will-change should sometimes trigger compositing
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-17  Simon Fraser  <simon.fraser@apple.com>
2
3         will-change should sometimes trigger compositing
4         https://bugs.webkit.org/show_bug.cgi?id=148072
5
6         Reviewed by Tim Horton.
7         
8         Include will-change as a reason for compositing.
9
10         * inspector/protocol/LayerTree.json:
11
12 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
13
14         [ES6] Implement Reflect.getOwnPropertyDescriptor
15         https://bugs.webkit.org/show_bug.cgi?id=147929
16
17         Reviewed by Geoffrey Garen.
18
19         Implement Reflect.getOwnPropertyDescriptor.
20         The difference from the Object.getOwnPropertyDescriptor is
21         Reflect.getOwnPropertyDescriptor does not perform ToObject onto
22         the first argument. If the first argument is not an Object, it
23         immediately raises the TypeError.
24
25         * runtime/ObjectConstructor.cpp:
26         (JSC::objectConstructorGetOwnPropertyDescriptor):
27         * runtime/ObjectConstructor.h:
28         * runtime/ReflectObject.cpp:
29         (JSC::reflectObjectGetOwnPropertyDescriptor):
30         * tests/stress/reflect-get-own-property.js: Added.
31         (shouldBe):
32         (shouldThrow):
33
34 2015-08-16  Benjamin Poulain  <bpoulain@apple.com>
35
36         [JSC] Use (x + x) instead of (x * 2) when possible
37         https://bugs.webkit.org/show_bug.cgi?id=148051
38
39         Reviewed by Michael Saboff.
40
41         When multiplying a number by 2, JSC was loading a constant "2"
42         in register and multiplying it with the first number:
43
44             mov $0x4000000000000000, %rcx
45             movd %rcx, %xmm0
46             mulsd %xmm0, %xmm1
47
48         This is a problem for a few reasons.
49         1) "movd %rcx, %xmm0" only set half of XMM0. This instruction
50            has to wait for any preceding instruction on XMM0 to finish
51            before executing.
52         2) The load and transform itself is large and unecessary.
53
54         To fix that, I added a StrengthReductionPhase to transform
55         multiplications by 2 into a addition.
56
57         Unfortunately, that turned the code into:
58             movsd %xmm0 %xmm1
59             mulsd %xmm1 %xmm0
60
61         The reason is GenerationInfo::canReuse() was not accounting
62         for nodes using other nodes multiple times.
63
64         After fixing that too, we now have the multiplications by 2
65         done as:
66             addsd %xmm0 %xmm0
67
68         * dfg/DFGGenerationInfo.h:
69         (JSC::DFG::GenerationInfo::useCount):
70         (JSC::DFG::GenerationInfo::canReuse): Deleted.
71         * dfg/DFGSpeculativeJIT.cpp:
72         (JSC::DFG::FPRTemporary::FPRTemporary):
73         * dfg/DFGSpeculativeJIT.h:
74         (JSC::DFG::SpeculativeJIT::canReuse):
75         (JSC::DFG::GPRTemporary::GPRTemporary):
76         * dfg/DFGStrengthReductionPhase.cpp:
77         (JSC::DFG::StrengthReductionPhase::handleNode):
78
79 2015-08-14  Basile Clement  <basile_clement@apple.com>
80
81         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
82         https://bugs.webkit.org/show_bug.cgi?id=147165
83
84         Reviewed by Saam Barati.
85
86         The object allocation sinking phase was not properly checking that a
87         MultiGetByOffset was safe to lower before lowering it.
88         This makes it so that we only lower MultiGetByOffset if it only loads
89         from direct properties of the object, and considers it as an escape in
90         any other case (e.g. a load from the prototype).
91
92         It also ensure proper conversion of MultiGetByOffset into
93         CheckStructureImmediate when needed.
94
95         * dfg/DFGObjectAllocationSinkingPhase.cpp:
96         * ftl/FTLLowerDFGToLLVM.cpp:
97         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
98             We were not compiling properly CheckStructure and
99             CheckStructureImmediate nodes with an empty StructureSet.
100         * tests/stress/sink-multigetbyoffset.js: Regression test.
101
102 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
103
104         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
105         https://bugs.webkit.org/show_bug.cgi?id=147999
106
107         Reviewed by Geoffrey Garen.
108
109         * API/JSVirtualMachine.mm:
110         (initWrapperCache):
111         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
112         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
113         (wrapperCacheMutex): Deleted.
114         * bytecode/SamplingTool.cpp:
115         (JSC::SamplingTool::doRun):
116         (JSC::SamplingTool::notifyOfScope):
117         * bytecode/SamplingTool.h:
118         * dfg/DFGThreadData.h:
119         * dfg/DFGWorklist.cpp:
120         (JSC::DFG::Worklist::~Worklist):
121         (JSC::DFG::Worklist::isActiveForVM):
122         (JSC::DFG::Worklist::enqueue):
123         (JSC::DFG::Worklist::compilationState):
124         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
125         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
126         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
127         (JSC::DFG::Worklist::visitWeakReferences):
128         (JSC::DFG::Worklist::removeDeadPlans):
129         (JSC::DFG::Worklist::queueLength):
130         (JSC::DFG::Worklist::dump):
131         (JSC::DFG::Worklist::runThread):
132         * dfg/DFGWorklist.h:
133         * disassembler/Disassembler.cpp:
134         * heap/CopiedSpace.cpp:
135         (JSC::CopiedSpace::doneFillingBlock):
136         (JSC::CopiedSpace::doneCopying):
137         * heap/CopiedSpace.h:
138         * heap/CopiedSpaceInlines.h:
139         (JSC::CopiedSpace::recycleBorrowedBlock):
140         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
141         * heap/GCThread.cpp:
142         (JSC::GCThread::waitForNextPhase):
143         (JSC::GCThread::gcThreadMain):
144         * heap/GCThreadSharedData.cpp:
145         (JSC::GCThreadSharedData::GCThreadSharedData):
146         (JSC::GCThreadSharedData::~GCThreadSharedData):
147         (JSC::GCThreadSharedData::startNextPhase):
148         (JSC::GCThreadSharedData::endCurrentPhase):
149         (JSC::GCThreadSharedData::didStartMarking):
150         (JSC::GCThreadSharedData::didFinishMarking):
151         * heap/GCThreadSharedData.h:
152         * heap/HeapTimer.h:
153         * heap/MachineStackMarker.cpp:
154         (JSC::ActiveMachineThreadsManager::Locker::Locker):
155         (JSC::ActiveMachineThreadsManager::add):
156         (JSC::ActiveMachineThreadsManager::remove):
157         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
158         (JSC::MachineThreads::~MachineThreads):
159         (JSC::MachineThreads::addCurrentThread):
160         (JSC::MachineThreads::removeThreadIfFound):
161         (JSC::MachineThreads::tryCopyOtherThreadStack):
162         (JSC::MachineThreads::tryCopyOtherThreadStacks):
163         (JSC::MachineThreads::gatherConservativeRoots):
164         * heap/MachineStackMarker.h:
165         * heap/SlotVisitor.cpp:
166         (JSC::SlotVisitor::donateKnownParallel):
167         (JSC::SlotVisitor::drain):
168         (JSC::SlotVisitor::drainFromShared):
169         (JSC::SlotVisitor::mergeOpaqueRoots):
170         * heap/SlotVisitorInlines.h:
171         (JSC::SlotVisitor::containsOpaqueRootTriState):
172         * inspector/remote/RemoteInspectorDebuggableConnection.h:
173         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
174         (Inspector::RemoteInspectorHandleRunSourceGlobal):
175         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
176         (Inspector::RemoteInspectorInitializeGlobalQueue):
177         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
178         (Inspector::RemoteInspectorDebuggableConnection::setup):
179         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
180         (Inspector::RemoteInspectorDebuggableConnection::close):
181         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
182         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
183         * interpreter/JSStack.cpp:
184         (JSC::JSStack::JSStack):
185         (JSC::JSStack::releaseExcessCapacity):
186         (JSC::JSStack::addToCommittedByteCount):
187         (JSC::JSStack::committedByteCount):
188         (JSC::stackStatisticsMutex): Deleted.
189         (JSC::JSStack::initializeThreading): Deleted.
190         * interpreter/JSStack.h:
191         (JSC::JSStack::gatherConservativeRoots):
192         (JSC::JSStack::sanitizeStack):
193         (JSC::JSStack::size):
194         (JSC::JSStack::initializeThreading): Deleted.
195         * jit/ExecutableAllocator.cpp:
196         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
197         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
198         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
199         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
200         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
201         (JSC::DemandExecutableAllocator::allocators):
202         (JSC::DemandExecutableAllocator::allocatorsMutex):
203         * jit/JITThunks.cpp:
204         (JSC::JITThunks::ctiStub):
205         * jit/JITThunks.h:
206         * profiler/ProfilerDatabase.cpp:
207         (JSC::Profiler::Database::ensureBytecodesFor):
208         (JSC::Profiler::Database::notifyDestruction):
209         * profiler/ProfilerDatabase.h:
210         * runtime/InitializeThreading.cpp:
211         (JSC::initializeThreading):
212         * runtime/JSLock.cpp:
213         (JSC::GlobalJSLock::GlobalJSLock):
214         (JSC::GlobalJSLock::~GlobalJSLock):
215         (JSC::JSLockHolder::JSLockHolder):
216         (JSC::GlobalJSLock::initialize): Deleted.
217         * runtime/JSLock.h:
218
219 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
220
221         ES6 class syntax should allow computed name method
222         https://bugs.webkit.org/show_bug.cgi?id=142690
223
224         Reviewed by Saam Barati.
225
226         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
227         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
228         getters and setters for classes. Without this, getters and setters could erroneously override methods.
229
230         * bytecode/BytecodeList.json:
231         * bytecode/BytecodeUseDef.h:
232         (JSC::computeUsesForBytecodeOffset):
233         * bytecode/CodeBlock.cpp:
234         (JSC::CodeBlock::dumpBytecode):
235         * bytecompiler/BytecodeGenerator.cpp:
236         (JSC::BytecodeGenerator::emitDirectPutById):
237         (JSC::BytecodeGenerator::emitPutGetterById):
238         (JSC::BytecodeGenerator::emitPutSetterById):
239         (JSC::BytecodeGenerator::emitPutGetterSetter):
240         * bytecompiler/BytecodeGenerator.h:
241         * bytecompiler/NodesCodegen.cpp:
242         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
243         as done for object literals.
244         (JSC::PropertyListNode::emitPutConstantProperty):
245         (JSC::ClassExprNode::emitBytecode):
246         * jit/CCallHelpers.h:
247         (JSC::CCallHelpers::setupArgumentsWithExecState):
248         * jit/JIT.h:
249         * jit/JITInlines.h:
250         (JSC::JIT::callOperation):
251         * jit/JITOperations.cpp:
252         * jit/JITOperations.h:
253         * jit/JITPropertyAccess.cpp:
254         (JSC::JIT::emit_op_put_getter_by_id):
255         (JSC::JIT::emit_op_put_setter_by_id):
256         (JSC::JIT::emit_op_put_getter_setter):
257         (JSC::JIT::emit_op_del_by_id):
258         * jit/JITPropertyAccess32_64.cpp:
259         (JSC::JIT::emit_op_put_getter_by_id):
260         (JSC::JIT::emit_op_put_setter_by_id):
261         (JSC::JIT::emit_op_put_getter_setter):
262         (JSC::JIT::emit_op_del_by_id):
263         * llint/LLIntSlowPaths.cpp:
264         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
265         * llint/LowLevelInterpreter.asm:
266         * parser/ASTBuilder.h:
267         (JSC::ASTBuilder::createProperty):
268         (JSC::ASTBuilder::createPropertyList):
269         * parser/NodeConstructors.h:
270         (JSC::PropertyNode::PropertyNode):
271         * parser/Nodes.h:
272         (JSC::PropertyNode::expressionName):
273         (JSC::PropertyNode::name):
274         * parser/Parser.cpp:
275         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
276         for getters and setters.
277         * parser/SyntaxChecker.h:
278         (JSC::SyntaxChecker::createProperty):
279         * runtime/JSObject.cpp:
280         (JSC::JSObject::allowsAccessFrom):
281         (JSC::JSObject::putGetter):
282         (JSC::JSObject::putSetter):
283         * runtime/JSObject.h:
284         * runtime/PropertyDescriptor.h:
285
286 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
287
288         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
289         https://bugs.webkit.org/show_bug.cgi?id=147942
290
291         Reviewed by Geoffrey Garen.
292
293         This patch adds new private global object, @InspectorInstrumentation.
294         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
295         instrumentation system and it is used to instrument the builtin JS code, like Promises.
296
297         * CMakeLists.txt:
298         * DerivedSources.make:
299         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
300         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
301         * JavaScriptCore.xcodeproj/project.pbxproj:
302         * builtins/InspectorInstrumentationObject.js: Added.
303         (debug):
304         (promiseFulfilled):
305         (promiseRejected):
306         * builtins/Operations.Promise.js:
307         (rejectPromise):
308         (fulfillPromise):
309         * runtime/CommonIdentifiers.h:
310         * runtime/InspectorInstrumentationObject.cpp: Added.
311         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
312         (JSC::InspectorInstrumentationObject::finishCreation):
313         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
314         (JSC::InspectorInstrumentationObject::isEnabled):
315         (JSC::InspectorInstrumentationObject::enable):
316         (JSC::InspectorInstrumentationObject::disable):
317         (JSC::inspectorInstrumentationObjectDataLogImpl):
318         * runtime/InspectorInstrumentationObject.h: Added.
319         (JSC::InspectorInstrumentationObject::create):
320         (JSC::InspectorInstrumentationObject::createStructure):
321         * runtime/JSGlobalObject.cpp:
322         (JSC::JSGlobalObject::init):
323
324 2015-08-14  Commit Queue  <commit-queue@webkit.org>
325
326         Unreviewed, rolling out r188444.
327         https://bugs.webkit.org/show_bug.cgi?id=148029
328
329         Broke GTK and EFL (see bug #148027) (Requested by philn on
330         #webkit).
331
332         Reverted changeset:
333
334         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
335         WTF::ThreadCondition, std::mutex, and std::condition_variable"
336         https://bugs.webkit.org/show_bug.cgi?id=147999
337         http://trac.webkit.org/changeset/188444
338
339 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
340
341         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
342         https://bugs.webkit.org/show_bug.cgi?id=147999
343
344         Reviewed by Geoffrey Garen.
345
346         * API/JSVirtualMachine.mm:
347         (initWrapperCache):
348         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
349         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
350         (wrapperCacheMutex): Deleted.
351         * bytecode/SamplingTool.cpp:
352         (JSC::SamplingTool::doRun):
353         (JSC::SamplingTool::notifyOfScope):
354         * bytecode/SamplingTool.h:
355         * dfg/DFGThreadData.h:
356         * dfg/DFGWorklist.cpp:
357         (JSC::DFG::Worklist::~Worklist):
358         (JSC::DFG::Worklist::isActiveForVM):
359         (JSC::DFG::Worklist::enqueue):
360         (JSC::DFG::Worklist::compilationState):
361         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
362         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
363         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
364         (JSC::DFG::Worklist::visitWeakReferences):
365         (JSC::DFG::Worklist::removeDeadPlans):
366         (JSC::DFG::Worklist::queueLength):
367         (JSC::DFG::Worklist::dump):
368         (JSC::DFG::Worklist::runThread):
369         * dfg/DFGWorklist.h:
370         * disassembler/Disassembler.cpp:
371         * heap/CopiedSpace.cpp:
372         (JSC::CopiedSpace::doneFillingBlock):
373         (JSC::CopiedSpace::doneCopying):
374         * heap/CopiedSpace.h:
375         * heap/CopiedSpaceInlines.h:
376         (JSC::CopiedSpace::recycleBorrowedBlock):
377         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
378         * heap/GCThread.cpp:
379         (JSC::GCThread::waitForNextPhase):
380         (JSC::GCThread::gcThreadMain):
381         * heap/GCThreadSharedData.cpp:
382         (JSC::GCThreadSharedData::GCThreadSharedData):
383         (JSC::GCThreadSharedData::~GCThreadSharedData):
384         (JSC::GCThreadSharedData::startNextPhase):
385         (JSC::GCThreadSharedData::endCurrentPhase):
386         (JSC::GCThreadSharedData::didStartMarking):
387         (JSC::GCThreadSharedData::didFinishMarking):
388         * heap/GCThreadSharedData.h:
389         * heap/HeapTimer.h:
390         * heap/MachineStackMarker.cpp:
391         (JSC::ActiveMachineThreadsManager::Locker::Locker):
392         (JSC::ActiveMachineThreadsManager::add):
393         (JSC::ActiveMachineThreadsManager::remove):
394         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
395         (JSC::MachineThreads::~MachineThreads):
396         (JSC::MachineThreads::addCurrentThread):
397         (JSC::MachineThreads::removeThreadIfFound):
398         (JSC::MachineThreads::tryCopyOtherThreadStack):
399         (JSC::MachineThreads::tryCopyOtherThreadStacks):
400         (JSC::MachineThreads::gatherConservativeRoots):
401         * heap/MachineStackMarker.h:
402         * heap/SlotVisitor.cpp:
403         (JSC::SlotVisitor::donateKnownParallel):
404         (JSC::SlotVisitor::drain):
405         (JSC::SlotVisitor::drainFromShared):
406         (JSC::SlotVisitor::mergeOpaqueRoots):
407         * heap/SlotVisitorInlines.h:
408         (JSC::SlotVisitor::containsOpaqueRootTriState):
409         * inspector/remote/RemoteInspectorDebuggableConnection.h:
410         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
411         (Inspector::RemoteInspectorHandleRunSourceGlobal):
412         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
413         (Inspector::RemoteInspectorInitializeGlobalQueue):
414         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
415         (Inspector::RemoteInspectorDebuggableConnection::setup):
416         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
417         (Inspector::RemoteInspectorDebuggableConnection::close):
418         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
419         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
420         * interpreter/JSStack.cpp:
421         (JSC::JSStack::JSStack):
422         (JSC::JSStack::releaseExcessCapacity):
423         (JSC::JSStack::addToCommittedByteCount):
424         (JSC::JSStack::committedByteCount):
425         (JSC::stackStatisticsMutex): Deleted.
426         (JSC::JSStack::initializeThreading): Deleted.
427         * interpreter/JSStack.h:
428         (JSC::JSStack::gatherConservativeRoots):
429         (JSC::JSStack::sanitizeStack):
430         (JSC::JSStack::size):
431         (JSC::JSStack::initializeThreading): Deleted.
432         * jit/ExecutableAllocator.cpp:
433         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
434         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
435         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
436         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
437         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
438         (JSC::DemandExecutableAllocator::allocators):
439         (JSC::DemandExecutableAllocator::allocatorsMutex):
440         * jit/JITThunks.cpp:
441         (JSC::JITThunks::ctiStub):
442         * jit/JITThunks.h:
443         * profiler/ProfilerDatabase.cpp:
444         (JSC::Profiler::Database::ensureBytecodesFor):
445         (JSC::Profiler::Database::notifyDestruction):
446         * profiler/ProfilerDatabase.h:
447         * runtime/InitializeThreading.cpp:
448         (JSC::initializeThreading):
449         * runtime/JSLock.cpp:
450         (JSC::GlobalJSLock::GlobalJSLock):
451         (JSC::GlobalJSLock::~GlobalJSLock):
452         (JSC::JSLockHolder::JSLockHolder):
453         (JSC::GlobalJSLock::initialize): Deleted.
454         * runtime/JSLock.h:
455
456 2015-08-13  Commit Queue  <commit-queue@webkit.org>
457
458         Unreviewed, rolling out r188428.
459         https://bugs.webkit.org/show_bug.cgi?id=148015
460
461         broke cmake build (Requested by alexchristensen on #webkit).
462
463         Reverted changeset:
464
465         "Move some commands from ./CMakeLists.txt to Source/cmake"
466         https://bugs.webkit.org/show_bug.cgi?id=148003
467         http://trac.webkit.org/changeset/188428
468
469 2015-08-13  Commit Queue  <commit-queue@webkit.org>
470
471         Unreviewed, rolling out r188431.
472         https://bugs.webkit.org/show_bug.cgi?id=148013
473
474         JSC headers are too hard to understand (Requested by smfr on
475         #webkit).
476
477         Reverted changeset:
478
479         "Remove a few includes from JSGlobalObject.h"
480         https://bugs.webkit.org/show_bug.cgi?id=148004
481         http://trac.webkit.org/changeset/188431
482
483 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
484
485         [JSC] Add support for GetByVal on arrays of Undecided shape
486         https://bugs.webkit.org/show_bug.cgi?id=147814
487
488         Reviewed by Filip Pizlo.
489
490         Previously, GetByVal on Array::Undecided would just take
491         the generic path. The problem is the generic path is so
492         slow that it could take a significant amount of time
493         even for unfrequent accesses.
494
495         With this patch, if the following conditions are met,
496         the GetByVal just returns a "undefined" constant:
497         -The object is an OriginalArray.
498         -The prototype chain is sane.
499         -The index is an integer.
500         -The integer is positive (runtime check).
501
502         Ideally, the 4th conditions should be removed
503         deducing a compile-time constant gives us so much better
504         opportunities at getting rid of this code.
505
506         There are two cases where this patch removes the runtime
507         check:
508         -If the index is constant (uncommon but easy)
509         -If the index is within a range known to be positive.
510          (common case and made possible with DFGIntegerRangeOptimizationPhase).
511
512         When we get into those cases, DFG just nukes everything
513         and all we have left is a structure check :)
514
515         This patch is a 14% improvement on audio-beat-detection,
516         a few percent faster here and there and no regression.
517
518         * dfg/DFGAbstractInterpreterInlines.h:
519         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
520         If the index is a positive constant, we can get rid of the GetByVal
521         entirely. :)
522
523         * dfg/DFGArrayMode.cpp:
524         (JSC::DFG::ArrayMode::fromObserved):
525         The returned type is now Array::Undecided + profiling information.
526         The useful type is set in ArrayMode::refine().
527
528         (JSC::DFG::ArrayMode::refine):
529         If we meet the particular set conditions, we speculate an Undecided
530         array type with sane chain. Anything else comes back to Generic.
531
532         (JSC::DFG::ArrayMode::originalArrayStructure):
533         To enable the structure check for Undecided array.
534
535         (JSC::DFG::ArrayMode::alreadyChecked):
536         * dfg/DFGArrayMode.h:
537         (JSC::DFG::ArrayMode::withProfile):
538         (JSC::DFG::ArrayMode::canCSEStorage):
539         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
540         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
541         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
542
543         * dfg/DFGByteCodeParser.cpp:
544         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
545         This is somewhat unrelated.
546
547         Having Array::Undecided on ArrayPush was impossible before
548         since ArrayMode::fromObserved() used to return Array::Generic.
549
550         Now that Array::Undecided is possible, we must make sure not
551         to provide it to ArrayPush since there is no code to handle it
552         properly.
553
554         * dfg/DFGClobberize.h:
555         (JSC::DFG::clobberize):
556         The operation only depends on the index, it is pure.
557
558         * dfg/DFGFixupPhase.cpp:
559         (JSC::DFG::FixupPhase::fixupNode): Deleted.
560         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
561         * dfg/DFGSpeculativeJIT.cpp:
562         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
563         (JSC::DFG::SpeculativeJIT::checkArray):
564         * dfg/DFGSpeculativeJIT32_64.cpp:
565         (JSC::DFG::SpeculativeJIT::compile):
566         * dfg/DFGSpeculativeJIT64.cpp:
567         (JSC::DFG::SpeculativeJIT::compile):
568         * ftl/FTLCapabilities.cpp:
569         (JSC::FTL::canCompile):
570         * ftl/FTLLowerDFGToLLVM.cpp:
571         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
572         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
573         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
574         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
575         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
576         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
577         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
578         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
579
580 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
581
582         Remove a few includes from JSGlobalObject.h
583         https://bugs.webkit.org/show_bug.cgi?id=148004
584
585         Reviewed by Tim Horton.
586         
587         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
588
589         * parser/VariableEnvironment.cpp:
590         * parser/VariableEnvironment.h:
591         * runtime/JSGlobalObject.h:
592         * runtime/Structure.h:
593         * runtime/StructureInlines.h:
594
595 2015-08-13  Alex Christensen  <achristensen@webkit.org>
596
597         Move some commands from ./CMakeLists.txt to Source/cmake
598         https://bugs.webkit.org/show_bug.cgi?id=148003
599
600         Reviewed by Brent Fulgham.
601
602         * CMakeLists.txt:
603         Added commands needed to build JSC by itself.
604
605 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
606
607         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
608         https://bugs.webkit.org/show_bug.cgi?id=147353
609
610         Reviewed by Saam Barati.
611
612         This is the follow-up patch after r188355.
613         It includes the following changes.
614
615         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
616         - Make SourceParseMode to C++ strongly-typed enum.
617         - Fix the comments.
618         - Rename ModuleSpecifier to ModuleName.
619         - Add the type name `ImportEntry` before the C++11 uniform initialization.
620         - Fix the thrown message for duplicate 'default' names.
621         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
622
623         * API/JSScriptRef.cpp:
624         (parseScript):
625         * builtins/BuiltinExecutables.cpp:
626         (JSC::BuiltinExecutables::createExecutableInternal):
627         * bytecode/UnlinkedFunctionExecutable.cpp:
628         (JSC::generateFunctionCodeBlock):
629         * bytecode/UnlinkedFunctionExecutable.h:
630         * bytecompiler/BytecodeGenerator.h:
631         (JSC::BytecodeGenerator::makeFunction):
632         * parser/ASTBuilder.h:
633         (JSC::ASTBuilder::createFunctionMetadata):
634         (JSC::ASTBuilder::createModuleName):
635         (JSC::ASTBuilder::createImportDeclaration):
636         (JSC::ASTBuilder::createExportAllDeclaration):
637         (JSC::ASTBuilder::createExportNamedDeclaration):
638         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
639         * parser/ModuleAnalyzer.cpp:
640         (JSC::ModuleAnalyzer::analyze):
641         * parser/NodeConstructors.h:
642         (JSC::ModuleNameNode::ModuleNameNode):
643         (JSC::ImportDeclarationNode::ImportDeclarationNode):
644         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
645         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
646         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
647         * parser/Nodes.cpp:
648         (JSC::FunctionMetadataNode::FunctionMetadataNode):
649         * parser/Nodes.h:
650         (JSC::StatementNode::isModuleDeclarationNode):
651         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
652         (JSC::ImportDeclarationNode::moduleName):
653         (JSC::ExportAllDeclarationNode::moduleName):
654         (JSC::ExportNamedDeclarationNode::moduleName):
655         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
656         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
657         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
658         * parser/NodesAnalyzeModule.cpp:
659         (JSC::SourceElements::analyzeModule):
660         (JSC::ImportDeclarationNode::analyzeModule):
661         (JSC::ExportAllDeclarationNode::analyzeModule):
662         (JSC::ExportNamedDeclarationNode::analyzeModule):
663         * parser/Parser.cpp:
664         (JSC::Parser<LexerType>::Parser):
665         (JSC::Parser<LexerType>::parseInner):
666         (JSC::Parser<LexerType>::parseModuleSourceElements):
667         (JSC::Parser<LexerType>::parseFunctionBody):
668         (JSC::stringForFunctionMode):
669         (JSC::Parser<LexerType>::parseFunctionParameters):
670         (JSC::Parser<LexerType>::parseFunctionInfo):
671         (JSC::Parser<LexerType>::parseFunctionDeclaration):
672         (JSC::Parser<LexerType>::parseClass):
673         (JSC::Parser<LexerType>::parseModuleName):
674         (JSC::Parser<LexerType>::parseImportDeclaration):
675         (JSC::Parser<LexerType>::parseExportDeclaration):
676         (JSC::Parser<LexerType>::parsePropertyMethod):
677         (JSC::Parser<LexerType>::parseGetterSetter):
678         (JSC::Parser<LexerType>::parsePrimaryExpression):
679         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
680         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
681         * parser/Parser.h:
682         (JSC::Parser<LexerType>::parse):
683         (JSC::parse):
684         * parser/ParserModes.h:
685         (JSC::isFunctionParseMode):
686         (JSC::isModuleParseMode):
687         (JSC::isProgramParseMode):
688         * parser/SyntaxChecker.h:
689         (JSC::SyntaxChecker::createFunctionMetadata):
690         (JSC::SyntaxChecker::createModuleName):
691         (JSC::SyntaxChecker::createImportDeclaration):
692         (JSC::SyntaxChecker::createExportAllDeclaration):
693         (JSC::SyntaxChecker::createExportNamedDeclaration):
694         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
695         * runtime/CodeCache.cpp:
696         (JSC::CodeCache::getGlobalCodeBlock):
697         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
698         * runtime/Completion.cpp:
699         (JSC::checkSyntax):
700         (JSC::checkModuleSyntax):
701         * runtime/Executable.cpp:
702         (JSC::ProgramExecutable::checkSyntax):
703         * tests/stress/modules-syntax-error-with-names.js:
704
705 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
706
707         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
708         https://bugs.webkit.org/show_bug.cgi?id=147966
709
710         Reviewed by Timothy Hatcher.
711
712         * inspector/InjectedScriptSource.js:
713         (InjectedScript.prototype._initialPreview):
714         Renamed to initial preview. This is not a complete preview for
715         this object, and it needs some processing in order to be a
716         complete accurate preview.
717
718         (InjectedScript.RemoteObject.prototype._emptyPreview):
719         This attempts to be an accurate empty preview for the given object.
720         For types with entries, it adds an empty entries list and updates
721         the overflow and lossless properties.
722
723         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
724         Take a generatePreview parameter to generate a full preview or empty preview.
725
726         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
727         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
728         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
729         Take care to avoid cycles.
730
731 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
732
733         Periodic code deletion should delete RegExp code
734         https://bugs.webkit.org/show_bug.cgi?id=147990
735
736         Reviewed by Filip Pizlo.
737
738         The RegExp code cache was created for the sake of simple loops that
739         re-created the same RegExps. It's reasonable to delete it periodically.
740
741         * heap/Heap.cpp:
742         (JSC::Heap::deleteOldCode):
743
744 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
745
746         RegExpCache::finalize should not delete code
747         https://bugs.webkit.org/show_bug.cgi?id=147987
748
749         Reviewed by Mark Lam.
750
751         The RegExp object already knows how to delete its own code in its
752         destructor. Our job is just to clear our stale pointer.
753
754         * runtime/RegExpCache.cpp:
755         (JSC::RegExpCache::finalize):
756         (JSC::RegExpCache::addToStrongCache):
757
758 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
759
760         Standardize on the phrase "delete code"
761         https://bugs.webkit.org/show_bug.cgi?id=147984
762
763         Reviewed by Mark Lam.
764
765         Use "delete" when we talk about throwing away code, as opposed to
766         "invalidate" or "discard".
767
768         * debugger/Debugger.cpp:
769         (JSC::Debugger::forEachCodeBlock):
770         (JSC::Debugger::setSteppingMode):
771         (JSC::Debugger::recompileAllJSFunctions):
772         * heap/Heap.cpp:
773         (JSC::Heap::deleteAllCompiledCode):
774         * inspector/agents/InspectorRuntimeAgent.cpp:
775         (Inspector::recompileAllJSFunctionsForTypeProfiling):
776         * runtime/RegExp.cpp:
777         (JSC::RegExp::match):
778         (JSC::RegExp::deleteCode):
779         (JSC::RegExp::invalidateCode): Deleted.
780         * runtime/RegExp.h:
781         * runtime/RegExpCache.cpp:
782         (JSC::RegExpCache::finalize):
783         (JSC::RegExpCache::addToStrongCache):
784         (JSC::RegExpCache::deleteAllCode):
785         (JSC::RegExpCache::invalidateCode): Deleted.
786         * runtime/RegExpCache.h:
787         * runtime/VM.cpp:
788         (JSC::VM::stopSampling):
789         (JSC::VM::prepareToDeleteCode):
790         (JSC::VM::deleteAllCode):
791         (JSC::VM::setEnabledProfiler):
792         (JSC::VM::prepareToDiscardCode): Deleted.
793         (JSC::VM::discardAllCode): Deleted.
794         * runtime/VM.h:
795         (JSC::VM::apiLock):
796         (JSC::VM::codeCache):
797         * runtime/Watchdog.cpp:
798         (JSC::Watchdog::setTimeLimit):
799
800 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
801
802         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
803         https://bugs.webkit.org/show_bug.cgi?id=147930
804
805         Reviewed by Saam Barati.
806
807         When the passed prototype object to be set is the same to the existing
808         prototype object, [[SetPrototypeOf]] just finishes its operation even
809         if the extensibility of the target object is `false`.
810
811         * runtime/JSGlobalObjectFunctions.cpp:
812         (JSC::globalFuncProtoSetter):
813         * runtime/ObjectConstructor.cpp:
814         (JSC::objectConstructorSetPrototypeOf):
815         * runtime/ReflectObject.cpp:
816         (JSC::reflectObjectSetPrototypeOf):
817         * tests/stress/set-same-prototype.js: Added.
818         (shouldBe):
819         (shouldThrow):
820
821 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
822
823         Removed clearEvalCodeCache()
824         https://bugs.webkit.org/show_bug.cgi?id=147957
825
826         Reviewed by Filip Pizlo.
827
828         It was unused.
829
830         * bytecode/CodeBlock.cpp:
831         (JSC::CodeBlock::linkIncomingCall):
832         (JSC::CodeBlock::install):
833         (JSC::CodeBlock::clearEvalCache): Deleted.
834         * bytecode/CodeBlock.h:
835         (JSC::CodeBlock::numberOfJumpTargets):
836         (JSC::CodeBlock::jumpTarget):
837         (JSC::CodeBlock::numberOfArgumentValueProfiles):
838
839 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
840
841         [ES6] Implement Reflect.defineProperty
842         https://bugs.webkit.org/show_bug.cgi?id=147943
843
844         Reviewed by Saam Barati.
845
846         This patch implements Reflect.defineProperty.
847         The difference from the Object.defineProperty is,
848
849         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
850         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
851         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
852
853         And this patch comments the links to the ES6 spec.
854
855         * builtins/ReflectObject.js:
856         * runtime/ObjectConstructor.cpp:
857         (JSC::toPropertyDescriptor):
858         * runtime/ObjectConstructor.h:
859         * runtime/ReflectObject.cpp:
860         (JSC::reflectObjectDefineProperty):
861         * tests/stress/reflect-define-property.js: Added.
862         (shouldBe):
863         (shouldThrow):
864         (.set getter):
865         (setter):
866         (.get testDescriptor):
867         (.set get var):
868         (.set testDescriptor):
869         (.set get testDescriptor):
870         (.set get shouldThrow):
871         (.get var):
872
873 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
874
875         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
876         https://bugs.webkit.org/show_bug.cgi?id=147950
877
878         Reviewed by Michael Saboff.
879
880         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
881         responsible for memory corruption, since it would sometimes install watchpoints on structures that
882         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
883         entirely since later phases also do constant folding, and they do it without introducing the bug.
884         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
885         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
886         be maximally aggressive in constant-folding whenever possible.
887
888         So, this change now brings back that constant folding rule - for loads from object constants that
889         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
890         tryGetConstantProperty() if we have registered the structure set.
891
892         * dfg/DFGByteCodeParser.cpp:
893         (JSC::DFG::ByteCodeParser::load):
894
895 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
896
897         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
898         https://bugs.webkit.org/show_bug.cgi?id=147353
899
900         Reviewed by Geoffrey Garen.
901
902         This patch implements ModuleRecord and ModuleAnalyzer.
903         ModuleAnalyzer analyzes the produced AST from the parser.
904         By collaborating with the parser, ModuleAnalyzer collects the information
905         that is necessary to request the loading for the dependent modules and
906         construct module's environment and namespace object before executing the actual
907         module body.
908
909         In the parser, we annotate which variable is imported binding and which variable
910         is exported from the current module. This information is leveraged in the ModuleAnalyzer
911         to categorize the export entries.
912
913         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
914         instead of introducing a new TreeContext type. This is because only 2 users use the
915         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
916         enough to switch the context to the SyntaxChecker when parsing the non-module related
917         statement in the preparsing phase.
918
919         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
920         into the JSC shell. By specifying this, the result of analysis is dumped when the module
921         is parsed and analyzed.
922
923         * CMakeLists.txt:
924         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
925         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
926         * JavaScriptCore.xcodeproj/project.pbxproj:
927         * builtins/BuiltinNames.h:
928         * parser/ASTBuilder.h:
929         (JSC::ASTBuilder::createExportDefaultDeclaration):
930         * parser/ModuleAnalyzer.cpp: Added.
931         (JSC::ModuleAnalyzer::ModuleAnalyzer):
932         (JSC::ModuleAnalyzer::exportedBinding):
933         (JSC::ModuleAnalyzer::declareExportAlias):
934         (JSC::ModuleAnalyzer::exportVariable):
935         (JSC::ModuleAnalyzer::analyze):
936         * parser/ModuleAnalyzer.h: Added.
937         (JSC::ModuleAnalyzer::vm):
938         (JSC::ModuleAnalyzer::moduleRecord):
939         * parser/ModuleRecord.cpp: Added.
940         (JSC::printableName):
941         (JSC::ModuleRecord::dump):
942         * parser/ModuleRecord.h: Added.
943         (JSC::ModuleRecord::ImportEntry::isNamespace):
944         (JSC::ModuleRecord::create):
945         (JSC::ModuleRecord::appendRequestedModule):
946         (JSC::ModuleRecord::addImportEntry):
947         (JSC::ModuleRecord::addExportEntry):
948         (JSC::ModuleRecord::addStarExportEntry):
949         * parser/NodeConstructors.h:
950         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
951         (JSC::ImportDeclarationNode::ImportDeclarationNode):
952         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
953         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
954         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
955         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
956         * parser/Nodes.h:
957         (JSC::ExportDefaultDeclarationNode::localName):
958         * parser/NodesAnalyzeModule.cpp: Added.
959         (JSC::ScopeNode::analyzeModule):
960         (JSC::SourceElements::analyzeModule):
961         (JSC::ImportDeclarationNode::analyzeModule):
962         (JSC::ExportAllDeclarationNode::analyzeModule):
963         (JSC::ExportDefaultDeclarationNode::analyzeModule):
964         (JSC::ExportLocalDeclarationNode::analyzeModule):
965         (JSC::ExportNamedDeclarationNode::analyzeModule):
966         * parser/Parser.cpp:
967         (JSC::Parser<LexerType>::parseInner):
968         (JSC::Parser<LexerType>::parseModuleSourceElements):
969         (JSC::Parser<LexerType>::parseVariableDeclarationList):
970         (JSC::Parser<LexerType>::createBindingPattern):
971         (JSC::Parser<LexerType>::parseFunctionDeclaration):
972         (JSC::Parser<LexerType>::parseClassDeclaration):
973         (JSC::Parser<LexerType>::parseImportClauseItem):
974         (JSC::Parser<LexerType>::parseExportSpecifier):
975         (JSC::Parser<LexerType>::parseExportDeclaration):
976         * parser/Parser.h:
977         (JSC::Scope::lexicalVariables):
978         (JSC::Scope::declareLexicalVariable):
979         (JSC::Parser::declareVariable):
980         (JSC::Parser::exportName):
981         (JSC::Parser<LexerType>::parse):
982         (JSC::parse):
983         * parser/ParserModes.h:
984         * parser/SyntaxChecker.h:
985         (JSC::SyntaxChecker::createExportDefaultDeclaration):
986         * parser/VariableEnvironment.cpp:
987         (JSC::VariableEnvironment::markVariableAsImported):
988         (JSC::VariableEnvironment::markVariableAsExported):
989         * parser/VariableEnvironment.h:
990         (JSC::VariableEnvironmentEntry::isExported):
991         (JSC::VariableEnvironmentEntry::isImported):
992         (JSC::VariableEnvironmentEntry::setIsExported):
993         (JSC::VariableEnvironmentEntry::setIsImported):
994         * runtime/CommonIdentifiers.h:
995         * runtime/Completion.cpp:
996         (JSC::checkModuleSyntax):
997         * runtime/Options.h:
998
999 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
1000
1001         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
1002
1003         * jit/ExecutableAllocator.h:
1004         * jsc.cpp:
1005         (GlobalObject::finishCreation):
1006         (functionAddressOf):
1007         (functionVersion):
1008         (functionReleaseExecutableMemory): Deleted.
1009         * runtime/VM.cpp:
1010         (JSC::StackPreservingRecompiler::operator()):
1011         (JSC::VM::throwException):
1012         (JSC::VM::updateFTLLargestStackSize):
1013         (JSC::VM::gatherConservativeRoots):
1014         (JSC::VM::releaseExecutableMemory): Deleted.
1015         (JSC::releaseExecutableMemory): Deleted.
1016         * runtime/VM.h:
1017         (JSC::VM::isCollectorBusy):
1018         * runtime/Watchdog.cpp:
1019         (JSC::Watchdog::setTimeLimit):
1020
1021 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
1022
1023         Roll out r188339, which broke the build.
1024
1025         Unreviewed.
1026
1027         * jit/ExecutableAllocator.h:
1028         * jsc.cpp:
1029         (GlobalObject::finishCreation):
1030         (functionReleaseExecutableMemory):
1031         * runtime/VM.cpp:
1032         (JSC::StackPreservingRecompiler::visit):
1033         (JSC::StackPreservingRecompiler::operator()):
1034         (JSC::VM::releaseExecutableMemory):
1035         (JSC::releaseExecutableMemory):
1036         * runtime/VM.h:
1037         * runtime/Watchdog.cpp:
1038         (JSC::Watchdog::setTimeLimit):
1039
1040 2015-08-12  Alex Christensen  <achristensen@webkit.org>
1041
1042         Fix Debug CMake builds on Windows
1043         https://bugs.webkit.org/show_bug.cgi?id=147940
1044
1045         Reviewed by Chris Dumez.
1046
1047         * PlatformWin.cmake:
1048         Copy the plist to the JavaScriptCore.resources directory.
1049
1050 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
1051
1052         Remove VM::releaseExecutableMemory
1053         https://bugs.webkit.org/show_bug.cgi?id=147915
1054
1055         Reviewed by Saam Barati.
1056
1057         releaseExecutableMemory() was only used in one place, where discardAllCode()
1058         would work just as well.
1059
1060         It's confusing to have two slightly different ways to discard code. Also,
1061         releaseExecutableMemory() is unused in any production code, and it seems
1062         to have bit-rotted.
1063
1064         * jit/ExecutableAllocator.h:
1065         * jsc.cpp:
1066         (GlobalObject::finishCreation):
1067         (functionAddressOf):
1068         (functionVersion):
1069         (functionReleaseExecutableMemory): Deleted.
1070         * runtime/VM.cpp:
1071         (JSC::StackPreservingRecompiler::operator()):
1072         (JSC::VM::throwException):
1073         (JSC::VM::updateFTLLargestStackSize):
1074         (JSC::VM::gatherConservativeRoots):
1075         (JSC::VM::releaseExecutableMemory): Deleted.
1076         (JSC::releaseExecutableMemory): Deleted.
1077         * runtime/VM.h:
1078         (JSC::VM::isCollectorBusy):
1079         * runtime/Watchdog.cpp:
1080         (JSC::Watchdog::setTimeLimit):
1081
1082 2015-08-12  Mark Lam  <mark.lam@apple.com>
1083
1084         Add a JSC option to enable the watchdog for testing.
1085         https://bugs.webkit.org/show_bug.cgi?id=147939
1086
1087         Reviewed by Michael Saboff.
1088
1089         * API/JSContextRef.cpp:
1090         (JSContextGroupSetExecutionTimeLimit):
1091         (createWatchdogIfNeeded): Deleted.
1092         * runtime/Options.h:
1093         * runtime/VM.cpp:
1094         (JSC::VM::VM):
1095         (JSC::VM::~VM):
1096         (JSC::VM::sharedInstanceInternal):
1097         (JSC::VM::ensureWatchdog):
1098         (JSC::thunkGeneratorForIntrinsic):
1099         * runtime/VM.h:
1100
1101 2015-08-11  Mark Lam  <mark.lam@apple.com>
1102
1103         Implementation JavaScript watchdog using WTF::WorkQueue.
1104         https://bugs.webkit.org/show_bug.cgi?id=147107
1105
1106         Reviewed by Geoffrey Garen.
1107
1108         How the Watchdog works?
1109         ======================
1110
1111         1. When do we start the Watchdog?
1112            =============================
1113            The watchdog should only be started if both the following conditions are true:
1114            1. A time limit has been set.
1115            2. We have entered the VM.
1116  
1117         2. CPU time vs Wall Clock time
1118            ===========================
1119            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
1120
1121            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
1122            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
1123            indicates the wall clock time point when the WorkQueue timer is expected to fire.
1124
1125            The time limit for which we allow JS code to run should be measured in CPU time, which can
1126            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
1127            should fire.
1128
1129            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
1130            we need to check if m_cpuDeadline has been reached.
1131
1132            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
1133
1134            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
1135            code to continue to run for.  Hence, we need to start a new timer to fire again after
1136            Tremainder microseconds.
1137     
1138            See Watchdog::didFireSlow().
1139
1140         3. Spurious wake ups
1141            =================
1142            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
1143            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
1144            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
1145            wake ups are considered to be spurious and will be ignored.
1146  
1147            See Watchdog::didFireSlow().
1148  
1149         4. Minimizing Timer creation cost
1150            ==============================
1151            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
1152            than this.
1153  
1154            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
1155            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
1156            time limit. Consider the following example:
1157  
1158                |---|-----|---|----------------|---------|
1159                t0  t1    t2  t3            t0 + L    t2 + L 
1160
1161                |<--- T1 --------------------->|
1162                          |<--- T2 --------------------->|
1163                |<-- Td ->|                    |<-- Td ->|
1164
1165            1. The user initializes the watchdog with time limit L.
1166            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
1167               The timer is set to expire at t0 + L.
1168            3. At t1, we exit the VM.
1169            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
1170          
1171               However, we can note that the expiration time for T2 would be after the expiration time
1172               of T1. Specifically, T2 would have expired at Td after T1 expires.
1173          
1174               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
1175               for a period or Td instead.
1176
1177            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
1178            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
1179            automatically take care of starting a new timer for the difference Td in the example above.
1180            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
1181            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
1182
1183            The benefit:
1184
1185            1. we minimize the number of timer instances we have queued in the workqueue at the same time
1186               (ideally only 1 or 0), and use less peak memory usage.
1187
1188            2. we minimize the frequency of instantiating timer instances. By waiting for the current
1189               active timer to expire first, on average, we get to start one timer per time limit
1190               (which is infrequent because time limits tend to be long) instead of one timer per
1191               VM entry (which tends to be frequent).
1192
1193            See Watchdog::startTimer().
1194
1195         * API/JSContextRef.cpp:
1196         (createWatchdogIfNeeded):
1197         (JSContextGroupClearExecutionTimeLimit):
1198         - No need to create the watchdog (if not already created) just to clear it.
1199           If the watchdog is not created yet, then it is effectively cleared.
1200
1201         * API/tests/ExecutionTimeLimitTest.cpp:
1202         (currentCPUTimeAsJSFunctionCallback):
1203         (testExecutionTimeLimit):
1204         (currentCPUTime): Deleted.
1205         * API/tests/testapi.c:
1206         (main):
1207         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1208         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
1209         - Enable watchdog tests for all platforms.
1210
1211         * CMakeLists.txt:
1212         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1213         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1214         * JavaScriptCore.xcodeproj/project.pbxproj:
1215         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
1216
1217         * PlatformEfl.cmake:
1218
1219         * dfg/DFGByteCodeParser.cpp:
1220         (JSC::DFG::ByteCodeParser::parseBlock):
1221         * dfg/DFGSpeculativeJIT32_64.cpp:
1222         * dfg/DFGSpeculativeJIT64.cpp:
1223         * interpreter/Interpreter.cpp:
1224         (JSC::Interpreter::execute):
1225         (JSC::Interpreter::executeCall):
1226         (JSC::Interpreter::executeConstruct):
1227         * jit/JITOpcodes.cpp:
1228         (JSC::JIT::emit_op_loop_hint):
1229         (JSC::JIT::emitSlow_op_loop_hint):
1230         * jit/JITOperations.cpp:
1231         * llint/LLIntOffsetsExtractor.cpp:
1232         * llint/LLIntSlowPaths.cpp:
1233         * runtime/VM.cpp:
1234         - #include Watchdog.h in these files directly instead of doing it via VM.h.
1235           These saves us from having to recompile the world when we change Watchdog.h.
1236
1237         * runtime/VM.h:
1238         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
1239           thread-safe ref counted.
1240
1241         * runtime/VMEntryScope.cpp:
1242         (JSC::VMEntryScope::VMEntryScope):
1243         (JSC::VMEntryScope::~VMEntryScope):
1244         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
1245           Instead, the VMEntryScope will inform the watchdog of when we have entered and
1246           exited the VM.
1247
1248         * runtime/Watchdog.cpp:
1249         (JSC::currentWallClockTime):
1250         (JSC::Watchdog::Watchdog):
1251         (JSC::Watchdog::hasStartedTimer):
1252         (JSC::Watchdog::setTimeLimit):
1253         (JSC::Watchdog::didFireSlow):
1254         (JSC::Watchdog::hasTimeLimit):
1255         (JSC::Watchdog::fire):
1256         (JSC::Watchdog::enteredVM):
1257         (JSC::Watchdog::exitedVM):
1258
1259         (JSC::Watchdog::startTimer):
1260         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
1261           (from a different thread) even after the VM shuts down.  We need to keep it
1262           alive until the WorkQueue callback completes.
1263
1264           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
1265           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
1266           is done with it.  This ensures that the Watchdog is kept alive until all
1267           WorkQueue callbacks are done.
1268
1269         (JSC::Watchdog::stopTimer):
1270         (JSC::Watchdog::~Watchdog): Deleted.
1271         (JSC::Watchdog::didFire): Deleted.
1272         (JSC::Watchdog::isEnabled): Deleted.
1273         (JSC::Watchdog::arm): Deleted.
1274         (JSC::Watchdog::disarm): Deleted.
1275         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
1276         (JSC::Watchdog::startCountdown): Deleted.
1277         (JSC::Watchdog::stopCountdown): Deleted.
1278         * runtime/Watchdog.h:
1279         (JSC::Watchdog::didFire):
1280         (JSC::Watchdog::timerDidFireAddress):
1281         (JSC::Watchdog::isArmed): Deleted.
1282         (JSC::Watchdog::Scope::Scope): Deleted.
1283         (JSC::Watchdog::Scope::~Scope): Deleted.
1284         * runtime/WatchdogMac.cpp:
1285         (JSC::Watchdog::initTimer): Deleted.
1286         (JSC::Watchdog::destroyTimer): Deleted.
1287         (JSC::Watchdog::startTimer): Deleted.
1288         (JSC::Watchdog::stopTimer): Deleted.
1289         * runtime/WatchdogNone.cpp:
1290         (JSC::Watchdog::initTimer): Deleted.
1291         (JSC::Watchdog::destroyTimer): Deleted.
1292         (JSC::Watchdog::startTimer): Deleted.
1293         (JSC::Watchdog::stopTimer): Deleted.
1294
1295 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1296
1297         Always use a byte-sized lock implementation
1298         https://bugs.webkit.org/show_bug.cgi?id=147908
1299
1300         Reviewed by Geoffrey Garen.
1301
1302         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
1303
1304 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
1305
1306         Make ASan build not depend on asan.xcconfig
1307         https://bugs.webkit.org/show_bug.cgi?id=147840
1308         rdar://problem/21093702
1309
1310         Reviewed by Daniel Bates.
1311
1312         * dfg/DFGOSREntry.cpp:
1313         (JSC::DFG::OSREntryData::dump):
1314         (JSC::DFG::prepareOSREntry):
1315         * ftl/FTLOSREntry.cpp:
1316         (JSC::FTL::prepareOSREntry):
1317         * heap/ConservativeRoots.cpp:
1318         (JSC::ConservativeRoots::genericAddPointer):
1319         (JSC::ConservativeRoots::genericAddSpan):
1320         * heap/MachineStackMarker.cpp:
1321         (JSC::MachineThreads::removeThreadIfFound):
1322         (JSC::MachineThreads::gatherFromCurrentThread):
1323         (JSC::MachineThreads::Thread::captureStack):
1324         (JSC::copyMemory):
1325         * interpreter/Register.h:
1326         (JSC::Register::operator=):
1327         (JSC::Register::asanUnsafeJSValue):
1328         (JSC::Register::jsValue):
1329
1330 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1331
1332         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1333         https://bugs.webkit.org/show_bug.cgi?id=147480
1334
1335         Reviewed by Filip Pizlo.
1336
1337         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1338         The IC site only caches one id. After checking that the given id is the same to the
1339         cached one, we perform the get_by_id IC onto it.
1340         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1341         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1342         operations when the given get_by_val leverages the property load with the cached id.
1343
1344         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1345         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1346         This can be leveraged to optimize symbol operations in DFG.
1347
1348         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1349         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1350         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1351         argument ArrayProfile* in the operations with ByValInfo*.
1352
1353         * bytecode/ByValInfo.h:
1354         (JSC::ByValInfo::ByValInfo):
1355         * bytecode/CodeBlock.cpp:
1356         (JSC::CodeBlock::getByValInfoMap):
1357         (JSC::CodeBlock::addByValInfo):
1358         * bytecode/CodeBlock.h:
1359         (JSC::CodeBlock::getByValInfo): Deleted.
1360         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1361         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1362         (JSC::CodeBlock::byValInfo): Deleted.
1363         * bytecode/ExitKind.cpp:
1364         (JSC::exitKindToString):
1365         * bytecode/ExitKind.h:
1366         * bytecode/GetByIdStatus.cpp:
1367         (JSC::GetByIdStatus::computeFor):
1368         (JSC::GetByIdStatus::computeForStubInfo):
1369         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1370         * bytecode/GetByIdStatus.h:
1371         * dfg/DFGAbstractInterpreterInlines.h:
1372         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1373         * dfg/DFGByteCodeParser.cpp:
1374         (JSC::DFG::ByteCodeParser::parseBlock):
1375         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1376         * dfg/DFGClobberize.h:
1377         (JSC::DFG::clobberize):
1378         * dfg/DFGConstantFoldingPhase.cpp:
1379         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1380         * dfg/DFGDoesGC.cpp:
1381         (JSC::DFG::doesGC):
1382         * dfg/DFGFixupPhase.cpp:
1383         (JSC::DFG::FixupPhase::fixupNode):
1384         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1385         * dfg/DFGNode.h:
1386         (JSC::DFG::Node::hasUidOperand):
1387         (JSC::DFG::Node::uidOperand):
1388         * dfg/DFGNodeType.h:
1389         * dfg/DFGPredictionPropagationPhase.cpp:
1390         (JSC::DFG::PredictionPropagationPhase::propagate):
1391         * dfg/DFGSafeToExecute.h:
1392         (JSC::DFG::SafeToExecuteEdge::operator()):
1393         (JSC::DFG::safeToExecute):
1394         * dfg/DFGSpeculativeJIT.cpp:
1395         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1396         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1397         (JSC::DFG::SpeculativeJIT::speculate):
1398         * dfg/DFGSpeculativeJIT.h:
1399         * dfg/DFGSpeculativeJIT32_64.cpp:
1400         (JSC::DFG::SpeculativeJIT::compile):
1401         * dfg/DFGSpeculativeJIT64.cpp:
1402         (JSC::DFG::SpeculativeJIT::compile):
1403         * dfg/DFGUseKind.cpp:
1404         (WTF::printInternal):
1405         * dfg/DFGUseKind.h:
1406         (JSC::DFG::typeFilterFor):
1407         (JSC::DFG::isCell):
1408         * ftl/FTLAbstractHeapRepository.h:
1409         * ftl/FTLCapabilities.cpp:
1410         (JSC::FTL::canCompile):
1411         * ftl/FTLLowerDFGToLLVM.cpp:
1412         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1413         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1414         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1415         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1416         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1417         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1418         * jit/JIT.cpp:
1419         (JSC::JIT::privateCompile):
1420         * jit/JIT.h:
1421         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1422         (JSC::JIT::compileGetByValWithCachedId):
1423         * jit/JITInlines.h:
1424         (JSC::JIT::callOperation):
1425         * jit/JITOpcodes.cpp:
1426         (JSC::JIT::emit_op_has_indexed_property):
1427         (JSC::JIT::emitSlow_op_has_indexed_property):
1428         * jit/JITOpcodes32_64.cpp:
1429         (JSC::JIT::emit_op_has_indexed_property):
1430         (JSC::JIT::emitSlow_op_has_indexed_property):
1431         * jit/JITOperations.cpp:
1432         (JSC::getByVal):
1433         * jit/JITOperations.h:
1434         * jit/JITPropertyAccess.cpp:
1435         (JSC::JIT::emit_op_get_by_val):
1436         (JSC::JIT::emitGetByValWithCachedId):
1437         (JSC::JIT::emitSlow_op_get_by_val):
1438         (JSC::JIT::emit_op_put_by_val):
1439         (JSC::JIT::emitSlow_op_put_by_val):
1440         (JSC::JIT::privateCompileGetByVal):
1441         (JSC::JIT::privateCompileGetByValWithCachedId):
1442         * jit/JITPropertyAccess32_64.cpp:
1443         (JSC::JIT::emit_op_get_by_val):
1444         (JSC::JIT::emitGetByValWithCachedId):
1445         (JSC::JIT::emitSlow_op_get_by_val):
1446         (JSC::JIT::emit_op_put_by_val):
1447         (JSC::JIT::emitSlow_op_put_by_val):
1448         * runtime/Symbol.h:
1449         * tests/stress/get-by-val-with-string-constructor.js: Added.
1450         (Hello):
1451         (get Hello.prototype.generate):
1452         (ok):
1453         * tests/stress/get-by-val-with-string-exit.js: Added.
1454         (shouldBe):
1455         (getByVal):
1456         (getStr1):
1457         (getStr2):
1458         * tests/stress/get-by-val-with-string-generated.js: Added.
1459         (shouldBe):
1460         (getByVal):
1461         (getStr1):
1462         (getStr2):
1463         * tests/stress/get-by-val-with-string-getter.js: Added.
1464         (object.get hello):
1465         (ok):
1466         * tests/stress/get-by-val-with-string.js: Added.
1467         (shouldBe):
1468         (getByVal):
1469         (getStr1):
1470         (getStr2):
1471         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1472         (Hello):
1473         (get Hello.prototype.generate):
1474         (ok):
1475         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1476         (shouldBe):
1477         (getByVal):
1478         (getSym1):
1479         (getSym2):
1480         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1481         (object.get hello):
1482         (.get ok):
1483         * tests/stress/get-by-val-with-symbol.js: Added.
1484         (shouldBe):
1485         (getByVal):
1486         (getSym1):
1487         (getSym2):
1488
1489 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1490
1491         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
1492         https://bugs.webkit.org/show_bug.cgi?id=147891
1493         rdar://problem/22129447
1494
1495         Reviewed by Mark Lam.
1496
1497         * dfg/DFGByteCodeParser.cpp:
1498         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
1499         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
1500         * dfg/DFGGraph.cpp:
1501         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
1502         * dfg/DFGStructureRegistrationPhase.cpp:
1503         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
1504
1505 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1506
1507         [Win] Switch Windows build to Visual Studio 2015
1508         https://bugs.webkit.org/show_bug.cgi?id=147887
1509         <rdar://problem/22235098>
1510
1511         Reviewed by Alex Christensen.
1512
1513         Update Visual Studio project file settings to use the current Visual
1514         Studio and compiler. Continue targeting binaries to run on our minimum
1515         supported configuration of Windows 7.
1516
1517         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1518         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1519         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1520         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1521         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1522         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1523         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1524         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
1525         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1526         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1527         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1528         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1529
1530 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
1531
1532         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
1533         https://bugs.webkit.org/show_bug.cgi?id=147665
1534
1535         Reviewed by Mark Lam.
1536
1537         Replace ByteSpinLock with ByteLock.
1538
1539         * runtime/ConcurrentJITLock.h:
1540
1541 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1542
1543         Numeric setter on prototype doesn't get called.
1544         https://bugs.webkit.org/show_bug.cgi?id=144252
1545
1546         Reviewed by Darin Adler.
1547
1548         When switching the blank indexing type to the other one in putByIndex,
1549         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
1550         it to the slow put indexing type and reloop the putByIndex since there may
1551         be some indexing accessor in the prototype chain. Previously, we just set
1552         the value into the allocated vector.
1553
1554         In the putDirectIndex case, we just store the value to the vector.
1555         This is because putDirectIndex is the operation to store the own property
1556         and it does not check the accessors in the prototype chain.
1557
1558         * runtime/JSObject.cpp:
1559         (JSC::JSObject::putByIndexBeyondVectorLength):
1560         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
1561         (shouldBe):
1562         (Trace):
1563         (Trace.prototype.trace):
1564         (Trace.prototype.get count):
1565         (.):
1566         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
1567         (shouldBe):
1568         (Trace):
1569         (Trace.prototype.trace):
1570         (Trace.prototype.get count):
1571         (.):
1572         * tests/stress/numeric-setter-on-prototype.js: Added.
1573         (shouldBe):
1574         (Trace):
1575         (Trace.prototype.trace):
1576         (Trace.prototype.get count):
1577         (.z.__proto__.set 3):
1578         * tests/stress/numeric-setter-on-self.js: Added.
1579         (shouldBe):
1580         (Trace):
1581         (Trace.prototype.trace):
1582         (Trace.prototype.get count):
1583         (.y.set 2):
1584
1585 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1586
1587         [Win] Unreviewed gardening.
1588
1589         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
1590         file references so they appear in the proper IDE locations.
1591
1592 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1593
1594         Unreviewed windows build fix for VS2015.
1595
1596         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
1597
1598 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1599
1600         [ES6] Implement Reflect.has
1601         https://bugs.webkit.org/show_bug.cgi?id=147875
1602
1603         Reviewed by Sam Weinig.
1604
1605         This patch implements Reflect.has[1].
1606         Since the semantics is the same to the `in` operator in the JS[2],
1607         we can implement it in builtin JS code.
1608
1609         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1610         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1611
1612         * builtins/ReflectObject.js:
1613         (has):
1614         * runtime/ReflectObject.cpp:
1615         * tests/stress/reflect-has.js: Added.
1616         (shouldBe):
1617         (shouldThrow):
1618
1619 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1620
1621         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1622         https://bugs.webkit.org/show_bug.cgi?id=147874
1623
1624         Reviewed by Darin Adler.
1625
1626         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1627         The difference from the Object.* one is
1628
1629         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1630         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1631
1632         * runtime/ObjectConstructor.cpp:
1633         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1634         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1635         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1636         (JSC::objectConstructorGetPrototypeOf):
1637         * runtime/ObjectConstructor.h:
1638         * runtime/ReflectObject.cpp:
1639         (JSC::reflectObjectGetPrototypeOf):
1640         (JSC::reflectObjectSetPrototypeOf):
1641         * tests/stress/reflect-get-prototype-of.js: Added.
1642         (shouldBe):
1643         (shouldThrow):
1644         (Base):
1645         (Derived):
1646         * tests/stress/reflect-set-prototype-of.js: Added.
1647         (shouldBe):
1648         (shouldThrow):
1649
1650 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1651
1652         Fix debug build when optimization is enabled
1653         https://bugs.webkit.org/show_bug.cgi?id=147816
1654
1655         Reviewed by Alexey Proskuryakov.
1656
1657         * llint/LLIntEntrypoint.cpp:
1658         * runtime/FunctionExecutableDump.cpp:
1659
1660 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1661
1662         Ensure that Reflect.enumerate does not produce the deleted keys
1663         https://bugs.webkit.org/show_bug.cgi?id=147677
1664
1665         Reviewed by Darin Adler.
1666
1667         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1668
1669         * tests/stress/reflect-enumerate.js:
1670
1671 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1672
1673         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1674         https://bugs.webkit.org/show_bug.cgi?id=147856
1675
1676         Reviewed by Saam Barati.
1677
1678         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1679
1680         * CMakeLists.txt:
1681         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1682         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1683         * JavaScriptCore.xcodeproj/project.pbxproj:
1684         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1685         (JSC::ExecutableInfo::ExecutableInfo):
1686         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1687         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1688         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1689         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1690         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1691         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1692         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1693         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1694         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1695         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1696         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1697         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1698         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1699         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1700         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1701         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1702         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1703         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1704         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1705         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1706         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1707         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1708         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1709         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1710         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1711         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1712         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1713         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1714         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1715         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1716         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1717         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1718         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1719         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1720         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1721         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1722         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1723         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1724         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1725         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1726         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1727         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1728         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1729         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1730         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1731         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1732         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1733         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1734         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1735         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1736         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1737         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1738         (JSC::UnlinkedCodeBlock::vm): Deleted.
1739         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1740         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1741         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1742         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1743         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1744         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1745         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1746         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1747         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1748         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1749         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1750         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1751         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1752         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1753         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1754         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1755         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1756         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1757         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1758         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1759         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1760         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1761         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1762         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1763         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1764         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1765         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1766         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1767         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1768         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1769         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1770         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1771         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1772         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1773         * bytecode/UnlinkedCodeBlock.cpp:
1774         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1775         (JSC::generateFunctionCodeBlock): Deleted.
1776         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1777         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1778         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1779         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1780         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1781         * bytecode/UnlinkedCodeBlock.h:
1782         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1783         (JSC::ExecutableInfo::needsActivation): Deleted.
1784         (JSC::ExecutableInfo::usesEval): Deleted.
1785         (JSC::ExecutableInfo::isStrictMode): Deleted.
1786         (JSC::ExecutableInfo::isConstructor): Deleted.
1787         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1788         (JSC::ExecutableInfo::constructorKind): Deleted.
1789         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1790         (JSC::generateFunctionCodeBlock):
1791         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1792         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1793         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1794         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1795         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1796         (JSC::dumpLineColumnEntry): Deleted.
1797         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1798         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1799         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1800         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1801         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1802         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1803         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1804         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1805         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1806         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1807         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1808         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1809         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1810         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1811         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1812         (JSC::ExecutableInfo::needsActivation): Deleted.
1813         (JSC::ExecutableInfo::usesEval): Deleted.
1814         (JSC::ExecutableInfo::isStrictMode): Deleted.
1815         (JSC::ExecutableInfo::isConstructor): Deleted.
1816         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1817         (JSC::ExecutableInfo::constructorKind): Deleted.
1818         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1819         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1820         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1821         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1822         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1823         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1824         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1825         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1826         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1827         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1828         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1829         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1830         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1831         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1832         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1833         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1834         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1835         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1836         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1837         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1838         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1839         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1840         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1841         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1842         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1843         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1844         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1845         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1846         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1847         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1848         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1849         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1850         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1851         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1852         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1853         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1854         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1855         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1856         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1857         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1858         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1859         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1860         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1861         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1862         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1863         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1864         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1865         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1866         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1867         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1868         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1869         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1870         (JSC::UnlinkedCodeBlock::vm): Deleted.
1871         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1872         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1873         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1874         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1875         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1876         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1877         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1878         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1879         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1880         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1881         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1882         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1883         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1884         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1885         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1886         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1887         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1888         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1889         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1890         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1891         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1892         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1893         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1894         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1895         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1896         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1897         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1898         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1899         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1900         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1901         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1902         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1903         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1904         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1905         * runtime/Executable.h:
1906
1907 2015-08-10  Mark Lam  <mark.lam@apple.com>
1908
1909         Refactor LiveObjectList and LiveObjectData into their own files.
1910         https://bugs.webkit.org/show_bug.cgi?id=147843
1911
1912         Reviewed by Saam Barati.
1913
1914         There is no behavior change in this patch.
1915
1916         * CMakeLists.txt:
1917         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1918         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1919         * JavaScriptCore.xcodeproj/project.pbxproj:
1920         * heap/HeapVerifier.cpp:
1921         (JSC::HeapVerifier::HeapVerifier):
1922         (JSC::LiveObjectList::findObject): Deleted.
1923         * heap/HeapVerifier.h:
1924         (JSC::LiveObjectData::LiveObjectData): Deleted.
1925         (JSC::LiveObjectList::LiveObjectList): Deleted.
1926         (JSC::LiveObjectList::reset): Deleted.
1927         * heap/LiveObjectData.h: Added.
1928         (JSC::LiveObjectData::LiveObjectData):
1929         * heap/LiveObjectList.cpp: Added.
1930         (JSC::LiveObjectList::findObject):
1931         * heap/LiveObjectList.h: Added.
1932         (JSC::LiveObjectList::LiveObjectList):
1933         (JSC::LiveObjectList::reset):
1934
1935 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1936
1937         Let's rename FunctionBodyNode
1938         https://bugs.webkit.org/show_bug.cgi?id=147292
1939
1940         Reviewed by Mark Lam & Saam Barati.
1941
1942         FunctionBodyNode => FunctionMetadataNode
1943
1944         Make FunctionMetadataNode inherit from Node instead of StatementNode
1945         because a FunctionMetadataNode can appear in expression context and does
1946         not have a next statement.
1947
1948         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1949         and to retain "Node" in its name, because it really is a parsing
1950         construct, and we transform its data before consuming it elsewhere.
1951
1952         There is still room for a future patch to distill and simplify the
1953         metadata we track about functions between FunDeclNode/FuncExprNode,
1954         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1955
1956         * builtins/BuiltinExecutables.cpp:
1957         (JSC::BuiltinExecutables::createExecutableInternal):
1958         * bytecode/UnlinkedCodeBlock.cpp:
1959         (JSC::generateFunctionCodeBlock):
1960         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1961         * bytecode/UnlinkedCodeBlock.h:
1962         * bytecompiler/BytecodeGenerator.cpp:
1963         (JSC::BytecodeGenerator::generate):
1964         (JSC::BytecodeGenerator::BytecodeGenerator):
1965         (JSC::BytecodeGenerator::emitNewArray):
1966         (JSC::BytecodeGenerator::emitNewFunction):
1967         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1968         * bytecompiler/BytecodeGenerator.h:
1969         (JSC::BytecodeGenerator::makeFunction):
1970         * bytecompiler/NodesCodegen.cpp:
1971         (JSC::EvalNode::emitBytecode):
1972         (JSC::FunctionNode::emitBytecode):
1973         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1974         * parser/ASTBuilder.h:
1975         (JSC::ASTBuilder::createFunctionExpr):
1976         (JSC::ASTBuilder::createFunctionBody):
1977         * parser/NodeConstructors.h:
1978         (JSC::FunctionParameters::FunctionParameters):
1979         (JSC::FuncExprNode::FuncExprNode):
1980         (JSC::FuncDeclNode::FuncDeclNode):
1981         * parser/Nodes.cpp:
1982         (JSC::EvalNode::EvalNode):
1983         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1984         (JSC::FunctionMetadataNode::finishParsing):
1985         (JSC::FunctionMetadataNode::setEndPosition):
1986         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1987         (JSC::FunctionBodyNode::finishParsing): Deleted.
1988         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1989         * parser/Nodes.h:
1990         (JSC::FuncExprNode::body):
1991         (JSC::FuncDeclNode::body):
1992         * parser/Parser.h:
1993         (JSC::Parser::isFunctionMetadataNode):
1994         (JSC::Parser::next):
1995         (JSC::Parser<LexerType>::parse):
1996         (JSC::Parser::isFunctionBodyNode): Deleted.
1997         * runtime/CodeCache.cpp:
1998         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1999         * runtime/CodeCache.h:
2000
2001 2015-08-09  Chris Dumez  <cdumez@apple.com>
2002
2003         Regression(r188105): Seems to have caused crashes during PLT on some iPads
2004         https://bugs.webkit.org/show_bug.cgi?id=147818
2005
2006         Unreviewed, roll out r188105.
2007
2008         * bytecode/ByValInfo.h:
2009         (JSC::ByValInfo::ByValInfo):
2010         * bytecode/CodeBlock.cpp:
2011         (JSC::CodeBlock::getByValInfoMap): Deleted.
2012         (JSC::CodeBlock::addByValInfo): Deleted.
2013         * bytecode/CodeBlock.h:
2014         (JSC::CodeBlock::getByValInfo):
2015         (JSC::CodeBlock::setNumberOfByValInfos):
2016         (JSC::CodeBlock::numberOfByValInfos):
2017         (JSC::CodeBlock::byValInfo):
2018         * bytecode/ExitKind.cpp:
2019         (JSC::exitKindToString): Deleted.
2020         * bytecode/ExitKind.h:
2021         * bytecode/GetByIdStatus.cpp:
2022         (JSC::GetByIdStatus::computeFor):
2023         (JSC::GetByIdStatus::computeForStubInfo):
2024         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
2025         * bytecode/GetByIdStatus.h:
2026         * dfg/DFGAbstractInterpreterInlines.h:
2027         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2028         * dfg/DFGByteCodeParser.cpp:
2029         (JSC::DFG::ByteCodeParser::parseBlock):
2030         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
2031         * dfg/DFGClobberize.h:
2032         (JSC::DFG::clobberize): Deleted.
2033         * dfg/DFGConstantFoldingPhase.cpp:
2034         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
2035         * dfg/DFGDoesGC.cpp:
2036         (JSC::DFG::doesGC): Deleted.
2037         * dfg/DFGFixupPhase.cpp:
2038         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2039         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
2040         * dfg/DFGNode.h:
2041         (JSC::DFG::Node::hasUidOperand): Deleted.
2042         (JSC::DFG::Node::uidOperand): Deleted.
2043         * dfg/DFGNodeType.h:
2044         * dfg/DFGPredictionPropagationPhase.cpp:
2045         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2046         * dfg/DFGSafeToExecute.h:
2047         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
2048         (JSC::DFG::safeToExecute): Deleted.
2049         * dfg/DFGSpeculativeJIT.cpp:
2050         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
2051         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
2052         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
2053         * dfg/DFGSpeculativeJIT.h:
2054         * dfg/DFGSpeculativeJIT32_64.cpp:
2055         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2056         * dfg/DFGSpeculativeJIT64.cpp:
2057         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2058         * dfg/DFGUseKind.cpp:
2059         (WTF::printInternal): Deleted.
2060         * dfg/DFGUseKind.h:
2061         (JSC::DFG::typeFilterFor): Deleted.
2062         (JSC::DFG::isCell): Deleted.
2063         * ftl/FTLAbstractHeapRepository.h:
2064         * ftl/FTLCapabilities.cpp:
2065         (JSC::FTL::canCompile): Deleted.
2066         * ftl/FTLLowerDFGToLLVM.cpp:
2067         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2068         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
2069         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
2070         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
2071         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
2072         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
2073         * jit/JIT.cpp:
2074         (JSC::JIT::privateCompile):
2075         * jit/JIT.h:
2076         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2077         (JSC::JIT::compileGetByValWithCachedId): Deleted.
2078         * jit/JITInlines.h:
2079         (JSC::JIT::callOperation): Deleted.
2080         * jit/JITOpcodes.cpp:
2081         (JSC::JIT::emit_op_has_indexed_property):
2082         (JSC::JIT::emitSlow_op_has_indexed_property):
2083         * jit/JITOpcodes32_64.cpp:
2084         (JSC::JIT::emit_op_has_indexed_property):
2085         (JSC::JIT::emitSlow_op_has_indexed_property):
2086         * jit/JITOperations.cpp:
2087         (JSC::getByVal):
2088         * jit/JITOperations.h:
2089         * jit/JITPropertyAccess.cpp:
2090         (JSC::JIT::emit_op_get_by_val):
2091         (JSC::JIT::emitSlow_op_get_by_val):
2092         (JSC::JIT::emit_op_put_by_val):
2093         (JSC::JIT::emitSlow_op_put_by_val):
2094         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2095         (JSC::JIT::privateCompileGetByVal): Deleted.
2096         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
2097         * jit/JITPropertyAccess32_64.cpp:
2098         (JSC::JIT::emit_op_get_by_val):
2099         (JSC::JIT::emitSlow_op_get_by_val):
2100         (JSC::JIT::emit_op_put_by_val):
2101         (JSC::JIT::emitSlow_op_put_by_val):
2102         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2103         * runtime/Symbol.h:
2104         * tests/stress/get-by-val-with-string-constructor.js: Removed.
2105         * tests/stress/get-by-val-with-string-exit.js: Removed.
2106         * tests/stress/get-by-val-with-string-generated.js: Removed.
2107         * tests/stress/get-by-val-with-string-getter.js: Removed.
2108         * tests/stress/get-by-val-with-string.js: Removed.
2109         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
2110         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
2111         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
2112         * tests/stress/get-by-val-with-symbol.js: Removed.
2113
2114 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2115
2116         Reduce uses of PassRefPtr in bindings
2117         https://bugs.webkit.org/show_bug.cgi?id=147781
2118
2119         Reviewed by Chris Dumez.
2120
2121         Use RefPtr when function can return null or an instance. If not, Ref is used.
2122
2123         * runtime/JSGenericTypedArrayView.h:
2124         (JSC::toNativeTypedView):
2125
2126 2015-08-07  Alex Christensen  <achristensen@webkit.org>
2127
2128         Build more testing binaries with CMake on Windows
2129         https://bugs.webkit.org/show_bug.cgi?id=147799
2130
2131         Reviewed by Brent Fulgham.
2132
2133         * shell/PlatformWin.cmake: Added.
2134         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
2135
2136 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
2137
2138         Lightweight locks should be adaptive
2139         https://bugs.webkit.org/show_bug.cgi?id=147545
2140
2141         Reviewed by Geoffrey Garen.
2142
2143         * dfg/DFGCommon.cpp:
2144         (JSC::DFG::startCrashing):
2145         * heap/CopiedBlock.h:
2146         (JSC::CopiedBlock::workListLock):
2147         * heap/CopiedBlockInlines.h:
2148         (JSC::CopiedBlock::shouldReportLiveBytes):
2149         (JSC::CopiedBlock::reportLiveBytes):
2150         * heap/CopiedSpace.cpp:
2151         (JSC::CopiedSpace::doneFillingBlock):
2152         * heap/CopiedSpace.h:
2153         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
2154         * heap/CopiedSpaceInlines.h:
2155         (JSC::CopiedSpace::recycleEvacuatedBlock):
2156         * heap/GCThreadSharedData.cpp:
2157         (JSC::GCThreadSharedData::didStartCopying):
2158         * heap/GCThreadSharedData.h:
2159         (JSC::GCThreadSharedData::getNextBlocksToCopy):
2160         * heap/ListableHandler.h:
2161         (JSC::ListableHandler::List::addThreadSafe):
2162         (JSC::ListableHandler::List::addNotThreadSafe):
2163         * heap/MachineStackMarker.cpp:
2164         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2165         * heap/SlotVisitorInlines.h:
2166         (JSC::SlotVisitor::copyLater):
2167         * parser/SourceProvider.cpp:
2168         (JSC::SourceProvider::~SourceProvider):
2169         (JSC::SourceProvider::getID):
2170         * profiler/ProfilerDatabase.cpp:
2171         (JSC::Profiler::Database::addDatabaseToAtExit):
2172         (JSC::Profiler::Database::removeDatabaseFromAtExit):
2173         (JSC::Profiler::Database::removeFirstAtExitDatabase):
2174         * runtime/TypeProfilerLog.h:
2175
2176 2015-08-07  Mark Lam  <mark.lam@apple.com>
2177
2178         Rename some variables in the JSC watchdog implementation.
2179         https://bugs.webkit.org/show_bug.cgi?id=147790
2180
2181         Rubber stamped by Benjamin Poulain.
2182
2183         This is just a refactoring patch to give the variable better names that describe their
2184         intended use.  There is no behavior change.
2185
2186         * runtime/Watchdog.cpp:
2187         (JSC::Watchdog::Watchdog):
2188         (JSC::Watchdog::setTimeLimit):
2189         (JSC::Watchdog::didFire):
2190         (JSC::Watchdog::isEnabled):
2191         (JSC::Watchdog::fire):
2192         (JSC::Watchdog::startCountdownIfNeeded):
2193         * runtime/Watchdog.h:
2194
2195 2015-08-07  Saam barati  <saambarati1@gmail.com>
2196
2197         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
2198         https://bugs.webkit.org/show_bug.cgi?id=147666
2199
2200         Reviewed by Geoffrey Garen.
2201
2202         If we make the bytecode generator know about every local scope it 
2203         creates, and if we give each local scope a unique register, the
2204         bytecode generator has all the information it needs to assign
2205         the correct scope to a catch handler. Because the bytecode generator
2206         knows this information, it's a better separation of responsibilties
2207         for it to set up the proper scope instead of relying on the exception
2208         handling runtime to find the scope.
2209
2210         * bytecode/BytecodeList.json:
2211         * bytecode/BytecodeUseDef.h:
2212         (JSC::computeUsesForBytecodeOffset):
2213         * bytecode/CodeBlock.cpp:
2214         (JSC::CodeBlock::dumpBytecode):
2215         (JSC::CodeBlock::CodeBlock):
2216         * bytecode/HandlerInfo.h:
2217         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
2218         (JSC::HandlerInfo::initialize):
2219         * bytecompiler/BytecodeGenerator.cpp:
2220         (JSC::BytecodeGenerator::generate):
2221         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2222         (JSC::BytecodeGenerator::emitGetScope):
2223         (JSC::BytecodeGenerator::emitPushWithScope):
2224         (JSC::BytecodeGenerator::emitGetParentScope):
2225         (JSC::BytecodeGenerator::emitPopScope):
2226         (JSC::BytecodeGenerator::emitPopWithScope):
2227         (JSC::BytecodeGenerator::allocateAndEmitScope):
2228         (JSC::BytecodeGenerator::emitComplexPopScopes):
2229         (JSC::BytecodeGenerator::pushTry):
2230         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2231         (JSC::BytecodeGenerator::localScopeDepth):
2232         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
2233         * bytecompiler/BytecodeGenerator.h:
2234         * bytecompiler/NodesCodegen.cpp:
2235         (JSC::WithNode::emitBytecode):
2236         * interpreter/Interpreter.cpp:
2237         (JSC::Interpreter::unwind):
2238         * jit/JITOpcodes.cpp:
2239         (JSC::JIT::emit_op_push_with_scope):
2240         (JSC::JIT::compileOpStrictEq):
2241         * jit/JITOpcodes32_64.cpp:
2242         (JSC::JIT::emit_op_push_with_scope):
2243         (JSC::JIT::emit_op_to_number):
2244         * jit/JITOperations.cpp:
2245         * jit/JITOperations.h:
2246         * llint/LLIntSlowPaths.cpp:
2247         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2248         * llint/LLIntSlowPaths.h:
2249         * llint/LowLevelInterpreter.asm:
2250         * runtime/CommonSlowPaths.cpp:
2251         (JSC::SLOW_PATH_DECL):
2252         * runtime/CommonSlowPaths.h:
2253         * runtime/JSScope.cpp:
2254         (JSC::JSScope::objectAtScope):
2255         (JSC::isUnscopable):
2256         (JSC::JSScope::depth): Deleted.
2257         * runtime/JSScope.h:
2258
2259 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2260
2261         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
2262         https://bugs.webkit.org/show_bug.cgi?id=147761
2263
2264         Reviewed by Mark Lam.
2265
2266         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
2267         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
2268         it truncates the immediate pointer into the 32bit immediate.
2269         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
2270
2271         * assembler/MacroAssemblerARM64.h:
2272         (JSC::MacroAssemblerARM64::patchableBranchPtr):
2273         (JSC::MacroAssemblerARM64::patchableBranch64):
2274         * assembler/MacroAssemblerX86_64.h:
2275         (JSC::MacroAssemblerX86_64::patchableBranch64):
2276         * jit/JIT.h:
2277         * jit/JITInlines.h:
2278         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
2279         * jit/JITPropertyAccess.cpp:
2280         (JSC::JIT::emit_op_get_by_val):
2281
2282 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2283
2284         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
2285         https://bugs.webkit.org/show_bug.cgi?id=147480
2286
2287         Reviewed by Filip Pizlo.
2288
2289         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
2290         The IC site only caches one id. After checking that the given id is the same to the
2291         cached one, we perform the get_by_id IC onto it.
2292         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
2293         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
2294         operations when the given get_by_val leverages the property load with the cached id.
2295
2296         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
2297         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
2298         This can be leveraged to optimize symbol operations in DFG.
2299
2300         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
2301         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
2302         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
2303         argument ArrayProfile* in the operations with ByValInfo*.
2304
2305         * bytecode/ByValInfo.h:
2306         (JSC::ByValInfo::ByValInfo):
2307         * bytecode/CodeBlock.cpp:
2308         (JSC::CodeBlock::getByValInfoMap):
2309         (JSC::CodeBlock::addByValInfo):
2310         * bytecode/CodeBlock.h:
2311         (JSC::CodeBlock::getByValInfo): Deleted.
2312         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
2313         (JSC::CodeBlock::numberOfByValInfos): Deleted.
2314         (JSC::CodeBlock::byValInfo): Deleted.
2315         * bytecode/ExitKind.cpp:
2316         (JSC::exitKindToString):
2317         * bytecode/ExitKind.h:
2318         * bytecode/GetByIdStatus.cpp:
2319         (JSC::GetByIdStatus::computeFor):
2320         (JSC::GetByIdStatus::computeForStubInfo):
2321         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2322         * bytecode/GetByIdStatus.h:
2323         * dfg/DFGAbstractInterpreterInlines.h:
2324         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2325         * dfg/DFGByteCodeParser.cpp:
2326         (JSC::DFG::ByteCodeParser::parseBlock):
2327         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2328         * dfg/DFGClobberize.h:
2329         (JSC::DFG::clobberize):
2330         * dfg/DFGConstantFoldingPhase.cpp:
2331         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2332         * dfg/DFGDoesGC.cpp:
2333         (JSC::DFG::doesGC):
2334         * dfg/DFGFixupPhase.cpp:
2335         (JSC::DFG::FixupPhase::fixupNode):
2336         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2337         * dfg/DFGNode.h:
2338         (JSC::DFG::Node::hasUidOperand):
2339         (JSC::DFG::Node::uidOperand):
2340         * dfg/DFGNodeType.h:
2341         * dfg/DFGPredictionPropagationPhase.cpp:
2342         (JSC::DFG::PredictionPropagationPhase::propagate):
2343         * dfg/DFGSafeToExecute.h:
2344         (JSC::DFG::SafeToExecuteEdge::operator()):
2345         (JSC::DFG::safeToExecute):
2346         * dfg/DFGSpeculativeJIT.cpp:
2347         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
2348         (JSC::DFG::SpeculativeJIT::speculateSymbol):
2349         (JSC::DFG::SpeculativeJIT::speculate):
2350         * dfg/DFGSpeculativeJIT.h:
2351         * dfg/DFGSpeculativeJIT32_64.cpp:
2352         (JSC::DFG::SpeculativeJIT::compile):
2353         * dfg/DFGSpeculativeJIT64.cpp:
2354         (JSC::DFG::SpeculativeJIT::compile):
2355         * dfg/DFGUseKind.cpp:
2356         (WTF::printInternal):
2357         * dfg/DFGUseKind.h:
2358         (JSC::DFG::typeFilterFor):
2359         (JSC::DFG::isCell):
2360         * ftl/FTLAbstractHeapRepository.h:
2361         * ftl/FTLCapabilities.cpp:
2362         (JSC::FTL::canCompile):
2363         * ftl/FTLLowerDFGToLLVM.cpp:
2364         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2365         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
2366         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
2367         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
2368         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
2369         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
2370         * jit/JIT.cpp:
2371         (JSC::JIT::privateCompile):
2372         * jit/JIT.h:
2373         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2374         (JSC::JIT::compileGetByValWithCachedId):
2375         * jit/JITInlines.h:
2376         (JSC::JIT::callOperation):
2377         * jit/JITOpcodes.cpp:
2378         (JSC::JIT::emit_op_has_indexed_property):
2379         (JSC::JIT::emitSlow_op_has_indexed_property):
2380         * jit/JITOpcodes32_64.cpp:
2381         (JSC::JIT::emit_op_has_indexed_property):
2382         (JSC::JIT::emitSlow_op_has_indexed_property):
2383         * jit/JITOperations.cpp:
2384         (JSC::getByVal):
2385         * jit/JITOperations.h:
2386         * jit/JITPropertyAccess.cpp:
2387         (JSC::JIT::emit_op_get_by_val):
2388         (JSC::JIT::emitGetByValWithCachedId):
2389         (JSC::JIT::emitSlow_op_get_by_val):
2390         (JSC::JIT::emit_op_put_by_val):
2391         (JSC::JIT::emitSlow_op_put_by_val):
2392         (JSC::JIT::privateCompileGetByVal):
2393         (JSC::JIT::privateCompileGetByValWithCachedId):
2394         * jit/JITPropertyAccess32_64.cpp:
2395         (JSC::JIT::emit_op_get_by_val):
2396         (JSC::JIT::emitGetByValWithCachedId):
2397         (JSC::JIT::emitSlow_op_get_by_val):
2398         (JSC::JIT::emit_op_put_by_val):
2399         (JSC::JIT::emitSlow_op_put_by_val):
2400         * runtime/Symbol.h:
2401         * tests/stress/get-by-val-with-string-constructor.js: Added.
2402         (Hello):
2403         (get Hello.prototype.generate):
2404         (ok):
2405         * tests/stress/get-by-val-with-string-exit.js: Added.
2406         (shouldBe):
2407         (getByVal):
2408         (getStr1):
2409         (getStr2):
2410         * tests/stress/get-by-val-with-string-generated.js: Added.
2411         (shouldBe):
2412         (getByVal):
2413         (getStr1):
2414         (getStr2):
2415         * tests/stress/get-by-val-with-string-getter.js: Added.
2416         (object.get hello):
2417         (ok):
2418         * tests/stress/get-by-val-with-string.js: Added.
2419         (shouldBe):
2420         (getByVal):
2421         (getStr1):
2422         (getStr2):
2423         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
2424         (Hello):
2425         (get Hello.prototype.generate):
2426         (ok):
2427         * tests/stress/get-by-val-with-symbol-exit.js: Added.
2428         (shouldBe):
2429         (getByVal):
2430         (getSym1):
2431         (getSym2):
2432         * tests/stress/get-by-val-with-symbol-getter.js: Added.
2433         (object.get hello):
2434         (.get ok):
2435         * tests/stress/get-by-val-with-symbol.js: Added.
2436         (shouldBe):
2437         (getByVal):
2438         (getSym1):
2439         (getSym2):
2440
2441 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2442
2443         Parse the entire WebAssembly modules
2444         https://bugs.webkit.org/show_bug.cgi?id=147393
2445
2446         Reviewed by Geoffrey Garen.
2447
2448         Parse the entire WebAssembly modules from files produced by pack-asmjs
2449         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
2450         parse modules whose function definition section contains only functions that
2451         have "return 0;" as their only statement. Parsing of any functions will be
2452         implemented in a subsequent patch.
2453
2454         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2455         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2456         * JavaScriptCore.xcodeproj/project.pbxproj:
2457         * wasm/JSWASMModule.cpp:
2458         (JSC::JSWASMModule::destroy):
2459         * wasm/JSWASMModule.h:
2460         (JSC::JSWASMModule::i32Constants):
2461         (JSC::JSWASMModule::f32Constants):
2462         (JSC::JSWASMModule::f64Constants):
2463         (JSC::JSWASMModule::signatures):
2464         (JSC::JSWASMModule::functionImports):
2465         (JSC::JSWASMModule::functionImportSignatures):
2466         (JSC::JSWASMModule::globalVariableTypes):
2467         (JSC::JSWASMModule::functionDeclarations):
2468         (JSC::JSWASMModule::functionPointerTables):
2469         * wasm/WASMFormat.h: Added.
2470         * wasm/WASMModuleParser.cpp:
2471         (JSC::WASMModuleParser::parse):
2472         (JSC::WASMModuleParser::parseModule):
2473         (JSC::WASMModuleParser::parseConstantPoolSection):
2474         (JSC::WASMModuleParser::parseSignatureSection):
2475         (JSC::WASMModuleParser::parseFunctionImportSection):
2476         (JSC::WASMModuleParser::parseGlobalSection):
2477         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
2478         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
2479         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
2480         (JSC::WASMModuleParser::parseFunctionDefinition):
2481         (JSC::WASMModuleParser::parseExportSection):
2482         * wasm/WASMModuleParser.h:
2483         * wasm/WASMReader.cpp:
2484         (JSC::WASMReader::readUInt32):
2485         (JSC::WASMReader::readCompactUInt32):
2486         (JSC::WASMReader::readString):
2487         (JSC::WASMReader::readType):
2488         (JSC::WASMReader::readExpressionType):
2489         (JSC::WASMReader::readExportFormat):
2490         (JSC::WASMReader::readByte):
2491         (JSC::WASMReader::readUnsignedInt32): Deleted.
2492         * wasm/WASMReader.h:
2493
2494 2015-08-06  Keith Miller  <keith_miller@apple.com>
2495
2496         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
2497         https://bugs.webkit.org/show_bug.cgi?id=147749
2498
2499         Reviewed by Filip Pizlo.
2500
2501         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
2502         thus no one calls this code.
2503
2504         * ftl/FTLLowerDFGToLLVM.cpp:
2505         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
2506
2507 2015-08-06  Keith Miller  <keith_miller@apple.com>
2508
2509         The JSONP parser incorrectly parsers -0 as +0.
2510         https://bugs.webkit.org/show_bug.cgi?id=147590
2511
2512         Reviewed by Michael Saboff.
2513
2514         In the LiteralParser we should use a double to store the accumulator for numerical tokens
2515         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
2516
2517         * runtime/LiteralParser.cpp:
2518         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
2519
2520 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
2521
2522         Structures used for tryGetConstantProperty() should be registered first
2523         https://bugs.webkit.org/show_bug.cgi?id=147750
2524
2525         Reviewed by Saam Barati and Michael Saboff.
2526
2527         * dfg/DFGGraph.cpp:
2528         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
2529         * dfg/DFGGraph.h:
2530         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
2531         * dfg/DFGStructureRegistrationPhase.cpp:
2532         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
2533         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2534         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2535         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
2536         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
2537         (JSC::DFG::performStructureRegistration):
2538
2539 2015-08-06  Keith Miller  <keith_miller@apple.com>
2540
2541         Remove UnspecifiedBoolType from JSC
2542         https://bugs.webkit.org/show_bug.cgi?id=147597
2543
2544         Reviewed by Mark Lam.
2545
2546         We were using the safe bool pattern in the code base for implicit casting to booleans.
2547         With C++11 this is no longer necessary and we can instead create an operator bool.
2548
2549         * API/JSRetainPtr.h:
2550         (JSRetainPtr::operator bool):
2551         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
2552         * dfg/DFGEdge.h:
2553         (JSC::DFG::Edge::operator bool):
2554         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
2555         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2556         * heap/Weak.h:
2557         * heap/WeakInlines.h:
2558         (JSC::bool):
2559         (JSC::UnspecifiedBoolType): Deleted.
2560
2561 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
2562
2563         [ES6] Class parser does not allow methods named set and get.
2564         https://bugs.webkit.org/show_bug.cgi?id=147150
2565
2566         Reviewed by Oliver Hunt.
2567
2568         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
2569         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
2570         so that we only treat them as such when it's followed by another token that could be a method name.
2571
2572         * parser/Parser.cpp:
2573         (JSC::Parser<LexerType>::parseClass):
2574
2575 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
2576
2577         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
2578
2579         * bytecode/SamplingTool.cpp:
2580         (JSC::SamplingTool::doRun):
2581         (JSC::SamplingTool::notifyOfScope):
2582         * bytecode/SamplingTool.h:
2583         * dfg/DFGThreadData.h:
2584         * dfg/DFGWorklist.cpp:
2585         (JSC::DFG::Worklist::~Worklist):
2586         (JSC::DFG::Worklist::isActiveForVM):
2587         (JSC::DFG::Worklist::enqueue):
2588         (JSC::DFG::Worklist::compilationState):
2589         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2590         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2591         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2592         (JSC::DFG::Worklist::visitWeakReferences):
2593         (JSC::DFG::Worklist::removeDeadPlans):
2594         (JSC::DFG::Worklist::queueLength):
2595         (JSC::DFG::Worklist::dump):
2596         (JSC::DFG::Worklist::runThread):
2597         * dfg/DFGWorklist.h:
2598         * disassembler/Disassembler.cpp:
2599         * heap/CopiedSpace.cpp:
2600         (JSC::CopiedSpace::doneFillingBlock):
2601         (JSC::CopiedSpace::doneCopying):
2602         * heap/CopiedSpace.h:
2603         * heap/CopiedSpaceInlines.h:
2604         (JSC::CopiedSpace::recycleBorrowedBlock):
2605         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2606         * heap/HeapTimer.h:
2607         * heap/MachineStackMarker.cpp:
2608         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2609         (JSC::ActiveMachineThreadsManager::add):
2610         (JSC::ActiveMachineThreadsManager::remove):
2611         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2612         (JSC::MachineThreads::~MachineThreads):
2613         (JSC::MachineThreads::addCurrentThread):
2614         (JSC::MachineThreads::removeThreadIfFound):
2615         (JSC::MachineThreads::tryCopyOtherThreadStack):
2616         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2617         (JSC::MachineThreads::gatherConservativeRoots):
2618         * heap/MachineStackMarker.h:
2619         * interpreter/JSStack.cpp:
2620         (JSC::stackStatisticsMutex):
2621         (JSC::JSStack::addToCommittedByteCount):
2622         (JSC::JSStack::committedByteCount):
2623         * jit/JITThunks.h:
2624         * profiler/ProfilerDatabase.h:
2625
2626 2015-08-05  Saam barati  <saambarati1@gmail.com>
2627
2628         Bytecodegenerator emits crappy code for returns in a lexical scope.
2629         https://bugs.webkit.org/show_bug.cgi?id=147688
2630
2631         Reviewed by Mark Lam.
2632
2633         When returning, we only need to emit complex pop scopes if we're in 
2634         a finally block. Otherwise, we can just return like normal. This saves
2635         us from inefficiently emitting unnecessary pop scopes.
2636
2637         * bytecompiler/BytecodeGenerator.h:
2638         (JSC::BytecodeGenerator::isInFinallyBlock):
2639         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2640         * bytecompiler/NodesCodegen.cpp:
2641         (JSC::ReturnNode::emitBytecode):
2642
2643 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2644
2645         Add the Intl API to the status page
2646
2647         * features.json:
2648         Andy VanWagoner landed the skeleton of the API and it is
2649         enabled by default.
2650
2651 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2652
2653         Rename Mutex to DeprecatedMutex
2654         https://bugs.webkit.org/show_bug.cgi?id=147675
2655
2656         Reviewed by Geoffrey Garen.
2657
2658         * bytecode/SamplingTool.cpp:
2659         (JSC::SamplingTool::doRun):
2660         (JSC::SamplingTool::notifyOfScope):
2661         * bytecode/SamplingTool.h:
2662         * dfg/DFGThreadData.h:
2663         * dfg/DFGWorklist.cpp:
2664         (JSC::DFG::Worklist::~Worklist):
2665         (JSC::DFG::Worklist::isActiveForVM):
2666         (JSC::DFG::Worklist::enqueue):
2667         (JSC::DFG::Worklist::compilationState):
2668         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2669         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2670         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2671         (JSC::DFG::Worklist::visitWeakReferences):
2672         (JSC::DFG::Worklist::removeDeadPlans):
2673         (JSC::DFG::Worklist::queueLength):
2674         (JSC::DFG::Worklist::dump):
2675         (JSC::DFG::Worklist::runThread):
2676         * dfg/DFGWorklist.h:
2677         * disassembler/Disassembler.cpp:
2678         * heap/CopiedSpace.cpp:
2679         (JSC::CopiedSpace::doneFillingBlock):
2680         (JSC::CopiedSpace::doneCopying):
2681         * heap/CopiedSpace.h:
2682         * heap/CopiedSpaceInlines.h:
2683         (JSC::CopiedSpace::recycleBorrowedBlock):
2684         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2685         * heap/HeapTimer.h:
2686         * heap/MachineStackMarker.cpp:
2687         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2688         (JSC::ActiveMachineThreadsManager::add):
2689         (JSC::ActiveMachineThreadsManager::remove):
2690         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2691         (JSC::MachineThreads::~MachineThreads):
2692         (JSC::MachineThreads::addCurrentThread):
2693         (JSC::MachineThreads::removeThreadIfFound):
2694         (JSC::MachineThreads::tryCopyOtherThreadStack):
2695         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2696         (JSC::MachineThreads::gatherConservativeRoots):
2697         * heap/MachineStackMarker.h:
2698         * interpreter/JSStack.cpp:
2699         (JSC::stackStatisticsMutex):
2700         (JSC::JSStack::addToCommittedByteCount):
2701         (JSC::JSStack::committedByteCount):
2702         * jit/JITThunks.h:
2703         * profiler/ProfilerDatabase.h:
2704
2705 2015-08-05  Saam barati  <saambarati1@gmail.com>
2706
2707         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2708         https://bugs.webkit.org/show_bug.cgi?id=147657
2709
2710         Reviewed by Mark Lam.
2711
2712         This kills the last of the name scope objects. Function name scopes are
2713         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2714         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2715         function name scoped variable carefully depending on if the function is in
2716         strict mode. If we're in strict mode, then we treat the variable exactly
2717         like a "const" variable. If we're not in strict mode, we can't treat
2718         this variable like like ES6 "const" because that would cause the bytecode
2719         generator to throw an exception when it shouldn't.
2720
2721         * CMakeLists.txt:
2722         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2723         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2724         * JavaScriptCore.xcodeproj/project.pbxproj:
2725         * bytecode/BytecodeList.json:
2726         * bytecode/BytecodeUseDef.h:
2727         (JSC::computeUsesForBytecodeOffset):
2728         (JSC::computeDefsForBytecodeOffset):
2729         * bytecode/CodeBlock.cpp:
2730         (JSC::CodeBlock::dumpBytecode):
2731         * bytecompiler/BytecodeGenerator.cpp:
2732         (JSC::BytecodeGenerator::BytecodeGenerator):
2733         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2734         (JSC::BytecodeGenerator::pushLexicalScope):
2735         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2736         (JSC::BytecodeGenerator::variable):
2737         (JSC::BytecodeGenerator::resolveType):
2738         (JSC::BytecodeGenerator::emitThrowTypeError):
2739         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2740         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2741         (JSC::BytecodeGenerator::emitPushCatchScope):
2742         * bytecompiler/BytecodeGenerator.h:
2743         * bytecompiler/NodesCodegen.cpp:
2744         * debugger/DebuggerScope.cpp:
2745         * dfg/DFGOperations.cpp:
2746         * interpreter/Interpreter.cpp:
2747         * jit/JIT.cpp:
2748         (JSC::JIT::privateCompileMainPass):
2749         * jit/JIT.h:
2750         * jit/JITOpcodes.cpp:
2751         (JSC::JIT::emit_op_to_string):
2752         (JSC::JIT::emit_op_catch):
2753         (JSC::JIT::emit_op_push_name_scope): Deleted.
2754         * jit/JITOpcodes32_64.cpp:
2755         (JSC::JIT::emitSlow_op_to_string):
2756         (JSC::JIT::emit_op_catch):
2757         (JSC::JIT::emit_op_push_name_scope): Deleted.
2758         * jit/JITOperations.cpp:
2759         (JSC::pushNameScope): Deleted.
2760         * llint/LLIntSlowPaths.cpp:
2761         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2762         * llint/LLIntSlowPaths.h:
2763         * llint/LowLevelInterpreter.asm:
2764         * parser/Nodes.cpp:
2765         * runtime/CommonSlowPaths.cpp:
2766         * runtime/Executable.cpp:
2767         (JSC::ScriptExecutable::newCodeBlockFor):
2768         * runtime/JSFunctionNameScope.cpp: Removed.
2769         * runtime/JSFunctionNameScope.h: Removed.
2770         * runtime/JSGlobalObject.cpp:
2771         (JSC::JSGlobalObject::init):
2772         (JSC::JSGlobalObject::visitChildren):
2773         * runtime/JSGlobalObject.h:
2774         (JSC::JSGlobalObject::withScopeStructure):
2775         (JSC::JSGlobalObject::strictEvalActivationStructure):
2776         (JSC::JSGlobalObject::activationStructure):
2777         (JSC::JSGlobalObject::directArgumentsStructure):
2778         (JSC::JSGlobalObject::scopedArgumentsStructure):
2779         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2780         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2781         * runtime/JSNameScope.cpp: Removed.
2782         * runtime/JSNameScope.h: Removed.
2783         * runtime/JSObject.cpp:
2784         (JSC::JSObject::toThis):
2785         (JSC::JSObject::seal):
2786         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2787         * runtime/JSObject.h:
2788         * runtime/JSScope.cpp:
2789         (JSC::JSScope::isCatchScope):
2790         (JSC::JSScope::isFunctionNameScopeObject):
2791         (JSC::resolveModeName):
2792         * runtime/JSScope.h:
2793         * runtime/JSSymbolTableObject.cpp:
2794         * runtime/SymbolTable.h:
2795         * runtime/VM.cpp:
2796
2797 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2798
2799         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2800         https://bugs.webkit.org/show_bug.cgi?id=147679
2801
2802         Reviewed by Timothy Hatcher.
2803
2804         Improve native iterator support for the PropertyName Iterator by
2805         allowing inspection of the internal object within the iterator
2806         and peeking of the next upcoming values of the iterator.
2807
2808         * inspector/JSInjectedScriptHost.cpp:
2809         (Inspector::JSInjectedScriptHost::subtype):
2810         (Inspector::JSInjectedScriptHost::getInternalProperties):
2811         (Inspector::JSInjectedScriptHost::iteratorEntries):
2812         * runtime/JSPropertyNameIterator.h:
2813         (JSC::JSPropertyNameIterator::iteratedValue):
2814
2815 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2816
2817         [Win] Update Apple Windows build for VS2015
2818         https://bugs.webkit.org/show_bug.cgi?id=147653
2819
2820         Reviewed by Dean Jackson.
2821
2822         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2823         Show JSC files in proper project locations in IDE.
2824
2825 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2826
2827         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2828         https://bugs.webkit.org/show_bug.cgi?id=147328
2829
2830         Reviewed by Timothy Hatcher.
2831
2832         * inspector/InjectedScriptSource.js:
2833         Use classList and classList.toString instead of className.
2834
2835 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2836
2837         [ES6] Support Module Syntax
2838         https://bugs.webkit.org/show_bug.cgi?id=147422
2839
2840         Reviewed by Saam Barati.
2841
2842         This patch introduces ES6 Modules syntax parsing part.
2843         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2844         and this patch does not include the code generator part.
2845
2846         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2847         and do not execute the body or construct the AST. And after analyzing all the dependent
2848         modules, we will parse the dependent modules next.
2849         After all analyzing part is done, we will start the second pass. In the second pass, we
2850         will parse the module, produce the AST, and execute the body.
2851         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2852         because the given module can be executed after the all dependent modules are executed. It
2853         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2854         the dependent modules' information.
2855
2856         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2857         This patch aims at just implementing the syntax parsing functionality correctly.
2858         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2859         to collect the dependent modules fast[1].
2860
2861         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2862         By using this, we can parse the given string as the module.
2863
2864         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2865
2866         * bytecompiler/NodesCodegen.cpp:
2867         (JSC::ModuleProgramNode::emitBytecode):
2868         (JSC::ImportDeclarationNode::emitBytecode):
2869         (JSC::ExportAllDeclarationNode::emitBytecode):
2870         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2871         (JSC::ExportLocalDeclarationNode::emitBytecode):
2872         (JSC::ExportNamedDeclarationNode::emitBytecode):
2873         * jsc.cpp:
2874         (GlobalObject::finishCreation):
2875         (functionCheckModuleSyntax):
2876         * parser/ASTBuilder.h:
2877         (JSC::ASTBuilder::createModuleSpecifier):
2878         (JSC::ASTBuilder::createImportSpecifier):
2879         (JSC::ASTBuilder::createImportSpecifierList):
2880         (JSC::ASTBuilder::appendImportSpecifier):
2881         (JSC::ASTBuilder::createImportDeclaration):
2882         (JSC::ASTBuilder::createExportAllDeclaration):
2883         (JSC::ASTBuilder::createExportDefaultDeclaration):
2884         (JSC::ASTBuilder::createExportLocalDeclaration):
2885         (JSC::ASTBuilder::createExportNamedDeclaration):
2886         (JSC::ASTBuilder::createExportSpecifier):
2887         (JSC::ASTBuilder::createExportSpecifierList):
2888         (JSC::ASTBuilder::appendExportSpecifier):
2889         * parser/Keywords.table:
2890         * parser/NodeConstructors.h:
2891         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2892         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2893         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2894         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2895         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2896         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2897         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2898         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2899         * parser/Nodes.cpp:
2900         (JSC::ModuleProgramNode::ModuleProgramNode):
2901         * parser/Nodes.h:
2902         (JSC::ModuleProgramNode::startColumn):
2903         (JSC::ModuleProgramNode::endColumn):
2904         (JSC::ModuleSpecifierNode::moduleName):
2905         (JSC::ImportSpecifierNode::importedName):
2906         (JSC::ImportSpecifierNode::localName):
2907         (JSC::ImportSpecifierListNode::specifiers):
2908         (JSC::ImportSpecifierListNode::append):
2909         (JSC::ImportDeclarationNode::specifierList):
2910         (JSC::ImportDeclarationNode::moduleSpecifier):
2911         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2912         (JSC::ExportDefaultDeclarationNode::declaration):
2913         (JSC::ExportLocalDeclarationNode::declaration):
2914         (JSC::ExportSpecifierNode::exportedName):
2915         (JSC::ExportSpecifierNode::localName):
2916         (JSC::ExportSpecifierListNode::specifiers):
2917         (JSC::ExportSpecifierListNode::append):
2918         (JSC::ExportNamedDeclarationNode::specifierList):
2919         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2920         * parser/Parser.cpp:
2921         (JSC::Parser<LexerType>::Parser):
2922         (JSC::Parser<LexerType>::parseInner):
2923         (JSC::Parser<LexerType>::parseModuleSourceElements):
2924         (JSC::Parser<LexerType>::parseVariableDeclaration):
2925         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2926         (JSC::Parser<LexerType>::createBindingPattern):
2927         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2928         (JSC::Parser<LexerType>::parseDestructuringPattern):
2929         (JSC::Parser<LexerType>::parseForStatement):
2930         (JSC::Parser<LexerType>::parseFormalParameters):
2931         (JSC::Parser<LexerType>::parseFunctionParameters):
2932         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2933         (JSC::Parser<LexerType>::parseClassDeclaration):
2934         (JSC::Parser<LexerType>::parseModuleSpecifier):
2935         (JSC::Parser<LexerType>::parseImportClauseItem):
2936         (JSC::Parser<LexerType>::parseImportDeclaration):
2937         (JSC::Parser<LexerType>::parseExportSpecifier):
2938         (JSC::Parser<LexerType>::parseExportDeclaration):
2939         (JSC::Parser<LexerType>::parseMemberExpression):
2940         * parser/Parser.h:
2941         (JSC::isIdentifierOrKeyword):
2942         (JSC::ModuleScopeData::create):
2943         (JSC::ModuleScopeData::exportedBindings):
2944         (JSC::ModuleScopeData::exportName):
2945         (JSC::ModuleScopeData::exportBinding):
2946         (JSC::Scope::Scope):
2947         (JSC::Scope::setIsModule):
2948         (JSC::Scope::moduleScopeData):
2949         (JSC::Parser::matchContextualKeyword):
2950         (JSC::Parser::matchIdentifierOrKeyword):
2951         (JSC::Parser::isofToken): Deleted.
2952         * parser/ParserModes.h:
2953         * parser/ParserTokens.h:
2954         * parser/SyntaxChecker.h:
2955         (JSC::SyntaxChecker::createModuleSpecifier):
2956         (JSC::SyntaxChecker::createImportSpecifier):
2957         (JSC::SyntaxChecker::createImportSpecifierList):
2958         (JSC::SyntaxChecker::appendImportSpecifier):
2959         (JSC::SyntaxChecker::createImportDeclaration):
2960         (JSC::SyntaxChecker::createExportAllDeclaration):
2961         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2962         (JSC::SyntaxChecker::createExportLocalDeclaration):
2963         (JSC::SyntaxChecker::createExportNamedDeclaration):
2964         (JSC::SyntaxChecker::createExportSpecifier):
2965         (JSC::SyntaxChecker::createExportSpecifierList):
2966         (JSC::SyntaxChecker::appendExportSpecifier):
2967         * runtime/CommonIdentifiers.cpp:
2968         (JSC::CommonIdentifiers::CommonIdentifiers):
2969         * runtime/CommonIdentifiers.h:
2970         * runtime/Completion.cpp:
2971         (JSC::checkModuleSyntax):
2972         * runtime/Completion.h:
2973         * tests/stress/modules-syntax-error-with-names.js: Added.
2974         (shouldThrow):
2975         * tests/stress/modules-syntax-error.js: Added.
2976         (shouldThrow):
2977         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2978         * tests/stress/modules-syntax.js: Added.
2979         (prototype.checkModuleSyntax):
2980         (checkModuleSyntax):
2981         * tests/stress/tagged-templates-syntax.js:
2982
2983 2015-08-03  Csaba Osztrogon├íc  <ossy@webkit.org>
2984
2985         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2986         https://bugs.webkit.org/show_bug.cgi?id=146833
2987
2988         Reviewed by Alexey Proskuryakov.
2989
2990         * assembler/ARM64Assembler.h:
2991         * assembler/ARMAssembler.h:
2992         (JSC::ARMAssembler::cacheFlush):
2993         * assembler/MacroAssemblerARM.cpp:
2994         (JSC::isVFPPresent):
2995         * assembler/MacroAssemblerX86Common.h:
2996         (JSC::MacroAssemblerX86Common::isSSE2Present):
2997         * heap/MachineStackMarker.h:
2998         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2999         (JSC::logF):
3000         * jit/HostCallReturnValue.h:
3001         * jit/JIT.h:
3002         * jit/JITOperations.cpp:
3003         * jit/JITStubsARM.h:
3004         * jit/JITStubsARMv7.h:
3005         * jit/JITStubsX86.h:
3006         * jit/JITStubsX86Common.h:
3007         * jit/JITStubsX86_64.h:
3008         * jit/ThunkGenerators.cpp:
3009         * runtime/JSExportMacros.h:
3010         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
3011         (JSC::clz32):
3012
3013 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
3014
3015         Unreviewed, fix uninitialized property leading to an assert.
3016
3017         * runtime/PutPropertySlot.h:
3018         (JSC::PutPropertySlot::PutPropertySlot):
3019
3020 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
3021
3022         Unreviewed, fix Windows.
3023
3024         * bytecode/ObjectPropertyConditionSet.h:
3025         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3026
3027 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
3028
3029         DFG should have adaptive structure watchpoints
3030         https://bugs.webkit.org/show_bug.cgi?id=146929
3031
3032         Reviewed by Geoffrey Garen.
3033
3034         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
3035         property, you'd check that the object still has the structure that you first saw the object have. We
3036         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
3037         elide the structure check.
3038
3039         But this approach fails when that object frequently has new properties added to it. This would
3040         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
3041         we'd have to recompile either the IC or an entire code block.
3042
3043         This change introduces a new concept: an object property condition. This value describes some
3044         condition involving a property on some object. There are four kinds: presence, absence,
3045         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
3046         object has some property at some offset with some attributes. This allows us to implement a new kind
3047         of watchpoint, which knows about the object property condition that it's being used to enforce. If
3048         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
3049         on the new structure.
3050
3051         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
3052         and prototype accesses. They are also used for any DFG accesses to object constants, including
3053         global property accesses.
3054
3055         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
3056         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
3057         chain situation. It's also a small speed-up on getter-richards.
3058
3059         * CMakeLists.txt:
3060         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3061         * JavaScriptCore.xcodeproj/project.pbxproj:
3062         * bytecode/CodeBlock.cpp:
3063         (JSC::CodeBlock::printGetByIdCacheStatus):
3064         (JSC::CodeBlock::printPutByIdCacheStatus):
3065         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
3066         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
3067         * bytecode/ComplexGetStatus.cpp:
3068         (JSC::ComplexGetStatus::computeFor):
3069         * bytecode/ComplexGetStatus.h:
3070         (JSC::ComplexGetStatus::ComplexGetStatus):
3071         (JSC::ComplexGetStatus::takesSlowPath):
3072         (JSC::ComplexGetStatus::kind):
3073         (JSC::ComplexGetStatus::offset):
3074         (JSC::ComplexGetStatus::conditionSet):
3075         (JSC::ComplexGetStatus::attributes): Deleted.
3076         (JSC::ComplexGetStatus::specificValue): Deleted.
3077         (JSC::ComplexGetStatus::chain): Deleted.
3078         * bytecode/ConstantStructureCheck.cpp: Removed.
3079         * bytecode/ConstantStructureCheck.h: Removed.
3080         * bytecode/GetByIdStatus.cpp:
3081         (JSC::GetByIdStatus::computeForStubInfo):
3082         * bytecode/GetByIdVariant.cpp:
3083         (JSC::GetByIdVariant::GetByIdVariant):
3084         (JSC::GetByIdVariant::~GetByIdVariant):
3085         (JSC::GetByIdVariant::operator=):
3086         (JSC::GetByIdVariant::attemptToMerge):
3087         (JSC::GetByIdVariant::dumpInContext):
3088         (JSC::GetByIdVariant::baseStructure): Deleted.
3089         * bytecode/GetByIdVariant.h:
3090         (JSC::GetByIdVariant::operator!):
3091         (JSC::GetByIdVariant::structureSet):
3092         (JSC::GetByIdVariant::conditionSet):
3093         (JSC::GetByIdVariant::offset):
3094         (JSC::GetByIdVariant::callLinkStatus):
3095         (JSC::GetByIdVariant::constantChecks): Deleted.
3096         (JSC::GetByIdVariant::alternateBase): Deleted.
3097         * bytecode/ObjectPropertyCondition.cpp: Added.
3098         (JSC::ObjectPropertyCondition::dumpInContext):
3099         (JSC::ObjectPropertyCondition::dump):
3100         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
3101         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
3102         (JSC::ObjectPropertyCondition::isStillValid):
3103         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
3104         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3105         (JSC::ObjectPropertyCondition::isWatchable):
3106         (JSC::ObjectPropertyCondition::isStillLive):
3107         (JSC::ObjectPropertyCondition::validateReferences):
3108         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3109         * bytecode/ObjectPropertyCondition.h: Added.
3110         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
3111         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
3112         (JSC::ObjectPropertyCondition::presence):
3113         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
3114         (JSC::ObjectPropertyCondition::absence):
3115         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
3116         (JSC::ObjectPropertyCondition::absenceOfSetter):
3117         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
3118         (JSC::ObjectPropertyCondition::equivalence):
3119         (JSC::ObjectPropertyCondition::operator!):
3120         (JSC::ObjectPropertyCondition::object):
3121         (JSC::ObjectPropertyCondition::condition):
3122         (JSC::ObjectPropertyCondition::kind):
3123         (JSC::ObjectPropertyCondition::uid):
3124         (JSC::ObjectPropertyCondition::hasOffset):
3125         (JSC::ObjectPropertyCondition::offset):
3126         (JSC::ObjectPropertyCondition::hasAttributes):
3127         (JSC::ObjectPropertyCondition::attributes):
3128         (JSC::ObjectPropertyCondition::hasPrototype):
3129         (JSC::ObjectPropertyCondition::prototype):
3130         (JSC::ObjectPropertyCondition::hasRequiredValue):
3131         (JSC::ObjectPropertyCondition::requiredValue):
3132         (JSC::ObjectPropertyCondition::hash):
3133         (JSC::ObjectPropertyCondition::operator==):
3134         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
3135         (JSC::ObjectPropertyCondition::isCompatibleWith):
3136         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3137         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
3138         (JSC::ObjectPropertyCondition::isValidValueForPresence):
3139         (JSC::ObjectPropertyConditionHash::hash):
3140         (JSC::ObjectPropertyConditionHash::equal):
3141         * bytecode/ObjectPropertyConditionSet.cpp: Added.
3142         (JSC::ObjectPropertyConditionSet::forObject):
3143         (JSC::ObjectPropertyConditionSet::forConditionKind):
3144         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
3145         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
3146         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
3147         (JSC::ObjectPropertyConditionSet::mergedWith):
3148         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
3149         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
3150         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
3151         (JSC::ObjectPropertyConditionSet::areStillLive):
3152         (JSC::ObjectPropertyConditionSet::dumpInContext):
3153         (JSC::ObjectPropertyConditionSet::dump):
3154         (JSC::generateConditionsForPropertyMiss):
3155         (JSC::generateConditionsForPropertySetterMiss):
3156         (JSC::generateConditionsForPrototypePropertyHit):
3157         (JSC::generateConditionsForPrototypePropertyHitCustom):
3158         (JSC::generateConditionsForPropertySetterMissConcurrently):
3159         * bytecode/ObjectPropertyConditionSet.h: Added.
3160         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
3161         (JSC::ObjectPropertyConditionSet::invalid):
3162         (JSC::ObjectPropertyConditionSet::nonEmpty):
3163         (JSC::ObjectPropertyConditionSet::isValid):
3164         (JSC::ObjectPropertyConditionSet::isEmpty):
3165         (JSC::ObjectPropertyConditionSet::begin):
3166         (JSC::ObjectPropertyConditionSet::end):
3167         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
3168         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
3169         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3170         (JSC::ObjectPropertyConditionSet::Data::Data):
3171         * bytecode/PolymorphicGetByIdList.cpp:
3172         (JSC::GetByIdAccess::GetByIdAccess):
3173         (JSC::GetByIdAccess::~GetByIdAccess):
3174         (JSC::GetByIdAccess::visitWeak):
3175         * bytecode/PolymorphicGetByIdList.h:
3176         (JSC::GetByIdAccess::GetByIdAccess):
3177         (JSC::GetByIdAccess::structure):
3178         (JSC::GetByIdAccess::conditionSet):
3179         (JSC::GetByIdAccess::stubRoutine):
3180         (JSC::GetByIdAccess::chain): Deleted.
3181         (JSC::GetByIdAccess::chainCount): Deleted.
3182         * bytecode/PolymorphicPutByIdList.cpp:
3183         (JSC::PutByIdAccess::fromStructureStubInfo):
3184         (JSC::PutByIdAccess::visitWeak):
3185         * bytecode/PolymorphicPutByIdList.h:
3186         (JSC::PutByIdAccess::PutByIdAccess):
3187         (JSC::PutByIdAccess::transition):
3188         (JSC::PutByIdAccess::setter):
3189         (JSC::PutByIdAccess::newStructure):
3190         (JSC::PutByIdAccess::conditionSet):
3191         (JSC::PutByIdAccess::stubRoutine):
3192         (JSC::PutByIdAccess::chain): Deleted.
3193         (JSC::PutByIdAccess::chainCount): Deleted.
3194         * bytecode/PropertyCondition.cpp: Added.
3195         (JSC::PropertyCondition::dumpInContext):
3196         (JSC::PropertyCondition::dump):
3197         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
3198         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
3199         (JSC::PropertyCondition::isStillValid):
3200         (JSC::PropertyCondition::isWatchableWhenValid):
3201         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3202         (JSC::PropertyCondition::isWatchable):
3203         (JSC::PropertyCondition::isStillLive):
3204         (JSC::PropertyCondition::validateReferences):
3205         (JSC::PropertyCondition::isValidValueForAttributes):
3206         (JSC::PropertyCondition::isValidValueForPresence):
3207         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3208         (WTF::printInternal):
3209         * bytecode/PropertyCondition.h: Added.
3210         (JSC::PropertyCondition::PropertyCondition):
3211         (JSC::PropertyCondition::presenceWithoutBarrier):
3212         (JSC::PropertyCondition::presence):
3213         (JSC::PropertyCondition::absenceWithoutBarrier):
3214         (JSC::PropertyCondition::absence):
3215         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
3216         (JSC::PropertyCondition::absenceOfSetter):
3217         (JSC::PropertyCondition::equivalenceWithoutBarrier):
3218         (JSC::PropertyCondition::equivalence):
3219         (JSC::PropertyCondition::operator!):
3220         (JSC::PropertyCondition::kind):
3221         (JSC::PropertyCondition::uid):
3222         (JSC::PropertyCondition::hasOffset):
3223         (JSC::PropertyCondition::offset):
3224         (JSC::PropertyCondition::hasAttributes):
3225         (JSC::PropertyCondition::attributes):
3226         (JSC::PropertyCondition::hasPrototype):
3227         (JSC::PropertyCondition::prototype):
3228         (JSC::PropertyCondition::hasRequiredValue):
3229         (JSC::PropertyCondition::requiredValue):
3230         (JSC::PropertyCondition::hash):
3231         (JSC::PropertyCondition::operator==):
3232         (JSC::PropertyCondition::isHashTableDeletedValue):
3233         (JSC::PropertyCondition::isCompatibleWith):
3234         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3235         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
3236         (JSC::PropertyConditionHash::hash):
3237         (JSC::PropertyConditionHash::equal):
3238         * bytecode/PutByIdStatus.cpp:
3239         (JSC::PutByIdStatus::computeFromLLInt):
3240         (JSC::PutByIdStatus::computeFor):
3241         (JSC::PutByIdStatus::computeForStubInfo):
3242         * bytecode/PutByIdVariant.cpp:
3243         (JSC::PutByIdVariant::operator=):
3244         (JSC::PutByIdVariant::transition):
3245         (JSC::PutByIdVariant::setter):
3246         (JSC::PutByIdVariant::makesCalls):
3247         (JSC::PutByIdVariant::attemptToMerge):
3248         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
3249         (JSC::PutByIdVariant::dumpInContext):
3250         (JSC::PutByIdVariant::baseStructure): Deleted.
3251         * bytecode/PutByIdVariant.h:
3252         (JSC::PutByIdVariant::PutByIdVariant):
3253         (JSC::PutByIdVariant::kind):
3254         (JSC::PutByIdVariant::structure):
3255         (JSC::PutByIdVariant::structureSet):
3256         (JSC::PutByIdVariant::oldStructure):
3257         (JSC::PutByIdVariant::conditionSet):
3258         (JSC::PutByIdVariant::offset):
3259         (JSC::PutByIdVariant::callLinkStatus):
3260         (JSC::PutByIdVariant::constantChecks): Deleted.
3261         (JSC::PutByIdVariant::alternateBase): Deleted.
3262         * bytecode/StructureStubClearingWatchpoint.cpp:
3263         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
3264         (JSC::StructureStubClearingWatchpoint::push):
3265         (JSC::StructureStubClearingWatchpoint::fireInternal):
3266         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
3267         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
3268         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
3269         * bytecode/StructureStubClearingWatchpoint.h:
3270         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
3271         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
3272         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
3273         * bytecode/StructureStubInfo.cpp:
3274         (JSC::StructureStubInfo::deref):
3275         (JSC::StructureStubInfo::visitWeakReferences):
3276         * bytecode/StructureStubInfo.h:
3277         (JSC::StructureStubInfo::initPutByIdTransition):
3278         (JSC::StructureStubInfo::initPutByIdReplace):
3279         (JSC::StructureStubInfo::setSeen):
3280         (JSC::StructureStubInfo::addWatchpoint):
3281         * dfg/DFGAbstractInterpreterInlines.h:
3282         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3283         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
3284         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
3285         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
3286         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
3287         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
3288         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
3289         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
3290         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
3291         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
3292         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
3293         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
3294         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
3295         (JSC::DFG::AdaptiveStructureWatchpoint::install):
3296         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
3297         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
3298         (JSC::DFG::AdaptiveStructureWatchpoint::key):
3299         * dfg/DFGByteCodeParser.cpp:
3300         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
3301         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3302         (JSC::DFG::ByteCodeParser::handleGetByOffset):
3303         (JSC::DFG::ByteCodeParser::handlePutByOffset):
3304         (JSC::DFG::ByteCodeParser::check):
3305         (JSC::DFG::ByteCodeParser::promoteToConstant):
3306         (JSC::DFG::ByteCodeParser::planLoad):
3307         (JSC::DFG::ByteCodeParser::load):
3308         (JSC::DFG::ByteCodeParser::presenceLike):
3309         (JSC::DFG::ByteCodeParser::checkPresenceLike):
3310         (JSC::DFG::ByteCodeParser::store):
3311         (JSC::DFG::ByteCodeParser::handleGetById):
3312         (JSC::DFG::ByteCodeParser::handlePutById):
3313         (JSC::DFG::ByteCodeParser::parseBlock):
3314         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
3315         * dfg/DFGCommonData.cpp:
3316         (JSC::DFG::CommonData::validateReferences):
3317         * dfg/DFGCommonData.h:
3318         * dfg/DFGConstantFoldingPhase.cpp:
3319         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3320         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
3321         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
3322         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
3323         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
3324         * dfg/DFGDesiredWatchpoints.cpp:
3325         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
3326         (JSC::DFG::InferredValueAdaptor::add):
3327         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
3328         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
3329         (JSC::DFG::DesiredWatchpoints::addLazily):
3330         (JSC::DFG::DesiredWatchpoints::consider):
3331         (JSC::DFG::DesiredWatchpoints::reallyAdd):
3332         (JSC::DFG::DesiredWatchpoints::areStillValid):
3333         (JSC::DFG::DesiredWatchpoints::dumpInContext):
3334         * dfg/DFGDesiredWatchpoints.h:
3335         (JSC::DFG::SetPointerAdaptor::add):
3336         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
3337         (JSC::DFG::SetPointerAdaptor::dumpInContext):
3338         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
3339         (JSC::DFG::InferredValueAdaptor::dumpInContext):
3340         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
3341         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
3342         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
3343         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
3344         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
3345         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
3346         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
3347         (JSC::DFG::DesiredWatchpoints::isWatched):
3348         (JSC::DFG::GenericSetAdaptor::add): Deleted.
3349         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
3350         * dfg/DFGDesiredWeakReferences.cpp:
3351         (JSC::DFG::DesiredWeakReferences::addLazily):
3352         (JSC::DFG::DesiredWeakReferences::contains):
3353         * dfg/DFGDesiredWeakReferences.h:
3354         * dfg/DFGGraph.cpp:
3355         (JSC::DFG::Graph: