Move some commands from ./CMakeLists.txt to Source/cmake
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-17  Alex Christensen  <achristensen@webkit.org>
2
3         Move some commands from ./CMakeLists.txt to Source/cmake
4         https://bugs.webkit.org/show_bug.cgi?id=148003
5
6         Reviewed by Brent Fulgham.
7
8         * CMakeLists.txt:
9         Added commands needed to build JSC by itself.
10
11 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
12
13         [ES6] Implement Reflect.get
14         https://bugs.webkit.org/show_bug.cgi?id=147925
15
16         Reviewed by Geoffrey Garen.
17
18         This patch implements Reflect.get API.
19         It can take the receiver object as the third argument.
20         When the receiver is specified and there's a getter for the given property name,
21         we call the getter with the receiver as the |this| value.
22
23         * runtime/ReflectObject.cpp:
24         (JSC::reflectObjectGet):
25         * runtime/SparseArrayValueMap.cpp:
26         (JSC::SparseArrayEntry::get): Deleted.
27         * runtime/SparseArrayValueMap.h:
28         * tests/stress/reflect-get.js: Added.
29         (shouldBe):
30         (shouldThrow):
31         (.get shouldThrow):
32         (.get var):
33         (get var.object.get hello):
34         (.get shouldBe):
35         (get var.object.set hello):
36
37 2015-08-17  Simon Fraser  <simon.fraser@apple.com>
38
39         will-change should sometimes trigger compositing
40         https://bugs.webkit.org/show_bug.cgi?id=148072
41
42         Reviewed by Tim Horton.
43         
44         Include will-change as a reason for compositing.
45
46         * inspector/protocol/LayerTree.json:
47
48 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
49
50         [ES6] Implement Reflect.getOwnPropertyDescriptor
51         https://bugs.webkit.org/show_bug.cgi?id=147929
52
53         Reviewed by Geoffrey Garen.
54
55         Implement Reflect.getOwnPropertyDescriptor.
56         The difference from the Object.getOwnPropertyDescriptor is
57         Reflect.getOwnPropertyDescriptor does not perform ToObject onto
58         the first argument. If the first argument is not an Object, it
59         immediately raises the TypeError.
60
61         * runtime/ObjectConstructor.cpp:
62         (JSC::objectConstructorGetOwnPropertyDescriptor):
63         * runtime/ObjectConstructor.h:
64         * runtime/ReflectObject.cpp:
65         (JSC::reflectObjectGetOwnPropertyDescriptor):
66         * tests/stress/reflect-get-own-property.js: Added.
67         (shouldBe):
68         (shouldThrow):
69
70 2015-08-16  Benjamin Poulain  <bpoulain@apple.com>
71
72         [JSC] Use (x + x) instead of (x * 2) when possible
73         https://bugs.webkit.org/show_bug.cgi?id=148051
74
75         Reviewed by Michael Saboff.
76
77         When multiplying a number by 2, JSC was loading a constant "2"
78         in register and multiplying it with the first number:
79
80             mov $0x4000000000000000, %rcx
81             movd %rcx, %xmm0
82             mulsd %xmm0, %xmm1
83
84         This is a problem for a few reasons.
85         1) "movd %rcx, %xmm0" only set half of XMM0. This instruction
86            has to wait for any preceding instruction on XMM0 to finish
87            before executing.
88         2) The load and transform itself is large and unecessary.
89
90         To fix that, I added a StrengthReductionPhase to transform
91         multiplications by 2 into a addition.
92
93         Unfortunately, that turned the code into:
94             movsd %xmm0 %xmm1
95             mulsd %xmm1 %xmm0
96
97         The reason is GenerationInfo::canReuse() was not accounting
98         for nodes using other nodes multiple times.
99
100         After fixing that too, we now have the multiplications by 2
101         done as:
102             addsd %xmm0 %xmm0
103
104         * dfg/DFGGenerationInfo.h:
105         (JSC::DFG::GenerationInfo::useCount):
106         (JSC::DFG::GenerationInfo::canReuse): Deleted.
107         * dfg/DFGSpeculativeJIT.cpp:
108         (JSC::DFG::FPRTemporary::FPRTemporary):
109         * dfg/DFGSpeculativeJIT.h:
110         (JSC::DFG::SpeculativeJIT::canReuse):
111         (JSC::DFG::GPRTemporary::GPRTemporary):
112         * dfg/DFGStrengthReductionPhase.cpp:
113         (JSC::DFG::StrengthReductionPhase::handleNode):
114
115 2015-08-14  Basile Clement  <basile_clement@apple.com>
116
117         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
118         https://bugs.webkit.org/show_bug.cgi?id=147165
119
120         Reviewed by Saam Barati.
121
122         The object allocation sinking phase was not properly checking that a
123         MultiGetByOffset was safe to lower before lowering it.
124         This makes it so that we only lower MultiGetByOffset if it only loads
125         from direct properties of the object, and considers it as an escape in
126         any other case (e.g. a load from the prototype).
127
128         It also ensure proper conversion of MultiGetByOffset into
129         CheckStructureImmediate when needed.
130
131         * dfg/DFGObjectAllocationSinkingPhase.cpp:
132         * ftl/FTLLowerDFGToLLVM.cpp:
133         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
134             We were not compiling properly CheckStructure and
135             CheckStructureImmediate nodes with an empty StructureSet.
136         * tests/stress/sink-multigetbyoffset.js: Regression test.
137
138 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
139
140         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
141         https://bugs.webkit.org/show_bug.cgi?id=147999
142
143         Reviewed by Geoffrey Garen.
144
145         * API/JSVirtualMachine.mm:
146         (initWrapperCache):
147         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
148         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
149         (wrapperCacheMutex): Deleted.
150         * bytecode/SamplingTool.cpp:
151         (JSC::SamplingTool::doRun):
152         (JSC::SamplingTool::notifyOfScope):
153         * bytecode/SamplingTool.h:
154         * dfg/DFGThreadData.h:
155         * dfg/DFGWorklist.cpp:
156         (JSC::DFG::Worklist::~Worklist):
157         (JSC::DFG::Worklist::isActiveForVM):
158         (JSC::DFG::Worklist::enqueue):
159         (JSC::DFG::Worklist::compilationState):
160         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
161         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
162         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
163         (JSC::DFG::Worklist::visitWeakReferences):
164         (JSC::DFG::Worklist::removeDeadPlans):
165         (JSC::DFG::Worklist::queueLength):
166         (JSC::DFG::Worklist::dump):
167         (JSC::DFG::Worklist::runThread):
168         * dfg/DFGWorklist.h:
169         * disassembler/Disassembler.cpp:
170         * heap/CopiedSpace.cpp:
171         (JSC::CopiedSpace::doneFillingBlock):
172         (JSC::CopiedSpace::doneCopying):
173         * heap/CopiedSpace.h:
174         * heap/CopiedSpaceInlines.h:
175         (JSC::CopiedSpace::recycleBorrowedBlock):
176         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
177         * heap/GCThread.cpp:
178         (JSC::GCThread::waitForNextPhase):
179         (JSC::GCThread::gcThreadMain):
180         * heap/GCThreadSharedData.cpp:
181         (JSC::GCThreadSharedData::GCThreadSharedData):
182         (JSC::GCThreadSharedData::~GCThreadSharedData):
183         (JSC::GCThreadSharedData::startNextPhase):
184         (JSC::GCThreadSharedData::endCurrentPhase):
185         (JSC::GCThreadSharedData::didStartMarking):
186         (JSC::GCThreadSharedData::didFinishMarking):
187         * heap/GCThreadSharedData.h:
188         * heap/HeapTimer.h:
189         * heap/MachineStackMarker.cpp:
190         (JSC::ActiveMachineThreadsManager::Locker::Locker):
191         (JSC::ActiveMachineThreadsManager::add):
192         (JSC::ActiveMachineThreadsManager::remove):
193         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
194         (JSC::MachineThreads::~MachineThreads):
195         (JSC::MachineThreads::addCurrentThread):
196         (JSC::MachineThreads::removeThreadIfFound):
197         (JSC::MachineThreads::tryCopyOtherThreadStack):
198         (JSC::MachineThreads::tryCopyOtherThreadStacks):
199         (JSC::MachineThreads::gatherConservativeRoots):
200         * heap/MachineStackMarker.h:
201         * heap/SlotVisitor.cpp:
202         (JSC::SlotVisitor::donateKnownParallel):
203         (JSC::SlotVisitor::drain):
204         (JSC::SlotVisitor::drainFromShared):
205         (JSC::SlotVisitor::mergeOpaqueRoots):
206         * heap/SlotVisitorInlines.h:
207         (JSC::SlotVisitor::containsOpaqueRootTriState):
208         * inspector/remote/RemoteInspectorDebuggableConnection.h:
209         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
210         (Inspector::RemoteInspectorHandleRunSourceGlobal):
211         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
212         (Inspector::RemoteInspectorInitializeGlobalQueue):
213         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
214         (Inspector::RemoteInspectorDebuggableConnection::setup):
215         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
216         (Inspector::RemoteInspectorDebuggableConnection::close):
217         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
218         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
219         * interpreter/JSStack.cpp:
220         (JSC::JSStack::JSStack):
221         (JSC::JSStack::releaseExcessCapacity):
222         (JSC::JSStack::addToCommittedByteCount):
223         (JSC::JSStack::committedByteCount):
224         (JSC::stackStatisticsMutex): Deleted.
225         (JSC::JSStack::initializeThreading): Deleted.
226         * interpreter/JSStack.h:
227         (JSC::JSStack::gatherConservativeRoots):
228         (JSC::JSStack::sanitizeStack):
229         (JSC::JSStack::size):
230         (JSC::JSStack::initializeThreading): Deleted.
231         * jit/ExecutableAllocator.cpp:
232         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
233         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
234         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
235         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
236         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
237         (JSC::DemandExecutableAllocator::allocators):
238         (JSC::DemandExecutableAllocator::allocatorsMutex):
239         * jit/JITThunks.cpp:
240         (JSC::JITThunks::ctiStub):
241         * jit/JITThunks.h:
242         * profiler/ProfilerDatabase.cpp:
243         (JSC::Profiler::Database::ensureBytecodesFor):
244         (JSC::Profiler::Database::notifyDestruction):
245         * profiler/ProfilerDatabase.h:
246         * runtime/InitializeThreading.cpp:
247         (JSC::initializeThreading):
248         * runtime/JSLock.cpp:
249         (JSC::GlobalJSLock::GlobalJSLock):
250         (JSC::GlobalJSLock::~GlobalJSLock):
251         (JSC::JSLockHolder::JSLockHolder):
252         (JSC::GlobalJSLock::initialize): Deleted.
253         * runtime/JSLock.h:
254
255 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
256
257         ES6 class syntax should allow computed name method
258         https://bugs.webkit.org/show_bug.cgi?id=142690
259
260         Reviewed by Saam Barati.
261
262         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
263         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
264         getters and setters for classes. Without this, getters and setters could erroneously override methods.
265
266         * bytecode/BytecodeList.json:
267         * bytecode/BytecodeUseDef.h:
268         (JSC::computeUsesForBytecodeOffset):
269         * bytecode/CodeBlock.cpp:
270         (JSC::CodeBlock::dumpBytecode):
271         * bytecompiler/BytecodeGenerator.cpp:
272         (JSC::BytecodeGenerator::emitDirectPutById):
273         (JSC::BytecodeGenerator::emitPutGetterById):
274         (JSC::BytecodeGenerator::emitPutSetterById):
275         (JSC::BytecodeGenerator::emitPutGetterSetter):
276         * bytecompiler/BytecodeGenerator.h:
277         * bytecompiler/NodesCodegen.cpp:
278         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
279         as done for object literals.
280         (JSC::PropertyListNode::emitPutConstantProperty):
281         (JSC::ClassExprNode::emitBytecode):
282         * jit/CCallHelpers.h:
283         (JSC::CCallHelpers::setupArgumentsWithExecState):
284         * jit/JIT.h:
285         * jit/JITInlines.h:
286         (JSC::JIT::callOperation):
287         * jit/JITOperations.cpp:
288         * jit/JITOperations.h:
289         * jit/JITPropertyAccess.cpp:
290         (JSC::JIT::emit_op_put_getter_by_id):
291         (JSC::JIT::emit_op_put_setter_by_id):
292         (JSC::JIT::emit_op_put_getter_setter):
293         (JSC::JIT::emit_op_del_by_id):
294         * jit/JITPropertyAccess32_64.cpp:
295         (JSC::JIT::emit_op_put_getter_by_id):
296         (JSC::JIT::emit_op_put_setter_by_id):
297         (JSC::JIT::emit_op_put_getter_setter):
298         (JSC::JIT::emit_op_del_by_id):
299         * llint/LLIntSlowPaths.cpp:
300         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
301         * llint/LowLevelInterpreter.asm:
302         * parser/ASTBuilder.h:
303         (JSC::ASTBuilder::createProperty):
304         (JSC::ASTBuilder::createPropertyList):
305         * parser/NodeConstructors.h:
306         (JSC::PropertyNode::PropertyNode):
307         * parser/Nodes.h:
308         (JSC::PropertyNode::expressionName):
309         (JSC::PropertyNode::name):
310         * parser/Parser.cpp:
311         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
312         for getters and setters.
313         * parser/SyntaxChecker.h:
314         (JSC::SyntaxChecker::createProperty):
315         * runtime/JSObject.cpp:
316         (JSC::JSObject::allowsAccessFrom):
317         (JSC::JSObject::putGetter):
318         (JSC::JSObject::putSetter):
319         * runtime/JSObject.h:
320         * runtime/PropertyDescriptor.h:
321
322 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
323
324         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
325         https://bugs.webkit.org/show_bug.cgi?id=147942
326
327         Reviewed by Geoffrey Garen.
328
329         This patch adds new private global object, @InspectorInstrumentation.
330         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
331         instrumentation system and it is used to instrument the builtin JS code, like Promises.
332
333         * CMakeLists.txt:
334         * DerivedSources.make:
335         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
336         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
337         * JavaScriptCore.xcodeproj/project.pbxproj:
338         * builtins/InspectorInstrumentationObject.js: Added.
339         (debug):
340         (promiseFulfilled):
341         (promiseRejected):
342         * builtins/Operations.Promise.js:
343         (rejectPromise):
344         (fulfillPromise):
345         * runtime/CommonIdentifiers.h:
346         * runtime/InspectorInstrumentationObject.cpp: Added.
347         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
348         (JSC::InspectorInstrumentationObject::finishCreation):
349         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
350         (JSC::InspectorInstrumentationObject::isEnabled):
351         (JSC::InspectorInstrumentationObject::enable):
352         (JSC::InspectorInstrumentationObject::disable):
353         (JSC::inspectorInstrumentationObjectDataLogImpl):
354         * runtime/InspectorInstrumentationObject.h: Added.
355         (JSC::InspectorInstrumentationObject::create):
356         (JSC::InspectorInstrumentationObject::createStructure):
357         * runtime/JSGlobalObject.cpp:
358         (JSC::JSGlobalObject::init):
359
360 2015-08-14  Commit Queue  <commit-queue@webkit.org>
361
362         Unreviewed, rolling out r188444.
363         https://bugs.webkit.org/show_bug.cgi?id=148029
364
365         Broke GTK and EFL (see bug #148027) (Requested by philn on
366         #webkit).
367
368         Reverted changeset:
369
370         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
371         WTF::ThreadCondition, std::mutex, and std::condition_variable"
372         https://bugs.webkit.org/show_bug.cgi?id=147999
373         http://trac.webkit.org/changeset/188444
374
375 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
376
377         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
378         https://bugs.webkit.org/show_bug.cgi?id=147999
379
380         Reviewed by Geoffrey Garen.
381
382         * API/JSVirtualMachine.mm:
383         (initWrapperCache):
384         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
385         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
386         (wrapperCacheMutex): Deleted.
387         * bytecode/SamplingTool.cpp:
388         (JSC::SamplingTool::doRun):
389         (JSC::SamplingTool::notifyOfScope):
390         * bytecode/SamplingTool.h:
391         * dfg/DFGThreadData.h:
392         * dfg/DFGWorklist.cpp:
393         (JSC::DFG::Worklist::~Worklist):
394         (JSC::DFG::Worklist::isActiveForVM):
395         (JSC::DFG::Worklist::enqueue):
396         (JSC::DFG::Worklist::compilationState):
397         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
398         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
399         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
400         (JSC::DFG::Worklist::visitWeakReferences):
401         (JSC::DFG::Worklist::removeDeadPlans):
402         (JSC::DFG::Worklist::queueLength):
403         (JSC::DFG::Worklist::dump):
404         (JSC::DFG::Worklist::runThread):
405         * dfg/DFGWorklist.h:
406         * disassembler/Disassembler.cpp:
407         * heap/CopiedSpace.cpp:
408         (JSC::CopiedSpace::doneFillingBlock):
409         (JSC::CopiedSpace::doneCopying):
410         * heap/CopiedSpace.h:
411         * heap/CopiedSpaceInlines.h:
412         (JSC::CopiedSpace::recycleBorrowedBlock):
413         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
414         * heap/GCThread.cpp:
415         (JSC::GCThread::waitForNextPhase):
416         (JSC::GCThread::gcThreadMain):
417         * heap/GCThreadSharedData.cpp:
418         (JSC::GCThreadSharedData::GCThreadSharedData):
419         (JSC::GCThreadSharedData::~GCThreadSharedData):
420         (JSC::GCThreadSharedData::startNextPhase):
421         (JSC::GCThreadSharedData::endCurrentPhase):
422         (JSC::GCThreadSharedData::didStartMarking):
423         (JSC::GCThreadSharedData::didFinishMarking):
424         * heap/GCThreadSharedData.h:
425         * heap/HeapTimer.h:
426         * heap/MachineStackMarker.cpp:
427         (JSC::ActiveMachineThreadsManager::Locker::Locker):
428         (JSC::ActiveMachineThreadsManager::add):
429         (JSC::ActiveMachineThreadsManager::remove):
430         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
431         (JSC::MachineThreads::~MachineThreads):
432         (JSC::MachineThreads::addCurrentThread):
433         (JSC::MachineThreads::removeThreadIfFound):
434         (JSC::MachineThreads::tryCopyOtherThreadStack):
435         (JSC::MachineThreads::tryCopyOtherThreadStacks):
436         (JSC::MachineThreads::gatherConservativeRoots):
437         * heap/MachineStackMarker.h:
438         * heap/SlotVisitor.cpp:
439         (JSC::SlotVisitor::donateKnownParallel):
440         (JSC::SlotVisitor::drain):
441         (JSC::SlotVisitor::drainFromShared):
442         (JSC::SlotVisitor::mergeOpaqueRoots):
443         * heap/SlotVisitorInlines.h:
444         (JSC::SlotVisitor::containsOpaqueRootTriState):
445         * inspector/remote/RemoteInspectorDebuggableConnection.h:
446         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
447         (Inspector::RemoteInspectorHandleRunSourceGlobal):
448         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
449         (Inspector::RemoteInspectorInitializeGlobalQueue):
450         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
451         (Inspector::RemoteInspectorDebuggableConnection::setup):
452         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
453         (Inspector::RemoteInspectorDebuggableConnection::close):
454         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
455         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
456         * interpreter/JSStack.cpp:
457         (JSC::JSStack::JSStack):
458         (JSC::JSStack::releaseExcessCapacity):
459         (JSC::JSStack::addToCommittedByteCount):
460         (JSC::JSStack::committedByteCount):
461         (JSC::stackStatisticsMutex): Deleted.
462         (JSC::JSStack::initializeThreading): Deleted.
463         * interpreter/JSStack.h:
464         (JSC::JSStack::gatherConservativeRoots):
465         (JSC::JSStack::sanitizeStack):
466         (JSC::JSStack::size):
467         (JSC::JSStack::initializeThreading): Deleted.
468         * jit/ExecutableAllocator.cpp:
469         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
470         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
471         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
472         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
473         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
474         (JSC::DemandExecutableAllocator::allocators):
475         (JSC::DemandExecutableAllocator::allocatorsMutex):
476         * jit/JITThunks.cpp:
477         (JSC::JITThunks::ctiStub):
478         * jit/JITThunks.h:
479         * profiler/ProfilerDatabase.cpp:
480         (JSC::Profiler::Database::ensureBytecodesFor):
481         (JSC::Profiler::Database::notifyDestruction):
482         * profiler/ProfilerDatabase.h:
483         * runtime/InitializeThreading.cpp:
484         (JSC::initializeThreading):
485         * runtime/JSLock.cpp:
486         (JSC::GlobalJSLock::GlobalJSLock):
487         (JSC::GlobalJSLock::~GlobalJSLock):
488         (JSC::JSLockHolder::JSLockHolder):
489         (JSC::GlobalJSLock::initialize): Deleted.
490         * runtime/JSLock.h:
491
492 2015-08-13  Commit Queue  <commit-queue@webkit.org>
493
494         Unreviewed, rolling out r188428.
495         https://bugs.webkit.org/show_bug.cgi?id=148015
496
497         broke cmake build (Requested by alexchristensen on #webkit).
498
499         Reverted changeset:
500
501         "Move some commands from ./CMakeLists.txt to Source/cmake"
502         https://bugs.webkit.org/show_bug.cgi?id=148003
503         http://trac.webkit.org/changeset/188428
504
505 2015-08-13  Commit Queue  <commit-queue@webkit.org>
506
507         Unreviewed, rolling out r188431.
508         https://bugs.webkit.org/show_bug.cgi?id=148013
509
510         JSC headers are too hard to understand (Requested by smfr on
511         #webkit).
512
513         Reverted changeset:
514
515         "Remove a few includes from JSGlobalObject.h"
516         https://bugs.webkit.org/show_bug.cgi?id=148004
517         http://trac.webkit.org/changeset/188431
518
519 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
520
521         [JSC] Add support for GetByVal on arrays of Undecided shape
522         https://bugs.webkit.org/show_bug.cgi?id=147814
523
524         Reviewed by Filip Pizlo.
525
526         Previously, GetByVal on Array::Undecided would just take
527         the generic path. The problem is the generic path is so
528         slow that it could take a significant amount of time
529         even for unfrequent accesses.
530
531         With this patch, if the following conditions are met,
532         the GetByVal just returns a "undefined" constant:
533         -The object is an OriginalArray.
534         -The prototype chain is sane.
535         -The index is an integer.
536         -The integer is positive (runtime check).
537
538         Ideally, the 4th conditions should be removed
539         deducing a compile-time constant gives us so much better
540         opportunities at getting rid of this code.
541
542         There are two cases where this patch removes the runtime
543         check:
544         -If the index is constant (uncommon but easy)
545         -If the index is within a range known to be positive.
546          (common case and made possible with DFGIntegerRangeOptimizationPhase).
547
548         When we get into those cases, DFG just nukes everything
549         and all we have left is a structure check :)
550
551         This patch is a 14% improvement on audio-beat-detection,
552         a few percent faster here and there and no regression.
553
554         * dfg/DFGAbstractInterpreterInlines.h:
555         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
556         If the index is a positive constant, we can get rid of the GetByVal
557         entirely. :)
558
559         * dfg/DFGArrayMode.cpp:
560         (JSC::DFG::ArrayMode::fromObserved):
561         The returned type is now Array::Undecided + profiling information.
562         The useful type is set in ArrayMode::refine().
563
564         (JSC::DFG::ArrayMode::refine):
565         If we meet the particular set conditions, we speculate an Undecided
566         array type with sane chain. Anything else comes back to Generic.
567
568         (JSC::DFG::ArrayMode::originalArrayStructure):
569         To enable the structure check for Undecided array.
570
571         (JSC::DFG::ArrayMode::alreadyChecked):
572         * dfg/DFGArrayMode.h:
573         (JSC::DFG::ArrayMode::withProfile):
574         (JSC::DFG::ArrayMode::canCSEStorage):
575         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
576         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
577         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
578
579         * dfg/DFGByteCodeParser.cpp:
580         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
581         This is somewhat unrelated.
582
583         Having Array::Undecided on ArrayPush was impossible before
584         since ArrayMode::fromObserved() used to return Array::Generic.
585
586         Now that Array::Undecided is possible, we must make sure not
587         to provide it to ArrayPush since there is no code to handle it
588         properly.
589
590         * dfg/DFGClobberize.h:
591         (JSC::DFG::clobberize):
592         The operation only depends on the index, it is pure.
593
594         * dfg/DFGFixupPhase.cpp:
595         (JSC::DFG::FixupPhase::fixupNode): Deleted.
596         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
597         * dfg/DFGSpeculativeJIT.cpp:
598         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
599         (JSC::DFG::SpeculativeJIT::checkArray):
600         * dfg/DFGSpeculativeJIT32_64.cpp:
601         (JSC::DFG::SpeculativeJIT::compile):
602         * dfg/DFGSpeculativeJIT64.cpp:
603         (JSC::DFG::SpeculativeJIT::compile):
604         * ftl/FTLCapabilities.cpp:
605         (JSC::FTL::canCompile):
606         * ftl/FTLLowerDFGToLLVM.cpp:
607         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
608         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
609         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
610         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
611         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
612         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
613         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
614         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
615
616 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
617
618         Remove a few includes from JSGlobalObject.h
619         https://bugs.webkit.org/show_bug.cgi?id=148004
620
621         Reviewed by Tim Horton.
622         
623         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
624
625         * parser/VariableEnvironment.cpp:
626         * parser/VariableEnvironment.h:
627         * runtime/JSGlobalObject.h:
628         * runtime/Structure.h:
629         * runtime/StructureInlines.h:
630
631 2015-08-13  Alex Christensen  <achristensen@webkit.org>
632
633         Move some commands from ./CMakeLists.txt to Source/cmake
634         https://bugs.webkit.org/show_bug.cgi?id=148003
635
636         Reviewed by Brent Fulgham.
637
638         * CMakeLists.txt:
639         Added commands needed to build JSC by itself.
640
641 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
642
643         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
644         https://bugs.webkit.org/show_bug.cgi?id=147353
645
646         Reviewed by Saam Barati.
647
648         This is the follow-up patch after r188355.
649         It includes the following changes.
650
651         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
652         - Make SourceParseMode to C++ strongly-typed enum.
653         - Fix the comments.
654         - Rename ModuleSpecifier to ModuleName.
655         - Add the type name `ImportEntry` before the C++11 uniform initialization.
656         - Fix the thrown message for duplicate 'default' names.
657         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
658
659         * API/JSScriptRef.cpp:
660         (parseScript):
661         * builtins/BuiltinExecutables.cpp:
662         (JSC::BuiltinExecutables::createExecutableInternal):
663         * bytecode/UnlinkedFunctionExecutable.cpp:
664         (JSC::generateFunctionCodeBlock):
665         * bytecode/UnlinkedFunctionExecutable.h:
666         * bytecompiler/BytecodeGenerator.h:
667         (JSC::BytecodeGenerator::makeFunction):
668         * parser/ASTBuilder.h:
669         (JSC::ASTBuilder::createFunctionMetadata):
670         (JSC::ASTBuilder::createModuleName):
671         (JSC::ASTBuilder::createImportDeclaration):
672         (JSC::ASTBuilder::createExportAllDeclaration):
673         (JSC::ASTBuilder::createExportNamedDeclaration):
674         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
675         * parser/ModuleAnalyzer.cpp:
676         (JSC::ModuleAnalyzer::analyze):
677         * parser/NodeConstructors.h:
678         (JSC::ModuleNameNode::ModuleNameNode):
679         (JSC::ImportDeclarationNode::ImportDeclarationNode):
680         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
681         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
682         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
683         * parser/Nodes.cpp:
684         (JSC::FunctionMetadataNode::FunctionMetadataNode):
685         * parser/Nodes.h:
686         (JSC::StatementNode::isModuleDeclarationNode):
687         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
688         (JSC::ImportDeclarationNode::moduleName):
689         (JSC::ExportAllDeclarationNode::moduleName):
690         (JSC::ExportNamedDeclarationNode::moduleName):
691         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
692         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
693         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
694         * parser/NodesAnalyzeModule.cpp:
695         (JSC::SourceElements::analyzeModule):
696         (JSC::ImportDeclarationNode::analyzeModule):
697         (JSC::ExportAllDeclarationNode::analyzeModule):
698         (JSC::ExportNamedDeclarationNode::analyzeModule):
699         * parser/Parser.cpp:
700         (JSC::Parser<LexerType>::Parser):
701         (JSC::Parser<LexerType>::parseInner):
702         (JSC::Parser<LexerType>::parseModuleSourceElements):
703         (JSC::Parser<LexerType>::parseFunctionBody):
704         (JSC::stringForFunctionMode):
705         (JSC::Parser<LexerType>::parseFunctionParameters):
706         (JSC::Parser<LexerType>::parseFunctionInfo):
707         (JSC::Parser<LexerType>::parseFunctionDeclaration):
708         (JSC::Parser<LexerType>::parseClass):
709         (JSC::Parser<LexerType>::parseModuleName):
710         (JSC::Parser<LexerType>::parseImportDeclaration):
711         (JSC::Parser<LexerType>::parseExportDeclaration):
712         (JSC::Parser<LexerType>::parsePropertyMethod):
713         (JSC::Parser<LexerType>::parseGetterSetter):
714         (JSC::Parser<LexerType>::parsePrimaryExpression):
715         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
716         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
717         * parser/Parser.h:
718         (JSC::Parser<LexerType>::parse):
719         (JSC::parse):
720         * parser/ParserModes.h:
721         (JSC::isFunctionParseMode):
722         (JSC::isModuleParseMode):
723         (JSC::isProgramParseMode):
724         * parser/SyntaxChecker.h:
725         (JSC::SyntaxChecker::createFunctionMetadata):
726         (JSC::SyntaxChecker::createModuleName):
727         (JSC::SyntaxChecker::createImportDeclaration):
728         (JSC::SyntaxChecker::createExportAllDeclaration):
729         (JSC::SyntaxChecker::createExportNamedDeclaration):
730         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
731         * runtime/CodeCache.cpp:
732         (JSC::CodeCache::getGlobalCodeBlock):
733         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
734         * runtime/Completion.cpp:
735         (JSC::checkSyntax):
736         (JSC::checkModuleSyntax):
737         * runtime/Executable.cpp:
738         (JSC::ProgramExecutable::checkSyntax):
739         * tests/stress/modules-syntax-error-with-names.js:
740
741 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
742
743         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
744         https://bugs.webkit.org/show_bug.cgi?id=147966
745
746         Reviewed by Timothy Hatcher.
747
748         * inspector/InjectedScriptSource.js:
749         (InjectedScript.prototype._initialPreview):
750         Renamed to initial preview. This is not a complete preview for
751         this object, and it needs some processing in order to be a
752         complete accurate preview.
753
754         (InjectedScript.RemoteObject.prototype._emptyPreview):
755         This attempts to be an accurate empty preview for the given object.
756         For types with entries, it adds an empty entries list and updates
757         the overflow and lossless properties.
758
759         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
760         Take a generatePreview parameter to generate a full preview or empty preview.
761
762         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
763         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
764         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
765         Take care to avoid cycles.
766
767 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
768
769         Periodic code deletion should delete RegExp code
770         https://bugs.webkit.org/show_bug.cgi?id=147990
771
772         Reviewed by Filip Pizlo.
773
774         The RegExp code cache was created for the sake of simple loops that
775         re-created the same RegExps. It's reasonable to delete it periodically.
776
777         * heap/Heap.cpp:
778         (JSC::Heap::deleteOldCode):
779
780 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
781
782         RegExpCache::finalize should not delete code
783         https://bugs.webkit.org/show_bug.cgi?id=147987
784
785         Reviewed by Mark Lam.
786
787         The RegExp object already knows how to delete its own code in its
788         destructor. Our job is just to clear our stale pointer.
789
790         * runtime/RegExpCache.cpp:
791         (JSC::RegExpCache::finalize):
792         (JSC::RegExpCache::addToStrongCache):
793
794 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
795
796         Standardize on the phrase "delete code"
797         https://bugs.webkit.org/show_bug.cgi?id=147984
798
799         Reviewed by Mark Lam.
800
801         Use "delete" when we talk about throwing away code, as opposed to
802         "invalidate" or "discard".
803
804         * debugger/Debugger.cpp:
805         (JSC::Debugger::forEachCodeBlock):
806         (JSC::Debugger::setSteppingMode):
807         (JSC::Debugger::recompileAllJSFunctions):
808         * heap/Heap.cpp:
809         (JSC::Heap::deleteAllCompiledCode):
810         * inspector/agents/InspectorRuntimeAgent.cpp:
811         (Inspector::recompileAllJSFunctionsForTypeProfiling):
812         * runtime/RegExp.cpp:
813         (JSC::RegExp::match):
814         (JSC::RegExp::deleteCode):
815         (JSC::RegExp::invalidateCode): Deleted.
816         * runtime/RegExp.h:
817         * runtime/RegExpCache.cpp:
818         (JSC::RegExpCache::finalize):
819         (JSC::RegExpCache::addToStrongCache):
820         (JSC::RegExpCache::deleteAllCode):
821         (JSC::RegExpCache::invalidateCode): Deleted.
822         * runtime/RegExpCache.h:
823         * runtime/VM.cpp:
824         (JSC::VM::stopSampling):
825         (JSC::VM::prepareToDeleteCode):
826         (JSC::VM::deleteAllCode):
827         (JSC::VM::setEnabledProfiler):
828         (JSC::VM::prepareToDiscardCode): Deleted.
829         (JSC::VM::discardAllCode): Deleted.
830         * runtime/VM.h:
831         (JSC::VM::apiLock):
832         (JSC::VM::codeCache):
833         * runtime/Watchdog.cpp:
834         (JSC::Watchdog::setTimeLimit):
835
836 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
837
838         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
839         https://bugs.webkit.org/show_bug.cgi?id=147930
840
841         Reviewed by Saam Barati.
842
843         When the passed prototype object to be set is the same to the existing
844         prototype object, [[SetPrototypeOf]] just finishes its operation even
845         if the extensibility of the target object is `false`.
846
847         * runtime/JSGlobalObjectFunctions.cpp:
848         (JSC::globalFuncProtoSetter):
849         * runtime/ObjectConstructor.cpp:
850         (JSC::objectConstructorSetPrototypeOf):
851         * runtime/ReflectObject.cpp:
852         (JSC::reflectObjectSetPrototypeOf):
853         * tests/stress/set-same-prototype.js: Added.
854         (shouldBe):
855         (shouldThrow):
856
857 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
858
859         Removed clearEvalCodeCache()
860         https://bugs.webkit.org/show_bug.cgi?id=147957
861
862         Reviewed by Filip Pizlo.
863
864         It was unused.
865
866         * bytecode/CodeBlock.cpp:
867         (JSC::CodeBlock::linkIncomingCall):
868         (JSC::CodeBlock::install):
869         (JSC::CodeBlock::clearEvalCache): Deleted.
870         * bytecode/CodeBlock.h:
871         (JSC::CodeBlock::numberOfJumpTargets):
872         (JSC::CodeBlock::jumpTarget):
873         (JSC::CodeBlock::numberOfArgumentValueProfiles):
874
875 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
876
877         [ES6] Implement Reflect.defineProperty
878         https://bugs.webkit.org/show_bug.cgi?id=147943
879
880         Reviewed by Saam Barati.
881
882         This patch implements Reflect.defineProperty.
883         The difference from the Object.defineProperty is,
884
885         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
886         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
887         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
888
889         And this patch comments the links to the ES6 spec.
890
891         * builtins/ReflectObject.js:
892         * runtime/ObjectConstructor.cpp:
893         (JSC::toPropertyDescriptor):
894         * runtime/ObjectConstructor.h:
895         * runtime/ReflectObject.cpp:
896         (JSC::reflectObjectDefineProperty):
897         * tests/stress/reflect-define-property.js: Added.
898         (shouldBe):
899         (shouldThrow):
900         (.set getter):
901         (setter):
902         (.get testDescriptor):
903         (.set get var):
904         (.set testDescriptor):
905         (.set get testDescriptor):
906         (.set get shouldThrow):
907         (.get var):
908
909 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
910
911         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
912         https://bugs.webkit.org/show_bug.cgi?id=147950
913
914         Reviewed by Michael Saboff.
915
916         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
917         responsible for memory corruption, since it would sometimes install watchpoints on structures that
918         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
919         entirely since later phases also do constant folding, and they do it without introducing the bug.
920         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
921         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
922         be maximally aggressive in constant-folding whenever possible.
923
924         So, this change now brings back that constant folding rule - for loads from object constants that
925         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
926         tryGetConstantProperty() if we have registered the structure set.
927
928         * dfg/DFGByteCodeParser.cpp:
929         (JSC::DFG::ByteCodeParser::load):
930
931 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
932
933         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
934         https://bugs.webkit.org/show_bug.cgi?id=147353
935
936         Reviewed by Geoffrey Garen.
937
938         This patch implements ModuleRecord and ModuleAnalyzer.
939         ModuleAnalyzer analyzes the produced AST from the parser.
940         By collaborating with the parser, ModuleAnalyzer collects the information
941         that is necessary to request the loading for the dependent modules and
942         construct module's environment and namespace object before executing the actual
943         module body.
944
945         In the parser, we annotate which variable is imported binding and which variable
946         is exported from the current module. This information is leveraged in the ModuleAnalyzer
947         to categorize the export entries.
948
949         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
950         instead of introducing a new TreeContext type. This is because only 2 users use the
951         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
952         enough to switch the context to the SyntaxChecker when parsing the non-module related
953         statement in the preparsing phase.
954
955         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
956         into the JSC shell. By specifying this, the result of analysis is dumped when the module
957         is parsed and analyzed.
958
959         * CMakeLists.txt:
960         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
961         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
962         * JavaScriptCore.xcodeproj/project.pbxproj:
963         * builtins/BuiltinNames.h:
964         * parser/ASTBuilder.h:
965         (JSC::ASTBuilder::createExportDefaultDeclaration):
966         * parser/ModuleAnalyzer.cpp: Added.
967         (JSC::ModuleAnalyzer::ModuleAnalyzer):
968         (JSC::ModuleAnalyzer::exportedBinding):
969         (JSC::ModuleAnalyzer::declareExportAlias):
970         (JSC::ModuleAnalyzer::exportVariable):
971         (JSC::ModuleAnalyzer::analyze):
972         * parser/ModuleAnalyzer.h: Added.
973         (JSC::ModuleAnalyzer::vm):
974         (JSC::ModuleAnalyzer::moduleRecord):
975         * parser/ModuleRecord.cpp: Added.
976         (JSC::printableName):
977         (JSC::ModuleRecord::dump):
978         * parser/ModuleRecord.h: Added.
979         (JSC::ModuleRecord::ImportEntry::isNamespace):
980         (JSC::ModuleRecord::create):
981         (JSC::ModuleRecord::appendRequestedModule):
982         (JSC::ModuleRecord::addImportEntry):
983         (JSC::ModuleRecord::addExportEntry):
984         (JSC::ModuleRecord::addStarExportEntry):
985         * parser/NodeConstructors.h:
986         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
987         (JSC::ImportDeclarationNode::ImportDeclarationNode):
988         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
989         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
990         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
991         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
992         * parser/Nodes.h:
993         (JSC::ExportDefaultDeclarationNode::localName):
994         * parser/NodesAnalyzeModule.cpp: Added.
995         (JSC::ScopeNode::analyzeModule):
996         (JSC::SourceElements::analyzeModule):
997         (JSC::ImportDeclarationNode::analyzeModule):
998         (JSC::ExportAllDeclarationNode::analyzeModule):
999         (JSC::ExportDefaultDeclarationNode::analyzeModule):
1000         (JSC::ExportLocalDeclarationNode::analyzeModule):
1001         (JSC::ExportNamedDeclarationNode::analyzeModule):
1002         * parser/Parser.cpp:
1003         (JSC::Parser<LexerType>::parseInner):
1004         (JSC::Parser<LexerType>::parseModuleSourceElements):
1005         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1006         (JSC::Parser<LexerType>::createBindingPattern):
1007         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1008         (JSC::Parser<LexerType>::parseClassDeclaration):
1009         (JSC::Parser<LexerType>::parseImportClauseItem):
1010         (JSC::Parser<LexerType>::parseExportSpecifier):
1011         (JSC::Parser<LexerType>::parseExportDeclaration):
1012         * parser/Parser.h:
1013         (JSC::Scope::lexicalVariables):
1014         (JSC::Scope::declareLexicalVariable):
1015         (JSC::Parser::declareVariable):
1016         (JSC::Parser::exportName):
1017         (JSC::Parser<LexerType>::parse):
1018         (JSC::parse):
1019         * parser/ParserModes.h:
1020         * parser/SyntaxChecker.h:
1021         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1022         * parser/VariableEnvironment.cpp:
1023         (JSC::VariableEnvironment::markVariableAsImported):
1024         (JSC::VariableEnvironment::markVariableAsExported):
1025         * parser/VariableEnvironment.h:
1026         (JSC::VariableEnvironmentEntry::isExported):
1027         (JSC::VariableEnvironmentEntry::isImported):
1028         (JSC::VariableEnvironmentEntry::setIsExported):
1029         (JSC::VariableEnvironmentEntry::setIsImported):
1030         * runtime/CommonIdentifiers.h:
1031         * runtime/Completion.cpp:
1032         (JSC::checkModuleSyntax):
1033         * runtime/Options.h:
1034
1035 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
1036
1037         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
1038
1039         * jit/ExecutableAllocator.h:
1040         * jsc.cpp:
1041         (GlobalObject::finishCreation):
1042         (functionAddressOf):
1043         (functionVersion):
1044         (functionReleaseExecutableMemory): Deleted.
1045         * runtime/VM.cpp:
1046         (JSC::StackPreservingRecompiler::operator()):
1047         (JSC::VM::throwException):
1048         (JSC::VM::updateFTLLargestStackSize):
1049         (JSC::VM::gatherConservativeRoots):
1050         (JSC::VM::releaseExecutableMemory): Deleted.
1051         (JSC::releaseExecutableMemory): Deleted.
1052         * runtime/VM.h:
1053         (JSC::VM::isCollectorBusy):
1054         * runtime/Watchdog.cpp:
1055         (JSC::Watchdog::setTimeLimit):
1056
1057 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
1058
1059         Roll out r188339, which broke the build.
1060
1061         Unreviewed.
1062
1063         * jit/ExecutableAllocator.h:
1064         * jsc.cpp:
1065         (GlobalObject::finishCreation):
1066         (functionReleaseExecutableMemory):
1067         * runtime/VM.cpp:
1068         (JSC::StackPreservingRecompiler::visit):
1069         (JSC::StackPreservingRecompiler::operator()):
1070         (JSC::VM::releaseExecutableMemory):
1071         (JSC::releaseExecutableMemory):
1072         * runtime/VM.h:
1073         * runtime/Watchdog.cpp:
1074         (JSC::Watchdog::setTimeLimit):
1075
1076 2015-08-12  Alex Christensen  <achristensen@webkit.org>
1077
1078         Fix Debug CMake builds on Windows
1079         https://bugs.webkit.org/show_bug.cgi?id=147940
1080
1081         Reviewed by Chris Dumez.
1082
1083         * PlatformWin.cmake:
1084         Copy the plist to the JavaScriptCore.resources directory.
1085
1086 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
1087
1088         Remove VM::releaseExecutableMemory
1089         https://bugs.webkit.org/show_bug.cgi?id=147915
1090
1091         Reviewed by Saam Barati.
1092
1093         releaseExecutableMemory() was only used in one place, where discardAllCode()
1094         would work just as well.
1095
1096         It's confusing to have two slightly different ways to discard code. Also,
1097         releaseExecutableMemory() is unused in any production code, and it seems
1098         to have bit-rotted.
1099
1100         * jit/ExecutableAllocator.h:
1101         * jsc.cpp:
1102         (GlobalObject::finishCreation):
1103         (functionAddressOf):
1104         (functionVersion):
1105         (functionReleaseExecutableMemory): Deleted.
1106         * runtime/VM.cpp:
1107         (JSC::StackPreservingRecompiler::operator()):
1108         (JSC::VM::throwException):
1109         (JSC::VM::updateFTLLargestStackSize):
1110         (JSC::VM::gatherConservativeRoots):
1111         (JSC::VM::releaseExecutableMemory): Deleted.
1112         (JSC::releaseExecutableMemory): Deleted.
1113         * runtime/VM.h:
1114         (JSC::VM::isCollectorBusy):
1115         * runtime/Watchdog.cpp:
1116         (JSC::Watchdog::setTimeLimit):
1117
1118 2015-08-12  Mark Lam  <mark.lam@apple.com>
1119
1120         Add a JSC option to enable the watchdog for testing.
1121         https://bugs.webkit.org/show_bug.cgi?id=147939
1122
1123         Reviewed by Michael Saboff.
1124
1125         * API/JSContextRef.cpp:
1126         (JSContextGroupSetExecutionTimeLimit):
1127         (createWatchdogIfNeeded): Deleted.
1128         * runtime/Options.h:
1129         * runtime/VM.cpp:
1130         (JSC::VM::VM):
1131         (JSC::VM::~VM):
1132         (JSC::VM::sharedInstanceInternal):
1133         (JSC::VM::ensureWatchdog):
1134         (JSC::thunkGeneratorForIntrinsic):
1135         * runtime/VM.h:
1136
1137 2015-08-11  Mark Lam  <mark.lam@apple.com>
1138
1139         Implementation JavaScript watchdog using WTF::WorkQueue.
1140         https://bugs.webkit.org/show_bug.cgi?id=147107
1141
1142         Reviewed by Geoffrey Garen.
1143
1144         How the Watchdog works?
1145         ======================
1146
1147         1. When do we start the Watchdog?
1148            =============================
1149            The watchdog should only be started if both the following conditions are true:
1150            1. A time limit has been set.
1151            2. We have entered the VM.
1152  
1153         2. CPU time vs Wall Clock time
1154            ===========================
1155            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
1156
1157            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
1158            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
1159            indicates the wall clock time point when the WorkQueue timer is expected to fire.
1160
1161            The time limit for which we allow JS code to run should be measured in CPU time, which can
1162            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
1163            should fire.
1164
1165            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
1166            we need to check if m_cpuDeadline has been reached.
1167
1168            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
1169
1170            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
1171            code to continue to run for.  Hence, we need to start a new timer to fire again after
1172            Tremainder microseconds.
1173     
1174            See Watchdog::didFireSlow().
1175
1176         3. Spurious wake ups
1177            =================
1178            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
1179            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
1180            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
1181            wake ups are considered to be spurious and will be ignored.
1182  
1183            See Watchdog::didFireSlow().
1184  
1185         4. Minimizing Timer creation cost
1186            ==============================
1187            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
1188            than this.
1189  
1190            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
1191            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
1192            time limit. Consider the following example:
1193  
1194                |---|-----|---|----------------|---------|
1195                t0  t1    t2  t3            t0 + L    t2 + L 
1196
1197                |<--- T1 --------------------->|
1198                          |<--- T2 --------------------->|
1199                |<-- Td ->|                    |<-- Td ->|
1200
1201            1. The user initializes the watchdog with time limit L.
1202            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
1203               The timer is set to expire at t0 + L.
1204            3. At t1, we exit the VM.
1205            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
1206          
1207               However, we can note that the expiration time for T2 would be after the expiration time
1208               of T1. Specifically, T2 would have expired at Td after T1 expires.
1209          
1210               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
1211               for a period or Td instead.
1212
1213            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
1214            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
1215            automatically take care of starting a new timer for the difference Td in the example above.
1216            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
1217            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
1218
1219            The benefit:
1220
1221            1. we minimize the number of timer instances we have queued in the workqueue at the same time
1222               (ideally only 1 or 0), and use less peak memory usage.
1223
1224            2. we minimize the frequency of instantiating timer instances. By waiting for the current
1225               active timer to expire first, on average, we get to start one timer per time limit
1226               (which is infrequent because time limits tend to be long) instead of one timer per
1227               VM entry (which tends to be frequent).
1228
1229            See Watchdog::startTimer().
1230
1231         * API/JSContextRef.cpp:
1232         (createWatchdogIfNeeded):
1233         (JSContextGroupClearExecutionTimeLimit):
1234         - No need to create the watchdog (if not already created) just to clear it.
1235           If the watchdog is not created yet, then it is effectively cleared.
1236
1237         * API/tests/ExecutionTimeLimitTest.cpp:
1238         (currentCPUTimeAsJSFunctionCallback):
1239         (testExecutionTimeLimit):
1240         (currentCPUTime): Deleted.
1241         * API/tests/testapi.c:
1242         (main):
1243         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1244         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
1245         - Enable watchdog tests for all platforms.
1246
1247         * CMakeLists.txt:
1248         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1249         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1250         * JavaScriptCore.xcodeproj/project.pbxproj:
1251         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
1252
1253         * PlatformEfl.cmake:
1254
1255         * dfg/DFGByteCodeParser.cpp:
1256         (JSC::DFG::ByteCodeParser::parseBlock):
1257         * dfg/DFGSpeculativeJIT32_64.cpp:
1258         * dfg/DFGSpeculativeJIT64.cpp:
1259         * interpreter/Interpreter.cpp:
1260         (JSC::Interpreter::execute):
1261         (JSC::Interpreter::executeCall):
1262         (JSC::Interpreter::executeConstruct):
1263         * jit/JITOpcodes.cpp:
1264         (JSC::JIT::emit_op_loop_hint):
1265         (JSC::JIT::emitSlow_op_loop_hint):
1266         * jit/JITOperations.cpp:
1267         * llint/LLIntOffsetsExtractor.cpp:
1268         * llint/LLIntSlowPaths.cpp:
1269         * runtime/VM.cpp:
1270         - #include Watchdog.h in these files directly instead of doing it via VM.h.
1271           These saves us from having to recompile the world when we change Watchdog.h.
1272
1273         * runtime/VM.h:
1274         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
1275           thread-safe ref counted.
1276
1277         * runtime/VMEntryScope.cpp:
1278         (JSC::VMEntryScope::VMEntryScope):
1279         (JSC::VMEntryScope::~VMEntryScope):
1280         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
1281           Instead, the VMEntryScope will inform the watchdog of when we have entered and
1282           exited the VM.
1283
1284         * runtime/Watchdog.cpp:
1285         (JSC::currentWallClockTime):
1286         (JSC::Watchdog::Watchdog):
1287         (JSC::Watchdog::hasStartedTimer):
1288         (JSC::Watchdog::setTimeLimit):
1289         (JSC::Watchdog::didFireSlow):
1290         (JSC::Watchdog::hasTimeLimit):
1291         (JSC::Watchdog::fire):
1292         (JSC::Watchdog::enteredVM):
1293         (JSC::Watchdog::exitedVM):
1294
1295         (JSC::Watchdog::startTimer):
1296         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
1297           (from a different thread) even after the VM shuts down.  We need to keep it
1298           alive until the WorkQueue callback completes.
1299
1300           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
1301           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
1302           is done with it.  This ensures that the Watchdog is kept alive until all
1303           WorkQueue callbacks are done.
1304
1305         (JSC::Watchdog::stopTimer):
1306         (JSC::Watchdog::~Watchdog): Deleted.
1307         (JSC::Watchdog::didFire): Deleted.
1308         (JSC::Watchdog::isEnabled): Deleted.
1309         (JSC::Watchdog::arm): Deleted.
1310         (JSC::Watchdog::disarm): Deleted.
1311         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
1312         (JSC::Watchdog::startCountdown): Deleted.
1313         (JSC::Watchdog::stopCountdown): Deleted.
1314         * runtime/Watchdog.h:
1315         (JSC::Watchdog::didFire):
1316         (JSC::Watchdog::timerDidFireAddress):
1317         (JSC::Watchdog::isArmed): Deleted.
1318         (JSC::Watchdog::Scope::Scope): Deleted.
1319         (JSC::Watchdog::Scope::~Scope): Deleted.
1320         * runtime/WatchdogMac.cpp:
1321         (JSC::Watchdog::initTimer): Deleted.
1322         (JSC::Watchdog::destroyTimer): Deleted.
1323         (JSC::Watchdog::startTimer): Deleted.
1324         (JSC::Watchdog::stopTimer): Deleted.
1325         * runtime/WatchdogNone.cpp:
1326         (JSC::Watchdog::initTimer): Deleted.
1327         (JSC::Watchdog::destroyTimer): Deleted.
1328         (JSC::Watchdog::startTimer): Deleted.
1329         (JSC::Watchdog::stopTimer): Deleted.
1330
1331 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1332
1333         Always use a byte-sized lock implementation
1334         https://bugs.webkit.org/show_bug.cgi?id=147908
1335
1336         Reviewed by Geoffrey Garen.
1337
1338         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
1339
1340 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
1341
1342         Make ASan build not depend on asan.xcconfig
1343         https://bugs.webkit.org/show_bug.cgi?id=147840
1344         rdar://problem/21093702
1345
1346         Reviewed by Daniel Bates.
1347
1348         * dfg/DFGOSREntry.cpp:
1349         (JSC::DFG::OSREntryData::dump):
1350         (JSC::DFG::prepareOSREntry):
1351         * ftl/FTLOSREntry.cpp:
1352         (JSC::FTL::prepareOSREntry):
1353         * heap/ConservativeRoots.cpp:
1354         (JSC::ConservativeRoots::genericAddPointer):
1355         (JSC::ConservativeRoots::genericAddSpan):
1356         * heap/MachineStackMarker.cpp:
1357         (JSC::MachineThreads::removeThreadIfFound):
1358         (JSC::MachineThreads::gatherFromCurrentThread):
1359         (JSC::MachineThreads::Thread::captureStack):
1360         (JSC::copyMemory):
1361         * interpreter/Register.h:
1362         (JSC::Register::operator=):
1363         (JSC::Register::asanUnsafeJSValue):
1364         (JSC::Register::jsValue):
1365
1366 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1367
1368         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1369         https://bugs.webkit.org/show_bug.cgi?id=147480
1370
1371         Reviewed by Filip Pizlo.
1372
1373         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1374         The IC site only caches one id. After checking that the given id is the same to the
1375         cached one, we perform the get_by_id IC onto it.
1376         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1377         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1378         operations when the given get_by_val leverages the property load with the cached id.
1379
1380         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1381         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1382         This can be leveraged to optimize symbol operations in DFG.
1383
1384         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1385         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1386         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1387         argument ArrayProfile* in the operations with ByValInfo*.
1388
1389         * bytecode/ByValInfo.h:
1390         (JSC::ByValInfo::ByValInfo):
1391         * bytecode/CodeBlock.cpp:
1392         (JSC::CodeBlock::getByValInfoMap):
1393         (JSC::CodeBlock::addByValInfo):
1394         * bytecode/CodeBlock.h:
1395         (JSC::CodeBlock::getByValInfo): Deleted.
1396         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1397         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1398         (JSC::CodeBlock::byValInfo): Deleted.
1399         * bytecode/ExitKind.cpp:
1400         (JSC::exitKindToString):
1401         * bytecode/ExitKind.h:
1402         * bytecode/GetByIdStatus.cpp:
1403         (JSC::GetByIdStatus::computeFor):
1404         (JSC::GetByIdStatus::computeForStubInfo):
1405         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1406         * bytecode/GetByIdStatus.h:
1407         * dfg/DFGAbstractInterpreterInlines.h:
1408         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1409         * dfg/DFGByteCodeParser.cpp:
1410         (JSC::DFG::ByteCodeParser::parseBlock):
1411         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1412         * dfg/DFGClobberize.h:
1413         (JSC::DFG::clobberize):
1414         * dfg/DFGConstantFoldingPhase.cpp:
1415         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1416         * dfg/DFGDoesGC.cpp:
1417         (JSC::DFG::doesGC):
1418         * dfg/DFGFixupPhase.cpp:
1419         (JSC::DFG::FixupPhase::fixupNode):
1420         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1421         * dfg/DFGNode.h:
1422         (JSC::DFG::Node::hasUidOperand):
1423         (JSC::DFG::Node::uidOperand):
1424         * dfg/DFGNodeType.h:
1425         * dfg/DFGPredictionPropagationPhase.cpp:
1426         (JSC::DFG::PredictionPropagationPhase::propagate):
1427         * dfg/DFGSafeToExecute.h:
1428         (JSC::DFG::SafeToExecuteEdge::operator()):
1429         (JSC::DFG::safeToExecute):
1430         * dfg/DFGSpeculativeJIT.cpp:
1431         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1432         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1433         (JSC::DFG::SpeculativeJIT::speculate):
1434         * dfg/DFGSpeculativeJIT.h:
1435         * dfg/DFGSpeculativeJIT32_64.cpp:
1436         (JSC::DFG::SpeculativeJIT::compile):
1437         * dfg/DFGSpeculativeJIT64.cpp:
1438         (JSC::DFG::SpeculativeJIT::compile):
1439         * dfg/DFGUseKind.cpp:
1440         (WTF::printInternal):
1441         * dfg/DFGUseKind.h:
1442         (JSC::DFG::typeFilterFor):
1443         (JSC::DFG::isCell):
1444         * ftl/FTLAbstractHeapRepository.h:
1445         * ftl/FTLCapabilities.cpp:
1446         (JSC::FTL::canCompile):
1447         * ftl/FTLLowerDFGToLLVM.cpp:
1448         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1449         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1450         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1451         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1452         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1453         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1454         * jit/JIT.cpp:
1455         (JSC::JIT::privateCompile):
1456         * jit/JIT.h:
1457         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1458         (JSC::JIT::compileGetByValWithCachedId):
1459         * jit/JITInlines.h:
1460         (JSC::JIT::callOperation):
1461         * jit/JITOpcodes.cpp:
1462         (JSC::JIT::emit_op_has_indexed_property):
1463         (JSC::JIT::emitSlow_op_has_indexed_property):
1464         * jit/JITOpcodes32_64.cpp:
1465         (JSC::JIT::emit_op_has_indexed_property):
1466         (JSC::JIT::emitSlow_op_has_indexed_property):
1467         * jit/JITOperations.cpp:
1468         (JSC::getByVal):
1469         * jit/JITOperations.h:
1470         * jit/JITPropertyAccess.cpp:
1471         (JSC::JIT::emit_op_get_by_val):
1472         (JSC::JIT::emitGetByValWithCachedId):
1473         (JSC::JIT::emitSlow_op_get_by_val):
1474         (JSC::JIT::emit_op_put_by_val):
1475         (JSC::JIT::emitSlow_op_put_by_val):
1476         (JSC::JIT::privateCompileGetByVal):
1477         (JSC::JIT::privateCompileGetByValWithCachedId):
1478         * jit/JITPropertyAccess32_64.cpp:
1479         (JSC::JIT::emit_op_get_by_val):
1480         (JSC::JIT::emitGetByValWithCachedId):
1481         (JSC::JIT::emitSlow_op_get_by_val):
1482         (JSC::JIT::emit_op_put_by_val):
1483         (JSC::JIT::emitSlow_op_put_by_val):
1484         * runtime/Symbol.h:
1485         * tests/stress/get-by-val-with-string-constructor.js: Added.
1486         (Hello):
1487         (get Hello.prototype.generate):
1488         (ok):
1489         * tests/stress/get-by-val-with-string-exit.js: Added.
1490         (shouldBe):
1491         (getByVal):
1492         (getStr1):
1493         (getStr2):
1494         * tests/stress/get-by-val-with-string-generated.js: Added.
1495         (shouldBe):
1496         (getByVal):
1497         (getStr1):
1498         (getStr2):
1499         * tests/stress/get-by-val-with-string-getter.js: Added.
1500         (object.get hello):
1501         (ok):
1502         * tests/stress/get-by-val-with-string.js: Added.
1503         (shouldBe):
1504         (getByVal):
1505         (getStr1):
1506         (getStr2):
1507         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1508         (Hello):
1509         (get Hello.prototype.generate):
1510         (ok):
1511         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1512         (shouldBe):
1513         (getByVal):
1514         (getSym1):
1515         (getSym2):
1516         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1517         (object.get hello):
1518         (.get ok):
1519         * tests/stress/get-by-val-with-symbol.js: Added.
1520         (shouldBe):
1521         (getByVal):
1522         (getSym1):
1523         (getSym2):
1524
1525 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1526
1527         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
1528         https://bugs.webkit.org/show_bug.cgi?id=147891
1529         rdar://problem/22129447
1530
1531         Reviewed by Mark Lam.
1532
1533         * dfg/DFGByteCodeParser.cpp:
1534         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
1535         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
1536         * dfg/DFGGraph.cpp:
1537         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
1538         * dfg/DFGStructureRegistrationPhase.cpp:
1539         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
1540
1541 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1542
1543         [Win] Switch Windows build to Visual Studio 2015
1544         https://bugs.webkit.org/show_bug.cgi?id=147887
1545         <rdar://problem/22235098>
1546
1547         Reviewed by Alex Christensen.
1548
1549         Update Visual Studio project file settings to use the current Visual
1550         Studio and compiler. Continue targeting binaries to run on our minimum
1551         supported configuration of Windows 7.
1552
1553         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1554         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1555         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1556         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1557         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1558         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1559         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1560         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
1561         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1562         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1563         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1564         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1565
1566 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
1567
1568         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
1569         https://bugs.webkit.org/show_bug.cgi?id=147665
1570
1571         Reviewed by Mark Lam.
1572
1573         Replace ByteSpinLock with ByteLock.
1574
1575         * runtime/ConcurrentJITLock.h:
1576
1577 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1578
1579         Numeric setter on prototype doesn't get called.
1580         https://bugs.webkit.org/show_bug.cgi?id=144252
1581
1582         Reviewed by Darin Adler.
1583
1584         When switching the blank indexing type to the other one in putByIndex,
1585         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
1586         it to the slow put indexing type and reloop the putByIndex since there may
1587         be some indexing accessor in the prototype chain. Previously, we just set
1588         the value into the allocated vector.
1589
1590         In the putDirectIndex case, we just store the value to the vector.
1591         This is because putDirectIndex is the operation to store the own property
1592         and it does not check the accessors in the prototype chain.
1593
1594         * runtime/JSObject.cpp:
1595         (JSC::JSObject::putByIndexBeyondVectorLength):
1596         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
1597         (shouldBe):
1598         (Trace):
1599         (Trace.prototype.trace):
1600         (Trace.prototype.get count):
1601         (.):
1602         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
1603         (shouldBe):
1604         (Trace):
1605         (Trace.prototype.trace):
1606         (Trace.prototype.get count):
1607         (.):
1608         * tests/stress/numeric-setter-on-prototype.js: Added.
1609         (shouldBe):
1610         (Trace):
1611         (Trace.prototype.trace):
1612         (Trace.prototype.get count):
1613         (.z.__proto__.set 3):
1614         * tests/stress/numeric-setter-on-self.js: Added.
1615         (shouldBe):
1616         (Trace):
1617         (Trace.prototype.trace):
1618         (Trace.prototype.get count):
1619         (.y.set 2):
1620
1621 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1622
1623         [Win] Unreviewed gardening.
1624
1625         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
1626         file references so they appear in the proper IDE locations.
1627
1628 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1629
1630         Unreviewed windows build fix for VS2015.
1631
1632         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
1633
1634 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1635
1636         [ES6] Implement Reflect.has
1637         https://bugs.webkit.org/show_bug.cgi?id=147875
1638
1639         Reviewed by Sam Weinig.
1640
1641         This patch implements Reflect.has[1].
1642         Since the semantics is the same to the `in` operator in the JS[2],
1643         we can implement it in builtin JS code.
1644
1645         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1646         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1647
1648         * builtins/ReflectObject.js:
1649         (has):
1650         * runtime/ReflectObject.cpp:
1651         * tests/stress/reflect-has.js: Added.
1652         (shouldBe):
1653         (shouldThrow):
1654
1655 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1656
1657         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1658         https://bugs.webkit.org/show_bug.cgi?id=147874
1659
1660         Reviewed by Darin Adler.
1661
1662         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1663         The difference from the Object.* one is
1664
1665         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1666         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1667
1668         * runtime/ObjectConstructor.cpp:
1669         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1670         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1671         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1672         (JSC::objectConstructorGetPrototypeOf):
1673         * runtime/ObjectConstructor.h:
1674         * runtime/ReflectObject.cpp:
1675         (JSC::reflectObjectGetPrototypeOf):
1676         (JSC::reflectObjectSetPrototypeOf):
1677         * tests/stress/reflect-get-prototype-of.js: Added.
1678         (shouldBe):
1679         (shouldThrow):
1680         (Base):
1681         (Derived):
1682         * tests/stress/reflect-set-prototype-of.js: Added.
1683         (shouldBe):
1684         (shouldThrow):
1685
1686 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1687
1688         Fix debug build when optimization is enabled
1689         https://bugs.webkit.org/show_bug.cgi?id=147816
1690
1691         Reviewed by Alexey Proskuryakov.
1692
1693         * llint/LLIntEntrypoint.cpp:
1694         * runtime/FunctionExecutableDump.cpp:
1695
1696 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1697
1698         Ensure that Reflect.enumerate does not produce the deleted keys
1699         https://bugs.webkit.org/show_bug.cgi?id=147677
1700
1701         Reviewed by Darin Adler.
1702
1703         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1704
1705         * tests/stress/reflect-enumerate.js:
1706
1707 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1708
1709         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1710         https://bugs.webkit.org/show_bug.cgi?id=147856
1711
1712         Reviewed by Saam Barati.
1713
1714         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1715
1716         * CMakeLists.txt:
1717         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1718         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1719         * JavaScriptCore.xcodeproj/project.pbxproj:
1720         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1721         (JSC::ExecutableInfo::ExecutableInfo):
1722         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1723         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1724         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1725         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1726         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1727         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1728         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1729         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1730         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1731         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1732         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1733         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1734         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1735         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1736         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1737         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1738         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1739         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1740         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1741         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1742         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1743         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1744         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1745         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1746         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1747         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1748         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1749         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1750         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1751         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1752         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1753         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1754         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1755         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1756         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1757         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1758         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1759         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1760         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1761         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1762         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1763         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1764         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1765         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1766         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1767         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1768         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1769         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1770         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1771         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1772         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1773         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1774         (JSC::UnlinkedCodeBlock::vm): Deleted.
1775         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1776         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1777         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1778         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1779         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1780         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1781         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1782         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1783         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1784         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1785         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1786         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1787         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1788         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1789         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1790         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1791         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1792         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1793         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1794         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1795         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1796         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1797         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1798         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1799         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1800         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1801         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1802         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1803         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1804         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1805         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1806         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1807         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1808         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1809         * bytecode/UnlinkedCodeBlock.cpp:
1810         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1811         (JSC::generateFunctionCodeBlock): Deleted.
1812         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1813         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1814         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1815         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1816         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1817         * bytecode/UnlinkedCodeBlock.h:
1818         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1819         (JSC::ExecutableInfo::needsActivation): Deleted.
1820         (JSC::ExecutableInfo::usesEval): Deleted.
1821         (JSC::ExecutableInfo::isStrictMode): Deleted.
1822         (JSC::ExecutableInfo::isConstructor): Deleted.
1823         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1824         (JSC::ExecutableInfo::constructorKind): Deleted.
1825         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1826         (JSC::generateFunctionCodeBlock):
1827         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1828         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1829         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1830         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1831         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1832         (JSC::dumpLineColumnEntry): Deleted.
1833         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1834         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1835         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1836         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1837         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1838         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1839         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1840         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1841         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1842         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1843         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1844         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1845         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1846         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1847         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1848         (JSC::ExecutableInfo::needsActivation): Deleted.
1849         (JSC::ExecutableInfo::usesEval): Deleted.
1850         (JSC::ExecutableInfo::isStrictMode): Deleted.
1851         (JSC::ExecutableInfo::isConstructor): Deleted.
1852         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1853         (JSC::ExecutableInfo::constructorKind): Deleted.
1854         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1855         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1856         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1857         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1858         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1859         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1860         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1861         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1862         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1863         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1864         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1865         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1866         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1867         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1868         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1869         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1870         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1871         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1872         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1873         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1874         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1875         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1876         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1877         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1878         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1879         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1880         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1881         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1882         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1883         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1884         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1885         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1886         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1887         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1888         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1889         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1890         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1891         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1892         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1893         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1894         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1895         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1896         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1897         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1898         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1899         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1900         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1901         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1902         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1903         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1904         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1905         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1906         (JSC::UnlinkedCodeBlock::vm): Deleted.
1907         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1908         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1909         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1910         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1911         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1912         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1913         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1914         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1915         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1916         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1917         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1918         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1919         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1920         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1921         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1922         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1923         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1924         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1925         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1926         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1927         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1928         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1929         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1930         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1931         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1932         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1933         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1934         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1935         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1936         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1937         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1938         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1939         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1940         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1941         * runtime/Executable.h:
1942
1943 2015-08-10  Mark Lam  <mark.lam@apple.com>
1944
1945         Refactor LiveObjectList and LiveObjectData into their own files.
1946         https://bugs.webkit.org/show_bug.cgi?id=147843
1947
1948         Reviewed by Saam Barati.
1949
1950         There is no behavior change in this patch.
1951
1952         * CMakeLists.txt:
1953         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1954         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1955         * JavaScriptCore.xcodeproj/project.pbxproj:
1956         * heap/HeapVerifier.cpp:
1957         (JSC::HeapVerifier::HeapVerifier):
1958         (JSC::LiveObjectList::findObject): Deleted.
1959         * heap/HeapVerifier.h:
1960         (JSC::LiveObjectData::LiveObjectData): Deleted.
1961         (JSC::LiveObjectList::LiveObjectList): Deleted.
1962         (JSC::LiveObjectList::reset): Deleted.
1963         * heap/LiveObjectData.h: Added.
1964         (JSC::LiveObjectData::LiveObjectData):
1965         * heap/LiveObjectList.cpp: Added.
1966         (JSC::LiveObjectList::findObject):
1967         * heap/LiveObjectList.h: Added.
1968         (JSC::LiveObjectList::LiveObjectList):
1969         (JSC::LiveObjectList::reset):
1970
1971 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1972
1973         Let's rename FunctionBodyNode
1974         https://bugs.webkit.org/show_bug.cgi?id=147292
1975
1976         Reviewed by Mark Lam & Saam Barati.
1977
1978         FunctionBodyNode => FunctionMetadataNode
1979
1980         Make FunctionMetadataNode inherit from Node instead of StatementNode
1981         because a FunctionMetadataNode can appear in expression context and does
1982         not have a next statement.
1983
1984         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1985         and to retain "Node" in its name, because it really is a parsing
1986         construct, and we transform its data before consuming it elsewhere.
1987
1988         There is still room for a future patch to distill and simplify the
1989         metadata we track about functions between FunDeclNode/FuncExprNode,
1990         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1991
1992         * builtins/BuiltinExecutables.cpp:
1993         (JSC::BuiltinExecutables::createExecutableInternal):
1994         * bytecode/UnlinkedCodeBlock.cpp:
1995         (JSC::generateFunctionCodeBlock):
1996         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1997         * bytecode/UnlinkedCodeBlock.h:
1998         * bytecompiler/BytecodeGenerator.cpp:
1999         (JSC::BytecodeGenerator::generate):
2000         (JSC::BytecodeGenerator::BytecodeGenerator):
2001         (JSC::BytecodeGenerator::emitNewArray):
2002         (JSC::BytecodeGenerator::emitNewFunction):
2003         (JSC::BytecodeGenerator::emitNewFunctionExpression):
2004         * bytecompiler/BytecodeGenerator.h:
2005         (JSC::BytecodeGenerator::makeFunction):
2006         * bytecompiler/NodesCodegen.cpp:
2007         (JSC::EvalNode::emitBytecode):
2008         (JSC::FunctionNode::emitBytecode):
2009         (JSC::FunctionBodyNode::emitBytecode): Deleted.
2010         * parser/ASTBuilder.h:
2011         (JSC::ASTBuilder::createFunctionExpr):
2012         (JSC::ASTBuilder::createFunctionBody):
2013         * parser/NodeConstructors.h:
2014         (JSC::FunctionParameters::FunctionParameters):
2015         (JSC::FuncExprNode::FuncExprNode):
2016         (JSC::FuncDeclNode::FuncDeclNode):
2017         * parser/Nodes.cpp:
2018         (JSC::EvalNode::EvalNode):
2019         (JSC::FunctionMetadataNode::FunctionMetadataNode):
2020         (JSC::FunctionMetadataNode::finishParsing):
2021         (JSC::FunctionMetadataNode::setEndPosition):
2022         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
2023         (JSC::FunctionBodyNode::finishParsing): Deleted.
2024         (JSC::FunctionBodyNode::setEndPosition): Deleted.
2025         * parser/Nodes.h:
2026         (JSC::FuncExprNode::body):
2027         (JSC::FuncDeclNode::body):
2028         * parser/Parser.h:
2029         (JSC::Parser::isFunctionMetadataNode):
2030         (JSC::Parser::next):
2031         (JSC::Parser<LexerType>::parse):
2032         (JSC::Parser::isFunctionBodyNode): Deleted.
2033         * runtime/CodeCache.cpp:
2034         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2035         * runtime/CodeCache.h:
2036
2037 2015-08-09  Chris Dumez  <cdumez@apple.com>
2038
2039         Regression(r188105): Seems to have caused crashes during PLT on some iPads
2040         https://bugs.webkit.org/show_bug.cgi?id=147818
2041
2042         Unreviewed, roll out r188105.
2043
2044         * bytecode/ByValInfo.h:
2045         (JSC::ByValInfo::ByValInfo):
2046         * bytecode/CodeBlock.cpp:
2047         (JSC::CodeBlock::getByValInfoMap): Deleted.
2048         (JSC::CodeBlock::addByValInfo): Deleted.
2049         * bytecode/CodeBlock.h:
2050         (JSC::CodeBlock::getByValInfo):
2051         (JSC::CodeBlock::setNumberOfByValInfos):
2052         (JSC::CodeBlock::numberOfByValInfos):
2053         (JSC::CodeBlock::byValInfo):
2054         * bytecode/ExitKind.cpp:
2055         (JSC::exitKindToString): Deleted.
2056         * bytecode/ExitKind.h:
2057         * bytecode/GetByIdStatus.cpp:
2058         (JSC::GetByIdStatus::computeFor):
2059         (JSC::GetByIdStatus::computeForStubInfo):
2060         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
2061         * bytecode/GetByIdStatus.h:
2062         * dfg/DFGAbstractInterpreterInlines.h:
2063         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2064         * dfg/DFGByteCodeParser.cpp:
2065         (JSC::DFG::ByteCodeParser::parseBlock):
2066         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
2067         * dfg/DFGClobberize.h:
2068         (JSC::DFG::clobberize): Deleted.
2069         * dfg/DFGConstantFoldingPhase.cpp:
2070         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
2071         * dfg/DFGDoesGC.cpp:
2072         (JSC::DFG::doesGC): Deleted.
2073         * dfg/DFGFixupPhase.cpp:
2074         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2075         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
2076         * dfg/DFGNode.h:
2077         (JSC::DFG::Node::hasUidOperand): Deleted.
2078         (JSC::DFG::Node::uidOperand): Deleted.
2079         * dfg/DFGNodeType.h:
2080         * dfg/DFGPredictionPropagationPhase.cpp:
2081         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2082         * dfg/DFGSafeToExecute.h:
2083         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
2084         (JSC::DFG::safeToExecute): Deleted.
2085         * dfg/DFGSpeculativeJIT.cpp:
2086         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
2087         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
2088         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
2089         * dfg/DFGSpeculativeJIT.h:
2090         * dfg/DFGSpeculativeJIT32_64.cpp:
2091         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2092         * dfg/DFGSpeculativeJIT64.cpp:
2093         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2094         * dfg/DFGUseKind.cpp:
2095         (WTF::printInternal): Deleted.
2096         * dfg/DFGUseKind.h:
2097         (JSC::DFG::typeFilterFor): Deleted.
2098         (JSC::DFG::isCell): Deleted.
2099         * ftl/FTLAbstractHeapRepository.h:
2100         * ftl/FTLCapabilities.cpp:
2101         (JSC::FTL::canCompile): Deleted.
2102         * ftl/FTLLowerDFGToLLVM.cpp:
2103         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2104         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
2105         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
2106         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
2107         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
2108         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
2109         * jit/JIT.cpp:
2110         (JSC::JIT::privateCompile):
2111         * jit/JIT.h:
2112         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2113         (JSC::JIT::compileGetByValWithCachedId): Deleted.
2114         * jit/JITInlines.h:
2115         (JSC::JIT::callOperation): Deleted.
2116         * jit/JITOpcodes.cpp:
2117         (JSC::JIT::emit_op_has_indexed_property):
2118         (JSC::JIT::emitSlow_op_has_indexed_property):
2119         * jit/JITOpcodes32_64.cpp:
2120         (JSC::JIT::emit_op_has_indexed_property):
2121         (JSC::JIT::emitSlow_op_has_indexed_property):
2122         * jit/JITOperations.cpp:
2123         (JSC::getByVal):
2124         * jit/JITOperations.h:
2125         * jit/JITPropertyAccess.cpp:
2126         (JSC::JIT::emit_op_get_by_val):
2127         (JSC::JIT::emitSlow_op_get_by_val):
2128         (JSC::JIT::emit_op_put_by_val):
2129         (JSC::JIT::emitSlow_op_put_by_val):
2130         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2131         (JSC::JIT::privateCompileGetByVal): Deleted.
2132         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
2133         * jit/JITPropertyAccess32_64.cpp:
2134         (JSC::JIT::emit_op_get_by_val):
2135         (JSC::JIT::emitSlow_op_get_by_val):
2136         (JSC::JIT::emit_op_put_by_val):
2137         (JSC::JIT::emitSlow_op_put_by_val):
2138         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2139         * runtime/Symbol.h:
2140         * tests/stress/get-by-val-with-string-constructor.js: Removed.
2141         * tests/stress/get-by-val-with-string-exit.js: Removed.
2142         * tests/stress/get-by-val-with-string-generated.js: Removed.
2143         * tests/stress/get-by-val-with-string-getter.js: Removed.
2144         * tests/stress/get-by-val-with-string.js: Removed.
2145         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
2146         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
2147         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
2148         * tests/stress/get-by-val-with-symbol.js: Removed.
2149
2150 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2151
2152         Reduce uses of PassRefPtr in bindings
2153         https://bugs.webkit.org/show_bug.cgi?id=147781
2154
2155         Reviewed by Chris Dumez.
2156
2157         Use RefPtr when function can return null or an instance. If not, Ref is used.
2158
2159         * runtime/JSGenericTypedArrayView.h:
2160         (JSC::toNativeTypedView):
2161
2162 2015-08-07  Alex Christensen  <achristensen@webkit.org>
2163
2164         Build more testing binaries with CMake on Windows
2165         https://bugs.webkit.org/show_bug.cgi?id=147799
2166
2167         Reviewed by Brent Fulgham.
2168
2169         * shell/PlatformWin.cmake: Added.
2170         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
2171
2172 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
2173
2174         Lightweight locks should be adaptive
2175         https://bugs.webkit.org/show_bug.cgi?id=147545
2176
2177         Reviewed by Geoffrey Garen.
2178
2179         * dfg/DFGCommon.cpp:
2180         (JSC::DFG::startCrashing):
2181         * heap/CopiedBlock.h:
2182         (JSC::CopiedBlock::workListLock):
2183         * heap/CopiedBlockInlines.h:
2184         (JSC::CopiedBlock::shouldReportLiveBytes):
2185         (JSC::CopiedBlock::reportLiveBytes):
2186         * heap/CopiedSpace.cpp:
2187         (JSC::CopiedSpace::doneFillingBlock):
2188         * heap/CopiedSpace.h:
2189         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
2190         * heap/CopiedSpaceInlines.h:
2191         (JSC::CopiedSpace::recycleEvacuatedBlock):
2192         * heap/GCThreadSharedData.cpp:
2193         (JSC::GCThreadSharedData::didStartCopying):
2194         * heap/GCThreadSharedData.h:
2195         (JSC::GCThreadSharedData::getNextBlocksToCopy):
2196         * heap/ListableHandler.h:
2197         (JSC::ListableHandler::List::addThreadSafe):
2198         (JSC::ListableHandler::List::addNotThreadSafe):
2199         * heap/MachineStackMarker.cpp:
2200         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2201         * heap/SlotVisitorInlines.h:
2202         (JSC::SlotVisitor::copyLater):
2203         * parser/SourceProvider.cpp:
2204         (JSC::SourceProvider::~SourceProvider):
2205         (JSC::SourceProvider::getID):
2206         * profiler/ProfilerDatabase.cpp:
2207         (JSC::Profiler::Database::addDatabaseToAtExit):
2208         (JSC::Profiler::Database::removeDatabaseFromAtExit):
2209         (JSC::Profiler::Database::removeFirstAtExitDatabase):
2210         * runtime/TypeProfilerLog.h:
2211
2212 2015-08-07  Mark Lam  <mark.lam@apple.com>
2213
2214         Rename some variables in the JSC watchdog implementation.
2215         https://bugs.webkit.org/show_bug.cgi?id=147790
2216
2217         Rubber stamped by Benjamin Poulain.
2218
2219         This is just a refactoring patch to give the variable better names that describe their
2220         intended use.  There is no behavior change.
2221
2222         * runtime/Watchdog.cpp:
2223         (JSC::Watchdog::Watchdog):
2224         (JSC::Watchdog::setTimeLimit):
2225         (JSC::Watchdog::didFire):
2226         (JSC::Watchdog::isEnabled):
2227         (JSC::Watchdog::fire):
2228         (JSC::Watchdog::startCountdownIfNeeded):
2229         * runtime/Watchdog.h:
2230
2231 2015-08-07  Saam barati  <saambarati1@gmail.com>
2232
2233         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
2234         https://bugs.webkit.org/show_bug.cgi?id=147666
2235
2236         Reviewed by Geoffrey Garen.
2237
2238         If we make the bytecode generator know about every local scope it 
2239         creates, and if we give each local scope a unique register, the
2240         bytecode generator has all the information it needs to assign
2241         the correct scope to a catch handler. Because the bytecode generator
2242         knows this information, it's a better separation of responsibilties
2243         for it to set up the proper scope instead of relying on the exception
2244         handling runtime to find the scope.
2245
2246         * bytecode/BytecodeList.json:
2247         * bytecode/BytecodeUseDef.h:
2248         (JSC::computeUsesForBytecodeOffset):
2249         * bytecode/CodeBlock.cpp:
2250         (JSC::CodeBlock::dumpBytecode):
2251         (JSC::CodeBlock::CodeBlock):
2252         * bytecode/HandlerInfo.h:
2253         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
2254         (JSC::HandlerInfo::initialize):
2255         * bytecompiler/BytecodeGenerator.cpp:
2256         (JSC::BytecodeGenerator::generate):
2257         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2258         (JSC::BytecodeGenerator::emitGetScope):
2259         (JSC::BytecodeGenerator::emitPushWithScope):
2260         (JSC::BytecodeGenerator::emitGetParentScope):
2261         (JSC::BytecodeGenerator::emitPopScope):
2262         (JSC::BytecodeGenerator::emitPopWithScope):
2263         (JSC::BytecodeGenerator::allocateAndEmitScope):
2264         (JSC::BytecodeGenerator::emitComplexPopScopes):
2265         (JSC::BytecodeGenerator::pushTry):
2266         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2267         (JSC::BytecodeGenerator::localScopeDepth):
2268         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
2269         * bytecompiler/BytecodeGenerator.h:
2270         * bytecompiler/NodesCodegen.cpp:
2271         (JSC::WithNode::emitBytecode):
2272         * interpreter/Interpreter.cpp:
2273         (JSC::Interpreter::unwind):
2274         * jit/JITOpcodes.cpp:
2275         (JSC::JIT::emit_op_push_with_scope):
2276         (JSC::JIT::compileOpStrictEq):
2277         * jit/JITOpcodes32_64.cpp:
2278         (JSC::JIT::emit_op_push_with_scope):
2279         (JSC::JIT::emit_op_to_number):
2280         * jit/JITOperations.cpp:
2281         * jit/JITOperations.h:
2282         * llint/LLIntSlowPaths.cpp:
2283         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2284         * llint/LLIntSlowPaths.h:
2285         * llint/LowLevelInterpreter.asm:
2286         * runtime/CommonSlowPaths.cpp:
2287         (JSC::SLOW_PATH_DECL):
2288         * runtime/CommonSlowPaths.h:
2289         * runtime/JSScope.cpp:
2290         (JSC::JSScope::objectAtScope):
2291         (JSC::isUnscopable):
2292         (JSC::JSScope::depth): Deleted.
2293         * runtime/JSScope.h:
2294
2295 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2296
2297         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
2298         https://bugs.webkit.org/show_bug.cgi?id=147761
2299
2300         Reviewed by Mark Lam.
2301
2302         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
2303         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
2304         it truncates the immediate pointer into the 32bit immediate.
2305         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
2306
2307         * assembler/MacroAssemblerARM64.h:
2308         (JSC::MacroAssemblerARM64::patchableBranchPtr):
2309         (JSC::MacroAssemblerARM64::patchableBranch64):
2310         * assembler/MacroAssemblerX86_64.h:
2311         (JSC::MacroAssemblerX86_64::patchableBranch64):
2312         * jit/JIT.h:
2313         * jit/JITInlines.h:
2314         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
2315         * jit/JITPropertyAccess.cpp:
2316         (JSC::JIT::emit_op_get_by_val):
2317
2318 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2319
2320         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
2321         https://bugs.webkit.org/show_bug.cgi?id=147480
2322
2323         Reviewed by Filip Pizlo.
2324
2325         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
2326         The IC site only caches one id. After checking that the given id is the same to the
2327         cached one, we perform the get_by_id IC onto it.
2328         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
2329         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
2330         operations when the given get_by_val leverages the property load with the cached id.
2331
2332         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
2333         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
2334         This can be leveraged to optimize symbol operations in DFG.
2335
2336         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
2337         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
2338         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
2339         argument ArrayProfile* in the operations with ByValInfo*.
2340
2341         * bytecode/ByValInfo.h:
2342         (JSC::ByValInfo::ByValInfo):
2343         * bytecode/CodeBlock.cpp:
2344         (JSC::CodeBlock::getByValInfoMap):
2345         (JSC::CodeBlock::addByValInfo):
2346         * bytecode/CodeBlock.h:
2347         (JSC::CodeBlock::getByValInfo): Deleted.
2348         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
2349         (JSC::CodeBlock::numberOfByValInfos): Deleted.
2350         (JSC::CodeBlock::byValInfo): Deleted.
2351         * bytecode/ExitKind.cpp:
2352         (JSC::exitKindToString):
2353         * bytecode/ExitKind.h:
2354         * bytecode/GetByIdStatus.cpp:
2355         (JSC::GetByIdStatus::computeFor):
2356         (JSC::GetByIdStatus::computeForStubInfo):
2357         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2358         * bytecode/GetByIdStatus.h:
2359         * dfg/DFGAbstractInterpreterInlines.h:
2360         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2361         * dfg/DFGByteCodeParser.cpp:
2362         (JSC::DFG::ByteCodeParser::parseBlock):
2363         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2364         * dfg/DFGClobberize.h:
2365         (JSC::DFG::clobberize):
2366         * dfg/DFGConstantFoldingPhase.cpp:
2367         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2368         * dfg/DFGDoesGC.cpp:
2369         (JSC::DFG::doesGC):
2370         * dfg/DFGFixupPhase.cpp:
2371         (JSC::DFG::FixupPhase::fixupNode):
2372         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2373         * dfg/DFGNode.h:
2374         (JSC::DFG::Node::hasUidOperand):
2375         (JSC::DFG::Node::uidOperand):
2376         * dfg/DFGNodeType.h:
2377         * dfg/DFGPredictionPropagationPhase.cpp:
2378         (JSC::DFG::PredictionPropagationPhase::propagate):
2379         * dfg/DFGSafeToExecute.h:
2380         (JSC::DFG::SafeToExecuteEdge::operator()):
2381         (JSC::DFG::safeToExecute):
2382         * dfg/DFGSpeculativeJIT.cpp:
2383         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
2384         (JSC::DFG::SpeculativeJIT::speculateSymbol):
2385         (JSC::DFG::SpeculativeJIT::speculate):
2386         * dfg/DFGSpeculativeJIT.h:
2387         * dfg/DFGSpeculativeJIT32_64.cpp:
2388         (JSC::DFG::SpeculativeJIT::compile):
2389         * dfg/DFGSpeculativeJIT64.cpp:
2390         (JSC::DFG::SpeculativeJIT::compile):
2391         * dfg/DFGUseKind.cpp:
2392         (WTF::printInternal):
2393         * dfg/DFGUseKind.h:
2394         (JSC::DFG::typeFilterFor):
2395         (JSC::DFG::isCell):
2396         * ftl/FTLAbstractHeapRepository.h:
2397         * ftl/FTLCapabilities.cpp:
2398         (JSC::FTL::canCompile):
2399         * ftl/FTLLowerDFGToLLVM.cpp:
2400         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2401         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
2402         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
2403         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
2404         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
2405         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
2406         * jit/JIT.cpp:
2407         (JSC::JIT::privateCompile):
2408         * jit/JIT.h:
2409         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2410         (JSC::JIT::compileGetByValWithCachedId):
2411         * jit/JITInlines.h:
2412         (JSC::JIT::callOperation):
2413         * jit/JITOpcodes.cpp:
2414         (JSC::JIT::emit_op_has_indexed_property):
2415         (JSC::JIT::emitSlow_op_has_indexed_property):
2416         * jit/JITOpcodes32_64.cpp:
2417         (JSC::JIT::emit_op_has_indexed_property):
2418         (JSC::JIT::emitSlow_op_has_indexed_property):
2419         * jit/JITOperations.cpp:
2420         (JSC::getByVal):
2421         * jit/JITOperations.h:
2422         * jit/JITPropertyAccess.cpp:
2423         (JSC::JIT::emit_op_get_by_val):
2424         (JSC::JIT::emitGetByValWithCachedId):
2425         (JSC::JIT::emitSlow_op_get_by_val):
2426         (JSC::JIT::emit_op_put_by_val):
2427         (JSC::JIT::emitSlow_op_put_by_val):
2428         (JSC::JIT::privateCompileGetByVal):
2429         (JSC::JIT::privateCompileGetByValWithCachedId):
2430         * jit/JITPropertyAccess32_64.cpp:
2431         (JSC::JIT::emit_op_get_by_val):
2432         (JSC::JIT::emitGetByValWithCachedId):
2433         (JSC::JIT::emitSlow_op_get_by_val):
2434         (JSC::JIT::emit_op_put_by_val):
2435         (JSC::JIT::emitSlow_op_put_by_val):
2436         * runtime/Symbol.h:
2437         * tests/stress/get-by-val-with-string-constructor.js: Added.
2438         (Hello):
2439         (get Hello.prototype.generate):
2440         (ok):
2441         * tests/stress/get-by-val-with-string-exit.js: Added.
2442         (shouldBe):
2443         (getByVal):
2444         (getStr1):
2445         (getStr2):
2446         * tests/stress/get-by-val-with-string-generated.js: Added.
2447         (shouldBe):
2448         (getByVal):
2449         (getStr1):
2450         (getStr2):
2451         * tests/stress/get-by-val-with-string-getter.js: Added.
2452         (object.get hello):
2453         (ok):
2454         * tests/stress/get-by-val-with-string.js: Added.
2455         (shouldBe):
2456         (getByVal):
2457         (getStr1):
2458         (getStr2):
2459         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
2460         (Hello):
2461         (get Hello.prototype.generate):
2462         (ok):
2463         * tests/stress/get-by-val-with-symbol-exit.js: Added.
2464         (shouldBe):
2465         (getByVal):
2466         (getSym1):
2467         (getSym2):
2468         * tests/stress/get-by-val-with-symbol-getter.js: Added.
2469         (object.get hello):
2470         (.get ok):
2471         * tests/stress/get-by-val-with-symbol.js: Added.
2472         (shouldBe):
2473         (getByVal):
2474         (getSym1):
2475         (getSym2):
2476
2477 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2478
2479         Parse the entire WebAssembly modules
2480         https://bugs.webkit.org/show_bug.cgi?id=147393
2481
2482         Reviewed by Geoffrey Garen.
2483
2484         Parse the entire WebAssembly modules from files produced by pack-asmjs
2485         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
2486         parse modules whose function definition section contains only functions that
2487         have "return 0;" as their only statement. Parsing of any functions will be
2488         implemented in a subsequent patch.
2489
2490         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2491         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2492         * JavaScriptCore.xcodeproj/project.pbxproj:
2493         * wasm/JSWASMModule.cpp:
2494         (JSC::JSWASMModule::destroy):
2495         * wasm/JSWASMModule.h:
2496         (JSC::JSWASMModule::i32Constants):
2497         (JSC::JSWASMModule::f32Constants):
2498         (JSC::JSWASMModule::f64Constants):
2499         (JSC::JSWASMModule::signatures):
2500         (JSC::JSWASMModule::functionImports):
2501         (JSC::JSWASMModule::functionImportSignatures):
2502         (JSC::JSWASMModule::globalVariableTypes):
2503         (JSC::JSWASMModule::functionDeclarations):
2504         (JSC::JSWASMModule::functionPointerTables):
2505         * wasm/WASMFormat.h: Added.
2506         * wasm/WASMModuleParser.cpp:
2507         (JSC::WASMModuleParser::parse):
2508         (JSC::WASMModuleParser::parseModule):
2509         (JSC::WASMModuleParser::parseConstantPoolSection):
2510         (JSC::WASMModuleParser::parseSignatureSection):
2511         (JSC::WASMModuleParser::parseFunctionImportSection):
2512         (JSC::WASMModuleParser::parseGlobalSection):
2513         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
2514         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
2515         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
2516         (JSC::WASMModuleParser::parseFunctionDefinition):
2517         (JSC::WASMModuleParser::parseExportSection):
2518         * wasm/WASMModuleParser.h:
2519         * wasm/WASMReader.cpp:
2520         (JSC::WASMReader::readUInt32):
2521         (JSC::WASMReader::readCompactUInt32):
2522         (JSC::WASMReader::readString):
2523         (JSC::WASMReader::readType):
2524         (JSC::WASMReader::readExpressionType):
2525         (JSC::WASMReader::readExportFormat):
2526         (JSC::WASMReader::readByte):
2527         (JSC::WASMReader::readUnsignedInt32): Deleted.
2528         * wasm/WASMReader.h:
2529
2530 2015-08-06  Keith Miller  <keith_miller@apple.com>
2531
2532         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
2533         https://bugs.webkit.org/show_bug.cgi?id=147749
2534
2535         Reviewed by Filip Pizlo.
2536
2537         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
2538         thus no one calls this code.
2539
2540         * ftl/FTLLowerDFGToLLVM.cpp:
2541         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
2542
2543 2015-08-06  Keith Miller  <keith_miller@apple.com>
2544
2545         The JSONP parser incorrectly parsers -0 as +0.
2546         https://bugs.webkit.org/show_bug.cgi?id=147590
2547
2548         Reviewed by Michael Saboff.
2549
2550         In the LiteralParser we should use a double to store the accumulator for numerical tokens
2551         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
2552
2553         * runtime/LiteralParser.cpp:
2554         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
2555
2556 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
2557
2558         Structures used for tryGetConstantProperty() should be registered first
2559         https://bugs.webkit.org/show_bug.cgi?id=147750
2560
2561         Reviewed by Saam Barati and Michael Saboff.
2562
2563         * dfg/DFGGraph.cpp:
2564         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
2565         * dfg/DFGGraph.h:
2566         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
2567         * dfg/DFGStructureRegistrationPhase.cpp:
2568         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
2569         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2570         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2571         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
2572         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
2573         (JSC::DFG::performStructureRegistration):
2574
2575 2015-08-06  Keith Miller  <keith_miller@apple.com>
2576
2577         Remove UnspecifiedBoolType from JSC
2578         https://bugs.webkit.org/show_bug.cgi?id=147597
2579
2580         Reviewed by Mark Lam.
2581
2582         We were using the safe bool pattern in the code base for implicit casting to booleans.
2583         With C++11 this is no longer necessary and we can instead create an operator bool.
2584
2585         * API/JSRetainPtr.h:
2586         (JSRetainPtr::operator bool):
2587         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
2588         * dfg/DFGEdge.h:
2589         (JSC::DFG::Edge::operator bool):
2590         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
2591         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2592         * heap/Weak.h:
2593         * heap/WeakInlines.h:
2594         (JSC::bool):
2595         (JSC::UnspecifiedBoolType): Deleted.
2596
2597 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
2598
2599         [ES6] Class parser does not allow methods named set and get.
2600         https://bugs.webkit.org/show_bug.cgi?id=147150
2601
2602         Reviewed by Oliver Hunt.
2603
2604         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
2605         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
2606         so that we only treat them as such when it's followed by another token that could be a method name.
2607
2608         * parser/Parser.cpp:
2609         (JSC::Parser<LexerType>::parseClass):
2610
2611 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
2612
2613         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
2614
2615         * bytecode/SamplingTool.cpp:
2616         (JSC::SamplingTool::doRun):
2617         (JSC::SamplingTool::notifyOfScope):
2618         * bytecode/SamplingTool.h:
2619         * dfg/DFGThreadData.h:
2620         * dfg/DFGWorklist.cpp:
2621         (JSC::DFG::Worklist::~Worklist):
2622         (JSC::DFG::Worklist::isActiveForVM):
2623         (JSC::DFG::Worklist::enqueue):
2624         (JSC::DFG::Worklist::compilationState):
2625         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2626         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2627         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2628         (JSC::DFG::Worklist::visitWeakReferences):
2629         (JSC::DFG::Worklist::removeDeadPlans):
2630         (JSC::DFG::Worklist::queueLength):
2631         (JSC::DFG::Worklist::dump):
2632         (JSC::DFG::Worklist::runThread):
2633         * dfg/DFGWorklist.h:
2634         * disassembler/Disassembler.cpp:
2635         * heap/CopiedSpace.cpp:
2636         (JSC::CopiedSpace::doneFillingBlock):
2637         (JSC::CopiedSpace::doneCopying):
2638         * heap/CopiedSpace.h:
2639         * heap/CopiedSpaceInlines.h:
2640         (JSC::CopiedSpace::recycleBorrowedBlock):
2641         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2642         * heap/HeapTimer.h:
2643         * heap/MachineStackMarker.cpp:
2644         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2645         (JSC::ActiveMachineThreadsManager::add):
2646         (JSC::ActiveMachineThreadsManager::remove):
2647         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2648         (JSC::MachineThreads::~MachineThreads):
2649         (JSC::MachineThreads::addCurrentThread):
2650         (JSC::MachineThreads::removeThreadIfFound):
2651         (JSC::MachineThreads::tryCopyOtherThreadStack):
2652         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2653         (JSC::MachineThreads::gatherConservativeRoots):
2654         * heap/MachineStackMarker.h:
2655         * interpreter/JSStack.cpp:
2656         (JSC::stackStatisticsMutex):
2657         (JSC::JSStack::addToCommittedByteCount):
2658         (JSC::JSStack::committedByteCount):
2659         * jit/JITThunks.h:
2660         * profiler/ProfilerDatabase.h:
2661
2662 2015-08-05  Saam barati  <saambarati1@gmail.com>
2663
2664         Bytecodegenerator emits crappy code for returns in a lexical scope.
2665         https://bugs.webkit.org/show_bug.cgi?id=147688
2666
2667         Reviewed by Mark Lam.
2668
2669         When returning, we only need to emit complex pop scopes if we're in 
2670         a finally block. Otherwise, we can just return like normal. This saves
2671         us from inefficiently emitting unnecessary pop scopes.
2672
2673         * bytecompiler/BytecodeGenerator.h:
2674         (JSC::BytecodeGenerator::isInFinallyBlock):
2675         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2676         * bytecompiler/NodesCodegen.cpp:
2677         (JSC::ReturnNode::emitBytecode):
2678
2679 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2680
2681         Add the Intl API to the status page
2682
2683         * features.json:
2684         Andy VanWagoner landed the skeleton of the API and it is
2685         enabled by default.
2686
2687 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2688
2689         Rename Mutex to DeprecatedMutex
2690         https://bugs.webkit.org/show_bug.cgi?id=147675
2691
2692         Reviewed by Geoffrey Garen.
2693
2694         * bytecode/SamplingTool.cpp:
2695         (JSC::SamplingTool::doRun):
2696         (JSC::SamplingTool::notifyOfScope):
2697         * bytecode/SamplingTool.h:
2698         * dfg/DFGThreadData.h:
2699         * dfg/DFGWorklist.cpp:
2700         (JSC::DFG::Worklist::~Worklist):
2701         (JSC::DFG::Worklist::isActiveForVM):
2702         (JSC::DFG::Worklist::enqueue):
2703         (JSC::DFG::Worklist::compilationState):
2704         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2705         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2706         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2707         (JSC::DFG::Worklist::visitWeakReferences):
2708         (JSC::DFG::Worklist::removeDeadPlans):
2709         (JSC::DFG::Worklist::queueLength):
2710         (JSC::DFG::Worklist::dump):
2711         (JSC::DFG::Worklist::runThread):
2712         * dfg/DFGWorklist.h:
2713         * disassembler/Disassembler.cpp:
2714         * heap/CopiedSpace.cpp:
2715         (JSC::CopiedSpace::doneFillingBlock):
2716         (JSC::CopiedSpace::doneCopying):
2717         * heap/CopiedSpace.h:
2718         * heap/CopiedSpaceInlines.h:
2719         (JSC::CopiedSpace::recycleBorrowedBlock):
2720         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2721         * heap/HeapTimer.h:
2722         * heap/MachineStackMarker.cpp:
2723         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2724         (JSC::ActiveMachineThreadsManager::add):
2725         (JSC::ActiveMachineThreadsManager::remove):
2726         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2727         (JSC::MachineThreads::~MachineThreads):
2728         (JSC::MachineThreads::addCurrentThread):
2729         (JSC::MachineThreads::removeThreadIfFound):
2730         (JSC::MachineThreads::tryCopyOtherThreadStack):
2731         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2732         (JSC::MachineThreads::gatherConservativeRoots):
2733         * heap/MachineStackMarker.h:
2734         * interpreter/JSStack.cpp:
2735         (JSC::stackStatisticsMutex):
2736         (JSC::JSStack::addToCommittedByteCount):
2737         (JSC::JSStack::committedByteCount):
2738         * jit/JITThunks.h:
2739         * profiler/ProfilerDatabase.h:
2740
2741 2015-08-05  Saam barati  <saambarati1@gmail.com>
2742
2743         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2744         https://bugs.webkit.org/show_bug.cgi?id=147657
2745
2746         Reviewed by Mark Lam.
2747
2748         This kills the last of the name scope objects. Function name scopes are
2749         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2750         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2751         function name scoped variable carefully depending on if the function is in
2752         strict mode. If we're in strict mode, then we treat the variable exactly
2753         like a "const" variable. If we're not in strict mode, we can't treat
2754         this variable like like ES6 "const" because that would cause the bytecode
2755         generator to throw an exception when it shouldn't.
2756
2757         * CMakeLists.txt:
2758         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2759         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2760         * JavaScriptCore.xcodeproj/project.pbxproj:
2761         * bytecode/BytecodeList.json:
2762         * bytecode/BytecodeUseDef.h:
2763         (JSC::computeUsesForBytecodeOffset):
2764         (JSC::computeDefsForBytecodeOffset):
2765         * bytecode/CodeBlock.cpp:
2766         (JSC::CodeBlock::dumpBytecode):
2767         * bytecompiler/BytecodeGenerator.cpp:
2768         (JSC::BytecodeGenerator::BytecodeGenerator):
2769         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2770         (JSC::BytecodeGenerator::pushLexicalScope):
2771         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2772         (JSC::BytecodeGenerator::variable):
2773         (JSC::BytecodeGenerator::resolveType):
2774         (JSC::BytecodeGenerator::emitThrowTypeError):
2775         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2776         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2777         (JSC::BytecodeGenerator::emitPushCatchScope):
2778         * bytecompiler/BytecodeGenerator.h:
2779         * bytecompiler/NodesCodegen.cpp:
2780         * debugger/DebuggerScope.cpp:
2781         * dfg/DFGOperations.cpp:
2782         * interpreter/Interpreter.cpp:
2783         * jit/JIT.cpp:
2784         (JSC::JIT::privateCompileMainPass):
2785         * jit/JIT.h:
2786         * jit/JITOpcodes.cpp:
2787         (JSC::JIT::emit_op_to_string):
2788         (JSC::JIT::emit_op_catch):
2789         (JSC::JIT::emit_op_push_name_scope): Deleted.
2790         * jit/JITOpcodes32_64.cpp:
2791         (JSC::JIT::emitSlow_op_to_string):
2792         (JSC::JIT::emit_op_catch):
2793         (JSC::JIT::emit_op_push_name_scope): Deleted.
2794         * jit/JITOperations.cpp:
2795         (JSC::pushNameScope): Deleted.
2796         * llint/LLIntSlowPaths.cpp:
2797         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2798         * llint/LLIntSlowPaths.h:
2799         * llint/LowLevelInterpreter.asm:
2800         * parser/Nodes.cpp:
2801         * runtime/CommonSlowPaths.cpp:
2802         * runtime/Executable.cpp:
2803         (JSC::ScriptExecutable::newCodeBlockFor):
2804         * runtime/JSFunctionNameScope.cpp: Removed.
2805         * runtime/JSFunctionNameScope.h: Removed.
2806         * runtime/JSGlobalObject.cpp:
2807         (JSC::JSGlobalObject::init):
2808         (JSC::JSGlobalObject::visitChildren):
2809         * runtime/JSGlobalObject.h:
2810         (JSC::JSGlobalObject::withScopeStructure):
2811         (JSC::JSGlobalObject::strictEvalActivationStructure):
2812         (JSC::JSGlobalObject::activationStructure):
2813         (JSC::JSGlobalObject::directArgumentsStructure):
2814         (JSC::JSGlobalObject::scopedArgumentsStructure):
2815         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2816         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2817         * runtime/JSNameScope.cpp: Removed.
2818         * runtime/JSNameScope.h: Removed.
2819         * runtime/JSObject.cpp:
2820         (JSC::JSObject::toThis):
2821         (JSC::JSObject::seal):
2822         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2823         * runtime/JSObject.h:
2824         * runtime/JSScope.cpp:
2825         (JSC::JSScope::isCatchScope):
2826         (JSC::JSScope::isFunctionNameScopeObject):
2827         (JSC::resolveModeName):
2828         * runtime/JSScope.h:
2829         * runtime/JSSymbolTableObject.cpp:
2830         * runtime/SymbolTable.h:
2831         * runtime/VM.cpp:
2832
2833 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2834
2835         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2836         https://bugs.webkit.org/show_bug.cgi?id=147679
2837
2838         Reviewed by Timothy Hatcher.
2839
2840         Improve native iterator support for the PropertyName Iterator by
2841         allowing inspection of the internal object within the iterator
2842         and peeking of the next upcoming values of the iterator.
2843
2844         * inspector/JSInjectedScriptHost.cpp:
2845         (Inspector::JSInjectedScriptHost::subtype):
2846         (Inspector::JSInjectedScriptHost::getInternalProperties):
2847         (Inspector::JSInjectedScriptHost::iteratorEntries):
2848         * runtime/JSPropertyNameIterator.h:
2849         (JSC::JSPropertyNameIterator::iteratedValue):
2850
2851 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2852
2853         [Win] Update Apple Windows build for VS2015
2854         https://bugs.webkit.org/show_bug.cgi?id=147653
2855
2856         Reviewed by Dean Jackson.
2857
2858         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2859         Show JSC files in proper project locations in IDE.
2860
2861 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2862
2863         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2864         https://bugs.webkit.org/show_bug.cgi?id=147328
2865
2866         Reviewed by Timothy Hatcher.
2867
2868         * inspector/InjectedScriptSource.js:
2869         Use classList and classList.toString instead of className.
2870
2871 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2872
2873         [ES6] Support Module Syntax
2874         https://bugs.webkit.org/show_bug.cgi?id=147422
2875
2876         Reviewed by Saam Barati.
2877
2878         This patch introduces ES6 Modules syntax parsing part.
2879         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2880         and this patch does not include the code generator part.
2881
2882         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2883         and do not execute the body or construct the AST. And after analyzing all the dependent
2884         modules, we will parse the dependent modules next.
2885         After all analyzing part is done, we will start the second pass. In the second pass, we
2886         will parse the module, produce the AST, and execute the body.
2887         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2888         because the given module can be executed after the all dependent modules are executed. It
2889         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2890         the dependent modules' information.
2891
2892         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2893         This patch aims at just implementing the syntax parsing functionality correctly.
2894         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2895         to collect the dependent modules fast[1].
2896
2897         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2898         By using this, we can parse the given string as the module.
2899
2900         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2901
2902         * bytecompiler/NodesCodegen.cpp:
2903         (JSC::ModuleProgramNode::emitBytecode):
2904         (JSC::ImportDeclarationNode::emitBytecode):
2905         (JSC::ExportAllDeclarationNode::emitBytecode):
2906         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2907         (JSC::ExportLocalDeclarationNode::emitBytecode):
2908         (JSC::ExportNamedDeclarationNode::emitBytecode):
2909         * jsc.cpp:
2910         (GlobalObject::finishCreation):
2911         (functionCheckModuleSyntax):
2912         * parser/ASTBuilder.h:
2913         (JSC::ASTBuilder::createModuleSpecifier):
2914         (JSC::ASTBuilder::createImportSpecifier):
2915         (JSC::ASTBuilder::createImportSpecifierList):
2916         (JSC::ASTBuilder::appendImportSpecifier):
2917         (JSC::ASTBuilder::createImportDeclaration):
2918         (JSC::ASTBuilder::createExportAllDeclaration):
2919         (JSC::ASTBuilder::createExportDefaultDeclaration):
2920         (JSC::ASTBuilder::createExportLocalDeclaration):
2921         (JSC::ASTBuilder::createExportNamedDeclaration):
2922         (JSC::ASTBuilder::createExportSpecifier):
2923         (JSC::ASTBuilder::createExportSpecifierList):
2924         (JSC::ASTBuilder::appendExportSpecifier):
2925         * parser/Keywords.table:
2926         * parser/NodeConstructors.h:
2927         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2928         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2929         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2930         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2931         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2932         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2933         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2934         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2935         * parser/Nodes.cpp:
2936         (JSC::ModuleProgramNode::ModuleProgramNode):
2937         * parser/Nodes.h:
2938         (JSC::ModuleProgramNode::startColumn):
2939         (JSC::ModuleProgramNode::endColumn):
2940         (JSC::ModuleSpecifierNode::moduleName):
2941         (JSC::ImportSpecifierNode::importedName):
2942         (JSC::ImportSpecifierNode::localName):
2943         (JSC::ImportSpecifierListNode::specifiers):
2944         (JSC::ImportSpecifierListNode::append):
2945         (JSC::ImportDeclarationNode::specifierList):
2946         (JSC::ImportDeclarationNode::moduleSpecifier):
2947         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2948         (JSC::ExportDefaultDeclarationNode::declaration):
2949         (JSC::ExportLocalDeclarationNode::declaration):
2950         (JSC::ExportSpecifierNode::exportedName):
2951         (JSC::ExportSpecifierNode::localName):
2952         (JSC::ExportSpecifierListNode::specifiers):
2953         (JSC::ExportSpecifierListNode::append):
2954         (JSC::ExportNamedDeclarationNode::specifierList):
2955         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2956         * parser/Parser.cpp:
2957         (JSC::Parser<LexerType>::Parser):
2958         (JSC::Parser<LexerType>::parseInner):
2959         (JSC::Parser<LexerType>::parseModuleSourceElements):
2960         (JSC::Parser<LexerType>::parseVariableDeclaration):
2961         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2962         (JSC::Parser<LexerType>::createBindingPattern):
2963         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2964         (JSC::Parser<LexerType>::parseDestructuringPattern):
2965         (JSC::Parser<LexerType>::parseForStatement):
2966         (JSC::Parser<LexerType>::parseFormalParameters):
2967         (JSC::Parser<LexerType>::parseFunctionParameters):
2968         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2969         (JSC::Parser<LexerType>::parseClassDeclaration):
2970         (JSC::Parser<LexerType>::parseModuleSpecifier):
2971         (JSC::Parser<LexerType>::parseImportClauseItem):
2972         (JSC::Parser<LexerType>::parseImportDeclaration):
2973         (JSC::Parser<LexerType>::parseExportSpecifier):
2974         (JSC::Parser<LexerType>::parseExportDeclaration):
2975         (JSC::Parser<LexerType>::parseMemberExpression):
2976         * parser/Parser.h:
2977         (JSC::isIdentifierOrKeyword):
2978         (JSC::ModuleScopeData::create):
2979         (JSC::ModuleScopeData::exportedBindings):
2980         (JSC::ModuleScopeData::exportName):
2981         (JSC::ModuleScopeData::exportBinding):
2982         (JSC::Scope::Scope):
2983         (JSC::Scope::setIsModule):
2984         (JSC::Scope::moduleScopeData):
2985         (JSC::Parser::matchContextualKeyword):
2986         (JSC::Parser::matchIdentifierOrKeyword):
2987         (JSC::Parser::isofToken): Deleted.
2988         * parser/ParserModes.h:
2989         * parser/ParserTokens.h:
2990         * parser/SyntaxChecker.h:
2991         (JSC::SyntaxChecker::createModuleSpecifier):
2992         (JSC::SyntaxChecker::createImportSpecifier):
2993         (JSC::SyntaxChecker::createImportSpecifierList):
2994         (JSC::SyntaxChecker::appendImportSpecifier):
2995         (JSC::SyntaxChecker::createImportDeclaration):
2996         (JSC::SyntaxChecker::createExportAllDeclaration):
2997         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2998         (JSC::SyntaxChecker::createExportLocalDeclaration):
2999         (JSC::SyntaxChecker::createExportNamedDeclaration):
3000         (JSC::SyntaxChecker::createExportSpecifier):
3001         (JSC::SyntaxChecker::createExportSpecifierList):
3002         (JSC::SyntaxChecker::appendExportSpecifier):
3003         * runtime/CommonIdentifiers.cpp:
3004         (JSC::CommonIdentifiers::CommonIdentifiers):
3005         * runtime/CommonIdentifiers.h:
3006         * runtime/Completion.cpp:
3007         (JSC::checkModuleSyntax):
3008         * runtime/Completion.h:
3009         * tests/stress/modules-syntax-error-with-names.js: Added.
3010         (shouldThrow):
3011         * tests/stress/modules-syntax-error.js: Added.
3012         (shouldThrow):
3013         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
3014         * tests/stress/modules-syntax.js: Added.
3015         (prototype.checkModuleSyntax):
3016         (checkModuleSyntax):
3017         * tests/stress/tagged-templates-syntax.js:
3018
3019 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
3020
3021         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
3022         https://bugs.webkit.org/show_bug.cgi?id=146833
3023
3024         Reviewed by Alexey Proskuryakov.
3025
3026         * assembler/ARM64Assembler.h:
3027         * assembler/ARMAssembler.h:
3028         (JSC::ARMAssembler::cacheFlush):
3029         * assembler/MacroAssemblerARM.cpp:
3030         (JSC::isVFPPresent):
3031         * assembler/MacroAssemblerX86Common.h:
3032         (JSC::MacroAssemblerX86Common::isSSE2Present):
3033         * heap/MachineStackMarker.h:
3034         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
3035         (JSC::logF):
3036         * jit/HostCallReturnValue.h:
3037         * jit/JIT.h:
3038         * jit/JITOperations.cpp:
3039         * jit/JITStubsARM.h:
3040         * jit/JITStubsARMv7.h:
3041         * jit/JITStubsX86.h:
3042         * jit/JITStubsX86Common.h:
3043         * jit/JITStubsX86_64.h:
3044         * jit/ThunkGenerators.cpp:
3045         * runtime/JSExportMacros.h:
3046         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
3047         (JSC::clz32):
3048
3049 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
3050
3051         Unreviewed, fix uninitialized property leading to an assert.
3052
3053         * runtime/PutPropertySlot.h:
3054         (JSC::PutPropertySlot::PutPropertySlot):
3055
3056 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
3057
3058         Unreviewed, fix Windows.
3059
3060         * bytecode/ObjectPropertyConditionSet.h:
3061         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3062
3063 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
3064
3065         DFG should have adaptive structure watchpoints
3066         https://bugs.webkit.org/show_bug.cgi?id=146929
3067
3068         Reviewed by Geoffrey Garen.
3069
3070         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
3071         property, you'd check that the object still has the structure that you first saw the object have. We
3072         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
3073         elide the structure check.
3074
3075         But this approach fails when that object frequently has new properties added to it. This would
3076         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
3077         we'd have to recompile either the IC or an entire code block.
3078
3079         This change introduces a new concept: an object property condition. This value describes some
3080         condition involving a property on some object. There are four kinds: presence, absence,
3081         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
3082         object has some property at some offset with some attributes. This allows us to implement a new kind
3083         of watchpoint, which knows about the object property condition that it's being used to enforce. If
3084         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
3085         on the new structure.
3086
3087         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
3088         and prototype accesses. They are also used for any DFG accesses to object constants, including
3089         global property accesses.
3090
3091         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
3092         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
3093         chain situation. It's also a small speed-up on getter-richards.
3094
3095         * CMakeLists.txt:
3096         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3097         * JavaScriptCore.xcodeproj/project.pbxproj:
3098         * bytecode/CodeBlock.cpp:
3099         (JSC::CodeBlock::printGetByIdCacheStatus):
3100         (JSC::CodeBlock::printPutByIdCacheStatus):
3101         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
3102         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
3103         * bytecode/ComplexGetStatus.cpp:
3104         (JSC::ComplexGetStatus::computeFor):
3105         * bytecode/ComplexGetStatus.h:
3106         (JSC::ComplexGetStatus::ComplexGetStatus):
3107         (JSC::ComplexGetStatus::takesSlowPath):
3108         (JSC::ComplexGetStatus::kind):
3109         (JSC::ComplexGetStatus::offset):
3110         (JSC::ComplexGetStatus::conditionSet):
3111         (JSC::ComplexGetStatus::attributes): Deleted.
3112         (JSC::ComplexGetStatus::specificValue): Deleted.
3113         (JSC::ComplexGetStatus::chain): Deleted.
3114         * bytecode/ConstantStructureCheck.cpp: Removed.
3115         * bytecode/ConstantStructureCheck.h: Removed.
3116         * bytecode/GetByIdStatus.cpp:
3117         (JSC::GetByIdStatus::computeForStubInfo):
3118         * bytecode/GetByIdVariant.cpp:
3119         (JSC::GetByIdVariant::GetByIdVariant):
3120         (JSC::GetByIdVariant::~GetByIdVariant):
3121         (JSC::GetByIdVariant::operator=):
3122         (JSC::GetByIdVariant::attemptToMerge):
3123         (JSC::GetByIdVariant::dumpInContext):
3124         (JSC::GetByIdVariant::baseStructure): Deleted.
3125         * bytecode/GetByIdVariant.h:
3126         (JSC::GetByIdVariant::operator!):
3127         (JSC::GetByIdVariant::structureSet):
3128         (JSC::GetByIdVariant::conditionSet):
3129         (JSC::GetByIdVariant::offset):
3130         (JSC::GetByIdVariant::callLinkStatus):
3131         (JSC::GetByIdVariant::constantChecks): Deleted.
3132         (JSC::GetByIdVariant::alternateBase): Deleted.
3133         * bytecode/ObjectPropertyCondition.cpp: Added.
3134         (JSC::ObjectPropertyCondition::dumpInContext):
3135         (JSC::ObjectPropertyCondition::dump):
3136         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
3137         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
3138         (JSC::ObjectPropertyCondition::isStillValid):
3139         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
3140         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3141         (JSC::ObjectPropertyCondition::isWatchable):
3142         (JSC::ObjectPropertyCondition::isStillLive):
3143         (JSC::ObjectPropertyCondition::validateReferences):
3144         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3145         * bytecode/ObjectPropertyCondition.h: Added.
3146         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
3147         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
3148         (JSC::ObjectPropertyCondition::presence):
3149         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
3150         (JSC::ObjectPropertyCondition::absence):
3151         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
3152         (JSC::ObjectPropertyCondition::absenceOfSetter):
3153         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
3154         (JSC::ObjectPropertyCondition::equivalence):
3155         (JSC::ObjectPropertyCondition::operator!):
3156         (JSC::ObjectPropertyCondition::object):
3157         (JSC::ObjectPropertyCondition::condition):
3158         (JSC::ObjectPropertyCondition::kind):
3159         (JSC::ObjectPropertyCondition::uid):
3160         (JSC::ObjectPropertyCondition::hasOffset):
3161         (JSC::ObjectPropertyCondition::offset):
3162         (JSC::ObjectPropertyCondition::hasAttributes):
3163         (JSC::ObjectPropertyCondition::attributes):
3164         (JSC::ObjectPropertyCondition::hasPrototype):
3165         (JSC::ObjectPropertyCondition::prototype):
3166         (JSC::ObjectPropertyCondition::hasRequiredValue):
3167         (JSC::ObjectPropertyCondition::requiredValue):
3168         (JSC::ObjectPropertyCondition::hash):
3169         (JSC::ObjectPropertyCondition::operator==):
3170         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
3171         (JSC::ObjectPropertyCondition::isCompatibleWith):
3172         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3173         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
3174         (JSC::ObjectPropertyCondition::isValidValueForPresence):
3175         (JSC::ObjectPropertyConditionHash::hash):
3176         (JSC::ObjectPropertyConditionHash::equal):
3177         * bytecode/ObjectPropertyConditionSet.cpp: Added.
3178         (JSC::ObjectPropertyConditionSet::forObject):
3179         (JSC::ObjectPropertyConditionSet::forConditionKind):
3180         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
3181         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
3182         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
3183         (JSC::ObjectPropertyConditionSet::mergedWith):
3184         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
3185         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
3186         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
3187         (JSC::ObjectPropertyConditionSet::areStillLive):
3188         (JSC::ObjectPropertyConditionSet::dumpInContext):
3189         (JSC::ObjectPropertyConditionSet::dump):
3190         (JSC::generateConditionsForPropertyMiss):
3191         (JSC::generateConditionsForPropertySetterMiss):
3192         (JSC::generateConditionsForPrototypePropertyHit):
3193         (JSC::generateConditionsForPrototypePropertyHitCustom):
3194         (JSC::generateConditionsForPropertySetterMissConcurrently):
3195         * bytecode/ObjectPropertyConditionSet.h: Added.
3196         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
3197         (JSC::ObjectPropertyConditionSet::invalid):
3198         (JSC::ObjectPropertyConditionSet::nonEmpty):
3199         (JSC::ObjectPropertyConditionSet::isValid):
3200         (JSC::ObjectPropertyConditionSet::isEmpty):
3201         (JSC::ObjectPropertyConditionSet::begin):
3202         (JSC::ObjectPropertyConditionSet::end):
3203         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
3204         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
3205         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3206         (JSC::ObjectPropertyConditionSet::Data::Data):
3207         * bytecode/PolymorphicGetByIdList.cpp:
3208         (JSC::GetByIdAccess::GetByIdAccess):
3209         (JSC::GetByIdAccess::~GetByIdAccess):
3210         (JSC::GetByIdAccess::visitWeak):
3211         * bytecode/PolymorphicGetByIdList.h:
3212         (JSC::GetByIdAccess::GetByIdAccess):
3213         (JSC::GetByIdAccess::structure):
3214         (JSC::GetByIdAccess::conditionSet):
3215         (JSC::GetByIdAccess::stubRoutine):
3216         (JSC::GetByIdAccess::chain): Deleted.
3217         (JSC::GetByIdAccess::chainCount): Deleted.
3218         * bytecode/PolymorphicPutByIdList.cpp:
3219         (JSC::PutByIdAccess::fromStructureStubInfo):
3220         (JSC::PutByIdAccess::visitWeak):
3221         * bytecode/PolymorphicPutByIdList.h:
3222         (JSC::PutByIdAccess::PutByIdAccess):
3223         (JSC::PutByIdAccess::transition):
3224         (JSC::PutByIdAccess::setter):
3225         (JSC::PutByIdAccess::newStructure):
3226         (JSC::PutByIdAccess::conditionSet):
3227         (JSC::PutByIdAccess::stubRoutine):
3228         (JSC::PutByIdAccess::chain): Deleted.
3229         (JSC::PutByIdAccess::chainCount): Deleted.
3230         * bytecode/PropertyCondition.cpp: Added.
3231         (JSC::PropertyCondition::dumpInContext):
3232         (JSC::PropertyCondition::dump):
3233         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
3234         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
3235         (JSC::PropertyCondition::isStillValid):
3236         (JSC::PropertyCondition::isWatchableWhenValid):
3237         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3238         (JSC::PropertyCondition::isWatchable):
3239         (JSC::PropertyCondition::isStillLive):
3240         (JSC::PropertyCondition::validateReferences):
3241         (JSC::PropertyCondition::isValidValueForAttributes):
3242         (JSC::PropertyCondition::isValidValueForPresence):
3243         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3244         (WTF::printInternal):
3245         * bytecode/PropertyCondition.h: Added.
3246         (JSC::PropertyCondition::PropertyCondition):
3247         (JSC::PropertyCondition::presenceWithoutBarrier):
3248         (JSC::PropertyCondition::presence):
3249         (JSC::PropertyCondition::absenceWithoutBarrier):
3250         (JSC::PropertyCondition::absence):
3251         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
3252         (JSC::PropertyCondition::absenceOfSetter):
3253         (JSC::PropertyCondition::equivalenceWithoutBarrier):
3254         (JSC::PropertyCondition::equivalence):
3255         (JSC::PropertyCondition::operator!):
3256         (JSC::PropertyCondition::kind):
3257         (JSC::PropertyCondition::uid):
3258         (JSC::PropertyCondition::hasOffset):
3259         (JSC::PropertyCondition::offset):
3260         (JSC::PropertyCondition::hasAttributes):
3261         (JSC::PropertyCondition::attributes):
3262         (JSC::PropertyCondition::hasPrototype):
3263         (JSC::PropertyCondition::prototype):
3264         (JSC::PropertyCondition::hasRequiredValue):
3265         (JSC::PropertyCondition::requiredValue):
3266         (JSC::PropertyCondition::hash):
3267         (JSC::PropertyCondition::operator==):
3268         (JSC::PropertyCondition::isHashTableDeletedValue):
3269         (JSC::PropertyCondition::isCompatibleWith):
3270         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3271         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
3272         (JSC::PropertyConditionHash::hash):
3273         (JSC::PropertyConditionHash::equal):
3274         * bytecode/PutByIdStatus.cpp:
3275         (JSC::PutByIdStatus::computeFromLLInt):
3276         (JSC::PutByIdStatus::computeFor):
3277         (JSC::PutByIdStatus::computeForStubInfo):
3278         * bytecode/PutByIdVariant.cpp:
3279         (JSC::PutByIdVariant::operator=):
3280         (JSC::PutByIdVariant::transition):
3281         (JSC::PutByIdVariant::setter):
3282         (JSC::PutByIdVariant::makesCalls):
3283         (JSC::PutByIdVariant::attemptToMerge):
3284         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
3285         (JSC::PutByIdVariant::dumpInContext):
3286         (JSC::PutByIdVariant::baseStructure): Deleted.
3287         * bytecode/PutByIdVariant.h:
3288         (JSC::PutByIdVariant::PutByIdVariant):
3289         (JSC::PutByIdVariant::kind):
3290         (JSC::PutByIdVariant::structure):
3291         (JSC::PutByIdVariant::structureSet):
3292         (JSC::PutByIdVariant::oldStructure):
3293         (JSC::PutByIdVariant::conditionSet):
3294         (JSC::PutByIdVariant::offset):
3295         (JSC::PutByIdVariant::callLinkStatus):
3296         (JSC::PutByIdVariant::constantChecks): Deleted.
3297         (JSC::PutByIdVariant::alternateBase): Deleted.
3298         * bytecode/StructureStubClearingWatchpoint.cpp:
3299         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
3300         (JSC::StructureStubClearingWatchpoint::push):
3301         (JSC::StructureStubClearingWatchpoint::fireInternal):
3302         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
3303         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
3304         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
3305         * bytecode/StructureStubClearingWatchpoint.h:
3306         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
3307         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
3308         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
3309         * bytecode/StructureStubInfo.cpp:
3310         (JSC::StructureStubInfo::deref):
3311         (JSC::StructureStubInfo::visitWeakReferences):
3312         * bytecode/StructureStubInfo.h:
3313         (JSC::StructureStubInfo::initPutByIdTransition):
3314         (JSC::StructureStubInfo::initPutByIdReplace):
3315         (JSC::StructureStubInfo::setSeen):
3316         (JSC::StructureStubInfo::addWatchpoint):
3317         * dfg/DFGAbstractInterpreterInlines.h:
3318         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3319         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
3320         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
3321         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
3322         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
3323         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
3324         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
3325         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
3326         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
3327         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
3328         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
3329         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
3330         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
3331         (JSC::DFG::AdaptiveStructureWatchpoint::install):
3332         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
3333         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
3334         (JSC::DFG::AdaptiveStructureWatchpoint::key):
3335         * dfg/DFGByteCodeParser.cpp:
3336         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
3337         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3338         (JSC::DFG::ByteCodeParser::handleGetByOffset):
3339         (JSC::DFG::ByteCodeParser::handlePutByOffset):
3340         (JSC::DFG::ByteCodeParser::check):
3341         (JSC::DFG::ByteCodeParser::promoteToConstant):
3342         (JSC::DFG::ByteCodeParser::planLoad):
3343         (JSC::DFG::ByteCodeParser::load):
3344         (JSC::DFG::ByteCodeParser::presenceLike):
3345         (JSC::DFG::ByteCodeParser::checkPresenceLike):
3346         (JSC::DFG::ByteCodeParser::store):
3347         (JSC::DFG::ByteCodeParser::handleGetById):
3348         (JSC::DFG::ByteCodeParser::handlePutById):
3349         (JSC::DFG::ByteCodeParser::parseBlock):
3350         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
3351         * dfg/DFGCommonData.cpp:
3352         (JSC::DFG::CommonData::validateReferences):
3353         * dfg/DFGCommonData.h:
3354         * dfg/DFGConstantFoldingPhase.cpp:
3355         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3356         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
3357         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
3