6b01d1b55607955bd048e6b5d1e03c190f9ca7be
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
2
3         Remove VM::releaseExecutableMemory
4         https://bugs.webkit.org/show_bug.cgi?id=147915
5
6         Reviewed by Saam Barati.
7
8         releaseExecutableMemory() was only used in one place, where discardAllCode()
9         would work just as well.
10
11         It's confusing to have two slightly different ways to discard code. Also,
12         releaseExecutableMemory() is unused in any production code, and it seems
13         to have bit-rotted.
14
15         * jit/ExecutableAllocator.h:
16         * jsc.cpp:
17         (GlobalObject::finishCreation):
18         (functionAddressOf):
19         (functionVersion):
20         (functionReleaseExecutableMemory): Deleted.
21         * runtime/VM.cpp:
22         (JSC::StackPreservingRecompiler::operator()):
23         (JSC::VM::throwException):
24         (JSC::VM::updateFTLLargestStackSize):
25         (JSC::VM::gatherConservativeRoots):
26         (JSC::VM::releaseExecutableMemory): Deleted.
27         (JSC::releaseExecutableMemory): Deleted.
28         * runtime/VM.h:
29         (JSC::VM::isCollectorBusy):
30         * runtime/Watchdog.cpp:
31         (JSC::Watchdog::setTimeLimit):
32
33 2015-08-12  Mark Lam  <mark.lam@apple.com>
34
35         Add a JSC option to enable the watchdog for testing.
36         https://bugs.webkit.org/show_bug.cgi?id=147939
37
38         Reviewed by Michael Saboff.
39
40         * API/JSContextRef.cpp:
41         (JSContextGroupSetExecutionTimeLimit):
42         (createWatchdogIfNeeded): Deleted.
43         * runtime/Options.h:
44         * runtime/VM.cpp:
45         (JSC::VM::VM):
46         (JSC::VM::~VM):
47         (JSC::VM::sharedInstanceInternal):
48         (JSC::VM::ensureWatchdog):
49         (JSC::thunkGeneratorForIntrinsic):
50         * runtime/VM.h:
51
52 2015-08-11  Mark Lam  <mark.lam@apple.com>
53
54         Implementation JavaScript watchdog using WTF::WorkQueue.
55         https://bugs.webkit.org/show_bug.cgi?id=147107
56
57         Reviewed by Geoffrey Garen.
58
59         How the Watchdog works?
60         ======================
61
62         1. When do we start the Watchdog?
63            =============================
64            The watchdog should only be started if both the following conditions are true:
65            1. A time limit has been set.
66            2. We have entered the VM.
67  
68         2. CPU time vs Wall Clock time
69            ===========================
70            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
71
72            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
73            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
74            indicates the wall clock time point when the WorkQueue timer is expected to fire.
75
76            The time limit for which we allow JS code to run should be measured in CPU time, which can
77            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
78            should fire.
79
80            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
81            we need to check if m_cpuDeadline has been reached.
82
83            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
84
85            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
86            code to continue to run for.  Hence, we need to start a new timer to fire again after
87            Tremainder microseconds.
88     
89            See Watchdog::didFireSlow().
90
91         3. Spurious wake ups
92            =================
93            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
94            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
95            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
96            wake ups are considered to be spurious and will be ignored.
97  
98            See Watchdog::didFireSlow().
99  
100         4. Minimizing Timer creation cost
101            ==============================
102            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
103            than this.
104  
105            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
106            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
107            time limit. Consider the following example:
108  
109                |---|-----|---|----------------|---------|
110                t0  t1    t2  t3            t0 + L    t2 + L 
111
112                |<--- T1 --------------------->|
113                          |<--- T2 --------------------->|
114                |<-- Td ->|                    |<-- Td ->|
115
116            1. The user initializes the watchdog with time limit L.
117            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
118               The timer is set to expire at t0 + L.
119            3. At t1, we exit the VM.
120            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
121          
122               However, we can note that the expiration time for T2 would be after the expiration time
123               of T1. Specifically, T2 would have expired at Td after T1 expires.
124          
125               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
126               for a period or Td instead.
127
128            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
129            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
130            automatically take care of starting a new timer for the difference Td in the example above.
131            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
132            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
133
134            The benefit:
135
136            1. we minimize the number of timer instances we have queued in the workqueue at the same time
137               (ideally only 1 or 0), and use less peak memory usage.
138
139            2. we minimize the frequency of instantiating timer instances. By waiting for the current
140               active timer to expire first, on average, we get to start one timer per time limit
141               (which is infrequent because time limits tend to be long) instead of one timer per
142               VM entry (which tends to be frequent).
143
144            See Watchdog::startTimer().
145
146         * API/JSContextRef.cpp:
147         (createWatchdogIfNeeded):
148         (JSContextGroupClearExecutionTimeLimit):
149         - No need to create the watchdog (if not already created) just to clear it.
150           If the watchdog is not created yet, then it is effectively cleared.
151
152         * API/tests/ExecutionTimeLimitTest.cpp:
153         (currentCPUTimeAsJSFunctionCallback):
154         (testExecutionTimeLimit):
155         (currentCPUTime): Deleted.
156         * API/tests/testapi.c:
157         (main):
158         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
159         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
160         - Enable watchdog tests for all platforms.
161
162         * CMakeLists.txt:
163         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
164         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
165         * JavaScriptCore.xcodeproj/project.pbxproj:
166         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
167
168         * PlatformEfl.cmake:
169
170         * dfg/DFGByteCodeParser.cpp:
171         (JSC::DFG::ByteCodeParser::parseBlock):
172         * dfg/DFGSpeculativeJIT32_64.cpp:
173         * dfg/DFGSpeculativeJIT64.cpp:
174         * interpreter/Interpreter.cpp:
175         (JSC::Interpreter::execute):
176         (JSC::Interpreter::executeCall):
177         (JSC::Interpreter::executeConstruct):
178         * jit/JITOpcodes.cpp:
179         (JSC::JIT::emit_op_loop_hint):
180         (JSC::JIT::emitSlow_op_loop_hint):
181         * jit/JITOperations.cpp:
182         * llint/LLIntOffsetsExtractor.cpp:
183         * llint/LLIntSlowPaths.cpp:
184         * runtime/VM.cpp:
185         - #include Watchdog.h in these files directly instead of doing it via VM.h.
186           These saves us from having to recompile the world when we change Watchdog.h.
187
188         * runtime/VM.h:
189         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
190           thread-safe ref counted.
191
192         * runtime/VMEntryScope.cpp:
193         (JSC::VMEntryScope::VMEntryScope):
194         (JSC::VMEntryScope::~VMEntryScope):
195         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
196           Instead, the VMEntryScope will inform the watchdog of when we have entered and
197           exited the VM.
198
199         * runtime/Watchdog.cpp:
200         (JSC::currentWallClockTime):
201         (JSC::Watchdog::Watchdog):
202         (JSC::Watchdog::hasStartedTimer):
203         (JSC::Watchdog::setTimeLimit):
204         (JSC::Watchdog::didFireSlow):
205         (JSC::Watchdog::hasTimeLimit):
206         (JSC::Watchdog::fire):
207         (JSC::Watchdog::enteredVM):
208         (JSC::Watchdog::exitedVM):
209
210         (JSC::Watchdog::startTimer):
211         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
212           (from a different thread) even after the VM shuts down.  We need to keep it
213           alive until the WorkQueue callback completes.
214
215           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
216           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
217           is done with it.  This ensures that the Watchdog is kept alive until all
218           WorkQueue callbacks are done.
219
220         (JSC::Watchdog::stopTimer):
221         (JSC::Watchdog::~Watchdog): Deleted.
222         (JSC::Watchdog::didFire): Deleted.
223         (JSC::Watchdog::isEnabled): Deleted.
224         (JSC::Watchdog::arm): Deleted.
225         (JSC::Watchdog::disarm): Deleted.
226         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
227         (JSC::Watchdog::startCountdown): Deleted.
228         (JSC::Watchdog::stopCountdown): Deleted.
229         * runtime/Watchdog.h:
230         (JSC::Watchdog::didFire):
231         (JSC::Watchdog::timerDidFireAddress):
232         (JSC::Watchdog::isArmed): Deleted.
233         (JSC::Watchdog::Scope::Scope): Deleted.
234         (JSC::Watchdog::Scope::~Scope): Deleted.
235         * runtime/WatchdogMac.cpp:
236         (JSC::Watchdog::initTimer): Deleted.
237         (JSC::Watchdog::destroyTimer): Deleted.
238         (JSC::Watchdog::startTimer): Deleted.
239         (JSC::Watchdog::stopTimer): Deleted.
240         * runtime/WatchdogNone.cpp:
241         (JSC::Watchdog::initTimer): Deleted.
242         (JSC::Watchdog::destroyTimer): Deleted.
243         (JSC::Watchdog::startTimer): Deleted.
244         (JSC::Watchdog::stopTimer): Deleted.
245
246 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
247
248         Always use a byte-sized lock implementation
249         https://bugs.webkit.org/show_bug.cgi?id=147908
250
251         Reviewed by Geoffrey Garen.
252
253         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
254
255 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
256
257         Make ASan build not depend on asan.xcconfig
258         https://bugs.webkit.org/show_bug.cgi?id=147840
259         rdar://problem/21093702
260
261         Reviewed by Daniel Bates.
262
263         * dfg/DFGOSREntry.cpp:
264         (JSC::DFG::OSREntryData::dump):
265         (JSC::DFG::prepareOSREntry):
266         * ftl/FTLOSREntry.cpp:
267         (JSC::FTL::prepareOSREntry):
268         * heap/ConservativeRoots.cpp:
269         (JSC::ConservativeRoots::genericAddPointer):
270         (JSC::ConservativeRoots::genericAddSpan):
271         * heap/MachineStackMarker.cpp:
272         (JSC::MachineThreads::removeThreadIfFound):
273         (JSC::MachineThreads::gatherFromCurrentThread):
274         (JSC::MachineThreads::Thread::captureStack):
275         (JSC::copyMemory):
276         * interpreter/Register.h:
277         (JSC::Register::operator=):
278         (JSC::Register::asanUnsafeJSValue):
279         (JSC::Register::jsValue):
280
281 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
282
283         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
284         https://bugs.webkit.org/show_bug.cgi?id=147480
285
286         Reviewed by Filip Pizlo.
287
288         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
289         The IC site only caches one id. After checking that the given id is the same to the
290         cached one, we perform the get_by_id IC onto it.
291         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
292         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
293         operations when the given get_by_val leverages the property load with the cached id.
294
295         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
296         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
297         This can be leveraged to optimize symbol operations in DFG.
298
299         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
300         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
301         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
302         argument ArrayProfile* in the operations with ByValInfo*.
303
304         * bytecode/ByValInfo.h:
305         (JSC::ByValInfo::ByValInfo):
306         * bytecode/CodeBlock.cpp:
307         (JSC::CodeBlock::getByValInfoMap):
308         (JSC::CodeBlock::addByValInfo):
309         * bytecode/CodeBlock.h:
310         (JSC::CodeBlock::getByValInfo): Deleted.
311         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
312         (JSC::CodeBlock::numberOfByValInfos): Deleted.
313         (JSC::CodeBlock::byValInfo): Deleted.
314         * bytecode/ExitKind.cpp:
315         (JSC::exitKindToString):
316         * bytecode/ExitKind.h:
317         * bytecode/GetByIdStatus.cpp:
318         (JSC::GetByIdStatus::computeFor):
319         (JSC::GetByIdStatus::computeForStubInfo):
320         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
321         * bytecode/GetByIdStatus.h:
322         * dfg/DFGAbstractInterpreterInlines.h:
323         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
324         * dfg/DFGByteCodeParser.cpp:
325         (JSC::DFG::ByteCodeParser::parseBlock):
326         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
327         * dfg/DFGClobberize.h:
328         (JSC::DFG::clobberize):
329         * dfg/DFGConstantFoldingPhase.cpp:
330         (JSC::DFG::ConstantFoldingPhase::foldConstants):
331         * dfg/DFGDoesGC.cpp:
332         (JSC::DFG::doesGC):
333         * dfg/DFGFixupPhase.cpp:
334         (JSC::DFG::FixupPhase::fixupNode):
335         (JSC::DFG::FixupPhase::observeUseKindOnNode):
336         * dfg/DFGNode.h:
337         (JSC::DFG::Node::hasUidOperand):
338         (JSC::DFG::Node::uidOperand):
339         * dfg/DFGNodeType.h:
340         * dfg/DFGPredictionPropagationPhase.cpp:
341         (JSC::DFG::PredictionPropagationPhase::propagate):
342         * dfg/DFGSafeToExecute.h:
343         (JSC::DFG::SafeToExecuteEdge::operator()):
344         (JSC::DFG::safeToExecute):
345         * dfg/DFGSpeculativeJIT.cpp:
346         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
347         (JSC::DFG::SpeculativeJIT::speculateSymbol):
348         (JSC::DFG::SpeculativeJIT::speculate):
349         * dfg/DFGSpeculativeJIT.h:
350         * dfg/DFGSpeculativeJIT32_64.cpp:
351         (JSC::DFG::SpeculativeJIT::compile):
352         * dfg/DFGSpeculativeJIT64.cpp:
353         (JSC::DFG::SpeculativeJIT::compile):
354         * dfg/DFGUseKind.cpp:
355         (WTF::printInternal):
356         * dfg/DFGUseKind.h:
357         (JSC::DFG::typeFilterFor):
358         (JSC::DFG::isCell):
359         * ftl/FTLAbstractHeapRepository.h:
360         * ftl/FTLCapabilities.cpp:
361         (JSC::FTL::canCompile):
362         * ftl/FTLLowerDFGToLLVM.cpp:
363         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
364         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
365         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
366         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
367         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
368         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
369         * jit/JIT.cpp:
370         (JSC::JIT::privateCompile):
371         * jit/JIT.h:
372         (JSC::ByValCompilationInfo::ByValCompilationInfo):
373         (JSC::JIT::compileGetByValWithCachedId):
374         * jit/JITInlines.h:
375         (JSC::JIT::callOperation):
376         * jit/JITOpcodes.cpp:
377         (JSC::JIT::emit_op_has_indexed_property):
378         (JSC::JIT::emitSlow_op_has_indexed_property):
379         * jit/JITOpcodes32_64.cpp:
380         (JSC::JIT::emit_op_has_indexed_property):
381         (JSC::JIT::emitSlow_op_has_indexed_property):
382         * jit/JITOperations.cpp:
383         (JSC::getByVal):
384         * jit/JITOperations.h:
385         * jit/JITPropertyAccess.cpp:
386         (JSC::JIT::emit_op_get_by_val):
387         (JSC::JIT::emitGetByValWithCachedId):
388         (JSC::JIT::emitSlow_op_get_by_val):
389         (JSC::JIT::emit_op_put_by_val):
390         (JSC::JIT::emitSlow_op_put_by_val):
391         (JSC::JIT::privateCompileGetByVal):
392         (JSC::JIT::privateCompileGetByValWithCachedId):
393         * jit/JITPropertyAccess32_64.cpp:
394         (JSC::JIT::emit_op_get_by_val):
395         (JSC::JIT::emitGetByValWithCachedId):
396         (JSC::JIT::emitSlow_op_get_by_val):
397         (JSC::JIT::emit_op_put_by_val):
398         (JSC::JIT::emitSlow_op_put_by_val):
399         * runtime/Symbol.h:
400         * tests/stress/get-by-val-with-string-constructor.js: Added.
401         (Hello):
402         (get Hello.prototype.generate):
403         (ok):
404         * tests/stress/get-by-val-with-string-exit.js: Added.
405         (shouldBe):
406         (getByVal):
407         (getStr1):
408         (getStr2):
409         * tests/stress/get-by-val-with-string-generated.js: Added.
410         (shouldBe):
411         (getByVal):
412         (getStr1):
413         (getStr2):
414         * tests/stress/get-by-val-with-string-getter.js: Added.
415         (object.get hello):
416         (ok):
417         * tests/stress/get-by-val-with-string.js: Added.
418         (shouldBe):
419         (getByVal):
420         (getStr1):
421         (getStr2):
422         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
423         (Hello):
424         (get Hello.prototype.generate):
425         (ok):
426         * tests/stress/get-by-val-with-symbol-exit.js: Added.
427         (shouldBe):
428         (getByVal):
429         (getSym1):
430         (getSym2):
431         * tests/stress/get-by-val-with-symbol-getter.js: Added.
432         (object.get hello):
433         (.get ok):
434         * tests/stress/get-by-val-with-symbol.js: Added.
435         (shouldBe):
436         (getByVal):
437         (getSym1):
438         (getSym2):
439
440 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
441
442         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
443         https://bugs.webkit.org/show_bug.cgi?id=147891
444         rdar://problem/22129447
445
446         Reviewed by Mark Lam.
447
448         * dfg/DFGByteCodeParser.cpp:
449         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
450         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
451         * dfg/DFGGraph.cpp:
452         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
453         * dfg/DFGStructureRegistrationPhase.cpp:
454         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
455
456 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
457
458         [Win] Switch Windows build to Visual Studio 2015
459         https://bugs.webkit.org/show_bug.cgi?id=147887
460         <rdar://problem/22235098>
461
462         Reviewed by Alex Christensen.
463
464         Update Visual Studio project file settings to use the current Visual
465         Studio and compiler. Continue targeting binaries to run on our minimum
466         supported configuration of Windows 7.
467
468         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
469         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
470         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
471         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
472         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
473         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
474         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
475         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
476         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
477         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
478         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
479         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
480
481 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
482
483         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
484         https://bugs.webkit.org/show_bug.cgi?id=147665
485
486         Reviewed by Mark Lam.
487
488         Replace ByteSpinLock with ByteLock.
489
490         * runtime/ConcurrentJITLock.h:
491
492 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
493
494         Numeric setter on prototype doesn't get called.
495         https://bugs.webkit.org/show_bug.cgi?id=144252
496
497         Reviewed by Darin Adler.
498
499         When switching the blank indexing type to the other one in putByIndex,
500         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
501         it to the slow put indexing type and reloop the putByIndex since there may
502         be some indexing accessor in the prototype chain. Previously, we just set
503         the value into the allocated vector.
504
505         In the putDirectIndex case, we just store the value to the vector.
506         This is because putDirectIndex is the operation to store the own property
507         and it does not check the accessors in the prototype chain.
508
509         * runtime/JSObject.cpp:
510         (JSC::JSObject::putByIndexBeyondVectorLength):
511         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
512         (shouldBe):
513         (Trace):
514         (Trace.prototype.trace):
515         (Trace.prototype.get count):
516         (.):
517         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
518         (shouldBe):
519         (Trace):
520         (Trace.prototype.trace):
521         (Trace.prototype.get count):
522         (.):
523         * tests/stress/numeric-setter-on-prototype.js: Added.
524         (shouldBe):
525         (Trace):
526         (Trace.prototype.trace):
527         (Trace.prototype.get count):
528         (.z.__proto__.set 3):
529         * tests/stress/numeric-setter-on-self.js: Added.
530         (shouldBe):
531         (Trace):
532         (Trace.prototype.trace):
533         (Trace.prototype.get count):
534         (.y.set 2):
535
536 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
537
538         [Win] Unreviewed gardening.
539
540         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
541         file references so they appear in the proper IDE locations.
542
543 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
544
545         Unreviewed windows build fix for VS2015.
546
547         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
548
549 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
550
551         [ES6] Implement Reflect.has
552         https://bugs.webkit.org/show_bug.cgi?id=147875
553
554         Reviewed by Sam Weinig.
555
556         This patch implements Reflect.has[1].
557         Since the semantics is the same to the `in` operator in the JS[2],
558         we can implement it in builtin JS code.
559
560         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
561         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
562
563         * builtins/ReflectObject.js:
564         (has):
565         * runtime/ReflectObject.cpp:
566         * tests/stress/reflect-has.js: Added.
567         (shouldBe):
568         (shouldThrow):
569
570 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
571
572         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
573         https://bugs.webkit.org/show_bug.cgi?id=147874
574
575         Reviewed by Darin Adler.
576
577         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
578         The difference from the Object.* one is
579
580         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
581         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
582
583         * runtime/ObjectConstructor.cpp:
584         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
585         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
586         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
587         (JSC::objectConstructorGetPrototypeOf):
588         * runtime/ObjectConstructor.h:
589         * runtime/ReflectObject.cpp:
590         (JSC::reflectObjectGetPrototypeOf):
591         (JSC::reflectObjectSetPrototypeOf):
592         * tests/stress/reflect-get-prototype-of.js: Added.
593         (shouldBe):
594         (shouldThrow):
595         (Base):
596         (Derived):
597         * tests/stress/reflect-set-prototype-of.js: Added.
598         (shouldBe):
599         (shouldThrow):
600
601 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
602
603         Fix debug build when optimization is enabled
604         https://bugs.webkit.org/show_bug.cgi?id=147816
605
606         Reviewed by Alexey Proskuryakov.
607
608         * llint/LLIntEntrypoint.cpp:
609         * runtime/FunctionExecutableDump.cpp:
610
611 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
612
613         Ensure that Reflect.enumerate does not produce the deleted keys
614         https://bugs.webkit.org/show_bug.cgi?id=147677
615
616         Reviewed by Darin Adler.
617
618         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
619
620         * tests/stress/reflect-enumerate.js:
621
622 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
623
624         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
625         https://bugs.webkit.org/show_bug.cgi?id=147856
626
627         Reviewed by Saam Barati.
628
629         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
630
631         * CMakeLists.txt:
632         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
633         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
634         * JavaScriptCore.xcodeproj/project.pbxproj:
635         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
636         (JSC::ExecutableInfo::ExecutableInfo):
637         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
638         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
639         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
640         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
641         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
642         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
643         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
644         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
645         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
646         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
647         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
648         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
649         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
650         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
651         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
652         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
653         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
654         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
655         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
656         (JSC::UnlinkedCodeBlock::regexp): Deleted.
657         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
658         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
659         (JSC::UnlinkedCodeBlock::identifier): Deleted.
660         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
661         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
662         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
663         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
664         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
665         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
666         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
667         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
668         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
669         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
670         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
671         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
672         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
673         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
674         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
675         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
676         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
677         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
678         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
679         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
680         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
681         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
682         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
683         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
684         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
685         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
686         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
687         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
688         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
689         (JSC::UnlinkedCodeBlock::vm): Deleted.
690         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
691         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
692         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
693         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
694         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
695         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
696         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
697         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
698         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
699         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
700         (JSC::UnlinkedCodeBlock::codeType): Deleted.
701         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
702         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
703         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
704         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
705         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
706         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
707         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
708         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
709         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
710         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
711         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
712         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
713         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
714         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
715         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
716         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
717         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
718         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
719         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
720         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
721         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
722         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
723         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
724         * bytecode/UnlinkedCodeBlock.cpp:
725         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
726         (JSC::generateFunctionCodeBlock): Deleted.
727         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
728         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
729         (JSC::UnlinkedFunctionExecutable::link): Deleted.
730         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
731         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
732         * bytecode/UnlinkedCodeBlock.h:
733         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
734         (JSC::ExecutableInfo::needsActivation): Deleted.
735         (JSC::ExecutableInfo::usesEval): Deleted.
736         (JSC::ExecutableInfo::isStrictMode): Deleted.
737         (JSC::ExecutableInfo::isConstructor): Deleted.
738         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
739         (JSC::ExecutableInfo::constructorKind): Deleted.
740         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
741         (JSC::generateFunctionCodeBlock):
742         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
743         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
744         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
745         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
746         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
747         (JSC::dumpLineColumnEntry): Deleted.
748         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
749         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
750         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
751         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
752         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
753         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
754         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
755         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
756         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
757         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
758         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
759         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
760         (JSC::UnlinkedCodeBlock::instructions): Deleted.
761         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
762         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
763         (JSC::ExecutableInfo::needsActivation): Deleted.
764         (JSC::ExecutableInfo::usesEval): Deleted.
765         (JSC::ExecutableInfo::isStrictMode): Deleted.
766         (JSC::ExecutableInfo::isConstructor): Deleted.
767         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
768         (JSC::ExecutableInfo::constructorKind): Deleted.
769         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
770         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
771         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
772         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
773         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
774         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
775         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
776         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
777         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
778         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
779         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
780         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
781         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
782         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
783         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
784         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
785         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
786         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
787         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
788         (JSC::UnlinkedCodeBlock::regexp): Deleted.
789         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
790         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
791         (JSC::UnlinkedCodeBlock::identifier): Deleted.
792         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
793         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
794         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
795         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
796         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
797         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
798         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
799         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
800         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
801         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
802         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
803         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
804         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
805         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
806         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
807         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
808         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
809         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
810         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
811         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
812         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
813         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
814         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
815         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
816         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
817         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
818         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
819         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
820         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
821         (JSC::UnlinkedCodeBlock::vm): Deleted.
822         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
823         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
824         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
825         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
826         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
827         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
828         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
829         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
830         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
831         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
832         (JSC::UnlinkedCodeBlock::codeType): Deleted.
833         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
834         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
835         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
836         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
837         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
838         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
839         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
840         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
841         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
842         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
843         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
844         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
845         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
846         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
847         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
848         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
849         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
850         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
851         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
852         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
853         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
854         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
855         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
856         * runtime/Executable.h:
857
858 2015-08-10  Mark Lam  <mark.lam@apple.com>
859
860         Refactor LiveObjectList and LiveObjectData into their own files.
861         https://bugs.webkit.org/show_bug.cgi?id=147843
862
863         Reviewed by Saam Barati.
864
865         There is no behavior change in this patch.
866
867         * CMakeLists.txt:
868         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
869         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
870         * JavaScriptCore.xcodeproj/project.pbxproj:
871         * heap/HeapVerifier.cpp:
872         (JSC::HeapVerifier::HeapVerifier):
873         (JSC::LiveObjectList::findObject): Deleted.
874         * heap/HeapVerifier.h:
875         (JSC::LiveObjectData::LiveObjectData): Deleted.
876         (JSC::LiveObjectList::LiveObjectList): Deleted.
877         (JSC::LiveObjectList::reset): Deleted.
878         * heap/LiveObjectData.h: Added.
879         (JSC::LiveObjectData::LiveObjectData):
880         * heap/LiveObjectList.cpp: Added.
881         (JSC::LiveObjectList::findObject):
882         * heap/LiveObjectList.h: Added.
883         (JSC::LiveObjectList::LiveObjectList):
884         (JSC::LiveObjectList::reset):
885
886 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
887
888         Let's rename FunctionBodyNode
889         https://bugs.webkit.org/show_bug.cgi?id=147292
890
891         Reviewed by Mark Lam & Saam Barati.
892
893         FunctionBodyNode => FunctionMetadataNode
894
895         Make FunctionMetadataNode inherit from Node instead of StatementNode
896         because a FunctionMetadataNode can appear in expression context and does
897         not have a next statement.
898
899         (I decided to continue allocating FunctionMetadataNode in the AST arena,
900         and to retain "Node" in its name, because it really is a parsing
901         construct, and we transform its data before consuming it elsewhere.
902
903         There is still room for a future patch to distill and simplify the
904         metadata we track about functions between FunDeclNode/FuncExprNode,
905         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
906
907         * builtins/BuiltinExecutables.cpp:
908         (JSC::BuiltinExecutables::createExecutableInternal):
909         * bytecode/UnlinkedCodeBlock.cpp:
910         (JSC::generateFunctionCodeBlock):
911         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
912         * bytecode/UnlinkedCodeBlock.h:
913         * bytecompiler/BytecodeGenerator.cpp:
914         (JSC::BytecodeGenerator::generate):
915         (JSC::BytecodeGenerator::BytecodeGenerator):
916         (JSC::BytecodeGenerator::emitNewArray):
917         (JSC::BytecodeGenerator::emitNewFunction):
918         (JSC::BytecodeGenerator::emitNewFunctionExpression):
919         * bytecompiler/BytecodeGenerator.h:
920         (JSC::BytecodeGenerator::makeFunction):
921         * bytecompiler/NodesCodegen.cpp:
922         (JSC::EvalNode::emitBytecode):
923         (JSC::FunctionNode::emitBytecode):
924         (JSC::FunctionBodyNode::emitBytecode): Deleted.
925         * parser/ASTBuilder.h:
926         (JSC::ASTBuilder::createFunctionExpr):
927         (JSC::ASTBuilder::createFunctionBody):
928         * parser/NodeConstructors.h:
929         (JSC::FunctionParameters::FunctionParameters):
930         (JSC::FuncExprNode::FuncExprNode):
931         (JSC::FuncDeclNode::FuncDeclNode):
932         * parser/Nodes.cpp:
933         (JSC::EvalNode::EvalNode):
934         (JSC::FunctionMetadataNode::FunctionMetadataNode):
935         (JSC::FunctionMetadataNode::finishParsing):
936         (JSC::FunctionMetadataNode::setEndPosition):
937         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
938         (JSC::FunctionBodyNode::finishParsing): Deleted.
939         (JSC::FunctionBodyNode::setEndPosition): Deleted.
940         * parser/Nodes.h:
941         (JSC::FuncExprNode::body):
942         (JSC::FuncDeclNode::body):
943         * parser/Parser.h:
944         (JSC::Parser::isFunctionMetadataNode):
945         (JSC::Parser::next):
946         (JSC::Parser<LexerType>::parse):
947         (JSC::Parser::isFunctionBodyNode): Deleted.
948         * runtime/CodeCache.cpp:
949         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
950         * runtime/CodeCache.h:
951
952 2015-08-09  Chris Dumez  <cdumez@apple.com>
953
954         Regression(r188105): Seems to have caused crashes during PLT on some iPads
955         https://bugs.webkit.org/show_bug.cgi?id=147818
956
957         Unreviewed, roll out r188105.
958
959         * bytecode/ByValInfo.h:
960         (JSC::ByValInfo::ByValInfo):
961         * bytecode/CodeBlock.cpp:
962         (JSC::CodeBlock::getByValInfoMap): Deleted.
963         (JSC::CodeBlock::addByValInfo): Deleted.
964         * bytecode/CodeBlock.h:
965         (JSC::CodeBlock::getByValInfo):
966         (JSC::CodeBlock::setNumberOfByValInfos):
967         (JSC::CodeBlock::numberOfByValInfos):
968         (JSC::CodeBlock::byValInfo):
969         * bytecode/ExitKind.cpp:
970         (JSC::exitKindToString): Deleted.
971         * bytecode/ExitKind.h:
972         * bytecode/GetByIdStatus.cpp:
973         (JSC::GetByIdStatus::computeFor):
974         (JSC::GetByIdStatus::computeForStubInfo):
975         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
976         * bytecode/GetByIdStatus.h:
977         * dfg/DFGAbstractInterpreterInlines.h:
978         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
979         * dfg/DFGByteCodeParser.cpp:
980         (JSC::DFG::ByteCodeParser::parseBlock):
981         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
982         * dfg/DFGClobberize.h:
983         (JSC::DFG::clobberize): Deleted.
984         * dfg/DFGConstantFoldingPhase.cpp:
985         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
986         * dfg/DFGDoesGC.cpp:
987         (JSC::DFG::doesGC): Deleted.
988         * dfg/DFGFixupPhase.cpp:
989         (JSC::DFG::FixupPhase::fixupNode): Deleted.
990         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
991         * dfg/DFGNode.h:
992         (JSC::DFG::Node::hasUidOperand): Deleted.
993         (JSC::DFG::Node::uidOperand): Deleted.
994         * dfg/DFGNodeType.h:
995         * dfg/DFGPredictionPropagationPhase.cpp:
996         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
997         * dfg/DFGSafeToExecute.h:
998         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
999         (JSC::DFG::safeToExecute): Deleted.
1000         * dfg/DFGSpeculativeJIT.cpp:
1001         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1002         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1003         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1004         * dfg/DFGSpeculativeJIT.h:
1005         * dfg/DFGSpeculativeJIT32_64.cpp:
1006         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1007         * dfg/DFGSpeculativeJIT64.cpp:
1008         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1009         * dfg/DFGUseKind.cpp:
1010         (WTF::printInternal): Deleted.
1011         * dfg/DFGUseKind.h:
1012         (JSC::DFG::typeFilterFor): Deleted.
1013         (JSC::DFG::isCell): Deleted.
1014         * ftl/FTLAbstractHeapRepository.h:
1015         * ftl/FTLCapabilities.cpp:
1016         (JSC::FTL::canCompile): Deleted.
1017         * ftl/FTLLowerDFGToLLVM.cpp:
1018         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1019         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1020         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1021         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1022         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1023         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1024         * jit/JIT.cpp:
1025         (JSC::JIT::privateCompile):
1026         * jit/JIT.h:
1027         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1028         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1029         * jit/JITInlines.h:
1030         (JSC::JIT::callOperation): Deleted.
1031         * jit/JITOpcodes.cpp:
1032         (JSC::JIT::emit_op_has_indexed_property):
1033         (JSC::JIT::emitSlow_op_has_indexed_property):
1034         * jit/JITOpcodes32_64.cpp:
1035         (JSC::JIT::emit_op_has_indexed_property):
1036         (JSC::JIT::emitSlow_op_has_indexed_property):
1037         * jit/JITOperations.cpp:
1038         (JSC::getByVal):
1039         * jit/JITOperations.h:
1040         * jit/JITPropertyAccess.cpp:
1041         (JSC::JIT::emit_op_get_by_val):
1042         (JSC::JIT::emitSlow_op_get_by_val):
1043         (JSC::JIT::emit_op_put_by_val):
1044         (JSC::JIT::emitSlow_op_put_by_val):
1045         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1046         (JSC::JIT::privateCompileGetByVal): Deleted.
1047         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1048         * jit/JITPropertyAccess32_64.cpp:
1049         (JSC::JIT::emit_op_get_by_val):
1050         (JSC::JIT::emitSlow_op_get_by_val):
1051         (JSC::JIT::emit_op_put_by_val):
1052         (JSC::JIT::emitSlow_op_put_by_val):
1053         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1054         * runtime/Symbol.h:
1055         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1056         * tests/stress/get-by-val-with-string-exit.js: Removed.
1057         * tests/stress/get-by-val-with-string-generated.js: Removed.
1058         * tests/stress/get-by-val-with-string-getter.js: Removed.
1059         * tests/stress/get-by-val-with-string.js: Removed.
1060         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1061         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1062         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1063         * tests/stress/get-by-val-with-symbol.js: Removed.
1064
1065 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1066
1067         Reduce uses of PassRefPtr in bindings
1068         https://bugs.webkit.org/show_bug.cgi?id=147781
1069
1070         Reviewed by Chris Dumez.
1071
1072         Use RefPtr when function can return null or an instance. If not, Ref is used.
1073
1074         * runtime/JSGenericTypedArrayView.h:
1075         (JSC::toNativeTypedView):
1076
1077 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1078
1079         Build more testing binaries with CMake on Windows
1080         https://bugs.webkit.org/show_bug.cgi?id=147799
1081
1082         Reviewed by Brent Fulgham.
1083
1084         * shell/PlatformWin.cmake: Added.
1085         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1086
1087 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1088
1089         Lightweight locks should be adaptive
1090         https://bugs.webkit.org/show_bug.cgi?id=147545
1091
1092         Reviewed by Geoffrey Garen.
1093
1094         * dfg/DFGCommon.cpp:
1095         (JSC::DFG::startCrashing):
1096         * heap/CopiedBlock.h:
1097         (JSC::CopiedBlock::workListLock):
1098         * heap/CopiedBlockInlines.h:
1099         (JSC::CopiedBlock::shouldReportLiveBytes):
1100         (JSC::CopiedBlock::reportLiveBytes):
1101         * heap/CopiedSpace.cpp:
1102         (JSC::CopiedSpace::doneFillingBlock):
1103         * heap/CopiedSpace.h:
1104         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1105         * heap/CopiedSpaceInlines.h:
1106         (JSC::CopiedSpace::recycleEvacuatedBlock):
1107         * heap/GCThreadSharedData.cpp:
1108         (JSC::GCThreadSharedData::didStartCopying):
1109         * heap/GCThreadSharedData.h:
1110         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1111         * heap/ListableHandler.h:
1112         (JSC::ListableHandler::List::addThreadSafe):
1113         (JSC::ListableHandler::List::addNotThreadSafe):
1114         * heap/MachineStackMarker.cpp:
1115         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1116         * heap/SlotVisitorInlines.h:
1117         (JSC::SlotVisitor::copyLater):
1118         * parser/SourceProvider.cpp:
1119         (JSC::SourceProvider::~SourceProvider):
1120         (JSC::SourceProvider::getID):
1121         * profiler/ProfilerDatabase.cpp:
1122         (JSC::Profiler::Database::addDatabaseToAtExit):
1123         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1124         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1125         * runtime/TypeProfilerLog.h:
1126
1127 2015-08-07  Mark Lam  <mark.lam@apple.com>
1128
1129         Rename some variables in the JSC watchdog implementation.
1130         https://bugs.webkit.org/show_bug.cgi?id=147790
1131
1132         Rubber stamped by Benjamin Poulain.
1133
1134         This is just a refactoring patch to give the variable better names that describe their
1135         intended use.  There is no behavior change.
1136
1137         * runtime/Watchdog.cpp:
1138         (JSC::Watchdog::Watchdog):
1139         (JSC::Watchdog::setTimeLimit):
1140         (JSC::Watchdog::didFire):
1141         (JSC::Watchdog::isEnabled):
1142         (JSC::Watchdog::fire):
1143         (JSC::Watchdog::startCountdownIfNeeded):
1144         * runtime/Watchdog.h:
1145
1146 2015-08-07  Saam barati  <saambarati1@gmail.com>
1147
1148         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1149         https://bugs.webkit.org/show_bug.cgi?id=147666
1150
1151         Reviewed by Geoffrey Garen.
1152
1153         If we make the bytecode generator know about every local scope it 
1154         creates, and if we give each local scope a unique register, the
1155         bytecode generator has all the information it needs to assign
1156         the correct scope to a catch handler. Because the bytecode generator
1157         knows this information, it's a better separation of responsibilties
1158         for it to set up the proper scope instead of relying on the exception
1159         handling runtime to find the scope.
1160
1161         * bytecode/BytecodeList.json:
1162         * bytecode/BytecodeUseDef.h:
1163         (JSC::computeUsesForBytecodeOffset):
1164         * bytecode/CodeBlock.cpp:
1165         (JSC::CodeBlock::dumpBytecode):
1166         (JSC::CodeBlock::CodeBlock):
1167         * bytecode/HandlerInfo.h:
1168         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1169         (JSC::HandlerInfo::initialize):
1170         * bytecompiler/BytecodeGenerator.cpp:
1171         (JSC::BytecodeGenerator::generate):
1172         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1173         (JSC::BytecodeGenerator::emitGetScope):
1174         (JSC::BytecodeGenerator::emitPushWithScope):
1175         (JSC::BytecodeGenerator::emitGetParentScope):
1176         (JSC::BytecodeGenerator::emitPopScope):
1177         (JSC::BytecodeGenerator::emitPopWithScope):
1178         (JSC::BytecodeGenerator::allocateAndEmitScope):
1179         (JSC::BytecodeGenerator::emitComplexPopScopes):
1180         (JSC::BytecodeGenerator::pushTry):
1181         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1182         (JSC::BytecodeGenerator::localScopeDepth):
1183         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1184         * bytecompiler/BytecodeGenerator.h:
1185         * bytecompiler/NodesCodegen.cpp:
1186         (JSC::WithNode::emitBytecode):
1187         * interpreter/Interpreter.cpp:
1188         (JSC::Interpreter::unwind):
1189         * jit/JITOpcodes.cpp:
1190         (JSC::JIT::emit_op_push_with_scope):
1191         (JSC::JIT::compileOpStrictEq):
1192         * jit/JITOpcodes32_64.cpp:
1193         (JSC::JIT::emit_op_push_with_scope):
1194         (JSC::JIT::emit_op_to_number):
1195         * jit/JITOperations.cpp:
1196         * jit/JITOperations.h:
1197         * llint/LLIntSlowPaths.cpp:
1198         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1199         * llint/LLIntSlowPaths.h:
1200         * llint/LowLevelInterpreter.asm:
1201         * runtime/CommonSlowPaths.cpp:
1202         (JSC::SLOW_PATH_DECL):
1203         * runtime/CommonSlowPaths.h:
1204         * runtime/JSScope.cpp:
1205         (JSC::JSScope::objectAtScope):
1206         (JSC::isUnscopable):
1207         (JSC::JSScope::depth): Deleted.
1208         * runtime/JSScope.h:
1209
1210 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1211
1212         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1213         https://bugs.webkit.org/show_bug.cgi?id=147761
1214
1215         Reviewed by Mark Lam.
1216
1217         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1218         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1219         it truncates the immediate pointer into the 32bit immediate.
1220         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1221
1222         * assembler/MacroAssemblerARM64.h:
1223         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1224         (JSC::MacroAssemblerARM64::patchableBranch64):
1225         * assembler/MacroAssemblerX86_64.h:
1226         (JSC::MacroAssemblerX86_64::patchableBranch64):
1227         * jit/JIT.h:
1228         * jit/JITInlines.h:
1229         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1230         * jit/JITPropertyAccess.cpp:
1231         (JSC::JIT::emit_op_get_by_val):
1232
1233 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1234
1235         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1236         https://bugs.webkit.org/show_bug.cgi?id=147480
1237
1238         Reviewed by Filip Pizlo.
1239
1240         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1241         The IC site only caches one id. After checking that the given id is the same to the
1242         cached one, we perform the get_by_id IC onto it.
1243         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1244         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1245         operations when the given get_by_val leverages the property load with the cached id.
1246
1247         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1248         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1249         This can be leveraged to optimize symbol operations in DFG.
1250
1251         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1252         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1253         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1254         argument ArrayProfile* in the operations with ByValInfo*.
1255
1256         * bytecode/ByValInfo.h:
1257         (JSC::ByValInfo::ByValInfo):
1258         * bytecode/CodeBlock.cpp:
1259         (JSC::CodeBlock::getByValInfoMap):
1260         (JSC::CodeBlock::addByValInfo):
1261         * bytecode/CodeBlock.h:
1262         (JSC::CodeBlock::getByValInfo): Deleted.
1263         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1264         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1265         (JSC::CodeBlock::byValInfo): Deleted.
1266         * bytecode/ExitKind.cpp:
1267         (JSC::exitKindToString):
1268         * bytecode/ExitKind.h:
1269         * bytecode/GetByIdStatus.cpp:
1270         (JSC::GetByIdStatus::computeFor):
1271         (JSC::GetByIdStatus::computeForStubInfo):
1272         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1273         * bytecode/GetByIdStatus.h:
1274         * dfg/DFGAbstractInterpreterInlines.h:
1275         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1276         * dfg/DFGByteCodeParser.cpp:
1277         (JSC::DFG::ByteCodeParser::parseBlock):
1278         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1279         * dfg/DFGClobberize.h:
1280         (JSC::DFG::clobberize):
1281         * dfg/DFGConstantFoldingPhase.cpp:
1282         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1283         * dfg/DFGDoesGC.cpp:
1284         (JSC::DFG::doesGC):
1285         * dfg/DFGFixupPhase.cpp:
1286         (JSC::DFG::FixupPhase::fixupNode):
1287         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1288         * dfg/DFGNode.h:
1289         (JSC::DFG::Node::hasUidOperand):
1290         (JSC::DFG::Node::uidOperand):
1291         * dfg/DFGNodeType.h:
1292         * dfg/DFGPredictionPropagationPhase.cpp:
1293         (JSC::DFG::PredictionPropagationPhase::propagate):
1294         * dfg/DFGSafeToExecute.h:
1295         (JSC::DFG::SafeToExecuteEdge::operator()):
1296         (JSC::DFG::safeToExecute):
1297         * dfg/DFGSpeculativeJIT.cpp:
1298         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1299         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1300         (JSC::DFG::SpeculativeJIT::speculate):
1301         * dfg/DFGSpeculativeJIT.h:
1302         * dfg/DFGSpeculativeJIT32_64.cpp:
1303         (JSC::DFG::SpeculativeJIT::compile):
1304         * dfg/DFGSpeculativeJIT64.cpp:
1305         (JSC::DFG::SpeculativeJIT::compile):
1306         * dfg/DFGUseKind.cpp:
1307         (WTF::printInternal):
1308         * dfg/DFGUseKind.h:
1309         (JSC::DFG::typeFilterFor):
1310         (JSC::DFG::isCell):
1311         * ftl/FTLAbstractHeapRepository.h:
1312         * ftl/FTLCapabilities.cpp:
1313         (JSC::FTL::canCompile):
1314         * ftl/FTLLowerDFGToLLVM.cpp:
1315         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1316         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1317         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1318         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1319         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1320         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1321         * jit/JIT.cpp:
1322         (JSC::JIT::privateCompile):
1323         * jit/JIT.h:
1324         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1325         (JSC::JIT::compileGetByValWithCachedId):
1326         * jit/JITInlines.h:
1327         (JSC::JIT::callOperation):
1328         * jit/JITOpcodes.cpp:
1329         (JSC::JIT::emit_op_has_indexed_property):
1330         (JSC::JIT::emitSlow_op_has_indexed_property):
1331         * jit/JITOpcodes32_64.cpp:
1332         (JSC::JIT::emit_op_has_indexed_property):
1333         (JSC::JIT::emitSlow_op_has_indexed_property):
1334         * jit/JITOperations.cpp:
1335         (JSC::getByVal):
1336         * jit/JITOperations.h:
1337         * jit/JITPropertyAccess.cpp:
1338         (JSC::JIT::emit_op_get_by_val):
1339         (JSC::JIT::emitGetByValWithCachedId):
1340         (JSC::JIT::emitSlow_op_get_by_val):
1341         (JSC::JIT::emit_op_put_by_val):
1342         (JSC::JIT::emitSlow_op_put_by_val):
1343         (JSC::JIT::privateCompileGetByVal):
1344         (JSC::JIT::privateCompileGetByValWithCachedId):
1345         * jit/JITPropertyAccess32_64.cpp:
1346         (JSC::JIT::emit_op_get_by_val):
1347         (JSC::JIT::emitGetByValWithCachedId):
1348         (JSC::JIT::emitSlow_op_get_by_val):
1349         (JSC::JIT::emit_op_put_by_val):
1350         (JSC::JIT::emitSlow_op_put_by_val):
1351         * runtime/Symbol.h:
1352         * tests/stress/get-by-val-with-string-constructor.js: Added.
1353         (Hello):
1354         (get Hello.prototype.generate):
1355         (ok):
1356         * tests/stress/get-by-val-with-string-exit.js: Added.
1357         (shouldBe):
1358         (getByVal):
1359         (getStr1):
1360         (getStr2):
1361         * tests/stress/get-by-val-with-string-generated.js: Added.
1362         (shouldBe):
1363         (getByVal):
1364         (getStr1):
1365         (getStr2):
1366         * tests/stress/get-by-val-with-string-getter.js: Added.
1367         (object.get hello):
1368         (ok):
1369         * tests/stress/get-by-val-with-string.js: Added.
1370         (shouldBe):
1371         (getByVal):
1372         (getStr1):
1373         (getStr2):
1374         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1375         (Hello):
1376         (get Hello.prototype.generate):
1377         (ok):
1378         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1379         (shouldBe):
1380         (getByVal):
1381         (getSym1):
1382         (getSym2):
1383         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1384         (object.get hello):
1385         (.get ok):
1386         * tests/stress/get-by-val-with-symbol.js: Added.
1387         (shouldBe):
1388         (getByVal):
1389         (getSym1):
1390         (getSym2):
1391
1392 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1393
1394         Parse the entire WebAssembly modules
1395         https://bugs.webkit.org/show_bug.cgi?id=147393
1396
1397         Reviewed by Geoffrey Garen.
1398
1399         Parse the entire WebAssembly modules from files produced by pack-asmjs
1400         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1401         parse modules whose function definition section contains only functions that
1402         have "return 0;" as their only statement. Parsing of any functions will be
1403         implemented in a subsequent patch.
1404
1405         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1406         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1407         * JavaScriptCore.xcodeproj/project.pbxproj:
1408         * wasm/JSWASMModule.cpp:
1409         (JSC::JSWASMModule::destroy):
1410         * wasm/JSWASMModule.h:
1411         (JSC::JSWASMModule::i32Constants):
1412         (JSC::JSWASMModule::f32Constants):
1413         (JSC::JSWASMModule::f64Constants):
1414         (JSC::JSWASMModule::signatures):
1415         (JSC::JSWASMModule::functionImports):
1416         (JSC::JSWASMModule::functionImportSignatures):
1417         (JSC::JSWASMModule::globalVariableTypes):
1418         (JSC::JSWASMModule::functionDeclarations):
1419         (JSC::JSWASMModule::functionPointerTables):
1420         * wasm/WASMFormat.h: Added.
1421         * wasm/WASMModuleParser.cpp:
1422         (JSC::WASMModuleParser::parse):
1423         (JSC::WASMModuleParser::parseModule):
1424         (JSC::WASMModuleParser::parseConstantPoolSection):
1425         (JSC::WASMModuleParser::parseSignatureSection):
1426         (JSC::WASMModuleParser::parseFunctionImportSection):
1427         (JSC::WASMModuleParser::parseGlobalSection):
1428         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
1429         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
1430         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
1431         (JSC::WASMModuleParser::parseFunctionDefinition):
1432         (JSC::WASMModuleParser::parseExportSection):
1433         * wasm/WASMModuleParser.h:
1434         * wasm/WASMReader.cpp:
1435         (JSC::WASMReader::readUInt32):
1436         (JSC::WASMReader::readCompactUInt32):
1437         (JSC::WASMReader::readString):
1438         (JSC::WASMReader::readType):
1439         (JSC::WASMReader::readExpressionType):
1440         (JSC::WASMReader::readExportFormat):
1441         (JSC::WASMReader::readByte):
1442         (JSC::WASMReader::readUnsignedInt32): Deleted.
1443         * wasm/WASMReader.h:
1444
1445 2015-08-06  Keith Miller  <keith_miller@apple.com>
1446
1447         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
1448         https://bugs.webkit.org/show_bug.cgi?id=147749
1449
1450         Reviewed by Filip Pizlo.
1451
1452         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
1453         thus no one calls this code.
1454
1455         * ftl/FTLLowerDFGToLLVM.cpp:
1456         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
1457
1458 2015-08-06  Keith Miller  <keith_miller@apple.com>
1459
1460         The JSONP parser incorrectly parsers -0 as +0.
1461         https://bugs.webkit.org/show_bug.cgi?id=147590
1462
1463         Reviewed by Michael Saboff.
1464
1465         In the LiteralParser we should use a double to store the accumulator for numerical tokens
1466         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
1467
1468         * runtime/LiteralParser.cpp:
1469         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
1470
1471 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
1472
1473         Structures used for tryGetConstantProperty() should be registered first
1474         https://bugs.webkit.org/show_bug.cgi?id=147750
1475
1476         Reviewed by Saam Barati and Michael Saboff.
1477
1478         * dfg/DFGGraph.cpp:
1479         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
1480         * dfg/DFGGraph.h:
1481         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
1482         * dfg/DFGStructureRegistrationPhase.cpp:
1483         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
1484         (JSC::DFG::StructureRegistrationPhase::registerStructures):
1485         (JSC::DFG::StructureRegistrationPhase::registerStructure):
1486         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
1487         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
1488         (JSC::DFG::performStructureRegistration):
1489
1490 2015-08-06  Keith Miller  <keith_miller@apple.com>
1491
1492         Remove UnspecifiedBoolType from JSC
1493         https://bugs.webkit.org/show_bug.cgi?id=147597
1494
1495         Reviewed by Mark Lam.
1496
1497         We were using the safe bool pattern in the code base for implicit casting to booleans.
1498         With C++11 this is no longer necessary and we can instead create an operator bool.
1499
1500         * API/JSRetainPtr.h:
1501         (JSRetainPtr::operator bool):
1502         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
1503         * dfg/DFGEdge.h:
1504         (JSC::DFG::Edge::operator bool):
1505         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
1506         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1507         * heap/Weak.h:
1508         * heap/WeakInlines.h:
1509         (JSC::bool):
1510         (JSC::UnspecifiedBoolType): Deleted.
1511
1512 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
1513
1514         [ES6] Class parser does not allow methods named set and get.
1515         https://bugs.webkit.org/show_bug.cgi?id=147150
1516
1517         Reviewed by Oliver Hunt.
1518
1519         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
1520         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
1521         so that we only treat them as such when it's followed by another token that could be a method name.
1522
1523         * parser/Parser.cpp:
1524         (JSC::Parser<LexerType>::parseClass):
1525
1526 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
1527
1528         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
1529
1530         * bytecode/SamplingTool.cpp:
1531         (JSC::SamplingTool::doRun):
1532         (JSC::SamplingTool::notifyOfScope):
1533         * bytecode/SamplingTool.h:
1534         * dfg/DFGThreadData.h:
1535         * dfg/DFGWorklist.cpp:
1536         (JSC::DFG::Worklist::~Worklist):
1537         (JSC::DFG::Worklist::isActiveForVM):
1538         (JSC::DFG::Worklist::enqueue):
1539         (JSC::DFG::Worklist::compilationState):
1540         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1541         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1542         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1543         (JSC::DFG::Worklist::visitWeakReferences):
1544         (JSC::DFG::Worklist::removeDeadPlans):
1545         (JSC::DFG::Worklist::queueLength):
1546         (JSC::DFG::Worklist::dump):
1547         (JSC::DFG::Worklist::runThread):
1548         * dfg/DFGWorklist.h:
1549         * disassembler/Disassembler.cpp:
1550         * heap/CopiedSpace.cpp:
1551         (JSC::CopiedSpace::doneFillingBlock):
1552         (JSC::CopiedSpace::doneCopying):
1553         * heap/CopiedSpace.h:
1554         * heap/CopiedSpaceInlines.h:
1555         (JSC::CopiedSpace::recycleBorrowedBlock):
1556         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1557         * heap/HeapTimer.h:
1558         * heap/MachineStackMarker.cpp:
1559         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1560         (JSC::ActiveMachineThreadsManager::add):
1561         (JSC::ActiveMachineThreadsManager::remove):
1562         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1563         (JSC::MachineThreads::~MachineThreads):
1564         (JSC::MachineThreads::addCurrentThread):
1565         (JSC::MachineThreads::removeThreadIfFound):
1566         (JSC::MachineThreads::tryCopyOtherThreadStack):
1567         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1568         (JSC::MachineThreads::gatherConservativeRoots):
1569         * heap/MachineStackMarker.h:
1570         * interpreter/JSStack.cpp:
1571         (JSC::stackStatisticsMutex):
1572         (JSC::JSStack::addToCommittedByteCount):
1573         (JSC::JSStack::committedByteCount):
1574         * jit/JITThunks.h:
1575         * profiler/ProfilerDatabase.h:
1576
1577 2015-08-05  Saam barati  <saambarati1@gmail.com>
1578
1579         Bytecodegenerator emits crappy code for returns in a lexical scope.
1580         https://bugs.webkit.org/show_bug.cgi?id=147688
1581
1582         Reviewed by Mark Lam.
1583
1584         When returning, we only need to emit complex pop scopes if we're in 
1585         a finally block. Otherwise, we can just return like normal. This saves
1586         us from inefficiently emitting unnecessary pop scopes.
1587
1588         * bytecompiler/BytecodeGenerator.h:
1589         (JSC::BytecodeGenerator::isInFinallyBlock):
1590         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
1591         * bytecompiler/NodesCodegen.cpp:
1592         (JSC::ReturnNode::emitBytecode):
1593
1594 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
1595
1596         Add the Intl API to the status page
1597
1598         * features.json:
1599         Andy VanWagoner landed the skeleton of the API and it is
1600         enabled by default.
1601
1602 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
1603
1604         Rename Mutex to DeprecatedMutex
1605         https://bugs.webkit.org/show_bug.cgi?id=147675
1606
1607         Reviewed by Geoffrey Garen.
1608
1609         * bytecode/SamplingTool.cpp:
1610         (JSC::SamplingTool::doRun):
1611         (JSC::SamplingTool::notifyOfScope):
1612         * bytecode/SamplingTool.h:
1613         * dfg/DFGThreadData.h:
1614         * dfg/DFGWorklist.cpp:
1615         (JSC::DFG::Worklist::~Worklist):
1616         (JSC::DFG::Worklist::isActiveForVM):
1617         (JSC::DFG::Worklist::enqueue):
1618         (JSC::DFG::Worklist::compilationState):
1619         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1620         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1621         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1622         (JSC::DFG::Worklist::visitWeakReferences):
1623         (JSC::DFG::Worklist::removeDeadPlans):
1624         (JSC::DFG::Worklist::queueLength):
1625         (JSC::DFG::Worklist::dump):
1626         (JSC::DFG::Worklist::runThread):
1627         * dfg/DFGWorklist.h:
1628         * disassembler/Disassembler.cpp:
1629         * heap/CopiedSpace.cpp:
1630         (JSC::CopiedSpace::doneFillingBlock):
1631         (JSC::CopiedSpace::doneCopying):
1632         * heap/CopiedSpace.h:
1633         * heap/CopiedSpaceInlines.h:
1634         (JSC::CopiedSpace::recycleBorrowedBlock):
1635         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1636         * heap/HeapTimer.h:
1637         * heap/MachineStackMarker.cpp:
1638         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1639         (JSC::ActiveMachineThreadsManager::add):
1640         (JSC::ActiveMachineThreadsManager::remove):
1641         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1642         (JSC::MachineThreads::~MachineThreads):
1643         (JSC::MachineThreads::addCurrentThread):
1644         (JSC::MachineThreads::removeThreadIfFound):
1645         (JSC::MachineThreads::tryCopyOtherThreadStack):
1646         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1647         (JSC::MachineThreads::gatherConservativeRoots):
1648         * heap/MachineStackMarker.h:
1649         * interpreter/JSStack.cpp:
1650         (JSC::stackStatisticsMutex):
1651         (JSC::JSStack::addToCommittedByteCount):
1652         (JSC::JSStack::committedByteCount):
1653         * jit/JITThunks.h:
1654         * profiler/ProfilerDatabase.h:
1655
1656 2015-08-05  Saam barati  <saambarati1@gmail.com>
1657
1658         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
1659         https://bugs.webkit.org/show_bug.cgi?id=147657
1660
1661         Reviewed by Mark Lam.
1662
1663         This kills the last of the name scope objects. Function name scopes are
1664         now built on top of the scoping mechanisms introduced with ES6 block scoping.
1665         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
1666         function name scoped variable carefully depending on if the function is in
1667         strict mode. If we're in strict mode, then we treat the variable exactly
1668         like a "const" variable. If we're not in strict mode, we can't treat
1669         this variable like like ES6 "const" because that would cause the bytecode
1670         generator to throw an exception when it shouldn't.
1671
1672         * CMakeLists.txt:
1673         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1674         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1675         * JavaScriptCore.xcodeproj/project.pbxproj:
1676         * bytecode/BytecodeList.json:
1677         * bytecode/BytecodeUseDef.h:
1678         (JSC::computeUsesForBytecodeOffset):
1679         (JSC::computeDefsForBytecodeOffset):
1680         * bytecode/CodeBlock.cpp:
1681         (JSC::CodeBlock::dumpBytecode):
1682         * bytecompiler/BytecodeGenerator.cpp:
1683         (JSC::BytecodeGenerator::BytecodeGenerator):
1684         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1685         (JSC::BytecodeGenerator::pushLexicalScope):
1686         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1687         (JSC::BytecodeGenerator::variable):
1688         (JSC::BytecodeGenerator::resolveType):
1689         (JSC::BytecodeGenerator::emitThrowTypeError):
1690         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1691         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
1692         (JSC::BytecodeGenerator::emitPushCatchScope):
1693         * bytecompiler/BytecodeGenerator.h:
1694         * bytecompiler/NodesCodegen.cpp:
1695         * debugger/DebuggerScope.cpp:
1696         * dfg/DFGOperations.cpp:
1697         * interpreter/Interpreter.cpp:
1698         * jit/JIT.cpp:
1699         (JSC::JIT::privateCompileMainPass):
1700         * jit/JIT.h:
1701         * jit/JITOpcodes.cpp:
1702         (JSC::JIT::emit_op_to_string):
1703         (JSC::JIT::emit_op_catch):
1704         (JSC::JIT::emit_op_push_name_scope): Deleted.
1705         * jit/JITOpcodes32_64.cpp:
1706         (JSC::JIT::emitSlow_op_to_string):
1707         (JSC::JIT::emit_op_catch):
1708         (JSC::JIT::emit_op_push_name_scope): Deleted.
1709         * jit/JITOperations.cpp:
1710         (JSC::pushNameScope): Deleted.
1711         * llint/LLIntSlowPaths.cpp:
1712         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1713         * llint/LLIntSlowPaths.h:
1714         * llint/LowLevelInterpreter.asm:
1715         * parser/Nodes.cpp:
1716         * runtime/CommonSlowPaths.cpp:
1717         * runtime/Executable.cpp:
1718         (JSC::ScriptExecutable::newCodeBlockFor):
1719         * runtime/JSFunctionNameScope.cpp: Removed.
1720         * runtime/JSFunctionNameScope.h: Removed.
1721         * runtime/JSGlobalObject.cpp:
1722         (JSC::JSGlobalObject::init):
1723         (JSC::JSGlobalObject::visitChildren):
1724         * runtime/JSGlobalObject.h:
1725         (JSC::JSGlobalObject::withScopeStructure):
1726         (JSC::JSGlobalObject::strictEvalActivationStructure):
1727         (JSC::JSGlobalObject::activationStructure):
1728         (JSC::JSGlobalObject::directArgumentsStructure):
1729         (JSC::JSGlobalObject::scopedArgumentsStructure):
1730         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
1731         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
1732         * runtime/JSNameScope.cpp: Removed.
1733         * runtime/JSNameScope.h: Removed.
1734         * runtime/JSObject.cpp:
1735         (JSC::JSObject::toThis):
1736         (JSC::JSObject::seal):
1737         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
1738         * runtime/JSObject.h:
1739         * runtime/JSScope.cpp:
1740         (JSC::JSScope::isCatchScope):
1741         (JSC::JSScope::isFunctionNameScopeObject):
1742         (JSC::resolveModeName):
1743         * runtime/JSScope.h:
1744         * runtime/JSSymbolTableObject.cpp:
1745         * runtime/SymbolTable.h:
1746         * runtime/VM.cpp:
1747
1748 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
1749
1750         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
1751         https://bugs.webkit.org/show_bug.cgi?id=147679
1752
1753         Reviewed by Timothy Hatcher.
1754
1755         Improve native iterator support for the PropertyName Iterator by
1756         allowing inspection of the internal object within the iterator
1757         and peeking of the next upcoming values of the iterator.
1758
1759         * inspector/JSInjectedScriptHost.cpp:
1760         (Inspector::JSInjectedScriptHost::subtype):
1761         (Inspector::JSInjectedScriptHost::getInternalProperties):
1762         (Inspector::JSInjectedScriptHost::iteratorEntries):
1763         * runtime/JSPropertyNameIterator.h:
1764         (JSC::JSPropertyNameIterator::iteratedValue):
1765
1766 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
1767
1768         [Win] Update Apple Windows build for VS2015
1769         https://bugs.webkit.org/show_bug.cgi?id=147653
1770
1771         Reviewed by Dean Jackson.
1772
1773         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
1774         Show JSC files in proper project locations in IDE.
1775
1776 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
1777
1778         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
1779         https://bugs.webkit.org/show_bug.cgi?id=147328
1780
1781         Reviewed by Timothy Hatcher.
1782
1783         * inspector/InjectedScriptSource.js:
1784         Use classList and classList.toString instead of className.
1785
1786 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1787
1788         [ES6] Support Module Syntax
1789         https://bugs.webkit.org/show_bug.cgi?id=147422
1790
1791         Reviewed by Saam Barati.
1792
1793         This patch introduces ES6 Modules syntax parsing part.
1794         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
1795         and this patch does not include the code generator part.
1796
1797         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
1798         and do not execute the body or construct the AST. And after analyzing all the dependent
1799         modules, we will parse the dependent modules next.
1800         After all analyzing part is done, we will start the second pass. In the second pass, we
1801         will parse the module, produce the AST, and execute the body.
1802         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
1803         because the given module can be executed after the all dependent modules are executed. It
1804         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
1805         the dependent modules' information.
1806
1807         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
1808         This patch aims at just implementing the syntax parsing functionality correctly.
1809         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
1810         to collect the dependent modules fast[1].
1811
1812         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
1813         By using this, we can parse the given string as the module.
1814
1815         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
1816
1817         * bytecompiler/NodesCodegen.cpp:
1818         (JSC::ModuleProgramNode::emitBytecode):
1819         (JSC::ImportDeclarationNode::emitBytecode):
1820         (JSC::ExportAllDeclarationNode::emitBytecode):
1821         (JSC::ExportDefaultDeclarationNode::emitBytecode):
1822         (JSC::ExportLocalDeclarationNode::emitBytecode):
1823         (JSC::ExportNamedDeclarationNode::emitBytecode):
1824         * jsc.cpp:
1825         (GlobalObject::finishCreation):
1826         (functionCheckModuleSyntax):
1827         * parser/ASTBuilder.h:
1828         (JSC::ASTBuilder::createModuleSpecifier):
1829         (JSC::ASTBuilder::createImportSpecifier):
1830         (JSC::ASTBuilder::createImportSpecifierList):
1831         (JSC::ASTBuilder::appendImportSpecifier):
1832         (JSC::ASTBuilder::createImportDeclaration):
1833         (JSC::ASTBuilder::createExportAllDeclaration):
1834         (JSC::ASTBuilder::createExportDefaultDeclaration):
1835         (JSC::ASTBuilder::createExportLocalDeclaration):
1836         (JSC::ASTBuilder::createExportNamedDeclaration):
1837         (JSC::ASTBuilder::createExportSpecifier):
1838         (JSC::ASTBuilder::createExportSpecifierList):
1839         (JSC::ASTBuilder::appendExportSpecifier):
1840         * parser/Keywords.table:
1841         * parser/NodeConstructors.h:
1842         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
1843         (JSC::ImportSpecifierNode::ImportSpecifierNode):
1844         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1845         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1846         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
1847         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
1848         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1849         (JSC::ExportSpecifierNode::ExportSpecifierNode):
1850         * parser/Nodes.cpp:
1851         (JSC::ModuleProgramNode::ModuleProgramNode):
1852         * parser/Nodes.h:
1853         (JSC::ModuleProgramNode::startColumn):
1854         (JSC::ModuleProgramNode::endColumn):
1855         (JSC::ModuleSpecifierNode::moduleName):
1856         (JSC::ImportSpecifierNode::importedName):
1857         (JSC::ImportSpecifierNode::localName):
1858         (JSC::ImportSpecifierListNode::specifiers):
1859         (JSC::ImportSpecifierListNode::append):
1860         (JSC::ImportDeclarationNode::specifierList):
1861         (JSC::ImportDeclarationNode::moduleSpecifier):
1862         (JSC::ExportAllDeclarationNode::moduleSpecifier):
1863         (JSC::ExportDefaultDeclarationNode::declaration):
1864         (JSC::ExportLocalDeclarationNode::declaration):
1865         (JSC::ExportSpecifierNode::exportedName):
1866         (JSC::ExportSpecifierNode::localName):
1867         (JSC::ExportSpecifierListNode::specifiers):
1868         (JSC::ExportSpecifierListNode::append):
1869         (JSC::ExportNamedDeclarationNode::specifierList):
1870         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
1871         * parser/Parser.cpp:
1872         (JSC::Parser<LexerType>::Parser):
1873         (JSC::Parser<LexerType>::parseInner):
1874         (JSC::Parser<LexerType>::parseModuleSourceElements):
1875         (JSC::Parser<LexerType>::parseVariableDeclaration):
1876         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1877         (JSC::Parser<LexerType>::createBindingPattern):
1878         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
1879         (JSC::Parser<LexerType>::parseDestructuringPattern):
1880         (JSC::Parser<LexerType>::parseForStatement):
1881         (JSC::Parser<LexerType>::parseFormalParameters):
1882         (JSC::Parser<LexerType>::parseFunctionParameters):
1883         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1884         (JSC::Parser<LexerType>::parseClassDeclaration):
1885         (JSC::Parser<LexerType>::parseModuleSpecifier):
1886         (JSC::Parser<LexerType>::parseImportClauseItem):
1887         (JSC::Parser<LexerType>::parseImportDeclaration):
1888         (JSC::Parser<LexerType>::parseExportSpecifier):
1889         (JSC::Parser<LexerType>::parseExportDeclaration):
1890         (JSC::Parser<LexerType>::parseMemberExpression):
1891         * parser/Parser.h:
1892         (JSC::isIdentifierOrKeyword):
1893         (JSC::ModuleScopeData::create):
1894         (JSC::ModuleScopeData::exportedBindings):
1895         (JSC::ModuleScopeData::exportName):
1896         (JSC::ModuleScopeData::exportBinding):
1897         (JSC::Scope::Scope):
1898         (JSC::Scope::setIsModule):
1899         (JSC::Scope::moduleScopeData):
1900         (JSC::Parser::matchContextualKeyword):
1901         (JSC::Parser::matchIdentifierOrKeyword):
1902         (JSC::Parser::isofToken): Deleted.
1903         * parser/ParserModes.h:
1904         * parser/ParserTokens.h:
1905         * parser/SyntaxChecker.h:
1906         (JSC::SyntaxChecker::createModuleSpecifier):
1907         (JSC::SyntaxChecker::createImportSpecifier):
1908         (JSC::SyntaxChecker::createImportSpecifierList):
1909         (JSC::SyntaxChecker::appendImportSpecifier):
1910         (JSC::SyntaxChecker::createImportDeclaration):
1911         (JSC::SyntaxChecker::createExportAllDeclaration):
1912         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1913         (JSC::SyntaxChecker::createExportLocalDeclaration):
1914         (JSC::SyntaxChecker::createExportNamedDeclaration):
1915         (JSC::SyntaxChecker::createExportSpecifier):
1916         (JSC::SyntaxChecker::createExportSpecifierList):
1917         (JSC::SyntaxChecker::appendExportSpecifier):
1918         * runtime/CommonIdentifiers.cpp:
1919         (JSC::CommonIdentifiers::CommonIdentifiers):
1920         * runtime/CommonIdentifiers.h:
1921         * runtime/Completion.cpp:
1922         (JSC::checkModuleSyntax):
1923         * runtime/Completion.h:
1924         * tests/stress/modules-syntax-error-with-names.js: Added.
1925         (shouldThrow):
1926         * tests/stress/modules-syntax-error.js: Added.
1927         (shouldThrow):
1928         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
1929         * tests/stress/modules-syntax.js: Added.
1930         (prototype.checkModuleSyntax):
1931         (checkModuleSyntax):
1932         * tests/stress/tagged-templates-syntax.js:
1933
1934 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
1935
1936         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
1937         https://bugs.webkit.org/show_bug.cgi?id=146833
1938
1939         Reviewed by Alexey Proskuryakov.
1940
1941         * assembler/ARM64Assembler.h:
1942         * assembler/ARMAssembler.h:
1943         (JSC::ARMAssembler::cacheFlush):
1944         * assembler/MacroAssemblerARM.cpp:
1945         (JSC::isVFPPresent):
1946         * assembler/MacroAssemblerX86Common.h:
1947         (JSC::MacroAssemblerX86Common::isSSE2Present):
1948         * heap/MachineStackMarker.h:
1949         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
1950         (JSC::logF):
1951         * jit/HostCallReturnValue.h:
1952         * jit/JIT.h:
1953         * jit/JITOperations.cpp:
1954         * jit/JITStubsARM.h:
1955         * jit/JITStubsARMv7.h:
1956         * jit/JITStubsX86.h:
1957         * jit/JITStubsX86Common.h:
1958         * jit/JITStubsX86_64.h:
1959         * jit/ThunkGenerators.cpp:
1960         * runtime/JSExportMacros.h:
1961         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
1962         (JSC::clz32):
1963
1964 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1965
1966         Unreviewed, fix uninitialized property leading to an assert.
1967
1968         * runtime/PutPropertySlot.h:
1969         (JSC::PutPropertySlot::PutPropertySlot):
1970
1971 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1972
1973         Unreviewed, fix Windows.
1974
1975         * bytecode/ObjectPropertyConditionSet.h:
1976         (JSC::ObjectPropertyConditionSet::fromRawPointer):
1977
1978 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
1979
1980         DFG should have adaptive structure watchpoints
1981         https://bugs.webkit.org/show_bug.cgi?id=146929
1982
1983         Reviewed by Geoffrey Garen.
1984
1985         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
1986         property, you'd check that the object still has the structure that you first saw the object have. We
1987         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
1988         elide the structure check.
1989
1990         But this approach fails when that object frequently has new properties added to it. This would
1991         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
1992         we'd have to recompile either the IC or an entire code block.
1993
1994         This change introduces a new concept: an object property condition. This value describes some
1995         condition involving a property on some object. There are four kinds: presence, absence,
1996         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
1997         object has some property at some offset with some attributes. This allows us to implement a new kind
1998         of watchpoint, which knows about the object property condition that it's being used to enforce. If
1999         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2000         on the new structure.
2001
2002         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2003         and prototype accesses. They are also used for any DFG accesses to object constants, including
2004         global property accesses.
2005
2006         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2007         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2008         chain situation. It's also a small speed-up on getter-richards.
2009
2010         * CMakeLists.txt:
2011         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2012         * JavaScriptCore.xcodeproj/project.pbxproj:
2013         * bytecode/CodeBlock.cpp:
2014         (JSC::CodeBlock::printGetByIdCacheStatus):
2015         (JSC::CodeBlock::printPutByIdCacheStatus):
2016         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2017         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2018         * bytecode/ComplexGetStatus.cpp:
2019         (JSC::ComplexGetStatus::computeFor):
2020         * bytecode/ComplexGetStatus.h:
2021         (JSC::ComplexGetStatus::ComplexGetStatus):
2022         (JSC::ComplexGetStatus::takesSlowPath):
2023         (JSC::ComplexGetStatus::kind):
2024         (JSC::ComplexGetStatus::offset):
2025         (JSC::ComplexGetStatus::conditionSet):
2026         (JSC::ComplexGetStatus::attributes): Deleted.
2027         (JSC::ComplexGetStatus::specificValue): Deleted.
2028         (JSC::ComplexGetStatus::chain): Deleted.
2029         * bytecode/ConstantStructureCheck.cpp: Removed.
2030         * bytecode/ConstantStructureCheck.h: Removed.
2031         * bytecode/GetByIdStatus.cpp:
2032         (JSC::GetByIdStatus::computeForStubInfo):
2033         * bytecode/GetByIdVariant.cpp:
2034         (JSC::GetByIdVariant::GetByIdVariant):
2035         (JSC::GetByIdVariant::~GetByIdVariant):
2036         (JSC::GetByIdVariant::operator=):
2037         (JSC::GetByIdVariant::attemptToMerge):
2038         (JSC::GetByIdVariant::dumpInContext):
2039         (JSC::GetByIdVariant::baseStructure): Deleted.
2040         * bytecode/GetByIdVariant.h:
2041         (JSC::GetByIdVariant::operator!):
2042         (JSC::GetByIdVariant::structureSet):
2043         (JSC::GetByIdVariant::conditionSet):
2044         (JSC::GetByIdVariant::offset):
2045         (JSC::GetByIdVariant::callLinkStatus):
2046         (JSC::GetByIdVariant::constantChecks): Deleted.
2047         (JSC::GetByIdVariant::alternateBase): Deleted.
2048         * bytecode/ObjectPropertyCondition.cpp: Added.
2049         (JSC::ObjectPropertyCondition::dumpInContext):
2050         (JSC::ObjectPropertyCondition::dump):
2051         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2052         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2053         (JSC::ObjectPropertyCondition::isStillValid):
2054         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2055         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2056         (JSC::ObjectPropertyCondition::isWatchable):
2057         (JSC::ObjectPropertyCondition::isStillLive):
2058         (JSC::ObjectPropertyCondition::validateReferences):
2059         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2060         * bytecode/ObjectPropertyCondition.h: Added.
2061         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2062         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2063         (JSC::ObjectPropertyCondition::presence):
2064         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2065         (JSC::ObjectPropertyCondition::absence):
2066         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2067         (JSC::ObjectPropertyCondition::absenceOfSetter):
2068         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2069         (JSC::ObjectPropertyCondition::equivalence):
2070         (JSC::ObjectPropertyCondition::operator!):
2071         (JSC::ObjectPropertyCondition::object):
2072         (JSC::ObjectPropertyCondition::condition):
2073         (JSC::ObjectPropertyCondition::kind):
2074         (JSC::ObjectPropertyCondition::uid):
2075         (JSC::ObjectPropertyCondition::hasOffset):
2076         (JSC::ObjectPropertyCondition::offset):
2077         (JSC::ObjectPropertyCondition::hasAttributes):
2078         (JSC::ObjectPropertyCondition::attributes):
2079         (JSC::ObjectPropertyCondition::hasPrototype):
2080         (JSC::ObjectPropertyCondition::prototype):
2081         (JSC::ObjectPropertyCondition::hasRequiredValue):
2082         (JSC::ObjectPropertyCondition::requiredValue):
2083         (JSC::ObjectPropertyCondition::hash):
2084         (JSC::ObjectPropertyCondition::operator==):
2085         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2086         (JSC::ObjectPropertyCondition::isCompatibleWith):
2087         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2088         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2089         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2090         (JSC::ObjectPropertyConditionHash::hash):
2091         (JSC::ObjectPropertyConditionHash::equal):
2092         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2093         (JSC::ObjectPropertyConditionSet::forObject):
2094         (JSC::ObjectPropertyConditionSet::forConditionKind):
2095         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2096         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2097         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2098         (JSC::ObjectPropertyConditionSet::mergedWith):
2099         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2100         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2101         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2102         (JSC::ObjectPropertyConditionSet::areStillLive):
2103         (JSC::ObjectPropertyConditionSet::dumpInContext):
2104         (JSC::ObjectPropertyConditionSet::dump):
2105         (JSC::generateConditionsForPropertyMiss):
2106         (JSC::generateConditionsForPropertySetterMiss):
2107         (JSC::generateConditionsForPrototypePropertyHit):
2108         (JSC::generateConditionsForPrototypePropertyHitCustom):
2109         (JSC::generateConditionsForPropertySetterMissConcurrently):
2110         * bytecode/ObjectPropertyConditionSet.h: Added.
2111         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2112         (JSC::ObjectPropertyConditionSet::invalid):
2113         (JSC::ObjectPropertyConditionSet::nonEmpty):
2114         (JSC::ObjectPropertyConditionSet::isValid):
2115         (JSC::ObjectPropertyConditionSet::isEmpty):
2116         (JSC::ObjectPropertyConditionSet::begin):
2117         (JSC::ObjectPropertyConditionSet::end):
2118         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2119         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2120         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2121         (JSC::ObjectPropertyConditionSet::Data::Data):
2122         * bytecode/PolymorphicGetByIdList.cpp:
2123         (JSC::GetByIdAccess::GetByIdAccess):
2124         (JSC::GetByIdAccess::~GetByIdAccess):
2125         (JSC::GetByIdAccess::visitWeak):
2126         * bytecode/PolymorphicGetByIdList.h:
2127         (JSC::GetByIdAccess::GetByIdAccess):
2128         (JSC::GetByIdAccess::structure):
2129         (JSC::GetByIdAccess::conditionSet):
2130         (JSC::GetByIdAccess::stubRoutine):
2131         (JSC::GetByIdAccess::chain): Deleted.
2132         (JSC::GetByIdAccess::chainCount): Deleted.
2133         * bytecode/PolymorphicPutByIdList.cpp:
2134         (JSC::PutByIdAccess::fromStructureStubInfo):
2135         (JSC::PutByIdAccess::visitWeak):
2136         * bytecode/PolymorphicPutByIdList.h:
2137         (JSC::PutByIdAccess::PutByIdAccess):
2138         (JSC::PutByIdAccess::transition):
2139         (JSC::PutByIdAccess::setter):
2140         (JSC::PutByIdAccess::newStructure):
2141         (JSC::PutByIdAccess::conditionSet):
2142         (JSC::PutByIdAccess::stubRoutine):
2143         (JSC::PutByIdAccess::chain): Deleted.
2144         (JSC::PutByIdAccess::chainCount): Deleted.
2145         * bytecode/PropertyCondition.cpp: Added.
2146         (JSC::PropertyCondition::dumpInContext):
2147         (JSC::PropertyCondition::dump):
2148         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2149         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2150         (JSC::PropertyCondition::isStillValid):
2151         (JSC::PropertyCondition::isWatchableWhenValid):
2152         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2153         (JSC::PropertyCondition::isWatchable):
2154         (JSC::PropertyCondition::isStillLive):
2155         (JSC::PropertyCondition::validateReferences):
2156         (JSC::PropertyCondition::isValidValueForAttributes):
2157         (JSC::PropertyCondition::isValidValueForPresence):
2158         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2159         (WTF::printInternal):
2160         * bytecode/PropertyCondition.h: Added.
2161         (JSC::PropertyCondition::PropertyCondition):
2162         (JSC::PropertyCondition::presenceWithoutBarrier):
2163         (JSC::PropertyCondition::presence):
2164         (JSC::PropertyCondition::absenceWithoutBarrier):
2165         (JSC::PropertyCondition::absence):
2166         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2167         (JSC::PropertyCondition::absenceOfSetter):
2168         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2169         (JSC::PropertyCondition::equivalence):
2170         (JSC::PropertyCondition::operator!):
2171         (JSC::PropertyCondition::kind):
2172         (JSC::PropertyCondition::uid):
2173         (JSC::PropertyCondition::hasOffset):
2174         (JSC::PropertyCondition::offset):
2175         (JSC::PropertyCondition::hasAttributes):
2176         (JSC::PropertyCondition::attributes):
2177         (JSC::PropertyCondition::hasPrototype):
2178         (JSC::PropertyCondition::prototype):
2179         (JSC::PropertyCondition::hasRequiredValue):
2180         (JSC::PropertyCondition::requiredValue):
2181         (JSC::PropertyCondition::hash):
2182         (JSC::PropertyCondition::operator==):
2183         (JSC::PropertyCondition::isHashTableDeletedValue):
2184         (JSC::PropertyCondition::isCompatibleWith):
2185         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2186         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2187         (JSC::PropertyConditionHash::hash):
2188         (JSC::PropertyConditionHash::equal):
2189         * bytecode/PutByIdStatus.cpp:
2190         (JSC::PutByIdStatus::computeFromLLInt):
2191         (JSC::PutByIdStatus::computeFor):
2192         (JSC::PutByIdStatus::computeForStubInfo):
2193         * bytecode/PutByIdVariant.cpp:
2194         (JSC::PutByIdVariant::operator=):
2195         (JSC::PutByIdVariant::transition):
2196         (JSC::PutByIdVariant::setter):
2197         (JSC::PutByIdVariant::makesCalls):
2198         (JSC::PutByIdVariant::attemptToMerge):
2199         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2200         (JSC::PutByIdVariant::dumpInContext):
2201         (JSC::PutByIdVariant::baseStructure): Deleted.
2202         * bytecode/PutByIdVariant.h:
2203         (JSC::PutByIdVariant::PutByIdVariant):
2204         (JSC::PutByIdVariant::kind):
2205         (JSC::PutByIdVariant::structure):
2206         (JSC::PutByIdVariant::structureSet):
2207         (JSC::PutByIdVariant::oldStructure):
2208         (JSC::PutByIdVariant::conditionSet):
2209         (JSC::PutByIdVariant::offset):
2210         (JSC::PutByIdVariant::callLinkStatus):
2211         (JSC::PutByIdVariant::constantChecks): Deleted.
2212         (JSC::PutByIdVariant::alternateBase): Deleted.
2213         * bytecode/StructureStubClearingWatchpoint.cpp:
2214         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2215         (JSC::StructureStubClearingWatchpoint::push):
2216         (JSC::StructureStubClearingWatchpoint::fireInternal):
2217         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2218         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2219         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2220         * bytecode/StructureStubClearingWatchpoint.h:
2221         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2222         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2223         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2224         * bytecode/StructureStubInfo.cpp:
2225         (JSC::StructureStubInfo::deref):
2226         (JSC::StructureStubInfo::visitWeakReferences):
2227         * bytecode/StructureStubInfo.h:
2228         (JSC::StructureStubInfo::initPutByIdTransition):
2229         (JSC::StructureStubInfo::initPutByIdReplace):
2230         (JSC::StructureStubInfo::setSeen):
2231         (JSC::StructureStubInfo::addWatchpoint):
2232         * dfg/DFGAbstractInterpreterInlines.h:
2233         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2234         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2235         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2236         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2237         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2238         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2239         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2240         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2241         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2242         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2243         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2244         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2245         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2246         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2247         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2248         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2249         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2250         * dfg/DFGByteCodeParser.cpp:
2251         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2252         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2253         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2254         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2255         (JSC::DFG::ByteCodeParser::check):
2256         (JSC::DFG::ByteCodeParser::promoteToConstant):
2257         (JSC::DFG::ByteCodeParser::planLoad):
2258         (JSC::DFG::ByteCodeParser::load):
2259         (JSC::DFG::ByteCodeParser::presenceLike):
2260         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2261         (JSC::DFG::ByteCodeParser::store):
2262         (JSC::DFG::ByteCodeParser::handleGetById):
2263         (JSC::DFG::ByteCodeParser::handlePutById):
2264         (JSC::DFG::ByteCodeParser::parseBlock):
2265         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2266         * dfg/DFGCommonData.cpp:
2267         (JSC::DFG::CommonData::validateReferences):
2268         * dfg/DFGCommonData.h:
2269         * dfg/DFGConstantFoldingPhase.cpp:
2270         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2271         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2272         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2273         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2274         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2275         * dfg/DFGDesiredWatchpoints.cpp:
2276         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2277         (JSC::DFG::InferredValueAdaptor::add):
2278         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2279         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2280         (JSC::DFG::DesiredWatchpoints::addLazily):
2281         (JSC::DFG::DesiredWatchpoints::consider):
2282         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2283         (JSC::DFG::DesiredWatchpoints::areStillValid):
2284         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2285         * dfg/DFGDesiredWatchpoints.h:
2286         (JSC::DFG::SetPointerAdaptor::add):
2287         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2288         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2289         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2290         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2291         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2292         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2293         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2294         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2295         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2296         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2297         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2298         (JSC::DFG::DesiredWatchpoints::isWatched):
2299         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2300         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2301         * dfg/DFGDesiredWeakReferences.cpp:
2302         (JSC::DFG::DesiredWeakReferences::addLazily):
2303         (JSC::DFG::DesiredWeakReferences::contains):
2304         * dfg/DFGDesiredWeakReferences.h:
2305         * dfg/DFGGraph.cpp:
2306         (JSC::DFG::Graph::dump):
2307         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2308         (JSC::DFG::Graph::watchCondition):
2309         (JSC::DFG::Graph::isSafeToLoad):
2310         (JSC::DFG::Graph::livenessFor):
2311         (JSC::DFG::Graph::tryGetConstantProperty):
2312         (JSC::DFG::Graph::visitChildren):
2313         * dfg/DFGGraph.h:
2314         (JSC::DFG::Graph::identifiers):
2315         (JSC::DFG::Graph::watchpoints):
2316         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2317         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2318         (JSC::DFG::GetByOffsetMethod::dump):
2319         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2320         (JSC::DFG::MultiGetByOffsetCase::dump):
2321         (WTF::printInternal):
2322         * dfg/DFGMultiGetByOffsetData.h: Added.
2323         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2324         (JSC::DFG::GetByOffsetMethod::constant):
2325         (JSC::DFG::GetByOffsetMethod::load):
2326         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2327         (JSC::DFG::GetByOffsetMethod::operator!):
2328         (JSC::DFG::GetByOffsetMethod::kind):
2329         (JSC::DFG::GetByOffsetMethod::prototype):
2330         (JSC::DFG::GetByOffsetMethod::offset):
2331         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2332         (JSC::DFG::MultiGetByOffsetCase::set):
2333         (JSC::DFG::MultiGetByOffsetCase::method):
2334         * dfg/DFGNode.h:
2335         * dfg/DFGSafeToExecute.h:
2336         (JSC::DFG::safeToExecute):
2337         * dfg/DFGStructureRegistrationPhase.cpp:
2338         (JSC::DFG::StructureRegistrationPhase::run):
2339         * ftl/FTLLowerDFGToLLVM.cpp:
2340         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2341         * jit/Repatch.cpp:
2342         (JSC::repatchByIdSelfAccess):
2343         (JSC::checkObjectPropertyCondition):
2344         (JSC::checkObjectPropertyConditions):
2345         (JSC::replaceWithJump):
2346         (JSC::generateByIdStub):
2347         (JSC::actionForCell):
2348         (JSC::tryBuildGetByIDList):
2349         (JSC::emitPutReplaceStub):
2350         (JSC::emitPutTransitionStub):
2351         (JSC::tryCachePutByID):
2352         (JSC::tryBuildPutByIdList):
2353         (JSC::tryRepatchIn):
2354         (JSC::addStructureTransitionCheck): Deleted.
2355         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2356         * runtime/IntendedStructureChain.cpp: Removed.
2357         * runtime/IntendedStructureChain.h: Removed.
2358         * runtime/JSCJSValue.h:
2359         * runtime/JSObject.cpp:
2360         (JSC::throwTypeError):
2361         (JSC::JSObject::convertToDictionary):
2362         (JSC::JSObject::shiftButterflyAfterFlattening):
2363         * runtime/JSObject.h:
2364         (JSC::JSObject::flattenDictionaryObject):
2365         (JSC::JSObject::convertToDictionary): Deleted.
2366         * runtime/Operations.h:
2367         (JSC::normalizePrototypeChain):
2368         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2369         (JSC::isPrototypeChainNormalized): Deleted.
2370         * runtime/PropertySlot.h:
2371         (JSC::PropertySlot::PropertySlot):
2372         (JSC::PropertySlot::slotBase):
2373         * runtime/Structure.cpp:
2374         (JSC::Structure::addPropertyTransition):
2375         (JSC::Structure::attributeChangeTransition):
2376         (JSC::Structure::toDictionaryTransition):
2377         (JSC::Structure::toCacheableDictionaryTransition):
2378         (JSC::Structure::toUncacheableDictionaryTransition):
2379         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2380         (JSC::Structure::startWatchingPropertyForReplacements):
2381         (JSC::Structure::didCachePropertyReplacement):
2382         (JSC::Structure::dump):
2383         * runtime/Structure.h:
2384         * runtime/VM.h:
2385         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2386         (foo):
2387         (bar):
2388         (baz):
2389         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2390         (foo):
2391         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2392         (foo):
2393         * tests/stress/replacement-watchpoint.js: Added.
2394         (foo):
2395         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2396         (foo):
2397         * tests/stress/undefined-access-then-proto-change.js: Added.
2398         (foo):
2399
2400 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2401
2402         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2403         https://bugs.webkit.org/show_bug.cgi?id=147538
2404
2405         Reviewed by Geoffrey Garen.
2406
2407         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
2408         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
2409         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
2410
2411         * parser/ParserTokens.h:
2412         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
2413         (testSyntaxError):
2414
2415 2015-08-03  Keith Miller  <keith_miller@apple.com>
2416
2417         Clean up the naming for AST expression generation.
2418         https://bugs.webkit.org/show_bug.cgi?id=147581
2419
2420         Reviewed by Yusuke Suzuki.
2421
2422         * parser/ASTBuilder.h:
2423         (JSC::ASTBuilder::createThisExpr):
2424         (JSC::ASTBuilder::createSuperExpr):
2425         (JSC::ASTBuilder::createNewTargetExpr):
2426         (JSC::ASTBuilder::thisExpr): Deleted.
2427         (JSC::ASTBuilder::superExpr): Deleted.
2428         (JSC::ASTBuilder::newTargetExpr): Deleted.
2429         * parser/Parser.cpp:
2430         (JSC::Parser<LexerType>::parsePrimaryExpression):
2431         (JSC::Parser<LexerType>::parseMemberExpression):
2432         * parser/SyntaxChecker.h:
2433         (JSC::SyntaxChecker::createThisExpr):
2434         (JSC::SyntaxChecker::createSuperExpr):
2435         (JSC::SyntaxChecker::createNewTargetExpr):
2436         (JSC::SyntaxChecker::thisExpr): Deleted.
2437         (JSC::SyntaxChecker::superExpr): Deleted.
2438         (JSC::SyntaxChecker::newTargetExpr): Deleted.
2439
2440 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2441
2442         Don't set up the callsite to operationGetByValDefault when the optimization is already done
2443         https://bugs.webkit.org/show_bug.cgi?id=147577
2444
2445         Reviewed by Filip Pizlo.
2446
2447         operationGetByValDefault should be called only when the IC is not set.
2448         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
2449         operationGetByValDefault raises the assertion failure.
2450         In this patch, we change the callsite setting up code in operationGetByValString when
2451         the IC is already set. And to make the operation's meaning explicitly, we changed the
2452         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
2453         GetById case.
2454
2455         * jit/JITOperations.cpp:
2456         * jit/JITOperations.h:
2457         * jit/JITPropertyAccess.cpp:
2458         (JSC::JIT::emitSlow_op_get_by_val):
2459         * jit/JITPropertyAccess32_64.cpp:
2460         (JSC::JIT::emitSlow_op_get_by_val):
2461         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
2462         (hello):
2463
2464 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2465
2466         [FTL] Remove unused scripts related to native call inlining
2467         https://bugs.webkit.org/show_bug.cgi?id=147448
2468
2469         Reviewed by Filip Pizlo.
2470
2471         * build-symbol-table-index.py: Removed.
2472         * copy-llvm-ir-to-derived-sources.sh: Removed.
2473         * create-llvm-ir-from-source-file.py: Removed.
2474         * create-symbol-table-index.py: Removed.
2475
2476 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
2477
2478         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
2479         https://bugs.webkit.org/show_bug.cgi?id=118455
2480
2481         Reviewed by Filip Pizlo.
2482
2483         LivenessAnalysisPhase lights up like a christmas tree in profiles.
2484
2485         This patch cuts its cost by 4.
2486         About half of the gains come from removing many rehash() when copying
2487         the HashSet.
2488         The last quarter is achieved by having a special add() function for initializing
2489         a HashSet.
2490
2491         This makes benchmarks progress by 1-2% here and there. Nothing massive.
2492
2493         * dfg/DFGLivenessAnalysisPhase.cpp:
2494         (JSC::DFG::LivenessAnalysisPhase::process):
2495         The m_live HashSet is only useful per block. When we are done with it,
2496         we can transfer it to liveAtHead to avoid a copy.
2497
2498 2015-08-01  Saam barati  <saambarati1@gmail.com>
2499
2500         Unreviewed. Remove unintentional "print" statement in test case.
2501         https://bugs.webkit.org/show_bug.cgi?id=142567
2502
2503         * tests/stress/class-syntax-definition-semantics.js:
2504         (shouldBeSyntaxError):
2505
2506 2015-07-31  Alex Christensen  <achristensen@webkit.org>
2507
2508         Prepare for VS2015
2509         https://bugs.webkit.org/show_bug.cgi?id=146579
2510
2511         Reviewed by Jon Honeycutt.
2512
2513         * heap/Heap.h:
2514         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
2515
2516 2015-07-31  Saam barati  <saambarati1@gmail.com>
2517
2518         ES6 class syntax should use block scoping
2519         https://bugs.webkit.org/show_bug.cgi?id=142567
2520
2521         Reviewed by Geoffrey Garen.
2522
2523         We treat class declarations like we do "let" declarations.
2524         The class name is under TDZ until the class declaration
2525         statement is evaluated. Class declarations also follow
2526         the same rules as "let": No duplicate definitions inside
2527         a lexical environment.
2528
2529         * parser/ASTBuilder.h:
2530         (JSC::ASTBuilder::createClassDeclStatement):
2531         * parser/Parser.cpp:
2532         (JSC::Parser<LexerType>::parseClassDeclaration):
2533         * tests/stress/class-syntax-block-scoping.js: Added.
2534         (assert):
2535         (truth):
2536         (.):
2537         * tests/stress/class-syntax-definition-semantics.js: Added.
2538         (shouldBeSyntaxError):
2539         (shouldNotBeSyntaxError):
2540         (truth):
2541         * tests/stress/class-syntax-tdz.js:
2542         (assert):
2543         (shouldThrowTDZ):
2544         (truth):
2545         (.):
2546
2547 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2548
2549         Implement WebAssembly module parser
2550         https://bugs.webkit.org/show_bug.cgi?id=147293
2551
2552         Reviewed by Mark Lam.
2553
2554         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
2555         include file: 'JSWASMModule.h'" issue on Windows.
2556
2557         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2558         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2559         the magic number at the beginning of the files. Parsing of the rest will be
2560         implemented in a subsequent patch.
2561
2562         * CMakeLists.txt:
2563         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2564         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2565         * JavaScriptCore.xcodeproj/project.pbxproj:
2566         * jsc.cpp:
2567         (GlobalObject::finishCreation):
2568         (functionLoadWebAssembly):
2569         * parser/SourceProvider.h:
2570         (JSC::WebAssemblySourceProvider::create):
2571         (JSC::WebAssemblySourceProvider::data):
2572         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2573         * runtime/JSGlobalObject.cpp:
2574         (JSC::JSGlobalObject::init):
2575         (JSC::JSGlobalObject::visitChildren):
2576         * runtime/JSGlobalObject.h:
2577         (JSC::JSGlobalObject::wasmModuleStructure):
2578         * wasm/WASMMagicNumber.h: Added.
2579         * wasm/WASMModuleParser.cpp: Added.
2580         (JSC::WASMModuleParser::WASMModuleParser):
2581         (JSC::WASMModuleParser::parse):
2582         (JSC::WASMModuleParser::parseModule):
2583         (JSC::parseWebAssembly):
2584         * wasm/WASMModuleParser.h: Added.
2585         * wasm/WASMReader.cpp: Added.
2586         (JSC::WASMReader::readUnsignedInt32):
2587         (JSC::WASMReader::readFloat):
2588         (JSC::WASMReader::readDouble):
2589         * wasm/WASMReader.h: Added.
2590         (JSC::WASMReader::WASMReader):
2591
2592 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2593
2594         Add the "wasm" directory to the Additional Include Directories for jsc.exe
2595         https://bugs.webkit.org/show_bug.cgi?id=147443
2596
2597         Reviewed by Mark Lam.
2598
2599         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
2600         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
2601
2602         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2603
2604 2015-07-30  Chris Dumez  <cdumez@apple.com>
2605
2606         Mark more classes as fast allocated
2607         https://bugs.webkit.org/show_bug.cgi?id=147440
2608
2609         Reviewed by Sam Weinig.
2610
2611         Mark more classes as fast allocated for performance. We heap-allocate
2612         objects of those types throughout the code base.
2613
2614         * API/JSCallbackObject.h:
2615         * API/ObjCCallbackFunction.mm:
2616         * bytecode/BytecodeKills.h:
2617         * bytecode/BytecodeLivenessAnalysis.h:
2618         * bytecode/CallLinkStatus.h:
2619         * bytecode/FullBytecodeLiveness.h:
2620         * bytecode/SamplingTool.h:
2621         * bytecompiler/BytecodeGenerator.h:
2622         * dfg/DFGBasicBlock.h:
2623         * dfg/DFGBlockMap.h:
2624         * dfg/DFGInPlaceAbstractState.h:
2625         * dfg/DFGThreadData.h:
2626         * heap/HeapVerifier.h:
2627         * heap/SlotVisitor.h:
2628         * parser/Lexer.h:
2629         * runtime/ControlFlowProfiler.h:
2630         * runtime/TypeProfiler.h:
2631         * runtime/TypeProfilerLog.h:
2632         * runtime/Watchdog.h:
2633
2634 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
2635
2636         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
2637         https://bugs.webkit.org/show_bug.cgi?id=147433
2638         rdar://problem/21668986
2639
2640         Reviewed by Mark Lam.
2641
2642         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
2643         currently that's not what it does - it emits a SetArgument for every argument that a varargs
2644         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
2645         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
2646         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
2647         have a PutStack.
2648
2649         This fixes the bug by removing the code to optimize away PutStacks in
2650         ArgumentsEliminationPhase.
2651
2652         * dfg/DFGArgumentsEliminationPhase.cpp:
2653         * tests/stress/varargs-inlining-underflow.js: Added.
2654         (baz):
2655         (bar):
2656         (foo):
2657
2658 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
2659
2660         Implement basic types for ECMAScript Internationalization API
2661         https://bugs.webkit.org/show_bug.cgi?id=146926
2662
2663         Reviewed by Benjamin Poulain.
2664
2665         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
2666         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
2667
2668         * CMakeLists.txt: Added new Intl files.
2669         * Configurations/FeatureDefines.xcconfig: Enable INTL.
2670         * DerivedSources.make: Added Intl files.
2671         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
2672         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
2673         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
2674         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
2675         * runtime/DateConstructor.cpp: Made Date.now public.
2676         * runtime/DateConstructor.h: Made Date.now public.
2677         * runtime/IntlCollator.cpp: Added.
2678         (JSC::IntlCollator::create):
2679         (JSC::IntlCollator::createStructure):
2680         (JSC::IntlCollator::IntlCollator):
2681         (JSC::IntlCollator::finishCreation):
2682         (JSC::IntlCollator::destroy):
2683         (JSC::IntlCollator::visitChildren):
2684         (JSC::IntlCollator::setBoundCompare):
2685         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
2686         * runtime/IntlCollator.h: Added.
2687         (JSC::IntlCollator::constructor):
2688         (JSC::IntlCollator::boundCompare):
2689         * runtime/IntlCollatorConstructor.cpp: Added.
2690         (JSC::IntlCollatorConstructor::create):
2691         (JSC::IntlCollatorConstructor::createStructure):
2692         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
2693         (JSC::IntlCollatorConstructor::finishCreation):
2694         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
2695         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
2696         (JSC::IntlCollatorConstructor::getConstructData):
2697         (JSC::IntlCollatorConstructor::getCallData):
2698         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2699         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2700         (JSC::IntlCollatorConstructor::visitChildren):
2701         * runtime/IntlCollatorConstructor.h: Added.
2702         (JSC::IntlCollatorConstructor::collatorStructure):
2703         * runtime/IntlCollatorPrototype.cpp: Added.
2704         (JSC::IntlCollatorPrototype::create):
2705         (JSC::IntlCollatorPrototype::createStructure):
2706         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
2707         (JSC::IntlCollatorPrototype::finishCreation):
2708         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
2709         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
2710         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2711         * runtime/IntlCollatorPrototype.h: Added.
2712         * runtime/IntlDateTimeFormat.cpp: Added.
2713         (JSC::IntlDateTimeFormat::create):
2714         (JSC::IntlDateTimeFormat::createStructure):
2715         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
2716         (JSC::IntlDateTimeFormat::finishCreation):
2717         (JSC::IntlDateTimeFormat::destroy):
2718         (JSC::IntlDateTimeFormat::visitChildren):
2719         (JSC::IntlDateTimeFormat::setBoundFormat):
2720         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
2721         * runtime/IntlDateTimeFormat.h: Added.
2722         (JSC::IntlDateTimeFormat::constructor):
2723         (JSC::IntlDateTimeFormat::boundFormat):
2724         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
2725         (JSC::IntlDateTimeFormatConstructor::create):
2726         (JSC::IntlDateTimeFormatConstructor::createStructure):
2727         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
2728         (JSC::IntlDateTimeFormatConstructor::finishCreation):
2729         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2730         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2731         (JSC::IntlDateTimeFormatConstructor::getConstructData):
2732         (JSC::IntlDateTimeFormatConstructor::getCallData):
2733         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2734         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2735         (JSC::IntlDateTimeFormatConstructor::visitChildren):
2736         * runtime/IntlDateTimeFormatConstructor.h: Added.
2737         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
2738         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
2739         (JSC::IntlDateTimeFormatPrototype::create):
2740         (JSC::IntlDateTimeFormatPrototype::createStructure):
2741         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
2742         (JSC::IntlDateTimeFormatPrototype::finishCreation):
2743         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2744         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
2745         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2746         * runtime/IntlDateTimeFormatPrototype.h: Added.
2747         * runtime/IntlNumberFormat.cpp: Added.
2748         (JSC::IntlNumberFormat::create):
2749         (JSC::IntlNumberFormat::createStructure):
2750         (JSC::IntlNumberFormat::IntlNumberFormat):
2751         (JSC::IntlNumberFormat::finishCreation):
2752         (JSC::IntlNumberFormat::destroy):
2753         (JSC::IntlNumberFormat::visitChildren):
2754         (JSC::IntlNumberFormat::setBoundFormat):
2755         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
2756         * runtime/IntlNumberFormat.h: Added.
2757         (JSC::IntlNumberFormat::constructor):
2758         (JSC::IntlNumberFormat::boundFormat):
2759         * runtime/IntlNumberFormatConstructor.cpp: Added.
2760         (JSC::IntlNumberFormatConstructor::create):
2761         (JSC::IntlNumberFormatConstructor::createStructure):
2762         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
2763         (JSC::IntlNumberFormatConstructor::finishCreation):
2764         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2765         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2766         (JSC::IntlNumberFormatConstructor::getConstructData):
2767         (JSC::IntlNumberFormatConstructor::getCallData):
2768         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2769         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2770         (JSC::IntlNumberFormatConstructor::visitChildren):
2771         * runtime/IntlNumberFormatConstructor.h: Added.
2772         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
2773         * runtime/IntlNumberFormatPrototype.cpp: Added.
2774         (JSC::IntlNumberFormatPrototype::create):
2775         (JSC::IntlNumberFormatPrototype::createStructure):
2776         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
2777         (JSC::IntlNumberFormatPrototype::finishCreation):
2778         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2779         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
2780         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2781         * runtime/IntlNumberFormatPrototype.h: Added.
2782         * runtime/IntlObject.cpp:
2783         (JSC::IntlObject::create):
2784         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
2785         (JSC::IntlObject::visitChildren):
2786         * runtime/IntlObject.h:
2787         (JSC::IntlObject::collatorConstructor):
2788         (JSC::IntlObject::collatorPrototype):
2789         (JSC::IntlObject::collatorStructure):
2790         (JSC::IntlObject::numberFormatConstructor):
2791         (JSC::IntlObject::numberFormatPrototype):
2792         (JSC::IntlObject::numberFormatStructure):
2793         (JSC::IntlObject::dateTimeFormatConstructor):
2794         (JSC::IntlObject::dateTimeFormatPrototype):
2795         (JSC::IntlObject::dateTimeFormatStructure):
2796         * runtime/JSGlobalObject.cpp:
2797         (JSC::JSGlobalObject::init):
2798
2799 2015-07-29  Commit Queue  <commit-queue@webkit.org>
2800
2801         Unreviewed, rolling out r187550.
2802         https://bugs.webkit.org/show_bug.cgi?id=147420
2803
2804         Broke Windows build (again) (Requested by smfr on #webkit).
2805
2806         Reverted changeset:
2807
2808         "Implement WebAssembly module parser"
2809         https://bugs.webkit.org/show_bug.cgi?id=147293
2810         http://trac.webkit.org/changeset/187550
2811
2812 2015-07-29  Basile Clement  <basile_clement@apple.com>
2813
2814         Remove native call inlining
2815         https://bugs.webkit.org/show_bug.cgi?id=147417
2816
2817         Rubber Stamped by Filip Pizlo.
2818
2819         * CMakeLists.txt:
2820         * dfg/DFGAbstractInterpreterInlines.h:
2821         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2822         * dfg/DFGByteCodeParser.cpp:
2823         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
2824         * dfg/DFGClobberize.h:
2825         (JSC::DFG::clobberize): Deleted.
2826         * dfg/DFGDoesGC.cpp:
2827         (JSC::DFG::doesGC): Deleted.
2828         * dfg/DFGFixupPhase.cpp:
2829         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2830         * dfg/DFGNode.h:
2831         (JSC::DFG::Node::hasHeapPrediction): Deleted.
2832         (JSC::DFG::Node::hasCellOperand): Deleted.
2833         * dfg/DFGNodeType.h:
2834         * dfg/DFGPredictionPropagationPhase.cpp:
2835         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2836         * dfg/DFGSafeToExecute.h:
2837         (JSC::DFG::safeToExecute): Deleted.
2838         * dfg/DFGSpeculativeJIT32_64.cpp:
2839         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2840         * dfg/DFGSpeculativeJIT64.cpp:
2841         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2842         * ftl/FTLCapabilities.cpp:
2843         (JSC::FTL::canCompile): Deleted.
2844         * ftl/FTLLowerDFGToLLVM.cpp:
2845         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
2846         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2847         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
2848         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
2849         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
2850         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
2851         * ftl/FTLState.cpp:
2852         (JSC::FTL::State::State): Deleted.
2853         * ftl/FTLState.h:
2854         * runtime/BundlePath.cpp: Removed.
2855         (JSC::bundlePath): Deleted.
2856         * runtime/JSDataViewPrototype.cpp:
2857         (JSC::getData):
2858         (JSC::setData):
2859         * runtime/Options.h:
2860
2861 2015-07-29  Basile Clement  <basile_clement@apple.com>
2862
2863         Unreviewed, skipping a test that is too complex for its own good
2864         https://bugs.webkit.org/show_bug.cgi?id=147167
2865
2866         * tests/stress/math-pow-coherency.js:
2867
2868 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2869
2870         Implement WebAssembly module parser
2871         https://bugs.webkit.org/show_bug.cgi?id=147293
2872
2873         Reviewed by Mark Lam.
2874
2875         Reupload the patch, since r187539 should fix the "Cannot open include file:
2876         'JSWASMModule.h'" issue in the Windows build.
2877
2878         * CMakeLists.txt:
2879         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2880         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2881         * JavaScriptCore.xcodeproj/project.pbxproj:
2882         * jsc.cpp:
2883         (GlobalObject::finishCreation):
2884         (functionLoadWebAssembly):
2885         * parser/SourceProvider.h:
2886         (JSC::WebAssemblySourceProvider::create):
2887         (JSC::WebAssemblySourceProvider::data):
2888         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2889         * runtime/JSGlobalObject.cpp:
2890         (JSC::JSGlobalObject::init):
2891         (JSC::JSGlobalObject::visitChildren):
2892         * runtime/JSGlobalObject.h:
2893         (JSC::JSGlobalObject::wasmModuleStructure):
2894         * wasm/WASMMagicNumber.h: Added.
2895         * wasm/WASMModuleParser.cpp: Added.
2896         (JSC::WASMModuleParser::WASMModuleParser):
2897         (JSC::WASMModuleParser::parse):
2898         (JSC::WASMModuleParser::parseModule):
2899         (JSC::parseWebAssembly):
2900         * wasm/WASMModuleParser.h: Added.
2901         * wasm/WASMReader.cpp: Added.
2902         (JSC::WASMReader::readUnsignedInt32):
2903         (JSC::WASMReader::readFloat):
2904         (JSC::WASMReader::readDouble):
2905         * wasm/WASMReader.h: Added.
2906         (JSC::WASMReader::WASMReader):
2907
2908 2015-07-29  Basile Clement  <basile_clement@apple.com>
2909
2910         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
2911         https://bugs.webkit.org/show_bug.cgi?id=147167
2912
2913         * tests/stress/math-pow-coherency.js:
2914
2915 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2916
2917         Add the "wasm" directory to Visual Studio project files
2918         https://bugs.webkit.org/show_bug.cgi?id=147400
2919
2920         Reviewed by Simon Fraser.
2921
2922         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
2923         in the Windows build.
2924
2925         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
2926         * JavaScriptCore.vcxproj/copy-files.cmd:
2927
2928 2015-07-28  Commit Queue  <commit-queue@webkit.org>
2929
2930         Unreviewed, rolling out r187531.
2931         https://bugs.webkit.org/show_bug.cgi?id=147397
2932
2933         Broke Windows bild (Requested by smfr on #webkit).
2934
2935         Reverted changeset:
2936
2937         "Implement WebAssembly module parser"
2938         https://bugs.webkit.org/show_bug.cgi?id=147293
2939         http://trac.webkit.org/changeset/187531
2940
2941 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
2942
2943         Speed up the Stringifier::toJSON() fast case
2944         https://bugs.webkit.org/show_bug.cgi?id=147383
2945
2946         Reviewed by Andreas Kling.
2947
2948         * runtime/JSONObject.cpp:
2949         (JSC::Stringifier::toJSON):
2950         (JSC::Stringifier::toJSONImpl):
2951
2952 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2953
2954         Implement WebAssembly module parser
2955         https://bugs.webkit.org/show_bug.cgi?id=147293
2956
2957         Reviewed by Geoffrey Garen.
2958
2959         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2960         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2961         the magic number at the beginning of the files. Parsing of the rest will be
2962         implemented in a subsequent patch.
2963
2964         * CMakeLists.txt:
2965         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2966         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2967         * JavaScriptCore.xcodeproj/project.pbxproj:
2968         * jsc.cpp:
2969         (GlobalObject::finishCreation):
2970         (functionLoadWebAssembly):
2971         * parser/SourceProvider.h:
2972         (JSC::WebAssemblySourceProvider::create):
2973         (JSC::WebAssemblySourceProvider::data):
2974         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2975         * runtime/JSGlobalObject.cpp:
2976         (JSC::JSGlobalObject::init):
2977         (JSC::JSGlobalObject::visitChildren):
2978         * runtime/JSGlobalObject.h:
2979         (JSC::JSGlobalObject::wasmModuleStructure):
2980         * wasm/WASMMagicNumber.h: Added.
2981         * wasm/WASMModuleParser.cpp: Added.
2982         (JSC::WASMModuleParser::WASMModuleParser):
2983         (JSC::WASMModuleParser::parse):
2984         (JSC::WASMModuleParser::parseModule):
2985         (JSC::parseWebAssembly):
2986         * wasm/WASMModuleParser.h: Added.
2987         * wasm/WASMReader.cpp: Added.
2988         (JSC::WASMReader::readUnsignedInt32):
2989         (JSC::WASMReader::readFloat):
2990         (JSC::WASMReader::readDouble):
2991         * wasm/WASMReader.h: Added.
2992         (JSC::WASMReader::WASMReader):
2993
2994 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
2995
2996         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
2997         https://bugs.webkit.org/show_bug.cgi?id=147350
2998
2999         Reviewed by Sam Weinig.
3000
3001         * Configurations/FeatureDefines.xcconfig:
3002
3003 2015-07-28  Saam barati  <saambarati1@gmail.com>
3004
3005         Make the type profiler work with lexical scoping and add tests
3006         https://bugs.webkit.org/show_bug.cgi?id=145438
3007
3008         Reviewed by Geoffrey Garen.
3009
3010         op_profile_type now knows how to resolve variables allocated within
3011         the local scope stack. This means it knows how to resolve "let"
3012         and "const" variables. Also, some refactoring was done inside
3013         the BytecodeGenerator to make writing code to support the type
3014         profiler much simpler and clearer.
3015
3016         * bytecode/CodeBlock.cpp:
3017         (JSC::CodeBlock::CodeBlock):
3018         * bytecode/CodeBlock.h:
3019         (JSC::CodeBlock::symbolTable): Deleted.
3020         * bytecode/UnlinkedCodeBlock.h:
3021         (JSC::UnlinkedCodeBlock::addExceptionHandler):
3022         (JSC::UnlinkedCodeBlock::exceptionHandler):
3023         (JSC::UnlinkedCodeBlock::vm):
3024         (JSC::UnlinkedCodeBlock::addArrayProfile):
3025         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
3026         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
3027         * bytecompiler/BytecodeGenerator.cpp:
3028         (JSC::BytecodeGenerator::BytecodeGenerator):
3029         (JSC::BytecodeGenerator::emitMove):
3030         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
3031         (JSC::BytecodeGenerator::emitProfileType):
3032         (JSC::BytecodeGenerator::emitProfileControlFlow):
3033         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3034         * bytecompiler/BytecodeGenerator.h:
3035         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3036         * bytecompiler/NodesCodegen.cpp:
3037         (JSC::ThisNode::emitBytecode):
3038         (JSC::ResolveNode::emitBytecode):
3039         (JSC::BracketAccessorNode::emitBytecode):
3040         (JSC::DotAccessorNode::emitBytecode):
3041         (JSC::FunctionCallValueNode::emitBytecode):
3042         (JSC::FunctionCallResolveNode::emitBytecode):
3043         (JSC::FunctionCallBracketNode::emitBytecode):
3044         (JSC::FunctionCallDotNode::emitBytecode):
3045         (JSC::CallFunctionCallDotNode::emitBytecode):
3046         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3047         (JSC::PostfixNode::emitResolve):
3048         (JSC::PostfixNode::emitBracket):
3049         (JSC::PostfixNode::emitDot):
3050         (JSC::PrefixNode::emitResolve):
3051         (JSC::PrefixNode::emitBracket):
3052         (JSC::PrefixNode::emitDot):
3053         (JSC::ReadModifyResolveNode::emitBytecode):
3054         (JSC::AssignResolveNode::emitBytecode):
3055         (JSC::AssignDotNode::emitBytecode):
3056         (JSC::ReadModifyDotNode::emitBytecode):
3057         (JSC::AssignBracketNode::emitBytecode):
3058         (JSC::ReadModifyBracketNode::emitBytecode):
3059         (JSC::EmptyVarExpression::emitBytecode):
3060         (JSC::EmptyLetExpression::emitBytecode):
3061         (JSC::ForInNode::emitLoopHeader):
3062         (JSC::ForOfNode::emitBytecode):
3063         (JSC::ReturnNode::emitBytecode):
3064         (JSC::FunctionNode::emitBytecode):
3065         (JSC::BindingNode::bindValue):
3066         * dfg/DFGSpeculativeJIT32_64.cpp:
3067         (JSC::DFG::SpeculativeJIT::compile):
3068         * dfg/DFGSpeculativeJIT64.cpp:
3069         (JSC::DFG::SpeculativeJIT::compile):
3070         * jit/JITOpcodes.cpp:
3071         (JSC::JIT::emit_op_profile_type):
3072         * jit/JITOpcodes32_64.cpp:
3073         (JSC::JIT::emit_op_profile_type):
3074         * llint/LowLevelInterpreter32_64.asm:
3075         * llint/LowLevelInterpreter64.asm:
3076         * tests/typeProfiler/es6-block-scoping.js: Added.
3077         (noop):
3078         (arr):
3079         (wrapper.changeFoo):
3080         (wrapper.scoping):
3081         (wrapper.scoping2):
3082         (wrapper):
3083         * tests/typeProfiler/es6-classes.js: Added.
3084         (noop):
3085         (wrapper.Animal):
3086         (wrapper.Animal.prototype.methodA):
3087         (wrapper.Dog):
3088         (wrapper.Dog.prototype.methodB):
3089         (wrapper):
3090
3091 2015-07-28  Saam barati  <saambarati1@gmail.com>
3092
3093         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
3094         https://bugs.webkit.org/show_bug.cgi?id=146979
3095
3096         Reviewed by Geoffrey Garen.
3097
3098         Now that BytecodeGenerator has a notion of local scope depth,
3099         we can easily implement a catch scope that doesn't claim that
3100         all variables are dynamically scoped. This means that functions
3101         that use try/catch can have local variable resolution. This also
3102         means that all functions that use try/catch don't have all
3103         their variables marked as being captured.
3104
3105         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
3106         single variable. Catch scopes are now just JSLexicalEnvironments and the 
3107         symbol table backing the catch scope knows that it corresponds to a catch scope.
3108
3109         * CMakeLists.txt:
3110         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3111         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3112         * JavaScriptCore.xcodeproj/project.pbxproj:
3113         * bytecode/CodeBlock.cpp:
3114         (JSC::CodeBlock::dumpBytecode):
3115         * bytecode/EvalCodeCache.h:
3116         (JSC::EvalCodeCache::isCacheable):
3117         * bytecompiler/BytecodeGenerator.cpp:
3118         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3119         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3120         (JSC::BytecodeGenerator::pushLexicalScope):
3121         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3122         (JSC::BytecodeGenerator::popLexicalScope):
3123         (JSC::BytecodeGenerator::popLexicalScopeInternal):
3124         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3125         (JSC::BytecodeGenerator::variable):
3126         (JSC::BytecodeGenerator::resolveType):
3127         (JSC::BytecodeGenerator::emitResolveScope):
3128         (JSC::BytecodeGenerator::emitPopScope):
3129         (JSC::BytecodeGenerator::emitPopWithScope):
3130         (JSC::BytecodeGenerator::emitDebugHook):
3131         (JSC::BytecodeGenerator::popScopedControlFlowContext):
3132         (JSC::BytecodeGenerator::emitPushCatchScope):
3133         (JSC::BytecodeGenerator::emitPopCatchScope):
3134         (JSC::BytecodeGenerator::beginSwitch):
3135         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
3136         * bytecompiler/BytecodeGenerator.h:
3137         (JSC::BytecodeGenerator::lastOpcodeID):
3138         * bytecompiler/NodesCodegen.cpp:
3139         (JSC::AssignResolveNode::emitBytecode):
3140         (JSC::WithNode::emitBytecode):
3141         (JSC::TryNode::emitBytecode):
3142         * debugger/DebuggerScope.cpp:
3143         (JSC::DebuggerScope::isCatchScope):
3144         (JSC::DebuggerScope::isFunctionNameScope):
3145         (JSC::DebuggerScope::isFunctionOrEvalScope):
3146         (JSC::DebuggerScope::caughtValue):
3147         * debugger/DebuggerScope.h:
3148         * inspector/ScriptDebugServer.cpp:
3149         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
3150         * interpreter/Interpreter.cpp:
3151         (JSC::Interpreter::execute):
3152         * jit/JITOpcodes.cpp:
3153         (JSC::JIT::emit_op_push_name_scope):
3154         * jit/JITOpcodes32_64.cpp:
3155         (JSC::JIT::emit_op_push_name_scope):
3156         * jit/JITOperations.cpp:
3157         * jit/JITOperations.h:
3158         * parser/ASTBuilder.h:
3159         (JSC::ASTBuilder::createContinueStatement):
3160         (JSC::ASTBuilder::createTryStatement):
3161         * parser/NodeConstructors.h:
3162         (JSC::ThrowNode::ThrowNode):
3163         (JSC::TryNode::TryNode):
3164         (JSC::FunctionParameters::FunctionParameters):
3165         * parser/Nodes.h:
3166         * parser/Parser.cpp:
3167         (JSC::Parser<LexerType>::parseTryStatement):
3168         * parser/SyntaxChecker.h:
3169         (JSC::SyntaxChecker::createBreakStatement):
3170         (JSC::SyntaxChecker::createContinueStatement):
3171         (JSC::SyntaxChecker::createTryStatement):
3172         (JSC::SyntaxChecker::createSwitchStatement):
3173         (JSC::SyntaxChecker::createWhileStatement):
3174         (JSC::SyntaxChecker::createWithStatement):
3175         * runtime/JSCatchScope.cpp:
3176         * runtime/JSCatchScope.h:
3177         (JSC::JSCatchScope::JSCatchScope): Deleted.
3178         (JSC::JSCatchScope::create): Deleted.
3179         (JSC::JSCatchScope::createStructure): Deleted.
3180         * runtime/JSFunctionNameScope.h:
3181         (JSC::JSFunctionNameScope::JSFunctionNameScope):
3182         * runtime/JSGlobalObject.cpp:
3183         (JSC::JSGlobalObject::init):
3184         (JSC::JSGlobalObject::visitChildren):
3185         * runtime/JSGlobalObject.h:
3186         (JSC::JSGlobalObject::withScopeStructure):
3187         (JSC::JSGlobalObject::strictEvalActivationStructure):
3188         (JSC::JSGlobalObject::activationStructure):
3189         (JSC::JSGlobalObject::functionNameScopeStructure):
3190         (JSC::JSGlobalObject::directArgumentsStructure):
3191         (JSC::JSGlobalObject::scopedArgumentsStructure):
3192         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
3193         * runtime/JSNameScope.cpp:
3194         (JSC::JSNameScope::create):
3195         (JSC::JSNameScope::toThis):
3196         * runtime/JSNameScope.h:
3197         * runtime/JSObject.cpp:
3198         (JSC::JSObject::toThis):
3199         (JSC::JSObject::isFunctionNameScopeObject):
3200         (JSC::JSObject::isCatchScopeObject): Deleted.
3201         * runtime/JSObject.h:
3202         * runtime/JSScope.cpp:
3203         (JSC::JSScope::collectVariablesUnderTDZ):
3204         (JSC::JSScope::isLexicalScope):
3205         (JSC::JSScope::isCatchScope):
3206         (JSC::resolveModeName):
3207         * runtime/JSScope.h:
3208         * runtime/SymbolTable.cpp:
3209         (JSC::SymbolTable::SymbolTable):
3210         (JSC::SymbolTable::cloneScopePart):
3211         * runtime/SymbolTable.h:
3212         * tests/stress/const-semantics.js:
3213         (.):
3214
3215 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3216
3217         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
3218         https://bugs.webkit.org/show_bug.cgi?id=147373
3219
3220         Reviewed by Mark Lam.
3221
3222         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
3223         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
3224         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
3225
3226         When converting a GetByVal to GetStack, there are three possibilities:
3227
3228         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
3229            know to have stored to the stack. For example, if we inline a function that does
3230            "arguments[42]" at a call that passes no arguments.
3231
3232         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
3233            can happen for "arguments[42]" with no inline call frame (since we don't know statically
3234            how many arguments we will be passed) or in a varargs call frame.
3235
3236         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
3237            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
3238            frame, and we know that the caller passed 42 or more arguments.
3239
3240         The way the phase handles this is it first determines that we're not in case (1). This is
3241         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
3242         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
3243         is in-bounds (i.e. case (3)).
3244
3245         But the phase was again doing a check for whether the index is in-bounds for non-varargs
3246         inline call frames even when safeToGetStack was true. That check is redundant and should be
3247         eliminated, since it makes the code confusing.
3248
3249         * dfg/DFGArgumentsEliminationPhase.cpp:
3250
3251 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3252
3253         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
3254         https://bugs.webkit.org/show_bug.cgi?id=147371
3255
3256         Reviewed by Mark Lam.
3257
3258         Two fixes:
3259
3260         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
3261           using ConflictingFlush for arguments.
3262
3263         - Assert that a GetStack never sees ConflictingFlush.
3264
3265         * dfg/DFGPutStackSinkingPhase.cpp:
3266
3267 2015-07-28  Basile Clement  <basile_clement@apple.com>
3268
3269         Misleading error message: "At least one digit must occur after a decimal point"
3270         https://bugs.webkit.org/show_bug.cgi?id=146238
3271
3272         Reviewed by Geoffrey Garen.
3273
3274         Interestingly, we had a comment explaining what this error message was
3275         about that is much clearer than the error message itself. This patch
3276         simply replaces the error message with the explanation from the
3277         comment.
3278
3279         * parser/Lexer.cpp:
3280         (JSC::Lexer<T>::lex):
3281
3282 2015-07-28  Basile Clement  <basile_clement@apple.com>
3283
3284         Simplify call linking
3285         https://bugs.webkit.org/show_bug.cgi?id=147363
3286
3287         Reviewed by Filip Pizlo.
3288
3289         Previously, we were passing both the CallLinkInfo and a
3290         (CodeSpecializationKind, RegisterPreservationMode) pair to the
3291         different call linking slow paths. However, the CallLinkInfo already
3292         has all of that information, and we don't gain anything by having them
3293         in additional static parameters - except possibly a very small
3294         performance gain in presence of inlining. However since those are
3295         already slow paths, this performance loss (if it exists) will not be
3296         visible in practice.
3297
3298         This patch removes the various specialized thunks and JIT operations
3299         for regular and polymorphic call linking with a single thunk and
3300         operation for each case. Moreover, it removes the four specialized
3301         virtual call thunks and operations with one virtual call thunk for each
3302         call link info, allowing for better branch prediction by the CPU and
3303         fixing a pre-existing FIXME.
3304
3305         * bytecode/CallLinkInfo.cpp:
3306         (JSC::CallLinkInfo::unlink):
3307         (JSC::CallLinkInfo::dummy): Deleted.
3308         * bytecode/CallLinkInfo.h:
3309         (JSC::CallLinkInfo::CallLinkInfo):
3310         (JSC::CallLinkInfo::registerPreservationMode):
3311         (JSC::CallLinkInfo::setUpCallFromFTL):
3312         (JSC::CallLinkInfo::setSlowStub):
3313         (JSC::CallLinkInfo::clearSlowStub):
3314         (JSC::CallLinkInfo::slowStub):
3315         * dfg/DFGDriver.cpp:
3316         (JSC::DFG::compileImpl):
3317         * dfg/DFGJITCompiler.cpp:
3318         (JSC::DFG::JITCompiler::link):
3319         * ftl/FTLJSCallBase.cpp:
3320         (JSC::FTL::JSCallBase::link):
3321         * jit/JITCall.cpp:
3322         (JSC::JIT::compileCallEvalSlowCase):
3323         (JSC::JIT::compileOpCall):
3324         (JSC::JIT::compileOpCallSlowCase):
3325         * jit/JITCall32_64.cpp:
3326         (JSC::JIT::compileCallEvalSlowCase):
3327         (JSC::JIT::compileOpCall):
3328         (JSC::JIT::compileOpCallSlowCase):
3329         * jit/JITOperations.cpp:
3330         * jit/JITOperations.h:
3331         (JSC::operationLinkFor): Deleted.
3332         (JSC::operationVirtualFor): Deleted.
3333         (JSC::operationLinkPolymorphicCallFor): Deleted.
3334         * jit/Repatch.cpp:
3335         (JSC::generateByIdStub):
3336         (JSC::linkSlowFor):
3337         (JSC::linkFor):
3338         (JSC::revertCall):
3339         (JSC::unlinkFor):
3340         (JSC::linkVirtualFor):
3341         (JSC::linkPolymorphicCall):
3342         * jit/Repatch.h:
3343         * jit/ThunkGenerators.cpp:
3344         (JSC::linkCallThunkGenerator):
3345         (JSC::linkPolymorphicCallThunkGenerator):
3346         (JSC::virtualThunkFor):
3347         (JSC::linkForThunkGenerator): Deleted.
3348         (JSC::linkConstructThunkGenerator): Deleted.
3349         (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
3350         (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
3351         (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
3352         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
3353         (JSC::virtualForThunkGenerator): Deleted.
3354         (JSC::virtualCallThunkGenerator): Deleted.
3355         (JSC::virtualConstructThunkGenerator): Deleted.
3356         (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
3357         (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
3358         * jit/ThunkGenerators.h:
3359         (JSC::linkThunkGeneratorFor): Deleted.
3360         (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
3361         (JSC::virtualThunkGeneratorFor): Deleted.
3362
3363 2015-07-28  Basile Clement  <basile_clement@apple.com>
3364
3365         stress/math-pow-with-constants.js fails in cloop
3366         https://bugs.webkit.org/show_bug.cgi?id=147167
3367
3368         Reviewed by Geoffrey Garen.
3369
3370         Baseline JIT, DFG and FTL are using a fast exponentiation fast path
3371         when computing Math.pow() with an integer exponent that is not taken in
3372         the LLInt (or the DFG abstract interpreter). This leads to the result
3373         of pow changing depending on the compilation tier or the fact that
3374         constant propagation kicks in, which is undesirable.
3375
3376         This patch adds the fast path to the slow operationMathPow in order to
3377         maintain an illusion of consistency.
3378
3379         * runtime/MathCommon.cpp:
3380         (JSC::operationMathPow):
3381         * tests/stress/math-pow-coherency.js: Added.
3382         (pow42):
3383         (build42AsDouble.opaqueAdd):
3384         (build42AsDouble):
3385         (powDouble42):
3386         (clobber):
3387         (pow42NoConstantFolding):
3388         (powDouble42NoConstantFolding):
3389
3390 2015-07-28  Joseph Pecoraro  <pecoraro@apple.com>
3391
3392         Web Inspector: Show Pseudo Elements in DOM Tree
3393         https://bugs.webkit.org/show_bug.cgi?id=139612
3394
3395         Reviewed by Timothy Hatcher.
3396
3397         * inspector/protocol/DOM.json:
3398         Add new properties to DOMNode if it is a pseudo element or if it has
3399         pseudo element children. Add new events for if a pseudo element is
3400         added or removed dynamically to an existing DOMNode.
3401
3402 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
3403
3404         Add logging when executable code gets deallocated
3405         https://bugs.webkit.org/show_bug.cgi?id=147355
3406
3407         Reviewed by Mark Lam.
3408
3409         * ftl/FTLJITCode.cpp:
3410         (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
3411         * jit/JITCode.cpp:
3412         (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
3413
3414 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
3415
3416         DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
3417         https://bugs.webkit.org/show_bug.cgi?id=147354
3418
3419         Reviewed by Michael Saboff.
3420
3421         If m_structure.isClobbered(), it means that we had a side effect that clobbered
3422         the abstract value but it may recover back to its original value at the next
3423         invalidation point. Since the invalidation point hasn't been reached yet, we need
3424         to conservatively treat the clobbered state as if it was top. At the invalidation
3425         point, the clobbered set will return back to being unclobbered.
3426
3427         In addition to fixing the bug, this introduces isInfinite(), which should be used
3428         in places where it's tempting to just use isTop().
3429
3430         * dfg/DFGSafeToExecute.h:
3431         (JSC::DFG::safeToExecute): Fix the bug.
3432         * dfg/DFGStructureAbstractValue.cpp:
3433         (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
3434         (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
3435         (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
3436         (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
3437         * dfg/DFGStructureAbstractValue.h:
3438         (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
3439         (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
3440         (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
3441
3442 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3443
3444         [ES6] Implement Reflect.enumerate
3445         https://bugs.webkit.org/show_bug.cgi?id=147347
3446
3447         Reviewed by Sam Weinig.
3448
3449         This patch implements Reflect.enumerate.
3450         It returns the iterator that iterates the enumerable keys of the given object.
3451         It follows the for-in's enumeration order.
3452
3453         To implement it, we write down the same logic to the for-in's enumeration code in C++.
3454
3455         * CMakeLists.txt:
3456         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3457         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3458         * JavaScriptCore.xcodeproj/project.pbxproj:
3459         * runtime/JSGlobalObject.cpp:
3460         (JSC::JSGlobalObject::init):
3461         (JSC::JSGlobalObject::visitChildren):
3462         * runtime/JSGlobalObject.h:
3463         (JSC::JSGlobalObject::propertyNameIteratorStructure):
3464         * runtime/JSPropertyNameIterator.cpp: Added.
3465         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
3466         (JSC::JSPropertyNameIterator::clone):
3467         (JSC::JSPropertyNameIterator::create):
3468         (JSC::JSPropertyNameIterator::finishCreation):
3469         (JSC::JSPropertyNameIterator::visitChildren):
3470         (JSC::JSPropertyNameIterator::next):
3471         (JSC::propertyNameIteratorFuncNext):
3472         * runtime/JSPropertyNameIterator.h: Added.
3473         (JSC::JSPropertyNameIterator::createStructure):
3474         * runtime/ReflectObject.cpp:
3475         (JSC::reflectObjectEnumerate):
3476         * tests/stress/reflect-enumerate.js: Added.
3477         (shouldBe):
3478         (shouldThrow):
3479
3480 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3481
3482         [ES6] Implement Reflect.preventExtensions
3483         https://bugs.webkit.org/show_bug.cgi?id=147331
3484
3485         Reviewed by Sam Weinig.
3486
3487         Implement Reflect.preventExtensions.
3488         This is different from Object.preventExensions.
3489
3490         1. When preventExtensions is called onto the non-object, it raises the TypeError.
3491         2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
3492
3493         For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
3494
3495         * runtime/ReflectObject.cpp:
3496         (JSC::reflectObjectPreventExtensions):
3497         * tests/stress/reflect-prevent-extensions.js: Added.
3498         (shouldBe):
3499         (shouldThrow):
3500
3501 2015-07-27  Alex Christensen  <achristensen@webkit.org>
3502
3503         Use Ninja on Windows.
3504         https://bugs.webkit.org/show_bug.cgi?id=147228
3505
3506         Reviewed by Martin Robinson.
3507
3508         * CMakeLists.txt:
3509         Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
3510
3511 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3512
3513         SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
3514         https://bugs.webkit.org/show_bug.cgi?id=147265
3515
3516         Reviewed by Geoffrey Garen.
3517
3518         JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
3519         By checking that the given index is in-bound of the vector's length, we can look up the property fast.
3520         And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
3521         And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
3522
3523         The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
3524         from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
3525         even the index is less than MIN_SPARSE_ARRAY_INDEX.
3526
3527         As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
3528         we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
3529         if the loaded value is an array hole, we decide the given object does not have the value for the given index.
3530
3531         This patch fixes the problem.
3532         When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
3533         and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
3534         practice, we expect this does not hurt the performance while keeping the fast property access system without
3535         checking the sparse map.
3536
3537         * runtime/JSObject.cpp:
3538         (JSC::JSObject::putDirectIndexBeyondVectorLength):
3539         * tests/stress/sparse-map-non-overlapping.js: Added.
3540         (shouldBe):
3541         (testing):
3542         (object.get 1000):
3543         * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
3544         (shouldBe):
3545         (obj.get 1):
3546         (testing):
3547         * tests/stress/sparse-map-non-skip.js: Added.
3548         (shouldBe):
3549         (testing):
3550         (testing2):
3551         (.get for):
3552
3553 2015-07-27  Saam barati  <saambarati1@gmail.com>
3554
3555         Reduce execution time for "let" and "const" tests
3556         https://bugs.webkit.org/show_bug.cgi?id=147291
3557
3558         Reviewed by Geoffrey Garen.
3559
3560         We don't need to loop so many times for things that will not make it 
3561         into the DFG.  Also, we can loop a lot less for almost all the tests 
3562         because they're mostly testing the bytecode generator.
3563
3564         * tests/stress/const-and-with-statement.js:
3565         * tests/stress/const-exception-handling.js:
3566         * tests/stress/const-loop-semantics.js:
3567         * tests/stress/const-not-strict-mode.js:
3568         * tests/stress/const-semantics.js:
3569         * tests/stress/const-tdz.js:
3570         * tests/stress/lexical-let-and-with-statement.js:
3571         * tests/stress/lexical-let-exception-handling.js:
3572         (assert):
3573         * tests/stress/lexical-let-loop-semantics.js:
3574         (assert):
3575         (shouldThrowTDZ):
3576         (.):
3577         * tests/stress/lexical-let-not-strict-mode.js:
3578         * tests/stress/lexical-let-semantics.js:
3579         (.):
3580         * tests/stress/lexical-let-tdz.js:
3581         (shouldThrowTDZ):
3582         (.):
3583
3584 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3585
3586         Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
3587         https://bugs.webkit.org/show_bug.cgi?id=147311
3588
3589         Reviewed by Sam Weinig.
3590
3591         To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
3592         this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
3593
3594         * bytecode/ObjectAllocationProfile.h:
3595         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3596         * runtime/EnumerationMode.h:
3597         * runtime/ObjectConstructor.cpp:
3598         (JSC::ownEnumerablePropertyKeys):
3599         (JSC::defineProperties):
3600         (JSC::objectConstructorSeal):
3601         (JSC::objectConstructorFreeze):
3602         (JSC::objectConstructorIsSealed):
3603         (JSC::objectConstructorIsFrozen):
3604         (JSC::ownPropertyKeys):
3605         * runtime/ReflectObject.cpp:
3606         (JSC::reflectObjectOwnKeys):
3607
3608 2015-07-27  Saam barati  <saambarati1@gmail.com>
3609
3610         Added a comment explaining that all "addVar()"s should happen before
3611         emitting bytecode for a function's default parameter expressions
3612
3613         Rubber Stamped by Mark Lam.
3614
3615         * bytecompiler/BytecodeGenerator.cpp:
3616         (JSC::BytecodeGenerator::BytecodeGenerator):
3617
3618 2015-07-26  Sam Weinig  <sam@webkit.org>
3619
3620         Add missing builtin files to the JavaScriptCore Xcode project
3621         https://bugs.webkit.org/show_bug.cgi?id=147312
3622
3623         Reviewed by Darin Adler.
3624
3625         * JavaScriptCore.xcodeproj/project.pbxproj:
3626         Add missing files.
3627
3628 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3629
3630         [ES6] Implement Reflect.isExtensible
3631         https://bugs.webkit.org/show_bug.cgi?id=147308
3632
3633         Reviewed by Sam Weinig.
3634
3635         This patch implements Reflect.isExtensible.
3636         It is similar to Object.isExtensible.
3637         The difference is that it raises an error if the first argument is not an object.
3638
3639         * runtime/ReflectObject.cpp:
3640         (JSC::reflectObjectIsExtensible):
3641         * tests/stress/reflect-is-extensible.js: Added.
3642         (shouldBe):
3643         (shouldThrow):
3644
3645 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3646
3647         Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
3648         https://bugs.webkit.org/show_bug.cgi?id=147307
3649
3650         * runtime/ObjectConstructor.cpp:
3651         (JSC::ownPropertyKeys):
3652
3653 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3654
3655         [ES6] Implement Reflect.ownKeys
3656         https://bugs.webkit.org/show_bug.cgi?id=147307
3657
3658         Reviewed by Sam Weinig.
3659
3660         This patch implements Reflect.ownKeys.
3661         In this patch, we refactor the existing code to list up own keys in the object.
3662         Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
3663         We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
3664
3665         * runtime/ObjectConstructor.cpp:
3666         (JSC::objectConstructorGetOwnPropertyNames):
3667         (JSC::objectConstructorGetOwnPropertySymbols):
3668         (JSC::objectConstructorKeys):
3669         (JSC::ownEnumerablePropertyKeys):
3670         (JSC::ownPropertyKeys):
3671         * runtime/ObjectConstructor.h:
3672         * runtime/ReflectObject.cpp:
3673         (JSC::reflectObjectOwnKeys):
3674         * tests/stress/reflect-own-keys.js: Added.
3675         (shouldBe):
3676         (shouldThrow):
3677         (shouldBeArray):
3678
3679 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3680
3681         [ES6] Implement Reflect.apply
3682         https://bugs.webkit.org/show_bug.cgi?id=147306
3683
3684         Reviewed by Sam Weinig.
3685
3686         Implement Reflect.apply.
3687         The large part of this can be implemented by the @apply builtin annotation.
3688         The only thing which is different from the Funciton.prototype.apply is the third parameter,
3689         "argumentsList" is needed to be an object.
3690
3691         * builtins/ReflectObject.js:
3692         (apply):
3693         (deleteProperty):
3694         * runtime/ReflectObject.cpp:
3695         * tests/stress/reflect-apply.js: Added.
3696         (shouldBe):
3697         (shouldThrow):
3698         (get shouldThrow):
3699         (.get shouldThrow):
3700         (get var.array.get length):
3701         (get var.array.get 0):
3702         (.get var):
3703         * tests/stress/reflect-delete-property.js:
3704
3705 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3706
3707         [ES6] Add Reflect namespace and add Reflect.deleteProperty
3708         https://bugs.webkit.org/show_bug.cgi?id=147287
3709
3710         Reviewed by Sam Weinig.
3711
3712         This patch just creates the namespace for ES6 Reflect APIs.
3713         And add template files to implement the actual code.
3714
3715         Not to keep the JS generated properties C array empty,
3716         we added one small method, Reflect.deleteProperty in this patch.
3717
3718         * CMakeLists.txt:
3719         * DerivedSources.make:
3720         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3721         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3722         * JavaScriptCore.xcodeproj/project.pbxproj:
3723         * builtins/ReflectObject.js: Added.
3724         (deleteProperty):
3725         * runtime/CommonIdentifiers.h:
3726         * runtime/JSGlobalObject.cpp:
3727         (JSC::JSGlobalObject::init):
3728         * runtime/ReflectObject.cpp: Added.
3729         (JSC::ReflectObject::ReflectObject):
3730         (JSC::ReflectObject::finishCreation):
3731         (JSC::ReflectObject::getOwnPropertySlot):
3732         * runtime/ReflectObject.h: Added.
3733         (JSC::ReflectObject::create):
3734         (JSC::ReflectObject::createStructure):
3735         * tests/stress/reflect-delete-property.js: Added.
3736         (shouldBe):
3737         (shouldThrow):
3738
3739 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3740
3741         Avoid 2 times name iteration in Object.assign
3742         https://bugs.webkit.org/show_bug.cgi?id=147268
3743
3744         Reviewed by Geoffrey Garen.
3745
3746         Object.assign calls Object.getOwnPropertyNames & Object.getOwnPropertySymbols to collect all the names.
3747         But exposing the private API that collects both at the same time makes the API efficient when the given Object has so many non-indexed properties.
3748         Since Object.assign is so generic API (some form of utility API), the form of the given Object is not expected.
3749         So the taken object may have so many non-indexed properties.
3750
3751         In this patch, we introduce `ownEnumerablePropertyKeys` private function.
3752         It is minor changed version of `[[OwnPropertyKeys]]` in the ES6 spec;
3753         It only includes enumerable properties.
3754
3755         By filtering out the non-enumerable properties in the exposed private function,
3756         we avoid calling @objectGetOwnPropertyDescriptor for each property at the same time.
3757
3758         * builtins/ObjectConstructor.js:
3759         (assign):
3760         * runtime/CommonIdentifiers.h:
3761         * runtime/EnumerationMode.h:
3762         * runtime/JSGlobalObject.cpp:
3763         (JSC::JSGlobalObject::init):
3764         * runtime/ObjectConstructor.cpp:
3765         (JSC::ownEnumerablePropertyKeys):
3766         * runtime/ObjectConstructor.h:
3767         * tests/stress/object-assign-enumerable.js: Added.
3768         (shouldBe):
3769         * tests/stress/object-assign-order.js: Added.
3770         (shouldBe):
3771
3772 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3773
3774         Remove runtime flags for symbols
3775         https://bugs.webkit.org/show_bug.cgi?id=147246
3776
3777         Reviewed by Alex Christensen.
3778
3779         * runtime/ArrayPrototype.cpp:
3780         (JSC::ArrayPrototype::finishCreation):
3781         * runtime/JSGlobalObject.cpp:
3782         (JSC::JSGlobalObject::init): Deleted.
3783         * runtime/JSGlobalObject.h:
3784         * runtime/ObjectConstructor.cpp:
3785         (JSC::ObjectConstructor::finishCreation):
3786         * runtime/RuntimeFlags.h:
3787
3788 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3789
3790         Object.getOwnPropertySymbols on large list takes very long
3791         https://bugs.webkit.org/show_bug.cgi?id=146137
3792
3793         Reviewed by Mark Lam.
3794
3795         Before this patch, Object.getOwnPropertySymbols collects all the names including strings.
3796         And after it's done, filter the names to only retrieve the symbols.
3797         But it's so time consuming if the given object is a large non-holed array since it has
3798         many indexed properties and all the indexes have to be converted to uniqued_strings and
3799         added to the collection of property names (though they may not be of the requested type
3800         and will be filtered out later)
3801
3802         This patch introduces PropertyNameMode.
3803         We leverage this mode in 2 places.
3804
3805         1. PropertyNameArray side
3806         It is set in PropertyNameArray and it filters the incoming added identifiers based on the mode.
3807         It ensures that PropertyNameArray doesn't become so large in the pathological case.
3808         And it ensures that non-expected typed keys by the filter (Symbols or Strings) are never added
3809         to the property name array collections.
3810         However it does not solve the whole problem because the huge array still incurs the many
3811         "indexed property to uniqued string" conversion and the large iteration before adding the keys
3812         to the property name array.
3813
3814         2. getOwnPropertyNames side
3815         So we can use the PropertyNameMode in the caller side (getOwnPropertyNames) as a **hint**.
3816         When the large iteration may occur, the caller side can use the PropertyNameMode as a hint to
3817         avoid the iteration.
3818         But we cannot exclusively rely on these caller side checks because it would require that we
3819         exhaustively add the checks to all custom implementations of getOwnPropertyNames as well.
3820         This process requires manual inspection of many pieces of code, and is error prone. Instead,
3821         we only apply the caller side check in a few strategic places where it is known to yield
3822         performance benefits; and we rely on the filter in PropertyNameArray::add() to reject the wrong
3823         types of properties for all other calls to PropertyNameArray::add().
3824
3825         In this patch, there's a concept in use that is not clear just from reading the code, and hence
3826         should be documented here. When selecting the PropertyNameMode for the PropertyNameArray to be
3827         instantiated, we apply the following logic:
3828
3829         1. Only JavaScriptCore code is aware of ES6 Symbols.
3830         We can assume that pre-existing external code that interfaces JSC are only looking for string named properties. This includes:
3831             a. WebCore bindings
3832             b. Serializer bindings
3833             c. NPAPI bindings
3834             d. Objective C bindings
3835         2. In JSC, code that compute object storage space needs to iterate both Symbol and String named properties. Hence, use PropertyNameMode::Both.
3836         3. In JSC, ES6 APIs that work with Symbols should use PropertyNameMode::Symbols.
3837         4. In JSC, ES6 APIs that work with String named properties should use PropertyNameMode::Strings.
3838
3839         * API/JSObjectRef.cpp:
3840         (JSObjectCopyPropertyNames):
3841         * bindings/ScriptValue.cpp:
3842         (Deprecated::jsToInspectorValue):
3843         * bytecode/ObjectAllocationProfile.h:
3844         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3845         * runtime/EnumerationMode.h:
3846         (JSC::EnumerationMode::EnumerationMode):
3847         (JSC::EnumerationMode::includeSymbolProperties): Deleted.
3848         * runtime/GenericArgumentsInlines.h:
3849         (JSC::GenericArguments<Type>::getOwnPropertyNames):
3850         * runtime/JSGenericTypedArrayViewInlines.h:
3851         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertyNames):
3852         * runtime/JSLexicalEnvironment.cpp:
3853         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
3854         * runtime/JSONObject.cpp:
3855         (JSC::Stringifier::Stringifier):
3856         (JSC::Stringifier::Holder::appendNextProperty):
3857         (JSC::Walker::walk):
3858         * runtime/JSObject.cpp:
3859         (JSC::JSObject::getOwnPropertyNames):
3860         * runtime/JSPropertyNameEnumerator.cpp:
3861         (JSC::JSPropertyNameEnumerator::create):
3862         * runtime/JSPropertyNameEnumerator.h:
3863         (JSC::propertyNameEnumerator):
3864         * runtime/JSSymbolTableObject.cpp:
3865         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
3866         * runtime/ObjectConstructor.cpp:
3867         (JSC::objectConstructorGetOwnPropertyNames):
3868         (JSC::objectConstructorGetOwnPropertySymbols):
3869         (JSC::objectConstructorKeys):
3870         (JSC::defineProperties):
3871         (JSC::objectConstructorSeal):
3872         (JSC::objectConstructorFreeze):
3873         (JSC::objectConstructorIsSealed):
3874         (JSC::objectConstructorIsFrozen):
3875         * runtime/PropertyNameArray.h:
3876         (JSC::PropertyNameArray::PropertyNameArray):
3877         (JSC::PropertyNameArray::mode):
3878         (JSC::PropertyNameArray::addKnownUnique):
3879         (JSC::PropertyNameArray::add):
3880         (JSC::PropertyNameArray::isUidMatchedToTypeMode):
3881         (JSC::PropertyNameArray::includeSymbolProperties):
3882         (JSC::PropertyNameArray::includeStringProperties):
3883         * runtime/StringObject.cpp:
3884         (JSC::StringObject::getOwnPropertyNames):
3885         * runtime/Structure.cpp:
3886         (JSC::Structure::getPropertyNamesFromStructure):
3887
3888 2015-07-24  Saam barati  <saambarati1@gmail.com>
3889
3890         [ES6] Add support for default parameters
3891         https://bugs.webkit.org/show_bug.cgi?id=38409
3892
3893         Reviewed by Filip Pizlo.
3894
3895         This patch implements ES6 default parameters according to the ES6
3896         specification. This patch builds off the components introduced with 
3897         "let" scoping and parsing function parameters in the same parser
3898         arena as the function itself. "let" scoping allows functions with default 
3899         parameter values to place their parameters under the TDZ. Parsing function
3900         parameters in the same parser arena allows the FunctionParameters AST node
3901         refer to ExpressionNodes.