6b18a65abd2295c0933748cead758f9a99587113
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
2
3         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
4         https://bugs.webkit.org/show_bug.cgi?id=140900
5
6         Reviewed by Mark Hahnenberg.
7
8         Re-landing just the HandleBlock piece of this patch.
9
10         * heap/HandleBlock.h:
11         * heap/HandleBlockInlines.h:
12         (JSC::HandleBlock::create):
13         (JSC::HandleBlock::destroy):
14         (JSC::HandleBlock::HandleBlock):
15         (JSC::HandleBlock::payloadEnd):
16         * heap/HandleSet.cpp:
17         (JSC::HandleSet::~HandleSet):
18         (JSC::HandleSet::grow):
19
20 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
21
22         GC marking threads should clear malloc caches
23         https://bugs.webkit.org/show_bug.cgi?id=141097
24
25         Reviewed by Sam Weinig.
26
27         Follow-up based on Mark Hahnenberg's review: Release after the copy
28         phase, rather than after any phase, since we'd rather not release
29         between marking and copying.
30
31         * heap/GCThread.cpp:
32         (JSC::GCThread::waitForNextPhase):
33         (JSC::GCThread::gcThreadMain):
34
35 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
36
37         GC marking threads should clear malloc caches
38         https://bugs.webkit.org/show_bug.cgi?id=141097
39
40         Reviewed by Andreas Kling.
41
42         This is an attempt to ameliorate a potential memory use regression
43         caused by https://bugs.webkit.org/show_bug.cgi?id=140900
44         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages.
45
46         FastMalloc may accumulate a per-thread cache on each of the 8-ish
47         GC marking threads, which can be expensive.
48
49         * heap/GCThread.cpp:
50         (JSC::GCThread::waitForNextPhase): Scavenge the current thread before
51         going to sleep. There's probably not too much value to keeping our
52         per-thread cache between GCs, and it has some memory footprint.
53
54 2015-01-30  Chris Dumez  <cdumez@apple.com>
55
56         Rename shared() static member functions to singleton() for singleton classes.
57         https://bugs.webkit.org/show_bug.cgi?id=141088
58
59         Reviewed by Ryosuke Niwa and Benjamin Poulain.
60
61         Rename shared() static member functions to singleton() for singleton
62         classes as per the recent coding style change.
63
64         * inspector/remote/RemoteInspector.h:
65         * inspector/remote/RemoteInspector.mm:
66         (Inspector::RemoteInspector::singleton):
67         (Inspector::RemoteInspector::start):
68         (Inspector::RemoteInspector::shared): Deleted.
69         * inspector/remote/RemoteInspectorDebuggable.cpp:
70         (Inspector::RemoteInspectorDebuggable::~RemoteInspectorDebuggable):
71         (Inspector::RemoteInspectorDebuggable::init):
72         (Inspector::RemoteInspectorDebuggable::update):
73         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
74         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
75         (Inspector::RemoteInspectorDebuggable::unpauseForInitializedInspector):
76         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
77         (Inspector::RemoteInspectorDebuggableConnection::setup):
78         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToFrontend):
79
80 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
81
82         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
83         https://bugs.webkit.org/show_bug.cgi?id=140900
84
85         Reviewed by Mark Hahnenberg.
86
87         Re-landing just the CopyWorkListSegment piece of this patch.
88
89         * heap/CopiedBlockInlines.h:
90         (JSC::CopiedBlock::reportLiveBytes):
91         * heap/CopyWorkList.h:
92         (JSC::CopyWorkListSegment::create):
93         (JSC::CopyWorkListSegment::destroy):
94         (JSC::CopyWorkListSegment::CopyWorkListSegment):
95         (JSC::CopyWorkList::CopyWorkList):
96         (JSC::CopyWorkList::~CopyWorkList):
97         (JSC::CopyWorkList::append):
98
99 2015-01-29  Commit Queue  <commit-queue@webkit.org>
100
101         Unreviewed, rolling out r179357 and r179358.
102         https://bugs.webkit.org/show_bug.cgi?id=141062
103
104         Suspect this caused WebGL tests to start flaking (Requested by
105         kling on #webkit).
106
107         Reverted changesets:
108
109         "Polymorphic call inlining should be based on polymorphic call
110         inline caching rather than logging"
111         https://bugs.webkit.org/show_bug.cgi?id=140660
112         http://trac.webkit.org/changeset/179357
113
114         "Unreviewed, fix no-JIT build."
115         http://trac.webkit.org/changeset/179358
116
117 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
118
119         Removed op_ret_object_or_this
120         https://bugs.webkit.org/show_bug.cgi?id=141048
121
122         Reviewed by Michael Saboff.
123
124         op_ret_object_or_this was one opcode that would keep us out of the
125         optimizing compilers.
126
127         We don't need a special-purpose opcode; we can just use a branch.
128
129         * bytecode/BytecodeBasicBlock.cpp:
130         (JSC::isTerminal): Removed.
131         * bytecode/BytecodeList.json:
132         * bytecode/BytecodeUseDef.h:
133         (JSC::computeUsesForBytecodeOffset):
134         (JSC::computeDefsForBytecodeOffset): Removed.
135
136         * bytecode/CodeBlock.cpp:
137         (JSC::CodeBlock::dumpBytecode): Removed.
138
139         * bytecompiler/BytecodeGenerator.cpp:
140         (JSC::BytecodeGenerator::emitReturn): Use an explicit branch to determine
141         if we need to substitute 'this' for the return value. Our engine no longer
142         benefits from fused opcodes that dispatch less in the interpreter.
143
144         * jit/JIT.cpp:
145         (JSC::JIT::privateCompileMainPass):
146         * jit/JIT.h:
147         * jit/JITCall32_64.cpp:
148         (JSC::JIT::emit_op_ret_object_or_this): Deleted.
149         * jit/JITOpcodes.cpp:
150         (JSC::JIT::emit_op_ret_object_or_this): Deleted.
151         * llint/LowLevelInterpreter32_64.asm:
152         * llint/LowLevelInterpreter64.asm: Removed.
153
154 2015-01-29  Ryosuke Niwa  <rniwa@webkit.org>
155
156         Implement ES6 class syntax without inheritance support
157         https://bugs.webkit.org/show_bug.cgi?id=140918
158
159         Reviewed by Geoffrey Garen.
160
161         Added the most basic support for ES6 class syntax. After this patch, we support basic class definition like:
162         class A {
163             constructor() { }
164             someMethod() { }
165         }
166
167         We'll add the support for "extends" keyword and automatically generating a constructor in follow up patches.
168         We also don't support block scoping of a class declaration.
169
170         We support both class declaration and class expression. A class expression is implemented by the newly added
171         ClassExprNode AST node. A class declaration is implemented by ClassDeclNode, which is a thin wrapper around
172         AssignResolveNode.
173
174         Tests: js/class-syntax-declaration.html
175                js/class-syntax-expression.html
176
177         * bytecompiler/NodesCodegen.cpp:
178         (JSC::ObjectLiteralNode::emitBytecode): Create a new object instead of delegating the work to PropertyListNode.
179         Also fixed the 5-space indentation.
180         (JSC::PropertyListNode::emitBytecode): Don't create a new object now that ObjectLiteralNode does this.
181         (JSC::ClassDeclNode::emitBytecode): Added. Just let the AssignResolveNode node emit the byte code.
182         (JSC::ClassExprNode::emitBytecode): Create the class constructor and add static methods to the constructor by
183         emitting the byte code for PropertyListNode. Add instance methods to the class's prototype object the same way.
184
185         * parser/ASTBuilder.h:
186         (JSC::ASTBuilder::createClassExpr): Added. Creates a ClassExprNode.
187         (JSC::ASTBuilder::createClassDeclStatement): Added. Creates a AssignResolveNode and wraps it by a ClassDeclNode.
188
189         * parser/NodeConstructors.h:
190         (JSC::ClassDeclNode::ClassDeclNode): Added.
191         (JSC::ClassExprNode::ClassExprNode): Added.
192
193         * parser/Nodes.h:
194         (JSC::ClassExprNode): Added.
195         (JSC::ClassDeclNode): Added.
196
197         * parser/Parser.cpp:
198         (JSC::Parser<LexerType>::parseStatement): Added the support for class declaration.
199         (JSC::stringForFunctionMode): Return "method" for MethodMode.
200         (JSC::Parser<LexerType>::parseClassDeclaration): Added. Uses parseClass to create a class expression and wraps
201         it with ClassDeclNode as described above.
202         (JSC::Parser<LexerType>::parseClass): Parses a class expression.
203         (JSC::Parser<LexerType>::parseProperty):
204         (JSC::Parser<LexerType>::parseGetterSetter): Extracted from parseProperty to share the code between parseProperty
205         and parseClass.
206         (JSC::Parser<LexerType>::parsePrimaryExpression): Added the support for class expression.
207
208         * parser/Parser.h:
209         (FunctionParseMode): Added MethodMode.
210
211         * parser/SyntaxChecker.h:
212         (JSC::SyntaxChecker::createClassExpr): Added.
213         (JSC::SyntaxChecker::createClassDeclStatement): Added.
214
215 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
216
217         Try to fix the Windows build.
218
219         Not reviewed.
220
221         * heap/WeakBlock.h: Use the fully qualified name when declaring our friend.
222
223 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
224
225         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
226         https://bugs.webkit.org/show_bug.cgi?id=140900
227
228         Reviewed by Mark Hahnenberg.
229
230         Re-landing just the WeakBlock piece of this patch.
231
232         * heap/WeakBlock.cpp:
233         (JSC::WeakBlock::create):
234         (JSC::WeakBlock::destroy):
235         (JSC::WeakBlock::WeakBlock):
236         * heap/WeakBlock.h:
237         * heap/WeakSet.cpp:
238         (JSC::WeakSet::~WeakSet):
239         (JSC::WeakSet::addAllocator):
240         (JSC::WeakSet::removeAllocator):
241
242 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
243
244         Use Vector instead of GCSegmentedArray in CodeBlockSet
245         https://bugs.webkit.org/show_bug.cgi?id=141044
246
247         Reviewed by Ryosuke Niwa.
248
249         This is allowed now that we've gotten rid of fastMallocForbid.
250
251         4kB was a bit overkill for just storing a few pointers.
252
253         * heap/CodeBlockSet.cpp:
254         (JSC::CodeBlockSet::CodeBlockSet):
255         * heap/CodeBlockSet.h:
256         * heap/Heap.cpp:
257         (JSC::Heap::Heap):
258
259 2015-01-29  Filip Pizlo  <fpizlo@apple.com>
260
261         Unreviewed, fix no-JIT build.
262
263         * jit/PolymorphicCallStubRoutine.cpp:
264
265 2015-01-28  Filip Pizlo  <fpizlo@apple.com>
266
267         Polymorphic call inlining should be based on polymorphic call inline caching rather than logging
268         https://bugs.webkit.org/show_bug.cgi?id=140660
269
270         Reviewed by Geoffrey Garen.
271         
272         When we first implemented polymorphic call inlining, we did the profiling based on a call
273         edge log. The idea was to store each call edge (a tuple of call site and callee) into a
274         global log that was processed lazily. Processing the log would give precise counts of call
275         edges, and could be used to drive well-informed inlining decisions - polymorphic or not.
276         This was a speed-up on throughput tests but a slow-down for latency tests. It was a net win
277         nonetheless.
278         
279         Experience with this code shows three things. First, the call edge profiler is buggy and
280         complex. It would take work to fix the bugs. Second, the call edge profiler incurs lots of
281         overhead for latency code that we care deeply about. Third, it's not at all clear that
282         having call edge counts for every possible callee is any better than just having call edge
283         counts for the limited number of callees that an inline cache would catch.
284         
285         So, this patch removes the call edge profiler and replaces it with a polymorphic call inline
286         cache. If we miss the basic call inline cache, we inflate the cache to be a jump to an
287         out-of-line stub that cases on the previously known callees. If that misses again, then we
288         rewrite that stub to include the new callee. We do this up to some number of callees. If we
289         hit the limit then we switch to using a plain virtual call.
290         
291         Substantial speed-up on V8Spider; undoes the slow-down that the original call edge profiler
292         caused. Might be a SunSpider speed-up (below 1%), depending on hardware.
293
294         * CMakeLists.txt:
295         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
296         * JavaScriptCore.xcodeproj/project.pbxproj:
297         * bytecode/CallEdge.h:
298         (JSC::CallEdge::count):
299         (JSC::CallEdge::CallEdge):
300         * bytecode/CallEdgeProfile.cpp: Removed.
301         * bytecode/CallEdgeProfile.h: Removed.
302         * bytecode/CallEdgeProfileInlines.h: Removed.
303         * bytecode/CallLinkInfo.cpp:
304         (JSC::CallLinkInfo::unlink):
305         (JSC::CallLinkInfo::visitWeak):
306         * bytecode/CallLinkInfo.h:
307         * bytecode/CallLinkStatus.cpp:
308         (JSC::CallLinkStatus::CallLinkStatus):
309         (JSC::CallLinkStatus::computeFor):
310         (JSC::CallLinkStatus::computeFromCallLinkInfo):
311         (JSC::CallLinkStatus::isClosureCall):
312         (JSC::CallLinkStatus::makeClosureCall):
313         (JSC::CallLinkStatus::dump):
314         (JSC::CallLinkStatus::computeFromCallEdgeProfile): Deleted.
315         * bytecode/CallLinkStatus.h:
316         (JSC::CallLinkStatus::CallLinkStatus):
317         (JSC::CallLinkStatus::isSet):
318         (JSC::CallLinkStatus::variants):
319         (JSC::CallLinkStatus::size):
320         (JSC::CallLinkStatus::at):
321         (JSC::CallLinkStatus::operator[]):
322         (JSC::CallLinkStatus::canOptimize):
323         (JSC::CallLinkStatus::edges): Deleted.
324         (JSC::CallLinkStatus::canTrustCounts): Deleted.
325         * bytecode/CallVariant.cpp:
326         (JSC::variantListWithVariant):
327         (JSC::despecifiedVariantList):
328         * bytecode/CallVariant.h:
329         * bytecode/CodeBlock.cpp:
330         (JSC::CodeBlock::~CodeBlock):
331         (JSC::CodeBlock::linkIncomingPolymorphicCall):
332         (JSC::CodeBlock::unlinkIncomingCalls):
333         (JSC::CodeBlock::noticeIncomingCall):
334         * bytecode/CodeBlock.h:
335         (JSC::CodeBlock::isIncomingCallAlreadyLinked): Deleted.
336         * dfg/DFGAbstractInterpreterInlines.h:
337         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
338         * dfg/DFGByteCodeParser.cpp:
339         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
340         (JSC::DFG::ByteCodeParser::handleCall):
341         (JSC::DFG::ByteCodeParser::handleInlining):
342         * dfg/DFGClobberize.h:
343         (JSC::DFG::clobberize):
344         * dfg/DFGConstantFoldingPhase.cpp:
345         (JSC::DFG::ConstantFoldingPhase::foldConstants):
346         * dfg/DFGDoesGC.cpp:
347         (JSC::DFG::doesGC):
348         * dfg/DFGDriver.cpp:
349         (JSC::DFG::compileImpl):
350         * dfg/DFGFixupPhase.cpp:
351         (JSC::DFG::FixupPhase::fixupNode):
352         * dfg/DFGNode.h:
353         (JSC::DFG::Node::hasHeapPrediction):
354         * dfg/DFGNodeType.h:
355         * dfg/DFGOperations.cpp:
356         * dfg/DFGPredictionPropagationPhase.cpp:
357         (JSC::DFG::PredictionPropagationPhase::propagate):
358         * dfg/DFGSafeToExecute.h:
359         (JSC::DFG::safeToExecute):
360         * dfg/DFGSpeculativeJIT32_64.cpp:
361         (JSC::DFG::SpeculativeJIT::emitCall):
362         (JSC::DFG::SpeculativeJIT::compile):
363         * dfg/DFGSpeculativeJIT64.cpp:
364         (JSC::DFG::SpeculativeJIT::emitCall):
365         (JSC::DFG::SpeculativeJIT::compile):
366         * dfg/DFGTierUpCheckInjectionPhase.cpp:
367         (JSC::DFG::TierUpCheckInjectionPhase::run):
368         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling): Deleted.
369         * ftl/FTLCapabilities.cpp:
370         (JSC::FTL::canCompile):
371         * heap/Heap.cpp:
372         (JSC::Heap::collect):
373         * jit/BinarySwitch.h:
374         * jit/ClosureCallStubRoutine.cpp: Removed.
375         * jit/ClosureCallStubRoutine.h: Removed.
376         * jit/JITCall.cpp:
377         (JSC::JIT::compileOpCall):
378         * jit/JITCall32_64.cpp:
379         (JSC::JIT::compileOpCall):
380         * jit/JITOperations.cpp:
381         * jit/JITOperations.h:
382         (JSC::operationLinkPolymorphicCallFor):
383         (JSC::operationLinkClosureCallFor): Deleted.
384         * jit/JITStubRoutine.h:
385         * jit/JITWriteBarrier.h:
386         * jit/PolymorphicCallStubRoutine.cpp: Added.
387         (JSC::PolymorphicCallNode::~PolymorphicCallNode):
388         (JSC::PolymorphicCallNode::unlink):
389         (JSC::PolymorphicCallCase::dump):
390         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
391         (JSC::PolymorphicCallStubRoutine::~PolymorphicCallStubRoutine):
392         (JSC::PolymorphicCallStubRoutine::variants):
393         (JSC::PolymorphicCallStubRoutine::edges):
394         (JSC::PolymorphicCallStubRoutine::visitWeak):
395         (JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternal):
396         * jit/PolymorphicCallStubRoutine.h: Added.
397         (JSC::PolymorphicCallNode::PolymorphicCallNode):
398         (JSC::PolymorphicCallCase::PolymorphicCallCase):
399         (JSC::PolymorphicCallCase::variant):
400         (JSC::PolymorphicCallCase::codeBlock):
401         * jit/Repatch.cpp:
402         (JSC::linkSlowFor):
403         (JSC::linkFor):
404         (JSC::revertCall):
405         (JSC::unlinkFor):
406         (JSC::linkVirtualFor):
407         (JSC::linkPolymorphicCall):
408         (JSC::linkClosureCall): Deleted.
409         * jit/Repatch.h:
410         * jit/ThunkGenerators.cpp:
411         (JSC::linkPolymorphicCallForThunkGenerator):
412         (JSC::linkPolymorphicCallThunkGenerator):
413         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator):
414         (JSC::linkClosureCallForThunkGenerator): Deleted.
415         (JSC::linkClosureCallThunkGenerator): Deleted.
416         (JSC::linkClosureCallThatPreservesRegsThunkGenerator): Deleted.
417         * jit/ThunkGenerators.h:
418         (JSC::linkPolymorphicCallThunkGeneratorFor):
419         (JSC::linkClosureCallThunkGeneratorFor): Deleted.
420         * llint/LLIntSlowPaths.cpp:
421         (JSC::LLInt::jitCompileAndSetHeuristics):
422         * runtime/Options.h:
423         * runtime/VM.cpp:
424         (JSC::VM::prepareToDiscardCode):
425         (JSC::VM::ensureCallEdgeLog): Deleted.
426         * runtime/VM.h:
427
428 2015-01-29  Joseph Pecoraro  <pecoraro@apple.com>
429
430         Web Inspector: ES6: Improved Console Format for Set and Map Objects (like Arrays)
431         https://bugs.webkit.org/show_bug.cgi?id=122867
432
433         Reviewed by Timothy Hatcher.
434
435         Add new Runtime.RemoteObject object subtypes for "map", "set", and "weakmap".
436
437         Upgrade Runtime.ObjectPreview to include type/subtype information. Now,
438         an ObjectPreview can be used for any value, in place of a RemoteObject,
439         and not capture / hold a reference to the value. The value will be in
440         the string description.
441
442         Adding this information to ObjectPreview can duplicate some information
443         in the protocol messages if a preview is provided, but simplifies
444         previews, so that all the information you need for any RemoteObject
445         preview is available. To slim messages further, make "overflow" and
446         "properties" only available on previews that may contain properties.
447         So, not primitives or null.
448
449         Finally, for "Map/Set/WeakMap" add an "entries" list to the preview
450         that will return previews with "key" and "value" properties depending
451         on the collection type. To get live, non-preview objects from a
452         collection, use Runtime.getCollectionEntries.
453
454         In order to keep the WeakMap's values Weak the frontend may provide
455         a unique object group name when getting collection entries. It may
456         then release that object group, e.g. when not showing the WeakMap's
457         values to the user, and thus remove the strong reference to the keys
458         so they may be garbage collected.
459
460         * runtime/WeakMapData.h:
461         (JSC::WeakMapData::begin):
462         (JSC::WeakMapData::end):
463         Expose iterators so the Inspector may access WeakMap keys/values.
464
465         * inspector/JSInjectedScriptHostPrototype.cpp:
466         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
467         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
468         * inspector/JSInjectedScriptHost.h:
469         * inspector/JSInjectedScriptHost.cpp:
470         (Inspector::JSInjectedScriptHost::subtype):
471         Discern "map", "set", and "weakmap" object subtypes.
472
473         (Inspector::JSInjectedScriptHost::weakMapEntries):
474         Return a list of WeakMap entries. These are strong references
475         that the Inspector code is responsible for releasing.
476
477         * inspector/protocol/Runtime.json:
478         Update types and expose the new getCollectionEntries command.
479
480         * inspector/agents/InspectorRuntimeAgent.h:
481         * inspector/agents/InspectorRuntimeAgent.cpp:
482         (Inspector::InspectorRuntimeAgent::getCollectionEntries):
483         * inspector/InjectedScript.h:
484         * inspector/InjectedScript.cpp:
485         (Inspector::InjectedScript::getInternalProperties):
486         (Inspector::InjectedScript::getCollectionEntries):
487         Pass through to the InjectedScript and call getCollectionEntries.
488
489         * inspector/scripts/codegen/generator.py:
490         Add another type with runtime casting.
491
492         * inspector/InjectedScriptSource.js:
493         - Implement getCollectionEntries to get a range of values from a
494         collection. The non-Weak collections have an order to their keys (in
495         order of added) so range'd gets are okay. WeakMap does not have an
496         order, so only allow fetching a number of values.
497         - Update preview generation to address the Runtime.ObjectPreview
498         type changes.
499
500 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
501
502         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
503         https://bugs.webkit.org/show_bug.cgi?id=140900
504
505         Reviewed by Mark Hahnenberg.
506
507         Re-landing just the GCArraySegment piece of this patch.
508
509         * heap/CodeBlockSet.cpp:
510         (JSC::CodeBlockSet::CodeBlockSet):
511         * heap/CodeBlockSet.h:
512         * heap/GCSegmentedArray.h:
513         (JSC::GCArraySegment::GCArraySegment):
514         * heap/GCSegmentedArrayInlines.h:
515         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
516         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
517         (JSC::GCSegmentedArray<T>::clear):
518         (JSC::GCSegmentedArray<T>::expand):
519         (JSC::GCSegmentedArray<T>::refill):
520         (JSC::GCArraySegment<T>::create):
521         (JSC::GCArraySegment<T>::destroy):
522         * heap/GCThreadSharedData.cpp:
523         (JSC::GCThreadSharedData::GCThreadSharedData):
524         * heap/Heap.cpp:
525         (JSC::Heap::Heap):
526         * heap/MarkStack.cpp:
527         (JSC::MarkStackArray::MarkStackArray):
528         * heap/MarkStack.h:
529         * heap/SlotVisitor.cpp:
530         (JSC::SlotVisitor::SlotVisitor):
531
532 2015-01-29  Csaba Osztrogonác  <ossy@webkit.org>
533
534         Move HAVE_DTRACE definition back to Platform.h
535         https://bugs.webkit.org/show_bug.cgi?id=141033
536
537         Reviewed by Dan Bernstein.
538
539         * Configurations/Base.xcconfig:
540         * JavaScriptCore.xcodeproj/project.pbxproj:
541
542 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
543
544         Removed fastMallocForbid / fastMallocAllow
545         https://bugs.webkit.org/show_bug.cgi?id=141012
546
547         Reviewed by Mark Hahnenberg.
548
549         Copy non-current thread stacks before scanning them instead of scanning
550         them in-place.
551
552         This operation is uncommon (i.e., never in the web content process),
553         and even in a stress test with 4 threads it only copies about 27kB,
554         so I think the performance cost is OK.
555
556         Scanning in-place requires a complex dance where we constrain our GC
557         data structures not to use malloc, free, or any other interesting functions
558         that might acquire locks. We've gotten this wrong many times in the past,
559         and I just got it wrong again yesterday. Since this code path is rarely
560         tested, I want it to just make sense, and not depend on or constrain the
561         details of the rest of the GC heap's design.
562
563         * heap/MachineStackMarker.cpp:
564         (JSC::otherThreadStack): Factored out a helper function for dealing with
565         unaligned and/or backwards pointers.
566
567         (JSC::MachineThreads::tryCopyOtherThreadStack): This is now the only
568         constrained function, and it only calls memcpy and low-level thread APIs.
569
570         (JSC::MachineThreads::tryCopyOtherThreadStacks): The design here is that
571         you do one pass over all the threads to compute their combined size,
572         and then a second pass to do all the copying. In theory, the threads may
573         grow in between passes, in which case you'll continue until the threads
574         stop growing. In practice, you never continue.
575
576         (JSC::growBuffer): Helper function for growing.
577
578         (JSC::MachineThreads::gatherConservativeRoots):
579         (JSC::MachineThreads::gatherFromOtherThread): Deleted.
580         * heap/MachineStackMarker.h: Updated for interface changes.
581
582 2015-01-28  Brian J. Burg  <burg@cs.washington.edu>
583
584         Web Inspector: remove CSS.setPropertyText, CSS.toggleProperty and related dead code
585         https://bugs.webkit.org/show_bug.cgi?id=140961
586
587         Reviewed by Timothy Hatcher.
588
589         * inspector/protocol/CSS.json: Remove unused protocol methods.
590
591 2015-01-28  Dana Burkart  <dburkart@apple.com>
592
593         Move ASan flag settings from DebugRelease.xcconfig to Base.xcconfig
594         https://bugs.webkit.org/show_bug.cgi?id=136765
595
596         Reviewed by Alexey Proskuryakov.
597
598         * Configurations/Base.xcconfig:
599         * Configurations/DebugRelease.xcconfig:
600
601 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
602
603         ExitSiteData saying m_takesSlowPath shouldn't mean early returning takesSlowPath() since for the non-LLInt case we later set m_couldTakeSlowPath, which is more precise
604         https://bugs.webkit.org/show_bug.cgi?id=140980
605
606         Reviewed by Oliver Hunt.
607
608         * bytecode/CallLinkStatus.cpp:
609         (JSC::CallLinkStatus::computeFor):
610
611 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
612
613         Move DFGBinarySwitch out of the DFG so that all of the JITs can use it
614         https://bugs.webkit.org/show_bug.cgi?id=140959
615
616         Rubber stamped by Geoffrey Garen.
617         
618         I want to use this for polymorphic stubs for https://bugs.webkit.org/show_bug.cgi?id=140660.
619         This code no longer has DFG dependencies so this is a very clean move.
620
621         * CMakeLists.txt:
622         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
623         * JavaScriptCore.xcodeproj/project.pbxproj:
624         * dfg/DFGBinarySwitch.cpp: Removed.
625         * dfg/DFGBinarySwitch.h: Removed.
626         * dfg/DFGSpeculativeJIT.cpp:
627         * jit/BinarySwitch.cpp: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.cpp.
628         * jit/BinarySwitch.h: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.h.
629
630 2015-01-27  Commit Queue  <commit-queue@webkit.org>
631
632         Unreviewed, rolling out r179192.
633         https://bugs.webkit.org/show_bug.cgi?id=140953
634
635         Caused numerous layout test failures (Requested by mattbaker_
636         on #webkit).
637
638         Reverted changeset:
639
640         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
641         pages"
642         https://bugs.webkit.org/show_bug.cgi?id=140900
643         http://trac.webkit.org/changeset/179192
644
645 2015-01-27  Michael Saboff  <msaboff@apple.com>
646
647         REGRESSION(r178591): 20% regression in Octane box2d
648         https://bugs.webkit.org/show_bug.cgi?id=140948
649
650         Reviewed by Geoffrey Garen.
651
652         Added check that we have a lexical environment to the arguments is captured check.
653         It doesn't make sense to resolve "arguments" when it really isn't captured.
654
655         * bytecompiler/BytecodeGenerator.cpp:
656         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
657
658 2015-01-26  Geoffrey Garen  <ggaren@apple.com>
659
660         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
661         https://bugs.webkit.org/show_bug.cgi?id=140900
662
663         Reviewed by Mark Hahnenberg.
664
665         Removes some more custom allocation code.
666
667         Looks like a speedup. (See results attached to bugzilla.)
668
669         Will hopefully reduce memory use by improving sharing between the GC and
670         malloc heaps.
671
672         * API/JSBase.cpp:
673         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
674         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
675         * JavaScriptCore.xcodeproj/project.pbxproj: Feed the compiler.
676
677         * heap/BlockAllocator.cpp: Removed.
678         * heap/BlockAllocator.h: Removed. No need for a custom allocator anymore.
679
680         * heap/CodeBlockSet.cpp:
681         (JSC::CodeBlockSet::CodeBlockSet):
682         * heap/CodeBlockSet.h: Feed the compiler.
683
684         * heap/CopiedBlock.h:
685         (JSC::CopiedBlock::createNoZeroFill):
686         (JSC::CopiedBlock::create):
687         (JSC::CopiedBlock::CopiedBlock):
688         (JSC::CopiedBlock::isOversize):
689         (JSC::CopiedBlock::payloadEnd):
690         (JSC::CopiedBlock::capacity):
691         * heap/CopiedBlockInlines.h:
692         (JSC::CopiedBlock::reportLiveBytes): Each copied block now tracks its
693         own size, since we can't rely on Region to tell us our size anymore.
694
695         * heap/CopiedSpace.cpp:
696         (JSC::CopiedSpace::~CopiedSpace):
697         (JSC::CopiedSpace::tryAllocateOversize):
698         (JSC::CopiedSpace::tryReallocateOversize):
699         * heap/CopiedSpaceInlines.h:
700         (JSC::CopiedSpace::recycleEvacuatedBlock):
701         (JSC::CopiedSpace::recycleBorrowedBlock):
702         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
703         (JSC::CopiedSpace::allocateBlock):
704         (JSC::CopiedSpace::startedCopying): Deallocate blocks directly, rather
705         than pushing them onto the block allocator's free list; the block
706         allocator doesn't exist anymore.
707
708         * heap/CopyWorkList.h:
709         (JSC::CopyWorkListSegment::create):
710         (JSC::CopyWorkListSegment::CopyWorkListSegment):
711         (JSC::CopyWorkList::~CopyWorkList):
712         (JSC::CopyWorkList::append):
713         (JSC::CopyWorkList::CopyWorkList): Deleted.
714         * heap/GCSegmentedArray.h:
715         (JSC::GCArraySegment::GCArraySegment):
716         * heap/GCSegmentedArrayInlines.h:
717         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
718         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
719         (JSC::GCSegmentedArray<T>::clear):
720         (JSC::GCSegmentedArray<T>::expand):
721         (JSC::GCSegmentedArray<T>::refill):
722         (JSC::GCArraySegment<T>::create):
723         * heap/GCThreadSharedData.cpp:
724         (JSC::GCThreadSharedData::GCThreadSharedData):
725         * heap/GCThreadSharedData.h: Feed the compiler.
726
727         * heap/HandleBlock.h:
728         * heap/HandleBlockInlines.h:
729         (JSC::HandleBlock::create):
730         (JSC::HandleBlock::HandleBlock):
731         (JSC::HandleBlock::payloadEnd):
732         * heap/HandleSet.cpp:
733         (JSC::HandleSet::~HandleSet):
734         (JSC::HandleSet::grow): Same as above.
735
736         * heap/Heap.cpp:
737         (JSC::Heap::Heap):
738         * heap/Heap.h: Removed the block allocator since it is unused now.
739
740         * heap/HeapBlock.h:
741         (JSC::HeapBlock::destroy):
742         (JSC::HeapBlock::HeapBlock):
743         (JSC::HeapBlock::region): Deleted. Removed the Region pointer from each
744         HeapBlock since a HeapBlock is just a normal allocation now.
745
746         * heap/HeapInlines.h:
747         (JSC::Heap::blockAllocator): Deleted.
748
749         * heap/HeapTimer.cpp:
750         * heap/MarkStack.cpp:
751         (JSC::MarkStackArray::MarkStackArray):
752         * heap/MarkStack.h: Feed the compiler.
753
754         * heap/MarkedAllocator.cpp:
755         (JSC::MarkedAllocator::allocateBlock): No need to use a custom code path
756         based on size, since we use a general purpose allocator now.
757
758         * heap/MarkedBlock.cpp:
759         (JSC::MarkedBlock::create):
760         (JSC::MarkedBlock::destroy):
761         (JSC::MarkedBlock::MarkedBlock):
762         * heap/MarkedBlock.h:
763         (JSC::MarkedBlock::capacity): Track block size explicitly, like CopiedBlock.
764
765         * heap/MarkedSpace.cpp:
766         (JSC::MarkedSpace::freeBlock):
767         * heap/MarkedSpace.h:
768
769         * heap/Region.h: Removed.
770
771         * heap/SlotVisitor.cpp:
772         (JSC::SlotVisitor::SlotVisitor): Removed reference to block allocator.
773
774         * heap/SuperRegion.cpp: Removed.
775         * heap/SuperRegion.h: Removed.
776
777         * heap/WeakBlock.cpp:
778         (JSC::WeakBlock::create):
779         (JSC::WeakBlock::WeakBlock):
780         * heap/WeakBlock.h:
781         * heap/WeakSet.cpp:
782         (JSC::WeakSet::~WeakSet):
783         (JSC::WeakSet::addAllocator):
784         (JSC::WeakSet::removeAllocator): Removed reference to block allocator.
785
786 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
787
788         [ARM] Typo fix after r176083
789         https://bugs.webkit.org/show_bug.cgi?id=140937
790
791         Reviewed by Anders Carlsson.
792
793         * assembler/ARMv7Assembler.h:
794         (JSC::ARMv7Assembler::ldrh):
795
796 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
797
798         [Win] Unreviewed gardening, skip failing tests.
799
800         * tests/exceptionFuzz.yaml: Skip exception fuzz tests due to bug140928.
801         * tests/mozilla/mozilla-tests.yaml: Skip ecma/Date/15.9.5.28-1.js due to bug140927.
802
803 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
804
805         [Win] Enable JSC stress tests by default
806         https://bugs.webkit.org/show_bug.cgi?id=128307
807
808         Unreviewed typo fix after r179165.
809
810         * tests/mozilla/mozilla-tests.yaml:
811
812 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
813
814         [Win] Enable JSC stress tests by default
815         https://bugs.webkit.org/show_bug.cgi?id=128307
816
817         Reviewed by Brent Fulgham.
818
819         * tests/mozilla/mozilla-tests.yaml: Skipped on Windows.
820         * tests/stress/ftl-arithcos.js: Skipped on Windows.
821
822 2015-01-26  Ryosuke Niwa  <rniwa@webkit.org>
823
824         Parse a function expression as a primary expression
825         https://bugs.webkit.org/show_bug.cgi?id=140908
826
827         Reviewed by Mark Lam.
828
829         Moved the code to generate an AST node for a function expression from parseMemberExpression
830         to parsePrimaryExpression to match the ES6 specification terminology:
831         https://people.mozilla.org/~jorendorff/es6-draft.html#sec-primary-expression
832
833         There should be no behavior change from this change since parsePrimaryExpression is only
834         called in parseMemberExpression other than the fact failIfStackOverflow() is called.
835
836         * parser/Parser.cpp:
837         (JSC::Parser<LexerType>::parsePrimaryExpression):
838         (JSC::Parser<LexerType>::parseMemberExpression):
839
840 2015-01-26  Myles C. Maxfield  <mmaxfield@apple.com>
841
842         [iOS] [SVG -> OTF Converter] Flip the switch off on iOS
843         https://bugs.webkit.org/show_bug.cgi?id=140860
844
845         Reviewed by Darin Adler.
846
847         The fonts it makes are grotesque. (See what I did there? Typographic
848         humor is the best humor.)
849
850         * Configurations/FeatureDefines.xcconfig:
851
852 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
853
854         Web Inspector: Rename InjectedScriptHost::type to subtype
855         https://bugs.webkit.org/show_bug.cgi?id=140841
856
857         Reviewed by Timothy Hatcher.
858
859         We were using this to set the subtype of an "object" type RemoteObject
860         so we should clean up the name and call it subtype.
861
862         * inspector/InjectedScriptHost.h:
863         * inspector/InjectedScriptSource.js:
864         * inspector/JSInjectedScriptHost.cpp:
865         (Inspector::JSInjectedScriptHost::subtype):
866         (Inspector::JSInjectedScriptHost::type): Deleted.
867         * inspector/JSInjectedScriptHost.h:
868         * inspector/JSInjectedScriptHostPrototype.cpp:
869         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
870         (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
871         (Inspector::jsInjectedScriptHostPrototypeFunctionType): Deleted.
872
873 2015-01-23  Michael Saboff  <msaboff@apple.com>
874
875         LayoutTests/js/script-tests/reentrant-caching.js crashing on 32 bit builds
876         https://bugs.webkit.org/show_bug.cgi?id=140843
877
878         Reviewed by Oliver Hunt.
879
880         When we are in vmEntryToJavaScript, we keep the stack pointer at an
881         alignment sutiable for pointing to a call frame header, which is the
882         alignment post making a call.  We adjust the sp when calling to JS code,
883         but don't adjust it before calling the out of stack handler.
884
885         * llint/LowLevelInterpreter32_64.asm:
886         Moved stack point down 8 bytes to get it aligned.
887
888 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
889
890         Web Inspector: Object Previews in the Console
891         https://bugs.webkit.org/show_bug.cgi?id=129204
892
893         Reviewed by Timothy Hatcher.
894
895         Update the very old, unused object preview code. Part of this comes from
896         the earlier WebKit legacy implementation, and the Blink implementation.
897
898         A RemoteObject may include a preview, if it is asked for, and if the
899         RemoteObject is an object. Previews are a shallow (single level) list
900         of a limited number of properties on the object. The previewed
901         properties are always stringified (even if primatives). Previews are
902         limited to just 5 properties or 100 indices. Previews are marked
903         as lossless if they are a complete snapshot of the object.
904
905         There is a path to make previews two levels deep, that is currently
906         unused but should soon be used for tables (e.g. IndexedDB).
907
908         * inspector/InjectedScriptSource.js:
909         - Move some code off of InjectedScript to be generic functions
910         usable by RemoteObject as well.
911         - Update preview generation to use 
912
913         * inspector/protocol/Runtime.json:
914         - Add a new type, "accessor" for preview objects. This represents
915         a getter / setter. We currently don't get the value.
916
917 2015-01-23  Michael Saboff  <msaboff@apple.com>
918
919         Immediate crash when setting JS breakpoint
920         https://bugs.webkit.org/show_bug.cgi?id=140811
921
922         Reviewed by Mark Lam.
923
924         When the DFG stack layout phase doesn't allocate a register for the scope register,
925         it incorrectly sets the scope register in the code block to a bad value, one with
926         an offset of 0.  Changed it so that we set the code block's scope register to the 
927         invalid VirtualRegister instead.
928
929         No tests needed as adding the ASSERT in setScopeRegister() was used to find the bug.
930         We crash with that ASSERT in testapi and likely many other tests as well.
931
932         * bytecode/CodeBlock.cpp:
933         (JSC::CodeBlock::CodeBlock):
934         * bytecode/CodeBlock.h:
935         (JSC::CodeBlock::setScopeRegister):
936         (JSC::CodeBlock::scopeRegister):
937         Added ASSERTs to catch any future improper setting of the code block's scope register.
938
939         * dfg/DFGStackLayoutPhase.cpp:
940         (JSC::DFG::StackLayoutPhase::run):
941
942 2015-01-22  Mark Hahnenberg  <mhahnenb@gmail.com>
943
944         EdenCollections unnecessarily visit SmallStrings
945         https://bugs.webkit.org/show_bug.cgi?id=140762
946
947         Reviewed by Geoffrey Garen.
948
949         * heap/Heap.cpp:
950         (JSC::Heap::copyBackingStores): Also added a GCPhase for copying
951         backing stores, which is a significant portion of garbage collection.
952         (JSC::Heap::visitSmallStrings): Check to see if we need to visit
953         SmallStrings based on the collection type.
954         * runtime/SmallStrings.cpp:
955         (JSC::SmallStrings::SmallStrings):
956         (JSC::SmallStrings::visitStrongReferences): Set the fact that we have
957         visited the SmallStrings since the last modification.
958         * runtime/SmallStrings.h:
959         (JSC::SmallStrings::needsToBeVisited): If we're doing a
960         FullCollection, we need to visit. Otherwise, it depends on whether
961         we've been visited since the last modification/allocation.
962
963 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
964
965         Add a build flag for ES6 class syntax
966         https://bugs.webkit.org/show_bug.cgi?id=140760
967
968         Reviewed by Michael Saboff.
969
970         Added ES6_CLASS_SYNTAX build flag and used it in tokenizer to recognize
971         "class", "extends", "static" and "super" keywords.
972
973         * Configurations/FeatureDefines.xcconfig:
974         * parser/Keywords.table:
975         * parser/ParserTokens.h:
976
977 2015-01-22  Commit Queue  <commit-queue@webkit.org>
978
979         Unreviewed, rolling out r178894.
980         https://bugs.webkit.org/show_bug.cgi?id=140775
981
982         Broke JSC and bindings tests (Requested by ap_ on #webkit).
983
984         Reverted changeset:
985
986         "put_by_val_direct need to check the property is index or not
987         for using putDirect / putDirectIndex"
988         https://bugs.webkit.org/show_bug.cgi?id=140426
989         http://trac.webkit.org/changeset/178894
990
991 2015-01-22  Mark Lam  <mark.lam@apple.com>
992
993         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
994         <https://webkit.org/b/140743>
995
996         Reviewed by Oliver Hunt.
997
998         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
999         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
1000         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
1001         for which ever captured variable is at local index 0.  In practice, this turns
1002         out to be the local for the Arguments object.  In this reproduction case in the
1003         bug, the wrong inferred value written there is the boolean true.
1004
1005         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
1006         a check of the local for the Arguments object.  But because that local has a
1007         wrong inferred value, the check always discovers a non-null value and we never
1008         actually create the Arguments object.  Immediately after this, an OSR exit
1009         occurs leaving the Arguments object local uninitialized.  Later on at arguments
1010         tear off, we run into a boolean true where we had expected to find an Arguments
1011         object, which in turn, leads to the crash.
1012
1013         The fix is to:
1014         1. In the case where the resolveModeType is LocalClosureVar, change the
1015            5th operand of op_put_to_scope to be a boolean.  True means that the
1016            local var is watchable.  False means it is not watchable.  We no longer
1017            pass the local index (instead of true) and UINT_MAX (instead of false).
1018
1019            This allows us to express more clearer in the code what that value means,
1020            as well as remove the redundant way of getting the local's identifier.
1021            The identifier is always the one passed in the 2nd operand. 
1022
1023         2. Previously, though intuitively, we know that the watchable variable
1024            identifier should be the same as the one that is passed in operand 2, this
1025            relationship was not clear in the code.  By code analysis, I confirmed that 
1026            the callers of BytecodeGenerator::emitPutToScope() always use the same
1027            identifier for operand 2 and for filling out the ResolveScopeInfo from
1028            which we get the watchable variable identifier later.  I've changed the
1029            code to make this clear now by always using the identifier passed in
1030            operand 2.
1031
1032         3. In the case where the resolveModeType is LocalClosureVar,
1033            initializeCapturedVariable() and emitPutToScope() will now query
1034            hasWatchableVariable() to determine if the local is watchable or not.
1035            Accordingly, we pass the boolean result of hasWatchableVariable() as
1036            operand 5 of op_put_to_scope.
1037
1038         Also added some assertions.
1039
1040         * bytecode/CodeBlock.cpp:
1041         (JSC::CodeBlock::CodeBlock):
1042         * bytecompiler/BytecodeGenerator.cpp:
1043         (JSC::BytecodeGenerator::initializeCapturedVariable):
1044         (JSC::BytecodeGenerator::hasConstant):
1045         (JSC::BytecodeGenerator::emitPutToScope):
1046         * bytecompiler/BytecodeGenerator.h:
1047         (JSC::BytecodeGenerator::hasWatchableVariable):
1048         (JSC::BytecodeGenerator::watchableVariableIdentifier):
1049         (JSC::BytecodeGenerator::watchableVariable): Deleted.
1050
1051 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
1052
1053         PropertyListNode::emitNode duplicates the code to put a constant property
1054         https://bugs.webkit.org/show_bug.cgi?id=140761
1055
1056         Reviewed by Geoffrey Garen.
1057
1058         Extracted PropertyListNode::emitPutConstantProperty to share the code.
1059
1060         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
1061
1062         * bytecompiler/NodesCodegen.cpp:
1063         (JSC::PropertyListNode::emitBytecode):
1064         (JSC::PropertyListNode::emitPutConstantProperty): Added.
1065         * parser/Nodes.h:
1066
1067 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
1068
1069         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
1070         https://bugs.webkit.org/show_bug.cgi?id=140426
1071
1072         Reviewed by Geoffrey Garen.
1073
1074         In the put_by_val_direct operation, we use JSObject::putDirect.
1075         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
1076         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
1077         It forces callers to check the value is index or not explicitly.
1078         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1079
1080         * bytecode/GetByIdStatus.cpp:
1081         (JSC::GetByIdStatus::computeFor):
1082         * bytecode/PutByIdStatus.cpp:
1083         (JSC::PutByIdStatus::computeFor):
1084         * bytecompiler/BytecodeGenerator.cpp:
1085         (JSC::BytecodeGenerator::emitDirectPutById):
1086         * dfg/DFGOperations.cpp:
1087         (JSC::DFG::operationPutByValInternal):
1088         * jit/JITOperations.cpp:
1089         * jit/Repatch.cpp:
1090         (JSC::emitPutTransitionStubAndGetOldStructure):
1091         * jsc.cpp:
1092         * llint/LLIntSlowPaths.cpp:
1093         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1094         * runtime/Arguments.cpp:
1095         (JSC::Arguments::getOwnPropertySlot):
1096         (JSC::Arguments::put):
1097         (JSC::Arguments::deleteProperty):
1098         (JSC::Arguments::defineOwnProperty):
1099         * runtime/ArrayPrototype.cpp:
1100         (JSC::arrayProtoFuncSort):
1101         * runtime/JSArray.cpp:
1102         (JSC::JSArray::defineOwnProperty):
1103         * runtime/JSCJSValue.cpp:
1104         (JSC::JSValue::putToPrimitive):
1105         * runtime/JSGenericTypedArrayViewInlines.h:
1106         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
1107         (JSC::JSGenericTypedArrayView<Adaptor>::put):
1108         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1109         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
1110         * runtime/JSObject.cpp:
1111         (JSC::JSObject::put):
1112         (JSC::JSObject::putDirectAccessor):
1113         (JSC::JSObject::putDirectCustomAccessor):
1114         (JSC::JSObject::deleteProperty):
1115         (JSC::JSObject::putDirectMayBeIndex):
1116         (JSC::JSObject::defineOwnProperty):
1117         * runtime/JSObject.h:
1118         (JSC::JSObject::getOwnPropertySlot):
1119         (JSC::JSObject::getPropertySlot):
1120         (JSC::JSObject::putDirectInternal):
1121         * runtime/JSString.cpp:
1122         (JSC::JSString::getStringPropertyDescriptor):
1123         * runtime/JSString.h:
1124         (JSC::JSString::getStringPropertySlot):
1125         * runtime/LiteralParser.cpp:
1126         (JSC::LiteralParser<CharType>::parse):
1127         * runtime/PropertyName.h:
1128         (JSC::toUInt32FromCharacters):
1129         (JSC::toUInt32FromStringImpl):
1130         (JSC::PropertyName::asIndex):
1131         * runtime/PropertyNameArray.cpp:
1132         (JSC::PropertyNameArray::add):
1133         * runtime/StringObject.cpp:
1134         (JSC::StringObject::deleteProperty):
1135         * runtime/Structure.cpp:
1136         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1137
1138 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1139
1140         Consolidate out arguments of parseFunctionInfo into a struct
1141         https://bugs.webkit.org/show_bug.cgi?id=140754
1142
1143         Reviewed by Oliver Hunt.
1144
1145         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
1146
1147         * JavaScriptCore.xcodeproj/project.pbxproj:
1148         * parser/ASTBuilder.h:
1149         (JSC::ASTBuilder::createFunctionExpr):
1150         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
1151         ParserFunctionInfo since the property name and the function name could differ.
1152         (JSC::ASTBuilder::createFuncDeclStatement):
1153         * parser/Parser.cpp:
1154         (JSC::Parser<LexerType>::parseFunctionInfo):
1155         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1156         (JSC::Parser<LexerType>::parseProperty):
1157         (JSC::Parser<LexerType>::parseMemberExpression):
1158         * parser/Parser.h:
1159         * parser/ParserFunctionInfo.h: Added.
1160         * parser/SyntaxChecker.h:
1161         (JSC::SyntaxChecker::createFunctionExpr):
1162         (JSC::SyntaxChecker::createFuncDeclStatement):
1163         (JSC::SyntaxChecker::createClassDeclStatement):
1164         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1165
1166 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
1167
1168         Change Heap::m_compiledCode to use a Vector
1169         https://bugs.webkit.org/show_bug.cgi?id=140717
1170
1171         Reviewed by Andreas Kling.
1172
1173         Right now it's a DoublyLinkedList, which is iterated during each
1174         collection. This contributes to some of the longish Eden pause times.
1175         A Vector would be more appropriate and would also allow ExecutableBase
1176         to be 2 pointers smaller.
1177
1178         * heap/Heap.cpp:
1179         (JSC::Heap::deleteAllCompiledCode):
1180         (JSC::Heap::deleteAllUnlinkedFunctionCode):
1181         (JSC::Heap::clearUnmarkedExecutables):
1182         * heap/Heap.h:
1183         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
1184
1185 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1186
1187         BytecodeGenerator shouldn't expose all of its member variables
1188         https://bugs.webkit.org/show_bug.cgi?id=140752
1189
1190         Reviewed by Mark Lam.
1191
1192         Added "private:" and removed unused data members as detected by clang.
1193
1194         * bytecompiler/BytecodeGenerator.cpp:
1195         (JSC::BytecodeGenerator::BytecodeGenerator):
1196         * bytecompiler/BytecodeGenerator.h:
1197         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
1198         * bytecompiler/NodesCodegen.cpp:
1199         (JSC::BinaryOpNode::emitBytecode):
1200
1201 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
1202
1203         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
1204         https://bugs.webkit.org/show_bug.cgi?id=140746
1205
1206         Reviewed by Timothy Hatcher.
1207
1208         * inspector/InjectedScriptSource.js:
1209         Do not add impure properties to the descriptor object that will
1210         eventually be sent to the frontend.
1211
1212 2015-01-21  Matthew Mirman  <mmirman@apple.com>
1213
1214         Updated split such that it does not include the empty end of input string match.
1215         https://bugs.webkit.org/show_bug.cgi?id=138129
1216         <rdar://problem/18807403>
1217
1218         Reviewed by Filip Pizlo.
1219
1220         * runtime/StringPrototype.cpp:
1221         (JSC::stringProtoFuncSplit):
1222         * tests/stress/empty_eos_regex_split.js: Added.
1223
1224 2015-01-21  Michael Saboff  <msaboff@apple.com>
1225
1226         Eliminate Scope slot from JavaScript CallFrame
1227         https://bugs.webkit.org/show_bug.cgi?id=136724
1228
1229         Reviewed by Geoffrey Garen.
1230
1231         This finishes the removal of the scope chain slot from the call frame header.
1232
1233         * dfg/DFGOSRExitCompilerCommon.cpp:
1234         (JSC::DFG::reifyInlinedCallFrames):
1235         * dfg/DFGPreciseLocalClobberize.h:
1236         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1237         * dfg/DFGSpeculativeJIT32_64.cpp:
1238         (JSC::DFG::SpeculativeJIT::emitCall):
1239         * dfg/DFGSpeculativeJIT64.cpp:
1240         (JSC::DFG::SpeculativeJIT::emitCall):
1241         * ftl/FTLJSCall.cpp:
1242         (JSC::FTL::JSCall::emit):
1243         * ftl/FTLLowerDFGToLLVM.cpp:
1244         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1245         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1246         * interpreter/JSStack.h:
1247         * interpreter/VMInspector.cpp:
1248         (JSC::VMInspector::dumpFrame):
1249         * jit/JITCall.cpp:
1250         (JSC::JIT::compileOpCall):
1251         * jit/JITCall32_64.cpp:
1252         (JSC::JIT::compileOpCall):
1253         * jit/JITOpcodes32_64.cpp:
1254         (JSC::JIT::privateCompileCTINativeCall):
1255         * jit/Repatch.cpp:
1256         (JSC::generateByIdStub):
1257         (JSC::linkClosureCall):
1258         * jit/ThunkGenerators.cpp:
1259         (JSC::virtualForThunkGenerator):
1260         (JSC::nativeForGenerator):
1261         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
1262         read or set.  In most cases this was where we make JS calls.
1263
1264         * interpreter/CallFrameClosure.h:
1265         (JSC::CallFrameClosure::setArgument):
1266         (JSC::CallFrameClosure::resetCallFrame): Deleted.
1267         * interpreter/Interpreter.cpp:
1268         (JSC::Interpreter::execute):
1269         (JSC::Interpreter::executeCall):
1270         (JSC::Interpreter::executeConstruct):
1271         (JSC::Interpreter::prepareForRepeatCall):
1272         * interpreter/ProtoCallFrame.cpp:
1273         (JSC::ProtoCallFrame::init):
1274         * interpreter/ProtoCallFrame.h:
1275         (JSC::ProtoCallFrame::scope): Deleted.
1276         (JSC::ProtoCallFrame::setScope): Deleted.
1277         * llint/LLIntData.cpp:
1278         (JSC::LLInt::Data::performAssertions):
1279         * llint/LowLevelInterpreter.asm:
1280         * llint/LowLevelInterpreter64.asm:
1281         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
1282         registers that needed to be copied from the ProtoCallFrame to a callee's frame
1283         from 5 to 4.
1284
1285         * llint/LowLevelInterpreter32_64.asm:
1286         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
1287
1288 2015-01-21  Michael Saboff  <msaboff@apple.com>
1289
1290         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
1291         https://bugs.webkit.org/show_bug.cgi?id=140708
1292
1293         Reviewed by Mark Lam.
1294
1295         Eliminated construct methods and change getConstructData() for both classes to return
1296         ConstructTypeNone as they can never be called.
1297
1298         * runtime/NullGetterFunction.cpp:
1299         (JSC::NullGetterFunction::getConstructData):
1300         (JSC::constructReturnUndefined): Deleted.
1301         * runtime/NullSetterFunction.cpp:
1302         (JSC::NullSetterFunction::getConstructData):
1303         (JSC::constructReturnUndefined): Deleted.
1304
1305 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
1306
1307         Remove ENABLE(INSPECTOR) ifdef guards
1308         https://bugs.webkit.org/show_bug.cgi?id=140668
1309
1310         Reviewed by Darin Adler.
1311
1312         * Configurations/FeatureDefines.xcconfig:
1313         * bindings/ScriptValue.cpp:
1314         (Deprecated::ScriptValue::toInspectorValue):
1315         * bindings/ScriptValue.h:
1316         * inspector/ConsoleMessage.cpp:
1317         * inspector/ConsoleMessage.h:
1318         * inspector/ContentSearchUtilities.cpp:
1319         * inspector/ContentSearchUtilities.h:
1320         * inspector/IdentifiersFactory.cpp:
1321         * inspector/IdentifiersFactory.h:
1322         * inspector/InjectedScript.cpp:
1323         * inspector/InjectedScript.h:
1324         * inspector/InjectedScriptBase.cpp:
1325         * inspector/InjectedScriptBase.h:
1326         * inspector/InjectedScriptHost.cpp:
1327         * inspector/InjectedScriptHost.h:
1328         * inspector/InjectedScriptManager.cpp:
1329         * inspector/InjectedScriptManager.h:
1330         * inspector/InjectedScriptModule.cpp:
1331         * inspector/InjectedScriptModule.h:
1332         * inspector/InspectorAgentRegistry.cpp:
1333         * inspector/InspectorBackendDispatcher.cpp:
1334         * inspector/InspectorBackendDispatcher.h:
1335         * inspector/InspectorProtocolTypes.h:
1336         * inspector/JSGlobalObjectConsoleClient.cpp:
1337         * inspector/JSGlobalObjectInspectorController.cpp:
1338         * inspector/JSGlobalObjectInspectorController.h:
1339         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1340         * inspector/JSGlobalObjectScriptDebugServer.h:
1341         * inspector/JSInjectedScriptHost.cpp:
1342         * inspector/JSInjectedScriptHost.h:
1343         * inspector/JSInjectedScriptHostPrototype.cpp:
1344         * inspector/JSInjectedScriptHostPrototype.h:
1345         * inspector/JSJavaScriptCallFrame.cpp:
1346         * inspector/JSJavaScriptCallFrame.h:
1347         * inspector/JSJavaScriptCallFramePrototype.cpp:
1348         * inspector/JSJavaScriptCallFramePrototype.h:
1349         * inspector/JavaScriptCallFrame.cpp:
1350         * inspector/JavaScriptCallFrame.h:
1351         * inspector/ScriptCallFrame.cpp:
1352         (Inspector::ScriptCallFrame::buildInspectorObject):
1353         * inspector/ScriptCallFrame.h:
1354         * inspector/ScriptCallStack.cpp:
1355         (Inspector::ScriptCallStack::buildInspectorArray):
1356         * inspector/ScriptCallStack.h:
1357         * inspector/ScriptDebugServer.cpp:
1358         * inspector/agents/InspectorAgent.cpp:
1359         * inspector/agents/InspectorAgent.h:
1360         * inspector/agents/InspectorConsoleAgent.cpp:
1361         * inspector/agents/InspectorConsoleAgent.h:
1362         * inspector/agents/InspectorDebuggerAgent.cpp:
1363         * inspector/agents/InspectorDebuggerAgent.h:
1364         * inspector/agents/InspectorRuntimeAgent.cpp:
1365         * inspector/agents/InspectorRuntimeAgent.h:
1366         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
1367         * inspector/agents/JSGlobalObjectConsoleAgent.h:
1368         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1369         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
1370         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
1371         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
1372         * inspector/scripts/codegen/cpp_generator_templates.py:
1373         (CppGeneratorTemplates):
1374         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1375         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1376         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1377         * inspector/scripts/tests/expected/enum-values.json-result:
1378         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1379         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1380         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1381         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1382         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1383         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1384         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1385         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1386         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1387         * runtime/TypeSet.cpp:
1388         (JSC::TypeSet::inspectorTypeSet):
1389         (JSC::StructureShape::inspectorRepresentation):
1390
1391 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1392
1393         Web Inspector: Clean up InjectedScriptSource.js
1394         https://bugs.webkit.org/show_bug.cgi?id=140709
1395
1396         Reviewed by Timothy Hatcher.
1397
1398         This patch includes some relevant Blink patches and small changes.
1399         
1400         Patch by <aandrey@chromium.org>
1401         DevTools: Remove console last result $_ on console clear.
1402         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
1403
1404         Patch by <eustas@chromium.org>
1405         [Inspect DOM properties] incorrect CSS Selector Syntax
1406         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
1407
1408         * inspector/InjectedScriptSource.js:
1409
1410 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1411
1412         Web Inspector: Cleanup RuntimeAgent a bit
1413         https://bugs.webkit.org/show_bug.cgi?id=140706
1414
1415         Reviewed by Timothy Hatcher.
1416
1417         * inspector/InjectedScript.h:
1418         * inspector/InspectorBackendDispatcher.h:
1419         * inspector/ScriptCallFrame.cpp:
1420         * inspector/agents/InspectorRuntimeAgent.cpp:
1421         (Inspector::InspectorRuntimeAgent::evaluate):
1422         (Inspector::InspectorRuntimeAgent::getProperties):
1423         (Inspector::InspectorRuntimeAgent::run):
1424         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1425         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1426         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
1427
1428 2015-01-20  Matthew Mirman  <mmirman@apple.com>
1429
1430         Made Identity in the DFG allocate a new temp register and move 
1431         the old data to it.
1432         https://bugs.webkit.org/show_bug.cgi?id=140700
1433         <rdar://problem/19339106>
1434
1435         Reviewed by Filip Pizlo.
1436
1437         * dfg/DFGSpeculativeJIT64.cpp:
1438         (JSC::DFG::SpeculativeJIT::compile): 
1439         Added scratch registers for Identity. 
1440         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
1441
1442 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1443
1444         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
1445         https://bugs.webkit.org/show_bug.cgi?id=137306
1446
1447         Reviewed by Timothy Hatcher.
1448
1449         Provide another optional parameter to getProperties, to gather a list
1450         of all own and getter properties.
1451
1452         * inspector/InjectedScript.cpp:
1453         (Inspector::InjectedScript::getProperties):
1454         * inspector/InjectedScript.h:
1455         * inspector/InjectedScriptSource.js:
1456         * inspector/agents/InspectorRuntimeAgent.cpp:
1457         (Inspector::InspectorRuntimeAgent::getProperties):
1458         * inspector/agents/InspectorRuntimeAgent.h:
1459         * inspector/protocol/Runtime.json:
1460
1461 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1462
1463         Web Inspector: Should show dynamic specificity values
1464         https://bugs.webkit.org/show_bug.cgi?id=140647
1465
1466         Reviewed by Benjamin Poulain.
1467
1468         * inspector/protocol/CSS.json:
1469         Clarify CSSSelector optional values and add "dynamic" property indicating
1470         if the selector can be dynamic based on the element it is matched against.
1471
1472 2015-01-20  Commit Queue  <commit-queue@webkit.org>
1473
1474         Unreviewed, rolling out r178751.
1475         https://bugs.webkit.org/show_bug.cgi?id=140694
1476
1477         Caused 32-bit JSC test failures (Requested by JoePeck on
1478         #webkit).
1479
1480         Reverted changeset:
1481
1482         "put_by_val_direct need to check the property is index or not
1483         for using putDirect / putDirectIndex"
1484         https://bugs.webkit.org/show_bug.cgi?id=140426
1485         http://trac.webkit.org/changeset/178751
1486
1487 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
1488
1489         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
1490         https://bugs.webkit.org/show_bug.cgi?id=140426
1491
1492         Reviewed by Geoffrey Garen.
1493
1494         In the put_by_val_direct operation, we use JSObject::putDirect.
1495         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
1496         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
1497         It forces callers to check the value is index or not explicitly.
1498         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1499
1500         * bytecode/GetByIdStatus.cpp:
1501         (JSC::GetByIdStatus::computeFor):
1502         * bytecode/PutByIdStatus.cpp:
1503         (JSC::PutByIdStatus::computeFor):
1504         * bytecompiler/BytecodeGenerator.cpp:
1505         (JSC::BytecodeGenerator::emitDirectPutById):
1506         * dfg/DFGOperations.cpp:
1507         (JSC::DFG::operationPutByValInternal):
1508         * jit/JITOperations.cpp:
1509         * jit/Repatch.cpp:
1510         (JSC::emitPutTransitionStubAndGetOldStructure):
1511         * jsc.cpp:
1512         * llint/LLIntSlowPaths.cpp:
1513         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1514         * runtime/Arguments.cpp:
1515         (JSC::Arguments::getOwnPropertySlot):
1516         (JSC::Arguments::put):
1517         (JSC::Arguments::deleteProperty):
1518         (JSC::Arguments::defineOwnProperty):
1519         * runtime/ArrayPrototype.cpp:
1520         (JSC::arrayProtoFuncSort):
1521         * runtime/JSArray.cpp:
1522         (JSC::JSArray::defineOwnProperty):
1523         * runtime/JSCJSValue.cpp:
1524         (JSC::JSValue::putToPrimitive):
1525         * runtime/JSGenericTypedArrayViewInlines.h:
1526         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
1527         (JSC::JSGenericTypedArrayView<Adaptor>::put):
1528         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1529         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
1530         * runtime/JSObject.cpp:
1531         (JSC::JSObject::put):
1532         (JSC::JSObject::putDirectAccessor):
1533         (JSC::JSObject::putDirectCustomAccessor):
1534         (JSC::JSObject::deleteProperty):
1535         (JSC::JSObject::putDirectMayBeIndex):
1536         (JSC::JSObject::defineOwnProperty):
1537         * runtime/JSObject.h:
1538         (JSC::JSObject::getOwnPropertySlot):
1539         (JSC::JSObject::getPropertySlot):
1540         (JSC::JSObject::putDirectInternal):
1541         * runtime/JSString.cpp:
1542         (JSC::JSString::getStringPropertyDescriptor):
1543         * runtime/JSString.h:
1544         (JSC::JSString::getStringPropertySlot):
1545         * runtime/LiteralParser.cpp:
1546         (JSC::LiteralParser<CharType>::parse):
1547         * runtime/PropertyName.h:
1548         (JSC::toUInt32FromCharacters):
1549         (JSC::toUInt32FromStringImpl):
1550         (JSC::PropertyName::asIndex):
1551         * runtime/PropertyNameArray.cpp:
1552         (JSC::PropertyNameArray::add):
1553         * runtime/StringObject.cpp:
1554         (JSC::StringObject::deleteProperty):
1555         * runtime/Structure.cpp:
1556         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1557
1558 2015-01-20  Michael Saboff  <msaboff@apple.com>
1559
1560         REGRESSION(178696): Sporadic crashes while garbage collecting
1561         https://bugs.webkit.org/show_bug.cgi?id=140688
1562
1563         Reviewed by Geoffrey Garen.
1564
1565         Added missing visitor.append(&thisObject->m_nullSetterFunction).
1566
1567         * runtime/JSGlobalObject.cpp:
1568         (JSC::JSGlobalObject::visitChildren):
1569
1570 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1571
1572         Web Replay: code generator should take supplemental specifications and allow cross-framework references
1573         https://bugs.webkit.org/show_bug.cgi?id=136312
1574
1575         Reviewed by Joseph Pecoraro.
1576
1577         Some types are shared between replay inputs from different frameworks.
1578         Previously, these type declarations were duplicated in every input
1579         specification file in which they were used. This caused some type encoding
1580         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
1581
1582         This patch teaches the replay inputs code generator to accept multiple
1583         input specification files. Inputs can freely reference types from other
1584         frameworks without duplicating declarations.
1585
1586         On the code generation side, the model could contain types and inputs from
1587         frameworks that are not the target framework. Only generate code for the
1588         target framework.
1589
1590         To properly generate cross-framework type encoding traits, use
1591         Type.encoding_type_argument in more places, and add the export macro for WebCore
1592         and the Test framework.
1593
1594         Adjust some tests so that enum coverage is preserved by moving the enum types
1595         into "Test" (the target framework for tests).
1596
1597         * JavaScriptCore.vcxproj/copy-files.cmd:
1598         For Windows, copy over JSInputs.json as if it were a private header.
1599
1600         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
1601         * replay/JSInputs.json:
1602         Put all primitive types and WTF types in this specification file.
1603
1604         * replay/scripts/CodeGeneratorReplayInputs.py:
1605         (Input.__init__):
1606         (InputsModel.__init__): Keep track of the input's framework.
1607         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
1608         and allow either types or inputs to be missing from a single file.
1609
1610         (InputsModel.parse_type_with_framework):
1611         (InputsModel.parse_input_with_framework):
1612         (Generator.should_generate_item): Added helper method.
1613         (Generator.generate_header): Filter inputs to generate.
1614         (Generator.generate_implementation): Filter inputs to generate.
1615         (Generator.generate_enum_trait_declaration): Filter enums to generate.
1616         Add WEBCORE_EXPORT macro to enum encoding traits.
1617
1618         (Generator.generate_for_each_macro): Filter inputs to generate.
1619         (Generator.generate_enum_trait_implementation): Filter enums to generate.
1620         (generate_from_specifications): Added.
1621         (generate_from_specifications.parse_json_from_file):
1622         (InputsModel.parse_toplevel): Deleted.
1623         (InputsModel.parse_type_with_framework_name): Deleted.
1624         (InputsModel.parse_input): Deleted.
1625         (generate_from_specification): Deleted.
1626         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
1627         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
1628         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
1629         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
1630         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1631         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
1632         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1633         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
1634         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1635         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
1636         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1637         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1638         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1639         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1640         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1641         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
1642         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
1643         * replay/scripts/tests/fail-on-duplicate-input-names.json:
1644         * replay/scripts/tests/fail-on-duplicate-type-names.json:
1645         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
1646         * replay/scripts/tests/fail-on-missing-input-member-name.json:
1647         * replay/scripts/tests/fail-on-missing-input-name.json:
1648         * replay/scripts/tests/fail-on-missing-input-queue.json:
1649         * replay/scripts/tests/fail-on-missing-type-mode.json:
1650         * replay/scripts/tests/fail-on-missing-type-name.json:
1651         * replay/scripts/tests/fail-on-no-inputs.json:
1652         Removed, no longer required to be in a single file.
1653
1654         * replay/scripts/tests/fail-on-no-types.json:
1655         Removed, no longer required to be in a single file.
1656
1657         * replay/scripts/tests/fail-on-unknown-input-queue.json:
1658         * replay/scripts/tests/fail-on-unknown-member-type.json:
1659         * replay/scripts/tests/fail-on-unknown-type-mode.json:
1660         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
1661         * replay/scripts/tests/generate-enum-encoding-helpers.json:
1662         * replay/scripts/tests/generate-enum-with-guard.json:
1663         Include enums that are and are not generated.
1664
1665         * replay/scripts/tests/generate-enums-with-same-base-name.json:
1666         * replay/scripts/tests/generate-event-loop-shape-types.json:
1667         * replay/scripts/tests/generate-input-with-guard.json:
1668         * replay/scripts/tests/generate-input-with-vector-members.json:
1669         * replay/scripts/tests/generate-inputs-with-flags.json:
1670         * replay/scripts/tests/generate-memoized-type-modes.json:
1671
1672 2015-01-20  Tomas Popela  <tpopela@redhat.com>
1673
1674         [GTK] Cannot compile 2.7.3 on PowerPC machines
1675         https://bugs.webkit.org/show_bug.cgi?id=140616
1676
1677         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
1678
1679         Reviewed by Csaba Osztrogonác.
1680
1681         * runtime/BasicBlockLocation.cpp:
1682
1683 2015-01-19  Michael Saboff  <msaboff@apple.com>
1684
1685         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
1686         https://bugs.webkit.org/show_bug.cgi?id=139418
1687
1688         Reviewed by Filip Pizlo.
1689
1690         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
1691         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
1692
1693         * CMakeLists.txt:
1694         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1695         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1696         * JavaScriptCore.xcodeproj/project.pbxproj:
1697         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
1698
1699         * runtime/GetterSetter.h:
1700         (JSC::GetterSetter::GetterSetter):
1701         (JSC::GetterSetter::isSetterNull):
1702         (JSC::GetterSetter::setSetter):
1703         Change setter instances from using NullGetterFunction to using NullSetterFunction.
1704
1705         * runtime/JSGlobalObject.cpp:
1706         (JSC::JSGlobalObject::init):
1707         * runtime/JSGlobalObject.h:
1708         (JSC::JSGlobalObject::nullSetterFunction):
1709         Added m_nullSetterFunction and accessor.
1710
1711         * runtime/NullSetterFunction.cpp: Added.
1712         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
1713         (JSC::GetCallerStrictnessFunctor::operator()):
1714         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
1715         (JSC::callerIsStrict):
1716         Method to determine if the caller is in strict mode.
1717
1718         (JSC::callReturnUndefined):
1719         (JSC::constructReturnUndefined):
1720         (JSC::NullSetterFunction::getCallData):
1721         (JSC::NullSetterFunction::getConstructData):
1722         * runtime/NullSetterFunction.h: Added.
1723         (JSC::NullSetterFunction::create):
1724         (JSC::NullSetterFunction::createStructure):
1725         (JSC::NullSetterFunction::NullSetterFunction):
1726         Class with handlers for a null setter.
1727
1728 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1729
1730         Web Inspector: Provide a front end for JSC's Control Flow Profiler
1731         https://bugs.webkit.org/show_bug.cgi?id=138454
1732
1733         Reviewed by Timothy Hatcher.
1734
1735         This patch puts the final touches on what JSC needs to provide
1736         for the Web Inspector to show a UI for the control flow profiler.
1737
1738         * inspector/agents/InspectorRuntimeAgent.cpp:
1739         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1740         * runtime/ControlFlowProfiler.cpp:
1741         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
1742         * runtime/FunctionHasExecutedCache.cpp:
1743         (JSC::FunctionHasExecutedCache::getFunctionRanges):
1744         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
1745         * runtime/FunctionHasExecutedCache.h:
1746
1747 2015-01-19  David Kilzer  <ddkilzer@apple.com>
1748
1749         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
1750         <http://webkit.org/b/140658>
1751
1752         Reviewed by Filip Pizlo.
1753
1754         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
1755         only when building for 64-bit architectures.
1756
1757 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
1758
1759         ClosureCallStubRoutine no longer needs codeOrigin
1760         https://bugs.webkit.org/show_bug.cgi?id=140659
1761
1762         Reviewed by Michael Saboff.
1763         
1764         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
1765         would start with the CodeBlock according to the caller frame's call frame header. But if the
1766         call was a closure call, the return PC would be inside some closure call stub. So if the
1767         CodeBlock search failed, we would search *all* closure call stub routines to see which one
1768         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
1769         object. This was all a bunch of madness, and we actually got rid of it - we now determine
1770         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
1771         argument count.
1772         
1773         This patch removes the final vestiges of the madness:
1774         
1775         - Remove the totally unused method declaration for the thing that did the closure call stub
1776           search.
1777         
1778         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
1779           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
1780           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
1781           anymore.
1782
1783         * bytecode/CodeBlock.h:
1784         * jit/ClosureCallStubRoutine.cpp:
1785         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
1786         * jit/ClosureCallStubRoutine.h:
1787         (JSC::ClosureCallStubRoutine::executable):
1788         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
1789         * jit/Repatch.cpp:
1790         (JSC::linkClosureCall):
1791
1792 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1793
1794         Basic block start offsets should never be larger than end offsets in the control flow profiler
1795         https://bugs.webkit.org/show_bug.cgi?id=140377
1796
1797         Reviewed by Filip Pizlo.
1798
1799         The bytecode generator will emit code more than once for some AST nodes. For instance, 
1800         the finally block of TryNode will emit two code paths for its finally block: one for 
1801         the normal path, and another for the path where an exception is thrown in the catch block. 
1802         
1803         This repeated code emission of the same AST node previously broke how the control 
1804         flow profiler computed text ranges of basic blocks because when the same AST node 
1805         is emitted multiple times, there is a good chance that there are ranges that span 
1806         from the end offset of one of these duplicated nodes back to the start offset of 
1807         the same duplicated node. This caused a basic block range to report a larger start 
1808         offset than end offset. This was incorrect. Now, when this situation is encountered 
1809         while linking a CodeBlock, the faulty range in question is ignored.
1810
1811         * bytecode/CodeBlock.cpp:
1812         (JSC::CodeBlock::CodeBlock):
1813         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1814         * bytecode/CodeBlock.h:
1815         * bytecompiler/NodesCodegen.cpp:
1816         (JSC::ForInNode::emitMultiLoopBytecode):
1817         (JSC::ForOfNode::emitBytecode):
1818         (JSC::TryNode::emitBytecode):
1819         * parser/Parser.cpp:
1820         (JSC::Parser<LexerType>::parseConditionalExpression):
1821         * runtime/ControlFlowProfiler.cpp:
1822         (JSC::ControlFlowProfiler::ControlFlowProfiler):
1823         * runtime/ControlFlowProfiler.h:
1824         (JSC::ControlFlowProfiler::dummyBasicBlock):
1825
1826 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
1827
1828         [SVG -> OTF Converter] Flip the switch on
1829         https://bugs.webkit.org/show_bug.cgi?id=140592
1830
1831         Reviewed by Antti Koivisto.
1832
1833         * Configurations/FeatureDefines.xcconfig:
1834
1835 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1836
1837         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
1838         https://bugs.webkit.org/show_bug.cgi?id=140512
1839
1840         Reviewed by Chris Dumez.
1841
1842         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
1843         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
1844         input types, and the type traits macro is defined in namespace WTF.
1845
1846         * replay/NondeterministicInput.h: Make overridden methods public.
1847         * replay/scripts/CodeGeneratorReplayInputs.py:
1848         (Generator.generate_header):
1849         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
1850         (Generator.generate_input_type_trait_declaration): Added.
1851         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
1852         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1853         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1854         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1855         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1856         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1857         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1858         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1859         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1860
1861 2015-01-19  Commit Queue  <commit-queue@webkit.org>
1862
1863         Unreviewed, rolling out r178653.
1864         https://bugs.webkit.org/show_bug.cgi?id=140634
1865
1866         Broke multiple SVG tests on Mountain Lion (Requested by ap on
1867         #webkit).
1868
1869         Reverted changeset:
1870
1871         "[SVG -> OTF Converter] Flip the switch on"
1872         https://bugs.webkit.org/show_bug.cgi?id=140592
1873         http://trac.webkit.org/changeset/178653
1874
1875 2015-01-18  Dean Jackson  <dino@apple.com>
1876
1877         ES6: Support Array.of construction
1878         https://bugs.webkit.org/show_bug.cgi?id=140605
1879         <rdar://problem/19513655>
1880
1881         Reviewed by Geoffrey Garen.
1882
1883         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
1884         specification (15 Jan 2015). The Array.of() method creates a new Array
1885         instance with a variable number of arguments, regardless of number or type
1886         of the arguments.
1887
1888         * runtime/ArrayConstructor.cpp:
1889         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
1890         over the arguments, setting them to the appropriate index.
1891
1892 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
1893
1894         [SVG -> OTF Converter] Flip the switch on
1895         https://bugs.webkit.org/show_bug.cgi?id=140592
1896
1897         Reviewed by Antti Koivisto.
1898
1899         * Configurations/FeatureDefines.xcconfig:
1900
1901 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
1902
1903         Web Inspector: highlight data for overlay should use protocol type builders
1904         https://bugs.webkit.org/show_bug.cgi?id=129441
1905
1906         Reviewed by Timothy Hatcher.
1907
1908         Add a new domain for overlay types.
1909
1910         * CMakeLists.txt:
1911         * DerivedSources.make:
1912         * inspector/protocol/OverlayTypes.json: Added.
1913
1914 2015-01-17  Michael Saboff  <msaboff@apple.com>
1915
1916         Crash in JSScope::resolve() on tools.ups.com
1917         https://bugs.webkit.org/show_bug.cgi?id=140579
1918
1919         Reviewed by Geoffrey Garen.
1920
1921         For op_resolve_scope of a global property or variable that needs to check for the var
1922         injection check watchpoint, we need to keep the scope around with a Phantom.  The
1923         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
1924         fired.
1925
1926         * dfg/DFGByteCodeParser.cpp:
1927         (JSC::DFG::ByteCodeParser::parseBlock):
1928
1929 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1930
1931         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
1932         https://bugs.webkit.org/show_bug.cgi?id=140557
1933
1934         Reviewed by Joseph Pecoraro.
1935
1936         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
1937         This makes it longwinded and confusing to use the type in C++ code.
1938
1939         This patch adds a typedef for array type declarations, so types such as Console::CallStack
1940         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
1941
1942         Some tests were updated to cover array type declarations used as parameters and type members.
1943
1944         * inspector/ScriptCallStack.cpp: Use the new typedef.
1945         (Inspector::ScriptCallStack::buildInspectorArray):
1946         * inspector/ScriptCallStack.h:
1947         * inspector/scripts/codegen/cpp_generator.py:
1948         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
1949         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1950         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
1951         (_generate_typedefs_for_domain.Inspector):
1952         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
1953         (ArrayType.__init__):
1954         (Protocol.resolve_types):
1955         (Protocol.lookup_type_reference):
1956         * inspector/scripts/tests/commands-with-async-attribute.json:
1957         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
1958         * inspector/scripts/tests/events-with-optional-parameters.json:
1959         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1960         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1961         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1962         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1963         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1964         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1965         * inspector/scripts/tests/type-declaration-object-type.json:
1966
1967 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1968
1969         Web Replay: purge remaining PassRefPtr uses and minor cleanup
1970         https://bugs.webkit.org/show_bug.cgi?id=140456
1971
1972         Reviewed by Andreas Kling.
1973
1974         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
1975         Remove mistaken uses of AtomicString that were not removed as part of r174113.
1976
1977         * replay/EmptyInputCursor.h:
1978         * replay/InputCursor.h:
1979         (JSC::InputCursor::InputCursor):
1980
1981 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1982
1983         Web Inspector: code generator should fail on duplicate parameter and member names
1984         https://bugs.webkit.org/show_bug.cgi?id=140555
1985
1986         Reviewed by Timothy Hatcher.
1987
1988         * inspector/scripts/codegen/models.py:
1989         (find_duplicates): Add a helper function to find duplicates in a list.
1990         (Protocol.parse_type_declaration):
1991         (Protocol.parse_command):
1992         (Protocol.parse_event):
1993         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
1994         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
1995         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
1996         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
1997         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
1998         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
1999         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
2000         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
2001
2002 2015-01-16  Michael Saboff  <msaboff@apple.com>
2003
2004         REGRESSION (r174226): Header on huffingtonpost.com is too large
2005         https://bugs.webkit.org/show_bug.cgi?id=140306
2006
2007         Reviewed by Filip Pizlo.
2008
2009         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
2010         arguments register or whether we need to resolve "arguments".  If the arguments have
2011         been captured, then they are stored in the lexical environment and the arguments
2012         register is not used.
2013
2014         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
2015         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
2016         better indicate what we are checking.
2017
2018         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
2019         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
2020         incorrectly calculated the location of the reified callee frame.  This alignment resulted
2021         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
2022
2023         * bytecompiler/BytecodeGenerator.cpp:
2024         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
2025         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
2026         (JSC::BytecodeGenerator::emitCall):
2027         (JSC::BytecodeGenerator::emitConstruct):
2028         (JSC::BytecodeGenerator::emitEnumeration):
2029         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
2030         * bytecompiler/BytecodeGenerator.h:
2031         * bytecompiler/NodesCodegen.cpp:
2032         (JSC::BracketAccessorNode::emitBytecode):
2033         (JSC::DotAccessorNode::emitBytecode):
2034         (JSC::getArgumentByVal):
2035         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2036         (JSC::ArrayPatternNode::emitDirectBinding):
2037         * dfg/DFGOSRExitCompilerCommon.cpp:
2038         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
2039         * dfg/DFGOperations.cpp:
2040         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
2041         * dfg/DFGOperations.h:
2042         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
2043
2044 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
2045
2046         Remove ENABLE(SQL_DATABASE) guards
2047         https://bugs.webkit.org/show_bug.cgi?id=140434
2048
2049         Reviewed by Darin Adler.
2050
2051         * CMakeLists.txt:
2052         * Configurations/FeatureDefines.xcconfig:
2053         * DerivedSources.make:
2054         * inspector/protocol/Database.json:
2055
2056 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
2057
2058         Web Inspector and regular console use different source code locations for messages
2059         https://bugs.webkit.org/show_bug.cgi?id=140478
2060
2061         Reviewed by Brian Burg.
2062
2063         * inspector/ConsoleMessage.h: Expose computed source location.
2064
2065         * inspector/agents/InspectorConsoleAgent.cpp:
2066         (Inspector::InspectorConsoleAgent::addMessageToConsole):
2067         (Inspector::InspectorConsoleAgent::stopTiming):
2068         (Inspector::InspectorConsoleAgent::count):
2069         * inspector/agents/InspectorConsoleAgent.h:
2070         addMessageToConsole() now takes a pre-made ConsoleMessage object.
2071
2072         * inspector/JSGlobalObjectConsoleClient.cpp:
2073         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2074         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
2075         * inspector/JSGlobalObjectInspectorController.cpp:
2076         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2077         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
2078         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
2079         Updated for the above changes.
2080
2081 2015-01-15  Mark Lam  <mark.lam@apple.com>
2082
2083         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
2084         <https://webkit.org/b/140093>
2085
2086         Reviewed by Geoffrey Garen.
2087
2088         * interpreter/StackVisitor.cpp:
2089         (JSC::StackVisitor::Frame::createArguments):
2090         - We should not fetching the lexicalEnvironment here.  The reason we've
2091           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
2092           may not be available to us at this point.  Instead, we'll just pass a nullptr.
2093
2094         * runtime/Arguments.cpp:
2095         (JSC::Arguments::tearOffForCloning):
2096         * runtime/Arguments.h:
2097         (JSC::Arguments::finishCreation):
2098         - Use the new tearOffForCloning() to tear off arguments right out of the values
2099           passed on the stack.  tearOff() is not appropriate for this purpose because
2100           it takes slowArgumentsData into account.
2101
2102 2015-01-14  Matthew Mirman  <mmirman@apple.com>
2103
2104         Removed accidental commit of "invalid_array.js" 
2105         http://trac.webkit.org/changeset/178439
2106
2107         * tests/stress/invalid_array.js: Removed.
2108
2109 2015-01-14  Matthew Mirman  <mmirman@apple.com>
2110
2111         Fixes operationPutByIdOptimizes such that they check that the put didn't
2112         change the structure of the object who's property access is being
2113         cached.  Also removes uses of the new base value from the cache generation code.
2114         https://bugs.webkit.org/show_bug.cgi?id=139500
2115
2116         Reviewed by Filip Pizlo.
2117
2118         * jit/JITOperations.cpp:
2119         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2120         (JSC::operationPutByIdNonStrictOptimize): ditto.
2121         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2122         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2123         * jit/Repatch.cpp:
2124         (JSC::generateByIdStub):
2125         (JSC::tryCacheGetByID):
2126         (JSC::tryBuildGetByIDList):
2127         (JSC::emitPutReplaceStub):
2128         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
2129         (JSC::tryCachePutByID):
2130         (JSC::repatchPutByID):
2131         (JSC::tryBuildPutByIdList):
2132         (JSC::tryRepatchIn):
2133         (JSC::emitPutTransitionStub): Deleted.
2134         * jit/Repatch.h:
2135         * llint/LLIntSlowPaths.cpp:
2136         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2137         * runtime/JSPropertyNameEnumerator.h:
2138         (JSC::genericPropertyNameEnumerator):
2139         * runtime/Operations.h:
2140         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
2141         (JSC::normalizePrototypeChain): restructured to not use the base value.
2142         * tests/mozilla/mozilla-tests.yaml:
2143         * tests/stress/proto-setter.js: Added.
2144         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
2145         Added test that fails without this patch.
2146
2147 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
2148
2149         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
2150         https://bugs.webkit.org/show_bug.cgi?id=140404
2151
2152         Reviewed by Timothy Hatcher.
2153
2154         * inspector/protocol/Timeline.json:
2155
2156 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2157
2158         DFG can call PutByValDirect for generic arrays
2159         https://bugs.webkit.org/show_bug.cgi?id=140389
2160
2161         Reviewed by Geoffrey Garen.
2162
2163         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
2164         However, current DFG asserts that put_by_val_direct is not used for the generic array,
2165         the assertion failure is raised.
2166         This patch allow DFG to use put_by_val_direct to generic arrays.
2167
2168         And fix the DFG put_by_val_direct implementation for string properties.
2169         At first, put_by_val_direct is inteded to be used for spread elements.
2170         So the property keys were limited to numbers (indexes).
2171         But now, it's also used for computed properties in object initializers.
2172
2173         * dfg/DFGOperations.cpp:
2174         (JSC::DFG::operationPutByValInternal):
2175         * dfg/DFGSpeculativeJIT64.cpp:
2176         (JSC::DFG::SpeculativeJIT::compile):
2177
2178 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
2179
2180         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
2181         https://bugs.webkit.org/show_bug.cgi?id=140397
2182
2183         Reviewed by Geoffrey Garen.
2184
2185         Patch by Alexey Proskuryakov.
2186
2187         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
2188
2189         No performance change.
2190
2191         No test, since this is a small past-the-end read, which is very
2192         difficult to turn into a reproducible failing test -- and existing tests
2193         crash reliably using ASan.
2194
2195         * bytecompiler/NodesCodegen.cpp:
2196         (JSC::BracketAccessorNode::emitBytecode):
2197         (JSC::DotAccessorNode::emitBytecode):
2198         (JSC::FunctionCallBracketNode::emitBytecode):
2199         (JSC::PostfixNode::emitResolve):
2200         (JSC::DeleteBracketNode::emitBytecode):
2201         (JSC::DeleteDotNode::emitBytecode):
2202         (JSC::PrefixNode::emitResolve):
2203         (JSC::UnaryOpNode::emitBytecode):
2204         (JSC::BitwiseNotNode::emitBytecode):
2205         (JSC::BinaryOpNode::emitBytecode):
2206         (JSC::EqualNode::emitBytecode):
2207         (JSC::StrictEqualNode::emitBytecode):
2208         (JSC::ThrowableBinaryOpNode::emitBytecode):
2209         (JSC::AssignDotNode::emitBytecode):
2210         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
2211         register used across a call to a function that might allocate a new
2212         temporary register must be held in a RefPtr.
2213
2214 2015-01-12  Michael Saboff  <msaboff@apple.com>
2215
2216         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
2217         https://bugs.webkit.org/show_bug.cgi?id=140348
2218
2219         Reviewed by Mark Lam.
2220
2221         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
2222         because those registers may have been spilled on the stack and replaced with other values by
2223         the time we call down to gatherFromCurrentThread().
2224
2225         Now we get the register contents at the same place that we demarcate the current top of
2226         stack using the address of a local variable, in Heap::markRoots().  The register contents
2227         buffer is passed along with the demarcation pointer.  These need to be done at this level 
2228         in the call tree and no lower, as markRoots() calls various functions that visit object
2229         pointers that may be latter proven dead.  Any of those pointers that are left on the
2230         stack or in registers could be incorrectly marked as live if we scan the stack contents
2231         from a called function or one of its callees.  The stack demarcation pointer and register
2232         saving need to be done in the same function so that we have a consistent stack, active
2233         and spilled registers.
2234
2235         Because we don't want to make unnecessary calls to get the register contents, we use
2236         a macro to allocated, and possibly align, the register structure and get the actual
2237         register contents.
2238
2239
2240         * heap/Heap.cpp:
2241         (JSC::Heap::markRoots):
2242         (JSC::Heap::gatherStackRoots):
2243         * heap/Heap.h:
2244         * heap/MachineStackMarker.cpp:
2245         (JSC::MachineThreads::gatherFromCurrentThread):
2246         (JSC::MachineThreads::gatherConservativeRoots):
2247         * heap/MachineStackMarker.h:
2248
2249 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
2250
2251         Add basic pattern matching support to the url filters
2252         https://bugs.webkit.org/show_bug.cgi?id=140283
2253
2254         Reviewed by Andreas Kling.
2255
2256         * JavaScriptCore.xcodeproj/project.pbxproj:
2257         Make YarrParser.h private in order to use it from WebCore.
2258
2259 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
2260
2261         Out of bounds read in IdentifierArena::makeIdentifier
2262         https://bugs.webkit.org/show_bug.cgi?id=140376
2263
2264         Patch by Alexey Proskuryakov.
2265
2266         Reviewed and ChangeLogged by Geoffrey Garen.
2267
2268         No test, since this is a small past-the-end read, which is very
2269         difficult to turn into a reproducible failing test -- and existing tests
2270         crash reliably using ASan.
2271
2272         * parser/ParserArena.h:
2273         (JSC::IdentifierArena::makeIdentifier):
2274         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
2275         zero-length string input, like we do in the literal parser, since it is
2276         not valid to dereference characters in a zero-length string.
2277
2278         A zero-length string is allowed in JavaScript -- for example, "".
2279
2280 2015-01-11  Sam Weinig  <sam@webkit.org>
2281
2282         Remove support for SharedWorkers
2283         https://bugs.webkit.org/show_bug.cgi?id=140344
2284
2285         Reviewed by Anders Carlsson.
2286
2287         * Configurations/FeatureDefines.xcconfig:
2288
2289 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
2290
2291         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
2292         https://bugs.webkit.org/show_bug.cgi?id=136769
2293
2294         Reviewed by Antti Koivisto.
2295
2296         * Configurations/FeatureDefines.xcconfig:
2297
2298 2015-01-12  Commit Queue  <commit-queue@webkit.org>
2299
2300         Unreviewed, rolling out r178266.
2301         https://bugs.webkit.org/show_bug.cgi?id=140363
2302
2303         Broke a JSC test (Requested by ap on #webkit).
2304
2305         Reverted changeset:
2306
2307         "Local JSArray* "keys" in objectConstructorKeys() is not
2308         marked during garbage collection"
2309         https://bugs.webkit.org/show_bug.cgi?id=140348
2310         http://trac.webkit.org/changeset/178266
2311
2312 2015-01-12  Michael Saboff  <msaboff@apple.com>
2313
2314         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
2315         https://bugs.webkit.org/show_bug.cgi?id=140348
2316
2317         Reviewed by Mark Lam.
2318
2319         Move the address of the local variable that is used to demarcate the top of the stack for 
2320         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
2321         the register values using setjmp().  That way we don't lose any callee save register
2322         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
2323         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
2324         erroneously.
2325
2326         * heap/Heap.cpp:
2327         (JSC::Heap::markRoots):
2328         (JSC::Heap::gatherStackRoots):
2329         * heap/Heap.h:
2330         * heap/MachineStackMarker.cpp:
2331         (JSC::MachineThreads::gatherFromCurrentThread):
2332         (JSC::MachineThreads::gatherConservativeRoots):
2333         * heap/MachineStackMarker.h:
2334
2335 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
2336
2337         Fix typo in testate.c error messages
2338         https://bugs.webkit.org/show_bug.cgi?id=140305
2339
2340         Reviewed by Geoffrey Garen.
2341
2342         * API/tests/testapi.c:
2343         (main): "... script did not timed out ..." -> "... script did not time out ..."
2344
2345 2015-01-09  Michael Saboff  <msaboff@apple.com>
2346
2347         Breakpoint doesn't fire in this HTML5 game
2348         https://bugs.webkit.org/show_bug.cgi?id=140269
2349
2350         Reviewed by Mark Lam.
2351
2352         When parsing a single line cached function, use the lineStartOffset of the
2353         location where we found the cached function instead of the cached lineStartOffset.
2354         The cache location's lineStartOffset has not been adjusted for any possible
2355         containing functions.
2356
2357         This change is not needed for multi-line cached functions.  Consider the
2358         single line source:
2359
2360         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
2361
2362         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
2363         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
2364         character is at outer()'s outermost open brace.  That is what we should use for
2365         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
2366         to the saved location for inner1(), including the lineStartOffset of 0.  We need
2367         to use the value of lineStartOffset before we started parsing inner1().  That is
2368         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
2369
2370         For a multi-line function, the close brace is guaranteed to be on a different line
2371         than the open brace.  Hence, its lineStartOffset will not change with the change of
2372         the SourceCode start character
2373
2374         * parser/Parser.cpp:
2375         (JSC::Parser<LexerType>::parseFunctionInfo):
2376
2377 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2378
2379         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
2380         https://bugs.webkit.org/show_bug.cgi?id=140279
2381         rdar://problem/19422299
2382
2383         Reviewed by Oliver Hunt.
2384
2385         * runtime/MapData.cpp:
2386         (JSC::MapData::replaceAndPackBackingStore):
2387         The cell table also needs to have its values fixed.
2388
2389 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2390
2391         Web Inspector: Remove or use TimelineAgent Resource related event types
2392         https://bugs.webkit.org/show_bug.cgi?id=140155
2393
2394         Reviewed by Timothy Hatcher.
2395
2396         Remove unused / stale Timeline event types.
2397
2398         * inspector/protocol/Timeline.json:
2399
2400 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
2401
2402         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
2403         https://bugs.webkit.org/show_bug.cgi?id=140098
2404
2405         Reviewed by Brian Burg.
2406
2407         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
2408
2409 2015-01-08  Mark Lam  <mark.lam@apple.com>
2410
2411         Argument object created by "Function dot arguments" should use a clone of the argument values.
2412         <https://webkit.org/b/140093>
2413
2414         Reviewed by Geoffrey Garen.
2415
2416         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
2417         test will crash.  The relevant code which manifests the issue is as follows:
2418
2419             function bar() {
2420                 return foo.arguments;
2421             }
2422
2423             function foo(p) {
2424                 var x = 42;
2425                 if (p)
2426                     return (function() { return x; });
2427                 else
2428                     return bar();
2429             }
2430
2431         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
2432         has dead code eliminated the SetLocal that stores it into its designated local.
2433         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
2434         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
2435         but instead, finds it to be uninitialized.  This results in a null pointer access
2436         which causes a crash.
2437
2438         This can be resolved by having bar() instantiate a clone of the Arguments object
2439         instead, and populate its elements with values fetched directly from foo's frame.
2440         There's no need to reference foo's LexicalEnvironment (whether present or not).
2441
2442         * interpreter/StackVisitor.cpp:
2443         (JSC::StackVisitor::Frame::createArguments):
2444         * runtime/Arguments.h:
2445         (JSC::Arguments::finishCreation):
2446
2447 2015-01-08  Mark Lam  <mark.lam@apple.com>
2448
2449         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
2450         <https://webkit.org/b/140236>
2451
2452         Reviewed by Geoffrey Garen.
2453
2454         Will change the DFG to use the operand on a subsequent pass.  For now,
2455         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
2456         retain the old behavior of getting the lexicalEnviroment from the
2457         ExecState.
2458
2459         * bytecompiler/BytecodeGenerator.cpp:
2460         (JSC::BytecodeGenerator::BytecodeGenerator):
2461         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2462         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2463         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
2464           instead of an empty JSValue as the lexicalEnvironment operand.
2465
2466         * dfg/DFGOperations.cpp:
2467         - Use the lexicalEnvironment from the ExecState for now.
2468
2469         * dfg/DFGSpeculativeJIT32_64.cpp:
2470         (JSC::DFG::SpeculativeJIT::compile):
2471         * dfg/DFGSpeculativeJIT64.cpp:
2472         (JSC::DFG::SpeculativeJIT::compile):
2473         - Use the operationCreateArgumentsForDFG() thunk for now.
2474
2475         * interpreter/CallFrame.cpp:
2476         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
2477         * interpreter/CallFrame.h:
2478         - Added this convenience function to return either the
2479           lexicalEnvironment or a nullptr so that we don't need to do a
2480           conditional check on codeBlock->needsActivation() at multiple sites.
2481
2482         * interpreter/StackVisitor.cpp:
2483         (JSC::StackVisitor::Frame::createArguments):
2484         * jit/JIT.h:
2485         * jit/JITInlines.h:
2486         (JSC::JIT::callOperation):
2487         * jit/JITOpcodes.cpp:
2488         (JSC::JIT::emit_op_create_arguments):
2489         (JSC::JIT::emitSlow_op_get_argument_by_val):
2490         * jit/JITOpcodes32_64.cpp:
2491         (JSC::JIT::emit_op_create_arguments):
2492         (JSC::JIT::emitSlow_op_get_argument_by_val):
2493         * jit/JITOperations.cpp:
2494         * jit/JITOperations.h:
2495         * llint/LLIntSlowPaths.cpp:
2496         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2497         * runtime/Arguments.h:
2498         (JSC::Arguments::create):
2499         (JSC::Arguments::finishCreation):
2500         * runtime/CommonSlowPaths.cpp:
2501         (JSC::SLOW_PATH_DECL):
2502         * runtime/JSLexicalEnvironment.cpp:
2503         (JSC::JSLexicalEnvironment::argumentsGetter):
2504
2505 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2506
2507         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
2508         https://bugs.webkit.org/show_bug.cgi?id=138991
2509
2510         Reviewed by Timothy Hatcher.
2511
2512         * debugger/Debugger.cpp:
2513         (JSC::Debugger::Debugger):
2514         (JSC::Debugger::pauseIfNeeded):
2515         (JSC::Debugger::didReachBreakpoint):
2516         When actually pausing, if we hit a breakpoint ensure the reason
2517         is PausedForBreakpoint, otherwise use the current reason.
2518
2519         * debugger/Debugger.h:
2520         Make pause reason and pausing breakpoint ID public.
2521
2522         * inspector/agents/InspectorDebuggerAgent.h:
2523         * inspector/agents/InspectorDebuggerAgent.cpp:
2524         (Inspector::buildAssertPauseReason):
2525         (Inspector::buildCSPViolationPauseReason):
2526         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
2527         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
2528         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2529         (Inspector::buildObjectForBreakpointCookie):
2530         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2531         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
2532         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2533         (Inspector::InspectorDebuggerAgent::pause):
2534         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2535         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2536         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
2537         Clean up creation of pause reason objects and other cleanup
2538         of PassRefPtr use and InjectedScript use.
2539
2540         (Inspector::InspectorDebuggerAgent::didPause):
2541         Clean up so that we first check for an Exception, and then fall
2542         back to including a Pause Reason derived from the Debugger.
2543
2544         * inspector/protocol/Debugger.json:
2545         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
2546
2547 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2548
2549         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
2550         https://bugs.webkit.org/show_bug.cgi?id=140209
2551
2552         Reviewed by Timothy Hatcher.
2553
2554         Check the types of objects in NSArrays for all interfaces (commands, events, types)
2555         when the user can set an array of objects. Previously we were only type checking
2556         they were RWIJSONObjects, now we add an explicit check for the exact object type.
2557
2558         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2559         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2560         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2561         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2562         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2563         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2564         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
2565         * inspector/scripts/codegen/objc_generator.py:
2566         (ObjCGenerator.objc_class_for_array_type):
2567         (ObjCGenerator):
2568
2569 2015-01-07  Mark Lam  <mark.lam@apple.com>
2570
2571         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
2572         <https://webkit.org/b/140233>
2573
2574         Reviewed by Filip Pizlo.
2575
2576         This patch only adds the operand to the bytecode.  It is not in use yet.
2577
2578         * bytecode/BytecodeList.json:
2579         * bytecode/BytecodeUseDef.h:
2580         (JSC::computeUsesForBytecodeOffset):
2581         * bytecode/CodeBlock.cpp:
2582         (JSC::CodeBlock::dumpBytecode):
2583         * bytecompiler/BytecodeGenerator.cpp:
2584         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2585         * llint/LowLevelInterpreter32_64.asm:
2586         * llint/LowLevelInterpreter64.asm:
2587
2588 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2589
2590         Investigate the character type of repeated string instead of checking is8Bit flag
2591         https://bugs.webkit.org/show_bug.cgi?id=140139
2592
2593         Reviewed by Darin Adler.
2594
2595         Instead of checking is8Bit flag of the repeated string, investigate
2596         the actual value of the repeated character since i8Bit flag give a false negative case.
2597
2598         * runtime/StringPrototype.cpp:
2599         (JSC::repeatCharacter):
2600         (JSC::stringProtoFuncRepeat):
2601         (JSC::repeatSmallString): Deleted.
2602
2603 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2604
2605         Web Inspector: ObjC Generate types from the GenericTypes domain
2606         https://bugs.webkit.org/show_bug.cgi?id=140229
2607
2608         Reviewed by Timothy Hatcher.
2609
2610         Generate types from the GenericTypes domain, as they are expected
2611         by other domains (like Page domain). Also, don't include the @protocol
2612         forward declaration for a domain if it doesn't have any commands.
2613
2614         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2615         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
2616         (ObjCBackendDispatcherHeaderGenerator): Deleted.
2617         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
2618         * inspector/scripts/codegen/objc_generator.py:
2619         (ObjCGenerator):
2620         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2621         * inspector/scripts/tests/expected/enum-values.json-result:
2622         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2623         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2624         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2625         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2626         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2627         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2628         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2629         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2630         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2631
2632 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2633
2634         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
2635         https://bugs.webkit.org/show_bug.cgi?id=140228
2636
2637         Reviewed by Timothy Hatcher.
2638
2639         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2640         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2641         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2642         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2643         * inspector/scripts/tests/expected/enum-values.json-result:
2644         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2645
2646 2015-01-07  Saam Barati  <saambarati1@gmail.com>
2647
2648         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
2649         https://bugs.webkit.org/show_bug.cgi?id=140165
2650
2651         Reviewed by Michael Saboff.
2652
2653         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
2654         into the LLInt speeds up type profiling.
2655
2656         * llint/LLIntOffsetsExtractor.cpp:
2657         * llint/LowLevelInterpreter.asm:
2658         * llint/LowLevelInterpreter32_64.asm:
2659         * llint/LowLevelInterpreter64.asm:
2660         * runtime/CommonSlowPaths.cpp:
2661         (JSC::SLOW_PATH_DECL):
2662         * runtime/CommonSlowPaths.h:
2663         * runtime/TypeProfilerLog.h:
2664         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
2665
2666 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
2667
2668         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2669         https://bugs.webkit.org/show_bug.cgi?id=140053
2670
2671         Reviewed by Andreas Kling.
2672
2673         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2674         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2675         references are always non-null. These two refactorings have been combined since
2676         they tend to require similar changes to the code.
2677
2678         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2679         have been updated to take a Ref instead of RefPtr.
2680
2681         Builders for typed protocol objects now return a Ref. Since there is no implicit
2682         call to operator&, callsites now must explicitly call .release() to convert a
2683         builder object into the corresponding protocol object once required fields are set.
2684         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2685
2686         Tests for inspector protocol and replay inputs have been rebaselined.
2687
2688         * bindings/ScriptValue.cpp:
2689         (Deprecated::jsToInspectorValue):
2690         (Deprecated::ScriptValue::toInspectorValue):
2691         * bindings/ScriptValue.h:
2692         * inspector/ConsoleMessage.cpp:
2693         (Inspector::ConsoleMessage::addToFrontend):
2694         * inspector/ContentSearchUtilities.cpp:
2695         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2696         (Inspector::ContentSearchUtilities::searchInTextByLines):
2697         * inspector/ContentSearchUtilities.h:
2698         * inspector/InjectedScript.cpp:
2699         (Inspector::InjectedScript::getFunctionDetails):
2700         (Inspector::InjectedScript::getProperties):
2701         (Inspector::InjectedScript::getInternalProperties):
2702         (Inspector::InjectedScript::wrapCallFrames):
2703         (Inspector::InjectedScript::wrapObject):
2704         (Inspector::InjectedScript::wrapTable):
2705         * inspector/InjectedScript.h:
2706         * inspector/InjectedScriptBase.cpp:
2707         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2708         * inspector/InspectorBackendDispatcher.cpp:
2709         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2710         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2711         (Inspector::InspectorBackendDispatcher::create):
2712         (Inspector::InspectorBackendDispatcher::dispatch):
2713         (Inspector::InspectorBackendDispatcher::sendResponse):
2714         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2715         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2716         (Inspector::InspectorBackendDispatcher::getInteger):
2717         (Inspector::InspectorBackendDispatcher::getDouble):
2718         (Inspector::InspectorBackendDispatcher::getString):
2719         (Inspector::InspectorBackendDispatcher::getBoolean):
2720         (Inspector::InspectorBackendDispatcher::getObject):
2721         (Inspector::InspectorBackendDispatcher::getArray):
2722         (Inspector::InspectorBackendDispatcher::getValue):
2723         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2724         protocol error strings.
2725         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2726         Convert the supplemental dispatcher's reference to Ref since it is never null.
2727         * inspector/InspectorEnvironment.h:
2728         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2729         StructItemTraits. Add more versions of addItem to handle pushing various types.
2730         (Inspector::Protocol::Array::openAccessors):
2731         (Inspector::Protocol::Array::addItem):
2732         (Inspector::Protocol::Array::create):
2733         (Inspector::Protocol::StructItemTraits::push):
2734         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2735         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2736         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2737         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2738         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2739         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2740         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2741         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2742         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2743         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2744         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2745         the same call signature as other getters. Use Ref where possible.
2746         (Inspector::InspectorObjectBase::getBoolean):
2747         (Inspector::InspectorObjectBase::getString):
2748         (Inspector::InspectorObjectBase::getObject):
2749         (Inspector::InspectorObjectBase::getArray):
2750         (Inspector::InspectorObjectBase::getValue):
2751         (Inspector::InspectorObjectBase::writeJSON):
2752         (Inspector::InspectorArrayBase::get):
2753         (Inspector::InspectorObject::create):
2754         (Inspector::InspectorArray::create):
2755         (Inspector::InspectorValue::null):
2756         (Inspector::InspectorString::create):
2757         (Inspector::InspectorBasicValue::create):
2758         (Inspector::InspectorObjectBase::get): Deleted.
2759         * inspector/InspectorValues.h:
2760         (Inspector::InspectorObjectBase::setValue):
2761         (Inspector::InspectorObjectBase::setObject):
2762         (Inspector::InspectorObjectBase::setArray):
2763         (Inspector::InspectorArrayBase::pushValue):
2764         (Inspector::InspectorArrayBase::pushObject):
2765         (Inspector::InspectorArrayBase::pushArray):
2766         * inspector/JSGlobalObjectConsoleClient.cpp:
2767         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2768         (Inspector::JSGlobalObjectConsoleClient::count):
2769         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2770         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2771         * inspector/JSGlobalObjectConsoleClient.h:
2772         * inspector/JSGlobalObjectInspectorController.cpp:
2773         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2774         * inspector/JSGlobalObjectInspectorController.h:
2775         * inspector/ScriptCallFrame.cpp:
2776         (Inspector::ScriptCallFrame::buildInspectorObject):
2777         * inspector/ScriptCallFrame.h:
2778         * inspector/ScriptCallStack.cpp:
2779         (Inspector::ScriptCallStack::create):
2780         (Inspector::ScriptCallStack::buildInspectorArray):
2781         * inspector/ScriptCallStack.h:
2782         * inspector/agents/InspectorAgent.cpp:
2783         (Inspector::InspectorAgent::enable):
2784         (Inspector::InspectorAgent::inspect):
2785         (Inspector::InspectorAgent::activateExtraDomain):
2786         * inspector/agents/InspectorAgent.h:
2787         * inspector/agents/InspectorDebuggerAgent.cpp:
2788         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2789         (Inspector::buildObjectForBreakpointCookie):
2790         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2791         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2792         (Inspector::InspectorDebuggerAgent::continueToLocation):
2793         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2794         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2795         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2796         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2797         (Inspector::InspectorDebuggerAgent::didParseSource):
2798         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2799         (Inspector::InspectorDebuggerAgent::breakProgram):
2800         * inspector/agents/InspectorDebuggerAgent.h:
2801         * inspector/agents/InspectorRuntimeAgent.cpp:
2802         (Inspector::buildErrorRangeObject):
2803         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2804         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2805         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2806         * inspector/agents/InspectorRuntimeAgent.h:
2807         * inspector/scripts/codegen/cpp_generator.py:
2808         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2809         (CppGenerator.cpp_type_for_type_with_name):
2810         (CppGenerator.cpp_type_for_formal_async_parameter):
2811         (CppGenerator.should_use_references_for_type):
2812         (CppGenerator):
2813         * inspector/scripts/codegen/cpp_generator_templates.py:
2814         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2815         (CppBackendDispatcherHeaderGenerator.generate_output):
2816         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2817         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2818         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2819         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2820         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2821         (CppFrontendDispatcherHeaderGenerator.generate_output):
2822         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2823         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2824         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2825         (CppProtocolTypesHeaderGenerator.generate_output):
2826         (_generate_class_for_object_declaration):
2827         (_generate_unchecked_setter_for_member):
2828         (_generate_forward_declarations_for_binding_traits):
2829         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2830         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2831         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2832         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2833         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2834         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2835         (ObjCProtocolTypesImplementationGenerator.generate_output):
2836         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2837         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2838         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2839         * inspector/scripts/tests/expected/enum-values.json-result:
2840         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2841         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2842         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2843         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2844         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2845         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2846         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2847         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2848         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2849         * replay/EncodedValue.cpp:
2850         (JSC::EncodedValue::asObject):
2851         (JSC::EncodedValue::asArray):
2852         (JSC::EncodedValue::put<EncodedValue>):
2853         (JSC::EncodedValue::append<EncodedValue>):
2854         (JSC::EncodedValue::get<EncodedValue>):
2855         * replay/EncodedValue.h:
2856         * replay/scripts/CodeGeneratorReplayInputs.py:
2857         (Type.borrow_type):
2858         (Type.argument_type):
2859         (Generator.generate_member_move_expression):
2860         * runtime/ConsoleClient.cpp:
2861         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2862         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2863         (JSC::ConsoleClient::logWithLevel):
2864         (JSC::ConsoleClient::clear):
2865         (JSC::ConsoleClient::dir):
2866         (JSC::ConsoleClient::dirXML):
2867         (JSC::ConsoleClient::table):
2868         (JSC::ConsoleClient::trace):
2869         (JSC::ConsoleClient::assertCondition):
2870         (JSC::ConsoleClient::group):
2871         (JSC::ConsoleClient::groupCollapsed):
2872         (JSC::ConsoleClient::groupEnd):
2873         * runtime/ConsoleClient.h:
2874         * runtime/TypeSet.cpp:
2875         (JSC::TypeSet::allStructureRepresentations):
2876         (JSC::TypeSet::inspectorTypeSet):
2877         (JSC::StructureShape::inspectorRepresentation):
2878         * runtime/TypeSet.h:
2879
2880 2015-01-07  Commit Queue  <commit-queue@webkit.org>
2881
2882         Unreviewed, rolling out r178039.
2883         https://bugs.webkit.org/show_bug.cgi?id=140187
2884
2885         Breaks ObjC Inspector Protocol (Requested by JoePeck on
2886         #webkit).
2887
2888         Reverted changeset:
2889
2890         "Web Inspector: purge PassRefPtr from Inspector code and use
2891         Ref for typed and untyped protocol objects"
2892         https://bugs.webkit.org/show_bug.cgi?id=140053
2893         http://trac.webkit.org/changeset/178039
2894
2895 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
2896
2897         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2898         https://bugs.webkit.org/show_bug.cgi?id=140053
2899
2900         Reviewed by Andreas Kling.
2901
2902         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2903         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2904         references are always non-null. These two refactorings have been combined since
2905         they tend to require similar changes to the code.
2906
2907         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2908         have been updated to take a Ref instead of RefPtr.
2909
2910         Builders for typed protocol objects now return a Ref. Since there is no implicit
2911         call to operator&, callsites now must explicitly call .release() to convert a
2912         builder object into the corresponding protocol object once required fields are set.
2913         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2914
2915         Tests for inspector protocol and replay inputs have been rebaselined.
2916
2917         * bindings/ScriptValue.cpp:
2918         (Deprecated::jsToInspectorValue):
2919         (Deprecated::ScriptValue::toInspectorValue):
2920         * bindings/ScriptValue.h:
2921         * inspector/ConsoleMessage.cpp:
2922         (Inspector::ConsoleMessage::addToFrontend):
2923         * inspector/ContentSearchUtilities.cpp:
2924         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2925         (Inspector::ContentSearchUtilities::searchInTextByLines):
2926         * inspector/ContentSearchUtilities.h:
2927         * inspector/InjectedScript.cpp:
2928         (Inspector::InjectedScript::getFunctionDetails):
2929         (Inspector::InjectedScript::getProperties):
2930         (Inspector::InjectedScript::getInternalProperties):
2931         (Inspector::InjectedScript::wrapCallFrames):
2932         (Inspector::InjectedScript::wrapObject):
2933         (Inspector::InjectedScript::wrapTable):
2934         * inspector/InjectedScript.h:
2935         * inspector/InjectedScriptBase.cpp:
2936         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2937         * inspector/InspectorBackendDispatcher.cpp:
2938         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2939         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2940         (Inspector::InspectorBackendDispatcher::create):
2941         (Inspector::InspectorBackendDispatcher::dispatch):
2942         (Inspector::InspectorBackendDispatcher::sendResponse):
2943         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2944         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2945         (Inspector::InspectorBackendDispatcher::getInteger):
2946         (Inspector::InspectorBackendDispatcher::getDouble):
2947         (Inspector::InspectorBackendDispatcher::getString):
2948         (Inspector::InspectorBackendDispatcher::getBoolean):
2949         (Inspector::InspectorBackendDispatcher::getObject):
2950         (Inspector::InspectorBackendDispatcher::getArray):
2951         (Inspector::InspectorBackendDispatcher::getValue):
2952         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2953         protocol error strings.
2954         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2955         Convert the supplemental dispatcher's reference to Ref since it is never null.
2956         * inspector/InspectorEnvironment.h:
2957         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2958         StructItemTraits. Add more versions of addItem to handle pushing various types.
2959         (Inspector::Protocol::Array::openAccessors):
2960         (Inspector::Protocol::Array::addItem):
2961         (Inspector::Protocol::Array::create):
2962         (Inspector::Protocol::StructItemTraits::push):
2963         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2964         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2965         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2966         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2967         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2968         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2969         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2970         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2971         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2972         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2973         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2974         the same call signature as other getters. Use Ref where possible.
2975         (Inspector::InspectorObjectBase::getBoolean):
2976         (Inspector::InspectorObjectBase::getString):
2977         (Inspector::InspectorObjectBase::getObject):
2978         (Inspector::InspectorObjectBase::getArray):
2979         (Inspector::InspectorObjectBase::getValue):
2980         (Inspector::InspectorObjectBase::writeJSON):
2981         (Inspector::InspectorArrayBase::get):
2982         (Inspector::InspectorObject::create):
2983         (Inspector::InspectorArray::create):
2984         (Inspector::InspectorValue::null):
2985         (Inspector::InspectorString::create):
2986         (Inspector::InspectorBasicValue::create):
2987         (Inspector::InspectorObjectBase::get): Deleted.
2988         * inspector/InspectorValues.h:
2989         (Inspector::InspectorObjectBase::setValue):
2990         (Inspector::InspectorObjectBase::setObject):
2991         (Inspector::InspectorObjectBase::setArray):
2992         (Inspector::InspectorArrayBase::pushValue):
2993         (Inspector::InspectorArrayBase::pushObject):
2994         (Inspector::InspectorArrayBase::pushArray):
2995         * inspector/JSGlobalObjectConsoleClient.cpp:
2996         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2997         (Inspector::JSGlobalObjectConsoleClient::count):
2998         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2999         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
3000         * inspector/JSGlobalObjectConsoleClient.h:
3001         * inspector/JSGlobalObjectInspectorController.cpp:
3002         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
3003         * inspector/JSGlobalObjectInspectorController.h:
3004         * inspector/ScriptCallFrame.cpp:
3005         (Inspector::ScriptCallFrame::buildInspectorObject):
3006         * inspector/ScriptCallFrame.h:
3007         * inspector/ScriptCallStack.cpp:
3008         (Inspector::ScriptCallStack::create):
3009         (Inspector::ScriptCallStack::buildInspectorArray):
3010         * inspector/ScriptCallStack.h:
3011         * inspector/agents/InspectorAgent.cpp:
3012         (Inspector::InspectorAgent::enable):
3013         (Inspector::InspectorAgent::inspect):
3014         (Inspector::InspectorAgent::activateExtraDomain):
3015         * inspector/agents/InspectorAgent.h:
3016         * inspector/agents/InspectorDebuggerAgent.cpp:
3017         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3018         (Inspector::buildObjectForBreakpointCookie):
3019         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3020         (Inspector::InspectorDebuggerAgent::setBreakpoint):
3021         (Inspector::InspectorDebuggerAgent::continueToLocation):
3022         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
3023         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
3024         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3025         (Inspector::InspectorDebuggerAgent::currentCallFrames):
3026         (Inspector::InspectorDebuggerAgent::didParseSource):
3027         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3028         (Inspector::InspectorDebuggerAgent::breakProgram):
3029         * inspector/agents/InspectorDebuggerAgent.h:
3030         * inspector/agents/InspectorRuntimeAgent.cpp:
3031         (Inspector::buildErrorRangeObject):
3032         (Inspector::InspectorRuntimeAgent::callFunctionOn):
3033         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3034         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3035         * inspector/agents/InspectorRuntimeAgent.h:
3036         * inspector/scripts/codegen/cpp_generator.py:
3037         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
3038         (CppGenerator.cpp_type_for_type_with_name):
3039         (CppGenerator.cpp_type_for_formal_async_parameter):
3040         (CppGenerator.should_use_references_for_type):
3041         (CppGenerator):
3042         * inspector/scripts/codegen/cpp_generator_templates.py:
3043         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
3044         (CppBackendDispatcherHeaderGenerator.generate_output):
3045         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
3046         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
3047         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
3048         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
3049         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
3050         (CppFrontendDispatcherHeaderGenerator.generate_output):
3051         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
3052         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3053         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
3054         (CppProtocolTypesHeaderGenerator.generate_output):
3055         (_generate_class_for_object_declaration):
3056         (_generate_unchecked_setter_for_member):
3057         (_generate_forward_declarations_for_binding_traits):
3058         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
3059         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
3060         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3061         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
3062         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
3063         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3064         (ObjCProtocolTypesImplementationGenerator.generate_output):
3065         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3066         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3067         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3068         * inspector/scripts/tests/expected/enum-values.json-result:
3069         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3070         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3071         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3072         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3073         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3074         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3075         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3076         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3077         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3078         * replay/EncodedValue.cpp:
3079         (JSC::EncodedValue::asObject):
3080         (JSC::EncodedValue::asArray):
3081         (JSC::EncodedValue::put<EncodedValue>):
3082         (JSC::EncodedValue::append<EncodedValue>):
3083         (JSC::EncodedValue::get<EncodedValue>):
3084         * replay/EncodedValue.h:
3085         * replay/scripts/CodeGeneratorReplayInputs.py:
3086         (Type.borrow_type):
3087         (Type.argument_type):
3088         (Generator.generate_member_move_expression):
3089         * runtime/ConsoleClient.cpp:
3090         (JSC::ConsoleClient::printConsoleMessageWithArguments):
3091         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
3092         (JSC::ConsoleClient::logWithLevel):
3093         (JSC::ConsoleClient::clear):
3094         (JSC::ConsoleClient::dir):
3095         (JSC::ConsoleClient::dirXML):
3096         (JSC::ConsoleClient::table):
3097         (JSC::ConsoleClient::trace):
3098         (JSC::ConsoleClient::assertCondition):
3099         (JSC::ConsoleClient::group):
3100         (JSC::ConsoleClient::groupCollapsed):
3101         (JSC::ConsoleClient::groupEnd):
3102         * runtime/ConsoleClient.h:
3103         * runtime/TypeSet.cpp:
3104         (JSC::TypeSet::allStructureRepresentations):
3105         (JSC::TypeSet::inspectorTypeSet):
3106         (JSC::StructureShape::inspectorRepresentation):
3107         * runtime/TypeSet.h:
3108
3109 2015-01-06  Chris Dumez  <cdumez@apple.com>
3110
3111         Drop ResourceResponseBase::connectionID and connectionReused members
3112         https://bugs.webkit.org/show_bug.cgi?id=140158
3113
3114         Reviewed by Sam Weinig.
3115
3116         Drop ResourceResponseBase::connectionID and connectionReused members.
3117         Those were needed by the Chromium port but are no longer used.
3118
3119         * inspector/protocol/Network.json:
3120
3121 2015-01-06  Mark Lam  <mark.lam@apple.com>
3122
3123         Add the lexicalEnvironment as an operand to op_create_arguments.
3124         <https://webkit.org/b/140148>
3125
3126         Reviewed by Geoffrey Garen.
3127
3128         This patch only adds the operand to the bytecode.  It is not in use yet.
3129
3130         * bytecode/BytecodeList.json:
3131         * bytecode/BytecodeUseDef.h:
3132         (JSC::computeUsesForBytecodeOffset):
3133         * bytecode/CodeBlock.cpp:
3134         (JSC::CodeBlock::dumpBytecode):
3135         * bytecompiler/BytecodeGenerator.cpp:
3136         (JSC::BytecodeGenerator::BytecodeGenerator):
3137         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3138         - Adds the lexicalEnvironment register (if present) as an operand to
3139           op_create_arguments.  Else, adds a constant empty JSValue.
3140         * llint/LowLevelInterpreter32_64.asm:
3141         * llint/LowLevelInterpreter64.asm:
3142
3143 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
3144
3145         ADDRESS_SANITIZER macro is overloaded
3146         https://bugs.webkit.org/show_bug.cgi?id=140130
3147
3148         Reviewed by Anders Carlsson.
3149
3150         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
3151         This code is nearly unused (only compiled in when JIT is disabled at build time),
3152         however I've been told that it's best to keep it.
3153
3154 2015-01-06  Mark Lam  <mark.lam@apple.com>
3155
3156         Fix Use details for op_create_arguments.
3157         <https://webkit.org/b/140110>
3158
3159         Rubber stamped by Filip Pizlo.
3160
3161         The previous patch was wrong about op_create_arguments not using its 1st operand.
3162         It does read from it (hence, used) to check if the Arguments object has already
3163         been created or not.  This patch reverts the change for op_create_arguments.
3164
3165         * bytecode/BytecodeUseDef.h:
3166         (JSC::computeUsesForBytecodeOffset):
3167
3168 2015-01-06  Mark Lam  <mark.lam@apple.com>
3169
3170         Fix Use details for op_create_lexical_environment and op_create_arguments.
3171         <https://webkit.org/b/140110>
3172
3173         Reviewed by Filip Pizlo.
3174
3175         The current "Use" details for op_create_lexical_environment and
3176         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
3177         1st operand (the output local).  op_create_lexical_environment uses its 2nd
3178         operand (the scope chain) instead of the 1st (the output local).
3179         This patch fixes them to specify the proper uses.
3180
3181         * bytecode/BytecodeUseDef.h:
3182         (JSC::computeUsesForBytecodeOffset):
3183
3184 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
3185
3186         Implement ES6 String.prototype.repeat(count)
3187         https://bugs.webkit.org/show_bug.cgi?id=140047
3188
3189         Reviewed by Darin Adler.
3190
3191         Introducing ES6 String.prototype.repeat(count) function.
3192
3193         * runtime/JSString.h:
3194         * runtime/StringPrototype.cpp:
3195         (JSC::StringPrototype::finishCreation):
3196         (JSC::repeatSmallString):
3197         (JSC::stringProtoFuncRepeat):
3198
3199 2015-01-03  Michael Saboff  <msaboff@apple.com>
3200
3201         Crash in operationNewFunction when scrolling on Google+
3202         https://bugs.webkit.org/show_bug.cgi?id=140033
3203
3204         Reviewed by Oliver Hunt.
3205
3206         In DFG code, the scope register can be eliminated because all uses have been
3207         dead code eliminated.  In the case where one of the uses was creating a function
3208         that is never used, the baseline code will still create the function.  If we OSR
3209         exit to a path where that function gets created, check the scope register value
3210         and set the new, but dead, function to undefined instead of creating a new function.
3211
3212         * jit/JITOpcodes.cpp:
3213         (JSC::JIT::emit_op_new_func_exp):
3214
3215 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3216
3217         String includes methods perform toString on searchString before toInt32 on a offset
3218         https://bugs.webkit.org/show_bug.cgi?id=140031
3219
3220         Reviewed by Darin Adler.
3221
3222         * runtime/StringPrototype.cpp:
3223         (JSC::stringProtoFuncStartsWith):
3224         (JSC::stringProtoFuncEndsWith):
3225         (JSC::stringProtoFuncIncludes):
3226
3227 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3228
3229         Change to return std::unique_ptr<> in fooCreate()
3230         https://bugs.webkit.org/show_bug.cgi?id=139983
3231
3232         Reviewed by Darin Adler.
3233
3234         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
3235
3236         * create_regex_tables:
3237         * yarr/YarrPattern.h:
3238         (JSC::Yarr::YarrPattern::reset):
3239         (JSC::Yarr::YarrPattern::newlineCharacterClass):
3240         (JSC::Yarr::YarrPattern::digitsCharacterClass):
3241         (JSC::Yarr::YarrPattern::spacesCharacterClass):
3242         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
3243         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
3244         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
3245         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
3246
3247 2015-01-01  Jeff Miller  <jeffm@apple.com>
3248
3249         Update user-visible copyright strings to include 2015
3250         https://bugs.webkit.org/show_bug.cgi?id=139880
3251
3252         Reviewed by Darin Adler.
3253
3254         * Info.plist:
3255
3256 2015-01-01  Darin Adler  <darin@apple.com>
3257
3258         We often misspell identifier as "identifer"
3259         https://bugs.webkit.org/show_bug.cgi?id=140025
3260
3261         Reviewed by Michael Saboff.
3262
3263         * runtime/ArrayConventions.h: Fix it.
3264
3265 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3266
3267         Move JavaScriptCore/yarr to std::unique_ptr
3268         https://bugs.webkit.org/show_bug.cgi?id=139621
3269
3270         Reviewed by Anders Carlsson.
3271
3272         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
3273
3274         * yarr/YarrInterpreter.cpp:
3275         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
3276         * yarr/YarrInterpreter.h:
3277         (JSC::Yarr::BytecodePattern::BytecodePattern):
3278         * yarr/YarrJIT.cpp:
3279         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
3280         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
3281         (JSC::Yarr::YarrGenerator::opCompileBody):
3282         * yarr/YarrPattern.cpp:
3283         (JSC::Yarr::CharacterClassConstructor::charClass):
3284         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
3285         (JSC::Yarr::YarrPatternConstructor::reset):
3286         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
3287         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
3288         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
3289         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
3290         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
3291         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
3292         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
3293         * yarr/YarrPattern.h:
3294         (JSC::Yarr::PatternDisjunction::addNewAlternative):
3295         (JSC::Yarr::YarrPattern::newlineCharacterClass):
3296         (JSC::Yarr::YarrPattern::digitsCharacterClass):
3297         (JSC::Yarr::YarrPattern::spacesCharacterClass):
3298         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
3299         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
3300         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
3301         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
3302
3303 2014-12-26  Dan Bernstein  <mitz@apple.com>
3304
3305         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
3306         https://bugs.webkit.org/show_bug.cgi?id=139950
3307
3308         Reviewed by David Kilzer.
3309
3310         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
3311         in a manner that works with Xcode 5.1.1.
3312
3313 2014-12-22  Mark Lam  <mark.lam@apple.com>
3314
3315         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
3316         <https://webkit.org/b/139892>
3317
3318         Reviewed by Michael Saboff.
3319
3320         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
3321         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
3322         This patch changes it to use the helper function consistently.
3323
3324         * jit/JITOperations.cpp:
3325
3326 2014-12-22  Mark Lam  <mark.lam@apple.com>
3327
3328         Fix some typos in a comment.
3329         <https://webkit.org/b/139882>
3330
3331         Reviewed by Michael Saboff.
3332
3333         * jit/JITPropertyAccess.cpp:
3334         (JSC::JIT::emit_op_get_by_val):
3335
3336 2014-12-22  Mark Lam  <mark.lam@apple.com>
3337
3338         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
3339         <https://webkit.org/b/138118>
3340
3341         Reviewed by Michael Saboff.
3342
3343         * runtime/JSObject.cpp:
3344         (JSC::JSObject::convertInt32ToArrayStorage):
3345         (JSC::JSObject::convertDoubleToArrayStorage):
3346         (JSC::JSObject::convertContiguousToArrayStorage):
3347
3348 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
3349
3350         [iOS] add optimized fullscreen API
3351         https://bugs.webkit.org/show_bug.cgi?id=139833
3352         <rdar://problem/18844486>
3353
3354         Reviewed by Simon Fraser.
3355
3356         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
3357
3358 2014-12-20  David Kilzer  <ddkilzer@apple.com>
3359
3360         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
3361         <http://webkit.org/b/139463>
3362
3363         Reviewed by Mark Rowe.
3364
3365         * Configurations/JavaScriptCore.xcconfig:
3366         - Simplify SECTORDER_FLAGS.
3367
3368 2014-12-19  Andreas Kling  <akling@apple.com>
3369
3370         Plug leak below LLVMCopyStringRepOfTargetData().
3371         <https://webkit.org/b/139832>
3372
3373         Reviewed by Michael Saboff.
3374
3375         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
3376         to free() it after we're done using it.
3377
3378         * ftl/FTLCompile.cpp:
3379         (JSC::FTL::mmAllocateDataSection):
3380
3381 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
3382
3383         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
3384         https://bugs.webkit.org/show_bug.cgi?id=139797
3385
3386         Reviewed by Mark Lam.
3387
3388         * debugger/Debugger.h:
3389         * debugger/Debugger.cpp:
3390         (JSC::Debugger::isAttached):
3391         Check if we are the debugger for a particular global object.
3392         (JSC::Debugger::pauseIfNeeded):
3393         Pass the global object on when hitting a brekapoint.
3394
3395         * inspector/ScriptDebugServer.h:
3396         * inspector/ScriptDebugServer.cpp:
3397         (Inspector::ScriptDebugServer::handleBreakpointHit):
3398         Stop evaluting breakpoint actions if a previous action caused the
3399         debugger to detach from this global object.
3400         (Inspector::ScriptDebugServer::handlePause):
3401         Standardize on passing JSGlobalObject parameter first.
3402
3403 2014-12-19  Mark Lam  <mark.lam@apple.com>
3404
3405         [Win] Endless compiler warnings created by DFGEdge.h.
3406         <https://webkit.org/b/139801>
3407
3408         Reviewed by Brent Fulgham.
3409
3410         Add a cast to fix the type just the way the 64-bit version does.
3411
3412         * dfg/DFGEdge.h:
3413         (JSC::DFG::Edge::makeWord):
3414
3415 2014-12-19  Commit Queue  <commit-queue@webkit.org>
3416
3417         Unreviewed, rolling out r177574.
3418         https://bugs.webkit.org/show_bug.cgi?id=139821
3419
3420         "Broke Production builds by installing
3421         libWebCoreTestSupport.dylib in the wrong directory" (Requested
3422         by ddkilzer on #webkit).
3423
3424         Reverted changeset:
3425
3426         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
3427         WebInspectorUI, WebKit, WebKit2"
3428         https://bugs.webkit.org/show_bug.cgi?id=139463
3429         http://trac.webkit.org/changeset/177574
3430
3431 2014-12-19  Michael Saboff  <msaboff@apple.com>
3432
3433         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
3434         https://bugs.webkit.org/show_bug.cgi?id=139808
3435
3436         Reviewed by Oliver Hunt.
3437
3438         There are three changes here.
3439         1) Create a VariableWatchpointSet for captured arguments variables.
3440         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
3441         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
3442
3443         * bytecompiler/BytecodeGenerator.cpp:
3444         (JSC::BytecodeGenerator::BytecodeGenerator):
3445         * llint/LowLevelInterpreter32_64.asm:
3446         * llint/LowLevelInterpreter64.asm:
3447
3448 2014-12-19  David Kilzer  <ddkilzer@apple.com>
3449
3450         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
3451         <http://webkit.org/b/139463>
3452
3453         Reviewed by Mark Rowe.
3454
3455         * Configurations/JavaScriptCore.xcconfig:
3456         - Simplify SECTORDER_FLAGS.
3457
3458 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
3459
3460         Unreviewed build fix.
3461
3462         * jsc.cpp: Remove typo.
3463
3464 2014-12-17  Michael Saboff  <msaboff@apple.com>
3465
3466         Tests with infinite recursion frequently crash
3467         https://bugs.webkit.org/show_bug.cgi?id=139548
3468
3469         Reviewed by Geoffrey Garen.
3470
3471         While unwinding, if the call frame doesn't have a codeblock, then we
3472         are in native code, handle appropriately.
3473
3474         * interpreter/Interpreter.cpp:
3475         (JSC::unwindCallFrame):
3476         (JSC::UnwindFunctor::operator()):
3477         Added checks for null CodeBlock.
3478
3479         (JSC::Interpreter::unwind): Removed wrong ASSERT.
3480
3481 2014-12-17  Chris Dumez  <cdumez@apple.com>
3482
3483         [iOS] Make it possible to toggle FeatureCounter support at runtime
3484         https://bugs.webkit.org/show_bug.cgi?id=139688
3485         <rdar://problem/19266254>
3486
3487         Reviewed by Andreas Kling.
3488
3489         Stop linking against AppSupport framework as the functionality is no
3490         longer in WTF (it was moved to WebCore).
3491
3492         * Configurations/JavaScriptCore.xcconfig:
3493
3494 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
3495
3496         [Win] Correct DebugSuffix builds under MSBuild
3497         https://bugs.webkit.org/show_bug.cgi?id=139733
3498         <rdar://problem/19276880>
3499
3500         Reviewed by Simon Fraser.
3501
3502         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
3503         '_debug' suffix when building the DebugSuffix target.
3504
3505 2014-12-16  Enrica Casucci  <enrica@apple.com>
3506
3507         Fix iOS builders for 8.0
3508         https://bugs.webkit.org/show_bug.cgi?id=139495
3509
3510         Reviewed by Michael Saboff.
3511
3512         * Configurations/LLVMForJSC.xcconfig:
3513         * llvm/library/LLVMExports.cpp:
3514         (initializeAndGetJSCLLVMAPI):
3515
3516 2014-12-16  Commit Queue  <commit-queue@webkit.org>
3517
3518         Unreviewed, rolling out r177380.
3519         https://bugs.webkit.org/show_bug.cgi?id=139707
3520
3521         "Breaks js/regres/elidable-new-object-* tests" (Requested by
3522         msaboff_ on #webkit).
3523
3524         Reverted changeset:
3525
3526         "Fixes operationPutByIdOptimizes such that they check that the
3527         put didn't"
3528         https://bugs.webkit.org/show_bug.cgi?id=139500
3529         http://trac.webkit.org/changeset/177380
3530
3531 2014-12-16  Matthew Mirman  <mmirman@apple.com>
3532
3533         Fixes operationPutByIdOptimizes such that they check that the put didn't
3534         change the structure of the object who's property access is being
3535         cached.
3536         https://bugs.webkit.org/show_bug.cgi?id=139500
3537
3538         Reviewed by Geoffrey Garen.
3539
3540         * jit/JITOperations.cpp:
3541         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
3542         (JSC::operationPutByIdNonStrictOptimize): ditto.
3543         (JSC::operationPutByIdDirectStrictOptimize): ditto.
3544         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
3545         * jit/Repatch.cpp:
3546         (JSC::tryCachePutByID): Added argument for the old structure
3547         (JSC::repatchPutByID): Added argument for the old structure
3548         * jit/Repatch.h:
3549         * tests/stress/put-by-id-build-list-order-recurse.js: 
3550         Added test that fails without this patch.
3551
3552 2014-12-15  Chris Dumez  <cdumez@apple.com>
3553
3554         [iOS] Add feature counting support
3555         https://bugs.webkit.org/show_bug.cgi?id=139652
3556         <rdar://problem/19255690>
3557
3558         Reviewed by Gavin Barraclough.
3559
3560         Link against AppSupport framework on iOS as we need it to implement
3561         the new FeatureCounter API in WTF.
3562
3563         * Configurations/JavaScriptCore.xcconfig:
3564
3565 2014-12-15  Commit Queue  <commit-queue@webkit.org>
3566
3567         Unreviewed, rolling out r177284.
3568         https://bugs.webkit.org/show_bug.cgi?id=139658
3569
3570         "Breaks API tests and LayoutTests on Yosemite Debug"
3571         (Requested by msaboff on #webkit).
3572
3573         Reverted changeset:
3574
3575         "Make sure range based iteration of Vector<> still receives
3576         bounds checking"
3577         https://bugs.webkit.org/show_bug.cgi?id=138821
3578         http://trac.webkit.org/changeset/177284
3579
3580 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
3581
3582         [EFL] FTL JIT not working on ARM64
3583         https://bugs.webkit.org/show_bug.cgi?id=139295
3584
3585         Reviewed by Michael Saboff.
3586
3587         Added the missing code for stack unwinding and some additional small fixes
3588         to get FTL working correctly.
3589
3590         * ftl/FTLCompile.cpp:
3591         (JSC::FTL::mmAllocateDataSection):
3592         * ftl/FTLUnwindInfo.cpp:
3593         (JSC::FTL::UnwindInfo::parse):
3594
3595 2014-12-15  Oliver Hunt  <oliver@apple.com>
3596
3597         Make sure range based iteration of Vector<> still receives bounds checking
3598         https://bugs.webkit.org/show_bug.cgi?id=138821
3599
3600         Reviewed by Mark Lam.
3601
3602         Update code to deal with slightly changed iterator semantics.
3603
3604         * bytecode/UnlinkedCodeBlock.cpp:
3605         (JSC::UnlinkedCodeBlock::visitChildren):
3606         * bytecompiler/BytecodeGenerator.cpp:
3607         (JSC::BytecodeGenerator::emitComplexPopScopes):
3608         * dfg/DFGSpeculativeJIT.cpp:
3609         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
3610         * ftl/FTLAbbreviations.h:
3611         (JSC::FTL::mdNode):
3612         (JSC::FTL::buildCall):
3613         * llint/LLIntData.cpp:
3614         (JSC::LLInt::Data::performAssertions):
3615         * parser/Parser.h:
3616         (JSC::Scope::Scope):
3617         * runtime/JSArray.cpp:
3618         (JSC::JSArray::setLengthWithArrayStorage):
3619         (JSC::JSArray::sortCompactedVector):
3620         * tools/ProfileTreeNode.h:
3621         (JSC::ProfileTreeNode::dumpInternal):
3622         * yarr/YarrJIT.cpp:
3623         (JSC::Yarr::YarrGenerator::matchCharacterClass):
3624
3625 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
3626
3627         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
3628         https://bugs.webkit.org/show_bug.cgi?id=139630
3629
3630         Reviewed by Oliver Hunt.
3631         
3632         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
3633         comments that reconstruct my reasoning about this code. I had to work hard to remember how
3634         deferral worked so I wrote my discoveries down.
3635
3636         * dfg/DFGInsertionSet.h:
3637         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
3638         * dfg/DFGPutLocalSinkingPhase.cpp:
3639         * tests/stress/put-local-conservative.js: Added.
3640         (foo):
3641         (.result):
3642         (bar):
3643
3644 2014-12-14  Andreas Kling  <akling@apple.com>
3645
3646         Replace PassRef with Ref/Ref&& across the board.
3647         <https://webkit.org/b/139587>
3648
3649         Reviewed by Darin Adler.
3650
3651         * runtime/Identifier.cpp:
3652         (JSC::Identifier::add):
3653         (JSC::Identifier::add8):
3654         * runtime/Identifier.h:
3655         (JSC::Identifier::add):
3656         * runtime/IdentifierInlines.h:
3657         (JSC::Identifier::add):
3658
3659 2014-12-12  Matthew Mirman  <mmirman@apple.com>
3660
3661         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
3662         https://bugs.webkit.org/show_bug.cgi?id=139598
3663         <rdar://problem/18779367>
3664
3665         Reviewed by Filip Pizlo.
3666
3667         * runtime/JSArray.cpp:
3668         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
3669         * tests/stress/sparse_splice.js: Added.
3670
3671 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3672
3673         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
3674         https://bugs.webkit.org/show_bug.cgi?id=139532
3675
3676         Reviewed by Mark Lam.
3677
3678         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
3679
3680         * builtins/BuiltinExecutables.h:
3681         * bytecode/CodeBlock.h:
3682         * bytecode/UnlinkedCodeBlock.cpp:
3683         (JSC::generateFunctionCodeBlock):
3684         * ftl/FTLAbstractHeap.cpp:
3685         (JSC::FTL::IndexedAbstractHeap::atSlow):
3686         * ftl/FTLAbstractHeap.h:
3687         * ftl/FTLCompile.cpp:
3688         (JSC::FTL::mmAllocateDataSection):
3689         * ftl/FTLJITFinalizer.h:
3690         * jsc.cpp:
3691         (jscmain):
3692         * parser/Lexer.h:
3693         * runtime/PropertyMapHashTable.h:
3694         (JSC::PropertyTable::clearDeletedOffsets):
3695         (JSC::PropertyTable::addDeletedOffset):
3696         * runtime/PropertyTable.cpp:
3697         (JSC::PropertyTable::PropertyTable):
3698         * runtime/RegExpObject.cpp:
3699         * runtime/SmallStrings.cpp:
3700         * runtime/Structure.cpp:
3701         * runtime/StructureIDTable.cpp:
3702         (JSC::StructureIDTable::StructureIDTable):
3703         (JSC::StructureIDTable::resize):
3704         * runtime/StructureIDTable.h:
3705         * runtime/StructureTransitionTable.h:
3706         * runtime/VM.cpp:
3707         (JSC::VM::VM):
3708         (JSC::VM::~VM):
3709         * runtime/VM.h:
3710         * tools/CodeProfile.h:
3711         (JSC::CodeProfile::CodeProfile):
3712         (JSC::CodeProfile::addChild):
3713
3714 2014-12-11  Dan Bernstein  <mitz@apple.com>
3715
3716         iOS Simulator production build fix.
3717
3718         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
3719         Simulator, as we did prior to 177027.
3720
3721 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
3722
3723         Explicitly export somre more RWIProtocol classes.
3724         rdar://problem/19220408
3725
3726         Unreviewed build fix.
3727
3728         * inspector/scripts/codegen/generate_objc_configuration_header.py:
3729         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
3730         * inspector/scripts/codegen/generate_objc_header.py:
3731         (ObjCHeaderGenerator._generate_event_interfaces):
3732         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3733         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3734         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3735         * inspector/scripts/tests/expected/enum-values.json-result:
3736         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3737         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3738         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3739         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3740         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3741         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3742         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3743         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3744         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3745
3746 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
3747
3748         Explicitly export some RWIProtocol classes
3749         rdar://problem/19220408
3750
3751         * inspector/scripts/codegen/generate_objc_header.py:
3752         (ObjCHeaderGenerator._generate_type_interface):
3753         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3754         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3755         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3756         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3757         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3758         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3759         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3760
3761 2014-12-11  Mark Lam  <mark.lam@apple.com>
3762
3763         Fix broken build after r177146.
3764         https://bugs.webkit.org/show_bug.cgi?id=139533 
3765
3766         Not reviewed.
3767
3768         * interpreter/CallFrame.h:
3769         (JSC::ExecState::init):
3770         - Restored CallFrame::init() minus the unused JSScope* arg.
3771         * runtime/JSGlobalObject.cpp:
3772         (JSC::JSGlobalObject::init):
3773         - Remove JSScope* arg when calling CallFrame::init().
3774
3775 2014-12-11  Michael Saboff  <msaboff@apple.com>
3776
3777         REGRESSION: Use of undefined CallFrame::ScopeChain value
3778         https://bugs.webkit.org/show_bug.cgi?id=139533
3779
3780         Reviewed by Mark Lam.
3781
3782         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
3783         all usages of these funcitons.  In some cases the scope is passed in or determined
3784         another way.  In some cases the scope is used to calculate other values.  Lastly
3785         were places where these functions where used that are no longer needed.  For
3786         example when making a call, the caller's ScopeChain was copied to the callee's
3787         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
3788         That slot will be removed in a future patch.
3789
3790         * dfg/DFGByteCodeParser.cpp:
3791         (JSC::DFG::ByteCodeParser::parseBlock):
3792         * dfg/DFGSpeculativeJIT32_64.cpp:
3793         (JSC::DFG::SpeculativeJIT::compile):
3794         * dfg/DFGSpeculativeJIT64.cpp:
3795         (JSC::DFG::SpeculativeJIT::compile):
3796         * dfg/DFGSpeculativeJIT.h:
3797         (JSC::DFG::SpeculativeJIT::callOperation):
3798         * jit/JIT.h:
3799         * jit/JITInlines.h:
3800         (JSC::JIT::callOperation):
3801         * runtime/JSLexicalEnvironment.h:
3802         (JSC::JSLexicalEnvironment::create):
3803         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
3804         * jit/JITOpcodes.cpp:
3805         (JSC::JIT::emit_op_create_lexical_environment):
3806         * jit/JITOpcodes32_64.cpp:
3807         (JSC::JIT::emit_op_create_lexical_environment):
3808         * jit/JITOperations.cpp:
3809         * jit/JITOperations.h:
3810         * llint/LLIntSlowPaths.cpp:
3811         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3812         (JSC::LLInt::handleHostCall):
3813         (JSC::LLInt::setUpCall):
3814         (JSC::LLInt::llint_throw_stack_overflow_error):
3815         Pass the current scope value to the helper operationCreateActivation() and
3816         the call to JSLexicalEnvironment::create() instead of using the stack frame
3817         scope chain value.
3818
3819         * dfg/DFGFixupPhase.cpp:
3820         (JSC::DFG::FixupPhase::fixupNode):
3821         CreateActivation now has a second child, the scope.
3822
3823         * interpreter/CallFrame.h:
3824         (JSC::ExecState::init): Deleted.  This is dead code.
3825         (JSC::ExecState::scope): Deleted.
3826         (JSC::ExecState::setScope): Deleted.
3827
3828         * interpreter/Interpreter.cpp:
3829         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
3830         chain slot.  
3831         
3832         (JSC::Interpreter::execute):
3833         (JSC::Interpreter::executeCall):
3834         (JSC::Interpreter::executeConstruct):
3835         Changed process to find JSScope values on the stack or by some other means.
3836
3837         * runtime/JSWithScope.h:
3838         (JSC::JSWithScope::JSWithScope): Deleted.
3839         Eliminated unused constructor.
3840
3841         * runtime/StrictEvalActivation.cpp:
3842         (JSC::StrictEvalActivation::StrictEvalActivation):
3843         * runtime/StrictEvalActivation.h:
3844         (JSC::StrictEvalActivation::create):
3845         Changed to pass in the current scope.
3846
3847 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3848
3849         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
3850         https://bugs.webkit.org/show_bug.cgi?id=139351
3851
3852         Reviewed by Filip Pizlo.
3853
3854         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
3855
3856         * bytecode/SamplingTool.h:
3857         (JSC::SamplingTool::SamplingTool):
3858         * heap/CopiedBlock.h:
3859         (JSC::CopiedBlock::didSurviveGC):
3860         (JSC::CopiedBlock::pin):
3861         * heap/CopiedBlockInlines.h:
3862         (JSC::CopiedBlock::reportLiveBytes):
3863         * heap/GCActivityCallback.h:
3864         * heap/GCThread.cpp:
3865         * heap/Heap.h:
3866         * heap/HeapInlines.h:
3867         (JSC::Heap::markListSet):
3868         * jit/ExecutableAllocator.cpp:
3869         * jit/JIT.cpp:
3870         (JSC::JIT::privateCompile):
3871         * jit/JIT.h:
3872         * jit/JITThunks.cpp:
3873         (JSC::JITThunks::JITThunks):
3874         (JSC::JITThunks::clearHostFunctionStubs):
3875         * jit/JITThunks.h:
3876         * parser/Parser.cpp:
3877         (JSC::Parser<LexerType>::Parser):
3878         * parser/Parser.h:
3879         (JSC::Scope::Scope):
3880         (JSC::Scope::pushLabel):
3881         * parser/ParserArena.cpp:
3882         * parser/ParserArena.h:
3883         (JSC::ParserArena::identifierArena):
3884         * parser/SourceProviderCache.h:
3885         * runtime/CodeCache.h:
3886         * runtime/Executable.h:
3887         * runtime/JSArray.cpp:
3888         (JSC::JSArray::sortVector):
3889         * runtime/JSGlobalObject.h:
3890
3891 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
3892
3893         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
3894         https://bugs.webkit.org/show_bug.cgi?id=139501
3895
3896         Reviewed by Gavin Barraclough.
3897
3898         NSVersionOfLinkTimeLibrary only works if you link directly against
3899         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
3900
3901         It's easy enough just to disable this check on Apple TV, since it has no
3902         backwards compatibility requirement.
3903
3904         * API/JSWrapperMap.mm:
3905         (supportsInitMethodConstructors):
3906
3907 2014-12-10  Matthew Mirman  <mmirman@apple.com>
3908
3909         Fixes operationPutByIds such that they check that the put didn't
3910         change the structure of the object who's property access is being
3911         cached.
3912         https://bugs.webkit.org/show_bug.cgi?id=139196
3913
3914         Reviewed by Filip Pizlo.
3915
3916         * jit/JITOperations.cpp:
3917         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3918         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3919         (JSC::operationPutByIdNonStrictBuildList): ditto.
3920         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3921         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3922         * jit/Repatch.cpp:
3923         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3924         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3925         is the same as the new.
3926         (JSC::buildPutByIdList): Added an argument
3927         * jit/Repatch.h: 
3928         (JSC::buildPutByIdList): Added an argument
3929         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3930
3931 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
3932
3933         URTBF after r177030.
3934
3935         Fix linking failure occured on ARM buildbots:
3936         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
3937
3938         * runtime/NullGetterFunction.cpp:
3939
3940 2014-12-09  Michael Saboff  <msaboff@apple.com>
3941
3942         DFG Tries using an inner object's getter/setter when one hasn't been defined