a715868bdff93e3fbdf6db90800d781f752b1d0f
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-26  Filip Pizlo  <fpizlo@apple.com>
2
3         Disable function.arguments
4         https://bugs.webkit.org/show_bug.cgi?id=137167
5
6         Rubber stamped by Geoffrey Garen.
7         
8         Add an option to disable function.arguments. Add a test for disabling it.
9         
10         Disabling function.arguments means that it returns an Arguments object that claims that
11         there were zero arguments. All other Arguments functionality still works, so any code
12         that tries to inspect this object will still think that it is looking at a perfectly
13         valid Arguments object.
14         
15         This also makes function.arguments disabled by default. Note that the RJST harness will
16         enable them by default, to continue to get test coverage for the code that implements
17         the feature.
18         
19         We will rip out that code once we're confident that it's really safe to remove this
20         feature. Only once we rip out that support will we be able to do optimizations to
21         leverage the lack of this feature. It's important to keep the support code, and the test
22         infrastructure, in place before we are confident. The logic to keep this working touches
23         the entire compiler and a large chunk of the runtime, so reimplementing it - or even
24         merging it back in - would be a nightmare. That's also basically the reason why we want
25         to rip it out if at all possible. It's a lot of terrible code.
26
27         * interpreter/StackVisitor.cpp:
28         (JSC::StackVisitor::Frame::createArguments):
29         * runtime/Arguments.h:
30         (JSC::Arguments::create):
31         (JSC::Arguments::finishCreation):
32         * runtime/Options.h:
33         * tests/stress/disable-function-dot-arguments.js: Added.
34         (foo):
35         (bar):
36
37 2014-09-26  Joseph Pecoraro  <pecoraro@apple.com>
38
39         Web Inspector: Automatic Inspection should continue once all breakpoints are loaded
40         https://bugs.webkit.org/show_bug.cgi?id=137038
41
42         Reviewed by Timothy Hatcher.
43
44         Add a new protocol command "Inspector.initialized" that signifies to the backend
45         when the frontend has sent all its initialization messages to the backend. This
46         can include information like breakpoints, which we would want to have loaded
47         before any JavaScript evaluates in the context.
48
49         * inspector/protocol/InspectorDomain.json:
50         New protocol command, Inspector.initialized.
51
52         * inspector/agents/InspectorAgent.h:
53         * inspector/agents/InspectorAgent.cpp:
54         (Inspector::InspectorAgent::InspectorAgent):
55         (Inspector::InspectorAgent::initialized):
56         Tell the InspectorEnvironment (the Controller) the frontend has initialized.
57
58         * inspector/InspectorEnvironment.h:
59         Abstract virtual method to handle frontend initialization. To be
60         implemented by all of the InspectorControllers.
61
62         * inspector/JSGlobalObjectInspectorController.h:
63         * inspector/JSGlobalObjectInspectorController.cpp:
64         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
65         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
66         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
67         (Inspector::JSGlobalObjectInspectorController::frontendInitialized):
68         When a frontend is initialized, if it was automatic inspection unpause the debuggable.
69
70         * inspector/remote/RemoteInspectorDebuggable.cpp:
71         (Inspector::RemoteInspectorDebuggable::unpauseForInitializedInspector):
72         Complete setup for this debuggable.
73
74         * inspector/remote/RemoteInspectorDebuggable.h:
75         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
76         (Inspector::RemoteInspectorDebuggableConnection::setup):
77         Move the setup complete to later, when the frontend sends an "initialized" message.
78
79         * inspector/remote/RemoteInspector.h:
80         * inspector/remote/RemoteInspector.mm:
81         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
82         Provide a longer timeout now that the frontend must send messages after the connection
83         has established. The longest I have seen in  600ms, but the average tends to be 200ms.
84         So bump the timeout to 800ms for a buffer.
85
86         (Inspector::RemoteInspector::setupSucceeded): Deleted.
87         (Inspector::RemoteInspector::setupCompleted):
88         Rename, as this happens at a slightly different time.
89
90 2014-09-26  Filip Pizlo  <fpizlo@apple.com>
91
92         DFG shouldn't insert store barriers when it has it on good authority that we're not storing a cell
93         https://bugs.webkit.org/show_bug.cgi?id=137161
94
95         Reviewed by Mark Hahnenberg.
96         
97         This looks like a 1% Octane speed-up.
98
99         * bytecode/SpeculatedType.h:
100         (JSC::isNotCellSpeculation):
101         * dfg/DFGFixupPhase.cpp:
102         (JSC::DFG::FixupPhase::fixupNode):
103         (JSC::DFG::FixupPhase::insertStoreBarrier):
104         (JSC::DFG::FixupPhase::insertCheck):
105         * dfg/DFGNode.h:
106         (JSC::DFG::Node::shouldSpeculateNotCell):
107
108 2014-09-26  Peter Varga  <pvarga@webkit.org>
109
110         Fix typo in YARR at BOL check
111         https://bugs.webkit.org/show_bug.cgi?id=137144
112
113         Reviewed by Darin Adler.
114
115         * yarr/YarrPattern.cpp: replace bitwise and operator by logical and
116         (JSC::Yarr::YarrPatternConstructor::assertionBOL):
117
118 2014-09-25  Saam Barati  <saambarati1@gmail.com>
119
120         Web Inspector: console.assert(bitString) TypeSet:50 
121         https://bugs.webkit.org/show_bug.cgi?id=137051
122
123         Reviewed by Joseph Pecoraro.
124
125         This patch creates stricter requirements on a TypeDescription
126         being valid. To be valid, a TypeDescription now ensures that 
127         the TypeSet it describes has non null type information.
128
129         * inspector/agents/InspectorRuntimeAgent.cpp:
130         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
131         * runtime/TypeSet.h:
132         (JSC::TypeSet::isEmpty):
133
134 2014-09-25  Filip Pizlo  <fpizlo@apple.com>
135
136         FTL should sink object allocations
137         https://bugs.webkit.org/show_bug.cgi?id=136330
138
139         Reviewed by Oliver Hunt.
140         
141         This adds a comprehensive infrastructure for sinking object allocations in DFG SSA form. The
142         ultimate goal of sinking is to sink an allocation "past the points of its death" - i.e. to
143         eliminate it completely. The way sinking reasons about the CFG means that it resembles a
144         partial escape analysis: we create paths through a function where some allocation(s) don't
145         have to be done at all even if there are other paths along which those allocations still have
146         to happen. But it also produces other side benefits. Even if an allocation isn't eliminated
147         along any path, the act of sinking reduces the number of barriers that have to execute.
148         
149         Because this was a fairly ambituous SSA analysis and transformation, I added a bunch of C++11
150         sugar to the DFG's internal APIs to allow for easier iteration over blocks, nodes, and
151         successors; and to add more functor goodness to allow for more lambdas.
152         
153         This is just the beginning. The bug has a bunch of other bugs that depend on it. So far this
154         is a spectacular speed-up on microbenchmarks but it's still too limited to affect big
155         benchmarks. For example, doing o == p makes the sinking phase think that o and p escape.
156         That's just an omission and there are likely others; we can easily fix them. I think it's
157         best to land it in its current form and then to worry about the big benchmarks in subsequent
158         work (see bug 137126).
159
160         * CMakeLists.txt:
161         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
162         * JavaScriptCore.xcodeproj/project.pbxproj:
163         * bytecode/StructureSet.h:
164         (JSC::StructureSet::iterator::iterator):
165         (JSC::StructureSet::iterator::operator*):
166         (JSC::StructureSet::iterator::operator++):
167         (JSC::StructureSet::iterator::operator==):
168         (JSC::StructureSet::iterator::operator!=):
169         (JSC::StructureSet::begin):
170         (JSC::StructureSet::end):
171         * dfg/DFGAbstractInterpreter.h:
172         (JSC::DFG::AbstractInterpreter::phiChildren):
173         * dfg/DFGAbstractInterpreterInlines.h:
174         (JSC::DFG::AbstractInterpreter<AbstractStateType>::AbstractInterpreter):
175         (JSC::DFG::AbstractInterpreter<AbstractStateType>::startExecuting):
176         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
177         (JSC::DFG::AbstractInterpreter<AbstractStateType>::execute):
178         * dfg/DFGAvailability.h:
179         (JSC::DFG::Availability::shouldUseNode):
180         (JSC::DFG::Availability::isFlushUseful):
181         (JSC::DFG::Availability::isDead):
182         (JSC::DFG::Availability::operator!=):
183         * dfg/DFGAvailabilityMap.cpp: Added.
184         (JSC::DFG::AvailabilityMap::prune):
185         (JSC::DFG::AvailabilityMap::clear):
186         (JSC::DFG::AvailabilityMap::dump):
187         (JSC::DFG::AvailabilityMap::operator==):
188         (JSC::DFG::AvailabilityMap::merge):
189         * dfg/DFGAvailabilityMap.h: Added.
190         (JSC::DFG::AvailabilityMap::forEachAvailability):
191         * dfg/DFGBasicBlock.cpp:
192         (JSC::DFG::BasicBlock::SSAData::SSAData):
193         * dfg/DFGBasicBlock.h:
194         (JSC::DFG::BasicBlock::begin):
195         (JSC::DFG::BasicBlock::end):
196         (JSC::DFG::BasicBlock::SuccessorsIterable::SuccessorsIterable):
197         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::iterator):
198         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator*):
199         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator++):
200         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator==):
201         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator!=):
202         (JSC::DFG::BasicBlock::SuccessorsIterable::begin):
203         (JSC::DFG::BasicBlock::SuccessorsIterable::end):
204         (JSC::DFG::BasicBlock::successors):
205         * dfg/DFGClobberize.h:
206         (JSC::DFG::clobberize):
207         * dfg/DFGConstantFoldingPhase.cpp:
208         (JSC::DFG::ConstantFoldingPhase::foldConstants):
209         * dfg/DFGDoesGC.cpp:
210         (JSC::DFG::doesGC):
211         * dfg/DFGFixupPhase.cpp:
212         (JSC::DFG::FixupPhase::fixupNode):
213         * dfg/DFGFlushedAt.cpp:
214         (JSC::DFG::FlushedAt::dump):
215         * dfg/DFGFlushedAt.h:
216         (JSC::DFG::FlushedAt::FlushedAt):
217         * dfg/DFGGraph.cpp:
218         (JSC::DFG::Graph::dump):
219         (JSC::DFG::Graph::dumpBlockHeader):
220         (JSC::DFG::Graph::mergeRelevantToOSR):
221         (JSC::DFG::Graph::invalidateCFG):
222         * dfg/DFGGraph.h:
223         (JSC::DFG::Graph::NaturalBlockIterable::NaturalBlockIterable):
224         (JSC::DFG::Graph::NaturalBlockIterable::iterator::iterator):
225         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator*):
226         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator++):
227         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator==):
228         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator!=):
229         (JSC::DFG::Graph::NaturalBlockIterable::iterator::findNext):
230         (JSC::DFG::Graph::NaturalBlockIterable::begin):
231         (JSC::DFG::Graph::NaturalBlockIterable::end):
232         (JSC::DFG::Graph::blocksInNaturalOrder):
233         (JSC::DFG::Graph::doToChildrenWithNode):
234         (JSC::DFG::Graph::doToChildren):
235         * dfg/DFGHeapLocation.cpp:
236         (WTF::printInternal):
237         * dfg/DFGHeapLocation.h:
238         * dfg/DFGInsertOSRHintsForUpdate.cpp: Added.
239         (JSC::DFG::insertOSRHintsForUpdate):
240         * dfg/DFGInsertOSRHintsForUpdate.h: Added.
241         * dfg/DFGInsertionSet.h:
242         (JSC::DFG::InsertionSet::graph):
243         * dfg/DFGMayExit.cpp:
244         (JSC::DFG::mayExit):
245         * dfg/DFGNode.h:
246         (JSC::DFG::Node::convertToPutByOffsetHint):
247         (JSC::DFG::Node::convertToPutStructureHint):
248         (JSC::DFG::Node::convertToPhantomNewObject):
249         (JSC::DFG::Node::isCellConstant):
250         (JSC::DFG::Node::castConstant):
251         (JSC::DFG::Node::hasIdentifier):
252         (JSC::DFG::Node::hasStorageAccessData):
253         (JSC::DFG::Node::hasObjectMaterializationData):
254         (JSC::DFG::Node::objectMaterializationData):
255         (JSC::DFG::Node::isPhantomObjectAllocation):
256         * dfg/DFGNodeType.h:
257         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
258         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
259         (JSC::DFG::LocalOSRAvailabilityCalculator::endBlock):
260         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
261         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
262         * dfg/DFGObjectAllocationSinkingPhase.cpp: Added.
263         (JSC::DFG::ObjectAllocationSinkingPhase::ObjectAllocationSinkingPhase):
264         (JSC::DFG::ObjectAllocationSinkingPhase::run):
265         (JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
266         (JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
267         (JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
268         (JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
269         (JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):
270         (JSC::DFG::ObjectAllocationSinkingPhase::resolve):
271         (JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
272         (JSC::DFG::ObjectAllocationSinkingPhase::createMaterialize):
273         (JSC::DFG::ObjectAllocationSinkingPhase::populateMaterialize):
274         (JSC::DFG::performObjectAllocationSinking):
275         * dfg/DFGObjectAllocationSinkingPhase.h: Added.
276         * dfg/DFGObjectMaterializationData.cpp: Added.
277         (JSC::DFG::PhantomPropertyValue::dump):
278         (JSC::DFG::ObjectMaterializationData::dump):
279         (JSC::DFG::ObjectMaterializationData::oneWaySimilarityScore):
280         (JSC::DFG::ObjectMaterializationData::similarityScore):
281         * dfg/DFGObjectMaterializationData.h: Added.
282         (JSC::DFG::PhantomPropertyValue::PhantomPropertyValue):
283         (JSC::DFG::PhantomPropertyValue::operator==):
284         * dfg/DFGPhantomCanonicalizationPhase.cpp:
285         (JSC::DFG::PhantomCanonicalizationPhase::run):
286         * dfg/DFGPhantomRemovalPhase.cpp:
287         (JSC::DFG::PhantomRemovalPhase::run):
288         * dfg/DFGPhiChildren.cpp: Added.
289         (JSC::DFG::PhiChildren::PhiChildren):
290         (JSC::DFG::PhiChildren::~PhiChildren):
291         (JSC::DFG::PhiChildren::upsilonsOf):
292         * dfg/DFGPhiChildren.h: Added.
293         (JSC::DFG::PhiChildren::forAllIncomingValues):
294         (JSC::DFG::PhiChildren::forAllTransitiveIncomingValues):
295         * dfg/DFGPlan.cpp:
296         (JSC::DFG::Plan::compileInThreadImpl):
297         * dfg/DFGPrePostNumbering.cpp: Added.
298         (JSC::DFG::PrePostNumbering::PrePostNumbering):
299         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
300         (JSC::DFG::PrePostNumbering::compute):
301         (WTF::printInternal):
302         * dfg/DFGPrePostNumbering.h: Added.
303         (JSC::DFG::PrePostNumbering::preNumber):
304         (JSC::DFG::PrePostNumbering::postNumber):
305         (JSC::DFG::PrePostNumbering::isStrictAncestorOf):
306         (JSC::DFG::PrePostNumbering::isAncestorOf):
307         (JSC::DFG::PrePostNumbering::isStrictDescendantOf):
308         (JSC::DFG::PrePostNumbering::isDescendantOf):
309         (JSC::DFG::PrePostNumbering::edgeKind):
310         * dfg/DFGPredictionPropagationPhase.cpp:
311         (JSC::DFG::PredictionPropagationPhase::propagate):
312         * dfg/DFGPromoteHeapAccess.h: Added.
313         (JSC::DFG::promoteHeapAccess):
314         * dfg/DFGPromotedHeapLocation.cpp: Added.
315         (JSC::DFG::PromotedLocationDescriptor::dump):
316         (JSC::DFG::PromotedHeapLocation::createHint):
317         (JSC::DFG::PromotedHeapLocation::dump):
318         (WTF::printInternal):
319         * dfg/DFGPromotedHeapLocation.h: Added.
320         (JSC::DFG::PromotedLocationDescriptor::PromotedLocationDescriptor):
321         (JSC::DFG::PromotedLocationDescriptor::operator!):
322         (JSC::DFG::PromotedLocationDescriptor::kind):
323         (JSC::DFG::PromotedLocationDescriptor::info):
324         (JSC::DFG::PromotedLocationDescriptor::hash):
325         (JSC::DFG::PromotedLocationDescriptor::operator==):
326         (JSC::DFG::PromotedLocationDescriptor::operator!=):
327         (JSC::DFG::PromotedLocationDescriptor::isHashTableDeletedValue):
328         (JSC::DFG::PromotedHeapLocation::PromotedHeapLocation):
329         (JSC::DFG::PromotedHeapLocation::operator!):
330         (JSC::DFG::PromotedHeapLocation::kind):
331         (JSC::DFG::PromotedHeapLocation::base):
332         (JSC::DFG::PromotedHeapLocation::info):
333         (JSC::DFG::PromotedHeapLocation::descriptor):
334         (JSC::DFG::PromotedHeapLocation::hash):
335         (JSC::DFG::PromotedHeapLocation::operator==):
336         (JSC::DFG::PromotedHeapLocation::isHashTableDeletedValue):
337         (JSC::DFG::PromotedHeapLocationHash::hash):
338         (JSC::DFG::PromotedHeapLocationHash::equal):
339         * dfg/DFGSSACalculator.cpp:
340         (JSC::DFG::SSACalculator::reset):
341         * dfg/DFGSSACalculator.h:
342         * dfg/DFGSafeToExecute.h:
343         (JSC::DFG::safeToExecute):
344         * dfg/DFGSpeculativeJIT.cpp:
345         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
346         * dfg/DFGSpeculativeJIT32_64.cpp:
347         (JSC::DFG::SpeculativeJIT::compile):
348         * dfg/DFGSpeculativeJIT64.cpp:
349         (JSC::DFG::SpeculativeJIT::compile):
350         * dfg/DFGStructureRegistrationPhase.cpp:
351         (JSC::DFG::StructureRegistrationPhase::run):
352         * dfg/DFGValidate.cpp:
353         (JSC::DFG::Validate::validate):
354         * ftl/FTLCapabilities.cpp:
355         (JSC::FTL::canCompile):
356         * ftl/FTLExitPropertyValue.cpp: Added.
357         (JSC::FTL::ExitPropertyValue::dump):
358         * ftl/FTLExitPropertyValue.h: Added.
359         (JSC::FTL::ExitPropertyValue::ExitPropertyValue):
360         (JSC::FTL::ExitPropertyValue::operator!):
361         (JSC::FTL::ExitPropertyValue::location):
362         (JSC::FTL::ExitPropertyValue::value):
363         * ftl/FTLExitTimeObjectMaterialization.cpp: Added.
364         (JSC::FTL::ExitTimeObjectMaterialization::ExitTimeObjectMaterialization):
365         (JSC::FTL::ExitTimeObjectMaterialization::~ExitTimeObjectMaterialization):
366         (JSC::FTL::ExitTimeObjectMaterialization::add):
367         (JSC::FTL::ExitTimeObjectMaterialization::get):
368         (JSC::FTL::ExitTimeObjectMaterialization::dump):
369         * ftl/FTLExitTimeObjectMaterialization.h: Added.
370         (JSC::FTL::ExitTimeObjectMaterialization::type):
371         (JSC::FTL::ExitTimeObjectMaterialization::properties):
372         * ftl/FTLExitValue.cpp:
373         (JSC::FTL::ExitValue::materializeNewObject):
374         (JSC::FTL::ExitValue::dumpInContext):
375         * ftl/FTLExitValue.h:
376         (JSC::FTL::ExitValue::isObjectMaterialization):
377         (JSC::FTL::ExitValue::objectMaterialization):
378         (JSC::FTL::ExitValue::withVirtualRegister):
379         (JSC::FTL::ExitValue::valueFormat):
380         * ftl/FTLLowerDFGToLLVM.cpp:
381         (JSC::FTL::LowerDFGToLLVM::compileNode):
382         (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
383         (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
384         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
385         (JSC::FTL::LowerDFGToLLVM::compileNewObject):
386         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
387         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
388         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
389         (JSC::FTL::LowerDFGToLLVM::compileCheckStructureImmediate):
390         (JSC::FTL::LowerDFGToLLVM::compileMaterializeNewObject):
391         (JSC::FTL::LowerDFGToLLVM::checkStructure):
392         (JSC::FTL::LowerDFGToLLVM::allocateCell):
393         (JSC::FTL::LowerDFGToLLVM::storeStructure):
394         (JSC::FTL::LowerDFGToLLVM::allocateObject):
395         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID):
396         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
397         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
398         (JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
399         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
400         (JSC::FTL::LowerDFGToLLVM::weakStructureID):
401         (JSC::FTL::LowerDFGToLLVM::weakStructure):
402         (JSC::FTL::LowerDFGToLLVM::availabilityMap):
403         (JSC::FTL::LowerDFGToLLVM::availability): Deleted.
404         * ftl/FTLOSRExit.h:
405         * ftl/FTLOSRExitCompiler.cpp:
406         (JSC::FTL::compileRecovery):
407         (JSC::FTL::compileStub):
408         * ftl/FTLOperations.cpp: Added.
409         (JSC::FTL::operationNewObjectWithButterfly):
410         (JSC::FTL::operationMaterializeObjectInOSR):
411         * ftl/FTLOperations.h: Added.
412         * ftl/FTLSwitchCase.h:
413         (JSC::FTL::SwitchCase::SwitchCase):
414         * runtime/JSObject.h:
415         (JSC::JSObject::finishCreation):
416         (JSC::JSFinalObject::JSFinalObject):
417         (JSC::JSFinalObject::create):
418         * runtime/Structure.cpp:
419         (JSC::Structure::canUseForAllocationsOf):
420         * runtime/Structure.h:
421         * tests/stress/elidable-new-object-roflcopter-then-exit.js: Added.
422         (sumOfArithSeries):
423         (foo):
424         * tests/stress/elide-new-object-dag-then-exit.js: Added.
425         (sumOfArithSeries):
426         (bar):
427         (verify):
428         (foo):
429         * tests/stress/obviously-elidable-new-object-then-exit.js: Added.
430         (sumOfArithSeries):
431         (foo):
432
433 2014-09-25  Brian J. Burg  <burg@cs.washington.edu>
434
435         Web Replay: Check event loop input extents during replaying too
436         https://bugs.webkit.org/show_bug.cgi?id=136316
437
438         Reviewed by Timothy Hatcher.
439
440         Sometimes we see different nondeterminism during capture and replay
441         executions, so we should add determinism checks during replay too.
442
443         Move the withinEventLoopInputExtent flag to the base class, and tighten
444         the assertion to address <http://webkit.org/b/133019>.
445
446         * replay/InputCursor.h:
447         (JSC::InputCursor::InputCursor):
448         (JSC::InputCursor::setWithinEventLoopInputExtent): Added.
449         This assertion is slightly wrong because it does not account for nested run loops.
450         We can be within two input extents when a nested run loop processes additional
451         user inputs while the debugger is paused.
452
453         This should only be the case when execution is being neither captured or
454         replayed. The debugger should not pause when capturing, and we should not replay
455         event loop inputs while in a nested run loop.
456
457         (JSC::InputCursor::withinEventLoopInputExtent): Added.
458
459 2014-09-25  Csaba Osztrogonác  <ossy@webkit.org>
460
461         Remove WinCE port from trunk
462         https://bugs.webkit.org/show_bug.cgi?id=136951
463
464         Reviewed by Alex Christensen.
465
466         * assembler/ARMAssembler.h:
467         (JSC::ARMAssembler::cacheFlush):
468         * assembler/ARMv7Assembler.h:
469         (JSC::ARMv7Assembler::cacheFlush):
470         * config.h:
471         * heap/MachineStackMarker.cpp:
472         (JSC::MachineThreads::gatherFromCurrentThread):
473         (JSC::MachineThreads::gatherFromOtherThread):
474         (JSC::swapIfBackwards): Deleted.
475         * jit/ExecutableAllocator.h:
476         * jsc.cpp:
477         (main):
478         * runtime/DateConstructor.cpp:
479         * runtime/Options.cpp:
480         (JSC::overrideOptionWithHeuristic):
481         * runtime/VM.cpp:
482         (JSC::VM::VM):
483         * testRegExp.cpp:
484         (main):
485         * tools/CodeProfiling.cpp:
486         (JSC::CodeProfiling::notifyAllocator):
487
488 2014-09-24  Brian J. Burg  <burg@cs.washington.edu>
489
490         Web Inspector: subtract elapsed time while debugger is paused from profile nodes
491         https://bugs.webkit.org/show_bug.cgi?id=136796
492
493         Reviewed by Timothy Hatcher.
494
495         Rather than accruing no time to any profile node created while the debugger is paused,
496         we can instead count a node's elapsed time and exclude time elapsed while paused.
497
498         Time for a node may elapse in a non-contiguous fashion depending on the interleaving of
499         didPause, didContinue, willExecute, and didExecute. A node's start time is set to the
500         start of the last such interval that accrues elapsed time.
501
502         * profiler/ProfileGenerator.cpp:
503         (JSC::ProfileGenerator::ProfileGenerator):
504         (JSC::ProfileGenerator::beginCallEntry):
505         (JSC::ProfileGenerator::endCallEntry):
506         (JSC::ProfileGenerator::didPause): Added.
507         (JSC::ProfileGenerator::didContinue): Added.
508         * profiler/ProfileGenerator.h:
509         (JSC::ProfileGenerator::didPause): Deleted.
510         (JSC::ProfileGenerator::didContinue): Deleted.
511         * profiler/ProfileNode.h: Rename totalTime to elapsedTime.
512         (JSC::ProfileNode::Call::Call):
513         (JSC::ProfileNode::Call::elapsedTime): Added.
514         (JSC::ProfileNode::Call::setElapsedTime): Added.
515         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
516         (JSC::ProfileNode::Call::totalTime): Deleted.
517         (JSC::ProfileNode::Call::setTotalTime): Deleted.
518
519 2014-09-24  Commit Queue  <commit-queue@webkit.org>
520
521         Unreviewed, rolling out r173839.
522         https://bugs.webkit.org/show_bug.cgi?id=137062
523
524         NumberConstruct should no longer use static tables (Requested
525         by dpino on #webkit).
526
527         Reverted changeset:
528
529         "Simple ES6 feature: Number constructor extras"
530         https://bugs.webkit.org/show_bug.cgi?id=131707
531         http://trac.webkit.org/changeset/173839
532
533 2014-09-23  Mark Lam  <mark.lam@apple.com>
534
535         DebuggerCallFrame::invalidate() should invalidate all DebuggerScope chains.
536         <https://webkit.org/b/137045>
537
538         Reviewed by Geoffrey Garen.
539
540         DebuggerCallFrame::invalidate() currently invalidates all DebuggerCallFrames
541         in the debugger stack, but only invalidates the DebuggerScope chain of the
542         top most frame.  We should also invalidate all the DebuggerScope chains of
543         the other frames in the debugger stack.
544
545         * debugger/DebuggerCallFrame.cpp:
546         (JSC::DebuggerCallFrame::invalidate):
547         * debugger/DebuggerScope.cpp:
548         (JSC::DebuggerScope::invalidateChain):
549
550 2014-09-23  Mark Lam  <mark.lam@apple.com>
551
552         Renamed DebuggerCallFrameScope to DebuggerPausedScope.
553         <https://webkit.org/b/137042>
554
555         Reviewed by Michael Saboff.
556
557         DebuggerPausedScope is a better name for this data structure because it
558         is meant for tracking the period within which the debugger is paused,
559         and doing clean ups after the pause ends.
560
561         * debugger/Debugger.cpp:
562         (JSC::DebuggerPausedScope::DebuggerPausedScope):
563         (JSC::DebuggerPausedScope::~DebuggerPausedScope):
564         (JSC::Debugger::pauseIfNeeded):
565         (JSC::DebuggerCallFrameScope::DebuggerCallFrameScope): Deleted.
566         (JSC::DebuggerCallFrameScope::~DebuggerCallFrameScope): Deleted.
567         * debugger/Debugger.h:
568         * debugger/DebuggerCallFrame.h:
569
570 2014-09-23  Tomas Popela  <tpopela@redhat.com>
571
572         [CLoop] - Fix CLoop on the 32-bit Big-Endians
573         https://bugs.webkit.org/show_bug.cgi?id=137020
574
575         Reviewed by Mark Lam.
576
577         * llint/LowLevelInterpreter.asm:
578         * llint/LowLevelInterpreter32_64.asm:
579
580 2014-09-23  Joseph Pecoraro  <pecoraro@apple.com>
581
582         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
583         https://bugs.webkit.org/show_bug.cgi?id=136893
584
585         Reviewed by Timothy Hatcher.
586
587         Adds new remote inspector protocol handling for automatic inspection.
588         Debuggers can signal they have enabled automatic inspection, and
589         when debuggables are created the current application will pause to
590         see if the debugger will inspect or decline to inspect the debuggable.
591
592         * inspector/remote/RemoteInspectorConstants.h:
593         * inspector/remote/RemoteInspector.h:
594         * inspector/remote/RemoteInspector.mm:
595         (Inspector::globalAutomaticInspectionState):
596         (Inspector::RemoteInspector::RemoteInspector):
597         (Inspector::RemoteInspector::start):
598         When first starting, check the global "is there an auto-inspect" debugger state.
599         This is necessary so that the current application knows if it should pause or
600         not when a debuggable is created, even without having connected to webinspectord yet.
601
602         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
603         When a debuggable has enabled remote inspection, take this path to propose
604         it as an automatic inspection candidate if there is an auto-inspect debugger.
605
606         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
607         Send the automatic inspection candidate message.
608
609         (Inspector::RemoteInspector::receivedSetupMessage):
610         (Inspector::RemoteInspector::setupFailed):
611         (Inspector::RemoteInspector::setupSucceeded):
612         After attempting to open an inspector, unpause if it was for the
613         automatic inspection candidate.
614
615         (Inspector::RemoteInspector::waitingForAutomaticInspection):
616         When running a nested runloop, check if we should remain paused.
617
618         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
619         If by the time we connect to webinspectord we have a candidate, then
620         immediately send the candidate message.
621
622         (Inspector::RemoteInspector::stopInternal):
623         (Inspector::RemoteInspector::xpcConnectionFailed):
624         In error cases, clear our state.
625
626         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
627         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
628         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
629         Update state when receiving new messages.
630
631
632         * inspector/remote/RemoteInspectorDebuggable.h:
633         * inspector/remote/RemoteInspectorDebuggable.cpp:
634         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
635         Special case when a debuggable is newly allowed to be debuggable.
636
637         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
638         Run a nested run loop while this is an automatic inspection candidate.
639
640         * inspector/JSGlobalObjectInspectorController.h:
641         * inspector/JSGlobalObjectInspectorController.cpp:
642         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
643         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
644         When the inspector starts via automatic inspection automatically pause.
645         We plan on removing this condition by having the frontend signal to the
646         backend when it is completely initialized.
647         
648         * inspector/remote/RemoteInspectorDebuggableConnection.h:
649         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
650         (Inspector::RemoteInspectorDebuggableConnection::setup):
651         Pass on the flag of whether or not this was automatic inspection.
652
653         * runtime/JSGlobalObjectDebuggable.h:
654         * runtime/JSGlobalObjectDebuggable.cpp:
655         (JSC::JSGlobalObjectDebuggable::connect):
656         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
657         When pausing in a JSGlobalObject we need to release the API lock.
658
659 2014-09-22  Filip Pizlo  <fpizlo@apple.com>
660
661         FTL allocatePropertyStorage code should involve less copy-paste
662         https://bugs.webkit.org/show_bug.cgi?id=137006
663
664         Reviewed by Michael Saboff.
665
666         * ftl/FTLLowerDFGToLLVM.cpp:
667         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
668         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
669         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorageWithSizeImpl):
670
671 2014-09-22  Diego Pino Garcia  <dpino@igalia.com>
672
673         Simple ES6 feature: Number constructor extras
674         https://bugs.webkit.org/show_bug.cgi?id=131707
675
676         Reviewed by Darin Adler.
677
678         * runtime/CommonIdentifiers.h: Added new identifiers.
679         * runtime/NumberConstructor.cpp:
680         (JSC::NumberConstructor::getOwnPropertySlot):
681         (JSC::NumberConstructor::isFunction): Added.
682         (JSC::numberConstructorEpsilonValue): Added.
683         (JSC::numberConstructorNegInfinity): Added.
684         (JSC::numberConstructorPosInfinity): Added.
685         (JSC::numberConstructorMaxValue): Added.
686         (JSC::numberConstructorMinValue): Added.
687         (JSC::numberConstructorMaxSafeInteger): Added.
688         (JSC::numberConstructorMinSafeInteger): Added.
689         (JSC::numberConstructorFuncIsFinite): Added.
690         (JSC::numberConstructorFuncIsInteger): Added.
691         (JSC::numberConstructorFuncIsNaN): Added.
692         (JSC::numberConstructorFuncIsSafeInteger): Added.
693         * runtime/NumberConstructor.h:
694
695 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
696
697         FTL should store the four bytes of the cell header using a 32-bit store rather than four 8-bit stores
698         https://bugs.webkit.org/show_bug.cgi?id=136992
699
700         Reviewed by Sam Weinig.
701         
702         LLVM ought to be able to do this optimization for us given how the code was written, but
703         any such lower-level attempts to optimize this would get into trouble with the weird
704         object materialization logic I'll be introducing in bug 136330. So, this brings the
705         merging of the byte stores into the FTL lowering so that we can control it explicitly.
706
707         * ftl/FTLAbstractHeap.h:
708         (JSC::FTL::AbstractHeap::changeParent):
709         * ftl/FTLAbstractHeapRepository.cpp:
710         (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
711         * ftl/FTLAbstractHeapRepository.h:
712         * ftl/FTLLowerDFGToLLVM.cpp:
713         (JSC::FTL::LowerDFGToLLVM::allocateCell):
714
715 2014-09-21  Saam Barati  <saambarati1@gmail.com>
716
717         Web Inspector: fix TypeSet hierarchy in TypeTokenView
718         https://bugs.webkit.org/show_bug.cgi?id=136982
719
720         Reviewed by Joseph Pecoraro.
721
722         TypeSet was computing the set of type booleans in the Inspector::Protocol::Runtime::TypeSet 
723         object incorrectly because it was calling TypeSet::doesTypeConformTo(T) which checks if the 
724         type set has only been of type T. It now checks '(m_seenTypes & T) != TypeNothing' to see 
725         if type T is in the set of seen types, but not the entire set itself.
726
727         * runtime/TypeSet.cpp:
728         (JSC::TypeSet::inspectorTypeSet):
729
730 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
731
732         Structure should have a method for concurrently getting all of the property map entries, and this method shouldn't involve copy-paste
733         https://bugs.webkit.org/show_bug.cgi?id=136983
734
735         Reviewed by Mark Hahnenberg.
736
737         * runtime/PropertyMapHashTable.h:
738         (JSC::PropertyMapEntry::PropertyMapEntry): Moved PropertyMapEntry struct to Structure.h so that Structure can refer to it.
739         * runtime/Structure.cpp:
740         (JSC::Structure::getConcurrently): Switch to using the new forEachPropertyConcurrently() method.
741         (JSC::Structure::getPropertiesConcurrently): The subject of this patch. It will be useful for object allocation sinking (bug 136330).
742         (JSC::Structure::dump): Switch to using the new forEachPropertyConcurrently() method.
743         * runtime/Structure.h:
744         (JSC::PropertyMapEntry::PropertyMapEntry): Moved from PropertyMapHashTable.h.
745         * runtime/StructureInlines.h:
746         (JSC::Structure::forEachPropertyConcurrently): Capture this very common concurrent structure iteration pattern into a template method.
747
748 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
749
750         Structure::getConcurrently() doesn't need to take a VM& argument.
751
752         Rubber stamped by Dan Bernstein.
753         
754         Removed the extra argument, and then removed similar arguments from other methods until
755         I could build successfully again. It turned out that many methods took a VM& argument
756         just for calling getConcurrently().
757
758         * bytecode/CodeBlock.cpp:
759         (JSC::dumpStructure):
760         (JSC::dumpChain):
761         (JSC::CodeBlock::printGetByIdCacheStatus):
762         (JSC::CodeBlock::printPutByIdCacheStatus):
763         * bytecode/ComplexGetStatus.cpp:
764         (JSC::ComplexGetStatus::computeFor):
765         * bytecode/GetByIdStatus.cpp:
766         (JSC::GetByIdStatus::computeFromLLInt):
767         (JSC::GetByIdStatus::computeForStubInfo):
768         (JSC::GetByIdStatus::computeFor):
769         * bytecode/GetByIdStatus.h:
770         * bytecode/PutByIdStatus.cpp:
771         (JSC::PutByIdStatus::computeFromLLInt):
772         (JSC::PutByIdStatus::computeForStubInfo):
773         (JSC::PutByIdStatus::computeFor):
774         * bytecode/PutByIdStatus.h:
775         * dfg/DFGAbstractInterpreterInlines.h:
776         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
777         * dfg/DFGByteCodeParser.cpp:
778         (JSC::DFG::ByteCodeParser::parseBlock):
779         * dfg/DFGConstantFoldingPhase.cpp:
780         (JSC::DFG::ConstantFoldingPhase::foldConstants):
781         * dfg/DFGFixupPhase.cpp:
782         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
783         * runtime/IntendedStructureChain.cpp:
784         (JSC::IntendedStructureChain::mayInterceptStoreTo):
785         * runtime/IntendedStructureChain.h:
786         * runtime/Structure.cpp:
787         (JSC::Structure::getConcurrently):
788         * runtime/Structure.h:
789         * runtime/StructureInlines.h:
790         (JSC::Structure::getConcurrently):
791
792 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
793
794         FTL OSRExit construction should be based on methods that return ExitValues rather than methods that add ExitValues to OSRExit
795         https://bugs.webkit.org/show_bug.cgi?id=136978
796
797         Reviewed by Dean Jackson.
798
799         * ftl/FTLLowerDFGToLLVM.cpp:
800         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
801         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
802         (JSC::FTL::LowerDFGToLLVM::exitArgument):
803         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): Deleted.
804         (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument): Deleted.
805         (JSC::FTL::LowerDFGToLLVM::addExitArgument): Deleted.
806
807 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
808
809         FTL OSR exit should do reboxing and value recovery in the same pass
810         https://bugs.webkit.org/show_bug.cgi?id=136977
811
812         Reviewed by Oliver Hunt.
813         
814         It's conceptually simpler to have all of the logic in one place. After the
815         recover-and-rebox loop is done, all of the exit values are in the form that the baseline
816         JIT would want them to be in; the only remaining task is to move them into the right
817         place on the stack after we do all of the necessary stack adjustments.
818
819         * ftl/FTLOSRExitCompiler.cpp:
820         (JSC::FTL::compileStub):
821
822 2014-09-19  Filip Pizlo  <fpizlo@apple.com>
823
824         StorageAccessData should be referenced in a sensible way
825         https://bugs.webkit.org/show_bug.cgi?id=136963
826
827         Reviewed and rubber stamped by Michael Saboff.
828
829         * dfg/DFGAbstractInterpreterInlines.h:
830         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
831         * dfg/DFGByteCodeParser.cpp:
832         (JSC::DFG::ByteCodeParser::handleGetByOffset):
833         (JSC::DFG::ByteCodeParser::handlePutByOffset):
834         (JSC::DFG::ByteCodeParser::handlePutById):
835         * dfg/DFGClobberize.h:
836         (JSC::DFG::clobberize):
837         * dfg/DFGConstantFoldingPhase.cpp:
838         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
839         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
840         * dfg/DFGGraph.cpp:
841         (JSC::DFG::Graph::dump):
842         * dfg/DFGGraph.h:
843         * dfg/DFGNode.h:
844         (JSC::DFG::Node::convertToGetByOffset):
845         (JSC::DFG::Node::convertToPutByOffset):
846         (JSC::DFG::Node::storageAccessData):
847         (JSC::DFG::Node::storageAccessDataIndex): Deleted.
848         * dfg/DFGSafeToExecute.h:
849         (JSC::DFG::safeToExecute):
850         * dfg/DFGSpeculativeJIT32_64.cpp:
851         (JSC::DFG::SpeculativeJIT::compile):
852         * dfg/DFGSpeculativeJIT64.cpp:
853         (JSC::DFG::SpeculativeJIT::compile):
854         * ftl/FTLLowerDFGToLLVM.cpp:
855         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
856         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
857
858 2014-09-19  Ryosuke Niwa  <rniwa@webkit.org>
859
860         Leak of mallocs under StructureSet::OutOfLineList::create
861         https://bugs.webkit.org/show_bug.cgi?id=136970
862
863         Reviewed by Filip Pizlo.
864
865         addOutOfLine should free the old list when expanding the capacity.
866
867         * bytecode/StructureSet.cpp:
868         (JSC::StructureSet::addOutOfLine):
869
870 2014-09-19  Daniel Bates  <dabates@apple.com>
871
872         Always assume internal SDK when building configuration Production
873         https://bugs.webkit.org/show_bug.cgi?id=136925
874         <rdar://problem/18362399>
875
876         Reviewed by Dan Bernstein.
877
878         As a side effect of this change we will always enable ENABLE_TOUCH_EVENTS, ENABLE_IOS_{GESTURE, TOUCH}_EVENTS,
879         and ENABLE_XSLT when either building configuration Production or building with the Internal SDK.
880
881         * Configurations/Base.xcconfig:
882
883 2014-09-19  Diego Pino Garcia  <dpino@igalia.com>
884
885         Simple ES6 feature:String prototype additions
886         https://bugs.webkit.org/show_bug.cgi?id=131704
887
888         Reviewed by Darin Adler.
889
890         * runtime/StringPrototype.cpp:
891         (JSC::StringPrototype::finishCreation):
892         (JSC::stringProtoFuncStartsWith): Added.
893         (JSC::stringProtoFuncEndsWith): Added.
894         (JSC::stringProtoFuncContains): Added.
895
896 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
897
898         Unreviewed rollout r173731. Broke multiple builds.
899
900         * inspector/JSGlobalObjectInspectorController.cpp:
901         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
902         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
903         * inspector/JSGlobalObjectInspectorController.h:
904         * inspector/remote/RemoteInspector.h:
905         * inspector/remote/RemoteInspector.mm:
906         (Inspector::RemoteInspector::RemoteInspector):
907         (Inspector::RemoteInspector::setupFailed):
908         (Inspector::RemoteInspector::start):
909         (Inspector::RemoteInspector::stopInternal):
910         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
911         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
912         (Inspector::RemoteInspector::xpcConnectionFailed):
913         (Inspector::RemoteInspector::receivedSetupMessage):
914         (Inspector::globalAutomaticInspectionState): Deleted.
915         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
916         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage): Deleted.
917         (Inspector::RemoteInspector::setupSucceeded): Deleted.
918         (Inspector::RemoteInspector::waitingForAutomaticInspection): Deleted.
919         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage): Deleted.
920         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage): Deleted.
921         * inspector/remote/RemoteInspectorConstants.h:
922         * inspector/remote/RemoteInspectorDebuggable.cpp:
923         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
924         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection): Deleted.
925         * inspector/remote/RemoteInspectorDebuggable.h:
926         * inspector/remote/RemoteInspectorDebuggableConnection.h:
927         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
928         (Inspector::RemoteInspectorDebuggableConnection::setup):
929         * runtime/JSGlobalObjectDebuggable.cpp:
930         (JSC::JSGlobalObjectDebuggable::connect):
931         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection): Deleted.
932         * runtime/JSGlobalObjectDebuggable.h:
933
934 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
935
936         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
937         https://bugs.webkit.org/show_bug.cgi?id=136893
938
939         Reviewed by Timothy Hatcher.
940
941         Adds new remote inspector protocol handling for automatic inspection.
942         Debuggers can signal they have enabled automatic inspection, and
943         when debuggables are created the current application will pause to
944         see if the debugger will inspect or decline to inspect the debuggable.
945
946         * inspector/remote/RemoteInspectorConstants.h:
947         * inspector/remote/RemoteInspector.h:
948         * inspector/remote/RemoteInspector.mm:
949         (Inspector::globalAutomaticInspectionState):
950         (Inspector::RemoteInspector::RemoteInspector):
951         (Inspector::RemoteInspector::start):
952         When first starting, check the global "is there an auto-inspect" debugger state.
953         This is necessary so that the current application knows if it should pause or
954         not when a debuggable is created, even without having connected to webinspectord yet.
955
956         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
957         When a debuggable has enabled remote inspection, take this path to propose
958         it as an automatic inspection candidate if there is an auto-inspect debugger.
959
960         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
961         Send the automatic inspection candidate message.
962
963         (Inspector::RemoteInspector::receivedSetupMessage):
964         (Inspector::RemoteInspector::setupFailed):
965         (Inspector::RemoteInspector::setupSucceeded):
966         After attempting to open an inspector, unpause if it was for the
967         automatic inspection candidate.
968
969         (Inspector::RemoteInspector::waitingForAutomaticInspection):
970         When running a nested runloop, check if we should remain paused.
971
972         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
973         If by the time we connect to webinspectord we have a candidate, then
974         immediately send the candidate message.
975
976         (Inspector::RemoteInspector::stopInternal):
977         (Inspector::RemoteInspector::xpcConnectionFailed):
978         In error cases, clear our state.
979
980         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
981         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
982         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
983         Update state when receiving new messages.
984
985
986         * inspector/remote/RemoteInspectorDebuggable.h:
987         * inspector/remote/RemoteInspectorDebuggable.cpp:
988         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
989         Special case when a debuggable is newly allowed to be debuggable.
990
991         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
992         Run a nested run loop while this is an automatic inspection candidate.
993
994         * inspector/JSGlobalObjectInspectorController.h:
995         * inspector/JSGlobalObjectInspectorController.cpp:
996         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
997         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
998         When the inspector starts via automatic inspection automatically pause.
999         We plan on removing this condition by having the frontend signal to the
1000         backend when it is completely initialized.
1001         
1002         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1003         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1004         (Inspector::RemoteInspectorDebuggableConnection::setup):
1005         Pass on the flag of whether or not this was automatic inspection.
1006
1007         * runtime/JSGlobalObjectDebuggable.h:
1008         * runtime/JSGlobalObjectDebuggable.cpp:
1009         (JSC::JSGlobalObjectDebuggable::connect):
1010         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
1011         When pausing in a JSGlobalObject we need to release the API lock.
1012
1013 2014-09-18  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
1014
1015         Fix "Tools/Scripts/build-webkit --efl --no-inspector" build
1016         https://bugs.webkit.org/show_bug.cgi?id=136912
1017
1018         Reviewed by Darin Adler.
1019
1020         * runtime/TypeSet.cpp:
1021         (JSC::TypeSet::leastCommonAncestor):
1022
1023 2014-09-17  Michael Saboff  <msaboff@apple.com>
1024
1025         Change CallFrame to use Callee instead of JSScope to implement vm()
1026         https://bugs.webkit.org/show_bug.cgi?id=136894
1027
1028         Reviewed by Geoffrey Garen.
1029
1030         Added JSCell::vm() method that can be used on any JSObject.  Changed CallFrame::vm() to
1031         use JSCell::vm with the Callee.  Made similar changes in the LLInt.
1032         In support of this, changed JSGlobalObject::init() to take a VM& parameter, as there is
1033         a chicken/egg problem with trying to use the Callee in the global exec before the Callee
1034         has been create.  Besides, the vm is readily available in finishCreation(), the caller of
1035         init().
1036
1037         * llint/LowLevelInterpreter32_64.asm:
1038         * llint/LowLevelInterpreter64.asm:
1039         Changed the calculation of CallFrame::VM to use the Callee instead of JSScope.
1040
1041         * runtime/JSCell.h:
1042         * runtime/JSCellInlines.h:
1043         (JSC::JSCell::vm): New method for getting VM from the pointer.
1044         (JSC::ExecState::vm): Moved this method from JSScope.h to here since this file
1045         contains the implementation of JSCell::vm(), this file is included by all users
1046         of CallFrame::vm, and lastly putting it in CallFrameInlines.h required changing
1047         many other .h files and possible the WebCore generator generate-bindings.pl.
1048
1049         * runtime/JSGlobalObject.cpp:
1050         (JSC::JSGlobalObject::init):
1051         * runtime/JSGlobalObject.h:
1052         (JSC::JSGlobalObject::finishCreation):
1053         Changed init() to take a VM parameter.
1054
1055         * runtime/JSScope.h:
1056         (JSC::ExecState::vm): Deleted.
1057
1058 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
1059
1060         Unreviewed, disable native inlining because it causes build failures.
1061
1062         * JavaScriptCore.xcodeproj/project.pbxproj:
1063
1064 2014-09-16  Joseph Pecoraro  <pecoraro@apple.com>
1065
1066         Web Inspector: Reduce a bit of churn setting initial remote inspection state
1067         https://bugs.webkit.org/show_bug.cgi?id=136875
1068
1069         Reviewed by Timothy Hatcher.
1070
1071         * API/JSContextRef.cpp:
1072         (JSGlobalContextCreateInGroup):
1073         Set the defaultl remote debuggable state at the API boundary.
1074
1075         * runtime/JSGlobalObject.cpp:
1076         (JSC::JSGlobalObject::init):
1077         Do not set remote debuggable state here. Let clients set it.
1078
1079 2014-09-16  Yusuke Suzuki  <utatane.tea@gmail.com>
1080
1081         Promise: Drop Promise.cast
1082         https://bugs.webkit.org/show_bug.cgi?id=136222
1083
1084         Reviewed by Sam Weinig.
1085
1086         Promise.cast is dropped and Promise.resolve is replaced with old Promise.cast.
1087
1088         * runtime/CommonIdentifiers.h:
1089         * runtime/JSPromiseConstructor.cpp:
1090         (JSC::JSPromiseConstructorFuncResolve):
1091         (JSC::JSPromiseConstructorFuncRace):
1092         (JSC::JSPromiseConstructorFuncAll):
1093         (JSC::JSPromiseConstructorFuncCast): Deleted.
1094
1095 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
1096
1097         Local OSR availability calculation should be reusable
1098         https://bugs.webkit.org/show_bug.cgi?id=136860
1099
1100         Reviewed by Oliver Hunt.
1101         
1102         Previously, the FTL lowering repeated some of the logic of the OSR availability analysis
1103         phase. Humorously, it actually did this logic a bit differently; for example the phase
1104         would claim that a SetLocal makes both the flush and the node available while the FTL
1105         only claimed that the flush was available. This different was benign, but still: yuck!
1106         
1107         Also, previously if you wanted to use availability information then you'd have to repeat
1108         some of the logic that both the phase itself and the FTL lowering already had.
1109         Presumably, you could get epic style points for finding other benign ways in which to
1110         make your copy of the logic different from the other two!
1111         
1112         This reduces the amount of style points one could conceivably get in the future when
1113         hacking JSC, by creating a single reusable thingy for computing local OSR availability.
1114
1115         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
1116         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
1117         (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
1118         (JSC::DFG::LocalOSRAvailabilityCalculator::~LocalOSRAvailabilityCalculator):
1119         (JSC::DFG::LocalOSRAvailabilityCalculator::beginBlock):
1120         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
1121         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
1122         * ftl/FTLLowerDFGToLLVM.cpp:
1123         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
1124         (JSC::FTL::LowerDFGToLLVM::compileBlock):
1125         (JSC::FTL::LowerDFGToLLVM::compileNode):
1126         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
1127         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
1128         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
1129         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
1130         (JSC::FTL::LowerDFGToLLVM::availability):
1131         (JSC::FTL::LowerDFGToLLVM::compileMovHint): Deleted.
1132         (JSC::FTL::LowerDFGToLLVM::compileZombieHint): Deleted.
1133         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock): Deleted.
1134
1135 2014-09-16  Csaba Osztrogonác  <ossy@webkit.org>
1136
1137         JSC test gardening
1138         https://bugs.webkit.org/show_bug.cgi?id=136823
1139
1140         Reviewed by Geoffrey Garen.
1141
1142         * tests/mozilla/mozilla-tests.yaml: Unskip passing tests.
1143
1144 2014-09-15  Michael Saboff  <msaboff@apple.com>
1145
1146         Create a JSCallee for GlobalExec object
1147         https://bugs.webkit.org/show_bug.cgi?id=136840
1148
1149         Reviewed by Geoffrey Garen.
1150
1151         Added m_globalCallee, initialized it and then used it to set the globalExec's callee.
1152
1153         * runtime/JSGlobalObject.cpp:
1154         (JSC::JSGlobalObject::init):
1155         (JSC::JSGlobalObject::visitChildren):
1156         * runtime/JSGlobalObject.h:
1157
1158 2014-09-14  Filip Pizlo  <fpizlo@apple.com>
1159
1160         DFG ref count calculation should be reusable
1161         https://bugs.webkit.org/show_bug.cgi?id=136811
1162
1163         Reviewed by Oliver Hunt.
1164         
1165         Henceforth if you call Graph::computeRefCounts(), a nifty O(n) operation, every Node
1166         will be able to tell you how many places it is used from. Currently only DCE uses this,
1167         but it will be useful for https://bugs.webkit.org/show_bug.cgi?id=136330.
1168
1169         * dfg/DFGDCEPhase.cpp:
1170         (JSC::DFG::DCEPhase::run):
1171         (JSC::DFG::DCEPhase::findTypeCheckRoot): Deleted.
1172         (JSC::DFG::DCEPhase::countNode): Deleted.
1173         (JSC::DFG::DCEPhase::countEdge): Deleted.
1174         * dfg/DFGGraph.cpp:
1175         (JSC::DFG::Graph::computeRefCounts):
1176         * dfg/DFGGraph.h:
1177
1178 2014-09-12  Michael Saboff  <msaboff@apple.com>
1179
1180         Merge JSGlobalObject::reset() into ::init()
1181         https://bugs.webkit.org/show_bug.cgi?id=136800
1182
1183         Reviewed by Oliver Hunt.
1184
1185         Moved the contents of reset() into init().
1186         Note that the diff shows more changes.
1187
1188         * runtime/JSGlobalObject.cpp:
1189         (JSC::JSGlobalObject::init): Moved body of reset() into init.
1190         (JSC::JSGlobalObject::put):
1191         (JSC::JSGlobalObject::defineOwnProperty):
1192         (JSC::JSGlobalObject::addGlobalVar):
1193         (JSC::JSGlobalObject::addFunction):
1194         (JSC::lastInPrototypeChain):
1195         (JSC::JSGlobalObject::reset): Deleted.
1196         * runtime/JSGlobalObject.h:
1197
1198 2014-09-12  Michael Saboff  <msaboff@apple.com>
1199
1200         Add JSCallee to program and eval CallFrames
1201         https://bugs.webkit.org/show_bug.cgi?id=136785
1202
1203         Reviewed by Mark Lam.
1204
1205         Populated Callee slot for program and call eval CallFrames with a JSCallee objects.
1206         Made supporting changes including adding a JSCallee structure to global object and adding
1207         JSCallee::create() method.  Added code so that the newly added callee object won't be
1208         returned by Function.caller.  Changed null pointer checks of callee to check the if
1209         the type is JSFunction* or JSCallee*.
1210
1211         * debugger/DebuggerCallFrame.cpp:
1212         (JSC::DebuggerCallFrame::functionName):
1213         (JSC::DebuggerCallFrame::type):
1214         * profiler/LegacyProfiler.cpp:
1215         (JSC::LegacyProfiler::createCallIdentifier):
1216         * interpreter/Interpreter.cpp:
1217         (JSC::unwindCallFrame):
1218         Changed checks of callee is a JSFunction* or JSCallee* instead of just checking
1219         if it is null or not.
1220
1221         * interpreter/Interpreter.cpp:
1222         (JSC::Interpreter::execute): Create and use JSCallee objects for execute(EvalExecutable, ...)
1223         and execute(ProgramExecutable, ...)
1224
1225         * jit/JITCode.cpp:
1226         (JSC::JITCode::execute): Use jsDynamicCast to cast only JSFunctions.
1227
1228         * runtime/JSCallee.cpp:
1229         (JSC::JSCallee::create): Not used, therefore deleted.
1230
1231         * runtime/JSCallee.h:
1232         (JSC::JSCallee::create): Added.
1233
1234         * runtime/JSFunction.cpp:
1235         (JSC::JSFunction::callerGetter): Added test to return null for JSCallee's that aren't
1236         JSFunction's.  This can only be the case when the JSCallee comes from a program or
1237         call eval CallFrame.
1238
1239         * runtime/JSGlobalObject.cpp:
1240         (JSC::JSGlobalObject::reset):
1241         (JSC::JSGlobalObject::visitChildren):
1242         * runtime/JSGlobalObject.h:
1243         (JSC::JSGlobalObject::calleeStructure):
1244         Added new JSCallee structure.
1245
1246 2014-09-10  Jon Honeycutt  <jhoneycutt@apple.com>
1247
1248         Re-add the request autocomplete feature
1249
1250         <https://bugs.webkit.org/show_bug.cgi?id=136730>
1251
1252         This feature was rolled out in r148731 because it was only used by
1253         Chromium. As we consider supporting this feature, roll it back in, but
1254         leave it disabled.
1255
1256         This rolls out r148731 (which removed the feature) with small changes
1257         needed to make the code build in ToT, to match modern style, to make
1258         the tests run, and to remove unused code.
1259
1260         Reviewed by Andy Estes.
1261
1262         * Configurations/FeatureDefines.xcconfig:
1263
1264 2014-09-12  Julien Brianceau  <jbriance@cisco.com>
1265
1266         [x86] moveDoubleToInts() does not clobber its source register anymore
1267         https://bugs.webkit.org/show_bug.cgi?id=131690
1268
1269         Reviewed by Oliver Hunt.
1270
1271         * assembler/MacroAssemblerX86.h:
1272         (JSC::MacroAssemblerX86::moveDoubleToInts):
1273         * dfg/DFGSpeculativeJIT.cpp:
1274         (JSC::DFG::SpeculativeJIT::compileValueRep):
1275         * jit/SpecializedThunkJIT.h:
1276         (JSC::SpecializedThunkJIT::returnDouble):
1277
1278 2014-09-12  Mark Lam  <mark.lam@apple.com>
1279
1280         Unreviewed build fix for CLOOP build.
1281
1282         * runtime/JSCallee.h:
1283
1284 2014-09-12  Michael Saboff  <msaboff@apple.com>
1285
1286         Remove unneeded declarations from JSCallee.h
1287         https://bugs.webkit.org/show_bug.cgi?id=136783
1288
1289         Reviewed by Mark Lam.
1290
1291         * runtime/JSCallee.h:
1292         (JSCallee::name): Deleted.
1293         (JSCallee::displayName): Deleted.
1294         (JSCallee::calculatedDisplayName): Deleted.
1295
1296 2014-09-11  Brian J. Burg  <burg@cs.washington.edu>
1297
1298         Web Inspector: disambiguate double and integer primitive types in the protocol
1299         https://bugs.webkit.org/show_bug.cgi?id=136606
1300
1301         Reviewed by Timothy Hatcher.
1302
1303         Right now it's really easy to mix up doubles and integers when serializing or deserializing
1304         values for the inspector protocol. This patch disambiguates setting/getting doubles and integers
1305         so that it is clearer as to which type is intended.
1306
1307         A new InspectorValue::Type is added for Integer types, and the Number type is renamed to Double.
1308         The existing callsites for asNumber/getNumber/setNumber have been fixed.
1309
1310         Address various integration points to make sure the right type tag is assigned to InspectorValues.
1311
1312         * bindings/ScriptValue.cpp:
1313         (Deprecated::jsToInspectorValue): Make an Integer if the JSValue is Int52 or smaller.
1314         * inspector/InjectedScriptManager.cpp:
1315         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
1316         * inspector/InspectorBackendDispatcher.cpp:
1317         (Inspector::InspectorBackendDispatcher::dispatch):
1318         (Inspector::InspectorBackendDispatcher::sendResponse):
1319         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1320         (Inspector::AsMethodBridges::asInteger):
1321         (Inspector::AsMethodBridges::asDouble):
1322         (Inspector::InspectorBackendDispatcher::getInteger):
1323         (Inspector::InspectorBackendDispatcher::getDouble):
1324         (Inspector::AsMethodBridges::asInt): Deleted.
1325         (Inspector::InspectorBackendDispatcher::getInt): Deleted.
1326         * inspector/InspectorBackendDispatcher.h:
1327         * inspector/InspectorProtocolTypes.h: Remove the special case for checking int type tags.
1328         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw):
1329         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw):
1330         (Inspector::Protocol::BindingTraits<int>::assertValueHasExpectedType): Deleted.
1331         * inspector/InspectorValues.cpp: Allow integers and doubles to be convertible using asInteger/asDouble.
1332         (Inspector::InspectorValue::asDouble):
1333         (Inspector::InspectorValue::asInteger):
1334         (Inspector::InspectorBasicValue::asDouble):
1335         (Inspector::InspectorBasicValue::asInteger):
1336         (Inspector::InspectorBasicValue::writeJSON):
1337         (Inspector::InspectorValue::asNumber): Deleted.
1338         (Inspector::InspectorBasicValue::asNumber): Deleted.
1339         * inspector/InspectorValues.h:
1340         (Inspector::InspectorObjectBase::setInteger):
1341         (Inspector::InspectorObjectBase::setDouble):
1342         (Inspector::InspectorArrayBase::pushInteger):
1343         (Inspector::InspectorArrayBase::pushDouble):
1344         (Inspector::InspectorObjectBase::setNumber): Deleted.
1345         (Inspector::InspectorArrayBase::pushInt): Deleted.
1346         (Inspector::InspectorArrayBase::pushNumber): Deleted.
1347         * inspector/agents/InspectorDebuggerAgent.cpp:
1348         (Inspector::buildObjectForBreakpointCookie):
1349         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
1350         (Inspector::parseLocation):
1351         (Inspector::InspectorDebuggerAgent::didParseSource):
1352         * inspector/agents/InspectorRuntimeAgent.cpp:
1353         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1354         * inspector/scripts/codegen/generator.py: Update emitted code and rebaseline test results.
1355         (Generator.keyed_get_method_for_type):
1356         (Generator.keyed_set_method_for_type):
1357         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1358         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1359         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1360         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1361         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1362         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1363         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1364         * replay/EncodedValue.cpp:
1365         (JSC::EncodedValue::convertTo<double>):
1366         (JSC::EncodedValue::convertTo<float>):
1367         (JSC::EncodedValue::convertTo<int32_t>):
1368         (JSC::EncodedValue::convertTo<int64_t>):
1369         (JSC::EncodedValue::convertTo<uint32_t>):
1370         (JSC::EncodedValue::convertTo<uint64_t>):
1371
1372 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1373
1374         Web Inspector: Occasional ASSERT closing web inspector
1375         https://bugs.webkit.org/show_bug.cgi?id=136762
1376
1377         Reviewed by Timothy Hatcher.
1378
1379         It is harmless, and indeed possible to have an empty set of listeners
1380         now that each Page gets its own PageDebugServer instead of a shared
1381         global. So we should replace the null checks with isEmpty checks.
1382         Since nobody was ever returning null, convert to references as well.
1383
1384         * inspector/JSGlobalObjectScriptDebugServer.h:
1385         * inspector/ScriptDebugServer.cpp:
1386         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
1387         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1388         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
1389         (Inspector::ScriptDebugServer::sourceParsed):
1390         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
1391         (Inspector::ScriptDebugServer::notifyDoneProcessingDebuggerEvents):
1392         (Inspector::ScriptDebugServer::handlePause):
1393         (Inspector::ScriptDebugServer::needPauseHandling): Deleted.
1394         * inspector/ScriptDebugServer.h:
1395
1396 2014-09-10  Michael Saboff  <msaboff@apple.com>
1397
1398         Move JSScope out of JSFunction into separate JSCallee class
1399         https://bugs.webkit.org/show_bug.cgi?id=136725
1400
1401         Reviewed by Oliver Hunt.
1402
1403         Created new JSCallee class that contains a JSScope*.  Changed JSFunction to inherit from
1404         JSCallee.
1405
1406         * CMakeLists.txt:
1407         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1408         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1409         * JavaScriptCore.xcodeproj/project.pbxproj:
1410         Build changes.  Added JSCallee.cpp and JSCallee.h.
1411
1412         * runtime/JSCallee.cpp: Added.
1413         (JSC::JSCallee::create):
1414         (JSC::JSCallee::destroy):
1415         (JSC::JSCallee::JSCallee):
1416         (JSC::JSCallee::finishCreation):
1417         (JSC::JSCallee::visitChildren):
1418         (JSC::JSCallee::getOwnPropertySlot): Pass through wrapper function.
1419         (JSC::JSCallee::getOwnNonIndexPropertyNames): Pass through wrapper function.
1420         (JSC::JSCallee::put): Pass through wrapper function.
1421         (JSC::JSCallee::deleteProperty): Pass through wrapper function.
1422         (JSC::JSCallee::defineOwnProperty): Pass through wrapper function.
1423
1424         * runtime/JSCallee.h: Added.
1425         (JSC::JSCallee::scope):
1426         (JSC::JSCallee::scopeUnchecked):
1427         (JSC::JSCallee::setScope):
1428         (JSC::JSCallee::createStructure):
1429         (JSC::JSCallee::offsetOfScopeChain):
1430
1431         * runtime/JSFunction.cpp:
1432         (JSC::JSFunction::JSFunction):
1433         (JSC::JSFunction::addNameScopeIfNeeded):
1434         (JSC::JSFunction::visitChildren):
1435         * runtime/JSFunction.h:
1436         (JSC::JSFunction::scope): Deleted.
1437         (JSC::JSFunction::scopeUnchecked): Deleted.
1438         (JSC::JSFunction::setScope): Deleted.
1439         (JSC::JSFunction::offsetOfScopeChain): Deleted.
1440         * runtime/JSFunctionInlines.h:
1441         (JSC::JSFunction::JSFunction):
1442         Changed to reference JSCallee and its methods.
1443
1444         * runtime/JSType.h: Added JSCallee as a TypeEnum.
1445
1446 2014-09-11  Filip Pizlo  <fpizlo@apple.com>
1447
1448         REGRESSION (r172129): Vine pages load as blank
1449         https://bugs.webkit.org/show_bug.cgi?id=136655
1450         rdar://problem/18281215
1451
1452         Reviewed by Michael Saboff.
1453         
1454         If lastNode is something that is subject to DCE, then removing the Phantom's reference to something
1455         that lastNode references means that the thing being referenced may no longer be kept alive for OSR.
1456         Teach PhantomRemovalPhase that it's only safe to do this if lastNode is a Phantom. That's probably too
1457         conservative, but that's fine since this is mainly just an optimization to make the IR sane to read and
1458         reasonably compact; it's OK if we miss cases here.
1459
1460         * dfg/DFGPhantomRemovalPhase.cpp:
1461         (JSC::DFG::PhantomRemovalPhase::run):
1462         * tests/stress/remove-phantom-after-setlocal.js: Added.
1463
1464 2014-09-11  Bear Travis  <betravis@adobe.com>
1465
1466         [CSS Font Loading] Enable CSS Font Loading on Mac
1467         https://bugs.webkit.org/show_bug.cgi?id=135473
1468
1469         Reviewed by Antti Koivisto.
1470
1471         Enable CSS Font Loading in FeatureDefines.
1472
1473         * Configurations/FeatureDefines.xcconfig:
1474
1475 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1476
1477         Unreviewed rebaseline of inspector generator test results after r173120.
1478
1479         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1480         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1481         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1482         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1483
1484 2014-09-11  Oliver Hunt  <oliver@apple.com>
1485
1486         Rename activation to be more in line with spec language
1487         https://bugs.webkit.org/show_bug.cgi?id=136721
1488
1489         Reviewed by Michael Saboff.
1490
1491         Somewhat bigger than the last one, but still just a rename.
1492
1493         * CMakeLists.txt:
1494         * JavaScriptCore.order:
1495         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1496         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1497         * JavaScriptCore.xcodeproj/project.pbxproj:
1498         * bytecode/BytecodeList.json:
1499         * bytecode/BytecodeUseDef.h:
1500         (JSC::computeUsesForBytecodeOffset):
1501         (JSC::computeDefsForBytecodeOffset):
1502         * bytecode/CallVariant.h:
1503         * bytecode/CodeBlock.cpp:
1504         (JSC::CodeBlock::dumpBytecode):
1505         (JSC::CodeBlock::CodeBlock):
1506         (JSC::CodeBlock::finalizeUnconditionally):
1507         (JSC::CodeBlock::isCaptured):
1508         (JSC::CodeBlock::nameForRegister):
1509         * bytecode/CodeBlock.h:
1510         (JSC::CodeBlock::setActivationRegister):
1511         (JSC::CodeBlock::activationRegister):
1512         (JSC::CodeBlock::uncheckedActivationRegister):
1513         (JSC::CodeBlock::needsActivation):
1514         * bytecode/Instruction.h:
1515         * bytecode/UnlinkedCodeBlock.h:
1516         (JSC::UnlinkedCodeBlock::setActivationRegister):
1517         (JSC::UnlinkedCodeBlock::activationRegister):
1518         (JSC::UnlinkedCodeBlock::hasActivationRegister):
1519         * bytecompiler/BytecodeGenerator.cpp:
1520         (JSC::BytecodeGenerator::BytecodeGenerator):
1521         (JSC::BytecodeGenerator::emitReturn):
1522         * bytecompiler/BytecodeGenerator.h:
1523         * debugger/DebuggerCallFrame.cpp:
1524         (JSC::DebuggerCallFrame::scope):
1525         * debugger/DebuggerScope.cpp:
1526         (JSC::DebuggerScope::isFunctionOrEvalScope):
1527         * dfg/DFGByteCodeParser.cpp:
1528         (JSC::DFG::ByteCodeParser::parseBlock):
1529         * dfg/DFGCapabilities.cpp:
1530         (JSC::DFG::capabilityLevel):
1531         * dfg/DFGGraph.cpp:
1532         (JSC::DFG::Graph::tryGetActivation):
1533         (JSC::DFG::Graph::tryGetRegisters):
1534         * dfg/DFGGraph.h:
1535         * dfg/DFGNodeType.h:
1536         * dfg/DFGOperations.cpp:
1537         * dfg/DFGSpeculativeJIT32_64.cpp:
1538         (JSC::DFG::SpeculativeJIT::compile):
1539         * dfg/DFGSpeculativeJIT64.cpp:
1540         (JSC::DFG::SpeculativeJIT::compile):
1541         * interpreter/CallFrame.cpp:
1542         (JSC::CallFrame::lexicalEnvironment):
1543         (JSC::CallFrame::setActivation):
1544         (JSC::CallFrame::activation): Deleted.
1545         * interpreter/CallFrame.h:
1546         * interpreter/Interpreter.cpp:
1547         (JSC::unwindCallFrame):
1548         * interpreter/Register.h:
1549         * jit/JIT.cpp:
1550         (JSC::JIT::privateCompileMainPass):
1551         * jit/JIT.h:
1552         * jit/JITOpcodes.cpp:
1553         (JSC::JIT::emit_op_tear_off_lexical_environment):
1554         (JSC::JIT::emit_op_tear_off_arguments):
1555         (JSC::JIT::emit_op_create_lexical_environment):
1556         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1557         (JSC::JIT::emit_op_create_activation): Deleted.
1558         * jit/JITOpcodes32_64.cpp:
1559         (JSC::JIT::emit_op_tear_off_lexical_environment):
1560         (JSC::JIT::emit_op_tear_off_arguments):
1561         (JSC::JIT::emit_op_create_lexical_environment):
1562         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1563         (JSC::JIT::emit_op_create_activation): Deleted.
1564         * jit/JITOperations.cpp:
1565         * jit/JITOperations.h:
1566         * llint/LLIntSlowPaths.cpp:
1567         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1568         * llint/LLIntSlowPaths.h:
1569         * llint/LowLevelInterpreter32_64.asm:
1570         * llint/LowLevelInterpreter64.asm:
1571         * runtime/Arguments.cpp:
1572         (JSC::Arguments::visitChildren):
1573         (JSC::Arguments::tearOff):
1574         (JSC::Arguments::didTearOffActivation):
1575         * runtime/Arguments.h:
1576         (JSC::Arguments::offsetOfActivation):
1577         (JSC::Arguments::argument):
1578         (JSC::Arguments::finishCreation):
1579         * runtime/CommonSlowPaths.cpp:
1580         * runtime/JSFunction.h:
1581         * runtime/JSGlobalObject.cpp:
1582         (JSC::JSGlobalObject::reset):
1583         (JSC::JSGlobalObject::visitChildren):
1584         * runtime/JSGlobalObject.h:
1585         (JSC::JSGlobalObject::activationStructure):
1586         * runtime/JSLexicalEnvironment.cpp: Renamed from Source/JavaScriptCore/runtime/JSActivation.cpp.
1587         (JSC::JSLexicalEnvironment::visitChildren):
1588         (JSC::JSLexicalEnvironment::symbolTableGet):
1589         (JSC::JSLexicalEnvironment::symbolTablePut):
1590         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
1591         (JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
1592         (JSC::JSLexicalEnvironment::getOwnPropertySlot):
1593         (JSC::JSLexicalEnvironment::put):
1594         (JSC::JSLexicalEnvironment::deleteProperty):
1595         (JSC::JSLexicalEnvironment::toThis):
1596         (JSC::JSLexicalEnvironment::argumentsGetter):
1597         * runtime/JSLexicalEnvironment.h: Renamed from Source/JavaScriptCore/runtime/JSActivation.h.
1598         (JSC::JSLexicalEnvironment::create):
1599         (JSC::JSLexicalEnvironment::createStructure):
1600         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
1601         (JSC::asActivation):
1602         (JSC::Register::lexicalEnvironment):
1603         (JSC::JSLexicalEnvironment::registersOffset):
1604         (JSC::JSLexicalEnvironment::tearOff):
1605         (JSC::JSLexicalEnvironment::isTornOff):
1606         (JSC::JSLexicalEnvironment::storageOffset):
1607         (JSC::JSLexicalEnvironment::storage):
1608         (JSC::JSLexicalEnvironment::allocationSize):
1609         (JSC::JSLexicalEnvironment::isValidIndex):
1610         (JSC::JSLexicalEnvironment::isValid):
1611         (JSC::JSLexicalEnvironment::registerAt):
1612         * runtime/JSObject.h:
1613         * runtime/JSScope.cpp:
1614         (JSC::abstractAccess):
1615         * runtime/JSScope.h:
1616         (JSC::ResolveOp::ResolveOp):
1617         * runtime/JSSymbolTableObject.cpp:
1618         * runtime/StrictEvalActivation.h:
1619         (JSC::StrictEvalActivation::create):
1620         * runtime/VM.cpp:
1621
1622 2014-09-11  László Langó  <llango.u-szeged@partner.samsung.com>
1623
1624         [JavaScriptCore] Fix FTL on platform EFL.
1625         https://bugs.webkit.org/show_bug.cgi?id=133571
1626
1627         Reviewed by Filip Pizlo.
1628
1629         There are no compact_unwind sections on Linux systems so FTL crashes.
1630         We have to parse eh_frame in FTLUnwindInfo instead of compact_unwind
1631         and get the information for stack unwinding from there.
1632
1633         * CMakeLists.txt: Revert r169181.
1634         * ftl/FTLCompile.cpp:
1635         Change section name literals to use SECTION_NAME macro, because of architecture differencies.
1636         (JSC::FTL::mmAllocateCodeSection):
1637         (JSC::FTL::mmAllocateDataSection):
1638         (JSC::FTL::compile):
1639         * ftl/FTLJITCode.h:
1640         We need the SECTION_NAME macro in FTLCompile and FTLLink, so we define it here.
1641         * ftl/FTLLink.cpp:
1642         (JSC::FTL::link):
1643         * ftl/FTLState.h:
1644         * ftl/FTLState.cpp:
1645         (JSC::FTL::State::State):
1646         * ftl/FTLUnwindInfo.h:
1647         * ftl/FTLUnwindInfo.cpp:
1648         Lift the eh_frame parsing method from LLVM/libcxxabi project and modify it for our purposes.
1649         Parse eh_frame on Linux instead of compact_unwind.
1650         (JSC::FTL::UnwindInfo::parse):
1651
1652 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1653
1654         Web Inspector: Modify the type profiler runtime protocol to transfer some computation into the WebInspector
1655         https://bugs.webkit.org/show_bug.cgi?id=136500
1656
1657         Reviewed by Joseph Pecoraro.
1658
1659         This patch changes the type profiler protocol to the Web Inspector
1660         by moving the work of calculating computed properties that effect the UI 
1661         into the Web Inspector. This makes the Web Inspector have control over the 
1662         strings it displays as UI elements representing type information to the user 
1663         instead of JavaScriptCore deciding on a convention for these strings.
1664         JavaScriptCore now sends enough information to the Web Inspector so that 
1665         it can compute the properties JavaScriptCore used to compute.
1666
1667         * inspector/agents/InspectorRuntimeAgent.cpp:
1668         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1669         * inspector/protocol/Runtime.json:
1670         * runtime/TypeProfiler.cpp:
1671         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector): Deleted.
1672         * runtime/TypeProfiler.h:
1673         * runtime/TypeSet.cpp:
1674         (JSC::TypeSet::inspectorTypeSet):
1675         (JSC::StructureShape::leastCommonAncestor):
1676         (JSC::StructureShape::inspectorRepresentation):
1677         * runtime/TypeSet.h:
1678
1679 2014-09-10  Akos Kiss  <akiss@inf.u-szeged.hu>
1680
1681         Apply ARM64-specific lowering to load/store instructions in offlineasm
1682         https://bugs.webkit.org/show_bug.cgi?id=136569
1683
1684         Reviewed by Michael Saboff.
1685
1686         The standard risc lowering of load/store instructions with base +
1687         immediate offset addresses is to move the offset to a temporary, add the
1688         base to the temporary, and then change the load/store to use the
1689         temporary + 0 immediate offset address. However, on ARM64, base +
1690         register offset addressing mode is available, so it is unnecessary to
1691         perform explicit register additions but it is enough to change load/store
1692         to use base + temporary as the address.
1693
1694         * offlineasm/arm64.rb: Added arm64LowerMalformedLoadStoreAddresses
1695
1696 2014-09-10  Oliver Hunt  <oliver@apple.com>
1697
1698         Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec
1699         https://bugs.webkit.org/show_bug.cgi?id=136710
1700
1701         Reviewed by Anders Carlsson.
1702
1703         This is a trivial rename.
1704
1705         * CMakeLists.txt:
1706         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1707         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1708         * JavaScriptCore.xcodeproj/project.pbxproj:
1709         * dfg/DFGAbstractHeap.h:
1710         * dfg/DFGClobberize.h:
1711         (JSC::DFG::clobberize):
1712         * dfg/DFGSpeculativeJIT32_64.cpp:
1713         (JSC::DFG::SpeculativeJIT::compile):
1714         * dfg/DFGSpeculativeJIT64.cpp:
1715         (JSC::DFG::SpeculativeJIT::compile):
1716         * ftl/FTLAbstractHeapRepository.cpp:
1717         * ftl/FTLAbstractHeapRepository.h:
1718         * ftl/FTLLowerDFGToLLVM.cpp:
1719         (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
1720         * jit/JITOpcodes32_64.cpp:
1721         * jit/JITPropertyAccess.cpp:
1722         (JSC::JIT::emitGetClosureVar):
1723         (JSC::JIT::emitPutClosureVar):
1724         * jit/JITPropertyAccess32_64.cpp:
1725         (JSC::JIT::emitGetClosureVar):
1726         (JSC::JIT::emitPutClosureVar):
1727         * llint/LLIntOffsetsExtractor.cpp:
1728         * llint/LowLevelInterpreter32_64.asm:
1729         * llint/LowLevelInterpreter64.asm:
1730         * runtime/JSActivation.cpp:
1731         (JSC::JSActivation::getOwnNonIndexPropertyNames):
1732         * runtime/JSActivation.h:
1733         * runtime/JSEnvironmentRecord.cpp: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.cpp.
1734         * runtime/JSEnvironmentRecord.h: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.h.
1735         (JSC::JSEnvironmentRecord::registers):
1736         (JSC::JSEnvironmentRecord::registerAt):
1737         (JSC::JSEnvironmentRecord::addressOfRegisters):
1738         (JSC::JSEnvironmentRecord::offsetOfRegisters):
1739         (JSC::JSEnvironmentRecord::JSEnvironmentRecord):
1740         * runtime/JSNameScope.h:
1741         * runtime/JSSegmentedVariableObject.h:
1742
1743 2014-09-10  Julien Brianceau   <jbriance@cisco.com>
1744
1745         [mips] Add missing parts and fix LLINT mips backend
1746         https://bugs.webkit.org/show_bug.cgi?id=136706
1747
1748         Reviewed by Michael Saboff.
1749
1750         * llint/LowLevelInterpreter.asm: Fix invalid CalleeSave register number.
1751         Implement initPCRelative and setEntryAddress macros.
1752         * llint/LowLevelInterpreter32_64.asm: Fix register distribution in
1753         doVMEntry macro.
1754
1755 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1756
1757         TypeSet needs a mode where it no longer profiles structure shapes
1758         https://bugs.webkit.org/show_bug.cgi?id=136263
1759
1760         Reviewed by Filip Pizlo.
1761
1762         The TypeSet data structure used to gather as many StructureShape
1763         objects as it encountered during type profiling. But, this meant 
1764         that there was no upper limit on how many objects it could allocate. 
1765         This patch places a fixed upper bound on the number of StructureShapes
1766         allocated per TypeSet to prevent using too much memory for little gain
1767         in type profiling usefulness.
1768
1769         StructureShape objects are now also aware of when they are created
1770         from Structures which are dictionaries.
1771
1772         In total, this patch lays the final groundwork needed in refactoring 
1773         the inspector protocol for the type profiler.
1774
1775         * runtime/Structure.cpp:
1776         (JSC::Structure::toStructureShape):
1777         * runtime/TypeProfiler.cpp:
1778         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
1779         * runtime/TypeSet.cpp:
1780         (JSC::TypeSet::TypeSet):
1781         (JSC::TypeSet::addTypeInformation):
1782         (JSC::StructureShape::StructureShape):
1783         (JSC::StructureShape::toJSONString):
1784         (JSC::StructureShape::enterDictionaryMode):
1785         * runtime/TypeSet.h:
1786         (JSC::TypeSet::isOverflown):
1787         * tests/typeProfiler/dictionary-mode.js: Added.
1788         (wrapper):
1789         * tests/typeProfiler/driver/driver.js:
1790         * tests/typeProfiler/overflow.js: Added.
1791         (wrapper.Proto):
1792         (wrapper):
1793
1794 2014-09-10  Peter Gal  <galpeter@inf.u-szeged.hu>
1795
1796         [MIPS] branch32WithPatch missing
1797         https://bugs.webkit.org/show_bug.cgi?id=136696
1798
1799         Reviewed by Michael Saboff.
1800
1801         Added the missing branch32WithPatch. The implementation
1802         is currently the same as the branchPtrithPatch because
1803         the macro assembler supports only 32 bit MIPS.
1804
1805         * assembler/MacroAssemblerMIPS.h:
1806         (JSC::MacroAssemblerMIPS::branch32WithPatch):
1807
1808 2014-09-10  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
1809
1810         Fix !ENABLE(DFG_JIT) build
1811         https://bugs.webkit.org/show_bug.cgi?id=136702
1812
1813         Reviewed by Michael Saboff.
1814
1815         * bytecode/CallEdgeProfile.h:
1816
1817 2014-09-09  Benjamin Poulain  <bpoulain@apple.com>
1818
1819         Disable the "unreachable-code" warning
1820         https://bugs.webkit.org/show_bug.cgi?id=136677
1821
1822         Reviewed by Darin Adler.
1823
1824         * Configurations/Base.xcconfig:
1825
1826 2014-09-08  Filip Pizlo  <fpizlo@apple.com>
1827
1828         DFG should have a reusable SSA builder
1829         https://bugs.webkit.org/show_bug.cgi?id=136331
1830
1831         Reviewed by Oliver Hunt.
1832         
1833         We want to implement sophisticated SSA transformations like object allocation sinking
1834         (https://bugs.webkit.org/show_bug.cgi?id=136330), but to do that, we need to be able to do
1835         updates to SSA that require inserting new Phi's. This requires calculating where Phis go.
1836         Previously, our Phi calculation was based on Aycock and Horspool's algorithm, and our
1837         implementation of this algorithm only worked when doing CPS->SSA conversion. The code
1838         could not be reused for cases where some phase happens to know that it introduced a few
1839         defs in some blocks and it wants to figure out where the Phis should go. Moreover, even
1840         the general algorithm of Aycock and Horspool is not well suited to such targetted SSA
1841         updates, since it requires first inserting maximal Phis. That scales well when the Phis
1842         were already there (like in our CPS form) but otherwise it's quite unnatural and may be
1843         difficult to make efficient.
1844         
1845         The usual way of handling both SSA conversion and SSA update is to use Cytron et al's
1846         algorithm based on dominance frontiers. For a while now, I've been working on creating a
1847         Cytron-based SSA calculator that can be used both as a replacement for our current SSA
1848         converter and as a reusable tool for any phase that needs to do SSA update. I previously
1849         optimized our dominator calculation and representation to use dominator trees computed
1850         using Lengauer and Tarjan's algorithm - mainly to make it more scalable to enumerate over
1851         the set of blocks that dominate you or vice-versa, and then I implemented a dominance
1852         frontier calculator. This patch implements the final step towards making SSA update
1853         available to all SSA phases: it implements an SSACalculator that can tell you where Phis
1854         go when given an arbitrary set of Defs. To keep things simple, and to ensure that we have
1855         good test coverage for this SSACalculator, this patch replaces the old Aycock-Horspool
1856         SSA converter with one based on the SSACalculator.
1857         
1858         This has no observable impact. It does reduce the amount of code in SSAConversionPhase.
1859         But even better, it makes SSAConversionPhase have significantly less tricky logic. It
1860         mostly just relies on SSACalculator to do the tricky stuff, and SSAConversionPhase mostly
1861         just reasons about the weirdnesses unique to the ThreadedCPS form that it sees as input.
1862         In fact, using the Cytron et al approach means that there isn't really any "smoke and
1863         mirrors" trickyness related to SSA. SSACalculator's only "tricks" are using the pruned
1864         iterated dominance frontier to place Phi's and using the dom tree to find reaching defs.
1865         The complexity is mostly confined to Dominators, which computes various dominator-related
1866         properties over the control flow graph. That class can be difficult to understand, but at
1867         least it follows well-known graph theory wisdom.
1868
1869         * CMakeLists.txt:
1870         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1871         * JavaScriptCore.xcodeproj/project.pbxproj:
1872         * dfg/DFGAnalysis.h:
1873         * dfg/DFGCSEPhase.cpp:
1874         * dfg/DFGDCEPhase.cpp:
1875         (JSC::DFG::DCEPhase::run):
1876         * dfg/DFGDominators.h:
1877         (JSC::DFG::Dominators::immediateDominatorOf):
1878         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
1879         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf):
1880         * dfg/DFGGraph.cpp:
1881         (JSC::DFG::Graph::dump):
1882         (JSC::DFG::Graph::blocksInPreOrder):
1883         (JSC::DFG::Graph::blocksInPostOrder):
1884         (JSC::DFG::Graph::getBlocksInPreOrder): Deleted.
1885         (JSC::DFG::Graph::getBlocksInPostOrder): Deleted.
1886         * dfg/DFGGraph.h:
1887         * dfg/DFGLICMPhase.cpp:
1888         (JSC::DFG::LICMPhase::run):
1889         * dfg/DFGNodeFlags.h:
1890         * dfg/DFGPhase.cpp:
1891         (JSC::DFG::Phase::beginPhase):
1892         (JSC::DFG::Phase::endPhase):
1893         * dfg/DFGPhase.h:
1894         * dfg/DFGSSACalculator.cpp: Added.
1895         (JSC::DFG::SSACalculator::Variable::dump):
1896         (JSC::DFG::SSACalculator::Variable::dumpVerbose):
1897         (JSC::DFG::SSACalculator::Def::dump):
1898         (JSC::DFG::SSACalculator::SSACalculator):
1899         (JSC::DFG::SSACalculator::~SSACalculator):
1900         (JSC::DFG::SSACalculator::newVariable):
1901         (JSC::DFG::SSACalculator::newDef):
1902         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1903         (JSC::DFG::SSACalculator::reachingDefAtTail):
1904         (JSC::DFG::SSACalculator::dump):
1905         * dfg/DFGSSACalculator.h: Added.
1906         (JSC::DFG::SSACalculator::Variable::index):
1907         (JSC::DFG::SSACalculator::Variable::Variable):
1908         (JSC::DFG::SSACalculator::Def::variable):
1909         (JSC::DFG::SSACalculator::Def::block):
1910         (JSC::DFG::SSACalculator::Def::value):
1911         (JSC::DFG::SSACalculator::Def::Def):
1912         (JSC::DFG::SSACalculator::variable):
1913         (JSC::DFG::SSACalculator::computePhis):
1914         (JSC::DFG::SSACalculator::phisForBlock):
1915         (JSC::DFG::SSACalculator::reachingDefAtHead):
1916         * dfg/DFGSSAConversionPhase.cpp:
1917         (JSC::DFG::SSAConversionPhase::SSAConversionPhase):
1918         (JSC::DFG::SSAConversionPhase::run):
1919         (JSC::DFG::SSAConversionPhase::forwardPhiChildren): Deleted.
1920         (JSC::DFG::SSAConversionPhase::forwardPhi): Deleted.
1921         (JSC::DFG::SSAConversionPhase::forwardPhiEdge): Deleted.
1922         (JSC::DFG::SSAConversionPhase::deduplicateChildren): Deleted.
1923         * dfg/DFGSSAConversionPhase.h:
1924         * dfg/DFGValidate.cpp:
1925         (JSC::DFG::Validate::Validate):
1926         (JSC::DFG::Validate::dumpGraphIfAppropriate):
1927         (JSC::DFG::validate):
1928         * dfg/DFGValidate.h:
1929         * ftl/FTLLowerDFGToLLVM.cpp:
1930         (JSC::FTL::LowerDFGToLLVM::lower):
1931         * runtime/Options.h:
1932
1933 2014-09-08  Commit Queue  <commit-queue@webkit.org>
1934
1935         Unreviewed, rolling out r173402.
1936         https://bugs.webkit.org/show_bug.cgi?id=136649
1937
1938         Breaking buildw with error "unable to restore file position to
1939         0x00000c60 for section __DWARF.__debug_info (errno = 9)"
1940         (Requested by mlam_ on #webkit).
1941
1942         Reverted changeset:
1943
1944         "Move CallFrame and Register inlines functions out of
1945         JSScope.h."
1946         https://bugs.webkit.org/show_bug.cgi?id=136579
1947         http://trac.webkit.org/changeset/173402
1948
1949 2014-09-08  Mark Lam  <mark.lam@apple.com>
1950
1951         Move CallFrame and Register inlines functions out of JSScope.h.
1952         <https://webkit.org/b/136579>
1953
1954         Reviewed by Geoffrey Garen.
1955
1956         This include fixing up some files to #include JSCInlines.h to pick up
1957         these inline functions.  I also added JSCellInlines.h to JSCInlines.h
1958         since it is included from many of the affected .cpp files.
1959
1960         * API/ObjCCallbackFunction.mm:
1961         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1962         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1963         * JavaScriptCore.xcodeproj/project.pbxproj:
1964         * bindings/ScriptValue.cpp:
1965         * inspector/InjectedScriptHost.cpp:
1966         * inspector/InjectedScriptManager.cpp:
1967         * inspector/JSGlobalObjectInspectorController.cpp:
1968         * inspector/JSJavaScriptCallFrame.cpp:
1969         * inspector/ScriptDebugServer.cpp:
1970         * interpreter/CallFrameInlines.h:
1971         (JSC::CallFrame::vm):
1972         (JSC::CallFrame::lexicalGlobalObject):
1973         (JSC::CallFrame::globalThisValue):
1974         * interpreter/RegisterInlines.h: Added.
1975         (JSC::Register::operator=):
1976         (JSC::Register::scope):
1977         * runtime/ArgumentsIteratorConstructor.cpp:
1978         * runtime/JSArrayIterator.cpp:
1979         * runtime/JSCInlines.h:
1980         * runtime/JSCJSValue.cpp:
1981         * runtime/JSMapIterator.cpp:
1982         * runtime/JSPromiseConstructor.cpp:
1983         * runtime/JSPromiseDeferred.cpp:
1984         * runtime/JSPromiseFunctions.cpp:
1985         * runtime/JSPromisePrototype.cpp:
1986         * runtime/JSPromiseReaction.cpp:
1987         * runtime/JSScope.h:
1988         (JSC::Register::operator=): Deleted.
1989         (JSC::Register::scope): Deleted.
1990         (JSC::ExecState::vm): Deleted.
1991         (JSC::ExecState::lexicalGlobalObject): Deleted.
1992         (JSC::ExecState::globalThisValue): Deleted.
1993         * runtime/JSSetIterator.cpp:
1994         * runtime/MapConstructor.cpp:
1995         * runtime/MapData.cpp:
1996         * runtime/MapIteratorPrototype.cpp:
1997         * runtime/MapPrototype.cpp:
1998         * runtime/SetConstructor.cpp:
1999         * runtime/SetIteratorPrototype.cpp:
2000         * runtime/SetPrototype.cpp:
2001         * runtime/WeakMapConstructor.cpp:
2002         * runtime/WeakMapPrototype.cpp:
2003
2004 2014-09-08  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2005
2006         Remove FILTERS flag
2007         https://bugs.webkit.org/show_bug.cgi?id=136571
2008
2009         Reviewed by Darin Adler.
2010
2011         * Configurations/FeatureDefines.xcconfig:
2012
2013 2014-09-08  Saam Barati  <saambarati1@gmail.com>
2014
2015         Merge StructureShapes that share the same prototype chain
2016         https://bugs.webkit.org/show_bug.cgi?id=136549
2017
2018         Reviewed by Filip Pizlo.
2019
2020         Instead of keeping track of many discrete StructureShapes that share
2021         the same prototype chain, TypeSet should merge StructureShapes that 
2022         have the same prototype chain and provide a new member variable for 
2023         optional structure fields. This provides a cleaner and more concise
2024         interface for dealing with StructureShapes within TypeSet. Instead
2025         of having many discrete shapes that are almost identical, almost 
2026         identical shapes will be merged together with an interface for 
2027         understanding what fields the shapes being merged together differ in.
2028
2029         * runtime/TypeSet.cpp:
2030         (JSC::TypeSet::addTypeInformation):
2031         (JSC::StructureShape::addProperty):
2032         (JSC::StructureShape::toJSONString):
2033         (JSC::StructureShape::inspectorRepresentation):
2034         (JSC::StructureShape::hasSamePrototypeChain):
2035         (JSC::StructureShape::merge):
2036         * runtime/TypeSet.h:
2037         * tests/typeProfiler/optional-fields.js: Added.
2038         (wrapper.func):
2039         (wrapper):
2040
2041 2014-09-08  Jessie Berlin  <jberlin@apple.com>
2042
2043         More 32-bit Release build fixes after r173364.
2044
2045         * dfg/DFGSpeculativeJIT32_64.cpp:
2046         (JSC::DFG::SpeculativeJIT::compile):
2047
2048 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
2049
2050         Fix typos in last patch to fix build.
2051
2052         Unreviewed build fix.
2053
2054         * dfg/DFGSpeculativeJIT.cpp:
2055         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2056         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2057
2058 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
2059
2060         Introduce COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE) and use it
2061         https://bugs.webkit.org/show_bug.cgi?id=136616
2062
2063         Reviewed by Darin Adler.
2064         
2065         Many compilers will analyze unrechable code paths (e.g. after an
2066         unreachable code path), so sometimes they need dead code initializations.
2067         But clang with suitable warnings will complain about unreachable code. So
2068         use the quirk to include it conditionally.
2069
2070         * bytecode/CodeBlock.cpp:
2071         (JSC::CodeBlock::printGetByIdOp):
2072         * dfg/DFGOSRExitCompilerCommon.cpp:
2073         (JSC::DFG::handleExitCounts):
2074         * dfg/DFGPlan.cpp:
2075         (JSC::DFG::Plan::compileInThread):
2076         * dfg/DFGSpeculativeJIT.cpp:
2077         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2078         * jsc.cpp:
2079         * runtime/JSArray.cpp:
2080         (JSC::JSArray::fillArgList):
2081         (JSC::JSArray::copyToArguments):
2082         * runtime/RegExp.cpp:
2083         (JSC::RegExp::compile):
2084         (JSC::RegExp::compileMatchOnly):
2085
2086 2014-09-06  Darin Adler  <darin@apple.com>
2087
2088         Make updates suggested by new version of Xcode
2089         https://bugs.webkit.org/show_bug.cgi?id=136603
2090
2091         Reviewed by Mark Rowe.
2092
2093         * Configurations/Base.xcconfig: Added CLANG_WARN_UNREACHABLE_CODE, COMBINE_HIDPI_IMAGES,
2094         and ENABLE_STRICT_OBJC_MSGSEND as suggested by Xcode upgrade check.
2095
2096         * JavaScriptCore.xcodeproj/project.pbxproj: Update LastUpgradeCheck.
2097
2098         * dfg/DFGSpeculativeJIT.cpp:
2099         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): Compile out unreachable code
2100         for clang, since it understands the code is unreachable.
2101         * runtime/JSArray.cpp:
2102         (JSC::JSArray::fillArgList): Ditto.
2103         (JSC::JSArray::copyToArguments): Ditto.
2104
2105 2014-09-05  Matt Baker  <mattbaker@apple.com>
2106
2107         Web Inspector: breakpoint actions should work regardless of Content Security Policy
2108         https://bugs.webkit.org/show_bug.cgi?id=136542
2109
2110         Reviewed by Mark Lam.
2111
2112         Added JSC::DebuggerEvalEnabler, an RAII object which enables eval on a 
2113         JSGlobalObject for the duration of a scope, returning the eval enabled state to its
2114         original value when the scope exits. Used by JSC::DebuggerCallFrame::evaluate 
2115         to allow breakpoint actions to execute JS in pages with a Content Security Policy
2116         that would normally prohibit this (such as Inspector's Main.html).
2117
2118         Refactored Inspector::InjectedScriptBase to use the RAII object instead of manually
2119         setting eval enabled and then resetting the original eval enabled state.
2120
2121         NOTE: The JS::DebuggerEvalEnabler constructor checks the passed in ExecState pointer
2122         for null to be equivalent with the original code in Inspector::InjectedScriptBase.
2123         InjectedScriptBase is getting the ExecState from ScriptObject::scriptState(), which
2124         can currently be null.
2125
2126         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2127         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2128         * JavaScriptCore.xcodeproj/project.pbxproj:
2129         * debugger/DebuggerCallFrame.cpp:
2130         (JSC::DebuggerCallFrame::evaluate):
2131         * debugger/DebuggerEvalEnabler.h: Added.
2132         (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
2133         (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
2134         * inspector/InjectedScriptBase.cpp:
2135         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
2136
2137 2014-09-05  peavo@outlook.com  <peavo@outlook.com>
2138
2139         [WinCairo] jsc.exe won't run.
2140         https://bugs.webkit.org/show_bug.cgi?id=136481
2141
2142         Reviewed by Alex Christensen.
2143         
2144         We need to define WIN_CAIRO to avoid looking for the AAS folder.
2145
2146         * JavaScriptCore.vcxproj/jsc/DLLLauncherWinCairo.props: Added.
2147         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
2148         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
2149         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
2150         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
2151
2152 2014-09-05  David Kilzer  <ddkilzer@apple.com>
2153
2154         JavaScriptCore should build with newer clang
2155         <http://webkit.org/b/136002>
2156         <rdar://problem/18020616>
2157
2158         Reviewed by Geoffrey Garen.
2159
2160         Other than the JSC::SourceProvider::asID() change (which simply
2161         removes code that the optimizing compiler would have discarded
2162         in Release builds), we move the |this| checks in OpaqueJSString
2163         to NULL checks in to JSBase, JSObjectRef, JSScriptRef,
2164         JSStringRef{CF} and JSValueRef.
2165
2166         Note that the following function arguments are _not_ NULL-checked
2167         since doing so would just cover up bugs (and were not needed to
2168         prevent any tests from failing):
2169         - |script| in JSEvaluateScript(), JSCheckScriptSyntax();
2170         - |body| in JSObjectMakeFunction();
2171         - |source| in JSScriptCreateReferencingImmortalASCIIText()
2172           (which is a const char* anyway);
2173         - |source| in JSScriptCreateFromString().
2174
2175         * API/JSBase.cpp:
2176         (JSEvaluateScript): Add NULL check for |sourceURL|.
2177         (JSCheckScriptSyntax): Ditto.
2178         * API/JSObjectRef.cpp:
2179         (JSObjectMakeFunction): Ditto.
2180         * API/JSScriptRef.cpp:
2181         (JSScriptCreateReferencingImmortalASCIIText): Ditto.
2182         (JSScriptCreateFromString): Add NULL check for |url|.
2183         * API/JSStringRef.cpp:
2184         (JSStringGetLength): Return early if NULL pointer is passed in.
2185         (JSStringGetCharactersPtr): Ditto.
2186         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2187         * API/JSStringRefCF.cpp:
2188         (JSStringCopyCFString): Ditto.
2189         * API/JSValueRef.cpp:
2190         (JSValueMakeString): Add NULL check for |string|.
2191
2192         * API/OpaqueJSString.cpp:
2193         (OpaqueJSString::string): Remove code that checks |this|.
2194         (OpaqueJSString::identifier): Ditto.
2195         (OpaqueJSString::characters): Ditto.
2196         * API/OpaqueJSString.h:
2197         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2198         (OpaqueJSString::characters8): Ditto.
2199         (OpaqueJSString::characters16): Ditto.
2200         (OpaqueJSString::length): Ditto.
2201
2202         * parser/SourceProvider.h:
2203         (JSC::SourceProvider::asID): Remove code that checks |this|.
2204
2205 2014-06-06  Jer Noble  <jer.noble@apple.com>
2206
2207         Refactoring: make MediaTime the primary time type for audiovisual times.
2208         https://bugs.webkit.org/show_bug.cgi?id=133579
2209
2210         Reviewed by Eric Carlson.
2211
2212         Add a utility function which converts a MediaTime to a JSNumber.
2213
2214         * runtime/JSCJSValue.h:
2215         (JSC::jsNumber):
2216
2217 2014-09-04  Michael Saboff  <msaboff@apple.com>
2218
2219         ARM: Add more coverage to ARMv7 disassembler
2220         https://bugs.webkit.org/show_bug.cgi?id=136565
2221
2222         Reviewed by Mark Lam.
2223
2224         Added ARMV7 disassembler support for Push/Pop multiple and floating point instructions
2225         VCMP, VCVT[R] between floating point and integer, and VLDR.
2226
2227         * disassembler/ARMv7/ARMv7DOpcode.cpp:
2228         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::appendRegisterList):
2229         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPopMultiple::format):
2230         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushMultiple::format):
2231         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::format):
2232         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::format):
2233         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::format):
2234         * disassembler/ARMv7/ARMv7DOpcode.h:
2235         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::registerList):
2236         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::condition):
2237         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::condition):
2238         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::dBit):
2239         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vd):
2240         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::szBit):
2241         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::eBit):
2242         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::mBit):
2243         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vm):
2244         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::condition):
2245         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::dBit):
2246         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op2):
2247         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vd):
2248         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::szBit):
2249         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op):
2250         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::mBit):
2251         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vm):
2252         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::condition):
2253         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::uBit):
2254         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::rn):
2255         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::vd):
2256         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::doubleReg):
2257         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::immediate8):
2258
2259 2014-09-04  Mark Lam  <mark.lam@apple.com>
2260
2261         Move PropertySlot's inline functions back to PropertySlot.h.
2262         <https://webkit.org/b/136547>
2263
2264         Reviewed by Filip Pizlo.
2265
2266         * runtime/JSObject.h:
2267         (JSC::PropertySlot::getValue): Deleted.
2268         * runtime/PropertySlot.h:
2269         (JSC::PropertySlot::getValue):
2270
2271 2014-09-04  Filip Pizlo  <fpizlo@apple.com>
2272
2273         Make sure that deleting all code first processes the call edge log, and reenable call edge profiling.
2274
2275         Rubber stamped by Sam Weinig.
2276
2277         * debugger/Debugger.cpp:
2278         (JSC::Debugger::forEachCodeBlock):
2279         (JSC::Debugger::setSteppingMode):
2280         (JSC::Debugger::recompileAllJSFunctions):
2281         * inspector/agents/InspectorRuntimeAgent.cpp:
2282         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2283         * runtime/Options.h: Reenable call edge profiling.
2284         * runtime/VM.cpp:
2285         (JSC::VM::prepareToDiscardCode): Make sure this also processes the call edge log, in case any call edge profiles are about to be destroyed.
2286         (JSC::VM::discardAllCode):
2287         (JSC::VM::releaseExecutableMemory):
2288         (JSC::VM::setEnabledProfiler):
2289         (JSC::VM::waitForCompilationsToComplete): Deleted.
2290         * runtime/VM.h: Rename waitForCompilationsToComplete() back to prepareToDiscardCode() because the purpose of the method - now as ever - is to do all of the things that need to be done to ensure that code may be safely deleted.
2291
2292 2014-09-04  Akos Kiss  <akiss@inf.u-szeged.hu>
2293
2294         Ensure that the call frame set up by vmEntryToNative does not overlap with the stack of the callee
2295         https://bugs.webkit.org/show_bug.cgi?id=136485
2296
2297         Reviewed by Michael Saboff.
2298
2299         Changed makeHostFunctionCall to keep the stack pointer above the call
2300         frame set up by doVMEntry. Thus the callee will/can not override the top
2301         of the call frame.
2302
2303         Refactored the two (32_64 and 64) versions of makeHostFunctionCall to be
2304         more alike to help future maintenance.
2305
2306         * llint/LowLevelInterpreter32_64.asm:
2307         * llint/LowLevelInterpreter64.asm:
2308
2309 2014-09-04  Michael Saboff  <msaboff@apple.com>
2310
2311         REGRESSION(r173031): crashes during run-layout-jsc on x86/Linux
2312         https://bugs.webkit.org/show_bug.cgi?id=136436
2313
2314         Reviewed by Geoffrey Garen.
2315
2316         Instead of trying to calculate a stack pointer that allows for possible
2317         stacked argument space, just use the "home" stack pointer location.
2318         That stack pointer provides space for the worst case number of stacked
2319         arguments on architectures that use stacked arguments.  It also provides
2320         stack space so that the return PC and caller frame pointer that are stored
2321         as part of making the call to operationCallEval will not override any part
2322         of the callee frame created on the stack.
2323
2324         Changed compileCallEval() to use the stackPointer value of the calling
2325         function.  That stack pointer is calculated to have enough space for
2326         outgoing stacked arguments.  By moving the stack pointer to its "home"
2327         position, the caller frame and return PC are not set as part of making
2328         the call to operationCallEval().  Moved the explicit setting of the
2329         callerFrame field of the callee CallFrame from operationCallEval() to
2330         compileCallEval() since it has been the artifact of making a call for
2331         most architectures.  Simplified the exception logic in compileCallEval()
2332         as a result of the change.  To be compliant with the stack state
2333         expected by virtualCallThunkGenerator(), moved the stack pointer to
2334         point above the CallerFrameAndPC of the callee CallFrame.
2335
2336         * jit/JIT.h: Changed callOperationNoExceptionCheck(J_JITOperation_EE, ...)
2337         to callOperation(J_JITOperation_EE, ...) as it now can do a typical exception
2338         check.
2339         * jit/JITCall.cpp & jit/JITCall32_64.cpp:
2340         (JSC::JIT::compileCallEval): Use the home stack pointer when making the call
2341         to operationCallEval.  Since the stack pointer adjustment no longer needs
2342         to be done after making the call to operationCallEval(), the exception check
2343         logic can be simplified.
2344         (JSC::JIT::compileCallEvalSlowCase): Restored the stack pointer to point
2345         to above the calleeFrame as this is what the generated thunk expects.
2346         * jit/JITInlines.h:
2347         (JSC::JIT::callOperation): Refactor of callOperationNoExceptionCheck
2348         with the addition of a standard exception check.
2349         (JSC::JIT::callOperationNoExceptionCheck): Deleted.
2350         * jit/JITOperations.cpp:
2351         (JSC::operationCallEval): Eliminated the explicit setting of caller frame
2352         as that is now done in the code generated by compileCallEval().
2353
2354 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2355
2356         Beef up the DFG's CFG analyses to include iterated dominance frontiers and more user-friendly BlockSets
2357         https://bugs.webkit.org/show_bug.cgi?id=136520
2358
2359         Reviewed by Geoffrey Garen.
2360         
2361         Add code to compute iterated dominance frontiers. This involves using BlockSet a lot, so
2362         this patch also makes BlockSet a lot more user-friendly.
2363
2364         * CMakeLists.txt:
2365         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2366         * JavaScriptCore.xcodeproj/project.pbxproj:
2367         * dfg/DFGBasicBlock.h:
2368         * dfg/DFGBlockSet.cpp: Added.
2369         (JSC::DFG::BlockSet::dump):
2370         * dfg/DFGBlockSet.h:
2371         (JSC::DFG::BlockSet::iterator::iterator):
2372         (JSC::DFG::BlockSet::iterator::operator++):
2373         (JSC::DFG::BlockSet::iterator::operator==):
2374         (JSC::DFG::BlockSet::iterator::operator!=):
2375         (JSC::DFG::BlockSet::Iterable::Iterable):
2376         (JSC::DFG::BlockSet::Iterable::begin):
2377         (JSC::DFG::BlockSet::Iterable::end):
2378         (JSC::DFG::BlockSet::iterable):
2379         (JSC::DFG::BlockAdder::BlockAdder):
2380         (JSC::DFG::BlockAdder::operator()):
2381         * dfg/DFGBlockSetInlines.h: Added.
2382         (JSC::DFG::BlockSet::iterator::operator*):
2383         * dfg/DFGDominators.cpp:
2384         (JSC::DFG::Dominators::strictDominatorsOf):
2385         (JSC::DFG::Dominators::dominatorsOf):
2386         (JSC::DFG::Dominators::blocksStrictlyDominatedBy):
2387         (JSC::DFG::Dominators::blocksDominatedBy):
2388         (JSC::DFG::Dominators::dominanceFrontierOf):
2389         (JSC::DFG::Dominators::iteratedDominanceFrontierOf):
2390         * dfg/DFGDominators.h:
2391         (JSC::DFG::Dominators::forAllStrictDominatorsOf):
2392         (JSC::DFG::Dominators::forAllDominatorsOf):
2393         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy):
2394         (JSC::DFG::Dominators::forAllBlocksDominatedBy):
2395         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf):
2396         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
2397         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl):
2398         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl):
2399         * dfg/DFGGraph.cpp:
2400         (JSC::DFG::Graph::dumpBlockHeader):
2401         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2402         (JSC::DFG::InvalidationPointInjectionPhase::run):
2403
2404 2014-09-04  Mark Lam  <mark.lam@apple.com>
2405
2406         Fixed indentations and some style warnings in JavaScriptCore/runtime.
2407         <https://webkit.org/b/136518>
2408
2409         Reviewed by Michael Saboff.
2410
2411         Also removed some superflous spaces.  There are no semantic changes.
2412
2413         * runtime/Completion.h:
2414         * runtime/ConstructData.h:
2415         * runtime/DateConstructor.h:
2416         * runtime/DateInstance.h:
2417         * runtime/DateInstanceCache.h:
2418         * runtime/DatePrototype.h:
2419         * runtime/Error.h:
2420         * runtime/ErrorConstructor.h:
2421         * runtime/ErrorInstance.h:
2422         * runtime/ErrorPrototype.h:
2423         * runtime/FunctionConstructor.h:
2424         * runtime/FunctionPrototype.h:
2425         * runtime/GetterSetter.h:
2426         * runtime/Identifier.h:
2427         * runtime/InitializeThreading.h:
2428         * runtime/InternalFunction.h:
2429         * runtime/JSAPIValueWrapper.h:
2430         * runtime/JSFunction.h:
2431         * runtime/JSLock.h:
2432         * runtime/JSNotAnObject.h:
2433         * runtime/JSONObject.h:
2434         * runtime/JSString.h:
2435         * runtime/JSTypeInfo.h:
2436         * runtime/JSWrapperObject.h:
2437         * runtime/Lookup.h:
2438         * runtime/MathObject.h:
2439         * runtime/NativeErrorConstructor.h:
2440         * runtime/NativeErrorPrototype.h:
2441         * runtime/NumberConstructor.h:
2442         * runtime/NumberObject.h:
2443         * runtime/NumberPrototype.h:
2444         * runtime/NumericStrings.h:
2445         * runtime/ObjectConstructor.h:
2446         * runtime/ObjectPrototype.h:
2447         * runtime/PropertyDescriptor.h:
2448         * runtime/Protect.h:
2449         * runtime/PutPropertySlot.h:
2450         * runtime/RegExp.h:
2451         * runtime/RegExpCachedResult.h:
2452         * runtime/RegExpConstructor.h:
2453         * runtime/RegExpMatchesArray.h:
2454         * runtime/RegExpObject.h:
2455         * runtime/RegExpPrototype.h:
2456         * runtime/SmallStrings.h:
2457         * runtime/StringConstructor.h:
2458         * runtime/StringObject.h:
2459         * runtime/StringPrototype.h:
2460         * runtime/StructureChain.h:
2461         * runtime/VM.h:
2462
2463 2014-09-04  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2464
2465         Remove CSS_FILTERS flag
2466         https://bugs.webkit.org/show_bug.cgi?id=136529
2467
2468         Reviewed by Dirk Schulze.
2469
2470         * Configurations/FeatureDefines.xcconfig:
2471
2472 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2473
2474         Unreviewed, rolling out r173248.
2475         https://bugs.webkit.org/show_bug.cgi?id=136536
2476
2477         call edge profiling and polymorphic call inlining are still
2478         causing crashes (Requested by eric_carlson on #webkit).
2479
2480         Reverted changeset:
2481
2482         "Reenable call edge profiling and polymorphic call inlining,
2483         now that a bunch of the bugs"
2484         http://trac.webkit.org/changeset/173248
2485
2486 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2487
2488         Web Inspector: the profiler should not accrue time to nodes while the debugger is paused
2489         https://bugs.webkit.org/show_bug.cgi?id=136352
2490
2491         Reviewed by Timothy Hatcher.
2492
2493         Hook up pause/continue events to the LegacyProfiler and any active
2494         ProfilerGenerators. If the debugger is paused, all intervening call
2495         entries will be created with totalTime as 0.0.
2496
2497         * inspector/ScriptDebugServer.cpp:
2498         (Inspector::ScriptDebugServer::handlePause):
2499         * profiler/LegacyProfiler.cpp: Move from typedef'd callbacks to using
2500         std::function. This allows callbacks to take different argument types.
2501
2502         (JSC::callFunctionForProfilesWithGroup):
2503         (JSC::LegacyProfiler::willExecute):
2504         (JSC::LegacyProfiler::didExecute):
2505         (JSC::LegacyProfiler::exceptionUnwind):
2506         (JSC::LegacyProfiler::didPause):
2507         (JSC::LegacyProfiler::didContinue):
2508         (JSC::dispatchFunctionToProfiles): Deleted.
2509         * profiler/LegacyProfiler.h:
2510         * profiler/ProfileGenerator.cpp:
2511         (JSC::ProfileGenerator::ProfileGenerator):
2512         (JSC::ProfileGenerator::endCallEntry):
2513         (JSC::ProfileGenerator::didExecute): Deleted.
2514         * profiler/ProfileGenerator.h:
2515         (JSC::ProfileGenerator::didPause):
2516         (JSC::ProfileGenerator::didContinue):
2517
2518 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2519
2520         Unreviewed, rolling out r173245.
2521         https://bugs.webkit.org/show_bug.cgi?id=136533
2522
2523         Broke JSC tests. (Requested by ddkilzer on #webkit).
2524
2525         Reverted changeset:
2526
2527         "JavaScriptCore should build with newer clang"
2528         https://bugs.webkit.org/show_bug.cgi?id=136002
2529         http://trac.webkit.org/changeset/173245
2530
2531 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2532
2533         LegacyProfiler: ProfileNodes should be used more like structs
2534         https://bugs.webkit.org/show_bug.cgi?id=136381
2535
2536         Reviewed by Timothy Hatcher.
2537
2538         Previously, both the profile generator and individual profile nodes
2539         were collectively responsible for creating new Call entries and
2540         maintaining data structure invariants. This complexity is unnecessary.
2541
2542         This patch centralizes profile data creation inside the profile generator.
2543         The profile nodes manage nextSibling and parent pointers, but do not
2544         collect the current time or create new Call entries themselves.
2545
2546         Since ProfileNode::nextSibling and its callers are only used within
2547         debug printing code, it should be compiled out for release builds.
2548
2549         * profiler/ProfileGenerator.cpp:
2550         (JSC::ProfileGenerator::ProfileGenerator):
2551         (JSC::AddParentForConsoleStartFunctor::operator()):
2552         (JSC::ProfileGenerator::beginCallEntry): create a new Call entry.
2553         (JSC::ProfileGenerator::endCallEntry): finish the last Call entry.
2554         (JSC::ProfileGenerator::willExecute): inline ProfileNode::willExecute()
2555         (JSC::ProfileGenerator::didExecute): inline ProfileNode::didExecute()
2556         (JSC::ProfileGenerator::stopProfiling): Only walk up the spine.
2557         (JSC::ProfileGenerator::removeProfileStart):
2558         (JSC::ProfileGenerator::removeProfileEnd):
2559         * profiler/ProfileGenerator.h:
2560         * profiler/ProfileNode.cpp:
2561         (JSC::ProfileNode::ProfileNode):
2562         (JSC::ProfileNode::addChild):
2563         (JSC::ProfileNode::removeChild):
2564         (JSC::ProfileNode::spliceNode): Renamed from insertNode.
2565         (JSC::ProfileNode::debugPrintRecursively):
2566         (JSC::ProfileNode::willExecute): Deleted.
2567         (JSC::ProfileNode::insertNode): Deleted.
2568         (JSC::ProfileNode::stopProfiling): Deleted.
2569         (JSC::ProfileNode::traverseNextNodePostOrder):
2570         (JSC::ProfileNode::endAndRecordCall): Deleted.
2571         (JSC::ProfileNode::debugPrintDataSampleStyle):
2572         * profiler/ProfileNode.h:
2573         (JSC::ProfileNode::Call::setStartTime):
2574         (JSC::ProfileNode::Call::setTotalTime):
2575         (JSC::ProfileNode::appendCall):
2576         (JSC::ProfileNode::firstChild):
2577         (JSC::ProfileNode::lastChild):
2578         (JSC::ProfileNode::nextSibling):
2579         (JSC::ProfileNode::setNextSibling):
2580
2581 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2582
2583         Web Inspector: fix prefixes for subclasses of JSC::ConsoleClient
2584         https://bugs.webkit.org/show_bug.cgi?id=136476
2585
2586         Reviewed by Timothy Hatcher.
2587
2588         * CMakeLists.txt:
2589         * JavaScriptCore.xcodeproj/project.pbxproj:
2590         * inspector/JSGlobalObjectConsoleClient.cpp: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.cpp.
2591         * inspector/JSGlobalObjectConsoleClient.h: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.h.
2592         * inspector/JSGlobalObjectInspectorController.cpp:
2593         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2594         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2595         * inspector/JSGlobalObjectInspectorController.h:
2596
2597 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2598
2599         Reenable call edge profiling and polymorphic call inlining, now that a bunch of the bugs
2600         are fixed.
2601
2602         * runtime/Options.h:
2603
2604 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2605
2606         JavaScriptCore should build with newer clang
2607         <http://webkit.org/b/136002>
2608         <rdar://problem/18020616>
2609
2610         Reviewed by Geoffrey Garen.
2611
2612         Other than the JSC::SourceProvider::asID() change (which simply
2613         removes code that the optimizing compiler would have discarded
2614         in Release builds), we move the |this| checks in OpaqueJSString
2615         to NULL checks in to JSBase, JSScriptRef, JSStringRef{CF} and
2616         JSValueRef.
2617
2618         * API/JSBase.cpp:
2619         (JSEvaluateScript): Use String() in case |script| or |sourceURL|
2620         are NULL.
2621         * API/JSScriptRef.cpp:
2622         (JSScriptCreateReferencingImmortalASCIIText): Use String() in
2623         case |url| is NULL.
2624         * API/JSStringRef.cpp:
2625         (JSStringGetLength): Return early if NULL pointer is passed in.
2626         (JSStringGetCharactersPtr): Ditto.
2627         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2628         * API/JSStringRefCF.cpp:
2629         (JSStringCopyCFString): Ditto.
2630         * API/JSValueRef.cpp:
2631         (JSValueMakeString): Use String() in case |string| is NULL.
2632
2633         * API/OpaqueJSString.cpp:
2634         (OpaqueJSString::string): Remove code that checks |this|.
2635         (OpaqueJSString::identifier): Ditto.
2636         (OpaqueJSString::characters): Ditto.
2637         * API/OpaqueJSString.h:
2638         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2639         (OpaqueJSString::characters8): Ditto.
2640         (OpaqueJSString::characters16): Ditto.
2641         (OpaqueJSString::length): Ditto.
2642
2643         * parser/SourceProvider.h:
2644         (JSC::SourceProvider::asID): Remove code that checks |this|.
2645
2646 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2647
2648         CallEdgeProfile::visitWeak() shouldn't attempt to despecify empty profiles
2649         https://bugs.webkit.org/show_bug.cgi?id=136511
2650
2651         Reviewed by Geoffrey Garen.
2652
2653         * bytecode/CallEdgeProfile.cpp:
2654         (JSC::CallEdgeProfile::worthDespecifying):
2655         (JSC::CallEdgeProfile::visitWeak):
2656         (JSC::CallEdgeProfile::mergeBack):
2657
2658 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2659
2660         REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction.h was removed
2661         <http://webkit.org/b/136509>
2662
2663         Reviewed by Daniel Bates.
2664
2665         * JavaScriptCore.xcodeproj/project.pbxproj: Remove the (null)
2666         entry left behind when JSBoundFunction.h was removed.
2667
2668 2014-09-03  Joseph Pecoraro  <pecoraro@apple.com>
2669
2670         Avoid warning if a process does not have access to com.apple.webinspector
2671         https://bugs.webkit.org/show_bug.cgi?id=136473
2672
2673         Reviewed by Alexey Proskuryakov.
2674
2675         Pre-check for access to the mach port to avoid emitting warnings
2676         in syslog for processes that do not have access.
2677
2678         * inspector/remote/RemoteInspector.mm:
2679         (Inspector::canAccessWebInspectorMachPort):
2680         (Inspector::RemoteInspector::shared):
2681
2682 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2683
2684         Temporarily disable call edge profiling. It is causing crashes and I'm still investigating
2685         them.
2686
2687         * runtime/Options.h:
2688
2689 2014-09-03  Balazs Kilvady  <kilvadyb@homejinni.com>
2690
2691         [MIPS] Wrong register usage in LLInt op_catch.
2692         https://bugs.webkit.org/show_bug.cgi?id=125168
2693
2694         Reviewed by Geoffrey Garen.
2695
2696         Fix register usage and add PIC header to all the ops in LLInt.
2697
2698         * offlineasm/instructions.rb:
2699         * offlineasm/mips.rb:
2700
2701 2014-09-03  Saam Barati  <saambarati1@gmail.com>
2702
2703         Create tests for type profiling
2704         https://bugs.webkit.org/show_bug.cgi?id=136161
2705
2706         Reviewed by Geoffrey Garen.
2707
2708         The type profiler is now being tested. These are basic tests that don't 
2709         check every edge case, but will catch any major failures in the type profiler. 
2710         These tests cover:
2711         - The basic, inheritance-based type system in TypeSet.
2712         - Function return types.
2713         - Correct merging of types for multiple assignments to one variable.
2714
2715         This patch also provides an API for writing new tests for
2716         the type profiler. The API works by passing in a function and a 
2717         unique substring of an expression contained in that function, and 
2718         returns an object representing type information for that expression.
2719
2720         * jsc.cpp:
2721         (GlobalObject::finishCreation):
2722         (functionFindTypeForExpression):
2723         (functionReturnTypeFor):
2724         * runtime/TypeProfiler.cpp:
2725         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
2726         * runtime/TypeProfiler.h:
2727         * runtime/TypeProfilerLog.h:
2728         * runtime/TypeSet.cpp:
2729         (JSC::TypeSet::toJSONString):
2730         (JSC::StructureShape::toJSONString):
2731         * runtime/TypeSet.h:
2732         * tests/typeProfiler: Added.
2733         * tests/typeProfiler.yaml: Added.
2734         * tests/typeProfiler/basic.js: Added.
2735         (wrapper.foo):
2736         (wrapper):
2737         * tests/typeProfiler/captured.js: Added.
2738         (wrapper.changeFoo):
2739         (wrapper):
2740         * tests/typeProfiler/driver: Added.
2741         * tests/typeProfiler/driver/driver.js: Added.
2742         (assert):
2743         * tests/typeProfiler/inheritance.js: Added.
2744         (wrapper.A):
2745         (wrapper.B):
2746         (wrapper.C):
2747         (wrapper):
2748         * tests/typeProfiler/return.js: Added.
2749         (foo):
2750         (Ctor):
2751
2752 2014-09-03  Julien Brianceau   <jbriance@cisco.com>
2753
2754         Add missing implementations to fix build for sh4 architecture
2755         https://bugs.webkit.org/show_bug.cgi?id=136455
2756
2757         Reviewed by Geoffrey Garen.
2758
2759         * assembler/MacroAssemblerSH4.h:
2760         (JSC::MacroAssemblerSH4::store8):
2761         (JSC::MacroAssemblerSH4::moveWithPatch):
2762         (JSC::MacroAssemblerSH4::branchAdd32):
2763         (JSC::MacroAssemblerSH4::branch32WithPatch):
2764         (JSC::MacroAssemblerSH4::abortWithReason):
2765         (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranch32WithPatch):
2766         (JSC::MacroAssemblerSH4::startOfPatchableBranch32WithPatchOnAddress):
2767         (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranch32WithPatch):
2768         * jit/AssemblyHelpers.h:
2769         (JSC::AssemblyHelpers::emitFunctionPrologue):
2770         (JSC::AssemblyHelpers::emitFunctionEpilogue):
2771
2772 2014-09-03  Dan Bernstein  <mitz@apple.com>
2773
2774         Get rid of HIGH_DPI_CANVAS leftovers
2775         https://bugs.webkit.org/show_bug.cgi?id=136491
2776
2777         Reviewed by Benjamin Poulain.
2778
2779         * Configurations/FeatureDefines.xcconfig: Removed definition of ENABLE_HIGH_DPI_CANVAS
2780         and removed it from FEATURE_DEFINES.
2781
2782 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2783
2784         CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
2785         https://bugs.webkit.org/show_bug.cgi?id=136490
2786
2787         Reviewed by Geoffrey Garen.
2788
2789         * bytecode/CallEdgeProfile.cpp:
2790         (JSC::CallEdgeProfile::visitWeak):
2791
2792 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2793
2794         FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
2795         https://bugs.webkit.org/show_bug.cgi?id=136488
2796
2797         Reviewed by Mark Hahnenberg.
2798
2799         * ftl/FTLCompile.cpp:
2800         (JSC::FTL::generateCheckInICFastPath): The call is in the slow path.
2801         * tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.
2802         (foo):
2803
2804 2014-09-03  Akos Kiss  <akiss@inf.u-szeged.hu>
2805
2806         Don't generate superfluous mov instructions for move immediate on ARM64.
2807         https://bugs.webkit.org/show_bug.cgi?id=136435
2808
2809         Reviewed by Michael Saboff.
2810
2811         On ARM64, the size of an immediate operand for a mov instruction is 16
2812         bits. Thus, a move immediate offlineasm instruction may potentially be
2813         split up to several machine level instructions. The current
2814         implementation always emits a mov for the least significant 16 bits of
2815         the value. However, if any of the bits 63:16 are significant then the
2816         first emitted mov already filled bits 15:0 with zeroes (or ones, for
2817         negative values). So, if bits 15:0 of the value are all zeroes (or ones)
2818         then the last mov does not need to be emitted.
2819
2820         * offlineasm/arm64.rb:
2821
2822 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2823
2824         LegacyProfiler: remove redundant ProfileNode members and other cleanup
2825         https://bugs.webkit.org/show_bug.cgi?id=136380
2826
2827         Reviewed by Timothy Hatcher.
2828
2829         ProfileNode's selfTime and totalTime members are redundant and only used
2830         for dumping profile data from debug-only code. Remove the members and compute
2831         the same data on-demand when necessary using a postorder traversal functor.
2832
2833         Remove ProfileNode.head since it is only used to calculate percentages for
2834         dumped profile data. This can be explicitly passed around when needed.
2835
2836         Rename Profile.head to Profile.rootNode, and other various renamings.
2837
2838         Rearrange some header includes so that touching LegacyProfiler-related headers
2839         will no longer cause a full rebuild.
2840
2841         * inspector/JSConsoleClient.cpp: Add header include.
2842         * inspector/agents/InspectorProfilerAgent.cpp:
2843         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
2844         * inspector/protocol/Profiler.json: Remove unused Profile.idleTime member.
2845         * jit/JIT.h: Remove header include.
2846         * jit/JITCode.h: Remove header include.
2847         * jit/JITOperations.cpp: Sort and add header include.
2848         * llint/LLIntSlowPaths.cpp: Sort and add header include.
2849         * profiler/Profile.cpp: Rename the debug dumping functions. Move the node
2850         postorder traversal code to ProfileNode so we can traverse any subtree.
2851         (JSC::Profile::Profile):
2852         (JSC::Profile::debugPrint):
2853         (JSC::Profile::debugPrintSampleStyle):
2854         (JSC::Profile::forEach): Deleted.
2855         (JSC::Profile::debugPrintData): Deleted.
2856         (JSC::Profile::debugPrintDataSampleStyle): Deleted.
2857         * profiler/Profile.h:
2858         * profiler/ProfileGenerator.cpp:
2859         (JSC::ProfileGenerator::ProfileGenerator):
2860         (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
2861         (JSC::AddParentForConsoleStartFunctor::operator()):
2862         (JSC::ProfileGenerator::addParentForConsoleStart):
2863         (JSC::ProfileGenerator::didExecute):
2864         (JSC::StopProfilingFunctor::operator()):
2865         (JSC::ProfileGenerator::stopProfiling):
2866         (JSC::ProfileGenerator::removeProfileStart):
2867         (JSC::ProfileGenerator::removeProfileEnd):
2868         * profiler/ProfileGenerator.h:
2869         * profiler/ProfileNode.cpp:
2870         (JSC::ProfileNode::ProfileNode):
2871         (JSC::ProfileNode::willExecute):
2872         (JSC::ProfileNode::removeChild):
2873         (JSC::ProfileNode::stopProfiling):
2874         (JSC::ProfileNode::endAndRecordCall):
2875         (JSC::ProfileNode::debugPrint):
2876         (JSC::ProfileNode::debugPrintSampleStyle):
2877         (JSC::ProfileNode::debugPrintRecursively):
2878         (JSC::ProfileNode::debugPrintSampleStyleRecursively):
2879         (JSC::ProfileNode::debugPrintData): Deleted.
2880         (JSC::ProfileNode::debugPrintDataSampleStyle): Deleted.
2881         * profiler/ProfileNode.h: Calculate per-node self and total times using a postorder traversal.
2882         The forEachNodePostorder functor traverses the subtree rooted at |this|.
2883         (JSC::ProfileNode::create):
2884         (JSC::ProfileNode::calls):
2885         (JSC::ProfileNode::forEachNodePostorder):
2886         (JSC::CalculateProfileSubtreeDataFunctor::returnValue):
2887         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
2888         (JSC::ProfileNode::head): Deleted.
2889         (JSC::ProfileNode::setHead): Deleted.
2890         (JSC::ProfileNode::totalTime): Deleted.
2891         (JSC::ProfileNode::setTotalTime): Deleted.
2892         (JSC::ProfileNode::selfTime): Deleted.
2893         (JSC::ProfileNode::setSelfTime): Deleted.
2894         (JSC::ProfileNode::totalPercent): Deleted.
2895         (JSC::ProfileNode::selfPercent): Deleted.
2896         * runtime/ConsoleClient.h: Remove header include.
2897
2898 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2899
2900         Web Inspector: remove ProfilerAgent and legacy profiler files in the frontend
2901         https://bugs.webkit.org/show_bug.cgi?id=136462
2902
2903         Reviewed by Timothy Hatcher.
2904
2905         It's not used by the frontend anymore.
2906
2907         * CMakeLists.txt:
2908         * DerivedSources.make:
2909         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2910         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2911         * JavaScriptCore.xcodeproj/project.pbxproj:
2912
2913         * inspector/JSConsoleClient.cpp:
2914         (Inspector::JSConsoleClient::JSConsoleClient): Stub out console.profile/profileEnd
2915         methods since they didn't work for JSContexts anyway.
2916         (Inspector::JSConsoleClient::profile):
2917         (Inspector::JSConsoleClient::profileEnd):
2918         * inspector/JSConsoleClient.h:
2919
2920         * inspector/JSGlobalObjectInspectorController.cpp:
2921         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2922         * inspector/agents/InspectorProfilerAgent.cpp: Removed.
2923         * inspector/agents/InspectorProfilerAgent.h: Removed.
2924         * inspector/agents/JSGlobalObjectProfilerAgent.cpp: Removed.
2925         * inspector/agents/JSGlobalObjectProfilerAgent.h: Removed.
2926         * inspector/protocol/Profiler.json: Removed.
2927
2928 2014-09-02  Andreas Kling  <akling@apple.com>
2929
2930         Optimize own property GetByVals with rope string subscripts.
2931         <https://webkit.org/b/136458>
2932
2933         For simple JSObjects that don't override getOwnPropertySlot to implement
2934         custom properties, we have a fast path that grabs directly at the object
2935         property storage.
2936
2937         Make this fast path even faster when the property name is an unresolved
2938         rope string by using JSString::toExistingAtomicString(). This is faster
2939         because it avoids allocating a new StringImpl if the string is already
2940         a known Identifier, which is guaranteed to be the case if it's present
2941         as an own property on the object.)
2942
2943         ~10% speed-up on Dromaeo/dom-attr.html
2944
2945         Reviewed by Geoffrey Garen.
2946
2947         * dfg/DFGOperations.cpp:
2948         * jit/JITOperations.cpp:
2949         (JSC::getByVal):
2950         * llint/LLIntSlowPaths.cpp:
2951         (JSC::LLInt::getByVal):
2952
2953             When using the fastGetOwnProperty() optimization, get the String
2954             out of JSString by using toExistingAtomicString(). This avoids
2955             StringImpl allocation and lets us bypass the PropertyTable lookup
2956             entirely if no AtomicString is found.
2957
2958         * runtime/JSCell.h:
2959         * runtime/JSCellInlines.h:
2960         (JSC::JSCell::fastGetOwnProperty):
2961
2962             Make fastGetOwnProperty() take a PropertyName instead of a String.
2963             This avoids churning the ref count, since we don't need to create
2964             a temporary wrapper around the AtomicStringImpl* found in GetByVal.
2965
2966         * runtime/PropertyName.h:
2967         (JSC::PropertyName::PropertyName):
2968
2969             Add constructor: PropertyName(AtomicStringImpl*)
2970
2971         * runtime/PropertyMapHashTable.h:
2972         (JSC::PropertyTable::get):
2973         (JSC::PropertyTable::findWithString): Deleted.
2974         * runtime/Structure.h:
2975         * runtime/StructureInlines.h:
2976         (JSC::Structure::get):
2977
2978             Remove code for querying a PropertyTable with an unhashed string key
2979             since the only client is now gone.
2980
2981 2014-09-02  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2982
2983         [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
2984         https://bugs.webkit.org/show_bug.cgi?id=136429
2985
2986         Reviewed by Csaba Osztrogonác.
2987
2988         Changed test32 to use tst to check if reg is zero, instead of cmp.
2989
2990         * assembler/MacroAssemblerARM.h:
2991         (JSC::MacroAssemblerARM::test32):
2992
2993 2014-09-02  Michael Saboff  <msaboff@apple.com>
2994
2995         Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
2996         https://bugs.webkit.org/show_bug.cgi?id=136305
2997
2998         Reviewed by Filip Pizlo.
2999
3000         While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
3001         and then JITCode::execute() calls the normal entrypoint.  This is incompatible
3002         with the expectation of FTL generated functions.  Changed ProtoCallFrame to not 
3003         perform the arity fix, but just flag an arity mismatch.  now JITCode::execute()
3004         uses that arity mismatch condition to select the normal or arity check
3005         entrypoint.  The entrypoint selection is only done for functions, programs
3006         and eval always have one parameter.
3007
3008         * interpreter/ProtoCallFrame.cpp:
3009         (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
3010         * interpreter/ProtoCallFrame.h:
3011         (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
3012         should be called.
3013         * jit/JITCode.cpp:
3014         (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
3015
3016 2014-09-02  peavo@outlook.com  <peavo@outlook.com>
3017
3018         [WinCairo] testapi.exe is not built.
3019         https://bugs.webkit.org/show_bug.cgi?id=136369
3020
3021         Reviewed by Alex Christensen.
3022
3023         The testapi project should be of type Application.
3024
3025         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
3026         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
3027         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
3028         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
3029
3030 2014-09-01  Akos Kiss  <akiss@inf.u-szeged.hu>
3031
3032         [CMAKE] Add missing offlineasm dependencies
3033         https://bugs.webkit.org/show_bug.cgi?id=136437
3034
3035         Reviewed by Csaba Osztrogonác.
3036
3037         Add the ARM64, MIPS and SH4 backends to the dependencies.
3038
3039         * CMakeLists.txt:
3040
3041 2014-09-01  Brian J. Burg  <burg@cs.washington.edu>
3042
3043         Provide column numbers to DTrace willExecute/didExecute probes
3044         https://bugs.webkit.org/show_bug.cgi?id=136434
3045
3046         Reviewed by Antti Koivisto.
3047
3048         Provide the columnNumber and update stubs for !HAVE(DTRACE).
3049
3050         * profiler/ProfileGenerator.cpp:
3051         (JSC::ProfileGenerator::willExecute):
3052         (JSC::ProfileGenerator::didExecute):
3053         * runtime/Tracing.d:
3054         * runtime/Tracing.h:
3055
3056 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3057
3058         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
3059         https://bugs.webkit.org/show_bug.cgi?id=136194
3060
3061         Reviewed by Csaba Osztrogonác.
3062
3063         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
3064
3065         * CMakeLists.txt:
3066
3067 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
3068
3069         Use RetainPtr::autorelease in some places where it seems appropriate
3070         https://bugs.webkit.org/show_bug.cgi?id=136280
3071
3072         Reviewed by Darin Adler.
3073
3074         * API/JSContext.mm:
3075         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
3076         * API/JSValue.mm:
3077         (valueToString): Make appropriate use of RetainPtr
3078
3079 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
3080
3081         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
3082         https://bugs.webkit.org/show_bug.cgi?id=136391
3083
3084         Reviewed by Michael Saboff.
3085
3086         Do not rely on calling conventions to fill in the CallerFrame component
3087         of the ExecState* parameter of the called function.
3088
3089         * llint/LowLevelInterpreter32_64.asm:
3090         * llint/LowLevelInterpreter64.asm:
3091
3092 2014-08-29  Saam Barati  <sbarati@apple.com>
3093
3094         emit op_profile_type for deconstruction assignments
3095         https://bugs.webkit.org/show_bug.cgi?id=136274
3096
3097         Reviewed by Filip Pizlo.
3098
3099         Enable type profiling for ES6 deconstruction expressions.
3100
3101         * bytecompiler/NodesCodegen.cpp:
3102         (JSC::BindingNode::bindValue):
3103
3104 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
3105
3106         JavaScriptCore: Use ASCIILiteral where possible
3107         https://bugs.webkit.org/show_bug.cgi?id=136179
3108
3109         Reviewed by Michael Saboff.
3110
3111         General string / character related changes. Use ASCIILiteral where
3112         possible, jsNontrivialString where possible, and replace string
3113         literals with character literals in some places.
3114
3115         No new tests, no changes to functionality.
3116
3117         * bytecode/CodeBlock.cpp:
3118         (JSC::CodeBlock::nameForRegister):
3119         * bytecompiler/NodesCodegen.cpp:
3120         (JSC::PostfixNode::emitBytecode):
3121         (JSC::PrefixNode::emitBytecode):
3122         (JSC::AssignErrorNode::emitBytecode):
3123         (JSC::ForInNode::emitMultiLoopBytecode):
3124         (JSC::ForOfNode::emitBytecode):
3125         (JSC::ObjectPatternNode::toString):
3126         * dfg/DFGFunctionWhitelist.cpp:
3127         (JSC::DFG::FunctionWhitelist::contains):
3128         * dfg/DFGOperations.cpp:
3129         (JSC::DFG::newTypedArrayWithSize):
3130         (JSC::DFG::newTypedArrayWithOneArgument):
3131         * inspector/ConsoleMessage.cpp:
3132         (Inspector::ConsoleMessage::addToFrontend):
3133         * inspector/InspectorBackendDispatcher.cpp:
3134         (Inspector::InspectorBackendDispatcher::dispatch):
3135         * inspector/ScriptCallStackFactory.cpp:
3136         (Inspector::extractSourceInformationFromException):
3137         * inspector/scripts/codegen/generator_templates.py:
3138         * interpreter/StackVisitor.cpp:
3139         (JSC::StackVisitor::Frame::functionName):
3140         (JSC::StackVisitor::Frame::sourceURL):
3141         * jit/JITOperations.cpp:
3142         * jsc.cpp:
3143         (functionDescribeArray):
3144         (functionRun):
3145         (functionLoad):
3146         (functionReadFile):
3147         (functionCheckSyntax):
3148         (functionTransferArrayBuffer):
3149         (runWithScripts):
3150         (runInteractive):
3151         * parser/Lexer.cpp:
3152         (JSC::Lexer<T>::invalidCharacterMessage):
3153         (JSC::Lexer<T>::parseString):
3154         (JSC::Lexer<T>::parseStringSlowCase):
3155         (JSC::Lexer<T>::lex):
3156         * profiler/Profile.cpp:
3157         (JSC::Profile::Profile):
3158         * runtime/Arguments.cpp:
3159         (JSC::argumentsFuncIterator):
3160         * runtime/ArrayPrototype.cpp:
3161         (JSC::performSlowSort):
3162         (JSC::arrayProtoFuncSort):
3163         * runtime/ExceptionHelpers.cpp:
3164         (JSC::createError):
3165         (JSC::createInvalidParameterError):
3166         (JSC::createNotAConstructorError):
3167         (JSC::createNotAFunctionError):
3168         (JSC::createNotAnObjectError):
3169         (JSC::createErrorForInvalidGlobalAssignment):
3170         * runtime/FunctionPrototype.cpp:
3171         (JSC::insertSemicolonIfNeeded):
3172         * runtime/JSArray.cpp:
3173         (JSC::JSArray::defineOwnProperty):
3174         (JSC::JSArray::pop):
3175         (JSC::JSArray::push):
3176         * runtime/JSArrayBufferConstructor.cpp:
3177         (JSC::JSArrayBufferConstructor::finishCreation):
3178         * runtime/JSArrayBufferPrototype.cpp:
3179         (JSC::arrayBufferProtoFuncSlice):
3180         * runtime/JSDataView.cpp:
3181         (JSC::JSDataView::create):
3182         * runtime/JSDataViewPrototype.cpp:
3183         (JSC::getData):
3184         (JSC::setData):
3185         * runtime/JSGlobalObject.cpp:
3186         (JSC::JSGlobalObject::reset):
3187         * runtime/JSGlobalObjectFunctions.cpp:
3188         (JSC::globalFuncProtoSetter):
3189         * runtime/JSPromiseConstructor.cpp:
3190         (JSC::JSPromiseConstructor::finishCreation):
3191         * runtime/LiteralParser.cpp:
3192         (JSC::LiteralParser<CharType>::Lexer::lex):
3193         (JSC::LiteralParser<CharType>::Lexer::lexString):
3194         (JSC::LiteralParser<CharType>::parse):
3195         * runtime/LiteralParser.h:
3196         (JSC::LiteralParser::getErrorMessage):
3197         * runtime/TypeSet.cpp:
3198         (JSC::TypeSet::seenTypes):
3199         (JSC::TypeSet::displayName):
3200         (JSC::TypeSet::allPrimitiveTypeNames):
3201         (JSC::StructureShape::propertyHash):
3202         (JSC::StructureShape::stringRepresentation):
3203
3204 2014-08-29  Csaba Osztrogonác  <ossy@webkit.org>
3205
3206         Unreviwed, remove empty directories.
3207
3208         * qt: Removed.
3209
3210 2014-08-28  Mark Lam  <mark.lam@apple.com>
3211
3212         DebuggerCallFrame::scope() should return a DebuggerScope.
3213         <https://webkit.org/b/134420>
3214
3215         Reviewed by Geoffrey Garen.
3216
3217         Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
3218
3219         Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
3220         peers) which the WebInspector will use to introspect CallFrame variables.
3221         Instead, we should be returning a DebuggerScope as an abstraction layer that
3222         provides the introspection functionality that the WebInspector needs.  This
3223         is the first step towards not forcing every frame to have a JSActivation
3224         object just because the debugger is enabled.
3225
3226         1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
3227            instead of the VM.  This allows JSObject::globalObject() to be able to
3228            return the global object for the DebuggerScope.
3229
3230         2. On the DebuggerScope's life-cycle management:
3231
3232            The DebuggerCallFrame is designed to be "valid" only during a debugging session
3233            (while the debugger is broken) through the use of a DebuggerCallFrameScope in
3234            Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
3235            DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
3236            We can't guarantee (from this code alone) that the Inspector code isn't still
3237            holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
3238            the frame will be invalidated, and any attempt to query it will return null values.
3239            This is pre-existing behavior.
3240
3241            Now, we're adding the DebuggerScope into the picture.  While a single debugger
3242            pause session is in progress, the Inspector may request the scope from the
3243            DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
3244            DebuggerCallFrame::scope() to always return the same DebuggerScope object.
3245            This is why we hold on to the DebuggerScope with a strong ref.
3246
3247            If we use a weak ref instead, the following cooky behavior can manifest:
3248            1. The Inspector calls Debugger::scope() to get the top scope.
3249            2. The Inspector iterates down the scope chain and is now only holding a
3250               reference to a parent scope.  It is no longer referencing the top scope.
3251            3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
3252               gets cleared.
3253            4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
3254               a different DebuggerScope instance.
3255            5. The Inspector iterates down the scope chain but never sees the parent scope
3256               instance that retained a ref to in step 2 above.  This is because when iterating
3257               this new DebuggerScope instance (which has no knowledge of the previous parent
3258               DebuggerScope instance), a new DebuggerScope instance will get created for the
3259               same parent scope. 
3260
3261            Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
3262            However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
3263            When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
3264            instantiated) will also get invalidated.  This is why we need the
3265            DebuggerScope::invalidateChain() method.  The Inspector should not be using the
3266            DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
3267            those methods will do nothing or returned a failed status.
3268
3269         Fix for <https://webkit.org/b/135656>:
3270         3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
3271            m_thisValue in the returned slot to the wrapped scope object.  Previously,
3272            it was pointing to the DebuggerScope though the rest of the fields in the
3273            returned slot will be set to data pertaining the wrapped scope object.
3274
3275         4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
3276            wrapped scope.  This is because JSObject::getPropertySlot() cannot be
3277            overridden, and when called on a DebuggerScope, will not know to look in
3278            the ptototype chain of the DebuggerScope's wrapped scope.  Hence, we'll
3279            treat all properties in the wrapped scope as own properties in the
3280            DebuggerScope.  This is fine because the WebInspector does not presently
3281            care about where in the prototype chain the scope property comes from.
3282
3283            Note that the DebuggerScope and the JSActivation objects that it wraps do
3284            not have prototypes.  They are always jsNull().  This works perfectly with
3285            the above change to use getPropertySlot() instead of getOwnPropertySlot().
3286            To make this an explicit invariant, I also changed DebuggerScope::createStructure()
3287            and JSActivation::createStructure() to not take a prototype argument, and
3288            to always use jsNull() for their prototype value.
3289
3290         * debugger/Debugger.h:
3291         * debugger/DebuggerCallFrame.cpp:
3292         (JSC::DebuggerCallFrame::scope):
3293         (JSC::DebuggerCallFrame::evaluate):
3294         (JSC::DebuggerCallFrame::invalidate):
3295         * debugger/DebuggerCallFrame.h:
3296         * debugger/DebuggerScope.cpp:
3297         (JSC::DebuggerScope::DebuggerScope):
3298         (JSC::DebuggerScope::finishCreation):
3299         (JSC::DebuggerScope::visitChildren):
3300         (JSC::DebuggerScope::className):
3301         (JSC::DebuggerScope::getOwnPropertySlot):
3302         (JSC::DebuggerScope::put):
3303         (JSC::DebuggerScope::deleteProperty):
3304         (JSC::DebuggerScope::getOwnPropertyNames):
3305         (JSC::DebuggerScope::defineOwnProperty):
3306         (JSC::DebuggerScope::next):
3307         (JSC::DebuggerScope::invalidateChain):
3308         (JSC::DebuggerScope::isWithScope):
3309         (JSC::DebuggerScope::isGlobalScope):
3310         (JSC::DebuggerScope::isFunctionOrEvalScope):
3311         * debugger/DebuggerScope.h:
3312         (JSC::DebuggerScope::create):
3313         (JSC::DebuggerScope::createStructure):
3314         (JSC::DebuggerScope::iterator::iterator):
3315         (JSC::DebuggerScope::iterator::get):
3316         (JSC::DebuggerScope::iterator::operator++):
3317         (JSC::DebuggerScope::iterator::operator==):
3318         (JSC::DebuggerScope::iterator::operator!=):
3319         (JSC::DebuggerScope::isValid):
3320         (JSC::DebuggerScope::jsScope):
3321         (JSC::DebuggerScope::begin):
3322         (JSC::DebuggerScope::end):
3323         * inspector/JSJavaScriptCallFrame.cpp:
3324         (Inspector::JSJavaScriptCallFrame::scopeType):
3325         (Inspector::JSJavaScriptCallFrame::scopeChain):
3326         * inspector/JavaScriptCallFrame.h:
3327         (Inspector::JavaScriptCallFrame::scopeChain):
3328         * inspector/ScriptDebugServer.cpp:
3329         * runtime/JSActivation.h:
3330         (JSC::JSActivation::createStructure):
3331         * runtime/JSGlobalObject.cpp:
3332         (JSC::JSGlobalObject::reset):
3333         (JSC::JSGlobalObject::visitChildren):
3334         * runtime/JSGlobalObject.h:
3335         (JSC::JSGlobalObject::debuggerScopeStructure):
3336         * runtime/JSObject.cpp:
3337         * runtime/JSObject.h:
3338         (JSC::JSObject::isWithScope):
3339         * runtime/JSScope.h:
3340         * runtime/PropertySlot.h:
3341         (JSC::PropertySlot::setThisValue):
3342         * runtime/PutPropertySlot.h:
3343         (JSC::PutPropertySlot::setThisValue):
3344         * runtime/VM.cpp:
3345         (JSC::VM::VM):
3346         * runtime/VM.h:
3347
3348 2014-08-28  Andreas Kling  <akling@apple.com>
3349
3350         Use JSString::toIdentifier() in more places.
3351         <https://webkit.org/b/136348>
3352
3353         Call sites that grab the WTF::String from a JSString using value() can
3354         use the more efficient toIdentifier() if the string is going to be used
3355         to construct an Identifier.
3356
3357         If the JSString is a rope that resolves to something that is already
3358         present in the VM's Identifier table, using toIdentifier() can avoid