Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
2
3         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
4         https://bugs.webkit.org/show_bug.cgi?id=140900
5
6         Reviewed by Mark Hahnenberg.
7
8         Re-landing just the GCArraySegment piece of this patch.
9
10         * heap/CodeBlockSet.cpp:
11         (JSC::CodeBlockSet::CodeBlockSet):
12         * heap/CodeBlockSet.h:
13         * heap/GCSegmentedArray.h:
14         (JSC::GCArraySegment::GCArraySegment):
15         * heap/GCSegmentedArrayInlines.h:
16         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
17         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
18         (JSC::GCSegmentedArray<T>::clear):
19         (JSC::GCSegmentedArray<T>::expand):
20         (JSC::GCSegmentedArray<T>::refill):
21         (JSC::GCArraySegment<T>::create):
22         (JSC::GCArraySegment<T>::destroy):
23         * heap/GCThreadSharedData.cpp:
24         (JSC::GCThreadSharedData::GCThreadSharedData):
25         * heap/Heap.cpp:
26         (JSC::Heap::Heap):
27         * heap/MarkStack.cpp:
28         (JSC::MarkStackArray::MarkStackArray):
29         * heap/MarkStack.h:
30         * heap/SlotVisitor.cpp:
31         (JSC::SlotVisitor::SlotVisitor):
32
33 2015-01-29  Csaba Osztrogonác  <ossy@webkit.org>
34
35         Move HAVE_DTRACE definition back to Platform.h
36         https://bugs.webkit.org/show_bug.cgi?id=141033
37
38         Reviewed by Dan Bernstein.
39
40         * Configurations/Base.xcconfig:
41         * JavaScriptCore.xcodeproj/project.pbxproj:
42
43 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
44
45         Removed fastMallocForbid / fastMallocAllow
46         https://bugs.webkit.org/show_bug.cgi?id=141012
47
48         Reviewed by Mark Hahnenberg.
49
50         Copy non-current thread stacks before scanning them instead of scanning
51         them in-place.
52
53         This operation is uncommon (i.e., never in the web content process),
54         and even in a stress test with 4 threads it only copies about 27kB,
55         so I think the performance cost is OK.
56
57         Scanning in-place requires a complex dance where we constrain our GC
58         data structures not to use malloc, free, or any other interesting functions
59         that might acquire locks. We've gotten this wrong many times in the past,
60         and I just got it wrong again yesterday. Since this code path is rarely
61         tested, I want it to just make sense, and not depend on or constrain the
62         details of the rest of the GC heap's design.
63
64         * heap/MachineStackMarker.cpp:
65         (JSC::otherThreadStack): Factored out a helper function for dealing with
66         unaligned and/or backwards pointers.
67
68         (JSC::MachineThreads::tryCopyOtherThreadStack): This is now the only
69         constrained function, and it only calls memcpy and low-level thread APIs.
70
71         (JSC::MachineThreads::tryCopyOtherThreadStacks): The design here is that
72         you do one pass over all the threads to compute their combined size,
73         and then a second pass to do all the copying. In theory, the threads may
74         grow in between passes, in which case you'll continue until the threads
75         stop growing. In practice, you never continue.
76
77         (JSC::growBuffer): Helper function for growing.
78
79         (JSC::MachineThreads::gatherConservativeRoots):
80         (JSC::MachineThreads::gatherFromOtherThread): Deleted.
81         * heap/MachineStackMarker.h: Updated for interface changes.
82
83 2015-01-28  Brian J. Burg  <burg@cs.washington.edu>
84
85         Web Inspector: remove CSS.setPropertyText, CSS.toggleProperty and related dead code
86         https://bugs.webkit.org/show_bug.cgi?id=140961
87
88         Reviewed by Timothy Hatcher.
89
90         * inspector/protocol/CSS.json: Remove unused protocol methods.
91
92 2015-01-28  Dana Burkart  <dburkart@apple.com>
93
94         Move ASan flag settings from DebugRelease.xcconfig to Base.xcconfig
95         https://bugs.webkit.org/show_bug.cgi?id=136765
96
97         Reviewed by Alexey Proskuryakov.
98
99         * Configurations/Base.xcconfig:
100         * Configurations/DebugRelease.xcconfig:
101
102 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
103
104         ExitSiteData saying m_takesSlowPath shouldn't mean early returning takesSlowPath() since for the non-LLInt case we later set m_couldTakeSlowPath, which is more precise
105         https://bugs.webkit.org/show_bug.cgi?id=140980
106
107         Reviewed by Oliver Hunt.
108
109         * bytecode/CallLinkStatus.cpp:
110         (JSC::CallLinkStatus::computeFor):
111
112 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
113
114         Move DFGBinarySwitch out of the DFG so that all of the JITs can use it
115         https://bugs.webkit.org/show_bug.cgi?id=140959
116
117         Rubber stamped by Geoffrey Garen.
118         
119         I want to use this for polymorphic stubs for https://bugs.webkit.org/show_bug.cgi?id=140660.
120         This code no longer has DFG dependencies so this is a very clean move.
121
122         * CMakeLists.txt:
123         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
124         * JavaScriptCore.xcodeproj/project.pbxproj:
125         * dfg/DFGBinarySwitch.cpp: Removed.
126         * dfg/DFGBinarySwitch.h: Removed.
127         * dfg/DFGSpeculativeJIT.cpp:
128         * jit/BinarySwitch.cpp: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.cpp.
129         * jit/BinarySwitch.h: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.h.
130
131 2015-01-27  Commit Queue  <commit-queue@webkit.org>
132
133         Unreviewed, rolling out r179192.
134         https://bugs.webkit.org/show_bug.cgi?id=140953
135
136         Caused numerous layout test failures (Requested by mattbaker_
137         on #webkit).
138
139         Reverted changeset:
140
141         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
142         pages"
143         https://bugs.webkit.org/show_bug.cgi?id=140900
144         http://trac.webkit.org/changeset/179192
145
146 2015-01-27  Michael Saboff  <msaboff@apple.com>
147
148         REGRESSION(r178591): 20% regression in Octane box2d
149         https://bugs.webkit.org/show_bug.cgi?id=140948
150
151         Reviewed by Geoffrey Garen.
152
153         Added check that we have a lexical environment to the arguments is captured check.
154         It doesn't make sense to resolve "arguments" when it really isn't captured.
155
156         * bytecompiler/BytecodeGenerator.cpp:
157         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
158
159 2015-01-26  Geoffrey Garen  <ggaren@apple.com>
160
161         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
162         https://bugs.webkit.org/show_bug.cgi?id=140900
163
164         Reviewed by Mark Hahnenberg.
165
166         Removes some more custom allocation code.
167
168         Looks like a speedup. (See results attached to bugzilla.)
169
170         Will hopefully reduce memory use by improving sharing between the GC and
171         malloc heaps.
172
173         * API/JSBase.cpp:
174         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
175         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
176         * JavaScriptCore.xcodeproj/project.pbxproj: Feed the compiler.
177
178         * heap/BlockAllocator.cpp: Removed.
179         * heap/BlockAllocator.h: Removed. No need for a custom allocator anymore.
180
181         * heap/CodeBlockSet.cpp:
182         (JSC::CodeBlockSet::CodeBlockSet):
183         * heap/CodeBlockSet.h: Feed the compiler.
184
185         * heap/CopiedBlock.h:
186         (JSC::CopiedBlock::createNoZeroFill):
187         (JSC::CopiedBlock::create):
188         (JSC::CopiedBlock::CopiedBlock):
189         (JSC::CopiedBlock::isOversize):
190         (JSC::CopiedBlock::payloadEnd):
191         (JSC::CopiedBlock::capacity):
192         * heap/CopiedBlockInlines.h:
193         (JSC::CopiedBlock::reportLiveBytes): Each copied block now tracks its
194         own size, since we can't rely on Region to tell us our size anymore.
195
196         * heap/CopiedSpace.cpp:
197         (JSC::CopiedSpace::~CopiedSpace):
198         (JSC::CopiedSpace::tryAllocateOversize):
199         (JSC::CopiedSpace::tryReallocateOversize):
200         * heap/CopiedSpaceInlines.h:
201         (JSC::CopiedSpace::recycleEvacuatedBlock):
202         (JSC::CopiedSpace::recycleBorrowedBlock):
203         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
204         (JSC::CopiedSpace::allocateBlock):
205         (JSC::CopiedSpace::startedCopying): Deallocate blocks directly, rather
206         than pushing them onto the block allocator's free list; the block
207         allocator doesn't exist anymore.
208
209         * heap/CopyWorkList.h:
210         (JSC::CopyWorkListSegment::create):
211         (JSC::CopyWorkListSegment::CopyWorkListSegment):
212         (JSC::CopyWorkList::~CopyWorkList):
213         (JSC::CopyWorkList::append):
214         (JSC::CopyWorkList::CopyWorkList): Deleted.
215         * heap/GCSegmentedArray.h:
216         (JSC::GCArraySegment::GCArraySegment):
217         * heap/GCSegmentedArrayInlines.h:
218         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
219         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
220         (JSC::GCSegmentedArray<T>::clear):
221         (JSC::GCSegmentedArray<T>::expand):
222         (JSC::GCSegmentedArray<T>::refill):
223         (JSC::GCArraySegment<T>::create):
224         * heap/GCThreadSharedData.cpp:
225         (JSC::GCThreadSharedData::GCThreadSharedData):
226         * heap/GCThreadSharedData.h: Feed the compiler.
227
228         * heap/HandleBlock.h:
229         * heap/HandleBlockInlines.h:
230         (JSC::HandleBlock::create):
231         (JSC::HandleBlock::HandleBlock):
232         (JSC::HandleBlock::payloadEnd):
233         * heap/HandleSet.cpp:
234         (JSC::HandleSet::~HandleSet):
235         (JSC::HandleSet::grow): Same as above.
236
237         * heap/Heap.cpp:
238         (JSC::Heap::Heap):
239         * heap/Heap.h: Removed the block allocator since it is unused now.
240
241         * heap/HeapBlock.h:
242         (JSC::HeapBlock::destroy):
243         (JSC::HeapBlock::HeapBlock):
244         (JSC::HeapBlock::region): Deleted. Removed the Region pointer from each
245         HeapBlock since a HeapBlock is just a normal allocation now.
246
247         * heap/HeapInlines.h:
248         (JSC::Heap::blockAllocator): Deleted.
249
250         * heap/HeapTimer.cpp:
251         * heap/MarkStack.cpp:
252         (JSC::MarkStackArray::MarkStackArray):
253         * heap/MarkStack.h: Feed the compiler.
254
255         * heap/MarkedAllocator.cpp:
256         (JSC::MarkedAllocator::allocateBlock): No need to use a custom code path
257         based on size, since we use a general purpose allocator now.
258
259         * heap/MarkedBlock.cpp:
260         (JSC::MarkedBlock::create):
261         (JSC::MarkedBlock::destroy):
262         (JSC::MarkedBlock::MarkedBlock):
263         * heap/MarkedBlock.h:
264         (JSC::MarkedBlock::capacity): Track block size explicitly, like CopiedBlock.
265
266         * heap/MarkedSpace.cpp:
267         (JSC::MarkedSpace::freeBlock):
268         * heap/MarkedSpace.h:
269
270         * heap/Region.h: Removed.
271
272         * heap/SlotVisitor.cpp:
273         (JSC::SlotVisitor::SlotVisitor): Removed reference to block allocator.
274
275         * heap/SuperRegion.cpp: Removed.
276         * heap/SuperRegion.h: Removed.
277
278         * heap/WeakBlock.cpp:
279         (JSC::WeakBlock::create):
280         (JSC::WeakBlock::WeakBlock):
281         * heap/WeakBlock.h:
282         * heap/WeakSet.cpp:
283         (JSC::WeakSet::~WeakSet):
284         (JSC::WeakSet::addAllocator):
285         (JSC::WeakSet::removeAllocator): Removed reference to block allocator.
286
287 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
288
289         [ARM] Typo fix after r176083
290         https://bugs.webkit.org/show_bug.cgi?id=140937
291
292         Reviewed by Anders Carlsson.
293
294         * assembler/ARMv7Assembler.h:
295         (JSC::ARMv7Assembler::ldrh):
296
297 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
298
299         [Win] Unreviewed gardening, skip failing tests.
300
301         * tests/exceptionFuzz.yaml: Skip exception fuzz tests due to bug140928.
302         * tests/mozilla/mozilla-tests.yaml: Skip ecma/Date/15.9.5.28-1.js due to bug140927.
303
304 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
305
306         [Win] Enable JSC stress tests by default
307         https://bugs.webkit.org/show_bug.cgi?id=128307
308
309         Unreviewed typo fix after r179165.
310
311         * tests/mozilla/mozilla-tests.yaml:
312
313 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
314
315         [Win] Enable JSC stress tests by default
316         https://bugs.webkit.org/show_bug.cgi?id=128307
317
318         Reviewed by Brent Fulgham.
319
320         * tests/mozilla/mozilla-tests.yaml: Skipped on Windows.
321         * tests/stress/ftl-arithcos.js: Skipped on Windows.
322
323 2015-01-26  Ryosuke Niwa  <rniwa@webkit.org>
324
325         Parse a function expression as a primary expression
326         https://bugs.webkit.org/show_bug.cgi?id=140908
327
328         Reviewed by Mark Lam.
329
330         Moved the code to generate an AST node for a function expression from parseMemberExpression
331         to parsePrimaryExpression to match the ES6 specification terminology:
332         https://people.mozilla.org/~jorendorff/es6-draft.html#sec-primary-expression
333
334         There should be no behavior change from this change since parsePrimaryExpression is only
335         called in parseMemberExpression other than the fact failIfStackOverflow() is called.
336
337         * parser/Parser.cpp:
338         (JSC::Parser<LexerType>::parsePrimaryExpression):
339         (JSC::Parser<LexerType>::parseMemberExpression):
340
341 2015-01-26  Myles C. Maxfield  <mmaxfield@apple.com>
342
343         [iOS] [SVG -> OTF Converter] Flip the switch off on iOS
344         https://bugs.webkit.org/show_bug.cgi?id=140860
345
346         Reviewed by Darin Adler.
347
348         The fonts it makes are grotesque. (See what I did there? Typographic
349         humor is the best humor.)
350
351         * Configurations/FeatureDefines.xcconfig:
352
353 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
354
355         Web Inspector: Rename InjectedScriptHost::type to subtype
356         https://bugs.webkit.org/show_bug.cgi?id=140841
357
358         Reviewed by Timothy Hatcher.
359
360         We were using this to set the subtype of an "object" type RemoteObject
361         so we should clean up the name and call it subtype.
362
363         * inspector/InjectedScriptHost.h:
364         * inspector/InjectedScriptSource.js:
365         * inspector/JSInjectedScriptHost.cpp:
366         (Inspector::JSInjectedScriptHost::subtype):
367         (Inspector::JSInjectedScriptHost::type): Deleted.
368         * inspector/JSInjectedScriptHost.h:
369         * inspector/JSInjectedScriptHostPrototype.cpp:
370         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
371         (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
372         (Inspector::jsInjectedScriptHostPrototypeFunctionType): Deleted.
373
374 2015-01-23  Michael Saboff  <msaboff@apple.com>
375
376         LayoutTests/js/script-tests/reentrant-caching.js crashing on 32 bit builds
377         https://bugs.webkit.org/show_bug.cgi?id=140843
378
379         Reviewed by Oliver Hunt.
380
381         When we are in vmEntryToJavaScript, we keep the stack pointer at an
382         alignment sutiable for pointing to a call frame header, which is the
383         alignment post making a call.  We adjust the sp when calling to JS code,
384         but don't adjust it before calling the out of stack handler.
385
386         * llint/LowLevelInterpreter32_64.asm:
387         Moved stack point down 8 bytes to get it aligned.
388
389 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
390
391         Web Inspector: Object Previews in the Console
392         https://bugs.webkit.org/show_bug.cgi?id=129204
393
394         Reviewed by Timothy Hatcher.
395
396         Update the very old, unused object preview code. Part of this comes from
397         the earlier WebKit legacy implementation, and the Blink implementation.
398
399         A RemoteObject may include a preview, if it is asked for, and if the
400         RemoteObject is an object. Previews are a shallow (single level) list
401         of a limited number of properties on the object. The previewed
402         properties are always stringified (even if primatives). Previews are
403         limited to just 5 properties or 100 indices. Previews are marked
404         as lossless if they are a complete snapshot of the object.
405
406         There is a path to make previews two levels deep, that is currently
407         unused but should soon be used for tables (e.g. IndexedDB).
408
409         * inspector/InjectedScriptSource.js:
410         - Move some code off of InjectedScript to be generic functions
411         usable by RemoteObject as well.
412         - Update preview generation to use 
413
414         * inspector/protocol/Runtime.json:
415         - Add a new type, "accessor" for preview objects. This represents
416         a getter / setter. We currently don't get the value.
417
418 2015-01-23  Michael Saboff  <msaboff@apple.com>
419
420         Immediate crash when setting JS breakpoint
421         https://bugs.webkit.org/show_bug.cgi?id=140811
422
423         Reviewed by Mark Lam.
424
425         When the DFG stack layout phase doesn't allocate a register for the scope register,
426         it incorrectly sets the scope register in the code block to a bad value, one with
427         an offset of 0.  Changed it so that we set the code block's scope register to the 
428         invalid VirtualRegister instead.
429
430         No tests needed as adding the ASSERT in setScopeRegister() was used to find the bug.
431         We crash with that ASSERT in testapi and likely many other tests as well.
432
433         * bytecode/CodeBlock.cpp:
434         (JSC::CodeBlock::CodeBlock):
435         * bytecode/CodeBlock.h:
436         (JSC::CodeBlock::setScopeRegister):
437         (JSC::CodeBlock::scopeRegister):
438         Added ASSERTs to catch any future improper setting of the code block's scope register.
439
440         * dfg/DFGStackLayoutPhase.cpp:
441         (JSC::DFG::StackLayoutPhase::run):
442
443 2015-01-22  Mark Hahnenberg  <mhahnenb@gmail.com>
444
445         EdenCollections unnecessarily visit SmallStrings
446         https://bugs.webkit.org/show_bug.cgi?id=140762
447
448         Reviewed by Geoffrey Garen.
449
450         * heap/Heap.cpp:
451         (JSC::Heap::copyBackingStores): Also added a GCPhase for copying
452         backing stores, which is a significant portion of garbage collection.
453         (JSC::Heap::visitSmallStrings): Check to see if we need to visit
454         SmallStrings based on the collection type.
455         * runtime/SmallStrings.cpp:
456         (JSC::SmallStrings::SmallStrings):
457         (JSC::SmallStrings::visitStrongReferences): Set the fact that we have
458         visited the SmallStrings since the last modification.
459         * runtime/SmallStrings.h:
460         (JSC::SmallStrings::needsToBeVisited): If we're doing a
461         FullCollection, we need to visit. Otherwise, it depends on whether
462         we've been visited since the last modification/allocation.
463
464 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
465
466         Add a build flag for ES6 class syntax
467         https://bugs.webkit.org/show_bug.cgi?id=140760
468
469         Reviewed by Michael Saboff.
470
471         Added ES6_CLASS_SYNTAX build flag and used it in tokenizer to recognize
472         "class", "extends", "static" and "super" keywords.
473
474         * Configurations/FeatureDefines.xcconfig:
475         * parser/Keywords.table:
476         * parser/ParserTokens.h:
477
478 2015-01-22  Commit Queue  <commit-queue@webkit.org>
479
480         Unreviewed, rolling out r178894.
481         https://bugs.webkit.org/show_bug.cgi?id=140775
482
483         Broke JSC and bindings tests (Requested by ap_ on #webkit).
484
485         Reverted changeset:
486
487         "put_by_val_direct need to check the property is index or not
488         for using putDirect / putDirectIndex"
489         https://bugs.webkit.org/show_bug.cgi?id=140426
490         http://trac.webkit.org/changeset/178894
491
492 2015-01-22  Mark Lam  <mark.lam@apple.com>
493
494         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
495         <https://webkit.org/b/140743>
496
497         Reviewed by Oliver Hunt.
498
499         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
500         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
501         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
502         for which ever captured variable is at local index 0.  In practice, this turns
503         out to be the local for the Arguments object.  In this reproduction case in the
504         bug, the wrong inferred value written there is the boolean true.
505
506         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
507         a check of the local for the Arguments object.  But because that local has a
508         wrong inferred value, the check always discovers a non-null value and we never
509         actually create the Arguments object.  Immediately after this, an OSR exit
510         occurs leaving the Arguments object local uninitialized.  Later on at arguments
511         tear off, we run into a boolean true where we had expected to find an Arguments
512         object, which in turn, leads to the crash.
513
514         The fix is to:
515         1. In the case where the resolveModeType is LocalClosureVar, change the
516            5th operand of op_put_to_scope to be a boolean.  True means that the
517            local var is watchable.  False means it is not watchable.  We no longer
518            pass the local index (instead of true) and UINT_MAX (instead of false).
519
520            This allows us to express more clearer in the code what that value means,
521            as well as remove the redundant way of getting the local's identifier.
522            The identifier is always the one passed in the 2nd operand. 
523
524         2. Previously, though intuitively, we know that the watchable variable
525            identifier should be the same as the one that is passed in operand 2, this
526            relationship was not clear in the code.  By code analysis, I confirmed that 
527            the callers of BytecodeGenerator::emitPutToScope() always use the same
528            identifier for operand 2 and for filling out the ResolveScopeInfo from
529            which we get the watchable variable identifier later.  I've changed the
530            code to make this clear now by always using the identifier passed in
531            operand 2.
532
533         3. In the case where the resolveModeType is LocalClosureVar,
534            initializeCapturedVariable() and emitPutToScope() will now query
535            hasWatchableVariable() to determine if the local is watchable or not.
536            Accordingly, we pass the boolean result of hasWatchableVariable() as
537            operand 5 of op_put_to_scope.
538
539         Also added some assertions.
540
541         * bytecode/CodeBlock.cpp:
542         (JSC::CodeBlock::CodeBlock):
543         * bytecompiler/BytecodeGenerator.cpp:
544         (JSC::BytecodeGenerator::initializeCapturedVariable):
545         (JSC::BytecodeGenerator::hasConstant):
546         (JSC::BytecodeGenerator::emitPutToScope):
547         * bytecompiler/BytecodeGenerator.h:
548         (JSC::BytecodeGenerator::hasWatchableVariable):
549         (JSC::BytecodeGenerator::watchableVariableIdentifier):
550         (JSC::BytecodeGenerator::watchableVariable): Deleted.
551
552 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
553
554         PropertyListNode::emitNode duplicates the code to put a constant property
555         https://bugs.webkit.org/show_bug.cgi?id=140761
556
557         Reviewed by Geoffrey Garen.
558
559         Extracted PropertyListNode::emitPutConstantProperty to share the code.
560
561         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
562
563         * bytecompiler/NodesCodegen.cpp:
564         (JSC::PropertyListNode::emitBytecode):
565         (JSC::PropertyListNode::emitPutConstantProperty): Added.
566         * parser/Nodes.h:
567
568 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
569
570         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
571         https://bugs.webkit.org/show_bug.cgi?id=140426
572
573         Reviewed by Geoffrey Garen.
574
575         In the put_by_val_direct operation, we use JSObject::putDirect.
576         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
577         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
578         It forces callers to check the value is index or not explicitly.
579         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
580
581         * bytecode/GetByIdStatus.cpp:
582         (JSC::GetByIdStatus::computeFor):
583         * bytecode/PutByIdStatus.cpp:
584         (JSC::PutByIdStatus::computeFor):
585         * bytecompiler/BytecodeGenerator.cpp:
586         (JSC::BytecodeGenerator::emitDirectPutById):
587         * dfg/DFGOperations.cpp:
588         (JSC::DFG::operationPutByValInternal):
589         * jit/JITOperations.cpp:
590         * jit/Repatch.cpp:
591         (JSC::emitPutTransitionStubAndGetOldStructure):
592         * jsc.cpp:
593         * llint/LLIntSlowPaths.cpp:
594         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
595         * runtime/Arguments.cpp:
596         (JSC::Arguments::getOwnPropertySlot):
597         (JSC::Arguments::put):
598         (JSC::Arguments::deleteProperty):
599         (JSC::Arguments::defineOwnProperty):
600         * runtime/ArrayPrototype.cpp:
601         (JSC::arrayProtoFuncSort):
602         * runtime/JSArray.cpp:
603         (JSC::JSArray::defineOwnProperty):
604         * runtime/JSCJSValue.cpp:
605         (JSC::JSValue::putToPrimitive):
606         * runtime/JSGenericTypedArrayViewInlines.h:
607         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
608         (JSC::JSGenericTypedArrayView<Adaptor>::put):
609         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
610         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
611         * runtime/JSObject.cpp:
612         (JSC::JSObject::put):
613         (JSC::JSObject::putDirectAccessor):
614         (JSC::JSObject::putDirectCustomAccessor):
615         (JSC::JSObject::deleteProperty):
616         (JSC::JSObject::putDirectMayBeIndex):
617         (JSC::JSObject::defineOwnProperty):
618         * runtime/JSObject.h:
619         (JSC::JSObject::getOwnPropertySlot):
620         (JSC::JSObject::getPropertySlot):
621         (JSC::JSObject::putDirectInternal):
622         * runtime/JSString.cpp:
623         (JSC::JSString::getStringPropertyDescriptor):
624         * runtime/JSString.h:
625         (JSC::JSString::getStringPropertySlot):
626         * runtime/LiteralParser.cpp:
627         (JSC::LiteralParser<CharType>::parse):
628         * runtime/PropertyName.h:
629         (JSC::toUInt32FromCharacters):
630         (JSC::toUInt32FromStringImpl):
631         (JSC::PropertyName::asIndex):
632         * runtime/PropertyNameArray.cpp:
633         (JSC::PropertyNameArray::add):
634         * runtime/StringObject.cpp:
635         (JSC::StringObject::deleteProperty):
636         * runtime/Structure.cpp:
637         (JSC::Structure::prototypeChainMayInterceptStoreTo):
638
639 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
640
641         Consolidate out arguments of parseFunctionInfo into a struct
642         https://bugs.webkit.org/show_bug.cgi?id=140754
643
644         Reviewed by Oliver Hunt.
645
646         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
647
648         * JavaScriptCore.xcodeproj/project.pbxproj:
649         * parser/ASTBuilder.h:
650         (JSC::ASTBuilder::createFunctionExpr):
651         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
652         ParserFunctionInfo since the property name and the function name could differ.
653         (JSC::ASTBuilder::createFuncDeclStatement):
654         * parser/Parser.cpp:
655         (JSC::Parser<LexerType>::parseFunctionInfo):
656         (JSC::Parser<LexerType>::parseFunctionDeclaration):
657         (JSC::Parser<LexerType>::parseProperty):
658         (JSC::Parser<LexerType>::parseMemberExpression):
659         * parser/Parser.h:
660         * parser/ParserFunctionInfo.h: Added.
661         * parser/SyntaxChecker.h:
662         (JSC::SyntaxChecker::createFunctionExpr):
663         (JSC::SyntaxChecker::createFuncDeclStatement):
664         (JSC::SyntaxChecker::createClassDeclStatement):
665         (JSC::SyntaxChecker::createGetterOrSetterProperty):
666
667 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
668
669         Change Heap::m_compiledCode to use a Vector
670         https://bugs.webkit.org/show_bug.cgi?id=140717
671
672         Reviewed by Andreas Kling.
673
674         Right now it's a DoublyLinkedList, which is iterated during each
675         collection. This contributes to some of the longish Eden pause times.
676         A Vector would be more appropriate and would also allow ExecutableBase
677         to be 2 pointers smaller.
678
679         * heap/Heap.cpp:
680         (JSC::Heap::deleteAllCompiledCode):
681         (JSC::Heap::deleteAllUnlinkedFunctionCode):
682         (JSC::Heap::clearUnmarkedExecutables):
683         * heap/Heap.h:
684         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
685
686 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
687
688         BytecodeGenerator shouldn't expose all of its member variables
689         https://bugs.webkit.org/show_bug.cgi?id=140752
690
691         Reviewed by Mark Lam.
692
693         Added "private:" and removed unused data members as detected by clang.
694
695         * bytecompiler/BytecodeGenerator.cpp:
696         (JSC::BytecodeGenerator::BytecodeGenerator):
697         * bytecompiler/BytecodeGenerator.h:
698         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
699         * bytecompiler/NodesCodegen.cpp:
700         (JSC::BinaryOpNode::emitBytecode):
701
702 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
703
704         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
705         https://bugs.webkit.org/show_bug.cgi?id=140746
706
707         Reviewed by Timothy Hatcher.
708
709         * inspector/InjectedScriptSource.js:
710         Do not add impure properties to the descriptor object that will
711         eventually be sent to the frontend.
712
713 2015-01-21  Matthew Mirman  <mmirman@apple.com>
714
715         Updated split such that it does not include the empty end of input string match.
716         https://bugs.webkit.org/show_bug.cgi?id=138129
717         <rdar://problem/18807403>
718
719         Reviewed by Filip Pizlo.
720
721         * runtime/StringPrototype.cpp:
722         (JSC::stringProtoFuncSplit):
723         * tests/stress/empty_eos_regex_split.js: Added.
724
725 2015-01-21  Michael Saboff  <msaboff@apple.com>
726
727         Eliminate Scope slot from JavaScript CallFrame
728         https://bugs.webkit.org/show_bug.cgi?id=136724
729
730         Reviewed by Geoffrey Garen.
731
732         This finishes the removal of the scope chain slot from the call frame header.
733
734         * dfg/DFGOSRExitCompilerCommon.cpp:
735         (JSC::DFG::reifyInlinedCallFrames):
736         * dfg/DFGPreciseLocalClobberize.h:
737         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
738         * dfg/DFGSpeculativeJIT32_64.cpp:
739         (JSC::DFG::SpeculativeJIT::emitCall):
740         * dfg/DFGSpeculativeJIT64.cpp:
741         (JSC::DFG::SpeculativeJIT::emitCall):
742         * ftl/FTLJSCall.cpp:
743         (JSC::FTL::JSCall::emit):
744         * ftl/FTLLowerDFGToLLVM.cpp:
745         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
746         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
747         * interpreter/JSStack.h:
748         * interpreter/VMInspector.cpp:
749         (JSC::VMInspector::dumpFrame):
750         * jit/JITCall.cpp:
751         (JSC::JIT::compileOpCall):
752         * jit/JITCall32_64.cpp:
753         (JSC::JIT::compileOpCall):
754         * jit/JITOpcodes32_64.cpp:
755         (JSC::JIT::privateCompileCTINativeCall):
756         * jit/Repatch.cpp:
757         (JSC::generateByIdStub):
758         (JSC::linkClosureCall):
759         * jit/ThunkGenerators.cpp:
760         (JSC::virtualForThunkGenerator):
761         (JSC::nativeForGenerator):
762         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
763         read or set.  In most cases this was where we make JS calls.
764
765         * interpreter/CallFrameClosure.h:
766         (JSC::CallFrameClosure::setArgument):
767         (JSC::CallFrameClosure::resetCallFrame): Deleted.
768         * interpreter/Interpreter.cpp:
769         (JSC::Interpreter::execute):
770         (JSC::Interpreter::executeCall):
771         (JSC::Interpreter::executeConstruct):
772         (JSC::Interpreter::prepareForRepeatCall):
773         * interpreter/ProtoCallFrame.cpp:
774         (JSC::ProtoCallFrame::init):
775         * interpreter/ProtoCallFrame.h:
776         (JSC::ProtoCallFrame::scope): Deleted.
777         (JSC::ProtoCallFrame::setScope): Deleted.
778         * llint/LLIntData.cpp:
779         (JSC::LLInt::Data::performAssertions):
780         * llint/LowLevelInterpreter.asm:
781         * llint/LowLevelInterpreter64.asm:
782         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
783         registers that needed to be copied from the ProtoCallFrame to a callee's frame
784         from 5 to 4.
785
786         * llint/LowLevelInterpreter32_64.asm:
787         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
788
789 2015-01-21  Michael Saboff  <msaboff@apple.com>
790
791         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
792         https://bugs.webkit.org/show_bug.cgi?id=140708
793
794         Reviewed by Mark Lam.
795
796         Eliminated construct methods and change getConstructData() for both classes to return
797         ConstructTypeNone as they can never be called.
798
799         * runtime/NullGetterFunction.cpp:
800         (JSC::NullGetterFunction::getConstructData):
801         (JSC::constructReturnUndefined): Deleted.
802         * runtime/NullSetterFunction.cpp:
803         (JSC::NullSetterFunction::getConstructData):
804         (JSC::constructReturnUndefined): Deleted.
805
806 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
807
808         Remove ENABLE(INSPECTOR) ifdef guards
809         https://bugs.webkit.org/show_bug.cgi?id=140668
810
811         Reviewed by Darin Adler.
812
813         * Configurations/FeatureDefines.xcconfig:
814         * bindings/ScriptValue.cpp:
815         (Deprecated::ScriptValue::toInspectorValue):
816         * bindings/ScriptValue.h:
817         * inspector/ConsoleMessage.cpp:
818         * inspector/ConsoleMessage.h:
819         * inspector/ContentSearchUtilities.cpp:
820         * inspector/ContentSearchUtilities.h:
821         * inspector/IdentifiersFactory.cpp:
822         * inspector/IdentifiersFactory.h:
823         * inspector/InjectedScript.cpp:
824         * inspector/InjectedScript.h:
825         * inspector/InjectedScriptBase.cpp:
826         * inspector/InjectedScriptBase.h:
827         * inspector/InjectedScriptHost.cpp:
828         * inspector/InjectedScriptHost.h:
829         * inspector/InjectedScriptManager.cpp:
830         * inspector/InjectedScriptManager.h:
831         * inspector/InjectedScriptModule.cpp:
832         * inspector/InjectedScriptModule.h:
833         * inspector/InspectorAgentRegistry.cpp:
834         * inspector/InspectorBackendDispatcher.cpp:
835         * inspector/InspectorBackendDispatcher.h:
836         * inspector/InspectorProtocolTypes.h:
837         * inspector/JSGlobalObjectConsoleClient.cpp:
838         * inspector/JSGlobalObjectInspectorController.cpp:
839         * inspector/JSGlobalObjectInspectorController.h:
840         * inspector/JSGlobalObjectScriptDebugServer.cpp:
841         * inspector/JSGlobalObjectScriptDebugServer.h:
842         * inspector/JSInjectedScriptHost.cpp:
843         * inspector/JSInjectedScriptHost.h:
844         * inspector/JSInjectedScriptHostPrototype.cpp:
845         * inspector/JSInjectedScriptHostPrototype.h:
846         * inspector/JSJavaScriptCallFrame.cpp:
847         * inspector/JSJavaScriptCallFrame.h:
848         * inspector/JSJavaScriptCallFramePrototype.cpp:
849         * inspector/JSJavaScriptCallFramePrototype.h:
850         * inspector/JavaScriptCallFrame.cpp:
851         * inspector/JavaScriptCallFrame.h:
852         * inspector/ScriptCallFrame.cpp:
853         (Inspector::ScriptCallFrame::buildInspectorObject):
854         * inspector/ScriptCallFrame.h:
855         * inspector/ScriptCallStack.cpp:
856         (Inspector::ScriptCallStack::buildInspectorArray):
857         * inspector/ScriptCallStack.h:
858         * inspector/ScriptDebugServer.cpp:
859         * inspector/agents/InspectorAgent.cpp:
860         * inspector/agents/InspectorAgent.h:
861         * inspector/agents/InspectorConsoleAgent.cpp:
862         * inspector/agents/InspectorConsoleAgent.h:
863         * inspector/agents/InspectorDebuggerAgent.cpp:
864         * inspector/agents/InspectorDebuggerAgent.h:
865         * inspector/agents/InspectorRuntimeAgent.cpp:
866         * inspector/agents/InspectorRuntimeAgent.h:
867         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
868         * inspector/agents/JSGlobalObjectConsoleAgent.h:
869         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
870         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
871         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
872         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
873         * inspector/scripts/codegen/cpp_generator_templates.py:
874         (CppGeneratorTemplates):
875         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
876         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
877         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
878         * inspector/scripts/tests/expected/enum-values.json-result:
879         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
880         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
881         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
882         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
883         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
884         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
885         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
886         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
887         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
888         * runtime/TypeSet.cpp:
889         (JSC::TypeSet::inspectorTypeSet):
890         (JSC::StructureShape::inspectorRepresentation):
891
892 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
893
894         Web Inspector: Clean up InjectedScriptSource.js
895         https://bugs.webkit.org/show_bug.cgi?id=140709
896
897         Reviewed by Timothy Hatcher.
898
899         This patch includes some relevant Blink patches and small changes.
900         
901         Patch by <aandrey@chromium.org>
902         DevTools: Remove console last result $_ on console clear.
903         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
904
905         Patch by <eustas@chromium.org>
906         [Inspect DOM properties] incorrect CSS Selector Syntax
907         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
908
909         * inspector/InjectedScriptSource.js:
910
911 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
912
913         Web Inspector: Cleanup RuntimeAgent a bit
914         https://bugs.webkit.org/show_bug.cgi?id=140706
915
916         Reviewed by Timothy Hatcher.
917
918         * inspector/InjectedScript.h:
919         * inspector/InspectorBackendDispatcher.h:
920         * inspector/ScriptCallFrame.cpp:
921         * inspector/agents/InspectorRuntimeAgent.cpp:
922         (Inspector::InspectorRuntimeAgent::evaluate):
923         (Inspector::InspectorRuntimeAgent::getProperties):
924         (Inspector::InspectorRuntimeAgent::run):
925         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
926         (Inspector::recompileAllJSFunctionsForTypeProfiling):
927         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
928
929 2015-01-20  Matthew Mirman  <mmirman@apple.com>
930
931         Made Identity in the DFG allocate a new temp register and move 
932         the old data to it.
933         https://bugs.webkit.org/show_bug.cgi?id=140700
934         <rdar://problem/19339106>
935
936         Reviewed by Filip Pizlo.
937
938         * dfg/DFGSpeculativeJIT64.cpp:
939         (JSC::DFG::SpeculativeJIT::compile): 
940         Added scratch registers for Identity. 
941         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
942
943 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
944
945         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
946         https://bugs.webkit.org/show_bug.cgi?id=137306
947
948         Reviewed by Timothy Hatcher.
949
950         Provide another optional parameter to getProperties, to gather a list
951         of all own and getter properties.
952
953         * inspector/InjectedScript.cpp:
954         (Inspector::InjectedScript::getProperties):
955         * inspector/InjectedScript.h:
956         * inspector/InjectedScriptSource.js:
957         * inspector/agents/InspectorRuntimeAgent.cpp:
958         (Inspector::InspectorRuntimeAgent::getProperties):
959         * inspector/agents/InspectorRuntimeAgent.h:
960         * inspector/protocol/Runtime.json:
961
962 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
963
964         Web Inspector: Should show dynamic specificity values
965         https://bugs.webkit.org/show_bug.cgi?id=140647
966
967         Reviewed by Benjamin Poulain.
968
969         * inspector/protocol/CSS.json:
970         Clarify CSSSelector optional values and add "dynamic" property indicating
971         if the selector can be dynamic based on the element it is matched against.
972
973 2015-01-20  Commit Queue  <commit-queue@webkit.org>
974
975         Unreviewed, rolling out r178751.
976         https://bugs.webkit.org/show_bug.cgi?id=140694
977
978         Caused 32-bit JSC test failures (Requested by JoePeck on
979         #webkit).
980
981         Reverted changeset:
982
983         "put_by_val_direct need to check the property is index or not
984         for using putDirect / putDirectIndex"
985         https://bugs.webkit.org/show_bug.cgi?id=140426
986         http://trac.webkit.org/changeset/178751
987
988 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
989
990         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
991         https://bugs.webkit.org/show_bug.cgi?id=140426
992
993         Reviewed by Geoffrey Garen.
994
995         In the put_by_val_direct operation, we use JSObject::putDirect.
996         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
997         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
998         It forces callers to check the value is index or not explicitly.
999         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1000
1001         * bytecode/GetByIdStatus.cpp:
1002         (JSC::GetByIdStatus::computeFor):
1003         * bytecode/PutByIdStatus.cpp:
1004         (JSC::PutByIdStatus::computeFor):
1005         * bytecompiler/BytecodeGenerator.cpp:
1006         (JSC::BytecodeGenerator::emitDirectPutById):
1007         * dfg/DFGOperations.cpp:
1008         (JSC::DFG::operationPutByValInternal):
1009         * jit/JITOperations.cpp:
1010         * jit/Repatch.cpp:
1011         (JSC::emitPutTransitionStubAndGetOldStructure):
1012         * jsc.cpp:
1013         * llint/LLIntSlowPaths.cpp:
1014         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1015         * runtime/Arguments.cpp:
1016         (JSC::Arguments::getOwnPropertySlot):
1017         (JSC::Arguments::put):
1018         (JSC::Arguments::deleteProperty):
1019         (JSC::Arguments::defineOwnProperty):
1020         * runtime/ArrayPrototype.cpp:
1021         (JSC::arrayProtoFuncSort):
1022         * runtime/JSArray.cpp:
1023         (JSC::JSArray::defineOwnProperty):
1024         * runtime/JSCJSValue.cpp:
1025         (JSC::JSValue::putToPrimitive):
1026         * runtime/JSGenericTypedArrayViewInlines.h:
1027         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
1028         (JSC::JSGenericTypedArrayView<Adaptor>::put):
1029         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1030         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
1031         * runtime/JSObject.cpp:
1032         (JSC::JSObject::put):
1033         (JSC::JSObject::putDirectAccessor):
1034         (JSC::JSObject::putDirectCustomAccessor):
1035         (JSC::JSObject::deleteProperty):
1036         (JSC::JSObject::putDirectMayBeIndex):
1037         (JSC::JSObject::defineOwnProperty):
1038         * runtime/JSObject.h:
1039         (JSC::JSObject::getOwnPropertySlot):
1040         (JSC::JSObject::getPropertySlot):
1041         (JSC::JSObject::putDirectInternal):
1042         * runtime/JSString.cpp:
1043         (JSC::JSString::getStringPropertyDescriptor):
1044         * runtime/JSString.h:
1045         (JSC::JSString::getStringPropertySlot):
1046         * runtime/LiteralParser.cpp:
1047         (JSC::LiteralParser<CharType>::parse):
1048         * runtime/PropertyName.h:
1049         (JSC::toUInt32FromCharacters):
1050         (JSC::toUInt32FromStringImpl):
1051         (JSC::PropertyName::asIndex):
1052         * runtime/PropertyNameArray.cpp:
1053         (JSC::PropertyNameArray::add):
1054         * runtime/StringObject.cpp:
1055         (JSC::StringObject::deleteProperty):
1056         * runtime/Structure.cpp:
1057         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1058
1059 2015-01-20  Michael Saboff  <msaboff@apple.com>
1060
1061         REGRESSION(178696): Sporadic crashes while garbage collecting
1062         https://bugs.webkit.org/show_bug.cgi?id=140688
1063
1064         Reviewed by Geoffrey Garen.
1065
1066         Added missing visitor.append(&thisObject->m_nullSetterFunction).
1067
1068         * runtime/JSGlobalObject.cpp:
1069         (JSC::JSGlobalObject::visitChildren):
1070
1071 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1072
1073         Web Replay: code generator should take supplemental specifications and allow cross-framework references
1074         https://bugs.webkit.org/show_bug.cgi?id=136312
1075
1076         Reviewed by Joseph Pecoraro.
1077
1078         Some types are shared between replay inputs from different frameworks.
1079         Previously, these type declarations were duplicated in every input
1080         specification file in which they were used. This caused some type encoding
1081         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
1082
1083         This patch teaches the replay inputs code generator to accept multiple
1084         input specification files. Inputs can freely reference types from other
1085         frameworks without duplicating declarations.
1086
1087         On the code generation side, the model could contain types and inputs from
1088         frameworks that are not the target framework. Only generate code for the
1089         target framework.
1090
1091         To properly generate cross-framework type encoding traits, use
1092         Type.encoding_type_argument in more places, and add the export macro for WebCore
1093         and the Test framework.
1094
1095         Adjust some tests so that enum coverage is preserved by moving the enum types
1096         into "Test" (the target framework for tests).
1097
1098         * JavaScriptCore.vcxproj/copy-files.cmd:
1099         For Windows, copy over JSInputs.json as if it were a private header.
1100
1101         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
1102         * replay/JSInputs.json:
1103         Put all primitive types and WTF types in this specification file.
1104
1105         * replay/scripts/CodeGeneratorReplayInputs.py:
1106         (Input.__init__):
1107         (InputsModel.__init__): Keep track of the input's framework.
1108         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
1109         and allow either types or inputs to be missing from a single file.
1110
1111         (InputsModel.parse_type_with_framework):
1112         (InputsModel.parse_input_with_framework):
1113         (Generator.should_generate_item): Added helper method.
1114         (Generator.generate_header): Filter inputs to generate.
1115         (Generator.generate_implementation): Filter inputs to generate.
1116         (Generator.generate_enum_trait_declaration): Filter enums to generate.
1117         Add WEBCORE_EXPORT macro to enum encoding traits.
1118
1119         (Generator.generate_for_each_macro): Filter inputs to generate.
1120         (Generator.generate_enum_trait_implementation): Filter enums to generate.
1121         (generate_from_specifications): Added.
1122         (generate_from_specifications.parse_json_from_file):
1123         (InputsModel.parse_toplevel): Deleted.
1124         (InputsModel.parse_type_with_framework_name): Deleted.
1125         (InputsModel.parse_input): Deleted.
1126         (generate_from_specification): Deleted.
1127         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
1128         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
1129         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
1130         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
1131         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1132         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
1133         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1134         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
1135         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1136         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
1137         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1138         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1139         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1140         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1141         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1142         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
1143         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
1144         * replay/scripts/tests/fail-on-duplicate-input-names.json:
1145         * replay/scripts/tests/fail-on-duplicate-type-names.json:
1146         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
1147         * replay/scripts/tests/fail-on-missing-input-member-name.json:
1148         * replay/scripts/tests/fail-on-missing-input-name.json:
1149         * replay/scripts/tests/fail-on-missing-input-queue.json:
1150         * replay/scripts/tests/fail-on-missing-type-mode.json:
1151         * replay/scripts/tests/fail-on-missing-type-name.json:
1152         * replay/scripts/tests/fail-on-no-inputs.json:
1153         Removed, no longer required to be in a single file.
1154
1155         * replay/scripts/tests/fail-on-no-types.json:
1156         Removed, no longer required to be in a single file.
1157
1158         * replay/scripts/tests/fail-on-unknown-input-queue.json:
1159         * replay/scripts/tests/fail-on-unknown-member-type.json:
1160         * replay/scripts/tests/fail-on-unknown-type-mode.json:
1161         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
1162         * replay/scripts/tests/generate-enum-encoding-helpers.json:
1163         * replay/scripts/tests/generate-enum-with-guard.json:
1164         Include enums that are and are not generated.
1165
1166         * replay/scripts/tests/generate-enums-with-same-base-name.json:
1167         * replay/scripts/tests/generate-event-loop-shape-types.json:
1168         * replay/scripts/tests/generate-input-with-guard.json:
1169         * replay/scripts/tests/generate-input-with-vector-members.json:
1170         * replay/scripts/tests/generate-inputs-with-flags.json:
1171         * replay/scripts/tests/generate-memoized-type-modes.json:
1172
1173 2015-01-20  Tomas Popela  <tpopela@redhat.com>
1174
1175         [GTK] Cannot compile 2.7.3 on PowerPC machines
1176         https://bugs.webkit.org/show_bug.cgi?id=140616
1177
1178         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
1179
1180         Reviewed by Csaba Osztrogonác.
1181
1182         * runtime/BasicBlockLocation.cpp:
1183
1184 2015-01-19  Michael Saboff  <msaboff@apple.com>
1185
1186         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
1187         https://bugs.webkit.org/show_bug.cgi?id=139418
1188
1189         Reviewed by Filip Pizlo.
1190
1191         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
1192         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
1193
1194         * CMakeLists.txt:
1195         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1196         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1197         * JavaScriptCore.xcodeproj/project.pbxproj:
1198         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
1199
1200         * runtime/GetterSetter.h:
1201         (JSC::GetterSetter::GetterSetter):
1202         (JSC::GetterSetter::isSetterNull):
1203         (JSC::GetterSetter::setSetter):
1204         Change setter instances from using NullGetterFunction to using NullSetterFunction.
1205
1206         * runtime/JSGlobalObject.cpp:
1207         (JSC::JSGlobalObject::init):
1208         * runtime/JSGlobalObject.h:
1209         (JSC::JSGlobalObject::nullSetterFunction):
1210         Added m_nullSetterFunction and accessor.
1211
1212         * runtime/NullSetterFunction.cpp: Added.
1213         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
1214         (JSC::GetCallerStrictnessFunctor::operator()):
1215         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
1216         (JSC::callerIsStrict):
1217         Method to determine if the caller is in strict mode.
1218
1219         (JSC::callReturnUndefined):
1220         (JSC::constructReturnUndefined):
1221         (JSC::NullSetterFunction::getCallData):
1222         (JSC::NullSetterFunction::getConstructData):
1223         * runtime/NullSetterFunction.h: Added.
1224         (JSC::NullSetterFunction::create):
1225         (JSC::NullSetterFunction::createStructure):
1226         (JSC::NullSetterFunction::NullSetterFunction):
1227         Class with handlers for a null setter.
1228
1229 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1230
1231         Web Inspector: Provide a front end for JSC's Control Flow Profiler
1232         https://bugs.webkit.org/show_bug.cgi?id=138454
1233
1234         Reviewed by Timothy Hatcher.
1235
1236         This patch puts the final touches on what JSC needs to provide
1237         for the Web Inspector to show a UI for the control flow profiler.
1238
1239         * inspector/agents/InspectorRuntimeAgent.cpp:
1240         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1241         * runtime/ControlFlowProfiler.cpp:
1242         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
1243         * runtime/FunctionHasExecutedCache.cpp:
1244         (JSC::FunctionHasExecutedCache::getFunctionRanges):
1245         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
1246         * runtime/FunctionHasExecutedCache.h:
1247
1248 2015-01-19  David Kilzer  <ddkilzer@apple.com>
1249
1250         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
1251         <http://webkit.org/b/140658>
1252
1253         Reviewed by Filip Pizlo.
1254
1255         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
1256         only when building for 64-bit architectures.
1257
1258 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
1259
1260         ClosureCallStubRoutine no longer needs codeOrigin
1261         https://bugs.webkit.org/show_bug.cgi?id=140659
1262
1263         Reviewed by Michael Saboff.
1264         
1265         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
1266         would start with the CodeBlock according to the caller frame's call frame header. But if the
1267         call was a closure call, the return PC would be inside some closure call stub. So if the
1268         CodeBlock search failed, we would search *all* closure call stub routines to see which one
1269         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
1270         object. This was all a bunch of madness, and we actually got rid of it - we now determine
1271         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
1272         argument count.
1273         
1274         This patch removes the final vestiges of the madness:
1275         
1276         - Remove the totally unused method declaration for the thing that did the closure call stub
1277           search.
1278         
1279         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
1280           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
1281           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
1282           anymore.
1283
1284         * bytecode/CodeBlock.h:
1285         * jit/ClosureCallStubRoutine.cpp:
1286         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
1287         * jit/ClosureCallStubRoutine.h:
1288         (JSC::ClosureCallStubRoutine::executable):
1289         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
1290         * jit/Repatch.cpp:
1291         (JSC::linkClosureCall):
1292
1293 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1294
1295         Basic block start offsets should never be larger than end offsets in the control flow profiler
1296         https://bugs.webkit.org/show_bug.cgi?id=140377
1297
1298         Reviewed by Filip Pizlo.
1299
1300         The bytecode generator will emit code more than once for some AST nodes. For instance, 
1301         the finally block of TryNode will emit two code paths for its finally block: one for 
1302         the normal path, and another for the path where an exception is thrown in the catch block. 
1303         
1304         This repeated code emission of the same AST node previously broke how the control 
1305         flow profiler computed text ranges of basic blocks because when the same AST node 
1306         is emitted multiple times, there is a good chance that there are ranges that span 
1307         from the end offset of one of these duplicated nodes back to the start offset of 
1308         the same duplicated node. This caused a basic block range to report a larger start 
1309         offset than end offset. This was incorrect. Now, when this situation is encountered 
1310         while linking a CodeBlock, the faulty range in question is ignored.
1311
1312         * bytecode/CodeBlock.cpp:
1313         (JSC::CodeBlock::CodeBlock):
1314         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1315         * bytecode/CodeBlock.h:
1316         * bytecompiler/NodesCodegen.cpp:
1317         (JSC::ForInNode::emitMultiLoopBytecode):
1318         (JSC::ForOfNode::emitBytecode):
1319         (JSC::TryNode::emitBytecode):
1320         * parser/Parser.cpp:
1321         (JSC::Parser<LexerType>::parseConditionalExpression):
1322         * runtime/ControlFlowProfiler.cpp:
1323         (JSC::ControlFlowProfiler::ControlFlowProfiler):
1324         * runtime/ControlFlowProfiler.h:
1325         (JSC::ControlFlowProfiler::dummyBasicBlock):
1326
1327 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
1328
1329         [SVG -> OTF Converter] Flip the switch on
1330         https://bugs.webkit.org/show_bug.cgi?id=140592
1331
1332         Reviewed by Antti Koivisto.
1333
1334         * Configurations/FeatureDefines.xcconfig:
1335
1336 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1337
1338         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
1339         https://bugs.webkit.org/show_bug.cgi?id=140512
1340
1341         Reviewed by Chris Dumez.
1342
1343         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
1344         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
1345         input types, and the type traits macro is defined in namespace WTF.
1346
1347         * replay/NondeterministicInput.h: Make overridden methods public.
1348         * replay/scripts/CodeGeneratorReplayInputs.py:
1349         (Generator.generate_header):
1350         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
1351         (Generator.generate_input_type_trait_declaration): Added.
1352         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
1353         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1354         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1355         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1356         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1357         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1358         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1359         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1360         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1361
1362 2015-01-19  Commit Queue  <commit-queue@webkit.org>
1363
1364         Unreviewed, rolling out r178653.
1365         https://bugs.webkit.org/show_bug.cgi?id=140634
1366
1367         Broke multiple SVG tests on Mountain Lion (Requested by ap on
1368         #webkit).
1369
1370         Reverted changeset:
1371
1372         "[SVG -> OTF Converter] Flip the switch on"
1373         https://bugs.webkit.org/show_bug.cgi?id=140592
1374         http://trac.webkit.org/changeset/178653
1375
1376 2015-01-18  Dean Jackson  <dino@apple.com>
1377
1378         ES6: Support Array.of construction
1379         https://bugs.webkit.org/show_bug.cgi?id=140605
1380         <rdar://problem/19513655>
1381
1382         Reviewed by Geoffrey Garen.
1383
1384         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
1385         specification (15 Jan 2015). The Array.of() method creates a new Array
1386         instance with a variable number of arguments, regardless of number or type
1387         of the arguments.
1388
1389         * runtime/ArrayConstructor.cpp:
1390         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
1391         over the arguments, setting them to the appropriate index.
1392
1393 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
1394
1395         [SVG -> OTF Converter] Flip the switch on
1396         https://bugs.webkit.org/show_bug.cgi?id=140592
1397
1398         Reviewed by Antti Koivisto.
1399
1400         * Configurations/FeatureDefines.xcconfig:
1401
1402 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
1403
1404         Web Inspector: highlight data for overlay should use protocol type builders
1405         https://bugs.webkit.org/show_bug.cgi?id=129441
1406
1407         Reviewed by Timothy Hatcher.
1408
1409         Add a new domain for overlay types.
1410
1411         * CMakeLists.txt:
1412         * DerivedSources.make:
1413         * inspector/protocol/OverlayTypes.json: Added.
1414
1415 2015-01-17  Michael Saboff  <msaboff@apple.com>
1416
1417         Crash in JSScope::resolve() on tools.ups.com
1418         https://bugs.webkit.org/show_bug.cgi?id=140579
1419
1420         Reviewed by Geoffrey Garen.
1421
1422         For op_resolve_scope of a global property or variable that needs to check for the var
1423         injection check watchpoint, we need to keep the scope around with a Phantom.  The
1424         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
1425         fired.
1426
1427         * dfg/DFGByteCodeParser.cpp:
1428         (JSC::DFG::ByteCodeParser::parseBlock):
1429
1430 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1431
1432         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
1433         https://bugs.webkit.org/show_bug.cgi?id=140557
1434
1435         Reviewed by Joseph Pecoraro.
1436
1437         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
1438         This makes it longwinded and confusing to use the type in C++ code.
1439
1440         This patch adds a typedef for array type declarations, so types such as Console::CallStack
1441         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
1442
1443         Some tests were updated to cover array type declarations used as parameters and type members.
1444
1445         * inspector/ScriptCallStack.cpp: Use the new typedef.
1446         (Inspector::ScriptCallStack::buildInspectorArray):
1447         * inspector/ScriptCallStack.h:
1448         * inspector/scripts/codegen/cpp_generator.py:
1449         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
1450         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1451         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
1452         (_generate_typedefs_for_domain.Inspector):
1453         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
1454         (ArrayType.__init__):
1455         (Protocol.resolve_types):
1456         (Protocol.lookup_type_reference):
1457         * inspector/scripts/tests/commands-with-async-attribute.json:
1458         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
1459         * inspector/scripts/tests/events-with-optional-parameters.json:
1460         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1461         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1462         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1463         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1464         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1465         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1466         * inspector/scripts/tests/type-declaration-object-type.json:
1467
1468 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1469
1470         Web Replay: purge remaining PassRefPtr uses and minor cleanup
1471         https://bugs.webkit.org/show_bug.cgi?id=140456
1472
1473         Reviewed by Andreas Kling.
1474
1475         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
1476         Remove mistaken uses of AtomicString that were not removed as part of r174113.
1477
1478         * replay/EmptyInputCursor.h:
1479         * replay/InputCursor.h:
1480         (JSC::InputCursor::InputCursor):
1481
1482 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1483
1484         Web Inspector: code generator should fail on duplicate parameter and member names
1485         https://bugs.webkit.org/show_bug.cgi?id=140555
1486
1487         Reviewed by Timothy Hatcher.
1488
1489         * inspector/scripts/codegen/models.py:
1490         (find_duplicates): Add a helper function to find duplicates in a list.
1491         (Protocol.parse_type_declaration):
1492         (Protocol.parse_command):
1493         (Protocol.parse_event):
1494         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
1495         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
1496         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
1497         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
1498         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
1499         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
1500         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
1501         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
1502
1503 2015-01-16  Michael Saboff  <msaboff@apple.com>
1504
1505         REGRESSION (r174226): Header on huffingtonpost.com is too large
1506         https://bugs.webkit.org/show_bug.cgi?id=140306
1507
1508         Reviewed by Filip Pizlo.
1509
1510         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
1511         arguments register or whether we need to resolve "arguments".  If the arguments have
1512         been captured, then they are stored in the lexical environment and the arguments
1513         register is not used.
1514
1515         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
1516         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
1517         better indicate what we are checking.
1518
1519         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
1520         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
1521         incorrectly calculated the location of the reified callee frame.  This alignment resulted
1522         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
1523
1524         * bytecompiler/BytecodeGenerator.cpp:
1525         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
1526         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
1527         (JSC::BytecodeGenerator::emitCall):
1528         (JSC::BytecodeGenerator::emitConstruct):
1529         (JSC::BytecodeGenerator::emitEnumeration):
1530         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
1531         * bytecompiler/BytecodeGenerator.h:
1532         * bytecompiler/NodesCodegen.cpp:
1533         (JSC::BracketAccessorNode::emitBytecode):
1534         (JSC::DotAccessorNode::emitBytecode):
1535         (JSC::getArgumentByVal):
1536         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1537         (JSC::ArrayPatternNode::emitDirectBinding):
1538         * dfg/DFGOSRExitCompilerCommon.cpp:
1539         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
1540         * dfg/DFGOperations.cpp:
1541         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1542         * dfg/DFGOperations.h:
1543         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1544
1545 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
1546
1547         Remove ENABLE(SQL_DATABASE) guards
1548         https://bugs.webkit.org/show_bug.cgi?id=140434
1549
1550         Reviewed by Darin Adler.
1551
1552         * CMakeLists.txt:
1553         * Configurations/FeatureDefines.xcconfig:
1554         * DerivedSources.make:
1555         * inspector/protocol/Database.json:
1556
1557 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
1558
1559         Web Inspector and regular console use different source code locations for messages
1560         https://bugs.webkit.org/show_bug.cgi?id=140478
1561
1562         Reviewed by Brian Burg.
1563
1564         * inspector/ConsoleMessage.h: Expose computed source location.
1565
1566         * inspector/agents/InspectorConsoleAgent.cpp:
1567         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1568         (Inspector::InspectorConsoleAgent::stopTiming):
1569         (Inspector::InspectorConsoleAgent::count):
1570         * inspector/agents/InspectorConsoleAgent.h:
1571         addMessageToConsole() now takes a pre-made ConsoleMessage object.
1572
1573         * inspector/JSGlobalObjectConsoleClient.cpp:
1574         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1575         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
1576         * inspector/JSGlobalObjectInspectorController.cpp:
1577         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1578         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1579         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1580         Updated for the above changes.
1581
1582 2015-01-15  Mark Lam  <mark.lam@apple.com>
1583
1584         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
1585         <https://webkit.org/b/140093>
1586
1587         Reviewed by Geoffrey Garen.
1588
1589         * interpreter/StackVisitor.cpp:
1590         (JSC::StackVisitor::Frame::createArguments):
1591         - We should not fetching the lexicalEnvironment here.  The reason we've
1592           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
1593           may not be available to us at this point.  Instead, we'll just pass a nullptr.
1594
1595         * runtime/Arguments.cpp:
1596         (JSC::Arguments::tearOffForCloning):
1597         * runtime/Arguments.h:
1598         (JSC::Arguments::finishCreation):
1599         - Use the new tearOffForCloning() to tear off arguments right out of the values
1600           passed on the stack.  tearOff() is not appropriate for this purpose because
1601           it takes slowArgumentsData into account.
1602
1603 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1604
1605         Removed accidental commit of "invalid_array.js" 
1606         http://trac.webkit.org/changeset/178439
1607
1608         * tests/stress/invalid_array.js: Removed.
1609
1610 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1611
1612         Fixes operationPutByIdOptimizes such that they check that the put didn't
1613         change the structure of the object who's property access is being
1614         cached.  Also removes uses of the new base value from the cache generation code.
1615         https://bugs.webkit.org/show_bug.cgi?id=139500
1616
1617         Reviewed by Filip Pizlo.
1618
1619         * jit/JITOperations.cpp:
1620         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
1621         (JSC::operationPutByIdNonStrictOptimize): ditto.
1622         (JSC::operationPutByIdDirectStrictOptimize): ditto.
1623         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
1624         * jit/Repatch.cpp:
1625         (JSC::generateByIdStub):
1626         (JSC::tryCacheGetByID):
1627         (JSC::tryBuildGetByIDList):
1628         (JSC::emitPutReplaceStub):
1629         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
1630         (JSC::tryCachePutByID):
1631         (JSC::repatchPutByID):
1632         (JSC::tryBuildPutByIdList):
1633         (JSC::tryRepatchIn):
1634         (JSC::emitPutTransitionStub): Deleted.
1635         * jit/Repatch.h:
1636         * llint/LLIntSlowPaths.cpp:
1637         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1638         * runtime/JSPropertyNameEnumerator.h:
1639         (JSC::genericPropertyNameEnumerator):
1640         * runtime/Operations.h:
1641         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
1642         (JSC::normalizePrototypeChain): restructured to not use the base value.
1643         * tests/mozilla/mozilla-tests.yaml:
1644         * tests/stress/proto-setter.js: Added.
1645         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
1646         Added test that fails without this patch.
1647
1648 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
1649
1650         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
1651         https://bugs.webkit.org/show_bug.cgi?id=140404
1652
1653         Reviewed by Timothy Hatcher.
1654
1655         * inspector/protocol/Timeline.json:
1656
1657 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1658
1659         DFG can call PutByValDirect for generic arrays
1660         https://bugs.webkit.org/show_bug.cgi?id=140389
1661
1662         Reviewed by Geoffrey Garen.
1663
1664         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
1665         However, current DFG asserts that put_by_val_direct is not used for the generic array,
1666         the assertion failure is raised.
1667         This patch allow DFG to use put_by_val_direct to generic arrays.
1668
1669         And fix the DFG put_by_val_direct implementation for string properties.
1670         At first, put_by_val_direct is inteded to be used for spread elements.
1671         So the property keys were limited to numbers (indexes).
1672         But now, it's also used for computed properties in object initializers.
1673
1674         * dfg/DFGOperations.cpp:
1675         (JSC::DFG::operationPutByValInternal):
1676         * dfg/DFGSpeculativeJIT64.cpp:
1677         (JSC::DFG::SpeculativeJIT::compile):
1678
1679 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
1680
1681         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
1682         https://bugs.webkit.org/show_bug.cgi?id=140397
1683
1684         Reviewed by Geoffrey Garen.
1685
1686         Patch by Alexey Proskuryakov.
1687
1688         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
1689
1690         No performance change.
1691
1692         No test, since this is a small past-the-end read, which is very
1693         difficult to turn into a reproducible failing test -- and existing tests
1694         crash reliably using ASan.
1695
1696         * bytecompiler/NodesCodegen.cpp:
1697         (JSC::BracketAccessorNode::emitBytecode):
1698         (JSC::DotAccessorNode::emitBytecode):
1699         (JSC::FunctionCallBracketNode::emitBytecode):
1700         (JSC::PostfixNode::emitResolve):
1701         (JSC::DeleteBracketNode::emitBytecode):
1702         (JSC::DeleteDotNode::emitBytecode):
1703         (JSC::PrefixNode::emitResolve):
1704         (JSC::UnaryOpNode::emitBytecode):
1705         (JSC::BitwiseNotNode::emitBytecode):
1706         (JSC::BinaryOpNode::emitBytecode):
1707         (JSC::EqualNode::emitBytecode):
1708         (JSC::StrictEqualNode::emitBytecode):
1709         (JSC::ThrowableBinaryOpNode::emitBytecode):
1710         (JSC::AssignDotNode::emitBytecode):
1711         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1712         register used across a call to a function that might allocate a new
1713         temporary register must be held in a RefPtr.
1714
1715 2015-01-12  Michael Saboff  <msaboff@apple.com>
1716
1717         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1718         https://bugs.webkit.org/show_bug.cgi?id=140348
1719
1720         Reviewed by Mark Lam.
1721
1722         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1723         because those registers may have been spilled on the stack and replaced with other values by
1724         the time we call down to gatherFromCurrentThread().
1725
1726         Now we get the register contents at the same place that we demarcate the current top of
1727         stack using the address of a local variable, in Heap::markRoots().  The register contents
1728         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1729         in the call tree and no lower, as markRoots() calls various functions that visit object
1730         pointers that may be latter proven dead.  Any of those pointers that are left on the
1731         stack or in registers could be incorrectly marked as live if we scan the stack contents
1732         from a called function or one of its callees.  The stack demarcation pointer and register
1733         saving need to be done in the same function so that we have a consistent stack, active
1734         and spilled registers.
1735
1736         Because we don't want to make unnecessary calls to get the register contents, we use
1737         a macro to allocated, and possibly align, the register structure and get the actual
1738         register contents.
1739
1740
1741         * heap/Heap.cpp:
1742         (JSC::Heap::markRoots):
1743         (JSC::Heap::gatherStackRoots):
1744         * heap/Heap.h:
1745         * heap/MachineStackMarker.cpp:
1746         (JSC::MachineThreads::gatherFromCurrentThread):
1747         (JSC::MachineThreads::gatherConservativeRoots):
1748         * heap/MachineStackMarker.h:
1749
1750 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1751
1752         Add basic pattern matching support to the url filters
1753         https://bugs.webkit.org/show_bug.cgi?id=140283
1754
1755         Reviewed by Andreas Kling.
1756
1757         * JavaScriptCore.xcodeproj/project.pbxproj:
1758         Make YarrParser.h private in order to use it from WebCore.
1759
1760 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1761
1762         Out of bounds read in IdentifierArena::makeIdentifier
1763         https://bugs.webkit.org/show_bug.cgi?id=140376
1764
1765         Patch by Alexey Proskuryakov.
1766
1767         Reviewed and ChangeLogged by Geoffrey Garen.
1768
1769         No test, since this is a small past-the-end read, which is very
1770         difficult to turn into a reproducible failing test -- and existing tests
1771         crash reliably using ASan.
1772
1773         * parser/ParserArena.h:
1774         (JSC::IdentifierArena::makeIdentifier):
1775         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1776         zero-length string input, like we do in the literal parser, since it is
1777         not valid to dereference characters in a zero-length string.
1778
1779         A zero-length string is allowed in JavaScript -- for example, "".
1780
1781 2015-01-11  Sam Weinig  <sam@webkit.org>
1782
1783         Remove support for SharedWorkers
1784         https://bugs.webkit.org/show_bug.cgi?id=140344
1785
1786         Reviewed by Anders Carlsson.
1787
1788         * Configurations/FeatureDefines.xcconfig:
1789
1790 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1791
1792         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1793         https://bugs.webkit.org/show_bug.cgi?id=136769
1794
1795         Reviewed by Antti Koivisto.
1796
1797         * Configurations/FeatureDefines.xcconfig:
1798
1799 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1800
1801         Unreviewed, rolling out r178266.
1802         https://bugs.webkit.org/show_bug.cgi?id=140363
1803
1804         Broke a JSC test (Requested by ap on #webkit).
1805
1806         Reverted changeset:
1807
1808         "Local JSArray* "keys" in objectConstructorKeys() is not
1809         marked during garbage collection"
1810         https://bugs.webkit.org/show_bug.cgi?id=140348
1811         http://trac.webkit.org/changeset/178266
1812
1813 2015-01-12  Michael Saboff  <msaboff@apple.com>
1814
1815         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1816         https://bugs.webkit.org/show_bug.cgi?id=140348
1817
1818         Reviewed by Mark Lam.
1819
1820         Move the address of the local variable that is used to demarcate the top of the stack for 
1821         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1822         the register values using setjmp().  That way we don't lose any callee save register
1823         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1824         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1825         erroneously.
1826
1827         * heap/Heap.cpp:
1828         (JSC::Heap::markRoots):
1829         (JSC::Heap::gatherStackRoots):
1830         * heap/Heap.h:
1831         * heap/MachineStackMarker.cpp:
1832         (JSC::MachineThreads::gatherFromCurrentThread):
1833         (JSC::MachineThreads::gatherConservativeRoots):
1834         * heap/MachineStackMarker.h:
1835
1836 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1837
1838         Fix typo in testate.c error messages
1839         https://bugs.webkit.org/show_bug.cgi?id=140305
1840
1841         Reviewed by Geoffrey Garen.
1842
1843         * API/tests/testapi.c:
1844         (main): "... script did not timed out ..." -> "... script did not time out ..."
1845
1846 2015-01-09  Michael Saboff  <msaboff@apple.com>
1847
1848         Breakpoint doesn't fire in this HTML5 game
1849         https://bugs.webkit.org/show_bug.cgi?id=140269
1850
1851         Reviewed by Mark Lam.
1852
1853         When parsing a single line cached function, use the lineStartOffset of the
1854         location where we found the cached function instead of the cached lineStartOffset.
1855         The cache location's lineStartOffset has not been adjusted for any possible
1856         containing functions.
1857
1858         This change is not needed for multi-line cached functions.  Consider the
1859         single line source:
1860
1861         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1862
1863         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1864         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1865         character is at outer()'s outermost open brace.  That is what we should use for
1866         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1867         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1868         to use the value of lineStartOffset before we started parsing inner1().  That is
1869         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1870
1871         For a multi-line function, the close brace is guaranteed to be on a different line
1872         than the open brace.  Hence, its lineStartOffset will not change with the change of
1873         the SourceCode start character
1874
1875         * parser/Parser.cpp:
1876         (JSC::Parser<LexerType>::parseFunctionInfo):
1877
1878 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1879
1880         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1881         https://bugs.webkit.org/show_bug.cgi?id=140279
1882         rdar://problem/19422299
1883
1884         Reviewed by Oliver Hunt.
1885
1886         * runtime/MapData.cpp:
1887         (JSC::MapData::replaceAndPackBackingStore):
1888         The cell table also needs to have its values fixed.
1889
1890 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1891
1892         Web Inspector: Remove or use TimelineAgent Resource related event types
1893         https://bugs.webkit.org/show_bug.cgi?id=140155
1894
1895         Reviewed by Timothy Hatcher.
1896
1897         Remove unused / stale Timeline event types.
1898
1899         * inspector/protocol/Timeline.json:
1900
1901 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1902
1903         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1904         https://bugs.webkit.org/show_bug.cgi?id=140098
1905
1906         Reviewed by Brian Burg.
1907
1908         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1909
1910 2015-01-08  Mark Lam  <mark.lam@apple.com>
1911
1912         Argument object created by "Function dot arguments" should use a clone of the argument values.
1913         <https://webkit.org/b/140093>
1914
1915         Reviewed by Geoffrey Garen.
1916
1917         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1918         test will crash.  The relevant code which manifests the issue is as follows:
1919
1920             function bar() {
1921                 return foo.arguments;
1922             }
1923
1924             function foo(p) {
1925                 var x = 42;
1926                 if (p)
1927                     return (function() { return x; });
1928                 else
1929                     return bar();
1930             }
1931
1932         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1933         has dead code eliminated the SetLocal that stores it into its designated local.
1934         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1935         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1936         but instead, finds it to be uninitialized.  This results in a null pointer access
1937         which causes a crash.
1938
1939         This can be resolved by having bar() instantiate a clone of the Arguments object
1940         instead, and populate its elements with values fetched directly from foo's frame.
1941         There's no need to reference foo's LexicalEnvironment (whether present or not).
1942
1943         * interpreter/StackVisitor.cpp:
1944         (JSC::StackVisitor::Frame::createArguments):
1945         * runtime/Arguments.h:
1946         (JSC::Arguments::finishCreation):
1947
1948 2015-01-08  Mark Lam  <mark.lam@apple.com>
1949
1950         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1951         <https://webkit.org/b/140236>
1952
1953         Reviewed by Geoffrey Garen.
1954
1955         Will change the DFG to use the operand on a subsequent pass.  For now,
1956         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1957         retain the old behavior of getting the lexicalEnviroment from the
1958         ExecState.
1959
1960         * bytecompiler/BytecodeGenerator.cpp:
1961         (JSC::BytecodeGenerator::BytecodeGenerator):
1962         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1963         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1964         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1965           instead of an empty JSValue as the lexicalEnvironment operand.
1966
1967         * dfg/DFGOperations.cpp:
1968         - Use the lexicalEnvironment from the ExecState for now.
1969
1970         * dfg/DFGSpeculativeJIT32_64.cpp:
1971         (JSC::DFG::SpeculativeJIT::compile):
1972         * dfg/DFGSpeculativeJIT64.cpp:
1973         (JSC::DFG::SpeculativeJIT::compile):
1974         - Use the operationCreateArgumentsForDFG() thunk for now.
1975
1976         * interpreter/CallFrame.cpp:
1977         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1978         * interpreter/CallFrame.h:
1979         - Added this convenience function to return either the
1980           lexicalEnvironment or a nullptr so that we don't need to do a
1981           conditional check on codeBlock->needsActivation() at multiple sites.
1982
1983         * interpreter/StackVisitor.cpp:
1984         (JSC::StackVisitor::Frame::createArguments):
1985         * jit/JIT.h:
1986         * jit/JITInlines.h:
1987         (JSC::JIT::callOperation):
1988         * jit/JITOpcodes.cpp:
1989         (JSC::JIT::emit_op_create_arguments):
1990         (JSC::JIT::emitSlow_op_get_argument_by_val):
1991         * jit/JITOpcodes32_64.cpp:
1992         (JSC::JIT::emit_op_create_arguments):
1993         (JSC::JIT::emitSlow_op_get_argument_by_val):
1994         * jit/JITOperations.cpp:
1995         * jit/JITOperations.h:
1996         * llint/LLIntSlowPaths.cpp:
1997         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1998         * runtime/Arguments.h:
1999         (JSC::Arguments::create):
2000         (JSC::Arguments::finishCreation):
2001         * runtime/CommonSlowPaths.cpp:
2002         (JSC::SLOW_PATH_DECL):
2003         * runtime/JSLexicalEnvironment.cpp:
2004         (JSC::JSLexicalEnvironment::argumentsGetter):
2005
2006 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2007
2008         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
2009         https://bugs.webkit.org/show_bug.cgi?id=138991
2010
2011         Reviewed by Timothy Hatcher.
2012
2013         * debugger/Debugger.cpp:
2014         (JSC::Debugger::Debugger):
2015         (JSC::Debugger::pauseIfNeeded):
2016         (JSC::Debugger::didReachBreakpoint):
2017         When actually pausing, if we hit a breakpoint ensure the reason
2018         is PausedForBreakpoint, otherwise use the current reason.
2019
2020         * debugger/Debugger.h:
2021         Make pause reason and pausing breakpoint ID public.
2022
2023         * inspector/agents/InspectorDebuggerAgent.h:
2024         * inspector/agents/InspectorDebuggerAgent.cpp:
2025         (Inspector::buildAssertPauseReason):
2026         (Inspector::buildCSPViolationPauseReason):
2027         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
2028         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
2029         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2030         (Inspector::buildObjectForBreakpointCookie):
2031         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2032         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
2033         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2034         (Inspector::InspectorDebuggerAgent::pause):
2035         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2036         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2037         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
2038         Clean up creation of pause reason objects and other cleanup
2039         of PassRefPtr use and InjectedScript use.
2040
2041         (Inspector::InspectorDebuggerAgent::didPause):
2042         Clean up so that we first check for an Exception, and then fall
2043         back to including a Pause Reason derived from the Debugger.
2044
2045         * inspector/protocol/Debugger.json:
2046         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
2047
2048 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2049
2050         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
2051         https://bugs.webkit.org/show_bug.cgi?id=140209
2052
2053         Reviewed by Timothy Hatcher.
2054
2055         Check the types of objects in NSArrays for all interfaces (commands, events, types)
2056         when the user can set an array of objects. Previously we were only type checking
2057         they were RWIJSONObjects, now we add an explicit check for the exact object type.
2058
2059         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2060         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2061         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2062         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2063         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2064         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2065         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
2066         * inspector/scripts/codegen/objc_generator.py:
2067         (ObjCGenerator.objc_class_for_array_type):
2068         (ObjCGenerator):
2069
2070 2015-01-07  Mark Lam  <mark.lam@apple.com>
2071
2072         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
2073         <https://webkit.org/b/140233>
2074
2075         Reviewed by Filip Pizlo.
2076
2077         This patch only adds the operand to the bytecode.  It is not in use yet.
2078
2079         * bytecode/BytecodeList.json:
2080         * bytecode/BytecodeUseDef.h:
2081         (JSC::computeUsesForBytecodeOffset):
2082         * bytecode/CodeBlock.cpp:
2083         (JSC::CodeBlock::dumpBytecode):
2084         * bytecompiler/BytecodeGenerator.cpp:
2085         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2086         * llint/LowLevelInterpreter32_64.asm:
2087         * llint/LowLevelInterpreter64.asm:
2088
2089 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2090
2091         Investigate the character type of repeated string instead of checking is8Bit flag
2092         https://bugs.webkit.org/show_bug.cgi?id=140139
2093
2094         Reviewed by Darin Adler.
2095
2096         Instead of checking is8Bit flag of the repeated string, investigate
2097         the actual value of the repeated character since i8Bit flag give a false negative case.
2098
2099         * runtime/StringPrototype.cpp:
2100         (JSC::repeatCharacter):
2101         (JSC::stringProtoFuncRepeat):
2102         (JSC::repeatSmallString): Deleted.
2103
2104 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2105
2106         Web Inspector: ObjC Generate types from the GenericTypes domain
2107         https://bugs.webkit.org/show_bug.cgi?id=140229
2108
2109         Reviewed by Timothy Hatcher.
2110
2111         Generate types from the GenericTypes domain, as they are expected
2112         by other domains (like Page domain). Also, don't include the @protocol
2113         forward declaration for a domain if it doesn't have any commands.
2114
2115         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2116         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
2117         (ObjCBackendDispatcherHeaderGenerator): Deleted.
2118         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
2119         * inspector/scripts/codegen/objc_generator.py:
2120         (ObjCGenerator):
2121         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2122         * inspector/scripts/tests/expected/enum-values.json-result:
2123         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2124         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2125         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2126         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2127         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2128         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2129         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2130         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2131         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2132
2133 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2134
2135         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
2136         https://bugs.webkit.org/show_bug.cgi?id=140228
2137
2138         Reviewed by Timothy Hatcher.
2139
2140         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2141         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2142         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2143         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2144         * inspector/scripts/tests/expected/enum-values.json-result:
2145         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2146
2147 2015-01-07  Saam Barati  <saambarati1@gmail.com>
2148
2149         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
2150         https://bugs.webkit.org/show_bug.cgi?id=140165
2151
2152         Reviewed by Michael Saboff.
2153
2154         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
2155         into the LLInt speeds up type profiling.
2156
2157         * llint/LLIntOffsetsExtractor.cpp:
2158         * llint/LowLevelInterpreter.asm:
2159         * llint/LowLevelInterpreter32_64.asm:
2160         * llint/LowLevelInterpreter64.asm:
2161         * runtime/CommonSlowPaths.cpp:
2162         (JSC::SLOW_PATH_DECL):
2163         * runtime/CommonSlowPaths.h:
2164         * runtime/TypeProfilerLog.h:
2165         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
2166
2167 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
2168
2169         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2170         https://bugs.webkit.org/show_bug.cgi?id=140053
2171
2172         Reviewed by Andreas Kling.
2173
2174         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2175         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2176         references are always non-null. These two refactorings have been combined since
2177         they tend to require similar changes to the code.
2178
2179         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2180         have been updated to take a Ref instead of RefPtr.
2181
2182         Builders for typed protocol objects now return a Ref. Since there is no implicit
2183         call to operator&, callsites now must explicitly call .release() to convert a
2184         builder object into the corresponding protocol object once required fields are set.
2185         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2186
2187         Tests for inspector protocol and replay inputs have been rebaselined.
2188
2189         * bindings/ScriptValue.cpp:
2190         (Deprecated::jsToInspectorValue):
2191         (Deprecated::ScriptValue::toInspectorValue):
2192         * bindings/ScriptValue.h:
2193         * inspector/ConsoleMessage.cpp:
2194         (Inspector::ConsoleMessage::addToFrontend):
2195         * inspector/ContentSearchUtilities.cpp:
2196         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2197         (Inspector::ContentSearchUtilities::searchInTextByLines):
2198         * inspector/ContentSearchUtilities.h:
2199         * inspector/InjectedScript.cpp:
2200         (Inspector::InjectedScript::getFunctionDetails):
2201         (Inspector::InjectedScript::getProperties):
2202         (Inspector::InjectedScript::getInternalProperties):
2203         (Inspector::InjectedScript::wrapCallFrames):
2204         (Inspector::InjectedScript::wrapObject):
2205         (Inspector::InjectedScript::wrapTable):
2206         * inspector/InjectedScript.h:
2207         * inspector/InjectedScriptBase.cpp:
2208         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2209         * inspector/InspectorBackendDispatcher.cpp:
2210         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2211         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2212         (Inspector::InspectorBackendDispatcher::create):
2213         (Inspector::InspectorBackendDispatcher::dispatch):
2214         (Inspector::InspectorBackendDispatcher::sendResponse):
2215         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2216         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2217         (Inspector::InspectorBackendDispatcher::getInteger):
2218         (Inspector::InspectorBackendDispatcher::getDouble):
2219         (Inspector::InspectorBackendDispatcher::getString):
2220         (Inspector::InspectorBackendDispatcher::getBoolean):
2221         (Inspector::InspectorBackendDispatcher::getObject):
2222         (Inspector::InspectorBackendDispatcher::getArray):
2223         (Inspector::InspectorBackendDispatcher::getValue):
2224         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2225         protocol error strings.
2226         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2227         Convert the supplemental dispatcher's reference to Ref since it is never null.
2228         * inspector/InspectorEnvironment.h:
2229         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2230         StructItemTraits. Add more versions of addItem to handle pushing various types.
2231         (Inspector::Protocol::Array::openAccessors):
2232         (Inspector::Protocol::Array::addItem):
2233         (Inspector::Protocol::Array::create):
2234         (Inspector::Protocol::StructItemTraits::push):
2235         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2236         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2237         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2238         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2239         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2240         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2241         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2242         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2243         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2244         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2245         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2246         the same call signature as other getters. Use Ref where possible.
2247         (Inspector::InspectorObjectBase::getBoolean):
2248         (Inspector::InspectorObjectBase::getString):
2249         (Inspector::InspectorObjectBase::getObject):
2250         (Inspector::InspectorObjectBase::getArray):
2251         (Inspector::InspectorObjectBase::getValue):
2252         (Inspector::InspectorObjectBase::writeJSON):
2253         (Inspector::InspectorArrayBase::get):
2254         (Inspector::InspectorObject::create):
2255         (Inspector::InspectorArray::create):
2256         (Inspector::InspectorValue::null):
2257         (Inspector::InspectorString::create):
2258         (Inspector::InspectorBasicValue::create):
2259         (Inspector::InspectorObjectBase::get): Deleted.
2260         * inspector/InspectorValues.h:
2261         (Inspector::InspectorObjectBase::setValue):
2262         (Inspector::InspectorObjectBase::setObject):
2263         (Inspector::InspectorObjectBase::setArray):
2264         (Inspector::InspectorArrayBase::pushValue):
2265         (Inspector::InspectorArrayBase::pushObject):
2266         (Inspector::InspectorArrayBase::pushArray):
2267         * inspector/JSGlobalObjectConsoleClient.cpp:
2268         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2269         (Inspector::JSGlobalObjectConsoleClient::count):
2270         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2271         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2272         * inspector/JSGlobalObjectConsoleClient.h:
2273         * inspector/JSGlobalObjectInspectorController.cpp:
2274         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2275         * inspector/JSGlobalObjectInspectorController.h:
2276         * inspector/ScriptCallFrame.cpp:
2277         (Inspector::ScriptCallFrame::buildInspectorObject):
2278         * inspector/ScriptCallFrame.h:
2279         * inspector/ScriptCallStack.cpp:
2280         (Inspector::ScriptCallStack::create):
2281         (Inspector::ScriptCallStack::buildInspectorArray):
2282         * inspector/ScriptCallStack.h:
2283         * inspector/agents/InspectorAgent.cpp:
2284         (Inspector::InspectorAgent::enable):
2285         (Inspector::InspectorAgent::inspect):
2286         (Inspector::InspectorAgent::activateExtraDomain):
2287         * inspector/agents/InspectorAgent.h:
2288         * inspector/agents/InspectorDebuggerAgent.cpp:
2289         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2290         (Inspector::buildObjectForBreakpointCookie):
2291         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2292         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2293         (Inspector::InspectorDebuggerAgent::continueToLocation):
2294         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2295         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2296         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2297         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2298         (Inspector::InspectorDebuggerAgent::didParseSource):
2299         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2300         (Inspector::InspectorDebuggerAgent::breakProgram):
2301         * inspector/agents/InspectorDebuggerAgent.h:
2302         * inspector/agents/InspectorRuntimeAgent.cpp:
2303         (Inspector::buildErrorRangeObject):
2304         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2305         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2306         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2307         * inspector/agents/InspectorRuntimeAgent.h:
2308         * inspector/scripts/codegen/cpp_generator.py:
2309         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2310         (CppGenerator.cpp_type_for_type_with_name):
2311         (CppGenerator.cpp_type_for_formal_async_parameter):
2312         (CppGenerator.should_use_references_for_type):
2313         (CppGenerator):
2314         * inspector/scripts/codegen/cpp_generator_templates.py:
2315         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2316         (CppBackendDispatcherHeaderGenerator.generate_output):
2317         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2318         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2319         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2320         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2321         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2322         (CppFrontendDispatcherHeaderGenerator.generate_output):
2323         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2324         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2325         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2326         (CppProtocolTypesHeaderGenerator.generate_output):
2327         (_generate_class_for_object_declaration):
2328         (_generate_unchecked_setter_for_member):
2329         (_generate_forward_declarations_for_binding_traits):
2330         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2331         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2332         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2333         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2334         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2335         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2336         (ObjCProtocolTypesImplementationGenerator.generate_output):
2337         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2338         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2339         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2340         * inspector/scripts/tests/expected/enum-values.json-result:
2341         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2342         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2343         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2344         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2345         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2346         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2347         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2348         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2349         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2350         * replay/EncodedValue.cpp:
2351         (JSC::EncodedValue::asObject):
2352         (JSC::EncodedValue::asArray):
2353         (JSC::EncodedValue::put<EncodedValue>):
2354         (JSC::EncodedValue::append<EncodedValue>):
2355         (JSC::EncodedValue::get<EncodedValue>):
2356         * replay/EncodedValue.h:
2357         * replay/scripts/CodeGeneratorReplayInputs.py:
2358         (Type.borrow_type):
2359         (Type.argument_type):
2360         (Generator.generate_member_move_expression):
2361         * runtime/ConsoleClient.cpp:
2362         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2363         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2364         (JSC::ConsoleClient::logWithLevel):
2365         (JSC::ConsoleClient::clear):
2366         (JSC::ConsoleClient::dir):
2367         (JSC::ConsoleClient::dirXML):
2368         (JSC::ConsoleClient::table):
2369         (JSC::ConsoleClient::trace):
2370         (JSC::ConsoleClient::assertCondition):
2371         (JSC::ConsoleClient::group):
2372         (JSC::ConsoleClient::groupCollapsed):
2373         (JSC::ConsoleClient::groupEnd):
2374         * runtime/ConsoleClient.h:
2375         * runtime/TypeSet.cpp:
2376         (JSC::TypeSet::allStructureRepresentations):
2377         (JSC::TypeSet::inspectorTypeSet):
2378         (JSC::StructureShape::inspectorRepresentation):
2379         * runtime/TypeSet.h:
2380
2381 2015-01-07  Commit Queue  <commit-queue@webkit.org>
2382
2383         Unreviewed, rolling out r178039.
2384         https://bugs.webkit.org/show_bug.cgi?id=140187
2385
2386         Breaks ObjC Inspector Protocol (Requested by JoePeck on
2387         #webkit).
2388
2389         Reverted changeset:
2390
2391         "Web Inspector: purge PassRefPtr from Inspector code and use
2392         Ref for typed and untyped protocol objects"
2393         https://bugs.webkit.org/show_bug.cgi?id=140053
2394         http://trac.webkit.org/changeset/178039
2395
2396 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
2397
2398         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2399         https://bugs.webkit.org/show_bug.cgi?id=140053
2400
2401         Reviewed by Andreas Kling.
2402
2403         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2404         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2405         references are always non-null. These two refactorings have been combined since
2406         they tend to require similar changes to the code.
2407
2408         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2409         have been updated to take a Ref instead of RefPtr.
2410
2411         Builders for typed protocol objects now return a Ref. Since there is no implicit
2412         call to operator&, callsites now must explicitly call .release() to convert a
2413         builder object into the corresponding protocol object once required fields are set.
2414         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2415
2416         Tests for inspector protocol and replay inputs have been rebaselined.
2417
2418         * bindings/ScriptValue.cpp:
2419         (Deprecated::jsToInspectorValue):
2420         (Deprecated::ScriptValue::toInspectorValue):
2421         * bindings/ScriptValue.h:
2422         * inspector/ConsoleMessage.cpp:
2423         (Inspector::ConsoleMessage::addToFrontend):
2424         * inspector/ContentSearchUtilities.cpp:
2425         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2426         (Inspector::ContentSearchUtilities::searchInTextByLines):
2427         * inspector/ContentSearchUtilities.h:
2428         * inspector/InjectedScript.cpp:
2429         (Inspector::InjectedScript::getFunctionDetails):
2430         (Inspector::InjectedScript::getProperties):
2431         (Inspector::InjectedScript::getInternalProperties):
2432         (Inspector::InjectedScript::wrapCallFrames):
2433         (Inspector::InjectedScript::wrapObject):
2434         (Inspector::InjectedScript::wrapTable):
2435         * inspector/InjectedScript.h:
2436         * inspector/InjectedScriptBase.cpp:
2437         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2438         * inspector/InspectorBackendDispatcher.cpp:
2439         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2440         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2441         (Inspector::InspectorBackendDispatcher::create):
2442         (Inspector::InspectorBackendDispatcher::dispatch):
2443         (Inspector::InspectorBackendDispatcher::sendResponse):
2444         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2445         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2446         (Inspector::InspectorBackendDispatcher::getInteger):
2447         (Inspector::InspectorBackendDispatcher::getDouble):
2448         (Inspector::InspectorBackendDispatcher::getString):
2449         (Inspector::InspectorBackendDispatcher::getBoolean):
2450         (Inspector::InspectorBackendDispatcher::getObject):
2451         (Inspector::InspectorBackendDispatcher::getArray):
2452         (Inspector::InspectorBackendDispatcher::getValue):
2453         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2454         protocol error strings.
2455         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2456         Convert the supplemental dispatcher's reference to Ref since it is never null.
2457         * inspector/InspectorEnvironment.h:
2458         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2459         StructItemTraits. Add more versions of addItem to handle pushing various types.
2460         (Inspector::Protocol::Array::openAccessors):
2461         (Inspector::Protocol::Array::addItem):
2462         (Inspector::Protocol::Array::create):
2463         (Inspector::Protocol::StructItemTraits::push):
2464         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2465         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2466         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2467         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2468         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2469         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2470         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2471         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2472         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2473         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2474         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2475         the same call signature as other getters. Use Ref where possible.
2476         (Inspector::InspectorObjectBase::getBoolean):
2477         (Inspector::InspectorObjectBase::getString):
2478         (Inspector::InspectorObjectBase::getObject):
2479         (Inspector::InspectorObjectBase::getArray):
2480         (Inspector::InspectorObjectBase::getValue):
2481         (Inspector::InspectorObjectBase::writeJSON):
2482         (Inspector::InspectorArrayBase::get):
2483         (Inspector::InspectorObject::create):
2484         (Inspector::InspectorArray::create):
2485         (Inspector::InspectorValue::null):
2486         (Inspector::InspectorString::create):
2487         (Inspector::InspectorBasicValue::create):
2488         (Inspector::InspectorObjectBase::get): Deleted.
2489         * inspector/InspectorValues.h:
2490         (Inspector::InspectorObjectBase::setValue):
2491         (Inspector::InspectorObjectBase::setObject):
2492         (Inspector::InspectorObjectBase::setArray):
2493         (Inspector::InspectorArrayBase::pushValue):
2494         (Inspector::InspectorArrayBase::pushObject):
2495         (Inspector::InspectorArrayBase::pushArray):
2496         * inspector/JSGlobalObjectConsoleClient.cpp:
2497         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2498         (Inspector::JSGlobalObjectConsoleClient::count):
2499         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2500         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2501         * inspector/JSGlobalObjectConsoleClient.h:
2502         * inspector/JSGlobalObjectInspectorController.cpp:
2503         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2504         * inspector/JSGlobalObjectInspectorController.h:
2505         * inspector/ScriptCallFrame.cpp:
2506         (Inspector::ScriptCallFrame::buildInspectorObject):
2507         * inspector/ScriptCallFrame.h:
2508         * inspector/ScriptCallStack.cpp:
2509         (Inspector::ScriptCallStack::create):
2510         (Inspector::ScriptCallStack::buildInspectorArray):
2511         * inspector/ScriptCallStack.h:
2512         * inspector/agents/InspectorAgent.cpp:
2513         (Inspector::InspectorAgent::enable):
2514         (Inspector::InspectorAgent::inspect):
2515         (Inspector::InspectorAgent::activateExtraDomain):
2516         * inspector/agents/InspectorAgent.h:
2517         * inspector/agents/InspectorDebuggerAgent.cpp:
2518         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2519         (Inspector::buildObjectForBreakpointCookie):
2520         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2521         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2522         (Inspector::InspectorDebuggerAgent::continueToLocation):
2523         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2524         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2525         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2526         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2527         (Inspector::InspectorDebuggerAgent::didParseSource):
2528         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2529         (Inspector::InspectorDebuggerAgent::breakProgram):
2530         * inspector/agents/InspectorDebuggerAgent.h:
2531         * inspector/agents/InspectorRuntimeAgent.cpp:
2532         (Inspector::buildErrorRangeObject):
2533         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2534         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2535         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2536         * inspector/agents/InspectorRuntimeAgent.h:
2537         * inspector/scripts/codegen/cpp_generator.py:
2538         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2539         (CppGenerator.cpp_type_for_type_with_name):
2540         (CppGenerator.cpp_type_for_formal_async_parameter):
2541         (CppGenerator.should_use_references_for_type):
2542         (CppGenerator):
2543         * inspector/scripts/codegen/cpp_generator_templates.py:
2544         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2545         (CppBackendDispatcherHeaderGenerator.generate_output):
2546         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2547         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2548         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2549         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2550         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2551         (CppFrontendDispatcherHeaderGenerator.generate_output):
2552         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2553         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2554         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2555         (CppProtocolTypesHeaderGenerator.generate_output):
2556         (_generate_class_for_object_declaration):
2557         (_generate_unchecked_setter_for_member):
2558         (_generate_forward_declarations_for_binding_traits):
2559         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2560         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2561         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2562         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2563         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2564         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2565         (ObjCProtocolTypesImplementationGenerator.generate_output):
2566         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2567         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2568         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2569         * inspector/scripts/tests/expected/enum-values.json-result:
2570         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2571         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2572         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2573         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2574         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2575         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2576         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2577         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2578         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2579         * replay/EncodedValue.cpp:
2580         (JSC::EncodedValue::asObject):
2581         (JSC::EncodedValue::asArray):
2582         (JSC::EncodedValue::put<EncodedValue>):
2583         (JSC::EncodedValue::append<EncodedValue>):
2584         (JSC::EncodedValue::get<EncodedValue>):
2585         * replay/EncodedValue.h:
2586         * replay/scripts/CodeGeneratorReplayInputs.py:
2587         (Type.borrow_type):
2588         (Type.argument_type):
2589         (Generator.generate_member_move_expression):
2590         * runtime/ConsoleClient.cpp:
2591         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2592         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2593         (JSC::ConsoleClient::logWithLevel):
2594         (JSC::ConsoleClient::clear):
2595         (JSC::ConsoleClient::dir):
2596         (JSC::ConsoleClient::dirXML):
2597         (JSC::ConsoleClient::table):
2598         (JSC::ConsoleClient::trace):
2599         (JSC::ConsoleClient::assertCondition):
2600         (JSC::ConsoleClient::group):
2601         (JSC::ConsoleClient::groupCollapsed):
2602         (JSC::ConsoleClient::groupEnd):
2603         * runtime/ConsoleClient.h:
2604         * runtime/TypeSet.cpp:
2605         (JSC::TypeSet::allStructureRepresentations):
2606         (JSC::TypeSet::inspectorTypeSet):
2607         (JSC::StructureShape::inspectorRepresentation):
2608         * runtime/TypeSet.h:
2609
2610 2015-01-06  Chris Dumez  <cdumez@apple.com>
2611
2612         Drop ResourceResponseBase::connectionID and connectionReused members
2613         https://bugs.webkit.org/show_bug.cgi?id=140158
2614
2615         Reviewed by Sam Weinig.
2616
2617         Drop ResourceResponseBase::connectionID and connectionReused members.
2618         Those were needed by the Chromium port but are no longer used.
2619
2620         * inspector/protocol/Network.json:
2621
2622 2015-01-06  Mark Lam  <mark.lam@apple.com>
2623
2624         Add the lexicalEnvironment as an operand to op_create_arguments.
2625         <https://webkit.org/b/140148>
2626
2627         Reviewed by Geoffrey Garen.
2628
2629         This patch only adds the operand to the bytecode.  It is not in use yet.
2630
2631         * bytecode/BytecodeList.json:
2632         * bytecode/BytecodeUseDef.h:
2633         (JSC::computeUsesForBytecodeOffset):
2634         * bytecode/CodeBlock.cpp:
2635         (JSC::CodeBlock::dumpBytecode):
2636         * bytecompiler/BytecodeGenerator.cpp:
2637         (JSC::BytecodeGenerator::BytecodeGenerator):
2638         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2639         - Adds the lexicalEnvironment register (if present) as an operand to
2640           op_create_arguments.  Else, adds a constant empty JSValue.
2641         * llint/LowLevelInterpreter32_64.asm:
2642         * llint/LowLevelInterpreter64.asm:
2643
2644 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
2645
2646         ADDRESS_SANITIZER macro is overloaded
2647         https://bugs.webkit.org/show_bug.cgi?id=140130
2648
2649         Reviewed by Anders Carlsson.
2650
2651         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
2652         This code is nearly unused (only compiled in when JIT is disabled at build time),
2653         however I've been told that it's best to keep it.
2654
2655 2015-01-06  Mark Lam  <mark.lam@apple.com>
2656
2657         Fix Use details for op_create_arguments.
2658         <https://webkit.org/b/140110>
2659
2660         Rubber stamped by Filip Pizlo.
2661
2662         The previous patch was wrong about op_create_arguments not using its 1st operand.
2663         It does read from it (hence, used) to check if the Arguments object has already
2664         been created or not.  This patch reverts the change for op_create_arguments.
2665
2666         * bytecode/BytecodeUseDef.h:
2667         (JSC::computeUsesForBytecodeOffset):
2668
2669 2015-01-06  Mark Lam  <mark.lam@apple.com>
2670
2671         Fix Use details for op_create_lexical_environment and op_create_arguments.
2672         <https://webkit.org/b/140110>
2673
2674         Reviewed by Filip Pizlo.
2675
2676         The current "Use" details for op_create_lexical_environment and
2677         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
2678         1st operand (the output local).  op_create_lexical_environment uses its 2nd
2679         operand (the scope chain) instead of the 1st (the output local).
2680         This patch fixes them to specify the proper uses.
2681
2682         * bytecode/BytecodeUseDef.h:
2683         (JSC::computeUsesForBytecodeOffset):
2684
2685 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2686
2687         Implement ES6 String.prototype.repeat(count)
2688         https://bugs.webkit.org/show_bug.cgi?id=140047
2689
2690         Reviewed by Darin Adler.
2691
2692         Introducing ES6 String.prototype.repeat(count) function.
2693
2694         * runtime/JSString.h:
2695         * runtime/StringPrototype.cpp:
2696         (JSC::StringPrototype::finishCreation):
2697         (JSC::repeatSmallString):
2698         (JSC::stringProtoFuncRepeat):
2699
2700 2015-01-03  Michael Saboff  <msaboff@apple.com>
2701
2702         Crash in operationNewFunction when scrolling on Google+
2703         https://bugs.webkit.org/show_bug.cgi?id=140033
2704
2705         Reviewed by Oliver Hunt.
2706
2707         In DFG code, the scope register can be eliminated because all uses have been
2708         dead code eliminated.  In the case where one of the uses was creating a function
2709         that is never used, the baseline code will still create the function.  If we OSR
2710         exit to a path where that function gets created, check the scope register value
2711         and set the new, but dead, function to undefined instead of creating a new function.
2712
2713         * jit/JITOpcodes.cpp:
2714         (JSC::JIT::emit_op_new_func_exp):
2715
2716 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2717
2718         String includes methods perform toString on searchString before toInt32 on a offset
2719         https://bugs.webkit.org/show_bug.cgi?id=140031
2720
2721         Reviewed by Darin Adler.
2722
2723         * runtime/StringPrototype.cpp:
2724         (JSC::stringProtoFuncStartsWith):
2725         (JSC::stringProtoFuncEndsWith):
2726         (JSC::stringProtoFuncIncludes):
2727
2728 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2729
2730         Change to return std::unique_ptr<> in fooCreate()
2731         https://bugs.webkit.org/show_bug.cgi?id=139983
2732
2733         Reviewed by Darin Adler.
2734
2735         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2736
2737         * create_regex_tables:
2738         * yarr/YarrPattern.h:
2739         (JSC::Yarr::YarrPattern::reset):
2740         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2741         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2742         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2743         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2744         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2745         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2746         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2747
2748 2015-01-01  Jeff Miller  <jeffm@apple.com>
2749
2750         Update user-visible copyright strings to include 2015
2751         https://bugs.webkit.org/show_bug.cgi?id=139880
2752
2753         Reviewed by Darin Adler.
2754
2755         * Info.plist:
2756
2757 2015-01-01  Darin Adler  <darin@apple.com>
2758
2759         We often misspell identifier as "identifer"
2760         https://bugs.webkit.org/show_bug.cgi?id=140025
2761
2762         Reviewed by Michael Saboff.
2763
2764         * runtime/ArrayConventions.h: Fix it.
2765
2766 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2767
2768         Move JavaScriptCore/yarr to std::unique_ptr
2769         https://bugs.webkit.org/show_bug.cgi?id=139621
2770
2771         Reviewed by Anders Carlsson.
2772
2773         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2774
2775         * yarr/YarrInterpreter.cpp:
2776         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2777         * yarr/YarrInterpreter.h:
2778         (JSC::Yarr::BytecodePattern::BytecodePattern):
2779         * yarr/YarrJIT.cpp:
2780         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2781         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2782         (JSC::Yarr::YarrGenerator::opCompileBody):
2783         * yarr/YarrPattern.cpp:
2784         (JSC::Yarr::CharacterClassConstructor::charClass):
2785         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2786         (JSC::Yarr::YarrPatternConstructor::reset):
2787         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2788         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2789         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2790         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2791         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2792         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2793         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2794         * yarr/YarrPattern.h:
2795         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2796         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2797         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2798         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2799         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2800         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2801         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2802         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2803
2804 2014-12-26  Dan Bernstein  <mitz@apple.com>
2805
2806         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2807         https://bugs.webkit.org/show_bug.cgi?id=139950
2808
2809         Reviewed by David Kilzer.
2810
2811         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2812         in a manner that works with Xcode 5.1.1.
2813
2814 2014-12-22  Mark Lam  <mark.lam@apple.com>
2815
2816         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2817         <https://webkit.org/b/139892>
2818
2819         Reviewed by Michael Saboff.
2820
2821         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2822         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2823         This patch changes it to use the helper function consistently.
2824
2825         * jit/JITOperations.cpp:
2826
2827 2014-12-22  Mark Lam  <mark.lam@apple.com>
2828
2829         Fix some typos in a comment.
2830         <https://webkit.org/b/139882>
2831
2832         Reviewed by Michael Saboff.
2833
2834         * jit/JITPropertyAccess.cpp:
2835         (JSC::JIT::emit_op_get_by_val):
2836
2837 2014-12-22  Mark Lam  <mark.lam@apple.com>
2838
2839         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2840         <https://webkit.org/b/138118>
2841
2842         Reviewed by Michael Saboff.
2843
2844         * runtime/JSObject.cpp:
2845         (JSC::JSObject::convertInt32ToArrayStorage):
2846         (JSC::JSObject::convertDoubleToArrayStorage):
2847         (JSC::JSObject::convertContiguousToArrayStorage):
2848
2849 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2850
2851         [iOS] add optimized fullscreen API
2852         https://bugs.webkit.org/show_bug.cgi?id=139833
2853         <rdar://problem/18844486>
2854
2855         Reviewed by Simon Fraser.
2856
2857         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2858
2859 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2860
2861         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2862         <http://webkit.org/b/139463>
2863
2864         Reviewed by Mark Rowe.
2865
2866         * Configurations/JavaScriptCore.xcconfig:
2867         - Simplify SECTORDER_FLAGS.
2868
2869 2014-12-19  Andreas Kling  <akling@apple.com>
2870
2871         Plug leak below LLVMCopyStringRepOfTargetData().
2872         <https://webkit.org/b/139832>
2873
2874         Reviewed by Michael Saboff.
2875
2876         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2877         to free() it after we're done using it.
2878
2879         * ftl/FTLCompile.cpp:
2880         (JSC::FTL::mmAllocateDataSection):
2881
2882 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2883
2884         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2885         https://bugs.webkit.org/show_bug.cgi?id=139797
2886
2887         Reviewed by Mark Lam.
2888
2889         * debugger/Debugger.h:
2890         * debugger/Debugger.cpp:
2891         (JSC::Debugger::isAttached):
2892         Check if we are the debugger for a particular global object.
2893         (JSC::Debugger::pauseIfNeeded):
2894         Pass the global object on when hitting a brekapoint.
2895
2896         * inspector/ScriptDebugServer.h:
2897         * inspector/ScriptDebugServer.cpp:
2898         (Inspector::ScriptDebugServer::handleBreakpointHit):
2899         Stop evaluting breakpoint actions if a previous action caused the
2900         debugger to detach from this global object.
2901         (Inspector::ScriptDebugServer::handlePause):
2902         Standardize on passing JSGlobalObject parameter first.
2903
2904 2014-12-19  Mark Lam  <mark.lam@apple.com>
2905
2906         [Win] Endless compiler warnings created by DFGEdge.h.
2907         <https://webkit.org/b/139801>
2908
2909         Reviewed by Brent Fulgham.
2910
2911         Add a cast to fix the type just the way the 64-bit version does.
2912
2913         * dfg/DFGEdge.h:
2914         (JSC::DFG::Edge::makeWord):
2915
2916 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2917
2918         Unreviewed, rolling out r177574.
2919         https://bugs.webkit.org/show_bug.cgi?id=139821
2920
2921         "Broke Production builds by installing
2922         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2923         by ddkilzer on #webkit).
2924
2925         Reverted changeset:
2926
2927         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2928         WebInspectorUI, WebKit, WebKit2"
2929         https://bugs.webkit.org/show_bug.cgi?id=139463
2930         http://trac.webkit.org/changeset/177574
2931
2932 2014-12-19  Michael Saboff  <msaboff@apple.com>
2933
2934         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2935         https://bugs.webkit.org/show_bug.cgi?id=139808
2936
2937         Reviewed by Oliver Hunt.
2938
2939         There are three changes here.
2940         1) Create a VariableWatchpointSet for captured arguments variables.
2941         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2942         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2943
2944         * bytecompiler/BytecodeGenerator.cpp:
2945         (JSC::BytecodeGenerator::BytecodeGenerator):
2946         * llint/LowLevelInterpreter32_64.asm:
2947         * llint/LowLevelInterpreter64.asm:
2948
2949 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2950
2951         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2952         <http://webkit.org/b/139463>
2953
2954         Reviewed by Mark Rowe.
2955
2956         * Configurations/JavaScriptCore.xcconfig:
2957         - Simplify SECTORDER_FLAGS.
2958
2959 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2960
2961         Unreviewed build fix.
2962
2963         * jsc.cpp: Remove typo.
2964
2965 2014-12-17  Michael Saboff  <msaboff@apple.com>
2966
2967         Tests with infinite recursion frequently crash
2968         https://bugs.webkit.org/show_bug.cgi?id=139548
2969
2970         Reviewed by Geoffrey Garen.
2971
2972         While unwinding, if the call frame doesn't have a codeblock, then we
2973         are in native code, handle appropriately.
2974
2975         * interpreter/Interpreter.cpp:
2976         (JSC::unwindCallFrame):
2977         (JSC::UnwindFunctor::operator()):
2978         Added checks for null CodeBlock.
2979
2980         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2981
2982 2014-12-17  Chris Dumez  <cdumez@apple.com>
2983
2984         [iOS] Make it possible to toggle FeatureCounter support at runtime
2985         https://bugs.webkit.org/show_bug.cgi?id=139688
2986         <rdar://problem/19266254>
2987
2988         Reviewed by Andreas Kling.
2989
2990         Stop linking against AppSupport framework as the functionality is no
2991         longer in WTF (it was moved to WebCore).
2992
2993         * Configurations/JavaScriptCore.xcconfig:
2994
2995 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2996
2997         [Win] Correct DebugSuffix builds under MSBuild
2998         https://bugs.webkit.org/show_bug.cgi?id=139733
2999         <rdar://problem/19276880>
3000
3001         Reviewed by Simon Fraser.
3002
3003         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
3004         '_debug' suffix when building the DebugSuffix target.
3005
3006 2014-12-16  Enrica Casucci  <enrica@apple.com>
3007
3008         Fix iOS builders for 8.0
3009         https://bugs.webkit.org/show_bug.cgi?id=139495
3010
3011         Reviewed by Michael Saboff.
3012
3013         * Configurations/LLVMForJSC.xcconfig:
3014         * llvm/library/LLVMExports.cpp:
3015         (initializeAndGetJSCLLVMAPI):
3016
3017 2014-12-16  Commit Queue  <commit-queue@webkit.org>
3018
3019         Unreviewed, rolling out r177380.
3020         https://bugs.webkit.org/show_bug.cgi?id=139707
3021
3022         "Breaks js/regres/elidable-new-object-* tests" (Requested by
3023         msaboff_ on #webkit).
3024
3025         Reverted changeset:
3026
3027         "Fixes operationPutByIdOptimizes such that they check that the
3028         put didn't"
3029         https://bugs.webkit.org/show_bug.cgi?id=139500
3030         http://trac.webkit.org/changeset/177380
3031
3032 2014-12-16  Matthew Mirman  <mmirman@apple.com>
3033
3034         Fixes operationPutByIdOptimizes such that they check that the put didn't
3035         change the structure of the object who's property access is being
3036         cached.
3037         https://bugs.webkit.org/show_bug.cgi?id=139500
3038
3039         Reviewed by Geoffrey Garen.
3040
3041         * jit/JITOperations.cpp:
3042         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
3043         (JSC::operationPutByIdNonStrictOptimize): ditto.
3044         (JSC::operationPutByIdDirectStrictOptimize): ditto.
3045         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
3046         * jit/Repatch.cpp:
3047         (JSC::tryCachePutByID): Added argument for the old structure
3048         (JSC::repatchPutByID): Added argument for the old structure
3049         * jit/Repatch.h:
3050         * tests/stress/put-by-id-build-list-order-recurse.js: 
3051         Added test that fails without this patch.
3052
3053 2014-12-15  Chris Dumez  <cdumez@apple.com>
3054
3055         [iOS] Add feature counting support
3056         https://bugs.webkit.org/show_bug.cgi?id=139652
3057         <rdar://problem/19255690>
3058
3059         Reviewed by Gavin Barraclough.
3060
3061         Link against AppSupport framework on iOS as we need it to implement
3062         the new FeatureCounter API in WTF.
3063
3064         * Configurations/JavaScriptCore.xcconfig:
3065
3066 2014-12-15  Commit Queue  <commit-queue@webkit.org>
3067
3068         Unreviewed, rolling out r177284.
3069         https://bugs.webkit.org/show_bug.cgi?id=139658
3070
3071         "Breaks API tests and LayoutTests on Yosemite Debug"
3072         (Requested by msaboff on #webkit).
3073
3074         Reverted changeset:
3075
3076         "Make sure range based iteration of Vector<> still receives
3077         bounds checking"
3078         https://bugs.webkit.org/show_bug.cgi?id=138821
3079         http://trac.webkit.org/changeset/177284
3080
3081 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
3082
3083         [EFL] FTL JIT not working on ARM64
3084         https://bugs.webkit.org/show_bug.cgi?id=139295
3085
3086         Reviewed by Michael Saboff.
3087
3088         Added the missing code for stack unwinding and some additional small fixes
3089         to get FTL working correctly.
3090
3091         * ftl/FTLCompile.cpp:
3092         (JSC::FTL::mmAllocateDataSection):
3093         * ftl/FTLUnwindInfo.cpp:
3094         (JSC::FTL::UnwindInfo::parse):
3095
3096 2014-12-15  Oliver Hunt  <oliver@apple.com>
3097
3098         Make sure range based iteration of Vector<> still receives bounds checking
3099         https://bugs.webkit.org/show_bug.cgi?id=138821
3100
3101         Reviewed by Mark Lam.
3102
3103         Update code to deal with slightly changed iterator semantics.
3104
3105         * bytecode/UnlinkedCodeBlock.cpp:
3106         (JSC::UnlinkedCodeBlock::visitChildren):
3107         * bytecompiler/BytecodeGenerator.cpp:
3108         (JSC::BytecodeGenerator::emitComplexPopScopes):
3109         * dfg/DFGSpeculativeJIT.cpp:
3110         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
3111         * ftl/FTLAbbreviations.h:
3112         (JSC::FTL::mdNode):
3113         (JSC::FTL::buildCall):
3114         * llint/LLIntData.cpp:
3115         (JSC::LLInt::Data::performAssertions):
3116         * parser/Parser.h:
3117         (JSC::Scope::Scope):
3118         * runtime/JSArray.cpp:
3119         (JSC::JSArray::setLengthWithArrayStorage):
3120         (JSC::JSArray::sortCompactedVector):
3121         * tools/ProfileTreeNode.h:
3122         (JSC::ProfileTreeNode::dumpInternal):
3123         * yarr/YarrJIT.cpp:
3124         (JSC::Yarr::YarrGenerator::matchCharacterClass):
3125
3126 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
3127
3128         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
3129         https://bugs.webkit.org/show_bug.cgi?id=139630
3130
3131         Reviewed by Oliver Hunt.
3132         
3133         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
3134         comments that reconstruct my reasoning about this code. I had to work hard to remember how
3135         deferral worked so I wrote my discoveries down.
3136
3137         * dfg/DFGInsertionSet.h:
3138         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
3139         * dfg/DFGPutLocalSinkingPhase.cpp:
3140         * tests/stress/put-local-conservative.js: Added.
3141         (foo):
3142         (.result):
3143         (bar):
3144
3145 2014-12-14  Andreas Kling  <akling@apple.com>
3146
3147         Replace PassRef with Ref/Ref&& across the board.
3148         <https://webkit.org/b/139587>
3149
3150         Reviewed by Darin Adler.
3151
3152         * runtime/Identifier.cpp:
3153         (JSC::Identifier::add):
3154         (JSC::Identifier::add8):
3155         * runtime/Identifier.h:
3156         (JSC::Identifier::add):
3157         * runtime/IdentifierInlines.h:
3158         (JSC::Identifier::add):
3159
3160 2014-12-12  Matthew Mirman  <mmirman@apple.com>
3161
3162         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
3163         https://bugs.webkit.org/show_bug.cgi?id=139598
3164         <rdar://problem/18779367>
3165
3166         Reviewed by Filip Pizlo.
3167
3168         * runtime/JSArray.cpp:
3169         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
3170         * tests/stress/sparse_splice.js: Added.
3171
3172 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3173
3174         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
3175         https://bugs.webkit.org/show_bug.cgi?id=139532
3176
3177         Reviewed by Mark Lam.
3178
3179         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
3180
3181         * builtins/BuiltinExecutables.h:
3182         * bytecode/CodeBlock.h:
3183         * bytecode/UnlinkedCodeBlock.cpp:
3184         (JSC::generateFunctionCodeBlock):
3185         * ftl/FTLAbstractHeap.cpp:
3186         (JSC::FTL::IndexedAbstractHeap::atSlow):
3187         * ftl/FTLAbstractHeap.h:
3188         * ftl/FTLCompile.cpp:
3189         (JSC::FTL::mmAllocateDataSection):
3190         * ftl/FTLJITFinalizer.h:
3191         * jsc.cpp:
3192         (jscmain):
3193         * parser/Lexer.h:
3194         * runtime/PropertyMapHashTable.h:
3195         (JSC::PropertyTable::clearDeletedOffsets):
3196         (JSC::PropertyTable::addDeletedOffset):
3197         * runtime/PropertyTable.cpp:
3198         (JSC::PropertyTable::PropertyTable):
3199         * runtime/RegExpObject.cpp:
3200         * runtime/SmallStrings.cpp:
3201         * runtime/Structure.cpp:
3202         * runtime/StructureIDTable.cpp:
3203         (JSC::StructureIDTable::StructureIDTable):
3204         (JSC::StructureIDTable::resize):
3205         * runtime/StructureIDTable.h:
3206         * runtime/StructureTransitionTable.h:
3207         * runtime/VM.cpp:
3208         (JSC::VM::VM):
3209         (JSC::VM::~VM):
3210         * runtime/VM.h:
3211         * tools/CodeProfile.h:
3212         (JSC::CodeProfile::CodeProfile):
3213         (JSC::CodeProfile::addChild):
3214
3215 2014-12-11  Dan Bernstein  <mitz@apple.com>
3216
3217         iOS Simulator production build fix.
3218
3219         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
3220         Simulator, as we did prior to 177027.
3221
3222 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
3223
3224         Explicitly export somre more RWIProtocol classes.
3225         rdar://problem/19220408
3226
3227         Unreviewed build fix.
3228
3229         * inspector/scripts/codegen/generate_objc_configuration_header.py:
3230         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
3231         * inspector/scripts/codegen/generate_objc_header.py:
3232         (ObjCHeaderGenerator._generate_event_interfaces):
3233         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3234         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3235         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3236         * inspector/scripts/tests/expected/enum-values.json-result:
3237         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3238         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3239         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3240         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3241         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3242         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3243         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3244         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3245         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3246
3247 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
3248
3249         Explicitly export some RWIProtocol classes
3250         rdar://problem/19220408
3251
3252         * inspector/scripts/codegen/generate_objc_header.py:
3253         (ObjCHeaderGenerator._generate_type_interface):
3254         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3255         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3256         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3257         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3258         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3259         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3260         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3261
3262 2014-12-11  Mark Lam  <mark.lam@apple.com>
3263
3264         Fix broken build after r177146.
3265         https://bugs.webkit.org/show_bug.cgi?id=139533 
3266
3267         Not reviewed.
3268
3269         * interpreter/CallFrame.h:
3270         (JSC::ExecState::init):
3271         - Restored CallFrame::init() minus the unused JSScope* arg.
3272         * runtime/JSGlobalObject.cpp:
3273         (JSC::JSGlobalObject::init):
3274         - Remove JSScope* arg when calling CallFrame::init().
3275
3276 2014-12-11  Michael Saboff  <msaboff@apple.com>
3277
3278         REGRESSION: Use of undefined CallFrame::ScopeChain value
3279         https://bugs.webkit.org/show_bug.cgi?id=139533
3280
3281         Reviewed by Mark Lam.
3282
3283         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
3284         all usages of these funcitons.  In some cases the scope is passed in or determined
3285         another way.  In some cases the scope is used to calculate other values.  Lastly
3286         were places where these functions where used that are no longer needed.  For
3287         example when making a call, the caller's ScopeChain was copied to the callee's
3288         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
3289         That slot will be removed in a future patch.
3290
3291         * dfg/DFGByteCodeParser.cpp:
3292         (JSC::DFG::ByteCodeParser::parseBlock):
3293         * dfg/DFGSpeculativeJIT32_64.cpp:
3294         (JSC::DFG::SpeculativeJIT::compile):
3295         * dfg/DFGSpeculativeJIT64.cpp:
3296         (JSC::DFG::SpeculativeJIT::compile):
3297         * dfg/DFGSpeculativeJIT.h:
3298         (JSC::DFG::SpeculativeJIT::callOperation):
3299         * jit/JIT.h:
3300         * jit/JITInlines.h:
3301         (JSC::JIT::callOperation):
3302         * runtime/JSLexicalEnvironment.h:
3303         (JSC::JSLexicalEnvironment::create):
3304         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
3305         * jit/JITOpcodes.cpp:
3306         (JSC::JIT::emit_op_create_lexical_environment):
3307         * jit/JITOpcodes32_64.cpp:
3308         (JSC::JIT::emit_op_create_lexical_environment):
3309         * jit/JITOperations.cpp:
3310         * jit/JITOperations.h:
3311         * llint/LLIntSlowPaths.cpp:
3312         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3313         (JSC::LLInt::handleHostCall):
3314         (JSC::LLInt::setUpCall):
3315         (JSC::LLInt::llint_throw_stack_overflow_error):
3316         Pass the current scope value to the helper operationCreateActivation() and
3317         the call to JSLexicalEnvironment::create() instead of using the stack frame
3318         scope chain value.
3319
3320         * dfg/DFGFixupPhase.cpp:
3321         (JSC::DFG::FixupPhase::fixupNode):
3322         CreateActivation now has a second child, the scope.
3323
3324         * interpreter/CallFrame.h:
3325         (JSC::ExecState::init): Deleted.  This is dead code.
3326         (JSC::ExecState::scope): Deleted.
3327         (JSC::ExecState::setScope): Deleted.
3328
3329         * interpreter/Interpreter.cpp:
3330         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
3331         chain slot.  
3332         
3333         (JSC::Interpreter::execute):
3334         (JSC::Interpreter::executeCall):
3335         (JSC::Interpreter::executeConstruct):
3336         Changed process to find JSScope values on the stack or by some other means.
3337
3338         * runtime/JSWithScope.h:
3339         (JSC::JSWithScope::JSWithScope): Deleted.
3340         Eliminated unused constructor.
3341
3342         * runtime/StrictEvalActivation.cpp:
3343         (JSC::StrictEvalActivation::StrictEvalActivation):
3344         * runtime/StrictEvalActivation.h:
3345         (JSC::StrictEvalActivation::create):
3346         Changed to pass in the current scope.
3347
3348 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3349
3350         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
3351         https://bugs.webkit.org/show_bug.cgi?id=139351
3352
3353         Reviewed by Filip Pizlo.
3354
3355         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
3356
3357         * bytecode/SamplingTool.h:
3358         (JSC::SamplingTool::SamplingTool):
3359         * heap/CopiedBlock.h:
3360         (JSC::CopiedBlock::didSurviveGC):
3361         (JSC::CopiedBlock::pin):
3362         * heap/CopiedBlockInlines.h:
3363         (JSC::CopiedBlock::reportLiveBytes):
3364         * heap/GCActivityCallback.h:
3365         * heap/GCThread.cpp:
3366         * heap/Heap.h:
3367         * heap/HeapInlines.h:
3368         (JSC::Heap::markListSet):
3369         * jit/ExecutableAllocator.cpp:
3370         * jit/JIT.cpp:
3371         (JSC::JIT::privateCompile):
3372         * jit/JIT.h:
3373         * jit/JITThunks.cpp:
3374         (JSC::JITThunks::JITThunks):
3375         (JSC::JITThunks::clearHostFunctionStubs):
3376         * jit/JITThunks.h:
3377         * parser/Parser.cpp:
3378         (JSC::Parser<LexerType>::Parser):
3379      &