REGRESSION(r165704): [GTK] Inspector resources not correctly generated
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-04-02  Martin Robinson  <mrobinson@igalia.com>
2
3         REGRESSION(r165704): [GTK] Inspector resources not correctly generated
4         https://bugs.webkit.org/show_bug.cgi?id=130343
5
6         Reviewed by Gustavo Noronha Silva.
7
8         * CMakeLists.txt: We generate the inspector JavaScript file into a directory like the one
9         in which it should be distributed. This allows us to more easily package it for GTK+.
10
11 2014-04-01  Timothy Hatcher  <timothy@apple.com>
12
13         Remove HeapProfiler from the Web Inspector protocol.
14
15         https://bugs.webkit.org/show_bug.cgi?id=131070
16
17         Reviewed by Joseph Pecoraro.
18
19         * inspector/agents/InspectorConsoleAgent.h:
20         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
21         (Inspector::JSGlobalObjectConsoleAgent::addInspectedHeapObject): Deleted.
22         * inspector/agents/JSGlobalObjectConsoleAgent.h:
23         * inspector/protocol/Console.json:
24
25 2014-03-31  Simon Fraser  <simon.fraser@apple.com>
26
27         Enable WEB_TIMING on Mac and iOS
28         https://bugs.webkit.org/show_bug.cgi?id=128064
29
30         Reviewed by Sam Weinig, Brent Fulgham.
31
32         Enable WEB_TIMING.
33
34         * Configurations/FeatureDefines.xcconfig:
35
36 2014-03-31  Michael Saboff  <msaboff@apple.com>
37
38         REGRESSION(r166415): JSObject{Get,Set}Private() don't work with proxies objects
39         https://bugs.webkit.org/show_bug.cgi?id=130992
40
41         Reviewed by Mark Hahnenberg.
42
43         Forward JSObjectGetPrivate() and JSObjectSetPrivate() to the wrapped object.
44
45         * API/JSObjectRef.cpp:
46         (JSObjectGetPrivate):
47         (JSObjectSetPrivate):
48         * API/tests/testapi.c:
49         (main): Added new test case to validate we are properly foarwarding.
50
51 2014-03-31  Mark Hahnenberg  <mhahnenberg@apple.com>
52
53         Improve GC_LOGGING
54         https://bugs.webkit.org/show_bug.cgi?id=130988
55
56         Reviewed by Geoffrey Garen.
57
58         GC_LOGGING can be useful for diagnosing where we're spending our time during collection, 
59         but it doesn't distinguish between Eden and Full collections in the data it gathers. This
60         patch updates it so that it can. It also adds the process ID to the beginning of each line 
61         of input to be able to distinguish between the output of multiple processes exiting at the 
62         same time.
63
64         * heap/Heap.cpp:
65         (JSC::Heap::collect):
66
67 2014-03-31  Dean Jackson  <dino@apple.com>
68
69         Remove WEB_ANIMATIONS
70         https://bugs.webkit.org/show_bug.cgi?id=130989
71
72         Reviewed by Simon Fraser.
73
74         Remove this feature flag until we plan to implement.
75
76         * Configurations/FeatureDefines.xcconfig:
77
78 2014-03-31  Filip Pizlo  <fpizlo@apple.com>
79
80         More validation for FTL inline caches
81         https://bugs.webkit.org/show_bug.cgi?id=130948
82
83         Reviewed by Geoffrey Garen.
84
85         * dfg/DFGByteCodeParser.cpp:
86         (JSC::DFG::ByteCodeParser::handleGetById):
87         (JSC::DFG::ByteCodeParser::handlePutById):
88         * runtime/Options.h:
89
90 2014-03-31  Filip Pizlo  <fpizlo@apple.com>
91
92         LLVM IR for store barriers should be nicely arranged and they don't need exception checks
93         https://bugs.webkit.org/show_bug.cgi?id=130950
94
95         Reviewed by Mark Hahnenberg.
96
97         * ftl/FTLLowerDFGToLLVM.cpp:
98         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
99
100 2014-03-31  Raphael Kubo da Costa  <raphael.kubo.da.costa@intel.com>
101
102         [CMake] Stop checking for WTF_USE_ICU_UNICODE.
103         https://bugs.webkit.org/show_bug.cgi?id=130965
104
105         Reviewed by Martin Robinson.
106
107         This is somewhat of a follow-up to r162782, which got rid of
108         WTF_USE_ICU_UNICODE in CMake but did not remove the check in JSC's
109         CMakeLists.txt. This meant the includes and libraries were not
110         being properly included since then.
111
112         * CMakeLists.txt:
113
114 2014-03-31  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
115
116         Remove hostThisRegister() and hostThisValue()
117         https://bugs.webkit.org/show_bug.cgi?id=130895
118
119         Reviewed by Geoffrey Garen.
120
121         Removed hostThisRegister() and hostThisValue() and instead use thisArgumentOffset() and thisValue() respectively.
122
123         * API/APICallbackFunction.h:
124         (JSC::APICallbackFunction::call):
125         * API/JSCallbackObjectFunctions.h:
126         (JSC::JSCallbackObject<Parent>::call):
127         * dfg/DFGOSREntry.cpp:
128         (JSC::DFG::prepareOSREntry):
129         * inspector/JSInjectedScriptHostPrototype.cpp:
130         (Inspector::jsInjectedScriptHostPrototypeAttributeEvaluate):
131         (Inspector::jsInjectedScriptHostPrototypeFunctionInternalConstructorName):
132         (Inspector::jsInjectedScriptHostPrototypeFunctionIsHTMLAllCollection):
133         (Inspector::jsInjectedScriptHostPrototypeFunctionType):
134         (Inspector::jsInjectedScriptHostPrototypeFunctionFunctionDetails):
135         (Inspector::jsInjectedScriptHostPrototypeFunctionGetInternalProperties):
136         * inspector/JSJavaScriptCallFramePrototype.cpp:
137         (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
138         (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeType):
139         (Inspector::jsJavaScriptCallFrameAttributeCaller):
140         (Inspector::jsJavaScriptCallFrameAttributeSourceID):
141         (Inspector::jsJavaScriptCallFrameAttributeLine):
142         (Inspector::jsJavaScriptCallFrameAttributeColumn):
143         (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
144         (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
145         (Inspector::jsJavaScriptCallFrameAttributeThisObject):
146         (Inspector::jsJavaScriptCallFrameAttributeType):
147         * interpreter/CallFrame.h:
148         (JSC::ExecState::hostThisRegister): Deleted.
149         (JSC::ExecState::hostThisValue): Deleted.
150         * runtime/Arguments.cpp:
151         (JSC::argumentsFuncIterator):
152         * runtime/ArrayPrototype.cpp:
153         (JSC::arrayProtoFuncToString):
154         (JSC::arrayProtoFuncToLocaleString):
155         (JSC::arrayProtoFuncJoin):
156         (JSC::arrayProtoFuncConcat):
157         (JSC::arrayProtoFuncPop):
158         (JSC::arrayProtoFuncPush):
159         (JSC::arrayProtoFuncReverse):
160         (JSC::arrayProtoFuncShift):
161         (JSC::arrayProtoFuncSlice):
162         (JSC::arrayProtoFuncSort):
163         (JSC::arrayProtoFuncSplice):
164         (JSC::arrayProtoFuncUnShift):
165         (JSC::arrayProtoFuncReduce):
166         (JSC::arrayProtoFuncReduceRight):
167         (JSC::arrayProtoFuncIndexOf):
168         (JSC::arrayProtoFuncLastIndexOf):
169         (JSC::arrayProtoFuncValues):
170         (JSC::arrayProtoFuncEntries):
171         (JSC::arrayProtoFuncKeys):
172         * runtime/BooleanPrototype.cpp:
173         (JSC::booleanProtoFuncToString):
174         (JSC::booleanProtoFuncValueOf):
175         * runtime/ConsolePrototype.cpp:
176         (JSC::consoleLogWithLevel):
177         (JSC::consoleProtoFuncClear):
178         (JSC::consoleProtoFuncDir):
179         (JSC::consoleProtoFuncDirXML):
180         (JSC::consoleProtoFuncTable):
181         (JSC::consoleProtoFuncTrace):
182         (JSC::consoleProtoFuncAssert):
183         (JSC::consoleProtoFuncCount):
184         (JSC::consoleProtoFuncProfile):
185         (JSC::consoleProtoFuncProfileEnd):
186         (JSC::consoleProtoFuncTime):
187         (JSC::consoleProtoFuncTimeEnd):
188         (JSC::consoleProtoFuncTimeStamp):
189         (JSC::consoleProtoFuncGroup):
190         (JSC::consoleProtoFuncGroupCollapsed):
191         (JSC::consoleProtoFuncGroupEnd):
192         * runtime/DatePrototype.cpp:
193         (JSC::formateDateInstance):
194         (JSC::dateProtoFuncToISOString):
195         (JSC::dateProtoFuncToLocaleString):
196         (JSC::dateProtoFuncToLocaleDateString):
197         (JSC::dateProtoFuncToLocaleTimeString):
198         (JSC::dateProtoFuncGetTime):
199         (JSC::dateProtoFuncGetFullYear):
200         (JSC::dateProtoFuncGetUTCFullYear):
201         (JSC::dateProtoFuncGetMonth):
202         (JSC::dateProtoFuncGetUTCMonth):
203         (JSC::dateProtoFuncGetDate):
204         (JSC::dateProtoFuncGetUTCDate):
205         (JSC::dateProtoFuncGetDay):
206         (JSC::dateProtoFuncGetUTCDay):
207         (JSC::dateProtoFuncGetHours):
208         (JSC::dateProtoFuncGetUTCHours):
209         (JSC::dateProtoFuncGetMinutes):
210         (JSC::dateProtoFuncGetUTCMinutes):
211         (JSC::dateProtoFuncGetSeconds):
212         (JSC::dateProtoFuncGetUTCSeconds):
213         (JSC::dateProtoFuncGetMilliSeconds):
214         (JSC::dateProtoFuncGetUTCMilliseconds):
215         (JSC::dateProtoFuncGetTimezoneOffset):
216         (JSC::dateProtoFuncSetTime):
217         (JSC::setNewValueFromTimeArgs):
218         (JSC::setNewValueFromDateArgs):
219         (JSC::dateProtoFuncSetYear):
220         (JSC::dateProtoFuncGetYear):
221         (JSC::dateProtoFuncToJSON):
222         * runtime/ErrorPrototype.cpp:
223         (JSC::errorProtoFuncToString):
224         * runtime/FunctionPrototype.cpp:
225         (JSC::functionProtoFuncToString):
226         (JSC::functionProtoFuncBind):
227         * runtime/NamePrototype.cpp:
228         (JSC::privateNameProtoFuncToString):
229         * runtime/NumberPrototype.cpp:
230         (JSC::numberProtoFuncToExponential):
231         (JSC::numberProtoFuncToFixed):
232         (JSC::numberProtoFuncToPrecision):
233         (JSC::numberProtoFuncClz):
234         (JSC::numberProtoFuncToString):
235         (JSC::numberProtoFuncToLocaleString):
236         (JSC::numberProtoFuncValueOf):
237         * runtime/ObjectPrototype.cpp:
238         (JSC::objectProtoFuncValueOf):
239         (JSC::objectProtoFuncHasOwnProperty):
240         (JSC::objectProtoFuncIsPrototypeOf):
241         (JSC::objectProtoFuncDefineGetter):
242         (JSC::objectProtoFuncDefineSetter):
243         (JSC::objectProtoFuncLookupGetter):
244         (JSC::objectProtoFuncLookupSetter):
245         (JSC::objectProtoFuncPropertyIsEnumerable):
246         (JSC::objectProtoFuncToLocaleString):
247         (JSC::objectProtoFuncToString):
248         * runtime/RegExpPrototype.cpp:
249         (JSC::regExpProtoFuncTest):
250         (JSC::regExpProtoFuncExec):
251         (JSC::regExpProtoFuncCompile):
252         (JSC::regExpProtoFuncToString):
253         * runtime/StringPrototype.cpp:
254         (JSC::stringProtoFuncReplace):
255         (JSC::stringProtoFuncToString):
256         (JSC::stringProtoFuncCharAt):
257         (JSC::stringProtoFuncCharCodeAt):
258         (JSC::stringProtoFuncConcat):
259         (JSC::stringProtoFuncIndexOf):
260         (JSC::stringProtoFuncLastIndexOf):
261         (JSC::stringProtoFuncMatch):
262         (JSC::stringProtoFuncSearch):
263         (JSC::stringProtoFuncSlice):
264         (JSC::stringProtoFuncSplit):
265         (JSC::stringProtoFuncSubstr):
266         (JSC::stringProtoFuncSubstring):
267         (JSC::stringProtoFuncToLowerCase):
268         (JSC::stringProtoFuncToUpperCase):
269         (JSC::stringProtoFuncLocaleCompare):
270         (JSC::stringProtoFuncBig):
271         (JSC::stringProtoFuncSmall):
272         (JSC::stringProtoFuncBlink):
273         (JSC::stringProtoFuncBold):
274         (JSC::stringProtoFuncFixed):
275         (JSC::stringProtoFuncItalics):
276         (JSC::stringProtoFuncStrike):
277         (JSC::stringProtoFuncSub):
278         (JSC::stringProtoFuncSup):
279         (JSC::stringProtoFuncFontcolor):
280         (JSC::stringProtoFuncFontsize):
281         (JSC::stringProtoFuncAnchor):
282         (JSC::stringProtoFuncLink):
283         (JSC::stringProtoFuncTrim):
284         (JSC::stringProtoFuncTrimLeft):
285         (JSC::stringProtoFuncTrimRight):
286
287 2014-03-28  Filip Pizlo  <fpizlo@apple.com>
288
289         Land the stackmap register liveness glue with the uses of the liveness disabled
290         https://bugs.webkit.org/show_bug.cgi?id=130924
291
292         Reviewed by Oliver Hunt.
293         
294         Add the liveness and fix other bugs I found.
295
296         * bytecode/PutByIdStatus.cpp:
297         (JSC::PutByIdStatus::computeFor):
298         * ftl/FTLCompile.cpp:
299         (JSC::FTL::usedRegistersFor):
300         (JSC::FTL::fixFunctionBasedOnStackMaps):
301         * ftl/FTLSlowPathCall.cpp:
302         * ftl/FTLSlowPathCallKey.cpp:
303         (JSC::FTL::SlowPathCallKey::dump):
304         * ftl/FTLSlowPathCallKey.h:
305         (JSC::FTL::SlowPathCallKey::SlowPathCallKey):
306         (JSC::FTL::SlowPathCallKey::argumentRegisters):
307         (JSC::FTL::SlowPathCallKey::withCallTarget):
308         * ftl/FTLStackMaps.cpp:
309         (JSC::FTL::StackMaps::Record::locationSet):
310         (JSC::FTL::StackMaps::Record::liveOutsSet):
311         (JSC::FTL::StackMaps::Record::usedRegisterSet):
312         * ftl/FTLStackMaps.h:
313         * ftl/FTLThunks.cpp:
314         (JSC::FTL::registerClobberCheck):
315         (JSC::FTL::slowPathCallThunkGenerator):
316         * jit/RegisterSet.cpp:
317         (JSC::RegisterSet::stackRegisters):
318         (JSC::RegisterSet::reservedHardwareRegisters):
319         (JSC::RegisterSet::runtimeRegisters):
320         (JSC::RegisterSet::specialRegisters):
321         (JSC::RegisterSet::dump):
322         * jit/RegisterSet.h:
323         (JSC::RegisterSet::RegisterSet):
324         (JSC::RegisterSet::setAny):
325         (JSC::RegisterSet::setMany):
326         * jit/Repatch.cpp:
327         (JSC::tryCacheGetByID):
328         (JSC::tryCachePutByID):
329         (JSC::tryRepatchIn):
330         * runtime/Options.cpp:
331         (JSC::recomputeDependentOptions):
332         * runtime/Options.h:
333
334 2014-03-28  Mark Lam  <mark.lam@apple.com>
335
336         mandreel throws a checksum error on 32-bit x86.
337         <https://webkit.org/b/125706>
338
339         Reviewed by Filip Pizlo.
340
341         The 32-bit DFG can emit code that loads double constants from its
342         CodeBlock's m_constantRegisters vector.  The emitted instruction will
343         embed the address of the constant from the vector's backing store.
344         Subsequently, while inserting new constants, the DFG may resize the
345         vector, thereby reallocating the backing store.  This renders the
346         previously embedded constant addresses stale.
347
348         The fix is to use a dedicated doubles constant pool stored in the DFG
349         CommonData instead.  This constant pool won't be reallocated, and
350         hence will not manifest this issue.
351
352         * dfg/DFGCommonData.h:
353         * dfg/DFGGraph.h:
354         * dfg/DFGJITCompiler.cpp:
355         (JSC::DFG::JITCompiler::link):
356         (JSC::DFG::JITCompiler::addressOfDoubleConstant):
357         * dfg/DFGJITCompiler.h:
358         (JSC::DFG::JITCompiler::addressOfDoubleConstant): Deleted.
359
360 2014-03-28  Joseph Pecoraro  <pecoraro@apple.com>
361
362         Web Inspector: console.warn is showing as error instead of warning
363         https://bugs.webkit.org/show_bug.cgi?id=130921
364
365         Reviewed by Timothy Hatcher.
366
367         * runtime/ConsolePrototype.cpp:
368         (JSC::consoleProtoFuncWarn):
369         console.warn should be MessageLevel Warning, not Error.
370
371 2014-03-28  Oliver Hunt  <oliver@apple.com>
372
373         Fix cloop build.
374
375         * bytecode/BytecodeList.json:
376
377 2014-03-28  Michael Saboff  <msaboff@apple.com>
378
379         Unreviewed, rolling r166248 back in.
380
381         Turns out r166070 didn't cause a 2% performance loss in page load times
382
383         Reverted changeset:
384
385         Unreviewed, rolling out r166126.
386         Rollout r166126 in prepartion to roll out prerequisite r166070
387
388 2014-03-27  Commit Queue  <commit-queue@webkit.org>
389
390         Unreviewed, rolling out r166376.
391         https://bugs.webkit.org/show_bug.cgi?id=130887
392
393         This was a misguided optimization. (Requested by kling on
394         #webkit).
395
396         Reverted changeset:
397
398         "Avoid fetching JSObject::structure() repeatedly in
399         putDirectInternal."
400         https://bugs.webkit.org/show_bug.cgi?id=130857
401         http://trac.webkit.org/changeset/166376
402
403 2014-03-27  Oliver Hunt  <oliver@apple.com>
404
405         Support spread operand in |new| expressions
406         https://bugs.webkit.org/show_bug.cgi?id=130877
407
408         Reviewed by Michael Saboff.
409
410         Add support for the spread operator being applied in
411         |new| expressions.  This required adding support for
412         a new opcode, op_construct_varargs.  This is a relatively
413         simple refactoring of the call_varargs implementation.
414
415         * bytecode/BytecodeList.json:
416         * bytecode/BytecodeUseDef.h:
417         (JSC::computeUsesForBytecodeOffset):
418         (JSC::computeDefsForBytecodeOffset):
419         * bytecode/CallLinkInfo.cpp:
420         (JSC::CallLinkInfo::unlink):
421         * bytecode/CallLinkInfo.h:
422         (JSC::CallLinkInfo::callTypeFor):
423         (JSC::CallLinkInfo::specializationKind):
424         * bytecode/CodeBlock.cpp:
425         (JSC::CodeBlock::dumpBytecode):
426         (JSC::CodeBlock::CodeBlock):
427         * bytecompiler/BytecodeGenerator.cpp:
428         (JSC::BytecodeGenerator::emitCallVarargs):
429         (JSC::BytecodeGenerator::emitConstructVarargs):
430         (JSC::BytecodeGenerator::emitConstruct):
431         * bytecompiler/BytecodeGenerator.h:
432         * jit/JIT.cpp:
433         (JSC::JIT::privateCompileMainPass):
434         (JSC::JIT::privateCompileSlowCases):
435         * jit/JIT.h:
436         * jit/JITCall.cpp:
437         (JSC::JIT::compileOpCall):
438         (JSC::JIT::compileOpCallSlowCase):
439         (JSC::JIT::emit_op_construct_varargs):
440         (JSC::JIT::emitSlow_op_construct_varargs):
441         * jit/JITCall32_64.cpp:
442         (JSC::JIT::emitSlow_op_construct_varargs):
443         (JSC::JIT::emit_op_construct_varargs):
444         (JSC::JIT::compileOpCall):
445         (JSC::JIT::compileOpCallSlowCase):
446         * jit/JITOperations.cpp:
447         * llint/LLIntSlowPaths.cpp:
448         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
449         * llint/LLIntSlowPaths.h:
450         * llint/LowLevelInterpreter.asm:
451         * parser/Parser.cpp:
452         (JSC::Parser<LexerType>::parseMemberExpression):
453
454 2014-03-27  Filip Pizlo  <fpizlo@apple.com>
455
456         Revert http://trac.webkit.org/changeset/166386 because it broke builds.
457
458         * Configurations/Base.xcconfig:
459         * Configurations/LLVMForJSC.xcconfig:
460
461 2014-03-27  Filip Pizlo  <fpizlo@apple.com>
462
463         Unreviewed, skip this test for now.
464
465         * tests/stress/recurse-infinitely-on-getter.js:
466
467 2014-03-27  Filip Pizlo  <fpizlo@apple.com>
468
469         Switch the LLVMForJSC target to using the LLVM in /usr/local rather than /usr/local/LLVMForJavaScriptCore on iOS
470         https://bugs.webkit.org/show_bug.cgi?id=130867
471         <rdar://problem/16432456> 
472
473         Reviewed by Mark Hahnenberg.
474
475         * Configurations/Base.xcconfig:
476         * Configurations/LLVMForJSC.xcconfig:
477
478 2014-03-27  Andreas Kling  <akling@apple.com>
479
480         Avoid fetching JSObject::structure() repeatedly in putDirectInternal.
481         <https://webkit.org/b/130857>
482
483         Use the cached Structure* instead of re-fetching it over and over since
484         that's a non-trivial operation these days.
485
486         Reviewed by Mark Hahnenberg.
487
488         * runtime/JSObject.h:
489         (JSC::JSObject::putDirectInternal):
490
491 2014-03-27  Mark Hahnenberg  <mhahnenberg@apple.com>
492
493         Check the remembered set bit faster
494         https://bugs.webkit.org/show_bug.cgi?id=130860
495
496         Reviewed by Oliver Hunt.
497
498         Currently we look up the remembered set bit in the MarkedBlock in C++ code, but 
499         that bit is also stored in the object. We should look it up there whenever possible.
500
501         * heap/CopiedBlockInlines.h:
502         (JSC::CopiedBlock::shouldReportLiveBytes):
503         * heap/Heap.cpp:
504         (JSC::Heap::addToRememberedSet):
505         * heap/Heap.h:
506         * heap/HeapInlines.h: Removed.
507         * heap/SlotVisitorInlines.h:
508         (JSC::SlotVisitor::reportExtraMemoryUsage):
509
510 2014-03-27  Joseph Pecoraro  <pecoraro@apple.com>
511
512         Web Inspector: Provide SPI to disallow remote inspection of a JSContext
513         https://bugs.webkit.org/show_bug.cgi?id=130853
514
515         Reviewed by Timothy Hatcher.
516
517         * API/JSContextPrivate.h: Added.
518         * API/JSContext.mm:
519         (-[JSContext _remoteInspectionEnabled]):
520         (-[JSContext _setRemoteInspectionEnabled:]):
521         ObjC SPI to enable/disable remote inspection.
522
523         * API/JSContextRefPrivate.h:
524         * API/JSContextRef.cpp:
525         (JSGlobalContextGetRemoteInspectionEnabled):
526         (JSGlobalContextSetRemoteInspectionEnabled):
527         C SPI to enable/disable remote inspection.
528
529         * JavaScriptCore.xcodeproj/project.pbxproj:
530         Add new private header, and export as a private header.
531
532 2014-03-27  Mark Hahnenberg  <mhahnenberg@apple.com>
533
534         Clean up questionable style in ScriptExecutable::prepareForExecutionImpl
535         https://bugs.webkit.org/show_bug.cgi?id=130845
536
537         Reviewed by Filip Pizlo.
538
539         There was a hack added to make sure C Loop LLInt worked which included overriding the 
540         global Options::useLLInt setting, which makes no sense to do here. We should put the 
541         update of the global setting in Options::recomputeDependentOptions along with the other 
542         execution engine flags.
543
544         * runtime/Executable.cpp:
545         (JSC::ScriptExecutable::prepareForExecutionImpl):
546         * runtime/Options.cpp:
547         (JSC::recomputeDependentOptions):
548
549 2014-03-26  Filip Pizlo  <fpizlo@apple.com>
550
551         Enable LLVM stackmap liveOuts computation
552         https://bugs.webkit.org/show_bug.cgi?id=130821
553
554         Reviewed by Andy Estes and Sam Weinig.
555
556         * ftl/FTLStackMaps.cpp:
557         (JSC::FTL::StackMaps::Record::dump):
558         * llvm/library/LLVMExports.cpp:
559         (initializeAndGetJSCLLVMAPI):
560
561 2014-03-26  Filip Pizlo  <fpizlo@apple.com>
562
563         Parse stackmaps liveOuts
564         https://bugs.webkit.org/show_bug.cgi?id=130801
565
566         Reviewed by Geoffrey Garen.
567         
568         This just adds the code to parse them but doesn't do anything with them, yet.
569
570         * ftl/FTLLocation.cpp:
571         (JSC::FTL::Location::forStackmaps):
572         * ftl/FTLLocation.h:
573         (JSC::FTL::Location::forRegister):
574         (JSC::FTL::Location::forIndirect):
575         * ftl/FTLStackMaps.cpp:
576         (JSC::FTL::StackMaps::Location::parse):
577         (JSC::FTL::StackMaps::Location::dump):
578         (JSC::FTL::StackMaps::LiveOut::parse):
579         (JSC::FTL::StackMaps::LiveOut::dump):
580         (JSC::FTL::StackMaps::Record::parse):
581         (JSC::FTL::StackMaps::Record::dump):
582         * ftl/FTLStackMaps.h:
583
584 2014-03-26  Mark Lam  <mark.lam@apple.com>
585
586         Build fix after r166307.
587
588         Not reviewed.
589
590         * runtime/JSCell.h:
591         - The inline function isAPIValueWrapper() should not be exported.  This
592           was causing a linkage error when building for 32-bit x86 on Mac.
593
594 2014-03-26  Filip Pizlo  <fpizlo@apple.com>
595
596         Reasoning about DWARF register numbers should be moved out of FTL::Location
597         https://bugs.webkit.org/show_bug.cgi?id=130792
598
599         Reviewed by Oliver Hunt.
600         
601         Moving this code makes it possible for things other than FTL::Location to reason about
602         DWARF register encoding. This refactoring also appears to reduce some code duplication
603         and makes FTLLocation.cpp cleaner.
604
605         * JavaScriptCore.xcodeproj/project.pbxproj:
606         * ftl/FTLCompile.cpp:
607         (JSC::FTL::fixFunctionBasedOnStackMaps):
608         * ftl/FTLDWARFRegister.cpp: Added.
609         (JSC::FTL::DWARFRegister::reg):
610         (JSC::FTL::DWARFRegister::dump):
611         * ftl/FTLDWARFRegister.h: Added.
612         (JSC::FTL::DWARFRegister::DWARFRegister):
613         (JSC::FTL::DWARFRegister::dwarfRegNum):
614         * ftl/FTLLocation.cpp:
615         (JSC::FTL::Location::dump):
616         (JSC::FTL::Location::isGPR):
617         (JSC::FTL::Location::gpr):
618         (JSC::FTL::Location::isFPR):
619         (JSC::FTL::Location::fpr):
620         * ftl/FTLLocation.h:
621         (JSC::FTL::Location::hasDwarfReg):
622         (JSC::FTL::Location::dwarfReg):
623
624 2014-03-26  Brent Fulgham  <bfulgham@apple.com>
625
626         Unreviewed build fix.
627
628         * runtime/JSCell.h: VS2013 confused about argument type.
629
630 2014-03-26  Zoltan Horvath  <zoltan@webkit.org>
631
632         [CSS Shapes] Remove shape-inside support
633         https://bugs.webkit.org/show_bug.cgi?id=130698
634
635         Reviewed by David Hyatt.
636
637         * Configurations/FeatureDefines.xcconfig:
638
639 2014-03-26  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
640
641         Rename hasFastArrayStorage to be more appropriate
642         https://bugs.webkit.org/show_bug.cgi?id=130773
643
644         Reviewed by Filip Pizlo.
645
646         * dfg/DFGArrayMode.cpp:
647         (JSC::DFG::ArrayMode::alreadyChecked):
648         * dfg/DFGSpeculativeJIT32_64.cpp:
649         (JSC::DFG::SpeculativeJIT::compile):
650         * dfg/DFGSpeculativeJIT64.cpp:
651         (JSC::DFG::SpeculativeJIT::compile):
652         * dfg/DFGWatchpointCollectionPhase.cpp:
653         (JSC::DFG::WatchpointCollectionPhase::handle):
654         * ftl/FTLLowerDFGToLLVM.cpp:
655         (JSC::FTL::LowerDFGToLLVM::compileNewArray):
656         (JSC::FTL::LowerDFGToLLVM::compileNewArrayBuffer):
657         (JSC::FTL::LowerDFGToLLVM::compileNewArrayWithSize):
658         * runtime/ButterflyInlines.h:
659         (JSC::Butterfly::unshift):
660         (JSC::Butterfly::shift):
661         * runtime/IndexingHeaderInlines.h:
662         (JSC::IndexingHeader::preCapacity):
663         * runtime/IndexingType.h:
664         (JSC::hasArrayStorage):
665         (JSC::hasAnyArrayStorage):
666         (JSC::hasFastArrayStorage): Deleted.
667         * runtime/JSArray.cpp:
668         (JSC::JSArray::sortVector):
669         (JSC::JSArray::compactForSorting):
670         * runtime/JSArray.h:
671         (JSC::JSArray::create):
672         (JSC::JSArray::tryCreateUninitialized):
673         * runtime/JSGlobalObject.cpp:
674         * runtime/JSObject.cpp:
675         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
676         * runtime/JSObject.h:
677         (JSC::JSObject::ensureArrayStorage):
678         (JSC::JSObject::arrayStorage):
679         * runtime/StructureTransitionTable.h:
680         (JSC::newIndexingType):
681
682 2014-03-26  Zan Dobersek  <zdobersek@igalia.com>
683
684         Unreviewed. Removing the remaining Automake cruft.
685
686         * GNUmakefile.list.am: Removed.
687
688 2014-03-25  Filip Pizlo  <fpizlo@apple.com>
689
690         Arguments simplification phase should be fine with marking the arguments local itself as an arguments alias
691         https://bugs.webkit.org/show_bug.cgi?id=130764
692         <rdar://problem/16304788>
693
694         Reviewed by Sam Weinig.
695         
696         Being an arguments alias just means that your OSR exit recovery should attempt arguments
697         creation. This is true of arguments locals. We had special cases that tried to make it not
698         true of arguments locals. The only consequence of those special cases was to cause crashes
699         in case of arguments that are also captured variables (i.e. we have SlowArguments). This
700         change just removes those special cases.
701         
702         This change means that the FTL will now see SetLocals with a FlushedArguments format.
703         Previously you wouldn't see them because previously only non-captured variable would be
704         arguments aliases, and non-captured variables get completely SSAified - i.e. no SetLocals
705         left. Adding handling for FlushedArguments is a benign and simple change since its
706         behavior is identical to FlushedJSValue for that code's purposes.
707
708         * dfg/DFGArgumentsSimplificationPhase.cpp:
709         (JSC::DFG::ArgumentsSimplificationPhase::run):
710         * ftl/FTLLowerDFGToLLVM.cpp:
711         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
712         * tests/stress/captured-arguments-variable.js: Added.
713         (foo):
714         (noInline):
715
716 2014-03-25  Mark Hahnenberg  <mhahnenberg@apple.com>
717
718         Add HeapInlines
719         https://bugs.webkit.org/show_bug.cgi?id=130759
720
721         Reviewed by Filip Pizlo.
722
723         * GNUmakefile.list.am:
724         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
725         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
726         * JavaScriptCore.xcodeproj/project.pbxproj:
727         * heap/Heap.cpp:
728         (JSC::MarkedBlockSnapshotFunctor::MarkedBlockSnapshotFunctor):
729         (JSC::MarkedBlockSnapshotFunctor::operator()):
730         * heap/Heap.h: Also reindented while we're here.
731         (JSC::Heap::writeBarrierBuffer):
732         (JSC::Heap::vm):
733         (JSC::Heap::objectSpace):
734         (JSC::Heap::machineThreads):
735         (JSC::Heap::operationInProgress):
736         (JSC::Heap::allocatorForObjectWithoutDestructor):
737         (JSC::Heap::allocatorForObjectWithNormalDestructor):
738         (JSC::Heap::allocatorForObjectWithImmortalStructureDestructor):
739         (JSC::Heap::storageAllocator):
740         (JSC::Heap::notifyIsSafeToCollect):
741         (JSC::Heap::isSafeToCollect):
742         (JSC::Heap::handleSet):
743         (JSC::Heap::handleStack):
744         (JSC::Heap::lastFullGCLength):
745         (JSC::Heap::lastEdenGCLength):
746         (JSC::Heap::increaseLastFullGCLength):
747         (JSC::Heap::sizeBeforeLastEdenCollection):
748         (JSC::Heap::sizeAfterLastEdenCollection):
749         (JSC::Heap::sizeBeforeLastFullCollection):
750         (JSC::Heap::sizeAfterLastFullCollection):
751         (JSC::Heap::jitStubRoutines):
752         (JSC::Heap::isDeferred):
753         (JSC::Heap::structureIDTable):
754         (JSC::Heap::removeCodeBlock):
755         * heap/HeapInlines.h: Added.
756         (JSC::Heap::shouldCollect):
757         (JSC::Heap::isBusy):
758         (JSC::Heap::isCollecting):
759         (JSC::Heap::heap):
760         (JSC::Heap::isLive):
761         (JSC::Heap::isInRememberedSet):
762         (JSC::Heap::isMarked):
763         (JSC::Heap::testAndSetMarked):
764         (JSC::Heap::setMarked):
765         (JSC::Heap::isWriteBarrierEnabled):
766         (JSC::Heap::writeBarrier):
767         (JSC::Heap::reportExtraMemoryCost):
768         (JSC::Heap::forEachProtectedCell):
769         (JSC::Heap::forEachCodeBlock):
770         (JSC::Heap::allocateWithNormalDestructor):
771         (JSC::Heap::allocateWithImmortalStructureDestructor):
772         (JSC::Heap::allocateWithoutDestructor):
773         (JSC::Heap::tryAllocateStorage):
774         (JSC::Heap::tryReallocateStorage):
775         (JSC::Heap::ascribeOwner):
776         (JSC::Heap::blockAllocator):
777         (JSC::Heap::releaseSoon):
778         (JSC::Heap::incrementDeferralDepth):
779         (JSC::Heap::decrementDeferralDepth):
780         (JSC::Heap::collectIfNecessaryOrDefer):
781         (JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
782         (JSC::Heap::markListSet):
783         * runtime/JSCInlines.h:
784
785 2014-03-25  Filip Pizlo  <fpizlo@apple.com>
786
787         DFG::ByteCodeParser::SetMode should distinguish between setting immediately without a flush and setting immediately with a flush
788         https://bugs.webkit.org/show_bug.cgi?id=130760
789
790         Reviewed by Mark Hahnenberg.
791
792         * dfg/DFGByteCodeParser.cpp:
793         (JSC::DFG::ByteCodeParser::setLocal):
794         (JSC::DFG::ByteCodeParser::setArgument):
795         (JSC::DFG::ByteCodeParser::handleInlining):
796         (JSC::DFG::ByteCodeParser::parseBlock):
797         * tests/stress/assign-argument-in-inlined-call.js: Added.
798         (f1):
799         (getF2Arguments):
800         (f2):
801         (f3):
802         * tests/stress/assign-captured-argument-in-inlined-call.js: Added.
803         (f1):
804         (f2):
805         (f3):
806
807 2014-03-25  Filip Pizlo  <fpizlo@apple.com>
808
809         Fix 32-bit getter call alignment.
810
811         Reviewed by Mark Hahnenberg.
812
813         * jit/Repatch.cpp:
814         (JSC::generateGetByIdStub):
815
816 2014-03-25  Filip Pizlo  <fpizlo@apple.com>
817
818         Repatch should plant calls to getters directly rather than through a C helper
819         https://bugs.webkit.org/show_bug.cgi?id=129589
820
821         Reviewed by Mark Hahnenberg.
822         
823         As the title says. All of the superstructure for this was already in place, so now it
824         was just a matter of actually emitting the call.
825         
826         8x speed-up for getter microbenchmarks. 
827
828         * CMakeLists.txt:
829         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
830         * JavaScriptCore.xcodeproj/project.pbxproj:
831         * bytecode/PolymorphicGetByIdList.h:
832         (JSC::GetByIdAccess::doesCalls):
833         * jit/AccessorCallJITStubRoutine.cpp: Added.
834         (JSC::AccessorCallJITStubRoutine::AccessorCallJITStubRoutine):
835         (JSC::AccessorCallJITStubRoutine::~AccessorCallJITStubRoutine):
836         (JSC::AccessorCallJITStubRoutine::visitWeak):
837         * jit/AccessorCallJITStubRoutine.h: Added.
838         * jit/AssemblyHelpers.h:
839         (JSC::AssemblyHelpers::storeCell):
840         * jit/GCAwareJITStubRoutine.h:
841         * jit/Repatch.cpp:
842         (JSC::generateGetByIdStub):
843         * runtime/GetterSetter.h:
844         (JSC::GetterSetter::offsetOfGetter):
845         (JSC::GetterSetter::offsetOfSetter):
846
847 2014-03-25  Michael Saboff  <msaboff@apple.com>
848
849         Unreviewed, rolling out r166126.
850
851         Rollout r166126 in prepartion to roll out prerequisite r166070
852
853         Reverted changeset:
854
855         "toThis() on a JSWorkerGlobalScope should return a JSProxy and
856         not undefined"
857         https://bugs.webkit.org/show_bug.cgi?id=130554
858         http://trac.webkit.org/changeset/166126
859
860 2014-03-25  Oliver Hunt  <oliver@apple.com>
861
862         AST incorrectly conflates readable and writable locations
863         https://bugs.webkit.org/show_bug.cgi?id=130734
864
865         Reviewed by Filip Pizlo.
866
867         We need to distinguish between "locations" that are valid for reading
868         and writing, vs those that may only be written.
869
870         * bytecompiler/NodesCodegen.cpp:
871         (JSC::ForInNode::emitBytecode):
872         (JSC::ForOfNode::emitBytecode):
873         * parser/Nodes.h:
874         (JSC::ExpressionNode::isAssignmentLocation):
875
876 2014-03-24  Oliver Hunt  <oliver@apple.com>
877
878         ASSERTION FAILED in Parser: dst != localReg
879         https://bugs.webkit.org/show_bug.cgi?id=130710
880
881         Reviewed by Filip Pizlo.
882
883         Just make sure we don't try to write to a captured constant,
884         following the change to track captured variables separately.
885
886         * bytecompiler/NodesCodegen.cpp:
887         (JSC::PostfixNode::emitResolve):
888         (JSC::PrefixNode::emitResolve):
889
890 2014-03-25  Martin Robinson  <mrobinson@igalia.com>
891
892         [GTK] Remove the autotools build
893         https://bugs.webkit.org/show_bug.cgi?id=130717
894
895         Reviewed by Anders Carlsson.
896
897         * GNUmakefile.am: Removed.
898         * config.h: Remove references to the autotools configure file.
899
900 2014-03-24  Filip Pizlo  <fpizlo@apple.com>
901
902         More scaffolding for a stub routine to have a stub recursively embedded inside it
903         https://bugs.webkit.org/show_bug.cgi?id=130770
904
905         Reviewed by Oliver Hunt.
906
907         * bytecode/CallLinkInfo.cpp:
908         (JSC::CallLinkInfo::unlink): VM& argument is superfluous.
909         (JSC::CallLinkInfo::visitWeak): Factor this out, it used to be in CodeBlock::finalizeUnconditionally().
910         * bytecode/CallLinkInfo.h:
911         * bytecode/CodeBlock.cpp:
912         (JSC::CodeBlock::finalizeUnconditionally): Factor out some functionality into CallLinkInfo::visitWeak(), and make sure we pass RepatchBuffer& in more places.
913         (JSC::CodeBlock::unlinkCalls):
914         (JSC::CodeBlock::unlinkIncomingCalls):
915         * bytecode/PolymorphicGetByIdList.cpp: Pass RepatchBuffer& through and call JITStubRoutine::visitWeak().
916         (JSC::GetByIdAccess::visitWeak):
917         (JSC::PolymorphicGetByIdList::visitWeak):
918         * bytecode/PolymorphicGetByIdList.h:
919         * bytecode/PolymorphicPutByIdList.cpp: Pass RepatchBuffer& through and call JITStubRoutine::visitWeak().
920         (JSC::PutByIdAccess::visitWeak):
921         (JSC::PolymorphicPutByIdList::visitWeak):
922         * bytecode/PolymorphicPutByIdList.h:
923         * bytecode/StructureStubInfo.cpp: Pass RepatchBuffer& through.
924         (JSC::StructureStubInfo::visitWeakReferences):
925         * bytecode/StructureStubInfo.h:
926         * jit/ClosureCallStubRoutine.cpp: isClosureCall is unused.
927         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
928         * jit/GCAwareJITStubRoutine.cpp:
929         (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
930         (JSC::createJITStubRoutine):
931         * jit/GCAwareJITStubRoutine.h: Make it easier to construct one of these.
932         (JSC::GCAwareJITStubRoutine::isClosureCall): Deleted.
933         * jit/JITStubRoutine.cpp:
934         (JSC::JITStubRoutine::visitWeak): This will allow future JITStubRoutine subclasses to have stubs recursively embedded inside them.
935         * jit/JITStubRoutine.h:
936         * jit/Repatch.cpp:
937         (JSC::generateGetByIdStub): Fix a possible GC bug where we weren't making the stub routine GC aware.
938         (JSC::emitCustomSetterStub): Clean up some code.
939
940 2014-03-24  Geoffrey Garen  <ggaren@apple.com>
941
942         Safari crashes in JavaScriptCore: JSC::JSObject::growOutOfLineStorage
943         when WebKit is compiled with fcatch-undefined-behavior
944         https://bugs.webkit.org/show_bug.cgi?id=130652
945
946         Reviewed by Mark Hahnenberg.
947
948         Use a static member function because the butterfly we pass in might be
949         NULL, and passing NULL to a member function is undefined behavior.
950
951         Stylistically, I think this new way reads a little more clearly, since it
952         matches createOrGrowArrayRight, and it helps to convey that m_butterfly
953         might not exist yet.
954
955         * runtime/Butterfly.h:
956         * runtime/ButterflyInlines.h:
957         (JSC::Butterfly::createOrGrowPropertyStorage): Renamed from growPropertyStorage
958         because we might create. Split out the create path to avoid using NULL
959         in a member function expression.
960
961         Removed some unused versions of this function.
962
963         * runtime/JSObject.cpp:
964         (JSC::JSObject::growOutOfLineStorage): Updated for interface change.
965
966 2014-03-24  Oliver Hunt  <oliver@apple.com>
967
968         Strict mode destructuring assignment crashes the parser.
969         https://bugs.webkit.org/show_bug.cgi?id=130538
970
971         Reviewed by Michael Saboff.
972
973         The SyntaxChecker mode always return 1 for success, except
974         for a small subset of functions where we needed exact information.
975         This ends up just being a poor design decision as it means
976         the parser can get confused between a function return 1, and
977         the Resolve constant which was also 1. So we now use a unique
978         type for every creation method.
979
980         * parser/SyntaxChecker.h:
981         (JSC::SyntaxChecker::createSourceElements):
982         (JSC::SyntaxChecker::createFunctionBody):
983         (JSC::SyntaxChecker::createArguments):
984         (JSC::SyntaxChecker::createSpreadExpression):
985         (JSC::SyntaxChecker::createArgumentsList):
986         (JSC::SyntaxChecker::createPropertyList):
987         (JSC::SyntaxChecker::createElementList):
988         (JSC::SyntaxChecker::createFormalParameterList):
989         (JSC::SyntaxChecker::createClause):
990         (JSC::SyntaxChecker::createClauseList):
991         (JSC::SyntaxChecker::createFuncDeclStatement):
992         (JSC::SyntaxChecker::createBlockStatement):
993         (JSC::SyntaxChecker::createExprStatement):
994         (JSC::SyntaxChecker::createIfStatement):
995         (JSC::SyntaxChecker::createForLoop):
996         (JSC::SyntaxChecker::createForInLoop):
997         (JSC::SyntaxChecker::createForOfLoop):
998         (JSC::SyntaxChecker::createEmptyStatement):
999         (JSC::SyntaxChecker::createVarStatement):
1000         (JSC::SyntaxChecker::createReturnStatement):
1001         (JSC::SyntaxChecker::createBreakStatement):
1002         (JSC::SyntaxChecker::createContinueStatement):
1003         (JSC::SyntaxChecker::createTryStatement):
1004         (JSC::SyntaxChecker::createSwitchStatement):
1005         (JSC::SyntaxChecker::createWhileStatement):
1006         (JSC::SyntaxChecker::createWithStatement):
1007         (JSC::SyntaxChecker::createDoWhileStatement):
1008         (JSC::SyntaxChecker::createLabelStatement):
1009         (JSC::SyntaxChecker::createThrowStatement):
1010         (JSC::SyntaxChecker::createDebugger):
1011         (JSC::SyntaxChecker::createConstStatement):
1012         (JSC::SyntaxChecker::appendConstDecl):
1013         (JSC::SyntaxChecker::combineCommaNodes):
1014         (JSC::SyntaxChecker::operatorStackPop):
1015
1016 2014-03-24  Brent Fulgham  <bfulgham@apple.com>
1017
1018         Activate WebVTT Tests Once Merging is Complete
1019         https://bugs.webkit.org/show_bug.cgi?id=130420
1020
1021         Reviewed by Eric Carlson.
1022
1023         * Configurations/FeatureDefines.xcconfig: Turn on ENABLE(WEBVTT_REGIONS)
1024
1025 2014-03-24  Andreas Kling  <akling@apple.com>
1026
1027         Stop pulling in all the macro assemblers from VM.h
1028         <https://webkit.org/b/130691>
1029
1030         Remove #include of "GPRInfo.h". This breaks WebCore's dependency
1031         on macro assemblers headers and removes 8 includes from every
1032         .cpp file in the JS bindings.
1033
1034         Reviewed by Geoff Garen.
1035
1036         * runtime/VM.h:
1037
1038 2014-03-24  Gavin Barraclough  <barraclough@apple.com>
1039
1040         Add support for thread QoS
1041         https://bugs.webkit.org/show_bug.cgi?id=130688
1042
1043         Reviewed by Andreas Kling.
1044
1045         * heap/BlockAllocator.cpp:
1046         (JSC::BlockAllocator::blockFreeingThreadStartFunc):
1047             - block freeing is a utility activity.
1048
1049 2014-03-24  Filip Pizlo  <fpizlo@apple.com>
1050
1051         Unreviewed, fix CLOOP build.
1052
1053         * bytecode/CallLinkStatus.cpp:
1054         (JSC::CallLinkStatus::computeFor):
1055         * bytecode/CodeBlock.cpp:
1056         (JSC::CodeBlock::printCallOp):
1057         (JSC::CodeBlock::getCallLinkInfoForBytecodeIndex):
1058         (JSC::CodeBlock::resetStubDuringGCInternal): Deleted.
1059         * bytecode/CodeBlock.h:
1060         (JSC::CodeBlock::callLinkInfosEnd): Deleted.
1061
1062 2014-03-24  Gabor Rapcsanyi  <rgabor@webkit.org>
1063
1064         [ARM64] GNU assembler doesn't work with LLInt arm64 backend.
1065         https://bugs.webkit.org/show_bug.cgi?id=130453
1066         
1067         Reviewed by Filip Pizlo.
1068
1069         Change fp and lr to x29 and x30. Add both operand kinds to emitARM64()
1070         at sxtw and uxtw instructions.
1071
1072         * offlineasm/arm64.rb:
1073
1074 2014-03-23  Hyowon Kim  <hw1008.kim@samsung.com>
1075
1076         Move all EFL typedefs into EflTypedefs.h.
1077         https://bugs.webkit.org/show_bug.cgi?id=130511
1078
1079         Reviewed by Gyuyoung Kim
1080
1081         * heap/HeapTimer.h: Remove EFL typedefs.
1082
1083 2014-03-23  Filip Pizlo  <fpizlo@apple.com>
1084
1085         Gotta grow the locals vectors if we are about to do SetLocals beyond the bytecode's numCalleeRegisters
1086         https://bugs.webkit.org/show_bug.cgi?id=130650
1087         <rdar://problem/16122966>
1088
1089         Reviewed by Michael Saboff.
1090         
1091         Previously, it was only in the case of inlining that we would do SetLocal's beyond the
1092         previously established numLocals limit. But then we added generalized op_call_varargs
1093         handling, which results in us emitting SetLocals that didn't previously exist in the
1094         bytecode.
1095         
1096         This factors out the inliner's ensureLocals loop and calls it from op_call_varargs.
1097
1098         * dfg/DFGByteCodeParser.cpp:
1099         (JSC::DFG::ByteCodeParser::ensureLocals):
1100         (JSC::DFG::ByteCodeParser::handleInlining):
1101         (JSC::DFG::ByteCodeParser::parseBlock):
1102         (JSC::DFG::ByteCodeParser::parse):
1103         * ftl/FTLOSRExitCompiler.cpp:
1104         (JSC::FTL::compileStub): Make this do alignment correctly.
1105         * runtime/Options.h:
1106         * tests/stress/call-varargs-from-inlined-code.js: Added.
1107         * tests/stress/call-varargs-from-inlined-code-with-odd-number-of-arguments.js: Added.
1108
1109 2014-03-22  Filip Pizlo  <fpizlo@apple.com>
1110
1111         Unreviewed, adjust sizes for ARM64.
1112
1113         * ftl/FTLInlineCacheSize.cpp:
1114         (JSC::FTL::sizeOfCall):
1115
1116 2014-03-22  Filip Pizlo  <fpizlo@apple.com>
1117
1118         Protect the silent spiller/filler's desire to fill Int32Constants by making sure that we don't mark something as having a Int32 register format if it's a non-Int32 constant
1119         https://bugs.webkit.org/show_bug.cgi?id=130649
1120         <rdar://problem/16399949>
1121
1122         Reviewed by Andreas Kling.
1123
1124         * dfg/DFGSpeculativeJIT32_64.cpp:
1125         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
1126         * dfg/DFGSpeculativeJIT64.cpp:
1127         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
1128         * tests/stress/fuzz-bug-16399949.js: Added.
1129         (tryItOut.f):
1130         (tryItOut):
1131
1132 2014-03-22  Filip Pizlo  <fpizlo@apple.com>
1133
1134         Call linking slow paths should be passed a CallLinkInfo* directly so that you can create a call IC without adding it to any CodeBlocks
1135         https://bugs.webkit.org/show_bug.cgi?id=130644
1136
1137         Reviewed by Andreas Kling.
1138         
1139         This is conceptually a really simple change but it involves the following:
1140         
1141         - The inline part of the call IC stuffs a pointer to the CallLinkInfo into regT2.
1142         
1143         - CodeBlock uses a Bag of CallLinkInfos instead of a Vector.
1144         
1145         - Remove the significance of a CallLinkInfo's index. This means that DFG::JITCode no
1146           longer has a vector of slow path counts that shadows the CallLinkInfo vector.
1147         
1148         - Make CallLinkInfo have its own slowPathCount, which counts actual slow path executions
1149           and not all relinking.
1150         
1151         This makes planting JS->JS calls inside other inline caches or stubs a lot easier, since
1152         the CallLinkInfo and the call IC slow paths no longer rely on the call being associated
1153         with a op_call/op_construct instruction and a machine code return PC within such an
1154         instruction.
1155
1156         * bytecode/CallLinkInfo.h:
1157         (JSC::getCallLinkInfoCodeOrigin):
1158         * bytecode/CallLinkStatus.cpp:
1159         (JSC::CallLinkStatus::computeFor):
1160         (JSC::CallLinkStatus::computeDFGStatuses):
1161         * bytecode/CallLinkStatus.h:
1162         * bytecode/CodeBlock.cpp:
1163         (JSC::CodeBlock::printCallOp):
1164         (JSC::CodeBlock::dumpBytecode):
1165         (JSC::CodeBlock::finalizeUnconditionally):
1166         (JSC::CodeBlock::getCallLinkInfoMap):
1167         (JSC::CodeBlock::getCallLinkInfoForBytecodeIndex):
1168         (JSC::CodeBlock::addCallLinkInfo):
1169         (JSC::CodeBlock::unlinkCalls):
1170         * bytecode/CodeBlock.h:
1171         (JSC::CodeBlock::stubInfoBegin):
1172         (JSC::CodeBlock::stubInfoEnd):
1173         (JSC::CodeBlock::callLinkInfosBegin):
1174         (JSC::CodeBlock::callLinkInfosEnd):
1175         (JSC::CodeBlock::byValInfo):
1176         * dfg/DFGByteCodeParser.cpp:
1177         (JSC::DFG::ByteCodeParser::handleCall):
1178         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1179         * dfg/DFGJITCode.h:
1180         * dfg/DFGJITCompiler.cpp:
1181         (JSC::DFG::JITCompiler::link):
1182         * dfg/DFGJITCompiler.h:
1183         (JSC::DFG::JITCompiler::addJSCall):
1184         (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord):
1185         * dfg/DFGOSRExitCompilerCommon.cpp:
1186         (JSC::DFG::reifyInlinedCallFrames):
1187         * dfg/DFGSpeculativeJIT.cpp:
1188         (JSC::DFG::SpeculativeJIT::compile):
1189         * dfg/DFGSpeculativeJIT.h:
1190         * dfg/DFGSpeculativeJIT32_64.cpp:
1191         (JSC::DFG::SpeculativeJIT::emitCall):
1192         * dfg/DFGSpeculativeJIT64.cpp:
1193         (JSC::DFG::SpeculativeJIT::emitCall):
1194         * ftl/FTLCompile.cpp:
1195         (JSC::FTL::fixFunctionBasedOnStackMaps):
1196         * ftl/FTLInlineCacheSize.cpp:
1197         (JSC::FTL::sizeOfCall):
1198         * ftl/FTLJSCall.cpp:
1199         (JSC::FTL::JSCall::JSCall):
1200         (JSC::FTL::JSCall::emit):
1201         (JSC::FTL::JSCall::link):
1202         * ftl/FTLJSCall.h:
1203         * jit/JIT.cpp:
1204         (JSC::JIT::privateCompileMainPass):
1205         (JSC::JIT::privateCompileSlowCases):
1206         (JSC::JIT::privateCompile):
1207         * jit/JIT.h:
1208         * jit/JITCall.cpp:
1209         (JSC::JIT::compileOpCall):
1210         (JSC::JIT::compileOpCallSlowCase):
1211         * jit/JITCall32_64.cpp:
1212         (JSC::JIT::compileOpCall):
1213         (JSC::JIT::compileOpCallSlowCase):
1214         * jit/JITOperations.cpp:
1215         * jit/JITOperations.h:
1216         (JSC::operationLinkFor):
1217         (JSC::operationVirtualFor):
1218         (JSC::operationLinkClosureCallFor):
1219         * jit/Repatch.cpp:
1220         (JSC::linkClosureCall):
1221         * jit/ThunkGenerators.cpp:
1222         (JSC::slowPathFor):
1223         (JSC::virtualForThunkGenerator):
1224         * tests/stress/eval-that-is-not-eval.js: Added.
1225
1226 2014-03-22  Filip Pizlo  <fpizlo@apple.com>
1227
1228         Unreviewed, fix mispelled test name.
1229
1230         * tests/stress/constand-folding-osr-exit.js: Removed.
1231         * tests/stress/constant-folding-osr-exit.js: Copied from Source/JavaScriptCore/tests/stress/constand-folding-osr-exit.js.
1232
1233 2014-03-22  Andreas Kling  <akling@apple.com>
1234
1235         CREATE_DOM_WRAPPER doesn't need the ExecState.
1236         <https://webkit.org/b/130648>
1237
1238         Add a fast path from JSGlobalObject to the VM so we don't have
1239         to dance via the Heap.
1240
1241         Reviewed by Darin Adler.
1242
1243         * runtime/JSGlobalObject.cpp:
1244         (JSC::JSGlobalObject::JSGlobalObject):
1245         * runtime/JSGlobalObject.h:
1246         (JSC::JSGlobalObject::vm):
1247
1248 2014-03-22  Filip Pizlo  <fpizlo@apple.com>
1249
1250         Unreviewed, fix FTL build.
1251
1252         * ftl/FTLJITFinalizer.cpp:
1253
1254 2014-03-22  Michael Saboff  <msaboff@apple.com>
1255
1256         toThis() on a JSWorkerGlobalScope should return a JSProxy and not undefined
1257         https://bugs.webkit.org/show_bug.cgi?id=130554
1258
1259         Reviewed by Geoffrey Garen.
1260
1261         Fixed toThis() on WorkerGlobalScope to return a JSProxy instead of the JSGlobalObject.
1262         Did some cleanup as well.  Moved the setting of the thisObject in a JSGlobalObject to
1263         happen in finishCreation() so that it will also happen for other derived classes including
1264         JSWorkerGlobalScopeBase.
1265
1266         * API/JSContextRef.cpp:
1267         (JSGlobalContextCreateInGroup):
1268         * jsc.cpp:
1269         (GlobalObject::create):
1270         * API/tests/testapi.c:
1271         (globalObject_initialize): Eliminated ASSERT that the global object we are creating matches
1272         the result from JSContextGetGlobalObject() as that will return the proxy.       
1273         * runtime/JSGlobalObject.cpp:
1274         (JSC::JSGlobalObject::init): Removed thisValue parameter and the call to setGlobalThis() since
1275         we now call setGlobalThis in finishCreation().
1276         * runtime/JSGlobalObject.h:
1277         (JSC::JSGlobalObject::finishCreation):
1278         (JSC::JSGlobalObject::setGlobalThis): Made this a private method.
1279
1280 2014-03-22  Andreas Kling  <akling@apple.com>
1281
1282         Fix debug build.
1283
1284         * bytecode/CodeBlock.cpp:
1285         * runtime/Executable.cpp:
1286
1287 2014-03-22  Andreas Kling  <akling@apple.com>
1288
1289         Cut down on JSC profiler includes in WebCore & co.
1290         <https://webkit.org/b/130637>
1291
1292         Most of WebKit was pulling in JSC's profiler headers via VM.h.
1293
1294         Reviewed by Darin Adler.
1295
1296         * dfg/DFGDisassembler.cpp:
1297         * dfg/DFGDisassembler.h:
1298         * dfg/DFGJITFinalizer.cpp:
1299         * jsc.cpp:
1300         * runtime/VM.cpp:
1301         * runtime/VM.h:
1302
1303 2014-03-22  Landry Breuil <landry@openbsd.org>
1304
1305         Use pthread_stackseg_np() to find the stack bounds on OpenBSD.
1306         https://bugs.webkit.org/show_bug.cgi?id=129965
1307
1308         Reviewed By Anders Carlsson.
1309
1310 2014-03-21  Mark Lam  <mark.lam@apple.com>
1311
1312         Crash when BytecodeGenerator::emitJump calls Label::bind on null pointer.
1313         <https://webkit.org/b/124508>
1314
1315         Reviewed by Oliver Hunt.
1316
1317         The issue is that BreakNode::emitBytecode() is holding onto a LabelScope
1318         pointer from the BytecodeGenerator's m_localScopes vector, and then it
1319         calls emitPopScopes().  emitPopScopes() may do finally clause handling
1320         which will require the m_localScopes to be cloned so that it can change
1321         the local scopes for the finally block, and then restore it after
1322         handling the finally clause.  These modifications of the m_localScopes
1323         vector will result in the LabelScope pointer in BreakNode::emitBytecode()
1324         becoming stale, thereby causing the crash.
1325
1326         The same issue applies to the ContinueNode as well.
1327
1328         The fix is to use the existing LabelScopePtr abstraction instead of raw
1329         LabelScope pointers.  The LabelScopePtr is resilient to the underlying
1330         vector re-allocating its backing store.
1331
1332         I also changed the LabelScopePtr constructor that takes a LabelScopeStore
1333         to expect a reference to the owner store instead of a pointer because the
1334         owner store should never be a null pointer.
1335
1336         * bytecompiler/BytecodeGenerator.cpp:
1337         (JSC::BytecodeGenerator::newLabelScope):
1338         (JSC::BytecodeGenerator::breakTarget):
1339         (JSC::BytecodeGenerator::continueTarget):
1340         * bytecompiler/BytecodeGenerator.h:
1341         * bytecompiler/LabelScope.h:
1342         (JSC::LabelScopePtr::LabelScopePtr):
1343         (JSC::LabelScopePtr::operator bool):
1344         (JSC::LabelScopePtr::null):
1345         * bytecompiler/NodesCodegen.cpp:
1346         (JSC::ContinueNode::trivialTarget):
1347         (JSC::ContinueNode::emitBytecode):
1348         (JSC::BreakNode::trivialTarget):
1349         (JSC::BreakNode::emitBytecode):
1350
1351 2014-03-21  Mark Hahnenberg  <mhahnenberg@apple.com>
1352
1353         6% SunSpider commandline regression due to r165940
1354         https://bugs.webkit.org/show_bug.cgi?id=130617
1355
1356         Reviewed by Michael Saboff.
1357
1358         In GCActivityCallback::didAllocate, lastGCLength() returns 0 if we've never collected 
1359         before. Some of the benchmarks are never running a single EdenCollection, which causes 
1360         them to repeatedly call scheduleTimer with a newDelay of 0. This defeats our timer 
1361         slop heuristic, causing us to invoke CFRunLoopTimerSetNextFireDate a couple orders of 
1362         magnitude more than we normally would.
1363
1364         The fix is to seed the last GC lengths in Heap with a non-zero length so that our heuristic works.
1365
1366         * heap/Heap.cpp:
1367         (JSC::Heap::Heap):
1368
1369 2014-03-21  Filip Pizlo  <fpizlo@apple.com>
1370
1371         Constants folded by DFG::ByteCodeParser should not be dead.
1372         https://bugs.webkit.org/show_bug.cgi?id=130576
1373
1374         Reviewed by Mark Hahnenberg.
1375         
1376         This fixes bugs in the ByteCodeParser's constant folder by removing that constant folder. This
1377         reduces the number of folders in JSC from fourish to just threeish (parser, DFG AI, and one
1378         or more folders in LLVM). Doing so has no performance impact since the other constant folders
1379         already subsume this one.
1380         
1381         Also added a test case for the specific bug that instigated this.
1382
1383         * dfg/DFGByteCodeParser.cpp:
1384         (JSC::DFG::ByteCodeParser::getJSConstantForValue):
1385         (JSC::DFG::ByteCodeParser::getJSConstant):
1386         (JSC::DFG::ByteCodeParser::inferredConstant):
1387         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1388         (JSC::DFG::ByteCodeParser::parseBlock):
1389         * dfg/DFGNode.h:
1390         * dfg/DFGNodeFlags.h:
1391         * tests/stress/constand-folding-osr-exit.js: Added.
1392         (foo):
1393         (test):
1394         (.var):
1395
1396 2014-03-21  Mark Lam  <mark.lam@apple.com>
1397
1398         StackLayoutPhase should find the union'ed calleeVariable before accessing its machineLocal.
1399         <https://webkit.org/b/130566>
1400
1401         Reviewed by Filip Pizlo.
1402
1403         * dfg/DFGStackLayoutPhase.cpp:
1404         (JSC::DFG::StackLayoutPhase::run):
1405
1406 2014-03-20  Filip Pizlo  <fpizlo@apple.com>
1407
1408         FTL should correctly compile GetByVal on Uint32Array that claims to return non-int32 values
1409         https://bugs.webkit.org/show_bug.cgi?id=130562
1410         <rdar://problem/16382842>
1411
1412         Reviewed by Geoffrey Garen.
1413
1414         * ftl/FTLLowerDFGToLLVM.cpp:
1415         (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
1416         * tests/stress/uint32array-unsigned-load.js: Added.
1417         (foo):
1418
1419 2014-03-20  Brian Burg  <bburg@apple.com>
1420
1421         Web Inspector: add frontend controller and models for replay sessions
1422         https://bugs.webkit.org/show_bug.cgi?id=130145
1423
1424         Reviewed by Joseph Pecoraro.
1425
1426         * inspector/scripts/CodeGeneratorInspector.py: Add the conditional Replay domain.
1427
1428 2014-03-20  Filip Pizlo  <fpizlo@apple.com>
1429
1430         FTL ValueToInt32 mishandles the constant case, and by the way, there is a constant case that the FTL sees
1431         https://bugs.webkit.org/show_bug.cgi?id=130546
1432         <rdar://problem/16383308>
1433
1434         Reviewed by Mark Hahnenberg.
1435         
1436         Make AI do a better job of folding this.
1437         
1438         Also made the FTL backend be more tolerant of data representations. In this case it
1439         didn't know that "constant" was a valid representation. There is a finite set of
1440         possible representations, but broadly, we don't write code that presumes anything
1441         about the representation of an input; that's what methods like lowJSValue() are for.
1442         ValueToInt32 was previously not relying on those methods at all because it had some
1443         hacks. Now, those hacks are just a fast-path optimization but ultimately we fall down
1444         to lowJSValue().
1445
1446         * dfg/DFGAbstractInterpreterInlines.h:
1447         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1448         * ftl/FTLLowerDFGToLLVM.cpp:
1449         (JSC::FTL::LowerDFGToLLVM::compileValueToInt32):
1450         (JSC::FTL::LowerDFGToLLVM::numberOrNotCellToInt32):
1451         * tests/stress/value-to-int32-undefined-constant.js: Added.
1452         (foo):
1453         * tests/stress/value-to-int32-undefined.js: Added.
1454         (foo):
1455
1456 2014-03-20  Mark Hahnenberg  <mhahnenberg@apple.com>
1457
1458         Add some assertions back
1459         https://bugs.webkit.org/show_bug.cgi?id=130531
1460
1461         Reviewed by Geoffrey Garen.
1462
1463         We removed a useful set of assertions for verifying that MarkedBlocks were 
1464         in the state that we expected them to be in after clearing marks in the Heap. 
1465         We should add these back to catch bugs earlier.
1466
1467         * heap/MarkedBlock.h:
1468         * heap/MarkedSpace.cpp:
1469         (JSC::VerifyMarkedOrRetired::operator()):
1470         (JSC::MarkedSpace::clearMarks):
1471
1472 2014-03-20  Filip Pizlo  <fpizlo@apple.com>
1473
1474         Implement stackmap header version check and support new stackmap formats
1475         https://bugs.webkit.org/show_bug.cgi?id=130535
1476         <rdar://problem/16164284>
1477
1478         Reviewed by Geoffrey Garen.
1479         
1480         Add the notion of versioning so that LLVMers can happily implement new stackmap formats
1481         without worrying about WebKit getting version-locked to LLVM. In the future, we will have
1482         to implement parsing for a new LLVM stackmap format before it lands in LLVM, or we'll have
1483         to have a "max usable LLVM revision" limit. But, thanks to versioning, we'll always be
1484         happy to move backward in time to older versions of LLVM.
1485
1486         * ftl/FTLStackMaps.cpp:
1487         (JSC::FTL::readObject):
1488         (JSC::FTL::StackMaps::Constant::parse):
1489         (JSC::FTL::StackMaps::StackSize::parse):
1490         (JSC::FTL::StackMaps::Location::parse):
1491         (JSC::FTL::StackMaps::Record::parse):
1492         (JSC::FTL::StackMaps::parse):
1493         (JSC::FTL::StackMaps::dump):
1494         (JSC::FTL::StackMaps::dumpMultiline):
1495         * ftl/FTLStackMaps.h:
1496
1497 2014-03-20  Filip Pizlo  <fpizlo@apple.com>
1498
1499         Crash beneath operationTearOffActivation running this JS compression demo
1500         https://bugs.webkit.org/show_bug.cgi?id=130295
1501         <rdar://problem/16332337>
1502
1503         Reviewed by Oliver Hunt.
1504         
1505         Make sure that we flush things as if we were at a terminal, if we are at a block with
1506         no forward edges. This fixes infinitely loopy code with captured variables.
1507
1508         Make sure that the CFG simplifier adds explicit flushes whenever it jettisons a block.
1509         
1510         Make it so that NodeIsFlushed is a thing. Previously only SSA used it and it computed
1511         it by itself. Now it's an artifact of CPS rethreading.
1512         
1513         Add a bunch of tests. All of them previously either crashed or returned bad output due
1514         to memory corruption.
1515
1516         * bytecode/CodeBlock.cpp:
1517         (JSC::CodeBlock::isCaptured):
1518         * dfg/DFGByteCodeParser.cpp:
1519         (JSC::DFG::ByteCodeParser::flushForTerminal):
1520         (JSC::DFG::ByteCodeParser::flushForReturn):
1521         (JSC::DFG::ByteCodeParser::flushIfTerminal):
1522         (JSC::DFG::ByteCodeParser::branchData):
1523         (JSC::DFG::ByteCodeParser::parseBlock):
1524         * dfg/DFGCFGSimplificationPhase.cpp:
1525         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
1526         * dfg/DFGCPSRethreadingPhase.cpp:
1527         (JSC::DFG::CPSRethreadingPhase::run):
1528         (JSC::DFG::CPSRethreadingPhase::computeIsFlushed):
1529         (JSC::DFG::CPSRethreadingPhase::addFlushedLocalOp):
1530         (JSC::DFG::CPSRethreadingPhase::addFlushedLocalEdge):
1531         * dfg/DFGCSEPhase.cpp:
1532         (JSC::DFG::CSEPhase::performNodeCSE):
1533         * dfg/DFGGraph.cpp:
1534         (JSC::DFG::Graph::clearFlagsOnAllNodes):
1535         * dfg/DFGGraph.h:
1536         * dfg/DFGNode.h:
1537         * dfg/DFGNodeFlags.cpp:
1538         (JSC::DFG::dumpNodeFlags):
1539         * dfg/DFGNodeFlags.h:
1540         * dfg/DFGSSAConversionPhase.cpp:
1541         (JSC::DFG::SSAConversionPhase::run):
1542         * tests/stress/activation-test-loop.js: Added.
1543         (Inner.this.doStuff):
1544         (Inner):
1545         (foo.inner.isDone):
1546         (foo):
1547         * tests/stress/inferred-infinite-loop-that-uses-captured-variables.js: Added.
1548         (bar):
1549         (foo):
1550         (noInline):
1551         * tests/stress/infinite-loop-that-uses-captured-variables-before-throwing.js: Added.
1552         (bar):
1553         (foo):
1554         (noInline):
1555         * tests/stress/infinite-loop-that-uses-captured-variables-but-they-do-not-escape.js: Added.
1556         (bar):
1557         (foo):
1558         (noInline):
1559         * tests/stress/infinite-loop-that-uses-captured-variables-with-osr-entry.js: Added.
1560         (bar):
1561         (foo):
1562         (noInline):
1563         * tests/stress/infinite-loop-that-uses-captured-variables.js: Added.
1564         (bar):
1565         (foo):
1566         (noInline):
1567         * tests/stress/tricky-indirectly-inferred-infinite-loop-that-uses-captured-variables-and-creates-the-activation-outside-the-loop.js: Added.
1568         (bar):
1569         (fuzz):
1570         (foo.f):
1571         (foo):
1572         * tests/stress/tricky-inferred-infinite-loop-that-uses-captured-variables-and-creates-the-activation-outside-the-loop.js: Added.
1573         (bar):
1574         (foo.f):
1575         (foo):
1576         * tests/stress/tricky-infinite-loop-that-uses-captured-variables-and-creates-the-activation-outside-the-loop.js: Added.
1577         (bar):
1578         (foo.f):
1579         (foo):
1580         * tests/stress/tricky-infinite-loop-that-uses-captured-variables.js: Added.
1581         (bar):
1582         (foo):
1583         (noInline):
1584
1585 2014-03-20  Oliver Hunt  <oliver@apple.com>
1586
1587         Incorrect behavior when mutating a typed array during set.
1588         https://bugs.webkit.org/show_bug.cgi?id=130428
1589
1590         Reviewed by Geoffrey Garen.
1591
1592         This fixes a null derefence that occurs if a typed array
1593         is mutated during the set() operation. The patch gets rid
1594         of the "Quickly" version of setIndex that is assigning
1595         JSValues of unknown type, as the numeric conversion can trigger
1596         side effects that lead to neutering, and so we deref null.
1597
1598         * runtime/JSGenericTypedArrayView.h:
1599         (JSC::JSGenericTypedArrayView::setIndex):
1600         * runtime/JSGenericTypedArrayViewInlines.h:
1601         (JSC::JSGenericTypedArrayView<Adaptor>::set):
1602         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
1603
1604 2014-03-20  Gavin Barraclough  <barraclough@apple.com>
1605
1606         Remove IdentifierTable typedef, isIdentifier()
1607         https://bugs.webkit.org/show_bug.cgi?id=130533
1608
1609         Rubber stamped by Geoff Garen.
1610
1611         Code should use AtomicStringTable, isAtomic() directly.
1612
1613         * API/JSClassRef.cpp:
1614         (OpaqueJSClass::~OpaqueJSClass):
1615         (OpaqueJSClassContextData::OpaqueJSClassContextData):
1616         (OpaqueJSClass::className):
1617         * API/JSClassRef.h:
1618         * bytecode/SpeculatedType.cpp:
1619         (JSC::speculationFromCell):
1620         * bytecompiler/BytecodeGenerator.cpp:
1621         (JSC::BytecodeGenerator::BytecodeGenerator):
1622         * dfg/DFGSpeculativeJIT.cpp:
1623         (JSC::DFG::SpeculativeJIT::compileIn):
1624         (JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
1625         * ftl/FTLLowerDFGToLLVM.cpp:
1626         (JSC::FTL::LowerDFGToLLVM::speculateStringIdent):
1627         * heap/Heap.cpp:
1628         (JSC::Heap::collect):
1629         * interpreter/CallFrame.h:
1630         (JSC::ExecState::atomicStringTable):
1631         * parser/ASTBuilder.h:
1632         (JSC::ASTBuilder::addVar):
1633         * parser/Parser.cpp:
1634         (JSC::Parser<LexerType>::createBindingPattern):
1635         * runtime/Completion.cpp:
1636         (JSC::checkSyntax):
1637         (JSC::evaluate):
1638         * runtime/Identifier.cpp:
1639         (JSC::Identifier::checkCurrentAtomicStringTable):
1640         * runtime/Identifier.h:
1641         (JSC::Identifier::Identifier):
1642         * runtime/IdentifierInlines.h:
1643         (JSC::Identifier::add):
1644         * runtime/JSCJSValue.cpp:
1645         (JSC::JSValue::dumpInContext):
1646         * runtime/JSLock.cpp:
1647         (JSC::JSLock::didAcquireLock):
1648         (JSC::JSLock::willReleaseLock):
1649         (JSC::JSLock::DropAllLocks::DropAllLocks):
1650         (JSC::JSLock::DropAllLocks::~DropAllLocks):
1651         * runtime/JSLock.h:
1652         * runtime/PropertyMapHashTable.h:
1653         (JSC::PropertyTable::find):
1654         (JSC::PropertyTable::get):
1655         (JSC::PropertyTable::findWithString):
1656         * runtime/PropertyName.h:
1657         (JSC::PropertyName::PropertyName):
1658         * runtime/PropertyNameArray.cpp:
1659         (JSC::PropertyNameArray::add):
1660         * runtime/VM.cpp:
1661         (JSC::VM::VM):
1662         (JSC::VM::~VM):
1663         * runtime/VM.h:
1664         (JSC::VM::atomicStringTable):
1665
1666 2014-03-20  Gavin Barraclough  <barraclough@apple.com>
1667
1668         Merge AtomicString, Identifier
1669         https://bugs.webkit.org/show_bug.cgi?id=128624
1670
1671         Reviewed by Geoff Garen.
1672
1673         WTF::StringImpl currently supports two uniquing mechanism - AtomicString and
1674         Identifer - that is one too many.
1675
1676         Remove Identifier in favour of AtomicString. Identifier had two interesting
1677         mechanisms that we preserve.
1678
1679         (1) JSC API VMs each get their own string table, switch the string table on
1680             API entry/exit.
1681         (2) JSC caches a pointer to the string table on the VM to avoid a thread
1682             specific access. Adds a new AtomicString::add method to support this.
1683
1684         * API/JSAPIWrapperObject.mm:
1685             - updated includes.
1686         * JavaScriptCore.xcodeproj/project.pbxproj:
1687             - added IdentifierInlines.h.
1688         * inspector/JSInjectedScriptHostPrototype.cpp:
1689         * inspector/JSJavaScriptCallFramePrototype.cpp:
1690             - updated includes.
1691         * interpreter/CallFrame.h:
1692         (JSC::ExecState::atomicStringTable):
1693             - added, used via AtomicString::add to avoid thread-specific access.
1694         * runtime/ConsolePrototype.cpp:
1695             - updated includes.
1696         * runtime/Identifier.cpp:
1697         (JSC::Identifier::add):
1698         (JSC::Identifier::add8):
1699             - vm->smallStrings.singleCharacterStringRep now returns Atomic strings, use AtomicString::add.
1700         * runtime/Identifier.h:
1701         (JSC::Identifier::Identifier):
1702             - added ASSERTS.
1703         (JSC::Identifier::add):
1704             - vm->smallStrings.singleCharacterStringRep now returns Atomic strings, use AtomicString::add.
1705         * runtime/IdentifierInlines.h: Added.
1706         (JSC::Identifier::add):
1707             - moved from Identifier.h, use AtomicString::add.
1708         * runtime/JSCInlines.h:
1709             - added IdentifierInlines.h.
1710         * runtime/JSLock.h:
1711             - removed IdentifierTable.
1712         * runtime/PropertyNameArray.cpp:
1713             - updated includes.
1714         * runtime/SmallStrings.cpp:
1715         (JSC::SmallStringsStorage::SmallStringsStorage):
1716             - ensure all single character strings are Atomic.
1717         * runtime/VM.cpp:
1718         (JSC::VM::VM):
1719             - instantiate CommonIdentifiers with the correct AtomicStringTable set on thread data.
1720         * runtime/VM.h:
1721         (JSC::VM::atomicStringTable):
1722             - added, used via AtomicString::add to avoid thread-specific access.
1723
1724 2014-03-20  Gabor Rapcsanyi  <rgabor@webkit.org>
1725
1726         [ARM64] Fix assembler build issues and add cacheFlush support for Linux
1727         https://bugs.webkit.org/show_bug.cgi?id=130502
1728
1729         Reviewed by Michael Saboff.
1730
1731         Add limits.h for INT_MIN in ARM64Assembler(). Delete shouldBlindForSpecificArch(uintptr_t)
1732         because on ARM64 uint64_t and uintptr_t is the same with GCC and Clang as well.
1733         Add cacheFlush support for Linux.
1734
1735         * assembler/ARM64Assembler.h:
1736         (JSC::ARM64Assembler::linuxPageFlush):
1737         (JSC::ARM64Assembler::cacheFlush):
1738         * assembler/MacroAssemblerARM64.h:
1739         (JSC::MacroAssemblerARM64::shouldBlindForSpecificArch):
1740
1741 2014-03-19  Gavin Barraclough  <barraclough@apple.com>
1742
1743         https://bugs.webkit.org/show_bug.cgi?id=130494
1744         EmptyUnique strings are Identifiers/Atomic
1745
1746         Reviewed by Geoff Garen.
1747
1748         EmptyUnique strings should set the Identifier/Atomic flag.
1749
1750         This fixes an unreproducible bug we believe exists in Identifier handling.
1751         Expected behaviour is that while Identifiers may reference EmptyUniques
1752         (StringImpls allocated as UIDs for PrivateNames), these are not created
1753         through the main Identifier constructor, the Identifier flag is not set
1754         on PrivateNames, and we should never lookup EmptyUnique strings in the
1755         IdentifierTable.
1756
1757         Unfortunately that was happening. Some tables used to implement property
1758         access in the JIT hold StringImpl*s, and turn these back into Identifiers
1759         using the identfiier constructor. Since the code generator will now plant
1760         by-id (cachable) accesses to PrivateNames we can end up passing an
1761         EmptyUnique to Identifier::add, potentially leading to PrivateNames being
1762         uniqued together (though hard to prove, since the hash codes are random).
1763
1764         * runtime/PropertyName.h:
1765         (JSC::PropertyName::PropertyName):
1766         (JSC::PropertyName::uid):
1767         (JSC::PropertyName::publicName):
1768         (JSC::PropertyName::asIndex):
1769             - PropertyName assumed that PrivateNames are not Identifiers - instead check isEmptyUnique().
1770         * runtime/Structure.cpp:
1771         (JSC::Structure::getPropertyNamesFromStructure):
1772             - Structure assumed that PrivateNames are not Identifiers - instead check isEmptyUnique().
1773
1774 2014-03-19  Filip Pizlo  <fpizlo@apple.com>
1775
1776         Unreviewed, revert the DFGCommon.h change in r165938. It was not intentional.
1777
1778         * dfg/DFGCommon.h:
1779
1780 2014-03-19  Mark Hahnenberg  <mhahnenberg@apple.com>
1781
1782         GC timer should intelligently choose between EdenCollections and FullCollections
1783         https://bugs.webkit.org/show_bug.cgi?id=128261
1784
1785         Reviewed by Geoffrey Garen.
1786
1787         Most of the GCs while browsing the web are due to the GC timer. Currently the GC timer 
1788         always does FullCollections. To reduce the impact of the GC timer on the system this patch
1789         changes Heap so that it has two timers, one for each type of collection. The FullCollection
1790         timer is notified at the end of EdenCollections how much the Heap has grown since the last 
1791         FullCollection and when somebody notifies the Heap of abandoned memory (which usually wouldn't 
1792         be detected by an EdenCollection).
1793
1794         * CMakeLists.txt:
1795         * GNUmakefile.list.am:
1796         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1797         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1798         * JavaScriptCore.xcodeproj/project.pbxproj:
1799         * heap/EdenGCActivityCallback.cpp: Added.
1800         (JSC::EdenGCActivityCallback::EdenGCActivityCallback):
1801         (JSC::EdenGCActivityCallback::doCollection):
1802         (JSC::EdenGCActivityCallback::lastGCLength):
1803         (JSC::EdenGCActivityCallback::deathRate):
1804         (JSC::EdenGCActivityCallback::gcTimeSlice):
1805         * heap/EdenGCActivityCallback.h: Added.
1806         (JSC::GCActivityCallback::createEdenTimer):
1807         * heap/FullGCActivityCallback.cpp: Added.
1808         (JSC::FullGCActivityCallback::FullGCActivityCallback):
1809         (JSC::FullGCActivityCallback::doCollection):
1810         (JSC::FullGCActivityCallback::lastGCLength):
1811         (JSC::FullGCActivityCallback::deathRate):
1812         (JSC::FullGCActivityCallback::gcTimeSlice):
1813         * heap/FullGCActivityCallback.h: Added.
1814         (JSC::GCActivityCallback::createFullTimer):
1815         * heap/GCActivityCallback.cpp:
1816         (JSC::GCActivityCallback::GCActivityCallback):
1817         (JSC::GCActivityCallback::doWork):
1818         (JSC::GCActivityCallback::scheduleTimer):
1819         (JSC::GCActivityCallback::cancelTimer):
1820         (JSC::GCActivityCallback::didAllocate):
1821         (JSC::GCActivityCallback::willCollect):
1822         (JSC::GCActivityCallback::cancel):
1823         * heap/GCActivityCallback.h:
1824         * heap/Heap.cpp:
1825         (JSC::Heap::Heap):
1826         (JSC::Heap::reportAbandonedObjectGraph):
1827         (JSC::Heap::didAbandon):
1828         (JSC::Heap::collectAllGarbage):
1829         (JSC::Heap::collect):
1830         (JSC::Heap::willStartCollection):
1831         (JSC::Heap::updateAllocationLimits):
1832         (JSC::Heap::didFinishCollection):
1833         (JSC::Heap::setFullActivityCallback):
1834         (JSC::Heap::setEdenActivityCallback):
1835         (JSC::Heap::fullActivityCallback):
1836         (JSC::Heap::edenActivityCallback):
1837         (JSC::Heap::setGarbageCollectionTimerEnabled):
1838         (JSC::Heap::didAllocate):
1839         (JSC::Heap::shouldDoFullCollection):
1840         * heap/Heap.h:
1841         (JSC::Heap::lastFullGCLength):
1842         (JSC::Heap::lastEdenGCLength):
1843         (JSC::Heap::increaseLastFullGCLength):
1844         (JSC::Heap::sizeBeforeLastEdenCollection):
1845         (JSC::Heap::sizeAfterLastEdenCollection):
1846         (JSC::Heap::sizeBeforeLastFullCollection):
1847         (JSC::Heap::sizeAfterLastFullCollection):
1848         * heap/HeapOperation.h:
1849         * heap/HeapStatistics.cpp:
1850         (JSC::HeapStatistics::showObjectStatistics):
1851         * heap/HeapTimer.cpp:
1852         (JSC::HeapTimer::timerDidFire):
1853         * jsc.cpp:
1854         (functionFullGC):
1855         (functionEdenGC):
1856         * runtime/Options.h:
1857
1858 2014-03-19  Commit Queue  <commit-queue@webkit.org>
1859
1860         Unreviewed, rolling out r165926.
1861         https://bugs.webkit.org/show_bug.cgi?id=130488
1862
1863         broke the iOS build (Requested by estes on #webkit).
1864
1865         Reverted changeset:
1866
1867         "GC timer should intelligently choose between EdenCollections
1868         and FullCollections"
1869         https://bugs.webkit.org/show_bug.cgi?id=128261
1870         http://trac.webkit.org/changeset/165926
1871
1872 2014-03-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1873
1874         GC timer should intelligently choose between EdenCollections and FullCollections
1875         https://bugs.webkit.org/show_bug.cgi?id=128261
1876
1877         Reviewed by Geoffrey Garen.
1878
1879         Most of the GCs while browsing the web are due to the GC timer. Currently the GC timer 
1880         always does FullCollections. To reduce the impact of the GC timer on the system this patch
1881         changes Heap so that it has two timers, one for each type of collection. The FullCollection
1882         timer is notified at the end of EdenCollections how much the Heap has grown since the last 
1883         FullCollection and when somebody notifies the Heap of abandoned memory (which wouldn't be 
1884         detected by an EdenCollection).
1885
1886         * heap/GCActivityCallback.cpp:
1887         (JSC::GCActivityCallback::GCActivityCallback):
1888         (JSC::GCActivityCallback::doWork):
1889         (JSC::FullGCActivityCallback::FullGCActivityCallback):
1890         (JSC::FullGCActivityCallback::doCollection):
1891         (JSC::EdenGCActivityCallback::EdenGCActivityCallback):
1892         (JSC::EdenGCActivityCallback::doCollection):
1893         (JSC::GCActivityCallback::scheduleTimer):
1894         (JSC::GCActivityCallback::cancelTimer):
1895         (JSC::GCActivityCallback::didAllocate):
1896         (JSC::GCActivityCallback::willCollect):
1897         (JSC::GCActivityCallback::cancel):
1898         * heap/GCActivityCallback.h:
1899         (JSC::GCActivityCallback::GCActivityCallback):
1900         (JSC::GCActivityCallback::createFullTimer):
1901         (JSC::GCActivityCallback::createEdenTimer):
1902         * heap/Heap.cpp:
1903         (JSC::Heap::Heap):
1904         (JSC::Heap::didAbandon):
1905         (JSC::Heap::willStartCollection):
1906         (JSC::Heap::updateAllocationLimits):
1907         (JSC::Heap::setFullActivityCallback):
1908         (JSC::Heap::setEdenActivityCallback):
1909         (JSC::Heap::fullActivityCallback):
1910         (JSC::Heap::edenActivityCallback):
1911         (JSC::Heap::setGarbageCollectionTimerEnabled):
1912         (JSC::Heap::didAllocate):
1913         * heap/Heap.h:
1914         * heap/HeapTimer.cpp:
1915         (JSC::HeapTimer::timerDidFire):
1916
1917 2014-03-19  Filip Pizlo  <fpizlo@apple.com>
1918
1919         REGRESSION(r165459): It broke 109 jsc stress test on ARM Thumb2 and Mac 32 bit
1920         https://bugs.webkit.org/show_bug.cgi?id=130134
1921
1922         Reviewed by Mark Hahnenberg.
1923
1924         * dfg/DFGFixupPhase.cpp:
1925         (JSC::DFG::FixupPhase::fixupNode): Can't do some optimizations if you don't have a lot of registers.
1926         * dfg/DFGSpeculativeJIT32_64.cpp:
1927         (JSC::DFG::SpeculativeJIT::cachedGetById): Move stuff around before going into the IC code to ensure that we give the IC code the invariants it needs. This only happens in case of GetByIdFlush, where we are forced into using weird combinations of registers because the results have to be in t0/t1.
1928         (JSC::DFG::SpeculativeJIT::compile): For a normal GetById, the register allocator should just do the right thing so nobody has to move anything around.
1929         * jit/JITInlineCacheGenerator.cpp:
1930         (JSC::JITGetByIdGenerator::JITGetByIdGenerator): Assert the things we want.
1931         * jit/JITInlineCacheGenerator.h:
1932         * jit/Repatch.cpp:
1933         (JSC::generateGetByIdStub): Remove a previous incomplete hack to try to work around the DFG's problem.
1934
1935 2014-03-19  Mark Hahnenberg  <mhahnenberg@apple.com>
1936
1937         Normalize some of the older JSC options
1938         https://bugs.webkit.org/show_bug.cgi?id=128753
1939
1940         Reviewed by Michael Saboff.
1941
1942         * runtime/Options.cpp:
1943         (JSC::Options::initialize):
1944
1945 2014-03-12  Mark Lam  <mark.lam@apple.com>
1946
1947         Update type of local vars to match the type of String length.
1948         <https://webkit.org/b/130077>
1949
1950         Reviewed by Geoffrey Garen.
1951
1952         * runtime/JSStringJoiner.cpp:
1953         (JSC::JSStringJoiner::join):
1954
1955 2014-03-18  Filip Pizlo  <fpizlo@apple.com>
1956
1957         Get rid of Flush in SSA
1958         https://bugs.webkit.org/show_bug.cgi?id=130440
1959
1960         Reviewed by Sam Weinig.
1961         
1962         This is basically a red patch. We used to use backwards flow for determining what was
1963         flushed, until it became clear that this doesn't make sense. Now the Flush nodes don't
1964         accomplish anything. Keeping them around in SSA can only make things hard.
1965
1966         * CMakeLists.txt:
1967         * GNUmakefile.list.am:
1968         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1969         * JavaScriptCore.xcodeproj/project.pbxproj:
1970         * dfg/DFGBasicBlock.cpp:
1971         (JSC::DFG::BasicBlock::SSAData::SSAData):
1972         * dfg/DFGBasicBlock.h:
1973         * dfg/DFGFlushLivenessAnalysisPhase.cpp: Removed.
1974         * dfg/DFGFlushLivenessAnalysisPhase.h: Removed.
1975         * dfg/DFGGraph.cpp:
1976         (JSC::DFG::Graph::dump):
1977         * dfg/DFGPlan.cpp:
1978         (JSC::DFG::Plan::compileInThreadImpl):
1979         * dfg/DFGSSAConversionPhase.cpp:
1980         (JSC::DFG::SSAConversionPhase::run):
1981         * ftl/FTLLowerDFGToLLVM.cpp:
1982         (JSC::FTL::LowerDFGToLLVM::compileNode):
1983
1984 2014-03-18  Filip Pizlo  <fpizlo@apple.com>
1985
1986         Unreviewed, fix iOS production build.
1987
1988         * JavaScriptCore.xcodeproj/project.pbxproj:
1989
1990 2014-03-18  Michael Saboff  <msaboff@apple.com>
1991
1992         Update RegExp Tracing code
1993         https://bugs.webkit.org/show_bug.cgi?id=130381
1994
1995         Reviewed by Andreas Kling.
1996
1997         Updated the regular expression tracing code for 8/16 bit JIT as
1998         well as match only entry points.  Also added average string length
1999         metric.
2000
2001         * runtime/RegExp.cpp:
2002         (JSC::RegExp::RegExp):
2003         (JSC::RegExp::match):
2004         (JSC::RegExp::printTraceData):
2005         * runtime/RegExp.h:
2006         * runtime/VM.cpp:
2007         (JSC::VM::addRegExpToTrace):
2008         (JSC::VM::dumpRegExpTrace):
2009         * runtime/VM.h:
2010         * yarr/YarrJIT.h:
2011         (JSC::Yarr::YarrCodeBlock::get8BitMatchOnlyAddr):
2012         (JSC::Yarr::YarrCodeBlock::get16BitMatchOnlyAddr):
2013         (JSC::Yarr::YarrCodeBlock::get8BitMatchAddr):
2014         (JSC::Yarr::YarrCodeBlock::get16BitMatchAddr):
2015
2016 2014-03-17  Filip Pizlo  <fpizlo@apple.com>
2017
2018         Add CompareStrictEq(StringIdent:, NotStringVar:) and CompareStrictEq(String:, Untyped:)
2019         https://bugs.webkit.org/show_bug.cgi?id=130300
2020
2021         Reviewed by Mark Hahnenberg.
2022         
2023         We can quickly strictly compare StringIdent's to NotStringVar's and String's to Untyped's.
2024         This makes the DFG aware of this.
2025         
2026         Also adds StringIdent-to-StringIdent and StringIdent-to-NotStringVar strict comparisons to
2027         the FTL. Also adds StringIdent-to-StringIdent non-strict comparisons to the FTL.
2028         
2029         This also gives the DFG some abstractions for checking something is a cell or is other.
2030         This made this patch easier to write and also simplified a bunch of other stuff.
2031         
2032         1% speed-up on Octane.
2033
2034         * assembler/AbstractMacroAssembler.h:
2035         (JSC::AbstractMacroAssembler::JumpList::JumpList):
2036         * bytecode/SpeculatedType.h:
2037         (JSC::isNotStringVarSpeculation):
2038         * dfg/DFGFixupPhase.cpp:
2039         (JSC::DFG::FixupPhase::fixupNode):
2040         * dfg/DFGNode.h:
2041         (JSC::DFG::Node::childFor):
2042         (JSC::DFG::Node::shouldSpeculateNotStringVar):
2043         * dfg/DFGSafeToExecute.h:
2044         (JSC::DFG::SafeToExecuteEdge::operator()):
2045         * dfg/DFGSpeculativeJIT.cpp:
2046         (JSC::DFG::SpeculativeJIT::compileIn):
2047         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2048         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
2049         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
2050         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2051         (JSC::DFG::SpeculativeJIT::compileBooleanCompare):
2052         (JSC::DFG::SpeculativeJIT::compileStringEquality):
2053         (JSC::DFG::SpeculativeJIT::compileStringToUntypedEquality):
2054         (JSC::DFG::SpeculativeJIT::compileStringIdentEquality):
2055         (JSC::DFG::SpeculativeJIT::compileStringIdentToNotStringVarEquality):
2056         (JSC::DFG::SpeculativeJIT::compileStringZeroLength):
2057         (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
2058         (JSC::DFG::SpeculativeJIT::speculateString):
2059         (JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
2060         (JSC::DFG::SpeculativeJIT::speculateNotStringVar):
2061         (JSC::DFG::SpeculativeJIT::speculateNotCell):
2062         (JSC::DFG::SpeculativeJIT::speculateOther):
2063         (JSC::DFG::SpeculativeJIT::speculate):
2064         (JSC::DFG::SpeculativeJIT::emitSwitchChar):
2065         (JSC::DFG::SpeculativeJIT::emitSwitchString):
2066         * dfg/DFGSpeculativeJIT.h:
2067         (JSC::DFG::SpeculativeJIT::blessedBooleanResult):
2068         (JSC::DFG::SpeculativeJIT::unblessedBooleanResult):
2069         (JSC::DFG::SpeculativeJIT::booleanResult):
2070         * dfg/DFGSpeculativeJIT32_64.cpp:
2071         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2072         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2073         (JSC::DFG::SpeculativeJIT::emitCall):
2074         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2075         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2076         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2077         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2078         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2079         (JSC::DFG::SpeculativeJIT::compile):
2080         (JSC::DFG::branchIsCell):
2081         (JSC::DFG::branchNotCell):
2082         (JSC::DFG::SpeculativeJIT::branchIsOther):
2083         (JSC::DFG::SpeculativeJIT::branchNotOther):
2084         (JSC::DFG::SpeculativeJIT::moveTrueTo):
2085         (JSC::DFG::SpeculativeJIT::moveFalseTo):
2086         (JSC::DFG::SpeculativeJIT::blessBoolean):
2087         * dfg/DFGSpeculativeJIT64.cpp:
2088         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2089         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2090         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2091         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2092         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2093         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
2094         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
2095         (JSC::DFG::SpeculativeJIT::compile):
2096         (JSC::DFG::SpeculativeJIT::writeBarrier):
2097         (JSC::DFG::SpeculativeJIT::branchIsCell):
2098         (JSC::DFG::SpeculativeJIT::branchNotCell):
2099         (JSC::DFG::SpeculativeJIT::branchIsOther):
2100         (JSC::DFG::SpeculativeJIT::branchNotOther):
2101         (JSC::DFG::SpeculativeJIT::moveTrueTo):
2102         (JSC::DFG::SpeculativeJIT::moveFalseTo):
2103         (JSC::DFG::SpeculativeJIT::blessBoolean):
2104         * dfg/DFGUseKind.cpp:
2105         (WTF::printInternal):
2106         * dfg/DFGUseKind.h:
2107         (JSC::DFG::typeFilterFor):
2108         * ftl/FTLCapabilities.cpp:
2109         (JSC::FTL::canCompile):
2110         * ftl/FTLLowerDFGToLLVM.cpp:
2111         (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
2112         (JSC::FTL::LowerDFGToLLVM::lowString):
2113         (JSC::FTL::LowerDFGToLLVM::lowStringIdent):
2114         (JSC::FTL::LowerDFGToLLVM::speculate):
2115         (JSC::FTL::LowerDFGToLLVM::speculateString):
2116         (JSC::FTL::LowerDFGToLLVM::speculateStringIdent):
2117         (JSC::FTL::LowerDFGToLLVM::speculateNotStringVar):
2118         * runtime/JSCJSValue.h:
2119         * tests/stress/string-ident-to-not-string-var-equality.js: Added.
2120         (foo):
2121         (bar):
2122         (test):
2123
2124 2014-03-18  Joseph Pecoraro  <pecoraro@apple.com>
2125
2126         Add Copyright to framework.sb
2127         https://bugs.webkit.org/show_bug.cgi?id=130413
2128
2129         Reviewed by Timothy Hatcher.
2130
2131         Other sb files got the copyright. Follow suit.
2132
2133         * framework.sb:
2134
2135 2014-03-18  Matthew Mirman  <mmirman@apple.com>
2136
2137         Removed extra parens from if statement in a preprocessor define.
2138         https://bugs.webkit.org/show_bug.cgi?id=130408
2139
2140         Reviewed by Filip Pizlo.
2141
2142         * parser/Parser.cpp:
2143
2144 2014-03-18  Filip Pizlo  <fpizlo@apple.com>
2145
2146         More FTL enabling.
2147
2148         Rubber stamped by Dan Bernstein and Mark Hahnenberg.
2149
2150         * Configurations/FeatureDefines.xcconfig:
2151         * ftl/FTLCompile.cpp:
2152         (JSC::FTL::compile):
2153
2154 2014-03-17  Michael Saboff  <msaboff@apple.com>
2155
2156         V8 regexp spends most of its time in operationGetById
2157         https://bugs.webkit.org/show_bug.cgi?id=130380
2158
2159         Reviewed by Filip Pizlo.
2160
2161         Added String.length case to tryCacheGetByID that will only help the BaseLine JIT.
2162         When V8 regexp is run from the command line, this nets a 2% performance improvement.
2163         When the test is run for a longer amount of time, there is much less benefit as the
2164         DFG will emit the appropriate code for String.length.  This does remove
2165         operationGetById as the hottest function whne run from the command line.
2166
2167         * jit/Repatch.cpp:
2168         (JSC::tryCacheGetByID):
2169
2170 2014-03-17  Andreas Kling  <akling@apple.com>
2171
2172         Add one-deep cache to opaque roots hashset.
2173         <https://webkit.org/b/130357>
2174
2175         The vast majority of WebCore JS wrappers will have their Document*
2176         as the root(). This change adds a simple optimization where we cache
2177         the last lookup and avoid going to the hashset for repeated queries.
2178
2179         Looks like 0.4% progression on DYEB on my MBP.
2180
2181         Reviewed by Mark Hahnenberg.
2182
2183         * JavaScriptCore.xcodeproj/project.pbxproj:
2184         * heap/OpaqueRootSet.h: Added.
2185         (JSC::OpaqueRootSet::OpaqueRootSet):
2186         (JSC::OpaqueRootSet::contains):
2187         (JSC::OpaqueRootSet::isEmpty):
2188         (JSC::OpaqueRootSet::clear):
2189         (JSC::OpaqueRootSet::add):
2190         (JSC::OpaqueRootSet::size):
2191         (JSC::OpaqueRootSet::begin):
2192         (JSC::OpaqueRootSet::end):
2193         * heap/SlotVisitor.h:
2194
2195 2014-03-17  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>
2196
2197         Implement Math.hypot
2198         https://bugs.webkit.org/show_bug.cgi?id=129486
2199
2200         Reviewed by Darin Adler.
2201
2202         * runtime/MathObject.cpp:
2203         (JSC::MathObject::finishCreation):
2204         (JSC::mathProtoFuncHypot):
2205
2206 2014-03-17  Zsolt Borbely  <borbezs@inf.u-szeged.hu>
2207
2208         Fix the !ENABLE(PROMISES) build
2209         https://bugs.webkit.org/show_bug.cgi?id=130328
2210
2211         Reviewed by Darin Adler.
2212
2213         Add missing ENABLE(PROMISES) guards.
2214
2215         * runtime/JSGlobalObject.cpp:
2216         (JSC::JSGlobalObject::reset):
2217         (JSC::JSGlobalObject::visitChildren):
2218         * runtime/JSGlobalObject.h:
2219         * runtime/JSPromiseDeferred.cpp:
2220         * runtime/JSPromiseDeferred.h:
2221         * runtime/JSPromiseReaction.cpp:
2222         * runtime/JSPromiseReaction.h:
2223         * runtime/VM.cpp:
2224         (JSC::VM::VM):
2225         * runtime/VM.h:
2226
2227 2014-03-16  Andreas Kling  <akling@apple.com>
2228
2229         REGRESSION(r165703): JSC tests crashing in StringImpl::destroy().
2230         <https://webkit.org/b/130304>
2231
2232         Reviewed by Anders Carlsson.
2233
2234         Unreviewed, restoring the old behavior of OpaqueJSString::identifier()
2235         that doesn't put a potentially unwanted string into the Identifier table.
2236
2237         * API/OpaqueJSString.cpp:
2238         (OpaqueJSString::identifier):
2239
2240 2014-03-16  Brian Burg  <bburg@apple.com>
2241
2242         Web Inspector: generated backend commands should reflect build system ENABLE settings
2243         https://bugs.webkit.org/show_bug.cgi?id=130111
2244
2245         Reviewed by Timothy Hatcher.
2246
2247         * CMakeLists.txt:
2248
2249         Combine only the Inspector domains listed in INSPECTOR_DOMAINS,
2250         instead of globbing any .json file.
2251
2252         * DerivedSources.make:
2253
2254         Force the combined inspector protocol file to be regenerated if
2255         the content or list of domains itself changes.
2256
2257 2014-03-16  Brian Burg  <bburg@apple.com>
2258
2259         Web Inspector: vended backend commands file should be generated as part of the build
2260         https://bugs.webkit.org/show_bug.cgi?id=130110
2261
2262         Reviewed by Timothy Hatcher.
2263
2264         * JavaScriptCore.xcodeproj/project.pbxproj: Copy InspectorJSBackendCommands.js to the
2265         private headers directory.
2266
2267 2014-03-16  Darin Adler  <darin@apple.com>
2268
2269         Remove all uses of deprecatedCharacters from JavaScriptCore
2270         https://bugs.webkit.org/show_bug.cgi?id=130304
2271
2272         Reviewed by Anders Carlsson.
2273
2274         * API/JSValueRef.cpp:
2275         (JSValueMakeFromJSONString): Use characters16 in the 16-bit code path.
2276         * API/OpaqueJSString.cpp:
2277         (OpaqueJSString::~OpaqueJSString): Use characters 16 in the 16-bit code path.
2278         (OpaqueJSString::identifier): Get rid of custom Identifier constructor, and
2279         juse use the standard one that takes a String.
2280         (OpaqueJSString::characters): Use getCharactersWithUpconvert instead of a
2281         hand-written alternative.
2282
2283         * bindings/ScriptValue.cpp:
2284         (Deprecated::jsToInspectorValue): Create InspectorString from String directly
2285         instead of involving a character pointer. Use the String from Identifier
2286         directly instead of making a new String.
2287
2288         * inspector/ContentSearchUtilities.cpp:
2289         (Inspector::ContentSearchUtilities::createSearchRegexSource): Use StringBuilder
2290         instead of building a String a character at a time. This is still a very slow
2291         way to do this. Also use strchr to search for a character instead of building
2292         a String every time just to use find on it.
2293
2294         * inspector/InspectorValues.cpp:
2295         (Inspector::doubleQuoteString): Remove unnecessary trip through a
2296         character pointer. This is still a really slow way to do this.
2297         (Inspector::InspectorValue::parseJSON): Use StringView::upconvertedCharacters
2298         instead of String::deprecatedCharacters. Still slow to always upconvert.
2299
2300         * runtime/DateConstructor.cpp: Removed unneeded include.
2301         * runtime/DatePrototype.cpp: Ditto.
2302
2303         * runtime/Identifier.h: Removed deprecatedCharacters function.
2304
2305         * runtime/JSGlobalObjectFunctions.cpp:
2306         (JSC::encode): Added a type cast to avoid ambiguity with the two character-
2307         appending functions from JSStringBuilder. Removed unneeded code duplicating
2308         what JSStringBuilder already does in its character append function.
2309         (JSC::decode): Deleted code that creates a JSStringBuilder that is never used.
2310         (JSC::parseIntOverflow): Changed lengths to unsigned. Made only the overload that
2311         is used outside this file have external linkage. Added a new overload that takes
2312         a StringView.
2313         (JSC::parseInt): Use StringView::substring to call parseIntOverflow.
2314         (JSC::globalFuncEscape): Use JSBuilder::append in a more efficient way for a
2315         single character.
2316
2317         * runtime/JSGlobalObjectFunctions.h: Removed unused overloads of parseIntOverflow.
2318
2319         * runtime/JSStringBuilder.h: Marked this "lightly deprecated".
2320         (JSC::JSStringBuilder::append): Overloaded for better speed with 8-bit characters.
2321         Made one overload private. Fixed a performance bug where we would reserve capacity
2322         in the 8-bit buffer but then append to the 16-bit buffer.
2323
2324         * runtime/ObjectPrototype.cpp: Removed unneeded include.
2325
2326         * runtime/StringPrototype.cpp:
2327         (JSC::stringProtoFuncFontsize): Use StringView::getCharactersWithUpconvert.
2328         (JSC::stringProtoFuncLink): Ditto.
2329
2330 2014-03-15  Filip Pizlo  <fpizlo@apple.com>
2331
2332         FTL ArrayifyToStructure shouldn't fail every time that it actually arrayifies
2333         https://bugs.webkit.org/show_bug.cgi?id=130296
2334
2335         Reviewed by Andreas Kling.
2336         
2337         During the 32-bit structure ID work, the second load of the structure was removed.
2338         That's wrong. The whole point of loading the structure ID again is that the structure
2339         ID would have been changed by the arrayification call, and we're verifying that the
2340         arrayification succeeded in changing the structure. If we check the old structure - as
2341         the code was doing after the 32-bit structure ID work - then this check is guaranteed
2342         to fail, causing a significant performance regression.
2343         
2344         It's actually amazing that the regression wasn't bigger. The reason is that if FTL
2345         code pathologically exits but the equivalent DFG code doesn't, then the exponential
2346         backoff almost perfectly guarantees that we just end up in the DFG. For this code, at
2347         the time at least, the DFG wasn't much slower so this didn't cause too much pain.
2348
2349         * ftl/FTLLowerDFGToLLVM.cpp:
2350         (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
2351
2352 2014-03-15  Filip Pizlo  <fpizlo@apple.com>
2353
2354         FTL should support CheckHasInstance/InstanceOf
2355         https://bugs.webkit.org/show_bug.cgi?id=130285
2356
2357         Reviewed by Sam Weinig.
2358         
2359         Fairly straightforward; I also discovered an inaccurate FIXME in the process.
2360
2361         * dfg/DFGFixupPhase.cpp:
2362         (JSC::DFG::FixupPhase::fixupNode):
2363         * ftl/FTLAbstractHeapRepository.h:
2364         * ftl/FTLCapabilities.cpp:
2365         (JSC::FTL::canCompile):
2366         * ftl/FTLLowerDFGToLLVM.cpp:
2367         (JSC::FTL::LowerDFGToLLVM::compileNode):
2368         (JSC::FTL::LowerDFGToLLVM::compileCheckHasInstance):
2369         (JSC::FTL::LowerDFGToLLVM::compileInstanceOf):
2370         * ftl/FTLOutput.h:
2371         (JSC::FTL::Output::phi):
2372         * tests/stress/instanceof.js: Added.
2373         * tests/stress/instanceof-not-cell.js: Added.
2374
2375 2014-03-15  Michael Saboff  <msaboff@apple.com>
2376
2377         It should be possible to adjust DFG and FTL compiler thread priorities
2378         https://bugs.webkit.org/show_bug.cgi?id=130288
2379
2380         Reviewed by Filip Pizlo.
2381
2382         Added ability to change thread priorities relative to its current priority.
2383         Created options to adjust the priority of the DFG and FTL compilation work thread
2384         pools.  For two core systems, there might be three runnable threads, the main thread,
2385         the DFG compilation thread and the FTL compilation thread.  With the same priority,
2386         the scheduler is free to schedule whatever thread it wants.  By lowering the
2387         compilation threads, the main thread can run.  Further tests may suggest better values
2388         for the new options, priorityDeltaOfDFGCompilerThreads and priorityDeltaOfFTLCompilerThreads.
2389
2390         For a two-core device, this change has a net positive improvement of 1-3% across
2391         SunSpider, Octane, Kraken and AsmBench.
2392
2393         * dfg/DFGWorklist.cpp:
2394         (JSC::DFG::Worklist::finishCreation):
2395         (JSC::DFG::Worklist::create):
2396         (JSC::DFG::ensureGlobalDFGWorklist):
2397         (JSC::DFG::ensureGlobalFTLWorklist):
2398         * dfg/DFGWorklist.h:
2399         * runtime/Options.cpp:
2400         (JSC::computePriorityDeltaOfWorkerThreads):
2401         * runtime/Options.h:
2402
2403 2014-03-15  David Kilzer  <ddkilzer@apple.com>
2404
2405         [iOS] Define SYSTEM_VERSION_PREFIX consistently
2406         <http://webkit.org/b/130293>
2407         <rdar://problem/15926359>
2408
2409         Reviewed by Dan Bernstein.
2410
2411         * Configurations/Version.xcconfig:
2412         (SYSTEM_VERSION_PREFIX_iphoneos): Sync with
2413         Source/WebKit/mac/Version.xcconfig.
2414
2415 2014-03-15  David Kilzer  <ddkilzer@apple.com>
2416
2417         Fix build: using integer absolute value function 'abs' when argument is of floating point type
2418         <http://webkit.org/b/130286>
2419
2420         Reviewed by Filip Pizlo.
2421
2422         Fixes the following build failure using trunk clang:
2423
2424             JavaScriptCore/assembler/MacroAssembler.h:992:17: error: using integer absolute value function 'abs' when argument is of floating point type [-Werror,-Wabsolute-value]
2425                     value = abs(value);
2426                             ^
2427             JavaScriptCore/assembler/MacroAssembler.h:992:17: note: use function 'fabs' instead
2428                     value = abs(value);
2429                             ^~~
2430                             fabs
2431
2432         * assembler/MacroAssembler.h:
2433         (JSC::MacroAssembler::shouldBlindDouble): Switch from abs() to
2434         fabs().
2435
2436 2014-03-14  Oliver Hunt  <oliver@apple.com>
2437
2438         Reinstate intialiser syntax in for-in loops
2439         https://bugs.webkit.org/show_bug.cgi?id=130269
2440
2441         Reviewed by Michael Saboff.
2442
2443         Disallowing the initialiser broke some sites so this patch re-allows
2444         the syntax.  We still disallow the syntax in 'of' and pattern based
2445         enumeration.
2446
2447         * parser/ASTBuilder.h:
2448         (JSC::ASTBuilder::isBindingNode):
2449         * parser/Parser.cpp:
2450         (JSC::Parser<LexerType>::parseVarDeclarationList):
2451         (JSC::Parser<LexerType>::parseForStatement):
2452         * parser/SyntaxChecker.h:
2453         (JSC::SyntaxChecker::operatorStackPop):
2454
2455 2014-03-14  Mark Lam  <mark.lam@apple.com>
2456
2457         Accessing __lookupGetter__ and __lookupSetter__ should not crash the VM when undefined.
2458         <https://webkit.org/b/130279>
2459
2460         Reviewed by Filip Pizlo.
2461
2462         If neither the getter nor setter are defined, accessing __lookupGetter__
2463         and __lookupSetter__ will return undefined as expected.  However, if the
2464         getter is defined but the setter is not, accessing __lookupSetter__ will
2465         crash the VM.  Similarly, accessing __lookupGetter__ when only the setter
2466         is defined will crash the VM.
2467
2468         The reason is because objectProtoFuncLookupGetter() and
2469         objectProtoFuncLookupSetter() did not check if the getter and setter
2470         value is non-null before returning it as an EncodedJSValue.  The fix is
2471         to add the appropriate null checks.
2472
2473         * runtime/ObjectPrototype.cpp:
2474         (JSC::objectProtoFuncLookupGetter):
2475         (JSC::objectProtoFuncLookupSetter):
2476
2477 2014-03-14  Mark Rowe  <mrowe@apple.com>
2478
2479         Fix the production build.
2480
2481         Don't rely on USE_INTERNAL_SDK being set for the Production configuration since UseInternalSDK.xcconfig won't
2482         be at the expected relative path when working from installed source.
2483
2484         * Configurations/Base.xcconfig:
2485
2486 2014-03-14  Maciej Stachowiak  <mjs@apple.com>
2487
2488         Replace "Apple Computer, Inc." with "Apple Inc." in copyright headers
2489         https://bugs.webkit.org/show_bug.cgi?id=130276
2490         <rdar://problem/16266927>
2491
2492         Reviewed by Simon Fraser.
2493
2494         * API/APICast.h:
2495         * API/JSBase.cpp:
2496         * API/JSBase.h:
2497         * API/JSBasePrivate.h:
2498         * API/JSCallbackConstructor.cpp:
2499         * API/JSCallbackConstructor.h:
2500         * API/JSCallbackFunction.cpp:
2501         * API/JSCallbackFunction.h:
2502         * API/JSCallbackObject.cpp:
2503         * API/JSCallbackObject.h:
2504         * API/JSCallbackObjectFunctions.h:
2505         * API/JSClassRef.cpp:
2506         * API/JSClassRef.h:
2507         * API/JSContextRef.cpp:
2508         * API/JSContextRef.h:
2509         * API/JSContextRefPrivate.h:
2510         * API/JSObjectRef.cpp:
2511         * API/JSObjectRef.h:
2512         * API/JSProfilerPrivate.cpp:
2513         * API/JSProfilerPrivate.h:
2514         * API/JSRetainPtr.h:
2515         * API/JSStringRef.cpp:
2516         * API/JSStringRef.h:
2517         * API/JSStringRefBSTR.cpp:
2518         * API/JSStringRefBSTR.h:
2519         * API/JSStringRefCF.cpp:
2520         * API/JSStringRefCF.h:
2521         * API/JSValueRef.cpp:
2522         * API/JSValueRef.h:
2523         * API/JavaScript.h:
2524         * API/JavaScriptCore.h:
2525         * API/OpaqueJSString.cpp:
2526         * API/OpaqueJSString.h:
2527         * API/tests/JSNode.c:
2528         * API/tests/JSNode.h:
2529         * API/tests/JSNodeList.c:
2530         * API/tests/JSNodeList.h:
2531         * API/tests/Node.c:
2532         * API/tests/Node.h:
2533         * API/tests/NodeList.c:
2534         * API/tests/NodeList.h:
2535         * API/tests/minidom.c:
2536         * API/tests/minidom.js:
2537         * API/tests/testapi.c:
2538         * API/tests/testapi.js:
2539         * DerivedSources.make:
2540         * bindings/ScriptValue.cpp:
2541         * bytecode/CodeBlock.cpp:
2542         * bytecode/CodeBlock.h:
2543         * bytecode/EvalCodeCache.h:
2544         * bytecode/Instruction.h:
2545         * bytecode/JumpTable.cpp:
2546         * bytecode/JumpTable.h:
2547         * bytecode/Opcode.cpp:
2548         * bytecode/Opcode.h:
2549         * bytecode/SamplingTool.cpp:
2550         * bytecode/SamplingTool.h:
2551         * bytecode/SpeculatedType.cpp:
2552         * bytecode/SpeculatedType.h:
2553         * bytecode/ValueProfile.h:
2554         * bytecompiler/BytecodeGenerator.cpp:
2555         * bytecompiler/BytecodeGenerator.h:
2556         * bytecompiler/Label.h:
2557         * bytecompiler/LabelScope.h:
2558         * bytecompiler/RegisterID.h:
2559         * debugger/DebuggerCallFrame.cpp:
2560         * debugger/DebuggerCallFrame.h:
2561         * dfg/DFGDesiredStructureChains.cpp:
2562         * dfg/DFGDesiredStructureChains.h:
2563         * heap/GCActivityCallback.cpp:
2564         * heap/GCActivityCallback.h:
2565         * inspector/ConsoleMessage.cpp:
2566         * inspector/ConsoleMessage.h:
2567         * inspector/IdentifiersFactory.cpp:
2568         * inspector/IdentifiersFactory.h:
2569         * inspector/InjectedScriptManager.cpp:
2570         * inspector/InjectedScriptManager.h:
2571         * inspector/InjectedScriptSource.js:
2572         * inspector/ScriptBreakpoint.h:
2573         * inspector/ScriptDebugListener.h:
2574         * inspector/ScriptDebugServer.cpp:
2575         * inspector/ScriptDebugServer.h:
2576         * inspector/agents/InspectorAgent.cpp:
2577         * inspector/agents/InspectorAgent.h:
2578         * inspector/agents/InspectorDebuggerAgent.cpp:
2579         * inspector/agents/InspectorDebuggerAgent.h:
2580         * interpreter/Interpreter.cpp:
2581         * interpreter/Interpreter.h:
2582         * interpreter/JSStack.cpp:
2583         * interpreter/JSStack.h:
2584         * interpreter/Register.h:
2585         * jit/CompactJITCodeMap.h:
2586         * jit/JITStubs.cpp:
2587         * jit/JITStubs.h:
2588         * jit/JITStubsARM.h:
2589         * jit/JITStubsARMv7.h:
2590         * jit/JITStubsX86.h:
2591         * jit/JITStubsX86_64.h:
2592         * os-win32/stdbool.h:
2593         * parser/SourceCode.h:
2594         * parser/SourceProvider.h:
2595         * profiler/LegacyProfiler.cpp:
2596         * profiler/LegacyProfiler.h:
2597         * profiler/ProfileNode.cpp:
2598         * profiler/ProfileNode.h:
2599         * runtime/ArrayBufferView.cpp:
2600         * runtime/ArrayBufferView.h:
2601         * runtime/BatchedTransitionOptimizer.h:
2602         * runtime/CallData.h:
2603         * runtime/ConstructData.h:
2604         * runtime/DumpContext.cpp:
2605         * runtime/DumpContext.h:
2606         * runtime/ExceptionHelpers.cpp:
2607         * runtime/ExceptionHelpers.h:
2608         * runtime/InitializeThreading.cpp:
2609         * runtime/InitializeThreading.h:
2610         * runtime/IntegralTypedArrayBase.h:
2611         * runtime/IntendedStructureChain.cpp:
2612         * runtime/IntendedStructureChain.h:
2613         * runtime/JSActivation.cpp:
2614         * runtime/JSActivation.h:
2615         * runtime/JSExportMacros.h:
2616         * runtime/JSGlobalObject.cpp:
2617         * runtime/JSNotAnObject.cpp:
2618         * runtime/JSNotAnObject.h:
2619         * runtime/JSPropertyNameIterator.cpp:
2620         * runtime/JSPropertyNameIterator.h:
2621         * runtime/JSSegmentedVariableObject.cpp:
2622         * runtime/JSSegmentedVariableObject.h:
2623         * runtime/JSSymbolTableObject.cpp:
2624         * runtime/JSSymbolTableObject.h:
2625         * runtime/JSTypeInfo.h:
2626         * runtime/JSVariableObject.cpp:
2627         * runtime/JSVariableObject.h:
2628         * runtime/PropertyTable.cpp:
2629         * runtime/PutPropertySlot.h:
2630         * runtime/SamplingCounter.cpp:
2631         * runtime/SamplingCounter.h:
2632         * runtime/Structure.cpp:
2633         * runtime/Structure.h:
2634         * runtime/StructureChain.cpp:
2635         * runtime/StructureChain.h:
2636         * runtime/StructureInlines.h:
2637         * runtime/StructureTransitionTable.h:
2638         * runtime/SymbolTable.cpp:
2639         * runtime/SymbolTable.h:
2640         * runtime/TypedArrayBase.h:
2641         * runtime/TypedArrayType.cpp:
2642         * runtime/TypedArrayType.h:
2643         * runtime/VM.cpp:
2644         * runtime/VM.h:
2645         * yarr/RegularExpression.cpp:
2646         * yarr/RegularExpression.h:
2647
2648 2014-03-14  Filip Pizlo  <fpizlo@apple.com>
2649
2650         Final FTL iOS build magic
2651         https://bugs.webkit.org/show_bug.cgi?id=130281
2652
2653         Reviewed by Michael Saboff.
2654
2655         * Configurations/Base.xcconfig: For now our LLVM headers are in /usr/local/LLVMForJavaScriptCore/include, which is the same as OS X.
2656         * Configurations/LLVMForJSC.xcconfig: We need to be more careful about how we specify library paths if we want to get the prioritzation right. Also we need protobuf because things. :-/
2657
2658 2014-03-14  Joseph Pecoraro  <pecoraro@apple.com>
2659
2660         Web Inspector: Gracefully handle nil name -[JSContext setName:]
2661         https://bugs.webkit.org/show_bug.cgi?id=130262
2662
2663         Reviewed by Mark Hahnenberg.
2664
2665         * API/JSContext.mm:
2666         (-[JSContext setName:]):
2667         Gracefully handle nil input.
2668
2669         * API/tests/testapi.c:
2670         (globalContextNameTest):
2671         * API/tests/testapi.mm:
2672         Test for nil / NULL names in the ObjC and C APIs.
2673
2674 2014-03-11  Oliver Hunt  <oliver@apple.com>
2675
2676         Improve dom error messages
2677         https://bugs.webkit.org/show_bug.cgi?id=130103
2678
2679         Reviewed by Andreas Kling.
2680
2681         Add new helper function.
2682
2683         * runtime/Error.h:
2684         (JSC::throwVMTypeError):
2685
2686 2014-03-14  László Langó  <llango.u-szeged@partner.samsung.com>
2687
2688         Remove unused method declaration.
2689         https://bugs.webkit.org/show_bug.cgi?id=130238
2690
2691         Reviewed by Filip Pizlo.
2692
2693         The implementation of CallFrame::dumpCaller was removed in
2694         http://trac.webkit.org/changeset/153183, but the declaration of it was not.
2695
2696         * interpreter/CallFrame.h:
2697         Remove CallFrame::dumpCaller() method declaration.
2698
2699 2014-03-12  Sergio Villar Senin  <svillar@igalia.com>
2700
2701         Rename DEFINE_STATIC_LOCAL to DEPRECATED_DEFINE_STATIC_LOCAL
2702         https://bugs.webkit.org/show_bug.cgi?id=129612
2703
2704         Reviewed by Darin Adler.
2705
2706         For new code use static NeverDestroyed<T> instead.
2707
2708         * API/JSAPIWrapperObject.mm:
2709         (jsAPIWrapperObjectHandleOwner):
2710         * API/JSManagedValue.mm:
2711         (managedValueHandleOwner):
2712         * inspector/agents/InspectorDebuggerAgent.cpp:
2713         (Inspector::objectGroupForBreakpointAction):
2714         * inspector/scripts/CodeGeneratorInspectorStrings.py:
2715         * interpreter/JSStack.cpp:
2716         (JSC::stackStatisticsMutex):
2717         * jit/ExecutableAllocator.cpp:
2718         (JSC::DemandExecutableAllocator::allocators):
2719
2720 2014-03-12  Gavin Barraclough  <barraclough@apple.com>
2721
2722         Reduce memory use for static property maps
2723         https://bugs.webkit.org/show_bug.cgi?id=129986
2724
2725         Reviewed by Andreas Kling.
2726
2727         Static property tables are currently duplicated on first use from read-only memory into dirty memory
2728         in every process, and since the entries are large (48 bytes) and the tables can be unusually sparse
2729         (we use a custom hash table without a rehash) a lot of memory may be wasted.
2730
2731         First, reduce the size of the hashtable. Instead of storing values in the table the hashtable maps
2732         from string hashes to indicies into a densely packed array of values. Compute the index table at
2733         compile time as a part of the derived sources step, such that this may be read-only data.
2734
2735         Second, don't copy all data from the HashTableValue array into a HashEntry objects. Instead refer
2736         directly to the HashTableValue entries. The only data that needs to be allocated at runtime are the
2737         keys, which are Identifiers.
2738
2739         * create_hash_table:
2740             - emit the hash table index into the derived source (we were calculating this already to ensure chaining does not get too deep).
2741         * parser/Lexer.cpp:
2742         (JSC::Lexer<LChar>::parseIdentifier):
2743         (JSC::Lexer<UChar>::parseIdentifier):
2744         (JSC::Lexer<T>::parseIdentifierSlowCase):
2745             - HashEntry -> HashTableValue.
2746         * parser/Lexer.h:
2747         (JSC::Keywords::getKeyword):
2748             - HashEntry -> HashTableValue.
2749         * runtime/ClassInfo.h:
2750             - removed HashEntry.
2751         * runtime/JSObject.cpp:
2752         (JSC::getClassPropertyNames):
2753             - use HashTable::ConstIterator.
2754         (JSC::JSObject::put):
2755         (JSC::JSObject::deleteProperty):
2756         (JSC::JSObject::findPropertyHashEntry):
2757             - HashEntry -> HashTableValue.
2758         (JSC::JSObject::reifyStaticFunctionsForDelete):
2759             - changed HashTable::ConstIterator interface.
2760         * runtime/JSObject.h:
2761             - HashEntry -> HashTableValue.
2762         * runtime/Lookup.cpp:
2763         (JSC::HashTable::createTable):
2764             - table -> keys, keys array is now densely packed.
2765         (JSC::HashTable::deleteTable):
2766             - table -> keys.
2767         (JSC::setUpStaticFunctionSlot):
2768             - HashEntry -> HashTableValue.
2769         * runtime/Lookup.h:
2770         (JSC::HashTableValue::builtinGenerator):
2771         (JSC::HashTableValue::function):
2772         (JSC::HashTableValue::functionLength):
2773         (JSC::HashTableValue::propertyGetter):
2774         (JSC::HashTableValue::propertyPutter):
2775         (JSC::HashTableValue::lexerValue):
2776             - added accessor methods from HashEntry.
2777         (JSC::HashTable::copy):
2778             - fields changed.
2779         (JSC::HashTable::initializeIfNeeded):
2780             - table -> keys.
2781         (JSC::HashTable::entry):
2782             - HashEntry -> HashTableValue.
2783         (JSC::HashTable::ConstIterator::ConstIterator):
2784             - iterate packed value array, so no need to skipInvalidKeys().
2785         (JSC::HashTable::ConstIterator::value):
2786         (JSC::HashTable::ConstIterator::key):
2787         (JSC::HashTable::ConstIterator::operator->):
2788             - accessors now get HashTableValue/StringImpl* separately.
2789         (JSC::HashTable::ConstIterator::operator++):
2790             - iterate packed value array, so no need to skipInvalidKeys().
2791         (JSC::HashTable::end):
2792             - end is now size of dense not sparse array.
2793         (JSC::getStaticPropertySlot):
2794         (JSC::getStaticFunctionSlot):
2795         (JSC::getStaticValueSlot):
2796         (JSC::putEntry):
2797         (JSC::lookupPut):
2798             - HashEntry -> HashTableValue.
2799
2800 2014-03-13  Filip Pizlo  <fpizlo@apple.com>
2801
2802         Unreviewed, fix Mac no-FTL build.
2803
2804         * llvm/library/LLVMExports.cpp:
2805         (initializeAndGetJSCLLVMAPI):
2806
2807 2014-03-13  Juergen Ributzka  <juergen@apple.com>
2808
2809         Only export initializeAndGetJSCLLVMAPI from libllvmForJSC.dylib
2810         https://bugs.webkit.org/show_bug.cgi?id=130224
2811
2812         Reviewed by Filip Pizlo.
2813
2814         This limits the exported symbols to only initializeAndGetJSCLLVMAPI from
2815         the LLVM dylib. This allows the dylib to be safely used with other LLVM
2816         dylibs on the same system. It also reduces the dynamic linking overhead
2817         and also reduces the size by 6MB, because the linker can now dead strip
2818         many unused functions.
2819
2820         * Configurations/LLVMForJSC.xcconfig:
2821
2822 2014-03-13  Andreas Kling  <akling@apple.com>
2823
2824         VM::discardAllCode() should clear the RegExp cache.
2825         <https://webkit.org/b/130144>
2826
2827         Reviewed by Michael Saboff.
2828
2829         * runtime/VM.cpp:
2830         (JSC::VM::discardAllCode):
2831
2832 2014-03-13  Andreas Kling  <akling@apple.com>
2833
2834         Revert "Short-circuit JSGlobalObjectInspectorController when not inspecting."
2835         <https://webkit.org/b/129995>
2836
2837         This code path is not taken anymore on DYEB, and I can't explain why
2838         it was showing up in my profiles. Backing it out per JoePeck's suggestion.
2839
2840         * inspector/JSGlobalObjectInspectorController.cpp:
2841         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2842
2843 2014-03-13  Filip Pizlo  <fpizlo@apple.com>
2844
2845         FTL should support IsBlah
2846         https://bugs.webkit.org/show_bug.cgi?id=130202
2847
2848         Reviewed by Geoffrey Garen.
2849
2850         * ftl/FTLCapabilities.cpp:
2851         (JSC::FTL::canCompile):
2852         * ftl/FTLIntrinsicRepository.h:
2853         * ftl/FTLLowerDFGToLLVM.cpp:
2854         (JSC::FTL::LowerDFGToLLVM::compileNode):
2855         (JSC::FTL::LowerDFGToLLVM::compileIsUndefined):
2856         (JSC::FTL::LowerDFGToLLVM::compileIsBoolean):
2857         (JSC::FTL::LowerDFGToLLVM::compileIsNumber):
2858         (JSC::FTL::LowerDFGToLLVM::compileIsString):
2859         (JSC::FTL::LowerDFGToLLVM::compileIsObject):
2860         (JSC::FTL::LowerDFGToLLVM::compileIsFunction):
2861         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrier):
2862         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck):
2863         (JSC::FTL::LowerDFGToLLVM::isNotCellOrMisc):
2864         (JSC::FTL::LowerDFGToLLVM::isNumber):
2865         (JSC::FTL::LowerDFGToLLVM::isNotNumber):
2866         (JSC::FTL::LowerDFGToLLVM::isBoolean):
2867         * ftl/FTLOSRExitCompiler.cpp:
2868         * tests/stress/is-undefined-exit-on-masquerader.js: Added.
2869         (bar):
2870         (foo):
2871         (test):
2872         * tests/stress/is-undefined-jettison-on-masquerader.js: Added.
2873         (foo):
2874         (test):
2875         * tests/stress/is-undefined-masquerader.js: Added.
2876         (foo):
2877         (test):
2878
2879 2014-03-13  Mark Lam  <mark.lam@apple.com>
2880
2881         JS benchmarks crash with a bus error on 32-bit x86.
2882         <https://webkit.org/b/130203>
2883
2884         Reviewed by Geoffrey Garen.
2885
2886         The issue is that generateGetByIdStub() can potentially use the same register
2887         for the JSValue base register and the target tag register.  After loading the
2888         tag value into the target tag register, the JSValue base address is lost.
2889         The code then proceeds to load the payload value using the base register, and
2890         this results in a crash.
2891
2892         The fix is to check if the base register is the same as the target tag register.
2893         If so, we should make a copy the base register first before loading the tag
2894         value, and use the copy to load the payload value instead.
2895
2896         * jit/Repatch.cpp:
2897         (JSC::generateGetByIdStub):
2898
2899 2014-03-12  Filip Pizlo  <fpizlo@apple.com>
2900
2901         WebKit shouldn't crash on uniprocessor machines
2902         https://bugs.webkit.org/show_bug.cgi?id=130176
2903
2904         Reviewed by Michael Saboff.
2905         
2906         Previously the math for computing the number of JIT compiler threads would come up with
2907         zero threads on uniprocessor machines, and then the Worklist code would assert.
2908
2909         * runtime/Options.cpp:
2910         (JSC::computeNumberOfWorkerThreads):
2911         * runtime/Options.h:
2912
2913 2014-03-13  Radu Stavila  <stavila@adobe.com>
2914
2915         Webkit not building on XCode 5.1 due to garbage collection no longer being supported
2916         https://bugs.webkit.org/show_bug.cgi?id=130087
2917
2918         Reviewed by Mark Rowe.
2919
2920         Disable garbage collection on macosx when not using internal SDK.
2921
2922         * Configurations/Base.xcconfig:
2923
2924 2014-03-10  Darin Adler  <darin@apple.com>
2925
2926         Avoid copy-prone idiom "for (auto item : collection)"
2927         https://bugs.webkit.org/show_bug.cgi?id=129990
2928
2929         Reviewed by Geoffrey Garen.
2930
2931         * heap/CodeBlockSet.h:
2932         (JSC::CodeBlockSet::iterate): Use auto& to be sure we don't copy by accident.
2933         * inspector/ScriptDebugServer.cpp:
2934         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog): Use auto* to
2935         make explicit that we are iterating through pointers.
2936         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound): Ditto.
2937         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe): Ditto.
2938         * inspector/agents/InspectorDebuggerAgent.cpp:
2939         (Inspector::InspectorDebuggerAgent::removeBreakpoint): Use auto&, and also
2940         get rid of an unneeded local variable.
2941
2942 2014-03-13  Brian Burg  <bburg@apple.com>
2943
2944         Web Inspector: Remove unused callId parameter from evaluateInWebInspector
2945         https://bugs.webkit.org/show_bug.cgi?id=129744
2946
2947         Reviewed by Timothy Hatcher.
2948
2949         * inspector/agents/InspectorAgent.cpp:
2950         (Inspector::InspectorAgent::enable):
2951         (Inspector::InspectorAgent::evaluateForTestInFrontend):
2952         * inspector/agents/InspectorAgent.h:
2953         * inspector/protocol/InspectorDomain.json:
2954
2955 2014-03-11  Filip Pizlo  <fpizlo@apple.com>
2956
2957         ASSERTION FAILED: node->op() == Phi || node->op() == SetArgument
2958         https://bugs.webkit.org/show_bug.cgi?id=130069
2959
2960         Reviewed by Geoffrey Garen.
2961         
2962         This was a great assertion, and it represents our strictest interpretation of the rules of
2963         our intermediate representation. However, fixing DCE to actually preserve the relevant
2964         property would be hard, and it wouldn't have an observable effect right now because nobody
2965         actually uses the propery of CPS that this assertion is checking for.
2966         
2967         In particular, we do always require, and rely on, the fact that non-captured variables
2968         have variablesAtTail refer to the last interesting use of the variable: a SetLocal if the
2969         block assigns to the variable, a GetLocal if it only reads from it, and a Flush,
2970         PhantomLocal, or Phi otherwise. We do preserve this property successfully and DCE was not
2971         broken in this regard. But, in the strictest sense, CPS also means that for captured
2972         variables, variablesAtTail also continues to point to the last relevant use of the
2973         variable. In particular, if there are multiple GetLocals, then it should point to the last
2974         one. This is hard for DCE to preserve. Also, nobody relies on variablesAtTail for captured
2975         variables, except to check the VariableAccessData; but in that case, we don't really need
2976         the *last* relevant use of the variable - any node that mentions the same variable will do
2977         just fine.
2978         
2979         So, this change loosens the assertion and adds a detailed FIXME describing what we would
2980         have to do if we wanted to preserve the more strict property.
2981         
2982         This also makes changes to various debug printing paths so that validation doesn't crash
2983         during graph dump. This also adds tests for the interesting cases of DCE failing to
2984         preserve CPS in the strictest sense. This also attempts to win the record for longest test
2985         name.
2986
2987         * bytecode/CodeBlock.cpp:
2988         (JSC::CodeBlock::hashAsStringIfPossible):
2989         (JSC::CodeBlock::dumpAssumingJITType):
2990         * bytecode/CodeBlock.h:
2991         * bytecode/CodeOrigin.cpp:
2992         (JSC::InlineCallFrame::hashAsStringIfPossible):
2993         (JSC::InlineCallFrame::dumpBriefFunctionInformation):
2994         * bytecode/CodeOrigin.h:
2995         * dfg/DFGCPSRethreadingPhase.cpp:
2996         (JSC::DFG::CPSRethreadingPhase::run):
2997         * dfg/DFGDCEPhase.cpp:
2998         (JSC::DFG::DCEPhase::cleanVariables):
2999         * dfg/DFGInPlaceAbstractState.cpp:
3000         (JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
3001         * runtime/FunctionExecutableDump.cpp:
3002         (JSC::FunctionExecutableDump::dump):
3003         * tests/stress/dead-access-to-captured-variable-preceded-by-a-live-store-in-function-with-multiple-basic-blocks.js: Added.
3004         (foo):
3005         * tests/stress/dead-access-to-captured-variable-preceded-by-a-live-store.js: Added.
3006         (foo):
3007
3008 2014-03-12  Brian Burg  <bburg@apple.com>
3009
3010         Web Replay: add infrastructure for memoizing nondeterministic DOM APIs
3011         https://bugs.webkit.org/show_bug.cgi?id=129445
3012
3013         Reviewed by Timothy Hatcher.
3014
3015         There was a bug in the replay inputs code generator that would include
3016         headers for definitions of enum classes, even though they can be safely
3017         forward-declared.
3018
3019         * replay/scripts/CodeGeneratorReplayInputs.py:
3020         (Generator.generate_includes): Only include for copy constructor if the
3021         type is a heavy scalar (i.e., String, URL), not a normal scalar
3022         (i.e., int, double, enum classes).
3023
3024         (Generator.generate_type_forward_declarations): Forward-declare scalars
3025         that are enums or enum classes.
3026
3027 2014-03-12  Joseph Pecoraro  <pecoraro@apple.com>
3028
3029         Web Inspector: Disable REMOTE_INSPECTOR in earlier OS X releases
3030         https://bugs.webkit.org/show_bug.cgi?id=130118
3031
3032         Reviewed by Timothy Hatcher.
3033
3034         * Configurations/FeatureDefines.xcconfig:
3035
3036 2014-03-12  Joseph Pecoraro  <pecoraro@apple.com>
3037
3038         Web Inspector: Hang in Remote Inspection triggering breakpoint from console
3039         https://bugs.webkit.org/show_bug.cgi?id=130032
3040
3041         Reviewed by Timothy Hatcher.
3042
3043         * inspector/EventLoop.h:
3044         * inspector/EventLoop.cpp:
3045         (Inspector::EventLoop::remoteInspectorRunLoopMode):
3046         (Inspector::EventLoop::cycle):
3047         Expose the run loop mode name so it can be used if needed by others.
3048
3049         * inspector/remote/RemoteInspectorDebuggableConnection.h:
3050         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
3051         (Inspector::RemoteInspectorBlock::RemoteInspectorBlock):
3052         (Inspector::RemoteInspectorBlock::~RemoteInspectorBlock):
3053         (Inspector::RemoteInspectorBlock::operator=):
3054         (Inspector::RemoteInspectorBlock::operator()):
3055         (Inspector::RemoteInspectorQueueTask):
3056         Instead of a dispatch_queue, have our own static Vector of debugger tasks.
3057
3058         (Inspector::RemoteInspectorHandleRunSource):
3059         (Inspector::RemoteInspectorInitializeQueue):
3060         Initialize the static queue and run loop source. When the run loop source
3061         fires, it will exhaust the queue of debugger messages.
3062
3063         (Inspector::RemoteInspectorDebuggableConnection::RemoteInspectorDebuggableConnection):
3064         (Inspector::RemoteInspectorDebuggableConnection::~RemoteInspectorDebuggableConnection):
3065         When we get a debuggable connection add a run loop source for inspector commands.
3066
3067         (Inspector::RemoteInspectorDebuggableConnection::dispatchAsyncOnDebuggable):
3068         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
3069         Enqueue blocks on our Vector instead of our dispatch_queue.
3070
3071 2014-03-12  Commit Queue  <commit-queue@webkit.org>
3072
3073         Unreviewed, rolling out r165482.
3074         https://bugs.webkit.org/show_bug.cgi?id=130157
3075
3076         Broke the windows build; "error C2466: cannot allocate an
3077         array of constant size 0" (Requested by jernoble on #webkit).
3078
3079         Reverted changeset:
3080
3081         "Reduce memory use for static property maps"
3082         https://bugs.webkit.org/show_bug.cgi?id=129986
3083         http://trac.webkit.org/changeset/165482
3084
3085 2014-03-12  Mark Hahnenberg  <mhahnenberg@apple.com>
3086
3087         Remove HandleSet::m_nextToFinalize
3088         https://bugs.webkit.org/show_bug.cgi?id=130109
3089
3090         Reviewed by Mark Lam.
3091
3092         This is a remnant of when HandleSet contained things that needed to be finalized. 
3093
3094         * heap/HandleSet.cpp:
3095         (JSC::HandleSet::HandleSet):
3096         (JSC::HandleSet::writeBarrier):
3097         * heap/HandleSet.h:
3098         (JSC::HandleSet::allocate):
3099         (JSC::HandleSet::deallocate):
3100
3101 2014-03-12  Mark Hahnenberg  <mhahnenberg@apple.com>
3102
3103         Layout Test fast/workers/worker-gc.html is failing
3104         https://bugs.webkit.org/show_bug.cgi?id=130135
3105
3106         Reviewed by Geoffrey Garen.
3107
3108         When removing MarkedBlocks, we always expect them to be in the MarkedAllocator's 
3109         main list of blocks, i.e. not in the retired list. When shutting down the VM this
3110         wasn't always the case which was causing ASSERTs to fire. We should rearrange things 
3111         so that allocators are notified with lastChanceToFinalize. This will give them 
3112         the chance to move their retired blocks back into the main list before removing them all.
3113
3114         * heap/MarkedAllocator.cpp:
3115         (JSC::LastChanceToFinalize::operator()):
3116         (JSC::MarkedAllocator::lastChanceToFinalize):
3117         * heap/MarkedAllocator.h:
3118         * heap/MarkedSpace.cpp:
3119         (JSC::LastChanceToFinalize::operator()):
3120         (JSC::MarkedSpace::lastChanceToFinalize):
3121
3122 2014-03-12  Gavin Barraclough  <barraclough@apple.com>
3123
3124         Reduce memory use for static property maps
3125         https://bugs.webkit.org/show_bug.cgi?id=129986
3126
3127         Reviewed by Andreas Kling.
3128
3129         Static property tables are currently duplicated on first use from read-only memory into dirty memory
3130         in every process, and since the entries are large (48 bytes) and the tables can be unusually sparse
3131         (we use a custom hash table without a rehash) a lot of memory may be wasted.
3132
3133         First, reduce the size of the hashtable. Instead of storing values in the table the hashtable maps
3134         from string hashes to indicies into a densely packed array of values. Compute the index table at
3135         compile time as a part of the derived sources step, such that this may be read-only data.
3136
3137         Second, don't copy all data from the HashTableValue array into a HashEntry objects. Instead refer
3138         directly to the HashTableValue entries. The only data that needs to be allocated at runtime are the
3139         keys, which are Identifiers.
3140
3141         * create_hash_table:
3142             - emit the hash table index into the derived source (we were calculating this already to ensure chaining does not get too deep).
3143         * parser/Lexer.cpp:
3144         (JSC::Lexer<LChar>::parseIdentifier):
3145         (JSC::Lexer<UChar>::parseIdentifier):
3146         (JSC::Lexer<T>::parseIdentifierSlowCase):
3147             - HashEntry -> HashTableValue.
3148         * parser/Lexer.h:
3149         (JSC::Keywords::getKeyword):
3150             - HashEntry -> HashTableValue.
3151         * runtime/ClassInfo.h:
3152             - removed HashEntry.
3153         * runtime/JSObject.cpp:
3154         (JSC::getClassPropertyNames):
3155             - use HashTable::ConstIterator.
3156         (JSC::JSObject::put):
3157         (JSC::JSObject::deleteProperty):
3158         (JSC::JSObject::findPropertyHashEntry):
3159             - HashEntry -> HashTableValue.
3160         (JSC::JSObject::reifyStaticFunctionsForDelete):
3161             - changed HashTable::ConstIterator interface.
3162         * runtime/JSObject.h:
3163             - HashEntry -> HashTableValue.
3164         * runtime/Lookup.cpp:
3165         (JSC::HashTable::createTable):
3166             - table -> keys, keys array is now densely packed.
3167         (JSC::HashTable::deleteTable):
3168             - table -> keys.
3169         (JSC::setUpStaticFunctionSlot):
3170             - HashEntry -> HashTableValue.
3171         * runtime/Lookup.h:
3172         (JSC::HashTableValue::builtinGenerator):
3173         (JSC::HashTableValue::function):
3174         (JSC::HashTableValue::functionLength):
3175         (JSC::HashTableValue::propertyGetter):
3176         (JSC::HashTableValue::propertyPutter):
3177         (JSC::HashTableValue::lexerValue):
3178             - added accessor methods from HashEntry.
3179         (JSC::HashTable::copy):
3180             - fields changed.
3181         (JSC::HashTable::initializeIfNeeded):
3182             - table -> keys.
3183         (JSC::HashTable::entry):
3184             - HashEntry -> HashTableValue.
3185         (JSC::HashTable::ConstIterator::ConstIterator):
3186             - iterate packed value array, so no need to skipInvalidKeys().
3187         (JSC::HashTable::ConstIterator::value):
3188         (JSC::HashTable::ConstIterator::key):
3189         (JSC::HashTable::ConstIterator::operator->):
3190             - accessors now get HashTableValue/StringImpl* separately.
3191         (JSC::HashTable::ConstIterator::operator++):
3192             - iterate packed value array, so no need to skipInvalidKeys().
3193         (JSC::HashTable::end):
3194             - end is now size of dense not sparse array.
3195         (JSC::getStaticPropertySlot):
3196         (JSC::getStaticFunctionSlot):
3197         (JSC::getStaticValueSlot):
3198         (JSC::putEntry):
3199         (JSC::lookupPut):
3200             - HashEntry -> HashTableValue.
3201
3202 2014-03-11  Filip Pizlo  <fpizlo@apple.com>
3203
3204         It should be possible to build WebKit with FTL on iOS
3205         https://bugs.webkit.org/show_bug.cgi?id=130116
3206
3207         Reviewed by Dan Bernstein.
3208
3209         * Configurations/Base.xcconfig:
3210
3211 2014-03-10  Filip Pizlo  <fpizlo@apple.com>
3212
3213         GetById list caching should use something object-oriented rather than PolymorphicAccessStructureList
3214         https://bugs.webkit.org/show_bug.cgi?id=129778
3215
3216         Reviewed by Geoffrey Garen.
3217         
3218         Also deduplicate the GetById getter call caching. Also add some small tests for
3219         get stubs.
3220         
3221         This change reduces the amount of code involved in GetById access caching and it
3222         creates data structures that can serve as an elegant scaffold for introducing other
3223         kinds of caches or improving current caching styles. It will definitely make getter
3224         performance improvements easier to implement.
3225
3226         * CMakeLists.txt:
3227         * GNUmakefile.list.am:
3228         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3229         * JavaScriptCore.xcodeproj/project.pbxproj:
3230         * bytecode/CodeBlock.cpp:
3231         (JSC::CodeBlock::printGetByIdCacheStatus):
3232         * bytecode/GetByIdStatus.cpp:
3233         (JSC::GetByIdStatus::computeForStubInfo):
3234         * bytecode/PolymorphicGetByIdList.cpp: Added.
3235         (JSC::GetByIdAccess::GetByIdAccess):
3236         (JSC::GetByIdAccess::~GetByIdAccess):
3237         (JSC::GetByIdAccess::fromStructureStubInfo):
3238         (JSC::GetByIdAccess::visitWeak):
3239         (JSC::PolymorphicGetByIdList::PolymorphicGetByIdList):
3240         (JSC::PolymorphicGetByIdList::from):
3241         (JSC::PolymorphicGetByIdList::~PolymorphicGetByIdList):
3242         (JSC::PolymorphicGetByIdList::currentSlowPathTarget):
3243         (JSC::PolymorphicGetByIdList::addAccess):
3244         (JSC::PolymorphicGetByIdList::isFull):
3245         (JSC::PolymorphicGetByIdList::isAlmostFull):
3246         (JSC::PolymorphicGetByIdList::didSelfPatching):
3247         (JSC::PolymorphicGetByIdList::visitWeak):
3248         * bytecode/PolymorphicGetByIdList.h: Added.
3249         (JSC::GetByIdAccess::GetByIdAccess):
3250         (JSC::GetByIdAccess::isSet):
3251         (JSC::GetByIdAccess::operator!):
3252         (JSC::GetByIdAccess::type):
3253         (JSC::GetByIdAccess::structure):
3254         (JSC::GetByIdAccess::chain):
3255         (JSC::GetByIdAccess::chainCount):
3256         (JSC::GetByIdAccess::stubRoutine):
3257         (JSC::GetByIdAccess::doesCalls):
3258         (JSC::PolymorphicGetByIdList::isEmpty):
3259         (JSC::PolymorphicGetByIdList::size):
3260         (JSC::PolymorphicGetByIdList::at):
3261         (JSC::PolymorphicGetByIdList::operator[]):
3262         * bytecode/StructureStubInfo.cpp:
3263         (JSC::StructureStubInfo::deref):
3264         (JSC::StructureStubInfo::visitWeakReferences):
3265         * bytecode/StructureStubInfo.h:
3266         (JSC::isGetByIdAccess):
3267         (JSC::StructureStubInfo::initGetByIdList):
3268         * jit/Repatch.cpp:
3269         (JSC::generateGetByIdStub):
3270         (JSC::tryCacheGetByID):
3271         (JSC::patchJumpToGetByIdStub):
3272         (JSC::tryBuildGetByIDList):
3273         (JSC::tryBuildPutByIdList):
3274         * tests/stress/getter.js: Added.
3275         (foo):
3276         (.o):
3277         * tests/stress/polymorphic-prototype-accesses.js: Added.
3278         (Foo):
3279         (Bar):
3280         (foo):
3281         * tests/stress/prototype-getter.js: Added.
3282         (Foo):
3283         (foo):
3284         * tests/stress/simple-prototype-accesses.js: Added.
3285         (Foo):
3286         (foo):
3287
3288 2014-03-11  Mark Hahnenberg  <mhahnenberg@apple.com>
3289
3290         MarkedBlocks that are "full enough" shouldn't be swept after EdenCollections
3291         https://bugs.webkit.org/show_bug.cgi?id=129920
3292
3293         Reviewed by Geoffrey Garen.
3294
3295         This patch introduces the notion of "retiring" MarkedBlocks. We retire a MarkedBlock
3296         when the amount of free space in a MarkedBlock drops below a certain threshold.
3297         Retired blocks are not considered for sweeping.
3298
3299         This is profitable because it reduces churn during sweeping. To build a free list, 
3300         we have to scan through each cell in a block. After a collection, all objects that 
3301         are live in the block will remain live until the next FullCollection, at which time
3302         we un-retire all previously retired blocks. Thus, a small number of objects in a block
3303         that die during each EdenCollection could cause us to do a disproportiante amount of 
3304         sweeping for how much free memory we get back.
3305
3306         This patch looks like a consistent ~2% progression on boyer and is neutral everywhere else.
3307
3308         * heap/Heap.h:
3309         (JSC::Heap::didRetireBlockWithFreeListSize):
3310         * heap/MarkedAllocator.cpp:
3311         (JSC::MarkedAllocator::tryAllocateHelper):
3312         (JSC::MarkedAllocator::removeBlock):
3313         (JSC::MarkedAllocator::reset):
3314         * heap/MarkedAllocator.h:
3315         (JSC::MarkedAllocator::MarkedAllocator):
3316         (JSC::MarkedAllocator::forEachBlock):
3317         * heap/MarkedBlock.cpp:
3318         (JSC::MarkedBlock::sweepHelper):
3319         (JSC::MarkedBlock::clearMarksWithCollectionType):
3320         (JSC::MarkedBlock::didRetireBlock):
3321         * heap/MarkedBlock.h:
3322         (JSC::MarkedBlock::willRemoveBlock):
3323         (JSC::MarkedBlock::isLive):
3324         * heap/MarkedSpace.cpp:
3325         (JSC::MarkedSpace::clearNewlyAllocated):
3326         (JSC::MarkedSpace::clearMarks):
3327         * runtime/Options.h:
3328
3329 2014-03-11  Andreas Kling  <akling@apple.com>
3330
3331         Streamline PropertyTable for lookup-only access.
3332         <https://webkit.org/b/130060>
3333
3334         The PropertyTable lookup algorithm was written to support both read
3335         and write access. This wasn't actually needed in most places.
3336
3337         This change adds a PropertyTable::get() that just returns the value
3338         type (instead of an insertion iterator.) It also adds an early return
3339         for empty tables.
3340
3341         Finally, up the minimum table capacity from 8 to 16. It was lowered
3342         to 8 in order to save memory, but that was before PropertyTables were
3343         GC allocated. Nowadays we don't have nearly as many tables, since all
3344         the unpinned transitions die off.
3345
3346         Reviewed by Darin Adler.
3347
3348         * runtime/PropertyMapHashTable.h:
3349         (JSC::PropertyTable::get):
3350         * runtime/Structure.cpp:
3351         (JSC::Structure::despecifyDictionaryFunction):
3352         (JSC::Structure::attributeChangeTransition):
3353         (JSC::Structure::get):
3354         (JSC::Structure::despecifyFunction):
3355         * runtime/StructureInlines.h:
3356         (JSC::Structure::get):
3357
3358 2014-03-10  Mark Hahnenberg  <mhahnenberg@apple.com>
3359
3360         REGRESSION(r165407): DoYouEvenBench crashes in DRT
3361         https://bugs.webkit.org/show_bug.cgi?id=130066
3362
3363         Reviewed by Geoffrey Garen.
3364
3365         The baseline JIT does a conditional store barrier for the put_by_id, but we need 
3366         an unconditional store barrier so that we cover the butterfly case as well in emitPutTransitionStub.
3367
3368         * jit/JIT.h:
3369         * jit/JITPropertyAccess.cpp:
3370         (JSC::JIT::emit_op_put_by_id):
3371         (JSC::JIT::emitWriteBarrier):
3372
3373 2014-03-10  Mark Lam  <mark.lam@apple.com>
3374
3375         Resurrect bit-rotted JIT::probe() mechanism.
3376         <https://webkit.org/b/130067>
3377
3378         Reviewed by Geoffrey Garen.
3379
3380         * jit/JITStubs.cpp:
3381         - Added the needed #include <wtf/InlineASM.h>.
3382
3383 2014-03-10  Joseph Pecoraro  <pecoraro@apple.com>
3384
3385         Fix typo in EXCLUDED_SOURCE_FILE_NAMES_iphoneos.
3386
3387         Rubber-stamped by Dan Bernstein.
3388
3389         * Configurations/JavaScriptCore.xcconfig:
3390
3391 2014-03-10  Mark Lam  <mark.lam@apple.com>
3392
3393         r165414 broke the 32-bit x86 tests: ASSERTION FAILED: result != InvalidIndex @ GPRInfo.h:330.
3394         <https://webkit.org/b/130065>
3395
3396         Reviewed by Michael Saboff.
3397
3398         There is code in ScratchRegisterAllocator.cpp that is relying on GPRInfo::toIndex()
3399         being able to return InvalidIndex.  Hence, the assertion is invalid.  Ditto for
3400         FPRInfo::toIndex().
3401
3402         The fix is to remove the "result != InvalidIndex" assertions.
3403
3404         * jit/FPRInfo.h:
3405         (JSC::FPRInfo::toIndex):
3406         * jit/GPRInfo.h:
3407         (JSC::GPRInfo::toIndex):
3408
3409 2014-03-10  Mark Lam  <mark.lam@apple.com>
3410
3411         Crash on a stack overflow on 32-bit x86 in http/tests/websocket/tests/hybi/workers/no-onmessage-in-sync-op.html.
3412         <https://webkit.org/b/129955>
3413
3414         Reviewed by Geoffrey Garen.
3415
3416         The 32-bit x86 version of getHostCallReturnValue() was leaking 16 bytes
3417         stack memory every time it was called.  This is now fixed.
3418
3419         * jit/JITOperations.cpp:
3420