7b8313b82491d2172d59a6dffe53c6fde6662bc9
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-19  Geoffrey Garen  <ggaren@apple.com>
2
3         clearCode() should clear code
4         https://bugs.webkit.org/show_bug.cgi?id=148203
5
6         Reviewed by Saam Barati.
7
8         Clearing code used to require two steps: clearCode() and
9         clearUnlinkedCodeForRecompilation(). Unsurprisingly, clients sometimes
10         did one or the other or both without much rhyme or reason.
11
12         This patch simplifies things by merging both functions into clearCode().
13
14         * bytecode/UnlinkedFunctionExecutable.h:
15         * debugger/Debugger.cpp:
16         * heap/Heap.cpp:
17         (JSC::Heap::deleteAllCompiledCode):
18         (JSC::Heap::clearUnmarkedExecutables):
19         (JSC::Heap::deleteAllUnlinkedFunctionCode): Deleted. No need for this
20         function anymore since it was only used by clients who already called
21         clearCode() (and it would be terribly wrong to use without doing both.)
22
23         * heap/Heap.h:
24         (JSC::Heap::sizeAfterLastFullCollection):
25         * inspector/agents/InspectorRuntimeAgent.cpp:
26         (Inspector::TypeRecompiler::visit):
27         (Inspector::TypeRecompiler::operator()):
28         * runtime/Executable.cpp:
29         (JSC::FunctionExecutable::visitChildren):
30         (JSC::FunctionExecutable::clearCode):
31         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation): Deleted.
32         * runtime/Executable.h:
33         * runtime/VM.cpp:
34         (JSC::VM::deleteAllCode):
35
36 2015-08-19  Alex Christensen  <achristensen@webkit.org>
37
38         CMake Windows build should not include files directly from other Source directories
39         https://bugs.webkit.org/show_bug.cgi?id=148198
40
41         Reviewed by Brent Fulgham.
42
43         * CMakeLists.txt:
44         JavaScriptCore_FORWARDING_HEADERS_FILES is no longer necessary because all the headers
45         that used to be in it are now in JavaScriptCore_FORWARDING_HEADERS_DIRECTORIES
46         * PlatformEfl.cmake:
47         * PlatformGTK.cmake:
48         * PlatformMac.cmake:
49         * PlatformWin.cmake:
50
51 2015-08-19  Eric Carlson  <eric.carlson@apple.com>
52
53         Remove ENABLE_WEBVTT_REGIONS
54         https://bugs.webkit.org/show_bug.cgi?id=148184
55
56         Reviewed by Jer Noble.
57
58         * Configurations/FeatureDefines.xcconfig: Remove ENABLE_WEBVTT_REGIONS.
59
60 2015-08-19  Joseph Pecoraro  <pecoraro@apple.com>
61
62         Web Inspector: Unexpected node preview format for an element with newlines in className attribute
63         https://bugs.webkit.org/show_bug.cgi?id=148192
64
65         Reviewed by Brian Burg.
66
67         * inspector/InjectedScriptSource.js:
68         (InjectedScript.prototype._nodePreview):
69         Replace whitespace blocks with single spaces to produce a simpler class string for previews.
70
71 2015-08-19  Mark Lam  <mark.lam@apple.com>
72
73         Add support for CheckWatchdogTimer as slow path in DFG and FTL.
74         https://bugs.webkit.org/show_bug.cgi?id=147968
75
76         Reviewed by Michael Saboff.
77
78         Re-implement the DFG's CheckWatchdogTimer as a slow path instead of a speculation
79         check.  Since the watchdog timer can fire spuriously, this allows the code to
80         stay optimized if all we have are spurious fires.
81
82         Implement the equivalent slow path for CheckWatchdogTimer in the FTL. 
83
84         The watchdog tests in ExecutionTimeLimitTest.cpp has already been updated in
85         https://bugs.webkit.org/show_bug.cgi?id=148125 to test for the FTL's watchdog
86         implementation.
87
88         * dfg/DFGSpeculativeJIT32_64.cpp:
89         (JSC::DFG::SpeculativeJIT::compile):
90         * dfg/DFGSpeculativeJIT64.cpp:
91         (JSC::DFG::SpeculativeJIT::compile):
92         * ftl/FTLCapabilities.cpp:
93         (JSC::FTL::canCompile):
94         * ftl/FTLLowerDFGToLLVM.cpp:
95         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
96         (JSC::FTL::DFG::LowerDFGToLLVM::compileMaterializeCreateActivation):
97         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckWatchdogTimer):
98         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize):
99
100         * jit/JIT.h:
101         * jit/JITInlines.h:
102         (JSC::JIT::callOperation):
103         * jit/JITOperations.cpp:
104         * jit/JITOperations.h:
105         - Changed operationHandleWatchdogTimer() to return an unused nullptr.  This
106           allows me to reuse the existing DFG slow path generator mechanism.  I didn't
107           think that operationHandleWatchdogTimer() was worth introducing a whole new set
108           of machinery just so we can have a slow path that returns void.
109
110 2015-08-19  Mark Lam  <mark.lam@apple.com>
111
112         Add ability to save and restore JSC options.
113         https://bugs.webkit.org/show_bug.cgi?id=148125
114
115         Reviewed by Saam Barati.
116
117         * API/tests/ExecutionTimeLimitTest.cpp:
118         (testExecutionTimeLimit):
119         - Employ the new options getter/setter to run watchdog tests for each of the
120           execution engine tiers.
121         - Also altered the test scripts to be in a function instead of global code.
122           This is one of 2 changes needed to give them an opportunity to be FTL compiled.
123           The other is to add support for compiling CheckWatchdogTimer in the FTL (which
124           will be addressed in a separate patch).
125
126         * jsc.cpp:
127         (CommandLine::parseArguments):
128         * runtime/Options.cpp:
129         (JSC::parse):
130         - Add the ability to clear a string option with a nullptr value.
131           This is needed to restore a default string option value which may be null.
132
133         (JSC::OptionRange::init):
134         - Add the ability to clear a range option with a null value.
135           This is needed to restore a default range option value which may be null.
136
137         (JSC::Options::initialize):
138         (JSC::Options::dumpOptionsIfNeeded):
139         - Factor code to dump options out to dumpOptionsIfNeeded() since we will need
140           that logic elsewhere.
141
142         (JSC::Options::setOptions):
143         - Parse an options string and set each of the specified options.
144
145         (JSC::Options::dumpAllOptions):
146         (JSC::Options::dumpAllOptionsInALine):
147         (JSC::Options::dumpOption):
148         (JSC::Option::dump):
149         - Refactored so that the underlying dumper dumps to a StringBuilder instead of
150           stderr.  This lets us reuse this code to serialize all the options into a
151           single string for dumpAllOptionsInALine().
152
153         * runtime/Options.h:
154         (JSC::OptionRange::rangeString):
155
156 2015-08-18  Filip Pizlo  <fpizlo@apple.com>
157
158         Replace all uses of std::mutex/std::condition_variable with WTF::Lock/WTF::Condition
159         https://bugs.webkit.org/show_bug.cgi?id=148140
160
161         Reviewed by Geoffrey Garen.
162
163         * inspector/remote/RemoteInspector.h:
164         * inspector/remote/RemoteInspector.mm:
165         (Inspector::RemoteInspector::registerDebuggable):
166         (Inspector::RemoteInspector::unregisterDebuggable):
167         (Inspector::RemoteInspector::updateDebuggable):
168         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
169         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
170         (Inspector::RemoteInspector::setupFailed):
171         (Inspector::RemoteInspector::setupCompleted):
172         (Inspector::RemoteInspector::start):
173         (Inspector::RemoteInspector::stop):
174         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
175         (Inspector::RemoteInspector::setParentProcessInformation):
176         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
177         (Inspector::RemoteInspector::xpcConnectionFailed):
178         (Inspector::RemoteInspector::pushListingSoon):
179         (Inspector::RemoteInspector::receivedIndicateMessage):
180         (Inspector::RemoteInspector::receivedProxyApplicationSetupMessage):
181         * inspector/remote/RemoteInspectorXPCConnection.h:
182         * inspector/remote/RemoteInspectorXPCConnection.mm:
183         (Inspector::RemoteInspectorXPCConnection::close):
184         (Inspector::RemoteInspectorXPCConnection::closeFromMessage):
185         (Inspector::RemoteInspectorXPCConnection::deserializeMessage):
186         (Inspector::RemoteInspectorXPCConnection::handleEvent):
187
188 2015-08-18  Joseph Pecoraro  <pecoraro@apple.com>
189
190         Web Inspector: Links for rules in <style> are incorrect, do not account for <style> offset in the document
191         https://bugs.webkit.org/show_bug.cgi?id=148141
192
193         Reviewed by Brian Burg.
194
195         * inspector/protocol/CSS.json:
196         Extend StyleSheetHeader to include start offset information and a bit
197         for whether or not this was an inline style tag created by the parser.
198         These match additions to Blink's protocol.
199
200 2015-08-18  Benjamin Poulain  <bpoulain@apple.com>
201
202         [JSC] Optimize more cases of something-compared-to-null/undefined
203         https://bugs.webkit.org/show_bug.cgi?id=148157
204
205         Reviewed by Geoffrey Garen and Filip Pizlo.
206
207         CompareEq is fairly trivial if you assert one of the operands is either
208         null or undefined. Under those conditions, the only way to have "true"
209         is to have the other operand be null/undefined or have an object
210         that masquerades to undefined.
211
212         JSC already had a fast path in CompareEqConstant.
213         With this patch, I generalize this fast path to more cases and try
214         to eliminate the checks whenever possible.
215
216         CompareEq now does the job of CompareEqConstant. If any operand can
217         be proved to be undefined/other, its edge is set to OtherUse. Whenever
218         any edge is OtherUse, we generate the fast code we had for CompareEqConstant.
219
220         The AbstractInterpreter has additional checks to reduce the node to a constant
221         whenever possible.
222
223         There are two additional changes in this patch:
224         -The Fixup Phase tries to set edges to OtherUse early. This is done correctly
225          in ConstantFoldingPhase but setting it up early helps the phases relying
226          on Clobberize.
227         -The codegen for CompareEqConstant was improved. The reason is the comparison
228          for ObjectOrOther could be faster just because the codegen was better.
229
230         * dfg/DFGAbstractInterpreterInlines.h:
231         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
232         * dfg/DFGByteCodeParser.cpp:
233         (JSC::DFG::ByteCodeParser::parseBlock):
234         * dfg/DFGClobberize.h:
235         (JSC::DFG::clobberize): Deleted.
236         * dfg/DFGConstantFoldingPhase.cpp:
237         (JSC::DFG::ConstantFoldingPhase::foldConstants):
238         * dfg/DFGDoesGC.cpp:
239         (JSC::DFG::doesGC): Deleted.
240         * dfg/DFGFixupPhase.cpp:
241         (JSC::DFG::FixupPhase::fixupNode):
242         * dfg/DFGNode.h:
243         (JSC::DFG::Node::isUndefinedOrNullConstant):
244         * dfg/DFGNodeType.h:
245         * dfg/DFGPredictionPropagationPhase.cpp:
246         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
247         * dfg/DFGSafeToExecute.h:
248         (JSC::DFG::safeToExecute): Deleted.
249         * dfg/DFGSpeculativeJIT.cpp:
250         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
251         (JSC::DFG::SpeculativeJIT::compare):
252         * dfg/DFGSpeculativeJIT.h:
253         (JSC::DFG::SpeculativeJIT::isKnownNotOther):
254         * dfg/DFGSpeculativeJIT32_64.cpp:
255         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
256         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
257         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
258         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
259         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
260         (JSC::DFG::SpeculativeJIT::compile): Deleted.
261         * dfg/DFGSpeculativeJIT64.cpp:
262         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
263         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
264         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
265         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
266         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
267         (JSC::DFG::SpeculativeJIT::compile): Deleted.
268         * dfg/DFGValidate.cpp:
269         (JSC::DFG::Validate::validate): Deleted.
270         * dfg/DFGWatchpointCollectionPhase.cpp:
271         (JSC::DFG::WatchpointCollectionPhase::handle):
272         * ftl/FTLCapabilities.cpp:
273         (JSC::FTL::canCompile):
274         * ftl/FTLLowerDFGToLLVM.cpp:
275         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEq):
276         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
277         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEqConstant): Deleted.
278         * tests/stress/compare-eq-on-null-and-undefined-non-peephole.js: Added.
279         (string_appeared_here.useForMath):
280         (testUseForMath):
281         * tests/stress/compare-eq-on-null-and-undefined-optimized-in-constant-folding.js: Added.
282         (string_appeared_here.unreachableCodeTest):
283         (inlinedCompareToNull):
284         (inlinedComparedToUndefined):
285         (warmupInlineFunctions):
286         (testInlineFunctions):
287         * tests/stress/compare-eq-on-null-and-undefined.js: Added.
288         (string_appeared_here.compareConstants):
289         (opaqueNull):
290         (opaqueUndefined):
291         (compareConstantsAndDynamicValues):
292         (compareDynamicValues):
293         (compareDynamicValueToItself):
294         (arrayTesting):
295         (opaqueCompare1):
296         (testNullComparatorUpdate):
297         (opaqueCompare2):
298         (testUndefinedComparatorUpdate):
299         (opaqueCompare3):
300         (testNullAndUndefinedComparatorUpdate):
301
302 2015-08-18  Yusuke Suzuki  <utatane.tea@gmail.com>
303
304         Introduce non-user-observable Promise functions to use Promises internally
305         https://bugs.webkit.org/show_bug.cgi?id=148118
306
307         Reviewed by Saam Barati.
308
309         To leverage the Promises internally (like ES6 Module Loaders), we add
310         the several non-user-observable private methods, like @then, @all. And
311         refactor the existing Promises implementation to make it easy to use
312         internally.
313
314         But still the trappable part remains. When resolving the promise with
315         the returned value, we look up the "then" function. So users can trap
316         by replacing "then" function of the Promise's prototype.
317         To avoid this situation, we'll introduce completely differnt promise
318         instances called InternalPromise in the subsequent patch[1].
319
320         No behavior change.
321
322         [1]: https://bugs.webkit.org/show_bug.cgi?id=148136
323
324         * builtins/PromiseConstructor.js:
325         (privateAll.newResolveElement):
326         (privateAll):
327         * runtime/JSGlobalObject.cpp:
328         (JSC::JSGlobalObject::init):
329         (JSC::JSGlobalObject::visitChildren): Deleted.
330         * runtime/JSGlobalObject.h:
331         (JSC::JSGlobalObject::promiseConstructor): Deleted.
332         (JSC::JSGlobalObject::promisePrototype): Deleted.
333         (JSC::JSGlobalObject::promiseStructure): Deleted.
334         * runtime/JSPromiseConstructor.cpp:
335         (JSC::JSPromiseConstructor::finishCreation):
336         * runtime/JSPromiseDeferred.cpp:
337         (JSC::callFunction):
338         (JSC::JSPromiseDeferred::resolve):
339         (JSC::JSPromiseDeferred::reject):
340         * runtime/JSPromiseDeferred.h:
341         * runtime/JSPromisePrototype.cpp:
342         (JSC::JSPromisePrototype::create):
343         (JSC::JSPromisePrototype::JSPromisePrototype):
344         * runtime/JSPromisePrototype.h:
345
346 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
347
348         Try to fix the CLOOP build.
349
350         Unreviewed.
351
352         * bytecode/CodeBlock.cpp:
353
354 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
355
356         Split InlineCallFrame into its own file
357         https://bugs.webkit.org/show_bug.cgi?id=148131
358
359         Reviewed by Saam Barati.
360
361         * CMakeLists.txt:
362         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
363         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
364         * JavaScriptCore.xcodeproj/project.pbxproj:
365         * bytecode/CallLinkStatus.cpp:
366         * bytecode/CodeBlock.h:
367         (JSC::ExecState::r):
368         (JSC::baselineCodeBlockForInlineCallFrame): Deleted.
369         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): Deleted.
370         * bytecode/CodeOrigin.cpp:
371         (JSC::CodeOrigin::inlineStack):
372         (JSC::CodeOrigin::codeOriginOwner):
373         (JSC::CodeOrigin::stackOffset):
374         (JSC::CodeOrigin::dump):
375         (JSC::CodeOrigin::dumpInContext):
376         (JSC::InlineCallFrame::calleeConstant): Deleted.
377         (JSC::InlineCallFrame::visitAggregate): Deleted.
378         (JSC::InlineCallFrame::calleeForCallFrame): Deleted.
379         (JSC::InlineCallFrame::hash): Deleted.
380         (JSC::InlineCallFrame::hashAsStringIfPossible): Deleted.
381         (JSC::InlineCallFrame::inferredName): Deleted.
382         (JSC::InlineCallFrame::baselineCodeBlock): Deleted.
383         (JSC::InlineCallFrame::dumpBriefFunctionInformation): Deleted.
384         (JSC::InlineCallFrame::dumpInContext): Deleted.
385         (JSC::InlineCallFrame::dump): Deleted.
386         (WTF::printInternal): Deleted.
387         * bytecode/CodeOrigin.h:
388         (JSC::CodeOrigin::deletedMarker):
389         (JSC::CodeOrigin::hash):
390         (JSC::CodeOrigin::operator==):
391         (JSC::CodeOriginHash::hash):
392         (JSC::CodeOriginHash::equal):
393         (JSC::InlineCallFrame::kindFor): Deleted.
394         (JSC::InlineCallFrame::varargsKindFor): Deleted.
395         (JSC::InlineCallFrame::specializationKindFor): Deleted.
396         (JSC::InlineCallFrame::isVarargs): Deleted.
397         (JSC::InlineCallFrame::InlineCallFrame): Deleted.
398         (JSC::InlineCallFrame::specializationKind): Deleted.
399         (JSC::InlineCallFrame::setStackOffset): Deleted.
400         (JSC::InlineCallFrame::callerFrameOffset): Deleted.
401         (JSC::InlineCallFrame::returnPCOffset): Deleted.
402         (JSC::CodeOrigin::stackOffset): Deleted.
403         (JSC::CodeOrigin::codeOriginOwner): Deleted.
404         * bytecode/InlineCallFrame.cpp: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.cpp.
405         (JSC::InlineCallFrame::calleeConstant):
406         (JSC::CodeOrigin::inlineDepthForCallFrame): Deleted.
407         (JSC::CodeOrigin::inlineDepth): Deleted.
408         (JSC::CodeOrigin::isApproximatelyEqualTo): Deleted.
409         (JSC::CodeOrigin::approximateHash): Deleted.
410         (JSC::CodeOrigin::inlineStack): Deleted.
411         (JSC::CodeOrigin::dump): Deleted.
412         (JSC::CodeOrigin::dumpInContext): Deleted.
413         * bytecode/InlineCallFrame.h: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.h.
414         (JSC::InlineCallFrame::isVarargs):
415         (JSC::InlineCallFrame::InlineCallFrame):
416         (JSC::InlineCallFrame::specializationKind):
417         (JSC::baselineCodeBlockForInlineCallFrame):
418         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
419         (JSC::CodeOrigin::CodeOrigin): Deleted.
420         (JSC::CodeOrigin::isSet): Deleted.
421         (JSC::CodeOrigin::operator!): Deleted.
422         (JSC::CodeOrigin::isHashTableDeletedValue): Deleted.
423         (JSC::CodeOrigin::operator!=): Deleted.
424         (JSC::CodeOrigin::deletedMarker): Deleted.
425         (JSC::CodeOrigin::stackOffset): Deleted.
426         (JSC::CodeOrigin::hash): Deleted.
427         (JSC::CodeOrigin::operator==): Deleted.
428         (JSC::CodeOrigin::codeOriginOwner): Deleted.
429         (JSC::CodeOriginHash::hash): Deleted.
430         (JSC::CodeOriginHash::equal): Deleted.
431         (JSC::CodeOriginApproximateHash::hash): Deleted.
432         (JSC::CodeOriginApproximateHash::equal): Deleted.
433         * bytecode/InlineCallFrameSet.cpp:
434         * dfg/DFGCommonData.cpp:
435         * dfg/DFGOSRExitBase.cpp:
436         * dfg/DFGVariableEventStream.cpp:
437         * ftl/FTLOperations.cpp:
438         * interpreter/CallFrame.cpp:
439         * interpreter/StackVisitor.cpp:
440         * jit/AssemblyHelpers.h:
441         * profiler/ProfilerOriginStack.cpp:
442         * runtime/ClonedArguments.cpp:
443
444 2015-08-18  Mark Lam  <mark.lam@apple.com>
445
446         Removed an unused param in Interpreter::initialize().
447         https://bugs.webkit.org/show_bug.cgi?id=148129
448
449         Reviewed by Michael Saboff.
450
451         * interpreter/Interpreter.cpp:
452         (JSC::Interpreter::~Interpreter):
453         (JSC::Interpreter::initialize):
454         * interpreter/Interpreter.h:
455         (JSC::Interpreter::stack):
456         * runtime/VM.cpp:
457         (JSC::VM::VM):
458
459 2015-08-17  Alex Christensen  <achristensen@webkit.org>
460
461         Add const to content extension parser
462         https://bugs.webkit.org/show_bug.cgi?id=148044
463
464         Reviewed by Benjamin Poulain.
465
466         * runtime/JSObject.h:
467         (JSC::JSObject::getIndexQuickly):
468         (JSC::JSObject::tryGetIndexQuickly):
469         (JSC::JSObject::getDirectIndex):
470         (JSC::JSObject::getIndex):
471         Added a few const keywords.
472
473 2015-08-17  Alex Christensen  <achristensen@webkit.org>
474
475         Build Debug Suffix on Windows with CMake
476         https://bugs.webkit.org/show_bug.cgi?id=148083
477
478         Reviewed by Brent Fulgham.
479
480         * CMakeLists.txt:
481         * PlatformWin.cmake:
482         * shell/CMakeLists.txt:
483         * shell/PlatformWin.cmake:
484         Add DEBUG_SUFFIX
485
486 2015-08-17  Saam barati  <sbarati@apple.com>
487
488         Web Inspector: Type profiler return types aren't showing up
489         https://bugs.webkit.org/show_bug.cgi?id=147348
490
491         Reviewed by Brian Burg.
492
493         Bug #145995 changed the starting offset of a function to 
494         be the open parenthesis of the function's parameter list.
495         This broke JSC's type profiler protocol of communicating 
496         return types of a function to the web inspector. This
497         is now fixed. The text offset used in the protocol is now
498         the first letter of the function/get/set/method name.
499         So "f" in "function a() {}", "s" in "set foo(){}", etc.
500
501         * bytecode/CodeBlock.cpp:
502         (JSC::CodeBlock::CodeBlock):
503         * jsc.cpp:
504         (functionReturnTypeFor):
505
506 2015-08-17 Aleksandr Skachkov   <gskachkov@gmail.com>
507
508         [ES6] Implement ES6 arrow function syntax. Arrow function specific features. Lexical bind of this
509         https://bugs.webkit.org/show_bug.cgi?id=144956
510
511         Reviewed by Saam Barati.
512
513         Added support of ES6 arrow function specific feature, lexical bind of this and no constructor. http://wiki.ecmascript.org/doku.php?id=harmony:arrow_function_syntax
514         In patch were implemented the following cases:
515            this - variable |this| is point to the |this| of the function where arrow function is declared. Lexical bind of |this|
516            constructor - the using of the command |new| for arrow function leads to runtime error
517            call(), apply(), bind()  - methods can only pass in arguments, but has no effect on |this| 
518
519
520         * CMakeLists.txt:
521         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
522         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
523         * JavaScriptCore.xcodeproj/project.pbxproj:
524         * bytecode/BytecodeList.json:
525         * bytecode/BytecodeUseDef.h:
526         (JSC::computeUsesForBytecodeOffset):
527         (JSC::computeDefsForBytecodeOffset):
528         * bytecode/CodeBlock.cpp:
529         (JSC::CodeBlock::dumpBytecode):
530         * bytecode/ExecutableInfo.h:
531         (JSC::ExecutableInfo::ExecutableInfo):
532         (JSC::ExecutableInfo::isArrowFunction):
533         * bytecode/UnlinkedCodeBlock.cpp:
534         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
535         * bytecode/UnlinkedCodeBlock.h:
536         (JSC::UnlinkedCodeBlock::isArrowFunction):
537         * bytecode/UnlinkedFunctionExecutable.cpp:
538         (JSC::generateFunctionCodeBlock):
539         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
540         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
541         * bytecode/UnlinkedFunctionExecutable.h:
542         * bytecompiler/BytecodeGenerator.cpp:
543         (JSC::BytecodeGenerator::BytecodeGenerator):
544         (JSC::BytecodeGenerator::emitNewFunctionCommon):
545         (JSC::BytecodeGenerator::emitNewFunctionExpression):
546         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
547         (JSC::BytecodeGenerator::emitLoadArrowFunctionThis):
548         * bytecompiler/BytecodeGenerator.h:
549         * bytecompiler/NodesCodegen.cpp:
550         (JSC::ArrowFuncExprNode::emitBytecode):
551         * dfg/DFGAbstractInterpreterInlines.h:
552         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
553         * dfg/DFGByteCodeParser.cpp:
554         (JSC::DFG::ByteCodeParser::parseBlock):
555         * dfg/DFGCapabilities.cpp:
556         (JSC::DFG::capabilityLevel):
557         * dfg/DFGClobberize.h:
558         (JSC::DFG::clobberize):
559         * dfg/DFGDoesGC.cpp:
560         (JSC::DFG::doesGC):
561         * dfg/DFGFixupPhase.cpp:
562         (JSC::DFG::FixupPhase::fixupNode):
563         * dfg/DFGNode.h:
564         (JSC::DFG::Node::convertToPhantomNewFunction):
565         (JSC::DFG::Node::hasCellOperand):
566         (JSC::DFG::Node::isFunctionAllocation):
567         * dfg/DFGNodeType.h:
568         * dfg/DFGObjectAllocationSinkingPhase.cpp:
569         * dfg/DFGPredictionPropagationPhase.cpp:
570         (JSC::DFG::PredictionPropagationPhase::propagate):
571         * dfg/DFGPromotedHeapLocation.cpp:
572         (WTF::printInternal):
573         * dfg/DFGPromotedHeapLocation.h:
574         * dfg/DFGSafeToExecute.h:
575         (JSC::DFG::safeToExecute):
576         * dfg/DFGSpeculativeJIT.cpp:
577         (JSC::DFG::SpeculativeJIT::compileLoadArrowFunctionThis):
578         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
579         (JSC::DFG::SpeculativeJIT::compileNewFunction):
580         * dfg/DFGSpeculativeJIT.h:
581         (JSC::DFG::SpeculativeJIT::callOperation):
582         * dfg/DFGSpeculativeJIT32_64.cpp:
583         (JSC::DFG::SpeculativeJIT::compile):
584         * dfg/DFGSpeculativeJIT64.cpp:
585         (JSC::DFG::SpeculativeJIT::compile):
586         * dfg/DFGStoreBarrierInsertionPhase.cpp:
587         * dfg/DFGStructureRegistrationPhase.cpp:
588         (JSC::DFG::StructureRegistrationPhase::run):
589         * ftl/FTLAbstractHeapRepository.cpp:
590         * ftl/FTLAbstractHeapRepository.h:
591         * ftl/FTLCapabilities.cpp:
592         (JSC::FTL::canCompile):
593         * ftl/FTLIntrinsicRepository.h:
594         * ftl/FTLLowerDFGToLLVM.cpp:
595         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
596         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewFunction):
597         (JSC::FTL::DFG::LowerDFGToLLVM::compileLoadArrowFunctionThis):
598         * ftl/FTLOperations.cpp:
599         (JSC::FTL::operationMaterializeObjectInOSR):
600         * interpreter/Interpreter.cpp:
601         * interpreter/Interpreter.h:
602         * jit/CCallHelpers.h:
603         (JSC::CCallHelpers::setupArgumentsWithExecState): Added 3 arguments version for windows build.
604         * jit/JIT.cpp:
605         (JSC::JIT::privateCompileMainPass):
606         * jit/JIT.h:
607         * jit/JITInlines.h:
608         (JSC::JIT::callOperation):
609         * jit/JITOpcodes.cpp:
610         (JSC::JIT::emit_op_load_arrowfunction_this):
611         (JSC::JIT::emit_op_new_func_exp):
612         (JSC::JIT::emitNewFuncExprCommon):
613         (JSC::JIT::emit_op_new_arrow_func_exp):
614         * jit/JITOpcodes32_64.cpp:
615         (JSC::JIT::emit_op_load_arrowfunction_this):
616         * jit/JITOperations.cpp:
617         * jit/JITOperations.h:
618         * llint/LLIntOffsetsExtractor.cpp:
619         * llint/LLIntSlowPaths.cpp:
620         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
621         (JSC::LLInt::setUpCall):
622         * llint/LLIntSlowPaths.h:
623         * llint/LowLevelInterpreter.asm:
624         * llint/LowLevelInterpreter32_64.asm:
625         * llint/LowLevelInterpreter64.asm:
626         * parser/ASTBuilder.h:
627         (JSC::ASTBuilder::createFunctionMetadata):
628         (JSC::ASTBuilder::createArrowFunctionExpr):
629         * parser/NodeConstructors.h:
630         (JSC::BaseFuncExprNode::BaseFuncExprNode):
631         (JSC::FuncExprNode::FuncExprNode):
632         (JSC::ArrowFuncExprNode::ArrowFuncExprNode):
633         * parser/Nodes.cpp:
634         (JSC::FunctionMetadataNode::FunctionMetadataNode):
635         * parser/Nodes.h:
636         (JSC::ExpressionNode::isArrowFuncExprNode):
637         * parser/Parser.cpp:
638         (JSC::Parser<LexerType>::parseFunctionBody):
639         (JSC::Parser<LexerType>::parseFunctionInfo):
640         * parser/SyntaxChecker.h:
641         (JSC::SyntaxChecker::createFunctionMetadata):
642         * runtime/Executable.cpp:
643         (JSC::ScriptExecutable::newCodeBlockFor):
644         * runtime/Executable.h:
645         * runtime/JSArrowFunction.cpp: Added.
646         (JSC::JSArrowFunction::destroy):
647         (JSC::JSArrowFunction::create):
648         (JSC::JSArrowFunction::JSArrowFunction):
649         (JSC::JSArrowFunction::createWithInvalidatedReallocationWatchpoint):
650         (JSC::JSArrowFunction::visitChildren):
651         (JSC::JSArrowFunction::getConstructData):
652         * runtime/JSArrowFunction.h: Added.
653         (JSC::JSArrowFunction::allocationSize):
654         (JSC::JSArrowFunction::createImpl):
655         (JSC::JSArrowFunction::boundThis):
656         (JSC::JSArrowFunction::createStructure):
657         (JSC::JSArrowFunction::offsetOfThisValue):
658         * runtime/JSFunction.h:
659         * runtime/JSFunctionInlines.h:
660         (JSC::JSFunction::JSFunction):
661         * runtime/JSGlobalObject.cpp:
662         (JSC::JSGlobalObject::init):
663         (JSC::JSGlobalObject::visitChildren):
664         * runtime/JSGlobalObject.h:
665         (JSC::JSGlobalObject::arrowFunctionStructure):
666         * tests/stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js: Added.
667         * tests/stress/arrowfunction-activation-sink-osrexit-default-value.js: Added.
668         * tests/stress/arrowfunction-activation-sink-osrexit.js: Added.
669         * tests/stress/arrowfunction-activation-sink.js: Added.
670         * tests/stress/arrowfunction-bound.js: Added.
671         * tests/stress/arrowfunction-call.js: Added.
672         * tests/stress/arrowfunction-constructor.js: Added.
673         * tests/stress/arrowfunction-lexical-bind-this-1.js: Added.
674         * tests/stress/arrowfunction-lexical-bind-this-2.js: Added.
675         * tests/stress/arrowfunction-lexical-bind-this-3.js: Added.
676         * tests/stress/arrowfunction-lexical-bind-this-4.js: Added.
677         * tests/stress/arrowfunction-lexical-bind-this-5.js: Added.
678         * tests/stress/arrowfunction-lexical-bind-this-6.js: Added.
679         * tests/stress/arrowfunction-lexical-this-activation-sink-osrexit.js: Added.
680         * tests/stress/arrowfunction-lexical-this-activation-sink.js: Added.
681         * tests/stress/arrowfunction-lexical-this-sinking-no-double-allocate.js: Added.
682         * tests/stress/arrowfunction-lexical-this-sinking-osrexit.js: Added.
683         * tests/stress/arrowfunction-lexical-this-sinking-put.js: Added.
684         * tests/stress/arrowfunction-others.js: Added.
685         * tests/stress/arrowfunction-run-10-1.js: Added.
686         * tests/stress/arrowfunction-run-10-2.js: Added.
687         * tests/stress/arrowfunction-run-10000-1.js: Added.
688         * tests/stress/arrowfunction-run-10000-2.js: Added.
689         * tests/stress/arrowfunction-sinking-no-double-allocate.js: Added.
690         * tests/stress/arrowfunction-sinking-osrexit.js: Added.
691         * tests/stress/arrowfunction-sinking-put.js: Added.
692         * tests/stress/arrowfunction-tdz.js: Added.
693         * tests/stress/arrowfunction-typeof.js: Added.
694
695 2015-07-28  Sam Weinig  <sam@webkit.org>
696
697         Cleanup the builtin JavaScript files
698         https://bugs.webkit.org/show_bug.cgi?id=147382
699
700         Reviewed by Geoffrey Garen.
701
702         * builtins/Array.prototype.js:
703         * builtins/ArrayConstructor.js:
704         * builtins/ArrayIterator.prototype.js:
705         * builtins/Function.prototype.js:
706         * builtins/Iterator.prototype.js:
707         * builtins/ObjectConstructor.js:
708         * builtins/StringConstructor.js:
709         * builtins/StringIterator.prototype.js:
710         Unify the style of the built JavaScript files.
711
712 2015-08-17  Alex Christensen  <achristensen@webkit.org>
713
714         Move some commands from ./CMakeLists.txt to Source/cmake
715         https://bugs.webkit.org/show_bug.cgi?id=148003
716
717         Reviewed by Brent Fulgham.
718
719         * CMakeLists.txt:
720         Added commands needed to build JSC by itself.
721
722 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
723
724         [ES6] Implement Reflect.get
725         https://bugs.webkit.org/show_bug.cgi?id=147925
726
727         Reviewed by Geoffrey Garen.
728
729         This patch implements Reflect.get API.
730         It can take the receiver object as the third argument.
731         When the receiver is specified and there's a getter for the given property name,
732         we call the getter with the receiver as the |this| value.
733
734         * runtime/ReflectObject.cpp:
735         (JSC::reflectObjectGet):
736         * runtime/SparseArrayValueMap.cpp:
737         (JSC::SparseArrayEntry::get): Deleted.
738         * runtime/SparseArrayValueMap.h:
739         * tests/stress/reflect-get.js: Added.
740         (shouldBe):
741         (shouldThrow):
742         (.get shouldThrow):
743         (.get var):
744         (get var.object.get hello):
745         (.get shouldBe):
746         (get var.object.set hello):
747
748 2015-08-17  Simon Fraser  <simon.fraser@apple.com>
749
750         will-change should sometimes trigger compositing
751         https://bugs.webkit.org/show_bug.cgi?id=148072
752
753         Reviewed by Tim Horton.
754         
755         Include will-change as a reason for compositing.
756
757         * inspector/protocol/LayerTree.json:
758
759 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
760
761         [ES6] Implement Reflect.getOwnPropertyDescriptor
762         https://bugs.webkit.org/show_bug.cgi?id=147929
763
764         Reviewed by Geoffrey Garen.
765
766         Implement Reflect.getOwnPropertyDescriptor.
767         The difference from the Object.getOwnPropertyDescriptor is
768         Reflect.getOwnPropertyDescriptor does not perform ToObject onto
769         the first argument. If the first argument is not an Object, it
770         immediately raises the TypeError.
771
772         * runtime/ObjectConstructor.cpp:
773         (JSC::objectConstructorGetOwnPropertyDescriptor):
774         * runtime/ObjectConstructor.h:
775         * runtime/ReflectObject.cpp:
776         (JSC::reflectObjectGetOwnPropertyDescriptor):
777         * tests/stress/reflect-get-own-property.js: Added.
778         (shouldBe):
779         (shouldThrow):
780
781 2015-08-16  Benjamin Poulain  <bpoulain@apple.com>
782
783         [JSC] Use (x + x) instead of (x * 2) when possible
784         https://bugs.webkit.org/show_bug.cgi?id=148051
785
786         Reviewed by Michael Saboff.
787
788         When multiplying a number by 2, JSC was loading a constant "2"
789         in register and multiplying it with the first number:
790
791             mov $0x4000000000000000, %rcx
792             movd %rcx, %xmm0
793             mulsd %xmm0, %xmm1
794
795         This is a problem for a few reasons.
796         1) "movd %rcx, %xmm0" only set half of XMM0. This instruction
797            has to wait for any preceding instruction on XMM0 to finish
798            before executing.
799         2) The load and transform itself is large and unecessary.
800
801         To fix that, I added a StrengthReductionPhase to transform
802         multiplications by 2 into a addition.
803
804         Unfortunately, that turned the code into:
805             movsd %xmm0 %xmm1
806             mulsd %xmm1 %xmm0
807
808         The reason is GenerationInfo::canReuse() was not accounting
809         for nodes using other nodes multiple times.
810
811         After fixing that too, we now have the multiplications by 2
812         done as:
813             addsd %xmm0 %xmm0
814
815         * dfg/DFGGenerationInfo.h:
816         (JSC::DFG::GenerationInfo::useCount):
817         (JSC::DFG::GenerationInfo::canReuse): Deleted.
818         * dfg/DFGSpeculativeJIT.cpp:
819         (JSC::DFG::FPRTemporary::FPRTemporary):
820         * dfg/DFGSpeculativeJIT.h:
821         (JSC::DFG::SpeculativeJIT::canReuse):
822         (JSC::DFG::GPRTemporary::GPRTemporary):
823         * dfg/DFGStrengthReductionPhase.cpp:
824         (JSC::DFG::StrengthReductionPhase::handleNode):
825
826 2015-08-14  Basile Clement  <basile_clement@apple.com>
827
828         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
829         https://bugs.webkit.org/show_bug.cgi?id=147165
830
831         Reviewed by Saam Barati.
832
833         The object allocation sinking phase was not properly checking that a
834         MultiGetByOffset was safe to lower before lowering it.
835         This makes it so that we only lower MultiGetByOffset if it only loads
836         from direct properties of the object, and considers it as an escape in
837         any other case (e.g. a load from the prototype).
838
839         It also ensure proper conversion of MultiGetByOffset into
840         CheckStructureImmediate when needed.
841
842         * dfg/DFGObjectAllocationSinkingPhase.cpp:
843         * ftl/FTLLowerDFGToLLVM.cpp:
844         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
845             We were not compiling properly CheckStructure and
846             CheckStructureImmediate nodes with an empty StructureSet.
847         * tests/stress/sink-multigetbyoffset.js: Regression test.
848
849 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
850
851         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
852         https://bugs.webkit.org/show_bug.cgi?id=147999
853
854         Reviewed by Geoffrey Garen.
855
856         * API/JSVirtualMachine.mm:
857         (initWrapperCache):
858         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
859         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
860         (wrapperCacheMutex): Deleted.
861         * bytecode/SamplingTool.cpp:
862         (JSC::SamplingTool::doRun):
863         (JSC::SamplingTool::notifyOfScope):
864         * bytecode/SamplingTool.h:
865         * dfg/DFGThreadData.h:
866         * dfg/DFGWorklist.cpp:
867         (JSC::DFG::Worklist::~Worklist):
868         (JSC::DFG::Worklist::isActiveForVM):
869         (JSC::DFG::Worklist::enqueue):
870         (JSC::DFG::Worklist::compilationState):
871         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
872         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
873         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
874         (JSC::DFG::Worklist::visitWeakReferences):
875         (JSC::DFG::Worklist::removeDeadPlans):
876         (JSC::DFG::Worklist::queueLength):
877         (JSC::DFG::Worklist::dump):
878         (JSC::DFG::Worklist::runThread):
879         * dfg/DFGWorklist.h:
880         * disassembler/Disassembler.cpp:
881         * heap/CopiedSpace.cpp:
882         (JSC::CopiedSpace::doneFillingBlock):
883         (JSC::CopiedSpace::doneCopying):
884         * heap/CopiedSpace.h:
885         * heap/CopiedSpaceInlines.h:
886         (JSC::CopiedSpace::recycleBorrowedBlock):
887         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
888         * heap/GCThread.cpp:
889         (JSC::GCThread::waitForNextPhase):
890         (JSC::GCThread::gcThreadMain):
891         * heap/GCThreadSharedData.cpp:
892         (JSC::GCThreadSharedData::GCThreadSharedData):
893         (JSC::GCThreadSharedData::~GCThreadSharedData):
894         (JSC::GCThreadSharedData::startNextPhase):
895         (JSC::GCThreadSharedData::endCurrentPhase):
896         (JSC::GCThreadSharedData::didStartMarking):
897         (JSC::GCThreadSharedData::didFinishMarking):
898         * heap/GCThreadSharedData.h:
899         * heap/HeapTimer.h:
900         * heap/MachineStackMarker.cpp:
901         (JSC::ActiveMachineThreadsManager::Locker::Locker):
902         (JSC::ActiveMachineThreadsManager::add):
903         (JSC::ActiveMachineThreadsManager::remove):
904         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
905         (JSC::MachineThreads::~MachineThreads):
906         (JSC::MachineThreads::addCurrentThread):
907         (JSC::MachineThreads::removeThreadIfFound):
908         (JSC::MachineThreads::tryCopyOtherThreadStack):
909         (JSC::MachineThreads::tryCopyOtherThreadStacks):
910         (JSC::MachineThreads::gatherConservativeRoots):
911         * heap/MachineStackMarker.h:
912         * heap/SlotVisitor.cpp:
913         (JSC::SlotVisitor::donateKnownParallel):
914         (JSC::SlotVisitor::drain):
915         (JSC::SlotVisitor::drainFromShared):
916         (JSC::SlotVisitor::mergeOpaqueRoots):
917         * heap/SlotVisitorInlines.h:
918         (JSC::SlotVisitor::containsOpaqueRootTriState):
919         * inspector/remote/RemoteInspectorDebuggableConnection.h:
920         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
921         (Inspector::RemoteInspectorHandleRunSourceGlobal):
922         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
923         (Inspector::RemoteInspectorInitializeGlobalQueue):
924         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
925         (Inspector::RemoteInspectorDebuggableConnection::setup):
926         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
927         (Inspector::RemoteInspectorDebuggableConnection::close):
928         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
929         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
930         * interpreter/JSStack.cpp:
931         (JSC::JSStack::JSStack):
932         (JSC::JSStack::releaseExcessCapacity):
933         (JSC::JSStack::addToCommittedByteCount):
934         (JSC::JSStack::committedByteCount):
935         (JSC::stackStatisticsMutex): Deleted.
936         (JSC::JSStack::initializeThreading): Deleted.
937         * interpreter/JSStack.h:
938         (JSC::JSStack::gatherConservativeRoots):
939         (JSC::JSStack::sanitizeStack):
940         (JSC::JSStack::size):
941         (JSC::JSStack::initializeThreading): Deleted.
942         * jit/ExecutableAllocator.cpp:
943         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
944         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
945         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
946         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
947         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
948         (JSC::DemandExecutableAllocator::allocators):
949         (JSC::DemandExecutableAllocator::allocatorsMutex):
950         * jit/JITThunks.cpp:
951         (JSC::JITThunks::ctiStub):
952         * jit/JITThunks.h:
953         * profiler/ProfilerDatabase.cpp:
954         (JSC::Profiler::Database::ensureBytecodesFor):
955         (JSC::Profiler::Database::notifyDestruction):
956         * profiler/ProfilerDatabase.h:
957         * runtime/InitializeThreading.cpp:
958         (JSC::initializeThreading):
959         * runtime/JSLock.cpp:
960         (JSC::GlobalJSLock::GlobalJSLock):
961         (JSC::GlobalJSLock::~GlobalJSLock):
962         (JSC::JSLockHolder::JSLockHolder):
963         (JSC::GlobalJSLock::initialize): Deleted.
964         * runtime/JSLock.h:
965
966 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
967
968         ES6 class syntax should allow computed name method
969         https://bugs.webkit.org/show_bug.cgi?id=142690
970
971         Reviewed by Saam Barati.
972
973         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
974         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
975         getters and setters for classes. Without this, getters and setters could erroneously override methods.
976
977         * bytecode/BytecodeList.json:
978         * bytecode/BytecodeUseDef.h:
979         (JSC::computeUsesForBytecodeOffset):
980         * bytecode/CodeBlock.cpp:
981         (JSC::CodeBlock::dumpBytecode):
982         * bytecompiler/BytecodeGenerator.cpp:
983         (JSC::BytecodeGenerator::emitDirectPutById):
984         (JSC::BytecodeGenerator::emitPutGetterById):
985         (JSC::BytecodeGenerator::emitPutSetterById):
986         (JSC::BytecodeGenerator::emitPutGetterSetter):
987         * bytecompiler/BytecodeGenerator.h:
988         * bytecompiler/NodesCodegen.cpp:
989         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
990         as done for object literals.
991         (JSC::PropertyListNode::emitPutConstantProperty):
992         (JSC::ClassExprNode::emitBytecode):
993         * jit/CCallHelpers.h:
994         (JSC::CCallHelpers::setupArgumentsWithExecState):
995         * jit/JIT.h:
996         * jit/JITInlines.h:
997         (JSC::JIT::callOperation):
998         * jit/JITOperations.cpp:
999         * jit/JITOperations.h:
1000         * jit/JITPropertyAccess.cpp:
1001         (JSC::JIT::emit_op_put_getter_by_id):
1002         (JSC::JIT::emit_op_put_setter_by_id):
1003         (JSC::JIT::emit_op_put_getter_setter):
1004         (JSC::JIT::emit_op_del_by_id):
1005         * jit/JITPropertyAccess32_64.cpp:
1006         (JSC::JIT::emit_op_put_getter_by_id):
1007         (JSC::JIT::emit_op_put_setter_by_id):
1008         (JSC::JIT::emit_op_put_getter_setter):
1009         (JSC::JIT::emit_op_del_by_id):
1010         * llint/LLIntSlowPaths.cpp:
1011         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1012         * llint/LowLevelInterpreter.asm:
1013         * parser/ASTBuilder.h:
1014         (JSC::ASTBuilder::createProperty):
1015         (JSC::ASTBuilder::createPropertyList):
1016         * parser/NodeConstructors.h:
1017         (JSC::PropertyNode::PropertyNode):
1018         * parser/Nodes.h:
1019         (JSC::PropertyNode::expressionName):
1020         (JSC::PropertyNode::name):
1021         * parser/Parser.cpp:
1022         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
1023         for getters and setters.
1024         * parser/SyntaxChecker.h:
1025         (JSC::SyntaxChecker::createProperty):
1026         * runtime/JSObject.cpp:
1027         (JSC::JSObject::allowsAccessFrom):
1028         (JSC::JSObject::putGetter):
1029         (JSC::JSObject::putSetter):
1030         * runtime/JSObject.h:
1031         * runtime/PropertyDescriptor.h:
1032
1033 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1034
1035         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
1036         https://bugs.webkit.org/show_bug.cgi?id=147942
1037
1038         Reviewed by Geoffrey Garen.
1039
1040         This patch adds new private global object, @InspectorInstrumentation.
1041         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
1042         instrumentation system and it is used to instrument the builtin JS code, like Promises.
1043
1044         * CMakeLists.txt:
1045         * DerivedSources.make:
1046         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1047         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1048         * JavaScriptCore.xcodeproj/project.pbxproj:
1049         * builtins/InspectorInstrumentationObject.js: Added.
1050         (debug):
1051         (promiseFulfilled):
1052         (promiseRejected):
1053         * builtins/Operations.Promise.js:
1054         (rejectPromise):
1055         (fulfillPromise):
1056         * runtime/CommonIdentifiers.h:
1057         * runtime/InspectorInstrumentationObject.cpp: Added.
1058         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
1059         (JSC::InspectorInstrumentationObject::finishCreation):
1060         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
1061         (JSC::InspectorInstrumentationObject::isEnabled):
1062         (JSC::InspectorInstrumentationObject::enable):
1063         (JSC::InspectorInstrumentationObject::disable):
1064         (JSC::inspectorInstrumentationObjectDataLogImpl):
1065         * runtime/InspectorInstrumentationObject.h: Added.
1066         (JSC::InspectorInstrumentationObject::create):
1067         (JSC::InspectorInstrumentationObject::createStructure):
1068         * runtime/JSGlobalObject.cpp:
1069         (JSC::JSGlobalObject::init):
1070
1071 2015-08-14  Commit Queue  <commit-queue@webkit.org>
1072
1073         Unreviewed, rolling out r188444.
1074         https://bugs.webkit.org/show_bug.cgi?id=148029
1075
1076         Broke GTK and EFL (see bug #148027) (Requested by philn on
1077         #webkit).
1078
1079         Reverted changeset:
1080
1081         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
1082         WTF::ThreadCondition, std::mutex, and std::condition_variable"
1083         https://bugs.webkit.org/show_bug.cgi?id=147999
1084         http://trac.webkit.org/changeset/188444
1085
1086 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
1087
1088         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
1089         https://bugs.webkit.org/show_bug.cgi?id=147999
1090
1091         Reviewed by Geoffrey Garen.
1092
1093         * API/JSVirtualMachine.mm:
1094         (initWrapperCache):
1095         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
1096         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
1097         (wrapperCacheMutex): Deleted.
1098         * bytecode/SamplingTool.cpp:
1099         (JSC::SamplingTool::doRun):
1100         (JSC::SamplingTool::notifyOfScope):
1101         * bytecode/SamplingTool.h:
1102         * dfg/DFGThreadData.h:
1103         * dfg/DFGWorklist.cpp:
1104         (JSC::DFG::Worklist::~Worklist):
1105         (JSC::DFG::Worklist::isActiveForVM):
1106         (JSC::DFG::Worklist::enqueue):
1107         (JSC::DFG::Worklist::compilationState):
1108         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1109         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1110         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1111         (JSC::DFG::Worklist::visitWeakReferences):
1112         (JSC::DFG::Worklist::removeDeadPlans):
1113         (JSC::DFG::Worklist::queueLength):
1114         (JSC::DFG::Worklist::dump):
1115         (JSC::DFG::Worklist::runThread):
1116         * dfg/DFGWorklist.h:
1117         * disassembler/Disassembler.cpp:
1118         * heap/CopiedSpace.cpp:
1119         (JSC::CopiedSpace::doneFillingBlock):
1120         (JSC::CopiedSpace::doneCopying):
1121         * heap/CopiedSpace.h:
1122         * heap/CopiedSpaceInlines.h:
1123         (JSC::CopiedSpace::recycleBorrowedBlock):
1124         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1125         * heap/GCThread.cpp:
1126         (JSC::GCThread::waitForNextPhase):
1127         (JSC::GCThread::gcThreadMain):
1128         * heap/GCThreadSharedData.cpp:
1129         (JSC::GCThreadSharedData::GCThreadSharedData):
1130         (JSC::GCThreadSharedData::~GCThreadSharedData):
1131         (JSC::GCThreadSharedData::startNextPhase):
1132         (JSC::GCThreadSharedData::endCurrentPhase):
1133         (JSC::GCThreadSharedData::didStartMarking):
1134         (JSC::GCThreadSharedData::didFinishMarking):
1135         * heap/GCThreadSharedData.h:
1136         * heap/HeapTimer.h:
1137         * heap/MachineStackMarker.cpp:
1138         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1139         (JSC::ActiveMachineThreadsManager::add):
1140         (JSC::ActiveMachineThreadsManager::remove):
1141         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1142         (JSC::MachineThreads::~MachineThreads):
1143         (JSC::MachineThreads::addCurrentThread):
1144         (JSC::MachineThreads::removeThreadIfFound):
1145         (JSC::MachineThreads::tryCopyOtherThreadStack):
1146         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1147         (JSC::MachineThreads::gatherConservativeRoots):
1148         * heap/MachineStackMarker.h:
1149         * heap/SlotVisitor.cpp:
1150         (JSC::SlotVisitor::donateKnownParallel):
1151         (JSC::SlotVisitor::drain):
1152         (JSC::SlotVisitor::drainFromShared):
1153         (JSC::SlotVisitor::mergeOpaqueRoots):
1154         * heap/SlotVisitorInlines.h:
1155         (JSC::SlotVisitor::containsOpaqueRootTriState):
1156         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1157         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1158         (Inspector::RemoteInspectorHandleRunSourceGlobal):
1159         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
1160         (Inspector::RemoteInspectorInitializeGlobalQueue):
1161         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
1162         (Inspector::RemoteInspectorDebuggableConnection::setup):
1163         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
1164         (Inspector::RemoteInspectorDebuggableConnection::close):
1165         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
1166         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
1167         * interpreter/JSStack.cpp:
1168         (JSC::JSStack::JSStack):
1169         (JSC::JSStack::releaseExcessCapacity):
1170         (JSC::JSStack::addToCommittedByteCount):
1171         (JSC::JSStack::committedByteCount):
1172         (JSC::stackStatisticsMutex): Deleted.
1173         (JSC::JSStack::initializeThreading): Deleted.
1174         * interpreter/JSStack.h:
1175         (JSC::JSStack::gatherConservativeRoots):
1176         (JSC::JSStack::sanitizeStack):
1177         (JSC::JSStack::size):
1178         (JSC::JSStack::initializeThreading): Deleted.
1179         * jit/ExecutableAllocator.cpp:
1180         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
1181         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
1182         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
1183         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
1184         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
1185         (JSC::DemandExecutableAllocator::allocators):
1186         (JSC::DemandExecutableAllocator::allocatorsMutex):
1187         * jit/JITThunks.cpp:
1188         (JSC::JITThunks::ctiStub):
1189         * jit/JITThunks.h:
1190         * profiler/ProfilerDatabase.cpp:
1191         (JSC::Profiler::Database::ensureBytecodesFor):
1192         (JSC::Profiler::Database::notifyDestruction):
1193         * profiler/ProfilerDatabase.h:
1194         * runtime/InitializeThreading.cpp:
1195         (JSC::initializeThreading):
1196         * runtime/JSLock.cpp:
1197         (JSC::GlobalJSLock::GlobalJSLock):
1198         (JSC::GlobalJSLock::~GlobalJSLock):
1199         (JSC::JSLockHolder::JSLockHolder):
1200         (JSC::GlobalJSLock::initialize): Deleted.
1201         * runtime/JSLock.h:
1202
1203 2015-08-13  Commit Queue  <commit-queue@webkit.org>
1204
1205         Unreviewed, rolling out r188428.
1206         https://bugs.webkit.org/show_bug.cgi?id=148015
1207
1208         broke cmake build (Requested by alexchristensen on #webkit).
1209
1210         Reverted changeset:
1211
1212         "Move some commands from ./CMakeLists.txt to Source/cmake"
1213         https://bugs.webkit.org/show_bug.cgi?id=148003
1214         http://trac.webkit.org/changeset/188428
1215
1216 2015-08-13  Commit Queue  <commit-queue@webkit.org>
1217
1218         Unreviewed, rolling out r188431.
1219         https://bugs.webkit.org/show_bug.cgi?id=148013
1220
1221         JSC headers are too hard to understand (Requested by smfr on
1222         #webkit).
1223
1224         Reverted changeset:
1225
1226         "Remove a few includes from JSGlobalObject.h"
1227         https://bugs.webkit.org/show_bug.cgi?id=148004
1228         http://trac.webkit.org/changeset/188431
1229
1230 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
1231
1232         [JSC] Add support for GetByVal on arrays of Undecided shape
1233         https://bugs.webkit.org/show_bug.cgi?id=147814
1234
1235         Reviewed by Filip Pizlo.
1236
1237         Previously, GetByVal on Array::Undecided would just take
1238         the generic path. The problem is the generic path is so
1239         slow that it could take a significant amount of time
1240         even for unfrequent accesses.
1241
1242         With this patch, if the following conditions are met,
1243         the GetByVal just returns a "undefined" constant:
1244         -The object is an OriginalArray.
1245         -The prototype chain is sane.
1246         -The index is an integer.
1247         -The integer is positive (runtime check).
1248
1249         Ideally, the 4th conditions should be removed
1250         deducing a compile-time constant gives us so much better
1251         opportunities at getting rid of this code.
1252
1253         There are two cases where this patch removes the runtime
1254         check:
1255         -If the index is constant (uncommon but easy)
1256         -If the index is within a range known to be positive.
1257          (common case and made possible with DFGIntegerRangeOptimizationPhase).
1258
1259         When we get into those cases, DFG just nukes everything
1260         and all we have left is a structure check :)
1261
1262         This patch is a 14% improvement on audio-beat-detection,
1263         a few percent faster here and there and no regression.
1264
1265         * dfg/DFGAbstractInterpreterInlines.h:
1266         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1267         If the index is a positive constant, we can get rid of the GetByVal
1268         entirely. :)
1269
1270         * dfg/DFGArrayMode.cpp:
1271         (JSC::DFG::ArrayMode::fromObserved):
1272         The returned type is now Array::Undecided + profiling information.
1273         The useful type is set in ArrayMode::refine().
1274
1275         (JSC::DFG::ArrayMode::refine):
1276         If we meet the particular set conditions, we speculate an Undecided
1277         array type with sane chain. Anything else comes back to Generic.
1278
1279         (JSC::DFG::ArrayMode::originalArrayStructure):
1280         To enable the structure check for Undecided array.
1281
1282         (JSC::DFG::ArrayMode::alreadyChecked):
1283         * dfg/DFGArrayMode.h:
1284         (JSC::DFG::ArrayMode::withProfile):
1285         (JSC::DFG::ArrayMode::canCSEStorage):
1286         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
1287         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
1288         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
1289
1290         * dfg/DFGByteCodeParser.cpp:
1291         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
1292         This is somewhat unrelated.
1293
1294         Having Array::Undecided on ArrayPush was impossible before
1295         since ArrayMode::fromObserved() used to return Array::Generic.
1296
1297         Now that Array::Undecided is possible, we must make sure not
1298         to provide it to ArrayPush since there is no code to handle it
1299         properly.
1300
1301         * dfg/DFGClobberize.h:
1302         (JSC::DFG::clobberize):
1303         The operation only depends on the index, it is pure.
1304
1305         * dfg/DFGFixupPhase.cpp:
1306         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1307         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1308         * dfg/DFGSpeculativeJIT.cpp:
1309         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
1310         (JSC::DFG::SpeculativeJIT::checkArray):
1311         * dfg/DFGSpeculativeJIT32_64.cpp:
1312         (JSC::DFG::SpeculativeJIT::compile):
1313         * dfg/DFGSpeculativeJIT64.cpp:
1314         (JSC::DFG::SpeculativeJIT::compile):
1315         * ftl/FTLCapabilities.cpp:
1316         (JSC::FTL::canCompile):
1317         * ftl/FTLLowerDFGToLLVM.cpp:
1318         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
1319         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
1320         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
1321         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
1322         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
1323         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
1324         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
1325         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
1326
1327 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
1328
1329         Remove a few includes from JSGlobalObject.h
1330         https://bugs.webkit.org/show_bug.cgi?id=148004
1331
1332         Reviewed by Tim Horton.
1333         
1334         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
1335
1336         * parser/VariableEnvironment.cpp:
1337         * parser/VariableEnvironment.h:
1338         * runtime/JSGlobalObject.h:
1339         * runtime/Structure.h:
1340         * runtime/StructureInlines.h:
1341
1342 2015-08-13  Alex Christensen  <achristensen@webkit.org>
1343
1344         Move some commands from ./CMakeLists.txt to Source/cmake
1345         https://bugs.webkit.org/show_bug.cgi?id=148003
1346
1347         Reviewed by Brent Fulgham.
1348
1349         * CMakeLists.txt:
1350         Added commands needed to build JSC by itself.
1351
1352 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1353
1354         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
1355         https://bugs.webkit.org/show_bug.cgi?id=147353
1356
1357         Reviewed by Saam Barati.
1358
1359         This is the follow-up patch after r188355.
1360         It includes the following changes.
1361
1362         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
1363         - Make SourceParseMode to C++ strongly-typed enum.
1364         - Fix the comments.
1365         - Rename ModuleSpecifier to ModuleName.
1366         - Add the type name `ImportEntry` before the C++11 uniform initialization.
1367         - Fix the thrown message for duplicate 'default' names.
1368         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
1369
1370         * API/JSScriptRef.cpp:
1371         (parseScript):
1372         * builtins/BuiltinExecutables.cpp:
1373         (JSC::BuiltinExecutables::createExecutableInternal):
1374         * bytecode/UnlinkedFunctionExecutable.cpp:
1375         (JSC::generateFunctionCodeBlock):
1376         * bytecode/UnlinkedFunctionExecutable.h:
1377         * bytecompiler/BytecodeGenerator.h:
1378         (JSC::BytecodeGenerator::makeFunction):
1379         * parser/ASTBuilder.h:
1380         (JSC::ASTBuilder::createFunctionMetadata):
1381         (JSC::ASTBuilder::createModuleName):
1382         (JSC::ASTBuilder::createImportDeclaration):
1383         (JSC::ASTBuilder::createExportAllDeclaration):
1384         (JSC::ASTBuilder::createExportNamedDeclaration):
1385         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
1386         * parser/ModuleAnalyzer.cpp:
1387         (JSC::ModuleAnalyzer::analyze):
1388         * parser/NodeConstructors.h:
1389         (JSC::ModuleNameNode::ModuleNameNode):
1390         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1391         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1392         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1393         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
1394         * parser/Nodes.cpp:
1395         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1396         * parser/Nodes.h:
1397         (JSC::StatementNode::isModuleDeclarationNode):
1398         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
1399         (JSC::ImportDeclarationNode::moduleName):
1400         (JSC::ExportAllDeclarationNode::moduleName):
1401         (JSC::ExportNamedDeclarationNode::moduleName):
1402         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
1403         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
1404         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
1405         * parser/NodesAnalyzeModule.cpp:
1406         (JSC::SourceElements::analyzeModule):
1407         (JSC::ImportDeclarationNode::analyzeModule):
1408         (JSC::ExportAllDeclarationNode::analyzeModule):
1409         (JSC::ExportNamedDeclarationNode::analyzeModule):
1410         * parser/Parser.cpp:
1411         (JSC::Parser<LexerType>::Parser):
1412         (JSC::Parser<LexerType>::parseInner):
1413         (JSC::Parser<LexerType>::parseModuleSourceElements):
1414         (JSC::Parser<LexerType>::parseFunctionBody):
1415         (JSC::stringForFunctionMode):
1416         (JSC::Parser<LexerType>::parseFunctionParameters):
1417         (JSC::Parser<LexerType>::parseFunctionInfo):
1418         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1419         (JSC::Parser<LexerType>::parseClass):
1420         (JSC::Parser<LexerType>::parseModuleName):
1421         (JSC::Parser<LexerType>::parseImportDeclaration):
1422         (JSC::Parser<LexerType>::parseExportDeclaration):
1423         (JSC::Parser<LexerType>::parsePropertyMethod):
1424         (JSC::Parser<LexerType>::parseGetterSetter):
1425         (JSC::Parser<LexerType>::parsePrimaryExpression):
1426         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
1427         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
1428         * parser/Parser.h:
1429         (JSC::Parser<LexerType>::parse):
1430         (JSC::parse):
1431         * parser/ParserModes.h:
1432         (JSC::isFunctionParseMode):
1433         (JSC::isModuleParseMode):
1434         (JSC::isProgramParseMode):
1435         * parser/SyntaxChecker.h:
1436         (JSC::SyntaxChecker::createFunctionMetadata):
1437         (JSC::SyntaxChecker::createModuleName):
1438         (JSC::SyntaxChecker::createImportDeclaration):
1439         (JSC::SyntaxChecker::createExportAllDeclaration):
1440         (JSC::SyntaxChecker::createExportNamedDeclaration):
1441         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
1442         * runtime/CodeCache.cpp:
1443         (JSC::CodeCache::getGlobalCodeBlock):
1444         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1445         * runtime/Completion.cpp:
1446         (JSC::checkSyntax):
1447         (JSC::checkModuleSyntax):
1448         * runtime/Executable.cpp:
1449         (JSC::ProgramExecutable::checkSyntax):
1450         * tests/stress/modules-syntax-error-with-names.js:
1451
1452 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
1453
1454         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
1455         https://bugs.webkit.org/show_bug.cgi?id=147966
1456
1457         Reviewed by Timothy Hatcher.
1458
1459         * inspector/InjectedScriptSource.js:
1460         (InjectedScript.prototype._initialPreview):
1461         Renamed to initial preview. This is not a complete preview for
1462         this object, and it needs some processing in order to be a
1463         complete accurate preview.
1464
1465         (InjectedScript.RemoteObject.prototype._emptyPreview):
1466         This attempts to be an accurate empty preview for the given object.
1467         For types with entries, it adds an empty entries list and updates
1468         the overflow and lossless properties.
1469
1470         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
1471         Take a generatePreview parameter to generate a full preview or empty preview.
1472
1473         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
1474         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
1475         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
1476         Take care to avoid cycles.
1477
1478 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
1479
1480         Periodic code deletion should delete RegExp code
1481         https://bugs.webkit.org/show_bug.cgi?id=147990
1482
1483         Reviewed by Filip Pizlo.
1484
1485         The RegExp code cache was created for the sake of simple loops that
1486         re-created the same RegExps. It's reasonable to delete it periodically.
1487
1488         * heap/Heap.cpp:
1489         (JSC::Heap::deleteOldCode):
1490
1491 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
1492
1493         RegExpCache::finalize should not delete code
1494         https://bugs.webkit.org/show_bug.cgi?id=147987
1495
1496         Reviewed by Mark Lam.
1497
1498         The RegExp object already knows how to delete its own code in its
1499         destructor. Our job is just to clear our stale pointer.
1500
1501         * runtime/RegExpCache.cpp:
1502         (JSC::RegExpCache::finalize):
1503         (JSC::RegExpCache::addToStrongCache):
1504
1505 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
1506
1507         Standardize on the phrase "delete code"
1508         https://bugs.webkit.org/show_bug.cgi?id=147984
1509
1510         Reviewed by Mark Lam.
1511
1512         Use "delete" when we talk about throwing away code, as opposed to
1513         "invalidate" or "discard".
1514
1515         * debugger/Debugger.cpp:
1516         (JSC::Debugger::forEachCodeBlock):
1517         (JSC::Debugger::setSteppingMode):
1518         (JSC::Debugger::recompileAllJSFunctions):
1519         * heap/Heap.cpp:
1520         (JSC::Heap::deleteAllCompiledCode):
1521         * inspector/agents/InspectorRuntimeAgent.cpp:
1522         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1523         * runtime/RegExp.cpp:
1524         (JSC::RegExp::match):
1525         (JSC::RegExp::deleteCode):
1526         (JSC::RegExp::invalidateCode): Deleted.
1527         * runtime/RegExp.h:
1528         * runtime/RegExpCache.cpp:
1529         (JSC::RegExpCache::finalize):
1530         (JSC::RegExpCache::addToStrongCache):
1531         (JSC::RegExpCache::deleteAllCode):
1532         (JSC::RegExpCache::invalidateCode): Deleted.
1533         * runtime/RegExpCache.h:
1534         * runtime/VM.cpp:
1535         (JSC::VM::stopSampling):
1536         (JSC::VM::prepareToDeleteCode):
1537         (JSC::VM::deleteAllCode):
1538         (JSC::VM::setEnabledProfiler):
1539         (JSC::VM::prepareToDiscardCode): Deleted.
1540         (JSC::VM::discardAllCode): Deleted.
1541         * runtime/VM.h:
1542         (JSC::VM::apiLock):
1543         (JSC::VM::codeCache):
1544         * runtime/Watchdog.cpp:
1545         (JSC::Watchdog::setTimeLimit):
1546
1547 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1548
1549         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
1550         https://bugs.webkit.org/show_bug.cgi?id=147930
1551
1552         Reviewed by Saam Barati.
1553
1554         When the passed prototype object to be set is the same to the existing
1555         prototype object, [[SetPrototypeOf]] just finishes its operation even
1556         if the extensibility of the target object is `false`.
1557
1558         * runtime/JSGlobalObjectFunctions.cpp:
1559         (JSC::globalFuncProtoSetter):
1560         * runtime/ObjectConstructor.cpp:
1561         (JSC::objectConstructorSetPrototypeOf):
1562         * runtime/ReflectObject.cpp:
1563         (JSC::reflectObjectSetPrototypeOf):
1564         * tests/stress/set-same-prototype.js: Added.
1565         (shouldBe):
1566         (shouldThrow):
1567
1568 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
1569
1570         Removed clearEvalCodeCache()
1571         https://bugs.webkit.org/show_bug.cgi?id=147957
1572
1573         Reviewed by Filip Pizlo.
1574
1575         It was unused.
1576
1577         * bytecode/CodeBlock.cpp:
1578         (JSC::CodeBlock::linkIncomingCall):
1579         (JSC::CodeBlock::install):
1580         (JSC::CodeBlock::clearEvalCache): Deleted.
1581         * bytecode/CodeBlock.h:
1582         (JSC::CodeBlock::numberOfJumpTargets):
1583         (JSC::CodeBlock::jumpTarget):
1584         (JSC::CodeBlock::numberOfArgumentValueProfiles):
1585
1586 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
1587
1588         [ES6] Implement Reflect.defineProperty
1589         https://bugs.webkit.org/show_bug.cgi?id=147943
1590
1591         Reviewed by Saam Barati.
1592
1593         This patch implements Reflect.defineProperty.
1594         The difference from the Object.defineProperty is,
1595
1596         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
1597         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
1598         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
1599
1600         And this patch comments the links to the ES6 spec.
1601
1602         * builtins/ReflectObject.js:
1603         * runtime/ObjectConstructor.cpp:
1604         (JSC::toPropertyDescriptor):
1605         * runtime/ObjectConstructor.h:
1606         * runtime/ReflectObject.cpp:
1607         (JSC::reflectObjectDefineProperty):
1608         * tests/stress/reflect-define-property.js: Added.
1609         (shouldBe):
1610         (shouldThrow):
1611         (.set getter):
1612         (setter):
1613         (.get testDescriptor):
1614         (.set get var):
1615         (.set testDescriptor):
1616         (.set get testDescriptor):
1617         (.set get shouldThrow):
1618         (.get var):
1619
1620 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
1621
1622         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
1623         https://bugs.webkit.org/show_bug.cgi?id=147950
1624
1625         Reviewed by Michael Saboff.
1626
1627         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
1628         responsible for memory corruption, since it would sometimes install watchpoints on structures that
1629         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
1630         entirely since later phases also do constant folding, and they do it without introducing the bug.
1631         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
1632         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
1633         be maximally aggressive in constant-folding whenever possible.
1634
1635         So, this change now brings back that constant folding rule - for loads from object constants that
1636         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
1637         tryGetConstantProperty() if we have registered the structure set.
1638
1639         * dfg/DFGByteCodeParser.cpp:
1640         (JSC::DFG::ByteCodeParser::load):
1641
1642 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
1643
1644         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
1645         https://bugs.webkit.org/show_bug.cgi?id=147353
1646
1647         Reviewed by Geoffrey Garen.
1648
1649         This patch implements ModuleRecord and ModuleAnalyzer.
1650         ModuleAnalyzer analyzes the produced AST from the parser.
1651         By collaborating with the parser, ModuleAnalyzer collects the information
1652         that is necessary to request the loading for the dependent modules and
1653         construct module's environment and namespace object before executing the actual
1654         module body.
1655
1656         In the parser, we annotate which variable is imported binding and which variable
1657         is exported from the current module. This information is leveraged in the ModuleAnalyzer
1658         to categorize the export entries.
1659
1660         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
1661         instead of introducing a new TreeContext type. This is because only 2 users use the
1662         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
1663         enough to switch the context to the SyntaxChecker when parsing the non-module related
1664         statement in the preparsing phase.
1665
1666         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
1667         into the JSC shell. By specifying this, the result of analysis is dumped when the module
1668         is parsed and analyzed.
1669
1670         * CMakeLists.txt:
1671         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1672         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1673         * JavaScriptCore.xcodeproj/project.pbxproj:
1674         * builtins/BuiltinNames.h:
1675         * parser/ASTBuilder.h:
1676         (JSC::ASTBuilder::createExportDefaultDeclaration):
1677         * parser/ModuleAnalyzer.cpp: Added.
1678         (JSC::ModuleAnalyzer::ModuleAnalyzer):
1679         (JSC::ModuleAnalyzer::exportedBinding):
1680         (JSC::ModuleAnalyzer::declareExportAlias):
1681         (JSC::ModuleAnalyzer::exportVariable):
1682         (JSC::ModuleAnalyzer::analyze):
1683         * parser/ModuleAnalyzer.h: Added.
1684         (JSC::ModuleAnalyzer::vm):
1685         (JSC::ModuleAnalyzer::moduleRecord):
1686         * parser/ModuleRecord.cpp: Added.
1687         (JSC::printableName):
1688         (JSC::ModuleRecord::dump):
1689         * parser/ModuleRecord.h: Added.
1690         (JSC::ModuleRecord::ImportEntry::isNamespace):
1691         (JSC::ModuleRecord::create):
1692         (JSC::ModuleRecord::appendRequestedModule):
1693         (JSC::ModuleRecord::addImportEntry):
1694         (JSC::ModuleRecord::addExportEntry):
1695         (JSC::ModuleRecord::addStarExportEntry):
1696         * parser/NodeConstructors.h:
1697         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
1698         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1699         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1700         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
1701         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
1702         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1703         * parser/Nodes.h:
1704         (JSC::ExportDefaultDeclarationNode::localName):
1705         * parser/NodesAnalyzeModule.cpp: Added.
1706         (JSC::ScopeNode::analyzeModule):
1707         (JSC::SourceElements::analyzeModule):
1708         (JSC::ImportDeclarationNode::analyzeModule):
1709         (JSC::ExportAllDeclarationNode::analyzeModule):
1710         (JSC::ExportDefaultDeclarationNode::analyzeModule):
1711         (JSC::ExportLocalDeclarationNode::analyzeModule):
1712         (JSC::ExportNamedDeclarationNode::analyzeModule):
1713         * parser/Parser.cpp:
1714         (JSC::Parser<LexerType>::parseInner):
1715         (JSC::Parser<LexerType>::parseModuleSourceElements):
1716         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1717         (JSC::Parser<LexerType>::createBindingPattern):
1718         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1719         (JSC::Parser<LexerType>::parseClassDeclaration):
1720         (JSC::Parser<LexerType>::parseImportClauseItem):
1721         (JSC::Parser<LexerType>::parseExportSpecifier):
1722         (JSC::Parser<LexerType>::parseExportDeclaration):
1723         * parser/Parser.h:
1724         (JSC::Scope::lexicalVariables):
1725         (JSC::Scope::declareLexicalVariable):
1726         (JSC::Parser::declareVariable):
1727         (JSC::Parser::exportName):
1728         (JSC::Parser<LexerType>::parse):
1729         (JSC::parse):
1730         * parser/ParserModes.h:
1731         * parser/SyntaxChecker.h:
1732         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1733         * parser/VariableEnvironment.cpp:
1734         (JSC::VariableEnvironment::markVariableAsImported):
1735         (JSC::VariableEnvironment::markVariableAsExported):
1736         * parser/VariableEnvironment.h:
1737         (JSC::VariableEnvironmentEntry::isExported):
1738         (JSC::VariableEnvironmentEntry::isImported):
1739         (JSC::VariableEnvironmentEntry::setIsExported):
1740         (JSC::VariableEnvironmentEntry::setIsImported):
1741         * runtime/CommonIdentifiers.h:
1742         * runtime/Completion.cpp:
1743         (JSC::checkModuleSyntax):
1744         * runtime/Options.h:
1745
1746 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
1747
1748         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
1749
1750         * jit/ExecutableAllocator.h:
1751         * jsc.cpp:
1752         (GlobalObject::finishCreation):
1753         (functionAddressOf):
1754         (functionVersion):
1755         (functionReleaseExecutableMemory): Deleted.
1756         * runtime/VM.cpp:
1757         (JSC::StackPreservingRecompiler::operator()):
1758         (JSC::VM::throwException):
1759         (JSC::VM::updateFTLLargestStackSize):
1760         (JSC::VM::gatherConservativeRoots):
1761         (JSC::VM::releaseExecutableMemory): Deleted.
1762         (JSC::releaseExecutableMemory): Deleted.
1763         * runtime/VM.h:
1764         (JSC::VM::isCollectorBusy):
1765         * runtime/Watchdog.cpp:
1766         (JSC::Watchdog::setTimeLimit):
1767
1768 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
1769
1770         Roll out r188339, which broke the build.
1771
1772         Unreviewed.
1773
1774         * jit/ExecutableAllocator.h:
1775         * jsc.cpp:
1776         (GlobalObject::finishCreation):
1777         (functionReleaseExecutableMemory):
1778         * runtime/VM.cpp:
1779         (JSC::StackPreservingRecompiler::visit):
1780         (JSC::StackPreservingRecompiler::operator()):
1781         (JSC::VM::releaseExecutableMemory):
1782         (JSC::releaseExecutableMemory):
1783         * runtime/VM.h:
1784         * runtime/Watchdog.cpp:
1785         (JSC::Watchdog::setTimeLimit):
1786
1787 2015-08-12  Alex Christensen  <achristensen@webkit.org>
1788
1789         Fix Debug CMake builds on Windows
1790         https://bugs.webkit.org/show_bug.cgi?id=147940
1791
1792         Reviewed by Chris Dumez.
1793
1794         * PlatformWin.cmake:
1795         Copy the plist to the JavaScriptCore.resources directory.
1796
1797 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
1798
1799         Remove VM::releaseExecutableMemory
1800         https://bugs.webkit.org/show_bug.cgi?id=147915
1801
1802         Reviewed by Saam Barati.
1803
1804         releaseExecutableMemory() was only used in one place, where discardAllCode()
1805         would work just as well.
1806
1807         It's confusing to have two slightly different ways to discard code. Also,
1808         releaseExecutableMemory() is unused in any production code, and it seems
1809         to have bit-rotted.
1810
1811         * jit/ExecutableAllocator.h:
1812         * jsc.cpp:
1813         (GlobalObject::finishCreation):
1814         (functionAddressOf):
1815         (functionVersion):
1816         (functionReleaseExecutableMemory): Deleted.
1817         * runtime/VM.cpp:
1818         (JSC::StackPreservingRecompiler::operator()):
1819         (JSC::VM::throwException):
1820         (JSC::VM::updateFTLLargestStackSize):
1821         (JSC::VM::gatherConservativeRoots):
1822         (JSC::VM::releaseExecutableMemory): Deleted.
1823         (JSC::releaseExecutableMemory): Deleted.
1824         * runtime/VM.h:
1825         (JSC::VM::isCollectorBusy):
1826         * runtime/Watchdog.cpp:
1827         (JSC::Watchdog::setTimeLimit):
1828
1829 2015-08-12  Mark Lam  <mark.lam@apple.com>
1830
1831         Add a JSC option to enable the watchdog for testing.
1832         https://bugs.webkit.org/show_bug.cgi?id=147939
1833
1834         Reviewed by Michael Saboff.
1835
1836         * API/JSContextRef.cpp:
1837         (JSContextGroupSetExecutionTimeLimit):
1838         (createWatchdogIfNeeded): Deleted.
1839         * runtime/Options.h:
1840         * runtime/VM.cpp:
1841         (JSC::VM::VM):
1842         (JSC::VM::~VM):
1843         (JSC::VM::sharedInstanceInternal):
1844         (JSC::VM::ensureWatchdog):
1845         (JSC::thunkGeneratorForIntrinsic):
1846         * runtime/VM.h:
1847
1848 2015-08-11  Mark Lam  <mark.lam@apple.com>
1849
1850         Implementation JavaScript watchdog using WTF::WorkQueue.
1851         https://bugs.webkit.org/show_bug.cgi?id=147107
1852
1853         Reviewed by Geoffrey Garen.
1854
1855         How the Watchdog works?
1856         ======================
1857
1858         1. When do we start the Watchdog?
1859            =============================
1860            The watchdog should only be started if both the following conditions are true:
1861            1. A time limit has been set.
1862            2. We have entered the VM.
1863  
1864         2. CPU time vs Wall Clock time
1865            ===========================
1866            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
1867
1868            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
1869            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
1870            indicates the wall clock time point when the WorkQueue timer is expected to fire.
1871
1872            The time limit for which we allow JS code to run should be measured in CPU time, which can
1873            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
1874            should fire.
1875
1876            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
1877            we need to check if m_cpuDeadline has been reached.
1878
1879            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
1880
1881            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
1882            code to continue to run for.  Hence, we need to start a new timer to fire again after
1883            Tremainder microseconds.
1884     
1885            See Watchdog::didFireSlow().
1886
1887         3. Spurious wake ups
1888            =================
1889            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
1890            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
1891            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
1892            wake ups are considered to be spurious and will be ignored.
1893  
1894            See Watchdog::didFireSlow().
1895  
1896         4. Minimizing Timer creation cost
1897            ==============================
1898            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
1899            than this.
1900  
1901            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
1902            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
1903            time limit. Consider the following example:
1904  
1905                |---|-----|---|----------------|---------|
1906                t0  t1    t2  t3            t0 + L    t2 + L 
1907
1908                |<--- T1 --------------------->|
1909                          |<--- T2 --------------------->|
1910                |<-- Td ->|                    |<-- Td ->|
1911
1912            1. The user initializes the watchdog with time limit L.
1913            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
1914               The timer is set to expire at t0 + L.
1915            3. At t1, we exit the VM.
1916            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
1917          
1918               However, we can note that the expiration time for T2 would be after the expiration time
1919               of T1. Specifically, T2 would have expired at Td after T1 expires.
1920          
1921               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
1922               for a period or Td instead.
1923
1924            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
1925            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
1926            automatically take care of starting a new timer for the difference Td in the example above.
1927            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
1928            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
1929
1930            The benefit:
1931
1932            1. we minimize the number of timer instances we have queued in the workqueue at the same time
1933               (ideally only 1 or 0), and use less peak memory usage.
1934
1935            2. we minimize the frequency of instantiating timer instances. By waiting for the current
1936               active timer to expire first, on average, we get to start one timer per time limit
1937               (which is infrequent because time limits tend to be long) instead of one timer per
1938               VM entry (which tends to be frequent).
1939
1940            See Watchdog::startTimer().
1941
1942         * API/JSContextRef.cpp:
1943         (createWatchdogIfNeeded):
1944         (JSContextGroupClearExecutionTimeLimit):
1945         - No need to create the watchdog (if not already created) just to clear it.
1946           If the watchdog is not created yet, then it is effectively cleared.
1947
1948         * API/tests/ExecutionTimeLimitTest.cpp:
1949         (currentCPUTimeAsJSFunctionCallback):
1950         (testExecutionTimeLimit):
1951         (currentCPUTime): Deleted.
1952         * API/tests/testapi.c:
1953         (main):
1954         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1955         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
1956         - Enable watchdog tests for all platforms.
1957
1958         * CMakeLists.txt:
1959         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1960         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1961         * JavaScriptCore.xcodeproj/project.pbxproj:
1962         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
1963
1964         * PlatformEfl.cmake:
1965
1966         * dfg/DFGByteCodeParser.cpp:
1967         (JSC::DFG::ByteCodeParser::parseBlock):
1968         * dfg/DFGSpeculativeJIT32_64.cpp:
1969         * dfg/DFGSpeculativeJIT64.cpp:
1970         * interpreter/Interpreter.cpp:
1971         (JSC::Interpreter::execute):
1972         (JSC::Interpreter::executeCall):
1973         (JSC::Interpreter::executeConstruct):
1974         * jit/JITOpcodes.cpp:
1975         (JSC::JIT::emit_op_loop_hint):
1976         (JSC::JIT::emitSlow_op_loop_hint):
1977         * jit/JITOperations.cpp:
1978         * llint/LLIntOffsetsExtractor.cpp:
1979         * llint/LLIntSlowPaths.cpp:
1980         * runtime/VM.cpp:
1981         - #include Watchdog.h in these files directly instead of doing it via VM.h.
1982           These saves us from having to recompile the world when we change Watchdog.h.
1983
1984         * runtime/VM.h:
1985         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
1986           thread-safe ref counted.
1987
1988         * runtime/VMEntryScope.cpp:
1989         (JSC::VMEntryScope::VMEntryScope):
1990         (JSC::VMEntryScope::~VMEntryScope):
1991         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
1992           Instead, the VMEntryScope will inform the watchdog of when we have entered and
1993           exited the VM.
1994
1995         * runtime/Watchdog.cpp:
1996         (JSC::currentWallClockTime):
1997         (JSC::Watchdog::Watchdog):
1998         (JSC::Watchdog::hasStartedTimer):
1999         (JSC::Watchdog::setTimeLimit):
2000         (JSC::Watchdog::didFireSlow):
2001         (JSC::Watchdog::hasTimeLimit):
2002         (JSC::Watchdog::fire):
2003         (JSC::Watchdog::enteredVM):
2004         (JSC::Watchdog::exitedVM):
2005
2006         (JSC::Watchdog::startTimer):
2007         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
2008           (from a different thread) even after the VM shuts down.  We need to keep it
2009           alive until the WorkQueue callback completes.
2010
2011           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
2012           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
2013           is done with it.  This ensures that the Watchdog is kept alive until all
2014           WorkQueue callbacks are done.
2015
2016         (JSC::Watchdog::stopTimer):
2017         (JSC::Watchdog::~Watchdog): Deleted.
2018         (JSC::Watchdog::didFire): Deleted.
2019         (JSC::Watchdog::isEnabled): Deleted.
2020         (JSC::Watchdog::arm): Deleted.
2021         (JSC::Watchdog::disarm): Deleted.
2022         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
2023         (JSC::Watchdog::startCountdown): Deleted.
2024         (JSC::Watchdog::stopCountdown): Deleted.
2025         * runtime/Watchdog.h:
2026         (JSC::Watchdog::didFire):
2027         (JSC::Watchdog::timerDidFireAddress):
2028         (JSC::Watchdog::isArmed): Deleted.
2029         (JSC::Watchdog::Scope::Scope): Deleted.
2030         (JSC::Watchdog::Scope::~Scope): Deleted.
2031         * runtime/WatchdogMac.cpp:
2032         (JSC::Watchdog::initTimer): Deleted.
2033         (JSC::Watchdog::destroyTimer): Deleted.
2034         (JSC::Watchdog::startTimer): Deleted.
2035         (JSC::Watchdog::stopTimer): Deleted.
2036         * runtime/WatchdogNone.cpp:
2037         (JSC::Watchdog::initTimer): Deleted.
2038         (JSC::Watchdog::destroyTimer): Deleted.
2039         (JSC::Watchdog::startTimer): Deleted.
2040         (JSC::Watchdog::stopTimer): Deleted.
2041
2042 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
2043
2044         Always use a byte-sized lock implementation
2045         https://bugs.webkit.org/show_bug.cgi?id=147908
2046
2047         Reviewed by Geoffrey Garen.
2048
2049         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
2050
2051 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
2052
2053         Make ASan build not depend on asan.xcconfig
2054         https://bugs.webkit.org/show_bug.cgi?id=147840
2055         rdar://problem/21093702
2056
2057         Reviewed by Daniel Bates.
2058
2059         * dfg/DFGOSREntry.cpp:
2060         (JSC::DFG::OSREntryData::dump):
2061         (JSC::DFG::prepareOSREntry):
2062         * ftl/FTLOSREntry.cpp:
2063         (JSC::FTL::prepareOSREntry):
2064         * heap/ConservativeRoots.cpp:
2065         (JSC::ConservativeRoots::genericAddPointer):
2066         (JSC::ConservativeRoots::genericAddSpan):
2067         * heap/MachineStackMarker.cpp:
2068         (JSC::MachineThreads::removeThreadIfFound):
2069         (JSC::MachineThreads::gatherFromCurrentThread):
2070         (JSC::MachineThreads::Thread::captureStack):
2071         (JSC::copyMemory):
2072         * interpreter/Register.h:
2073         (JSC::Register::operator=):
2074         (JSC::Register::asanUnsafeJSValue):
2075         (JSC::Register::jsValue):
2076
2077 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2078
2079         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
2080         https://bugs.webkit.org/show_bug.cgi?id=147480
2081
2082         Reviewed by Filip Pizlo.
2083
2084         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
2085         The IC site only caches one id. After checking that the given id is the same to the
2086         cached one, we perform the get_by_id IC onto it.
2087         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
2088         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
2089         operations when the given get_by_val leverages the property load with the cached id.
2090
2091         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
2092         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
2093         This can be leveraged to optimize symbol operations in DFG.
2094
2095         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
2096         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
2097         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
2098         argument ArrayProfile* in the operations with ByValInfo*.
2099
2100         * bytecode/ByValInfo.h:
2101         (JSC::ByValInfo::ByValInfo):
2102         * bytecode/CodeBlock.cpp:
2103         (JSC::CodeBlock::getByValInfoMap):
2104         (JSC::CodeBlock::addByValInfo):
2105         * bytecode/CodeBlock.h:
2106         (JSC::CodeBlock::getByValInfo): Deleted.
2107         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
2108         (JSC::CodeBlock::numberOfByValInfos): Deleted.
2109         (JSC::CodeBlock::byValInfo): Deleted.
2110         * bytecode/ExitKind.cpp:
2111         (JSC::exitKindToString):
2112         * bytecode/ExitKind.h:
2113         * bytecode/GetByIdStatus.cpp:
2114         (JSC::GetByIdStatus::computeFor):
2115         (JSC::GetByIdStatus::computeForStubInfo):
2116         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2117         * bytecode/GetByIdStatus.h:
2118         * dfg/DFGAbstractInterpreterInlines.h:
2119         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2120         * dfg/DFGByteCodeParser.cpp:
2121         (JSC::DFG::ByteCodeParser::parseBlock):
2122         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2123         * dfg/DFGClobberize.h:
2124         (JSC::DFG::clobberize):
2125         * dfg/DFGConstantFoldingPhase.cpp:
2126         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2127         * dfg/DFGDoesGC.cpp:
2128         (JSC::DFG::doesGC):
2129         * dfg/DFGFixupPhase.cpp:
2130         (JSC::DFG::FixupPhase::fixupNode):
2131         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2132         * dfg/DFGNode.h:
2133         (JSC::DFG::Node::hasUidOperand):
2134         (JSC::DFG::Node::uidOperand):
2135         * dfg/DFGNodeType.h:
2136         * dfg/DFGPredictionPropagationPhase.cpp:
2137         (JSC::DFG::PredictionPropagationPhase::propagate):
2138         * dfg/DFGSafeToExecute.h:
2139         (JSC::DFG::SafeToExecuteEdge::operator()):
2140         (JSC::DFG::safeToExecute):
2141         * dfg/DFGSpeculativeJIT.cpp:
2142         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
2143         (JSC::DFG::SpeculativeJIT::speculateSymbol):
2144         (JSC::DFG::SpeculativeJIT::speculate):
2145         * dfg/DFGSpeculativeJIT.h:
2146         * dfg/DFGSpeculativeJIT32_64.cpp:
2147         (JSC::DFG::SpeculativeJIT::compile):
2148         * dfg/DFGSpeculativeJIT64.cpp:
2149         (JSC::DFG::SpeculativeJIT::compile):
2150         * dfg/DFGUseKind.cpp:
2151         (WTF::printInternal):
2152         * dfg/DFGUseKind.h:
2153         (JSC::DFG::typeFilterFor):
2154         (JSC::DFG::isCell):
2155         * ftl/FTLAbstractHeapRepository.h:
2156         * ftl/FTLCapabilities.cpp:
2157         (JSC::FTL::canCompile):
2158         * ftl/FTLLowerDFGToLLVM.cpp:
2159         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2160         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
2161         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
2162         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
2163         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
2164         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
2165         * jit/JIT.cpp:
2166         (JSC::JIT::privateCompile):
2167         * jit/JIT.h:
2168         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2169         (JSC::JIT::compileGetByValWithCachedId):
2170         * jit/JITInlines.h:
2171         (JSC::JIT::callOperation):
2172         * jit/JITOpcodes.cpp:
2173         (JSC::JIT::emit_op_has_indexed_property):
2174         (JSC::JIT::emitSlow_op_has_indexed_property):
2175         * jit/JITOpcodes32_64.cpp:
2176         (JSC::JIT::emit_op_has_indexed_property):
2177         (JSC::JIT::emitSlow_op_has_indexed_property):
2178         * jit/JITOperations.cpp:
2179         (JSC::getByVal):
2180         * jit/JITOperations.h:
2181         * jit/JITPropertyAccess.cpp:
2182         (JSC::JIT::emit_op_get_by_val):
2183         (JSC::JIT::emitGetByValWithCachedId):
2184         (JSC::JIT::emitSlow_op_get_by_val):
2185         (JSC::JIT::emit_op_put_by_val):
2186         (JSC::JIT::emitSlow_op_put_by_val):
2187         (JSC::JIT::privateCompileGetByVal):
2188         (JSC::JIT::privateCompileGetByValWithCachedId):
2189         * jit/JITPropertyAccess32_64.cpp:
2190         (JSC::JIT::emit_op_get_by_val):
2191         (JSC::JIT::emitGetByValWithCachedId):
2192         (JSC::JIT::emitSlow_op_get_by_val):
2193         (JSC::JIT::emit_op_put_by_val):
2194         (JSC::JIT::emitSlow_op_put_by_val):
2195         * runtime/Symbol.h:
2196         * tests/stress/get-by-val-with-string-constructor.js: Added.
2197         (Hello):
2198         (get Hello.prototype.generate):
2199         (ok):
2200         * tests/stress/get-by-val-with-string-exit.js: Added.
2201         (shouldBe):
2202         (getByVal):
2203         (getStr1):
2204         (getStr2):
2205         * tests/stress/get-by-val-with-string-generated.js: Added.
2206         (shouldBe):
2207         (getByVal):
2208         (getStr1):
2209         (getStr2):
2210         * tests/stress/get-by-val-with-string-getter.js: Added.
2211         (object.get hello):
2212         (ok):
2213         * tests/stress/get-by-val-with-string.js: Added.
2214         (shouldBe):
2215         (getByVal):
2216         (getStr1):
2217         (getStr2):
2218         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
2219         (Hello):
2220         (get Hello.prototype.generate):
2221         (ok):
2222         * tests/stress/get-by-val-with-symbol-exit.js: Added.
2223         (shouldBe):
2224         (getByVal):
2225         (getSym1):
2226         (getSym2):
2227         * tests/stress/get-by-val-with-symbol-getter.js: Added.
2228         (object.get hello):
2229         (.get ok):
2230         * tests/stress/get-by-val-with-symbol.js: Added.
2231         (shouldBe):
2232         (getByVal):
2233         (getSym1):
2234         (getSym2):
2235
2236 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
2237
2238         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
2239         https://bugs.webkit.org/show_bug.cgi?id=147891
2240         rdar://problem/22129447
2241
2242         Reviewed by Mark Lam.
2243
2244         * dfg/DFGByteCodeParser.cpp:
2245         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
2246         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
2247         * dfg/DFGGraph.cpp:
2248         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
2249         * dfg/DFGStructureRegistrationPhase.cpp:
2250         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
2251
2252 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
2253
2254         [Win] Switch Windows build to Visual Studio 2015
2255         https://bugs.webkit.org/show_bug.cgi?id=147887
2256         <rdar://problem/22235098>
2257
2258         Reviewed by Alex Christensen.
2259
2260         Update Visual Studio project file settings to use the current Visual
2261         Studio and compiler. Continue targeting binaries to run on our minimum
2262         supported configuration of Windows 7.
2263
2264         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2265         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
2266         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
2267         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
2268         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
2269         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
2270         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
2271         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
2272         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
2273         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
2274         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
2275         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
2276
2277 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
2278
2279         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
2280         https://bugs.webkit.org/show_bug.cgi?id=147665
2281
2282         Reviewed by Mark Lam.
2283
2284         Replace ByteSpinLock with ByteLock.
2285
2286         * runtime/ConcurrentJITLock.h:
2287
2288 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2289
2290         Numeric setter on prototype doesn't get called.
2291         https://bugs.webkit.org/show_bug.cgi?id=144252
2292
2293         Reviewed by Darin Adler.
2294
2295         When switching the blank indexing type to the other one in putByIndex,
2296         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
2297         it to the slow put indexing type and reloop the putByIndex since there may
2298         be some indexing accessor in the prototype chain. Previously, we just set
2299         the value into the allocated vector.
2300
2301         In the putDirectIndex case, we just store the value to the vector.
2302         This is because putDirectIndex is the operation to store the own property
2303         and it does not check the accessors in the prototype chain.
2304
2305         * runtime/JSObject.cpp:
2306         (JSC::JSObject::putByIndexBeyondVectorLength):
2307         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
2308         (shouldBe):
2309         (Trace):
2310         (Trace.prototype.trace):
2311         (Trace.prototype.get count):
2312         (.):
2313         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
2314         (shouldBe):
2315         (Trace):
2316         (Trace.prototype.trace):
2317         (Trace.prototype.get count):
2318         (.):
2319         * tests/stress/numeric-setter-on-prototype.js: Added.
2320         (shouldBe):
2321         (Trace):
2322         (Trace.prototype.trace):
2323         (Trace.prototype.get count):
2324         (.z.__proto__.set 3):
2325         * tests/stress/numeric-setter-on-self.js: Added.
2326         (shouldBe):
2327         (Trace):
2328         (Trace.prototype.trace):
2329         (Trace.prototype.get count):
2330         (.y.set 2):
2331
2332 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
2333
2334         [Win] Unreviewed gardening.
2335
2336         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
2337         file references so they appear in the proper IDE locations.
2338
2339 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
2340
2341         Unreviewed windows build fix for VS2015.
2342
2343         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
2344
2345 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2346
2347         [ES6] Implement Reflect.has
2348         https://bugs.webkit.org/show_bug.cgi?id=147875
2349
2350         Reviewed by Sam Weinig.
2351
2352         This patch implements Reflect.has[1].
2353         Since the semantics is the same to the `in` operator in the JS[2],
2354         we can implement it in builtin JS code.
2355
2356         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
2357         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
2358
2359         * builtins/ReflectObject.js:
2360         (has):
2361         * runtime/ReflectObject.cpp:
2362         * tests/stress/reflect-has.js: Added.
2363         (shouldBe):
2364         (shouldThrow):
2365
2366 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2367
2368         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
2369         https://bugs.webkit.org/show_bug.cgi?id=147874
2370
2371         Reviewed by Darin Adler.
2372
2373         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
2374         The difference from the Object.* one is
2375
2376         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
2377         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
2378
2379         * runtime/ObjectConstructor.cpp:
2380         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
2381         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
2382         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
2383         (JSC::objectConstructorGetPrototypeOf):
2384         * runtime/ObjectConstructor.h:
2385         * runtime/ReflectObject.cpp:
2386         (JSC::reflectObjectGetPrototypeOf):
2387         (JSC::reflectObjectSetPrototypeOf):
2388         * tests/stress/reflect-get-prototype-of.js: Added.
2389         (shouldBe):
2390         (shouldThrow):
2391         (Base):
2392         (Derived):
2393         * tests/stress/reflect-set-prototype-of.js: Added.
2394         (shouldBe):
2395         (shouldThrow):
2396
2397 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
2398
2399         Fix debug build when optimization is enabled
2400         https://bugs.webkit.org/show_bug.cgi?id=147816
2401
2402         Reviewed by Alexey Proskuryakov.
2403
2404         * llint/LLIntEntrypoint.cpp:
2405         * runtime/FunctionExecutableDump.cpp:
2406
2407 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2408
2409         Ensure that Reflect.enumerate does not produce the deleted keys
2410         https://bugs.webkit.org/show_bug.cgi?id=147677
2411
2412         Reviewed by Darin Adler.
2413
2414         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
2415
2416         * tests/stress/reflect-enumerate.js:
2417
2418 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
2419
2420         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
2421         https://bugs.webkit.org/show_bug.cgi?id=147856
2422
2423         Reviewed by Saam Barati.
2424
2425         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
2426
2427         * CMakeLists.txt:
2428         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2429         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2430         * JavaScriptCore.xcodeproj/project.pbxproj:
2431         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
2432         (JSC::ExecutableInfo::ExecutableInfo):
2433         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
2434         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
2435         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
2436         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
2437         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
2438         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
2439         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
2440         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
2441         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
2442         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
2443         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
2444         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
2445         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
2446         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
2447         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
2448         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
2449         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
2450         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
2451         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
2452         (JSC::UnlinkedCodeBlock::regexp): Deleted.
2453         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
2454         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
2455         (JSC::UnlinkedCodeBlock::identifier): Deleted.
2456         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
2457         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
2458         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
2459         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
2460         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
2461         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
2462         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
2463         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
2464         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
2465         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
2466         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
2467         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
2468         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
2469         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
2470         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
2471         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
2472         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
2473         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
2474         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
2475         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
2476         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
2477         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
2478         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
2479         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
2480         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
2481         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
2482         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
2483         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
2484         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
2485         (JSC::UnlinkedCodeBlock::vm): Deleted.
2486         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
2487         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
2488         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
2489         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
2490         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
2491         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
2492         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
2493         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
2494         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
2495         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
2496         (JSC::UnlinkedCodeBlock::codeType): Deleted.
2497         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
2498         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
2499         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
2500         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
2501         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
2502         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
2503         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
2504         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
2505         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
2506         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
2507         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
2508         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
2509         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
2510         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
2511         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
2512         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
2513         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
2514         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
2515         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
2516         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
2517         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
2518         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
2519         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
2520         * bytecode/UnlinkedCodeBlock.cpp:
2521         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2522         (JSC::generateFunctionCodeBlock): Deleted.
2523         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
2524         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
2525         (JSC::UnlinkedFunctionExecutable::link): Deleted.
2526         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
2527         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
2528         * bytecode/UnlinkedCodeBlock.h:
2529         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
2530         (JSC::ExecutableInfo::needsActivation): Deleted.
2531         (JSC::ExecutableInfo::usesEval): Deleted.
2532         (JSC::ExecutableInfo::isStrictMode): Deleted.
2533         (JSC::ExecutableInfo::isConstructor): Deleted.
2534         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
2535         (JSC::ExecutableInfo::constructorKind): Deleted.
2536         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
2537         (JSC::generateFunctionCodeBlock):
2538         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
2539         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
2540         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
2541         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
2542         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
2543         (JSC::dumpLineColumnEntry): Deleted.
2544         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
2545         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
2546         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
2547         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
2548         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
2549         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
2550         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
2551         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
2552         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
2553         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
2554         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
2555         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
2556         (JSC::UnlinkedCodeBlock::instructions): Deleted.
2557         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
2558         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
2559         (JSC::ExecutableInfo::needsActivation): Deleted.
2560         (JSC::ExecutableInfo::usesEval): Deleted.
2561         (JSC::ExecutableInfo::isStrictMode): Deleted.
2562         (JSC::ExecutableInfo::isConstructor): Deleted.
2563         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
2564         (JSC::ExecutableInfo::constructorKind): Deleted.
2565         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
2566         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
2567         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
2568         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
2569         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
2570         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
2571         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
2572         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
2573         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
2574         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
2575         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
2576         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
2577         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
2578         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
2579         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
2580         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
2581         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
2582         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
2583         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
2584         (JSC::UnlinkedCodeBlock::regexp): Deleted.
2585         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
2586         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
2587         (JSC::UnlinkedCodeBlock::identifier): Deleted.
2588         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
2589         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
2590         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
2591         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
2592         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
2593         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
2594         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
2595         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
2596         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
2597         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
2598         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
2599         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
2600         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
2601         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
2602         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
2603         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
2604         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
2605         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
2606         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
2607         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
2608         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
2609         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
2610         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
2611         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
2612         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
2613         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
2614         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
2615         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
2616         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
2617         (JSC::UnlinkedCodeBlock::vm): Deleted.
2618         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
2619         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
2620         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
2621         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
2622         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
2623         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
2624         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
2625         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
2626         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
2627         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
2628         (JSC::UnlinkedCodeBlock::codeType): Deleted.
2629         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
2630         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
2631         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
2632         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
2633         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
2634         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
2635         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
2636         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
2637         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
2638         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
2639         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
2640         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
2641         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
2642         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
2643         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
2644         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
2645         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
2646         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
2647         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
2648         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
2649         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
2650         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
2651         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
2652         * runtime/Executable.h:
2653
2654 2015-08-10  Mark Lam  <mark.lam@apple.com>
2655
2656         Refactor LiveObjectList and LiveObjectData into their own files.
2657         https://bugs.webkit.org/show_bug.cgi?id=147843
2658
2659         Reviewed by Saam Barati.
2660
2661         There is no behavior change in this patch.
2662
2663         * CMakeLists.txt:
2664         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2665         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2666         * JavaScriptCore.xcodeproj/project.pbxproj:
2667         * heap/HeapVerifier.cpp:
2668         (JSC::HeapVerifier::HeapVerifier):
2669         (JSC::LiveObjectList::findObject): Deleted.
2670         * heap/HeapVerifier.h:
2671         (JSC::LiveObjectData::LiveObjectData): Deleted.
2672         (JSC::LiveObjectList::LiveObjectList): Deleted.
2673         (JSC::LiveObjectList::reset): Deleted.
2674         * heap/LiveObjectData.h: Added.
2675         (JSC::LiveObjectData::LiveObjectData):
2676         * heap/LiveObjectList.cpp: Added.
2677         (JSC::LiveObjectList::findObject):
2678         * heap/LiveObjectList.h: Added.
2679         (JSC::LiveObjectList::LiveObjectList):
2680         (JSC::LiveObjectList::reset):
2681
2682 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
2683
2684         Let's rename FunctionBodyNode
2685         https://bugs.webkit.org/show_bug.cgi?id=147292
2686
2687         Reviewed by Mark Lam & Saam Barati.
2688
2689         FunctionBodyNode => FunctionMetadataNode
2690
2691         Make FunctionMetadataNode inherit from Node instead of StatementNode
2692         because a FunctionMetadataNode can appear in expression context and does
2693         not have a next statement.
2694
2695         (I decided to continue allocating FunctionMetadataNode in the AST arena,
2696         and to retain "Node" in its name, because it really is a parsing
2697         construct, and we transform its data before consuming it elsewhere.
2698
2699         There is still room for a future patch to distill and simplify the
2700         metadata we track about functions between FunDeclNode/FuncExprNode,
2701         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
2702
2703         * builtins/BuiltinExecutables.cpp:
2704         (JSC::BuiltinExecutables::createExecutableInternal):
2705         * bytecode/UnlinkedCodeBlock.cpp:
2706         (JSC::generateFunctionCodeBlock):
2707         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2708         * bytecode/UnlinkedCodeBlock.h:
2709         * bytecompiler/BytecodeGenerator.cpp:
2710         (JSC::BytecodeGenerator::generate):
2711         (JSC::BytecodeGenerator::BytecodeGenerator):
2712         (JSC::BytecodeGenerator::emitNewArray):
2713         (JSC::BytecodeGenerator::emitNewFunction):
2714         (JSC::BytecodeGenerator::emitNewFunctionExpression):
2715         * bytecompiler/BytecodeGenerator.h:
2716         (JSC::BytecodeGenerator::makeFunction):
2717         * bytecompiler/NodesCodegen.cpp:
2718         (JSC::EvalNode::emitBytecode):
2719         (JSC::FunctionNode::emitBytecode):
2720         (JSC::FunctionBodyNode::emitBytecode): Deleted.
2721         * parser/ASTBuilder.h:
2722         (JSC::ASTBuilder::createFunctionExpr):
2723         (JSC::ASTBuilder::createFunctionBody):
2724         * parser/NodeConstructors.h:
2725         (JSC::FunctionParameters::FunctionParameters):
2726         (JSC::FuncExprNode::FuncExprNode):
2727         (JSC::FuncDeclNode::FuncDeclNode):
2728         * parser/Nodes.cpp:
2729         (JSC::EvalNode::EvalNode):
2730         (JSC::FunctionMetadataNode::FunctionMetadataNode):
2731         (JSC::FunctionMetadataNode::finishParsing):
2732         (JSC::FunctionMetadataNode::setEndPosition):
2733         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
2734         (JSC::FunctionBodyNode::finishParsing): Deleted.
2735         (JSC::FunctionBodyNode::setEndPosition): Deleted.
2736         * parser/Nodes.h:
2737         (JSC::FuncExprNode::body):
2738         (JSC::FuncDeclNode::body):
2739         * parser/Parser.h:
2740         (JSC::Parser::isFunctionMetadataNode):
2741         (JSC::Parser::next):
2742         (JSC::Parser<LexerType>::parse):
2743         (JSC::Parser::isFunctionBodyNode): Deleted.
2744         * runtime/CodeCache.cpp:
2745         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2746         * runtime/CodeCache.h:
2747
2748 2015-08-09  Chris Dumez  <cdumez@apple.com>
2749
2750         Regression(r188105): Seems to have caused crashes during PLT on some iPads
2751         https://bugs.webkit.org/show_bug.cgi?id=147818
2752
2753         Unreviewed, roll out r188105.
2754
2755         * bytecode/ByValInfo.h:
2756         (JSC::ByValInfo::ByValInfo):
2757         * bytecode/CodeBlock.cpp:
2758         (JSC::CodeBlock::getByValInfoMap): Deleted.
2759         (JSC::CodeBlock::addByValInfo): Deleted.
2760         * bytecode/CodeBlock.h:
2761         (JSC::CodeBlock::getByValInfo):
2762         (JSC::CodeBlock::setNumberOfByValInfos):
2763         (JSC::CodeBlock::numberOfByValInfos):
2764         (JSC::CodeBlock::byValInfo):
2765         * bytecode/ExitKind.cpp:
2766         (JSC::exitKindToString): Deleted.
2767         * bytecode/ExitKind.h:
2768         * bytecode/GetByIdStatus.cpp:
2769         (JSC::GetByIdStatus::computeFor):
2770         (JSC::GetByIdStatus::computeForStubInfo):
2771         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
2772         * bytecode/GetByIdStatus.h:
2773         * dfg/DFGAbstractInterpreterInlines.h:
2774         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2775         * dfg/DFGByteCodeParser.cpp:
2776         (JSC::DFG::ByteCodeParser::parseBlock):
2777         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
2778         * dfg/DFGClobberize.h:
2779         (JSC::DFG::clobberize): Deleted.
2780         * dfg/DFGConstantFoldingPhase.cpp:
2781         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
2782         * dfg/DFGDoesGC.cpp:
2783         (JSC::DFG::doesGC): Deleted.
2784         * dfg/DFGFixupPhase.cpp:
2785         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2786         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
2787         * dfg/DFGNode.h:
2788         (JSC::DFG::Node::hasUidOperand): Deleted.
2789         (JSC::DFG::Node::uidOperand): Deleted.
2790         * dfg/DFGNodeType.h:
2791         * dfg/DFGPredictionPropagationPhase.cpp:
2792         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2793         * dfg/DFGSafeToExecute.h:
2794         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
2795         (JSC::DFG::safeToExecute): Deleted.
2796         * dfg/DFGSpeculativeJIT.cpp:
2797         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
2798         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
2799         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
2800         * dfg/DFGSpeculativeJIT.h:
2801         * dfg/DFGSpeculativeJIT32_64.cpp:
2802         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2803         * dfg/DFGSpeculativeJIT64.cpp:
2804         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2805         * dfg/DFGUseKind.cpp:
2806         (WTF::printInternal): Deleted.
2807         * dfg/DFGUseKind.h:
2808         (JSC::DFG::typeFilterFor): Deleted.
2809         (JSC::DFG::isCell): Deleted.
2810         * ftl/FTLAbstractHeapRepository.h:
2811         * ftl/FTLCapabilities.cpp:
2812         (JSC::FTL::canCompile): Deleted.
2813         * ftl/FTLLowerDFGToLLVM.cpp:
2814         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2815         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
2816         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
2817         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
2818         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
2819         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
2820         * jit/JIT.cpp:
2821         (JSC::JIT::privateCompile):
2822         * jit/JIT.h:
2823         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2824         (JSC::JIT::compileGetByValWithCachedId): Deleted.
2825         * jit/JITInlines.h:
2826         (JSC::JIT::callOperation): Deleted.
2827         * jit/JITOpcodes.cpp:
2828         (JSC::JIT::emit_op_has_indexed_property):
2829         (JSC::JIT::emitSlow_op_has_indexed_property):
2830         * jit/JITOpcodes32_64.cpp:
2831         (JSC::JIT::emit_op_has_indexed_property):
2832         (JSC::JIT::emitSlow_op_has_indexed_property):
2833         * jit/JITOperations.cpp:
2834         (JSC::getByVal):
2835         * jit/JITOperations.h:
2836         * jit/JITPropertyAccess.cpp:
2837         (JSC::JIT::emit_op_get_by_val):
2838         (JSC::JIT::emitSlow_op_get_by_val):
2839         (JSC::JIT::emit_op_put_by_val):
2840         (JSC::JIT::emitSlow_op_put_by_val):
2841         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2842         (JSC::JIT::privateCompileGetByVal): Deleted.
2843         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
2844         * jit/JITPropertyAccess32_64.cpp:
2845         (JSC::JIT::emit_op_get_by_val):
2846         (JSC::JIT::emitSlow_op_get_by_val):
2847         (JSC::JIT::emit_op_put_by_val):
2848         (JSC::JIT::emitSlow_op_put_by_val):
2849         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2850         * runtime/Symbol.h:
2851         * tests/stress/get-by-val-with-string-constructor.js: Removed.
2852         * tests/stress/get-by-val-with-string-exit.js: Removed.
2853         * tests/stress/get-by-val-with-string-generated.js: Removed.
2854         * tests/stress/get-by-val-with-string-getter.js: Removed.
2855         * tests/stress/get-by-val-with-string.js: Removed.
2856         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
2857         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
2858         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
2859         * tests/stress/get-by-val-with-symbol.js: Removed.
2860
2861 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2862
2863         Reduce uses of PassRefPtr in bindings
2864         https://bugs.webkit.org/show_bug.cgi?id=147781
2865
2866         Reviewed by Chris Dumez.
2867
2868         Use RefPtr when function can return null or an instance. If not, Ref is used.
2869
2870         * runtime/JSGenericTypedArrayView.h:
2871         (JSC::toNativeTypedView):
2872
2873 2015-08-07  Alex Christensen  <achristensen@webkit.org>
2874
2875         Build more testing binaries with CMake on Windows
2876         https://bugs.webkit.org/show_bug.cgi?id=147799
2877
2878         Reviewed by Brent Fulgham.
2879
2880         * shell/PlatformWin.cmake: Added.
2881         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
2882
2883 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
2884
2885         Lightweight locks should be adaptive
2886         https://bugs.webkit.org/show_bug.cgi?id=147545
2887
2888         Reviewed by Geoffrey Garen.
2889
2890         * dfg/DFGCommon.cpp:
2891         (JSC::DFG::startCrashing):
2892         * heap/CopiedBlock.h:
2893         (JSC::CopiedBlock::workListLock):
2894         * heap/CopiedBlockInlines.h:
2895         (JSC::CopiedBlock::shouldReportLiveBytes):
2896         (JSC::CopiedBlock::reportLiveBytes):
2897         * heap/CopiedSpace.cpp:
2898         (JSC::CopiedSpace::doneFillingBlock):
2899         * heap/CopiedSpace.h:
2900         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
2901         * heap/CopiedSpaceInlines.h:
2902         (JSC::CopiedSpace::recycleEvacuatedBlock):
2903         * heap/GCThreadSharedData.cpp:
2904         (JSC::GCThreadSharedData::didStartCopying):
2905         * heap/GCThreadSharedData.h:
2906         (JSC::GCThreadSharedData::getNextBlocksToCopy):
2907         * heap/ListableHandler.h:
2908         (JSC::ListableHandler::List::addThreadSafe):
2909         (JSC::ListableHandler::List::addNotThreadSafe):
2910         * heap/MachineStackMarker.cpp:
2911         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2912         * heap/SlotVisitorInlines.h:
2913         (JSC::SlotVisitor::copyLater):
2914         * parser/SourceProvider.cpp:
2915         (JSC::SourceProvider::~SourceProvider):
2916         (JSC::SourceProvider::getID):
2917         * profiler/ProfilerDatabase.cpp:
2918         (JSC::Profiler::Database::addDatabaseToAtExit):
2919         (JSC::Profiler::Database::removeDatabaseFromAtExit):
2920         (JSC::Profiler::Database::removeFirstAtExitDatabase):
2921         * runtime/TypeProfilerLog.h:
2922
2923 2015-08-07  Mark Lam  <mark.lam@apple.com>
2924
2925         Rename some variables in the JSC watchdog implementation.
2926         https://bugs.webkit.org/show_bug.cgi?id=147790
2927
2928         Rubber stamped by Benjamin Poulain.
2929
2930         This is just a refactoring patch to give the variable better names that describe their
2931         intended use.  There is no behavior change.
2932
2933         * runtime/Watchdog.cpp:
2934         (JSC::Watchdog::Watchdog):
2935         (JSC::Watchdog::setTimeLimit):
2936         (JSC::Watchdog::didFire):
2937         (JSC::Watchdog::isEnabled):
2938         (JSC::Watchdog::fire):
2939         (JSC::Watchdog::startCountdownIfNeeded):
2940         * runtime/Watchdog.h:
2941
2942 2015-08-07  Saam barati  <saambarati1@gmail.com>
2943
2944         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
2945         https://bugs.webkit.org/show_bug.cgi?id=147666
2946
2947         Reviewed by Geoffrey Garen.
2948
2949         If we make the bytecode generator know about every local scope it 
2950         creates, and if we give each local scope a unique register, the
2951         bytecode generator has all the information it needs to assign
2952         the correct scope to a catch handler. Because the bytecode generator
2953         knows this information, it's a better separation of responsibilties
2954         for it to set up the proper scope instead of relying on the exception
2955         handling runtime to find the scope.
2956
2957         * bytecode/BytecodeList.json:
2958         * bytecode/BytecodeUseDef.h:
2959         (JSC::computeUsesForBytecodeOffset):
2960         * bytecode/CodeBlock.cpp:
2961         (JSC::CodeBlock::dumpBytecode):
2962         (JSC::CodeBlock::CodeBlock):
2963         * bytecode/HandlerInfo.h:
2964         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
2965         (JSC::HandlerInfo::initialize):
2966         * bytecompiler/BytecodeGenerator.cpp:
2967         (JSC::BytecodeGenerator::generate):
2968         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2969         (JSC::BytecodeGenerator::emitGetScope):
2970         (JSC::BytecodeGenerator::emitPushWithScope):
2971         (JSC::BytecodeGenerator::emitGetParentScope):
2972         (JSC::BytecodeGenerator::emitPopScope):
2973         (JSC::BytecodeGenerator::emitPopWithScope):
2974         (JSC::BytecodeGenerator::allocateAndEmitScope):
2975         (JSC::BytecodeGenerator::emitComplexPopScopes):
2976         (JSC::BytecodeGenerator::pushTry):
2977         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2978         (JSC::BytecodeGenerator::localScopeDepth):
2979         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
2980         * bytecompiler/BytecodeGenerator.h:
2981         * bytecompiler/NodesCodegen.cpp:
2982         (JSC::WithNode::emitBytecode):
2983         * interpreter/Interpreter.cpp:
2984         (JSC::Interpreter::unwind):
2985         * jit/JITOpcodes.cpp:
2986         (JSC::JIT::emit_op_push_with_scope):
2987         (JSC::JIT::compileOpStrictEq):
2988         * jit/JITOpcodes32_64.cpp:
2989         (JSC::JIT::emit_op_push_with_scope):
2990         (JSC::JIT::emit_op_to_number):
2991         * jit/JITOperations.cpp:
2992         * jit/JITOperations.h:
2993         * llint/LLIntSlowPaths.cpp:
2994         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2995         * llint/LLIntSlowPaths.h:
2996         * llint/LowLevelInterpreter.asm:
2997         * runtime/CommonSlowPaths.cpp:
2998         (JSC::SLOW_PATH_DECL):
2999         * runtime/CommonSlowPaths.h:
3000         * runtime/JSScope.cpp:
3001         (JSC::JSScope::objectAtScope):
3002         (JSC::isUnscopable):
3003         (JSC::JSScope::depth): Deleted.
3004         * runtime/JSScope.h:
3005
3006 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
3007
3008         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
3009         https://bugs.webkit.org/show_bug.cgi?id=147761
3010
3011         Reviewed by Mark Lam.
3012
3013         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
3014         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
3015         it truncates the immediate pointer into the 32bit immediate.
3016         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
3017
3018         * assembler/MacroAssemblerARM64.h:
3019         (JSC::MacroAssemblerARM64::patchableBranchPtr):
3020         (JSC::MacroAssemblerARM64::patchableBranch64):
3021         * assembler/MacroAssemblerX86_64.h:
3022         (JSC::MacroAssemblerX86_64::patchableBranch64):
3023         * jit/JIT.h:
3024         * jit/JITInlines.h:
3025         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
3026         * jit/JITPropertyAccess.cpp:
3027         (JSC::JIT::emit_op_get_by_val):
3028
3029 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
3030
3031         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
3032         https://bugs.webkit.org/show_bug.cgi?id=147480
3033
3034         Reviewed by Filip Pizlo.
3035
3036         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
3037         The IC site only caches one id. After checking that the given id is the same to the
3038         cached one, we perform the get_by_id IC onto it.
3039         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
3040         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
3041         operations when the given get_by_val leverages the property load with the cached id.
3042
3043         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
3044         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
3045         This can be leveraged to optimize symbol operations in DFG.
3046
3047         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
3048         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
3049         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
3050         argument ArrayProfile* in the operations with ByValInfo*.
3051
3052         * bytecode/ByValInfo.h:
3053         (JSC::ByValInfo::ByValInfo):
3054         * bytecode/CodeBlock.cpp:
3055         (JSC::CodeBlock::getByValInfoMap):
3056         (JSC::CodeBlock::addByValInfo):
3057         * bytecode/CodeBlock.h:
3058         (JSC::CodeBlock::getByValInfo): Deleted.
3059         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
3060         (JSC::CodeBlock::numberOfByValInfos): Deleted.
3061         (JSC::CodeBlock::byValInfo): Deleted.
3062         * bytecode/ExitKind.cpp:
3063         (JSC::exitKindToString):
3064         * bytecode/ExitKind.h:
3065         * bytecode/GetByIdStatus.cpp:
3066         (JSC::GetByIdStatus::computeFor):
3067         (JSC::GetByIdStatus::computeForStubInfo):
3068         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3069         * bytecode/GetByIdStatus.h:
3070         * dfg/DFGAbstractInterpreterInlines.h:
3071         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3072         * dfg/DFGByteCodeParser.cpp:
3073         (JSC::DFG::ByteCodeParser::parseBlock):
3074         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3075         * dfg/DFGClobberize.h:
3076         (JSC::DFG::clobberize):
3077         * dfg/DFGConstantFoldingPhase.cpp:
3078         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3079         * dfg/DFGDoesGC.cpp:
3080         (JSC::DFG::doesGC):
3081         * dfg/DFGFixupPhase.cpp:
3082         (JSC::DFG::FixupPhase::fixupNode):
3083         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3084         * dfg/DFGNode.h:
3085         (JSC::DFG::Node::hasUidOperand):
3086         (JSC::DFG::Node::uidOperand):
3087         * dfg/DFGNodeType.h:
3088         * dfg/DFGPredictionPropagationPhase.cpp:
3089         (JSC::DFG::PredictionPropagationPhase::propagate):
3090         * dfg/DFGSafeToExecute.h:
3091         (JSC::DFG::SafeToExecuteEdge::operator()):
3092         (JSC::DFG::safeToExecute):
3093         * dfg/DFGSpeculativeJIT.cpp:
3094         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
3095         (JSC::DFG::SpeculativeJIT::speculateSymbol):
3096         (JSC::DFG::SpeculativeJIT::speculate):
3097         * dfg/DFGSpeculativeJIT.h:
3098         * dfg/DFGSpeculativeJIT32_64.cpp:
3099         (JSC::DFG::SpeculativeJIT::compile):
3100         * dfg/DFGSpeculativeJIT64.cpp:
3101         (JSC::DFG::SpeculativeJIT::compile):
3102         * dfg/DFGUseKind.cpp:
3103         (WTF::printInternal):
3104         * dfg/DFGUseKind.h:
3105         (JSC::DFG::typeFilterFor):
3106         (JSC::DFG::isCell):
3107         * ftl/FTLAbstractHeapRepository.h:
3108         * ftl/FTLCapabilities.cpp:
3109         (JSC::FTL::canCompile):
3110         * ftl/FTLLowerDFGToLLVM.cpp:
3111         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3112         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
3113         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
3114         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
3115         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
3116         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
3117         * jit/JIT.cpp:
3118         (JSC::JIT::privateCompile):
3119         * jit/JIT.h:
3120         (JSC::ByValCompilationInfo::ByValCompilationInfo):
3121         (JSC::JIT::compileGetByValWithCachedId):
3122         * jit/JITInlines.h:
3123         (JSC::JIT::callOperation):
3124         * jit/JITOpcodes.cpp:
3125         (JSC::JIT::emit_op_has_indexed_property):
3126         (JSC::JIT::emitSlow_op_has_indexed_property):
3127         * jit/JITOpcodes32_64.cpp:
3128         (JSC::JIT::emit_op_has_indexed_property):
3129         (JSC::JIT::emitSlow_op_has_indexed_property):
3130         * jit/JITOperations.cpp:
3131         (JSC::getByVal):
3132         * jit/JITOperations.h:
3133         * jit/JITPropertyAccess.cpp:
3134         (JSC::JIT::emit_op_get_by_val):
3135         (JSC::JIT::emitGetByValWithCachedId):
3136         (JSC::JIT::emitSlow_op_get_by_val):
3137         (JSC::JIT::emit_op_put_by_val):
3138         (JSC::JIT::emitSlow_op_put_by_val):
3139         (JSC::JIT::privateCompileGetByVal):
3140         (JSC::JIT::privateCompileGetByValWithCachedId):
3141         * jit/JITPropertyAccess32_64.cpp:
3142         (JSC::JIT::emit_op_get_by_val):
3143         (JSC::JIT::emitGetByValWithCachedId):
3144         (JSC::JIT::emitSlow_op_get_by_val):
3145         (JSC::JIT::emit_op_put_by_val):
3146         (JSC::JIT::emitSlow_op_put_by_val):
3147         * runtime/Symbol.h:
3148         * tests/stress/get-by-val-with-string-constructor.js: Added.
3149         (Hello):
3150         (get Hello.prototype.generate):
3151         (ok):
3152         * tests/stress/get-by-val-with-string-exit.js: Added.
3153         (shouldBe):
3154         (getByVal):
3155         (getStr1):
3156         (getStr2):
3157         * tests/stress/get-by-val-with-string-generated.js: Added.
3158         (shouldBe):
3159         (getByVal):
3160         (getStr1):
3161         (getStr2):
3162         * tests/stress/get-by-val-with-string-getter.js: Added.
3163         (object.get hello):
3164         (ok):
3165         * tests/stress/get-by-val-with-string.js: Added.
3166         (shouldBe):
3167         (getByVal):
3168         (getStr1):
3169         (getStr2):
3170         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
3171         (Hello):
3172         (get Hello.prototype.generate):
3173         (ok):
3174         * tests/stress/get-by-val-with-symbol-exit.js: Added.
3175         (shouldBe):
3176         (getByVal):
3177         (getSym1):
3178         (getSym2):
3179         * tests/stress/get-by-val-with-symbol-getter.js: Added.
3180         (object.get hello):
3181         (.get ok):
3182         * tests/stress/get-by-val-with-symbol.js: Added.
3183         (shouldBe):
3184         (getByVal):
3185         (getSym1):
3186         (getSym2):
3187
3188 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3189
3190         Parse the entire WebAssembly modules
3191         https://bugs.webkit.org/show_bug.cgi?id=147393
3192
3193         Reviewed by Geoffrey Garen.
3194
3195         Parse the entire WebAssembly modules from files produced by pack-asmjs
3196         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
3197         parse modules whose function definition section contains only functions that
3198         have "return 0;" as their only statement. Parsing of any functions will be
3199         implemented in a subsequent patch.
3200
3201         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3202         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3203         * JavaScriptCore.xcodeproj/project.pbxproj:
3204         * wasm/JSWASMModule.cpp:
3205         (JSC::JSWASMModule::destroy):
3206         * wasm/JSWASMModule.h:
3207         (JSC::JSWASMModule::i32Constants):
3208         (JSC::JSWASMModule::f32Constants):
3209         (JSC::JSWASMModule::f64Constants):
3210         (JSC::JSWASMModule::signatures):
3211         (JSC::JSWASMModule::functionImports):
3212         (JSC::JSWASMModule::functionImportSignatures):
3213         (JSC::JSWASMModule::globalVariableTypes):
3214         (JSC::JSWASMModule::functionDeclarations):
3215         (JSC::JSWASMModule::functionPointerTables):
3216         * wasm/WASMFormat.h: Added.
3217         * wasm/WASMModuleParser.cpp:
3218         (JSC::WASMModuleParser::parse):
3219         (JSC::WASMModuleParser::parseModule):
3220         (JSC::WASMModuleParser::parseConstantPoolSection):
3221         (JSC::WASMModuleParser::parseSignatureSection):
3222         (JSC::WASMModuleParser::parseFunctionImportSection):
3223         (JSC::WASMModuleParser::parseGlobalSection):
3224         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
3225         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
3226         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
3227         (JSC::WASMModuleParser::parseFunctionDefinition):
3228         (JSC::WASMModuleParser::parseExportSection):
3229         * wasm/WASMModuleParser.h:
3230         * wasm/WASMReader.cpp:
3231         (JSC::WASMReader::readUInt32):
3232         (JSC::WASMReader::readCompactUInt32):
3233         (JSC::WASMReader::readString):
3234         (JSC::WASMReader::readType):
3235         (JSC::WASMReader::readExpressionType):
3236         (JSC::WASMReader::readExportFormat):
3237         (JSC::WASMReader::readByte):
3238         (JSC::WASMReader::readUnsignedInt32): Deleted.
3239         * wasm/WASMReader.h:
3240
3241 2015-08-06  Keith Miller  <keith_miller@apple.com>
3242
3243         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
3244         https://bugs.webkit.org/show_bug.cgi?id=147749
3245
3246         Reviewed by Filip Pizlo.
3247
3248         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
3249         thus no one calls this code.
3250
3251         * ftl/FTLLowerDFGToLLVM.cpp:
3252         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
3253
3254 2015-08-06  Keith Miller  <keith_miller@apple.com>
3255
3256         The JSONP parser incorrectly parsers -0 as +0.
3257         https://bugs.webkit.org/show_bug.cgi?id=147590
3258
3259         Reviewed by Michael Saboff.
3260
3261         In the LiteralParser we should use a double to store the accumulator for numerical tokens
3262         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
3263
3264         * runtime/LiteralParser.cpp:
3265         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
3266
3267 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
3268
3269         Structures used for tryGetConstantProperty() should be registered first
3270         https://bugs.webkit.org/show_bug.cgi?id=147750
3271
3272         Reviewed by Saam Barati and Michael Saboff.
3273
3274         * dfg/DFGGraph.cpp:
3275         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
3276         * dfg/DFGGraph.h:
3277         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
3278         * dfg/DFGStructureRegistrationPhase.cpp:
3279         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
3280         (JSC::DFG::StructureRegistrationPhase::registerStructures):
3281         (JSC::DFG::StructureRegistrationPhase::registerStructure):
3282         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
3283         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
3284         (JSC::DFG::performStructureRegistration):
3285
3286 2015-08-06  Keith Miller  <keith_miller@apple.com>
3287
3288         Remove UnspecifiedBoolType from JSC
3289         https://bugs.webkit.org/show_bug.cgi?id=147597
3290
3291         Reviewed by Mark Lam.
3292
3293         We were using the safe bool pattern in the code base for implicit casting to booleans.
3294         With C++11 this is no longer necessary and we can instead create an operator bool.
3295
3296         * API/JSRetainPtr.h:
3297         (JSRetainPtr::operator bool):
3298         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
3299         * dfg/DFGEdge.h:
3300         (JSC::DFG::Edge::operator bool):
3301         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
3302         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
3303         * heap/Weak.h:
3304         * heap/WeakInlines.h:
3305         (JSC::bool):
3306         (JSC::UnspecifiedBoolType): Deleted.
3307
3308 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
3309
3310         [ES6] Class parser does not allow methods named set and get.
3311         https://bugs.webkit.org/show_bug.cgi?id=147150
3312
3313         Reviewed by Oliver Hunt.
3314
3315         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
3316         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
3317         so that we only treat them as such when it's followed by another token that could be a method name.
3318
3319         * parser/Parser.cpp:
3320         (JSC::Parser<LexerType>::parseClass):
3321
3322 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
3323
3324         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
3325
3326         * bytecode/SamplingTool.cpp:
3327         (JSC::SamplingTool::doRun):
3328         (JSC::SamplingTool::notifyOfScope):
3329         * bytecode/SamplingTool.h:
3330         * dfg/DFGThreadData.h:
3331         * dfg/DFGWorklist.cpp:
3332         (JSC::DFG::Worklist::~Worklist):
3333         (JSC::DFG::Worklist::isActiveForVM):
3334         (JSC::DFG::Worklist::enqueue):
3335         (JSC::DFG::Worklist::compilationState):
3336         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
3337         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
3338         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
3339         (JSC::DFG::Worklist::visitWeakReferences):
3340         (JSC::DFG::Worklist::removeDeadPlans):
3341         (JSC::DFG::Worklist::queueLength):
3342         (JSC::DFG::Worklist::dump):
3343         (JSC::DFG::Worklist::runThread):
3344         * dfg/DFGWorklist.h:
3345         * disassembler/Disassembler.cpp:
3346         * heap/CopiedSpace.cpp:
3347         (JSC::CopiedSpace::doneFillingBlock):
3348         (JSC::CopiedSpace::doneCopying):
3349         * heap/CopiedSpace.h:
3350         * heap/CopiedSpaceInlines.h:
3351         (JSC::CopiedSpace::recycleBorrowedBlock):
3352         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
3353         * heap/HeapTimer.h:
3354         * heap/MachineStackMarker.cpp:
3355         (JSC::ActiveMachineThreadsManager::Locker::Locker):
3356         (JSC::ActiveMachineThreadsManager::add):
3357         (JSC::ActiveMachineThreadsManager::remove):
3358         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
3359         (JSC::MachineThreads::~MachineThreads):
3360         (JSC::MachineThreads::addCurrentThread):
3361         (JSC::MachineThreads::removeThreadIfFound):
3362         (JSC::MachineThreads::tryCopyOtherThreadStack):
3363         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3364         (JSC::MachineThreads::gatherConservativeRoots):
3365         * heap/MachineStackMarker.h:
3366         * interpreter/JSStack.cpp:
3367         (JSC::stackStatisticsMutex):
3368         (JSC::JSStack::addToCommittedByteCount):
3369         (JSC::JSStack::committedByteCount):
3370         * jit/JITThunks.h:
3371         * profiler/ProfilerDatabase.h:
3372
3373 2015-08-05  Saam barati  <saambarati1@gmail.com>
3374
3375         Bytecodegenerator emits crappy code for returns in a lexical scope.
3376         https://bugs.webkit.org/show_bug.cgi?id=147688
3377
3378         Reviewed by Mark Lam.
3379
3380         When returning, we only need to emit complex pop scopes if we're in 
3381         a finally block. Otherwise, we can just return like normal. This saves
3382         us from inefficiently emitting unnecessary pop scopes.
3383
3384         * bytecompiler/BytecodeGenerator.h:
3385         (JSC::BytecodeGenerator::isInFinallyBlock):
3386         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
3387         * bytecompiler/NodesCodegen.cpp:
3388         (JSC::ReturnNode::emitBytecode):
3389
3390 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
3391
3392         Add the Intl API to the status page
3393
3394         * features.json:
3395         Andy VanWagoner landed the skeleton of the API and it is
3396         enabled by default.
3397
3398 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
3399
3400         Rename Mutex to DeprecatedMutex
3401         https://bugs.webkit.org/show_bug.cgi?id=147675
3402
3403         Reviewed by Geoffrey Garen.
3404
3405         * bytecode/SamplingTool.cpp:
3406         (JSC::SamplingTool::doRun):
3407         (JSC::SamplingTool::notifyOfScope):
3408         * bytecode/SamplingTool.h:
3409         * dfg/DFGThreadData.h:
3410         * dfg/DFGWorklist.cpp:
3411         (JSC::DFG::Worklist::~Worklist):
3412         (JSC::DFG::Worklist::isActiveForVM):
3413         (JSC::DFG::Worklist::enqueue):
3414         (JSC::DFG::Worklist::compilationState):
3415         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
3416         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
3417         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
3418         (JSC::DFG::Worklist::visitWeakReferences):
3419         (JSC::DFG::Worklist::removeDeadPlans):
3420         (JSC::DFG::Worklist::queueLength):
3421         (JSC::DFG::Worklist::dump):
3422         (JSC::DFG::Worklist::runThread):
3423         * dfg/DFGWorklist.h:
3424         * disassembler/Disassembler.cpp:
3425         * heap/CopiedSpace.cpp:
3426         (JSC::CopiedSpace::doneFillingBlock):
3427         (JSC::CopiedSpace::doneCopying):
3428         * heap/CopiedSpace.h:
3429         * heap/CopiedSpaceInlines.h:
3430         (JSC::CopiedSpace::recycleBorrowedBlock):
3431         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
3432         * heap/HeapTimer.h:
3433         * heap/MachineStackMarker.cpp:
3434         (JSC::ActiveMachineThreadsManager::Locker::Locker):
3435         (JSC::ActiveMachineThreadsManager::add):
3436         (JSC::ActiveMachineThreadsManager::remove):
3437         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
3438         (JSC::MachineThreads::~MachineThreads):
3439         (JSC::MachineThreads::addCurrentThread):
3440         (JSC::MachineThreads::removeThreadIfFound):
3441         (JSC::MachineThreads::tryCopyOtherThreadStack):
3442         (JSC::MachineThreads::tryCopyOtherThreadStacks):
3443         (JSC::MachineThreads::gatherConservativeRoots):
3444         * heap/MachineStackMarker.h:
3445         * interpreter/JSStack.cpp:
3446         (JSC::stackStatisticsMutex):
3447         (JSC::JSStack::addToCommittedByteCount):
3448         (JSC::JSStack::committedByteCount):
3449         * jit/JITThunks.h:
3450         * profiler/ProfilerDatabase.h:
3451
3452 2015-08-05  Saam barati  <saambarati1@gmail.com>
3453
3454         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
3455         https://bugs.webkit.org/show_bug.cgi?id=147657
3456
3457         Reviewed by Mark Lam.
3458
3459         This kills the last of the name scope objects. Function name scopes are
3460         now built on top of the scoping mechanisms introduced with ES6 block scoping.
3461         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
3462         function name scoped variable carefully depending on if the function is in
3463         strict mode. If we're in strict mode, then we treat the variable exactly
3464         like a "const" variable. If we're not in strict mode, we can't treat
3465         this variable like like ES6 "const" because that would cause the bytecode
3466         generator to throw an exception when it shouldn't.
3467
3468         * CMakeLists.txt:
3469         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3470         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3471         * JavaScriptCore.xcodeproj/project.pbxproj:
3472         * bytecode/BytecodeList.json:
3473         * bytecode/BytecodeUseDef.h:
3474         (JSC::computeUsesForBytecodeOffset):
3475         (JSC::computeDefsForBytecodeOffset):
3476         * bytecode/CodeBlock.cpp:
3477         (JSC::CodeBlock::dumpBytecode):
3478         * bytecompiler/BytecodeGenerator.cpp:
3479         (JSC::BytecodeGenerator::BytecodeGenerator):
3480         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3481         (JSC::BytecodeGenerator::pushLexicalScope):
3482         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3483         (JSC::BytecodeGenerator::variable):
3484         (JSC::BytecodeGenerator::resolveType):
3485         (JSC::BytecodeGenerator::emitThrowTypeError):
3486         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
3487         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
3488         (JSC::BytecodeGenerator::emitPushCatchScope):
3489         * bytecompiler/BytecodeGenerator.h:
3490         * bytecompiler/NodesCodegen.cpp:
3491         * debugger/DebuggerScope.cpp:
3492         * dfg/DFGOperations.cpp:
3493         * interpreter/Interpreter.cpp:
3494         * jit/JIT.cpp:
3495         (JSC::JIT::privateCompileMainPass):
3496         * jit/JIT.h:
3497         * jit/JITOpcodes.cpp:
3498         (JSC::JIT::emit_op_to_string):
3499         (JSC::JIT::emit_op_catch):
3500         (JSC::JIT::emit_op_push_name_scope): Deleted.
3501         * jit/JITOpcodes32_64.cpp:
3502         (JSC::JIT::emitSlow_op_to_string):
3503         (JSC::JIT::emit_op_catch):
3504         (JSC::JIT::emit_op_push_name_scope): Deleted.
3505         * jit/JITOperations.cpp:
3506         (JSC::pushNameScope): Deleted.
3507         * llint/LLIntSlowPaths.cpp:
3508         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3509         * llint/LLIntSlowPaths.h:
3510         * llint/LowLevelInterpreter.asm:
3511         * parser/Nodes.cpp:
3512         * runtime/CommonSlowPaths.cpp:
3513         * runtime/Executable.cpp:
3514         (JSC::ScriptExecutable::newCodeBlockFor):
3515         * runtime/JSFunctionNameScope.cpp: Removed.
3516         * runtime/JSFunctionNameScope.h: Removed.
3517         * runtime/JSGlobalObject.cpp:
3518         (JSC::JSGlobalObject::init):
3519         (JSC::JSGlobalObject::visitChildren):
3520         * runtime/JSGlobalObject.h:
3521         (JSC::JSGlobalObject::withScopeStructure):
3522         (JSC::JSGlobalObject::strictEvalActivationStructure):
3523         (JSC::JSGlobalObject::activationStructure):
3524         (JSC::JSGlobalObject::directArgumentsStructure):
3525         (JSC::JSGlobalObject::scopedArgumentsStructure):
3526         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
3527         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
3528         * runtime/JSNameScope.cpp: Removed.
3529         * runtime/JSNameScope.h: Removed.
3530         * runtime/JSObject.cpp:
3531         (JSC::JSObject::toThis):
3532         (JSC::JSObject::seal):
3533         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
3534         * runtime/JSObject.h:
3535         * runtime/JSScope.cpp:
3536         (JSC::JSScope::isCatchScope):
3537         (JSC::JSScope::isFunctionNameScopeObject):
3538         (JSC::resolveModeName):
3539         * runtime/JSScope.h:
3540         * runtime/JSSymbolTableObject.cpp:
3541         * runtime/SymbolTable.h:
3542         * runtime/VM.cpp:
3543
3544 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
3545
3546         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
3547         https://bugs.webkit.org/show_bug.cgi?id=147679
3548
3549         Reviewed by Timothy Hatcher.
3550
3551         Improve native iterator support for the PropertyName Iterator by
3552         allowing inspection of the internal object within the iterator
3553         and peeking of the next upcoming values of the iterator.
3554
3555         * inspector/JSInjectedScriptHost.cpp:
3556         (Inspector::JSInjectedScriptHost::subtype):
3557         (Inspector::JSInjectedScriptHost::getInternalProperties):
3558         (Inspector::JSInjectedScriptHost::iteratorEntries):
3559         * runtime/JSPropertyNameIterator.h:
3560         (JSC::JSPropertyNameIterator::iteratedValue):
3561
3562 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
3563
3564         [Win] Update Apple Windows build for VS2015
3565         https://bugs.webkit.org/show_bug.cgi?id=147653
3566
3567         Reviewed by Dean Jackson.
3568
3569         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
3570         Show JSC files in proper project locations in IDE.
3571
3572 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
3573
3574         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
3575         https://bugs.webkit.org/show_bug.cgi?id=147328
3576
3577         Reviewed by Timothy Hatcher.
3578
3579         * inspector/InjectedScriptSource.js:
3580         Use classList and classList.toString instead of className.
3581
3582 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
3583
3584         [ES6] Support Module Syntax
3585         https://bugs.webkit.org/show_bug.cgi?id=147422
3586
3587         Reviewed by Saam Barati.
3588
3589         This patch introduces ES6 Modules syntax parsing part.
3590         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
3591         and this patch does not include the code generator part.
3592
3593         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
3594         and do not execute the body or construct the AST. And after analyzing all the dependent
3595         modules, we will parse the dependent modules next.
3596         After all analyzing part is done, we will start the second pass. In the second pass, we
3597         will parse the module, produce the AST, and execute the body.
3598         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
3599         because the given module can be executed after the all dependent modules are executed. It
3600         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
3601         the dependent modules' information.
3602
3603         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
3604         This patch aims at just implementing the syntax parsing functionality correctly.
3605         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
3606         to collect the dependent modules fast[1].
3607
3608         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
3609         By using this, we can parse the given string as the module.
3610
3611         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
3612
3613         * bytecompiler/NodesCodegen.cpp:
3614         (JSC::ModuleProgramNode::emitBytecode):
3615         (JSC::ImportDeclarationNode::emitBytecode):
3616         (JSC::ExportAllDeclarationNode::emitBytecode):
3617         (JSC::ExportDefaultDeclarationNode::emitBytecode):
3618         (JSC::ExportLocalDeclarationNode::emitBytecode):
3619         (JSC::ExportNamedDeclarationNode::emitBytecode):
3620         * jsc.cpp:
3621         (GlobalObject::finishCreation):
3622         (functionCheckModuleSyntax):
3623         * parser/ASTBuilder.h:
3624         (JSC::ASTBuilder::createModuleSpecifier):
3625         (JSC::ASTBuilder::createImportSpecifier):
3626         (JSC::ASTBuilder::createImportSpecifierList):
3627         (JSC::ASTBuilder::appendImportSpecifier):
3628         (JSC::ASTBuilder::createImportDeclaration):
3629         (JSC::ASTBuilder::createExportAllDeclaration):
3630         (JSC::ASTBuilder::createExportDefaultDeclaration):
3631         (JSC::ASTBuilder::createExportLocalDeclaration):
3632         (JSC::ASTBuilder::createExportNamedDeclaration):
3633         (JSC::ASTBuilder::createExportSpecifier):
3634         (JSC::ASTBuilder::createExportSpecifierList):
3635         (JSC::ASTBuilder::appendExportSpecifier):
3636         * parser/Keywords.table:
3637         * parser/NodeConstructors.h:
3638         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
3639         (JSC::ImportSpecifierNode::ImportSpecifierNode):
3640         (JSC::ImportDeclarationNode::ImportDeclarationNode):
3641         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
3642         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
3643         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
3644         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
3645         (JSC::ExportSpecifierNode::ExportSpecifierNode):
3646         * parser/Nodes.cpp:
3647         (JSC::ModuleProgramNode::ModuleProgramNode):
3648         * parser/Nodes.h:
3649         (JSC::ModuleProgramNode::startColumn):
3650         (JSC::ModuleProgramNode::endColumn):
3651         (JSC::ModuleSpecifierNode::moduleName):
3652         (JSC::ImportSpecifierNode::importedName):
3653         (JSC::ImportSpecifierNode::localName):
3654         (JSC::ImportSpecifierListNode::specifiers):
3655         (JSC::ImportSpecifierListNode::append):
3656         (JSC::ImportDeclarationNode::specifierList):
3657         (JSC::ImportDeclarationNode::moduleSpecifier):
3658         (JSC::ExportAllDeclarationNode::moduleSpecifier):
3659         (JSC::ExportDefaultDeclarationNode::declaration):
3660         (JSC::ExportLocalDeclarationNode::declaration):
3661         (JSC::ExportSpecifierNode::exportedName):
3662         (JSC::ExportSpecifierNode::localName):
3663         (JSC::ExportSpecifierListNode::specifiers):
3664         (JSC::ExportSpecifierListNode::append):
3665         (JSC::ExportNamedDeclarationNode::specifierList):
3666         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
3667         * parser/Parser.cpp:
3668         (JSC::Parser<LexerType>::Parser):
3669         (JSC::Parser<LexerType>::parseInner):
3670         (JSC::Parser<LexerType>::parseModuleSourceElements):
3671         (JSC::Parser<LexerType>::parseVariableDeclaration):
3672         (JSC::Parser<LexerType>::parseVariableDeclarationList):
3673         (JSC::Parser<LexerType>::createBindingPattern):
3674         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
3675         (JSC::Parser<LexerType>::parseDestructuringPattern):
3676         (JSC::Parser<LexerType>::parseForStatement):
3677         (JSC::Parser<LexerType>::parseFormalParameters):
3678         (JSC::Parser<LexerType>::parseFunctionParameters):
3679         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3680         (JSC::Parser<LexerType>::parseClassDeclaration):
3681         (JSC::Parser<LexerType>::parseModuleSpecifier):
3682         (JSC::Parser<LexerType>::parseImportClauseItem):
3683         (JSC::Parser<LexerType>::parseImportDeclaration):
3684         (JSC::Parser<LexerType>::parseExportSpecifier):
3685         (JSC::Parser<LexerType>::parseExportDeclaration):
3686         (JSC::Parser<LexerType>::parseMemberExpression):
3687         * parser/Parser.h:
3688         (JSC::isIdentifierOrKeyword):
3689         (JSC::ModuleScopeData::create):
3690         (JSC::ModuleScopeData::exportedBindings):
3691         (JSC::ModuleScopeData::exportName):
3692         (JSC::ModuleScopeData::exportBinding):
3693         (JSC::Scope::Scope):
3694         (JSC::Scope::setIsModule):
3695         (JSC::Scope::moduleScopeData):
3696         (JSC::Parser::matchContextualKeyword):
3697         (JSC::Parser::matchIdentifierOrKeyword):
3698         (JSC::Parser::isofToken): Deleted.
3699         * parser/ParserModes.h:
3700         * parser/ParserTokens.h:
3701         * parser/SyntaxChecker.h:
3702         (JSC::SyntaxChecker::createModuleSpecifier):
3703         (JSC::SyntaxChecker::createImportSpecifier):
3704         (JSC::SyntaxChecker::createImportSpecifierList):
3705         (JSC::SyntaxChecker::appendImportSpecifier):
3706         (JSC::SyntaxChecker::createImportDeclaration):
3707         (JSC::SyntaxChecker::createExportAllDeclaration):
3708         (JSC::SyntaxChecker::createExportDefaultDeclaration):
3709         (JSC::SyntaxChecker::createExportLocalDeclaration):
3710         (JSC::SyntaxChecker::createExportNamedDeclaration):
3711         (JSC::SyntaxChecker::createExportSpecifier):
3712         (JSC::SyntaxChecker::createExportSpecifierList):
3713         (JSC::SyntaxChecker::appendExportSpecifier):
3714         * runtime/CommonIdentifiers.cpp:
3715         (JSC::CommonIdentifiers::CommonIdentifiers):
3716         * runtime/CommonIdentifiers.h:
3717         * runtime/Completion.cpp:
3718         (JSC::checkModuleSyntax):
3719         * runtime/Completion.h:
3720         * tests/stress/modules-syntax-error-with-names.js: Added.
3721         (shouldThrow):
3722         * tests/stress/modules-syntax-error.js: Added.
3723         (shouldThrow):
3724         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
3725         * tests/stress/modules-syntax.js: Added.
3726         (prototype.checkModuleSyntax):
3727         (checkModuleSyntax):
3728         * tests/stress/tagged-templates-syntax.js:
3729
3730 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
3731
3732         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
3733         https://bugs.webkit.org/show_bug.cgi?id=146833
3734
3735         Reviewed by Alexey Proskuryakov.
3736
3737         * assembler/ARM64Assembler.h:
3738         * assembler/ARMAssembler.h:
3739         (JSC::ARMAssembler::cacheFlush):
3740         * assembler/MacroAssemblerARM.cpp:
3741         (JSC::isVFPPresent):
3742         * assembler/MacroAssemblerX86Common.h:
3743         (JSC::MacroAssemblerX86Common::isSSE2Present):
3744         * heap/MachineStackMarker.h:
3745         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
3746         (JSC::logF):
3747         * jit/HostCallReturnValue.h:
3748         * jit/JIT.h:
3749         * jit/JITOperations.cpp:
3750         * jit/JITStubsARM.h:
3751         * jit/JITStubsARMv7.h:
3752         * jit/JITStubsX86.h:
3753         * jit/JITStubsX86Common.h:
3754         * jit/JITStubsX86_64.h:
3755         * jit/ThunkGenerators.cpp:
3756         * runtime/JSExportMacros.h:
3757         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
3758         (JSC::clz32):
3759
3760 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
3761
3762         Unreviewed, fix uninitialized property leading to an assert.
3763
3764         * runtime/PutPropertySlot.h:
3765         (JSC::PutPropertySlot::PutPropertySlot):
3766
3767 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
3768
3769         Unreviewed, fix Windows.
3770
3771         * bytecode/ObjectPropertyConditionSet.h:
3772         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3773
3774 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
3775
3776         DFG should have adaptive structure watchpoints
3777         https://bugs.webkit.org/show_bug.cgi?id=146929
3778
3779         Reviewed by Geoffrey Garen.
3780
3781         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
3782         property, you'd check that the object still has the structure that you first saw the object have. We
3783         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
3784         elide the structure check.
3785
3786         But this approach fails when that object frequently has new properties added to it. This would
3787         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
3788         we'd have to recompile either the IC or an entire code block.
3789
3790         This change introduces a new concept: an object property condition. This value describes some
3791         condition involving a property on some object. There are four kinds: presence, absence,
3792         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
3793         object has some property at some offset with some attributes. This allows us to implement a new kind
3794         of watchpoint, which knows about the object property condition that it's being used to enforce. If
3795         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
3796         on the new structure.
3797
3798         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
3799         and prototype accesses. They are also used for any DFG accesses to object constants, including
3800         global property accesses.
3801
3802         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
3803         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
3804         chain situation. It's also a small speed-up on getter-richards.
3805
3806         * CMakeLists.txt:
3807         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3808         * JavaScriptCore.xcodeproj/project.pbxproj:
3809         * bytecode/CodeBlock.cpp:
3810         (JSC::CodeBlock::printGetByIdCacheStatus):
3811         (JSC::CodeBlock::printPutByIdCacheStatus):
3812         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
3813         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
3814         * bytecode/ComplexGetStatus.cpp:
3815         (JSC::ComplexGetStatus::computeFor):
3816         * bytecode/ComplexGetStatus.h:
3817         (JSC::ComplexGetStatus::ComplexGetStatus):
3818         (JSC::ComplexGetStatus::takesSlowPath):
3819         (JSC::ComplexGetStatus::kind):
3820         (JSC::ComplexGetStatus::offset):
3821         (JSC::ComplexGetStatus::conditionSet):
3822         (JSC::ComplexGetStatus::attributes): Deleted.
3823         (JSC::ComplexGetStatus::specificValue): Deleted.
3824         (JSC::ComplexGetStatus::chain): Deleted.
3825         * bytecode/ConstantStructureCheck.cpp: Removed.
3826         * bytecode/ConstantStructureCheck.h: Removed.
3827         * bytecode/GetByIdStatus.cpp:
3828         (JSC::GetByIdStatus::computeForStubInfo):
3829         * bytecode/GetByIdVariant.cpp:
3830         (JSC::GetByIdVariant::GetByIdVariant):
3831         (JSC::GetByIdVariant::~GetByIdVariant):
3832         (JSC::GetByIdVariant::operator=):
3833         (JSC::GetByIdVariant::attemptToMerge):
3834         (JSC::GetByIdVariant::dumpInContext):
3835         (JSC::GetByIdVariant::baseStructure): Deleted.
3836         * bytecode/GetByIdVariant.h:
3837         (JSC::GetByIdVariant::operator!):
3838         (JSC::GetByIdVariant::structureSet):
3839         (JSC::GetByIdVariant::conditionSet):
3840         (JSC::GetByIdVariant::offset):
3841         (JSC::GetByIdVariant::callLinkStatus):
3842         (JSC::GetByIdVariant::constantChecks): Deleted.
3843         (JSC::GetByIdVariant::alternateBase): Deleted.
3844         * bytecode/ObjectPropertyCondition.cpp: Added.
3845         (JSC::ObjectPropertyCondition::dumpInContext):
3846         (JSC::ObjectPropertyCondition::dump):
3847         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
3848         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
3849         (JSC::ObjectPropertyCondition::isStillValid):
3850         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
3851         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3852         (JSC::ObjectPropertyCondition::isWatchable):
3853         (JSC::ObjectPropertyCondition::isStillLive):
3854         (JSC::ObjectPropertyCondition::validateReferences):
3855         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3856         * bytecode/ObjectPropertyCondition.h: Added.
3857         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
3858         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
3859         (JSC::ObjectPropertyCondition::presence):
3860         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
3861         (JSC::ObjectPropertyCondition::absence):
3862         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
3863         (JSC::ObjectPropertyCondition::absenceOfSetter):
3864         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
3865         (JSC::ObjectPropertyCondition::equivalence):
3866         (JSC::ObjectPropertyCondition::operator!):
3867         (JSC::ObjectPropertyCondition::object):
3868         (JSC::ObjectPropertyCondition::condition):
3869         (JSC::ObjectPropertyCondition::kind):
3870         (JSC::ObjectPropertyCondition::uid):
3871         (JSC::ObjectPropertyCondition::hasOffset):
3872         (JSC::ObjectPropertyCondition::offset):
3873         (JSC::ObjectPropertyCondition::hasAttributes):
3874         (JSC::ObjectPropertyCondition::attributes):
3875         (JSC::ObjectPropertyCondition::hasPrototype):
3876         (JSC::ObjectPropertyCondition::prototype):
3877         (JSC::ObjectPropertyCondition::hasRequiredValue):
3878         (JSC::ObjectPropertyCondition::requiredValue):
3879         (JSC::ObjectPropertyCondition::hash):
3880         (JSC::ObjectPropertyCondition::operator==):
3881         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
3882         (JSC::ObjectPropertyCondition::isCompatibleWith):
3883         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3884         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
3885         (JSC::ObjectPropertyCondition::isValidValueForPresence):
3886         (JSC::ObjectPropertyConditionHash::hash):
3887         (JSC::ObjectPropertyConditionHash::equal):
3888         * bytecode/ObjectPropertyConditionSet.cpp: Added.
3889         (JSC::ObjectPropertyConditionSet::forObject):
3890         (JSC::ObjectPropertyConditionSet::forConditionKind):
3891         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
3892         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
3893         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
3894         (JSC::ObjectPropertyConditionSet::mergedWith):
3895         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
3896         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
3897         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
3898         (JSC::ObjectPropertyConditionSet::areStillLive):
3899         (JSC::ObjectPropertyConditionSet::dumpInContext):
3900         (JSC::ObjectPropertyConditionSet::dump):
3901         (JSC::generateConditionsForPropertyMiss):
3902         (JSC::generateConditionsForPropertySetterMiss):
3903         (JSC::generateConditionsForPrototypePropertyHit):
3904         (JSC::generateConditionsForPrototypePropertyHitCustom):
3905         (JSC::generateConditionsForPropertySetterMissConcurrently):
3906         * bytecode/ObjectPropertyConditionSet.h: Added.
3907         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
3908         (JSC::ObjectPropertyConditionSet::invalid):
3909         (JSC::ObjectPropertyConditionSet::nonEmpty):
3910         (JSC::ObjectPropertyConditionSet::isValid):
3911         (JSC::ObjectPropertyConditionSet::isEmpty):
3912         (JSC::ObjectPropertyConditionSet::begin):
3913         (JSC::ObjectPropertyConditionSet::end):
3914         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
3915         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
3916         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3917         (JSC::ObjectPropertyConditionSet::Data::Data):
3918         * bytecode/PolymorphicGetByIdList.cpp:
3919         (JSC::GetByIdAccess::GetByIdAccess):
3920        &nbs