Fix Debug CMake builds on Windows
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-12  Alex Christensen  <achristensen@webkit.org>
2
3         Fix Debug CMake builds on Windows
4         https://bugs.webkit.org/show_bug.cgi?id=147940
5
6         Reviewed by Chris Dumez.
7
8         * PlatformWin.cmake:
9         Copy the plist to the JavaScriptCore.resources directory.
10
11 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
12
13         Remove VM::releaseExecutableMemory
14         https://bugs.webkit.org/show_bug.cgi?id=147915
15
16         Reviewed by Saam Barati.
17
18         releaseExecutableMemory() was only used in one place, where discardAllCode()
19         would work just as well.
20
21         It's confusing to have two slightly different ways to discard code. Also,
22         releaseExecutableMemory() is unused in any production code, and it seems
23         to have bit-rotted.
24
25         * jit/ExecutableAllocator.h:
26         * jsc.cpp:
27         (GlobalObject::finishCreation):
28         (functionAddressOf):
29         (functionVersion):
30         (functionReleaseExecutableMemory): Deleted.
31         * runtime/VM.cpp:
32         (JSC::StackPreservingRecompiler::operator()):
33         (JSC::VM::throwException):
34         (JSC::VM::updateFTLLargestStackSize):
35         (JSC::VM::gatherConservativeRoots):
36         (JSC::VM::releaseExecutableMemory): Deleted.
37         (JSC::releaseExecutableMemory): Deleted.
38         * runtime/VM.h:
39         (JSC::VM::isCollectorBusy):
40         * runtime/Watchdog.cpp:
41         (JSC::Watchdog::setTimeLimit):
42
43 2015-08-12  Mark Lam  <mark.lam@apple.com>
44
45         Add a JSC option to enable the watchdog for testing.
46         https://bugs.webkit.org/show_bug.cgi?id=147939
47
48         Reviewed by Michael Saboff.
49
50         * API/JSContextRef.cpp:
51         (JSContextGroupSetExecutionTimeLimit):
52         (createWatchdogIfNeeded): Deleted.
53         * runtime/Options.h:
54         * runtime/VM.cpp:
55         (JSC::VM::VM):
56         (JSC::VM::~VM):
57         (JSC::VM::sharedInstanceInternal):
58         (JSC::VM::ensureWatchdog):
59         (JSC::thunkGeneratorForIntrinsic):
60         * runtime/VM.h:
61
62 2015-08-11  Mark Lam  <mark.lam@apple.com>
63
64         Implementation JavaScript watchdog using WTF::WorkQueue.
65         https://bugs.webkit.org/show_bug.cgi?id=147107
66
67         Reviewed by Geoffrey Garen.
68
69         How the Watchdog works?
70         ======================
71
72         1. When do we start the Watchdog?
73            =============================
74            The watchdog should only be started if both the following conditions are true:
75            1. A time limit has been set.
76            2. We have entered the VM.
77  
78         2. CPU time vs Wall Clock time
79            ===========================
80            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
81
82            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
83            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
84            indicates the wall clock time point when the WorkQueue timer is expected to fire.
85
86            The time limit for which we allow JS code to run should be measured in CPU time, which can
87            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
88            should fire.
89
90            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
91            we need to check if m_cpuDeadline has been reached.
92
93            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
94
95            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
96            code to continue to run for.  Hence, we need to start a new timer to fire again after
97            Tremainder microseconds.
98     
99            See Watchdog::didFireSlow().
100
101         3. Spurious wake ups
102            =================
103            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
104            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
105            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
106            wake ups are considered to be spurious and will be ignored.
107  
108            See Watchdog::didFireSlow().
109  
110         4. Minimizing Timer creation cost
111            ==============================
112            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
113            than this.
114  
115            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
116            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
117            time limit. Consider the following example:
118  
119                |---|-----|---|----------------|---------|
120                t0  t1    t2  t3            t0 + L    t2 + L 
121
122                |<--- T1 --------------------->|
123                          |<--- T2 --------------------->|
124                |<-- Td ->|                    |<-- Td ->|
125
126            1. The user initializes the watchdog with time limit L.
127            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
128               The timer is set to expire at t0 + L.
129            3. At t1, we exit the VM.
130            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
131          
132               However, we can note that the expiration time for T2 would be after the expiration time
133               of T1. Specifically, T2 would have expired at Td after T1 expires.
134          
135               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
136               for a period or Td instead.
137
138            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
139            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
140            automatically take care of starting a new timer for the difference Td in the example above.
141            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
142            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
143
144            The benefit:
145
146            1. we minimize the number of timer instances we have queued in the workqueue at the same time
147               (ideally only 1 or 0), and use less peak memory usage.
148
149            2. we minimize the frequency of instantiating timer instances. By waiting for the current
150               active timer to expire first, on average, we get to start one timer per time limit
151               (which is infrequent because time limits tend to be long) instead of one timer per
152               VM entry (which tends to be frequent).
153
154            See Watchdog::startTimer().
155
156         * API/JSContextRef.cpp:
157         (createWatchdogIfNeeded):
158         (JSContextGroupClearExecutionTimeLimit):
159         - No need to create the watchdog (if not already created) just to clear it.
160           If the watchdog is not created yet, then it is effectively cleared.
161
162         * API/tests/ExecutionTimeLimitTest.cpp:
163         (currentCPUTimeAsJSFunctionCallback):
164         (testExecutionTimeLimit):
165         (currentCPUTime): Deleted.
166         * API/tests/testapi.c:
167         (main):
168         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
169         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
170         - Enable watchdog tests for all platforms.
171
172         * CMakeLists.txt:
173         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
174         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
175         * JavaScriptCore.xcodeproj/project.pbxproj:
176         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
177
178         * PlatformEfl.cmake:
179
180         * dfg/DFGByteCodeParser.cpp:
181         (JSC::DFG::ByteCodeParser::parseBlock):
182         * dfg/DFGSpeculativeJIT32_64.cpp:
183         * dfg/DFGSpeculativeJIT64.cpp:
184         * interpreter/Interpreter.cpp:
185         (JSC::Interpreter::execute):
186         (JSC::Interpreter::executeCall):
187         (JSC::Interpreter::executeConstruct):
188         * jit/JITOpcodes.cpp:
189         (JSC::JIT::emit_op_loop_hint):
190         (JSC::JIT::emitSlow_op_loop_hint):
191         * jit/JITOperations.cpp:
192         * llint/LLIntOffsetsExtractor.cpp:
193         * llint/LLIntSlowPaths.cpp:
194         * runtime/VM.cpp:
195         - #include Watchdog.h in these files directly instead of doing it via VM.h.
196           These saves us from having to recompile the world when we change Watchdog.h.
197
198         * runtime/VM.h:
199         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
200           thread-safe ref counted.
201
202         * runtime/VMEntryScope.cpp:
203         (JSC::VMEntryScope::VMEntryScope):
204         (JSC::VMEntryScope::~VMEntryScope):
205         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
206           Instead, the VMEntryScope will inform the watchdog of when we have entered and
207           exited the VM.
208
209         * runtime/Watchdog.cpp:
210         (JSC::currentWallClockTime):
211         (JSC::Watchdog::Watchdog):
212         (JSC::Watchdog::hasStartedTimer):
213         (JSC::Watchdog::setTimeLimit):
214         (JSC::Watchdog::didFireSlow):
215         (JSC::Watchdog::hasTimeLimit):
216         (JSC::Watchdog::fire):
217         (JSC::Watchdog::enteredVM):
218         (JSC::Watchdog::exitedVM):
219
220         (JSC::Watchdog::startTimer):
221         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
222           (from a different thread) even after the VM shuts down.  We need to keep it
223           alive until the WorkQueue callback completes.
224
225           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
226           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
227           is done with it.  This ensures that the Watchdog is kept alive until all
228           WorkQueue callbacks are done.
229
230         (JSC::Watchdog::stopTimer):
231         (JSC::Watchdog::~Watchdog): Deleted.
232         (JSC::Watchdog::didFire): Deleted.
233         (JSC::Watchdog::isEnabled): Deleted.
234         (JSC::Watchdog::arm): Deleted.
235         (JSC::Watchdog::disarm): Deleted.
236         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
237         (JSC::Watchdog::startCountdown): Deleted.
238         (JSC::Watchdog::stopCountdown): Deleted.
239         * runtime/Watchdog.h:
240         (JSC::Watchdog::didFire):
241         (JSC::Watchdog::timerDidFireAddress):
242         (JSC::Watchdog::isArmed): Deleted.
243         (JSC::Watchdog::Scope::Scope): Deleted.
244         (JSC::Watchdog::Scope::~Scope): Deleted.
245         * runtime/WatchdogMac.cpp:
246         (JSC::Watchdog::initTimer): Deleted.
247         (JSC::Watchdog::destroyTimer): Deleted.
248         (JSC::Watchdog::startTimer): Deleted.
249         (JSC::Watchdog::stopTimer): Deleted.
250         * runtime/WatchdogNone.cpp:
251         (JSC::Watchdog::initTimer): Deleted.
252         (JSC::Watchdog::destroyTimer): Deleted.
253         (JSC::Watchdog::startTimer): Deleted.
254         (JSC::Watchdog::stopTimer): Deleted.
255
256 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
257
258         Always use a byte-sized lock implementation
259         https://bugs.webkit.org/show_bug.cgi?id=147908
260
261         Reviewed by Geoffrey Garen.
262
263         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
264
265 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
266
267         Make ASan build not depend on asan.xcconfig
268         https://bugs.webkit.org/show_bug.cgi?id=147840
269         rdar://problem/21093702
270
271         Reviewed by Daniel Bates.
272
273         * dfg/DFGOSREntry.cpp:
274         (JSC::DFG::OSREntryData::dump):
275         (JSC::DFG::prepareOSREntry):
276         * ftl/FTLOSREntry.cpp:
277         (JSC::FTL::prepareOSREntry):
278         * heap/ConservativeRoots.cpp:
279         (JSC::ConservativeRoots::genericAddPointer):
280         (JSC::ConservativeRoots::genericAddSpan):
281         * heap/MachineStackMarker.cpp:
282         (JSC::MachineThreads::removeThreadIfFound):
283         (JSC::MachineThreads::gatherFromCurrentThread):
284         (JSC::MachineThreads::Thread::captureStack):
285         (JSC::copyMemory):
286         * interpreter/Register.h:
287         (JSC::Register::operator=):
288         (JSC::Register::asanUnsafeJSValue):
289         (JSC::Register::jsValue):
290
291 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
292
293         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
294         https://bugs.webkit.org/show_bug.cgi?id=147480
295
296         Reviewed by Filip Pizlo.
297
298         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
299         The IC site only caches one id. After checking that the given id is the same to the
300         cached one, we perform the get_by_id IC onto it.
301         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
302         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
303         operations when the given get_by_val leverages the property load with the cached id.
304
305         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
306         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
307         This can be leveraged to optimize symbol operations in DFG.
308
309         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
310         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
311         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
312         argument ArrayProfile* in the operations with ByValInfo*.
313
314         * bytecode/ByValInfo.h:
315         (JSC::ByValInfo::ByValInfo):
316         * bytecode/CodeBlock.cpp:
317         (JSC::CodeBlock::getByValInfoMap):
318         (JSC::CodeBlock::addByValInfo):
319         * bytecode/CodeBlock.h:
320         (JSC::CodeBlock::getByValInfo): Deleted.
321         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
322         (JSC::CodeBlock::numberOfByValInfos): Deleted.
323         (JSC::CodeBlock::byValInfo): Deleted.
324         * bytecode/ExitKind.cpp:
325         (JSC::exitKindToString):
326         * bytecode/ExitKind.h:
327         * bytecode/GetByIdStatus.cpp:
328         (JSC::GetByIdStatus::computeFor):
329         (JSC::GetByIdStatus::computeForStubInfo):
330         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
331         * bytecode/GetByIdStatus.h:
332         * dfg/DFGAbstractInterpreterInlines.h:
333         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
334         * dfg/DFGByteCodeParser.cpp:
335         (JSC::DFG::ByteCodeParser::parseBlock):
336         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
337         * dfg/DFGClobberize.h:
338         (JSC::DFG::clobberize):
339         * dfg/DFGConstantFoldingPhase.cpp:
340         (JSC::DFG::ConstantFoldingPhase::foldConstants):
341         * dfg/DFGDoesGC.cpp:
342         (JSC::DFG::doesGC):
343         * dfg/DFGFixupPhase.cpp:
344         (JSC::DFG::FixupPhase::fixupNode):
345         (JSC::DFG::FixupPhase::observeUseKindOnNode):
346         * dfg/DFGNode.h:
347         (JSC::DFG::Node::hasUidOperand):
348         (JSC::DFG::Node::uidOperand):
349         * dfg/DFGNodeType.h:
350         * dfg/DFGPredictionPropagationPhase.cpp:
351         (JSC::DFG::PredictionPropagationPhase::propagate):
352         * dfg/DFGSafeToExecute.h:
353         (JSC::DFG::SafeToExecuteEdge::operator()):
354         (JSC::DFG::safeToExecute):
355         * dfg/DFGSpeculativeJIT.cpp:
356         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
357         (JSC::DFG::SpeculativeJIT::speculateSymbol):
358         (JSC::DFG::SpeculativeJIT::speculate):
359         * dfg/DFGSpeculativeJIT.h:
360         * dfg/DFGSpeculativeJIT32_64.cpp:
361         (JSC::DFG::SpeculativeJIT::compile):
362         * dfg/DFGSpeculativeJIT64.cpp:
363         (JSC::DFG::SpeculativeJIT::compile):
364         * dfg/DFGUseKind.cpp:
365         (WTF::printInternal):
366         * dfg/DFGUseKind.h:
367         (JSC::DFG::typeFilterFor):
368         (JSC::DFG::isCell):
369         * ftl/FTLAbstractHeapRepository.h:
370         * ftl/FTLCapabilities.cpp:
371         (JSC::FTL::canCompile):
372         * ftl/FTLLowerDFGToLLVM.cpp:
373         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
374         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
375         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
376         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
377         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
378         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
379         * jit/JIT.cpp:
380         (JSC::JIT::privateCompile):
381         * jit/JIT.h:
382         (JSC::ByValCompilationInfo::ByValCompilationInfo):
383         (JSC::JIT::compileGetByValWithCachedId):
384         * jit/JITInlines.h:
385         (JSC::JIT::callOperation):
386         * jit/JITOpcodes.cpp:
387         (JSC::JIT::emit_op_has_indexed_property):
388         (JSC::JIT::emitSlow_op_has_indexed_property):
389         * jit/JITOpcodes32_64.cpp:
390         (JSC::JIT::emit_op_has_indexed_property):
391         (JSC::JIT::emitSlow_op_has_indexed_property):
392         * jit/JITOperations.cpp:
393         (JSC::getByVal):
394         * jit/JITOperations.h:
395         * jit/JITPropertyAccess.cpp:
396         (JSC::JIT::emit_op_get_by_val):
397         (JSC::JIT::emitGetByValWithCachedId):
398         (JSC::JIT::emitSlow_op_get_by_val):
399         (JSC::JIT::emit_op_put_by_val):
400         (JSC::JIT::emitSlow_op_put_by_val):
401         (JSC::JIT::privateCompileGetByVal):
402         (JSC::JIT::privateCompileGetByValWithCachedId):
403         * jit/JITPropertyAccess32_64.cpp:
404         (JSC::JIT::emit_op_get_by_val):
405         (JSC::JIT::emitGetByValWithCachedId):
406         (JSC::JIT::emitSlow_op_get_by_val):
407         (JSC::JIT::emit_op_put_by_val):
408         (JSC::JIT::emitSlow_op_put_by_val):
409         * runtime/Symbol.h:
410         * tests/stress/get-by-val-with-string-constructor.js: Added.
411         (Hello):
412         (get Hello.prototype.generate):
413         (ok):
414         * tests/stress/get-by-val-with-string-exit.js: Added.
415         (shouldBe):
416         (getByVal):
417         (getStr1):
418         (getStr2):
419         * tests/stress/get-by-val-with-string-generated.js: Added.
420         (shouldBe):
421         (getByVal):
422         (getStr1):
423         (getStr2):
424         * tests/stress/get-by-val-with-string-getter.js: Added.
425         (object.get hello):
426         (ok):
427         * tests/stress/get-by-val-with-string.js: Added.
428         (shouldBe):
429         (getByVal):
430         (getStr1):
431         (getStr2):
432         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
433         (Hello):
434         (get Hello.prototype.generate):
435         (ok):
436         * tests/stress/get-by-val-with-symbol-exit.js: Added.
437         (shouldBe):
438         (getByVal):
439         (getSym1):
440         (getSym2):
441         * tests/stress/get-by-val-with-symbol-getter.js: Added.
442         (object.get hello):
443         (.get ok):
444         * tests/stress/get-by-val-with-symbol.js: Added.
445         (shouldBe):
446         (getByVal):
447         (getSym1):
448         (getSym2):
449
450 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
451
452         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
453         https://bugs.webkit.org/show_bug.cgi?id=147891
454         rdar://problem/22129447
455
456         Reviewed by Mark Lam.
457
458         * dfg/DFGByteCodeParser.cpp:
459         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
460         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
461         * dfg/DFGGraph.cpp:
462         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
463         * dfg/DFGStructureRegistrationPhase.cpp:
464         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
465
466 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
467
468         [Win] Switch Windows build to Visual Studio 2015
469         https://bugs.webkit.org/show_bug.cgi?id=147887
470         <rdar://problem/22235098>
471
472         Reviewed by Alex Christensen.
473
474         Update Visual Studio project file settings to use the current Visual
475         Studio and compiler. Continue targeting binaries to run on our minimum
476         supported configuration of Windows 7.
477
478         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
479         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
480         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
481         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
482         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
483         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
484         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
485         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
486         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
487         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
488         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
489         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
490
491 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
492
493         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
494         https://bugs.webkit.org/show_bug.cgi?id=147665
495
496         Reviewed by Mark Lam.
497
498         Replace ByteSpinLock with ByteLock.
499
500         * runtime/ConcurrentJITLock.h:
501
502 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
503
504         Numeric setter on prototype doesn't get called.
505         https://bugs.webkit.org/show_bug.cgi?id=144252
506
507         Reviewed by Darin Adler.
508
509         When switching the blank indexing type to the other one in putByIndex,
510         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
511         it to the slow put indexing type and reloop the putByIndex since there may
512         be some indexing accessor in the prototype chain. Previously, we just set
513         the value into the allocated vector.
514
515         In the putDirectIndex case, we just store the value to the vector.
516         This is because putDirectIndex is the operation to store the own property
517         and it does not check the accessors in the prototype chain.
518
519         * runtime/JSObject.cpp:
520         (JSC::JSObject::putByIndexBeyondVectorLength):
521         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
522         (shouldBe):
523         (Trace):
524         (Trace.prototype.trace):
525         (Trace.prototype.get count):
526         (.):
527         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
528         (shouldBe):
529         (Trace):
530         (Trace.prototype.trace):
531         (Trace.prototype.get count):
532         (.):
533         * tests/stress/numeric-setter-on-prototype.js: Added.
534         (shouldBe):
535         (Trace):
536         (Trace.prototype.trace):
537         (Trace.prototype.get count):
538         (.z.__proto__.set 3):
539         * tests/stress/numeric-setter-on-self.js: Added.
540         (shouldBe):
541         (Trace):
542         (Trace.prototype.trace):
543         (Trace.prototype.get count):
544         (.y.set 2):
545
546 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
547
548         [Win] Unreviewed gardening.
549
550         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
551         file references so they appear in the proper IDE locations.
552
553 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
554
555         Unreviewed windows build fix for VS2015.
556
557         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
558
559 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
560
561         [ES6] Implement Reflect.has
562         https://bugs.webkit.org/show_bug.cgi?id=147875
563
564         Reviewed by Sam Weinig.
565
566         This patch implements Reflect.has[1].
567         Since the semantics is the same to the `in` operator in the JS[2],
568         we can implement it in builtin JS code.
569
570         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
571         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
572
573         * builtins/ReflectObject.js:
574         (has):
575         * runtime/ReflectObject.cpp:
576         * tests/stress/reflect-has.js: Added.
577         (shouldBe):
578         (shouldThrow):
579
580 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
581
582         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
583         https://bugs.webkit.org/show_bug.cgi?id=147874
584
585         Reviewed by Darin Adler.
586
587         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
588         The difference from the Object.* one is
589
590         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
591         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
592
593         * runtime/ObjectConstructor.cpp:
594         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
595         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
596         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
597         (JSC::objectConstructorGetPrototypeOf):
598         * runtime/ObjectConstructor.h:
599         * runtime/ReflectObject.cpp:
600         (JSC::reflectObjectGetPrototypeOf):
601         (JSC::reflectObjectSetPrototypeOf):
602         * tests/stress/reflect-get-prototype-of.js: Added.
603         (shouldBe):
604         (shouldThrow):
605         (Base):
606         (Derived):
607         * tests/stress/reflect-set-prototype-of.js: Added.
608         (shouldBe):
609         (shouldThrow):
610
611 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
612
613         Fix debug build when optimization is enabled
614         https://bugs.webkit.org/show_bug.cgi?id=147816
615
616         Reviewed by Alexey Proskuryakov.
617
618         * llint/LLIntEntrypoint.cpp:
619         * runtime/FunctionExecutableDump.cpp:
620
621 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
622
623         Ensure that Reflect.enumerate does not produce the deleted keys
624         https://bugs.webkit.org/show_bug.cgi?id=147677
625
626         Reviewed by Darin Adler.
627
628         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
629
630         * tests/stress/reflect-enumerate.js:
631
632 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
633
634         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
635         https://bugs.webkit.org/show_bug.cgi?id=147856
636
637         Reviewed by Saam Barati.
638
639         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
640
641         * CMakeLists.txt:
642         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
643         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
644         * JavaScriptCore.xcodeproj/project.pbxproj:
645         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
646         (JSC::ExecutableInfo::ExecutableInfo):
647         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
648         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
649         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
650         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
651         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
652         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
653         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
654         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
655         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
656         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
657         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
658         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
659         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
660         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
661         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
662         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
663         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
664         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
665         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
666         (JSC::UnlinkedCodeBlock::regexp): Deleted.
667         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
668         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
669         (JSC::UnlinkedCodeBlock::identifier): Deleted.
670         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
671         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
672         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
673         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
674         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
675         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
676         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
677         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
678         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
679         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
680         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
681         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
682         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
683         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
684         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
685         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
686         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
687         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
688         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
689         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
690         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
691         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
692         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
693         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
694         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
695         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
696         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
697         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
698         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
699         (JSC::UnlinkedCodeBlock::vm): Deleted.
700         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
701         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
702         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
703         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
704         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
705         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
706         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
707         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
708         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
709         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
710         (JSC::UnlinkedCodeBlock::codeType): Deleted.
711         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
712         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
713         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
714         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
715         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
716         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
717         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
718         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
719         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
720         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
721         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
722         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
723         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
724         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
725         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
726         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
727         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
728         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
729         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
730         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
731         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
732         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
733         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
734         * bytecode/UnlinkedCodeBlock.cpp:
735         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
736         (JSC::generateFunctionCodeBlock): Deleted.
737         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
738         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
739         (JSC::UnlinkedFunctionExecutable::link): Deleted.
740         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
741         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
742         * bytecode/UnlinkedCodeBlock.h:
743         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
744         (JSC::ExecutableInfo::needsActivation): Deleted.
745         (JSC::ExecutableInfo::usesEval): Deleted.
746         (JSC::ExecutableInfo::isStrictMode): Deleted.
747         (JSC::ExecutableInfo::isConstructor): Deleted.
748         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
749         (JSC::ExecutableInfo::constructorKind): Deleted.
750         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
751         (JSC::generateFunctionCodeBlock):
752         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
753         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
754         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
755         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
756         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
757         (JSC::dumpLineColumnEntry): Deleted.
758         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
759         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
760         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
761         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
762         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
763         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
764         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
765         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
766         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
767         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
768         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
769         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
770         (JSC::UnlinkedCodeBlock::instructions): Deleted.
771         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
772         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
773         (JSC::ExecutableInfo::needsActivation): Deleted.
774         (JSC::ExecutableInfo::usesEval): Deleted.
775         (JSC::ExecutableInfo::isStrictMode): Deleted.
776         (JSC::ExecutableInfo::isConstructor): Deleted.
777         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
778         (JSC::ExecutableInfo::constructorKind): Deleted.
779         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
780         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
781         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
782         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
783         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
784         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
785         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
786         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
787         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
788         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
789         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
790         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
791         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
792         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
793         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
794         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
795         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
796         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
797         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
798         (JSC::UnlinkedCodeBlock::regexp): Deleted.
799         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
800         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
801         (JSC::UnlinkedCodeBlock::identifier): Deleted.
802         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
803         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
804         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
805         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
806         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
807         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
808         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
809         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
810         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
811         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
812         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
813         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
814         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
815         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
816         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
817         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
818         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
819         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
820         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
821         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
822         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
823         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
824         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
825         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
826         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
827         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
828         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
829         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
830         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
831         (JSC::UnlinkedCodeBlock::vm): Deleted.
832         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
833         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
834         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
835         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
836         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
837         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
838         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
839         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
840         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
841         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
842         (JSC::UnlinkedCodeBlock::codeType): Deleted.
843         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
844         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
845         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
846         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
847         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
848         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
849         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
850         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
851         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
852         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
853         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
854         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
855         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
856         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
857         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
858         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
859         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
860         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
861         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
862         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
863         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
864         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
865         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
866         * runtime/Executable.h:
867
868 2015-08-10  Mark Lam  <mark.lam@apple.com>
869
870         Refactor LiveObjectList and LiveObjectData into their own files.
871         https://bugs.webkit.org/show_bug.cgi?id=147843
872
873         Reviewed by Saam Barati.
874
875         There is no behavior change in this patch.
876
877         * CMakeLists.txt:
878         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
879         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
880         * JavaScriptCore.xcodeproj/project.pbxproj:
881         * heap/HeapVerifier.cpp:
882         (JSC::HeapVerifier::HeapVerifier):
883         (JSC::LiveObjectList::findObject): Deleted.
884         * heap/HeapVerifier.h:
885         (JSC::LiveObjectData::LiveObjectData): Deleted.
886         (JSC::LiveObjectList::LiveObjectList): Deleted.
887         (JSC::LiveObjectList::reset): Deleted.
888         * heap/LiveObjectData.h: Added.
889         (JSC::LiveObjectData::LiveObjectData):
890         * heap/LiveObjectList.cpp: Added.
891         (JSC::LiveObjectList::findObject):
892         * heap/LiveObjectList.h: Added.
893         (JSC::LiveObjectList::LiveObjectList):
894         (JSC::LiveObjectList::reset):
895
896 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
897
898         Let's rename FunctionBodyNode
899         https://bugs.webkit.org/show_bug.cgi?id=147292
900
901         Reviewed by Mark Lam & Saam Barati.
902
903         FunctionBodyNode => FunctionMetadataNode
904
905         Make FunctionMetadataNode inherit from Node instead of StatementNode
906         because a FunctionMetadataNode can appear in expression context and does
907         not have a next statement.
908
909         (I decided to continue allocating FunctionMetadataNode in the AST arena,
910         and to retain "Node" in its name, because it really is a parsing
911         construct, and we transform its data before consuming it elsewhere.
912
913         There is still room for a future patch to distill and simplify the
914         metadata we track about functions between FunDeclNode/FuncExprNode,
915         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
916
917         * builtins/BuiltinExecutables.cpp:
918         (JSC::BuiltinExecutables::createExecutableInternal):
919         * bytecode/UnlinkedCodeBlock.cpp:
920         (JSC::generateFunctionCodeBlock):
921         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
922         * bytecode/UnlinkedCodeBlock.h:
923         * bytecompiler/BytecodeGenerator.cpp:
924         (JSC::BytecodeGenerator::generate):
925         (JSC::BytecodeGenerator::BytecodeGenerator):
926         (JSC::BytecodeGenerator::emitNewArray):
927         (JSC::BytecodeGenerator::emitNewFunction):
928         (JSC::BytecodeGenerator::emitNewFunctionExpression):
929         * bytecompiler/BytecodeGenerator.h:
930         (JSC::BytecodeGenerator::makeFunction):
931         * bytecompiler/NodesCodegen.cpp:
932         (JSC::EvalNode::emitBytecode):
933         (JSC::FunctionNode::emitBytecode):
934         (JSC::FunctionBodyNode::emitBytecode): Deleted.
935         * parser/ASTBuilder.h:
936         (JSC::ASTBuilder::createFunctionExpr):
937         (JSC::ASTBuilder::createFunctionBody):
938         * parser/NodeConstructors.h:
939         (JSC::FunctionParameters::FunctionParameters):
940         (JSC::FuncExprNode::FuncExprNode):
941         (JSC::FuncDeclNode::FuncDeclNode):
942         * parser/Nodes.cpp:
943         (JSC::EvalNode::EvalNode):
944         (JSC::FunctionMetadataNode::FunctionMetadataNode):
945         (JSC::FunctionMetadataNode::finishParsing):
946         (JSC::FunctionMetadataNode::setEndPosition):
947         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
948         (JSC::FunctionBodyNode::finishParsing): Deleted.
949         (JSC::FunctionBodyNode::setEndPosition): Deleted.
950         * parser/Nodes.h:
951         (JSC::FuncExprNode::body):
952         (JSC::FuncDeclNode::body):
953         * parser/Parser.h:
954         (JSC::Parser::isFunctionMetadataNode):
955         (JSC::Parser::next):
956         (JSC::Parser<LexerType>::parse):
957         (JSC::Parser::isFunctionBodyNode): Deleted.
958         * runtime/CodeCache.cpp:
959         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
960         * runtime/CodeCache.h:
961
962 2015-08-09  Chris Dumez  <cdumez@apple.com>
963
964         Regression(r188105): Seems to have caused crashes during PLT on some iPads
965         https://bugs.webkit.org/show_bug.cgi?id=147818
966
967         Unreviewed, roll out r188105.
968
969         * bytecode/ByValInfo.h:
970         (JSC::ByValInfo::ByValInfo):
971         * bytecode/CodeBlock.cpp:
972         (JSC::CodeBlock::getByValInfoMap): Deleted.
973         (JSC::CodeBlock::addByValInfo): Deleted.
974         * bytecode/CodeBlock.h:
975         (JSC::CodeBlock::getByValInfo):
976         (JSC::CodeBlock::setNumberOfByValInfos):
977         (JSC::CodeBlock::numberOfByValInfos):
978         (JSC::CodeBlock::byValInfo):
979         * bytecode/ExitKind.cpp:
980         (JSC::exitKindToString): Deleted.
981         * bytecode/ExitKind.h:
982         * bytecode/GetByIdStatus.cpp:
983         (JSC::GetByIdStatus::computeFor):
984         (JSC::GetByIdStatus::computeForStubInfo):
985         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
986         * bytecode/GetByIdStatus.h:
987         * dfg/DFGAbstractInterpreterInlines.h:
988         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
989         * dfg/DFGByteCodeParser.cpp:
990         (JSC::DFG::ByteCodeParser::parseBlock):
991         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
992         * dfg/DFGClobberize.h:
993         (JSC::DFG::clobberize): Deleted.
994         * dfg/DFGConstantFoldingPhase.cpp:
995         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
996         * dfg/DFGDoesGC.cpp:
997         (JSC::DFG::doesGC): Deleted.
998         * dfg/DFGFixupPhase.cpp:
999         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1000         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1001         * dfg/DFGNode.h:
1002         (JSC::DFG::Node::hasUidOperand): Deleted.
1003         (JSC::DFG::Node::uidOperand): Deleted.
1004         * dfg/DFGNodeType.h:
1005         * dfg/DFGPredictionPropagationPhase.cpp:
1006         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1007         * dfg/DFGSafeToExecute.h:
1008         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1009         (JSC::DFG::safeToExecute): Deleted.
1010         * dfg/DFGSpeculativeJIT.cpp:
1011         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1012         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1013         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1014         * dfg/DFGSpeculativeJIT.h:
1015         * dfg/DFGSpeculativeJIT32_64.cpp:
1016         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1017         * dfg/DFGSpeculativeJIT64.cpp:
1018         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1019         * dfg/DFGUseKind.cpp:
1020         (WTF::printInternal): Deleted.
1021         * dfg/DFGUseKind.h:
1022         (JSC::DFG::typeFilterFor): Deleted.
1023         (JSC::DFG::isCell): Deleted.
1024         * ftl/FTLAbstractHeapRepository.h:
1025         * ftl/FTLCapabilities.cpp:
1026         (JSC::FTL::canCompile): Deleted.
1027         * ftl/FTLLowerDFGToLLVM.cpp:
1028         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1029         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1030         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1031         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1032         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1033         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1034         * jit/JIT.cpp:
1035         (JSC::JIT::privateCompile):
1036         * jit/JIT.h:
1037         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1038         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1039         * jit/JITInlines.h:
1040         (JSC::JIT::callOperation): Deleted.
1041         * jit/JITOpcodes.cpp:
1042         (JSC::JIT::emit_op_has_indexed_property):
1043         (JSC::JIT::emitSlow_op_has_indexed_property):
1044         * jit/JITOpcodes32_64.cpp:
1045         (JSC::JIT::emit_op_has_indexed_property):
1046         (JSC::JIT::emitSlow_op_has_indexed_property):
1047         * jit/JITOperations.cpp:
1048         (JSC::getByVal):
1049         * jit/JITOperations.h:
1050         * jit/JITPropertyAccess.cpp:
1051         (JSC::JIT::emit_op_get_by_val):
1052         (JSC::JIT::emitSlow_op_get_by_val):
1053         (JSC::JIT::emit_op_put_by_val):
1054         (JSC::JIT::emitSlow_op_put_by_val):
1055         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1056         (JSC::JIT::privateCompileGetByVal): Deleted.
1057         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1058         * jit/JITPropertyAccess32_64.cpp:
1059         (JSC::JIT::emit_op_get_by_val):
1060         (JSC::JIT::emitSlow_op_get_by_val):
1061         (JSC::JIT::emit_op_put_by_val):
1062         (JSC::JIT::emitSlow_op_put_by_val):
1063         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1064         * runtime/Symbol.h:
1065         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1066         * tests/stress/get-by-val-with-string-exit.js: Removed.
1067         * tests/stress/get-by-val-with-string-generated.js: Removed.
1068         * tests/stress/get-by-val-with-string-getter.js: Removed.
1069         * tests/stress/get-by-val-with-string.js: Removed.
1070         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1071         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1072         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1073         * tests/stress/get-by-val-with-symbol.js: Removed.
1074
1075 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1076
1077         Reduce uses of PassRefPtr in bindings
1078         https://bugs.webkit.org/show_bug.cgi?id=147781
1079
1080         Reviewed by Chris Dumez.
1081
1082         Use RefPtr when function can return null or an instance. If not, Ref is used.
1083
1084         * runtime/JSGenericTypedArrayView.h:
1085         (JSC::toNativeTypedView):
1086
1087 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1088
1089         Build more testing binaries with CMake on Windows
1090         https://bugs.webkit.org/show_bug.cgi?id=147799
1091
1092         Reviewed by Brent Fulgham.
1093
1094         * shell/PlatformWin.cmake: Added.
1095         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1096
1097 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1098
1099         Lightweight locks should be adaptive
1100         https://bugs.webkit.org/show_bug.cgi?id=147545
1101
1102         Reviewed by Geoffrey Garen.
1103
1104         * dfg/DFGCommon.cpp:
1105         (JSC::DFG::startCrashing):
1106         * heap/CopiedBlock.h:
1107         (JSC::CopiedBlock::workListLock):
1108         * heap/CopiedBlockInlines.h:
1109         (JSC::CopiedBlock::shouldReportLiveBytes):
1110         (JSC::CopiedBlock::reportLiveBytes):
1111         * heap/CopiedSpace.cpp:
1112         (JSC::CopiedSpace::doneFillingBlock):
1113         * heap/CopiedSpace.h:
1114         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1115         * heap/CopiedSpaceInlines.h:
1116         (JSC::CopiedSpace::recycleEvacuatedBlock):
1117         * heap/GCThreadSharedData.cpp:
1118         (JSC::GCThreadSharedData::didStartCopying):
1119         * heap/GCThreadSharedData.h:
1120         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1121         * heap/ListableHandler.h:
1122         (JSC::ListableHandler::List::addThreadSafe):
1123         (JSC::ListableHandler::List::addNotThreadSafe):
1124         * heap/MachineStackMarker.cpp:
1125         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1126         * heap/SlotVisitorInlines.h:
1127         (JSC::SlotVisitor::copyLater):
1128         * parser/SourceProvider.cpp:
1129         (JSC::SourceProvider::~SourceProvider):
1130         (JSC::SourceProvider::getID):
1131         * profiler/ProfilerDatabase.cpp:
1132         (JSC::Profiler::Database::addDatabaseToAtExit):
1133         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1134         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1135         * runtime/TypeProfilerLog.h:
1136
1137 2015-08-07  Mark Lam  <mark.lam@apple.com>
1138
1139         Rename some variables in the JSC watchdog implementation.
1140         https://bugs.webkit.org/show_bug.cgi?id=147790
1141
1142         Rubber stamped by Benjamin Poulain.
1143
1144         This is just a refactoring patch to give the variable better names that describe their
1145         intended use.  There is no behavior change.
1146
1147         * runtime/Watchdog.cpp:
1148         (JSC::Watchdog::Watchdog):
1149         (JSC::Watchdog::setTimeLimit):
1150         (JSC::Watchdog::didFire):
1151         (JSC::Watchdog::isEnabled):
1152         (JSC::Watchdog::fire):
1153         (JSC::Watchdog::startCountdownIfNeeded):
1154         * runtime/Watchdog.h:
1155
1156 2015-08-07  Saam barati  <saambarati1@gmail.com>
1157
1158         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1159         https://bugs.webkit.org/show_bug.cgi?id=147666
1160
1161         Reviewed by Geoffrey Garen.
1162
1163         If we make the bytecode generator know about every local scope it 
1164         creates, and if we give each local scope a unique register, the
1165         bytecode generator has all the information it needs to assign
1166         the correct scope to a catch handler. Because the bytecode generator
1167         knows this information, it's a better separation of responsibilties
1168         for it to set up the proper scope instead of relying on the exception
1169         handling runtime to find the scope.
1170
1171         * bytecode/BytecodeList.json:
1172         * bytecode/BytecodeUseDef.h:
1173         (JSC::computeUsesForBytecodeOffset):
1174         * bytecode/CodeBlock.cpp:
1175         (JSC::CodeBlock::dumpBytecode):
1176         (JSC::CodeBlock::CodeBlock):
1177         * bytecode/HandlerInfo.h:
1178         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1179         (JSC::HandlerInfo::initialize):
1180         * bytecompiler/BytecodeGenerator.cpp:
1181         (JSC::BytecodeGenerator::generate):
1182         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1183         (JSC::BytecodeGenerator::emitGetScope):
1184         (JSC::BytecodeGenerator::emitPushWithScope):
1185         (JSC::BytecodeGenerator::emitGetParentScope):
1186         (JSC::BytecodeGenerator::emitPopScope):
1187         (JSC::BytecodeGenerator::emitPopWithScope):
1188         (JSC::BytecodeGenerator::allocateAndEmitScope):
1189         (JSC::BytecodeGenerator::emitComplexPopScopes):
1190         (JSC::BytecodeGenerator::pushTry):
1191         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1192         (JSC::BytecodeGenerator::localScopeDepth):
1193         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1194         * bytecompiler/BytecodeGenerator.h:
1195         * bytecompiler/NodesCodegen.cpp:
1196         (JSC::WithNode::emitBytecode):
1197         * interpreter/Interpreter.cpp:
1198         (JSC::Interpreter::unwind):
1199         * jit/JITOpcodes.cpp:
1200         (JSC::JIT::emit_op_push_with_scope):
1201         (JSC::JIT::compileOpStrictEq):
1202         * jit/JITOpcodes32_64.cpp:
1203         (JSC::JIT::emit_op_push_with_scope):
1204         (JSC::JIT::emit_op_to_number):
1205         * jit/JITOperations.cpp:
1206         * jit/JITOperations.h:
1207         * llint/LLIntSlowPaths.cpp:
1208         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1209         * llint/LLIntSlowPaths.h:
1210         * llint/LowLevelInterpreter.asm:
1211         * runtime/CommonSlowPaths.cpp:
1212         (JSC::SLOW_PATH_DECL):
1213         * runtime/CommonSlowPaths.h:
1214         * runtime/JSScope.cpp:
1215         (JSC::JSScope::objectAtScope):
1216         (JSC::isUnscopable):
1217         (JSC::JSScope::depth): Deleted.
1218         * runtime/JSScope.h:
1219
1220 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1221
1222         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1223         https://bugs.webkit.org/show_bug.cgi?id=147761
1224
1225         Reviewed by Mark Lam.
1226
1227         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1228         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1229         it truncates the immediate pointer into the 32bit immediate.
1230         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1231
1232         * assembler/MacroAssemblerARM64.h:
1233         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1234         (JSC::MacroAssemblerARM64::patchableBranch64):
1235         * assembler/MacroAssemblerX86_64.h:
1236         (JSC::MacroAssemblerX86_64::patchableBranch64):
1237         * jit/JIT.h:
1238         * jit/JITInlines.h:
1239         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1240         * jit/JITPropertyAccess.cpp:
1241         (JSC::JIT::emit_op_get_by_val):
1242
1243 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1244
1245         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1246         https://bugs.webkit.org/show_bug.cgi?id=147480
1247
1248         Reviewed by Filip Pizlo.
1249
1250         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1251         The IC site only caches one id. After checking that the given id is the same to the
1252         cached one, we perform the get_by_id IC onto it.
1253         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1254         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1255         operations when the given get_by_val leverages the property load with the cached id.
1256
1257         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1258         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1259         This can be leveraged to optimize symbol operations in DFG.
1260
1261         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1262         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1263         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1264         argument ArrayProfile* in the operations with ByValInfo*.
1265
1266         * bytecode/ByValInfo.h:
1267         (JSC::ByValInfo::ByValInfo):
1268         * bytecode/CodeBlock.cpp:
1269         (JSC::CodeBlock::getByValInfoMap):
1270         (JSC::CodeBlock::addByValInfo):
1271         * bytecode/CodeBlock.h:
1272         (JSC::CodeBlock::getByValInfo): Deleted.
1273         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1274         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1275         (JSC::CodeBlock::byValInfo): Deleted.
1276         * bytecode/ExitKind.cpp:
1277         (JSC::exitKindToString):
1278         * bytecode/ExitKind.h:
1279         * bytecode/GetByIdStatus.cpp:
1280         (JSC::GetByIdStatus::computeFor):
1281         (JSC::GetByIdStatus::computeForStubInfo):
1282         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1283         * bytecode/GetByIdStatus.h:
1284         * dfg/DFGAbstractInterpreterInlines.h:
1285         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1286         * dfg/DFGByteCodeParser.cpp:
1287         (JSC::DFG::ByteCodeParser::parseBlock):
1288         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1289         * dfg/DFGClobberize.h:
1290         (JSC::DFG::clobberize):
1291         * dfg/DFGConstantFoldingPhase.cpp:
1292         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1293         * dfg/DFGDoesGC.cpp:
1294         (JSC::DFG::doesGC):
1295         * dfg/DFGFixupPhase.cpp:
1296         (JSC::DFG::FixupPhase::fixupNode):
1297         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1298         * dfg/DFGNode.h:
1299         (JSC::DFG::Node::hasUidOperand):
1300         (JSC::DFG::Node::uidOperand):
1301         * dfg/DFGNodeType.h:
1302         * dfg/DFGPredictionPropagationPhase.cpp:
1303         (JSC::DFG::PredictionPropagationPhase::propagate):
1304         * dfg/DFGSafeToExecute.h:
1305         (JSC::DFG::SafeToExecuteEdge::operator()):
1306         (JSC::DFG::safeToExecute):
1307         * dfg/DFGSpeculativeJIT.cpp:
1308         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1309         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1310         (JSC::DFG::SpeculativeJIT::speculate):
1311         * dfg/DFGSpeculativeJIT.h:
1312         * dfg/DFGSpeculativeJIT32_64.cpp:
1313         (JSC::DFG::SpeculativeJIT::compile):
1314         * dfg/DFGSpeculativeJIT64.cpp:
1315         (JSC::DFG::SpeculativeJIT::compile):
1316         * dfg/DFGUseKind.cpp:
1317         (WTF::printInternal):
1318         * dfg/DFGUseKind.h:
1319         (JSC::DFG::typeFilterFor):
1320         (JSC::DFG::isCell):
1321         * ftl/FTLAbstractHeapRepository.h:
1322         * ftl/FTLCapabilities.cpp:
1323         (JSC::FTL::canCompile):
1324         * ftl/FTLLowerDFGToLLVM.cpp:
1325         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1326         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1327         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1328         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1329         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1330         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1331         * jit/JIT.cpp:
1332         (JSC::JIT::privateCompile):
1333         * jit/JIT.h:
1334         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1335         (JSC::JIT::compileGetByValWithCachedId):
1336         * jit/JITInlines.h:
1337         (JSC::JIT::callOperation):
1338         * jit/JITOpcodes.cpp:
1339         (JSC::JIT::emit_op_has_indexed_property):
1340         (JSC::JIT::emitSlow_op_has_indexed_property):
1341         * jit/JITOpcodes32_64.cpp:
1342         (JSC::JIT::emit_op_has_indexed_property):
1343         (JSC::JIT::emitSlow_op_has_indexed_property):
1344         * jit/JITOperations.cpp:
1345         (JSC::getByVal):
1346         * jit/JITOperations.h:
1347         * jit/JITPropertyAccess.cpp:
1348         (JSC::JIT::emit_op_get_by_val):
1349         (JSC::JIT::emitGetByValWithCachedId):
1350         (JSC::JIT::emitSlow_op_get_by_val):
1351         (JSC::JIT::emit_op_put_by_val):
1352         (JSC::JIT::emitSlow_op_put_by_val):
1353         (JSC::JIT::privateCompileGetByVal):
1354         (JSC::JIT::privateCompileGetByValWithCachedId):
1355         * jit/JITPropertyAccess32_64.cpp:
1356         (JSC::JIT::emit_op_get_by_val):
1357         (JSC::JIT::emitGetByValWithCachedId):
1358         (JSC::JIT::emitSlow_op_get_by_val):
1359         (JSC::JIT::emit_op_put_by_val):
1360         (JSC::JIT::emitSlow_op_put_by_val):
1361         * runtime/Symbol.h:
1362         * tests/stress/get-by-val-with-string-constructor.js: Added.
1363         (Hello):
1364         (get Hello.prototype.generate):
1365         (ok):
1366         * tests/stress/get-by-val-with-string-exit.js: Added.
1367         (shouldBe):
1368         (getByVal):
1369         (getStr1):
1370         (getStr2):
1371         * tests/stress/get-by-val-with-string-generated.js: Added.
1372         (shouldBe):
1373         (getByVal):
1374         (getStr1):
1375         (getStr2):
1376         * tests/stress/get-by-val-with-string-getter.js: Added.
1377         (object.get hello):
1378         (ok):
1379         * tests/stress/get-by-val-with-string.js: Added.
1380         (shouldBe):
1381         (getByVal):
1382         (getStr1):
1383         (getStr2):
1384         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1385         (Hello):
1386         (get Hello.prototype.generate):
1387         (ok):
1388         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1389         (shouldBe):
1390         (getByVal):
1391         (getSym1):
1392         (getSym2):
1393         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1394         (object.get hello):
1395         (.get ok):
1396         * tests/stress/get-by-val-with-symbol.js: Added.
1397         (shouldBe):
1398         (getByVal):
1399         (getSym1):
1400         (getSym2):
1401
1402 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1403
1404         Parse the entire WebAssembly modules
1405         https://bugs.webkit.org/show_bug.cgi?id=147393
1406
1407         Reviewed by Geoffrey Garen.
1408
1409         Parse the entire WebAssembly modules from files produced by pack-asmjs
1410         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1411         parse modules whose function definition section contains only functions that
1412         have "return 0;" as their only statement. Parsing of any functions will be
1413         implemented in a subsequent patch.
1414
1415         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1416         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1417         * JavaScriptCore.xcodeproj/project.pbxproj:
1418         * wasm/JSWASMModule.cpp:
1419         (JSC::JSWASMModule::destroy):
1420         * wasm/JSWASMModule.h:
1421         (JSC::JSWASMModule::i32Constants):
1422         (JSC::JSWASMModule::f32Constants):
1423         (JSC::JSWASMModule::f64Constants):
1424         (JSC::JSWASMModule::signatures):
1425         (JSC::JSWASMModule::functionImports):
1426         (JSC::JSWASMModule::functionImportSignatures):
1427         (JSC::JSWASMModule::globalVariableTypes):
1428         (JSC::JSWASMModule::functionDeclarations):
1429         (JSC::JSWASMModule::functionPointerTables):
1430         * wasm/WASMFormat.h: Added.
1431         * wasm/WASMModuleParser.cpp:
1432         (JSC::WASMModuleParser::parse):
1433         (JSC::WASMModuleParser::parseModule):
1434         (JSC::WASMModuleParser::parseConstantPoolSection):
1435         (JSC::WASMModuleParser::parseSignatureSection):
1436         (JSC::WASMModuleParser::parseFunctionImportSection):
1437         (JSC::WASMModuleParser::parseGlobalSection):
1438         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
1439         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
1440         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
1441         (JSC::WASMModuleParser::parseFunctionDefinition):
1442         (JSC::WASMModuleParser::parseExportSection):
1443         * wasm/WASMModuleParser.h:
1444         * wasm/WASMReader.cpp:
1445         (JSC::WASMReader::readUInt32):
1446         (JSC::WASMReader::readCompactUInt32):
1447         (JSC::WASMReader::readString):
1448         (JSC::WASMReader::readType):
1449         (JSC::WASMReader::readExpressionType):
1450         (JSC::WASMReader::readExportFormat):
1451         (JSC::WASMReader::readByte):
1452         (JSC::WASMReader::readUnsignedInt32): Deleted.
1453         * wasm/WASMReader.h:
1454
1455 2015-08-06  Keith Miller  <keith_miller@apple.com>
1456
1457         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
1458         https://bugs.webkit.org/show_bug.cgi?id=147749
1459
1460         Reviewed by Filip Pizlo.
1461
1462         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
1463         thus no one calls this code.
1464
1465         * ftl/FTLLowerDFGToLLVM.cpp:
1466         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
1467
1468 2015-08-06  Keith Miller  <keith_miller@apple.com>
1469
1470         The JSONP parser incorrectly parsers -0 as +0.
1471         https://bugs.webkit.org/show_bug.cgi?id=147590
1472
1473         Reviewed by Michael Saboff.
1474
1475         In the LiteralParser we should use a double to store the accumulator for numerical tokens
1476         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
1477
1478         * runtime/LiteralParser.cpp:
1479         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
1480
1481 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
1482
1483         Structures used for tryGetConstantProperty() should be registered first
1484         https://bugs.webkit.org/show_bug.cgi?id=147750
1485
1486         Reviewed by Saam Barati and Michael Saboff.
1487
1488         * dfg/DFGGraph.cpp:
1489         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
1490         * dfg/DFGGraph.h:
1491         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
1492         * dfg/DFGStructureRegistrationPhase.cpp:
1493         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
1494         (JSC::DFG::StructureRegistrationPhase::registerStructures):
1495         (JSC::DFG::StructureRegistrationPhase::registerStructure):
1496         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
1497         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
1498         (JSC::DFG::performStructureRegistration):
1499
1500 2015-08-06  Keith Miller  <keith_miller@apple.com>
1501
1502         Remove UnspecifiedBoolType from JSC
1503         https://bugs.webkit.org/show_bug.cgi?id=147597
1504
1505         Reviewed by Mark Lam.
1506
1507         We were using the safe bool pattern in the code base for implicit casting to booleans.
1508         With C++11 this is no longer necessary and we can instead create an operator bool.
1509
1510         * API/JSRetainPtr.h:
1511         (JSRetainPtr::operator bool):
1512         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
1513         * dfg/DFGEdge.h:
1514         (JSC::DFG::Edge::operator bool):
1515         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
1516         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1517         * heap/Weak.h:
1518         * heap/WeakInlines.h:
1519         (JSC::bool):
1520         (JSC::UnspecifiedBoolType): Deleted.
1521
1522 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
1523
1524         [ES6] Class parser does not allow methods named set and get.
1525         https://bugs.webkit.org/show_bug.cgi?id=147150
1526
1527         Reviewed by Oliver Hunt.
1528
1529         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
1530         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
1531         so that we only treat them as such when it's followed by another token that could be a method name.
1532
1533         * parser/Parser.cpp:
1534         (JSC::Parser<LexerType>::parseClass):
1535
1536 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
1537
1538         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
1539
1540         * bytecode/SamplingTool.cpp:
1541         (JSC::SamplingTool::doRun):
1542         (JSC::SamplingTool::notifyOfScope):
1543         * bytecode/SamplingTool.h:
1544         * dfg/DFGThreadData.h:
1545         * dfg/DFGWorklist.cpp:
1546         (JSC::DFG::Worklist::~Worklist):
1547         (JSC::DFG::Worklist::isActiveForVM):
1548         (JSC::DFG::Worklist::enqueue):
1549         (JSC::DFG::Worklist::compilationState):
1550         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1551         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1552         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1553         (JSC::DFG::Worklist::visitWeakReferences):
1554         (JSC::DFG::Worklist::removeDeadPlans):
1555         (JSC::DFG::Worklist::queueLength):
1556         (JSC::DFG::Worklist::dump):
1557         (JSC::DFG::Worklist::runThread):
1558         * dfg/DFGWorklist.h:
1559         * disassembler/Disassembler.cpp:
1560         * heap/CopiedSpace.cpp:
1561         (JSC::CopiedSpace::doneFillingBlock):
1562         (JSC::CopiedSpace::doneCopying):
1563         * heap/CopiedSpace.h:
1564         * heap/CopiedSpaceInlines.h:
1565         (JSC::CopiedSpace::recycleBorrowedBlock):
1566         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1567         * heap/HeapTimer.h:
1568         * heap/MachineStackMarker.cpp:
1569         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1570         (JSC::ActiveMachineThreadsManager::add):
1571         (JSC::ActiveMachineThreadsManager::remove):
1572         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1573         (JSC::MachineThreads::~MachineThreads):
1574         (JSC::MachineThreads::addCurrentThread):
1575         (JSC::MachineThreads::removeThreadIfFound):
1576         (JSC::MachineThreads::tryCopyOtherThreadStack):
1577         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1578         (JSC::MachineThreads::gatherConservativeRoots):
1579         * heap/MachineStackMarker.h:
1580         * interpreter/JSStack.cpp:
1581         (JSC::stackStatisticsMutex):
1582         (JSC::JSStack::addToCommittedByteCount):
1583         (JSC::JSStack::committedByteCount):
1584         * jit/JITThunks.h:
1585         * profiler/ProfilerDatabase.h:
1586
1587 2015-08-05  Saam barati  <saambarati1@gmail.com>
1588
1589         Bytecodegenerator emits crappy code for returns in a lexical scope.
1590         https://bugs.webkit.org/show_bug.cgi?id=147688
1591
1592         Reviewed by Mark Lam.
1593
1594         When returning, we only need to emit complex pop scopes if we're in 
1595         a finally block. Otherwise, we can just return like normal. This saves
1596         us from inefficiently emitting unnecessary pop scopes.
1597
1598         * bytecompiler/BytecodeGenerator.h:
1599         (JSC::BytecodeGenerator::isInFinallyBlock):
1600         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
1601         * bytecompiler/NodesCodegen.cpp:
1602         (JSC::ReturnNode::emitBytecode):
1603
1604 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
1605
1606         Add the Intl API to the status page
1607
1608         * features.json:
1609         Andy VanWagoner landed the skeleton of the API and it is
1610         enabled by default.
1611
1612 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
1613
1614         Rename Mutex to DeprecatedMutex
1615         https://bugs.webkit.org/show_bug.cgi?id=147675
1616
1617         Reviewed by Geoffrey Garen.
1618
1619         * bytecode/SamplingTool.cpp:
1620         (JSC::SamplingTool::doRun):
1621         (JSC::SamplingTool::notifyOfScope):
1622         * bytecode/SamplingTool.h:
1623         * dfg/DFGThreadData.h:
1624         * dfg/DFGWorklist.cpp:
1625         (JSC::DFG::Worklist::~Worklist):
1626         (JSC::DFG::Worklist::isActiveForVM):
1627         (JSC::DFG::Worklist::enqueue):
1628         (JSC::DFG::Worklist::compilationState):
1629         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1630         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1631         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1632         (JSC::DFG::Worklist::visitWeakReferences):
1633         (JSC::DFG::Worklist::removeDeadPlans):
1634         (JSC::DFG::Worklist::queueLength):
1635         (JSC::DFG::Worklist::dump):
1636         (JSC::DFG::Worklist::runThread):
1637         * dfg/DFGWorklist.h:
1638         * disassembler/Disassembler.cpp:
1639         * heap/CopiedSpace.cpp:
1640         (JSC::CopiedSpace::doneFillingBlock):
1641         (JSC::CopiedSpace::doneCopying):
1642         * heap/CopiedSpace.h:
1643         * heap/CopiedSpaceInlines.h:
1644         (JSC::CopiedSpace::recycleBorrowedBlock):
1645         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1646         * heap/HeapTimer.h:
1647         * heap/MachineStackMarker.cpp:
1648         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1649         (JSC::ActiveMachineThreadsManager::add):
1650         (JSC::ActiveMachineThreadsManager::remove):
1651         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1652         (JSC::MachineThreads::~MachineThreads):
1653         (JSC::MachineThreads::addCurrentThread):
1654         (JSC::MachineThreads::removeThreadIfFound):
1655         (JSC::MachineThreads::tryCopyOtherThreadStack):
1656         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1657         (JSC::MachineThreads::gatherConservativeRoots):
1658         * heap/MachineStackMarker.h:
1659         * interpreter/JSStack.cpp:
1660         (JSC::stackStatisticsMutex):
1661         (JSC::JSStack::addToCommittedByteCount):
1662         (JSC::JSStack::committedByteCount):
1663         * jit/JITThunks.h:
1664         * profiler/ProfilerDatabase.h:
1665
1666 2015-08-05  Saam barati  <saambarati1@gmail.com>
1667
1668         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
1669         https://bugs.webkit.org/show_bug.cgi?id=147657
1670
1671         Reviewed by Mark Lam.
1672
1673         This kills the last of the name scope objects. Function name scopes are
1674         now built on top of the scoping mechanisms introduced with ES6 block scoping.
1675         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
1676         function name scoped variable carefully depending on if the function is in
1677         strict mode. If we're in strict mode, then we treat the variable exactly
1678         like a "const" variable. If we're not in strict mode, we can't treat
1679         this variable like like ES6 "const" because that would cause the bytecode
1680         generator to throw an exception when it shouldn't.
1681
1682         * CMakeLists.txt:
1683         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1684         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1685         * JavaScriptCore.xcodeproj/project.pbxproj:
1686         * bytecode/BytecodeList.json:
1687         * bytecode/BytecodeUseDef.h:
1688         (JSC::computeUsesForBytecodeOffset):
1689         (JSC::computeDefsForBytecodeOffset):
1690         * bytecode/CodeBlock.cpp:
1691         (JSC::CodeBlock::dumpBytecode):
1692         * bytecompiler/BytecodeGenerator.cpp:
1693         (JSC::BytecodeGenerator::BytecodeGenerator):
1694         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1695         (JSC::BytecodeGenerator::pushLexicalScope):
1696         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1697         (JSC::BytecodeGenerator::variable):
1698         (JSC::BytecodeGenerator::resolveType):
1699         (JSC::BytecodeGenerator::emitThrowTypeError):
1700         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1701         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
1702         (JSC::BytecodeGenerator::emitPushCatchScope):
1703         * bytecompiler/BytecodeGenerator.h:
1704         * bytecompiler/NodesCodegen.cpp:
1705         * debugger/DebuggerScope.cpp:
1706         * dfg/DFGOperations.cpp:
1707         * interpreter/Interpreter.cpp:
1708         * jit/JIT.cpp:
1709         (JSC::JIT::privateCompileMainPass):
1710         * jit/JIT.h:
1711         * jit/JITOpcodes.cpp:
1712         (JSC::JIT::emit_op_to_string):
1713         (JSC::JIT::emit_op_catch):
1714         (JSC::JIT::emit_op_push_name_scope): Deleted.
1715         * jit/JITOpcodes32_64.cpp:
1716         (JSC::JIT::emitSlow_op_to_string):
1717         (JSC::JIT::emit_op_catch):
1718         (JSC::JIT::emit_op_push_name_scope): Deleted.
1719         * jit/JITOperations.cpp:
1720         (JSC::pushNameScope): Deleted.
1721         * llint/LLIntSlowPaths.cpp:
1722         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1723         * llint/LLIntSlowPaths.h:
1724         * llint/LowLevelInterpreter.asm:
1725         * parser/Nodes.cpp:
1726         * runtime/CommonSlowPaths.cpp:
1727         * runtime/Executable.cpp:
1728         (JSC::ScriptExecutable::newCodeBlockFor):
1729         * runtime/JSFunctionNameScope.cpp: Removed.
1730         * runtime/JSFunctionNameScope.h: Removed.
1731         * runtime/JSGlobalObject.cpp:
1732         (JSC::JSGlobalObject::init):
1733         (JSC::JSGlobalObject::visitChildren):
1734         * runtime/JSGlobalObject.h:
1735         (JSC::JSGlobalObject::withScopeStructure):
1736         (JSC::JSGlobalObject::strictEvalActivationStructure):
1737         (JSC::JSGlobalObject::activationStructure):
1738         (JSC::JSGlobalObject::directArgumentsStructure):
1739         (JSC::JSGlobalObject::scopedArgumentsStructure):
1740         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
1741         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
1742         * runtime/JSNameScope.cpp: Removed.
1743         * runtime/JSNameScope.h: Removed.
1744         * runtime/JSObject.cpp:
1745         (JSC::JSObject::toThis):
1746         (JSC::JSObject::seal):
1747         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
1748         * runtime/JSObject.h:
1749         * runtime/JSScope.cpp:
1750         (JSC::JSScope::isCatchScope):
1751         (JSC::JSScope::isFunctionNameScopeObject):
1752         (JSC::resolveModeName):
1753         * runtime/JSScope.h:
1754         * runtime/JSSymbolTableObject.cpp:
1755         * runtime/SymbolTable.h:
1756         * runtime/VM.cpp:
1757
1758 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
1759
1760         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
1761         https://bugs.webkit.org/show_bug.cgi?id=147679
1762
1763         Reviewed by Timothy Hatcher.
1764
1765         Improve native iterator support for the PropertyName Iterator by
1766         allowing inspection of the internal object within the iterator
1767         and peeking of the next upcoming values of the iterator.
1768
1769         * inspector/JSInjectedScriptHost.cpp:
1770         (Inspector::JSInjectedScriptHost::subtype):
1771         (Inspector::JSInjectedScriptHost::getInternalProperties):
1772         (Inspector::JSInjectedScriptHost::iteratorEntries):
1773         * runtime/JSPropertyNameIterator.h:
1774         (JSC::JSPropertyNameIterator::iteratedValue):
1775
1776 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
1777
1778         [Win] Update Apple Windows build for VS2015
1779         https://bugs.webkit.org/show_bug.cgi?id=147653
1780
1781         Reviewed by Dean Jackson.
1782
1783         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
1784         Show JSC files in proper project locations in IDE.
1785
1786 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
1787
1788         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
1789         https://bugs.webkit.org/show_bug.cgi?id=147328
1790
1791         Reviewed by Timothy Hatcher.
1792
1793         * inspector/InjectedScriptSource.js:
1794         Use classList and classList.toString instead of className.
1795
1796 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1797
1798         [ES6] Support Module Syntax
1799         https://bugs.webkit.org/show_bug.cgi?id=147422
1800
1801         Reviewed by Saam Barati.
1802
1803         This patch introduces ES6 Modules syntax parsing part.
1804         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
1805         and this patch does not include the code generator part.
1806
1807         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
1808         and do not execute the body or construct the AST. And after analyzing all the dependent
1809         modules, we will parse the dependent modules next.
1810         After all analyzing part is done, we will start the second pass. In the second pass, we
1811         will parse the module, produce the AST, and execute the body.
1812         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
1813         because the given module can be executed after the all dependent modules are executed. It
1814         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
1815         the dependent modules' information.
1816
1817         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
1818         This patch aims at just implementing the syntax parsing functionality correctly.
1819         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
1820         to collect the dependent modules fast[1].
1821
1822         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
1823         By using this, we can parse the given string as the module.
1824
1825         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
1826
1827         * bytecompiler/NodesCodegen.cpp:
1828         (JSC::ModuleProgramNode::emitBytecode):
1829         (JSC::ImportDeclarationNode::emitBytecode):
1830         (JSC::ExportAllDeclarationNode::emitBytecode):
1831         (JSC::ExportDefaultDeclarationNode::emitBytecode):
1832         (JSC::ExportLocalDeclarationNode::emitBytecode):
1833         (JSC::ExportNamedDeclarationNode::emitBytecode):
1834         * jsc.cpp:
1835         (GlobalObject::finishCreation):
1836         (functionCheckModuleSyntax):
1837         * parser/ASTBuilder.h:
1838         (JSC::ASTBuilder::createModuleSpecifier):
1839         (JSC::ASTBuilder::createImportSpecifier):
1840         (JSC::ASTBuilder::createImportSpecifierList):
1841         (JSC::ASTBuilder::appendImportSpecifier):
1842         (JSC::ASTBuilder::createImportDeclaration):
1843         (JSC::ASTBuilder::createExportAllDeclaration):
1844         (JSC::ASTBuilder::createExportDefaultDeclaration):
1845         (JSC::ASTBuilder::createExportLocalDeclaration):
1846         (JSC::ASTBuilder::createExportNamedDeclaration):
1847         (JSC::ASTBuilder::createExportSpecifier):
1848         (JSC::ASTBuilder::createExportSpecifierList):
1849         (JSC::ASTBuilder::appendExportSpecifier):
1850         * parser/Keywords.table:
1851         * parser/NodeConstructors.h:
1852         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
1853         (JSC::ImportSpecifierNode::ImportSpecifierNode):
1854         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1855         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1856         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
1857         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
1858         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1859         (JSC::ExportSpecifierNode::ExportSpecifierNode):
1860         * parser/Nodes.cpp:
1861         (JSC::ModuleProgramNode::ModuleProgramNode):
1862         * parser/Nodes.h:
1863         (JSC::ModuleProgramNode::startColumn):
1864         (JSC::ModuleProgramNode::endColumn):
1865         (JSC::ModuleSpecifierNode::moduleName):
1866         (JSC::ImportSpecifierNode::importedName):
1867         (JSC::ImportSpecifierNode::localName):
1868         (JSC::ImportSpecifierListNode::specifiers):
1869         (JSC::ImportSpecifierListNode::append):
1870         (JSC::ImportDeclarationNode::specifierList):
1871         (JSC::ImportDeclarationNode::moduleSpecifier):
1872         (JSC::ExportAllDeclarationNode::moduleSpecifier):
1873         (JSC::ExportDefaultDeclarationNode::declaration):
1874         (JSC::ExportLocalDeclarationNode::declaration):
1875         (JSC::ExportSpecifierNode::exportedName):
1876         (JSC::ExportSpecifierNode::localName):
1877         (JSC::ExportSpecifierListNode::specifiers):
1878         (JSC::ExportSpecifierListNode::append):
1879         (JSC::ExportNamedDeclarationNode::specifierList):
1880         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
1881         * parser/Parser.cpp:
1882         (JSC::Parser<LexerType>::Parser):
1883         (JSC::Parser<LexerType>::parseInner):
1884         (JSC::Parser<LexerType>::parseModuleSourceElements):
1885         (JSC::Parser<LexerType>::parseVariableDeclaration):
1886         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1887         (JSC::Parser<LexerType>::createBindingPattern):
1888         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
1889         (JSC::Parser<LexerType>::parseDestructuringPattern):
1890         (JSC::Parser<LexerType>::parseForStatement):
1891         (JSC::Parser<LexerType>::parseFormalParameters):
1892         (JSC::Parser<LexerType>::parseFunctionParameters):
1893         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1894         (JSC::Parser<LexerType>::parseClassDeclaration):
1895         (JSC::Parser<LexerType>::parseModuleSpecifier):
1896         (JSC::Parser<LexerType>::parseImportClauseItem):
1897         (JSC::Parser<LexerType>::parseImportDeclaration):
1898         (JSC::Parser<LexerType>::parseExportSpecifier):
1899         (JSC::Parser<LexerType>::parseExportDeclaration):
1900         (JSC::Parser<LexerType>::parseMemberExpression):
1901         * parser/Parser.h:
1902         (JSC::isIdentifierOrKeyword):
1903         (JSC::ModuleScopeData::create):
1904         (JSC::ModuleScopeData::exportedBindings):
1905         (JSC::ModuleScopeData::exportName):
1906         (JSC::ModuleScopeData::exportBinding):
1907         (JSC::Scope::Scope):
1908         (JSC::Scope::setIsModule):
1909         (JSC::Scope::moduleScopeData):
1910         (JSC::Parser::matchContextualKeyword):
1911         (JSC::Parser::matchIdentifierOrKeyword):
1912         (JSC::Parser::isofToken): Deleted.
1913         * parser/ParserModes.h:
1914         * parser/ParserTokens.h:
1915         * parser/SyntaxChecker.h:
1916         (JSC::SyntaxChecker::createModuleSpecifier):
1917         (JSC::SyntaxChecker::createImportSpecifier):
1918         (JSC::SyntaxChecker::createImportSpecifierList):
1919         (JSC::SyntaxChecker::appendImportSpecifier):
1920         (JSC::SyntaxChecker::createImportDeclaration):
1921         (JSC::SyntaxChecker::createExportAllDeclaration):
1922         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1923         (JSC::SyntaxChecker::createExportLocalDeclaration):
1924         (JSC::SyntaxChecker::createExportNamedDeclaration):
1925         (JSC::SyntaxChecker::createExportSpecifier):
1926         (JSC::SyntaxChecker::createExportSpecifierList):
1927         (JSC::SyntaxChecker::appendExportSpecifier):
1928         * runtime/CommonIdentifiers.cpp:
1929         (JSC::CommonIdentifiers::CommonIdentifiers):
1930         * runtime/CommonIdentifiers.h:
1931         * runtime/Completion.cpp:
1932         (JSC::checkModuleSyntax):
1933         * runtime/Completion.h:
1934         * tests/stress/modules-syntax-error-with-names.js: Added.
1935         (shouldThrow):
1936         * tests/stress/modules-syntax-error.js: Added.
1937         (shouldThrow):
1938         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
1939         * tests/stress/modules-syntax.js: Added.
1940         (prototype.checkModuleSyntax):
1941         (checkModuleSyntax):
1942         * tests/stress/tagged-templates-syntax.js:
1943
1944 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
1945
1946         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
1947         https://bugs.webkit.org/show_bug.cgi?id=146833
1948
1949         Reviewed by Alexey Proskuryakov.
1950
1951         * assembler/ARM64Assembler.h:
1952         * assembler/ARMAssembler.h:
1953         (JSC::ARMAssembler::cacheFlush):
1954         * assembler/MacroAssemblerARM.cpp:
1955         (JSC::isVFPPresent):
1956         * assembler/MacroAssemblerX86Common.h:
1957         (JSC::MacroAssemblerX86Common::isSSE2Present):
1958         * heap/MachineStackMarker.h:
1959         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
1960         (JSC::logF):
1961         * jit/HostCallReturnValue.h:
1962         * jit/JIT.h:
1963         * jit/JITOperations.cpp:
1964         * jit/JITStubsARM.h:
1965         * jit/JITStubsARMv7.h:
1966         * jit/JITStubsX86.h:
1967         * jit/JITStubsX86Common.h:
1968         * jit/JITStubsX86_64.h:
1969         * jit/ThunkGenerators.cpp:
1970         * runtime/JSExportMacros.h:
1971         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
1972         (JSC::clz32):
1973
1974 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1975
1976         Unreviewed, fix uninitialized property leading to an assert.
1977
1978         * runtime/PutPropertySlot.h:
1979         (JSC::PutPropertySlot::PutPropertySlot):
1980
1981 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1982
1983         Unreviewed, fix Windows.
1984
1985         * bytecode/ObjectPropertyConditionSet.h:
1986         (JSC::ObjectPropertyConditionSet::fromRawPointer):
1987
1988 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
1989
1990         DFG should have adaptive structure watchpoints
1991         https://bugs.webkit.org/show_bug.cgi?id=146929
1992
1993         Reviewed by Geoffrey Garen.
1994
1995         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
1996         property, you'd check that the object still has the structure that you first saw the object have. We
1997         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
1998         elide the structure check.
1999
2000         But this approach fails when that object frequently has new properties added to it. This would
2001         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2002         we'd have to recompile either the IC or an entire code block.
2003
2004         This change introduces a new concept: an object property condition. This value describes some
2005         condition involving a property on some object. There are four kinds: presence, absence,
2006         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2007         object has some property at some offset with some attributes. This allows us to implement a new kind
2008         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2009         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2010         on the new structure.
2011
2012         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2013         and prototype accesses. They are also used for any DFG accesses to object constants, including
2014         global property accesses.
2015
2016         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2017         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2018         chain situation. It's also a small speed-up on getter-richards.
2019
2020         * CMakeLists.txt:
2021         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2022         * JavaScriptCore.xcodeproj/project.pbxproj:
2023         * bytecode/CodeBlock.cpp:
2024         (JSC::CodeBlock::printGetByIdCacheStatus):
2025         (JSC::CodeBlock::printPutByIdCacheStatus):
2026         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2027         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2028         * bytecode/ComplexGetStatus.cpp:
2029         (JSC::ComplexGetStatus::computeFor):
2030         * bytecode/ComplexGetStatus.h:
2031         (JSC::ComplexGetStatus::ComplexGetStatus):
2032         (JSC::ComplexGetStatus::takesSlowPath):
2033         (JSC::ComplexGetStatus::kind):
2034         (JSC::ComplexGetStatus::offset):
2035         (JSC::ComplexGetStatus::conditionSet):
2036         (JSC::ComplexGetStatus::attributes): Deleted.
2037         (JSC::ComplexGetStatus::specificValue): Deleted.
2038         (JSC::ComplexGetStatus::chain): Deleted.
2039         * bytecode/ConstantStructureCheck.cpp: Removed.
2040         * bytecode/ConstantStructureCheck.h: Removed.
2041         * bytecode/GetByIdStatus.cpp:
2042         (JSC::GetByIdStatus::computeForStubInfo):
2043         * bytecode/GetByIdVariant.cpp:
2044         (JSC::GetByIdVariant::GetByIdVariant):
2045         (JSC::GetByIdVariant::~GetByIdVariant):
2046         (JSC::GetByIdVariant::operator=):
2047         (JSC::GetByIdVariant::attemptToMerge):
2048         (JSC::GetByIdVariant::dumpInContext):
2049         (JSC::GetByIdVariant::baseStructure): Deleted.
2050         * bytecode/GetByIdVariant.h:
2051         (JSC::GetByIdVariant::operator!):
2052         (JSC::GetByIdVariant::structureSet):
2053         (JSC::GetByIdVariant::conditionSet):
2054         (JSC::GetByIdVariant::offset):
2055         (JSC::GetByIdVariant::callLinkStatus):
2056         (JSC::GetByIdVariant::constantChecks): Deleted.
2057         (JSC::GetByIdVariant::alternateBase): Deleted.
2058         * bytecode/ObjectPropertyCondition.cpp: Added.
2059         (JSC::ObjectPropertyCondition::dumpInContext):
2060         (JSC::ObjectPropertyCondition::dump):
2061         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2062         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2063         (JSC::ObjectPropertyCondition::isStillValid):
2064         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2065         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2066         (JSC::ObjectPropertyCondition::isWatchable):
2067         (JSC::ObjectPropertyCondition::isStillLive):
2068         (JSC::ObjectPropertyCondition::validateReferences):
2069         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2070         * bytecode/ObjectPropertyCondition.h: Added.
2071         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2072         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2073         (JSC::ObjectPropertyCondition::presence):
2074         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2075         (JSC::ObjectPropertyCondition::absence):
2076         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2077         (JSC::ObjectPropertyCondition::absenceOfSetter):
2078         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2079         (JSC::ObjectPropertyCondition::equivalence):
2080         (JSC::ObjectPropertyCondition::operator!):
2081         (JSC::ObjectPropertyCondition::object):
2082         (JSC::ObjectPropertyCondition::condition):
2083         (JSC::ObjectPropertyCondition::kind):
2084         (JSC::ObjectPropertyCondition::uid):
2085         (JSC::ObjectPropertyCondition::hasOffset):
2086         (JSC::ObjectPropertyCondition::offset):
2087         (JSC::ObjectPropertyCondition::hasAttributes):
2088         (JSC::ObjectPropertyCondition::attributes):
2089         (JSC::ObjectPropertyCondition::hasPrototype):
2090         (JSC::ObjectPropertyCondition::prototype):
2091         (JSC::ObjectPropertyCondition::hasRequiredValue):
2092         (JSC::ObjectPropertyCondition::requiredValue):
2093         (JSC::ObjectPropertyCondition::hash):
2094         (JSC::ObjectPropertyCondition::operator==):
2095         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2096         (JSC::ObjectPropertyCondition::isCompatibleWith):
2097         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2098         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2099         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2100         (JSC::ObjectPropertyConditionHash::hash):
2101         (JSC::ObjectPropertyConditionHash::equal):
2102         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2103         (JSC::ObjectPropertyConditionSet::forObject):
2104         (JSC::ObjectPropertyConditionSet::forConditionKind):
2105         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2106         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2107         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2108         (JSC::ObjectPropertyConditionSet::mergedWith):
2109         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2110         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2111         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2112         (JSC::ObjectPropertyConditionSet::areStillLive):
2113         (JSC::ObjectPropertyConditionSet::dumpInContext):
2114         (JSC::ObjectPropertyConditionSet::dump):
2115         (JSC::generateConditionsForPropertyMiss):
2116         (JSC::generateConditionsForPropertySetterMiss):
2117         (JSC::generateConditionsForPrototypePropertyHit):
2118         (JSC::generateConditionsForPrototypePropertyHitCustom):
2119         (JSC::generateConditionsForPropertySetterMissConcurrently):
2120         * bytecode/ObjectPropertyConditionSet.h: Added.
2121         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2122         (JSC::ObjectPropertyConditionSet::invalid):
2123         (JSC::ObjectPropertyConditionSet::nonEmpty):
2124         (JSC::ObjectPropertyConditionSet::isValid):
2125         (JSC::ObjectPropertyConditionSet::isEmpty):
2126         (JSC::ObjectPropertyConditionSet::begin):
2127         (JSC::ObjectPropertyConditionSet::end):
2128         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2129         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2130         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2131         (JSC::ObjectPropertyConditionSet::Data::Data):
2132         * bytecode/PolymorphicGetByIdList.cpp:
2133         (JSC::GetByIdAccess::GetByIdAccess):
2134         (JSC::GetByIdAccess::~GetByIdAccess):
2135         (JSC::GetByIdAccess::visitWeak):
2136         * bytecode/PolymorphicGetByIdList.h:
2137         (JSC::GetByIdAccess::GetByIdAccess):
2138         (JSC::GetByIdAccess::structure):
2139         (JSC::GetByIdAccess::conditionSet):
2140         (JSC::GetByIdAccess::stubRoutine):
2141         (JSC::GetByIdAccess::chain): Deleted.
2142         (JSC::GetByIdAccess::chainCount): Deleted.
2143         * bytecode/PolymorphicPutByIdList.cpp:
2144         (JSC::PutByIdAccess::fromStructureStubInfo):
2145         (JSC::PutByIdAccess::visitWeak):
2146         * bytecode/PolymorphicPutByIdList.h:
2147         (JSC::PutByIdAccess::PutByIdAccess):
2148         (JSC::PutByIdAccess::transition):
2149         (JSC::PutByIdAccess::setter):
2150         (JSC::PutByIdAccess::newStructure):
2151         (JSC::PutByIdAccess::conditionSet):
2152         (JSC::PutByIdAccess::stubRoutine):
2153         (JSC::PutByIdAccess::chain): Deleted.
2154         (JSC::PutByIdAccess::chainCount): Deleted.
2155         * bytecode/PropertyCondition.cpp: Added.
2156         (JSC::PropertyCondition::dumpInContext):
2157         (JSC::PropertyCondition::dump):
2158         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2159         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2160         (JSC::PropertyCondition::isStillValid):
2161         (JSC::PropertyCondition::isWatchableWhenValid):
2162         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2163         (JSC::PropertyCondition::isWatchable):
2164         (JSC::PropertyCondition::isStillLive):
2165         (JSC::PropertyCondition::validateReferences):
2166         (JSC::PropertyCondition::isValidValueForAttributes):
2167         (JSC::PropertyCondition::isValidValueForPresence):
2168         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2169         (WTF::printInternal):
2170         * bytecode/PropertyCondition.h: Added.
2171         (JSC::PropertyCondition::PropertyCondition):
2172         (JSC::PropertyCondition::presenceWithoutBarrier):
2173         (JSC::PropertyCondition::presence):
2174         (JSC::PropertyCondition::absenceWithoutBarrier):
2175         (JSC::PropertyCondition::absence):
2176         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2177         (JSC::PropertyCondition::absenceOfSetter):
2178         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2179         (JSC::PropertyCondition::equivalence):
2180         (JSC::PropertyCondition::operator!):
2181         (JSC::PropertyCondition::kind):
2182         (JSC::PropertyCondition::uid):
2183         (JSC::PropertyCondition::hasOffset):
2184         (JSC::PropertyCondition::offset):
2185         (JSC::PropertyCondition::hasAttributes):
2186         (JSC::PropertyCondition::attributes):
2187         (JSC::PropertyCondition::hasPrototype):
2188         (JSC::PropertyCondition::prototype):
2189         (JSC::PropertyCondition::hasRequiredValue):
2190         (JSC::PropertyCondition::requiredValue):
2191         (JSC::PropertyCondition::hash):
2192         (JSC::PropertyCondition::operator==):
2193         (JSC::PropertyCondition::isHashTableDeletedValue):
2194         (JSC::PropertyCondition::isCompatibleWith):
2195         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2196         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2197         (JSC::PropertyConditionHash::hash):
2198         (JSC::PropertyConditionHash::equal):
2199         * bytecode/PutByIdStatus.cpp:
2200         (JSC::PutByIdStatus::computeFromLLInt):
2201         (JSC::PutByIdStatus::computeFor):
2202         (JSC::PutByIdStatus::computeForStubInfo):
2203         * bytecode/PutByIdVariant.cpp:
2204         (JSC::PutByIdVariant::operator=):
2205         (JSC::PutByIdVariant::transition):
2206         (JSC::PutByIdVariant::setter):
2207         (JSC::PutByIdVariant::makesCalls):
2208         (JSC::PutByIdVariant::attemptToMerge):
2209         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2210         (JSC::PutByIdVariant::dumpInContext):
2211         (JSC::PutByIdVariant::baseStructure): Deleted.
2212         * bytecode/PutByIdVariant.h:
2213         (JSC::PutByIdVariant::PutByIdVariant):
2214         (JSC::PutByIdVariant::kind):
2215         (JSC::PutByIdVariant::structure):
2216         (JSC::PutByIdVariant::structureSet):
2217         (JSC::PutByIdVariant::oldStructure):
2218         (JSC::PutByIdVariant::conditionSet):
2219         (JSC::PutByIdVariant::offset):
2220         (JSC::PutByIdVariant::callLinkStatus):
2221         (JSC::PutByIdVariant::constantChecks): Deleted.
2222         (JSC::PutByIdVariant::alternateBase): Deleted.
2223         * bytecode/StructureStubClearingWatchpoint.cpp:
2224         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2225         (JSC::StructureStubClearingWatchpoint::push):
2226         (JSC::StructureStubClearingWatchpoint::fireInternal):
2227         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2228         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2229         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2230         * bytecode/StructureStubClearingWatchpoint.h:
2231         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2232         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2233         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2234         * bytecode/StructureStubInfo.cpp:
2235         (JSC::StructureStubInfo::deref):
2236         (JSC::StructureStubInfo::visitWeakReferences):
2237         * bytecode/StructureStubInfo.h:
2238         (JSC::StructureStubInfo::initPutByIdTransition):
2239         (JSC::StructureStubInfo::initPutByIdReplace):
2240         (JSC::StructureStubInfo::setSeen):
2241         (JSC::StructureStubInfo::addWatchpoint):
2242         * dfg/DFGAbstractInterpreterInlines.h:
2243         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2244         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2245         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2246         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2247         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2248         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2249         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2250         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2251         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2252         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2253         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2254         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2255         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2256         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2257         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2258         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2259         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2260         * dfg/DFGByteCodeParser.cpp:
2261         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2262         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2263         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2264         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2265         (JSC::DFG::ByteCodeParser::check):
2266         (JSC::DFG::ByteCodeParser::promoteToConstant):
2267         (JSC::DFG::ByteCodeParser::planLoad):
2268         (JSC::DFG::ByteCodeParser::load):
2269         (JSC::DFG::ByteCodeParser::presenceLike):
2270         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2271         (JSC::DFG::ByteCodeParser::store):
2272         (JSC::DFG::ByteCodeParser::handleGetById):
2273         (JSC::DFG::ByteCodeParser::handlePutById):
2274         (JSC::DFG::ByteCodeParser::parseBlock):
2275         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2276         * dfg/DFGCommonData.cpp:
2277         (JSC::DFG::CommonData::validateReferences):
2278         * dfg/DFGCommonData.h:
2279         * dfg/DFGConstantFoldingPhase.cpp:
2280         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2281         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2282         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2283         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2284         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2285         * dfg/DFGDesiredWatchpoints.cpp:
2286         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2287         (JSC::DFG::InferredValueAdaptor::add):
2288         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2289         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2290         (JSC::DFG::DesiredWatchpoints::addLazily):
2291         (JSC::DFG::DesiredWatchpoints::consider):
2292         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2293         (JSC::DFG::DesiredWatchpoints::areStillValid):
2294         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2295         * dfg/DFGDesiredWatchpoints.h:
2296         (JSC::DFG::SetPointerAdaptor::add):
2297         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2298         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2299         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2300         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2301         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2302         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2303         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2304         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2305         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2306         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2307         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2308         (JSC::DFG::DesiredWatchpoints::isWatched):
2309         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2310         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2311         * dfg/DFGDesiredWeakReferences.cpp:
2312         (JSC::DFG::DesiredWeakReferences::addLazily):
2313         (JSC::DFG::DesiredWeakReferences::contains):
2314         * dfg/DFGDesiredWeakReferences.h:
2315         * dfg/DFGGraph.cpp:
2316         (JSC::DFG::Graph::dump):
2317         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2318         (JSC::DFG::Graph::watchCondition):
2319         (JSC::DFG::Graph::isSafeToLoad):
2320         (JSC::DFG::Graph::livenessFor):
2321         (JSC::DFG::Graph::tryGetConstantProperty):
2322         (JSC::DFG::Graph::visitChildren):
2323         * dfg/DFGGraph.h:
2324         (JSC::DFG::Graph::identifiers):
2325         (JSC::DFG::Graph::watchpoints):
2326         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2327         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2328         (JSC::DFG::GetByOffsetMethod::dump):
2329         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2330         (JSC::DFG::MultiGetByOffsetCase::dump):
2331         (WTF::printInternal):
2332         * dfg/DFGMultiGetByOffsetData.h: Added.
2333         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2334         (JSC::DFG::GetByOffsetMethod::constant):
2335         (JSC::DFG::GetByOffsetMethod::load):
2336         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2337         (JSC::DFG::GetByOffsetMethod::operator!):
2338         (JSC::DFG::GetByOffsetMethod::kind):
2339         (JSC::DFG::GetByOffsetMethod::prototype):
2340         (JSC::DFG::GetByOffsetMethod::offset):
2341         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2342         (JSC::DFG::MultiGetByOffsetCase::set):
2343         (JSC::DFG::MultiGetByOffsetCase::method):
2344         * dfg/DFGNode.h:
2345         * dfg/DFGSafeToExecute.h:
2346         (JSC::DFG::safeToExecute):
2347         * dfg/DFGStructureRegistrationPhase.cpp:
2348         (JSC::DFG::StructureRegistrationPhase::run):
2349         * ftl/FTLLowerDFGToLLVM.cpp:
2350         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2351         * jit/Repatch.cpp:
2352         (JSC::repatchByIdSelfAccess):
2353         (JSC::checkObjectPropertyCondition):
2354         (JSC::checkObjectPropertyConditions):
2355         (JSC::replaceWithJump):
2356         (JSC::generateByIdStub):
2357         (JSC::actionForCell):
2358         (JSC::tryBuildGetByIDList):
2359         (JSC::emitPutReplaceStub):
2360         (JSC::emitPutTransitionStub):
2361         (JSC::tryCachePutByID):
2362         (JSC::tryBuildPutByIdList):
2363         (JSC::tryRepatchIn):
2364         (JSC::addStructureTransitionCheck): Deleted.
2365         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2366         * runtime/IntendedStructureChain.cpp: Removed.
2367         * runtime/IntendedStructureChain.h: Removed.
2368         * runtime/JSCJSValue.h:
2369         * runtime/JSObject.cpp:
2370         (JSC::throwTypeError):
2371         (JSC::JSObject::convertToDictionary):
2372         (JSC::JSObject::shiftButterflyAfterFlattening):
2373         * runtime/JSObject.h:
2374         (JSC::JSObject::flattenDictionaryObject):
2375         (JSC::JSObject::convertToDictionary): Deleted.
2376         * runtime/Operations.h:
2377         (JSC::normalizePrototypeChain):
2378         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2379         (JSC::isPrototypeChainNormalized): Deleted.
2380         * runtime/PropertySlot.h:
2381         (JSC::PropertySlot::PropertySlot):
2382         (JSC::PropertySlot::slotBase):
2383         * runtime/Structure.cpp:
2384         (JSC::Structure::addPropertyTransition):
2385         (JSC::Structure::attributeChangeTransition):
2386         (JSC::Structure::toDictionaryTransition):
2387         (JSC::Structure::toCacheableDictionaryTransition):
2388         (JSC::Structure::toUncacheableDictionaryTransition):
2389         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2390         (JSC::Structure::startWatchingPropertyForReplacements):
2391         (JSC::Structure::didCachePropertyReplacement):
2392         (JSC::Structure::dump):
2393         * runtime/Structure.h:
2394         * runtime/VM.h:
2395         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2396         (foo):
2397         (bar):
2398         (baz):
2399         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2400         (foo):
2401         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2402         (foo):
2403         * tests/stress/replacement-watchpoint.js: Added.
2404         (foo):
2405         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2406         (foo):
2407         * tests/stress/undefined-access-then-proto-change.js: Added.
2408         (foo):
2409
2410 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2411
2412         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2413         https://bugs.webkit.org/show_bug.cgi?id=147538
2414
2415         Reviewed by Geoffrey Garen.
2416
2417         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
2418         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
2419         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
2420
2421         * parser/ParserTokens.h:
2422         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
2423         (testSyntaxError):
2424
2425 2015-08-03  Keith Miller  <keith_miller@apple.com>
2426
2427         Clean up the naming for AST expression generation.
2428         https://bugs.webkit.org/show_bug.cgi?id=147581
2429
2430         Reviewed by Yusuke Suzuki.
2431
2432         * parser/ASTBuilder.h:
2433         (JSC::ASTBuilder::createThisExpr):
2434         (JSC::ASTBuilder::createSuperExpr):
2435         (JSC::ASTBuilder::createNewTargetExpr):
2436         (JSC::ASTBuilder::thisExpr): Deleted.
2437         (JSC::ASTBuilder::superExpr): Deleted.
2438         (JSC::ASTBuilder::newTargetExpr): Deleted.
2439         * parser/Parser.cpp:
2440         (JSC::Parser<LexerType>::parsePrimaryExpression):
2441         (JSC::Parser<LexerType>::parseMemberExpression):
2442         * parser/SyntaxChecker.h:
2443         (JSC::SyntaxChecker::createThisExpr):
2444         (JSC::SyntaxChecker::createSuperExpr):
2445         (JSC::SyntaxChecker::createNewTargetExpr):
2446         (JSC::SyntaxChecker::thisExpr): Deleted.
2447         (JSC::SyntaxChecker::superExpr): Deleted.
2448         (JSC::SyntaxChecker::newTargetExpr): Deleted.
2449
2450 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2451
2452         Don't set up the callsite to operationGetByValDefault when the optimization is already done
2453         https://bugs.webkit.org/show_bug.cgi?id=147577
2454
2455         Reviewed by Filip Pizlo.
2456
2457         operationGetByValDefault should be called only when the IC is not set.
2458         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
2459         operationGetByValDefault raises the assertion failure.
2460         In this patch, we change the callsite setting up code in operationGetByValString when
2461         the IC is already set. And to make the operation's meaning explicitly, we changed the
2462         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
2463         GetById case.
2464
2465         * jit/JITOperations.cpp:
2466         * jit/JITOperations.h:
2467         * jit/JITPropertyAccess.cpp:
2468         (JSC::JIT::emitSlow_op_get_by_val):
2469         * jit/JITPropertyAccess32_64.cpp:
2470         (JSC::JIT::emitSlow_op_get_by_val):
2471         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
2472         (hello):
2473
2474 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2475
2476         [FTL] Remove unused scripts related to native call inlining
2477         https://bugs.webkit.org/show_bug.cgi?id=147448
2478
2479         Reviewed by Filip Pizlo.
2480
2481         * build-symbol-table-index.py: Removed.
2482         * copy-llvm-ir-to-derived-sources.sh: Removed.
2483         * create-llvm-ir-from-source-file.py: Removed.
2484         * create-symbol-table-index.py: Removed.
2485
2486 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
2487
2488         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
2489         https://bugs.webkit.org/show_bug.cgi?id=118455
2490
2491         Reviewed by Filip Pizlo.
2492
2493         LivenessAnalysisPhase lights up like a christmas tree in profiles.
2494
2495         This patch cuts its cost by 4.
2496         About half of the gains come from removing many rehash() when copying
2497         the HashSet.
2498         The last quarter is achieved by having a special add() function for initializing
2499         a HashSet.
2500
2501         This makes benchmarks progress by 1-2% here and there. Nothing massive.
2502
2503         * dfg/DFGLivenessAnalysisPhase.cpp:
2504         (JSC::DFG::LivenessAnalysisPhase::process):
2505         The m_live HashSet is only useful per block. When we are done with it,
2506         we can transfer it to liveAtHead to avoid a copy.
2507
2508 2015-08-01  Saam barati  <saambarati1@gmail.com>
2509
2510         Unreviewed. Remove unintentional "print" statement in test case.
2511         https://bugs.webkit.org/show_bug.cgi?id=142567
2512
2513         * tests/stress/class-syntax-definition-semantics.js:
2514         (shouldBeSyntaxError):
2515
2516 2015-07-31  Alex Christensen  <achristensen@webkit.org>
2517
2518         Prepare for VS2015
2519         https://bugs.webkit.org/show_bug.cgi?id=146579
2520
2521         Reviewed by Jon Honeycutt.
2522
2523         * heap/Heap.h:
2524         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
2525
2526 2015-07-31  Saam barati  <saambarati1@gmail.com>
2527
2528         ES6 class syntax should use block scoping
2529         https://bugs.webkit.org/show_bug.cgi?id=142567
2530
2531         Reviewed by Geoffrey Garen.
2532
2533         We treat class declarations like we do "let" declarations.
2534         The class name is under TDZ until the class declaration
2535         statement is evaluated. Class declarations also follow
2536         the same rules as "let": No duplicate definitions inside
2537         a lexical environment.
2538
2539         * parser/ASTBuilder.h:
2540         (JSC::ASTBuilder::createClassDeclStatement):
2541         * parser/Parser.cpp:
2542         (JSC::Parser<LexerType>::parseClassDeclaration):
2543         * tests/stress/class-syntax-block-scoping.js: Added.
2544         (assert):
2545         (truth):
2546         (.):
2547         * tests/stress/class-syntax-definition-semantics.js: Added.
2548         (shouldBeSyntaxError):
2549         (shouldNotBeSyntaxError):
2550         (truth):
2551         * tests/stress/class-syntax-tdz.js:
2552         (assert):
2553         (shouldThrowTDZ):
2554         (truth):
2555         (.):
2556
2557 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2558
2559         Implement WebAssembly module parser
2560         https://bugs.webkit.org/show_bug.cgi?id=147293
2561
2562         Reviewed by Mark Lam.
2563
2564         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
2565         include file: 'JSWASMModule.h'" issue on Windows.
2566
2567         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2568         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2569         the magic number at the beginning of the files. Parsing of the rest will be
2570         implemented in a subsequent patch.
2571
2572         * CMakeLists.txt:
2573         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2574         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2575         * JavaScriptCore.xcodeproj/project.pbxproj:
2576         * jsc.cpp:
2577         (GlobalObject::finishCreation):
2578         (functionLoadWebAssembly):
2579         * parser/SourceProvider.h:
2580         (JSC::WebAssemblySourceProvider::create):
2581         (JSC::WebAssemblySourceProvider::data):
2582         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2583         * runtime/JSGlobalObject.cpp:
2584         (JSC::JSGlobalObject::init):
2585         (JSC::JSGlobalObject::visitChildren):
2586         * runtime/JSGlobalObject.h:
2587         (JSC::JSGlobalObject::wasmModuleStructure):
2588         * wasm/WASMMagicNumber.h: Added.
2589         * wasm/WASMModuleParser.cpp: Added.
2590         (JSC::WASMModuleParser::WASMModuleParser):
2591         (JSC::WASMModuleParser::parse):
2592         (JSC::WASMModuleParser::parseModule):
2593         (JSC::parseWebAssembly):
2594         * wasm/WASMModuleParser.h: Added.
2595         * wasm/WASMReader.cpp: Added.
2596         (JSC::WASMReader::readUnsignedInt32):
2597         (JSC::WASMReader::readFloat):
2598         (JSC::WASMReader::readDouble):
2599         * wasm/WASMReader.h: Added.
2600         (JSC::WASMReader::WASMReader):
2601
2602 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2603
2604         Add the "wasm" directory to the Additional Include Directories for jsc.exe
2605         https://bugs.webkit.org/show_bug.cgi?id=147443
2606
2607         Reviewed by Mark Lam.
2608
2609         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
2610         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
2611
2612         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2613
2614 2015-07-30  Chris Dumez  <cdumez@apple.com>
2615
2616         Mark more classes as fast allocated
2617         https://bugs.webkit.org/show_bug.cgi?id=147440
2618
2619         Reviewed by Sam Weinig.
2620
2621         Mark more classes as fast allocated for performance. We heap-allocate
2622         objects of those types throughout the code base.
2623
2624         * API/JSCallbackObject.h:
2625         * API/ObjCCallbackFunction.mm:
2626         * bytecode/BytecodeKills.h:
2627         * bytecode/BytecodeLivenessAnalysis.h:
2628         * bytecode/CallLinkStatus.h:
2629         * bytecode/FullBytecodeLiveness.h:
2630         * bytecode/SamplingTool.h:
2631         * bytecompiler/BytecodeGenerator.h:
2632         * dfg/DFGBasicBlock.h:
2633         * dfg/DFGBlockMap.h:
2634         * dfg/DFGInPlaceAbstractState.h:
2635         * dfg/DFGThreadData.h:
2636         * heap/HeapVerifier.h:
2637         * heap/SlotVisitor.h:
2638         * parser/Lexer.h:
2639         * runtime/ControlFlowProfiler.h:
2640         * runtime/TypeProfiler.h:
2641         * runtime/TypeProfilerLog.h:
2642         * runtime/Watchdog.h:
2643
2644 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
2645
2646         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
2647         https://bugs.webkit.org/show_bug.cgi?id=147433
2648         rdar://problem/21668986
2649
2650         Reviewed by Mark Lam.
2651
2652         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
2653         currently that's not what it does - it emits a SetArgument for every argument that a varargs
2654         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
2655         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
2656         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
2657         have a PutStack.
2658
2659         This fixes the bug by removing the code to optimize away PutStacks in
2660         ArgumentsEliminationPhase.
2661
2662         * dfg/DFGArgumentsEliminationPhase.cpp:
2663         * tests/stress/varargs-inlining-underflow.js: Added.
2664         (baz):
2665         (bar):
2666         (foo):
2667
2668 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
2669
2670         Implement basic types for ECMAScript Internationalization API
2671         https://bugs.webkit.org/show_bug.cgi?id=146926
2672
2673         Reviewed by Benjamin Poulain.
2674
2675         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
2676         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
2677
2678         * CMakeLists.txt: Added new Intl files.
2679         * Configurations/FeatureDefines.xcconfig: Enable INTL.
2680         * DerivedSources.make: Added Intl files.
2681         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
2682         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
2683         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
2684         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
2685         * runtime/DateConstructor.cpp: Made Date.now public.
2686         * runtime/DateConstructor.h: Made Date.now public.
2687         * runtime/IntlCollator.cpp: Added.
2688         (JSC::IntlCollator::create):
2689         (JSC::IntlCollator::createStructure):
2690         (JSC::IntlCollator::IntlCollator):
2691         (JSC::IntlCollator::finishCreation):
2692         (JSC::IntlCollator::destroy):
2693         (JSC::IntlCollator::visitChildren):
2694         (JSC::IntlCollator::setBoundCompare):
2695         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
2696         * runtime/IntlCollator.h: Added.
2697         (JSC::IntlCollator::constructor):
2698         (JSC::IntlCollator::boundCompare):
2699         * runtime/IntlCollatorConstructor.cpp: Added.
2700         (JSC::IntlCollatorConstructor::create):
2701         (JSC::IntlCollatorConstructor::createStructure):
2702         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
2703         (JSC::IntlCollatorConstructor::finishCreation):
2704         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
2705         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
2706         (JSC::IntlCollatorConstructor::getConstructData):
2707         (JSC::IntlCollatorConstructor::getCallData):
2708         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2709         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2710         (JSC::IntlCollatorConstructor::visitChildren):
2711         * runtime/IntlCollatorConstructor.h: Added.
2712         (JSC::IntlCollatorConstructor::collatorStructure):
2713         * runtime/IntlCollatorPrototype.cpp: Added.
2714         (JSC::IntlCollatorPrototype::create):
2715         (JSC::IntlCollatorPrototype::createStructure):
2716         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
2717         (JSC::IntlCollatorPrototype::finishCreation):
2718         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
2719         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
2720         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2721         * runtime/IntlCollatorPrototype.h: Added.
2722         * runtime/IntlDateTimeFormat.cpp: Added.
2723         (JSC::IntlDateTimeFormat::create):
2724         (JSC::IntlDateTimeFormat::createStructure):
2725         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
2726         (JSC::IntlDateTimeFormat::finishCreation):
2727         (JSC::IntlDateTimeFormat::destroy):
2728         (JSC::IntlDateTimeFormat::visitChildren):
2729         (JSC::IntlDateTimeFormat::setBoundFormat):
2730         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
2731         * runtime/IntlDateTimeFormat.h: Added.
2732         (JSC::IntlDateTimeFormat::constructor):
2733         (JSC::IntlDateTimeFormat::boundFormat):
2734         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
2735         (JSC::IntlDateTimeFormatConstructor::create):
2736         (JSC::IntlDateTimeFormatConstructor::createStructure):
2737         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
2738         (JSC::IntlDateTimeFormatConstructor::finishCreation):
2739         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2740         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2741         (JSC::IntlDateTimeFormatConstructor::getConstructData):
2742         (JSC::IntlDateTimeFormatConstructor::getCallData):
2743         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2744         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2745         (JSC::IntlDateTimeFormatConstructor::visitChildren):
2746         * runtime/IntlDateTimeFormatConstructor.h: Added.
2747         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
2748         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
2749         (JSC::IntlDateTimeFormatPrototype::create):
2750         (JSC::IntlDateTimeFormatPrototype::createStructure):
2751         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
2752         (JSC::IntlDateTimeFormatPrototype::finishCreation):
2753         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2754         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
2755         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2756         * runtime/IntlDateTimeFormatPrototype.h: Added.
2757         * runtime/IntlNumberFormat.cpp: Added.
2758         (JSC::IntlNumberFormat::create):
2759         (JSC::IntlNumberFormat::createStructure):
2760         (JSC::IntlNumberFormat::IntlNumberFormat):
2761         (JSC::IntlNumberFormat::finishCreation):
2762         (JSC::IntlNumberFormat::destroy):
2763         (JSC::IntlNumberFormat::visitChildren):
2764         (JSC::IntlNumberFormat::setBoundFormat):
2765         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
2766         * runtime/IntlNumberFormat.h: Added.
2767         (JSC::IntlNumberFormat::constructor):
2768         (JSC::IntlNumberFormat::boundFormat):
2769         * runtime/IntlNumberFormatConstructor.cpp: Added.
2770         (JSC::IntlNumberFormatConstructor::create):
2771         (JSC::IntlNumberFormatConstructor::createStructure):
2772         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
2773         (JSC::IntlNumberFormatConstructor::finishCreation):
2774         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2775         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2776         (JSC::IntlNumberFormatConstructor::getConstructData):
2777         (JSC::IntlNumberFormatConstructor::getCallData):
2778         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2779         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2780         (JSC::IntlNumberFormatConstructor::visitChildren):
2781         * runtime/IntlNumberFormatConstructor.h: Added.
2782         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
2783         * runtime/IntlNumberFormatPrototype.cpp: Added.
2784         (JSC::IntlNumberFormatPrototype::create):
2785         (JSC::IntlNumberFormatPrototype::createStructure):
2786         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
2787         (JSC::IntlNumberFormatPrototype::finishCreation):
2788         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2789         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
2790         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2791         * runtime/IntlNumberFormatPrototype.h: Added.
2792         * runtime/IntlObject.cpp:
2793         (JSC::IntlObject::create):
2794         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
2795         (JSC::IntlObject::visitChildren):
2796         * runtime/IntlObject.h:
2797         (JSC::IntlObject::collatorConstructor):
2798         (JSC::IntlObject::collatorPrototype):
2799         (JSC::IntlObject::collatorStructure):
2800         (JSC::IntlObject::numberFormatConstructor):
2801         (JSC::IntlObject::numberFormatPrototype):
2802         (JSC::IntlObject::numberFormatStructure):
2803         (JSC::IntlObject::dateTimeFormatConstructor):
2804         (JSC::IntlObject::dateTimeFormatPrototype):
2805         (JSC::IntlObject::dateTimeFormatStructure):
2806         * runtime/JSGlobalObject.cpp:
2807         (JSC::JSGlobalObject::init):
2808
2809 2015-07-29  Commit Queue  <commit-queue@webkit.org>
2810
2811         Unreviewed, rolling out r187550.
2812         https://bugs.webkit.org/show_bug.cgi?id=147420
2813
2814         Broke Windows build (again) (Requested by smfr on #webkit).
2815
2816         Reverted changeset:
2817
2818         "Implement WebAssembly module parser"
2819         https://bugs.webkit.org/show_bug.cgi?id=147293
2820         http://trac.webkit.org/changeset/187550
2821
2822 2015-07-29  Basile Clement  <basile_clement@apple.com>
2823
2824         Remove native call inlining
2825         https://bugs.webkit.org/show_bug.cgi?id=147417
2826
2827         Rubber Stamped by Filip Pizlo.
2828
2829         * CMakeLists.txt:
2830         * dfg/DFGAbstractInterpreterInlines.h:
2831         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2832         * dfg/DFGByteCodeParser.cpp:
2833         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
2834         * dfg/DFGClobberize.h:
2835         (JSC::DFG::clobberize): Deleted.
2836         * dfg/DFGDoesGC.cpp:
2837         (JSC::DFG::doesGC): Deleted.
2838         * dfg/DFGFixupPhase.cpp:
2839         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2840         * dfg/DFGNode.h:
2841         (JSC::DFG::Node::hasHeapPrediction): Deleted.
2842         (JSC::DFG::Node::hasCellOperand): Deleted.
2843         * dfg/DFGNodeType.h:
2844         * dfg/DFGPredictionPropagationPhase.cpp:
2845         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2846         * dfg/DFGSafeToExecute.h:
2847         (JSC::DFG::safeToExecute): Deleted.
2848         * dfg/DFGSpeculativeJIT32_64.cpp:
2849         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2850         * dfg/DFGSpeculativeJIT64.cpp:
2851         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2852         * ftl/FTLCapabilities.cpp:
2853         (JSC::FTL::canCompile): Deleted.
2854         * ftl/FTLLowerDFGToLLVM.cpp:
2855         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
2856         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2857         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
2858         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
2859         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
2860         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
2861         * ftl/FTLState.cpp:
2862         (JSC::FTL::State::State): Deleted.
2863         * ftl/FTLState.h:
2864         * runtime/BundlePath.cpp: Removed.
2865         (JSC::bundlePath): Deleted.
2866         * runtime/JSDataViewPrototype.cpp:
2867         (JSC::getData):
2868         (JSC::setData):
2869         * runtime/Options.h:
2870
2871 2015-07-29  Basile Clement  <basile_clement@apple.com>
2872
2873         Unreviewed, skipping a test that is too complex for its own good
2874         https://bugs.webkit.org/show_bug.cgi?id=147167
2875
2876         * tests/stress/math-pow-coherency.js:
2877
2878 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2879
2880         Implement WebAssembly module parser
2881         https://bugs.webkit.org/show_bug.cgi?id=147293
2882
2883         Reviewed by Mark Lam.
2884
2885         Reupload the patch, since r187539 should fix the "Cannot open include file:
2886         'JSWASMModule.h'" issue in the Windows build.
2887
2888         * CMakeLists.txt:
2889         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2890         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2891         * JavaScriptCore.xcodeproj/project.pbxproj:
2892         * jsc.cpp:
2893         (GlobalObject::finishCreation):
2894         (functionLoadWebAssembly):
2895         * parser/SourceProvider.h:
2896         (JSC::WebAssemblySourceProvider::create):
2897         (JSC::WebAssemblySourceProvider::data):
2898         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2899         * runtime/JSGlobalObject.cpp:
2900         (JSC::JSGlobalObject::init):
2901         (JSC::JSGlobalObject::visitChildren):
2902         * runtime/JSGlobalObject.h:
2903         (JSC::JSGlobalObject::wasmModuleStructure):
2904         * wasm/WASMMagicNumber.h: Added.
2905         * wasm/WASMModuleParser.cpp: Added.
2906         (JSC::WASMModuleParser::WASMModuleParser):
2907         (JSC::WASMModuleParser::parse):
2908         (JSC::WASMModuleParser::parseModule):
2909         (JSC::parseWebAssembly):
2910         * wasm/WASMModuleParser.h: Added.
2911         * wasm/WASMReader.cpp: Added.
2912         (JSC::WASMReader::readUnsignedInt32):
2913         (JSC::WASMReader::readFloat):
2914         (JSC::WASMReader::readDouble):
2915         * wasm/WASMReader.h: Added.
2916         (JSC::WASMReader::WASMReader):
2917
2918 2015-07-29  Basile Clement  <basile_clement@apple.com>
2919
2920         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
2921         https://bugs.webkit.org/show_bug.cgi?id=147167
2922
2923         * tests/stress/math-pow-coherency.js:
2924
2925 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2926
2927         Add the "wasm" directory to Visual Studio project files
2928         https://bugs.webkit.org/show_bug.cgi?id=147400
2929
2930         Reviewed by Simon Fraser.
2931
2932         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
2933         in the Windows build.
2934
2935         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
2936         * JavaScriptCore.vcxproj/copy-files.cmd:
2937
2938 2015-07-28  Commit Queue  <commit-queue@webkit.org>
2939
2940         Unreviewed, rolling out r187531.
2941         https://bugs.webkit.org/show_bug.cgi?id=147397
2942
2943         Broke Windows bild (Requested by smfr on #webkit).
2944
2945         Reverted changeset:
2946
2947         "Implement WebAssembly module parser"
2948         https://bugs.webkit.org/show_bug.cgi?id=147293
2949         http://trac.webkit.org/changeset/187531
2950
2951 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
2952
2953         Speed up the Stringifier::toJSON() fast case
2954         https://bugs.webkit.org/show_bug.cgi?id=147383
2955
2956         Reviewed by Andreas Kling.
2957
2958         * runtime/JSONObject.cpp:
2959         (JSC::Stringifier::toJSON):
2960         (JSC::Stringifier::toJSONImpl):
2961
2962 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2963
2964         Implement WebAssembly module parser
2965         https://bugs.webkit.org/show_bug.cgi?id=147293
2966
2967         Reviewed by Geoffrey Garen.
2968
2969         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2970         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2971         the magic number at the beginning of the files. Parsing of the rest will be
2972         implemented in a subsequent patch.
2973
2974         * CMakeLists.txt:
2975         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2976         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2977         * JavaScriptCore.xcodeproj/project.pbxproj:
2978         * jsc.cpp:
2979         (GlobalObject::finishCreation):
2980         (functionLoadWebAssembly):
2981         * parser/SourceProvider.h:
2982         (JSC::WebAssemblySourceProvider::create):
2983         (JSC::WebAssemblySourceProvider::data):
2984         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2985         * runtime/JSGlobalObject.cpp:
2986         (JSC::JSGlobalObject::init):
2987         (JSC::JSGlobalObject::visitChildren):
2988         * runtime/JSGlobalObject.h:
2989         (JSC::JSGlobalObject::wasmModuleStructure):
2990         * wasm/WASMMagicNumber.h: Added.
2991         * wasm/WASMModuleParser.cpp: Added.
2992         (JSC::WASMModuleParser::WASMModuleParser):
2993         (JSC::WASMModuleParser::parse):
2994         (JSC::WASMModuleParser::parseModule):
2995         (JSC::parseWebAssembly):
2996         * wasm/WASMModuleParser.h: Added.
2997         * wasm/WASMReader.cpp: Added.
2998         (JSC::WASMReader::readUnsignedInt32):
2999         (JSC::WASMReader::readFloat):
3000         (JSC::WASMReader::readDouble):
3001         * wasm/WASMReader.h: Added.
3002         (JSC::WASMReader::WASMReader):
3003
3004 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
3005
3006         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
3007         https://bugs.webkit.org/show_bug.cgi?id=147350
3008
3009         Reviewed by Sam Weinig.
3010
3011         * Configurations/FeatureDefines.xcconfig:
3012
3013 2015-07-28  Saam barati  <saambarati1@gmail.com>
3014
3015         Make the type profiler work with lexical scoping and add tests
3016         https://bugs.webkit.org/show_bug.cgi?id=145438
3017
3018         Reviewed by Geoffrey Garen.
3019
3020         op_profile_type now knows how to resolve variables allocated within
3021         the local scope stack. This means it knows how to resolve "let"
3022         and "const" variables. Also, some refactoring was done inside
3023         the BytecodeGenerator to make writing code to support the type
3024         profiler much simpler and clearer.
3025
3026         * bytecode/CodeBlock.cpp:
3027         (JSC::CodeBlock::CodeBlock):
3028         * bytecode/CodeBlock.h:
3029         (JSC::CodeBlock::symbolTable): Deleted.
3030         * bytecode/UnlinkedCodeBlock.h:
3031         (JSC::UnlinkedCodeBlock::addExceptionHandler):
3032         (JSC::UnlinkedCodeBlock::exceptionHandler):
3033         (JSC::UnlinkedCodeBlock::vm):
3034         (JSC::UnlinkedCodeBlock::addArrayProfile):
3035         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
3036         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
3037         * bytecompiler/BytecodeGenerator.cpp:
3038         (JSC::BytecodeGenerator::BytecodeGenerator):
3039         (JSC::BytecodeGenerator::emitMove):
3040         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
3041         (JSC::BytecodeGenerator::emitProfileType):
3042         (JSC::BytecodeGenerator::emitProfileControlFlow):
3043         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3044         * bytecompiler/BytecodeGenerator.h:
3045         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3046         * bytecompiler/NodesCodegen.cpp:
3047         (JSC::ThisNode::emitBytecode):
3048         (JSC::ResolveNode::emitBytecode):
3049         (JSC::BracketAccessorNode::emitBytecode):
3050         (JSC::DotAccessorNode::emitBytecode):
3051         (JSC::FunctionCallValueNode::emitBytecode):
3052         (JSC::FunctionCallResolveNode::emitBytecode):
3053         (JSC::FunctionCallBracketNode::emitBytecode):
3054         (JSC::FunctionCallDotNode::emitBytecode):
3055         (JSC::CallFunctionCallDotNode::emitBytecode):
3056         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3057         (JSC::PostfixNode::emitResolve):
3058         (JSC::PostfixNode::emitBracket):
3059         (JSC::PostfixNode::emitDot):
3060         (JSC::PrefixNode::emitResolve):
3061         (JSC::PrefixNode::emitBracket):
3062         (JSC::PrefixNode::emitDot):
3063         (JSC::ReadModifyResolveNode::emitBytecode):
3064         (JSC::AssignResolveNode::emitBytecode):
3065         (JSC::AssignDotNode::emitBytecode):
3066         (JSC::ReadModifyDotNode::emitBytecode):
3067         (JSC::AssignBracketNode::emitBytecode):
3068         (JSC::ReadModifyBracketNode::emitBytecode):
3069         (JSC::EmptyVarExpression::emitBytecode):
3070         (JSC::EmptyLetExpression::emitBytecode):
3071         (JSC::ForInNode::emitLoopHeader):
3072         (JSC::ForOfNode::emitBytecode):
3073         (JSC::ReturnNode::emitBytecode):
3074         (JSC::FunctionNode::emitBytecode):
3075         (JSC::BindingNode::bindValue):
3076         * dfg/DFGSpeculativeJIT32_64.cpp:
3077         (JSC::DFG::SpeculativeJIT::compile):
3078         * dfg/DFGSpeculativeJIT64.cpp:
3079         (JSC::DFG::SpeculativeJIT::compile):
3080         * jit/JITOpcodes.cpp:
3081         (JSC::JIT::emit_op_profile_type):
3082         * jit/JITOpcodes32_64.cpp:
3083         (JSC::JIT::emit_op_profile_type):
3084         * llint/LowLevelInterpreter32_64.asm:
3085         * llint/LowLevelInterpreter64.asm:
3086         * tests/typeProfiler/es6-block-scoping.js: Added.
3087         (noop):
3088         (arr):
3089         (wrapper.changeFoo):
3090         (wrapper.scoping):
3091         (wrapper.scoping2):
3092         (wrapper):
3093         * tests/typeProfiler/es6-classes.js: Added.
3094         (noop):
3095         (wrapper.Animal):
3096         (wrapper.Animal.prototype.methodA):
3097         (wrapper.Dog):
3098         (wrapper.Dog.prototype.methodB):
3099         (wrapper):
3100
3101 2015-07-28  Saam barati  <saambarati1@gmail.com>
3102
3103         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
3104         https://bugs.webkit.org/show_bug.cgi?id=146979
3105
3106         Reviewed by Geoffrey Garen.
3107
3108         Now that BytecodeGenerator has a notion of local scope depth,
3109         we can easily implement a catch scope that doesn't claim that
3110         all variables are dynamically scoped. This means that functions
3111         that use try/catch can have local variable resolution. This also
3112         means that all functions that use try/catch don't have all
3113         their variables marked as being captured.
3114
3115         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
3116         single variable. Catch scopes are now just JSLexicalEnvironments and the 
3117         symbol table backing the catch scope knows that it corresponds to a catch scope.
3118
3119         * CMakeLists.txt:
3120         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3121         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3122         * JavaScriptCore.xcodeproj/project.pbxproj:
3123         * bytecode/CodeBlock.cpp:
3124         (JSC::CodeBlock::dumpBytecode):
3125         * bytecode/EvalCodeCache.h:
3126         (JSC::EvalCodeCache::isCacheable):
3127         * bytecompiler/BytecodeGenerator.cpp:
3128         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3129         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3130         (JSC::BytecodeGenerator::pushLexicalScope):
3131         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3132         (JSC::BytecodeGenerator::popLexicalScope):
3133         (JSC::BytecodeGenerator::popLexicalScopeInternal):
3134         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3135         (JSC::BytecodeGenerator::variable):
3136         (JSC::BytecodeGenerator::resolveType):
3137         (JSC::BytecodeGenerator::emitResolveScope):
3138         (JSC::BytecodeGenerator::emitPopScope):
3139         (JSC::BytecodeGenerator::emitPopWithScope):
3140         (JSC::BytecodeGenerator::emitDebugHook):
3141         (JSC::BytecodeGenerator::popScopedControlFlowContext):
3142         (JSC::BytecodeGenerator::emitPushCatchScope):
3143         (JSC::BytecodeGenerator::emitPopCatchScope):
3144         (JSC::BytecodeGenerator::beginSwitch):
3145         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
3146         * bytecompiler/BytecodeGenerator.h:
3147         (JSC::BytecodeGenerator::lastOpcodeID):
3148         * bytecompiler/NodesCodegen.cpp:
3149         (JSC::AssignResolveNode::emitBytecode):
3150         (JSC::WithNode::emitBytecode):
3151         (JSC::TryNode::emitBytecode):
3152         * debugger/DebuggerScope.cpp:
3153         (JSC::DebuggerScope::isCatchScope):
3154         (JSC::DebuggerScope::isFunctionNameScope):
3155         (JSC::DebuggerScope::isFunctionOrEvalScope):
3156         (JSC::DebuggerScope::caughtValue):
3157         * debugger/DebuggerScope.h:
3158         * inspector/ScriptDebugServer.cpp:
3159         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
3160         * interpreter/Interpreter.cpp:
3161         (JSC::Interpreter::execute):
3162         * jit/JITOpcodes.cpp:
3163         (JSC::JIT::emit_op_push_name_scope):
3164         * jit/JITOpcodes32_64.cpp:
3165         (JSC::JIT::emit_op_push_name_scope):
3166         * jit/JITOperations.cpp:
3167         * jit/JITOperations.h:
3168         * parser/ASTBuilder.h:
3169         (JSC::ASTBuilder::createContinueStatement):
3170         (JSC::ASTBuilder::createTryStatement):
3171         * parser/NodeConstructors.h:
3172         (JSC::ThrowNode::ThrowNode):
3173         (JSC::TryNode::TryNode):
3174         (JSC::FunctionParameters::FunctionParameters):
3175         * parser/Nodes.h:
3176         * parser/Parser.cpp:
3177         (JSC::Parser<LexerType>::parseTryStatement):
3178         * parser/SyntaxChecker.h:
3179         (JSC::SyntaxChecker::createBreakStatement):
3180         (JSC::SyntaxChecker::createContinueStatement):
3181         (JSC::SyntaxChecker::createTryStatement):
3182         (JSC::SyntaxChecker::createSwitchStatement):
3183         (JSC::SyntaxChecker::createWhileStatement):
3184         (JSC::SyntaxChecker::createWithStatement):
3185         * runtime/JSCatchScope.cpp:
3186         * runtime/JSCatchScope.h:
3187         (JSC::JSCatchScope::JSCatchScope): Deleted.
3188         (JSC::JSCatchScope::create): Deleted.
3189         (JSC::JSCatchScope::createStructure): Deleted.
3190         * runtime/JSFunctionNameScope.h:
3191         (JSC::JSFunctionNameScope::JSFunctionNameScope):
3192         * runtime/JSGlobalObject.cpp:
3193         (JSC::JSGlobalObject::init):
3194         (JSC::JSGlobalObject::visitChildren):
3195         * runtime/JSGlobalObject.h:
3196         (JSC::JSGlobalObject::withScopeStructure):
3197         (JSC::JSGlobalObject::strictEvalActivationStructure):
3198         (JSC::JSGlobalObject::activationStructure):
3199         (JSC::JSGlobalObject::functionNameScopeStructure):
3200         (JSC::JSGlobalObject::directArgumentsStructure):
3201         (JSC::JSGlobalObject::scopedArgumentsStructure):
3202         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
3203         * runtime/JSNameScope.cpp:
3204         (JSC::JSNameScope::create):
3205         (JSC::JSNameScope::toThis):
3206         * runtime/JSNameScope.h:
3207         * runtime/JSObject.cpp:
3208         (JSC::JSObject::toThis):
3209         (JSC::JSObject::isFunctionNameScopeObject):
3210         (JSC::JSObject::isCatchScopeObject): Deleted.
3211         * runtime/JSObject.h:
3212         * runtime/JSScope.cpp:
3213         (JSC::JSScope::collectVariablesUnderTDZ):
3214         (JSC::JSScope::isLexicalScope):
3215         (JSC::JSScope::isCatchScope):
3216         (JSC::resolveModeName):
3217         * runtime/JSScope.h:
3218         * runtime/SymbolTable.cpp:
3219         (JSC::SymbolTable::SymbolTable):
3220         (JSC::SymbolTable::cloneScopePart):
3221         * runtime/SymbolTable.h:
3222         * tests/stress/const-semantics.js:
3223         (.):
3224
3225 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3226
3227         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
3228         https://bugs.webkit.org/show_bug.cgi?id=147373
3229
3230         Reviewed by Mark Lam.
3231
3232         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
3233         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
3234         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
3235
3236         When converting a GetByVal to GetStack, there are three possibilities:
3237
3238         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
3239            know to have stored to the stack. For example, if we inline a function that does
3240            "arguments[42]" at a call that passes no arguments.
3241
3242         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
3243            can happen for "arguments[42]" with no inline call frame (since we don't know statically
3244            how many arguments we will be passed) or in a varargs call frame.
3245
3246         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
3247            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
3248            frame, and we know that the caller passed 42 or more arguments.
3249
3250         The way the phase handles this is it first determines that we're not in case (1). This is
3251         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
3252         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
3253         is in-bounds (i.e. case (3)).
3254
3255         But the phase was again doing a check for whether the index is in-bounds for non-varargs
3256         inline call frames even when safeToGetStack was true. That check is redundant and should be
3257         eliminated, since it makes the code confusing.
3258
3259         * dfg/DFGArgumentsEliminationPhase.cpp:
3260
3261 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3262
3263         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
3264         https://bugs.webkit.org/show_bug.cgi?id=147371
3265
3266         Reviewed by Mark Lam.
3267
3268         Two fixes:
3269
3270         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
3271           using ConflictingFlush for arguments.
3272
3273         - Assert that a GetStack never sees ConflictingFlush.
3274
3275         * dfg/DFGPutStackSinkingPhase.cpp:
3276
3277 2015-07-28  Basile Clement  <basile_clement@apple.com>
3278
3279         Misleading error message: "At least one digit must occur after a decimal point"
3280         https://bugs.webkit.org/show_bug.cgi?id=146238
3281
3282         Reviewed by Geoffrey Garen.
3283
3284         Interestingly, we had a comment explaining what this error message was
3285         about that is much clearer than the error message itself. This patch
3286         simply replaces the error message with the explanation from the
3287         comment.
3288
3289         * parser/Lexer.cpp:
3290         (JSC::Lexer<T>::lex):
3291
3292 2015-07-28  Basile Clement  <basile_clement@apple.com>
3293
3294         Simplify call linking
3295         https://bugs.webkit.org/show_bug.cgi?id=147363
3296
3297         Reviewed by Filip Pizlo.
3298
3299         Previously, we were passing both the CallLinkInfo and a
3300         (CodeSpecializationKind, RegisterPreservationMode) pair to the
3301         different call linking slow paths. However, the CallLinkInfo already
3302         has all of that information, and we don't gain anything by having them
3303         in additional static parameters - except possibly a very small
3304         performance gain in presence of inlining. However since those are
3305         already slow paths, this performance loss (if it exists) will not be
3306         visible in practice.
3307
3308         This patch removes the various specialized thunks and JIT operations
3309         for regular and polymorphic call linking with a single thunk and
3310         operation for each case. Moreover, it removes the four specialized
3311         virtual call thunks and operations with one virtual call thunk for each
3312         call link info, allowing for better branch prediction by the CPU and
3313         fixing a pre-existing FIXME.
3314
3315         * bytecode/CallLinkInfo.cpp:
3316         (JSC::CallLinkInfo::unlink):
3317         (JSC::CallLinkInfo::dummy): Deleted.
3318         * bytecode/CallLinkInfo.h:
3319         (JSC::CallLinkInfo::CallLinkInfo):
3320         (JSC::CallLinkInfo::registerPreservationMode):
3321         (JSC::CallLinkInfo::setUpCallFromFTL):
3322         (JSC::CallLinkInfo::setSlowStub):
3323         (JSC::CallLinkInfo::clearSlowStub):
3324         (JSC::CallLinkInfo::slowStub):
3325         * dfg/DFGDriver.cpp:
3326         (JSC::DFG::compileImpl):
3327         * dfg/DFGJITCompiler.cpp:
3328         (JSC::DFG::JITCompiler::link):
3329         * ftl/FTLJSCallBase.cpp:
3330         (JSC::FTL::JSCallBase::link):
3331         * jit/JITCall.cpp:
3332         (JSC::JIT::compileCallEvalSlowCase):
3333         (JSC::JIT::compileOpCall):
3334         (JSC::JIT::compileOpCallSlowCase):
3335         * jit/JITCall32_64.cpp:
3336         (JSC::JIT::compileCallEvalSlowCase):
3337         (JSC::JIT::compileOpCall):
3338         (JSC::JIT::compileOpCallSlowCase):
3339         * jit/JITOperations.cpp:
3340         * jit/JITOperations.h:
3341         (JSC::operationLinkFor): Deleted.
3342         (JSC::operationVirtualFor): Deleted.
3343         (JSC::operationLinkPolymorphicCallFor): Deleted.
3344         * jit/Repatch.cpp:
3345         (JSC::generateByIdStub):
3346         (JSC::linkSlowFor):
3347         (JSC::linkFor):
3348         (JSC::revertCall):
3349         (JSC::unlinkFor):