
114         (JSC::JIT::callOperation):
115         * jit/JITOperations.cpp:
116         * jit/JITOperations.h:
117         - Changed operationHandleWatchdogTimer() to return an unused nullptr.  This
118           allows me to reuse the existing DFG slow path generator mechanism.  I didn't
119           think that operationHandleWatchdogTimer() was worth introducing a whole new set
120           of machinery just so we can have a slow path that returns void.
121
122 2015-08-19  Mark Lam  <mark.lam@apple.com>
123
124         Add ability to save and restore JSC options.
125         https://bugs.webkit.org/show_bug.cgi?id=148125
126
127         Reviewed by Saam Barati.
128
129         * API/tests/ExecutionTimeLimitTest.cpp:
130         (testExecutionTimeLimit):
131         - Employ the new options getter/setter to run watchdog tests for each of the
132           execution engine tiers.
133         - Also altered the test scripts to be in a function instead of global code.
134           This is one of 2 changes needed to give them an opportunity to be FTL compiled.
135           The other is to add support for compiling CheckWatchdogTimer in the FTL (which
136           will be addressed in a separate patch).
137
138         * jsc.cpp:
139         (CommandLine::parseArguments):
140         * runtime/Options.cpp:
141         (JSC::parse):
142         - Add the ability to clear a string option with a nullptr value.
143           This is needed to restore a default string option value which may be null.
144
145         (JSC::OptionRange::init):
146         - Add the ability to clear a range option with a null value.
147           This is needed to restore a default range option value which may be null.
148
149         (JSC::Options::initialize):
150         (JSC::Options::dumpOptionsIfNeeded):
151         - Factor code to dump options out to dumpOptionsIfNeeded() since we will need
152           that logic elsewhere.
153
154         (JSC::Options::setOptions):
155         - Parse an options string and set each of the specified options.
156
157         (JSC::Options::dumpAllOptions):
158         (JSC::Options::dumpAllOptionsInALine):
159         (JSC::Options::dumpOption):
160         (JSC::Option::dump):
161         - Refactored so that the underlying dumper dumps to a StringBuilder instead of
162           stderr.  This lets us reuse this code to serialize all the options into a
163           single string for dumpAllOptionsInALine().
164
165         * runtime/Options.h:
166         (JSC::OptionRange::rangeString):
167
168 2015-08-18  Filip Pizlo  <fpizlo@apple.com>
169
170         Replace all uses of std::mutex/std::condition_variable with WTF::Lock/WTF::Condition
171         https://bugs.webkit.org/show_bug.cgi?id=148140
172
173         Reviewed by Geoffrey Garen.
174
175         * inspector/remote/RemoteInspector.h:
176         * inspector/remote/RemoteInspector.mm:
177         (Inspector::RemoteInspector::registerDebuggable):
178         (Inspector::RemoteInspector::unregisterDebuggable):
179         (Inspector::RemoteInspector::updateDebuggable):
180         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
181         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
182         (Inspector::RemoteInspector::setupFailed):
183         (Inspector::RemoteInspector::setupCompleted):
184         (Inspector::RemoteInspector::start):
185         (Inspector::RemoteInspector::stop):
186         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
187         (Inspector::RemoteInspector::setParentProcessInformation):
188         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
189         (Inspector::RemoteInspector::xpcConnectionFailed):
190         (Inspector::RemoteInspector::pushListingSoon):
191         (Inspector::RemoteInspector::receivedIndicateMessage):
192         (Inspector::RemoteInspector::receivedProxyApplicationSetupMessage):
193         * inspector/remote/RemoteInspectorXPCConnection.h:
194         * inspector/remote/RemoteInspectorXPCConnection.mm:
195         (Inspector::RemoteInspectorXPCConnection::close):
196         (Inspector::RemoteInspectorXPCConnection::closeFromMessage):
197         (Inspector::RemoteInspectorXPCConnection::deserializeMessage):
198         (Inspector::RemoteInspectorXPCConnection::handleEvent):
199
200 2015-08-18  Joseph Pecoraro  <pecoraro@apple.com>
201
202         Web Inspector: Links for rules in <style> are incorrect, do not account for <style> offset in the document
203         https://bugs.webkit.org/show_bug.cgi?id=148141
204
205         Reviewed by Brian Burg.
206
207         * inspector/protocol/CSS.json:
208         Extend StyleSheetHeader to include start offset information and a bit
209         for whether or not this was an inline style tag created by the parser.
210         These match additions to Blink's protocol.
211
212 2015-08-18  Benjamin Poulain  <bpoulain@apple.com>
213
214         [JSC] Optimize more cases of something-compared-to-null/undefined
215         https://bugs.webkit.org/show_bug.cgi?id=148157
216
217         Reviewed by Geoffrey Garen and Filip Pizlo.
218
219         CompareEq is fairly trivial if you assert one of the operands is either
220         null or undefined. Under those conditions, the only way to have "true"
221         is to have the other operand be null/undefined or have an object
222         that masquerades to undefined.
223
224         JSC already had a fast path in CompareEqConstant.
225         With this patch, I generalize this fast path to more cases and try
226         to eliminate the checks whenever possible.
227
228         CompareEq now does the job of CompareEqConstant. If any operand can
229         be proved to be undefined/other, its edge is set to OtherUse. Whenever
230         any edge is OtherUse, we generate the fast code we had for CompareEqConstant.
231
232         The AbstractInterpreter has additional checks to reduce the node to a constant
233         whenever possible.
234
235         There are two additional changes in this patch:
236         -The Fixup Phase tries to set edges to OtherUse early. This is done correctly
237          in ConstantFoldingPhase but setting it up early helps the phases relying
238          on Clobberize.
239         -The codegen for CompareEqConstant was improved. The reason is the comparison
240          for ObjectOrOther could be faster just because the codegen was better.
241
242         * dfg/DFGAbstractInterpreterInlines.h:
243         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
244         * dfg/DFGByteCodeParser.cpp:
245         (JSC::DFG::ByteCodeParser::parseBlock):
246         * dfg/DFGClobberize.h:
247         (JSC::DFG::clobberize): Deleted.
248         * dfg/DFGConstantFoldingPhase.cpp:
249         (JSC::DFG::ConstantFoldingPhase::foldConstants):
250         * dfg/DFGDoesGC.cpp:
251         (JSC::DFG::doesGC): Deleted.
252         * dfg/DFGFixupPhase.cpp:
253         (JSC::DFG::FixupPhase::fixupNode):
254         * dfg/DFGNode.h:
255         (JSC::DFG::Node::isUndefinedOrNullConstant):
256         * dfg/DFGNodeType.h:
257         * dfg/DFGPredictionPropagationPhase.cpp:
258         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
259         * dfg/DFGSafeToExecute.h:
260         (JSC::DFG::safeToExecute): Deleted.
261         * dfg/DFGSpeculativeJIT.cpp:
262         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
263         (JSC::DFG::SpeculativeJIT::compare):
264         * dfg/DFGSpeculativeJIT.h:
265         (JSC::DFG::SpeculativeJIT::isKnownNotOther):
266         * dfg/DFGSpeculativeJIT32_64.cpp:
267         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
268         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
269         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
270         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
271         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
272         (JSC::DFG::SpeculativeJIT::compile): Deleted.
273         * dfg/DFGSpeculativeJIT64.cpp:
274         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
275         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
276         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
277         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
278         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
279         (JSC::DFG::SpeculativeJIT::compile): Deleted.
280         * dfg/DFGValidate.cpp:
281         (JSC::DFG::Validate::validate): Deleted.
282         * dfg/DFGWatchpointCollectionPhase.cpp:
283         (JSC::DFG::WatchpointCollectionPhase::handle):
284         * ftl/FTLCapabilities.cpp:
285         (JSC::FTL::canCompile):
286         * ftl/FTLLowerDFGToLLVM.cpp:
287         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEq):
288         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
289         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEqConstant): Deleted.
290         * tests/stress/compare-eq-on-null-and-undefined-non-peephole.js: Added.
291         (string_appeared_here.useForMath):
292         (testUseForMath):
293         * tests/stress/compare-eq-on-null-and-undefined-optimized-in-constant-folding.js: Added.
294         (string_appeared_here.unreachableCodeTest):
295         (inlinedCompareToNull):
296         (inlinedComparedToUndefined):
297         (warmupInlineFunctions):
298         (testInlineFunctions):
299         * tests/stress/compare-eq-on-null-and-undefined.js: Added.
300         (string_appeared_here.compareConstants):
301         (opaqueNull):
302         (opaqueUndefined):
303         (compareConstantsAndDynamicValues):
304         (compareDynamicValues):
305         (compareDynamicValueToItself):
306         (arrayTesting):
307         (opaqueCompare1):
308         (testNullComparatorUpdate):
309         (opaqueCompare2):
310         (testUndefinedComparatorUpdate):
311         (opaqueCompare3):
312         (testNullAndUndefinedComparatorUpdate):
313
314 2015-08-18  Yusuke Suzuki  <utatane.tea@gmail.com>
315
316         Introduce non-user-observable Promise functions to use Promises internally
317         https://bugs.webkit.org/show_bug.cgi?id=148118
318
319         Reviewed by Saam Barati.
320
321         To leverage the Promises internally (like ES6 Module Loaders), we add
322         the several non-user-observable private methods, like @then, @all. And
323         refactor the existing Promises implementation to make it easy to use
324         internally.
325
326         But still the trappable part remains. When resolving the promise with
327         the returned value, we look up the "then" function. So users can trap
328         by replacing "then" function of the Promise's prototype.
329         To avoid this situation, we'll introduce completely differnt promise
330         instances called InternalPromise in the subsequent patch[1].
331
332         No behavior change.
333
334         [1]: https://bugs.webkit.org/show_bug.cgi?id=148136
335
336         * builtins/PromiseConstructor.js:
337         (privateAll.newResolveElement):
338         (privateAll):
339         * runtime/JSGlobalObject.cpp:
340         (JSC::JSGlobalObject::init):
341         (JSC::JSGlobalObject::visitChildren): Deleted.
342         * runtime/JSGlobalObject.h:
343         (JSC::JSGlobalObject::promiseConstructor): Deleted.
344         (JSC::JSGlobalObject::promisePrototype): Deleted.
345         (JSC::JSGlobalObject::promiseStructure): Deleted.
346         * runtime/JSPromiseConstructor.cpp:
347         (JSC::JSPromiseConstructor::finishCreation):
348         * runtime/JSPromiseDeferred.cpp:
349         (JSC::callFunction):
350         (JSC::JSPromiseDeferred::resolve):
351         (JSC::JSPromiseDeferred::reject):
352         * runtime/JSPromiseDeferred.h:
353         * runtime/JSPromisePrototype.cpp:
354         (JSC::JSPromisePrototype::create):
355         (JSC::JSPromisePrototype::JSPromisePrototype):
356         * runtime/JSPromisePrototype.h:
357
358 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
359
360         Try to fix the CLOOP build.
361
362         Unreviewed.
363
364         * bytecode/CodeBlock.cpp:
365
366 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
367
368         Split InlineCallFrame into its own file
369         https://bugs.webkit.org/show_bug.cgi?id=148131
370
371         Reviewed by Saam Barati.
372
373         * CMakeLists.txt:
374         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
375         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
376         * JavaScriptCore.xcodeproj/project.pbxproj:
377         * bytecode/CallLinkStatus.cpp:
378         * bytecode/CodeBlock.h:
379         (JSC::ExecState::r):
380         (JSC::baselineCodeBlockForInlineCallFrame): Deleted.
381         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): Deleted.
382         * bytecode/CodeOrigin.cpp:
383         (JSC::CodeOrigin::inlineStack):
384         (JSC::CodeOrigin::codeOriginOwner):
385         (JSC::CodeOrigin::stackOffset):
386         (JSC::CodeOrigin::dump):
387         (JSC::CodeOrigin::dumpInContext):
388         (JSC::InlineCallFrame::calleeConstant): Deleted.
389         (JSC::InlineCallFrame::visitAggregate): Deleted.
390         (JSC::InlineCallFrame::calleeForCallFrame): Deleted.
391         (JSC::InlineCallFrame::hash): Deleted.
392         (JSC::InlineCallFrame::hashAsStringIfPossible): Deleted.
393         (JSC::InlineCallFrame::inferredName): Deleted.
394         (JSC::InlineCallFrame::baselineCodeBlock): Deleted.
395         (JSC::InlineCallFrame::dumpBriefFunctionInformation): Deleted.
396         (JSC::InlineCallFrame::dumpInContext): Deleted.
397         (JSC::InlineCallFrame::dump): Deleted.
398         (WTF::printInternal): Deleted.
399         * bytecode/CodeOrigin.h:
400         (JSC::CodeOrigin::deletedMarker):
401         (JSC::CodeOrigin::hash):
402         (JSC::CodeOrigin::operator==):
403         (JSC::CodeOriginHash::hash):
404         (JSC::CodeOriginHash::equal):
405         (JSC::InlineCallFrame::kindFor): Deleted.
406         (JSC::InlineCallFrame::varargsKindFor): Deleted.
407         (JSC::InlineCallFrame::specializationKindFor): Deleted.
408         (JSC::InlineCallFrame::isVarargs): Deleted.
409         (JSC::InlineCallFrame::InlineCallFrame): Deleted.
410         (JSC::InlineCallFrame::specializationKind): Deleted.
411         (JSC::InlineCallFrame::setStackOffset): Deleted.
412         (JSC::InlineCallFrame::callerFrameOffset): Deleted.
413         (JSC::InlineCallFrame::returnPCOffset): Deleted.
414         (JSC::CodeOrigin::stackOffset): Deleted.
415         (JSC::CodeOrigin::codeOriginOwner): Deleted.
416         * bytecode/InlineCallFrame.cpp: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.cpp.
417         (JSC::InlineCallFrame::calleeConstant):
418         (JSC::CodeOrigin::inlineDepthForCallFrame): Deleted.
419         (JSC::CodeOrigin::inlineDepth): Deleted.
420         (JSC::CodeOrigin::isApproximatelyEqualTo): Deleted.
421         (JSC::CodeOrigin::approximateHash): Deleted.
422         (JSC::CodeOrigin::inlineStack): Deleted.
423         (JSC::CodeOrigin::dump): Deleted.
424         (JSC::CodeOrigin::dumpInContext): Deleted.
425         * bytecode/InlineCallFrame.h: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.h.
426         (JSC::InlineCallFrame::isVarargs):
427         (JSC::InlineCallFrame::InlineCallFrame):
428         (JSC::InlineCallFrame::specializationKind):
429         (JSC::baselineCodeBlockForInlineCallFrame):
430         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
431         (JSC::CodeOrigin::CodeOrigin): Deleted.
432         (JSC::CodeOrigin::isSet): Deleted.
433         (JSC::CodeOrigin::operator!): Deleted.
434         (JSC::CodeOrigin::isHashTableDeletedValue): Deleted.
435         (JSC::CodeOrigin::operator!=): Deleted.
436         (JSC::CodeOrigin::deletedMarker): Deleted.
437         (JSC::CodeOrigin::stackOffset): Deleted.
438         (JSC::CodeOrigin::hash): Deleted.
439         (JSC::CodeOrigin::operator==): Deleted.
440         (JSC::CodeOrigin::codeOriginOwner): Deleted.
441         (JSC::CodeOriginHash::hash): Deleted.
442         (JSC::CodeOriginHash::equal): Deleted.
443         (JSC::CodeOriginApproximateHash::hash): Deleted.
444         (JSC::CodeOriginApproximateHash::equal): Deleted.
445         * bytecode/InlineCallFrameSet.cpp:
446         * dfg/DFGCommonData.cpp:
447         * dfg/DFGOSRExitBase.cpp:
448         * dfg/DFGVariableEventStream.cpp:
449         * ftl/FTLOperations.cpp:
450         * interpreter/CallFrame.cpp:
451         * interpreter/StackVisitor.cpp:
452         * jit/AssemblyHelpers.h:
453         * profiler/ProfilerOriginStack.cpp:
454         * runtime/ClonedArguments.cpp:
455
456 2015-08-18  Mark Lam  <mark.lam@apple.com>
457
458         Removed an unused param in Interpreter::initialize().
459         https://bugs.webkit.org/show_bug.cgi?id=148129
460
461         Reviewed by Michael Saboff.
462
463         * interpreter/Interpreter.cpp:
464         (JSC::Interpreter::~Interpreter):
465         (JSC::Interpreter::initialize):
466         * interpreter/Interpreter.h:
467         (JSC::Interpreter::stack):
468         * runtime/VM.cpp:
469         (JSC::VM::VM):
470
471 2015-08-17  Alex Christensen  <achristensen@webkit.org>
472
473         Add const to content extension parser
474         https://bugs.webkit.org/show_bug.cgi?id=148044
475
476         Reviewed by Benjamin Poulain.
477
478         * runtime/JSObject.h:
479         (JSC::JSObject::getIndexQuickly):
480         (JSC::JSObject::tryGetIndexQuickly):
481         (JSC::JSObject::getDirectIndex):
482         (JSC::JSObject::getIndex):
483         Added a few const keywords.
484
485 2015-08-17  Alex Christensen  <achristensen@webkit.org>
486
487         Build Debug Suffix on Windows with CMake
488         https://bugs.webkit.org/show_bug.cgi?id=148083
489
490         Reviewed by Brent Fulgham.
491
492         * CMakeLists.txt:
493         * PlatformWin.cmake:
494         * shell/CMakeLists.txt:
495         * shell/PlatformWin.cmake:
496         Add DEBUG_SUFFIX
497
498 2015-08-17  Saam barati  <sbarati@apple.com>
499
500         Web Inspector: Type profiler return types aren't showing up
501         https://bugs.webkit.org/show_bug.cgi?id=147348
502
503         Reviewed by Brian Burg.
504
505         Bug #145995 changed the starting offset of a function to 
506         be the open parenthesis of the function's parameter list.
507         This broke JSC's type profiler protocol of communicating 
508         return types of a function to the web inspector. This
509         is now fixed. The text offset used in the protocol is now
510         the first letter of the function/get/set/method name.
511         So "f" in "function a() {}", "s" in "set foo(){}", etc.
512
513         * bytecode/CodeBlock.cpp:
514         (JSC::CodeBlock::CodeBlock):
515         * jsc.cpp:
516         (functionReturnTypeFor):
517
518 2015-08-17 Aleksandr Skachkov   <gskachkov@gmail.com>
519
520         [ES6] Implement ES6 arrow function syntax. Arrow function specific features. Lexical bind of this
521         https://bugs.webkit.org/show_bug.cgi?id=144956
522
523         Reviewed by Saam Barati.
524
525         Added support of ES6 arrow function specific feature, lexical bind of this and no constructor. http://wiki.ecmascript.org/doku.php?id=harmony:arrow_function_syntax
526         In patch were implemented the following cases:
527            this - variable |this| is point to the |this| of the function where arrow function is declared. Lexical bind of |this|
528            constructor - the using of the command |new| for arrow function leads to runtime error
529            call(), apply(), bind()  - methods can only pass in arguments, but has no effect on |this| 
530
531
532         * CMakeLists.txt:
533         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
534         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
535         * JavaScriptCore.xcodeproj/project.pbxproj:
536         * bytecode/BytecodeList.json:
537         * bytecode/BytecodeUseDef.h:
538         (JSC::computeUsesForBytecodeOffset):
539         (JSC::computeDefsForBytecodeOffset):
540         * bytecode/CodeBlock.cpp:
541         (JSC::CodeBlock::dumpBytecode):
542         * bytecode/ExecutableInfo.h:
543         (JSC::ExecutableInfo::ExecutableInfo):
544         (JSC::ExecutableInfo::isArrowFunction):
545         * bytecode/UnlinkedCodeBlock.cpp:
546         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
547         * bytecode/UnlinkedCodeBlock.h:
548         (JSC::UnlinkedCodeBlock::isArrowFunction):
549         * bytecode/UnlinkedFunctionExecutable.cpp:
550         (JSC::generateFunctionCodeBlock):
551         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
552         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
553         * bytecode/UnlinkedFunctionExecutable.h:
554         * bytecompiler/BytecodeGenerator.cpp:
555         (JSC::BytecodeGenerator::BytecodeGenerator):
556         (JSC::BytecodeGenerator::emitNewFunctionCommon):
557         (JSC::BytecodeGenerator::emitNewFunctionExpression):
558         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
559         (JSC::BytecodeGenerator::emitLoadArrowFunctionThis):
560         * bytecompiler/BytecodeGenerator.h:
561         * bytecompiler/NodesCodegen.cpp:
562         (JSC::ArrowFuncExprNode::emitBytecode):
563         * dfg/DFGAbstractInterpreterInlines.h:
564         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
565         * dfg/DFGByteCodeParser.cpp:
566         (JSC::DFG::ByteCodeParser::parseBlock):
567         * dfg/DFGCapabilities.cpp:
568         (JSC::DFG::capabilityLevel):
569         * dfg/DFGClobberize.h:
570         (JSC::DFG::clobberize):
571         * dfg/DFGDoesGC.cpp:
572         (JSC::DFG::doesGC):
573         * dfg/DFGFixupPhase.cpp:
574         (JSC::DFG::FixupPhase::fixupNode):
575         * dfg/DFGNode.h:
576         (JSC::DFG::Node::convertToPhantomNewFunction):
577         (JSC::DFG::Node::hasCellOperand):
578         (JSC::DFG::Node::isFunctionAllocation):
579         * dfg/DFGNodeType.h:
580         * dfg/DFGObjectAllocationSinkingPhase.cpp:
581         * dfg/DFGPredictionPropagationPhase.cpp:
582         (JSC::DFG::PredictionPropagationPhase::propagate):
583         * dfg/DFGPromotedHeapLocation.cpp:
584         (WTF::printInternal):
585         * dfg/DFGPromotedHeapLocation.h:
586         * dfg/DFGSafeToExecute.h:
587         (JSC::DFG::safeToExecute):
588         * dfg/DFGSpeculativeJIT.cpp:
589         (JSC::DFG::SpeculativeJIT::compileLoadArrowFunctionThis):
590         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
591         (JSC::DFG::SpeculativeJIT::compileNewFunction):
592         * dfg/DFGSpeculativeJIT.h:
593         (JSC::DFG::SpeculativeJIT::callOperation):
594         * dfg/DFGSpeculativeJIT32_64.cpp:
595         (JSC::DFG::SpeculativeJIT::compile):
596         * dfg/DFGSpeculativeJIT64.cpp:
597         (JSC::DFG::SpeculativeJIT::compile):
598         * dfg/DFGStoreBarrierInsertionPhase.cpp:
599         * dfg/DFGStructureRegistrationPhase.cpp:
600         (JSC::DFG::StructureRegistrationPhase::run):
601         * ftl/FTLAbstractHeapRepository.cpp:
602         * ftl/FTLAbstractHeapRepository.h:
603         * ftl/FTLCapabilities.cpp:
604         (JSC::FTL::canCompile):
605         * ftl/FTLIntrinsicRepository.h:
606         * ftl/FTLLowerDFGToLLVM.cpp:
607         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
608         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewFunction):
609         (JSC::FTL::DFG::LowerDFGToLLVM::compileLoadArrowFunctionThis):
610         * ftl/FTLOperations.cpp:
611         (JSC::FTL::operationMaterializeObjectInOSR):
612         * interpreter/Interpreter.cpp:
613         * interpreter/Interpreter.h:
614         * jit/CCallHelpers.h:
615         (JSC::CCallHelpers::setupArgumentsWithExecState): Added 3 arguments version for windows build.
616         * jit/JIT.cpp:
617         (JSC::JIT::privateCompileMainPass):
618         * jit/JIT.h:
619         * jit/JITInlines.h:
620         (JSC::JIT::callOperation):
621         * jit/JITOpcodes.cpp:
622         (JSC::JIT::emit_op_load_arrowfunction_this):
623         (JSC::JIT::emit_op_new_func_exp):
624         (JSC::JIT::emitNewFuncExprCommon):
625         (JSC::JIT::emit_op_new_arrow_func_exp):
626         * jit/JITOpcodes32_64.cpp:
627         (JSC::JIT::emit_op_load_arrowfunction_this):
628         * jit/JITOperations.cpp:
629         * jit/JITOperations.h:
630         * llint/LLIntOffsetsExtractor.cpp:
631         * llint/LLIntSlowPaths.cpp:
632         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
633         (JSC::LLInt::setUpCall):
634         * llint/LLIntSlowPaths.h:
635         * llint/LowLevelInterpreter.asm:
636         * llint/LowLevelInterpreter32_64.asm:
637         * llint/LowLevelInterpreter64.asm:
638         * parser/ASTBuilder.h:
639         (JSC::ASTBuilder::createFunctionMetadata):
640         (JSC::ASTBuilder::createArrowFunctionExpr):
641         * parser/NodeConstructors.h:
642         (JSC::BaseFuncExprNode::BaseFuncExprNode):
643         (JSC::FuncExprNode::FuncExprNode):
644         (JSC::ArrowFuncExprNode::ArrowFuncExprNode):
645         * parser/Nodes.cpp:
646         (JSC::FunctionMetadataNode::FunctionMetadataNode):
647         * parser/Nodes.h:
648         (JSC::ExpressionNode::isArrowFuncExprNode):
649         * parser/Parser.cpp:
650         (JSC::Parser<LexerType>::parseFunctionBody):
651         (JSC::Parser<LexerType>::parseFunctionInfo):
652         * parser/SyntaxChecker.h:
653         (JSC::SyntaxChecker::createFunctionMetadata):
654         * runtime/Executable.cpp:
655         (JSC::ScriptExecutable::newCodeBlockFor):
656         * runtime/Executable.h:
657         * runtime/JSArrowFunction.cpp: Added.
658         (JSC::JSArrowFunction::destroy):
659         (JSC::JSArrowFunction::create):
660         (JSC::JSArrowFunction::JSArrowFunction):
661         (JSC::JSArrowFunction::createWithInvalidatedReallocationWatchpoint):
662         (JSC::JSArrowFunction::visitChildren):
663         (JSC::JSArrowFunction::getConstructData):
664         * runtime/JSArrowFunction.h: Added.
665         (JSC::JSArrowFunction::allocationSize):
666         (JSC::JSArrowFunction::createImpl):
667         (JSC::JSArrowFunction::boundThis):
668         (JSC::JSArrowFunction::createStructure):
669         (JSC::JSArrowFunction::offsetOfThisValue):
670         * runtime/JSFunction.h:
671         * runtime/JSFunctionInlines.h:
672         (JSC::JSFunction::JSFunction):
673         * runtime/JSGlobalObject.cpp:
674         (JSC::JSGlobalObject::init):
675         (JSC::JSGlobalObject::visitChildren):
676         * runtime/JSGlobalObject.h:
677         (JSC::JSGlobalObject::arrowFunctionStructure):
678         * tests/stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js: Added.
679         * tests/stress/arrowfunction-activation-sink-osrexit-default-value.js: Added.
680         * tests/stress/arrowfunction-activation-sink-osrexit.js: Added.
681         * tests/stress/arrowfunction-activation-sink.js: Added.
682         * tests/stress/arrowfunction-bound.js: Added.
683         * tests/stress/arrowfunction-call.js: Added.
684         * tests/stress/arrowfunction-constructor.js: Added.
685         * tests/stress/arrowfunction-lexical-bind-this-1.js: Added.
686         * tests/stress/arrowfunction-lexical-bind-this-2.js: Added.
687         * tests/stress/arrowfunction-lexical-bind-this-3.js: Added.
688         * tests/stress/arrowfunction-lexical-bind-this-4.js: Added.
689         * tests/stress/arrowfunction-lexical-bind-this-5.js: Added.
690         * tests/stress/arrowfunction-lexical-bind-this-6.js: Added.
691         * tests/stress/arrowfunction-lexical-this-activation-sink-osrexit.js: Added.
692         * tests/stress/arrowfunction-lexical-this-activation-sink.js: Added.
693         * tests/stress/arrowfunction-lexical-this-sinking-no-double-allocate.js: Added.
694         * tests/stress/arrowfunction-lexical-this-sinking-osrexit.js: Added.
695         * tests/stress/arrowfunction-lexical-this-sinking-put.js: Added.
696         * tests/stress/arrowfunction-others.js: Added.
697         * tests/stress/arrowfunction-run-10-1.js: Added.
698         * tests/stress/arrowfunction-run-10-2.js: Added.
699         * tests/stress/arrowfunction-run-10000-1.js: Added.
700         * tests/stress/arrowfunction-run-10000-2.js: Added.
701         * tests/stress/arrowfunction-sinking-no-double-allocate.js: Added.
702         * tests/stress/arrowfunction-sinking-osrexit.js: Added.
703         * tests/stress/arrowfunction-sinking-put.js: Added.
704         * tests/stress/arrowfunction-tdz.js: Added.
705         * tests/stress/arrowfunction-typeof.js: Added.
706
707 2015-07-28  Sam Weinig  <sam@webkit.org>
708
709         Cleanup the builtin JavaScript files
710         https://bugs.webkit.org/show_bug.cgi?id=147382
711
712         Reviewed by Geoffrey Garen.
713
714         * builtins/Array.prototype.js:
715         * builtins/ArrayConstructor.js:
716         * builtins/ArrayIterator.prototype.js:
717         * builtins/Function.prototype.js:
718         * builtins/Iterator.prototype.js:
719         * builtins/ObjectConstructor.js:
720         * builtins/StringConstructor.js:
721         * builtins/StringIterator.prototype.js:
722         Unify the style of the built JavaScript files.
723
724 2015-08-17  Alex Christensen  <achristensen@webkit.org>
725
726         Move some commands from ./CMakeLists.txt to Source/cmake
727         https://bugs.webkit.org/show_bug.cgi?id=148003
728
729         Reviewed by Brent Fulgham.
730
731         * CMakeLists.txt:
732         Added commands needed to build JSC by itself.
733
734 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
735
736         [ES6] Implement Reflect.get
737         https://bugs.webkit.org/show_bug.cgi?id=147925
738
739         Reviewed by Geoffrey Garen.
740
741         This patch implements Reflect.get API.
742         It can take the receiver object as the third argument.
743         When the receiver is specified and there's a getter for the given property name,
744         we call the getter with the receiver as the |this| value.
745
746         * runtime/ReflectObject.cpp:
747         (JSC::reflectObjectGet):
748         * runtime/SparseArrayValueMap.cpp:
749         (JSC::SparseArrayEntry::get): Deleted.
750         * runtime/SparseArrayValueMap.h:
751         * tests/stress/reflect-get.js: Added.
752         (shouldBe):
753         (shouldThrow):
754         (.get shouldThrow):
755         (.get var):
756         (get var.object.get hello):
757         (.get shouldBe):
758         (get var.object.set hello):
759
760 2015-08-17  Simon Fraser  <simon.fraser@apple.com>
761
762         will-change should sometimes trigger compositing
763         https://bugs.webkit.org/show_bug.cgi?id=148072
764
765         Reviewed by Tim Horton.
766         
767         Include will-change as a reason for compositing.
768
769         * inspector/protocol/LayerTree.json:
770
771 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
772
773         [ES6] Implement Reflect.getOwnPropertyDescriptor
774         https://bugs.webkit.org/show_bug.cgi?id=147929
775
776         Reviewed by Geoffrey Garen.
777
778         Implement Reflect.getOwnPropertyDescriptor.
779         The difference from the Object.getOwnPropertyDescriptor is
780         Reflect.getOwnPropertyDescriptor does not perform ToObject onto
781         the first argument. If the first argument is not an Object, it
782         immediately raises the TypeError.
783
784         * runtime/ObjectConstructor.cpp:
785         (JSC::objectConstructorGetOwnPropertyDescriptor):
786         * runtime/ObjectConstructor.h:
787         * runtime/ReflectObject.cpp:
788         (JSC::reflectObjectGetOwnPropertyDescriptor):
789         * tests/stress/reflect-get-own-property.js: Added.
790         (shouldBe):
791         (shouldThrow):
792
793 2015-08-16  Benjamin Poulain  <bpoulain@apple.com>
794
795         [JSC] Use (x + x) instead of (x * 2) when possible
796         https://bugs.webkit.org/show_bug.cgi?id=148051
797
798         Reviewed by Michael Saboff.
799
800         When multiplying a number by 2, JSC was loading a constant "2"
801         in register and multiplying it with the first number:
802
803             mov $0x4000000000000000, %rcx
804             movd %rcx, %xmm0
805             mulsd %xmm0, %xmm1
806
807         This is a problem for a few reasons.
808         1) "movd %rcx, %xmm0" only set half of XMM0. This instruction
809            has to wait for any preceding instruction on XMM0 to finish
810            before executing.
811         2) The load and transform itself is large and unecessary.
812
813         To fix that, I added a StrengthReductionPhase to transform
814         multiplications by 2 into a addition.
815
816         Unfortunately, that turned the code into:
817             movsd %xmm0 %xmm1
818             mulsd %xmm1 %xmm0
819
820         The reason is GenerationInfo::canReuse() was not accounting
821         for nodes using other nodes multiple times.
822
823         After fixing that too, we now have the multiplications by 2
824         done as:
825             addsd %xmm0 %xmm0
826
827         * dfg/DFGGenerationInfo.h:
828         (JSC::DFG::GenerationInfo::useCount):
829         (JSC::DFG::GenerationInfo::canReuse): Deleted.
830         * dfg/DFGSpeculativeJIT.cpp:
831         (JSC::DFG::FPRTemporary::FPRTemporary):
832         * dfg/DFGSpeculativeJIT.h:
833         (JSC::DFG::SpeculativeJIT::canReuse):
834         (JSC::DFG::GPRTemporary::GPRTemporary):
835         * dfg/DFGStrengthReductionPhase.cpp:
836         (JSC::DFG::StrengthReductionPhase::handleNode):
837
838 2015-08-14  Basile Clement  <basile_clement@apple.com>
839
840         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
841         https://bugs.webkit.org/show_bug.cgi?id=147165
842
843         Reviewed by Saam Barati.
844
845         The object allocation sinking phase was not properly checking that a
846         MultiGetByOffset was safe to lower before lowering it.
847         This makes it so that we only lower MultiGetByOffset if it only loads
848         from direct properties of the object, and considers it as an escape in
849         any other case (e.g. a load from the prototype).
850
851         It also ensure proper conversion of MultiGetByOffset into
852         CheckStructureImmediate when needed.
853
854         * dfg/DFGObjectAllocationSinkingPhase.cpp:
855         * ftl/FTLLowerDFGToLLVM.cpp:
856         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
857             We were not compiling properly CheckStructure and
858             CheckStructureImmediate nodes with an empty StructureSet.
859         * tests/stress/sink-multigetbyoffset.js: Regression test.
860
861 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
862
863         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
864         https://bugs.webkit.org/show_bug.cgi?id=147999
865
866         Reviewed by Geoffrey Garen.
867
868         * API/JSVirtualMachine.mm:
869         (initWrapperCache):
870         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
871         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
872         (wrapperCacheMutex): Deleted.
873         * bytecode/SamplingTool.cpp:
874         (JSC::SamplingTool::doRun):
875         (JSC::SamplingTool::notifyOfScope):
876         * bytecode/SamplingTool.h:
877         * dfg/DFGThreadData.h:
878         * dfg/DFGWorklist.cpp:
879         (JSC::DFG::Worklist::~Worklist):
880         (JSC::DFG::Worklist::isActiveForVM):
881         (JSC::DFG::Worklist::enqueue):
882         (JSC::DFG::Worklist::compilationState):
883         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
884         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
885         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
886         (JSC::DFG::Worklist::visitWeakReferences):
887         (JSC::DFG::Worklist::removeDeadPlans):
888         (JSC::DFG::Worklist::queueLength):
889         (JSC::DFG::Worklist::dump):
890         (JSC::DFG::Worklist::runThread):
891         * dfg/DFGWorklist.h:
892         * disassembler/Disassembler.cpp:
893         * heap/CopiedSpace.cpp:
894         (JSC::CopiedSpace::doneFillingBlock):
895         (JSC::CopiedSpace::doneCopying):
896         * heap/CopiedSpace.h:
897         * heap/CopiedSpaceInlines.h:
898         (JSC::CopiedSpace::recycleBorrowedBlock):
899         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
900         * heap/GCThread.cpp:
901         (JSC::GCThread::waitForNextPhase):
902         (JSC::GCThread::gcThreadMain):
903         * heap/GCThreadSharedData.cpp:
904         (JSC::GCThreadSharedData::GCThreadSharedData):
905         (JSC::GCThreadSharedData::~GCThreadSharedData):
906         (JSC::GCThreadSharedData::startNextPhase):
907         (JSC::GCThreadSharedData::endCurrentPhase):
908         (JSC::GCThreadSharedData::didStartMarking):
909         (JSC::GCThreadSharedData::didFinishMarking):
910         * heap/GCThreadSharedData.h:
911         * heap/HeapTimer.h:
912         * heap/MachineStackMarker.cpp:
913         (JSC::ActiveMachineThreadsManager::Locker::Locker):
914         (JSC::ActiveMachineThreadsManager::add):
915         (JSC::ActiveMachineThreadsManager::remove):
916         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
917         (JSC::MachineThreads::~MachineThreads):
918         (JSC::MachineThreads::addCurrentThread):
919         (JSC::MachineThreads::removeThreadIfFound):
920         (JSC::MachineThreads::tryCopyOtherThreadStack):
921         (JSC::MachineThreads::tryCopyOtherThreadStacks):
922         (JSC::MachineThreads::gatherConservativeRoots):
923         * heap/MachineStackMarker.h:
924         * heap/SlotVisitor.cpp:
925         (JSC::SlotVisitor::donateKnownParallel):
926         (JSC::SlotVisitor::drain):
927         (JSC::SlotVisitor::drainFromShared):
928         (JSC::SlotVisitor::mergeOpaqueRoots):
929         * heap/SlotVisitorInlines.h:
930         (JSC::SlotVisitor::containsOpaqueRootTriState):
931         * inspector/remote/RemoteInspectorDebuggableConnection.h:
932         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
933         (Inspector::RemoteInspectorHandleRunSourceGlobal):
934         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
935         (Inspector::RemoteInspectorInitializeGlobalQueue):
936         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
937         (Inspector::RemoteInspectorDebuggableConnection::setup):
938         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
939         (Inspector::RemoteInspectorDebuggableConnection::close):
940         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
941         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
942         * interpreter/JSStack.cpp:
943         (JSC::JSStack::JSStack):
944         (JSC::JSStack::releaseExcessCapacity):
945         (JSC::JSStack::addToCommittedByteCount):
946         (JSC::JSStack::committedByteCount):
947         (JSC::stackStatisticsMutex): Deleted.
948         (JSC::JSStack::initializeThreading): Deleted.
949         * interpreter/JSStack.h:
950         (JSC::JSStack::gatherConservativeRoots):
951         (JSC::JSStack::sanitizeStack):
952         (JSC::JSStack::size):
953         (JSC::JSStack::initializeThreading): Deleted.
954         * jit/ExecutableAllocator.cpp:
955         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
956         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
957         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
958         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
959         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
960         (JSC::DemandExecutableAllocator::allocators):
961         (JSC::DemandExecutableAllocator::allocatorsMutex):
962         * jit/JITThunks.cpp:
963         (JSC::JITThunks::ctiStub):
964         * jit/JITThunks.h:
965         * profiler/ProfilerDatabase.cpp:
966         (JSC::Profiler::Database::ensureBytecodesFor):
967         (JSC::Profiler::Database::notifyDestruction):
968         * profiler/ProfilerDatabase.h:
969         * runtime/InitializeThreading.cpp:
970         (JSC::initializeThreading):
971         * runtime/JSLock.cpp:
972         (JSC::GlobalJSLock::GlobalJSLock):
973         (JSC::GlobalJSLock::~GlobalJSLock):
974         (JSC::JSLockHolder::JSLockHolder):
975         (JSC::GlobalJSLock::initialize): Deleted.
976         * runtime/JSLock.h:
977
978 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
979
980         ES6 class syntax should allow computed name method
981         https://bugs.webkit.org/show_bug.cgi?id=142690
982
983         Reviewed by Saam Barati.
984
985         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
986         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
987         getters and setters for classes. Without this, getters and setters could erroneously override methods.
988
989         * bytecode/BytecodeList.json:
990         * bytecode/BytecodeUseDef.h:
991         (JSC::computeUsesForBytecodeOffset):
992         * bytecode/CodeBlock.cpp:
993         (JSC::CodeBlock::dumpBytecode):
994         * bytecompiler/BytecodeGenerator.cpp:
995         (JSC::BytecodeGenerator::emitDirectPutById):
996         (JSC::BytecodeGenerator::emitPutGetterById):
997         (JSC::BytecodeGenerator::emitPutSetterById):
998         (JSC::BytecodeGenerator::emitPutGetterSetter):
999         * bytecompiler/BytecodeGenerator.h:
1000         * bytecompiler/NodesCodegen.cpp:
1001         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
1002         as done for object literals.
1003         (JSC::PropertyListNode::emitPutConstantProperty):
1004         (JSC::ClassExprNode::emitBytecode):
1005         * jit/CCallHelpers.h:
1006         (JSC::CCallHelpers::setupArgumentsWithExecState):
1007         * jit/JIT.h:
1008         * jit/JITInlines.h:
1009         (JSC::JIT::callOperation):
1010         * jit/JITOperations.cpp:
1011         * jit/JITOperations.h:
1012         * jit/JITPropertyAccess.cpp:
1013         (JSC::JIT::emit_op_put_getter_by_id):
1014         (JSC::JIT::emit_op_put_setter_by_id):
1015         (JSC::JIT::emit_op_put_getter_setter):
1016         (JSC::JIT::emit_op_del_by_id):
1017         * jit/JITPropertyAccess32_64.cpp:
1018         (JSC::JIT::emit_op_put_getter_by_id):
1019         (JSC::JIT::emit_op_put_setter_by_id):
1020         (JSC::JIT::emit_op_put_getter_setter):
1021         (JSC::JIT::emit_op_del_by_id):
1022         * llint/LLIntSlowPaths.cpp:
1023         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1024         * llint/LowLevelInterpreter.asm:
1025         * parser/ASTBuilder.h:
1026         (JSC::ASTBuilder::createProperty):
1027         (JSC::ASTBuilder::createPropertyList):
1028         * parser/NodeConstructors.h:
1029         (JSC::PropertyNode::PropertyNode):
1030         * parser/Nodes.h:
1031         (JSC::PropertyNode::expressionName):
1032         (JSC::PropertyNode::name):
1033         * parser/Parser.cpp:
1034         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
1035         for getters and setters.
1036         * parser/SyntaxChecker.h:
1037         (JSC::SyntaxChecker::createProperty):
1038         * runtime/JSObject.cpp:
1039         (JSC::JSObject::allowsAccessFrom):
1040         (JSC::JSObject::putGetter):
1041         (JSC::JSObject::putSetter):
1042         * runtime/JSObject.h:
1043         * runtime/PropertyDescriptor.h:
1044
1045 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1046
1047         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
1048         https://bugs.webkit.org/show_bug.cgi?id=147942
1049
1050         Reviewed by Geoffrey Garen.
1051
1052         This patch adds new private global object, @InspectorInstrumentation.
1053         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
1054         instrumentation system and it is used to instrument the builtin JS code, like Promises.
1055
1056         * CMakeLists.txt:
1057         * DerivedSources.make:
1058         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1059         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1060         * JavaScriptCore.xcodeproj/project.pbxproj:
1061         * builtins/InspectorInstrumentationObject.js: Added.
1062         (debug):
1063         (promiseFulfilled):
1064         (promiseRejected):
1065         * builtins/Operations.Promise.js:
1066         (rejectPromise):
1067         (fulfillPromise):
1068         * runtime/CommonIdentifiers.h:
1069         * runtime/InspectorInstrumentationObject.cpp: Added.
1070         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
1071         (JSC::InspectorInstrumentationObject::finishCreation):
1072         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
1073         (JSC::InspectorInstrumentationObject::isEnabled):
1074         (JSC::InspectorInstrumentationObject::enable):
1075         (JSC::InspectorInstrumentationObject::disable):
1076         (JSC::inspectorInstrumentationObjectDataLogImpl):
1077         * runtime/InspectorInstrumentationObject.h: Added.
1078         (JSC::InspectorInstrumentationObject::create):
1079         (JSC::InspectorInstrumentationObject::createStructure):
1080         * runtime/JSGlobalObject.cpp:
1081         (JSC::JSGlobalObject::init):
1082
1083 2015-08-14  Commit Queue  <commit-queue@webkit.org>
1084
1085         Unreviewed, rolling out r188444.
1086         https://bugs.webkit.org/show_bug.cgi?id=148029
1087
1088         Broke GTK and EFL (see bug #148027) (Requested by philn on
1089         #webkit).
1090
1091         Reverted changeset:
1092
1093         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
1094         WTF::ThreadCondition, std::mutex, and std::condition_variable"
1095         https://bugs.webkit.org/show_bug.cgi?id=147999
1096         http://trac.webkit.org/changeset/188444
1097
1098 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
1099
1100         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
1101         https://bugs.webkit.org/show_bug.cgi?id=147999
1102
1103         Reviewed by Geoffrey Garen.
1104
1105         * API/JSVirtualMachine.mm:
1106         (initWrapperCache):
1107         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
1108         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
1109         (wrapperCacheMutex): Deleted.
1110         * bytecode/SamplingTool.cpp:
1111         (JSC::SamplingTool::doRun):
1112         (JSC::SamplingTool::notifyOfScope):
1113         * bytecode/SamplingTool.h:
1114         * dfg/DFGThreadData.h:
1115         * dfg/DFGWorklist.cpp:
1116         (JSC::DFG::Worklist::~Worklist):
1117         (JSC::DFG::Worklist::isActiveForVM):
1118         (JSC::DFG::Worklist::enqueue):
1119         (JSC::DFG::Worklist::compilationState):
1120         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1121         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1122         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1123         (JSC::DFG::Worklist::visitWeakReferences):
1124         (JSC::DFG::Worklist::removeDeadPlans):
1125         (JSC::DFG::Worklist::queueLength):
1126         (JSC::DFG::Worklist::dump):
1127         (JSC::DFG::Worklist::runThread):
1128         * dfg/DFGWorklist.h:
1129         * disassembler/Disassembler.cpp:
1130         * heap/CopiedSpace.cpp:
1131         (JSC::CopiedSpace::doneFillingBlock):
1132         (JSC::CopiedSpace::doneCopying):
1133         * heap/CopiedSpace.h:
1134         * heap/CopiedSpaceInlines.h:
1135         (JSC::CopiedSpace::recycleBorrowedBlock):
1136         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1137         * heap/GCThread.cpp:
1138         (JSC::GCThread::waitForNextPhase):
1139         (JSC::GCThread::gcThreadMain):
1140         * heap/GCThreadSharedData.cpp:
1141         (JSC::GCThreadSharedData::GCThreadSharedData):
1142         (JSC::GCThreadSharedData::~GCThreadSharedData):
1143         (JSC::GCThreadSharedData::startNextPhase):
1144         (JSC::GCThreadSharedData::endCurrentPhase):
1145         (JSC::GCThreadSharedData::didStartMarking):
1146         (JSC::GCThreadSharedData::didFinishMarking):
1147         * heap/GCThreadSharedData.h:
1148         * heap/HeapTimer.h:
1149         * heap/MachineStackMarker.cpp:
1150         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1151         (JSC::ActiveMachineThreadsManager::add):
1152         (JSC::ActiveMachineThreadsManager::remove):
1153         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1154         (JSC::MachineThreads::~MachineThreads):
1155         (JSC::MachineThreads::addCurrentThread):
1156         (JSC::MachineThreads::removeThreadIfFound):
1157         (JSC::MachineThreads::tryCopyOtherThreadStack):
1158         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1159         (JSC::MachineThreads::gatherConservativeRoots):
1160         * heap/MachineStackMarker.h:
1161         * heap/SlotVisitor.cpp:
1162         (JSC::SlotVisitor::donateKnownParallel):
1163         (JSC::SlotVisitor::drain):
1164         (JSC::SlotVisitor::drainFromShared):
1165         (JSC::SlotVisitor::mergeOpaqueRoots):
1166         * heap/SlotVisitorInlines.h:
1167         (JSC::SlotVisitor::containsOpaqueRootTriState):
1168         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1169         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1170         (Inspector::RemoteInspectorHandleRunSourceGlobal):
1171         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
1172         (Inspector::RemoteInspectorInitializeGlobalQueue):
1173         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
1174         (Inspector::RemoteInspectorDebuggableConnection::setup):
1175         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
1176         (Inspector::RemoteInspectorDebuggableConnection::close):
1177         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
1178         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
1179         * interpreter/JSStack.cpp:
1180         (JSC::JSStack::JSStack):
1181         (JSC::JSStack::releaseExcessCapacity):
1182         (JSC::JSStack::addToCommittedByteCount):
1183         (JSC::JSStack::committedByteCount):
1184         (JSC::stackStatisticsMutex): Deleted.
1185         (JSC::JSStack::initializeThreading): Deleted.
1186         * interpreter/JSStack.h:
1187         (JSC::JSStack::gatherConservativeRoots):
1188         (JSC::JSStack::sanitizeStack):
1189         (JSC::JSStack::size):
1190         (JSC::JSStack::initializeThreading): Deleted.
1191         * jit/ExecutableAllocator.cpp:
1192         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
1193         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
1194         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
1195         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
1196         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
1197         (JSC::DemandExecutableAllocator::allocators):
1198         (JSC::DemandExecutableAllocator::allocatorsMutex):
1199         * jit/JITThunks.cpp:
1200         (JSC::JITThunks::ctiStub):
1201         * jit/JITThunks.h:
1202         * profiler/ProfilerDatabase.cpp:
1203         (JSC::Profiler::Database::ensureBytecodesFor):
1204         (JSC::Profiler::Database::notifyDestruction):
1205         * profiler/ProfilerDatabase.h:
1206         * runtime/InitializeThreading.cpp:
1207         (JSC::initializeThreading):
1208         * runtime/JSLock.cpp:
1209         (JSC::GlobalJSLock::GlobalJSLock):
1210         (JSC::GlobalJSLock::~GlobalJSLock):
1211         (JSC::JSLockHolder::JSLockHolder):
1212         (JSC::GlobalJSLock::initialize): Deleted.
1213         * runtime/JSLock.h:
1214
1215 2015-08-13  Commit Queue  <commit-queue@webkit.org>
1216
1217         Unreviewed, rolling out r188428.
1218         https://bugs.webkit.org/show_bug.cgi?id=148015
1219
1220         broke cmake build (Requested by alexchristensen on #webkit).
1221
1222         Reverted changeset:
1223
1224         "Move some commands from ./CMakeLists.txt to Source/cmake"
1225         https://bugs.webkit.org/show_bug.cgi?id=148003
1226         http://trac.webkit.org/changeset/188428
1227
1228 2015-08-13  Commit Queue  <commit-queue@webkit.org>
1229
1230         Unreviewed, rolling out r188431.
1231         https://bugs.webkit.org/show_bug.cgi?id=148013
1232
1233         JSC headers are too hard to understand (Requested by smfr on
1234         #webkit).
1235
1236         Reverted changeset:
1237
1238         "Remove a few includes from JSGlobalObject.h"
1239         https://bugs.webkit.org/show_bug.cgi?id=148004
1240         http://trac.webkit.org/changeset/188431
1241
1242 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
1243
1244         [JSC] Add support for GetByVal on arrays of Undecided shape
1245         https://bugs.webkit.org/show_bug.cgi?id=147814
1246
1247         Reviewed by Filip Pizlo.
1248
1249         Previously, GetByVal on Array::Undecided would just take
1250         the generic path. The problem is the generic path is so
1251         slow that it could take a significant amount of time
1252         even for unfrequent accesses.
1253
1254         With this patch, if the following conditions are met,
1255         the GetByVal just returns a "undefined" constant:
1256         -The object is an OriginalArray.
1257         -The prototype chain is sane.
1258         -The index is an integer.
1259         -The integer is positive (runtime check).
1260
1261         Ideally, the 4th conditions should be removed
1262         deducing a compile-time constant gives us so much better
1263         opportunities at getting rid of this code.
1264
1265         There are two cases where this patch removes the runtime
1266         check:
1267         -If the index is constant (uncommon but easy)
1268         -If the index is within a range known to be positive.
1269          (common case and made possible with DFGIntegerRangeOptimizationPhase).
1270
1271         When we get into those cases, DFG just nukes everything
1272         and all we have left is a structure check :)
1273
1274         This patch is a 14% improvement on audio-beat-detection,
1275         a few percent faster here and there and no regression.
1276
1277         * dfg/DFGAbstractInterpreterInlines.h:
1278         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1279         If the index is a positive constant, we can get rid of the GetByVal
1280         entirely. :)
1281
1282         * dfg/DFGArrayMode.cpp:
1283         (JSC::DFG::ArrayMode::fromObserved):
1284         The returned type is now Array::Undecided + profiling information.
1285         The useful type is set in ArrayMode::refine().
1286
1287         (JSC::DFG::ArrayMode::refine):
1288         If we meet the particular set conditions, we speculate an Undecided
1289         array type with sane chain. Anything else comes back to Generic.
1290
1291         (JSC::DFG::ArrayMode::originalArrayStructure):
1292         To enable the structure check for Undecided array.
1293
1294         (JSC::DFG::ArrayMode::alreadyChecked):
1295         * dfg/DFGArrayMode.h:
1296         (JSC::DFG::ArrayMode::withProfile):
1297         (JSC::DFG::ArrayMode::canCSEStorage):
1298         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
1299         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
1300         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
1301
1302         * dfg/DFGByteCodeParser.cpp:
1303         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
1304         This is somewhat unrelated.
1305
1306         Having Array::Undecided on ArrayPush was impossible before
1307         since ArrayMode::fromObserved() used to return Array::Generic.
1308
1309         Now that Array::Undecided is possible, we must make sure not
1310         to provide it to ArrayPush since there is no code to handle it
1311         properly.
1312
1313         * dfg/DFGClobberize.h:
1314         (JSC::DFG::clobberize):
1315         The operation only depends on the index, it is pure.
1316
1317         * dfg/DFGFixupPhase.cpp:
1318         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1319         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1320         * dfg/DFGSpeculativeJIT.cpp:
1321         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
1322         (JSC::DFG::SpeculativeJIT::checkArray):
1323         * dfg/DFGSpeculativeJIT32_64.cpp:
1324         (JSC::DFG::SpeculativeJIT::compile):
1325         * dfg/DFGSpeculativeJIT64.cpp:
1326         (JSC::DFG::SpeculativeJIT::compile):
1327         * ftl/FTLCapabilities.cpp:
1328         (JSC::FTL::canCompile):
1329         * ftl/FTLLowerDFGToLLVM.cpp:
1330         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
1331         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
1332         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
1333         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
1334         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
1335         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
1336         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
1337         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
1338
1339 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
1340
1341         Remove a few includes from JSGlobalObject.h
1342         https://bugs.webkit.org/show_bug.cgi?id=148004
1343
1344         Reviewed by Tim Horton.
1345         
1346         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
1347
1348         * parser/VariableEnvironment.cpp:
1349         * parser/VariableEnvironment.h:
1350         * runtime/JSGlobalObject.h:
1351         * runtime/Structure.h:
1352         * runtime/StructureInlines.h:
1353
1354 2015-08-13  Alex Christensen  <achristensen@webkit.org>
1355
1356         Move some commands from ./CMakeLists.txt to Source/cmake
1357         https://bugs.webkit.org/show_bug.cgi?id=148003
1358
1359         Reviewed by Brent Fulgham.
1360
1361         * CMakeLists.txt:
1362         Added commands needed to build JSC by itself.
1363
1364 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1365
1366         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
1367         https://bugs.webkit.org/show_bug.cgi?id=147353
1368
1369         Reviewed by Saam Barati.
1370
1371         This is the follow-up patch after r188355.
1372         It includes the following changes.
1373
1374         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
1375         - Make SourceParseMode to C++ strongly-typed enum.
1376         - Fix the comments.
1377         - Rename ModuleSpecifier to ModuleName.
1378         - Add the type name `ImportEntry` before the C++11 uniform initialization.
1379         - Fix the thrown message for duplicate 'default' names.
1380         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
1381
1382         * API/JSScriptRef.cpp:
1383         (parseScript):
1384         * builtins/BuiltinExecutables.cpp:
1385         (JSC::BuiltinExecutables::createExecutableInternal):
1386         * bytecode/UnlinkedFunctionExecutable.cpp:
1387         (JSC::generateFunctionCodeBlock):
1388         * bytecode/UnlinkedFunctionExecutable.h:
1389         * bytecompiler/BytecodeGenerator.h:
1390         (JSC::BytecodeGenerator::makeFunction):
1391         * parser/ASTBuilder.h:
1392         (JSC::ASTBuilder::createFunctionMetadata):
1393         (JSC::ASTBuilder::createModuleName):
1394         (JSC::ASTBuilder::createImportDeclaration):
1395         (JSC::ASTBuilder::createExportAllDeclaration):
1396         (JSC::ASTBuilder::createExportNamedDeclaration):
1397         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
1398         * parser/ModuleAnalyzer.cpp:
1399         (JSC::ModuleAnalyzer::analyze):
1400         * parser/NodeConstructors.h:
1401         (JSC::ModuleNameNode::ModuleNameNode):
1402         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1403         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1404         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1405         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
1406         * parser/Nodes.cpp:
1407         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1408         * parser/Nodes.h:
1409         (JSC::StatementNode::isModuleDeclarationNode):
1410         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
1411         (JSC::ImportDeclarationNode::moduleName):
1412         (JSC::ExportAllDeclarationNode::moduleName):
1413         (JSC::ExportNamedDeclarationNode::moduleName):
1414         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
1415         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
1416         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
1417         * parser/NodesAnalyzeModule.cpp:
1418         (JSC::SourceElements::analyzeModule):
1419         (JSC::ImportDeclarationNode::analyzeModule):
1420         (JSC::ExportAllDeclarationNode::analyzeModule):
1421         (JSC::ExportNamedDeclarationNode::analyzeModule):
1422         * parser/Parser.cpp:
1423         (JSC::Parser<LexerType>::Parser):
1424         (JSC::Parser<LexerType>::parseInner):
1425         (JSC::Parser<LexerType>::parseModuleSourceElements):
1426         (JSC::Parser<LexerType>::parseFunctionBody):
1427         (JSC::stringForFunctionMode):
1428         (JSC::Parser<LexerType>::parseFunctionParameters):
1429         (JSC::Parser<LexerType>::parseFunctionInfo):
1430         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1431         (JSC::Parser<LexerType>::parseClass):
1432         (JSC::Parser<LexerType>::parseModuleName):
1433         (JSC::Parser<LexerType>::parseImportDeclaration):
1434         (JSC::Parser<LexerType>::parseExportDeclaration):
1435         (JSC::Parser<LexerType>::parsePropertyMethod):
1436         (JSC::Parser<LexerType>::parseGetterSetter):
1437         (JSC::Parser<LexerType>::parsePrimaryExpression):
1438         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
1439         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
1440         * parser/Parser.h:
1441         (JSC::Parser<LexerType>::parse):
1442         (JSC::parse):
1443         * parser/ParserModes.h:
1444         (JSC::isFunctionParseMode):
1445         (JSC::isModuleParseMode):
1446         (JSC::isProgramParseMode):
1447         * parser/SyntaxChecker.h:
1448         (JSC::SyntaxChecker::createFunctionMetadata):
1449         (JSC::SyntaxChecker::createModuleName):
1450         (JSC::SyntaxChecker::createImportDeclaration):
1451         (JSC::SyntaxChecker::createExportAllDeclaration):
1452         (JSC::SyntaxChecker::createExportNamedDeclaration):
1453         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
1454         * runtime/CodeCache.cpp:
1455         (JSC::CodeCache::getGlobalCodeBlock):
1456         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1457         * runtime/Completion.cpp:
1458         (JSC::checkSyntax):
1459         (JSC::checkModuleSyntax):
1460         * runtime/Executable.cpp:
1461         (JSC::ProgramExecutable::checkSyntax):
1462         * tests/stress/modules-syntax-error-with-names.js:
1463
1464 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
1465
1466         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
1467         https://bugs.webkit.org/show_bug.cgi?id=147966
1468
1469         Reviewed by Timothy Hatcher.
1470
1471         * inspector/InjectedScriptSource.js:
1472         (InjectedScript.prototype._initialPreview):
1473         Renamed to initial preview. This is not a complete preview for
1474         this object, and it needs some processing in order to be a
1475         complete accurate preview.
1476
1477         (InjectedScript.RemoteObject.prototype._emptyPreview):
1478         This attempts to be an accurate empty preview for the given object.
1479         For types with entries, it adds an empty entries list and updates
1480         the overflow and lossless properties.
1481
1482         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
1483         Take a generatePreview parameter to generate a full preview or empty preview.
1484
1485         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
1486         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
1487         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
1488         Take care to avoid cycles.
1489
1490 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
1491
1492         Periodic code deletion should delete RegExp code
1493         https://bugs.webkit.org/show_bug.cgi?id=147990
1494
1495         Reviewed by Filip Pizlo.
1496
1497         The RegExp code cache was created for the sake of simple loops that
1498         re-created the same RegExps. It's reasonable to delete it periodically.
1499
1500         * heap/Heap.cpp:
1501         (JSC::Heap::deleteOldCode):
1502
1503 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
1504
1505         RegExpCache::finalize should not delete code
1506         https://bugs.webkit.org/show_bug.cgi?id=147987
1507
1508         Reviewed by Mark Lam.
1509
1510         The RegExp object already knows how to delete its own code in its
1511         destructor. Our job is just to clear our stale pointer.
1512
1513         * runtime/RegExpCache.cpp:
1514         (JSC::RegExpCache::finalize):
1515         (JSC::RegExpCache::addToStrongCache):
1516
1517 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
1518
1519         Standardize on the phrase "delete code"
1520         https://bugs.webkit.org/show_bug.cgi?id=147984
1521
1522         Reviewed by Mark Lam.
1523
1524         Use "delete" when we talk about throwing away code, as opposed to
1525         "invalidate" or "discard".
1526
1527         * debugger/Debugger.cpp:
1528         (JSC::Debugger::forEachCodeBlock):
1529         (JSC::Debugger::setSteppingMode):
1530         (JSC::Debugger::recompileAllJSFunctions):
1531         * heap/Heap.cpp:
1532         (JSC::Heap::deleteAllCompiledCode):
1533         * inspector/agents/InspectorRuntimeAgent.cpp:
1534         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1535         * runtime/RegExp.cpp:
1536         (JSC::RegExp::match):
1537         (JSC::RegExp::deleteCode):
1538         (JSC::RegExp::invalidateCode): Deleted.
1539         * runtime/RegExp.h:
1540         * runtime/RegExpCache.cpp:
1541         (JSC::RegExpCache::finalize):
1542         (JSC::RegExpCache::addToStrongCache):
1543         (JSC::RegExpCache::deleteAllCode):
1544         (JSC::RegExpCache::invalidateCode): Deleted.
1545         * runtime/RegExpCache.h:
1546         * runtime/VM.cpp:
1547         (JSC::VM::stopSampling):
1548         (JSC::VM::prepareToDeleteCode):
1549         (JSC::VM::deleteAllCode):
1550         (JSC::VM::setEnabledProfiler):
1551         (JSC::VM::prepareToDiscardCode): Deleted.
1552         (JSC::VM::discardAllCode): Deleted.
1553         * runtime/VM.h:
1554         (JSC::VM::apiLock):
1555         (JSC::VM::codeCache):
1556         * runtime/Watchdog.cpp:
1557         (JSC::Watchdog::setTimeLimit):
1558
1559 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1560
1561         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
1562         https://bugs.webkit.org/show_bug.cgi?id=147930
1563
1564         Reviewed by Saam Barati.
1565
1566         When the passed prototype object to be set is the same to the existing
1567         prototype object, [[SetPrototypeOf]] just finishes its operation even
1568         if the extensibility of the target object is `false`.
1569
1570         * runtime/JSGlobalObjectFunctions.cpp:
1571         (JSC::globalFuncProtoSetter):
1572         * runtime/ObjectConstructor.cpp:
1573         (JSC::objectConstructorSetPrototypeOf):
1574         * runtime/ReflectObject.cpp:
1575         (JSC::reflectObjectSetPrototypeOf):
1576         * tests/stress/set-same-prototype.js: Added.
1577         (shouldBe):
1578         (shouldThrow):
1579
1580 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
1581
1582         Removed clearEvalCodeCache()
1583         https://bugs.webkit.org/show_bug.cgi?id=147957
1584
1585         Reviewed by Filip Pizlo.
1586
1587         It was unused.
1588
1589         * bytecode/CodeBlock.cpp:
1590         (JSC::CodeBlock::linkIncomingCall):
1591         (JSC::CodeBlock::install):
1592         (JSC::CodeBlock::clearEvalCache): Deleted.
1593         * bytecode/CodeBlock.h:
1594         (JSC::CodeBlock::numberOfJumpTargets):
1595         (JSC::CodeBlock::jumpTarget):
1596         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1597
1598 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
1599
1600         [ES6] Implement Reflect.defineProperty
1601         https://bugs.webkit.org/show_bug.cgi?id=147943
1602
1603         Reviewed by Saam Barati.
1604
1605         This patch implements Reflect.defineProperty.
1606         The difference from the Object.defineProperty is,
1607
1608         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
1609         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
1610         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
1611
1612         And this patch comments the links to the ES6 spec.
1613
1614         * builtins/ReflectObject.js:
1615         * runtime/ObjectConstructor.cpp:
1616         (JSC::toPropertyDescriptor):
1617         * runtime/ObjectConstructor.h:
1618         * runtime/ReflectObject.cpp:
1619         (JSC::reflectObjectDefineProperty):
1620         * tests/stress/reflect-define-property.js: Added.
1621         (shouldBe):
1622         (shouldThrow):
1623         (.set getter):
1624         (setter):
1625         (.get testDescriptor):
1626         (.set get var):
1627         (.set testDescriptor):
1628         (.set get testDescriptor):
1629         (.set get shouldThrow):
1630         (.get var):
1631
1632 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
1633
1634         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
1635         https://bugs.webkit.org/show_bug.cgi?id=147950
1636
1637         Reviewed by Michael Saboff.
1638
1639         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
1640         responsible for memory corruption, since it would sometimes install watchpoints on structures that
1641         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
1642         entirely since later phases also do constant folding, and they do it without introducing the bug.
1643         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
1644         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
1645         be maximally aggressive in constant-folding whenever possible.
1646
1647         So, this change now brings back that constant folding rule - for loads from object constants that
1648         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
1649         tryGetConstantProperty() if we have registered the structure set.
1650
1651         * dfg/DFGByteCodeParser.cpp:
1652         (JSC::DFG::ByteCodeParser::load):
1653
1654 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
1655
1656         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
1657         https://bugs.webkit.org/show_bug.cgi?id=147353
1658
1659         Reviewed by Geoffrey Garen.
1660
1661         This patch implements ModuleRecord and ModuleAnalyzer.
1662         ModuleAnalyzer analyzes the produced AST from the parser.
1663         By collaborating with the parser, ModuleAnalyzer collects the information
1664         that is necessary to request the loading for the dependent modules and
1665         construct module's environment and namespace object before executing the actual
1666         module body.
1667
1668         In the parser, we annotate which variable is imported binding and which variable
1669         is exported from the current module. This information is leveraged in the ModuleAnalyzer
1670         to categorize the export entries.
1671
1672         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
1673         instead of introducing a new TreeContext type. This is because only 2 users use the
1674         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
1675         enough to switch the context to the SyntaxChecker when parsing the non-module related
1676         statement in the preparsing phase.
1677
1678         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
1679         into the JSC shell. By specifying this, the result of analysis is dumped when the module
1680         is parsed and analyzed.
1681
1682         * CMakeLists.txt:
1683         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1684         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1685         * JavaScriptCore.xcodeproj/project.pbxproj:
1686         * builtins/BuiltinNames.h:
1687         * parser/ASTBuilder.h:
1688         (JSC::ASTBuilder::createExportDefaultDeclaration):
1689         * parser/ModuleAnalyzer.cpp: Added.
1690         (JSC::ModuleAnalyzer::ModuleAnalyzer):
1691         (JSC::ModuleAnalyzer::exportedBinding):
1692         (JSC::ModuleAnalyzer::declareExportAlias):
1693         (JSC::ModuleAnalyzer::exportVariable):
1694         (JSC::ModuleAnalyzer::analyze):
1695         * parser/ModuleAnalyzer.h: Added.
1696         (JSC::ModuleAnalyzer::vm):
1697         (JSC::ModuleAnalyzer::moduleRecord):
1698         * parser/ModuleRecord.cpp: Added.
1699         (JSC::printableName):
1700         (JSC::ModuleRecord::dump):
1701         * parser/ModuleRecord.h: Added.
1702         (JSC::ModuleRecord::ImportEntry::isNamespace):
1703         (JSC::ModuleRecord::create):
1704         (JSC::ModuleRecord::appendRequestedModule):
1705         (JSC::ModuleRecord::addImportEntry):
1706         (JSC::ModuleRecord::addExportEntry):
1707         (JSC::ModuleRecord::addStarExportEntry):
1708         * parser/NodeConstructors.h:
1709         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
1710         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1711         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1712         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
1713         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
1714         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1715         * parser/Nodes.h:
1716         (JSC::ExportDefaultDeclarationNode::localName):
1717         * parser/NodesAnalyzeModule.cpp: Added.
1718         (JSC::ScopeNode::analyzeModule):
1719         (JSC::SourceElements::analyzeModule):
1720         (JSC::ImportDeclarationNode::analyzeModule):
1721         (JSC::ExportAllDeclarationNode::analyzeModule):
1722         (JSC::ExportDefaultDeclarationNode::analyzeModule):
1723         (JSC::ExportLocalDeclarationNode::analyzeModule):
1724         (JSC::ExportNamedDeclarationNode::analyzeModule):
1725         * parser/Parser.cpp:
1726         (JSC::Parser<LexerType>::parseInner):
1727         (JSC::Parser<LexerType>::parseModuleSourceElements):
1728         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1729         (JSC::Parser<LexerType>::createBindingPattern):
1730         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1731         (JSC::Parser<LexerType>::parseClassDeclaration):
1732         (JSC::Parser<LexerType>::parseImportClauseItem):
1733         (JSC::Parser<LexerType>::parseExportSpecifier):
1734         (JSC::Parser<LexerType>::parseExportDeclaration):
1735         * parser/Parser.h:
1736         (JSC::Scope::lexicalVariables):
1737         (JSC::Scope::declareLexicalVariable):
1738         (JSC::Parser::declareVariable):
1739         (JSC::Parser::exportName):
1740         (JSC::Parser<LexerType>::parse):
1741         (JSC::parse):
1742         * parser/ParserModes.h:
1743         * parser/SyntaxChecker.h:
1744         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1745         * parser/VariableEnvironment.cpp:
1746         (JSC::VariableEnvironment::markVariableAsImported):
1747         (JSC::VariableEnvironment::markVariableAsExported):
1748         * parser/VariableEnvironment.h:
1749         (JSC::VariableEnvironmentEntry::isExported):
1750         (JSC::VariableEnvironmentEntry::isImported):
1751         (JSC::VariableEnvironmentEntry::setIsExported):
1752         (JSC::VariableEnvironmentEntry::setIsImported):
1753         * runtime/CommonIdentifiers.h:
1754         * runtime/Completion.cpp:
1755         (JSC::checkModuleSyntax):
1756         * runtime/Options.h:
1757
1758 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
1759
1760         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
1761
1762         * jit/ExecutableAllocator.h:
1763         * jsc.cpp:
1764         (GlobalObject::finishCreation):
1765         (functionAddressOf):
1766         (functionVersion):
1767         (functionReleaseExecutableMemory): Deleted.
1768         * runtime/VM.cpp:
1769         (JSC::StackPreservingRecompiler::operator()):
1770         (JSC::VM::throwException):
1771         (JSC::VM::updateFTLLargestStackSize):
1772         (JSC::VM::gatherConservativeRoots):
1773         (JSC::VM::releaseExecutableMemory): Deleted.
1774         (JSC::releaseExecutableMemory): Deleted.
1775         * runtime/VM.h:
1776         (JSC::VM::isCollectorBusy):
1777         * runtime/Watchdog.cpp:
1778         (JSC::Watchdog::setTimeLimit):
1779
1780 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
1781
1782         Roll out r188339, which broke the build.
1783
1784         Unreviewed.
1785
1786         * jit/ExecutableAllocator.h:
1787         * jsc.cpp:
1788         (GlobalObject::finishCreation):
1789         (functionReleaseExecutableMemory):
1790         * runtime/VM.cpp:
1791         (JSC::StackPreservingRecompiler::visit):
1792         (JSC::StackPreservingRecompiler::operator()):
1793         (JSC::VM::releaseExecutableMemory):
1794         (JSC::releaseExecutableMemory):
1795         * runtime/VM.h:
1796         * runtime/Watchdog.cpp:
1797         (JSC::Watchdog::setTimeLimit):
1798
1799 2015-08-12  Alex Christensen  <achristensen@webkit.org>
1800
1801         Fix Debug CMake builds on Windows
1802         https://bugs.webkit.org/show_bug.cgi?id=147940
1803
1804         Reviewed by Chris Dumez.
1805
1806         * PlatformWin.cmake:
1807         Copy the plist to the JavaScriptCore.resources directory.
1808
1809 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
1810
1811         Remove VM::releaseExecutableMemory
1812         https://bugs.webkit.org/show_bug.cgi?id=147915
1813
1814         Reviewed by Saam Barati.
1815
1816         releaseExecutableMemory() was only used in one place, where discardAllCode()
1817         would work just as well.
1818
1819         It's confusing to have two slightly different ways to discard code. Also,
1820         releaseExecutableMemory() is unused in any production code, and it seems
1821         to have bit-rotted.
1822
1823         * jit/ExecutableAllocator.h:
1824         * jsc.cpp:
1825         (GlobalObject::finishCreation):
1826         (functionAddressOf):
1827         (functionVersion):
1828         (functionReleaseExecutableMemory): Deleted.
1829         * runtime/VM.cpp:
1830         (JSC::StackPreservingRecompiler::operator()):
1831         (JSC::VM::throwException):
1832         (JSC::VM::updateFTLLargestStackSize):
1833         (JSC::VM::gatherConservativeRoots):
1834         (JSC::VM::releaseExecutableMemory): Deleted.
1835         (JSC::releaseExecutableMemory): Deleted.
1836         * runtime/VM.h:
1837         (JSC::VM::isCollectorBusy):
1838         * runtime/Watchdog.cpp:
1839         (JSC::Watchdog::setTimeLimit):
1840
1841 2015-08-12  Mark Lam  <mark.lam@apple.com>
1842
1843         Add a JSC option to enable the watchdog for testing.
1844         https://bugs.webkit.org/show_bug.cgi?id=147939
1845
1846         Reviewed by Michael Saboff.
1847
1848         * API/JSContextRef.cpp:
1849         (JSContextGroupSetExecutionTimeLimit):
1850         (createWatchdogIfNeeded): Deleted.
1851         * runtime/Options.h:
1852         * runtime/VM.cpp:
1853         (JSC::VM::VM):
1854         (JSC::VM::~VM):
1855         (JSC::VM::sharedInstanceInternal):
1856         (JSC::VM::ensureWatchdog):
1857         (JSC::thunkGeneratorForIntrinsic):
1858         * runtime/VM.h:
1859
1860 2015-08-11  Mark Lam  <mark.lam@apple.com>
1861
1862         Implementation JavaScript watchdog using WTF::WorkQueue.
1863         https://bugs.webkit.org/show_bug.cgi?id=147107
1864
1865         Reviewed by Geoffrey Garen.
1866
1867         How the Watchdog works?
1868         ======================
1869
1870         1. When do we start the Watchdog?
1871            =============================
1872            The watchdog should only be started if both the following conditions are true:
1873            1. A time limit has been set.
1874            2. We have entered the VM.
1875  
1876         2. CPU time vs Wall Clock time
1877            ===========================
1878            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
1879
1880            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
1881            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
1882            indicates the wall clock time point when the WorkQueue timer is expected to fire.
1883
1884            The time limit for which we allow JS code to run should be measured in CPU time, which can
1885            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
1886            should fire.
1887
1888            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
1889            we need to check if m_cpuDeadline has been reached.
1890
1891            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
1892
1893            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
1894            code to continue to run for.  Hence, we need to start a new timer to fire again after
1895            Tremainder microseconds.
1896     
1897            See Watchdog::didFireSlow().
1898
1899         3. Spurious wake ups
1900            =================
1901            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
1902            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
1903            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
1904            wake ups are considered to be spurious and will be ignored.
1905  
1906            See Watchdog::didFireSlow().
1907  
1908         4. Minimizing Timer creation cost
1909            ==============================
1910            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
1911            than this.
1912  
1913            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
1914            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
1915            time limit. Consider the following example:
1916  
1917                |---|-----|---|----------------|---------|
1918                t0  t1    t2  t3            t0 + L    t2 + L 
1919
1920                |<--- T1 --------------------->|
1921                          |<--- T2 --------------------->|
1922                |<-- Td ->|                    |<-- Td ->|
1923
1924            1. The user initializes the watchdog with time limit L.
1925            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
1926               The timer is set to expire at t0 + L.
1927            3. At t1, we exit the VM.
1928            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
1929          
1930               However, we can note that the expiration time for T2 would be after the expiration time
1931               of T1. Specifically, T2 would have expired at Td after T1 expires.
1932          
1933               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
1934               for a period or Td instead.
1935
1936            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
1937            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
1938            automatically take care of starting a new timer for the difference Td in the example above.
1939            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
1940            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
1941
1942            The benefit:
1943
1944            1. we minimize the number of timer instances we have queued in the workqueue at the same time
1945               (ideally only 1 or 0), and use less peak memory usage.
1946
1947            2. we minimize the frequency of instantiating timer instances. By waiting for the current
1948               active timer to expire first, on average, we get to start one timer per time limit
1949               (which is infrequent because time limits tend to be long) instead of one timer per
1950               VM entry (which tends to be frequent).
1951
1952            See Watchdog::startTimer().
1953
1954         * API/JSContextRef.cpp:
1955         (createWatchdogIfNeeded):
1956         (JSContextGroupClearExecutionTimeLimit):
1957         - No need to create the watchdog (if not already created) just to clear it.
1958           If the watchdog is not created yet, then it is effectively cleared.
1959
1960         * API/tests/ExecutionTimeLimitTest.cpp:
1961         (currentCPUTimeAsJSFunctionCallback):
1962         (testExecutionTimeLimit):
1963         (currentCPUTime): Deleted.
1964         * API/tests/testapi.c:
1965         (main):
1966         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1967         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
1968         - Enable watchdog tests for all platforms.
1969
1970         * CMakeLists.txt:
1971         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1972         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1973         * JavaScriptCore.xcodeproj/project.pbxproj:
1974         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
1975
1976         * PlatformEfl.cmake:
1977
1978         * dfg/DFGByteCodeParser.cpp:
1979         (JSC::DFG::ByteCodeParser::parseBlock):
1980         * dfg/DFGSpeculativeJIT32_64.cpp:
1981         * dfg/DFGSpeculativeJIT64.cpp:
1982         * interpreter/Interpreter.cpp:
1983         (JSC::Interpreter::execute):
1984         (JSC::Interpreter::executeCall):
1985         (JSC::Interpreter::executeConstruct):
1986         * jit/JITOpcodes.cpp:
1987         (JSC::JIT::emit_op_loop_hint):
1988         (JSC::JIT::emitSlow_op_loop_hint):
1989         * jit/JITOperations.cpp:
1990         * llint/LLIntOffsetsExtractor.cpp:
1991         * llint/LLIntSlowPaths.cpp:
1992         * runtime/VM.cpp:
1993         - #include Watchdog.h in these files directly instead of doing it via VM.h.
1994           These saves us from having to recompile the world when we change Watchdog.h.
1995
1996         * runtime/VM.h:
1997         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
1998           thread-safe ref counted.
1999
2000         * runtime/VMEntryScope.cpp:
2001         (JSC::VMEntryScope::VMEntryScope):
2002         (JSC::VMEntryScope::~VMEntryScope):
2003         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
2004           Instead, the VMEntryScope will inform the watchdog of when we have entered and
2005           exited the VM.
2006
2007         * runtime/Watchdog.cpp:
2008         (JSC::currentWallClockTime):
2009         (JSC::Watchdog::Watchdog):
2010         (JSC::Watchdog::hasStartedTimer):
2011         (JSC::Watchdog::setTimeLimit):
2012         (JSC::Watchdog::didFireSlow):
2013         (JSC::Watchdog::hasTimeLimit):
2014         (JSC::Watchdog::fire):
2015         (JSC::Watchdog::enteredVM):
2016         (JSC::Watchdog::exitedVM):
2017
2018         (JSC::Watchdog::startTimer):
2019         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
2020           (from a different thread) even after the VM shuts down.  We need to keep it
2021           alive until the WorkQueue callback completes.
2022
2023           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
2024           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
2025           is done with it.  This ensures that the Watchdog is kept alive until all
2026           WorkQueue callbacks are done.
2027
2028         (JSC::Watchdog::stopTimer):
2029         (JSC::Watchdog::~Watchdog): Deleted.
2030         (JSC::Watchdog::didFire): Deleted.
2031         (JSC::Watchdog::isEnabled): Deleted.
2032         (JSC::Watchdog::arm): Deleted.
2033         (JSC::Watchdog::disarm): Deleted.
2034         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
2035         (JSC::Watchdog::startCountdown): Deleted.
2036         (JSC::Watchdog::stopCountdown): Deleted.
2037         * runtime/Watchdog.h:
2038         (JSC::Watchdog::didFire):
2039         (JSC::Watchdog::timerDidFireAddress):
2040         (JSC::Watchdog::isArmed): Deleted.
2041         (JSC::Watchdog::Scope::Scope): Deleted.
2042         (JSC::Watchdog::Scope::~Scope): Deleted.
2043         * runtime/WatchdogMac.cpp:
2044         (JSC::Watchdog::initTimer): Deleted.
2045         (JSC::Watchdog::destroyTimer): Deleted.
2046         (JSC::Watchdog::startTimer): Deleted.
2047         (JSC::Watchdog::stopTimer): Deleted.
2048         * runtime/WatchdogNone.cpp:
2049         (JSC::Watchdog::initTimer): Deleted.
2050         (JSC::Watchdog::destroyTimer): Deleted.
2051         (JSC::Watchdog::startTimer): Deleted.
2052         (JSC::Watchdog::stopTimer): Deleted.
2053
2054 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
2055
2056         Always use a byte-sized lock implementation
2057         https://bugs.webkit.org/show_bug.cgi?id=147908
2058
2059         Reviewed by Geoffrey Garen.
2060
2061         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
2062
2063 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
2064
2065         Make ASan build not depend on asan.xcconfig
2066         https://bugs.webkit.org/show_bug.cgi?id=147840
2067         rdar://problem/21093702
2068
2069         Reviewed by Daniel Bates.
2070
2071         * dfg/DFGOSREntry.cpp:
2072         (JSC::DFG::OSREntryData::dump):
2073         (JSC::DFG::prepareOSREntry):
2074         * ftl/FTLOSREntry.cpp:
2075         (JSC::FTL::prepareOSREntry):
2076         * heap/ConservativeRoots.cpp:
2077         (JSC::ConservativeRoots::genericAddPointer):
2078         (JSC::ConservativeRoots::genericAddSpan):
2079         * heap/MachineStackMarker.cpp:
2080         (JSC::MachineThreads::removeThreadIfFound):
2081         (JSC::MachineThreads::gatherFromCurrentThread):
2082         (JSC::MachineThreads::Thread::captureStack):
2083         (JSC::copyMemory):
2084         * interpreter/Register.h:
2085         (JSC::Register::operator=):
2086         (JSC::Register::asanUnsafeJSValue):
2087         (JSC::Register::jsValue):
2088
2089 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2090
2091         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
2092         https://bugs.webkit.org/show_bug.cgi?id=147480
2093
2094         Reviewed by Filip Pizlo.
2095
2096         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
2097         The IC site only caches one id. After checking that the given id is the same to the
2098         cached one, we perform the get_by_id IC onto it.
2099         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
2100         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
2101         operations when the given get_by_val leverages the property load with the cached id.
2102
2103         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
2104         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
2105         This can be leveraged to optimize symbol operations in DFG.
2106
2107         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
2108         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
2109         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
2110         argument ArrayProfile* in the operations with ByValInfo*.
2111
2112         * bytecode/ByValInfo.h:
2113         (JSC::ByValInfo::ByValInfo):
2114         * bytecode/CodeBlock.cpp:
2115         (JSC::CodeBlock::getByValInfoMap):
2116         (JSC::CodeBlock::addByValInfo):
2117         * bytecode/CodeBlock.h:
2118         (JSC::CodeBlock::getByValInfo): Deleted.
2119         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
2120         (JSC::CodeBlock::numberOfByValInfos): Deleted.
2121         (JSC::CodeBlock::byValInfo): Deleted.
2122         * bytecode/ExitKind.cpp:
2123         (JSC::exitKindToString):
2124         * bytecode/ExitKind.h:
2125         * bytecode/GetByIdStatus.cpp:
2126         (JSC::GetByIdStatus::computeFor):
2127         (JSC::GetByIdStatus::computeForStubInfo):
2128         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2129         * bytecode/GetByIdStatus.h:
2130         * dfg/DFGAbstractInterpreterInlines.h:
2131         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2132         * dfg/DFGByteCodeParser.cpp:
2133         (JSC::DFG::ByteCodeParser::parseBlock):
2134         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2135         * dfg/DFGClobberize.h:
2136         (JSC::DFG::clobberize):
2137         * dfg/DFGConstantFoldingPhase.cpp:
2138         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2139         * dfg/DFGDoesGC.cpp:
2140         (JSC::DFG::doesGC):
2141         * dfg/DFGFixupPhase.cpp:
2142         (JSC::DFG::FixupPhase::fixupNode):
2143         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2144         * dfg/DFGNode.h:
2145         (JSC::DFG::Node::hasUidOperand):
2146         (JSC::DFG::Node::uidOperand):
2147         * dfg/DFGNodeType.h:
2148         * dfg/DFGPredictionPropagationPhase.cpp:
2149         (JSC::DFG::PredictionPropagationPhase::propagate):
2150         * dfg/DFGSafeToExecute.h:
2151         (JSC::DFG::SafeToExecuteEdge::operator()):
2152         (JSC::DFG::safeToExecute):
2153         * dfg/DFGSpeculativeJIT.cpp:
2154         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
2155         (JSC::DFG::SpeculativeJIT::speculateSymbol):
2156         (JSC::DFG::SpeculativeJIT::speculate):
2157         * dfg/DFGSpeculativeJIT.h:
2158         * dfg/DFGSpeculativeJIT32_64.cpp:
2159         (JSC::DFG::SpeculativeJIT::compile):
2160         * dfg/DFGSpeculativeJIT64.cpp:
2161         (JSC::DFG::SpeculativeJIT::compile):
2162         * dfg/DFGUseKind.cpp:
2163         (WTF::printInternal):
2164         * dfg/DFGUseKind.h:
2165         (JSC::DFG::typeFilterFor):
2166         (JSC::DFG::isCell):
2167         * ftl/FTLAbstractHeapRepository.h:
2168         * ftl/FTLCapabilities.cpp:
2169         (JSC::FTL::canCompile):
2170         * ftl/FTLLowerDFGToLLVM.cpp:
2171         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2172         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
2173         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
2174         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
2175         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
2176         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
2177         * jit/JIT.cpp:
2178         (JSC::JIT::privateCompile):
2179         * jit/JIT.h:
2180         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2181         (JSC::JIT::compileGetByValWithCachedId):
2182         * jit/JITInlines.h:
2183         (JSC::JIT::callOperation):
2184         * jit/JITOpcodes.cpp:
2185         (JSC::JIT::emit_op_has_indexed_property):
2186         (JSC::JIT::emitSlow_op_has_indexed_property):
2187         * jit/JITOpcodes32_64.cpp:
2188         (JSC::JIT::emit_op_has_indexed_property):
2189         (JSC::JIT::emitSlow_op_has_indexed_property):
2190         * jit/JITOperations.cpp:
2191         (JSC::getByVal):
2192         * jit/JITOperations.h:
2193         * jit/JITPropertyAccess.cpp:
2194         (JSC::JIT::emit_op_get_by_val):
2195         (JSC::JIT::emitGetByValWithCachedId):
2196         (JSC::JIT::emitSlow_op_get_by_val):
2197         (JSC::JIT::emit_op_put_by_val):
2198         (JSC::JIT::emitSlow_op_put_by_val):
2199         (JSC::JIT::privateCompileGetByVal):
2200         (JSC::JIT::privateCompileGetByValWithCachedId):
2201         * jit/JITPropertyAccess32_64.cpp:
2202         (JSC::JIT::emit_op_get_by_val):
2203         (JSC::JIT::emitGetByValWithCachedId):
2204         (JSC::JIT::emitSlow_op_get_by_val):
2205         (JSC::JIT::emit_op_put_by_val):
2206         (JSC::JIT::emitSlow_op_put_by_val):
2207         * runtime/Symbol.h:
2208         * tests/stress/get-by-val-with-string-constructor.js: Added.
2209         (Hello):
2210         (get Hello.prototype.generate):
2211         (ok):
2212         * tests/stress/get-by-val-with-string-exit.js: Added.
2213         (shouldBe):
2214         (getByVal):
2215         (getStr1):
2216         (getStr2):
2217         * tests/stress/get-by-val-with-string-generated.js: Added.
2218         (shouldBe):
2219         (getByVal):
2220         (getStr1):
2221         (getStr2):
2222         * tests/stress/get-by-val-with-string-getter.js: Added.
2223         (object.get hello):
2224         (ok):
2225         * tests/stress/get-by-val-with-string.js: Added.
2226         (shouldBe):
2227         (getByVal):
2228         (getStr1):
2229         (getStr2):
2230         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
2231         (Hello):
2232         (get Hello.prototype.generate):
2233         (ok):
2234         * tests/stress/get-by-val-with-symbol-exit.js: Added.
2235         (shouldBe):
2236         (getByVal):
2237         (getSym1):
2238         (getSym2):
2239         * tests/stress/get-by-val-with-symbol-getter.js: Added.
2240         (object.get hello):
2241         (.get ok):
2242         * tests/stress/get-by-val-with-symbol.js: Added.
2243         (shouldBe):
2244         (getByVal):
2245         (getSym1):
2246         (getSym2):
2247
2248 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
2249
2250         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
2251         https://bugs.webkit.org/show_bug.cgi?id=147891
2252         rdar://problem/22129447
2253
2254         Reviewed by Mark Lam.
2255
2256         * dfg/DFGByteCodeParser.cpp:
2257         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
2258         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
2259         * dfg/DFGGraph.cpp:
2260         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
2261         * dfg/DFGStructureRegistrationPhase.cpp:
2262         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
2263
2264 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
2265
2266         [Win] Switch Windows build to Visual Studio 2015
2267         https://bugs.webkit.org/show_bug.cgi?id=147887
2268         <rdar://problem/22235098>
2269
2270         Reviewed by Alex Christensen.
2271
2272         Update Visual Studio project file settings to use the current Visual
2273         Studio and compiler. Continue targeting binaries to run on our minimum
2274         supported configuration of Windows 7.
2275
2276         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2277         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
2278         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
2279         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
2280         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
2281         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
2282         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
2283         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
2284         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
2285         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
2286         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
2287         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
2288
2289 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
2290
2291         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
2292         https://bugs.webkit.org/show_bug.cgi?id=147665
2293
2294         Reviewed by Mark Lam.
2295
2296         Replace ByteSpinLock with ByteLock.
2297
2298         * runtime/ConcurrentJITLock.h:
2299
2300 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2301
2302         Numeric setter on prototype doesn't get called.
2303         https://bugs.webkit.org/show_bug.cgi?id=144252
2304
2305         Reviewed by Darin Adler.
2306
2307         When switching the blank indexing type to the other one in putByIndex,
2308         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
2309         it to the slow put indexing type and reloop the putByIndex since there may
2310         be some indexing accessor in the prototype chain. Previously, we just set
2311         the value into the allocated vector.
2312
2313         In the putDirectIndex case, we just store the value to the vector.
2314         This is because putDirectIndex is the operation to store the own property
2315         and it does not check the accessors in the prototype chain.
2316
2317         * runtime/JSObject.cpp:
2318         (JSC::JSObject::putByIndexBeyondVectorLength):
2319         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
2320         (shouldBe):
2321         (Trace):
2322         (Trace.prototype.trace):
2323         (Trace.prototype.get count):
2324         (.):
2325         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
2326         (shouldBe):
2327         (Trace):
2328         (Trace.prototype.trace):
2329         (Trace.prototype.get count):
2330         (.):
2331         * tests/stress/numeric-setter-on-prototype.js: Added.
2332         (shouldBe):
2333         (Trace):
2334         (Trace.prototype.trace):
2335         (Trace.prototype.get count):
2336         (.z.__proto__.set 3):
2337         * tests/stress/numeric-setter-on-self.js: Added.
2338         (shouldBe):
2339         (Trace):
2340         (Trace.prototype.trace):
2341         (Trace.prototype.get count):
2342         (.y.set 2):
2343
2344 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
2345
2346         [Win] Unreviewed gardening.
2347
2348         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
2349         file references so they appear in the proper IDE locations.
2350
2351 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
2352
2353         Unreviewed windows build fix for VS2015.
2354
2355         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
2356
2357 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2358
2359         [ES6] Implement Reflect.has
2360         https://bugs.webkit.org/show_bug.cgi?id=147875
2361
2362         Reviewed by Sam Weinig.
2363
2364         This patch implements Reflect.has[1].
2365         Since the semantics is the same to the `in` operator in the JS[2],
2366         we can implement it in builtin JS code.
2367
2368         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
2369         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
2370
2371         * builtins/ReflectObject.js:
2372         (has):
2373         * runtime/ReflectObject.cpp:
2374         * tests/stress/reflect-has.js: Added.
2375         (shouldBe):
2376         (shouldThrow):
2377
2378 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2379
2380         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
2381         https://bugs.webkit.org/show_bug.cgi?id=147874
2382
2383         Reviewed by Darin Adler.
2384
2385         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
2386         The difference from the Object.* one is
2387
2388         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
2389         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
2390
2391         * runtime/ObjectConstructor.cpp:
2392         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
2393         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
2394         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
2395         (JSC::objectConstructorGetPrototypeOf):
2396         * runtime/ObjectConstructor.h:
2397         * runtime/ReflectObject.cpp:
2398         (JSC::reflectObjectGetPrototypeOf):
2399         (JSC::reflectObjectSetPrototypeOf):
2400         * tests/stress/reflect-get-prototype-of.js: Added.
2401         (shouldBe):
2402         (shouldThrow):
2403         (Base):
2404         (Derived):
2405         * tests/stress/reflect-set-prototype-of.js: Added.
2406         (shouldBe):
2407         (shouldThrow):
2408
2409 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
2410
2411         Fix debug build when optimization is enabled
2412         https://bugs.webkit.org/show_bug.cgi?id=147816
2413
2414         Reviewed by Alexey Proskuryakov.
2415
2416         * llint/LLIntEntrypoint.cpp:
2417         * runtime/FunctionExecutableDump.cpp:
2418
2419 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2420
2421         Ensure that Reflect.enumerate does not produce the deleted keys
2422         https://bugs.webkit.org/show_bug.cgi?id=147677
2423
2424         Reviewed by Darin Adler.
2425
2426         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
2427
2428         * tests/stress/reflect-enumerate.js:
2429
2430 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
2431
2432         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
2433         https://bugs.webkit.org/show_bug.cgi?id=147856
2434
2435         Reviewed by Saam Barati.
2436
2437         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
2438
2439         * CMakeLists.txt:
2440         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2441         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2442         * JavaScriptCore.xcodeproj/project.pbxproj:
2443         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
2444         (JSC::ExecutableInfo::ExecutableInfo):
2445         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
2446         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
2447         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
2448         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
2449         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
2450         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
2451         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
2452         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
2453         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
2454         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
2455         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
2456         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
2457         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
2458         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
2459         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
2460         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
2461         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
2462         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
2463         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
2464         (JSC::UnlinkedCodeBlock::regexp): Deleted.
2465         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
2466         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
2467         (JSC::UnlinkedCodeBlock::identifier): Deleted.
2468         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
2469         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
2470         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
2471         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
2472         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
2473         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
2474         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
2475         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
2476         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
2477         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
2478         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
2479         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
2480         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
2481         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
2482         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
2483         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
2484         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
2485         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
2486         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
2487         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
2488         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
2489         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
2490         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
2491         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
2492         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
2493         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
2494         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
2495         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
2496         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
2497         (JSC::UnlinkedCodeBlock::vm): Deleted.
2498         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
2499         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
2500         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
2501         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
2502         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
2503         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
2504         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
2505         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
2506         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
2507         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
2508         (JSC::UnlinkedCodeBlock::codeType): Deleted.
2509         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
2510         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
2511         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
2512         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
2513         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
2514         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
2515         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
2516         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
2517         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
2518         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
2519         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
2520         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
2521         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
2522         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
2523         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
2524         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
2525         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
2526         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
2527         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
2528         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
2529         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
2530         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
2531         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
2532         * bytecode/UnlinkedCodeBlock.cpp:
2533         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2534         (JSC::generateFunctionCodeBlock): Deleted.
2535         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
2536         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
2537         (JSC::UnlinkedFunctionExecutable::link): Deleted.
2538         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
2539         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
2540         * bytecode/UnlinkedCodeBlock.h:
2541         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
2542         (JSC::ExecutableInfo::needsActivation): Deleted.
2543         (JSC::ExecutableInfo::usesEval): Deleted.
2544         (JSC::ExecutableInfo::isStrictMode): Deleted.
2545         (JSC::ExecutableInfo::isConstructor): Deleted.
2546         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
2547         (JSC::ExecutableInfo::constructorKind): Deleted.
2548         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
2549         (JSC::generateFunctionCodeBlock):
2550         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2551         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
2552         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
2553         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
2554         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
2555         (JSC::dumpLineColumnEntry): Deleted.
2556         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
2557         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
2558         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
2559         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
2560         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
2561         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
2562         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
2563         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
2564         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
2565         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
2566         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
2567         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
2568         (JSC::UnlinkedCodeBlock::instructions): Deleted.
2569         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
2570         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
2571         (JSC::ExecutableInfo::needsActivation): Deleted.
2572         (JSC::ExecutableInfo::usesEval): Deleted.
2573         (JSC::ExecutableInfo::isStrictMode): Deleted.
2574         (JSC::ExecutableInfo::isConstructor): Deleted.
2575         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
2576         (JSC::ExecutableInfo::constructorKind): Deleted.
2577         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
2578         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
2579         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
2580         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
2581         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
2582         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
2583         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
2584         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
2585         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
2586         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
2587         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
2588         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
2589         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
2590         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
2591         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
2592         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
2593         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
2594         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
2595         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
2596         (JSC::UnlinkedCodeBlock::regexp): Deleted.
2597         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
2598         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
2599         (JSC::UnlinkedCodeBlock::identifier): Deleted.
2600         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
2601         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
2602         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
2603         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
2604         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
2605         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
2606         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
2607         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
2608         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
2609         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
2610         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
2611         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
2612         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
2613         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
2614         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
2615         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
2616         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
2617         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
2618         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
2619         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
2620         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
2621         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
2622         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
2623         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
2624         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
2625         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
2626         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
2627         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
2628         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
2629         (JSC::UnlinkedCodeBlock::vm): Deleted.
2630         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
2631         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
2632         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
2633         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
2634         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
2635         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
2636         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
2637         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
2638         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
2639         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
2640         (JSC::UnlinkedCodeBlock::codeType): Deleted.
2641         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
2642         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
2643         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
2644         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
2645         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
2646         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
2647         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
2648         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
2649         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
2650         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
2651         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
2652         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
2653         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
2654         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
2655         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
2656         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
2657         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
2658         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
2659         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
2660         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
2661         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
2662         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
2663         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
2664         * runtime/Executable.h:
2665
2666 2015-08-10  Mark Lam  <mark.lam@apple.com>
2667
2668         Refactor LiveObjectList and LiveObjectData into their own files.
2669         https://bugs.webkit.org/show_bug.cgi?id=147843
2670
2671         Reviewed by Saam Barati.
2672
2673         There is no behavior change in this patch.
2674
2675         * CMakeLists.txt:
2676         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2677         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2678         * JavaScriptCore.xcodeproj/project.pbxproj:
2679         * heap/HeapVerifier.cpp:
2680         (JSC::HeapVerifier::HeapVerifier):
2681         (JSC::LiveObjectList::findObject): Deleted.
2682         * heap/HeapVerifier.h:
2683         (JSC::LiveObjectData::LiveObjectData): Deleted.
2684         (JSC::LiveObjectList::LiveObjectList): Deleted.
2685         (JSC::LiveObjectList::reset): Deleted.
2686         * heap/LiveObjectData.h: Added.
2687         (JSC::LiveObjectData::LiveObjectData):
2688         * heap/LiveObjectList.cpp: Added.
2689         (JSC::LiveObjectList::findObject):
2690         * heap/LiveObjectList.h: Added.
2691         (JSC::LiveObjectList::LiveObjectList):
2692         (JSC::LiveObjectList::reset):
2693
2694 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
2695
2696         Let's rename FunctionBodyNode
2697         https://bugs.webkit.org/show_bug.cgi?id=147292
2698
2699         Reviewed by Mark Lam & Saam Barati.
2700
2701         FunctionBodyNode => FunctionMetadataNode
2702
2703         Make FunctionMetadataNode inherit from Node instead of StatementNode
2704         because a FunctionMetadataNode can appear in expression context and does
2705         not have a next statement.
2706
2707         (I decided to continue allocating FunctionMetadataNode in the AST arena,
2708         and to retain "Node" in its name, because it really is a parsing
2709         construct, and we transform its data before consuming it elsewhere.
2710
2711         There is still room for a future patch to distill and simplify the
2712         metadata we track about functions between FunDeclNode/FuncExprNode,
2713         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
2714
2715         * builtins/BuiltinExecutables.cpp:
2716         (JSC::BuiltinExecutables::createExecutableInternal):
2717         * bytecode/UnlinkedCodeBlock.cpp:
2718         (JSC::generateFunctionCodeBlock):
2719         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2720         * bytecode/UnlinkedCodeBlock.h:
2721         * bytecompiler/BytecodeGenerator.cpp:
2722         (JSC::BytecodeGenerator::generate):
2723         (JSC::BytecodeGenerator::BytecodeGenerator):
2724         (JSC::BytecodeGenerator::emitNewArray):
2725         (JSC::BytecodeGenerator::emitNewFunction):
2726         (JSC::BytecodeGenerator::emitNewFunctionExpression):
2727         * bytecompiler/BytecodeGenerator.h:
2728         (JSC::BytecodeGenerator::makeFunction):
2729         * bytecompiler/NodesCodegen.cpp:
2730         (JSC::EvalNode::emitBytecode):
2731         (JSC::FunctionNode::emitBytecode):
2732         (JSC::FunctionBodyNode::emitBytecode): Deleted.
2733         * parser/ASTBuilder.h:
2734         (JSC::ASTBuilder::createFunctionExpr):
2735         (JSC::ASTBuilder::createFunctionBody):
2736         * parser/NodeConstructors.h:
2737         (JSC::FunctionParameters::FunctionParameters):
2738         (JSC::FuncExprNode::FuncExprNode):
2739         (JSC::FuncDeclNode::FuncDeclNode):
2740         * parser/Nodes.cpp:
2741         (JSC::EvalNode::EvalNode):
2742         (JSC::FunctionMetadataNode::FunctionMetadataNode):
2743         (JSC::FunctionMetadataNode::finishParsing):
2744         (JSC::FunctionMetadataNode::setEndPosition):
2745         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
2746         (JSC::FunctionBodyNode::finishParsing): Deleted.
2747         (JSC::FunctionBodyNode::setEndPosition): Deleted.
2748         * parser/Nodes.h:
2749         (JSC::FuncExprNode::body):
2750         (JSC::FuncDeclNode::body):
2751         * parser/Parser.h:
2752         (JSC::Parser::isFunctionMetadataNode):
2753         (JSC::Parser::next):
2754         (JSC::Parser<LexerType>::parse):
2755         (JSC::Parser::isFunctionBodyNode): Deleted.
2756         * runtime/CodeCache.cpp:
2757         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2758         * runtime/CodeCache.h:
2759
2760 2015-08-09  Chris Dumez  <cdumez@apple.com>
2761
2762         Regression(r188105): Seems to have caused crashes during PLT on some iPads
2763         https://bugs.webkit.org/show_bug.cgi?id=147818
2764
2765         Unreviewed, roll out r188105.
2766
2767         * bytecode/ByValInfo.h:
2768         (JSC::ByValInfo::ByValInfo):
2769         * bytecode/CodeBlock.cpp:
2770         (JSC::CodeBlock::getByValInfoMap): Deleted.
2771         (JSC::CodeBlock::addByValInfo): Deleted.
2772         * bytecode/CodeBlock.h:
2773         (JSC::CodeBlock::getByValInfo):
2774         (JSC::CodeBlock::setNumberOfByValInfos):
2775         (JSC::CodeBlock::numberOfByValInfos):
2776         (JSC::CodeBlock::byValInfo):
2777         * bytecode/ExitKind.cpp:
2778         (JSC::exitKindToString): Deleted.
2779         * bytecode/ExitKind.h:
2780         * bytecode/GetByIdStatus.cpp:
2781         (JSC::GetByIdStatus::computeFor):
2782         (JSC::GetByIdStatus::computeForStubInfo):
2783         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
2784         * bytecode/GetByIdStatus.h:
2785         * dfg/DFGAbstractInterpreterInlines.h:
2786         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2787         * dfg/DFGByteCodeParser.cpp:
2788         (JSC::DFG::ByteCodeParser::parseBlock):
2789         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
2790         * dfg/DFGClobberize.h:
2791         (JSC::DFG::clobberize): Deleted.
2792         * dfg/DFGConstantFoldingPhase.cpp:
2793         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
2794         * dfg/DFGDoesGC.cpp:
2795         (JSC::DFG::doesGC): Deleted.
2796         * dfg/DFGFixupPhase.cpp:
2797         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2798         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
2799         * dfg/DFGNode.h:
2800         (JSC::DFG::Node::hasUidOperand): Deleted.
2801         (JSC::DFG::Node::uidOperand): Deleted.
2802         * dfg/DFGNodeType.h:
2803         * dfg/DFGPredictionPropagationPhase.cpp:
2804         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2805         * dfg/DFGSafeToExecute.h:
2806         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
2807         (JSC::DFG::safeToExecute): Deleted.
2808         * dfg/DFGSpeculativeJIT.cpp:
2809         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
2810         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
2811         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
2812         * dfg/DFGSpeculativeJIT.h:
2813         * dfg/DFGSpeculativeJIT32_64.cpp:
2814         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2815         * dfg/DFGSpeculativeJIT64.cpp:
2816         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2817         * dfg/DFGUseKind.cpp:
2818         (WTF::printInternal): Deleted.
2819         * dfg/DFGUseKind.h:
2820         (JSC::DFG::typeFilterFor): Deleted.
2821         (JSC::DFG::isCell): Deleted.
2822         * ftl/FTLAbstractHeapRepository.h:
2823         * ftl/FTLCapabilities.cpp:
2824         (JSC::FTL::canCompile): Deleted.
2825         * ftl/FTLLowerDFGToLLVM.cpp:
2826         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2827         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
2828         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
2829         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
2830         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
2831         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
2832         * jit/JIT.cpp:
2833         (JSC::JIT::privateCompile):
2834         * jit/JIT.h:
2835         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2836         (JSC::JIT::compileGetByValWithCachedId): Deleted.
2837         * jit/JITInlines.h:
2838         (JSC::JIT::callOperation): Deleted.
2839         * jit/JITOpcodes.cpp:
2840         (JSC::JIT::emit_op_has_indexed_property):
2841         (JSC::JIT::emitSlow_op_has_indexed_property):
2842         * jit/JITOpcodes32_64.cpp:
2843         (JSC::JIT::emit_op_has_indexed_property):
2844         (JSC::JIT::emitSlow_op_has_indexed_property):
2845         * jit/JITOperations.cpp:
2846         (JSC::getByVal):
2847         * jit/JITOperations.h:
2848         * jit/JITPropertyAccess.cpp:
2849         (JSC::JIT::emit_op_get_by_val):
2850         (JSC::JIT::emitSlow_op_get_by_val):
2851         (JSC::JIT::emit_op_put_by_val):
2852         (JSC::JIT::emitSlow_op_put_by_val):
2853         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2854         (JSC::JIT::privateCompileGetByVal): Deleted.
2855         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
2856         * jit/JITPropertyAccess32_64.cpp:
2857         (JSC::JIT::emit_op_get_by_val):
2858         (JSC::JIT::emitSlow_op_get_by_val):
2859         (JSC::JIT::emit_op_put_by_val):
2860         (JSC::JIT::emitSlow_op_put_by_val):
2861         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2862         * runtime/Symbol.h:
2863         * tests/stress/get-by-val-with-string-constructor.js: Removed.
2864         * tests/stress/get-by-val-with-string-exit.js: Removed.
2865         * tests/stress/get-by-val-with-string-generated.js: Removed.
2866         * tests/stress/get-by-val-with-string-getter.js: Removed.
2867         * tests/stress/get-by-val-with-string.js: Removed.
2868         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
2869         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
2870         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
2871         * tests/stress/get-by-val-with-symbol.js: Removed.
2872
2873 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2874
2875         Reduce uses of PassRefPtr in bindings
2876         https://bugs.webkit.org/show_bug.cgi?id=147781
2877
2878         Reviewed by Chris Dumez.
2879
2880         Use RefPtr when function can return null or an instance. If not, Ref is used.
2881
2882         * runtime/JSGenericTypedArrayView.h:
2883         (JSC::toNativeTypedView):
2884
2885 2015-08-07  Alex Christensen  <achristensen@webkit.org>
2886
2887         Build more testing binaries with CMake on Windows
2888         https://bugs.webkit.org/show_bug.cgi?id=147799
2889
2890         Reviewed by Brent Fulgham.
2891
2892         * shell/PlatformWin.cmake: Added.
2893         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
2894
2895 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
2896
2897         Lightweight locks should be adaptive
2898         https://bugs.webkit.org/show_bug.cgi?id=147545
2899
2900         Reviewed by Geoffrey Garen.
2901
2902         * dfg/DFGCommon.cpp:
2903         (JSC::DFG::startCrashing):
2904         * heap/CopiedBlock.h:
2905         (JSC::CopiedBlock::workListLock):
2906         * heap/CopiedBlockInlines.h:
2907         (JSC::CopiedBlock::shouldReportLiveBytes):
2908         (JSC::CopiedBlock::reportLiveBytes):
2909         * heap/CopiedSpace.cpp:
2910         (JSC::CopiedSpace::doneFillingBlock):
2911         * heap/CopiedSpace.h:
2912         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
2913         * heap/CopiedSpaceInlines.h:
2914         (JSC::CopiedSpace::recycleEvacuatedBlock):
2915         * heap/GCThreadSharedData.cpp:
2916         (JSC::GCThreadSharedData::didStartCopying):
2917         * heap/GCThreadSharedData.h:
2918         (JSC::GCThreadSharedData::getNextBlocksToCopy):
2919         * heap/ListableHandler.h:
2920         (JSC::ListableHandler::List::addThreadSafe):
2921         (JSC::ListableHandler::List::addNotThreadSafe):
2922         * heap/MachineStackMarker.cpp:
2923         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2924         * heap/SlotVisitorInlines.h:
2925         (JSC::SlotVisitor::copyLater):
2926         * parser/SourceProvider.cpp:
2927         (JSC::SourceProvider::~SourceProvider):
2928         (JSC::SourceProvider::getID):
2929         * profiler/ProfilerDatabase.cpp:
2930         (JSC::Profiler::Database::addDatabaseToAtExit):
2931         (JSC::Profiler::Database::removeDatabaseFromAtExit):
2932         (JSC::Profiler::Database::removeFirstAtExitDatabase):
2933         * runtime/TypeProfilerLog.h:
2934
2935 2015-08-07  Mark Lam  <mark.lam@apple.com>
2936
2937         Rename some variables in the JSC watchdog implementation.
2938         https://bugs.webkit.org/show_bug.cgi?id=147790
2939
2940         Rubber stamped by Benjamin Poulain.
2941
2942         This is just a refactoring patch to give the variable better names that describe their
2943         intended use.  There is no behavior change.
2944
2945         * runtime/Watchdog.cpp:
2946         (JSC::Watchdog::Watchdog):
2947         (JSC::Watchdog::setTimeLimit):
2948         (JSC::Watchdog::didFire):
2949         (JSC::Watchdog::isEnabled):
2950         (JSC::Watchdog::fire):
2951         (JSC::Watchdog::startCountdownIfNeeded):
2952         * runtime/Watchdog.h:
2953
2954 2015-08-07  Saam barati  <saambarati1@gmail.com>
2955
2956         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
2957         https://bugs.webkit.org/show_bug.cgi?id=147666
2958
2959         Reviewed by Geoffrey Garen.
2960
2961         If we make the bytecode generator know about every local scope it 
2962         creates, and if we give each local scope a unique register, the
2963         bytecode generator has all the information it needs to assign
2964         the correct scope to a catch handler. Because the bytecode generator
2965         knows this information, it's a better separation of responsibilties
2966         for it to set up the proper scope instead of relying on the exception
2967         handling runtime to find the scope.
2968
2969         * bytecode/BytecodeList.json:
2970         * bytecode/BytecodeUseDef.h:
2971         (JSC::computeUsesForBytecodeOffset):
2972         * bytecode/CodeBlock.cpp:
2973         (JSC::CodeBlock::dumpBytecode):
2974         (JSC::CodeBlock::CodeBlock):
2975         * bytecode/HandlerInfo.h:
2976         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
2977         (JSC::HandlerInfo::initialize):
2978         * bytecompiler/BytecodeGenerator.cpp:
2979         (JSC::BytecodeGenerator::generate):
2980         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2981         (JSC::BytecodeGenerator::emitGetScope):
2982         (JSC::BytecodeGenerator::emitPushWithScope):
2983         (JSC::BytecodeGenerator::emitGetParentScope):
2984         (JSC::BytecodeGenerator::emitPopScope):
2985         (JSC::BytecodeGenerator::emitPopWithScope):
2986         (JSC::BytecodeGenerator::allocateAndEmitScope):
2987         (JSC::BytecodeGenerator::emitComplexPopScopes):
2988         (JSC::BytecodeGenerator::pushTry):
2989         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2990         (JSC::BytecodeGenerator::localScopeDepth):
2991         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
2992         * bytecompiler/BytecodeGenerator.h:
2993         * bytecompiler/NodesCodegen.cpp:
2994         (JSC::WithNode::emitBytecode):
2995         * interpreter/Interpreter.cpp:
2996         (JSC::Interpreter::unwind):
2997         * jit/JITOpcodes.cpp:
2998         (JSC::JIT::emit_op_push_with_scope):
2999         (JSC::JIT::compileOpStrictEq):
3000         * jit/JITOpcodes32_64.cpp:
3001         (JSC::JIT::emit_op_push_with_scope):
3002         (JSC::JIT::emit_op_to_number):
3003         * jit/JITOperations.cpp:
3004         * jit/JITOperations.h:
3005         * llint/LLIntSlowPaths.cpp:
3006         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3007         * llint/LLIntSlowPaths.h:
3008         * llint/LowLevelInterpreter.asm:
3009         * runtime/CommonSlowPaths.cpp:
3010         (JSC::SLOW_PATH_DECL):
3011         * runtime/CommonSlowPaths.h:
3012         * runtime/JSScope.cpp:
3013         (JSC::JSScope::objectAtScope):
3014         (JSC::isUnscopable):
3015         (JSC::JSScope::depth): Deleted.
3016         * runtime/JSScope.h:
3017
3018 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
3019
3020         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
3021         https://bugs.webkit.org/show_bug.cgi?id=147761
3022
3023         Reviewed by Mark Lam.
3024
3025         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
3026         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
3027         it truncates the immediate pointer into the 32bit immediate.
3028         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
3029
3030         * assembler/MacroAssemblerARM64.h:
3031         (JSC::MacroAssemblerARM64::patchableBranchPtr):
3032         (JSC::MacroAssemblerARM64::patchableBranch64):
3033         * assembler/MacroAssemblerX86_64.h:
3034         (JSC::MacroAssemblerX86_64::patchableBranch64):
3035         * jit/JIT.h:
3036         * jit/JITInlines.h:
3037         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
3038         * jit/JITPropertyAccess.cpp:
3039         (JSC::JIT::emit_op_get_by_val):
3040
3041 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
3042
3043         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
3044         https://bugs.webkit.org/show_bug.cgi?id=147480
3045
3046         Reviewed by Filip Pizlo.
3047
3048         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
3049         The IC site only caches one id. After checking that the given id is the same to the
3050         cached one, we perform the get_by_id IC onto it.
3051         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
3052         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
3053         operations when the given get_by_val leverages the property load with the cached id.
3054
3055         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
3056         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
3057         This can be leveraged to optimize symbol operations in DFG.
3058
3059         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
3060         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
3061         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
3062         argument ArrayProfile* in the operations with ByValInfo*.
3063
3064         * bytecode/ByValInfo.h:
3065         (JSC::ByValInfo::ByValInfo):
3066         * bytecode/CodeBlock.cpp:
3067         (JSC::CodeBlock::getByValInfoMap):
3068         (JSC::CodeBlock::addByValInfo):
3069         * bytecode/CodeBlock.h:
3070         (JSC::CodeBlock::getByValInfo): Deleted.
3071         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
3072         (JSC::CodeBlock::numberOfByValInfos): Deleted.
3073         (JSC::CodeBlock::byValInfo): Deleted.
3074         * bytecode/ExitKind.cpp:
3075         (JSC::exitKindToString):
3076         * bytecode/ExitKind.h:
3077         * bytecode/GetByIdStatus.cpp:
3078         (JSC::GetByIdStatus::computeFor):
3079         (JSC::GetByIdStatus::computeForStubInfo):
3080         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3081         * bytecode/GetByIdStatus.h:
3082         * dfg/DFGAbstractInterpreterInlines.h:
3083         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3084         * dfg/DFGByteCodeParser.cpp:
3085         (JSC::DFG::ByteCodeParser::parseBlock):
3086         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3087         * dfg/DFGClobberize.h:
3088         (JSC::DFG::clobberize):
3089         * dfg/DFGConstantFoldingPhase.cpp:
3090         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3091         * dfg/DFGDoesGC.cpp:
3092         (JSC::DFG::doesGC):
3093         * dfg/DFGFixupPhase.cpp:
3094         (JSC::DFG::FixupPhase::fixupNode):
3095         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3096         * dfg/DFGNode.h:
3097         (JSC::DFG::Node::hasUidOperand):
3098         (JSC::DFG::Node::uidOperand):
3099         * dfg/DFGNodeType.h:
3100         * dfg/DFGPredictionPropagationPhase.cpp:
3101         (JSC::DFG::PredictionPropagationPhase::propagate):
3102         * dfg/DFGSafeToExecute.h:
3103         (JSC::DFG::SafeToExecuteEdge::operator()):
3104         (JSC::DFG::safeToExecute):
3105         * dfg/DFGSpeculativeJIT.cpp:
3106         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
3107         (JSC::DFG::SpeculativeJIT::speculateSymbol):
3108         (JSC::DFG::SpeculativeJIT::speculate):
3109         * dfg/DFGSpeculativeJIT.h:
3110         * dfg/DFGSpeculativeJIT32_64.cpp:
3111         (JSC::DFG::SpeculativeJIT::compile):
3112         * dfg/DFGSpeculativeJIT64.cpp:
3113         (JSC::DFG::SpeculativeJIT::compile):
3114         * dfg/DFGUseKind.cpp:
3115         (WTF::printInternal):
3116         * dfg/DFGUseKind.h:
3117         (JSC::DFG::typeFilterFor):
3118         (JSC::DFG::isCell):
3119         * ftl/FTLAbstractHeapRepository.h:
3120         * ftl/FTLCapabilities.cpp:
3121         (JSC::FTL::canCompile):
3122         * ftl/FTLLowerDFGToLLVM.cpp:
3123         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3124         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
3125         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
3126         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
3127         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
3128         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
3129         * jit/JIT.cpp:
3130         (JSC::JIT::privateCompile):
3131         * jit/JIT.h:
3132         (JSC::ByValCompilationInfo::ByValCompilationInfo):
3133         (JSC::JIT::compileGetByValWithCachedId):
3134         * jit/JITInlines.h:
3135         (JSC::JIT::callOperation):
3136         * jit/JITOpcodes.cpp:
3137         (JSC::JIT::emit_op_has_indexed_property):
3138         (JSC::JIT::emitSlow_op_has_indexed_property):
3139         * jit/JITOpcodes32_64.cpp:
3140         (JSC::JIT::emit_op_has_indexed_property):
3141         (JSC::JIT::emitSlow_op_has_indexed_property):
3142         * jit/JITOperations.cpp:
3143         (JSC::getByVal):
3144         * jit/JITOperations.h:
3145         * jit/JITPropertyAccess.cpp:
3146         (JSC::JIT::emit_op_get_by_val):
3147         (JSC::JIT::emitGetByValWithCachedId):
3148         (JSC::JIT::emitSlow_op_get_by_val):
3149         (JSC::JIT::emit_op_put_by_val):
3150         (JSC::JIT::emitSlow_op_put_by_val):
3151         (JSC::JIT::privateCompileGetByVal):
3152         (JSC::JIT::privateCompileGetByValWithCachedId):
3153         * jit/JITPropertyAccess32_64.cpp:
3154         (JSC::JIT::emit_op_get_by_val):
3155         (JSC::JIT::emitGetByValWithCachedId):
3156         (JSC::JIT::emitSlow_op_get_by_val):
3157         (JSC::JIT::emit_op_put_by_val):
3158         (JSC::JIT::emitSlow_op_put_by_val):
3159         * runtime/Symbol.h:
3160         * tests/stress/get-by-val-with-string-constructor.js: Added.
3161         (Hello):
3162         (get Hello.prototype.generate):
3163         (ok):
3164         * tests/stress/get-by-val-with-string-exit.js: Added.
3165         (shouldBe):
3166         (getByVal):
3167         (getStr1):
3168         (getStr2):
3169         * tests/stress/get-by-val-with-string-generated.js: Added.
3170         (shouldBe):
3171         (getByVal):
3172         (getStr1):
3173         (getStr2):
3174         * tests/stress/get-by-val-with-string-getter.js: Added.
3175         (object.get hello):
3176         (ok):
3177         * tests/stress/get-by-val-with-string.js: Added.
3178         (shouldBe):
3179         (getByVal):
3180         (getStr1):
3181         (getStr2):
3182         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
3183         (Hello):
3184         (get Hello.prototype.generate):
3185         (ok):
3186         * tests/stress/get-by-val-with-symbol-exit.js: Added.
3187         (shouldBe):
3188         (getByVal):
3189         (getSym1):
3190         (getSym2):
3191         * tests/stress/get-by-val-with-symbol-getter.js: Added.
3192         (object.get hello):
3193         (.get ok):
3194         * tests/stress/get-by-val-with-symbol.js: Added.
3195         (shouldBe):
3196         (getByVal):
3197         (getSym1):
3198         (getSym2):
3199
3200 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3201
3202         Parse the entire WebAssembly modules
3203         https://bugs.webkit.org/show_bug.cgi?id=147393
3204
3205         Reviewed by Geoffrey Garen.
3206
3207         Parse the entire WebAssembly modules from files produced by pack-asmjs
3208         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
3209         parse modules whose function definition section contains only functions that
3210         have "return 0;" as their only statement. Parsing of any functions will be
3211         implemented in a subsequent patch.
3212
3213         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3214         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3215         * JavaScriptCore.xcodeproj/project.pbxproj:
3216         * wasm/JSWASMModule.cpp:
3217         (JSC::JSWASMModule::destroy):
3218         * wasm/JSWASMModule.h:
3219         (JSC::JSWASMModule::i32Constants):
3220         (JSC::JSWASMModule::f32Constants):
3221         (JSC::JSWASMModule::f64Constants):
3222         (JSC::JSWASMModule::signatures):
3223         (JSC::JSWASMModule::functionImports):
3224         (JSC::JSWASMModule::functionImportSignatures):
3225         (JSC::JSWASMModule::globalVariableTypes):
3226         (JSC::JSWASMModule::functionDeclarations):
3227         (JSC::JSWASMModule::functionPointerTables):
3228         * wasm/WASMFormat.h: Added.
3229         * wasm/WASMModuleParser.cpp:
3230         (JSC::WASMModuleParser::parse):
3231         (JSC::WASMModuleParser::parseModule):
3232         (JSC::WASMModuleParser::parseConstantPoolSection):
3233         (JSC::WASMModuleParser::parseSignatureSection):
3234         (JSC::WASMModuleParser::parseFunctionImportSection):
3235         (JSC::WASMModuleParser::parseGlobalSection):
3236         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
3237         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
3238         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
3239         (JSC::WASMModuleParser::parseFunctionDefinition):
3240         (JSC::WASMModuleParser::parseExportSection):
3241         * wasm/WASMModuleParser.h:
3242         * wasm/WASMReader.cpp:
3243         (JSC::WASMReader::readUInt32):
3244         (JSC::WASMReader::readCompactUInt32):
3245         (JSC::WASMReader::readString):
3246         (JSC::WASMReader::readType):
3247         (JSC::WASMReader::readExpressionType):
3248         (JSC::WASMReader::readExportFormat):
3249         (JSC::WASMReader::readByte):
3250         (JSC::WASMReader::readUnsignedInt32): Deleted.
3251         * wasm/WASMReader.h:
3252
3253 2015-08-06  Keith Miller  <keith_miller@apple.com>
3254
3255         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
3256         https://bugs.webkit.org/show_bug.cgi?id=147749
3257
3258         Reviewed by Filip Pizlo.
3259
3260         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
3261         thus no one calls this code.
3262
3263         * ftl/FTLLowerDFGToLLVM.cpp:
3264         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
3265
3266 2015-08-06  Keith Miller  <keith_miller@apple.com>
3267
3268         The JSONP parser incorrectly parsers -0 as +0.
3269         https://bugs.webkit.org/show_bug.cgi?id=147590
3270
3271         Reviewed by Michael Saboff.
3272
3273         In the LiteralParser we should use a double to store the accumulator for numerical tokens
3274         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
3275
3276         * runtime/LiteralParser.cpp:
3277         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
3278
3279 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
3280
3281         Structures used for tryGetConstantProperty() should be registered first
3282         https://bugs.webkit.org/show_bug.cgi?id=147750
3283
3284         Reviewed by Saam Barati and Michael Saboff.
3285
3286         * dfg/DFGGraph.cpp:
3287         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
3288         * dfg/DFGGraph.h:
3289         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
3290         * dfg/DFGStructureRegistrationPhase.cpp:
3291         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
3292         (JSC::DFG::StructureRegistrationPhase::registerStructures):
3293         (JSC::DFG::StructureRegistrationPhase::registerStructure):
3294         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
3295         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
3296         (JSC::DFG::performStructureRegistration):
3297
3298 2015-08-06  Keith Miller  <keith_miller@apple.com>
3299
3300         Remove UnspecifiedBoolType from JSC
3301         https://bugs.webkit.org/show_bug.cgi?id=147597
3302
3303         Reviewed by Mark Lam.
3304
3305         We were using the safe bool pattern in the code base for implicit casting to booleans.
3306         With C++11 this is no longer necessary and we can instead create an operator bool.
3307
3308         * API/JSRetainPtr.h:
3309         (JSRetainPtr::operator bool):
3310         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
3311         * dfg/DFGEdge.h:
3312         (JSC::DFG::Edge::operator bool):
3313         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
3314         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
3315         * heap/Weak.h:
3316         * heap/WeakInlines.h:
3317         (JSC::bool):
3318         (JSC::UnspecifiedBoolType): Deleted.
3319
3320 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
3321
3322         [ES6] Class parser does not allow methods named set and get.
3323         https://bugs.webkit.org/show_bug.cgi?id=147150
3324
3325         Reviewed by Oliver Hunt.
3326
3327         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
3328         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
3329         so that we only treat them as such when it's followed by another token that could be a method name.
3330
3331         * parser/Parser.cpp:
3332         (JSC::Parser<LexerType>::parseClass):
3333
3334 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
3335
3336         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
3337
3338         * bytecode/SamplingTool.cpp:
3339         (JSC::SamplingTool::doRun):
3340         (JSC::SamplingTool::notifyOfScope):
3341         * bytecode/SamplingTool.h:
3342         * dfg/DFGThreadData.h:
3343         * dfg/DFGWorklist.cpp:
3344         (JSC::DFG::Worklist::~Worklist):
3345         (JSC::DFG::Worklist::isActiveForVM):
3346         (JSC::DFG::Worklist::enqueue):
3347         (JSC::DFG::Worklist::compilationState):
3348         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
3349         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
3350         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
3351         (JSC::DFG::Worklist::visitWeakReferences):
3352         (JSC::DFG::Worklist::removeDeadPlans):
3353         (JSC::DFG::Worklist::queueLength):
3354         (JSC::DFG::Worklist::dump):
3355         (JSC::DFG::Worklist::runThread):
3356         * dfg/DFGWorklist.h:
3357         * disassembler/Disassembler.cpp:
3358         * heap/CopiedSpace.cpp:
3359         (JSC::CopiedSpace::doneFillingBlock):
3360         (JSC::CopiedSpace::doneCopying):
3361         * heap/CopiedSpace.h:
3362         * heap/CopiedSpaceInlines.h:
3363         (JSC::CopiedSpace::recycleBorrowedBlock):
3364         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
3365         * heap/HeapTimer.h:
3366         * heap/MachineStackMarker.cpp:
3367         (JSC::ActiveMachineThreadsManager::Locker::Locker):
3368         (JSC::ActiveMachineThreadsManager::add):
3369    &