650ae8b819b1274aa9f4fc25995c3166e8645a3f
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-22  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r178894.
4         https://bugs.webkit.org/show_bug.cgi?id=140775
5
6         Broke JSC and bindings tests (Requested by ap_ on #webkit).
7
8         Reverted changeset:
9
10         "put_by_val_direct need to check the property is index or not
11         for using putDirect / putDirectIndex"
12         https://bugs.webkit.org/show_bug.cgi?id=140426
13         http://trac.webkit.org/changeset/178894
14
15 2015-01-22  Mark Lam  <mark.lam@apple.com>
16
17         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
18         <https://webkit.org/b/140743>
19
20         Reviewed by Oliver Hunt.
21
22         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
23         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
24         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
25         for which ever captured variable is at local index 0.  In practice, this turns
26         out to be the local for the Arguments object.  In this reproduction case in the
27         bug, the wrong inferred value written there is the boolean true.
28
29         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
30         a check of the local for the Arguments object.  But because that local has a
31         wrong inferred value, the check always discovers a non-null value and we never
32         actually create the Arguments object.  Immediately after this, an OSR exit
33         occurs leaving the Arguments object local uninitialized.  Later on at arguments
34         tear off, we run into a boolean true where we had expected to find an Arguments
35         object, which in turn, leads to the crash.
36
37         The fix is to:
38         1. In the case where the resolveModeType is LocalClosureVar, change the
39            5th operand of op_put_to_scope to be a boolean.  True means that the
40            local var is watchable.  False means it is not watchable.  We no longer
41            pass the local index (instead of true) and UINT_MAX (instead of false).
42
43            This allows us to express more clearer in the code what that value means,
44            as well as remove the redundant way of getting the local's identifier.
45            The identifier is always the one passed in the 2nd operand. 
46
47         2. Previously, though intuitively, we know that the watchable variable
48            identifier should be the same as the one that is passed in operand 2, this
49            relationship was not clear in the code.  By code analysis, I confirmed that 
50            the callers of BytecodeGenerator::emitPutToScope() always use the same
51            identifier for operand 2 and for filling out the ResolveScopeInfo from
52            which we get the watchable variable identifier later.  I've changed the
53            code to make this clear now by always using the identifier passed in
54            operand 2.
55
56         3. In the case where the resolveModeType is LocalClosureVar,
57            initializeCapturedVariable() and emitPutToScope() will now query
58            hasWatchableVariable() to determine if the local is watchable or not.
59            Accordingly, we pass the boolean result of hasWatchableVariable() as
60            operand 5 of op_put_to_scope.
61
62         Also added some assertions.
63
64         * bytecode/CodeBlock.cpp:
65         (JSC::CodeBlock::CodeBlock):
66         * bytecompiler/BytecodeGenerator.cpp:
67         (JSC::BytecodeGenerator::initializeCapturedVariable):
68         (JSC::BytecodeGenerator::hasConstant):
69         (JSC::BytecodeGenerator::emitPutToScope):
70         * bytecompiler/BytecodeGenerator.h:
71         (JSC::BytecodeGenerator::hasWatchableVariable):
72         (JSC::BytecodeGenerator::watchableVariableIdentifier):
73         (JSC::BytecodeGenerator::watchableVariable): Deleted.
74
75 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
76
77         PropertyListNode::emitNode duplicates the code to put a constant property
78         https://bugs.webkit.org/show_bug.cgi?id=140761
79
80         Reviewed by Geoffrey Garen.
81
82         Extracted PropertyListNode::emitPutConstantProperty to share the code.
83
84         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
85
86         * bytecompiler/NodesCodegen.cpp:
87         (JSC::PropertyListNode::emitBytecode):
88         (JSC::PropertyListNode::emitPutConstantProperty): Added.
89         * parser/Nodes.h:
90
91 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
92
93         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
94         https://bugs.webkit.org/show_bug.cgi?id=140426
95
96         Reviewed by Geoffrey Garen.
97
98         In the put_by_val_direct operation, we use JSObject::putDirect.
99         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
100         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
101         It forces callers to check the value is index or not explicitly.
102         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
103
104         * bytecode/GetByIdStatus.cpp:
105         (JSC::GetByIdStatus::computeFor):
106         * bytecode/PutByIdStatus.cpp:
107         (JSC::PutByIdStatus::computeFor):
108         * bytecompiler/BytecodeGenerator.cpp:
109         (JSC::BytecodeGenerator::emitDirectPutById):
110         * dfg/DFGOperations.cpp:
111         (JSC::DFG::operationPutByValInternal):
112         * jit/JITOperations.cpp:
113         * jit/Repatch.cpp:
114         (JSC::emitPutTransitionStubAndGetOldStructure):
115         * jsc.cpp:
116         * llint/LLIntSlowPaths.cpp:
117         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
118         * runtime/Arguments.cpp:
119         (JSC::Arguments::getOwnPropertySlot):
120         (JSC::Arguments::put):
121         (JSC::Arguments::deleteProperty):
122         (JSC::Arguments::defineOwnProperty):
123         * runtime/ArrayPrototype.cpp:
124         (JSC::arrayProtoFuncSort):
125         * runtime/JSArray.cpp:
126         (JSC::JSArray::defineOwnProperty):
127         * runtime/JSCJSValue.cpp:
128         (JSC::JSValue::putToPrimitive):
129         * runtime/JSGenericTypedArrayViewInlines.h:
130         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
131         (JSC::JSGenericTypedArrayView<Adaptor>::put):
132         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
133         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
134         * runtime/JSObject.cpp:
135         (JSC::JSObject::put):
136         (JSC::JSObject::putDirectAccessor):
137         (JSC::JSObject::putDirectCustomAccessor):
138         (JSC::JSObject::deleteProperty):
139         (JSC::JSObject::putDirectMayBeIndex):
140         (JSC::JSObject::defineOwnProperty):
141         * runtime/JSObject.h:
142         (JSC::JSObject::getOwnPropertySlot):
143         (JSC::JSObject::getPropertySlot):
144         (JSC::JSObject::putDirectInternal):
145         * runtime/JSString.cpp:
146         (JSC::JSString::getStringPropertyDescriptor):
147         * runtime/JSString.h:
148         (JSC::JSString::getStringPropertySlot):
149         * runtime/LiteralParser.cpp:
150         (JSC::LiteralParser<CharType>::parse):
151         * runtime/PropertyName.h:
152         (JSC::toUInt32FromCharacters):
153         (JSC::toUInt32FromStringImpl):
154         (JSC::PropertyName::asIndex):
155         * runtime/PropertyNameArray.cpp:
156         (JSC::PropertyNameArray::add):
157         * runtime/StringObject.cpp:
158         (JSC::StringObject::deleteProperty):
159         * runtime/Structure.cpp:
160         (JSC::Structure::prototypeChainMayInterceptStoreTo):
161
162 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
163
164         Consolidate out arguments of parseFunctionInfo into a struct
165         https://bugs.webkit.org/show_bug.cgi?id=140754
166
167         Reviewed by Oliver Hunt.
168
169         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
170
171         * JavaScriptCore.xcodeproj/project.pbxproj:
172         * parser/ASTBuilder.h:
173         (JSC::ASTBuilder::createFunctionExpr):
174         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
175         ParserFunctionInfo since the property name and the function name could differ.
176         (JSC::ASTBuilder::createFuncDeclStatement):
177         * parser/Parser.cpp:
178         (JSC::Parser<LexerType>::parseFunctionInfo):
179         (JSC::Parser<LexerType>::parseFunctionDeclaration):
180         (JSC::Parser<LexerType>::parseProperty):
181         (JSC::Parser<LexerType>::parseMemberExpression):
182         * parser/Parser.h:
183         * parser/ParserFunctionInfo.h: Added.
184         * parser/SyntaxChecker.h:
185         (JSC::SyntaxChecker::createFunctionExpr):
186         (JSC::SyntaxChecker::createFuncDeclStatement):
187         (JSC::SyntaxChecker::createClassDeclStatement):
188         (JSC::SyntaxChecker::createGetterOrSetterProperty):
189
190 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
191
192         Change Heap::m_compiledCode to use a Vector
193         https://bugs.webkit.org/show_bug.cgi?id=140717
194
195         Reviewed by Andreas Kling.
196
197         Right now it's a DoublyLinkedList, which is iterated during each
198         collection. This contributes to some of the longish Eden pause times.
199         A Vector would be more appropriate and would also allow ExecutableBase
200         to be 2 pointers smaller.
201
202         * heap/Heap.cpp:
203         (JSC::Heap::deleteAllCompiledCode):
204         (JSC::Heap::deleteAllUnlinkedFunctionCode):
205         (JSC::Heap::clearUnmarkedExecutables):
206         * heap/Heap.h:
207         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
208
209 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
210
211         BytecodeGenerator shouldn't expose all of its member variables
212         https://bugs.webkit.org/show_bug.cgi?id=140752
213
214         Reviewed by Mark Lam.
215
216         Added "private:" and removed unused data members as detected by clang.
217
218         * bytecompiler/BytecodeGenerator.cpp:
219         (JSC::BytecodeGenerator::BytecodeGenerator):
220         * bytecompiler/BytecodeGenerator.h:
221         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
222         * bytecompiler/NodesCodegen.cpp:
223         (JSC::BinaryOpNode::emitBytecode):
224
225 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
226
227         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
228         https://bugs.webkit.org/show_bug.cgi?id=140746
229
230         Reviewed by Timothy Hatcher.
231
232         * inspector/InjectedScriptSource.js:
233         Do not add impure properties to the descriptor object that will
234         eventually be sent to the frontend.
235
236 2015-01-21  Matthew Mirman  <mmirman@apple.com>
237
238         Updated split such that it does not include the empty end of input string match.
239         https://bugs.webkit.org/show_bug.cgi?id=138129
240         <rdar://problem/18807403>
241
242         Reviewed by Filip Pizlo.
243
244         * runtime/StringPrototype.cpp:
245         (JSC::stringProtoFuncSplit):
246         * tests/stress/empty_eos_regex_split.js: Added.
247
248 2015-01-21  Michael Saboff  <msaboff@apple.com>
249
250         Eliminate Scope slot from JavaScript CallFrame
251         https://bugs.webkit.org/show_bug.cgi?id=136724
252
253         Reviewed by Geoffrey Garen.
254
255         This finishes the removal of the scope chain slot from the call frame header.
256
257         * dfg/DFGOSRExitCompilerCommon.cpp:
258         (JSC::DFG::reifyInlinedCallFrames):
259         * dfg/DFGPreciseLocalClobberize.h:
260         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
261         * dfg/DFGSpeculativeJIT32_64.cpp:
262         (JSC::DFG::SpeculativeJIT::emitCall):
263         * dfg/DFGSpeculativeJIT64.cpp:
264         (JSC::DFG::SpeculativeJIT::emitCall):
265         * ftl/FTLJSCall.cpp:
266         (JSC::FTL::JSCall::emit):
267         * ftl/FTLLowerDFGToLLVM.cpp:
268         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
269         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
270         * interpreter/JSStack.h:
271         * interpreter/VMInspector.cpp:
272         (JSC::VMInspector::dumpFrame):
273         * jit/JITCall.cpp:
274         (JSC::JIT::compileOpCall):
275         * jit/JITCall32_64.cpp:
276         (JSC::JIT::compileOpCall):
277         * jit/JITOpcodes32_64.cpp:
278         (JSC::JIT::privateCompileCTINativeCall):
279         * jit/Repatch.cpp:
280         (JSC::generateByIdStub):
281         (JSC::linkClosureCall):
282         * jit/ThunkGenerators.cpp:
283         (JSC::virtualForThunkGenerator):
284         (JSC::nativeForGenerator):
285         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
286         read or set.  In most cases this was where we make JS calls.
287
288         * interpreter/CallFrameClosure.h:
289         (JSC::CallFrameClosure::setArgument):
290         (JSC::CallFrameClosure::resetCallFrame): Deleted.
291         * interpreter/Interpreter.cpp:
292         (JSC::Interpreter::execute):
293         (JSC::Interpreter::executeCall):
294         (JSC::Interpreter::executeConstruct):
295         (JSC::Interpreter::prepareForRepeatCall):
296         * interpreter/ProtoCallFrame.cpp:
297         (JSC::ProtoCallFrame::init):
298         * interpreter/ProtoCallFrame.h:
299         (JSC::ProtoCallFrame::scope): Deleted.
300         (JSC::ProtoCallFrame::setScope): Deleted.
301         * llint/LLIntData.cpp:
302         (JSC::LLInt::Data::performAssertions):
303         * llint/LowLevelInterpreter.asm:
304         * llint/LowLevelInterpreter64.asm:
305         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
306         registers that needed to be copied from the ProtoCallFrame to a callee's frame
307         from 5 to 4.
308
309         * llint/LowLevelInterpreter32_64.asm:
310         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
311
312 2015-01-21  Michael Saboff  <msaboff@apple.com>
313
314         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
315         https://bugs.webkit.org/show_bug.cgi?id=140708
316
317         Reviewed by Mark Lam.
318
319         Eliminated construct methods and change getConstructData() for both classes to return
320         ConstructTypeNone as they can never be called.
321
322         * runtime/NullGetterFunction.cpp:
323         (JSC::NullGetterFunction::getConstructData):
324         (JSC::constructReturnUndefined): Deleted.
325         * runtime/NullSetterFunction.cpp:
326         (JSC::NullSetterFunction::getConstructData):
327         (JSC::constructReturnUndefined): Deleted.
328
329 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
330
331         Remove ENABLE(INSPECTOR) ifdef guards
332         https://bugs.webkit.org/show_bug.cgi?id=140668
333
334         Reviewed by Darin Adler.
335
336         * Configurations/FeatureDefines.xcconfig:
337         * bindings/ScriptValue.cpp:
338         (Deprecated::ScriptValue::toInspectorValue):
339         * bindings/ScriptValue.h:
340         * inspector/ConsoleMessage.cpp:
341         * inspector/ConsoleMessage.h:
342         * inspector/ContentSearchUtilities.cpp:
343         * inspector/ContentSearchUtilities.h:
344         * inspector/IdentifiersFactory.cpp:
345         * inspector/IdentifiersFactory.h:
346         * inspector/InjectedScript.cpp:
347         * inspector/InjectedScript.h:
348         * inspector/InjectedScriptBase.cpp:
349         * inspector/InjectedScriptBase.h:
350         * inspector/InjectedScriptHost.cpp:
351         * inspector/InjectedScriptHost.h:
352         * inspector/InjectedScriptManager.cpp:
353         * inspector/InjectedScriptManager.h:
354         * inspector/InjectedScriptModule.cpp:
355         * inspector/InjectedScriptModule.h:
356         * inspector/InspectorAgentRegistry.cpp:
357         * inspector/InspectorBackendDispatcher.cpp:
358         * inspector/InspectorBackendDispatcher.h:
359         * inspector/InspectorProtocolTypes.h:
360         * inspector/JSGlobalObjectConsoleClient.cpp:
361         * inspector/JSGlobalObjectInspectorController.cpp:
362         * inspector/JSGlobalObjectInspectorController.h:
363         * inspector/JSGlobalObjectScriptDebugServer.cpp:
364         * inspector/JSGlobalObjectScriptDebugServer.h:
365         * inspector/JSInjectedScriptHost.cpp:
366         * inspector/JSInjectedScriptHost.h:
367         * inspector/JSInjectedScriptHostPrototype.cpp:
368         * inspector/JSInjectedScriptHostPrototype.h:
369         * inspector/JSJavaScriptCallFrame.cpp:
370         * inspector/JSJavaScriptCallFrame.h:
371         * inspector/JSJavaScriptCallFramePrototype.cpp:
372         * inspector/JSJavaScriptCallFramePrototype.h:
373         * inspector/JavaScriptCallFrame.cpp:
374         * inspector/JavaScriptCallFrame.h:
375         * inspector/ScriptCallFrame.cpp:
376         (Inspector::ScriptCallFrame::buildInspectorObject):
377         * inspector/ScriptCallFrame.h:
378         * inspector/ScriptCallStack.cpp:
379         (Inspector::ScriptCallStack::buildInspectorArray):
380         * inspector/ScriptCallStack.h:
381         * inspector/ScriptDebugServer.cpp:
382         * inspector/agents/InspectorAgent.cpp:
383         * inspector/agents/InspectorAgent.h:
384         * inspector/agents/InspectorConsoleAgent.cpp:
385         * inspector/agents/InspectorConsoleAgent.h:
386         * inspector/agents/InspectorDebuggerAgent.cpp:
387         * inspector/agents/InspectorDebuggerAgent.h:
388         * inspector/agents/InspectorRuntimeAgent.cpp:
389         * inspector/agents/InspectorRuntimeAgent.h:
390         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
391         * inspector/agents/JSGlobalObjectConsoleAgent.h:
392         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
393         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
394         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
395         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
396         * inspector/scripts/codegen/cpp_generator_templates.py:
397         (CppGeneratorTemplates):
398         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
399         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
400         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
401         * inspector/scripts/tests/expected/enum-values.json-result:
402         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
403         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
404         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
405         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
406         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
407         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
408         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
409         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
410         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
411         * runtime/TypeSet.cpp:
412         (JSC::TypeSet::inspectorTypeSet):
413         (JSC::StructureShape::inspectorRepresentation):
414
415 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
416
417         Web Inspector: Clean up InjectedScriptSource.js
418         https://bugs.webkit.org/show_bug.cgi?id=140709
419
420         Reviewed by Timothy Hatcher.
421
422         This patch includes some relevant Blink patches and small changes.
423         
424         Patch by <aandrey@chromium.org>
425         DevTools: Remove console last result $_ on console clear.
426         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
427
428         Patch by <eustas@chromium.org>
429         [Inspect DOM properties] incorrect CSS Selector Syntax
430         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
431
432         * inspector/InjectedScriptSource.js:
433
434 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
435
436         Web Inspector: Cleanup RuntimeAgent a bit
437         https://bugs.webkit.org/show_bug.cgi?id=140706
438
439         Reviewed by Timothy Hatcher.
440
441         * inspector/InjectedScript.h:
442         * inspector/InspectorBackendDispatcher.h:
443         * inspector/ScriptCallFrame.cpp:
444         * inspector/agents/InspectorRuntimeAgent.cpp:
445         (Inspector::InspectorRuntimeAgent::evaluate):
446         (Inspector::InspectorRuntimeAgent::getProperties):
447         (Inspector::InspectorRuntimeAgent::run):
448         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
449         (Inspector::recompileAllJSFunctionsForTypeProfiling):
450         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
451
452 2015-01-20  Matthew Mirman  <mmirman@apple.com>
453
454         Made Identity in the DFG allocate a new temp register and move 
455         the old data to it.
456         https://bugs.webkit.org/show_bug.cgi?id=140700
457         <rdar://problem/19339106>
458
459         Reviewed by Filip Pizlo.
460
461         * dfg/DFGSpeculativeJIT64.cpp:
462         (JSC::DFG::SpeculativeJIT::compile): 
463         Added scratch registers for Identity. 
464         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
465
466 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
467
468         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
469         https://bugs.webkit.org/show_bug.cgi?id=137306
470
471         Reviewed by Timothy Hatcher.
472
473         Provide another optional parameter to getProperties, to gather a list
474         of all own and getter properties.
475
476         * inspector/InjectedScript.cpp:
477         (Inspector::InjectedScript::getProperties):
478         * inspector/InjectedScript.h:
479         * inspector/InjectedScriptSource.js:
480         * inspector/agents/InspectorRuntimeAgent.cpp:
481         (Inspector::InspectorRuntimeAgent::getProperties):
482         * inspector/agents/InspectorRuntimeAgent.h:
483         * inspector/protocol/Runtime.json:
484
485 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
486
487         Web Inspector: Should show dynamic specificity values
488         https://bugs.webkit.org/show_bug.cgi?id=140647
489
490         Reviewed by Benjamin Poulain.
491
492         * inspector/protocol/CSS.json:
493         Clarify CSSSelector optional values and add "dynamic" property indicating
494         if the selector can be dynamic based on the element it is matched against.
495
496 2015-01-20  Commit Queue  <commit-queue@webkit.org>
497
498         Unreviewed, rolling out r178751.
499         https://bugs.webkit.org/show_bug.cgi?id=140694
500
501         Caused 32-bit JSC test failures (Requested by JoePeck on
502         #webkit).
503
504         Reverted changeset:
505
506         "put_by_val_direct need to check the property is index or not
507         for using putDirect / putDirectIndex"
508         https://bugs.webkit.org/show_bug.cgi?id=140426
509         http://trac.webkit.org/changeset/178751
510
511 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
512
513         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
514         https://bugs.webkit.org/show_bug.cgi?id=140426
515
516         Reviewed by Geoffrey Garen.
517
518         In the put_by_val_direct operation, we use JSObject::putDirect.
519         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
520         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
521         It forces callers to check the value is index or not explicitly.
522         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
523
524         * bytecode/GetByIdStatus.cpp:
525         (JSC::GetByIdStatus::computeFor):
526         * bytecode/PutByIdStatus.cpp:
527         (JSC::PutByIdStatus::computeFor):
528         * bytecompiler/BytecodeGenerator.cpp:
529         (JSC::BytecodeGenerator::emitDirectPutById):
530         * dfg/DFGOperations.cpp:
531         (JSC::DFG::operationPutByValInternal):
532         * jit/JITOperations.cpp:
533         * jit/Repatch.cpp:
534         (JSC::emitPutTransitionStubAndGetOldStructure):
535         * jsc.cpp:
536         * llint/LLIntSlowPaths.cpp:
537         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
538         * runtime/Arguments.cpp:
539         (JSC::Arguments::getOwnPropertySlot):
540         (JSC::Arguments::put):
541         (JSC::Arguments::deleteProperty):
542         (JSC::Arguments::defineOwnProperty):
543         * runtime/ArrayPrototype.cpp:
544         (JSC::arrayProtoFuncSort):
545         * runtime/JSArray.cpp:
546         (JSC::JSArray::defineOwnProperty):
547         * runtime/JSCJSValue.cpp:
548         (JSC::JSValue::putToPrimitive):
549         * runtime/JSGenericTypedArrayViewInlines.h:
550         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
551         (JSC::JSGenericTypedArrayView<Adaptor>::put):
552         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
553         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
554         * runtime/JSObject.cpp:
555         (JSC::JSObject::put):
556         (JSC::JSObject::putDirectAccessor):
557         (JSC::JSObject::putDirectCustomAccessor):
558         (JSC::JSObject::deleteProperty):
559         (JSC::JSObject::putDirectMayBeIndex):
560         (JSC::JSObject::defineOwnProperty):
561         * runtime/JSObject.h:
562         (JSC::JSObject::getOwnPropertySlot):
563         (JSC::JSObject::getPropertySlot):
564         (JSC::JSObject::putDirectInternal):
565         * runtime/JSString.cpp:
566         (JSC::JSString::getStringPropertyDescriptor):
567         * runtime/JSString.h:
568         (JSC::JSString::getStringPropertySlot):
569         * runtime/LiteralParser.cpp:
570         (JSC::LiteralParser<CharType>::parse):
571         * runtime/PropertyName.h:
572         (JSC::toUInt32FromCharacters):
573         (JSC::toUInt32FromStringImpl):
574         (JSC::PropertyName::asIndex):
575         * runtime/PropertyNameArray.cpp:
576         (JSC::PropertyNameArray::add):
577         * runtime/StringObject.cpp:
578         (JSC::StringObject::deleteProperty):
579         * runtime/Structure.cpp:
580         (JSC::Structure::prototypeChainMayInterceptStoreTo):
581
582 2015-01-20  Michael Saboff  <msaboff@apple.com>
583
584         REGRESSION(178696): Sporadic crashes while garbage collecting
585         https://bugs.webkit.org/show_bug.cgi?id=140688
586
587         Reviewed by Geoffrey Garen.
588
589         Added missing visitor.append(&thisObject->m_nullSetterFunction).
590
591         * runtime/JSGlobalObject.cpp:
592         (JSC::JSGlobalObject::visitChildren):
593
594 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
595
596         Web Replay: code generator should take supplemental specifications and allow cross-framework references
597         https://bugs.webkit.org/show_bug.cgi?id=136312
598
599         Reviewed by Joseph Pecoraro.
600
601         Some types are shared between replay inputs from different frameworks.
602         Previously, these type declarations were duplicated in every input
603         specification file in which they were used. This caused some type encoding
604         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
605
606         This patch teaches the replay inputs code generator to accept multiple
607         input specification files. Inputs can freely reference types from other
608         frameworks without duplicating declarations.
609
610         On the code generation side, the model could contain types and inputs from
611         frameworks that are not the target framework. Only generate code for the
612         target framework.
613
614         To properly generate cross-framework type encoding traits, use
615         Type.encoding_type_argument in more places, and add the export macro for WebCore
616         and the Test framework.
617
618         Adjust some tests so that enum coverage is preserved by moving the enum types
619         into "Test" (the target framework for tests).
620
621         * JavaScriptCore.vcxproj/copy-files.cmd:
622         For Windows, copy over JSInputs.json as if it were a private header.
623
624         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
625         * replay/JSInputs.json:
626         Put all primitive types and WTF types in this specification file.
627
628         * replay/scripts/CodeGeneratorReplayInputs.py:
629         (Input.__init__):
630         (InputsModel.__init__): Keep track of the input's framework.
631         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
632         and allow either types or inputs to be missing from a single file.
633
634         (InputsModel.parse_type_with_framework):
635         (InputsModel.parse_input_with_framework):
636         (Generator.should_generate_item): Added helper method.
637         (Generator.generate_header): Filter inputs to generate.
638         (Generator.generate_implementation): Filter inputs to generate.
639         (Generator.generate_enum_trait_declaration): Filter enums to generate.
640         Add WEBCORE_EXPORT macro to enum encoding traits.
641
642         (Generator.generate_for_each_macro): Filter inputs to generate.
643         (Generator.generate_enum_trait_implementation): Filter enums to generate.
644         (generate_from_specifications): Added.
645         (generate_from_specifications.parse_json_from_file):
646         (InputsModel.parse_toplevel): Deleted.
647         (InputsModel.parse_type_with_framework_name): Deleted.
648         (InputsModel.parse_input): Deleted.
649         (generate_from_specification): Deleted.
650         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
651         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
652         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
653         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
654         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
655         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
656         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
657         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
658         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
659         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
660         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
661         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
662         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
663         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
664         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
665         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
666         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
667         * replay/scripts/tests/fail-on-duplicate-input-names.json:
668         * replay/scripts/tests/fail-on-duplicate-type-names.json:
669         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
670         * replay/scripts/tests/fail-on-missing-input-member-name.json:
671         * replay/scripts/tests/fail-on-missing-input-name.json:
672         * replay/scripts/tests/fail-on-missing-input-queue.json:
673         * replay/scripts/tests/fail-on-missing-type-mode.json:
674         * replay/scripts/tests/fail-on-missing-type-name.json:
675         * replay/scripts/tests/fail-on-no-inputs.json:
676         Removed, no longer required to be in a single file.
677
678         * replay/scripts/tests/fail-on-no-types.json:
679         Removed, no longer required to be in a single file.
680
681         * replay/scripts/tests/fail-on-unknown-input-queue.json:
682         * replay/scripts/tests/fail-on-unknown-member-type.json:
683         * replay/scripts/tests/fail-on-unknown-type-mode.json:
684         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
685         * replay/scripts/tests/generate-enum-encoding-helpers.json:
686         * replay/scripts/tests/generate-enum-with-guard.json:
687         Include enums that are and are not generated.
688
689         * replay/scripts/tests/generate-enums-with-same-base-name.json:
690         * replay/scripts/tests/generate-event-loop-shape-types.json:
691         * replay/scripts/tests/generate-input-with-guard.json:
692         * replay/scripts/tests/generate-input-with-vector-members.json:
693         * replay/scripts/tests/generate-inputs-with-flags.json:
694         * replay/scripts/tests/generate-memoized-type-modes.json:
695
696 2015-01-20  Tomas Popela  <tpopela@redhat.com>
697
698         [GTK] Cannot compile 2.7.3 on PowerPC machines
699         https://bugs.webkit.org/show_bug.cgi?id=140616
700
701         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
702
703         Reviewed by Csaba Osztrogonác.
704
705         * runtime/BasicBlockLocation.cpp:
706
707 2015-01-19  Michael Saboff  <msaboff@apple.com>
708
709         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
710         https://bugs.webkit.org/show_bug.cgi?id=139418
711
712         Reviewed by Filip Pizlo.
713
714         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
715         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
716
717         * CMakeLists.txt:
718         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
719         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
720         * JavaScriptCore.xcodeproj/project.pbxproj:
721         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
722
723         * runtime/GetterSetter.h:
724         (JSC::GetterSetter::GetterSetter):
725         (JSC::GetterSetter::isSetterNull):
726         (JSC::GetterSetter::setSetter):
727         Change setter instances from using NullGetterFunction to using NullSetterFunction.
728
729         * runtime/JSGlobalObject.cpp:
730         (JSC::JSGlobalObject::init):
731         * runtime/JSGlobalObject.h:
732         (JSC::JSGlobalObject::nullSetterFunction):
733         Added m_nullSetterFunction and accessor.
734
735         * runtime/NullSetterFunction.cpp: Added.
736         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
737         (JSC::GetCallerStrictnessFunctor::operator()):
738         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
739         (JSC::callerIsStrict):
740         Method to determine if the caller is in strict mode.
741
742         (JSC::callReturnUndefined):
743         (JSC::constructReturnUndefined):
744         (JSC::NullSetterFunction::getCallData):
745         (JSC::NullSetterFunction::getConstructData):
746         * runtime/NullSetterFunction.h: Added.
747         (JSC::NullSetterFunction::create):
748         (JSC::NullSetterFunction::createStructure):
749         (JSC::NullSetterFunction::NullSetterFunction):
750         Class with handlers for a null setter.
751
752 2015-01-19  Saam Barati  <saambarati1@gmail.com>
753
754         Web Inspector: Provide a front end for JSC's Control Flow Profiler
755         https://bugs.webkit.org/show_bug.cgi?id=138454
756
757         Reviewed by Timothy Hatcher.
758
759         This patch puts the final touches on what JSC needs to provide
760         for the Web Inspector to show a UI for the control flow profiler.
761
762         * inspector/agents/InspectorRuntimeAgent.cpp:
763         (Inspector::recompileAllJSFunctionsForTypeProfiling):
764         * runtime/ControlFlowProfiler.cpp:
765         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
766         * runtime/FunctionHasExecutedCache.cpp:
767         (JSC::FunctionHasExecutedCache::getFunctionRanges):
768         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
769         * runtime/FunctionHasExecutedCache.h:
770
771 2015-01-19  David Kilzer  <ddkilzer@apple.com>
772
773         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
774         <http://webkit.org/b/140658>
775
776         Reviewed by Filip Pizlo.
777
778         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
779         only when building for 64-bit architectures.
780
781 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
782
783         ClosureCallStubRoutine no longer needs codeOrigin
784         https://bugs.webkit.org/show_bug.cgi?id=140659
785
786         Reviewed by Michael Saboff.
787         
788         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
789         would start with the CodeBlock according to the caller frame's call frame header. But if the
790         call was a closure call, the return PC would be inside some closure call stub. So if the
791         CodeBlock search failed, we would search *all* closure call stub routines to see which one
792         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
793         object. This was all a bunch of madness, and we actually got rid of it - we now determine
794         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
795         argument count.
796         
797         This patch removes the final vestiges of the madness:
798         
799         - Remove the totally unused method declaration for the thing that did the closure call stub
800           search.
801         
802         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
803           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
804           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
805           anymore.
806
807         * bytecode/CodeBlock.h:
808         * jit/ClosureCallStubRoutine.cpp:
809         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
810         * jit/ClosureCallStubRoutine.h:
811         (JSC::ClosureCallStubRoutine::executable):
812         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
813         * jit/Repatch.cpp:
814         (JSC::linkClosureCall):
815
816 2015-01-19  Saam Barati  <saambarati1@gmail.com>
817
818         Basic block start offsets should never be larger than end offsets in the control flow profiler
819         https://bugs.webkit.org/show_bug.cgi?id=140377
820
821         Reviewed by Filip Pizlo.
822
823         The bytecode generator will emit code more than once for some AST nodes. For instance, 
824         the finally block of TryNode will emit two code paths for its finally block: one for 
825         the normal path, and another for the path where an exception is thrown in the catch block. 
826         
827         This repeated code emission of the same AST node previously broke how the control 
828         flow profiler computed text ranges of basic blocks because when the same AST node 
829         is emitted multiple times, there is a good chance that there are ranges that span 
830         from the end offset of one of these duplicated nodes back to the start offset of 
831         the same duplicated node. This caused a basic block range to report a larger start 
832         offset than end offset. This was incorrect. Now, when this situation is encountered 
833         while linking a CodeBlock, the faulty range in question is ignored.
834
835         * bytecode/CodeBlock.cpp:
836         (JSC::CodeBlock::CodeBlock):
837         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
838         * bytecode/CodeBlock.h:
839         * bytecompiler/NodesCodegen.cpp:
840         (JSC::ForInNode::emitMultiLoopBytecode):
841         (JSC::ForOfNode::emitBytecode):
842         (JSC::TryNode::emitBytecode):
843         * parser/Parser.cpp:
844         (JSC::Parser<LexerType>::parseConditionalExpression):
845         * runtime/ControlFlowProfiler.cpp:
846         (JSC::ControlFlowProfiler::ControlFlowProfiler):
847         * runtime/ControlFlowProfiler.h:
848         (JSC::ControlFlowProfiler::dummyBasicBlock):
849
850 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
851
852         [SVG -> OTF Converter] Flip the switch on
853         https://bugs.webkit.org/show_bug.cgi?id=140592
854
855         Reviewed by Antti Koivisto.
856
857         * Configurations/FeatureDefines.xcconfig:
858
859 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
860
861         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
862         https://bugs.webkit.org/show_bug.cgi?id=140512
863
864         Reviewed by Chris Dumez.
865
866         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
867         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
868         input types, and the type traits macro is defined in namespace WTF.
869
870         * replay/NondeterministicInput.h: Make overridden methods public.
871         * replay/scripts/CodeGeneratorReplayInputs.py:
872         (Generator.generate_header):
873         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
874         (Generator.generate_input_type_trait_declaration): Added.
875         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
876         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
877         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
878         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
879         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
880         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
881         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
882         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
883         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
884
885 2015-01-19  Commit Queue  <commit-queue@webkit.org>
886
887         Unreviewed, rolling out r178653.
888         https://bugs.webkit.org/show_bug.cgi?id=140634
889
890         Broke multiple SVG tests on Mountain Lion (Requested by ap on
891         #webkit).
892
893         Reverted changeset:
894
895         "[SVG -> OTF Converter] Flip the switch on"
896         https://bugs.webkit.org/show_bug.cgi?id=140592
897         http://trac.webkit.org/changeset/178653
898
899 2015-01-18  Dean Jackson  <dino@apple.com>
900
901         ES6: Support Array.of construction
902         https://bugs.webkit.org/show_bug.cgi?id=140605
903         <rdar://problem/19513655>
904
905         Reviewed by Geoffrey Garen.
906
907         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
908         specification (15 Jan 2015). The Array.of() method creates a new Array
909         instance with a variable number of arguments, regardless of number or type
910         of the arguments.
911
912         * runtime/ArrayConstructor.cpp:
913         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
914         over the arguments, setting them to the appropriate index.
915
916 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
917
918         [SVG -> OTF Converter] Flip the switch on
919         https://bugs.webkit.org/show_bug.cgi?id=140592
920
921         Reviewed by Antti Koivisto.
922
923         * Configurations/FeatureDefines.xcconfig:
924
925 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
926
927         Web Inspector: highlight data for overlay should use protocol type builders
928         https://bugs.webkit.org/show_bug.cgi?id=129441
929
930         Reviewed by Timothy Hatcher.
931
932         Add a new domain for overlay types.
933
934         * CMakeLists.txt:
935         * DerivedSources.make:
936         * inspector/protocol/OverlayTypes.json: Added.
937
938 2015-01-17  Michael Saboff  <msaboff@apple.com>
939
940         Crash in JSScope::resolve() on tools.ups.com
941         https://bugs.webkit.org/show_bug.cgi?id=140579
942
943         Reviewed by Geoffrey Garen.
944
945         For op_resolve_scope of a global property or variable that needs to check for the var
946         injection check watchpoint, we need to keep the scope around with a Phantom.  The
947         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
948         fired.
949
950         * dfg/DFGByteCodeParser.cpp:
951         (JSC::DFG::ByteCodeParser::parseBlock):
952
953 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
954
955         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
956         https://bugs.webkit.org/show_bug.cgi?id=140557
957
958         Reviewed by Joseph Pecoraro.
959
960         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
961         This makes it longwinded and confusing to use the type in C++ code.
962
963         This patch adds a typedef for array type declarations, so types such as Console::CallStack
964         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
965
966         Some tests were updated to cover array type declarations used as parameters and type members.
967
968         * inspector/ScriptCallStack.cpp: Use the new typedef.
969         (Inspector::ScriptCallStack::buildInspectorArray):
970         * inspector/ScriptCallStack.h:
971         * inspector/scripts/codegen/cpp_generator.py:
972         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
973         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
974         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
975         (_generate_typedefs_for_domain.Inspector):
976         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
977         (ArrayType.__init__):
978         (Protocol.resolve_types):
979         (Protocol.lookup_type_reference):
980         * inspector/scripts/tests/commands-with-async-attribute.json:
981         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
982         * inspector/scripts/tests/events-with-optional-parameters.json:
983         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
984         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
985         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
986         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
987         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
988         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
989         * inspector/scripts/tests/type-declaration-object-type.json:
990
991 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
992
993         Web Replay: purge remaining PassRefPtr uses and minor cleanup
994         https://bugs.webkit.org/show_bug.cgi?id=140456
995
996         Reviewed by Andreas Kling.
997
998         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
999         Remove mistaken uses of AtomicString that were not removed as part of r174113.
1000
1001         * replay/EmptyInputCursor.h:
1002         * replay/InputCursor.h:
1003         (JSC::InputCursor::InputCursor):
1004
1005 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1006
1007         Web Inspector: code generator should fail on duplicate parameter and member names
1008         https://bugs.webkit.org/show_bug.cgi?id=140555
1009
1010         Reviewed by Timothy Hatcher.
1011
1012         * inspector/scripts/codegen/models.py:
1013         (find_duplicates): Add a helper function to find duplicates in a list.
1014         (Protocol.parse_type_declaration):
1015         (Protocol.parse_command):
1016         (Protocol.parse_event):
1017         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
1018         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
1019         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
1020         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
1021         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
1022         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
1023         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
1024         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
1025
1026 2015-01-16  Michael Saboff  <msaboff@apple.com>
1027
1028         REGRESSION (r174226): Header on huffingtonpost.com is too large
1029         https://bugs.webkit.org/show_bug.cgi?id=140306
1030
1031         Reviewed by Filip Pizlo.
1032
1033         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
1034         arguments register or whether we need to resolve "arguments".  If the arguments have
1035         been captured, then they are stored in the lexical environment and the arguments
1036         register is not used.
1037
1038         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
1039         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
1040         better indicate what we are checking.
1041
1042         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
1043         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
1044         incorrectly calculated the location of the reified callee frame.  This alignment resulted
1045         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
1046
1047         * bytecompiler/BytecodeGenerator.cpp:
1048         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
1049         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
1050         (JSC::BytecodeGenerator::emitCall):
1051         (JSC::BytecodeGenerator::emitConstruct):
1052         (JSC::BytecodeGenerator::emitEnumeration):
1053         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
1054         * bytecompiler/BytecodeGenerator.h:
1055         * bytecompiler/NodesCodegen.cpp:
1056         (JSC::BracketAccessorNode::emitBytecode):
1057         (JSC::DotAccessorNode::emitBytecode):
1058         (JSC::getArgumentByVal):
1059         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1060         (JSC::ArrayPatternNode::emitDirectBinding):
1061         * dfg/DFGOSRExitCompilerCommon.cpp:
1062         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
1063         * dfg/DFGOperations.cpp:
1064         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1065         * dfg/DFGOperations.h:
1066         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1067
1068 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
1069
1070         Remove ENABLE(SQL_DATABASE) guards
1071         https://bugs.webkit.org/show_bug.cgi?id=140434
1072
1073         Reviewed by Darin Adler.
1074
1075         * CMakeLists.txt:
1076         * Configurations/FeatureDefines.xcconfig:
1077         * DerivedSources.make:
1078         * inspector/protocol/Database.json:
1079
1080 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
1081
1082         Web Inspector and regular console use different source code locations for messages
1083         https://bugs.webkit.org/show_bug.cgi?id=140478
1084
1085         Reviewed by Brian Burg.
1086
1087         * inspector/ConsoleMessage.h: Expose computed source location.
1088
1089         * inspector/agents/InspectorConsoleAgent.cpp:
1090         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1091         (Inspector::InspectorConsoleAgent::stopTiming):
1092         (Inspector::InspectorConsoleAgent::count):
1093         * inspector/agents/InspectorConsoleAgent.h:
1094         addMessageToConsole() now takes a pre-made ConsoleMessage object.
1095
1096         * inspector/JSGlobalObjectConsoleClient.cpp:
1097         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1098         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
1099         * inspector/JSGlobalObjectInspectorController.cpp:
1100         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1101         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1102         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1103         Updated for the above changes.
1104
1105 2015-01-15  Mark Lam  <mark.lam@apple.com>
1106
1107         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
1108         <https://webkit.org/b/140093>
1109
1110         Reviewed by Geoffrey Garen.
1111
1112         * interpreter/StackVisitor.cpp:
1113         (JSC::StackVisitor::Frame::createArguments):
1114         - We should not fetching the lexicalEnvironment here.  The reason we've
1115           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
1116           may not be available to us at this point.  Instead, we'll just pass a nullptr.
1117
1118         * runtime/Arguments.cpp:
1119         (JSC::Arguments::tearOffForCloning):
1120         * runtime/Arguments.h:
1121         (JSC::Arguments::finishCreation):
1122         - Use the new tearOffForCloning() to tear off arguments right out of the values
1123           passed on the stack.  tearOff() is not appropriate for this purpose because
1124           it takes slowArgumentsData into account.
1125
1126 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1127
1128         Removed accidental commit of "invalid_array.js" 
1129         http://trac.webkit.org/changeset/178439
1130
1131         * tests/stress/invalid_array.js: Removed.
1132
1133 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1134
1135         Fixes operationPutByIdOptimizes such that they check that the put didn't
1136         change the structure of the object who's property access is being
1137         cached.  Also removes uses of the new base value from the cache generation code.
1138         https://bugs.webkit.org/show_bug.cgi?id=139500
1139
1140         Reviewed by Filip Pizlo.
1141
1142         * jit/JITOperations.cpp:
1143         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
1144         (JSC::operationPutByIdNonStrictOptimize): ditto.
1145         (JSC::operationPutByIdDirectStrictOptimize): ditto.
1146         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
1147         * jit/Repatch.cpp:
1148         (JSC::generateByIdStub):
1149         (JSC::tryCacheGetByID):
1150         (JSC::tryBuildGetByIDList):
1151         (JSC::emitPutReplaceStub):
1152         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
1153         (JSC::tryCachePutByID):
1154         (JSC::repatchPutByID):
1155         (JSC::tryBuildPutByIdList):
1156         (JSC::tryRepatchIn):
1157         (JSC::emitPutTransitionStub): Deleted.
1158         * jit/Repatch.h:
1159         * llint/LLIntSlowPaths.cpp:
1160         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1161         * runtime/JSPropertyNameEnumerator.h:
1162         (JSC::genericPropertyNameEnumerator):
1163         * runtime/Operations.h:
1164         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
1165         (JSC::normalizePrototypeChain): restructured to not use the base value.
1166         * tests/mozilla/mozilla-tests.yaml:
1167         * tests/stress/proto-setter.js: Added.
1168         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
1169         Added test that fails without this patch.
1170
1171 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
1172
1173         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
1174         https://bugs.webkit.org/show_bug.cgi?id=140404
1175
1176         Reviewed by Timothy Hatcher.
1177
1178         * inspector/protocol/Timeline.json:
1179
1180 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1181
1182         DFG can call PutByValDirect for generic arrays
1183         https://bugs.webkit.org/show_bug.cgi?id=140389
1184
1185         Reviewed by Geoffrey Garen.
1186
1187         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
1188         However, current DFG asserts that put_by_val_direct is not used for the generic array,
1189         the assertion failure is raised.
1190         This patch allow DFG to use put_by_val_direct to generic arrays.
1191
1192         And fix the DFG put_by_val_direct implementation for string properties.
1193         At first, put_by_val_direct is inteded to be used for spread elements.
1194         So the property keys were limited to numbers (indexes).
1195         But now, it's also used for computed properties in object initializers.
1196
1197         * dfg/DFGOperations.cpp:
1198         (JSC::DFG::operationPutByValInternal):
1199         * dfg/DFGSpeculativeJIT64.cpp:
1200         (JSC::DFG::SpeculativeJIT::compile):
1201
1202 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
1203
1204         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
1205         https://bugs.webkit.org/show_bug.cgi?id=140397
1206
1207         Reviewed by Geoffrey Garen.
1208
1209         Patch by Alexey Proskuryakov.
1210
1211         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
1212
1213         No performance change.
1214
1215         No test, since this is a small past-the-end read, which is very
1216         difficult to turn into a reproducible failing test -- and existing tests
1217         crash reliably using ASan.
1218
1219         * bytecompiler/NodesCodegen.cpp:
1220         (JSC::BracketAccessorNode::emitBytecode):
1221         (JSC::DotAccessorNode::emitBytecode):
1222         (JSC::FunctionCallBracketNode::emitBytecode):
1223         (JSC::PostfixNode::emitResolve):
1224         (JSC::DeleteBracketNode::emitBytecode):
1225         (JSC::DeleteDotNode::emitBytecode):
1226         (JSC::PrefixNode::emitResolve):
1227         (JSC::UnaryOpNode::emitBytecode):
1228         (JSC::BitwiseNotNode::emitBytecode):
1229         (JSC::BinaryOpNode::emitBytecode):
1230         (JSC::EqualNode::emitBytecode):
1231         (JSC::StrictEqualNode::emitBytecode):
1232         (JSC::ThrowableBinaryOpNode::emitBytecode):
1233         (JSC::AssignDotNode::emitBytecode):
1234         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1235         register used across a call to a function that might allocate a new
1236         temporary register must be held in a RefPtr.
1237
1238 2015-01-12  Michael Saboff  <msaboff@apple.com>
1239
1240         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1241         https://bugs.webkit.org/show_bug.cgi?id=140348
1242
1243         Reviewed by Mark Lam.
1244
1245         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1246         because those registers may have been spilled on the stack and replaced with other values by
1247         the time we call down to gatherFromCurrentThread().
1248
1249         Now we get the register contents at the same place that we demarcate the current top of
1250         stack using the address of a local variable, in Heap::markRoots().  The register contents
1251         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1252         in the call tree and no lower, as markRoots() calls various functions that visit object
1253         pointers that may be latter proven dead.  Any of those pointers that are left on the
1254         stack or in registers could be incorrectly marked as live if we scan the stack contents
1255         from a called function or one of its callees.  The stack demarcation pointer and register
1256         saving need to be done in the same function so that we have a consistent stack, active
1257         and spilled registers.
1258
1259         Because we don't want to make unnecessary calls to get the register contents, we use
1260         a macro to allocated, and possibly align, the register structure and get the actual
1261         register contents.
1262
1263
1264         * heap/Heap.cpp:
1265         (JSC::Heap::markRoots):
1266         (JSC::Heap::gatherStackRoots):
1267         * heap/Heap.h:
1268         * heap/MachineStackMarker.cpp:
1269         (JSC::MachineThreads::gatherFromCurrentThread):
1270         (JSC::MachineThreads::gatherConservativeRoots):
1271         * heap/MachineStackMarker.h:
1272
1273 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1274
1275         Add basic pattern matching support to the url filters
1276         https://bugs.webkit.org/show_bug.cgi?id=140283
1277
1278         Reviewed by Andreas Kling.
1279
1280         * JavaScriptCore.xcodeproj/project.pbxproj:
1281         Make YarrParser.h private in order to use it from WebCore.
1282
1283 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1284
1285         Out of bounds read in IdentifierArena::makeIdentifier
1286         https://bugs.webkit.org/show_bug.cgi?id=140376
1287
1288         Patch by Alexey Proskuryakov.
1289
1290         Reviewed and ChangeLogged by Geoffrey Garen.
1291
1292         No test, since this is a small past-the-end read, which is very
1293         difficult to turn into a reproducible failing test -- and existing tests
1294         crash reliably using ASan.
1295
1296         * parser/ParserArena.h:
1297         (JSC::IdentifierArena::makeIdentifier):
1298         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1299         zero-length string input, like we do in the literal parser, since it is
1300         not valid to dereference characters in a zero-length string.
1301
1302         A zero-length string is allowed in JavaScript -- for example, "".
1303
1304 2015-01-11  Sam Weinig  <sam@webkit.org>
1305
1306         Remove support for SharedWorkers
1307         https://bugs.webkit.org/show_bug.cgi?id=140344
1308
1309         Reviewed by Anders Carlsson.
1310
1311         * Configurations/FeatureDefines.xcconfig:
1312
1313 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1314
1315         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1316         https://bugs.webkit.org/show_bug.cgi?id=136769
1317
1318         Reviewed by Antti Koivisto.
1319
1320         * Configurations/FeatureDefines.xcconfig:
1321
1322 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1323
1324         Unreviewed, rolling out r178266.
1325         https://bugs.webkit.org/show_bug.cgi?id=140363
1326
1327         Broke a JSC test (Requested by ap on #webkit).
1328
1329         Reverted changeset:
1330
1331         "Local JSArray* "keys" in objectConstructorKeys() is not
1332         marked during garbage collection"
1333         https://bugs.webkit.org/show_bug.cgi?id=140348
1334         http://trac.webkit.org/changeset/178266
1335
1336 2015-01-12  Michael Saboff  <msaboff@apple.com>
1337
1338         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1339         https://bugs.webkit.org/show_bug.cgi?id=140348
1340
1341         Reviewed by Mark Lam.
1342
1343         Move the address of the local variable that is used to demarcate the top of the stack for 
1344         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1345         the register values using setjmp().  That way we don't lose any callee save register
1346         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1347         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1348         erroneously.
1349
1350         * heap/Heap.cpp:
1351         (JSC::Heap::markRoots):
1352         (JSC::Heap::gatherStackRoots):
1353         * heap/Heap.h:
1354         * heap/MachineStackMarker.cpp:
1355         (JSC::MachineThreads::gatherFromCurrentThread):
1356         (JSC::MachineThreads::gatherConservativeRoots):
1357         * heap/MachineStackMarker.h:
1358
1359 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1360
1361         Fix typo in testate.c error messages
1362         https://bugs.webkit.org/show_bug.cgi?id=140305
1363
1364         Reviewed by Geoffrey Garen.
1365
1366         * API/tests/testapi.c:
1367         (main): "... script did not timed out ..." -> "... script did not time out ..."
1368
1369 2015-01-09  Michael Saboff  <msaboff@apple.com>
1370
1371         Breakpoint doesn't fire in this HTML5 game
1372         https://bugs.webkit.org/show_bug.cgi?id=140269
1373
1374         Reviewed by Mark Lam.
1375
1376         When parsing a single line cached function, use the lineStartOffset of the
1377         location where we found the cached function instead of the cached lineStartOffset.
1378         The cache location's lineStartOffset has not been adjusted for any possible
1379         containing functions.
1380
1381         This change is not needed for multi-line cached functions.  Consider the
1382         single line source:
1383
1384         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1385
1386         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1387         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1388         character is at outer()'s outermost open brace.  That is what we should use for
1389         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1390         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1391         to use the value of lineStartOffset before we started parsing inner1().  That is
1392         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1393
1394         For a multi-line function, the close brace is guaranteed to be on a different line
1395         than the open brace.  Hence, its lineStartOffset will not change with the change of
1396         the SourceCode start character
1397
1398         * parser/Parser.cpp:
1399         (JSC::Parser<LexerType>::parseFunctionInfo):
1400
1401 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1402
1403         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1404         https://bugs.webkit.org/show_bug.cgi?id=140279
1405         rdar://problem/19422299
1406
1407         Reviewed by Oliver Hunt.
1408
1409         * runtime/MapData.cpp:
1410         (JSC::MapData::replaceAndPackBackingStore):
1411         The cell table also needs to have its values fixed.
1412
1413 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1414
1415         Web Inspector: Remove or use TimelineAgent Resource related event types
1416         https://bugs.webkit.org/show_bug.cgi?id=140155
1417
1418         Reviewed by Timothy Hatcher.
1419
1420         Remove unused / stale Timeline event types.
1421
1422         * inspector/protocol/Timeline.json:
1423
1424 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1425
1426         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1427         https://bugs.webkit.org/show_bug.cgi?id=140098
1428
1429         Reviewed by Brian Burg.
1430
1431         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1432
1433 2015-01-08  Mark Lam  <mark.lam@apple.com>
1434
1435         Argument object created by "Function dot arguments" should use a clone of the argument values.
1436         <https://webkit.org/b/140093>
1437
1438         Reviewed by Geoffrey Garen.
1439
1440         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1441         test will crash.  The relevant code which manifests the issue is as follows:
1442
1443             function bar() {
1444                 return foo.arguments;
1445             }
1446
1447             function foo(p) {
1448                 var x = 42;
1449                 if (p)
1450                     return (function() { return x; });
1451                 else
1452                     return bar();
1453             }
1454
1455         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1456         has dead code eliminated the SetLocal that stores it into its designated local.
1457         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1458         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1459         but instead, finds it to be uninitialized.  This results in a null pointer access
1460         which causes a crash.
1461
1462         This can be resolved by having bar() instantiate a clone of the Arguments object
1463         instead, and populate its elements with values fetched directly from foo's frame.
1464         There's no need to reference foo's LexicalEnvironment (whether present or not).
1465
1466         * interpreter/StackVisitor.cpp:
1467         (JSC::StackVisitor::Frame::createArguments):
1468         * runtime/Arguments.h:
1469         (JSC::Arguments::finishCreation):
1470
1471 2015-01-08  Mark Lam  <mark.lam@apple.com>
1472
1473         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1474         <https://webkit.org/b/140236>
1475
1476         Reviewed by Geoffrey Garen.
1477
1478         Will change the DFG to use the operand on a subsequent pass.  For now,
1479         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1480         retain the old behavior of getting the lexicalEnviroment from the
1481         ExecState.
1482
1483         * bytecompiler/BytecodeGenerator.cpp:
1484         (JSC::BytecodeGenerator::BytecodeGenerator):
1485         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1486         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1487         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1488           instead of an empty JSValue as the lexicalEnvironment operand.
1489
1490         * dfg/DFGOperations.cpp:
1491         - Use the lexicalEnvironment from the ExecState for now.
1492
1493         * dfg/DFGSpeculativeJIT32_64.cpp:
1494         (JSC::DFG::SpeculativeJIT::compile):
1495         * dfg/DFGSpeculativeJIT64.cpp:
1496         (JSC::DFG::SpeculativeJIT::compile):
1497         - Use the operationCreateArgumentsForDFG() thunk for now.
1498
1499         * interpreter/CallFrame.cpp:
1500         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1501         * interpreter/CallFrame.h:
1502         - Added this convenience function to return either the
1503           lexicalEnvironment or a nullptr so that we don't need to do a
1504           conditional check on codeBlock->needsActivation() at multiple sites.
1505
1506         * interpreter/StackVisitor.cpp:
1507         (JSC::StackVisitor::Frame::createArguments):
1508         * jit/JIT.h:
1509         * jit/JITInlines.h:
1510         (JSC::JIT::callOperation):
1511         * jit/JITOpcodes.cpp:
1512         (JSC::JIT::emit_op_create_arguments):
1513         (JSC::JIT::emitSlow_op_get_argument_by_val):
1514         * jit/JITOpcodes32_64.cpp:
1515         (JSC::JIT::emit_op_create_arguments):
1516         (JSC::JIT::emitSlow_op_get_argument_by_val):
1517         * jit/JITOperations.cpp:
1518         * jit/JITOperations.h:
1519         * llint/LLIntSlowPaths.cpp:
1520         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1521         * runtime/Arguments.h:
1522         (JSC::Arguments::create):
1523         (JSC::Arguments::finishCreation):
1524         * runtime/CommonSlowPaths.cpp:
1525         (JSC::SLOW_PATH_DECL):
1526         * runtime/JSLexicalEnvironment.cpp:
1527         (JSC::JSLexicalEnvironment::argumentsGetter):
1528
1529 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1530
1531         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1532         https://bugs.webkit.org/show_bug.cgi?id=138991
1533
1534         Reviewed by Timothy Hatcher.
1535
1536         * debugger/Debugger.cpp:
1537         (JSC::Debugger::Debugger):
1538         (JSC::Debugger::pauseIfNeeded):
1539         (JSC::Debugger::didReachBreakpoint):
1540         When actually pausing, if we hit a breakpoint ensure the reason
1541         is PausedForBreakpoint, otherwise use the current reason.
1542
1543         * debugger/Debugger.h:
1544         Make pause reason and pausing breakpoint ID public.
1545
1546         * inspector/agents/InspectorDebuggerAgent.h:
1547         * inspector/agents/InspectorDebuggerAgent.cpp:
1548         (Inspector::buildAssertPauseReason):
1549         (Inspector::buildCSPViolationPauseReason):
1550         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1551         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1552         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1553         (Inspector::buildObjectForBreakpointCookie):
1554         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1555         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1556         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1557         (Inspector::InspectorDebuggerAgent::pause):
1558         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1559         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1560         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1561         Clean up creation of pause reason objects and other cleanup
1562         of PassRefPtr use and InjectedScript use.
1563
1564         (Inspector::InspectorDebuggerAgent::didPause):
1565         Clean up so that we first check for an Exception, and then fall
1566         back to including a Pause Reason derived from the Debugger.
1567
1568         * inspector/protocol/Debugger.json:
1569         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1570
1571 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1572
1573         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1574         https://bugs.webkit.org/show_bug.cgi?id=140209
1575
1576         Reviewed by Timothy Hatcher.
1577
1578         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1579         when the user can set an array of objects. Previously we were only type checking
1580         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1581
1582         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1583         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1584         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1585         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1586         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1587         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1588         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1589         * inspector/scripts/codegen/objc_generator.py:
1590         (ObjCGenerator.objc_class_for_array_type):
1591         (ObjCGenerator):
1592
1593 2015-01-07  Mark Lam  <mark.lam@apple.com>
1594
1595         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1596         <https://webkit.org/b/140233>
1597
1598         Reviewed by Filip Pizlo.
1599
1600         This patch only adds the operand to the bytecode.  It is not in use yet.
1601
1602         * bytecode/BytecodeList.json:
1603         * bytecode/BytecodeUseDef.h:
1604         (JSC::computeUsesForBytecodeOffset):
1605         * bytecode/CodeBlock.cpp:
1606         (JSC::CodeBlock::dumpBytecode):
1607         * bytecompiler/BytecodeGenerator.cpp:
1608         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1609         * llint/LowLevelInterpreter32_64.asm:
1610         * llint/LowLevelInterpreter64.asm:
1611
1612 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1613
1614         Investigate the character type of repeated string instead of checking is8Bit flag
1615         https://bugs.webkit.org/show_bug.cgi?id=140139
1616
1617         Reviewed by Darin Adler.
1618
1619         Instead of checking is8Bit flag of the repeated string, investigate
1620         the actual value of the repeated character since i8Bit flag give a false negative case.
1621
1622         * runtime/StringPrototype.cpp:
1623         (JSC::repeatCharacter):
1624         (JSC::stringProtoFuncRepeat):
1625         (JSC::repeatSmallString): Deleted.
1626
1627 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1628
1629         Web Inspector: ObjC Generate types from the GenericTypes domain
1630         https://bugs.webkit.org/show_bug.cgi?id=140229
1631
1632         Reviewed by Timothy Hatcher.
1633
1634         Generate types from the GenericTypes domain, as they are expected
1635         by other domains (like Page domain). Also, don't include the @protocol
1636         forward declaration for a domain if it doesn't have any commands.
1637
1638         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1639         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1640         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1641         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1642         * inspector/scripts/codegen/objc_generator.py:
1643         (ObjCGenerator):
1644         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1645         * inspector/scripts/tests/expected/enum-values.json-result:
1646         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1647         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1648         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1649         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1650         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1651         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1652         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1653         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1654         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1655
1656 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1657
1658         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1659         https://bugs.webkit.org/show_bug.cgi?id=140228
1660
1661         Reviewed by Timothy Hatcher.
1662
1663         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1664         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1665         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1666         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1667         * inspector/scripts/tests/expected/enum-values.json-result:
1668         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1669
1670 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1671
1672         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1673         https://bugs.webkit.org/show_bug.cgi?id=140165
1674
1675         Reviewed by Michael Saboff.
1676
1677         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1678         into the LLInt speeds up type profiling.
1679
1680         * llint/LLIntOffsetsExtractor.cpp:
1681         * llint/LowLevelInterpreter.asm:
1682         * llint/LowLevelInterpreter32_64.asm:
1683         * llint/LowLevelInterpreter64.asm:
1684         * runtime/CommonSlowPaths.cpp:
1685         (JSC::SLOW_PATH_DECL):
1686         * runtime/CommonSlowPaths.h:
1687         * runtime/TypeProfilerLog.h:
1688         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1689
1690 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1691
1692         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1693         https://bugs.webkit.org/show_bug.cgi?id=140053
1694
1695         Reviewed by Andreas Kling.
1696
1697         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1698         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1699         references are always non-null. These two refactorings have been combined since
1700         they tend to require similar changes to the code.
1701
1702         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1703         have been updated to take a Ref instead of RefPtr.
1704
1705         Builders for typed protocol objects now return a Ref. Since there is no implicit
1706         call to operator&, callsites now must explicitly call .release() to convert a
1707         builder object into the corresponding protocol object once required fields are set.
1708         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1709
1710         Tests for inspector protocol and replay inputs have been rebaselined.
1711
1712         * bindings/ScriptValue.cpp:
1713         (Deprecated::jsToInspectorValue):
1714         (Deprecated::ScriptValue::toInspectorValue):
1715         * bindings/ScriptValue.h:
1716         * inspector/ConsoleMessage.cpp:
1717         (Inspector::ConsoleMessage::addToFrontend):
1718         * inspector/ContentSearchUtilities.cpp:
1719         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1720         (Inspector::ContentSearchUtilities::searchInTextByLines):
1721         * inspector/ContentSearchUtilities.h:
1722         * inspector/InjectedScript.cpp:
1723         (Inspector::InjectedScript::getFunctionDetails):
1724         (Inspector::InjectedScript::getProperties):
1725         (Inspector::InjectedScript::getInternalProperties):
1726         (Inspector::InjectedScript::wrapCallFrames):
1727         (Inspector::InjectedScript::wrapObject):
1728         (Inspector::InjectedScript::wrapTable):
1729         * inspector/InjectedScript.h:
1730         * inspector/InjectedScriptBase.cpp:
1731         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1732         * inspector/InspectorBackendDispatcher.cpp:
1733         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1734         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1735         (Inspector::InspectorBackendDispatcher::create):
1736         (Inspector::InspectorBackendDispatcher::dispatch):
1737         (Inspector::InspectorBackendDispatcher::sendResponse):
1738         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1739         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1740         (Inspector::InspectorBackendDispatcher::getInteger):
1741         (Inspector::InspectorBackendDispatcher::getDouble):
1742         (Inspector::InspectorBackendDispatcher::getString):
1743         (Inspector::InspectorBackendDispatcher::getBoolean):
1744         (Inspector::InspectorBackendDispatcher::getObject):
1745         (Inspector::InspectorBackendDispatcher::getArray):
1746         (Inspector::InspectorBackendDispatcher::getValue):
1747         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1748         protocol error strings.
1749         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1750         Convert the supplemental dispatcher's reference to Ref since it is never null.
1751         * inspector/InspectorEnvironment.h:
1752         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1753         StructItemTraits. Add more versions of addItem to handle pushing various types.
1754         (Inspector::Protocol::Array::openAccessors):
1755         (Inspector::Protocol::Array::addItem):
1756         (Inspector::Protocol::Array::create):
1757         (Inspector::Protocol::StructItemTraits::push):
1758         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1759         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1760         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1761         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1762         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1763         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1764         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1765         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1766         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1767         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1768         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1769         the same call signature as other getters. Use Ref where possible.
1770         (Inspector::InspectorObjectBase::getBoolean):
1771         (Inspector::InspectorObjectBase::getString):
1772         (Inspector::InspectorObjectBase::getObject):
1773         (Inspector::InspectorObjectBase::getArray):
1774         (Inspector::InspectorObjectBase::getValue):
1775         (Inspector::InspectorObjectBase::writeJSON):
1776         (Inspector::InspectorArrayBase::get):
1777         (Inspector::InspectorObject::create):
1778         (Inspector::InspectorArray::create):
1779         (Inspector::InspectorValue::null):
1780         (Inspector::InspectorString::create):
1781         (Inspector::InspectorBasicValue::create):
1782         (Inspector::InspectorObjectBase::get): Deleted.
1783         * inspector/InspectorValues.h:
1784         (Inspector::InspectorObjectBase::setValue):
1785         (Inspector::InspectorObjectBase::setObject):
1786         (Inspector::InspectorObjectBase::setArray):
1787         (Inspector::InspectorArrayBase::pushValue):
1788         (Inspector::InspectorArrayBase::pushObject):
1789         (Inspector::InspectorArrayBase::pushArray):
1790         * inspector/JSGlobalObjectConsoleClient.cpp:
1791         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1792         (Inspector::JSGlobalObjectConsoleClient::count):
1793         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1794         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1795         * inspector/JSGlobalObjectConsoleClient.h:
1796         * inspector/JSGlobalObjectInspectorController.cpp:
1797         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1798         * inspector/JSGlobalObjectInspectorController.h:
1799         * inspector/ScriptCallFrame.cpp:
1800         (Inspector::ScriptCallFrame::buildInspectorObject):
1801         * inspector/ScriptCallFrame.h:
1802         * inspector/ScriptCallStack.cpp:
1803         (Inspector::ScriptCallStack::create):
1804         (Inspector::ScriptCallStack::buildInspectorArray):
1805         * inspector/ScriptCallStack.h:
1806         * inspector/agents/InspectorAgent.cpp:
1807         (Inspector::InspectorAgent::enable):
1808         (Inspector::InspectorAgent::inspect):
1809         (Inspector::InspectorAgent::activateExtraDomain):
1810         * inspector/agents/InspectorAgent.h:
1811         * inspector/agents/InspectorDebuggerAgent.cpp:
1812         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1813         (Inspector::buildObjectForBreakpointCookie):
1814         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1815         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1816         (Inspector::InspectorDebuggerAgent::continueToLocation):
1817         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1818         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1819         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1820         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1821         (Inspector::InspectorDebuggerAgent::didParseSource):
1822         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1823         (Inspector::InspectorDebuggerAgent::breakProgram):
1824         * inspector/agents/InspectorDebuggerAgent.h:
1825         * inspector/agents/InspectorRuntimeAgent.cpp:
1826         (Inspector::buildErrorRangeObject):
1827         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1828         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1829         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1830         * inspector/agents/InspectorRuntimeAgent.h:
1831         * inspector/scripts/codegen/cpp_generator.py:
1832         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1833         (CppGenerator.cpp_type_for_type_with_name):
1834         (CppGenerator.cpp_type_for_formal_async_parameter):
1835         (CppGenerator.should_use_references_for_type):
1836         (CppGenerator):
1837         * inspector/scripts/codegen/cpp_generator_templates.py:
1838         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1839         (CppBackendDispatcherHeaderGenerator.generate_output):
1840         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1841         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1842         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1843         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1844         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1845         (CppFrontendDispatcherHeaderGenerator.generate_output):
1846         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1847         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1848         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1849         (CppProtocolTypesHeaderGenerator.generate_output):
1850         (_generate_class_for_object_declaration):
1851         (_generate_unchecked_setter_for_member):
1852         (_generate_forward_declarations_for_binding_traits):
1853         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1854         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1855         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1856         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1857         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1858         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1859         (ObjCProtocolTypesImplementationGenerator.generate_output):
1860         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1861         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1862         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1863         * inspector/scripts/tests/expected/enum-values.json-result:
1864         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1865         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1866         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1867         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1868         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1869         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1870         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1871         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1872         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1873         * replay/EncodedValue.cpp:
1874         (JSC::EncodedValue::asObject):
1875         (JSC::EncodedValue::asArray):
1876         (JSC::EncodedValue::put<EncodedValue>):
1877         (JSC::EncodedValue::append<EncodedValue>):
1878         (JSC::EncodedValue::get<EncodedValue>):
1879         * replay/EncodedValue.h:
1880         * replay/scripts/CodeGeneratorReplayInputs.py:
1881         (Type.borrow_type):
1882         (Type.argument_type):
1883         (Generator.generate_member_move_expression):
1884         * runtime/ConsoleClient.cpp:
1885         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1886         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1887         (JSC::ConsoleClient::logWithLevel):
1888         (JSC::ConsoleClient::clear):
1889         (JSC::ConsoleClient::dir):
1890         (JSC::ConsoleClient::dirXML):
1891         (JSC::ConsoleClient::table):
1892         (JSC::ConsoleClient::trace):
1893         (JSC::ConsoleClient::assertCondition):
1894         (JSC::ConsoleClient::group):
1895         (JSC::ConsoleClient::groupCollapsed):
1896         (JSC::ConsoleClient::groupEnd):
1897         * runtime/ConsoleClient.h:
1898         * runtime/TypeSet.cpp:
1899         (JSC::TypeSet::allStructureRepresentations):
1900         (JSC::TypeSet::inspectorTypeSet):
1901         (JSC::StructureShape::inspectorRepresentation):
1902         * runtime/TypeSet.h:
1903
1904 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1905
1906         Unreviewed, rolling out r178039.
1907         https://bugs.webkit.org/show_bug.cgi?id=140187
1908
1909         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1910         #webkit).
1911
1912         Reverted changeset:
1913
1914         "Web Inspector: purge PassRefPtr from Inspector code and use
1915         Ref for typed and untyped protocol objects"
1916         https://bugs.webkit.org/show_bug.cgi?id=140053
1917         http://trac.webkit.org/changeset/178039
1918
1919 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1920
1921         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1922         https://bugs.webkit.org/show_bug.cgi?id=140053
1923
1924         Reviewed by Andreas Kling.
1925
1926         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1927         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1928         references are always non-null. These two refactorings have been combined since
1929         they tend to require similar changes to the code.
1930
1931         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1932         have been updated to take a Ref instead of RefPtr.
1933
1934         Builders for typed protocol objects now return a Ref. Since there is no implicit
1935         call to operator&, callsites now must explicitly call .release() to convert a
1936         builder object into the corresponding protocol object once required fields are set.
1937         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1938
1939         Tests for inspector protocol and replay inputs have been rebaselined.
1940
1941         * bindings/ScriptValue.cpp:
1942         (Deprecated::jsToInspectorValue):
1943         (Deprecated::ScriptValue::toInspectorValue):
1944         * bindings/ScriptValue.h:
1945         * inspector/ConsoleMessage.cpp:
1946         (Inspector::ConsoleMessage::addToFrontend):
1947         * inspector/ContentSearchUtilities.cpp:
1948         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1949         (Inspector::ContentSearchUtilities::searchInTextByLines):
1950         * inspector/ContentSearchUtilities.h:
1951         * inspector/InjectedScript.cpp:
1952         (Inspector::InjectedScript::getFunctionDetails):
1953         (Inspector::InjectedScript::getProperties):
1954         (Inspector::InjectedScript::getInternalProperties):
1955         (Inspector::InjectedScript::wrapCallFrames):
1956         (Inspector::InjectedScript::wrapObject):
1957         (Inspector::InjectedScript::wrapTable):
1958         * inspector/InjectedScript.h:
1959         * inspector/InjectedScriptBase.cpp:
1960         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1961         * inspector/InspectorBackendDispatcher.cpp:
1962         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1963         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1964         (Inspector::InspectorBackendDispatcher::create):
1965         (Inspector::InspectorBackendDispatcher::dispatch):
1966         (Inspector::InspectorBackendDispatcher::sendResponse):
1967         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1968         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1969         (Inspector::InspectorBackendDispatcher::getInteger):
1970         (Inspector::InspectorBackendDispatcher::getDouble):
1971         (Inspector::InspectorBackendDispatcher::getString):
1972         (Inspector::InspectorBackendDispatcher::getBoolean):
1973         (Inspector::InspectorBackendDispatcher::getObject):
1974         (Inspector::InspectorBackendDispatcher::getArray):
1975         (Inspector::InspectorBackendDispatcher::getValue):
1976         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1977         protocol error strings.
1978         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1979         Convert the supplemental dispatcher's reference to Ref since it is never null.
1980         * inspector/InspectorEnvironment.h:
1981         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1982         StructItemTraits. Add more versions of addItem to handle pushing various types.
1983         (Inspector::Protocol::Array::openAccessors):
1984         (Inspector::Protocol::Array::addItem):
1985         (Inspector::Protocol::Array::create):
1986         (Inspector::Protocol::StructItemTraits::push):
1987         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1988         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1989         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1990         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1991         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1992         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1993         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1994         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1995         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1996         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1997         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1998         the same call signature as other getters. Use Ref where possible.
1999         (Inspector::InspectorObjectBase::getBoolean):
2000         (Inspector::InspectorObjectBase::getString):
2001         (Inspector::InspectorObjectBase::getObject):
2002         (Inspector::InspectorObjectBase::getArray):
2003         (Inspector::InspectorObjectBase::getValue):
2004         (Inspector::InspectorObjectBase::writeJSON):
2005         (Inspector::InspectorArrayBase::get):
2006         (Inspector::InspectorObject::create):
2007         (Inspector::InspectorArray::create):
2008         (Inspector::InspectorValue::null):
2009         (Inspector::InspectorString::create):
2010         (Inspector::InspectorBasicValue::create):
2011         (Inspector::InspectorObjectBase::get): Deleted.
2012         * inspector/InspectorValues.h:
2013         (Inspector::InspectorObjectBase::setValue):
2014         (Inspector::InspectorObjectBase::setObject):
2015         (Inspector::InspectorObjectBase::setArray):
2016         (Inspector::InspectorArrayBase::pushValue):
2017         (Inspector::InspectorArrayBase::pushObject):
2018         (Inspector::InspectorArrayBase::pushArray):
2019         * inspector/JSGlobalObjectConsoleClient.cpp:
2020         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2021         (Inspector::JSGlobalObjectConsoleClient::count):
2022         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2023         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2024         * inspector/JSGlobalObjectConsoleClient.h:
2025         * inspector/JSGlobalObjectInspectorController.cpp:
2026         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2027         * inspector/JSGlobalObjectInspectorController.h:
2028         * inspector/ScriptCallFrame.cpp:
2029         (Inspector::ScriptCallFrame::buildInspectorObject):
2030         * inspector/ScriptCallFrame.h:
2031         * inspector/ScriptCallStack.cpp:
2032         (Inspector::ScriptCallStack::create):
2033         (Inspector::ScriptCallStack::buildInspectorArray):
2034         * inspector/ScriptCallStack.h:
2035         * inspector/agents/InspectorAgent.cpp:
2036         (Inspector::InspectorAgent::enable):
2037         (Inspector::InspectorAgent::inspect):
2038         (Inspector::InspectorAgent::activateExtraDomain):
2039         * inspector/agents/InspectorAgent.h:
2040         * inspector/agents/InspectorDebuggerAgent.cpp:
2041         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2042         (Inspector::buildObjectForBreakpointCookie):
2043         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2044         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2045         (Inspector::InspectorDebuggerAgent::continueToLocation):
2046         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2047         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2048         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2049         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2050         (Inspector::InspectorDebuggerAgent::didParseSource):
2051         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2052         (Inspector::InspectorDebuggerAgent::breakProgram):
2053         * inspector/agents/InspectorDebuggerAgent.h:
2054         * inspector/agents/InspectorRuntimeAgent.cpp:
2055         (Inspector::buildErrorRangeObject):
2056         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2057         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2058         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2059         * inspector/agents/InspectorRuntimeAgent.h:
2060         * inspector/scripts/codegen/cpp_generator.py:
2061         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2062         (CppGenerator.cpp_type_for_type_with_name):
2063         (CppGenerator.cpp_type_for_formal_async_parameter):
2064         (CppGenerator.should_use_references_for_type):
2065         (CppGenerator):
2066         * inspector/scripts/codegen/cpp_generator_templates.py:
2067         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2068         (CppBackendDispatcherHeaderGenerator.generate_output):
2069         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2070         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2071         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2072         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2073         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2074         (CppFrontendDispatcherHeaderGenerator.generate_output):
2075         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2076         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2077         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2078         (CppProtocolTypesHeaderGenerator.generate_output):
2079         (_generate_class_for_object_declaration):
2080         (_generate_unchecked_setter_for_member):
2081         (_generate_forward_declarations_for_binding_traits):
2082         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2083         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2084         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2085         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2086         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2087         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2088         (ObjCProtocolTypesImplementationGenerator.generate_output):
2089         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2090         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2091         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2092         * inspector/scripts/tests/expected/enum-values.json-result:
2093         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2094         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2095         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2096         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2097         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2098         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2099         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2100         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2101         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2102         * replay/EncodedValue.cpp:
2103         (JSC::EncodedValue::asObject):
2104         (JSC::EncodedValue::asArray):
2105         (JSC::EncodedValue::put<EncodedValue>):
2106         (JSC::EncodedValue::append<EncodedValue>):
2107         (JSC::EncodedValue::get<EncodedValue>):
2108         * replay/EncodedValue.h:
2109         * replay/scripts/CodeGeneratorReplayInputs.py:
2110         (Type.borrow_type):
2111         (Type.argument_type):
2112         (Generator.generate_member_move_expression):
2113         * runtime/ConsoleClient.cpp:
2114         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2115         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2116         (JSC::ConsoleClient::logWithLevel):
2117         (JSC::ConsoleClient::clear):
2118         (JSC::ConsoleClient::dir):
2119         (JSC::ConsoleClient::dirXML):
2120         (JSC::ConsoleClient::table):
2121         (JSC::ConsoleClient::trace):
2122         (JSC::ConsoleClient::assertCondition):
2123         (JSC::ConsoleClient::group):
2124         (JSC::ConsoleClient::groupCollapsed):
2125         (JSC::ConsoleClient::groupEnd):
2126         * runtime/ConsoleClient.h:
2127         * runtime/TypeSet.cpp:
2128         (JSC::TypeSet::allStructureRepresentations):
2129         (JSC::TypeSet::inspectorTypeSet):
2130         (JSC::StructureShape::inspectorRepresentation):
2131         * runtime/TypeSet.h:
2132
2133 2015-01-06  Chris Dumez  <cdumez@apple.com>
2134
2135         Drop ResourceResponseBase::connectionID and connectionReused members
2136         https://bugs.webkit.org/show_bug.cgi?id=140158
2137
2138         Reviewed by Sam Weinig.
2139
2140         Drop ResourceResponseBase::connectionID and connectionReused members.
2141         Those were needed by the Chromium port but are no longer used.
2142
2143         * inspector/protocol/Network.json:
2144
2145 2015-01-06  Mark Lam  <mark.lam@apple.com>
2146
2147         Add the lexicalEnvironment as an operand to op_create_arguments.
2148         <https://webkit.org/b/140148>
2149
2150         Reviewed by Geoffrey Garen.
2151
2152         This patch only adds the operand to the bytecode.  It is not in use yet.
2153
2154         * bytecode/BytecodeList.json:
2155         * bytecode/BytecodeUseDef.h:
2156         (JSC::computeUsesForBytecodeOffset):
2157         * bytecode/CodeBlock.cpp:
2158         (JSC::CodeBlock::dumpBytecode):
2159         * bytecompiler/BytecodeGenerator.cpp:
2160         (JSC::BytecodeGenerator::BytecodeGenerator):
2161         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2162         - Adds the lexicalEnvironment register (if present) as an operand to
2163           op_create_arguments.  Else, adds a constant empty JSValue.
2164         * llint/LowLevelInterpreter32_64.asm:
2165         * llint/LowLevelInterpreter64.asm:
2166
2167 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
2168
2169         ADDRESS_SANITIZER macro is overloaded
2170         https://bugs.webkit.org/show_bug.cgi?id=140130
2171
2172         Reviewed by Anders Carlsson.
2173
2174         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
2175         This code is nearly unused (only compiled in when JIT is disabled at build time),
2176         however I've been told that it's best to keep it.
2177
2178 2015-01-06  Mark Lam  <mark.lam@apple.com>
2179
2180         Fix Use details for op_create_arguments.
2181         <https://webkit.org/b/140110>
2182
2183         Rubber stamped by Filip Pizlo.
2184
2185         The previous patch was wrong about op_create_arguments not using its 1st operand.
2186         It does read from it (hence, used) to check if the Arguments object has already
2187         been created or not.  This patch reverts the change for op_create_arguments.
2188
2189         * bytecode/BytecodeUseDef.h:
2190         (JSC::computeUsesForBytecodeOffset):
2191
2192 2015-01-06  Mark Lam  <mark.lam@apple.com>
2193
2194         Fix Use details for op_create_lexical_environment and op_create_arguments.
2195         <https://webkit.org/b/140110>
2196
2197         Reviewed by Filip Pizlo.
2198
2199         The current "Use" details for op_create_lexical_environment and
2200         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
2201         1st operand (the output local).  op_create_lexical_environment uses its 2nd
2202         operand (the scope chain) instead of the 1st (the output local).
2203         This patch fixes them to specify the proper uses.
2204
2205         * bytecode/BytecodeUseDef.h:
2206         (JSC::computeUsesForBytecodeOffset):
2207
2208 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2209
2210         Implement ES6 String.prototype.repeat(count)
2211         https://bugs.webkit.org/show_bug.cgi?id=140047
2212
2213         Reviewed by Darin Adler.
2214
2215         Introducing ES6 String.prototype.repeat(count) function.
2216
2217         * runtime/JSString.h:
2218         * runtime/StringPrototype.cpp:
2219         (JSC::StringPrototype::finishCreation):
2220         (JSC::repeatSmallString):
2221         (JSC::stringProtoFuncRepeat):
2222
2223 2015-01-03  Michael Saboff  <msaboff@apple.com>
2224
2225         Crash in operationNewFunction when scrolling on Google+
2226         https://bugs.webkit.org/show_bug.cgi?id=140033
2227
2228         Reviewed by Oliver Hunt.
2229
2230         In DFG code, the scope register can be eliminated because all uses have been
2231         dead code eliminated.  In the case where one of the uses was creating a function
2232         that is never used, the baseline code will still create the function.  If we OSR
2233         exit to a path where that function gets created, check the scope register value
2234         and set the new, but dead, function to undefined instead of creating a new function.
2235
2236         * jit/JITOpcodes.cpp:
2237         (JSC::JIT::emit_op_new_func_exp):
2238
2239 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2240
2241         String includes methods perform toString on searchString before toInt32 on a offset
2242         https://bugs.webkit.org/show_bug.cgi?id=140031
2243
2244         Reviewed by Darin Adler.
2245
2246         * runtime/StringPrototype.cpp:
2247         (JSC::stringProtoFuncStartsWith):
2248         (JSC::stringProtoFuncEndsWith):
2249         (JSC::stringProtoFuncIncludes):
2250
2251 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2252
2253         Change to return std::unique_ptr<> in fooCreate()
2254         https://bugs.webkit.org/show_bug.cgi?id=139983
2255
2256         Reviewed by Darin Adler.
2257
2258         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2259
2260         * create_regex_tables:
2261         * yarr/YarrPattern.h:
2262         (JSC::Yarr::YarrPattern::reset):
2263         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2264         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2265         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2266         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2267         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2268         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2269         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2270
2271 2015-01-01  Jeff Miller  <jeffm@apple.com>
2272
2273         Update user-visible copyright strings to include 2015
2274         https://bugs.webkit.org/show_bug.cgi?id=139880
2275
2276         Reviewed by Darin Adler.
2277
2278         * Info.plist:
2279
2280 2015-01-01  Darin Adler  <darin@apple.com>
2281
2282         We often misspell identifier as "identifer"
2283         https://bugs.webkit.org/show_bug.cgi?id=140025
2284
2285         Reviewed by Michael Saboff.
2286
2287         * runtime/ArrayConventions.h: Fix it.
2288
2289 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2290
2291         Move JavaScriptCore/yarr to std::unique_ptr
2292         https://bugs.webkit.org/show_bug.cgi?id=139621
2293
2294         Reviewed by Anders Carlsson.
2295
2296         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2297
2298         * yarr/YarrInterpreter.cpp:
2299         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2300         * yarr/YarrInterpreter.h:
2301         (JSC::Yarr::BytecodePattern::BytecodePattern):
2302         * yarr/YarrJIT.cpp:
2303         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2304         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2305         (JSC::Yarr::YarrGenerator::opCompileBody):
2306         * yarr/YarrPattern.cpp:
2307         (JSC::Yarr::CharacterClassConstructor::charClass):
2308         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2309         (JSC::Yarr::YarrPatternConstructor::reset):
2310         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2311         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2312         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2313         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2314         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2315         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2316         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2317         * yarr/YarrPattern.h:
2318         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2319         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2320         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2321         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2322         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2323         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2324         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2325         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2326
2327 2014-12-26  Dan Bernstein  <mitz@apple.com>
2328
2329         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2330         https://bugs.webkit.org/show_bug.cgi?id=139950
2331
2332         Reviewed by David Kilzer.
2333
2334         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2335         in a manner that works with Xcode 5.1.1.
2336
2337 2014-12-22  Mark Lam  <mark.lam@apple.com>
2338
2339         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2340         <https://webkit.org/b/139892>
2341
2342         Reviewed by Michael Saboff.
2343
2344         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2345         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2346         This patch changes it to use the helper function consistently.
2347
2348         * jit/JITOperations.cpp:
2349
2350 2014-12-22  Mark Lam  <mark.lam@apple.com>
2351
2352         Fix some typos in a comment.
2353         <https://webkit.org/b/139882>
2354
2355         Reviewed by Michael Saboff.
2356
2357         * jit/JITPropertyAccess.cpp:
2358         (JSC::JIT::emit_op_get_by_val):
2359
2360 2014-12-22  Mark Lam  <mark.lam@apple.com>
2361
2362         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2363         <https://webkit.org/b/138118>
2364
2365         Reviewed by Michael Saboff.
2366
2367         * runtime/JSObject.cpp:
2368         (JSC::JSObject::convertInt32ToArrayStorage):
2369         (JSC::JSObject::convertDoubleToArrayStorage):
2370         (JSC::JSObject::convertContiguousToArrayStorage):
2371
2372 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2373
2374         [iOS] add optimized fullscreen API
2375         https://bugs.webkit.org/show_bug.cgi?id=139833
2376         <rdar://problem/18844486>
2377
2378         Reviewed by Simon Fraser.
2379
2380         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2381
2382 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2383
2384         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2385         <http://webkit.org/b/139463>
2386
2387         Reviewed by Mark Rowe.
2388
2389         * Configurations/JavaScriptCore.xcconfig:
2390         - Simplify SECTORDER_FLAGS.
2391
2392 2014-12-19  Andreas Kling  <akling@apple.com>
2393
2394         Plug leak below LLVMCopyStringRepOfTargetData().
2395         <https://webkit.org/b/139832>
2396
2397         Reviewed by Michael Saboff.
2398
2399         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2400         to free() it after we're done using it.
2401
2402         * ftl/FTLCompile.cpp:
2403         (JSC::FTL::mmAllocateDataSection):
2404
2405 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2406
2407         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2408         https://bugs.webkit.org/show_bug.cgi?id=139797
2409
2410         Reviewed by Mark Lam.
2411
2412         * debugger/Debugger.h:
2413         * debugger/Debugger.cpp:
2414         (JSC::Debugger::isAttached):
2415         Check if we are the debugger for a particular global object.
2416         (JSC::Debugger::pauseIfNeeded):
2417         Pass the global object on when hitting a brekapoint.
2418
2419         * inspector/ScriptDebugServer.h:
2420         * inspector/ScriptDebugServer.cpp:
2421         (Inspector::ScriptDebugServer::handleBreakpointHit):
2422         Stop evaluting breakpoint actions if a previous action caused the
2423         debugger to detach from this global object.
2424         (Inspector::ScriptDebugServer::handlePause):
2425         Standardize on passing JSGlobalObject parameter first.
2426
2427 2014-12-19  Mark Lam  <mark.lam@apple.com>
2428
2429         [Win] Endless compiler warnings created by DFGEdge.h.
2430         <https://webkit.org/b/139801>
2431
2432         Reviewed by Brent Fulgham.
2433
2434         Add a cast to fix the type just the way the 64-bit version does.
2435
2436         * dfg/DFGEdge.h:
2437         (JSC::DFG::Edge::makeWord):
2438
2439 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2440
2441         Unreviewed, rolling out r177574.
2442         https://bugs.webkit.org/show_bug.cgi?id=139821
2443
2444         "Broke Production builds by installing
2445         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2446         by ddkilzer on #webkit).
2447
2448         Reverted changeset:
2449
2450         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2451         WebInspectorUI, WebKit, WebKit2"
2452         https://bugs.webkit.org/show_bug.cgi?id=139463
2453         http://trac.webkit.org/changeset/177574
2454
2455 2014-12-19  Michael Saboff  <msaboff@apple.com>
2456
2457         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2458         https://bugs.webkit.org/show_bug.cgi?id=139808
2459
2460         Reviewed by Oliver Hunt.
2461
2462         There are three changes here.
2463         1) Create a VariableWatchpointSet for captured arguments variables.
2464         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2465         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2466
2467         * bytecompiler/BytecodeGenerator.cpp:
2468         (JSC::BytecodeGenerator::BytecodeGenerator):
2469         * llint/LowLevelInterpreter32_64.asm:
2470         * llint/LowLevelInterpreter64.asm:
2471
2472 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2473
2474         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2475         <http://webkit.org/b/139463>
2476
2477         Reviewed by Mark Rowe.
2478
2479         * Configurations/JavaScriptCore.xcconfig:
2480         - Simplify SECTORDER_FLAGS.
2481
2482 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2483
2484         Unreviewed build fix.
2485
2486         * jsc.cpp: Remove typo.
2487
2488 2014-12-17  Michael Saboff  <msaboff@apple.com>
2489
2490         Tests with infinite recursion frequently crash
2491         https://bugs.webkit.org/show_bug.cgi?id=139548
2492
2493         Reviewed by Geoffrey Garen.
2494
2495         While unwinding, if the call frame doesn't have a codeblock, then we
2496         are in native code, handle appropriately.
2497
2498         * interpreter/Interpreter.cpp:
2499         (JSC::unwindCallFrame):
2500         (JSC::UnwindFunctor::operator()):
2501         Added checks for null CodeBlock.
2502
2503         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2504
2505 2014-12-17  Chris Dumez  <cdumez@apple.com>
2506
2507         [iOS] Make it possible to toggle FeatureCounter support at runtime
2508         https://bugs.webkit.org/show_bug.cgi?id=139688
2509         <rdar://problem/19266254>
2510
2511         Reviewed by Andreas Kling.
2512
2513         Stop linking against AppSupport framework as the functionality is no
2514         longer in WTF (it was moved to WebCore).
2515
2516         * Configurations/JavaScriptCore.xcconfig:
2517
2518 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2519
2520         [Win] Correct DebugSuffix builds under MSBuild
2521         https://bugs.webkit.org/show_bug.cgi?id=139733
2522         <rdar://problem/19276880>
2523
2524         Reviewed by Simon Fraser.
2525
2526         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2527         '_debug' suffix when building the DebugSuffix target.
2528
2529 2014-12-16  Enrica Casucci  <enrica@apple.com>
2530
2531         Fix iOS builders for 8.0
2532         https://bugs.webkit.org/show_bug.cgi?id=139495
2533
2534         Reviewed by Michael Saboff.
2535
2536         * Configurations/LLVMForJSC.xcconfig:
2537         * llvm/library/LLVMExports.cpp:
2538         (initializeAndGetJSCLLVMAPI):
2539
2540 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2541
2542         Unreviewed, rolling out r177380.
2543         https://bugs.webkit.org/show_bug.cgi?id=139707
2544
2545         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2546         msaboff_ on #webkit).
2547
2548         Reverted changeset:
2549
2550         "Fixes operationPutByIdOptimizes such that they check that the
2551         put didn't"
2552         https://bugs.webkit.org/show_bug.cgi?id=139500
2553         http://trac.webkit.org/changeset/177380
2554
2555 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2556
2557         Fixes operationPutByIdOptimizes such that they check that the put didn't
2558         change the structure of the object who's property access is being
2559         cached.
2560         https://bugs.webkit.org/show_bug.cgi?id=139500
2561
2562         Reviewed by Geoffrey Garen.
2563
2564         * jit/JITOperations.cpp:
2565         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2566         (JSC::operationPutByIdNonStrictOptimize): ditto.
2567         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2568         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2569         * jit/Repatch.cpp:
2570         (JSC::tryCachePutByID): Added argument for the old structure
2571         (JSC::repatchPutByID): Added argument for the old structure
2572         * jit/Repatch.h:
2573         * tests/stress/put-by-id-build-list-order-recurse.js: 
2574         Added test that fails without this patch.
2575
2576 2014-12-15  Chris Dumez  <cdumez@apple.com>
2577
2578         [iOS] Add feature counting support
2579         https://bugs.webkit.org/show_bug.cgi?id=139652
2580         <rdar://problem/19255690>
2581
2582         Reviewed by Gavin Barraclough.
2583
2584         Link against AppSupport framework on iOS as we need it to implement
2585         the new FeatureCounter API in WTF.
2586
2587         * Configurations/JavaScriptCore.xcconfig:
2588
2589 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2590
2591         Unreviewed, rolling out r177284.
2592         https://bugs.webkit.org/show_bug.cgi?id=139658
2593
2594         "Breaks API tests and LayoutTests on Yosemite Debug"
2595         (Requested by msaboff on #webkit).
2596
2597         Reverted changeset:
2598
2599         "Make sure range based iteration of Vector<> still receives
2600         bounds checking"
2601         https://bugs.webkit.org/show_bug.cgi?id=138821
2602         http://trac.webkit.org/changeset/177284
2603
2604 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2605
2606         [EFL] FTL JIT not working on ARM64
2607         https://bugs.webkit.org/show_bug.cgi?id=139295
2608
2609         Reviewed by Michael Saboff.
2610
2611         Added the missing code for stack unwinding and some additional small fixes
2612         to get FTL working correctly.
2613
2614         * ftl/FTLCompile.cpp:
2615         (JSC::FTL::mmAllocateDataSection):
2616         * ftl/FTLUnwindInfo.cpp:
2617         (JSC::FTL::UnwindInfo::parse):
2618
2619 2014-12-15  Oliver Hunt  <oliver@apple.com>
2620
2621         Make sure range based iteration of Vector<> still receives bounds checking
2622         https://bugs.webkit.org/show_bug.cgi?id=138821
2623
2624         Reviewed by Mark Lam.
2625
2626         Update code to deal with slightly changed iterator semantics.
2627
2628         * bytecode/UnlinkedCodeBlock.cpp:
2629         (JSC::UnlinkedCodeBlock::visitChildren):
2630         * bytecompiler/BytecodeGenerator.cpp:
2631         (JSC::BytecodeGenerator::emitComplexPopScopes):
2632         * dfg/DFGSpeculativeJIT.cpp:
2633         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2634         * ftl/FTLAbbreviations.h:
2635         (JSC::FTL::mdNode):
2636         (JSC::FTL::buildCall):
2637         * llint/LLIntData.cpp:
2638         (JSC::LLInt::Data::performAssertions):
2639         * parser/Parser.h:
2640         (JSC::Scope::Scope):
2641         * runtime/JSArray.cpp:
2642         (JSC::JSArray::setLengthWithArrayStorage):
2643         (JSC::JSArray::sortCompactedVector):
2644         * tools/ProfileTreeNode.h:
2645         (JSC::ProfileTreeNode::dumpInternal):
2646         * yarr/YarrJIT.cpp:
2647         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2648
2649 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2650
2651         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2652         https://bugs.webkit.org/show_bug.cgi?id=139630
2653
2654         Reviewed by Oliver Hunt.
2655         
2656         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2657         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2658         deferral worked so I wrote my discoveries down.
2659
2660         * dfg/DFGInsertionSet.h:
2661         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2662         * dfg/DFGPutLocalSinkingPhase.cpp:
2663         * tests/stress/put-local-conservative.js: Added.
2664         (foo):
2665         (.result):
2666         (bar):
2667
2668 2014-12-14  Andreas Kling  <akling@apple.com>
2669
2670         Replace PassRef with Ref/Ref&& across the board.
2671         <https://webkit.org/b/139587>
2672
2673         Reviewed by Darin Adler.
2674
2675         * runtime/Identifier.cpp:
2676         (JSC::Identifier::add):
2677         (JSC::Identifier::add8):
2678         * runtime/Identifier.h:
2679         (JSC::Identifier::add):
2680         * runtime/IdentifierInlines.h:
2681         (JSC::Identifier::add):
2682
2683 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2684
2685         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2686         https://bugs.webkit.org/show_bug.cgi?id=139598
2687         <rdar://problem/18779367>
2688
2689         Reviewed by Filip Pizlo.
2690
2691         * runtime/JSArray.cpp:
2692         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2693         * tests/stress/sparse_splice.js: Added.
2694
2695 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2696
2697         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2698         https://bugs.webkit.org/show_bug.cgi?id=139532
2699
2700         Reviewed by Mark Lam.
2701
2702         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2703
2704         * builtins/BuiltinExecutables.h:
2705         * bytecode/CodeBlock.h:
2706         * bytecode/UnlinkedCodeBlock.cpp:
2707         (JSC::generateFunctionCodeBlock):
2708         * ftl/FTLAbstractHeap.cpp:
2709         (JSC::FTL::IndexedAbstractHeap::atSlow):
2710         * ftl/FTLAbstractHeap.h:
2711         * ftl/FTLCompile.cpp:
2712         (JSC::FTL::mmAllocateDataSection):
2713         * ftl/FTLJITFinalizer.h:
2714         * jsc.cpp:
2715         (jscmain):
2716         * parser/Lexer.h:
2717         * runtime/PropertyMapHashTable.h:
2718         (JSC::PropertyTable::clearDeletedOffsets):
2719         (JSC::PropertyTable::addDeletedOffset):
2720         * runtime/PropertyTable.cpp:
2721         (JSC::PropertyTable::PropertyTable):
2722         * runtime/RegExpObject.cpp:
2723         * runtime/SmallStrings.cpp:
2724         * runtime/Structure.cpp:
2725         * runtime/StructureIDTable.cpp:
2726         (JSC::StructureIDTable::StructureIDTable):
2727         (JSC::StructureIDTable::resize):
2728         * runtime/StructureIDTable.h:
2729         * runtime/StructureTransitionTable.h:
2730         * runtime/VM.cpp:
2731         (JSC::VM::VM):
2732         (JSC::VM::~VM):
2733         * runtime/VM.h:
2734         * tools/CodeProfile.h:
2735         (JSC::CodeProfile::CodeProfile):
2736         (JSC::CodeProfile::addChild):
2737
2738 2014-12-11  Dan Bernstein  <mitz@apple.com>
2739
2740         iOS Simulator production build fix.
2741
2742         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2743         Simulator, as we did prior to 177027.
2744
2745 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2746
2747         Explicitly export somre more RWIProtocol classes.
2748         rdar://problem/19220408
2749
2750         Unreviewed build fix.
2751
2752         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2753         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2754         * inspector/scripts/codegen/generate_objc_header.py:
2755         (ObjCHeaderGenerator._generate_event_interfaces):
2756         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2757         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2758         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2759         * inspector/scripts/tests/expected/enum-values.json-result:
2760         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2761         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2762         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2763         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2764         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2765         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2766         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2767         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2768         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2769
2770 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2771
2772         Explicitly export some RWIProtocol classes
2773         rdar://problem/19220408
2774
2775         * inspector/scripts/codegen/generate_objc_header.py:
2776         (ObjCHeaderGenerator._generate_type_interface):
2777         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2778         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2779         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2780         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2781         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2782         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2783         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2784
2785 2014-12-11  Mark Lam  <mark.lam@apple.com>
2786
2787         Fix broken build after r177146.
2788         https://bugs.webkit.org/show_bug.cgi?id=139533 
2789
2790         Not reviewed.
2791
2792         * interpreter/CallFrame.h:
2793         (JSC::ExecState::init):
2794         - Restored CallFrame::init() minus the unused JSScope* arg.
2795         * runtime/JSGlobalObject.cpp:
2796         (JSC::JSGlobalObject::init):
2797         - Remove JSScope* arg when calling CallFrame::init().
2798
2799 2014-12-11  Michael Saboff  <msaboff@apple.com>
2800
2801         REGRESSION: Use of undefined CallFrame::ScopeChain value
2802         https://bugs.webkit.org/show_bug.cgi?id=139533
2803
2804         Reviewed by Mark Lam.
2805
2806         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2807         all usages of these funcitons.  In some cases the scope is passed in or determined
2808         another way.  In some cases the scope is used to calculate other values.  Lastly
2809         were places where these functions where used that are no longer needed.  For
2810         example when making a call, the caller's ScopeChain was copied to the callee's
2811         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2812         That slot will be removed in a future patch.
2813
2814         * dfg/DFGByteCodeParser.cpp:
2815         (JSC::DFG::ByteCodeParser::parseBlock):
2816         * dfg/DFGSpeculativeJIT32_64.cpp:
2817         (JSC::DFG::SpeculativeJIT::compile):
2818         * dfg/DFGSpeculativeJIT64.cpp:
2819         (JSC::DFG::SpeculativeJIT::compile):
2820         * dfg/DFGSpeculativeJIT.h:
2821         (JSC::DFG::SpeculativeJIT::callOperation):
2822         * jit/JIT.h:
2823         * jit/JITInlines.h:
2824         (JSC::JIT::callOperation):
2825         * runtime/JSLexicalEnvironment.h:
2826         (JSC::JSLexicalEnvironment::create):
2827         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2828         * jit/JITOpcodes.cpp:
2829         (JSC::JIT::emit_op_create_lexical_environment):
2830         * jit/JITOpcodes32_64.cpp:
2831         (JSC::JIT::emit_op_create_lexical_environment):
2832         * jit/JITOperations.cpp:
2833         * jit/JITOperations.h:
2834         * llint/LLIntSlowPaths.cpp:
2835         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2836         (JSC::LLInt::handleHostCall):
2837         (JSC::LLInt::setUpCall):
2838         (JSC::LLInt::llint_throw_stack_overflow_error):
2839         Pass the current scope value to the helper operationCreateActivation() and
2840         the call to JSLexicalEnvironment::create() instead of using the stack frame
2841         scope chain value.
2842
2843         * dfg/DFGFixupPhase.cpp:
2844         (JSC::DFG::FixupPhase::fixupNode):
2845         CreateActivation now has a second child, the scope.
2846
2847         * interpreter/CallFrame.h:
2848         (JSC::ExecState::init): Deleted.  This is dead code.
2849         (JSC::ExecState::scope): Deleted.
2850         (JSC::ExecState::setScope): Deleted.
2851
2852         * interpreter/Interpreter.cpp:
2853         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2854         chain slot.  
2855         
2856         (JSC::Interpreter::execute):
2857         (JSC::Interpreter::executeCall):
2858         (JSC::Interpreter::executeConstruct):
2859         Changed process to find JSScope values on the stack or by some other means.
2860
2861         * runtime/JSWithScope.h:
2862         (JSC::JSWithScope::JSWithScope): Deleted.
2863         Eliminated unused constructor.
2864
2865         * runtime/StrictEvalActivation.cpp:
2866         (JSC::StrictEvalActivation::StrictEvalActivation):
2867         * runtime/StrictEvalActivation.h:
2868         (JSC::StrictEvalActivation::create):
2869         Changed to pass in the current scope.
2870
2871 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2872
2873         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2874         https://bugs.webkit.org/show_bug.cgi?id=139351
2875
2876         Reviewed by Filip Pizlo.
2877
2878         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2879
2880         * bytecode/SamplingTool.h:
2881         (JSC::SamplingTool::SamplingTool):
2882         * heap/CopiedBlock.h:
2883         (JSC::CopiedBlock::didSurviveGC):
2884         (JSC::CopiedBlock::pin):
2885         * heap/CopiedBlockInlines.h:
2886         (JSC::CopiedBlock::reportLiveBytes):
2887         * heap/GCActivityCallback.h:
2888         * heap/GCThread.cpp:
2889         * heap/Heap.h:
2890         * heap/HeapInlines.h:
2891         (JSC::Heap::markListSet):
2892         * jit/ExecutableAllocator.cpp:
2893         * jit/JIT.cpp:
2894         (JSC::JIT::privateCompile):
2895         * jit/JIT.h:
2896         * jit/JITThunks.cpp:
2897         (JSC::JITThunks::JITThunks):
2898         (JSC::JITThunks::clearHostFunctionStubs):
2899         * jit/JITThunks.h:
2900         * parser/Parser.cpp:
2901         (JSC::Parser<LexerType>::Parser):
2902         * parser/Parser.h:
2903         (JSC::Scope::Scope):
2904         (JSC::Scope::pushLabel):
2905         * parser/ParserArena.cpp:
2906         * parser/ParserArena.h:
2907         (JSC::ParserArena::identifierArena):
2908         * parser/SourceProviderCache.h:
2909         * runtime/CodeCache.h:
2910         * runtime/Executable.h:
2911         * runtime/JSArray.cpp:
2912         (JSC::JSArray::sortVector):
2913         * runtime/JSGlobalObject.h:
2914
2915 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2916
2917         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2918         https://bugs.webkit.org/show_bug.cgi?id=139501
2919
2920         Reviewed by Gavin Barraclough.
2921
2922         NSVersionOfLinkTimeLibrary only works if you link directly against
2923         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2924
2925         It's easy enough just to disable this check on Apple TV, since it has no
2926         backwards compatibility requirement.
2927
2928         * API/JSWrapperMap.mm:
2929         (supportsInitMethodConstructors):
2930
2931 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2932
2933         Fixes operationPutByIds such that they check that the put didn't
2934         change the structure of the object who's property access is being
2935         cached.
2936         https://bugs.webkit.org/show_bug.cgi?id=139196
2937
2938         Reviewed by Filip Pizlo.
2939
2940         * jit/JITOperations.cpp:
2941         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2942         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2943         (JSC::operationPutByIdNonStrictBuildList): ditto.
2944         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2945         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2946         * jit/Repatch.cpp:
2947         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2948         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2949         is the same as the new.
2950         (JSC::buildPutByIdList): Added an argument
2951         * jit/Repatch.h: 
2952         (JSC::buildPutByIdList): Added an argument
2953         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2954
2955 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2956
2957         URTBF after r177030.
2958
2959         Fix linking failure occured on ARM buildbots:
2960         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2961
2962         * runtime/NullGetterFunction.cpp:
2963
2964 2014-12-09  Michael Saboff  <msaboff@apple.com>
2965
2966         DFG Tries using an inner object's getter/setter when one hasn't been defined
2967         https://bugs.webkit.org/show_bug.cgi?id=139229
2968
2969         Reviewed by Filip Pizlo.
2970
2971         Added a new NullGetterFunction singleton class to use for getters and setters that
2972         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2973         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2974         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2975         helper methods.  
2976
2977         * CMakeLists.txt:
2978         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2979         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2980         * JavaScriptCore.xcodeproj/project.pbxproj:
2981         Added NullGetterFunction.cpp & .h to build files.
2982
2983         * dfg/DFGAbstractInterpreterInlines.h:
2984         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2985         * runtime/ObjectPrototype.cpp:
2986         (JSC::objectProtoFuncLookupGetter):
2987         (JSC::objectProtoFuncLookupSetter):
2988         * runtime/PropertyDescriptor.cpp:
2989         (JSC::PropertyDescriptor::setDescriptor):
2990         (JSC::PropertyDescriptor::setAccessorDescriptor):
2991         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
2992         helpers.
2993
2994         * inspector/JSInjectedScriptHostPrototype.cpp:
2995         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
2996         * inspector/JSJavaScriptCallFramePrototype.cpp:
2997         * jit/JITOperations.cpp:
2998         * llint/LLIntSlowPaths.cpp:
2999         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3000         * runtime/JSObject.cpp:
3001         (JSC::JSObject::putIndexedDescriptor):
3002         (JSC::putDescriptor):
3003         (JSC::JSObject::defineOwnNonIndexProperty):
3004         * runtime/MapPrototype.cpp:
3005         (JSC::MapPrototype::finishCreation):
3006         * runtime/SetPrototype.cpp:
3007         (JSC::SetPrototype::finishCreation):
3008         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
3009         and withSetter() to provide a global object.
3010
3011         * runtime/GetterSetter.cpp:
3012         (JSC::GetterSetter::withGetter):
3013         (JSC::GetterSetter::withSetter):
3014         (JSC::callGetter):
3015         (JSC::callSetter):
3016         * runtime/GetterSetter.h:
3017         (JSC::GetterSetter::GetterSetter):
3018         (JSC::GetterSetter::create):
3019         (JSC::GetterSetter::isGetterNull):
3020         (JSC::GetterSetter::isSetterNull):
3021         (JSC::GetterSetter::setGetter):
3022         (JSC::GetterSetter::setSetter):
3023         Changed to use NullGetterFunction for unspecified getters / setters.
3024
3025         * runtime/JSGlobalObject.cpp:
3026         (JSC::JSGlobalObject::init):
3027         (JSC::JSGlobalObject::createThrowTypeError):
3028         (JSC::JSGlobalObject::visitChildren):
3029         * runtime/JSGlobalObject.h:
3030         (JSC::JSGlobalObject::nullGetterFunction):
3031         (JSC::JSGlobalObject::evalFunction):
3032         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
3033         setGetter() and setSetter() to provide a global object.
3034
3035         * runtime/NullGetterFunction.cpp: Added.
3036         (JSC::callReturnUndefined):
3037         (JSC::constructReturnUndefined):
3038         (JSC::NullGetterFunction::getCallData):
3039         (JSC::NullGetterFunction::getConstructData):
3040         * runtime/NullGetterFunction.h: Added.
3041         (JSC::NullGetterFunction::create):
3042         (JSC::NullGetterFunction::createStructure):
3043         (JSC::NullGetterFunction::NullGetterFunction):
3044         New singleton class that returns undefined when called.
3045
3046 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
3047
3048         Re-enable function.arguments
3049         https://bugs.webkit.org/show_bug.cgi?id=139452
3050         <rdar://problem/18848149>
3051
3052         Reviewed by Sam Weinig.
3053
3054         Disabling function.arguments broke a few websites, and we don't have
3055         time right now to work through the details.
3056
3057         I'm re-enabling function.arguments but leaving in the infrastructure
3058         to re-disable it, so we can try this experiment again in the future.
3059
3060         * runtime/Options.h:
3061
3062 2014-12-09  David Kilzer  <ddkilzer@apple.com>
3063
3064         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
3065         <http://webkit.org/b/139212>
3066
3067         Reviewed by Joseph Pecoraro.
3068
3069         * Configurations/Base.xcconfig:
3070         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
3071           on OS X.
3072         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
3073           OS X.
3074         - Set JAVASCRIPTCORE_CONTENTS_DIR and
3075           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
3076
3077         * Configurations/DebugRelease.xcconfig:
3078         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
3079
3080         * Configurations/JSC.xcconfig:
3081         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
3082
3083         * Configurations/JavaScriptCore.xcconfig:
3084         - Set OTHER_LDFLAGS separately for iOS and OS X.
3085         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
3086           Production builds.
3087         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
3088
3089         * Configurations/LLVMForJSC.xcconfig:
3090         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
3091         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
3092           separately for iOS hardware and OS X.
3093         - Fix curly braces in LIBRARY_SEARCH_PATHS.
3094         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
3095           done before this patch.)
3096
3097         * Configurations/ToolExecutable.xcconfig:
3098         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
3099         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
3100         - Add missing newline.
3101
3102         * Configurations/Version.xcconfig:
3103         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
3104
3105 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3106
3107         Fix EFL build fix since r177001
3108         https://bugs.webkit.org/show_bug.cgi?id=139428
3109
3110         Unreviewed, EFL build fix.
3111
3112         Do not inherit duplicated class. ExpressionNode is already
3113         child of ParserArenaFreeable class.
3114
3115         * parser/Nodes.h:
3116
3117 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
3118
3119         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
3120         https://bugs.webkit.org/show_bug.cgi?id=139384
3121
3122         Reviewed by Mark Lam.
3123
3124         Fix Build Warning by using dataLog() function instead of dataLogF() function.
3125
3126         * runtime/ControlFlowProfiler.cpp:
3127         (JSC::ControlFlowProfiler::dumpData):
3128
3129 2014-12-08  Saam Barati  <saambarati1@gmail.com>
3130
3131         Web Inspector: Enable runtime API for JSC's control flow profiler
3132         https://bugs.webkit.org/show_bug.cgi?id=139346
3133
3134         Reviewed by Joseph Pecoraro.
3135
3136         This patch creates an API that the Web Inspector can use
3137         to get information about which basic blocks have exectued
3138         from JSC's control flow profiler.
3139
3140         * inspector/agents/InspectorRuntimeAgent.cpp:
3141         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3142         * inspector/agents/InspectorRuntimeAgent.h:
3143         * inspector/protocol/Runtime.json:
3144
3145 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
3146
3147         Removed some allocation and cruft from the parser
3148         https://bugs.webkit.org/show_bug.cgi?id=139416
3149
3150         Reviewed by Mark Lam.
3151
3152         Now, the only AST nodes that require a destructor are the ones that
3153         relate to pickling a function's arguments -- which will required some
3154         deeper thinking to resolve.
3155
3156         This is a < 1% parser speedup.
3157
3158         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3159         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3160         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
3161         was unused.
3162
3163         * bytecompiler/NodesCodegen.cpp:
3164         (JSC::CommaNode::emitBytecode):
3165         (JSC::SourceElements::lastStatement):
3166         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
3167
3168         * parser/ASTBuilder.h:
3169         (JSC::ASTBuilder::ASTBuilder):
3170         (JSC::ASTBuilder::varDeclarations):
3171         (JSC::ASTBuilder::funcDeclarations):
3172         (JSC::ASTBuilder::createFuncDeclStatement):
3173         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
3174         it wasn't buying us anything. We can just use Vector directly.
3175
3176         (JSC::ASTBuilder::createCommaExpr):
3177         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
3178         of a vector, to avoid allocating a vector with inline capacity in the
3179         common case in which an expression is not followed by a vector.
3180
3181         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
3182         up a Vector*.
3183
3184         (JSC::ASTBuilder::appendToComma): Deleted.
3185         (JSC::ASTBuilder::combineCommaNodes): Deleted.
3186
3187         * parser/Lexer.cpp:
3188
3189         * parser/NodeConstructors.h:
3190         (JSC::StatementNode::StatementNode):
3191         (JSC::CommaNode::CommaNode):
3192         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
3193
3194         * parser/NodeInfo.h: Removed.
3195
3196         * parser/Nodes.cpp:
3197         (JSC::SourceElements::append):
3198         (JSC::SourceElements::singleStatement): Use a linked list instead of a
3199         vector to track the statements in a list. This removes some allocation
3200         and it means that we don't need a destructor anymore.
3201
3202         (JSC::ScopeNode::ScopeNode):
3203         (JSC::ProgramNode::ProgramNode):
3204         (JSC::EvalNode::EvalNode):
3205         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
3206         since these values are never null.
3207
3208         * parser/Nodes.h:
3209         (JSC::StatementNode::next):
3210         (JSC::StatementNode::setNext):
3211         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
3212
3213         * parser/Parser.cpp:
3214         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
3215
3216         (JSC::Parser<LexerType>::parseVarDeclarationList):
3217         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
3218         an explicit list of CommaNodes, removing a use of vector and a destructor.
3219
3220         * parser/Parser.h:
3221         (JSC::Parser<LexerType>::parse):
3222         * parser/SyntaxChecker.h:
3223         (JSC::SyntaxChecker::createCommaExpr):
3224         (JSC::SyntaxChecker::appendToCommaExpr):
3225         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
3226
3227 2014-12-08  Commit Queue  <commit-queue@webkit.org>
3228
3229         Unreviewed, rolling out r176979.
3230         https://bugs.webkit.org/show_bug.cgi?id=139424
3231
3232         "New JSC test in this patch is failing" (Requested by mlam on
3233         #webkit).
3234
3235         Reverted changeset:
3236
3237         "Fixes operationPutByIds such that they check that the put
3238         didn't"
3239         https://bugs.webkit.org/show_bug.cgi?id=139196
3240         http://trac.webkit.org/changeset/176979
3241
3242 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3243
3244         Fixes operationPutByIds such that they check that the put didn't
3245         change the structure of the object who's property access is being
3246         cached.
3247         https://bugs.webkit.org/show_bug.cgi?id=139196
3248
3249         Reviewed by Filip Pizlo.
3250
3251         * jit/JITOperations.cpp:
3252         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3253         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3254         (JSC::operationPutByIdNonStrictBuildList): ditto.
3255         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3256         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3257         * jit/Repatch.cpp:
3258         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3259         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3260         is the same as the new.
3261         (JSC::buildPutByIdList): Added an argument
3262         * jit/Repatch.h: 
3263         (JSC::buildPutByIdList): Added an argument
3264         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3265         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3266
3267  
3268 2014-12-08  Anders Carlsson  <andersca@apple.com>
3269
3270         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3271         https://bugs.webkit.org/show_bug.cgi?id=139410
3272
3273         Reviewed by Andreas Kling.
3274
3275         * API/JSContextRef.cpp:
3276         (JSContextGroupSetExecutionTimeLimit):
3277         (JSContextGroupClearExecutionTimeLimit):
3278         * runtime/Watchdog.cpp:
3279         (JSC::Watchdog::setTimeLimit):
3280         (JSC::Watchdog::didFire):
3281         (JSC::Watchdog::startCountdownIfNeeded):
3282         (JSC::Watchdog::startCountdown):
3283         * runtime/Watchdog.h:
3284         * runtime/WatchdogMac.cpp:
3285         (JSC::Watchdog::startTimer):
3286
3287 2014-12-08  Mark Lam  <mark.lam@apple.com>
3288
3289         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3290         <https://webkit.org/b/139327>
3291
3292         Reviewed by Michael Saboff.
3293
3294         The code generator and runtime slow paths expects otherwise.  This patch fixes
3295         CFA to match the code generator's expectation.
3296
3297         * dfg/DFGArrayMode.h:
3298         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3299         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3300
3301 2014-12-08  Chris Dumez  <cdumez@apple.com>
3302
3303         Revert r176293 & r176275
3304
3305         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3306         instead of size_t. There is some disagreement regarding the long-term direction
3307         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3308         while making a decision.
3309
3310         * bytecode/PreciseJumpTargets.cpp:
3311         * replay/EncodedValue.h:
3312
3313 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3314
3315         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3316         https://bugs.webkit.org/show_bug.cgi?id=139373
3317
3318         Reviewed by Sam Weinig.
3319
3320         * interpreter/Interpreter.cpp:
3321
3322 2014-12-06  Anders Carlsson  <andersca@apple.com>
3323
3324         Fix build with newer versions of clang.
3325         rdar://problem/18978716
3326
3327         * ftl/FTLJITCode.h:
3328         Add missing overrides.
3329
3330 2014-12-05  Roger Fong  <roger_fong@apple.com>
3331
3332         [Win] proj files copying over too many resources..
3333         https://bugs.webkit.org/show_bug.cgi?id=139315.
3334         <rdar://problem/19148278>
3335
3336         Reviewed by Brent Fulgham.
3337
3338         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3339
3340 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3341
3342         [JSC][FTL] Add the data layout to the module and fix the pass order.
3343         https://bugs.webkit.org/show_bug.cgi?id=138748
3344
3345         Reviewed by Oliver Hunt.
3346
3347         This adds the data layout to the module, so it can be used by all
3348         optimization passes in the LLVM optimizer pipeline. This also allows
3349         FastISel to select more instructions, because less non-legal types are
3350         generated.
3351         
3352         Also fix the order of the alias analysis passes in the optimization
3353         pipeline.
3354
3355         * ftl/FTLCompile.cpp:
3356         (JSC::FTL::mmAllocateDataSection):
3357
3358 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3359
3360         Removed an unused function.
3361
3362         Reviewed by Michael Saboff.
3363
3364         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3365
3366         * parser/ParserArena.h:
3367
3368 2014-12-05  David Kilzer  <ddkilzer@apple.com>
3369
3370         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
3371         <http://webkit.org/b/139286>
3372
3373         Reviewed by Daniel Bates.
3374
3375         * Configurations/FeatureDefines.xcconfig: Switch back to using
3376         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
3377
3378 2014-12-04  Mark Rowe  <mrowe@apple.com>
3379
3380         Build fix after r176836.
3381
3382         Reviewed by Mark Lam.
3383
3384         * runtime/VM.h:
3385         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
3386         Doing so results in a weak external symbol being generated.
3387
3388 2014-12-04  Saam Barati  <saambarati1@gmail.com>
3389
3390         JavaScript Control Flow Profiler
3391         https://bugs.webkit.org/show_bug.cgi?id=137785
3392
3393         Reviewed by Filip Pizlo.
3394
3395         This patch introduces a mechanism for JavaScriptCore to profile
3396         which basic blocks have executed. This mechanism will then be
3397         used by the Web Inspector to indicate which basic blocks
3398         have and have not executed.
3399         
3400         The profiling works by compiling in an op_profile_control_flow
3401         at the start of every basic block. Then, whenever this op code 
3402         executes, we know that a particular basic block has executed.
3403         
3404         When we tier up a CodeBlock that contains an op_profile_control_flow
3405         that corresponds to an already executed basic block, we don't
3406         have to emit code for that particular op_profile_control_flow
3407         because the internal data structures used to keep track of 
3408         basic block locations has already recorded that the corresponding
3409         op_profile_control_flow has executed.
3410
3411         * CMakeLists.txt:
3412         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3413         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3414         * JavaScriptCore.xcodeproj/project.pbxproj:
3415         * bytecode/BytecodeList.json:
3416         * bytecode/BytecodeUseDef.h:
3417         (JSC::computeUsesForBytecodeOffset):
3418         (JSC::computeDefsForBytecodeOffset):
3419         * bytecode/CodeBlock.cpp:
3420         (JSC::CodeBlock::dumpBytecode):
3421         (JSC::CodeBlock::CodeBlock):
3422         * bytecode/Instruction.h:
3423         * bytecode/UnlinkedCodeBlock.cpp:
3424         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3425         * bytecode/UnlinkedCodeBlock.h:
3426         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3427         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
3428         * bytecompiler/BytecodeGenerator.cpp:
3429         (JSC::BytecodeGenerator::emitProfileControlFlow):
3430         * bytecompiler/BytecodeGenerator.h:
3431         * bytecompiler/NodesCodegen.cpp:
3432         (JSC::ConditionalNode::emitBytecode):
3433         (JSC::IfElseNode::emitBytecode):
3434         (JSC::WhileNode::emitBytecode):
3435         (JSC::ForNode::emitBytecode):
3436         (JSC::ContinueNode::emitBytecode):
3437         (JSC::BreakNode::emitBytecode):
3438         (JSC::ReturnNode::emitBytecode):
3439         (JSC::CaseClauseNode::emitBytecode):
3440         (JSC::SwitchNode::emitBytecode):
3441         (JSC::ThrowNode::emitBytecode):
3442         (JSC::TryNode::emitBytecode):
3443         (JSC::ProgramNode::emitBytecode):
3444         (JSC::FunctionNode::emitBytecode):
3445         * dfg/DFGAbstractInterpreterInlines.h:
3446         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3447         * dfg/DFGByteCodeParser.cpp:
3448         (JSC::DFG::ByteCodeParser::parseBlock):
3449         * dfg/DFGCapabilities.cpp:
3450         (JSC::DFG::capabilityLevel):
3451         * dfg/DFGClobberize.h:
3452         (JSC::DFG::clobberize):
3453         * dfg/DFGDoesGC.cpp:
3454         (JSC::DFG::doesGC):
3455         * dfg/DFGFixupPhase.cpp:
3456         (JSC::DFG::FixupPhase::fixupNode):
3457         * dfg/DFGNode.h:
3458         (JSC::DFG::Node::basicBlockLocation):
3459         * dfg/DFGNodeType.h:
3460         * dfg/DFGPredictionPropagationPhase.cpp:
3461         (JSC::DFG::PredictionPropagationPhase::propagate):
3462         * dfg/DFGSafeToExecute.h:
3463         (JSC::DFG::safeToExecute):
3464         * dfg/DFGSpeculativeJIT32_64.cpp:
3465         (JSC::DFG::SpeculativeJIT::compile):
3466         * dfg/DFGSpeculativeJIT64.cpp:
3467         (JSC::DFG::SpeculativeJIT::compile):
3468         * inspector/agents/InspectorRuntimeAgent.cpp:
3469         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3470         * jit/JIT.cpp:
3471         (JSC::JIT::privateCompileMainPass):
3472         * jit/JIT.h:
3473         * jit/JITOpcodes.cpp:
3474         (JSC::JIT::emit_op_profile_control_flow):
3475         * jit/JITOpcodes32_64.cpp:
3476         (JSC::JIT::emit_op_profile_control_flow):
3477         * jsc.cpp:
3478         (GlobalObject::finishCreation):
3479         (functionFindTypeForExpression):
3480         (functionReturnTypeFor):
3481         (functionDumpBasicBlockExecutionRanges):
3482         * llint/LowLevelInterpreter.asm:
3483         * parser/ASTBuilder.h:
3484         (JSC::ASTBuilder::createFunctionExpr):
3485         (JSC::ASTBuilder::createGetterOrSetterProperty):
3486         (JSC::ASTBuilder::createFuncDeclStatement):
3487         (JSC::ASTBuilder::endOffset):
3488         (JSC::ASTBuilder::setStartOffset):
3489         * parser/NodeConstructors.h:
3490         (JSC::Node::Node):
3491         * parser/Nodes.h:
3492         (JSC::CaseClauseNode::setStartOffset):
3493         * parser/Parser.cpp:
3494         (JSC::Parser<LexerType>::parseSwitchClauses):
3495         (JSC::Parser<LexerType>::parseSwitchDefaultClause):
3496         (JSC::Parser<LexerType>::parseBlockStatement):
3497         (JSC::Parser<LexerType>::parseStatement):
3498         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3499         (JSC::Parser<LexerType>::parseIfStatement):
3500         (JSC::Parser<LexerType>::parseExpression):
3501         (JSC::Parser<LexerType>::parseConditionalExpression):
3502         (JSC::Parser<LexerType>::parseProperty):
3503         (JSC::Parser<LexerType>::parseMemberExpression):
3504         * parser/SyntaxChecker.h:
3505         (JSC::SyntaxChecker::createFunctionExpr):
3506         (JSC::SyntaxChecker::createFuncDeclStatement):
3507         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3508         (JSC::SyntaxChecker::operatorStackPop):
3509         * runtime/BasicBlockLocation.cpp: Added.
3510         (JSC::BasicBlockLocation::BasicBlockLocation):
3511         (JSC::BasicBlockLocation::insertGap):
3512         (JSC::BasicBlockLocation::getExecutedRanges):
3513         (JSC::BasicBlockLocation::dumpData):
3514         (JSC::BasicBlockLocation::emitExecuteCode):
3515         * runtime/BasicBlockLocation.h: Added.
3516         (JSC::BasicBlockLocation::startOffset):
3517         (JSC::BasicBlockLocation::endOffset):
3518         (JSC::BasicBlockLocation::setStartOffset):
3519         (JSC::BasicBlockLocation::setEndOffset):
3520         (JSC::BasicBlockLocation::hasExecuted):
3521         * runtime/CodeCache.cpp:
3522         (JSC::CodeCache::getGlobalCodeBlock):
3523         * runtime/ControlFlowProfiler.cpp: Added.
3524         (JSC::ControlFlowProfiler::~ControlFlowProfiler):
3525         (JSC::ControlFlowProfiler::getBasicBlockLocation):
3526         (JSC::ControlFlowProfiler::dumpData):
3527         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
3528         * runtime/ControlFlowProfiler.h: Added. This class is in 
3529         charge of generating BasicBlockLocations and also
3530         providing an interface that the Web Inspector can use to ping
3531         which basic blocks have executed based on the source id of a script.
3532
3533         (JSC::BasicBlockKey::BasicBlockKey):
3534         (JSC::BasicBlockKey::isHashTableDeletedValue):
3535         (JSC::BasicBlockKey::operator==):
3536         (JSC::BasicBlockKey::hash):
3537         (JSC::BasicBlockKeyHash::hash):
3538         (JSC::BasicBlockKeyHash::equal):
3539         * runtime/Executable.cpp:
3540         (JSC::ProgramExecutable::ProgramExecutable):
3541         (JSC::ProgramExecutable::initializeGlobalProperties):
3542         * runtime/FunctionHasExecutedCache.cpp:
3543         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges):
3544         * runtime/FunctionHasExecutedCache.h:
3545         * runtime/Options.h:
3546         * runtime/TypeProfiler.cpp:
3547         (JSC::TypeProfiler::logTypesForTypeLocation):
3548         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
3549         (JSC::TypeProfiler::findLocation):
3550         (JSC::TypeProfiler::dumpTypeProfilerData):
3551         * runtime/TypeProfiler.h:
3552         (JSC::TypeProfiler::functionHasExecutedCache): Deleted.
3553         * runtime/VM.cpp:
3554         (JSC::VM::VM):
3555         (JSC::enableProfilerWithRespectToCount):
3556         (JSC::disableProfilerWithRespectToCount):
3557         (JSC::VM::enableTypeProfiler):
3558         (JSC::VM::disableTypeProfiler):
3559         (JSC::VM::enableControlFlowProfiler):
3560         (JSC::VM::disableControlFlowProfiler):
3561         (JSC::VM::dumpTypeProfilerData):
3562         * runtime/VM.h:
3563         (JSC::VM::functionHasExecutedCache):
3564         (JSC::VM::controlFlowProfiler):
3565
3566 2014-12-04  Filip Pizlo  <fpizlo@apple.com>
3567
3568         printInternal(PrintStream& out, JSC::JITCode::JITType type) ends up dumping a literal %s
3569         https://bugs.webkit.org/show_bug.cgi?id=139274
3570
3571         Reviewed by Geoffrey Garen.
3572
3573         * jit/JITCode.cpp:
3574         (WTF::printInternal):
3575
3576 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3577
3578         Removed the concept of ParserArenaRefCounted
3579         https://bugs.webkit.org/show_bug.cgi?id=139277
3580
3581         Reviewed by Oliver Hunt.
3582
3583         This is a step toward a parser speedup.
3584
3585         Now that we have a clear root node type for each parse tree, there's no
3586         need to have a concept for "I might be refcounted or arena allocated".
3587         Instead, we can just use unique_ptr to manage the tree as a whole.
3588
3589         * API/JSScriptRef.cpp:
3590         (parseScript):
3591         * builtins/BuiltinExecutables.cpp:
3592         (JSC::BuiltinExecutables::createBuiltinExecutable): Updated for type change.
3593
3594         * bytecode/UnlinkedCodeBlock.cpp:
3595         (JSC::generateFunctionCodeBlock): Use unique_ptr. No need to call
3596         destroyData() explicitly: the unique_ptr destructor will do everything
3597         we need, as Bjarne intended.
3598
3599         * parser/NodeConstructors.h:
3600         (JSC::ParserArenaRoot::ParserArenaRoot):
3601         (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Deleted.
3602
3603         * parser/Nodes.cpp:
3604         (JSC::ScopeNode::ScopeNode):
3605         (JSC::ProgramNode::ProgramNode):
3606         (JSC::EvalNode::EvalNode):
3607         (JSC::FunctionNode::FunctionNode):
3608         (JSC::ProgramNode::create): Deleted.
3609         (JSC::EvalNode::create): Deleted.
3610         (JSC::FunctionNode::create): Deleted. All special create semantics can
3611         just go away now that we play by C++ constructor / destructor rules.
3612
3613         * parser/Nodes.h:
3614         (JSC::ParserArenaRoot::parserArena):
3615         (JSC::ParserArenaRoot::~ParserArenaRoot): Just a normal class now, which
3616         holds onto the whole parse tree by virtue of owning the arena in which
3617         all the parsed nodes (except for itself) were allocated.
3618
3619         (JSC::ProgramNode::closedVariables):
3620         (JSC::ParserArenaRefCounted::~ParserArenaRefCounted): Deleted.
3621
3622         (JSC::ScopeNode::destroyData): Deleted. No need to destroy anything
3623         explicitly anymore -- we can just rely on destructors.
3624
3625         (JSC::ScopeNode::parserArena): Deleted.
3626
3627         * parser/Parser.h:
3628         (JSC::Parser<LexerType>::parse):
3629         (JSC::parse): unique_ptr all the things.
3630
3631         * parser/ParserArena.cpp:
3632         (JSC::ParserArena::reset):
3633         (JSC::ParserArena::isEmpty):
3634         (JSC::ParserArena::contains): Deleted.
3635         (JSC::ParserArena::last): Deleted.
3636         (JSC::ParserArena::removeLast): Deleted.
3637         (JSC::ParserArena::derefWithArena): Deleted.
3638         * parser/ParserArena.h:
3639         (JSC::ParserArena::swap): Much delete. Such wow.
3640
3641         * runtime/CodeCache.cpp:
3642         (JSC::CodeCache::getGlobalCodeBlock):
3643         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
3644         * runtime/Completion.cpp:
3645         (JSC::checkSyntax):
3646         * runtime/Executable.cpp:
3647         (JSC::ProgramExecutable::checkSyntax): unique_ptr all the things.
3648
3649 2014-12-04  Andreas Kling  <akling@apple.com>
3650
3651         REGRESSION(r173188): Text inserted when trying to delete a word from the Twitter message box.
3652         <https://webkit.org/b/139076>
3653
3654         Reviewed by Geoffrey Garen.
3655
3656         The StringImpl* -> Weak<JSString> cache used by the DOM bindings
3657         had a bug where the key could become a stale pointer if the cached
3658         JSString had its internal StringImpl atomicized.
3659
3660         If a new StringImpl was then later constructed at the exact same
3661         address as the stale key, before the Weak<JSString> got booted out
3662         of the string cache, we'd now have a situation where asking the
3663         string cache for that key would return the old JSString.
3664
3665         Solve this by not allowing JSString::toExistingAtomicString() to
3666         change the JSString's internal StringImpl unless it's resolving a
3667         rope string. (The StringImpl nullity determines rope state.)
3668
3669         This means that calling toExistingAtomicString() may now have to
3670         query the AtomicString table on each call rather than just once.
3671         All clients of this API would be forced to do this regardless,
3672         since they return value will be used to key into containers with
3673         AtomicStringImpl* keys.
3674
3675         No test because this relies on malloc putting two StringImpls
3676         at the same address at different points in time and we have no
3677         mechanism to reliably test that.
3678
3679         * runtime/JSString.h:
3680         (JSC::JSString::toExistingAtomicString):
3681
3682 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3683
3684         Marked some final things final.
3685
3686         Reviewed by Andreas Kling.
3687
3688         * parser/Nodes.h:
3689
3690 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3691
3692         Split out FunctionNode from FunctionBodyNode
3693         https://bugs.webkit.org/show_bug.cgi?id=139273
3694
3695         Reviewed by Andreas Kling.
3696
3697         This is step toward a parser speedup.
3698
3699         We used to use FunctionBodyNode for two different purposes:
3700
3701         (1) "I am the root function you are currently parsing";
3702
3703         (2) "I am a lazy record of a nested function, which you will parse later".
3704
3705         This made for awkward lifetime semantics and interfaces.
3706
3707         Now, case (1) is handled by FunctionBodyNode, and case (2) is handled by
3708         a new node named FunctionNode.
3709
3710         Since case (1) no longer needs to handle being the root of the parse
3711         tree, FunctionBodyNode can be a normal arena-allocated node.
3712
3713         * bytecode/UnlinkedCodeBlock.cpp:
3714         (JSC::generateFunctionCodeBlock): Use FunctionNode instead of
3715         FunctionBodyNode, since we are producing the root of the function parse
3716         tree.
3717
3718         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Removed
3719         some unused data, and default-initialized other data, which isn't filled
3720         in meaningfully until recordParse() is called. (The previous values were
3721         incorrect / meaningless, since the FunctionBodyNode didn't have
3722         meaningful values in this case.)
3723
3724         * bytecode/UnlinkedCodeBlock.h: Ditto.
3725
3726         (JSC::UnlinkedFunctionExecutable::forceUsesArguments): Deleted.
3727
3728         * bytecompiler/BytecodeGenerator.cpp:
3729         (JSC::BytecodeGenerator::BytecodeGenerator): Use FunctionNode instead of
3730         FunctionBodyNode, since we are generating code starting at the root of
3731         the parse tree.
3732
3733         (JSC::BytecodeGenerator::resolveCallee):
3734         (JSC::BytecodeGenerator::addCallee):
3735         * bytecompiler/BytecodeGenerator.h: Ditto.
3736
3737         * bytecompiler/NodesCodegen.cpp:
3738         (JSC::FunctionBodyNode::emitBytecode):
3739         (JSC::FunctionNode::emitBytecode): Moved the emitBytecode implementation
3740         to FunctionNode, since we never generate code for FunctionBodyNode,
3741         since it's just a placeholder in the AST.
3742
3743         * parser/ASTBuilder.h:
3744         (JSC::ASTBuilder::createFunctionBody):
3745         (JSC::ASTBuilder::setUsesArguments): Deleted. Updated for interface
3746         changes.
3747
3748         * parser/Nodes.cpp:
3749         (JSC::FunctionBodyNode::FunctionBodyNode):
3750         (JSC::FunctionBodyNode::finishParsing):
3751         (JSC::FunctionBodyNode::setEndPosition):
3752         (JSC::FunctionNode::FunctionNode):
3753         (JSC::FunctionNode::create):
3754         (JSC::FunctionNode::finishParsing):
3755         (JSC::FunctionBodyNode::create): Deleted.
3756
3757         * parser/Nodes.h:
3758         (JSC::FunctionBodyNode::parameters):
3759         (JSC::FunctionBodyNode::source):
3760         (JSC::FunctionBodyNode::startStartOffset):
3761         (JSC::FunctionBodyNode::isInStrictContext):
3762         (JSC::FunctionNode::parameters):
3763         (JSC::FunctionNode::ident):
3764         (JSC::FunctionNode::functionMode):
3765         (JSC::FunctionNode::startColumn):
3766         (JSC::FunctionNode::endColumn):
3767         (JSC::ScopeNode::setSource): Deleted.
3768         (JSC::FunctionBodyNode::parameterCount): Deleted. Split out the differences
3769         between FunctionNode and FunctionBodyNode.
3770
3771         * parser/SyntaxChecker.h:
3772         (JSC::SyntaxChecker::createClauseList):
3773         (JSC::SyntaxChecker::setUsesArguments): Deleted. Removed setUsesArguments
3774         since it wasn't used.
3775
3776         * runtime/Executable.cpp:
3777         (JSC::ProgramExecutable::checkSyntax): Removed a branch that was always
3778         false.
3779
3780 2014-12-02  Brian J. Burg  <burg@cs.washington.edu>
3781
3782         Web Inspector: timeline probe records have inaccurate per-probe hit counts
3783         https://bugs.webkit.org/show_bug.cgi?id=138976
3784
3785         Reviewed by Joseph Pecoraro.
3786
3787         Previously, the DebuggerAgent was responsible for assigning unique ids to samples.
3788         However, this makes it impossible for the frontend's Timeline manager to associate
3789         a Probe Sample timeline record with the corresponding probe sample data. The record
3790         only included the probe batchId (misnamed as hitCount in ScriptDebugServer).
3791
3792         This patch moves both the batchId and sampleId counters into ScriptDebugServer, so
3793         any client of ScriptDebugListener will get the correct sampleId for each sample.
3794
3795         * inspector/ScriptDebugListener.h:
3796         * inspector/ScriptDebugServer.cpp:
3797         (Inspector::ScriptDebugServer::ScriptDebugServer):
3798         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
3799         (Inspector::ScriptDebugServer::handleBreakpointHit):
3800         * inspector/ScriptDebugServer.h:
3801         * inspector/agents/InspectorDebuggerAgent.cpp:
3802         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
3803         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3804         * inspector/agents/InspectorDebuggerAgent.h:
3805
3806 2014-12-04  Oliver Hunt  <oliver@apple.com>
3807
3808         Serialization of MapData object provides unsafe access to internal types
3809         https://bugs.webkit.org/show_bug.cgi?id=138653
3810
3811         Reviewed by Geoffrey Garen.
3812
3813         Converting these ASSERTs into RELEASE_ASSERTs, as it is now obvious
3814         that despite trying hard to be safe in all cases it's simply to easy
3815         to use an iterator in an unsafe state.
3816
3817         * runtime/MapData.h:
3818         (JSC::MapData::const_iterator::key):
3819         (JSC::MapData::const_iterator::value):
3820
3821 2014-12-03  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3822
3823         Move JavaScriptCore/dfg to std::unique_ptr
3824         https://bugs.webkit.org/show_bug.cgi?id=139169
3825
3826         Reviewed by Filip Pizlo.
3827
3828         Use std::unique_ptr<>|std::make_unique<> in JavaScriptCore/dfg directory.
3829
3830         * dfg/DFGBasicBlock.h:
3831         * dfg/DFGJITCompiler.cpp:
3832         (JSC::DFG::JITCompiler::JITCompiler):
3833         (JSC::DFG::JITCompiler::compile):
3834         (JSC::DFG::JITCompiler::link):
3835         (JSC::DFG::JITCompiler::compileFunction):
3836         (JSC::DFG::JITCompiler::linkFunction):
3837         * dfg/DFGJITCompiler.h:
3838         * dfg/DFGPlan.cpp:
3839         (JSC::DFG::Plan::compileInThreadImpl):
3840         (JSC::DFG::Plan::cancel):
3841         * dfg/DFGPlan.h:
3842         * dfg/DFGSlowPathGenerator.h:
3843         * dfg/DFGWorklist.h:
3844         * ftl/FTLFail.cpp:
3845         (JSC::FTL::fail):
3846         * ftl/FTLState.cpp:
3847         (JSC::FTL::State::State):
3848
3849 2014-12-03  Michael Saboff  <msaboff@apple.com>
3850
3851         REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests
3852         https://bugs.webkit.org/show_bug.cgi?id=139246
3853
3854         Reviewed by Geoffrey Garen.
3855
3856         * ftl/FTLLowerDFGToLLVM.cpp:
3857         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
3858         The DFG_ASSERT that checks liveness at exit time doesn't properly
3859         handle the case where the local is not available at OSR exit time,
3860         but the local is live in the bytecode.  This now happens with the
3861         allocated scope register when we are compiling for FTLForOSREntryMode
3862         due to DCE done when the control flow was changed and a new entrypoint
3863         was added in the OSR entrypoint creation phase.  Therefore we silence
3864         the assert when compiling for FTLForOSREntryMode.
3865
3866 2014-12-03  Geoffrey Garen  <ggaren@apple.com>
3867
3868         Removed the global parser arena
3869         https://bugs.webkit.org/show_bug.cgi?id=139236
3870
3871         Reviewed by Sam Weinig.
3872
3873         Simplifies parser lifetime logic.
3874
3875         There's no need to keep a global arena. We can create a new arena
3876         each time we parse.
3877
3878         * bytecompiler/BytecodeGenerator.h: Global replace to pass around a
3879         ParserArena instead of VM*, since the VM no longer owns the arena.
3880         (JSC::BytecodeGenerator::parserArena):
3881
3882         * bytecompiler/NodesCodegen.cpp: Ditto.
3883         (JSC::ArrayNode::toArgumentList):
3884         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3885         * parser/ASTBuilder.h: Ditto.
3886         (JSC::ASTBuilder::ASTBuilder):
3887         (JSC::ASTBuilder::createSourceElements):
3888         (JSC::ASTBuilder::createCommaExpr):
3889         (JSC::ASTBuilder::createLogicalNot):
3890         (JSC::ASTBuilder::createUnaryPlus):
3891         (JSC::ASTBuilder::createVoid):
3892         (JSC::ASTBuilder::thisExpr):
3893         (JSC::ASTBuilder::createResolve):
3894         (JSC::ASTBuilder::createObjectLiteral):
3895         (JSC::ASTBuilder::createArray):
3896         (JSC::ASTBuilder::createNumberExpr):
3897         (JSC::ASTBuilder::createString):
3898         (JSC::ASTBuilder::createBoolean):
3899         (JSC::ASTBuilder::createNull):
3900         (JSC::ASTBuilder::createBracketAccess):
3901         (JSC::ASTBuilder::createDotAccess):
3902         (JSC::ASTBuilder::createSpreadExpression):
3903         (JSC::ASTBuilder::createRegExp):
3904         (JSC::ASTBuilder::createNewExpr):
3905         (JSC::ASTBuilder::createConditionalExpr):
3906         (JSC::ASTBuilder::createAssignResolve):
3907         (JSC::ASTBuilder::createFunctionExpr):
3908         (JSC::ASTBuilder::createFunctionBody):
3909         (JSC::ASTBuilder::createGetterOrSetterProperty):
3910         (JSC::ASTBuilder::createArguments):
3911         (JSC::ASTBuilder::createArgumentsList):
3912         (JSC::ASTBuilder::createProperty):
3913         (JSC::ASTBuilder::createPropertyList):
3914         (JSC::ASTBuilder::createElementList):
3915         (JSC::ASTBuilder::createFormalParameterList):
3916         (JSC::ASTBuilder::createClause):
3917         (JSC::ASTBuilder::createClauseList):
3918         (JSC::ASTBuilder::createFuncDeclStatement):
3919         (JSC::ASTBuilder::createBlockStatement):
3920         (JSC::ASTBuilder::createExprStatement):
3921         (JSC::ASTBuilder::createIfStatement):
3922         (JSC::ASTBuilder::createForLoop):
3923         (JSC::ASTBuilder::createForInLoop):
3924         (JSC::ASTBuilder::createForOfLoop):
3925         (JSC::ASTBuilder::createEmptyStatement):
3926         (JSC::ASTBuilder::createVarStatement):
3927         (JSC::ASTBuilder::createEmptyVarExpression):
3928         (JSC::ASTBuilder::createReturnStatement):
3929         (JSC::ASTBuilder::createBreakStatement):
3930         (JSC::ASTBuilder::createContinueStatement):
3931         (JSC::ASTBuilder::createTryStatement):
3932         (JSC::ASTBuilder::createSwitchStatement):
3933         (JSC::ASTBuilder::createWhileStatement):
3934         (JSC::ASTBuilder::createDoWhileStatement):
3935         (JSC::ASTBuilder::createLabelStatement):
3936         (JSC::ASTBuilder::createWithStatement):
3937         (JSC::ASTBuilder::createThrowStatement):
3938         (JSC::ASTBuilder::createDebugger):
3939         (JSC::ASTBuilder::createConstStatement):
3940         (JSC::ASTBuilder::appendConstDecl):
3941         (JSC::ASTBuilder::combineCommaNodes):
3942         (JSC::ASTBuilder::createDeconstructingAssignment):
3943         (JSC::ASTBuilder::Scope::Scope):
3944         (JSC::ASTBuilder::createNumber):
3945         (JSC::ASTBuilder::makeTypeOfNode):
3946         (JSC::ASTBuilder::makeDeleteNode):
3947         (JSC::ASTBuilder::makeNegateNode):
3948         (JSC::ASTBuilder::makeBitwiseNotNode):
3949