6e8389ac310702c0e1e14327ff9ec091fb462ac1
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-02-02  Saam Barati  <saambarati1@gmail.com>
2
3         Create tests for JSC's Control Flow Profiler
4         https://bugs.webkit.org/show_bug.cgi?id=141123
5
6         Reviewed by Filip Pizlo.
7
8         This patch creates a control flow profiler testing API in jsc.cpp 
9         that accepts a function and a string as arguments. The string must 
10         be a substring of the text of the function argument. The API returns 
11         a boolean indicating whether or not the basic block that encloses the 
12         substring has executed.
13
14         This patch uses this API to test that the control flow profiler
15         behaves as expected on basic block boundaries. These tests do not
16         provide full coverage for all JavaScript statements that can create
17         basic blocks boundaries. Full coverage will come in a later patch.
18
19         * jsc.cpp:
20         (GlobalObject::finishCreation):
21         (functionHasBasicBlockExecuted):
22         * runtime/ControlFlowProfiler.cpp:
23         (JSC::ControlFlowProfiler::hasBasicBlockAtTextOffsetBeenExecuted):
24         * runtime/ControlFlowProfiler.h:
25         * tests/controlFlowProfiler: Added.
26         * tests/controlFlowProfiler.yaml: Added.
27         * tests/controlFlowProfiler/driver: Added.
28         * tests/controlFlowProfiler/driver/driver.js: Added.
29         (assert):
30         * tests/controlFlowProfiler/if-statement.js: Added.
31         (testIf):
32         (noMatches):
33         * tests/controlFlowProfiler/loop-statements.js: Added.
34         (forRegular):
35         (forIn):
36         (forOf):
37         (whileLoop):
38         * tests/controlFlowProfiler/switch-statements.js: Added.
39         (testSwitch):
40         * tests/controlFlowProfiler/test-jit.js: Added.
41         (tierUpToBaseline):
42         (tierUpToDFG):
43         (baselineTest):
44         (dfgTest):
45
46 2015-01-28  Filip Pizlo  <fpizlo@apple.com>
47
48         Polymorphic call inlining should be based on polymorphic call inline caching rather than logging
49         https://bugs.webkit.org/show_bug.cgi?id=140660
50
51         Reviewed by Geoffrey Garen.
52         
53         When we first implemented polymorphic call inlining, we did the profiling based on a call
54         edge log. The idea was to store each call edge (a tuple of call site and callee) into a
55         global log that was processed lazily. Processing the log would give precise counts of call
56         edges, and could be used to drive well-informed inlining decisions - polymorphic or not.
57         This was a speed-up on throughput tests but a slow-down for latency tests. It was a net win
58         nonetheless.
59         
60         Experience with this code shows three things. First, the call edge profiler is buggy and
61         complex. It would take work to fix the bugs. Second, the call edge profiler incurs lots of
62         overhead for latency code that we care deeply about. Third, it's not at all clear that
63         having call edge counts for every possible callee is any better than just having call edge
64         counts for the limited number of callees that an inline cache would catch.
65         
66         So, this patch removes the call edge profiler and replaces it with a polymorphic call inline
67         cache. If we miss the basic call inline cache, we inflate the cache to be a jump to an
68         out-of-line stub that cases on the previously known callees. If that misses again, then we
69         rewrite that stub to include the new callee. We do this up to some number of callees. If we
70         hit the limit then we switch to using a plain virtual call.
71         
72         Substantial speed-up on V8Spider; undoes the slow-down that the original call edge profiler
73         caused. Might be a SunSpider speed-up (below 1%), depending on hardware.
74         
75         Rolling this back in after fixing https://bugs.webkit.org/show_bug.cgi?id=141107.
76
77         * CMakeLists.txt:
78         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
79         * JavaScriptCore.xcodeproj/project.pbxproj:
80         * bytecode/CallEdge.h:
81         (JSC::CallEdge::count):
82         (JSC::CallEdge::CallEdge):
83         * bytecode/CallEdgeProfile.cpp: Removed.
84         * bytecode/CallEdgeProfile.h: Removed.
85         * bytecode/CallEdgeProfileInlines.h: Removed.
86         * bytecode/CallLinkInfo.cpp:
87         (JSC::CallLinkInfo::unlink):
88         (JSC::CallLinkInfo::visitWeak):
89         * bytecode/CallLinkInfo.h:
90         * bytecode/CallLinkStatus.cpp:
91         (JSC::CallLinkStatus::CallLinkStatus):
92         (JSC::CallLinkStatus::computeFor):
93         (JSC::CallLinkStatus::computeFromCallLinkInfo):
94         (JSC::CallLinkStatus::isClosureCall):
95         (JSC::CallLinkStatus::makeClosureCall):
96         (JSC::CallLinkStatus::dump):
97         (JSC::CallLinkStatus::computeFromCallEdgeProfile): Deleted.
98         * bytecode/CallLinkStatus.h:
99         (JSC::CallLinkStatus::CallLinkStatus):
100         (JSC::CallLinkStatus::isSet):
101         (JSC::CallLinkStatus::variants):
102         (JSC::CallLinkStatus::size):
103         (JSC::CallLinkStatus::at):
104         (JSC::CallLinkStatus::operator[]):
105         (JSC::CallLinkStatus::canOptimize):
106         (JSC::CallLinkStatus::edges): Deleted.
107         (JSC::CallLinkStatus::canTrustCounts): Deleted.
108         * bytecode/CallVariant.cpp:
109         (JSC::variantListWithVariant):
110         (JSC::despecifiedVariantList):
111         * bytecode/CallVariant.h:
112         * bytecode/CodeBlock.cpp:
113         (JSC::CodeBlock::~CodeBlock):
114         (JSC::CodeBlock::linkIncomingPolymorphicCall):
115         (JSC::CodeBlock::unlinkIncomingCalls):
116         (JSC::CodeBlock::noticeIncomingCall):
117         * bytecode/CodeBlock.h:
118         (JSC::CodeBlock::isIncomingCallAlreadyLinked): Deleted.
119         * dfg/DFGAbstractInterpreterInlines.h:
120         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
121         * dfg/DFGByteCodeParser.cpp:
122         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
123         (JSC::DFG::ByteCodeParser::handleCall):
124         (JSC::DFG::ByteCodeParser::handleInlining):
125         * dfg/DFGClobberize.h:
126         (JSC::DFG::clobberize):
127         * dfg/DFGConstantFoldingPhase.cpp:
128         (JSC::DFG::ConstantFoldingPhase::foldConstants):
129         * dfg/DFGDoesGC.cpp:
130         (JSC::DFG::doesGC):
131         * dfg/DFGDriver.cpp:
132         (JSC::DFG::compileImpl):
133         * dfg/DFGFixupPhase.cpp:
134         (JSC::DFG::FixupPhase::fixupNode):
135         * dfg/DFGNode.h:
136         (JSC::DFG::Node::hasHeapPrediction):
137         * dfg/DFGNodeType.h:
138         * dfg/DFGOperations.cpp:
139         * dfg/DFGPredictionPropagationPhase.cpp:
140         (JSC::DFG::PredictionPropagationPhase::propagate):
141         * dfg/DFGSafeToExecute.h:
142         (JSC::DFG::safeToExecute):
143         * dfg/DFGSpeculativeJIT32_64.cpp:
144         (JSC::DFG::SpeculativeJIT::emitCall):
145         (JSC::DFG::SpeculativeJIT::compile):
146         * dfg/DFGSpeculativeJIT64.cpp:
147         (JSC::DFG::SpeculativeJIT::emitCall):
148         (JSC::DFG::SpeculativeJIT::compile):
149         * dfg/DFGTierUpCheckInjectionPhase.cpp:
150         (JSC::DFG::TierUpCheckInjectionPhase::run):
151         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling): Deleted.
152         * ftl/FTLCapabilities.cpp:
153         (JSC::FTL::canCompile):
154         * heap/Heap.cpp:
155         (JSC::Heap::collect):
156         * jit/BinarySwitch.h:
157         * jit/ClosureCallStubRoutine.cpp: Removed.
158         * jit/ClosureCallStubRoutine.h: Removed.
159         * jit/JITCall.cpp:
160         (JSC::JIT::compileOpCall):
161         * jit/JITCall32_64.cpp:
162         (JSC::JIT::compileOpCall):
163         * jit/JITOperations.cpp:
164         * jit/JITOperations.h:
165         (JSC::operationLinkPolymorphicCallFor):
166         (JSC::operationLinkClosureCallFor): Deleted.
167         * jit/JITStubRoutine.h:
168         * jit/JITWriteBarrier.h:
169         * jit/PolymorphicCallStubRoutine.cpp: Added.
170         (JSC::PolymorphicCallNode::~PolymorphicCallNode):
171         (JSC::PolymorphicCallNode::unlink):
172         (JSC::PolymorphicCallCase::dump):
173         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
174         (JSC::PolymorphicCallStubRoutine::~PolymorphicCallStubRoutine):
175         (JSC::PolymorphicCallStubRoutine::variants):
176         (JSC::PolymorphicCallStubRoutine::edges):
177         (JSC::PolymorphicCallStubRoutine::visitWeak):
178         (JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternal):
179         * jit/PolymorphicCallStubRoutine.h: Added.
180         (JSC::PolymorphicCallNode::PolymorphicCallNode):
181         (JSC::PolymorphicCallCase::PolymorphicCallCase):
182         (JSC::PolymorphicCallCase::variant):
183         (JSC::PolymorphicCallCase::codeBlock):
184         * jit/Repatch.cpp:
185         (JSC::linkSlowFor):
186         (JSC::linkFor):
187         (JSC::revertCall):
188         (JSC::unlinkFor):
189         (JSC::linkVirtualFor):
190         (JSC::linkPolymorphicCall):
191         (JSC::linkClosureCall): Deleted.
192         * jit/Repatch.h:
193         * jit/ThunkGenerators.cpp:
194         (JSC::linkPolymorphicCallForThunkGenerator):
195         (JSC::linkPolymorphicCallThunkGenerator):
196         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator):
197         (JSC::linkClosureCallForThunkGenerator): Deleted.
198         (JSC::linkClosureCallThunkGenerator): Deleted.
199         (JSC::linkClosureCallThatPreservesRegsThunkGenerator): Deleted.
200         * jit/ThunkGenerators.h:
201         (JSC::linkPolymorphicCallThunkGeneratorFor):
202         (JSC::linkClosureCallThunkGeneratorFor): Deleted.
203         * llint/LLIntSlowPaths.cpp:
204         (JSC::LLInt::jitCompileAndSetHeuristics):
205         * runtime/Options.h:
206         * runtime/VM.cpp:
207         (JSC::VM::prepareToDiscardCode):
208         (JSC::VM::ensureCallEdgeLog): Deleted.
209         * runtime/VM.h:
210
211 2015-01-30  Filip Pizlo  <fpizlo@apple.com>
212
213         Converting Flushes and PhantomLocals to Phantoms requires an OSR availability analysis rather than just using the SetLocal's child
214         https://bugs.webkit.org/show_bug.cgi?id=141107
215
216         Reviewed by Michael Saboff.
217         
218         See the bugzilla for a discussion of the problem. This addresses the problem by ensuring
219         that Flushes are always strength-reduced to PhantomLocals, and CPS rethreading does a mini
220         OSR availability analysis to determine the right MovHint value to use for the Phantom.
221
222         * dfg/DFGCPSRethreadingPhase.cpp:
223         (JSC::DFG::CPSRethreadingPhase::CPSRethreadingPhase):
224         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
225         (JSC::DFG::CPSRethreadingPhase::clearVariables):
226         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
227         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
228         (JSC::DFG::CPSRethreadingPhase::clearVariablesAtHeadAndTail): Deleted.
229         * dfg/DFGNode.h:
230         (JSC::DFG::Node::convertPhantomToPhantomLocal):
231         (JSC::DFG::Node::convertFlushToPhantomLocal):
232         (JSC::DFG::Node::convertToPhantomLocal): Deleted.
233         * dfg/DFGStrengthReductionPhase.cpp:
234         (JSC::DFG::StrengthReductionPhase::handleNode):
235         * tests/stress/inline-call-that-doesnt-use-all-args.js: Added.
236         (foo):
237         (bar):
238         (baz):
239
240 2015-01-31  Michael Saboff  <msaboff@apple.com>
241
242         Crash (DFG assertion) beneath AbstractInterpreter::verifyEdge() @ http://experilous.com/1/planet-generator/2014-09-28/version-1
243         https://bugs.webkit.org/show_bug.cgi?id=141111
244
245         Reviewed by Filip Pizlo.
246
247         In LowerDFGToLLVM::compileNode(), if we determine while compiling a node that we would have
248         exited, we don't need to process the OSR availability or abstract interpreter.
249
250         * ftl/FTLLowerDFGToLLVM.cpp:
251         (JSC::FTL::LowerDFGToLLVM::safelyInvalidateAfterTermination): Broke this out a a separate
252         method since we need to call it at the top and near the bottom of compileNode().
253         (JSC::FTL::LowerDFGToLLVM::compileNode):
254
255 2015-01-31  Sam Weinig  <sam@webkit.org>
256
257         Remove even more Mountain Lion support
258         https://bugs.webkit.org/show_bug.cgi?id=141124
259
260         Reviewed by Alexey Proskuryakov.
261
262         * API/tests/DateTests.mm:
263         * Configurations/Base.xcconfig:
264         * Configurations/DebugRelease.xcconfig:
265         * Configurations/FeatureDefines.xcconfig:
266         * Configurations/Version.xcconfig:
267         * jit/ExecutableAllocatorFixedVMPool.cpp:
268
269 2015-01-31  Commit Queue  <commit-queue@webkit.org>
270
271         Unreviewed, rolling out r179426.
272         https://bugs.webkit.org/show_bug.cgi?id=141119
273
274         "caused a memory use regression" (Requested by Guest45 on
275         #webkit).
276
277         Reverted changeset:
278
279         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
280         pages"
281         https://bugs.webkit.org/show_bug.cgi?id=140900
282         http://trac.webkit.org/changeset/179426
283
284 2015-01-30  Daniel Bates  <dabates@apple.com>
285
286         Clean up: Remove unnecessary <dispatch/dispatch.h> header from RemoteInspectorDebuggableConnection.h
287         https://bugs.webkit.org/show_bug.cgi?id=141067
288
289         Reviewed by Timothy Hatcher.
290
291         Remove the header <dispatch/dispatch.h> from RemoteInspectorDebuggableConnection.h as we
292         do not make use of its functionality. Instead, include this header in RemoteInspectorDebuggableConnection.mm
293         and RemoteInspector.mm. The latter depended on <dispatch/dispatch.h> being included via
294         header RemoteInspectorDebuggableConnection.h.
295
296         * inspector/remote/RemoteInspector.mm: Include header <dispatch/dispatch.h>.
297         * inspector/remote/RemoteInspectorDebuggableConnection.h: Remove header <dispatch/dispatch.h>.
298         * inspector/remote/RemoteInspectorDebuggableConnection.mm: Include header <dispatch/dispatch.h>.
299
300 2015-01-30  Yusuke Suzuki  <utatane.tea@gmail.com>
301
302         Implement ES6 Symbol
303         https://bugs.webkit.org/show_bug.cgi?id=140435
304
305         Reviewed by Geoffrey Garen.
306
307         This patch implements ES6 Symbol. In this patch, we don't support
308         Symbol.keyFor, Symbol.for, Object.getOwnPropertySymbols. They will be
309         supported in the subsequent patches.
310
311         Since ES6 Symbol is introduced as new primitive value, we implement
312         Symbol as a derived class from JSCell. And now JSValue accepts Symbol*
313         as a new primitive value.
314
315         Symbol has a *unique* flagged StringImpl* as an `uid`. Which pointer
316         value represents the Symbol's identity. So don't compare Symbol's
317         JSCell pointer value for comparison.
318         This enables re-producing Symbol primitive value from StringImpl* uid
319         by executing`Symbol::create(vm, uid)`. This is needed to produce
320         Symbol primitive values from stored StringImpl* in `Object.getOwnPropertySymbols`.
321
322         And Symbol.[[Description]] is folded into the string value of Symbol's uid.
323         By doing so, we can represent ES6 Symbol without extending current PropertyTable key; StringImpl*.
324
325         * CMakeLists.txt:
326         * DerivedSources.make:
327         * JavaScriptCore.order:
328         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
329         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
330         * JavaScriptCore.xcodeproj/project.pbxproj:
331         * builtins/BuiltinExecutables.cpp:
332         (JSC::BuiltinExecutables::createBuiltinExecutable):
333         * builtins/BuiltinNames.h:
334         * dfg/DFGOperations.cpp:
335         (JSC::DFG::operationPutByValInternal):
336         * inspector/JSInjectedScriptHost.cpp:
337         (Inspector::JSInjectedScriptHost::subtype):
338         * interpreter/Interpreter.cpp:
339         * jit/JITOperations.cpp:
340         (JSC::getByVal):
341         * llint/LLIntData.cpp:
342         (JSC::LLInt::Data::performAssertions):
343         * llint/LLIntSlowPaths.cpp:
344         (JSC::LLInt::getByVal):
345         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
346         * llint/LowLevelInterpreter.asm:
347         * runtime/CommonIdentifiers.h:
348         * runtime/CommonSlowPaths.cpp:
349         (JSC::SLOW_PATH_DECL):
350         * runtime/CommonSlowPaths.h:
351         (JSC::CommonSlowPaths::opIn):
352         * runtime/ExceptionHelpers.cpp:
353         (JSC::createUndefinedVariableError):
354         * runtime/JSCJSValue.cpp:
355         (JSC::JSValue::synthesizePrototype):
356         (JSC::JSValue::dumpInContextAssumingStructure):
357         (JSC::JSValue::toStringSlowCase):
358         * runtime/JSCJSValue.h:
359         * runtime/JSCJSValueInlines.h:
360         (JSC::JSValue::isSymbol):
361         (JSC::JSValue::isPrimitive):
362         (JSC::JSValue::toPropertyKey):
363
364         It represents ToPropertyKey abstract operation in the ES6 spec.
365         It cleans up the old implementation's `isName` checks.
366         And to prevent performance regressions in
367             js/regress/fold-get-by-id-to-multi-get-by-offset-rare-int.html
368             js/regress/fold-get-by-id-to-multi-get-by-offset.html
369         we annnotate this function as ALWAYS_INLINE.
370
371         (JSC::JSValue::getPropertySlot):
372         (JSC::JSValue::get):
373         (JSC::JSValue::equalSlowCaseInline):
374         (JSC::JSValue::strictEqualSlowCaseInline):
375         * runtime/JSCell.cpp:
376         (JSC::JSCell::put):
377         (JSC::JSCell::putByIndex):
378         (JSC::JSCell::toPrimitive):
379         (JSC::JSCell::getPrimitiveNumber):
380         (JSC::JSCell::toNumber):
381         (JSC::JSCell::toObject):
382         * runtime/JSCell.h:
383         * runtime/JSCellInlines.h:
384         (JSC::JSCell::isSymbol):
385         (JSC::JSCell::toBoolean):
386         (JSC::JSCell::pureToBoolean):
387         * runtime/JSGlobalObject.cpp:
388         (JSC::JSGlobalObject::init):
389         (JSC::JSGlobalObject::visitChildren):
390         * runtime/JSGlobalObject.h:
391         (JSC::JSGlobalObject::symbolPrototype):
392         (JSC::JSGlobalObject::symbolObjectStructure):
393         * runtime/JSONObject.cpp:
394         (JSC::Stringifier::Stringifier):
395         * runtime/JSSymbolTableObject.cpp:
396         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
397         * runtime/JSType.h:
398         * runtime/JSTypeInfo.h:
399         (JSC::TypeInfo::isName): Deleted.
400         * runtime/MapData.cpp:
401         (JSC::MapData::find):
402         (JSC::MapData::add):
403         (JSC::MapData::remove):
404         (JSC::MapData::replaceAndPackBackingStore):
405         * runtime/MapData.h:
406         (JSC::MapData::clear):
407         * runtime/NameInstance.h: Removed.
408         * runtime/NamePrototype.cpp: Removed.
409         * runtime/ObjectConstructor.cpp:
410         (JSC::objectConstructorGetOwnPropertyDescriptor):
411         (JSC::objectConstructorDefineProperty):
412         * runtime/ObjectPrototype.cpp:
413         (JSC::objectProtoFuncHasOwnProperty):
414         (JSC::objectProtoFuncDefineGetter):
415         (JSC::objectProtoFuncDefineSetter):
416         (JSC::objectProtoFuncLookupGetter):
417         (JSC::objectProtoFuncLookupSetter):
418         (JSC::objectProtoFuncPropertyIsEnumerable):
419         * runtime/Operations.cpp:
420         (JSC::jsTypeStringForValue):
421         (JSC::jsIsObjectType):
422         * runtime/PrivateName.h:
423         (JSC::PrivateName::PrivateName):
424         (JSC::PrivateName::operator==):
425         (JSC::PrivateName::operator!=):
426         * runtime/PropertyMapHashTable.h:
427         (JSC::PropertyTable::find):
428         (JSC::PropertyTable::get):
429         * runtime/PropertyName.h:
430         (JSC::PropertyName::PropertyName):
431         (JSC::PropertyName::publicName):
432         * runtime/SmallStrings.h:
433         * runtime/StringConstructor.cpp:
434         (JSC::callStringConstructor):
435
436         In ES6, String constructor accepts Symbol to execute `String(symbol)`.
437
438         * runtime/Structure.cpp:
439         (JSC::Structure::getPropertyNamesFromStructure):
440         * runtime/StructureInlines.h:
441         (JSC::Structure::prototypeForLookup):
442         * runtime/Symbol.cpp: Added.
443         (JSC::Symbol::Symbol):
444         (JSC::SymbolObject::create):
445         (JSC::Symbol::toPrimitive):
446         (JSC::Symbol::toBoolean):
447         (JSC::Symbol::getPrimitiveNumber):
448         (JSC::Symbol::toObject):
449         (JSC::Symbol::toNumber):
450         (JSC::Symbol::destroy):
451         (JSC::Symbol::descriptiveString):
452         * runtime/Symbol.h: Added.
453         (JSC::Symbol::createStructure):
454         (JSC::Symbol::create):
455         (JSC::Symbol::privateName):
456         (JSC::Symbol::finishCreation):
457         (JSC::asSymbol):
458         * runtime/SymbolConstructor.cpp: Renamed from Source/JavaScriptCore/runtime/NameConstructor.cpp.
459         (JSC::SymbolConstructor::SymbolConstructor):
460         (JSC::SymbolConstructor::finishCreation):
461         (JSC::callSymbol):
462         (JSC::SymbolConstructor::getConstructData):
463         (JSC::SymbolConstructor::getCallData):
464         * runtime/SymbolConstructor.h: Renamed from Source/JavaScriptCore/runtime/NameConstructor.h.
465         (JSC::SymbolConstructor::create):
466         (JSC::SymbolConstructor::createStructure):
467         * runtime/SymbolObject.cpp: Renamed from Source/JavaScriptCore/runtime/NameInstance.cpp.
468         (JSC::SymbolObject::SymbolObject):
469         (JSC::SymbolObject::finishCreation):
470         (JSC::SymbolObject::defaultValue):
471
472         Now JSC doesn't support @@toPrimitive. So instead of it, we implement
473         Symbol.prototype[@@toPrimitive] as ES5 Symbol.[[DefaultValue]].
474
475         * runtime/SymbolObject.h: Added.
476         (JSC::SymbolObject::create):
477         (JSC::SymbolObject::internalValue):
478         (JSC::SymbolObject::createStructure):
479         * runtime/SymbolPrototype.cpp: Added.
480         (JSC::SymbolPrototype::SymbolPrototype):
481         (JSC::SymbolPrototype::finishCreation):
482         (JSC::SymbolPrototype::getOwnPropertySlot):
483         (JSC::symbolProtoFuncToString):
484         (JSC::symbolProtoFuncValueOf):
485         * runtime/SymbolPrototype.h: Renamed from Source/JavaScriptCore/runtime/NamePrototype.h.
486         (JSC::SymbolPrototype::create):
487         (JSC::SymbolPrototype::createStructure):
488
489         SymbolPrototype object is ordinary JS object. Not wrapper object of Symbol.
490         It is tested in js/symbol-prototype-is-ordinary-object.html.
491
492         * runtime/VM.cpp:
493         (JSC::VM::VM):
494         * runtime/VM.h:
495
496 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
497
498         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
499         https://bugs.webkit.org/show_bug.cgi?id=140900
500
501         Reviewed by Mark Hahnenberg.
502
503         Re-landing just the HandleBlock piece of this patch.
504
505         * heap/HandleBlock.h:
506         * heap/HandleBlockInlines.h:
507         (JSC::HandleBlock::create):
508         (JSC::HandleBlock::destroy):
509         (JSC::HandleBlock::HandleBlock):
510         (JSC::HandleBlock::payloadEnd):
511         * heap/HandleSet.cpp:
512         (JSC::HandleSet::~HandleSet):
513         (JSC::HandleSet::grow):
514
515 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
516
517         GC marking threads should clear malloc caches
518         https://bugs.webkit.org/show_bug.cgi?id=141097
519
520         Reviewed by Sam Weinig.
521
522         Follow-up based on Mark Hahnenberg's review: Release after the copy
523         phase, rather than after any phase, since we'd rather not release
524         between marking and copying.
525
526         * heap/GCThread.cpp:
527         (JSC::GCThread::waitForNextPhase):
528         (JSC::GCThread::gcThreadMain):
529
530 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
531
532         GC marking threads should clear malloc caches
533         https://bugs.webkit.org/show_bug.cgi?id=141097
534
535         Reviewed by Andreas Kling.
536
537         This is an attempt to ameliorate a potential memory use regression
538         caused by https://bugs.webkit.org/show_bug.cgi?id=140900
539         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages.
540
541         FastMalloc may accumulate a per-thread cache on each of the 8-ish
542         GC marking threads, which can be expensive.
543
544         * heap/GCThread.cpp:
545         (JSC::GCThread::waitForNextPhase): Scavenge the current thread before
546         going to sleep. There's probably not too much value to keeping our
547         per-thread cache between GCs, and it has some memory footprint.
548
549 2015-01-30  Chris Dumez  <cdumez@apple.com>
550
551         Rename shared() static member functions to singleton() for singleton classes.
552         https://bugs.webkit.org/show_bug.cgi?id=141088
553
554         Reviewed by Ryosuke Niwa and Benjamin Poulain.
555
556         Rename shared() static member functions to singleton() for singleton
557         classes as per the recent coding style change.
558
559         * inspector/remote/RemoteInspector.h:
560         * inspector/remote/RemoteInspector.mm:
561         (Inspector::RemoteInspector::singleton):
562         (Inspector::RemoteInspector::start):
563         (Inspector::RemoteInspector::shared): Deleted.
564         * inspector/remote/RemoteInspectorDebuggable.cpp:
565         (Inspector::RemoteInspectorDebuggable::~RemoteInspectorDebuggable):
566         (Inspector::RemoteInspectorDebuggable::init):
567         (Inspector::RemoteInspectorDebuggable::update):
568         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
569         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
570         (Inspector::RemoteInspectorDebuggable::unpauseForInitializedInspector):
571         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
572         (Inspector::RemoteInspectorDebuggableConnection::setup):
573         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToFrontend):
574
575 2015-01-30  Geoffrey Garen  <ggaren@apple.com>
576
577         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
578         https://bugs.webkit.org/show_bug.cgi?id=140900
579
580         Reviewed by Mark Hahnenberg.
581
582         Re-landing just the CopyWorkListSegment piece of this patch.
583
584         * heap/CopiedBlockInlines.h:
585         (JSC::CopiedBlock::reportLiveBytes):
586         * heap/CopyWorkList.h:
587         (JSC::CopyWorkListSegment::create):
588         (JSC::CopyWorkListSegment::destroy):
589         (JSC::CopyWorkListSegment::CopyWorkListSegment):
590         (JSC::CopyWorkList::CopyWorkList):
591         (JSC::CopyWorkList::~CopyWorkList):
592         (JSC::CopyWorkList::append):
593
594 2015-01-29  Commit Queue  <commit-queue@webkit.org>
595
596         Unreviewed, rolling out r179357 and r179358.
597         https://bugs.webkit.org/show_bug.cgi?id=141062
598
599         Suspect this caused WebGL tests to start flaking (Requested by
600         kling on #webkit).
601
602         Reverted changesets:
603
604         "Polymorphic call inlining should be based on polymorphic call
605         inline caching rather than logging"
606         https://bugs.webkit.org/show_bug.cgi?id=140660
607         http://trac.webkit.org/changeset/179357
608
609         "Unreviewed, fix no-JIT build."
610         http://trac.webkit.org/changeset/179358
611
612 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
613
614         Removed op_ret_object_or_this
615         https://bugs.webkit.org/show_bug.cgi?id=141048
616
617         Reviewed by Michael Saboff.
618
619         op_ret_object_or_this was one opcode that would keep us out of the
620         optimizing compilers.
621
622         We don't need a special-purpose opcode; we can just use a branch.
623
624         * bytecode/BytecodeBasicBlock.cpp:
625         (JSC::isTerminal): Removed.
626         * bytecode/BytecodeList.json:
627         * bytecode/BytecodeUseDef.h:
628         (JSC::computeUsesForBytecodeOffset):
629         (JSC::computeDefsForBytecodeOffset): Removed.
630
631         * bytecode/CodeBlock.cpp:
632         (JSC::CodeBlock::dumpBytecode): Removed.
633
634         * bytecompiler/BytecodeGenerator.cpp:
635         (JSC::BytecodeGenerator::emitReturn): Use an explicit branch to determine
636         if we need to substitute 'this' for the return value. Our engine no longer
637         benefits from fused opcodes that dispatch less in the interpreter.
638
639         * jit/JIT.cpp:
640         (JSC::JIT::privateCompileMainPass):
641         * jit/JIT.h:
642         * jit/JITCall32_64.cpp:
643         (JSC::JIT::emit_op_ret_object_or_this): Deleted.
644         * jit/JITOpcodes.cpp:
645         (JSC::JIT::emit_op_ret_object_or_this): Deleted.
646         * llint/LowLevelInterpreter32_64.asm:
647         * llint/LowLevelInterpreter64.asm: Removed.
648
649 2015-01-29  Ryosuke Niwa  <rniwa@webkit.org>
650
651         Implement ES6 class syntax without inheritance support
652         https://bugs.webkit.org/show_bug.cgi?id=140918
653
654         Reviewed by Geoffrey Garen.
655
656         Added the most basic support for ES6 class syntax. After this patch, we support basic class definition like:
657         class A {
658             constructor() { }
659             someMethod() { }
660         }
661
662         We'll add the support for "extends" keyword and automatically generating a constructor in follow up patches.
663         We also don't support block scoping of a class declaration.
664
665         We support both class declaration and class expression. A class expression is implemented by the newly added
666         ClassExprNode AST node. A class declaration is implemented by ClassDeclNode, which is a thin wrapper around
667         AssignResolveNode.
668
669         Tests: js/class-syntax-declaration.html
670                js/class-syntax-expression.html
671
672         * bytecompiler/NodesCodegen.cpp:
673         (JSC::ObjectLiteralNode::emitBytecode): Create a new object instead of delegating the work to PropertyListNode.
674         Also fixed the 5-space indentation.
675         (JSC::PropertyListNode::emitBytecode): Don't create a new object now that ObjectLiteralNode does this.
676         (JSC::ClassDeclNode::emitBytecode): Added. Just let the AssignResolveNode node emit the byte code.
677         (JSC::ClassExprNode::emitBytecode): Create the class constructor and add static methods to the constructor by
678         emitting the byte code for PropertyListNode. Add instance methods to the class's prototype object the same way.
679
680         * parser/ASTBuilder.h:
681         (JSC::ASTBuilder::createClassExpr): Added. Creates a ClassExprNode.
682         (JSC::ASTBuilder::createClassDeclStatement): Added. Creates a AssignResolveNode and wraps it by a ClassDeclNode.
683
684         * parser/NodeConstructors.h:
685         (JSC::ClassDeclNode::ClassDeclNode): Added.
686         (JSC::ClassExprNode::ClassExprNode): Added.
687
688         * parser/Nodes.h:
689         (JSC::ClassExprNode): Added.
690         (JSC::ClassDeclNode): Added.
691
692         * parser/Parser.cpp:
693         (JSC::Parser<LexerType>::parseStatement): Added the support for class declaration.
694         (JSC::stringForFunctionMode): Return "method" for MethodMode.
695         (JSC::Parser<LexerType>::parseClassDeclaration): Added. Uses parseClass to create a class expression and wraps
696         it with ClassDeclNode as described above.
697         (JSC::Parser<LexerType>::parseClass): Parses a class expression.
698         (JSC::Parser<LexerType>::parseProperty):
699         (JSC::Parser<LexerType>::parseGetterSetter): Extracted from parseProperty to share the code between parseProperty
700         and parseClass.
701         (JSC::Parser<LexerType>::parsePrimaryExpression): Added the support for class expression.
702
703         * parser/Parser.h:
704         (FunctionParseMode): Added MethodMode.
705
706         * parser/SyntaxChecker.h:
707         (JSC::SyntaxChecker::createClassExpr): Added.
708         (JSC::SyntaxChecker::createClassDeclStatement): Added.
709
710 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
711
712         Try to fix the Windows build.
713
714         Not reviewed.
715
716         * heap/WeakBlock.h: Use the fully qualified name when declaring our friend.
717
718 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
719
720         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
721         https://bugs.webkit.org/show_bug.cgi?id=140900
722
723         Reviewed by Mark Hahnenberg.
724
725         Re-landing just the WeakBlock piece of this patch.
726
727         * heap/WeakBlock.cpp:
728         (JSC::WeakBlock::create):
729         (JSC::WeakBlock::destroy):
730         (JSC::WeakBlock::WeakBlock):
731         * heap/WeakBlock.h:
732         * heap/WeakSet.cpp:
733         (JSC::WeakSet::~WeakSet):
734         (JSC::WeakSet::addAllocator):
735         (JSC::WeakSet::removeAllocator):
736
737 2015-01-29  Geoffrey Garen  <ggaren@apple.com>
738
739         Use Vector instead of GCSegmentedArray in CodeBlockSet
740         https://bugs.webkit.org/show_bug.cgi?id=141044
741
742         Reviewed by Ryosuke Niwa.
743
744         This is allowed now that we've gotten rid of fastMallocForbid.
745
746         4kB was a bit overkill for just storing a few pointers.
747
748         * heap/CodeBlockSet.cpp:
749         (JSC::CodeBlockSet::CodeBlockSet):
750         * heap/CodeBlockSet.h:
751         * heap/Heap.cpp:
752         (JSC::Heap::Heap):
753
754 2015-01-29  Filip Pizlo  <fpizlo@apple.com>
755
756         Unreviewed, fix no-JIT build.
757
758         * jit/PolymorphicCallStubRoutine.cpp:
759
760 2015-01-28  Filip Pizlo  <fpizlo@apple.com>
761
762         Polymorphic call inlining should be based on polymorphic call inline caching rather than logging
763         https://bugs.webkit.org/show_bug.cgi?id=140660
764
765         Reviewed by Geoffrey Garen.
766         
767         When we first implemented polymorphic call inlining, we did the profiling based on a call
768         edge log. The idea was to store each call edge (a tuple of call site and callee) into a
769         global log that was processed lazily. Processing the log would give precise counts of call
770         edges, and could be used to drive well-informed inlining decisions - polymorphic or not.
771         This was a speed-up on throughput tests but a slow-down for latency tests. It was a net win
772         nonetheless.
773         
774         Experience with this code shows three things. First, the call edge profiler is buggy and
775         complex. It would take work to fix the bugs. Second, the call edge profiler incurs lots of
776         overhead for latency code that we care deeply about. Third, it's not at all clear that
777         having call edge counts for every possible callee is any better than just having call edge
778         counts for the limited number of callees that an inline cache would catch.
779         
780         So, this patch removes the call edge profiler and replaces it with a polymorphic call inline
781         cache. If we miss the basic call inline cache, we inflate the cache to be a jump to an
782         out-of-line stub that cases on the previously known callees. If that misses again, then we
783         rewrite that stub to include the new callee. We do this up to some number of callees. If we
784         hit the limit then we switch to using a plain virtual call.
785         
786         Substantial speed-up on V8Spider; undoes the slow-down that the original call edge profiler
787         caused. Might be a SunSpider speed-up (below 1%), depending on hardware.
788
789         * CMakeLists.txt:
790         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
791         * JavaScriptCore.xcodeproj/project.pbxproj:
792         * bytecode/CallEdge.h:
793         (JSC::CallEdge::count):
794         (JSC::CallEdge::CallEdge):
795         * bytecode/CallEdgeProfile.cpp: Removed.
796         * bytecode/CallEdgeProfile.h: Removed.
797         * bytecode/CallEdgeProfileInlines.h: Removed.
798         * bytecode/CallLinkInfo.cpp:
799         (JSC::CallLinkInfo::unlink):
800         (JSC::CallLinkInfo::visitWeak):
801         * bytecode/CallLinkInfo.h:
802         * bytecode/CallLinkStatus.cpp:
803         (JSC::CallLinkStatus::CallLinkStatus):
804         (JSC::CallLinkStatus::computeFor):
805         (JSC::CallLinkStatus::computeFromCallLinkInfo):
806         (JSC::CallLinkStatus::isClosureCall):
807         (JSC::CallLinkStatus::makeClosureCall):
808         (JSC::CallLinkStatus::dump):
809         (JSC::CallLinkStatus::computeFromCallEdgeProfile): Deleted.
810         * bytecode/CallLinkStatus.h:
811         (JSC::CallLinkStatus::CallLinkStatus):
812         (JSC::CallLinkStatus::isSet):
813         (JSC::CallLinkStatus::variants):
814         (JSC::CallLinkStatus::size):
815         (JSC::CallLinkStatus::at):
816         (JSC::CallLinkStatus::operator[]):
817         (JSC::CallLinkStatus::canOptimize):
818         (JSC::CallLinkStatus::edges): Deleted.
819         (JSC::CallLinkStatus::canTrustCounts): Deleted.
820         * bytecode/CallVariant.cpp:
821         (JSC::variantListWithVariant):
822         (JSC::despecifiedVariantList):
823         * bytecode/CallVariant.h:
824         * bytecode/CodeBlock.cpp:
825         (JSC::CodeBlock::~CodeBlock):
826         (JSC::CodeBlock::linkIncomingPolymorphicCall):
827         (JSC::CodeBlock::unlinkIncomingCalls):
828         (JSC::CodeBlock::noticeIncomingCall):
829         * bytecode/CodeBlock.h:
830         (JSC::CodeBlock::isIncomingCallAlreadyLinked): Deleted.
831         * dfg/DFGAbstractInterpreterInlines.h:
832         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
833         * dfg/DFGByteCodeParser.cpp:
834         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
835         (JSC::DFG::ByteCodeParser::handleCall):
836         (JSC::DFG::ByteCodeParser::handleInlining):
837         * dfg/DFGClobberize.h:
838         (JSC::DFG::clobberize):
839         * dfg/DFGConstantFoldingPhase.cpp:
840         (JSC::DFG::ConstantFoldingPhase::foldConstants):
841         * dfg/DFGDoesGC.cpp:
842         (JSC::DFG::doesGC):
843         * dfg/DFGDriver.cpp:
844         (JSC::DFG::compileImpl):
845         * dfg/DFGFixupPhase.cpp:
846         (JSC::DFG::FixupPhase::fixupNode):
847         * dfg/DFGNode.h:
848         (JSC::DFG::Node::hasHeapPrediction):
849         * dfg/DFGNodeType.h:
850         * dfg/DFGOperations.cpp:
851         * dfg/DFGPredictionPropagationPhase.cpp:
852         (JSC::DFG::PredictionPropagationPhase::propagate):
853         * dfg/DFGSafeToExecute.h:
854         (JSC::DFG::safeToExecute):
855         * dfg/DFGSpeculativeJIT32_64.cpp:
856         (JSC::DFG::SpeculativeJIT::emitCall):
857         (JSC::DFG::SpeculativeJIT::compile):
858         * dfg/DFGSpeculativeJIT64.cpp:
859         (JSC::DFG::SpeculativeJIT::emitCall):
860         (JSC::DFG::SpeculativeJIT::compile):
861         * dfg/DFGTierUpCheckInjectionPhase.cpp:
862         (JSC::DFG::TierUpCheckInjectionPhase::run):
863         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling): Deleted.
864         * ftl/FTLCapabilities.cpp:
865         (JSC::FTL::canCompile):
866         * heap/Heap.cpp:
867         (JSC::Heap::collect):
868         * jit/BinarySwitch.h:
869         * jit/ClosureCallStubRoutine.cpp: Removed.
870         * jit/ClosureCallStubRoutine.h: Removed.
871         * jit/JITCall.cpp:
872         (JSC::JIT::compileOpCall):
873         * jit/JITCall32_64.cpp:
874         (JSC::JIT::compileOpCall):
875         * jit/JITOperations.cpp:
876         * jit/JITOperations.h:
877         (JSC::operationLinkPolymorphicCallFor):
878         (JSC::operationLinkClosureCallFor): Deleted.
879         * jit/JITStubRoutine.h:
880         * jit/JITWriteBarrier.h:
881         * jit/PolymorphicCallStubRoutine.cpp: Added.
882         (JSC::PolymorphicCallNode::~PolymorphicCallNode):
883         (JSC::PolymorphicCallNode::unlink):
884         (JSC::PolymorphicCallCase::dump):
885         (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
886         (JSC::PolymorphicCallStubRoutine::~PolymorphicCallStubRoutine):
887         (JSC::PolymorphicCallStubRoutine::variants):
888         (JSC::PolymorphicCallStubRoutine::edges):
889         (JSC::PolymorphicCallStubRoutine::visitWeak):
890         (JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternal):
891         * jit/PolymorphicCallStubRoutine.h: Added.
892         (JSC::PolymorphicCallNode::PolymorphicCallNode):
893         (JSC::PolymorphicCallCase::PolymorphicCallCase):
894         (JSC::PolymorphicCallCase::variant):
895         (JSC::PolymorphicCallCase::codeBlock):
896         * jit/Repatch.cpp:
897         (JSC::linkSlowFor):
898         (JSC::linkFor):
899         (JSC::revertCall):
900         (JSC::unlinkFor):
901         (JSC::linkVirtualFor):
902         (JSC::linkPolymorphicCall):
903         (JSC::linkClosureCall): Deleted.
904         * jit/Repatch.h:
905         * jit/ThunkGenerators.cpp:
906         (JSC::linkPolymorphicCallForThunkGenerator):
907         (JSC::linkPolymorphicCallThunkGenerator):
908         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator):
909         (JSC::linkClosureCallForThunkGenerator): Deleted.
910         (JSC::linkClosureCallThunkGenerator): Deleted.
911         (JSC::linkClosureCallThatPreservesRegsThunkGenerator): Deleted.
912         * jit/ThunkGenerators.h:
913         (JSC::linkPolymorphicCallThunkGeneratorFor):
914         (JSC::linkClosureCallThunkGeneratorFor): Deleted.
915         * llint/LLIntSlowPaths.cpp:
916         (JSC::LLInt::jitCompileAndSetHeuristics):
917         * runtime/Options.h:
918         * runtime/VM.cpp:
919         (JSC::VM::prepareToDiscardCode):
920         (JSC::VM::ensureCallEdgeLog): Deleted.
921         * runtime/VM.h:
922
923 2015-01-29  Joseph Pecoraro  <pecoraro@apple.com>
924
925         Web Inspector: ES6: Improved Console Format for Set and Map Objects (like Arrays)
926         https://bugs.webkit.org/show_bug.cgi?id=122867
927
928         Reviewed by Timothy Hatcher.
929
930         Add new Runtime.RemoteObject object subtypes for "map", "set", and "weakmap".
931
932         Upgrade Runtime.ObjectPreview to include type/subtype information. Now,
933         an ObjectPreview can be used for any value, in place of a RemoteObject,
934         and not capture / hold a reference to the value. The value will be in
935         the string description.
936
937         Adding this information to ObjectPreview can duplicate some information
938         in the protocol messages if a preview is provided, but simplifies
939         previews, so that all the information you need for any RemoteObject
940         preview is available. To slim messages further, make "overflow" and
941         "properties" only available on previews that may contain properties.
942         So, not primitives or null.
943
944         Finally, for "Map/Set/WeakMap" add an "entries" list to the preview
945         that will return previews with "key" and "value" properties depending
946         on the collection type. To get live, non-preview objects from a
947         collection, use Runtime.getCollectionEntries.
948
949         In order to keep the WeakMap's values Weak the frontend may provide
950         a unique object group name when getting collection entries. It may
951         then release that object group, e.g. when not showing the WeakMap's
952         values to the user, and thus remove the strong reference to the keys
953         so they may be garbage collected.
954
955         * runtime/WeakMapData.h:
956         (JSC::WeakMapData::begin):
957         (JSC::WeakMapData::end):
958         Expose iterators so the Inspector may access WeakMap keys/values.
959
960         * inspector/JSInjectedScriptHostPrototype.cpp:
961         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
962         (Inspector::jsInjectedScriptHostPrototypeFunctionWeakMapEntries):
963         * inspector/JSInjectedScriptHost.h:
964         * inspector/JSInjectedScriptHost.cpp:
965         (Inspector::JSInjectedScriptHost::subtype):
966         Discern "map", "set", and "weakmap" object subtypes.
967
968         (Inspector::JSInjectedScriptHost::weakMapEntries):
969         Return a list of WeakMap entries. These are strong references
970         that the Inspector code is responsible for releasing.
971
972         * inspector/protocol/Runtime.json:
973         Update types and expose the new getCollectionEntries command.
974
975         * inspector/agents/InspectorRuntimeAgent.h:
976         * inspector/agents/InspectorRuntimeAgent.cpp:
977         (Inspector::InspectorRuntimeAgent::getCollectionEntries):
978         * inspector/InjectedScript.h:
979         * inspector/InjectedScript.cpp:
980         (Inspector::InjectedScript::getInternalProperties):
981         (Inspector::InjectedScript::getCollectionEntries):
982         Pass through to the InjectedScript and call getCollectionEntries.
983
984         * inspector/scripts/codegen/generator.py:
985         Add another type with runtime casting.
986
987         * inspector/InjectedScriptSource.js:
988         - Implement getCollectionEntries to get a range of values from a
989         collection. The non-Weak collections have an order to their keys (in
990         order of added) so range'd gets are okay. WeakMap does not have an
991         order, so only allow fetching a number of values.
992         - Update preview generation to address the Runtime.ObjectPreview
993         type changes.
994
995 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
996
997         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
998         https://bugs.webkit.org/show_bug.cgi?id=140900
999
1000         Reviewed by Mark Hahnenberg.
1001
1002         Re-landing just the GCArraySegment piece of this patch.
1003
1004         * heap/CodeBlockSet.cpp:
1005         (JSC::CodeBlockSet::CodeBlockSet):
1006         * heap/CodeBlockSet.h:
1007         * heap/GCSegmentedArray.h:
1008         (JSC::GCArraySegment::GCArraySegment):
1009         * heap/GCSegmentedArrayInlines.h:
1010         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
1011         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
1012         (JSC::GCSegmentedArray<T>::clear):
1013         (JSC::GCSegmentedArray<T>::expand):
1014         (JSC::GCSegmentedArray<T>::refill):
1015         (JSC::GCArraySegment<T>::create):
1016         (JSC::GCArraySegment<T>::destroy):
1017         * heap/GCThreadSharedData.cpp:
1018         (JSC::GCThreadSharedData::GCThreadSharedData):
1019         * heap/Heap.cpp:
1020         (JSC::Heap::Heap):
1021         * heap/MarkStack.cpp:
1022         (JSC::MarkStackArray::MarkStackArray):
1023         * heap/MarkStack.h:
1024         * heap/SlotVisitor.cpp:
1025         (JSC::SlotVisitor::SlotVisitor):
1026
1027 2015-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1028
1029         Move HAVE_DTRACE definition back to Platform.h
1030         https://bugs.webkit.org/show_bug.cgi?id=141033
1031
1032         Reviewed by Dan Bernstein.
1033
1034         * Configurations/Base.xcconfig:
1035         * JavaScriptCore.xcodeproj/project.pbxproj:
1036
1037 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
1038
1039         Removed fastMallocForbid / fastMallocAllow
1040         https://bugs.webkit.org/show_bug.cgi?id=141012
1041
1042         Reviewed by Mark Hahnenberg.
1043
1044         Copy non-current thread stacks before scanning them instead of scanning
1045         them in-place.
1046
1047         This operation is uncommon (i.e., never in the web content process),
1048         and even in a stress test with 4 threads it only copies about 27kB,
1049         so I think the performance cost is OK.
1050
1051         Scanning in-place requires a complex dance where we constrain our GC
1052         data structures not to use malloc, free, or any other interesting functions
1053         that might acquire locks. We've gotten this wrong many times in the past,
1054         and I just got it wrong again yesterday. Since this code path is rarely
1055         tested, I want it to just make sense, and not depend on or constrain the
1056         details of the rest of the GC heap's design.
1057
1058         * heap/MachineStackMarker.cpp:
1059         (JSC::otherThreadStack): Factored out a helper function for dealing with
1060         unaligned and/or backwards pointers.
1061
1062         (JSC::MachineThreads::tryCopyOtherThreadStack): This is now the only
1063         constrained function, and it only calls memcpy and low-level thread APIs.
1064
1065         (JSC::MachineThreads::tryCopyOtherThreadStacks): The design here is that
1066         you do one pass over all the threads to compute their combined size,
1067         and then a second pass to do all the copying. In theory, the threads may
1068         grow in between passes, in which case you'll continue until the threads
1069         stop growing. In practice, you never continue.
1070
1071         (JSC::growBuffer): Helper function for growing.
1072
1073         (JSC::MachineThreads::gatherConservativeRoots):
1074         (JSC::MachineThreads::gatherFromOtherThread): Deleted.
1075         * heap/MachineStackMarker.h: Updated for interface changes.
1076
1077 2015-01-28  Brian J. Burg  <burg@cs.washington.edu>
1078
1079         Web Inspector: remove CSS.setPropertyText, CSS.toggleProperty and related dead code
1080         https://bugs.webkit.org/show_bug.cgi?id=140961
1081
1082         Reviewed by Timothy Hatcher.
1083
1084         * inspector/protocol/CSS.json: Remove unused protocol methods.
1085
1086 2015-01-28  Dana Burkart  <dburkart@apple.com>
1087
1088         Move ASan flag settings from DebugRelease.xcconfig to Base.xcconfig
1089         https://bugs.webkit.org/show_bug.cgi?id=136765
1090
1091         Reviewed by Alexey Proskuryakov.
1092
1093         * Configurations/Base.xcconfig:
1094         * Configurations/DebugRelease.xcconfig:
1095
1096 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
1097
1098         ExitSiteData saying m_takesSlowPath shouldn't mean early returning takesSlowPath() since for the non-LLInt case we later set m_couldTakeSlowPath, which is more precise
1099         https://bugs.webkit.org/show_bug.cgi?id=140980
1100
1101         Reviewed by Oliver Hunt.
1102
1103         * bytecode/CallLinkStatus.cpp:
1104         (JSC::CallLinkStatus::computeFor):
1105
1106 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
1107
1108         Move DFGBinarySwitch out of the DFG so that all of the JITs can use it
1109         https://bugs.webkit.org/show_bug.cgi?id=140959
1110
1111         Rubber stamped by Geoffrey Garen.
1112         
1113         I want to use this for polymorphic stubs for https://bugs.webkit.org/show_bug.cgi?id=140660.
1114         This code no longer has DFG dependencies so this is a very clean move.
1115
1116         * CMakeLists.txt:
1117         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1118         * JavaScriptCore.xcodeproj/project.pbxproj:
1119         * dfg/DFGBinarySwitch.cpp: Removed.
1120         * dfg/DFGBinarySwitch.h: Removed.
1121         * dfg/DFGSpeculativeJIT.cpp:
1122         * jit/BinarySwitch.cpp: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.cpp.
1123         * jit/BinarySwitch.h: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.h.
1124
1125 2015-01-27  Commit Queue  <commit-queue@webkit.org>
1126
1127         Unreviewed, rolling out r179192.
1128         https://bugs.webkit.org/show_bug.cgi?id=140953
1129
1130         Caused numerous layout test failures (Requested by mattbaker_
1131         on #webkit).
1132
1133         Reverted changeset:
1134
1135         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
1136         pages"
1137         https://bugs.webkit.org/show_bug.cgi?id=140900
1138         http://trac.webkit.org/changeset/179192
1139
1140 2015-01-27  Michael Saboff  <msaboff@apple.com>
1141
1142         REGRESSION(r178591): 20% regression in Octane box2d
1143         https://bugs.webkit.org/show_bug.cgi?id=140948
1144
1145         Reviewed by Geoffrey Garen.
1146
1147         Added check that we have a lexical environment to the arguments is captured check.
1148         It doesn't make sense to resolve "arguments" when it really isn't captured.
1149
1150         * bytecompiler/BytecodeGenerator.cpp:
1151         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
1152
1153 2015-01-26  Geoffrey Garen  <ggaren@apple.com>
1154
1155         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
1156         https://bugs.webkit.org/show_bug.cgi?id=140900
1157
1158         Reviewed by Mark Hahnenberg.
1159
1160         Removes some more custom allocation code.
1161
1162         Looks like a speedup. (See results attached to bugzilla.)
1163
1164         Will hopefully reduce memory use by improving sharing between the GC and
1165         malloc heaps.
1166
1167         * API/JSBase.cpp:
1168         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1169         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1170         * JavaScriptCore.xcodeproj/project.pbxproj: Feed the compiler.
1171
1172         * heap/BlockAllocator.cpp: Removed.
1173         * heap/BlockAllocator.h: Removed. No need for a custom allocator anymore.
1174
1175         * heap/CodeBlockSet.cpp:
1176         (JSC::CodeBlockSet::CodeBlockSet):
1177         * heap/CodeBlockSet.h: Feed the compiler.
1178
1179         * heap/CopiedBlock.h:
1180         (JSC::CopiedBlock::createNoZeroFill):
1181         (JSC::CopiedBlock::create):
1182         (JSC::CopiedBlock::CopiedBlock):
1183         (JSC::CopiedBlock::isOversize):
1184         (JSC::CopiedBlock::payloadEnd):
1185         (JSC::CopiedBlock::capacity):
1186         * heap/CopiedBlockInlines.h:
1187         (JSC::CopiedBlock::reportLiveBytes): Each copied block now tracks its
1188         own size, since we can't rely on Region to tell us our size anymore.
1189
1190         * heap/CopiedSpace.cpp:
1191         (JSC::CopiedSpace::~CopiedSpace):
1192         (JSC::CopiedSpace::tryAllocateOversize):
1193         (JSC::CopiedSpace::tryReallocateOversize):
1194         * heap/CopiedSpaceInlines.h:
1195         (JSC::CopiedSpace::recycleEvacuatedBlock):
1196         (JSC::CopiedSpace::recycleBorrowedBlock):
1197         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1198         (JSC::CopiedSpace::allocateBlock):
1199         (JSC::CopiedSpace::startedCopying): Deallocate blocks directly, rather
1200         than pushing them onto the block allocator's free list; the block
1201         allocator doesn't exist anymore.
1202
1203         * heap/CopyWorkList.h:
1204         (JSC::CopyWorkListSegment::create):
1205         (JSC::CopyWorkListSegment::CopyWorkListSegment):
1206         (JSC::CopyWorkList::~CopyWorkList):
1207         (JSC::CopyWorkList::append):
1208         (JSC::CopyWorkList::CopyWorkList): Deleted.
1209         * heap/GCSegmentedArray.h:
1210         (JSC::GCArraySegment::GCArraySegment):
1211         * heap/GCSegmentedArrayInlines.h:
1212         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
1213         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
1214         (JSC::GCSegmentedArray<T>::clear):
1215         (JSC::GCSegmentedArray<T>::expand):
1216         (JSC::GCSegmentedArray<T>::refill):
1217         (JSC::GCArraySegment<T>::create):
1218         * heap/GCThreadSharedData.cpp:
1219         (JSC::GCThreadSharedData::GCThreadSharedData):
1220         * heap/GCThreadSharedData.h: Feed the compiler.
1221
1222         * heap/HandleBlock.h:
1223         * heap/HandleBlockInlines.h:
1224         (JSC::HandleBlock::create):
1225         (JSC::HandleBlock::HandleBlock):
1226         (JSC::HandleBlock::payloadEnd):
1227         * heap/HandleSet.cpp:
1228         (JSC::HandleSet::~HandleSet):
1229         (JSC::HandleSet::grow): Same as above.
1230
1231         * heap/Heap.cpp:
1232         (JSC::Heap::Heap):
1233         * heap/Heap.h: Removed the block allocator since it is unused now.
1234
1235         * heap/HeapBlock.h:
1236         (JSC::HeapBlock::destroy):
1237         (JSC::HeapBlock::HeapBlock):
1238         (JSC::HeapBlock::region): Deleted. Removed the Region pointer from each
1239         HeapBlock since a HeapBlock is just a normal allocation now.
1240
1241         * heap/HeapInlines.h:
1242         (JSC::Heap::blockAllocator): Deleted.
1243
1244         * heap/HeapTimer.cpp:
1245         * heap/MarkStack.cpp:
1246         (JSC::MarkStackArray::MarkStackArray):
1247         * heap/MarkStack.h: Feed the compiler.
1248
1249         * heap/MarkedAllocator.cpp:
1250         (JSC::MarkedAllocator::allocateBlock): No need to use a custom code path
1251         based on size, since we use a general purpose allocator now.
1252
1253         * heap/MarkedBlock.cpp:
1254         (JSC::MarkedBlock::create):
1255         (JSC::MarkedBlock::destroy):
1256         (JSC::MarkedBlock::MarkedBlock):
1257         * heap/MarkedBlock.h:
1258         (JSC::MarkedBlock::capacity): Track block size explicitly, like CopiedBlock.
1259
1260         * heap/MarkedSpace.cpp:
1261         (JSC::MarkedSpace::freeBlock):
1262         * heap/MarkedSpace.h:
1263
1264         * heap/Region.h: Removed.
1265
1266         * heap/SlotVisitor.cpp:
1267         (JSC::SlotVisitor::SlotVisitor): Removed reference to block allocator.
1268
1269         * heap/SuperRegion.cpp: Removed.
1270         * heap/SuperRegion.h: Removed.
1271
1272         * heap/WeakBlock.cpp:
1273         (JSC::WeakBlock::create):
1274         (JSC::WeakBlock::WeakBlock):
1275         * heap/WeakBlock.h:
1276         * heap/WeakSet.cpp:
1277         (JSC::WeakSet::~WeakSet):
1278         (JSC::WeakSet::addAllocator):
1279         (JSC::WeakSet::removeAllocator): Removed reference to block allocator.
1280
1281 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
1282
1283         [ARM] Typo fix after r176083
1284         https://bugs.webkit.org/show_bug.cgi?id=140937
1285
1286         Reviewed by Anders Carlsson.
1287
1288         * assembler/ARMv7Assembler.h:
1289         (JSC::ARMv7Assembler::ldrh):
1290
1291 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
1292
1293         [Win] Unreviewed gardening, skip failing tests.
1294
1295         * tests/exceptionFuzz.yaml: Skip exception fuzz tests due to bug140928.
1296         * tests/mozilla/mozilla-tests.yaml: Skip ecma/Date/15.9.5.28-1.js due to bug140927.
1297
1298 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
1299
1300         [Win] Enable JSC stress tests by default
1301         https://bugs.webkit.org/show_bug.cgi?id=128307
1302
1303         Unreviewed typo fix after r179165.
1304
1305         * tests/mozilla/mozilla-tests.yaml:
1306
1307 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
1308
1309         [Win] Enable JSC stress tests by default
1310         https://bugs.webkit.org/show_bug.cgi?id=128307
1311
1312         Reviewed by Brent Fulgham.
1313
1314         * tests/mozilla/mozilla-tests.yaml: Skipped on Windows.
1315         * tests/stress/ftl-arithcos.js: Skipped on Windows.
1316
1317 2015-01-26  Ryosuke Niwa  <rniwa@webkit.org>
1318
1319         Parse a function expression as a primary expression
1320         https://bugs.webkit.org/show_bug.cgi?id=140908
1321
1322         Reviewed by Mark Lam.
1323
1324         Moved the code to generate an AST node for a function expression from parseMemberExpression
1325         to parsePrimaryExpression to match the ES6 specification terminology:
1326         https://people.mozilla.org/~jorendorff/es6-draft.html#sec-primary-expression
1327
1328         There should be no behavior change from this change since parsePrimaryExpression is only
1329         called in parseMemberExpression other than the fact failIfStackOverflow() is called.
1330
1331         * parser/Parser.cpp:
1332         (JSC::Parser<LexerType>::parsePrimaryExpression):
1333         (JSC::Parser<LexerType>::parseMemberExpression):
1334
1335 2015-01-26  Myles C. Maxfield  <mmaxfield@apple.com>
1336
1337         [iOS] [SVG -> OTF Converter] Flip the switch off on iOS
1338         https://bugs.webkit.org/show_bug.cgi?id=140860
1339
1340         Reviewed by Darin Adler.
1341
1342         The fonts it makes are grotesque. (See what I did there? Typographic
1343         humor is the best humor.)
1344
1345         * Configurations/FeatureDefines.xcconfig:
1346
1347 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
1348
1349         Web Inspector: Rename InjectedScriptHost::type to subtype
1350         https://bugs.webkit.org/show_bug.cgi?id=140841
1351
1352         Reviewed by Timothy Hatcher.
1353
1354         We were using this to set the subtype of an "object" type RemoteObject
1355         so we should clean up the name and call it subtype.
1356
1357         * inspector/InjectedScriptHost.h:
1358         * inspector/InjectedScriptSource.js:
1359         * inspector/JSInjectedScriptHost.cpp:
1360         (Inspector::JSInjectedScriptHost::subtype):
1361         (Inspector::JSInjectedScriptHost::type): Deleted.
1362         * inspector/JSInjectedScriptHost.h:
1363         * inspector/JSInjectedScriptHostPrototype.cpp:
1364         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
1365         (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
1366         (Inspector::jsInjectedScriptHostPrototypeFunctionType): Deleted.
1367
1368 2015-01-23  Michael Saboff  <msaboff@apple.com>
1369
1370         LayoutTests/js/script-tests/reentrant-caching.js crashing on 32 bit builds
1371         https://bugs.webkit.org/show_bug.cgi?id=140843
1372
1373         Reviewed by Oliver Hunt.
1374
1375         When we are in vmEntryToJavaScript, we keep the stack pointer at an
1376         alignment sutiable for pointing to a call frame header, which is the
1377         alignment post making a call.  We adjust the sp when calling to JS code,
1378         but don't adjust it before calling the out of stack handler.
1379
1380         * llint/LowLevelInterpreter32_64.asm:
1381         Moved stack point down 8 bytes to get it aligned.
1382
1383 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
1384
1385         Web Inspector: Object Previews in the Console
1386         https://bugs.webkit.org/show_bug.cgi?id=129204
1387
1388         Reviewed by Timothy Hatcher.
1389
1390         Update the very old, unused object preview code. Part of this comes from
1391         the earlier WebKit legacy implementation, and the Blink implementation.
1392
1393         A RemoteObject may include a preview, if it is asked for, and if the
1394         RemoteObject is an object. Previews are a shallow (single level) list
1395         of a limited number of properties on the object. The previewed
1396         properties are always stringified (even if primatives). Previews are
1397         limited to just 5 properties or 100 indices. Previews are marked
1398         as lossless if they are a complete snapshot of the object.
1399
1400         There is a path to make previews two levels deep, that is currently
1401         unused but should soon be used for tables (e.g. IndexedDB).
1402
1403         * inspector/InjectedScriptSource.js:
1404         - Move some code off of InjectedScript to be generic functions
1405         usable by RemoteObject as well.
1406         - Update preview generation to use 
1407
1408         * inspector/protocol/Runtime.json:
1409         - Add a new type, "accessor" for preview objects. This represents
1410         a getter / setter. We currently don't get the value.
1411
1412 2015-01-23  Michael Saboff  <msaboff@apple.com>
1413
1414         Immediate crash when setting JS breakpoint
1415         https://bugs.webkit.org/show_bug.cgi?id=140811
1416
1417         Reviewed by Mark Lam.
1418
1419         When the DFG stack layout phase doesn't allocate a register for the scope register,
1420         it incorrectly sets the scope register in the code block to a bad value, one with
1421         an offset of 0.  Changed it so that we set the code block's scope register to the 
1422         invalid VirtualRegister instead.
1423
1424         No tests needed as adding the ASSERT in setScopeRegister() was used to find the bug.
1425         We crash with that ASSERT in testapi and likely many other tests as well.
1426
1427         * bytecode/CodeBlock.cpp:
1428         (JSC::CodeBlock::CodeBlock):
1429         * bytecode/CodeBlock.h:
1430         (JSC::CodeBlock::setScopeRegister):
1431         (JSC::CodeBlock::scopeRegister):
1432         Added ASSERTs to catch any future improper setting of the code block's scope register.
1433
1434         * dfg/DFGStackLayoutPhase.cpp:
1435         (JSC::DFG::StackLayoutPhase::run):
1436
1437 2015-01-22  Mark Hahnenberg  <mhahnenb@gmail.com>
1438
1439         EdenCollections unnecessarily visit SmallStrings
1440         https://bugs.webkit.org/show_bug.cgi?id=140762
1441
1442         Reviewed by Geoffrey Garen.
1443
1444         * heap/Heap.cpp:
1445         (JSC::Heap::copyBackingStores): Also added a GCPhase for copying
1446         backing stores, which is a significant portion of garbage collection.
1447         (JSC::Heap::visitSmallStrings): Check to see if we need to visit
1448         SmallStrings based on the collection type.
1449         * runtime/SmallStrings.cpp:
1450         (JSC::SmallStrings::SmallStrings):
1451         (JSC::SmallStrings::visitStrongReferences): Set the fact that we have
1452         visited the SmallStrings since the last modification.
1453         * runtime/SmallStrings.h:
1454         (JSC::SmallStrings::needsToBeVisited): If we're doing a
1455         FullCollection, we need to visit. Otherwise, it depends on whether
1456         we've been visited since the last modification/allocation.
1457
1458 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
1459
1460         Add a build flag for ES6 class syntax
1461         https://bugs.webkit.org/show_bug.cgi?id=140760
1462
1463         Reviewed by Michael Saboff.
1464
1465         Added ES6_CLASS_SYNTAX build flag and used it in tokenizer to recognize
1466         "class", "extends", "static" and "super" keywords.
1467
1468         * Configurations/FeatureDefines.xcconfig:
1469         * parser/Keywords.table:
1470         * parser/ParserTokens.h:
1471
1472 2015-01-22  Commit Queue  <commit-queue@webkit.org>
1473
1474         Unreviewed, rolling out r178894.
1475         https://bugs.webkit.org/show_bug.cgi?id=140775
1476
1477         Broke JSC and bindings tests (Requested by ap_ on #webkit).
1478
1479         Reverted changeset:
1480
1481         "put_by_val_direct need to check the property is index or not
1482         for using putDirect / putDirectIndex"
1483         https://bugs.webkit.org/show_bug.cgi?id=140426
1484         http://trac.webkit.org/changeset/178894
1485
1486 2015-01-22  Mark Lam  <mark.lam@apple.com>
1487
1488         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
1489         <https://webkit.org/b/140743>
1490
1491         Reviewed by Oliver Hunt.
1492
1493         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
1494         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
1495         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
1496         for which ever captured variable is at local index 0.  In practice, this turns
1497         out to be the local for the Arguments object.  In this reproduction case in the
1498         bug, the wrong inferred value written there is the boolean true.
1499
1500         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
1501         a check of the local for the Arguments object.  But because that local has a
1502         wrong inferred value, the check always discovers a non-null value and we never
1503         actually create the Arguments object.  Immediately after this, an OSR exit
1504         occurs leaving the Arguments object local uninitialized.  Later on at arguments
1505         tear off, we run into a boolean true where we had expected to find an Arguments
1506         object, which in turn, leads to the crash.
1507
1508         The fix is to:
1509         1. In the case where the resolveModeType is LocalClosureVar, change the
1510            5th operand of op_put_to_scope to be a boolean.  True means that the
1511            local var is watchable.  False means it is not watchable.  We no longer
1512            pass the local index (instead of true) and UINT_MAX (instead of false).
1513
1514            This allows us to express more clearer in the code what that value means,
1515            as well as remove the redundant way of getting the local's identifier.
1516            The identifier is always the one passed in the 2nd operand. 
1517
1518         2. Previously, though intuitively, we know that the watchable variable
1519            identifier should be the same as the one that is passed in operand 2, this
1520            relationship was not clear in the code.  By code analysis, I confirmed that 
1521            the callers of BytecodeGenerator::emitPutToScope() always use the same
1522            identifier for operand 2 and for filling out the ResolveScopeInfo from
1523            which we get the watchable variable identifier later.  I've changed the
1524            code to make this clear now by always using the identifier passed in
1525            operand 2.
1526
1527         3. In the case where the resolveModeType is LocalClosureVar,
1528            initializeCapturedVariable() and emitPutToScope() will now query
1529            hasWatchableVariable() to determine if the local is watchable or not.
1530            Accordingly, we pass the boolean result of hasWatchableVariable() as
1531            operand 5 of op_put_to_scope.
1532
1533         Also added some assertions.
1534
1535         * bytecode/CodeBlock.cpp:
1536         (JSC::CodeBlock::CodeBlock):
1537         * bytecompiler/BytecodeGenerator.cpp:
1538         (JSC::BytecodeGenerator::initializeCapturedVariable):
1539         (JSC::BytecodeGenerator::hasConstant):
1540         (JSC::BytecodeGenerator::emitPutToScope):
1541         * bytecompiler/BytecodeGenerator.h:
1542         (JSC::BytecodeGenerator::hasWatchableVariable):
1543         (JSC::BytecodeGenerator::watchableVariableIdentifier):
1544         (JSC::BytecodeGenerator::watchableVariable): Deleted.
1545
1546 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
1547
1548         PropertyListNode::emitNode duplicates the code to put a constant property
1549         https://bugs.webkit.org/show_bug.cgi?id=140761
1550
1551         Reviewed by Geoffrey Garen.
1552
1553         Extracted PropertyListNode::emitPutConstantProperty to share the code.
1554
1555         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
1556
1557         * bytecompiler/NodesCodegen.cpp:
1558         (JSC::PropertyListNode::emitBytecode):
1559         (JSC::PropertyListNode::emitPutConstantProperty): Added.
1560         * parser/Nodes.h:
1561
1562 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
1563
1564         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
1565         https://bugs.webkit.org/show_bug.cgi?id=140426
1566
1567         Reviewed by Geoffrey Garen.
1568
1569         In the put_by_val_direct operation, we use JSObject::putDirect.
1570         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
1571         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
1572         It forces callers to check the value is index or not explicitly.
1573         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1574
1575         * bytecode/GetByIdStatus.cpp:
1576         (JSC::GetByIdStatus::computeFor):
1577         * bytecode/PutByIdStatus.cpp:
1578         (JSC::PutByIdStatus::computeFor):
1579         * bytecompiler/BytecodeGenerator.cpp:
1580         (JSC::BytecodeGenerator::emitDirectPutById):
1581         * dfg/DFGOperations.cpp:
1582         (JSC::DFG::operationPutByValInternal):
1583         * jit/JITOperations.cpp:
1584         * jit/Repatch.cpp:
1585         (JSC::emitPutTransitionStubAndGetOldStructure):
1586         * jsc.cpp:
1587         * llint/LLIntSlowPaths.cpp:
1588         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1589         * runtime/Arguments.cpp:
1590         (JSC::Arguments::getOwnPropertySlot):
1591         (JSC::Arguments::put):
1592         (JSC::Arguments::deleteProperty):
1593         (JSC::Arguments::defineOwnProperty):
1594         * runtime/ArrayPrototype.cpp:
1595         (JSC::arrayProtoFuncSort):
1596         * runtime/JSArray.cpp:
1597         (JSC::JSArray::defineOwnProperty):
1598         * runtime/JSCJSValue.cpp:
1599         (JSC::JSValue::putToPrimitive):
1600         * runtime/JSGenericTypedArrayViewInlines.h:
1601         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
1602         (JSC::JSGenericTypedArrayView<Adaptor>::put):
1603         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
1604         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
1605         * runtime/JSObject.cpp:
1606         (JSC::JSObject::put):
1607         (JSC::JSObject::putDirectAccessor):
1608         (JSC::JSObject::putDirectCustomAccessor):
1609         (JSC::JSObject::deleteProperty):
1610         (JSC::JSObject::putDirectMayBeIndex):
1611         (JSC::JSObject::defineOwnProperty):
1612         * runtime/JSObject.h:
1613         (JSC::JSObject::getOwnPropertySlot):
1614         (JSC::JSObject::getPropertySlot):
1615         (JSC::JSObject::putDirectInternal):
1616         * runtime/JSString.cpp:
1617         (JSC::JSString::getStringPropertyDescriptor):
1618         * runtime/JSString.h:
1619         (JSC::JSString::getStringPropertySlot):
1620         * runtime/LiteralParser.cpp:
1621         (JSC::LiteralParser<CharType>::parse):
1622         * runtime/PropertyName.h:
1623         (JSC::toUInt32FromCharacters):
1624         (JSC::toUInt32FromStringImpl):
1625         (JSC::PropertyName::asIndex):
1626         * runtime/PropertyNameArray.cpp:
1627         (JSC::PropertyNameArray::add):
1628         * runtime/StringObject.cpp:
1629         (JSC::StringObject::deleteProperty):
1630         * runtime/Structure.cpp:
1631         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1632
1633 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1634
1635         Consolidate out arguments of parseFunctionInfo into a struct
1636         https://bugs.webkit.org/show_bug.cgi?id=140754
1637
1638         Reviewed by Oliver Hunt.
1639
1640         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
1641
1642         * JavaScriptCore.xcodeproj/project.pbxproj:
1643         * parser/ASTBuilder.h:
1644         (JSC::ASTBuilder::createFunctionExpr):
1645         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
1646         ParserFunctionInfo since the property name and the function name could differ.
1647         (JSC::ASTBuilder::createFuncDeclStatement):
1648         * parser/Parser.cpp:
1649         (JSC::Parser<LexerType>::parseFunctionInfo):
1650         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1651         (JSC::Parser<LexerType>::parseProperty):
1652         (JSC::Parser<LexerType>::parseMemberExpression):
1653         * parser/Parser.h:
1654         * parser/ParserFunctionInfo.h: Added.
1655         * parser/SyntaxChecker.h:
1656         (JSC::SyntaxChecker::createFunctionExpr):
1657         (JSC::SyntaxChecker::createFuncDeclStatement):
1658         (JSC::SyntaxChecker::createClassDeclStatement):
1659         (JSC::SyntaxChecker::createGetterOrSetterProperty):
1660
1661 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
1662
1663         Change Heap::m_compiledCode to use a Vector
1664         https://bugs.webkit.org/show_bug.cgi?id=140717
1665
1666         Reviewed by Andreas Kling.
1667
1668         Right now it's a DoublyLinkedList, which is iterated during each
1669         collection. This contributes to some of the longish Eden pause times.
1670         A Vector would be more appropriate and would also allow ExecutableBase
1671         to be 2 pointers smaller.
1672
1673         * heap/Heap.cpp:
1674         (JSC::Heap::deleteAllCompiledCode):
1675         (JSC::Heap::deleteAllUnlinkedFunctionCode):
1676         (JSC::Heap::clearUnmarkedExecutables):
1677         * heap/Heap.h:
1678         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
1679
1680 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
1681
1682         BytecodeGenerator shouldn't expose all of its member variables
1683         https://bugs.webkit.org/show_bug.cgi?id=140752
1684
1685         Reviewed by Mark Lam.
1686
1687         Added "private:" and removed unused data members as detected by clang.
1688
1689         * bytecompiler/BytecodeGenerator.cpp:
1690         (JSC::BytecodeGenerator::BytecodeGenerator):
1691         * bytecompiler/BytecodeGenerator.h:
1692         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
1693         * bytecompiler/NodesCodegen.cpp:
1694         (JSC::BinaryOpNode::emitBytecode):
1695
1696 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
1697
1698         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
1699         https://bugs.webkit.org/show_bug.cgi?id=140746
1700
1701         Reviewed by Timothy Hatcher.
1702
1703         * inspector/InjectedScriptSource.js:
1704         Do not add impure properties to the descriptor object that will
1705         eventually be sent to the frontend.
1706
1707 2015-01-21  Matthew Mirman  <mmirman@apple.com>
1708
1709         Updated split such that it does not include the empty end of input string match.
1710         https://bugs.webkit.org/show_bug.cgi?id=138129
1711         <rdar://problem/18807403>
1712
1713         Reviewed by Filip Pizlo.
1714
1715         * runtime/StringPrototype.cpp:
1716         (JSC::stringProtoFuncSplit):
1717         * tests/stress/empty_eos_regex_split.js: Added.
1718
1719 2015-01-21  Michael Saboff  <msaboff@apple.com>
1720
1721         Eliminate Scope slot from JavaScript CallFrame
1722         https://bugs.webkit.org/show_bug.cgi?id=136724
1723
1724         Reviewed by Geoffrey Garen.
1725
1726         This finishes the removal of the scope chain slot from the call frame header.
1727
1728         * dfg/DFGOSRExitCompilerCommon.cpp:
1729         (JSC::DFG::reifyInlinedCallFrames):
1730         * dfg/DFGPreciseLocalClobberize.h:
1731         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
1732         * dfg/DFGSpeculativeJIT32_64.cpp:
1733         (JSC::DFG::SpeculativeJIT::emitCall):
1734         * dfg/DFGSpeculativeJIT64.cpp:
1735         (JSC::DFG::SpeculativeJIT::emitCall):
1736         * ftl/FTLJSCall.cpp:
1737         (JSC::FTL::JSCall::emit):
1738         * ftl/FTLLowerDFGToLLVM.cpp:
1739         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1740         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
1741         * interpreter/JSStack.h:
1742         * interpreter/VMInspector.cpp:
1743         (JSC::VMInspector::dumpFrame):
1744         * jit/JITCall.cpp:
1745         (JSC::JIT::compileOpCall):
1746         * jit/JITCall32_64.cpp:
1747         (JSC::JIT::compileOpCall):
1748         * jit/JITOpcodes32_64.cpp:
1749         (JSC::JIT::privateCompileCTINativeCall):
1750         * jit/Repatch.cpp:
1751         (JSC::generateByIdStub):
1752         (JSC::linkClosureCall):
1753         * jit/ThunkGenerators.cpp:
1754         (JSC::virtualForThunkGenerator):
1755         (JSC::nativeForGenerator):
1756         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
1757         read or set.  In most cases this was where we make JS calls.
1758
1759         * interpreter/CallFrameClosure.h:
1760         (JSC::CallFrameClosure::setArgument):
1761         (JSC::CallFrameClosure::resetCallFrame): Deleted.
1762         * interpreter/Interpreter.cpp:
1763         (JSC::Interpreter::execute):
1764         (JSC::Interpreter::executeCall):
1765         (JSC::Interpreter::executeConstruct):
1766         (JSC::Interpreter::prepareForRepeatCall):
1767         * interpreter/ProtoCallFrame.cpp:
1768         (JSC::ProtoCallFrame::init):
1769         * interpreter/ProtoCallFrame.h:
1770         (JSC::ProtoCallFrame::scope): Deleted.
1771         (JSC::ProtoCallFrame::setScope): Deleted.
1772         * llint/LLIntData.cpp:
1773         (JSC::LLInt::Data::performAssertions):
1774         * llint/LowLevelInterpreter.asm:
1775         * llint/LowLevelInterpreter64.asm:
1776         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
1777         registers that needed to be copied from the ProtoCallFrame to a callee's frame
1778         from 5 to 4.
1779
1780         * llint/LowLevelInterpreter32_64.asm:
1781         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
1782
1783 2015-01-21  Michael Saboff  <msaboff@apple.com>
1784
1785         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
1786         https://bugs.webkit.org/show_bug.cgi?id=140708
1787
1788         Reviewed by Mark Lam.
1789
1790         Eliminated construct methods and change getConstructData() for both classes to return
1791         ConstructTypeNone as they can never be called.
1792
1793         * runtime/NullGetterFunction.cpp:
1794         (JSC::NullGetterFunction::getConstructData):
1795         (JSC::constructReturnUndefined): Deleted.
1796         * runtime/NullSetterFunction.cpp:
1797         (JSC::NullSetterFunction::getConstructData):
1798         (JSC::constructReturnUndefined): Deleted.
1799
1800 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
1801
1802         Remove ENABLE(INSPECTOR) ifdef guards
1803         https://bugs.webkit.org/show_bug.cgi?id=140668
1804
1805         Reviewed by Darin Adler.
1806
1807         * Configurations/FeatureDefines.xcconfig:
1808         * bindings/ScriptValue.cpp:
1809         (Deprecated::ScriptValue::toInspectorValue):
1810         * bindings/ScriptValue.h:
1811         * inspector/ConsoleMessage.cpp:
1812         * inspector/ConsoleMessage.h:
1813         * inspector/ContentSearchUtilities.cpp:
1814         * inspector/ContentSearchUtilities.h:
1815         * inspector/IdentifiersFactory.cpp:
1816         * inspector/IdentifiersFactory.h:
1817         * inspector/InjectedScript.cpp:
1818         * inspector/InjectedScript.h:
1819         * inspector/InjectedScriptBase.cpp:
1820         * inspector/InjectedScriptBase.h:
1821         * inspector/InjectedScriptHost.cpp:
1822         * inspector/InjectedScriptHost.h:
1823         * inspector/InjectedScriptManager.cpp:
1824         * inspector/InjectedScriptManager.h:
1825         * inspector/InjectedScriptModule.cpp:
1826         * inspector/InjectedScriptModule.h:
1827         * inspector/InspectorAgentRegistry.cpp:
1828         * inspector/InspectorBackendDispatcher.cpp:
1829         * inspector/InspectorBackendDispatcher.h:
1830         * inspector/InspectorProtocolTypes.h:
1831         * inspector/JSGlobalObjectConsoleClient.cpp:
1832         * inspector/JSGlobalObjectInspectorController.cpp:
1833         * inspector/JSGlobalObjectInspectorController.h:
1834         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1835         * inspector/JSGlobalObjectScriptDebugServer.h:
1836         * inspector/JSInjectedScriptHost.cpp:
1837         * inspector/JSInjectedScriptHost.h:
1838         * inspector/JSInjectedScriptHostPrototype.cpp:
1839         * inspector/JSInjectedScriptHostPrototype.h:
1840         * inspector/JSJavaScriptCallFrame.cpp:
1841         * inspector/JSJavaScriptCallFrame.h:
1842         * inspector/JSJavaScriptCallFramePrototype.cpp:
1843         * inspector/JSJavaScriptCallFramePrototype.h:
1844         * inspector/JavaScriptCallFrame.cpp:
1845         * inspector/JavaScriptCallFrame.h:
1846         * inspector/ScriptCallFrame.cpp:
1847         (Inspector::ScriptCallFrame::buildInspectorObject):
1848         * inspector/ScriptCallFrame.h:
1849         * inspector/ScriptCallStack.cpp:
1850         (Inspector::ScriptCallStack::buildInspectorArray):
1851         * inspector/ScriptCallStack.h:
1852         * inspector/ScriptDebugServer.cpp:
1853         * inspector/agents/InspectorAgent.cpp:
1854         * inspector/agents/InspectorAgent.h:
1855         * inspector/agents/InspectorConsoleAgent.cpp:
1856         * inspector/agents/InspectorConsoleAgent.h:
1857         * inspector/agents/InspectorDebuggerAgent.cpp:
1858         * inspector/agents/InspectorDebuggerAgent.h:
1859         * inspector/agents/InspectorRuntimeAgent.cpp:
1860         * inspector/agents/InspectorRuntimeAgent.h:
1861         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
1862         * inspector/agents/JSGlobalObjectConsoleAgent.h:
1863         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1864         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
1865         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
1866         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
1867         * inspector/scripts/codegen/cpp_generator_templates.py:
1868         (CppGeneratorTemplates):
1869         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1870         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1871         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1872         * inspector/scripts/tests/expected/enum-values.json-result:
1873         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1874         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1875         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1876         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1877         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1878         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1879         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1880         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1881         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1882         * runtime/TypeSet.cpp:
1883         (JSC::TypeSet::inspectorTypeSet):
1884         (JSC::StructureShape::inspectorRepresentation):
1885
1886 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1887
1888         Web Inspector: Clean up InjectedScriptSource.js
1889         https://bugs.webkit.org/show_bug.cgi?id=140709
1890
1891         Reviewed by Timothy Hatcher.
1892
1893         This patch includes some relevant Blink patches and small changes.
1894         
1895         Patch by <aandrey@chromium.org>
1896         DevTools: Remove console last result $_ on console clear.
1897         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
1898
1899         Patch by <eustas@chromium.org>
1900         [Inspect DOM properties] incorrect CSS Selector Syntax
1901         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
1902
1903         * inspector/InjectedScriptSource.js:
1904
1905 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1906
1907         Web Inspector: Cleanup RuntimeAgent a bit
1908         https://bugs.webkit.org/show_bug.cgi?id=140706
1909
1910         Reviewed by Timothy Hatcher.
1911
1912         * inspector/InjectedScript.h:
1913         * inspector/InspectorBackendDispatcher.h:
1914         * inspector/ScriptCallFrame.cpp:
1915         * inspector/agents/InspectorRuntimeAgent.cpp:
1916         (Inspector::InspectorRuntimeAgent::evaluate):
1917         (Inspector::InspectorRuntimeAgent::getProperties):
1918         (Inspector::InspectorRuntimeAgent::run):
1919         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1920         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1921         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
1922
1923 2015-01-20  Matthew Mirman  <mmirman@apple.com>
1924
1925         Made Identity in the DFG allocate a new temp register and move 
1926         the old data to it.
1927         https://bugs.webkit.org/show_bug.cgi?id=140700
1928         <rdar://problem/19339106>
1929
1930         Reviewed by Filip Pizlo.
1931
1932         * dfg/DFGSpeculativeJIT64.cpp:
1933         (JSC::DFG::SpeculativeJIT::compile): 
1934         Added scratch registers for Identity. 
1935         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
1936
1937 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1938
1939         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
1940         https://bugs.webkit.org/show_bug.cgi?id=137306
1941
1942         Reviewed by Timothy Hatcher.
1943
1944         Provide another optional parameter to getProperties, to gather a list
1945         of all own and getter properties.
1946
1947         * inspector/InjectedScript.cpp:
1948         (Inspector::InjectedScript::getProperties):
1949         * inspector/InjectedScript.h:
1950         * inspector/InjectedScriptSource.js:
1951         * inspector/agents/InspectorRuntimeAgent.cpp:
1952         (Inspector::InspectorRuntimeAgent::getProperties):
1953         * inspector/agents/InspectorRuntimeAgent.h:
1954         * inspector/protocol/Runtime.json:
1955
1956 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
1957
1958         Web Inspector: Should show dynamic specificity values
1959         https://bugs.webkit.org/show_bug.cgi?id=140647
1960
1961         Reviewed by Benjamin Poulain.
1962
1963         * inspector/protocol/CSS.json:
1964         Clarify CSSSelector optional values and add "dynamic" property indicating
1965         if the selector can be dynamic based on the element it is matched against.
1966
1967 2015-01-20  Commit Queue  <commit-queue@webkit.org>
1968
1969         Unreviewed, rolling out r178751.
1970         https://bugs.webkit.org/show_bug.cgi?id=140694
1971
1972         Caused 32-bit JSC test failures (Requested by JoePeck on
1973         #webkit).
1974
1975         Reverted changeset:
1976
1977         "put_by_val_direct need to check the property is index or not
1978         for using putDirect / putDirectIndex"
1979         https://bugs.webkit.org/show_bug.cgi?id=140426
1980         http://trac.webkit.org/changeset/178751
1981
1982 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
1983
1984         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
1985         https://bugs.webkit.org/show_bug.cgi?id=140426
1986
1987         Reviewed by Geoffrey Garen.
1988
1989         In the put_by_val_direct operation, we use JSObject::putDirect.
1990         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
1991         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
1992         It forces callers to check the value is index or not explicitly.
1993         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
1994
1995         * bytecode/GetByIdStatus.cpp:
1996         (JSC::GetByIdStatus::computeFor):
1997         * bytecode/PutByIdStatus.cpp:
1998         (JSC::PutByIdStatus::computeFor):
1999         * bytecompiler/BytecodeGenerator.cpp:
2000         (JSC::BytecodeGenerator::emitDirectPutById):
2001         * dfg/DFGOperations.cpp:
2002         (JSC::DFG::operationPutByValInternal):
2003         * jit/JITOperations.cpp:
2004         * jit/Repatch.cpp:
2005         (JSC::emitPutTransitionStubAndGetOldStructure):
2006         * jsc.cpp:
2007         * llint/LLIntSlowPaths.cpp:
2008         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2009         * runtime/Arguments.cpp:
2010         (JSC::Arguments::getOwnPropertySlot):
2011         (JSC::Arguments::put):
2012         (JSC::Arguments::deleteProperty):
2013         (JSC::Arguments::defineOwnProperty):
2014         * runtime/ArrayPrototype.cpp:
2015         (JSC::arrayProtoFuncSort):
2016         * runtime/JSArray.cpp:
2017         (JSC::JSArray::defineOwnProperty):
2018         * runtime/JSCJSValue.cpp:
2019         (JSC::JSValue::putToPrimitive):
2020         * runtime/JSGenericTypedArrayViewInlines.h:
2021         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
2022         (JSC::JSGenericTypedArrayView<Adaptor>::put):
2023         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
2024         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
2025         * runtime/JSObject.cpp:
2026         (JSC::JSObject::put):
2027         (JSC::JSObject::putDirectAccessor):
2028         (JSC::JSObject::putDirectCustomAccessor):
2029         (JSC::JSObject::deleteProperty):
2030         (JSC::JSObject::putDirectMayBeIndex):
2031         (JSC::JSObject::defineOwnProperty):
2032         * runtime/JSObject.h:
2033         (JSC::JSObject::getOwnPropertySlot):
2034         (JSC::JSObject::getPropertySlot):
2035         (JSC::JSObject::putDirectInternal):
2036         * runtime/JSString.cpp:
2037         (JSC::JSString::getStringPropertyDescriptor):
2038         * runtime/JSString.h:
2039         (JSC::JSString::getStringPropertySlot):
2040         * runtime/LiteralParser.cpp:
2041         (JSC::LiteralParser<CharType>::parse):
2042         * runtime/PropertyName.h:
2043         (JSC::toUInt32FromCharacters):
2044         (JSC::toUInt32FromStringImpl):
2045         (JSC::PropertyName::asIndex):
2046         * runtime/PropertyNameArray.cpp:
2047         (JSC::PropertyNameArray::add):
2048         * runtime/StringObject.cpp:
2049         (JSC::StringObject::deleteProperty):
2050         * runtime/Structure.cpp:
2051         (JSC::Structure::prototypeChainMayInterceptStoreTo):
2052
2053 2015-01-20  Michael Saboff  <msaboff@apple.com>
2054
2055         REGRESSION(178696): Sporadic crashes while garbage collecting
2056         https://bugs.webkit.org/show_bug.cgi?id=140688
2057
2058         Reviewed by Geoffrey Garen.
2059
2060         Added missing visitor.append(&thisObject->m_nullSetterFunction).
2061
2062         * runtime/JSGlobalObject.cpp:
2063         (JSC::JSGlobalObject::visitChildren):
2064
2065 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
2066
2067         Web Replay: code generator should take supplemental specifications and allow cross-framework references
2068         https://bugs.webkit.org/show_bug.cgi?id=136312
2069
2070         Reviewed by Joseph Pecoraro.
2071
2072         Some types are shared between replay inputs from different frameworks.
2073         Previously, these type declarations were duplicated in every input
2074         specification file in which they were used. This caused some type encoding
2075         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
2076
2077         This patch teaches the replay inputs code generator to accept multiple
2078         input specification files. Inputs can freely reference types from other
2079         frameworks without duplicating declarations.
2080
2081         On the code generation side, the model could contain types and inputs from
2082         frameworks that are not the target framework. Only generate code for the
2083         target framework.
2084
2085         To properly generate cross-framework type encoding traits, use
2086         Type.encoding_type_argument in more places, and add the export macro for WebCore
2087         and the Test framework.
2088
2089         Adjust some tests so that enum coverage is preserved by moving the enum types
2090         into "Test" (the target framework for tests).
2091
2092         * JavaScriptCore.vcxproj/copy-files.cmd:
2093         For Windows, copy over JSInputs.json as if it were a private header.
2094
2095         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
2096         * replay/JSInputs.json:
2097         Put all primitive types and WTF types in this specification file.
2098
2099         * replay/scripts/CodeGeneratorReplayInputs.py:
2100         (Input.__init__):
2101         (InputsModel.__init__): Keep track of the input's framework.
2102         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
2103         and allow either types or inputs to be missing from a single file.
2104
2105         (InputsModel.parse_type_with_framework):
2106         (InputsModel.parse_input_with_framework):
2107         (Generator.should_generate_item): Added helper method.
2108         (Generator.generate_header): Filter inputs to generate.
2109         (Generator.generate_implementation): Filter inputs to generate.
2110         (Generator.generate_enum_trait_declaration): Filter enums to generate.
2111         Add WEBCORE_EXPORT macro to enum encoding traits.
2112
2113         (Generator.generate_for_each_macro): Filter inputs to generate.
2114         (Generator.generate_enum_trait_implementation): Filter enums to generate.
2115         (generate_from_specifications): Added.
2116         (generate_from_specifications.parse_json_from_file):
2117         (InputsModel.parse_toplevel): Deleted.
2118         (InputsModel.parse_type_with_framework_name): Deleted.
2119         (InputsModel.parse_input): Deleted.
2120         (generate_from_specification): Deleted.
2121         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
2122         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
2123         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
2124         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
2125         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
2126         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
2127         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
2128         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
2129         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
2130         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
2131         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
2132         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
2133         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
2134         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
2135         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
2136         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
2137         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
2138         * replay/scripts/tests/fail-on-duplicate-input-names.json:
2139         * replay/scripts/tests/fail-on-duplicate-type-names.json:
2140         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
2141         * replay/scripts/tests/fail-on-missing-input-member-name.json:
2142         * replay/scripts/tests/fail-on-missing-input-name.json:
2143         * replay/scripts/tests/fail-on-missing-input-queue.json:
2144         * replay/scripts/tests/fail-on-missing-type-mode.json:
2145         * replay/scripts/tests/fail-on-missing-type-name.json:
2146         * replay/scripts/tests/fail-on-no-inputs.json:
2147         Removed, no longer required to be in a single file.
2148
2149         * replay/scripts/tests/fail-on-no-types.json:
2150         Removed, no longer required to be in a single file.
2151
2152         * replay/scripts/tests/fail-on-unknown-input-queue.json:
2153         * replay/scripts/tests/fail-on-unknown-member-type.json:
2154         * replay/scripts/tests/fail-on-unknown-type-mode.json:
2155         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
2156         * replay/scripts/tests/generate-enum-encoding-helpers.json:
2157         * replay/scripts/tests/generate-enum-with-guard.json:
2158         Include enums that are and are not generated.
2159
2160         * replay/scripts/tests/generate-enums-with-same-base-name.json:
2161         * replay/scripts/tests/generate-event-loop-shape-types.json:
2162         * replay/scripts/tests/generate-input-with-guard.json:
2163         * replay/scripts/tests/generate-input-with-vector-members.json:
2164         * replay/scripts/tests/generate-inputs-with-flags.json:
2165         * replay/scripts/tests/generate-memoized-type-modes.json:
2166
2167 2015-01-20  Tomas Popela  <tpopela@redhat.com>
2168
2169         [GTK] Cannot compile 2.7.3 on PowerPC machines
2170         https://bugs.webkit.org/show_bug.cgi?id=140616
2171
2172         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
2173
2174         Reviewed by Csaba Osztrogonác.
2175
2176         * runtime/BasicBlockLocation.cpp:
2177
2178 2015-01-19  Michael Saboff  <msaboff@apple.com>
2179
2180         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
2181         https://bugs.webkit.org/show_bug.cgi?id=139418
2182
2183         Reviewed by Filip Pizlo.
2184
2185         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
2186         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
2187
2188         * CMakeLists.txt:
2189         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2190         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2191         * JavaScriptCore.xcodeproj/project.pbxproj:
2192         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
2193
2194         * runtime/GetterSetter.h:
2195         (JSC::GetterSetter::GetterSetter):
2196         (JSC::GetterSetter::isSetterNull):
2197         (JSC::GetterSetter::setSetter):
2198         Change setter instances from using NullGetterFunction to using NullSetterFunction.
2199
2200         * runtime/JSGlobalObject.cpp:
2201         (JSC::JSGlobalObject::init):
2202         * runtime/JSGlobalObject.h:
2203         (JSC::JSGlobalObject::nullSetterFunction):
2204         Added m_nullSetterFunction and accessor.
2205
2206         * runtime/NullSetterFunction.cpp: Added.
2207         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
2208         (JSC::GetCallerStrictnessFunctor::operator()):
2209         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
2210         (JSC::callerIsStrict):
2211         Method to determine if the caller is in strict mode.
2212
2213         (JSC::callReturnUndefined):
2214         (JSC::constructReturnUndefined):
2215         (JSC::NullSetterFunction::getCallData):
2216         (JSC::NullSetterFunction::getConstructData):
2217         * runtime/NullSetterFunction.h: Added.
2218         (JSC::NullSetterFunction::create):
2219         (JSC::NullSetterFunction::createStructure):
2220         (JSC::NullSetterFunction::NullSetterFunction):
2221         Class with handlers for a null setter.
2222
2223 2015-01-19  Saam Barati  <saambarati1@gmail.com>
2224
2225         Web Inspector: Provide a front end for JSC's Control Flow Profiler
2226         https://bugs.webkit.org/show_bug.cgi?id=138454
2227
2228         Reviewed by Timothy Hatcher.
2229
2230         This patch puts the final touches on what JSC needs to provide
2231         for the Web Inspector to show a UI for the control flow profiler.
2232
2233         * inspector/agents/InspectorRuntimeAgent.cpp:
2234         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2235         * runtime/ControlFlowProfiler.cpp:
2236         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
2237         * runtime/FunctionHasExecutedCache.cpp:
2238         (JSC::FunctionHasExecutedCache::getFunctionRanges):
2239         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
2240         * runtime/FunctionHasExecutedCache.h:
2241
2242 2015-01-19  David Kilzer  <ddkilzer@apple.com>
2243
2244         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
2245         <http://webkit.org/b/140658>
2246
2247         Reviewed by Filip Pizlo.
2248
2249         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
2250         only when building for 64-bit architectures.
2251
2252 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
2253
2254         ClosureCallStubRoutine no longer needs codeOrigin
2255         https://bugs.webkit.org/show_bug.cgi?id=140659
2256
2257         Reviewed by Michael Saboff.
2258         
2259         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
2260         would start with the CodeBlock according to the caller frame's call frame header. But if the
2261         call was a closure call, the return PC would be inside some closure call stub. So if the
2262         CodeBlock search failed, we would search *all* closure call stub routines to see which one
2263         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
2264         object. This was all a bunch of madness, and we actually got rid of it - we now determine
2265         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
2266         argument count.
2267         
2268         This patch removes the final vestiges of the madness:
2269         
2270         - Remove the totally unused method declaration for the thing that did the closure call stub
2271           search.
2272         
2273         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
2274           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
2275           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
2276           anymore.
2277
2278         * bytecode/CodeBlock.h:
2279         * jit/ClosureCallStubRoutine.cpp:
2280         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
2281         * jit/ClosureCallStubRoutine.h:
2282         (JSC::ClosureCallStubRoutine::executable):
2283         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
2284         * jit/Repatch.cpp:
2285         (JSC::linkClosureCall):
2286
2287 2015-01-19  Saam Barati  <saambarati1@gmail.com>
2288
2289         Basic block start offsets should never be larger than end offsets in the control flow profiler
2290         https://bugs.webkit.org/show_bug.cgi?id=140377
2291
2292         Reviewed by Filip Pizlo.
2293
2294         The bytecode generator will emit code more than once for some AST nodes. For instance, 
2295         the finally block of TryNode will emit two code paths for its finally block: one for 
2296         the normal path, and another for the path where an exception is thrown in the catch block. 
2297         
2298         This repeated code emission of the same AST node previously broke how the control 
2299         flow profiler computed text ranges of basic blocks because when the same AST node 
2300         is emitted multiple times, there is a good chance that there are ranges that span 
2301         from the end offset of one of these duplicated nodes back to the start offset of 
2302         the same duplicated node. This caused a basic block range to report a larger start 
2303         offset than end offset. This was incorrect. Now, when this situation is encountered 
2304         while linking a CodeBlock, the faulty range in question is ignored.
2305
2306         * bytecode/CodeBlock.cpp:
2307         (JSC::CodeBlock::CodeBlock):
2308         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
2309         * bytecode/CodeBlock.h:
2310         * bytecompiler/NodesCodegen.cpp:
2311         (JSC::ForInNode::emitMultiLoopBytecode):
2312         (JSC::ForOfNode::emitBytecode):
2313         (JSC::TryNode::emitBytecode):
2314         * parser/Parser.cpp:
2315         (JSC::Parser<LexerType>::parseConditionalExpression):
2316         * runtime/ControlFlowProfiler.cpp:
2317         (JSC::ControlFlowProfiler::ControlFlowProfiler):
2318         * runtime/ControlFlowProfiler.h:
2319         (JSC::ControlFlowProfiler::dummyBasicBlock):
2320
2321 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
2322
2323         [SVG -> OTF Converter] Flip the switch on
2324         https://bugs.webkit.org/show_bug.cgi?id=140592
2325
2326         Reviewed by Antti Koivisto.
2327
2328         * Configurations/FeatureDefines.xcconfig:
2329
2330 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
2331
2332         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
2333         https://bugs.webkit.org/show_bug.cgi?id=140512
2334
2335         Reviewed by Chris Dumez.
2336
2337         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
2338         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
2339         input types, and the type traits macro is defined in namespace WTF.
2340
2341         * replay/NondeterministicInput.h: Make overridden methods public.
2342         * replay/scripts/CodeGeneratorReplayInputs.py:
2343         (Generator.generate_header):
2344         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
2345         (Generator.generate_input_type_trait_declaration): Added.
2346         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
2347         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
2348         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
2349         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
2350         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
2351         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
2352         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
2353         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
2354         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
2355
2356 2015-01-19  Commit Queue  <commit-queue@webkit.org>
2357
2358         Unreviewed, rolling out r178653.
2359         https://bugs.webkit.org/show_bug.cgi?id=140634
2360
2361         Broke multiple SVG tests on Mountain Lion (Requested by ap on
2362         #webkit).
2363
2364         Reverted changeset:
2365
2366         "[SVG -> OTF Converter] Flip the switch on"
2367         https://bugs.webkit.org/show_bug.cgi?id=140592
2368         http://trac.webkit.org/changeset/178653
2369
2370 2015-01-18  Dean Jackson  <dino@apple.com>
2371
2372         ES6: Support Array.of construction
2373         https://bugs.webkit.org/show_bug.cgi?id=140605
2374         <rdar://problem/19513655>
2375
2376         Reviewed by Geoffrey Garen.
2377
2378         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
2379         specification (15 Jan 2015). The Array.of() method creates a new Array
2380         instance with a variable number of arguments, regardless of number or type
2381         of the arguments.
2382
2383         * runtime/ArrayConstructor.cpp:
2384         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
2385         over the arguments, setting them to the appropriate index.
2386
2387 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
2388
2389         [SVG -> OTF Converter] Flip the switch on
2390         https://bugs.webkit.org/show_bug.cgi?id=140592
2391
2392         Reviewed by Antti Koivisto.
2393
2394         * Configurations/FeatureDefines.xcconfig:
2395
2396 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
2397
2398         Web Inspector: highlight data for overlay should use protocol type builders
2399         https://bugs.webkit.org/show_bug.cgi?id=129441
2400
2401         Reviewed by Timothy Hatcher.
2402
2403         Add a new domain for overlay types.
2404
2405         * CMakeLists.txt:
2406         * DerivedSources.make:
2407         * inspector/protocol/OverlayTypes.json: Added.
2408
2409 2015-01-17  Michael Saboff  <msaboff@apple.com>
2410
2411         Crash in JSScope::resolve() on tools.ups.com
2412         https://bugs.webkit.org/show_bug.cgi?id=140579
2413
2414         Reviewed by Geoffrey Garen.
2415
2416         For op_resolve_scope of a global property or variable that needs to check for the var
2417         injection check watchpoint, we need to keep the scope around with a Phantom.  The
2418         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
2419         fired.
2420
2421         * dfg/DFGByteCodeParser.cpp:
2422         (JSC::DFG::ByteCodeParser::parseBlock):
2423
2424 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
2425
2426         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
2427         https://bugs.webkit.org/show_bug.cgi?id=140557
2428
2429         Reviewed by Joseph Pecoraro.
2430
2431         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
2432         This makes it longwinded and confusing to use the type in C++ code.
2433
2434         This patch adds a typedef for array type declarations, so types such as Console::CallStack
2435         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
2436
2437         Some tests were updated to cover array type declarations used as parameters and type members.
2438
2439         * inspector/ScriptCallStack.cpp: Use the new typedef.
2440         (Inspector::ScriptCallStack::buildInspectorArray):
2441         * inspector/ScriptCallStack.h:
2442         * inspector/scripts/codegen/cpp_generator.py:
2443         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
2444         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2445         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
2446         (_generate_typedefs_for_domain.Inspector):
2447         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
2448         (ArrayType.__init__):
2449         (Protocol.resolve_types):
2450         (Protocol.lookup_type_reference):
2451         * inspector/scripts/tests/commands-with-async-attribute.json:
2452         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
2453         * inspector/scripts/tests/events-with-optional-parameters.json:
2454         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2455         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2456         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2457         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2458         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2459         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2460         * inspector/scripts/tests/type-declaration-object-type.json:
2461
2462 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
2463
2464         Web Replay: purge remaining PassRefPtr uses and minor cleanup
2465         https://bugs.webkit.org/show_bug.cgi?id=140456
2466
2467         Reviewed by Andreas Kling.
2468
2469         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
2470         Remove mistaken uses of AtomicString that were not removed as part of r174113.
2471
2472         * replay/EmptyInputCursor.h:
2473         * replay/InputCursor.h:
2474         (JSC::InputCursor::InputCursor):
2475
2476 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
2477
2478         Web Inspector: code generator should fail on duplicate parameter and member names
2479         https://bugs.webkit.org/show_bug.cgi?id=140555
2480
2481         Reviewed by Timothy Hatcher.
2482
2483         * inspector/scripts/codegen/models.py:
2484         (find_duplicates): Add a helper function to find duplicates in a list.
2485         (Protocol.parse_type_declaration):
2486         (Protocol.parse_command):
2487         (Protocol.parse_event):
2488         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
2489         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
2490         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
2491         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
2492         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
2493         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
2494         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
2495         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
2496
2497 2015-01-16  Michael Saboff  <msaboff@apple.com>
2498
2499         REGRESSION (r174226): Header on huffingtonpost.com is too large
2500         https://bugs.webkit.org/show_bug.cgi?id=140306
2501
2502         Reviewed by Filip Pizlo.
2503
2504         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
2505         arguments register or whether we need to resolve "arguments".  If the arguments have
2506         been captured, then they are stored in the lexical environment and the arguments
2507         register is not used.
2508
2509         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
2510         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
2511         better indicate what we are checking.
2512
2513         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
2514         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
2515         incorrectly calculated the location of the reified callee frame.  This alignment resulted
2516         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
2517
2518         * bytecompiler/BytecodeGenerator.cpp:
2519         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
2520         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
2521         (JSC::BytecodeGenerator::emitCall):
2522         (JSC::BytecodeGenerator::emitConstruct):
2523         (JSC::BytecodeGenerator::emitEnumeration):
2524         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
2525         * bytecompiler/BytecodeGenerator.h:
2526         * bytecompiler/NodesCodegen.cpp:
2527         (JSC::BracketAccessorNode::emitBytecode):
2528         (JSC::DotAccessorNode::emitBytecode):
2529         (JSC::getArgumentByVal):
2530         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2531         (JSC::ArrayPatternNode::emitDirectBinding):
2532         * dfg/DFGOSRExitCompilerCommon.cpp:
2533         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
2534         * dfg/DFGOperations.cpp:
2535         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
2536         * dfg/DFGOperations.h:
2537         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
2538
2539 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
2540
2541         Remove ENABLE(SQL_DATABASE) guards
2542         https://bugs.webkit.org/show_bug.cgi?id=140434
2543
2544         Reviewed by Darin Adler.
2545
2546         * CMakeLists.txt:
2547         * Configurations/FeatureDefines.xcconfig:
2548         * DerivedSources.make:
2549         * inspector/protocol/Database.json:
2550
2551 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
2552
2553         Web Inspector and regular console use different source code locations for messages
2554         https://bugs.webkit.org/show_bug.cgi?id=140478
2555
2556         Reviewed by Brian Burg.
2557
2558         * inspector/ConsoleMessage.h: Expose computed source location.
2559
2560         * inspector/agents/InspectorConsoleAgent.cpp:
2561         (Inspector::InspectorConsoleAgent::addMessageToConsole):
2562         (Inspector::InspectorConsoleAgent::stopTiming):
2563         (Inspector::InspectorConsoleAgent::count):
2564         * inspector/agents/InspectorConsoleAgent.h:
2565         addMessageToConsole() now takes a pre-made ConsoleMessage object.
2566
2567         * inspector/JSGlobalObjectConsoleClient.cpp:
2568         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2569         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
2570         * inspector/JSGlobalObjectInspectorController.cpp:
2571         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2572         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
2573         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
2574         Updated for the above changes.
2575
2576 2015-01-15  Mark Lam  <mark.lam@apple.com>
2577
2578         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
2579         <https://webkit.org/b/140093>
2580
2581         Reviewed by Geoffrey Garen.
2582
2583         * interpreter/StackVisitor.cpp:
2584         (JSC::StackVisitor::Frame::createArguments):
2585         - We should not fetching the lexicalEnvironment here.  The reason we've
2586           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
2587           may not be available to us at this point.  Instead, we'll just pass a nullptr.
2588
2589         * runtime/Arguments.cpp:
2590         (JSC::Arguments::tearOffForCloning):
2591         * runtime/Arguments.h:
2592         (JSC::Arguments::finishCreation):
2593         - Use the new tearOffForCloning() to tear off arguments right out of the values
2594           passed on the stack.  tearOff() is not appropriate for this purpose because
2595           it takes slowArgumentsData into account.
2596
2597 2015-01-14  Matthew Mirman  <mmirman@apple.com>
2598
2599         Removed accidental commit of "invalid_array.js" 
2600         http://trac.webkit.org/changeset/178439
2601
2602         * tests/stress/invalid_array.js: Removed.
2603
2604 2015-01-14  Matthew Mirman  <mmirman@apple.com>
2605
2606         Fixes operationPutByIdOptimizes such that they check that the put didn't
2607         change the structure of the object who's property access is being
2608         cached.  Also removes uses of the new base value from the cache generation code.
2609         https://bugs.webkit.org/show_bug.cgi?id=139500
2610
2611         Reviewed by Filip Pizlo.
2612
2613         * jit/JITOperations.cpp:
2614         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2615         (JSC::operationPutByIdNonStrictOptimize): ditto.
2616         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2617         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2618         * jit/Repatch.cpp:
2619         (JSC::generateByIdStub):
2620         (JSC::tryCacheGetByID):
2621         (JSC::tryBuildGetByIDList):
2622         (JSC::emitPutReplaceStub):
2623         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
2624         (JSC::tryCachePutByID):
2625         (JSC::repatchPutByID):
2626         (JSC::tryBuildPutByIdList):
2627         (JSC::tryRepatchIn):
2628         (JSC::emitPutTransitionStub): Deleted.
2629         * jit/Repatch.h:
2630         * llint/LLIntSlowPaths.cpp:
2631         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2632         * runtime/JSPropertyNameEnumerator.h:
2633         (JSC::genericPropertyNameEnumerator):
2634         * runtime/Operations.h:
2635         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
2636         (JSC::normalizePrototypeChain): restructured to not use the base value.
2637         * tests/mozilla/mozilla-tests.yaml:
2638         * tests/stress/proto-setter.js: Added.
2639         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
2640         Added test that fails without this patch.
2641
2642 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
2643
2644         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
2645         https://bugs.webkit.org/show_bug.cgi?id=140404
2646
2647         Reviewed by Timothy Hatcher.
2648
2649         * inspector/protocol/Timeline.json:
2650
2651 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2652
2653         DFG can call PutByValDirect for generic arrays
2654         https://bugs.webkit.org/show_bug.cgi?id=140389
2655
2656         Reviewed by Geoffrey Garen.
2657
2658         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
2659         However, current DFG asserts that put_by_val_direct is not used for the generic array,
2660         the assertion failure is raised.
2661         This patch allow DFG to use put_by_val_direct to generic arrays.
2662
2663         And fix the DFG put_by_val_direct implementation for string properties.
2664         At first, put_by_val_direct is inteded to be used for spread elements.
2665         So the property keys were limited to numbers (indexes).
2666         But now, it's also used for computed properties in object initializers.
2667
2668         * dfg/DFGOperations.cpp:
2669         (JSC::DFG::operationPutByValInternal):
2670         * dfg/DFGSpeculativeJIT64.cpp:
2671         (JSC::DFG::SpeculativeJIT::compile):
2672
2673 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
2674
2675         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
2676         https://bugs.webkit.org/show_bug.cgi?id=140397
2677
2678         Reviewed by Geoffrey Garen.
2679
2680         Patch by Alexey Proskuryakov.
2681
2682         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
2683
2684         No performance change.
2685
2686         No test, since this is a small past-the-end read, which is very
2687         difficult to turn into a reproducible failing test -- and existing tests
2688         crash reliably using ASan.
2689
2690         * bytecompiler/NodesCodegen.cpp:
2691         (JSC::BracketAccessorNode::emitBytecode):
2692         (JSC::DotAccessorNode::emitBytecode):
2693         (JSC::FunctionCallBracketNode::emitBytecode):
2694         (JSC::PostfixNode::emitResolve):
2695         (JSC::DeleteBracketNode::emitBytecode):
2696         (JSC::DeleteDotNode::emitBytecode):
2697         (JSC::PrefixNode::emitResolve):
2698         (JSC::UnaryOpNode::emitBytecode):
2699         (JSC::BitwiseNotNode::emitBytecode):
2700         (JSC::BinaryOpNode::emitBytecode):
2701         (JSC::EqualNode::emitBytecode):
2702         (JSC::StrictEqualNode::emitBytecode):
2703         (JSC::ThrowableBinaryOpNode::emitBytecode):
2704         (JSC::AssignDotNode::emitBytecode):
2705         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
2706         register used across a call to a function that might allocate a new
2707         temporary register must be held in a RefPtr.
2708
2709 2015-01-12  Michael Saboff  <msaboff@apple.com>
2710
2711         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
2712         https://bugs.webkit.org/show_bug.cgi?id=140348
2713
2714         Reviewed by Mark Lam.
2715
2716         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
2717         because those registers may have been spilled on the stack and replaced with other values by
2718         the time we call down to gatherFromCurrentThread().
2719
2720         Now we get the register contents at the same place that we demarcate the current top of
2721         stack using the address of a local variable, in Heap::markRoots().  The register contents
2722         buffer is passed along with the demarcation pointer.  These need to be done at this level 
2723         in the call tree and no lower, as markRoots() calls various functions that visit object
2724         pointers that may be latter proven dead.  Any of those pointers that are left on the
2725         stack or in registers could be incorrectly marked as live if we scan the stack contents
2726         from a called function or one of its callees.  The stack demarcation pointer and register
2727         saving need to be done in the same function so that we have a consistent stack, active
2728         and spilled registers.
2729
2730         Because we don't want to make unnecessary calls to get the register contents, we use
2731         a macro to allocated, and possibly align, the register structure and get the actual
2732         register contents.
2733
2734
2735         * heap/Heap.cpp:
2736         (JSC::Heap::markRoots):
2737         (JSC::Heap::gatherStackRoots):
2738         * heap/Heap.h:
2739         * heap/MachineStackMarker.cpp:
2740         (JSC::MachineThreads::gatherFromCurrentThread):
2741         (JSC::MachineThreads::gatherConservativeRoots):
2742         * heap/MachineStackMarker.h:
2743
2744 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
2745
2746         Add basic pattern matching support to the url filters
2747         https://bugs.webkit.org/show_bug.cgi?id=140283
2748
2749         Reviewed by Andreas Kling.
2750
2751         * JavaScriptCore.xcodeproj/project.pbxproj:
2752         Make YarrParser.h private in order to use it from WebCore.
2753
2754 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
2755
2756         Out of bounds read in IdentifierArena::makeIdentifier
2757         https://bugs.webkit.org/show_bug.cgi?id=140376
2758
2759         Patch by Alexey Proskuryakov.
2760
2761         Reviewed and ChangeLogged by Geoffrey Garen.
2762
2763         No test, since this is a small past-the-end read, which is very
2764         difficult to turn into a reproducible failing test -- and existing tests
2765         crash reliably using ASan.
2766
2767         * parser/ParserArena.h:
2768         (JSC::IdentifierArena::makeIdentifier):
2769         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
2770         zero-length string input, like we do in the literal parser, since it is
2771         not valid to dereference characters in a zero-length string.
2772
2773         A zero-length string is allowed in JavaScript -- for example, "".
2774
2775 2015-01-11  Sam Weinig  <sam@webkit.org>
2776
2777         Remove support for SharedWorkers
2778         https://bugs.webkit.org/show_bug.cgi?id=140344
2779
2780         Reviewed by Anders Carlsson.
2781
2782         * Configurations/FeatureDefines.xcconfig:
2783
2784 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
2785
2786         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
2787         https://bugs.webkit.org/show_bug.cgi?id=136769
2788
2789         Reviewed by Antti Koivisto.
2790
2791         * Configurations/FeatureDefines.xcconfig:
2792
2793 2015-01-12  Commit Queue  <commit-queue@webkit.org>
2794
2795         Unreviewed, rolling out r178266.
2796         https://bugs.webkit.org/show_bug.cgi?id=140363
2797
2798         Broke a JSC test (Requested by ap on #webkit).
2799
2800         Reverted changeset:
2801
2802         "Local JSArray* "keys" in objectConstructorKeys() is not
2803         marked during garbage collection"
2804         https://bugs.webkit.org/show_bug.cgi?id=140348
2805         http://trac.webkit.org/changeset/178266
2806
2807 2015-01-12  Michael Saboff  <msaboff@apple.com>
2808
2809         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
2810         https://bugs.webkit.org/show_bug.cgi?id=140348
2811
2812         Reviewed by Mark Lam.
2813
2814         Move the address of the local variable that is used to demarcate the top of the stack for 
2815         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
2816         the register values using setjmp().  That way we don't lose any callee save register
2817         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
2818         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
2819         erroneously.
2820
2821         * heap/Heap.cpp:
2822         (JSC::Heap::markRoots):
2823         (JSC::Heap::gatherStackRoots):
2824         * heap/Heap.h:
2825         * heap/MachineStackMarker.cpp:
2826         (JSC::MachineThreads::gatherFromCurrentThread):
2827         (JSC::MachineThreads::gatherConservativeRoots):
2828         * heap/MachineStackMarker.h:
2829
2830 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
2831
2832         Fix typo in testate.c error messages
2833         https://bugs.webkit.org/show_bug.cgi?id=140305
2834
2835         Reviewed by Geoffrey Garen.
2836
2837         * API/tests/testapi.c:
2838         (main): "... script did not timed out ..." -> "... script did not time out ..."
2839
2840 2015-01-09  Michael Saboff  <msaboff@apple.com>
2841
2842         Breakpoint doesn't fire in this HTML5 game
2843         https://bugs.webkit.org/show_bug.cgi?id=140269
2844
2845         Reviewed by Mark Lam.
2846
2847         When parsing a single line cached function, use the lineStartOffset of the
2848         location where we found the cached function instead of the cached lineStartOffset.
2849         The cache location's lineStartOffset has not been adjusted for any possible
2850         containing functions.
2851
2852         This change is not needed for multi-line cached functions.  Consider the
2853         single line source:
2854
2855         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
2856
2857         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
2858         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
2859         character is at outer()'s outermost open brace.  That is what we should use for
2860         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
2861         to the saved location for inner1(), including the lineStartOffset of 0.  We need
2862         to use the value of lineStartOffset before we started parsing inner1().  That is
2863         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
2864
2865         For a multi-line function, the close brace is guaranteed to be on a different line
2866         than the open brace.  Hence, its lineStartOffset will not change with the change of
2867         the SourceCode start character
2868
2869         * parser/Parser.cpp:
2870         (JSC::Parser<LexerType>::parseFunctionInfo):
2871
2872 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2873
2874         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
2875         https://bugs.webkit.org/show_bug.cgi?id=140279
2876         rdar://problem/19422299
2877
2878         Reviewed by Oliver Hunt.
2879
2880         * runtime/MapData.cpp:
2881         (JSC::MapData::replaceAndPackBackingStore):
2882         The cell table also needs to have its values fixed.
2883
2884 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2885
2886         Web Inspector: Remove or use TimelineAgent Resource related event types
2887         https://bugs.webkit.org/show_bug.cgi?id=140155
2888
2889         Reviewed by Timothy Hatcher.
2890
2891         Remove unused / stale Timeline event types.
2892
2893         * inspector/protocol/Timeline.json:
2894
2895 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
2896
2897         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
2898         https://bugs.webkit.org/show_bug.cgi?id=140098
2899
2900         Reviewed by Brian Burg.
2901
2902         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
2903
2904 2015-01-08  Mark Lam  <mark.lam@apple.com>
2905
2906         Argument object created by "Function dot arguments" should use a clone of the argument values.
2907         <https://webkit.org/b/140093>
2908
2909         Reviewed by Geoffrey Garen.
2910
2911         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
2912         test will crash.  The relevant code which manifests the issue is as follows:
2913
2914             function bar() {
2915                 return foo.arguments;
2916             }
2917
2918             function foo(p) {
2919                 var x = 42;
2920                 if (p)
2921                     return (function() { return x; });
2922                 else
2923                     return bar();
2924             }
2925
2926         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
2927         has dead code eliminated the SetLocal that stores it into its designated local.
2928         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
2929         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
2930         but instead, finds it to be uninitialized.  This results in a null pointer access
2931         which causes a crash.
2932
2933         This can be resolved by having bar() instantiate a clone of the Arguments object
2934         instead, and populate its elements with values fetched directly from foo's frame.
2935         There's no need to reference foo's LexicalEnvironment (whether present or not).
2936
2937         * interpreter/StackVisitor.cpp:
2938         (JSC::StackVisitor::Frame::createArguments):
2939         * runtime/Arguments.h:
2940         (JSC::Arguments::finishCreation):
2941
2942 2015-01-08  Mark Lam  <mark.lam@apple.com>
2943
2944         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
2945         <https://webkit.org/b/140236>
2946
2947         Reviewed by Geoffrey Garen.
2948
2949         Will change the DFG to use the operand on a subsequent pass.  For now,
2950         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
2951         retain the old behavior of getting the lexicalEnviroment from the
2952         ExecState.
2953
2954         * bytecompiler/BytecodeGenerator.cpp:
2955         (JSC::BytecodeGenerator::BytecodeGenerator):
2956         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2957         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2958         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
2959           instead of an empty JSValue as the lexicalEnvironment operand.
2960
2961         * dfg/DFGOperations.cpp:
2962         - Use the lexicalEnvironment from the ExecState for now.
2963
2964         * dfg/DFGSpeculativeJIT32_64.cpp:
2965         (JSC::DFG::SpeculativeJIT::compile):
2966         * dfg/DFGSpeculativeJIT64.cpp:
2967         (JSC::DFG::SpeculativeJIT::compile):
2968         - Use the operationCreateArgumentsForDFG() thunk for now.
2969
2970         * interpreter/CallFrame.cpp:
2971         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
2972         * interpreter/CallFrame.h:
2973         - Added this convenience function to return either the
2974           lexicalEnvironment or a nullptr so that we don't need to do a
2975           conditional check on codeBlock->needsActivation() at multiple sites.
2976
2977         * interpreter/StackVisitor.cpp:
2978         (JSC::StackVisitor::Frame::createArguments):
2979         * jit/JIT.h:
2980         * jit/JITInlines.h:
2981         (JSC::JIT::callOperation):
2982         * jit/JITOpcodes.cpp:
2983         (JSC::JIT::emit_op_create_arguments):
2984         (JSC::JIT::emitSlow_op_get_argument_by_val):
2985         * jit/JITOpcodes32_64.cpp:
2986         (JSC::JIT::emit_op_create_arguments):
2987         (JSC::JIT::emitSlow_op_get_argument_by_val):
2988         * jit/JITOperations.cpp:
2989         * jit/JITOperations.h:
2990         * llint/LLIntSlowPaths.cpp:
2991         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2992         * runtime/Arguments.h:
2993         (JSC::Arguments::create):
2994         (JSC::Arguments::finishCreation):
2995         * runtime/CommonSlowPaths.cpp:
2996         (JSC::SLOW_PATH_DECL):
2997         * runtime/JSLexicalEnvironment.cpp:
2998         (JSC::JSLexicalEnvironment::argumentsGetter):
2999
3000 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
3001
3002         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
3003         https://bugs.webkit.org/show_bug.cgi?id=138991
3004
3005         Reviewed by Timothy Hatcher.
3006
3007         * debugger/Debugger.cpp:
3008         (JSC::Debugger::Debugger):
3009         (JSC::Debugger::pauseIfNeeded):
3010         (JSC::Debugger::didReachBreakpoint):
3011         When actually pausing, if we hit a breakpoint ensure the reason
3012         is PausedForBreakpoint, otherwise use the current reason.
3013
3014         * debugger/Debugger.h:
3015         Make pause reason and pausing breakpoint ID public.
3016
3017         * inspector/agents/InspectorDebuggerAgent.h:
3018         * inspector/agents/InspectorDebuggerAgent.cpp:
3019         (Inspector::buildAssertPauseReason):
3020         (Inspector::buildCSPViolationPauseReason):
3021         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
3022         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
3023         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3024         (Inspector::buildObjectForBreakpointCookie):
3025         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3026         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
3027         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
3028         (Inspector::InspectorDebuggerAgent::pause):
3029         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3030         (Inspector::InspectorDebuggerAgent::currentCallFrames):
3031         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
3032         Clean up creation of pause reason objects and other cleanup
3033         of PassRefPtr use and InjectedScript use.
3034
3035         (Inspector::InspectorDebuggerAgent::didPause):
3036         Clean up so that we first check for an Exception, and then fall
3037         back to including a Pause Reason derived from the Debugger.
3038
3039         * inspector/protocol/Debugger.json:
3040         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
3041
3042 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
3043
3044         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
3045         https://bugs.webkit.org/show_bug.cgi?id=140209
3046
3047         Reviewed by Timothy Hatcher.
3048
3049         Check the types of objects in NSArrays for all interfaces (commands, events, types)
3050         when the user can set an array of objects. Previously we were only type checking
3051         they were RWIJSONObjects, now we add an explicit check for the exact object type.
3052
3053         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
3054         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
3055         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3056         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
3057         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3058         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
3059         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
3060         * inspector/scripts/codegen/objc_generator.py:
3061         (ObjCGenerator.objc_class_for_array_type):
3062         (ObjCGenerator):
3063
3064 2015-01-07  Mark Lam  <mark.lam@apple.com>
3065
3066         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
3067         <https://webkit.org/b/140233>
3068
3069         Reviewed by Filip Pizlo.
3070
3071         This patch only adds the operand to the bytecode.  It is not in use yet.
3072
3073         * bytecode/BytecodeList.json:
3074         * bytecode/BytecodeUseDef.h:
3075         (JSC::computeUsesForBytecodeOffset):
3076         * bytecode/CodeBlock.cpp:
3077         (JSC::CodeBlock::dumpBytecode):
3078         * bytecompiler/BytecodeGenerator.cpp:
3079         (JSC::BytecodeGenerator::emitGetArgumentByVal):
3080         * llint/LowLevelInterpreter32_64.asm:
3081         * llint/LowLevelInterpreter64.asm:
3082
3083 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
3084
3085         Investigate the character type of repeated string instead of checking is8Bit flag
3086         https://bugs.webkit.org/show_bug.cgi?id=140139
3087
3088         Reviewed by Darin Adler.
3089
3090         Instead of checking is8Bit flag of the repeated string, investigate
3091         the actual value of the repeated character since i8Bit flag give a false negative case.
3092
3093         * runtime/StringPrototype.cpp:
3094         (JSC::repeatCharacter):
3095         (JSC::stringProtoFuncRepeat):
3096         (JSC::repeatSmallString): Deleted.
3097
3098 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
3099
3100         Web Inspector: ObjC Generate types from the GenericTypes domain
3101         https://bugs.webkit.org/show_bug.cgi?id=140229
3102
3103         Reviewed by Timothy Hatcher.
3104
3105         Generate types from the GenericTypes domain, as they are expected
3106         by other domains (like Page domain). Also, don't include the @protocol
3107         forward declaration for a domain if it doesn't have any commands.
3108
3109         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
3110         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
3111         (ObjCBackendDispatcherHeaderGenerator): Deleted.
3112         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
3113         * inspector/scripts/codegen/objc_generator.py:
3114         (ObjCGenerator):
3115         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3116         * inspector/scripts/tests/expected/enum-values.json-result:
3117         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3118         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3119         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3120         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3121         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3122         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3123         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3124         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3125         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3126
3127 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
3128
3129         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
3130         https://bugs.webkit.org/show_bug.cgi?id=140228
3131
3132         Reviewed by Timothy Hatcher.
3133
3134         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
3135         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3136         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3137         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
3138         * inspector/scripts/tests/expected/enum-values.json-result:
3139         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3140
3141 2015-01-07  Saam Barati  <saambarati1@gmail.com>
3142
3143         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
3144         https://bugs.webkit.org/show_bug.cgi?id=140165
3145
3146         Reviewed by Michael Saboff.
3147
3148         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
3149         into the LLInt speeds up type profiling.
3150
3151         * llint/LLIntOffsetsExtractor.cpp:
3152         * llint/LowLevelInterpreter.asm:
3153         * llint/LowLevelInterpreter32_64.asm:
3154         * llint/LowLevelInterpreter64.asm:
3155         * runtime/CommonSlowPaths.cpp:
3156         (JSC::SLOW_PATH_DECL):
3157         * runtime/CommonSlowPaths.h:
3158         * runtime/TypeProfilerLog.h:
3159         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
3160
3161 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
3162
3163         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
3164         https://bugs.webkit.org/show_bug.cgi?id=140053
3165
3166         Reviewed by Andreas Kling.
3167
3168         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
3169         related to Web Inspector. It also converts many uses of RefPtr to Ref where
3170         references are always non-null. These two refactorings have been combined since
3171         they tend to require similar changes to the code.
3172
3173         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
3174         have been updated to take a Ref instead of RefPtr.
3175
3176         Builders for typed protocol objects now return a Ref. Since there is no implicit
3177         call to operator&, callsites now must explicitly call .release() to convert a
3178         builder object into the corresponding protocol object once required fields are set.
3179         Update callsites and use auto to eliminate repetition of longwinded protocol types.
3180
3181         Tests for inspector protocol and replay inputs have been rebaselined.
3182
3183         * bindings/ScriptValue.cpp:
3184         (Deprecated::jsToInspectorValue):
3185         (Deprecated::ScriptValue::toInspectorValue):
3186         * bindings/ScriptValue.h:
3187         * inspector/ConsoleMessage.cpp:
3188         (Inspector::ConsoleMessage::addToFrontend):
3189         * inspector/ContentSearchUtilities.cpp:
3190         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
3191         (Inspector::ContentSearchUtilities::searchInTextByLines):
3192         * inspector/ContentSearchUtilities.h:
3193         * inspector/InjectedScript.cpp:
3194         (Inspector::InjectedScript::getFunctionDetails):
3195         (Inspector::InjectedScript::getProperties):
3196         (Inspector::InjectedScript::getInternalProperties):
3197         (Inspector::InjectedScript::wrapCallFrames):
3198         (Inspector::InjectedScript::wrapObject):
3199         (Inspector::InjectedScript::wrapTable):
3200         * inspector/InjectedScript.h:
3201         * inspector/InjectedScriptBase.cpp:
3202         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
3203         * inspector/InspectorBackendDispatcher.cpp:
3204         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
3205         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
3206         (Inspector::InspectorBackendDispatcher::create):
3207         (Inspector::InspectorBackendDispatcher::dispatch):
3208         (Inspector::InspectorBackendDispatcher::sendResponse):
3209         (Inspector::InspectorBackendDispatcher::reportProtocolError):
3210         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
3211         (Inspector::InspectorBackendDispatcher::getInteger):
3212         (Inspector::InspectorBackendDispatcher::getDouble):
3213         (Inspector::InspectorBackendDispatcher::getString):
3214         (Inspector::InspectorBackendDispatcher::getBoolean):
3215         (Inspector::InspectorBackendDispatcher::getObject):
3216         (Inspector::InspectorBackendDispatcher::getArray):
3217         (Inspector::InspectorBackendDispatcher::getValue):
3218         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
3219         protocol error strings.
3220         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
3221         Convert the supplemental dispatcher's reference to Ref since it is never null.
3222         * inspector/InspectorEnvironment.h:
3223         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
3224         StructItemTraits. Add more versions of addItem to handle pushing various types.
3225         (Inspector::Protocol::Array::openAccessors):
3226         (Inspector::Protocol::Array::addItem):
3227         (Inspector::Protocol::Array::create):
3228         (Inspector::Protocol::StructItemTraits::push):
3229         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
3230         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
3231         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
3232         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
3233         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
3234         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
3235         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
3236         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
3237         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
3238         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
3239         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
3240         the same call signature as other getters. Use Ref where possible.
3241         (Inspector::InspectorObjectBase::getBoolean):
3242         (Inspector::InspectorObjectBase::getString):
3243         (Inspector::InspectorObjectBase::getObject):
3244         (Inspector::InspectorObjectBase::getArray):
3245         (Inspector::InspectorObjectBase::getValue):
3246         (Inspector::InspectorObjectBase::writeJSON):
3247         (Inspector::InspectorArrayBase::get):
3248         (Inspector::InspectorObject::create):
3249         (Inspector::InspectorArray::create):
3250         (Inspector::InspectorValue::null):
3251         (Inspector::InspectorString::create):
3252         (Inspector::InspectorBasicValue::create):
3253         (Inspector::InspectorObjectBase::get): Deleted.
3254         * inspector/InspectorValues.h:
3255         (Inspector::InspectorObjectBase::setValue):
3256         (Inspector::InspectorObjectBase::setObject):
3257         (Inspector::InspectorObjectBase::setArray):
3258         (Inspector::InspectorArrayBase::pushValue):
3259         (Inspector::InspectorArrayBase::pushObject):
3260         (Inspector::InspectorArrayBase::pushArray):
3261         * inspector/JSGlobalObjectConsoleClient.cpp:
3262         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
3263         (Inspector::JSGlobalObjectConsoleClient::count):
3264         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
3265         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
3266         * inspector/JSGlobalObjectConsoleClient.h:
3267         * inspector/JSGlobalObjectInspectorController.cpp:
3268         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
3269         * inspector/JSGlobalObjectInspectorController.h:
3270         * inspector/ScriptCallFrame.cpp:
3271         (Inspector::ScriptCallFrame::buildInspectorObject):
3272         * inspector/ScriptCallFrame.h:
3273         * inspector/ScriptCallStack.cpp:
3274         (Inspector::ScriptCallStack::create):
3275         (Inspector::ScriptCallStack::buildInspectorArray):
3276         * inspector/ScriptCallStack.h:
3277         * inspector/agents/InspectorAgent.cpp:
3278         (Inspector::InspectorAgent::enable):
3279         (Inspector::InspectorAgent::inspect):
3280         (Inspector::InspectorAgent::activateExtraDomain):
3281         * inspector/agents/InspectorAgent.h:
3282         * inspector/agents/InspectorDebuggerAgent.cpp:
3283         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3284         (Inspector::buildObjectForBreakpointCookie):
3285         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3286         (Inspector::InspectorDebuggerAgent::setBreakpoint):
3287         (Inspector::InspectorDebuggerAgent::continueToLocation):
3288         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
3289         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
3290         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3291         (Inspector::InspectorDebuggerAgent::currentCallFrames):
3292         (Inspector::InspectorDebuggerAgent::didParseSource):
3293         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3294         (Inspector::InspectorDebuggerAgent::breakProgram):
3295         * inspector/agents/InspectorDebuggerAgent.h:
3296         * inspector/agents/InspectorRuntimeAgent.cpp:
3297         (Inspector::buildErrorRangeObject):
3298         (Inspector::InspectorRuntimeAgent::callFunctionOn):
3299         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3300         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3301         * inspector/agents/InspectorRuntimeAgent.h:
3302         * inspector/scripts/codegen/cpp_generator.py:
3303         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
3304         (CppGenerator.cpp_type_for_type_with_name):
3305         (CppGenerator.cpp_type_for_formal_async_parameter):
3306         (CppGenerator.should_use_references_for_type):
3307         (CppGenerator):
3308         * inspector/scripts/codegen/cpp_generator_templates.py:
3309         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
3310         (CppBackendDispatcherHeaderGenerator.generate_output):
3311         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
3312         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
3313         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
3314         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
3315         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
3316         (CppFrontendDispatcherHeaderGenerator.generate_output):
3317         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
3318         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3319         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
3320         (CppProtocolTypesHeaderGenerator.generate_output):
3321         (_generate_class_for_object_declaration):
3322         (_generate_unchecked_setter_for_member):
3323         (_generate_forward_declarations_for_binding_traits):
3324         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
3325         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
3326         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3327         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
3328         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
3329         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3330         (ObjCProtocolTypesImplementationGenerator.generate_output):
3331         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3332         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3333         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3334         * inspector/scripts/tests/expected/enum-values.json-result:
3335         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3336         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3337         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3338         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3339         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3340         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3341         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3342         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3343         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3344         * replay/EncodedValue.cpp:
3345         (JSC::EncodedValue::asObject):
3346         (JSC::EncodedValue::asArray):
3347         (JSC::EncodedValue::put<EncodedValue>):
3348         (JSC::EncodedValue::append<EncodedValue>):
3349         (JSC::EncodedValue::get<EncodedValue>):
3350         * replay/EncodedValue.h:
3351         * replay/scripts/CodeGeneratorReplayInputs.py:
3352         (Type.borrow_type):
3353         (Type.argument_type):
3354         (Generator.generate_member_move_expression):
3355         * runtime/ConsoleClient.cpp:
3356         (JSC::ConsoleClient::printConsoleMessageWithArguments):
3357         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
3358         (JSC::ConsoleClient::logWithLevel):
3359         (JSC::ConsoleClient::clear):
3360         (JSC::ConsoleClient::dir):
3361         (JSC::ConsoleClient::dirXML):
3362         (JSC::ConsoleClient::table):
3363         (JSC::ConsoleClient::trace):
3364         (JSC::ConsoleClient::assertCondition):
3365         (JSC::ConsoleClient::group):
3366         (JSC::ConsoleClient::groupCollapsed):
3367         (JSC::ConsoleClient::groupEnd):
3368         * runtime/ConsoleClient.h:
3369         * runtime/TypeSet.cpp:
3370         (JSC::TypeSet::allStructureRepresentations):
3371         (JSC::TypeSet::inspectorTypeSet):
3372         (JSC::StructureShape::inspectorRepresentation):
3373         * runtime/TypeSet.h:
3374
3375 2015-01-07  Commit Queue  <commit-queue@webkit.org>
3376
3377         Unreviewed, rolling out r178039.
3378         https://bugs.webkit.org/show_bug.cgi?id=140187
3379
3380         Breaks ObjC Inspector Protocol (Requested by JoePeck on
3381         #webkit).
3382
3383         Reverted changeset:
3384
3385         "Web Inspector: purge PassRefPtr from Inspector code and use
3386         Ref for typed and untyped protocol objects"
3387         https://bugs.webkit.org/show_bug.cgi?id=140053
3388         http://trac.webkit.org/changeset/178039
3389
3390 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
3391
3392         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
3393         https://bugs.webkit.org/show_bug.cgi?id=140053
3394
3395         Reviewed by Andreas Kling.
3396
3397         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
3398         related to Web Inspector. It also converts many uses of RefPtr to Ref where
3399         references are always non-null. These two refactorings have been combined since
3400         they tend to require similar changes to the code.
3401
3402         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
3403         have been updated to take a Ref instead of RefPtr.
3404
3405         Builders for typed protocol objects now return a Ref. Since there is no implicit
3406         call to operator&, callsites now must explicitly call .release() to convert a
3407         builder object into the corresponding protocol object once required fields are set.
3408         Update callsites and use auto to eliminate repetition of longwinded protocol types.
3409
3410         Tests for inspector protocol and replay inputs have been rebaselined.
3411
3412         * bindings/ScriptValue.cpp:
3413         (Deprecated::jsToInspectorValue):
3414         (Deprecated::ScriptValue::toInspectorValue):
3415         * bindings/ScriptValue.h:
3416         * inspector/ConsoleMessage.cpp:
3417         (Inspector::ConsoleMessage::addToFrontend):
3418         * inspector/ContentSearchUtilities.cpp:
3419         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
3420         (Inspector::ContentSearchUtilities::searchInTextByLines):
3421         * inspector/ContentSearchUtilities.h:
3422         * inspector/InjectedScript.cpp:
3423         (Inspector::InjectedScript::getFunctionDetails):
3424         (Inspector::InjectedScript::getProperties):
3425         (Inspector::InjectedScript::getInternalProperties):
3426         (Inspector::InjectedScript::wrapCallFrames):
3427         (Inspector::InjectedScript::wrapObject):
3428         (Inspector::InjectedScript::wrapTable):
3429         * inspector/InjectedScript.h:
3430         * inspector/InjectedScriptBase.cpp:
3431         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
3432         * inspector/InspectorBackendDispatcher.cpp:
3433         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
3434         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
3435         (Inspector::InspectorBackendDispatcher::create):
3436         (Inspector::InspectorBackendDispatcher::dispatch):
3437         (Inspector::InspectorBackendDispatcher::sendResponse):
3438         (Inspector::InspectorBackendDispatcher::reportProtocolError):
3439         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
3440         (Inspector::InspectorBackendDispatcher::getInteger):
3441         (Inspector::InspectorBackendDispatcher::getDouble):
3442         (Inspector::InspectorBackendDispatcher::getString):
3443         (Inspector::InspectorBackendDispatcher::getBoolean):
3444         (Inspector::InspectorBackendDispatcher::getObject):
3445         (Inspector::InspectorBackendDispatcher::getArray):
3446         (Inspector::InspectorBackendDispatcher::getValue):
3447         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
3448         protocol error strings.
3449         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
3450         Convert the supplemental dispatcher's reference to Ref since it is never null.
3451         * inspector/InspectorEnvironment.h:
3452         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
3453         StructItemTraits. Add more versions of addItem to handle pushing various types.
3454         (Inspector::Protocol::Array::openAccessors):
3455         (Inspector::Protocol::Array::addItem):
3456         (Inspector::Protocol::Array::create):
3457         (Inspector::Protocol::StructItemTraits::push):
3458         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
3459         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
3460         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
3461         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
3462         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
3463         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
3464         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
3465         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
3466         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
3467         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
3468         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
3469         the same call signature as other getters. Use Ref where possible.
3470         (Inspector::InspectorObjectBase::getBoolean):
3471         (Inspector::InspectorObjectBase::getString):
3472         (Inspector::InspectorObjectBase::getObject):
3473         (Inspector::InspectorObjectBase::getArray):
3474         (Inspector::InspectorObjectBase::getValue):
3475         (Inspector::InspectorObjectBase::writeJSON):
3476         (Inspector::InspectorArrayBase::get):
3477         (Inspector::InspectorObject::create):
3478         (Inspector::InspectorArray::create):
3479         (Inspector::InspectorValue::null):
3480         (Inspector::InspectorString::create):
3481         (Inspector::InspectorBasicValue::create):
3482         (Inspector::InspectorObjectBase::get): Deleted.
3483         * inspector/InspectorValues.h:
3484         (Inspector::InspectorObjectBase::setValue):
3485         (Inspector::InspectorObjectBase::setObject):
3486         (Inspector::InspectorObjectBase::setArray):
3487         (Inspector::InspectorArrayBase::pushValue):
3488         (Inspector::InspectorArrayBase::pushObject):
3489         (Inspector::InspectorArrayBase::pushArray):
3490         * inspector/JSGlobalObjectConsoleClient.cpp:
3491         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
3492         (Inspector::JSGlobalObjectConsoleClient::count):
3493         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
3494         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
3495         * inspector/JSGlobalObjectConsoleClient.h:
3496         * inspector/JSGlobalObjectInspectorController.cpp:
3497         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
3498         * inspector/JSGlobalObjectInspectorController.h:
3499         * inspector/ScriptCallFrame.cpp:
3500         (Inspector::ScriptCallFrame::buildInspectorObject):
3501         * inspector/ScriptCallFrame.h:
3502         * inspector/ScriptCallStack.cpp:
3503         (Inspector::ScriptCallStack::create):
3504         (Inspector::ScriptCallStack::buildInspectorArray):
3505         * inspector/ScriptCallStack.h:
3506         * inspector/agents/InspectorAgent.cpp:
3507         (Inspector::InspectorAgent::enable):
3508         (Inspector::InspectorAgent::inspect):
3509         (Inspector::InspectorAgent::activateExtraDomain):
3510         * inspector/agents/InspectorAgent.h:
3511         * inspector/agents/InspectorDebuggerAgent.cpp:
3512         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
3513         (Inspector::buildObjectForBreakpointCookie):
3514         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3515         (Inspector::InspectorDebuggerAgent::setBreakpoint):
3516         (Inspector::InspectorDebuggerAgent::continueToLocation):
3517         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
3518         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
3519         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
3520         (Inspector::InspectorDebuggerAgent::currentCallFrames):
3521         (Inspector::InspectorDebuggerAgent::didParseSource):
3522         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3523         (Inspector::InspectorDebuggerAgent::breakProgram):
3524         * inspector/agents/InspectorDebuggerAgent.h:
3525         * inspector/agents/InspectorRuntimeAgent.cpp:
3526         (Inspector::buildErrorRangeObject):
3527         (Inspector::InspectorRuntimeAgent::callFunctionOn):
3528         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3529         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3530         * inspector/agents/InspectorRuntimeAgent.h:
3531         * inspector/scripts/codegen/cpp_generator.py:
3532         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
3533         (CppGenerator.cpp_type_for_type_with_name):
3534         (CppGenerator.cpp_type_for_formal_async_parameter):
3535         (CppGenerator.should_use_references_for_type):
3536         (CppGenerator):
3537         * inspector/scripts/codegen/cpp_generator_templates.py:
3538         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
3539         (CppBackendDispatcherHeaderGenerator.generate_output):
3540         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
3541         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
3542         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
3543         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
3544         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
3545         (CppFrontendDispatcherHeaderGenerator.generate_output):
3546         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
3547         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3548         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
3549         (CppProtocolTypesHeaderGenerator.generate_output):
3550         (_generate_class_for_object_declaration):
3551         (_generate_unchecked_setter_for_member):
3552         (_generate_forward_declarations_for_binding_traits):
3553         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
3554         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
3555         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
3556         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
3557         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
3558         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
3559         (ObjCProtocolTypesImplementationGenerator.generate_output):
3560         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3561         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3562         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3563         * inspector/scripts/tests/expected/enum-values.json-result:
3564         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3565         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3566         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3567         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3568         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3569         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3570         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3571         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3572         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3573         * replay/EncodedValue.cpp:
3574         (JSC::EncodedValue::asObject):
3575         (JSC::EncodedValue::asArray):
3576         (JSC::EncodedValue::put<EncodedValue>):
3577         (JSC::EncodedValue::append<EncodedValue>):
3578         (JSC::EncodedValue::get<EncodedValue>):
3579         * replay/EncodedValue.h:
3580         * replay/scripts/CodeGeneratorReplayInputs.py:
3581         (Type.borrow_type):
3582         (Type.argument_type):
3583         (Generator.generate_member_move_expression):
3584         * runtime/ConsoleClient.cpp:
3585         (JSC::ConsoleClient::printConsoleMessageWithArguments):
3586         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
3587         (JSC::ConsoleClient::logWithLevel):
3588         (JSC::ConsoleClient::clear):
3589         (JSC::ConsoleClient::dir):
3590         (JSC::ConsoleClient::dirXML):
3591         (JSC::ConsoleClient::table):
3592         (JSC::ConsoleClient::trace):
3593         (JSC::ConsoleClient::assertCondition):
3594         (JSC::ConsoleClient::group):
3595         (JSC::ConsoleClient::groupCollapsed):
3596         (JSC::ConsoleClient::groupEnd):
3597         * runtime/ConsoleClient.h:
3598         * runtime/TypeSet.cpp:
3599         (JSC::TypeSet::allStructureRepresentations):
3600         (JSC::TypeSet::inspectorTypeSet):
3601         (JSC::StructureShape::inspectorRepresentation):
3602         * runtime/TypeSet.h:
3603
3604 2015-01-06  Chris Dumez  <cdumez@apple.com>
3605
3606         Drop ResourceResponseBase::connectionID and connectionReused members
3607         https://bugs.webkit.org/show_bug.cgi?id=140158
3608
3609         Reviewed by Sam Weinig.
3610
3611         Drop ResourceResponseBase::connectionID and connectionReused members.
3612         Those were needed by the Chromium port but are no longer used.
3613
3614         * inspector/protocol/Network.json:
3615
3616 2015-01-06  Mark Lam  <mark.lam@apple.com>
3617
3618         Add the lexicalEnvironment as an operand to op_create_arguments.
3619         <https://webkit.org/b/140148>
3620
3621         Reviewed by Geoffrey Garen.
3622
3623         This patch only adds the operand to the bytecode.  It is not in use yet.
3624
3625         * bytecode/BytecodeList.json:
3626         * bytecode/BytecodeUseDef.h:
3627         (JSC::computeUsesForBytecodeOffset):
3628         * bytecode/CodeBlock.cpp:
3629         (JSC::CodeBlock::dumpBytecode):
3630         * bytecompiler/BytecodeGenerator.cpp:
3631         (JSC::BytecodeGenerator::BytecodeGenerator):
3632         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3633         - Adds the lexicalEnvironment register (if present) as an operand to
3634           op_create_arguments.  Else, adds a constant empty JSValue.
3635         * llint/LowLevelInterpreter32_64.asm:
3636         * llint/LowLevelInterpreter64.asm:
3637
3638 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
3639
3640         ADDRESS_SANITIZER macro is overloaded
3641         https://bugs.webkit.org/show_bug.cgi?id=140130
3642
3643         Reviewed by Anders Carlsson.
3644
3645         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
3646         This code is nearly unused (only compiled in when JIT is disabled at build time),
3647         however I've been told that it's best to keep it.
3648
3649 2015-01-06  Mark Lam  <mark.lam@apple.com>
3650
3651         Fix Use details for op_create_arguments.
3652         <https://webkit.org/b/140110>
3653
3654         Rubber stamped by Filip Pizlo.
3655
3656         The previous patch was wrong about op_create_arguments not using its 1st operand.
3657         It does read from it (hence, used) to check if the Arguments object has already
3658         been created or not.  This patch reverts the change for op_create_arguments.
3659
3660         * bytecode/BytecodeUseDef.h:
3661         (JSC::computeUsesForBytecodeOffset):
3662
3663 2015-01-06  Mark Lam  <mark.lam@apple.com>
3664
3665         Fix Use details for op_create_lexical_environment and op_create_arguments.
3666         <https://webkit.org/b/140110>
3667
3668         Reviewed by Filip Pizlo.
3669
3670         The current "Use" details for op_create_lexical_environment and
3671         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
3672         1st operand (the output local).  op_create_lexical_environment uses its 2nd
3673         operand (the scope chain) instead of the 1st (the output local).
3674         This patch fixes them to specify the proper uses.
3675
3676         * bytecode/BytecodeUseDef.h:
3677         (JSC::computeUsesForBytecodeOffset):
3678
3679 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
3680
3681         Implement ES6 String.prototype.repeat(count)
3682         https://bugs.webkit.org/show_bug.cgi?id=140047
3683
3684         Reviewed by Darin Adler.
3685
3686         Introducing ES6 String.prototype.repeat(count) function.
3687
3688         * runtime/JSString.h:
3689         * runtime/StringPrototype.cpp:
3690         (JSC::StringPrototype::finishCreation):
3691         (JSC::repeatSmallString):
3692         (JSC::stringProtoFuncRepeat):
3693
3694 2015-01-03  Michael Saboff  <msaboff@apple.com>
3695
3696         Crash in operationNewFunction when scrolling on Google+
3697         https://bugs.webkit.org/show_bug.cgi?id=140033
3698
3699         Reviewed by Oliver Hunt.
3700
3701         In DFG code, the scope register can be eliminated because all uses have been
3702         dead code eliminated.  In the case where one of the uses was creating a function
3703         that is never used, the baseline code will still create the function.  If we OSR
3704         exit to a path where that function gets created, check the scope register value
3705         and set the new, but dead, function to undefined instead of creating a new function.
3706
3707         * jit/JITOpcodes.cpp:
3708         (JSC::JIT::emit_op_new_func_exp):
3709
3710 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3711
3712         String includes methods perform toString on searchString before toInt32 on a offset
3713         https://bugs.webkit.org/show_bug.cgi?id=140031
3714
3715         Reviewed by Darin Adler.
3716
3717         * runtime/StringPrototype.cpp:
3718         (JSC::stringProtoFuncStartsWith):
3719         (JSC::stringProtoFuncEndsWith):
3720         (JSC::stringProtoFuncIncludes):
3721
3722 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3723
3724         Change to return std::unique_ptr<> in fooCreate()
3725         https://bugs.webkit.org/show_bug.cgi?id=139983
3726
3727         Reviewed by Darin Adler.
3728
3729         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
3730
3731         * create_regex_tables:
3732         * yarr/YarrPattern.h:
3733         (JSC::Yarr::YarrPattern::reset):
3734         (JSC::Yarr::YarrPattern::newlineCharacterClass):
3735         (JSC::Yarr::YarrPattern::digitsCharacterClass):
3736         (JSC::Yarr::YarrPattern::spacesCharacterClass):
3737         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
3738         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
3739         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
3740         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
3741
3742 2015-01-01  Jeff Miller  <jeffm@apple.com>
3743
3744         Update user-visible copyright strings to include 2015
3745         https://bugs.webkit.org/show_bug.cgi?id=139880
3746
3747         Reviewed by Darin Adler.
3748
3749         * Info.plist:
3750
3751 2015-01-01  Darin Adler  <darin@apple.com>
3752
3753         We often misspell identifier as "identifer"
3754         https://bugs.webkit.org/show_bug.cgi?id=140025
3755
3756         Reviewed by Michael Saboff.
3757
3758         * runtime/ArrayConventions.h: Fix it.
3759
3760 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3761
3762         Move JavaScriptCore/yarr to std::unique_ptr
3763         https://bugs.webkit.org/show_bug.cgi?id=139621
3764
3765         Reviewed by Anders Carlsson.
3766
3767         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
3768
3769         * yarr/YarrInterpreter.cpp:
3770         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
3771         * yarr/YarrInterpreter.h:
3772         (JSC::Yarr::BytecodePattern::BytecodePattern):
3773         * yarr/YarrJIT.cpp:
3774         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
3775         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
3776         (JSC::Yarr::YarrGenerator::opCompileBody):
3777         * yarr/YarrPattern.cpp:
3778         (JSC::Yarr::CharacterClassConstructor::charClass):
3779         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
3780         (JSC::Yarr::YarrPatternConstructor::reset):
3781         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
3782         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
3783         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
3784         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
3785         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
3786         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
3787         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
3788         * yarr/YarrPattern.h:
3789         (JSC::Yarr::PatternDisjunction::addNewAlternative):
3790         (JSC::Yarr::YarrPattern::newlineCharacterClass):
3791         (JSC::Yarr::YarrPattern::digitsCharacterClass):
3792         (JSC::Yarr::YarrPattern::spacesCharacterClass):
3793         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
3794         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
3795         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
3796         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
3797
3798 2014-12-26  Dan Bernstein  <mitz@apple.com>
3799
3800         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
3801         https://bugs.webkit.org/show_bug.cgi?id=139950
3802
3803         Reviewed by David Kilzer.
3804
3805         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
3806         in a manner that works with Xcode 5.1.1.
3807
3808 2014-12-22  Mark Lam  <mark.lam@apple.com>
3809
3810         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
3811         <https://webkit.org/b/139892>
3812
3813         Reviewed by Michael Saboff.
3814
3815         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
3816         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
3817         This patch changes it to use the helper function consistently.
3818
3819         * jit/JITOperations.cpp:
3820
3821 2014-12-22  Mark Lam  <mark.lam@apple.com>
3822
3823         Fix some typos in a comment.
3824         <https://webkit.org/b/139882>
3825
3826         Reviewed by Michael Saboff.
3827
3828         * jit/JITPropertyAccess.cpp:
3829         (JSC::JIT::emit_op_get_by_val):
3830
3831 2014-12-22  Mark Lam  <mark.lam@apple.com>
3832
3833         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
3834         <https://webkit.org/b/138118>
3835
3836         Reviewed by Michael Saboff.
3837
3838         * runtime/JSObject.cpp:
3839         (JSC::JSObject::convertInt32ToArrayStorage):
3840         (JSC::JSObject::convertDoubleToArrayStorage):
3841         (JSC::JSObject::convertContiguousToArrayStorage):
3842
3843 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
3844
3845         [iOS] add optimized fullscreen API
3846         https://bugs.webkit.org/show_bug.cgi?id=139833
3847         <rdar://problem/18844486>
3848
3849         Reviewed by Simon Fraser.
3850
3851         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
3852
3853 2014-12-20  David Kilzer  <ddkilzer@apple.com>
3854
3855         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
3856         <http://webkit.org/b/139463>
3857
3858         Reviewed by Mark Rowe.
3859
3860         * Configurations/JavaScriptCore.xcconfig:
3861         - Simplify SECTORDER_FLAGS.
3862
3863 2014-12-19  Andreas Kling  <akling@apple.com>
3864
3865         Plug leak below LLVMCopyStringRepOfTargetData().
3866         <https://webkit.org/b/139832>
3867
3868         Reviewed by Michael Saboff.
3869
3870         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
3871         to free() it after we're done using it.
3872
3873         * ftl/FTLCompile.cpp:
3874         (JSC::FTL::mmAllocateDataSection):
3875
3876 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
3877
3878         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
3879         https://bugs.webkit.org/show_bug.cgi?id=139797
3880
3881         Reviewed by Mark Lam.
3882
3883         * debugger/Debugger.h:
3884         * debugger/Debugger.cpp:
3885         (JSC::Debugger::isAttached):
3886         Check if we are the debugger for a particular global object.
3887         (JSC::Debugger::pauseIfNeeded):
3888         Pass the global object on when hitting a brekapoint.
3889
3890         * inspector/ScriptDebugServer.h:
3891         * inspector/ScriptDebugServer.cpp:
3892         (Inspector::ScriptDebugServer::handleBreakpointHit):
3893         Stop evaluting breakpoint actions if a previous action caused the
3894         debugger to detach from this global object.
3895         (Inspector::ScriptDebugServer::handlePause):
3896         Standardize on passing JSGlobalObject parameter first.
3897
3898 2014-12-19  Mark Lam  <mark.lam@apple.com>
3899
3900         [Win] Endless compiler warnings created by DFGEdge.h.
3901         <https://webkit.org/b/139801>
3902
3903         Reviewed by Brent Fulgham.
3904
3905         Add a cast to fix the type just the way the 64-bit version does.
3906
3907         * dfg/DFGEdge.h:
3908         (JSC::DFG::Edge::makeWord):
3909
3910 2014-12-19  Commit Queue  <commit-queue@webkit.org>
3911
3912         Unreviewed, rolling out r177574.
3913         https://bugs.webkit.org/show_bug.cgi?id=139821
3914
3915         "Broke Production builds by installing
3916         libWebCoreTestSupport.dylib in the wrong directory" (Requested
3917         by ddkilzer on #webkit).
3918
3919         Reverted changeset:
3920
3921