Move back primary header includes next to config.h
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-17  Csaba Osztrogonác  <ossy@webkit.org>
2
3         Move back primary header includes next to config.h
4         https://bugs.webkit.org/show_bug.cgi?id=128912
5
6         Reviewed by Alexey Proskuryakov.
7
8         * dfg/DFGAbstractHeap.cpp:
9         * dfg/DFGAbstractValue.cpp:
10         * dfg/DFGArgumentsSimplificationPhase.cpp:
11         * dfg/DFGArithMode.cpp:
12         * dfg/DFGArrayMode.cpp:
13         * dfg/DFGAtTailAbstractState.cpp:
14         * dfg/DFGAvailability.cpp:
15         * dfg/DFGBackwardsPropagationPhase.cpp:
16         * dfg/DFGBasicBlock.cpp:
17         * dfg/DFGBinarySwitch.cpp:
18         * dfg/DFGBlockInsertionSet.cpp:
19         * dfg/DFGByteCodeParser.cpp:
20         * dfg/DFGCFAPhase.cpp:
21         * dfg/DFGCFGSimplificationPhase.cpp:
22         * dfg/DFGCPSRethreadingPhase.cpp:
23         * dfg/DFGCSEPhase.cpp:
24         * dfg/DFGCapabilities.cpp:
25         * dfg/DFGClobberSet.cpp:
26         * dfg/DFGClobberize.cpp:
27         * dfg/DFGCommon.cpp:
28         * dfg/DFGCommonData.cpp:
29         * dfg/DFGCompilationKey.cpp:
30         * dfg/DFGCompilationMode.cpp:
31         * dfg/DFGConstantFoldingPhase.cpp:
32         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
33         * dfg/DFGDCEPhase.cpp:
34         * dfg/DFGDesiredIdentifiers.cpp:
35         * dfg/DFGDesiredStructureChains.cpp:
36         * dfg/DFGDesiredTransitions.cpp:
37         * dfg/DFGDesiredWatchpoints.cpp:
38         * dfg/DFGDesiredWeakReferences.cpp:
39         * dfg/DFGDesiredWriteBarriers.cpp:
40         * dfg/DFGDisassembler.cpp:
41         * dfg/DFGDominators.cpp:
42         * dfg/DFGEdge.cpp:
43         * dfg/DFGFailedFinalizer.cpp:
44         * dfg/DFGFinalizer.cpp:
45         * dfg/DFGFixupPhase.cpp:
46         * dfg/DFGFlushFormat.cpp:
47         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
48         * dfg/DFGFlushedAt.cpp:
49         * dfg/DFGGraph.cpp:
50         * dfg/DFGGraphSafepoint.cpp:
51         * dfg/DFGInPlaceAbstractState.cpp:
52         * dfg/DFGIntegerCheckCombiningPhase.cpp:
53         * dfg/DFGInvalidationPointInjectionPhase.cpp:
54         * dfg/DFGJITCode.cpp:
55         * dfg/DFGJITCompiler.cpp:
56         * dfg/DFGJITFinalizer.cpp:
57         * dfg/DFGJumpReplacement.cpp:
58         * dfg/DFGLICMPhase.cpp:
59         * dfg/DFGLazyJSValue.cpp:
60         * dfg/DFGLivenessAnalysisPhase.cpp:
61         * dfg/DFGLongLivedState.cpp:
62         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
63         * dfg/DFGMinifiedNode.cpp:
64         * dfg/DFGNaturalLoops.cpp:
65         * dfg/DFGNode.cpp:
66         * dfg/DFGNodeFlags.cpp:
67         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
68         * dfg/DFGOSREntry.cpp:
69         * dfg/DFGOSREntrypointCreationPhase.cpp:
70         * dfg/DFGOSRExit.cpp:
71         * dfg/DFGOSRExitBase.cpp:
72         * dfg/DFGOSRExitCompiler.cpp:
73         * dfg/DFGOSRExitCompiler32_64.cpp:
74         * dfg/DFGOSRExitCompiler64.cpp:
75         * dfg/DFGOSRExitCompilerCommon.cpp:
76         * dfg/DFGOSRExitJumpPlaceholder.cpp:
77         * dfg/DFGOSRExitPreparation.cpp:
78         * dfg/DFGPhase.cpp:
79         * dfg/DFGPlan.cpp:
80         * dfg/DFGPredictionInjectionPhase.cpp:
81         * dfg/DFGPredictionPropagationPhase.cpp:
82         * dfg/DFGResurrectionForValidationPhase.cpp:
83         * dfg/DFGSSAConversionPhase.cpp:
84         * dfg/DFGSSALoweringPhase.cpp:
85         * dfg/DFGSafepoint.cpp:
86         * dfg/DFGSpeculativeJIT.cpp:
87         * dfg/DFGSpeculativeJIT32_64.cpp:
88         * dfg/DFGSpeculativeJIT64.cpp:
89         * dfg/DFGStackLayoutPhase.cpp:
90         * dfg/DFGStoreBarrierElisionPhase.cpp:
91         * dfg/DFGStrengthReductionPhase.cpp:
92         * dfg/DFGThreadData.cpp:
93         * dfg/DFGThunks.cpp:
94         * dfg/DFGTierUpCheckInjectionPhase.cpp:
95         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
96         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
97         * dfg/DFGTypeCheckHoistingPhase.cpp:
98         * dfg/DFGUnificationPhase.cpp:
99         * dfg/DFGUseKind.cpp:
100         * dfg/DFGValidate.cpp:
101         * dfg/DFGValueSource.cpp:
102         * dfg/DFGVariableAccessDataDump.cpp:
103         * dfg/DFGVariableEvent.cpp:
104         * dfg/DFGVariableEventStream.cpp:
105         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
106         * dfg/DFGWatchpointCollectionPhase.cpp:
107         * dfg/DFGWorklist.cpp:
108         * heap/JITStubRoutineSet.cpp:
109         * jit/GCAwareJITStubRoutine.cpp:
110         * jit/JIT.cpp:
111         * jit/JITDisassembler.cpp:
112         * jit/JITOperations.cpp:
113         * jit/JITStubRoutine.cpp:
114         * jit/JITStubs.cpp:
115         * jit/TempRegisterSet.cpp:
116
117 2014-02-16  Filip Pizlo  <fpizlo@apple.com>
118
119         FTL OSR exit shouldn't make X86-specific assumptions
120         https://bugs.webkit.org/show_bug.cgi?id=128890
121
122         Reviewed by Mark Hahnenberg.
123
124         Mostly this is about not using push/pop, but instead using the more abstract pushToSave() and popToRestore() while reflecting on the stack alignment.
125
126         * assembler/MacroAssembler.h:
127         (JSC::MacroAssembler::pushToSaveImmediateWithoutTouchingRegisters):
128         (JSC::MacroAssembler::pushToSaveByteOffset):
129         * assembler/MacroAssemblerARM64.h:
130         (JSC::MacroAssemblerARM64::pushToSaveImmediateWithoutTouchingRegisters):
131         (JSC::MacroAssemblerARM64::pushToSaveByteOffset):
132         * ftl/FTLExitThunkGenerator.cpp:
133         (JSC::FTL::ExitThunkGenerator::emitThunk):
134         * ftl/FTLOSRExitCompiler.cpp:
135         (JSC::FTL::compileStub):
136         * ftl/FTLThunks.cpp:
137         (JSC::FTL::osrExitGenerationThunkGenerator):
138
139 2014-02-17  Filip Pizlo  <fpizlo@apple.com>
140
141         Unreviewed, make this test pass without DFG. It was assuming that you always have DFG
142         and that it would always tier-up to the DFG - both wrong assumptions.
143
144         * tests/stress/tricky-array-bounds-checks.js:
145         (foo):
146
147 2014-02-17  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
148
149         Fix the CLoop build after r163760
150         https://bugs.webkit.org/show_bug.cgi?id=128900
151
152         Reviewed by Csaba Osztrogonác.
153
154         * llint/LLIntThunks.cpp:
155
156 2014-02-17  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
157
158         CLoop buildfix after r164207
159         https://bugs.webkit.org/show_bug.cgi?id=128899
160
161         Reviewed by Csaba Osztrogonác.
162
163         * dfg/DFGCommon.h:
164         (JSC::DFG::shouldShowDisassembly):
165
166 2014-02-16  Filip Pizlo  <fpizlo@apple.com>
167
168         Unreviewed, 32-bit build fix.
169
170         * assembler/MacroAssembler.h:
171         (JSC::MacroAssembler::lshiftPtr):
172
173 2014-02-15  Filip Pizlo  <fpizlo@apple.com>
174
175         FTL should inline polymorphic heap accesses
176         https://bugs.webkit.org/show_bug.cgi?id=128795
177
178         Reviewed by Oliver Hunt.
179         
180         We now inline GetByIds that we know are pure but polymorphic. They manifest in DFG IR
181         as MultiGetByOffset, and in LLVM IR as a switch with a basic block for each kind of
182         read.
183         
184         2% speed-up on Octane mostly due to a 18% speed-up on deltablue.
185
186         * CMakeLists.txt:
187         * GNUmakefile.list.am:
188         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
189         * JavaScriptCore.xcodeproj/project.pbxproj:
190         * bytecode/CodeBlock.cpp:
191         (JSC::CodeBlock::dumpBytecode):
192         * bytecode/ExitingJITType.cpp: Added.
193         (WTF::printInternal):
194         * bytecode/ExitingJITType.h:
195         * bytecode/GetByIdStatus.cpp:
196         (JSC::GetByIdStatus::computeFromLLInt):
197         (JSC::GetByIdStatus::computeForChain):
198         (JSC::GetByIdStatus::computeForStubInfo):
199         (JSC::GetByIdStatus::computeFor):
200         (JSC::GetByIdStatus::dump):
201         * bytecode/GetByIdStatus.h:
202         (JSC::GetByIdStatus::GetByIdStatus):
203         (JSC::GetByIdStatus::numVariants):
204         (JSC::GetByIdStatus::variants):
205         (JSC::GetByIdStatus::at):
206         (JSC::GetByIdStatus::operator[]):
207         * bytecode/GetByIdVariant.cpp: Added.
208         (JSC::GetByIdVariant::dump):
209         (JSC::GetByIdVariant::dumpInContext):
210         * bytecode/GetByIdVariant.h: Added.
211         (JSC::GetByIdVariant::GetByIdVariant):
212         (JSC::GetByIdVariant::isSet):
213         (JSC::GetByIdVariant::operator!):
214         (JSC::GetByIdVariant::structureSet):
215         (JSC::GetByIdVariant::chain):
216         (JSC::GetByIdVariant::specificValue):
217         (JSC::GetByIdVariant::offset):
218         * dfg/DFGAbstractInterpreterInlines.h:
219         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
220         * dfg/DFGByteCodeParser.cpp:
221         (JSC::DFG::ByteCodeParser::emitPrototypeChecks):
222         (JSC::DFG::ByteCodeParser::handleGetById):
223         (JSC::DFG::ByteCodeParser::parseBlock):
224         * dfg/DFGCSEPhase.cpp:
225         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
226         (JSC::DFG::CSEPhase::performNodeCSE):
227         * dfg/DFGClobberize.h:
228         (JSC::DFG::clobberize):
229         * dfg/DFGCommon.h:
230         (JSC::DFG::verboseCompilationEnabled):
231         (JSC::DFG::logCompilationChanges):
232         (JSC::DFG::shouldShowDisassembly):
233         * dfg/DFGConstantFoldingPhase.cpp:
234         (JSC::DFG::ConstantFoldingPhase::foldConstants):
235         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
236         * dfg/DFGDriver.cpp:
237         (JSC::DFG::compileImpl):
238         * dfg/DFGFixupPhase.cpp:
239         (JSC::DFG::FixupPhase::fixupNode):
240         * dfg/DFGGraph.cpp:
241         (JSC::DFG::Graph::dump):
242         * dfg/DFGGraph.h:
243         (JSC::DFG::Graph::convertToConstant):
244         * dfg/DFGNode.h:
245         (JSC::DFG::Node::convertToGetByOffset):
246         (JSC::DFG::Node::hasHeapPrediction):
247         (JSC::DFG::Node::hasMultiGetByOffsetData):
248         (JSC::DFG::Node::multiGetByOffsetData):
249         * dfg/DFGNodeType.h:
250         * dfg/DFGPhase.h:
251         (JSC::DFG::Phase::graph):
252         (JSC::DFG::runAndLog):
253         * dfg/DFGPlan.cpp:
254         (JSC::DFG::dumpAndVerifyGraph):
255         (JSC::DFG::Plan::compileInThread):
256         (JSC::DFG::Plan::compileInThreadImpl):
257         * dfg/DFGPredictionPropagationPhase.cpp:
258         (JSC::DFG::PredictionPropagationPhase::propagate):
259         * dfg/DFGSafeToExecute.h:
260         (JSC::DFG::safeToExecute):
261         * dfg/DFGSpeculativeJIT32_64.cpp:
262         (JSC::DFG::SpeculativeJIT::compile):
263         * dfg/DFGSpeculativeJIT64.cpp:
264         (JSC::DFG::SpeculativeJIT::compile):
265         * dfg/DFGTypeCheckHoistingPhase.cpp:
266         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
267         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
268         * ftl/FTLCapabilities.cpp:
269         (JSC::FTL::canCompile):
270         * ftl/FTLCompile.cpp:
271         (JSC::FTL::fixFunctionBasedOnStackMaps):
272         (JSC::FTL::compile):
273         * ftl/FTLLowerDFGToLLVM.cpp:
274         (JSC::FTL::LowerDFGToLLVM::compileNode):
275         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
276         * ftl/FTLState.h:
277         (JSC::FTL::verboseCompilationEnabled):
278         (JSC::FTL::showDisassembly):
279         * jsc.cpp:
280         (GlobalObject::finishCreation):
281         (functionEffectful42):
282         * runtime/IntendedStructureChain.cpp:
283         (JSC::IntendedStructureChain::dump):
284         (JSC::IntendedStructureChain::dumpInContext):
285         * runtime/IntendedStructureChain.h:
286         * runtime/Options.cpp:
287         (JSC::recomputeDependentOptions):
288         * runtime/Options.h:
289         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-with-watchpoint.js: Added.
290         (foo):
291         (bar):
292         * tests/stress/fold-multi-get-by-offset-to-get-by-offset.js: Added.
293         (foo):
294         (bar):
295         * tests/stress/multi-get-by-offset-proto-and-self.js: Added.
296         (foo):
297         (Foo):
298
299 2014-02-16  Filip Pizlo  <fpizlo@apple.com>
300
301         DFG::prepareOSREntry should be nice to the stack
302         https://bugs.webkit.org/show_bug.cgi?id=128883
303
304         Reviewed by Oliver Hunt.
305         
306         Previously OSR entry had some FIXME's and some really badly commented-out code for
307         clearing stack entries to help GC. It also did some permutations on a stack frame
308         above us, in such a way that it wasn't obviously that we wouldn't clobber our own
309         stack frame. This function also crashed in ASan.
310         
311         It just seems like there was too much badness to the whole idea of prepareOSREntry
312         directly editing the stack. So, I changed it to create a stack frame in a scratch
313         buffer on the side and then have some assembly code just copy it into place. This
314         works fine, fixes a FIXME, possibly fixes some stack clobbering, and might help us
315         make more progress with ASan.
316
317         * dfg/DFGOSREntry.cpp:
318         (JSC::DFG::prepareOSREntry):
319         * dfg/DFGOSREntry.h:
320         * dfg/DFGThunks.cpp:
321         (JSC::DFG::osrEntryThunkGenerator):
322         * dfg/DFGThunks.h:
323         * jit/JITOpcodes.cpp:
324         (JSC::JIT::emitSlow_op_loop_hint):
325         * jit/JITOperations.cpp:
326
327 2014-02-15  Filip Pizlo  <fpizlo@apple.com>
328
329         Vector with inline capacity should work with non-PODs
330         https://bugs.webkit.org/show_bug.cgi?id=128864
331
332         Reviewed by Michael Saboff.
333         
334         Deques no longer have inline capacity because it was broken, and we didn't need it
335         here anyway.
336
337         * dfg/DFGWorklist.h:
338
339 2014-02-15  Filip Pizlo  <fpizlo@apple.com>
340
341         Unreviewed, roll out r164166.
342
343         This broke three unique tests:
344
345         ** The following JSC stress test failures have been introduced:
346             regress/script-tests/variadic-closure-call.js.default-ftl
347             regress/script-tests/variadic-closure-call.js.ftl-no-cjit-validate
348             regress/script-tests/variadic-closure-call.js.ftl-no-cjit-osr-validation
349             regress/script-tests/variadic-closure-call.js.ftl-eager
350             regress/script-tests/variadic-closure-call.js.ftl-eager-no-cjit
351             regress/script-tests/variadic-closure-call.js.ftl-eager-no-cjit-osr-validation
352             jsc-layout-tests.yaml/js/script-tests/unmatching-argument-count.js.layout-ftl-eager-no-cjit
353             regress/script-tests/direct-arguments-getbyval.js.ftl-eager-no-cjit
354             regress/script-tests/direct-arguments-getbyval.js.ftl-eager-no-cjit-osr-validation
355
356         * bytecode/PolymorphicAccessStructureList.h:
357         * ftl/FTLCapabilities.cpp:
358         (JSC::FTL::canCompile):
359         * ftl/FTLLowerDFGToLLVM.cpp:
360         (JSC::FTL::LowerDFGToLLVM::compileNode):
361         * tests/stress/ftl-getbyval-arguments.js:
362
363 2014-02-15  Matthew Mirman  <mmirman@apple.com>
364
365         Added GetMyArgumentByVal to FTL
366         https://bugs.webkit.org/show_bug.cgi?id=128850
367
368         Reviewed by Filip Pizlo.
369
370         * ftl/FTLCapabilities.cpp:
371         (JSC::FTL::canCompile):
372         * ftl/FTLLowerDFGToLLVM.cpp:
373         (JSC::FTL::LowerDFGToLLVM::compileNode):
374         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentByVal):
375         * tests/stress/ftl-getbyval-arguments.js: Added.
376         (foo):
377
378 2014-02-15  peavo@outlook.com  <peavo@outlook.com>
379
380         [Win] LLINT is not working.
381         https://bugs.webkit.org/show_bug.cgi?id=128115
382
383         Reviewed by Mark Lam.
384
385         This patch will generate assembly code with Intel syntax, which can be processed by the Microsoft assembler (MASM).
386         By creating an asm file instead of a header file with inline assembly, we can support 64-bit.
387         Only 32-bit compilation has been tested, not 64-bit.
388         The aim of this patch is to get LLINT up and running on Windows.
389
390         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added new files, and generated asm file.
391         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
392         * LLIntAssembly/build-LLIntAssembly.sh: Generate dummy asm file in case we're using C backend.
393         * bytecode/CallLinkStatus.cpp:
394         (JSC::CallLinkStatus::computeFor): Compile fix when DFG is disabled.
395         * bytecode/GetByIdStatus.cpp:
396         (JSC::GetByIdStatus::computeFor): Ditto.
397         * bytecode/GetByIdStatus.h: Ditto.
398         * bytecode/PutByIdStatus.cpp:
399         (JSC::PutByIdStatus::computeFor): Ditto.
400         * bytecode/PutByIdStatus.h: Ditto.
401         * llint/LLIntData.cpp:
402         (JSC::LLInt::initialize): Compile fix.
403         * llint/LLIntSlowPaths.h: Added llint_crash function.
404         * llint/LLIntSlowPaths.cpp: Ditto.        
405         * llint/LowLevelInterpreter.cpp: Disable code for Windows.
406         * llint/LowLevelInterpreter.asm: Remove instruction which generates incorrect assembly code on Windows (MOV 0xbbadbeef, register), call llint_crash instead.
407         Make local labels visible to MASM on Windows.
408         * llint/LowLevelInterpreter32_64.asm: Make local labels visible to MASM on Windows.
409         * offlineasm/asm.rb: Generate asm file with Intel assembly syntax.
410         * offlineasm/settings.rb: Ditto.
411         * offlineasm/x86.rb: Ditto.
412
413 2014-02-14  Joseph Pecoraro  <pecoraro@apple.com>
414
415         Web Inspector: CRASH when debugger closes while paused and remote inspecting a JSContext
416         https://bugs.webkit.org/show_bug.cgi?id=127757
417
418         Reviewed by Timothy Hatcher.
419
420         The problem was that the lifetime of the InspectorController and all agents
421         was tied to the remote inspector session. So, if a remote inspector was
422         disconnected while in the nested run loop, everything would get torn
423         down and when execution continued out of the nested runloop we would be
424         back in the original call stack of destroyed objects.
425
426         This patch changes the lifetime of the InspectorController and agents to
427         the JSGlobalObject. This way the agents are always alive, just the
428         frontend and backend channels are destroyed and recreated each remote
429         inspector session. This matches the agent lifetime for WebCore agents.
430         We can also later take advantage of the agents being alive before
431         and between inspector debug sessions to stash exception messages to
432         pass on to a debugger if a debugger is connected later.
433
434         * inspector/JSGlobalObjectInspectorController.h:
435         * inspector/JSGlobalObjectInspectorController.cpp:
436         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
437         Cleaner initialization of agents. Easier to follow.
438
439         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
440         Move InjectedScript disconnection only once the global object is destroyed.
441         This way if a developer has attached once and included an injected script,
442         we will keep it around with any state it might want to remember until
443         the global object is destroyed.
444
445         (Inspector::JSGlobalObjectInspectorController::globalObjectDestroyed):
446         Disconnect agents and injected scripts when the global object is destroyed.
447
448         * inspector/InjectedScriptManager.cpp:
449         (Inspector::InjectedScriptManager::disconnect):
450         Now that the injected script manager is reused between remote
451         inspector sessions, don't clear the pointer on disconnect calls.
452         We now only call this once when the global object is getting
453         destroyed anyways so it doesn't matter. But if we wanted to call
454         disconnect multiple times, e.g. once per session, we could.
455
456         * inspector/ScriptDebugServer.cpp:
457         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
458         If the only listener was removed during the nested runloop, then when
459         we dispatch an event after the nested runloop the listener list will
460         be empty. Instead of asserting, just pass by an empty list.
461
462         * runtime/JSGlobalObject.h:
463         (JSC::JSGlobalObject::inspectorController):
464         Tie the inspector controller lifetime to the JSGlobalObject.
465
466         * runtime/JSGlobalObject.cpp:
467         (JSC::JSGlobalObject::~JSGlobalObject):
468         (JSC::JSGlobalObject::init):
469         Create the inspector controller, and eagerly signal teardown
470         in destruction.
471
472         * runtime/JSGlobalObjectDebuggable.h:
473         * runtime/JSGlobalObjectDebuggable.cpp:
474         (JSC::JSGlobalObjectDebuggable::connect):
475         (JSC::JSGlobalObjectDebuggable::disconnect):
476         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
477         Simplify by using the inspector controller on JSGlobalObject.
478
479 2014-02-14  Mark Hahnenberg  <mhahnenberg@apple.com>
480
481         -[JSManagedValue value] needs to be protected by the API lock
482         https://bugs.webkit.org/show_bug.cgi?id=128857
483
484         Reviewed by Mark Lam.
485
486         * API/APICast.h:
487         (toRef): Added an ASSERT so that we can detect these sorts of errors earlier. On 32-bit, toRef
488         can allocate objects so we need to be holding the lock.
489         * API/APIShims.h: Removed outdated comments.
490         * API/JSManagedValue.mm: Added RefPtr<JSLock> to JSManagedValue.
491         (-[JSManagedValue initWithValue:]): Initialize the m_lock field.
492         (-[JSManagedValue value]): Lock the JSLock, check the VM*, return nil if invalid, take the APIEntryShim otherwise.
493         * runtime/JSLock.cpp: Bug fix in JSLock. We were assuming that the VM was always non-null in JSLock::lock.
494         (JSC::JSLock::lock):
495
496 2014-02-14  Oliver Hunt  <oliver@apple.com>
497
498         Implement a few more Array prototype functions in JS
499         https://bugs.webkit.org/show_bug.cgi?id=128788
500
501         Reviewed by Gavin Barraclough.
502
503         Remove a pile of awful C++, and rewrite in simple JS.
504
505         Needed to make a few other changes to get fully builtins
506         behavior to more accurately match a host function's.
507
508         * builtins/Array.prototype.js:
509         (every):
510         (forEach):
511         (filter):
512         (map):
513         (some):
514         * builtins/BuiltinExecutables.cpp:
515         (JSC::BuiltinExecutables::BuiltinExecutables):
516         (JSC::BuiltinExecutables::createBuiltinExecutable):
517         * bytecompiler/BytecodeGenerator.cpp:
518         (JSC::BytecodeGenerator::BytecodeGenerator):
519         (JSC::BytecodeGenerator::emitPutByVal):
520         * bytecompiler/BytecodeGenerator.h:
521         (JSC::BytecodeGenerator::emitExpressionInfo):
522         * interpreter/Interpreter.cpp:
523         (JSC::GetStackTraceFunctor::operator()):
524         * parser/Nodes.h:
525         (JSC::FunctionBodyNode::overrideName):
526         * profiler/LegacyProfiler.cpp:
527         (JSC::createCallIdentifierFromFunctionImp):
528         * runtime/ArrayPrototype.cpp:
529         * runtime/JSFunction.cpp:
530         (JSC::JSFunction::deleteProperty):
531         * runtime/JSFunction.h:
532
533 2014-02-14  Mark Hahnenberg  <mhahnenberg@apple.com>
534
535         ASSERT(isValidAllocation(bytes)) when ObjC API creates custom errors
536         https://bugs.webkit.org/show_bug.cgi?id=128840
537
538         Reviewed by Joseph Pecoraro.
539
540         We need to add APIEntryShims around places where we allocate errors in JSC.
541         Also converted some of the createTypeError call sites to use ASCIILiteral.
542
543         * API/JSValue.mm:
544         (valueToArray):
545         (valueToDictionary):
546         * API/ObjCCallbackFunction.mm:
547         (JSC::objCCallbackFunctionCallAsConstructor):
548         (JSC::ObjCCallbackFunctionImpl::call):
549         * API/tests/testapi.mm:
550
551 2014-02-14  Mark Hahnenberg  <mhahnenberg@apple.com>
552
553         Baseline JIT should have a fast path to bypass the write barrier on op_enter
554         https://bugs.webkit.org/show_bug.cgi?id=128832
555
556         Reviewed by Filip Pizlo.
557
558         * jit/JIT.h: Removed some random commented out functions.h
559         * jit/JITOpcodes.cpp:
560         (JSC::JIT::emit_op_enter):
561         * jit/JITPropertyAccess.cpp:
562         (JSC::JIT::emitWriteBarrier):
563
564 2014-02-14  Filip Pizlo  <fpizlo@apple.com>
565
566         Don't optimize variadic closure calls
567         https://bugs.webkit.org/show_bug.cgi?id=128835
568
569         Reviewed by Gavin Barraclough.
570         
571         Read the check that had been in JITStubs.cpp, back in the day. This code came
572         from the DFG and the DFG didn't need these checks.
573
574         * jit/JITOperations.cpp:
575
576 2014-02-14  David Kilzer  <ddkilzer@apple.com>
577
578         [ASan] Disable JSStack::sanitizeStack() to avoid false-positive stack-buffer-overflow errors
579         <http://webkit.org/b/128819>
580
581         Reviewed by Filip Pizlo.
582
583         * interpreter/JSStack.cpp:
584         (JSC::JSStack::sanitizeStack): When building with the clang
585         address sanitizer, don't sanitize the stack since it will
586         trigger false-positive stack-buffer-overflow errors.  Disabling
587         this only results in a performance penalty, not a correctness
588         penalty.
589
590 2014-02-14  Andres Gomez  <agomez@igalia.com>
591
592         Cleaning the JSStaticScopeObject files left behind after renaming their objects to JSNameScope
593         https://bugs.webkit.org/show_bug.cgi?id=127595
594
595         Reviewed by Mario Sanchez Prada.
596
597         JSStaticScopeObject was renamed to JSNameScope and removed long
598         ago but the files were left behind empty and the CMake compilation
599         in need of its existance. Now, we are definitely getting rid of
600         them.
601
602         * CMakeLists.txt:
603         * runtime/JSStaticScopeObject.cpp: Removed.
604         * runtime/JSStaticScopeObject.h: Removed.
605
606 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
607
608         Kill some of the last vestiges of the C++ interpreter's PICs
609         https://bugs.webkit.org/show_bug.cgi?id=128796
610
611         Reviewed by Michael Saboff.
612
613         * bytecode/BytecodeUseDef.h:
614         (JSC::computeUsesForBytecodeOffset):
615         (JSC::computeDefsForBytecodeOffset):
616         * bytecode/CodeBlock.cpp:
617         (JSC::CodeBlock::printGetByIdOp):
618         (JSC::CodeBlock::printGetByIdCacheStatus):
619         (JSC::CodeBlock::dumpBytecode):
620         (JSC::CodeBlock::CodeBlock):
621         * bytecode/GetByIdStatus.cpp:
622         (JSC::GetByIdStatus::computeForStubInfo):
623         * bytecode/Opcode.h:
624         (JSC::padOpcodeName):
625         * bytecode/PolymorphicAccessStructureList.h:
626         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
627         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
628         (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
629         (JSC::PolymorphicAccessStructureList::visitWeak):
630         * bytecode/StructureStubInfo.cpp:
631         (JSC::StructureStubInfo::deref):
632         (JSC::StructureStubInfo::visitWeakReferences):
633         * bytecode/StructureStubInfo.h:
634         (JSC::isGetByIdAccess):
635         * jit/JIT.cpp:
636         (JSC::JIT::privateCompileMainPass):
637         * jit/Repatch.cpp:
638         (JSC::getPolymorphicStructureList):
639         (JSC::tryBuildGetByIDList):
640         * llint/LowLevelInterpreter.asm:
641
642 2014-02-13  Mark Lam  <mark.lam@apple.com>
643
644         The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs. Part 2.
645         <https://webkit.org/b/128764>
646
647         Reviewed by Mark Hahnenberg.
648
649         toJS() is the wrong cast function to use. We need to use toJSForGC() instead.
650         Also we need to acquire the JSLock to prevent concurrent accesses to the
651         Strong handle list.
652
653         * API/JSValue.mm:
654         (JSContainerConvertor::add):
655         (containerValueToObject):
656         (ObjcContainerConvertor::add):
657         (objectToValue):
658
659 2014-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
660
661         JSManagedValue::dealloc modifies NSMapTable while iterating it
662         https://bugs.webkit.org/show_bug.cgi?id=128713
663
664         Reviewed by Geoffrey Garen.
665
666         Having to write a test for this revealed a bug in how addManagedReference:withOwner:
667         actually notifies JSManagedValues of new owners.
668
669         * API/JSManagedValue.mm:
670         (-[JSManagedValue dealloc]):
671         * API/JSVirtualMachine.mm:
672         (-[JSVirtualMachine addManagedReference:withOwner:]):
673         (-[JSVirtualMachine removeManagedReference:withOwner:]):
674         * API/tests/testapi.mm:
675         (testObjectiveCAPI):
676
677 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
678
679         Unreviewed, fix build.
680
681         * ftl/FTLLowerDFGToLLVM.cpp:
682         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
683
684 2014-02-13  Ryosuke Niwa  <rniwa@webkit.org>
685
686         Speculative Release build fix after r164077.
687
688         * API/JSValue.mm:
689
690 2014-02-13  Mark Lam  <mark.lam@apple.com>
691
692         The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs.
693         <https://webkit.org/b/128764>
694
695         Reviewed by Mark Hahnenberg.
696
697         Added a vector of Strong<Unknown> references in the 2 containers, and append
698         the newly created JSValues to those vectors. This will keep all those JS objects
699         alive for the duration of the conversion.
700
701         * API/JSValue.mm:
702         (JSContainerConvertor::add):
703         (ObjcContainerConvertor::add):
704
705 2014-02-13  Matthew Mirman  <mmirman@apple.com>
706
707         Added GetMyArgumentsLength to FTL
708         https://bugs.webkit.org/show_bug.cgi?id=128758
709
710         Reviewed by Filip Pizlo.
711
712         * ftl/FTLCapabilities.cpp:
713         (JSC::FTL::canCompile):
714         * ftl/FTLLowerDFGToLLVM.cpp:
715         (JSC::FTL::LowerDFGToLLVM::compileNode):
716         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
717         * tests/stress/ftl-getmyargumentslength.js: Added.
718         (foo):
719
720 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
721
722         Unreviewed, roll out http://trac.webkit.org/changeset/164066.
723         
724         It broke tests and it was just plain wrong.
725
726         * bytecode/GetByIdStatus.cpp:
727         (JSC::GetByIdStatus::computeFromLLInt):
728         (JSC::GetByIdStatus::computeForStubInfo):
729         * runtime/Structure.h:
730         (JSC::Structure::takesSlowPathInDFGForImpureProperty):
731
732 2014-02-13  Ryuan Choi  <ryuan.choi@samsung.com>
733
734         Unreviewed build fix.
735
736         Fixed typo.
737
738         * dfg/DFGIntegerCheckCombiningPhase.cpp:
739         (JSC::DFG::IntegerCheckCombiningPhase::run):
740
741 2014-02-13  Michael Saboff  <msaboff@apple.com>
742
743         Change FTL stack check to use VM's stackLimit
744         https://bugs.webkit.org/show_bug.cgi?id=128561
745
746         Reviewed by Filip Pizlo.
747
748         Changes FTL function entry to check the call frame register against the FTL
749         specific stack limit (VM::m_ftlStackLimit) and throw an exception if the
750         stack limit has been exceeded.  Updated the exception handling code to have
751         a second entry that will unroll the current frame to the caller, since that
752         is where the exception should be processed.
753
754         * ftl/FTLCompile.cpp:
755         (JSC::FTL::fixFunctionBasedOnStackMaps):
756         * ftl/FTLIntrinsicRepository.h:
757         * ftl/FTLLowerDFGToLLVM.cpp:
758         (JSC::FTL::LowerDFGToLLVM::lower):
759         * ftl/FTLState.h:
760         * runtime/VM.h:
761         (JSC::VM::addressOfFTLStackLimit):
762
763 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
764
765         GetByIdStatus shouldn't call takesSlowPathInDFGForImpureProperty() for self accesses, and calling that method should never assert about anything
766         https://bugs.webkit.org/show_bug.cgi?id=128772
767
768         Reviewed by Mark Hahnenberg.
769
770         * bytecode/GetByIdStatus.cpp:
771         (JSC::GetByIdStatus::computeFromLLInt):
772         (JSC::GetByIdStatus::computeForStubInfo):
773         * runtime/Structure.h:
774         (JSC::Structure::takesSlowPathInDFGForImpureProperty):
775
776 2014-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
777
778         Add some RELEASE_ASSERTs to catch JSLock bugs earlier
779         https://bugs.webkit.org/show_bug.cgi?id=128762
780
781         Reviewed by Mark Lam.
782
783         * interpreter/Interpreter.cpp:
784         (JSC::Interpreter::execute):
785         * runtime/JSLock.cpp:
786         (JSC::JSLock::DropAllLocks::DropAllLocks):
787
788 2014-02-12  Filip Pizlo  <fpizlo@apple.com>
789
790         Hoist and combine array bounds checks
791         https://bugs.webkit.org/show_bug.cgi?id=125433
792
793         Reviewed by Mark Hahnenberg.
794         
795         This adds a phase for reasoning about overflow checks and array bounds checks. It's
796         block-local, and removes both overflow checks and bounds checks in one go.
797         
798         This also improves reasoning about commutative operations, and CSE between
799         CheckOverflow and Unchecked arithmetic.
800         
801         This strangely uncovered a DFG backend bug where we were trying to extract an int32
802         from a constant even when that constant was just simply a number. I fixed that bug.
803
804         * CMakeLists.txt:
805         * GNUmakefile.list.am:
806         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
807         * JavaScriptCore.xcodeproj/project.pbxproj:
808         * dfg/DFGAbstractInterpreterInlines.h:
809         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
810         * dfg/DFGAbstractValue.cpp:
811         (JSC::DFG::AbstractValue::set):
812         * dfg/DFGArgumentsSimplificationPhase.cpp:
813         (JSC::DFG::ArgumentsSimplificationPhase::run):
814         * dfg/DFGArithMode.h:
815         (JSC::DFG::subsumes):
816         * dfg/DFGByteCodeParser.cpp:
817         (JSC::DFG::ByteCodeParser::handleIntrinsic):
818         * dfg/DFGCSEPhase.cpp:
819         (JSC::DFG::CSEPhase::pureCSE):
820         (JSC::DFG::CSEPhase::int32ToDoubleCSE):
821         (JSC::DFG::CSEPhase::performNodeCSE):
822         * dfg/DFGClobberize.h:
823         (JSC::DFG::clobberize):
824         * dfg/DFGEdge.cpp:
825         (JSC::DFG::Edge::dump):
826         * dfg/DFGEdge.h:
827         (JSC::DFG::Edge::sanitized):
828         (JSC::DFG::Edge::hash):
829         * dfg/DFGFixupPhase.cpp:
830         (JSC::DFG::FixupPhase::fixupNode):
831         * dfg/DFGGraph.h:
832         (JSC::DFG::Graph::valueOfInt32Constant):
833         * dfg/DFGInsertionSet.h:
834         (JSC::DFG::InsertionSet::insertConstant):
835         * dfg/DFGIntegerCheckCombiningPhase.cpp: Added.
836         (JSC::DFG::IntegerCheckCombiningPhase::IntegerCheckCombiningPhase):
837         (JSC::DFG::IntegerCheckCombiningPhase::run):
838         (JSC::DFG::IntegerCheckCombiningPhase::handleBlock):
839         (JSC::DFG::IntegerCheckCombiningPhase::rangeKeyAndAddend):
840         (JSC::DFG::IntegerCheckCombiningPhase::isValid):
841         (JSC::DFG::IntegerCheckCombiningPhase::insertAdd):
842         (JSC::DFG::IntegerCheckCombiningPhase::insertMustAdd):
843         (JSC::DFG::performIntegerCheckCombining):
844         * dfg/DFGIntegerCheckCombiningPhase.h: Added.
845         * dfg/DFGNode.h:
846         (JSC::DFG::Node::willHaveCodeGenOrOSR):
847         * dfg/DFGNodeType.h:
848         * dfg/DFGPlan.cpp:
849         (JSC::DFG::Plan::compileInThreadImpl):
850         * dfg/DFGPredictionPropagationPhase.cpp:
851         (JSC::DFG::PredictionPropagationPhase::propagate):
852         * dfg/DFGSafeToExecute.h:
853         (JSC::DFG::safeToExecute):
854         * dfg/DFGSpeculativeJIT.cpp:
855         (JSC::DFG::SpeculativeJIT::compileAdd):
856         * dfg/DFGSpeculativeJIT32_64.cpp:
857         (JSC::DFG::SpeculativeJIT::compile):
858         * dfg/DFGSpeculativeJIT64.cpp:
859         (JSC::DFG::SpeculativeJIT::compile):
860         * dfg/DFGStrengthReductionPhase.cpp:
861         (JSC::DFG::StrengthReductionPhase::handleNode):
862         (JSC::DFG::StrengthReductionPhase::handleCommutativity):
863         * dfg/DFGTypeCheckHoistingPhase.cpp:
864         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
865         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
866         * ftl/FTLCapabilities.cpp:
867         (JSC::FTL::canCompile):
868         * ftl/FTLLowerDFGToLLVM.cpp:
869         (JSC::FTL::LowerDFGToLLVM::compileNode):
870         * jsc.cpp:
871         (GlobalObject::finishCreation):
872         (functionFalse):
873         * runtime/Identifier.h:
874         * runtime/Intrinsic.h:
875         * runtime/JSObject.h:
876         * tests/stress/get-by-id-untyped.js: Added.
877         (foo):
878         * tests/stress/inverted-additive-subsumption.js: Added.
879         (foo):
880         * tests/stress/redundant-add-overflow-checks.js: Added.
881         (foo):
882         * tests/stress/redundant-array-bounds-checks-addition-skip-first.js: Added.
883         (foo):
884         (arraycmp):
885         * tests/stress/redundant-array-bounds-checks-addition.js: Added.
886         (foo):
887         (arraycmp):
888         * tests/stress/redundant-array-bounds-checks-unchecked-addition.js: Added.
889         (foo):
890         (arraycmp):
891         * tests/stress/redundant-array-bounds-checks.js: Added.
892         (foo):
893         (arraycmp):
894         * tests/stress/tricky-array-bounds-checks.js: Added.
895         (foo):
896         (arraycmp):
897
898 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
899
900         FTL should be OK with __compact_unwind in a data section
901         https://bugs.webkit.org/show_bug.cgi?id=128756
902
903         Reviewed by Mark Hahnenberg.
904
905         * ftl/FTLCompile.cpp:
906         (JSC::FTL::mmAllocateCodeSection):
907         (JSC::FTL::mmAllocateDataSection):
908
909 2014-02-13  Michael Saboff  <msaboff@apple.com>
910
911         CStack Branch: VM::currentReturnThunkPC appears to be unused and should be removed
912         https://bugs.webkit.org/show_bug.cgi?id=127205
913
914         Reviewed by Geoffrey Garen.
915
916         Removed ununsed references to VM::currentReturnThunkPC.
917
918         * jit/ThunkGenerators.cpp:
919         (JSC::arityFixup):
920         * runtime/VM.h:
921
922 2014-02-13  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
923
924         Code cleanup: remove gcc<4.7 guards.
925         https://bugs.webkit.org/show_bug.cgi?id=128729
926
927         Reviewed by Anders Carlsson.
928
929         Remove GCC_VERSION_AT_LEAST guards when it checks for pre-4.7 versions,
930         as WK does not compile with earlier gcc versions.
931
932         * assembler/MIPSAssembler.h:
933         (JSC::MIPSAssembler::cacheFlush):
934         * interpreter/StackVisitor.cpp:
935         (JSC::printif):
936
937 2014-02-12  Mark Lam  <mark.lam@apple.com>
938
939         No need to save reservedZoneSize when dropping the JSLock.
940         <https://webkit.org/b/128719>
941
942         Reviewed by Geoffrey Garen.
943
944         The reservedZoneSize does not change due to the VM being run on a different
945         thread. Hence, there is no need to save and restore its value. Instead of
946         calling updateReservedZoneSize() to update the stack limit, we now call
947         setStackPointerAtVMEntry() to do the job. setStackPointerAtVMEntry()
948         will update the stackPointerAtVMEntry and delegate to updateStackLimit() to
949         update the stack limit based on the new stackPointerAtVMEntry.
950
951         * runtime/ErrorHandlingScope.cpp:
952         (JSC::ErrorHandlingScope::ErrorHandlingScope):
953         (JSC::ErrorHandlingScope::~ErrorHandlingScope):
954         - Previously, we initialize stackPointerAtVMEntry in VMEntryScope. This
955           means that the stackPointerAtVMEntry may not be initialize when we
956           instantiate the ErrorHandlingScope. And so, we needed to initialize the
957           stackPointerAtVMEntry in the ErrorHandlingScope constructor if it's not
958           already initialized.
959
960           Now that we initialize the stackPointerAtVMEntry when we lock the VM JSLock,
961           we are guaranteed that it will be initialized by the time we instantiate
962           the ErrorHandlingScope. Hence, we can change the ErrorHandlingScope code
963           to just assert that the stackPointerAtVMEntry is initialized instead.
964
965         * runtime/InitializeThreading.cpp:
966         (JSC::initializeThreading):
967         - We no longer need to save the reservedZoneSize. Remove the related code.
968
969         * runtime/JSLock.cpp:
970         (JSC::JSLock::lock):
971         - When we grab the JSLock mutex for the first time, there is no reason why
972           the stackPointerAtVMEntry should be initialized. By definition, grabbing
973           the lock for the first time equates to entering the VM for the first time.
974           Hence, we can just assert that stackPointerAtVMEntry is uninitialized,
975           and initialize it unconditionally.
976
977           The only exception to this is if we're locking to regrab the JSLock in
978           grabAllLocks(), but grabAllLocks() will take care of restoring the
979           stackPointerAtVMEntry in that case after lock() returns. stackPointerAtVMEntry
980           should still be 0 when we've just locked the JSLock. So, the above assertion
981           always holds true.
982
983           Note: VM::setStackPointerAtVMEntry() will take care of calling
984           VM::updateStackLimit() based on the new stackPointerAtVMEntry.
985
986         - There is no need to save the reservedZoneSize. The reservedZoneSize is
987           set to Options::reservedZoneSize() when the VM is initialized. Thereafter,
988           the ErrorHandlingScope will change it to Options::errorModeReservedZoneSize()
989           when we're handling an error, and it will restore it afterwards. There is
990           no other reason we should be changing the reservedZoneSize. Hence, we can
991           remove the unnecessary code to save it here.
992
993         (JSC::JSLock::unlock):
994         - Similarly, when the lockCount reaches 0 in unlock(), it is synonymous with
995           exiting the VM. Hence, we should just clear the stackPointerAtVMEntry and
996           update the stackLimit. Exiting the VM should have no effect on the VM
997           reservedZoneSize. Hence, we can remove the unnecessary code to "restore" it.
998
999         (JSC::JSLock::dropAllLocks):
1000         - When dropping locks, we do not need to save the reservedZoneSize because
1001           the reservedZoneSize should remain the same regardless of which thread
1002           we are executing JS on. Hence, we can remove the unnecessary code to save
1003           the reservedZoneSize here.
1004
1005         (JSC::JSLock::grabAllLocks):
1006         - When re-grabbing locks, restoring the stackPointerAtVMEntry via
1007           VM::setStackPointerAtVMEntry() will take care of updating the stack limit.
1008           As explained above, there's no need to save the reservedZoneSize. Hence,
1009           there's no need to "restore" it here.
1010
1011         * runtime/VM.cpp:
1012         (JSC::VM::VM):
1013         (JSC::VM::setStackPointerAtVMEntry):
1014         - Sets the stackPointerAtVMEntry and delegates to updateStackLimit() to update
1015           the stack limit based on the new stackPointerAtVMEntry.
1016         (JSC::VM::updateStackLimit):
1017         * runtime/VM.h:
1018         (JSC::VM::stackPointerAtVMEntry):
1019         - Renamed stackPointerAtVMEntry to m_stackPointerAtVMEntry and made it private.
1020           Added a stackPointerAtVMEntry() function to read the value.
1021
1022 2014-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
1023
1024         DelayedReleaseScope in MarkedAllocator::tryAllocateHelper is wrong
1025         https://bugs.webkit.org/show_bug.cgi?id=128641
1026
1027         Reviewed by Michael Saboff.
1028
1029         We were improperly handling the case where the DelayedReleaseScope 
1030         in tryAllocateHelper would cause us to drop the API lock, allowing 
1031         another thread to sneak in and allocate a new block after we had already 
1032         concluded that there were no more blocks to allocate out of.
1033
1034         The fix is to call tryAllocateHelper in a loop until we know for sure 
1035         that this did not happen.
1036
1037         There was also a race condition with the DelayedReleaseScope in addBlock.
1038         We would add the block to the MarkedBlock's list, sweep it, and then return,
1039         causing us to drop the API lock momentarily. Another thread could then 
1040         grab the lock, and allocate out of the new block to the point where the 
1041         free list was empty. Then we would return to the original thread, who thinks 
1042         it's impossible to not allocate successfully at this point. 
1043         Instead we should just let tryAllocate do all the hard work with correctly 
1044         sweeping and getting a valid result.
1045
1046         There was another race condition in didFinishIterating. We would call resumeAllocating,
1047         which would create a DelayedReleaseScope. The DelayedReleaseScope would then release 
1048         API lock before we set m_isIterating back to false, which would potentially confuse 
1049         other threads.
1050
1051         * heap/MarkedAllocator.cpp:
1052         (JSC::MarkedAllocator::tryAllocateHelper):
1053         (JSC::MarkedAllocator::tryPopFreeList):
1054         (JSC::MarkedAllocator::tryAllocate):
1055         (JSC::MarkedAllocator::addBlock):
1056         * heap/MarkedAllocator.h:
1057
1058 2014-02-12  Brian Burg  <bburg@apple.com>
1059
1060         Web Replay: capture and replay nondeterminism of Date.now() and Math.random()
1061         https://bugs.webkit.org/show_bug.cgi?id=128633
1062
1063         Reviewed by Filip Pizlo.
1064
1065         Upstream the only two sources of script-visible nondeterminism in JavaScriptCore.
1066
1067         The random seed for WeakRandom is memoized when the owning JSGlobalObject is
1068         constructed. It is deterministically initialized during replay before any
1069         scripts execute with the global object.
1070
1071         The implementations of `Date.now()` and `new Date()` eventually obtain the
1072         current time from jsCurrentTime(). When capturing, we save return values of
1073         jsCurrentTime() into the recording. When replaying, we use memoized values from
1074         the recording instead of obtaining values from the platform-specific currentTime()
1075         implementation. No other code calls jsCurrentTime().
1076
1077         * DerivedSources.make: Add rules to make JSReplayInputs.h from JSInputs.json.
1078         * JavaScriptCore.xcodeproj/project.pbxproj:
1079         * replay/JSInputs.json: Added. Includes specifications for replay inputs
1080         "GetCurrentTime" and "SetRandomSeed". Tests will be added for both input
1081         cases once sufficient replay machinery has been added.
1082
1083         * replay/NondeterministicInput.h: NondeterministicInput should not have
1084         been marked 'final'.
1085
1086         * runtime/DateConstructor.cpp:
1087         (JSC::deterministicCurrentTime): Added. Load or store the current time depending
1088         on what kind of InputCursor is attached to the JSGlobalObject.
1089
1090         (JSC::constructDate): Use deterministicCurrentTime().
1091         (JSC::dateNow): Use deterministicCurrentTime().
1092         * runtime/JSGlobalObject.cpp:
1093         (JSC::JSGlobalObject::setInputCursor): When setting a non-empty input cursor,
1094         immediately store or load the "SetRandomSeed" input and initialize WeakRandom's
1095         random seed with it. The input cursor (and thus random seed) must be set before
1096         any scripts are evaluated with this JSGlobalObject.
1097
1098         * runtime/WeakRandom.h:
1099         (JSC::WeakRandom::WeakRandom): Add JSGlobalObject as a friend class.
1100         (JSC::WeakRandom::initializeSeed): Extract the seed initialization into a
1101         separate method so it can be called outside of the JSGlobalObject constructor.
1102
1103 2014-02-12  Joseph Pecoraro  <pecoraro@apple.com>
1104
1105         Web Inspector: Cleanup JavaScriptCore/inspector
1106         https://bugs.webkit.org/show_bug.cgi?id=128662
1107
1108         Reviewed by Timothy Hatcher.
1109
1110         Now that the code has settled, do a cleanup pass.
1111
1112         * inspector/ContentSearchUtilities.cpp:
1113         * inspector/InspectorValues.cpp:
1114         (Inspector::InspectorValue::asObject):
1115         (Inspector::InspectorValue::asArray):
1116         (Inspector::InspectorValue::parseJSON):
1117         (Inspector::InspectorObjectBase::getObject):
1118         (Inspector::InspectorObjectBase::getArray):
1119         (Inspector::InspectorObjectBase::get):
1120         * inspector/ScriptCallStackFactory.cpp:
1121         * inspector/ScriptDebugServer.cpp:
1122         * inspector/agents/JSGlobalObjectConsoleAgent.h:
1123
1124 2014-02-12  Ryosuke Niwa  <rniwa@webkit.org>
1125
1126         Windows build fix attempt after r163960.
1127
1128         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1129         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1130
1131 2014-02-12  Michael Saboff  <msaboff@apple.com>
1132
1133         Adjust VM::stackLimit based on the size of the largest FTL stack produced
1134         https://bugs.webkit.org/show_bug.cgi?id=128562
1135
1136         Reviewed by Mark Lam.
1137
1138         Added VM::m_largestFTLStackSize to track the largest stack size of an FTL compiled
1139         function. Added VM::m_ftlStackLimit for FTL functions stack limit.  Renamed
1140         VM::updateStackLimitWithReservedZoneSize to VM::updateReservedZoneSize.  Renamed
1141         VM::setStackLimit to VM::updateStackLimit and changed it to do the updating of the
1142         stack limits, including taking into account m_largestFTLStackSize.
1143
1144         * ftl/FTLJITFinalizer.cpp:
1145         (JSC::FTL::JITFinalizer::finalizeFunction):
1146         * runtime/ErrorHandlingScope.cpp:
1147         (JSC::ErrorHandlingScope::ErrorHandlingScope):
1148         (JSC::ErrorHandlingScope::~ErrorHandlingScope):
1149         * runtime/JSLock.cpp:
1150         (JSC::JSLock::lock):
1151         (JSC::JSLock::unlock):
1152         (JSC::JSLock::grabAllLocks):
1153         * runtime/VM.cpp:
1154         (JSC::VM::VM):
1155         (JSC::VM::updateReservedZoneSize):
1156         (JSC::VM::updateStackLimit):
1157         (JSC::VM::updateFTLLargestStackSize):
1158         * runtime/VM.h:
1159
1160 2014-02-11  Oliver Hunt  <oliver@apple.com>
1161
1162         Make it possible to implement JS builtins in JS
1163         https://bugs.webkit.org/show_bug.cgi?id=127887
1164
1165         Reviewed by Michael Saboff.
1166
1167         This patch makes it possible to write builtin functions in JS.
1168         The bindings, generators, and definitions are all created automatically
1169         based on js files in the builtins/ directory.  This patch includes one
1170         such case: Array.prototype.js with an implementation of every().
1171
1172         There's a lot of refactoring to make it possible for CommonIdentifiers
1173         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
1174         without breaking the offset extractor. The result of this refactoring
1175         is that CommonIdentifiers, and a few other miscellaneous headers now
1176         need to be included directly as they were formerly captured through other
1177         paths.
1178
1179         In addition this adds a flag to the Lookup table's hashentry to indicate
1180         that a static function is actually backed by JS. There is then a lot of
1181         logic to thread the special nature of the functon to where it matters.
1182         This allows toString(), .caller, etc to mimic the behaviour of a host
1183         function.
1184
1185         Notes on writing builtins:
1186          - Each function is compiled independently of the others, and those
1187            implementations cannot currently capture all global properties (as
1188            that could be potentially unsafe). If a function does capture a
1189            global we will deliberately crash.
1190          - For those "global" properties that we do want access to, we use
1191            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
1192            are private names, and behave just like regular properties, only
1193            without the risk of adulteration. Again, in the @Object case, we
1194            explicitly duplicate the ObjectConstructor reference on the GlobalObject
1195            so that we have guaranteed access to the original version of the
1196            constructor.
1197          - call, apply, eval, and Function are all rejected identifiers, again
1198            to prevent anything from accidentally using an adulterated object.
1199            Instead @call and @apply are available, and happily they completely
1200            drop the neq_ptr instruction as they're defined as always being the
1201            original call/apply functions.
1202
1203         These restrictions are just intended to make it harder to accidentally
1204         make changes that are incorrect (for instance calling whatever has been
1205         assigned to global.Object, instead of the original constructor function).
1206         However, making a mistake like this should result in a purely semantic
1207         error as fundamentally these functions are treated as though they were
1208         regular JS code in the host global, and have no more privileges than
1209         any other JS.
1210
1211         The initial proof of concept is Array.prototype.every, this shows a 65%
1212         performance improvement, and that improvement is significantly hurt by
1213         our poor optimisation of op_in.
1214
1215         As this is such a limited function, we have not yet exported all symbols
1216         that we could possibly need, but as we implement more, the likelihood
1217         of encountering missing features will reduce.
1218
1219
1220         * API/JSCallbackObjectFunctions.h:
1221         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
1222         (JSC::JSCallbackObject<Parent>::put):
1223         (JSC::JSCallbackObject<Parent>::deleteProperty):
1224         (JSC::JSCallbackObject<Parent>::getStaticValue):
1225         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
1226         (JSC::JSCallbackObject<Parent>::callbackGetter):
1227         * CMakeLists.txt:
1228         * DerivedSources.make:
1229         * GNUmakefile.am:
1230         * GNUmakefile.list.am:
1231         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1232         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1233         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
1234         * JavaScriptCore.vcxproj/copy-files.cmd:
1235         * JavaScriptCore.xcodeproj/project.pbxproj:
1236         * builtins/Array.prototype.js:
1237         (every):
1238         * builtins/BuiltinExecutables.cpp: Added.
1239         (JSC::BuiltinExecutables::BuiltinExecutables):
1240         (JSC::BuiltinExecutables::createBuiltinExecutable):
1241         * builtins/BuiltinExecutables.h:
1242         (JSC::BuiltinExecutables::create):
1243         * builtins/BuiltinNames.h: Added.
1244         (JSC::BuiltinNames::BuiltinNames):
1245         (JSC::BuiltinNames::getPrivateName):
1246         (JSC::BuiltinNames::getPublicName):
1247         * bytecode/CodeBlock.cpp:
1248         (JSC::CodeBlock::CodeBlock):
1249         * bytecode/UnlinkedCodeBlock.cpp:
1250         (JSC::generateFunctionCodeBlock):
1251         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1252         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1253         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1254         * bytecode/UnlinkedCodeBlock.h:
1255         (JSC::ExecutableInfo::ExecutableInfo):
1256         (JSC::UnlinkedFunctionExecutable::create):
1257         (JSC::UnlinkedFunctionExecutable::toStrictness):
1258         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
1259         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
1260         * bytecompiler/BytecodeGenerator.cpp:
1261         (JSC::BytecodeGenerator::BytecodeGenerator):
1262         * bytecompiler/BytecodeGenerator.h:
1263         (JSC::BytecodeGenerator::isBuiltinFunction):
1264         (JSC::BytecodeGenerator::makeFunction):
1265         * bytecompiler/NodesCodegen.cpp:
1266         (JSC::CallFunctionCallDotNode::emitBytecode):
1267         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1268         * create_hash_table:
1269         * generate-js-builtins: Added.
1270         (getCopyright):
1271         (getFunctions):
1272         (generateCode):
1273         (mangleName):
1274         (FunctionExecutable):
1275         (Identifier):
1276         (JSGlobalObject):
1277         (SourceCode):
1278         (UnlinkedFunctionExecutable):
1279         (VM):
1280         * interpreter/CachedCall.h:
1281         (JSC::CachedCall::CachedCall):
1282         * parser/ASTBuilder.h:
1283         (JSC::ASTBuilder::makeFunctionCallNode):
1284         * parser/Lexer.cpp:
1285         (JSC::Lexer<T>::Lexer):
1286         (JSC::isSafeBuiltinIdentifier):
1287         (JSC::Lexer<LChar>::parseIdentifier):
1288         (JSC::Lexer<UChar>::parseIdentifier):
1289         (JSC::Lexer<T>::lex):
1290         * parser/Lexer.h:
1291         (JSC::isSafeIdentifier):
1292         (JSC::Lexer<T>::lexExpectIdentifier):
1293         * parser/Nodes.cpp:
1294         (JSC::ProgramNode::setClosedVariables):
1295         * parser/Nodes.h:
1296         (JSC::ScopeNode::capturedVariables):
1297         (JSC::ScopeNode::setClosedVariables):
1298         (JSC::ProgramNode::closedVariables):
1299         * parser/Parser.cpp:
1300         (JSC::Parser<LexerType>::Parser):
1301         (JSC::Parser<LexerType>::parseInner):
1302         (JSC::Parser<LexerType>::didFinishParsing):
1303         (JSC::Parser<LexerType>::printUnexpectedTokenText):
1304         * parser/Parser.h:
1305         (JSC::Scope::getUsedVariables):
1306         (JSC::Parser::closedVariables):
1307         (JSC::parse):
1308         * parser/ParserModes.h:
1309         * parser/ParserTokens.h:
1310         * runtime/ArrayPrototype.cpp:
1311         * runtime/CodeCache.cpp:
1312         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1313         * runtime/CommonIdentifiers.cpp:
1314         (JSC::CommonIdentifiers::CommonIdentifiers):
1315         (JSC::CommonIdentifiers::~CommonIdentifiers):
1316         (JSC::CommonIdentifiers::getPrivateName):
1317         (JSC::CommonIdentifiers::getPublicName):
1318         * runtime/CommonIdentifiers.h:
1319         (JSC::CommonIdentifiers::builtinNames):
1320         * runtime/ExceptionHelpers.cpp:
1321         (JSC::createUndefinedVariableError):
1322         * runtime/Executable.h:
1323         (JSC::EvalExecutable::executableInfo):
1324         (JSC::ProgramExecutable::executableInfo):
1325         (JSC::FunctionExecutable::isBuiltinFunction):
1326         * runtime/FunctionPrototype.cpp:
1327         (JSC::functionProtoFuncToString):
1328         * runtime/JSActivation.cpp:
1329         (JSC::JSActivation::symbolTableGet):
1330         (JSC::JSActivation::symbolTablePut):
1331         (JSC::JSActivation::symbolTablePutWithAttributes):
1332         * runtime/JSFunction.cpp:
1333         (JSC::JSFunction::createBuiltinFunction):
1334         (JSC::JSFunction::calculatedDisplayName):
1335         (JSC::JSFunction::sourceCode):
1336         (JSC::JSFunction::isHostOrBuiltinFunction):
1337         (JSC::JSFunction::isBuiltinFunction):
1338         (JSC::JSFunction::callerGetter):
1339         (JSC::JSFunction::getOwnPropertySlot):
1340         (JSC::JSFunction::getOwnNonIndexPropertyNames):
1341         (JSC::JSFunction::put):
1342         (JSC::JSFunction::defineOwnProperty):
1343         * runtime/JSFunction.h:
1344         * runtime/JSFunctionInlines.h:
1345         (JSC::JSFunction::nativeFunction):
1346         (JSC::JSFunction::nativeConstructor):
1347         (JSC::isHostFunction):
1348         * runtime/JSGlobalObject.cpp:
1349         (JSC::JSGlobalObject::reset):
1350         (JSC::JSGlobalObject::visitChildren):
1351         * runtime/JSGlobalObject.h:
1352         (JSC::JSGlobalObject::objectConstructor):
1353         (JSC::JSGlobalObject::symbolTableHasProperty):
1354         * runtime/JSObject.cpp:
1355         (JSC::getClassPropertyNames):
1356         (JSC::JSObject::reifyStaticFunctionsForDelete):
1357         (JSC::JSObject::putDirectBuiltinFunction):
1358         * runtime/JSObject.h:
1359         * runtime/JSSymbolTableObject.cpp:
1360         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
1361         * runtime/JSSymbolTableObject.h:
1362         (JSC::symbolTableGet):
1363         (JSC::symbolTablePut):
1364         (JSC::symbolTablePutWithAttributes):
1365         * runtime/Lookup.cpp:
1366         (JSC::setUpStaticFunctionSlot):
1367         * runtime/Lookup.h:
1368         (JSC::HashEntry::builtinGenerator):
1369         (JSC::HashEntry::propertyGetter):
1370         (JSC::HashEntry::propertyPutter):
1371         (JSC::HashTable::entry):
1372         (JSC::getStaticPropertySlot):
1373         (JSC::getStaticValueSlot):
1374         (JSC::putEntry):
1375         * runtime/NativeErrorConstructor.cpp:
1376         (JSC::NativeErrorConstructor::finishCreation):
1377         * runtime/NativeErrorConstructor.h:
1378         * runtime/PropertySlot.h:
1379         * runtime/VM.cpp:
1380         (JSC::VM::VM):
1381         * runtime/VM.h:
1382         (JSC::VM::builtinExecutables):
1383
1384 2014-02-11  Brent Fulgham  <bfulgham@apple.com>
1385
1386         Remove some unintended copies in ranged for loops
1387         https://bugs.webkit.org/show_bug.cgi?id=128644
1388
1389         Reviewed by Anders Carlsson.
1390
1391         * inspector/InjectedScriptHost.cpp:
1392         (Inspector::InjectedScriptHost::clearAllWrappers): Avoid creating/destroying
1393         a std::pair<> and pointer each loop iteration.
1394         * parser/Parser.cpp:
1395         (JSC::Parser<LexerType>::Parser): Avoid copying object containing a string
1396         each loop iteration.
1397
1398 2014-02-11  Ryosuke Niwa  <rniwa@webkit.org>
1399
1400         Debug build fix after r163946.
1401
1402         * dfg/DFGByteCodeParser.cpp:
1403         (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
1404
1405 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1406
1407         Inserting a node with a codeOrigin "like" another node should copy both the codeOrigin and codeOriginForExitTarget
1408         https://bugs.webkit.org/show_bug.cgi?id=128635
1409
1410         Reviewed by Michael Saboff.
1411         
1412         Originally nodes just had a codeOrigin. But then we started doing code motion, and we
1413         needed to separate the codeOrigin that designated where to exit from the codeOrigin
1414         that designated everything else. The "everything else" is actually pretty important:
1415         it includes profiling, exception handling, and the actual semantics of the node. For
1416         example some nodes use the origin's global object in some way.
1417         
1418         This all sort of worked except for one quirk: the facilities for creating nodes all
1419         assumed that there really was only one origin. LICM would work around this by setting
1420         the codeOriginForExitTarget manually. But, that means that:
1421         
1422         - If we did hoist a node twice, then the second time around, we would forget the node's
1423           original exit target.
1424         
1425         - If we did an insertNode() to insert a node before a hoisted node, the inserted node
1426           would have the wrong exit target.
1427         
1428         Most of the time, if we copy the code origin, we actually want to copy both origins.
1429         So, this patch introduces the notion of a NodeOrigin which has two CodeOrigins: a
1430         forExit code origin that says where to exit, and a semantic code origin for everything
1431         else.
1432         
1433         This also (annoyingly?) means that we are always more explicit about which code origin
1434         we refer to. That means that a lot of "node->codeOrigin" expressions had to change to
1435         "node->origin.semantic". This was partly a ploy on my part to ensure that this
1436         refactoring was complete: to get the code to compile I really had to audit all uses of
1437         CodeOrigin. If, in the future, we find that "node->origin.semantic" is too cumbersome
1438         then we can reintroduce the Node::codeOrigin field. For now I kinda like it though.
1439
1440         * GNUmakefile.list.am:
1441         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1442         * JavaScriptCore.xcodeproj/project.pbxproj:
1443         * dfg/DFGAbstractInterpreterInlines.h:
1444         (JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
1445         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1446         * dfg/DFGArgumentsSimplificationPhase.cpp:
1447         (JSC::DFG::ArgumentsSimplificationPhase::run):
1448         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
1449         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
1450         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
1451         * dfg/DFGArrayMode.cpp:
1452         (JSC::DFG::ArrayMode::originalArrayStructure):
1453         (JSC::DFG::ArrayMode::alreadyChecked):
1454         * dfg/DFGByteCodeParser.cpp:
1455         (JSC::DFG::ByteCodeParser::addToGraph):
1456         * dfg/DFGCFGSimplificationPhase.cpp:
1457         (JSC::DFG::CFGSimplificationPhase::run):
1458         (JSC::DFG::CFGSimplificationPhase::convertToJump):
1459         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
1460         (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
1461         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1462         * dfg/DFGCPSRethreadingPhase.cpp:
1463         (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
1464         (JSC::DFG::CPSRethreadingPhase::addPhi):
1465         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
1466         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
1467         (JSC::DFG::CPSRethreadingPhase::propagatePhis):
1468         * dfg/DFGCSEPhase.cpp:
1469         (JSC::DFG::CSEPhase::setLocalStoreElimination):
1470         * dfg/DFGClobberize.h:
1471         (JSC::DFG::clobberize):
1472         * dfg/DFGCommonData.cpp:
1473         (JSC::DFG::CommonData::notifyCompilingStructureTransition):
1474         * dfg/DFGConstantFoldingPhase.cpp:
1475         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1476         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
1477         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
1478         (JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
1479         * dfg/DFGDCEPhase.cpp:
1480         (JSC::DFG::DCEPhase::fixupBlock):
1481         * dfg/DFGDisassembler.cpp:
1482         (JSC::DFG::Disassembler::createDumpList):
1483         * dfg/DFGFixupPhase.cpp:
1484         (JSC::DFG::FixupPhase::fixupNode):
1485         (JSC::DFG::FixupPhase::createToString):
1486         (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
1487         (JSC::DFG::FixupPhase::convertStringAddUse):
1488         (JSC::DFG::FixupPhase::fixupToPrimitive):
1489         (JSC::DFG::FixupPhase::fixupToString):
1490         (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
1491         (JSC::DFG::FixupPhase::checkArray):
1492         (JSC::DFG::FixupPhase::blessArrayOperation):
1493         (JSC::DFG::FixupPhase::fixEdge):
1494         (JSC::DFG::FixupPhase::insertStoreBarrier):
1495         (JSC::DFG::FixupPhase::fixIntEdge):
1496         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
1497         (JSC::DFG::FixupPhase::truncateConstantToInt32):
1498         (JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
1499         (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength):
1500         (JSC::DFG::FixupPhase::convertToGetArrayLength):
1501         (JSC::DFG::FixupPhase::prependGetArrayLength):
1502         (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
1503         (JSC::DFG::FixupPhase::addPhantomsIfNecessary):
1504         * dfg/DFGGraph.cpp:
1505         (JSC::DFG::Graph::dumpCodeOrigin):
1506         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
1507         (JSC::DFG::Graph::dump):
1508         (JSC::DFG::Graph::dumpBlockHeader):
1509         * dfg/DFGGraph.h:
1510         (JSC::DFG::Graph::hasExitSite):
1511         (JSC::DFG::Graph::valueProfileFor):
1512         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1513         * dfg/DFGInvalidationPointInjectionPhase.cpp:
1514         (JSC::DFG::InvalidationPointInjectionPhase::handle):
1515         (JSC::DFG::InvalidationPointInjectionPhase::insertInvalidationCheck):
1516         * dfg/DFGLICMPhase.cpp:
1517         (JSC::DFG::LICMPhase::attemptHoist):
1518         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1519         (JSC::DFG::createPreHeader):
1520         * dfg/DFGNode.h:
1521         (JSC::DFG::Node::Node):
1522         (JSC::DFG::Node::isStronglyProvedConstantIn):
1523         * dfg/DFGNodeOrigin.h: Added.
1524         (JSC::DFG::NodeOrigin::NodeOrigin):
1525         (JSC::DFG::NodeOrigin::isSet):
1526         * dfg/DFGOSREntrypointCreationPhase.cpp:
1527         (JSC::DFG::OSREntrypointCreationPhase::run):
1528         * dfg/DFGResurrectionForValidationPhase.cpp:
1529         (JSC::DFG::ResurrectionForValidationPhase::run):
1530         * dfg/DFGSSAConversionPhase.cpp:
1531         (JSC::DFG::SSAConversionPhase::run):
1532         * dfg/DFGSSALoweringPhase.cpp:
1533         (JSC::DFG::SSALoweringPhase::handleNode):
1534         (JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
1535         * dfg/DFGSpeculativeJIT.cpp:
1536         (JSC::DFG::SpeculativeJIT::compileIn):
1537         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1538         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1539         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
1540         * dfg/DFGSpeculativeJIT.h:
1541         (JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
1542         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1543         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
1544         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1545         (JSC::DFG::SpeculativeJIT::appendCall):
1546         (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
1547         * dfg/DFGSpeculativeJIT32_64.cpp:
1548         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1549         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1550         (JSC::DFG::SpeculativeJIT::emitCall):
1551         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1552         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1553         (JSC::DFG::SpeculativeJIT::compile):
1554         * dfg/DFGSpeculativeJIT64.cpp:
1555         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1556         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1557         (JSC::DFG::SpeculativeJIT::emitCall):
1558         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1559         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1560         (JSC::DFG::SpeculativeJIT::compile):
1561         * dfg/DFGStrengthReductionPhase.cpp:
1562         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild):
1563         (JSC::DFG::StrengthReductionPhase::prepareToFoldTypedArray):
1564         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1565         (JSC::DFG::TierUpCheckInjectionPhase::run):
1566         * dfg/DFGTypeCheckHoistingPhase.cpp:
1567         (JSC::DFG::TypeCheckHoistingPhase::run):
1568         * dfg/DFGValidate.cpp:
1569         (JSC::DFG::Validate::validateSSA):
1570         * dfg/DFGWatchpointCollectionPhase.cpp:
1571         (JSC::DFG::WatchpointCollectionPhase::handle):
1572         (JSC::DFG::WatchpointCollectionPhase::handleEdge):
1573         (JSC::DFG::WatchpointCollectionPhase::handleMasqueradesAsUndefined):
1574         (JSC::DFG::WatchpointCollectionPhase::globalObject):
1575         * ftl/FTLJSCall.cpp:
1576         (JSC::FTL::JSCall::link):
1577         * ftl/FTLLink.cpp:
1578         (JSC::FTL::link):
1579         * ftl/FTLLowerDFGToLLVM.cpp:
1580         (JSC::FTL::LowerDFGToLLVM::compileNode):
1581         (JSC::FTL::LowerDFGToLLVM::compileToThis):
1582         (JSC::FTL::LowerDFGToLLVM::compilePutById):
1583         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1584         (JSC::FTL::LowerDFGToLLVM::compileNewArray):
1585         (JSC::FTL::LowerDFGToLLVM::compileNewArrayBuffer):
1586         (JSC::FTL::LowerDFGToLLVM::compileNewArrayWithSize):
1587         (JSC::FTL::LowerDFGToLLVM::compileStringCharAt):
1588         (JSC::FTL::LowerDFGToLLVM::compileGetMyScope):
1589         (JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated):
1590         (JSC::FTL::LowerDFGToLLVM::getById):
1591         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1592         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructure):
1593         (JSC::FTL::LowerDFGToLLVM::masqueradesAsUndefinedWatchpointIsStillValid):
1594         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1595
1596 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1597
1598         Fix assertions and incorrect codegen for CompareEq(ObjectOrOther:, Object:)
1599         https://bugs.webkit.org/show_bug.cgi?id=128648
1600
1601         Reviewed by Mark Lam.
1602         
1603         I did CompareEq(Object:, ObjectOrOther:) correctly but the flipped version wrong.
1604         That's what I get for running tests in release mode. It's hard to write a test for
1605         the incorrect codegen; that's kind of why the assertions are there.
1606
1607         * ftl/FTLLowerDFGToLLVM.cpp:
1608         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
1609
1610 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1611
1612         Unreviewed, trivial change to silence FTL assertions
1613
1614         Normally, lowJSValue() should only be used for UntypedUse only. Here we are using it
1615         on ObjectOrOtherUse because we execute the speculation ourselves. The way you're
1616         supposed to do this is by passing ManualOperandSpeculation to tell lowJSValue() not
1617         to assert.
1618
1619         * ftl/FTLLowerDFGToLLVM.cpp:
1620         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1621
1622 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1623
1624         Use LLVM's dead store elimination
1625         https://bugs.webkit.org/show_bug.cgi?id=128638
1626
1627         Reviewed by Mark Hahnenberg.
1628         
1629         DFG's store elimination was being run too soon for comfort on the FTL path. It's
1630         really only sound when run after all other optimizations. Remove it from the FTL
1631         path.
1632         
1633         Enable LLVM store elimination. It's both easier to reason about and more
1634         comprehensive.
1635
1636         * dfg/DFGPlan.cpp:
1637         (JSC::DFG::Plan::compileInThreadImpl):
1638         * ftl/FTLCompile.cpp:
1639         (JSC::FTL::compile):
1640
1641 2014-02-11  Brian Burg  <bburg@apple.com>
1642
1643         Web Replay: upstream replay input code generator and EncodedValue class
1644         https://bugs.webkit.org/show_bug.cgi?id=128215
1645
1646         Reviewed by Joseph Pecoraro.
1647
1648         Add the replay inputs code generator. Most features of the input generator are
1649         exercised by included generator regression tests, which produce useful but
1650         non-compilable test replay inputs.
1651
1652         Add EncodedValue, the main replay input serialization class that encodes and
1653         decodes inputs and their data between C++ types and the JSON-based replay recording
1654         format. EncodedValue uses EncodingTraits specializations for type-specific encoding.
1655         Relative to other WebKit marshalling mechanisms, EncodedValue is key/value based.
1656         EncodedValue uses InspectorValue subclasses as its backing data structure.
1657
1658         Add some missing numerical conversions to InspectorValue.
1659
1660         * JavaScriptCore.xcodeproj/project.pbxproj:
1661         * inspector/InspectorValues.cpp:
1662         (Inspector::InspectorValue::asNumber):
1663         (Inspector::InspectorBasicValue::asNumber):
1664         * inspector/InspectorValues.h:
1665         * replay/EncodedValue.cpp: Added.
1666         (JSC::EncodedValue::asObject):
1667         (JSC::EncodedValue::asArray):
1668         (JSC::ScalarEncodingTraits<bool>::encodeValue):
1669         (JSC::ScalarEncodingTraits<double>::encodeValue):
1670         (JSC::ScalarEncodingTraits<float>::encodeValue):
1671         (JSC::ScalarEncodingTraits<int32_t>::encodeValue):
1672         (JSC::ScalarEncodingTraits<int64_t>::encodeValue):
1673         (JSC::ScalarEncodingTraits<uint32_t>::encodeValue):
1674         (JSC::ScalarEncodingTraits<uint64_t>::encodeValue):
1675         (JSC::long>::encodeValue):
1676         (JSC::EncodedValue::convertTo<bool>):
1677         (JSC::EncodedValue::convertTo<double>):
1678         (JSC::EncodedValue::convertTo<float>):
1679         (JSC::EncodedValue::convertTo<int32_t>):
1680         (JSC::EncodedValue::convertTo<int64_t>):
1681         (JSC::EncodedValue::convertTo<uint32_t>):
1682         (JSC::EncodedValue::convertTo<uint64_t>):
1683         (JSC::long>):
1684         (JSC::EncodedValue::convertTo<String>):
1685         (JSC::EncodedValue::put<EncodedValue>):
1686         (JSC::EncodedValue::append<EncodedValue>):
1687         (JSC::EncodedValue::get<EncodedValue>):
1688         * replay/EncodedValue.h: Added.
1689         (JSC::EncodedValue::EncodedValue):
1690         (JSC::EncodedValue::createObject):
1691         (JSC::EncodedValue::createArray):
1692         (JSC::EncodedValue::createString):
1693         (JSC::EncodedValue::~EncodedValue):
1694         (JSC::ScalarEncodingTraits::decodeValue):
1695         (JSC::EncodingTraits<String>::encodeValue):
1696         (JSC::EncodedValue::put):
1697         (JSC::EncodedValue::append):
1698         (JSC::EncodedValue::get):
1699         * replay/scripts/CodeGeneratorReplayInputs.py: Added.
1700         (ParseException):
1701         (TypecheckException):
1702         (Framework):
1703         (Framework.__init__):
1704         (Framework.setting):
1705         (Framework.fromString):
1706         (Frameworks):
1707         (InputQueue):
1708         (InputQueue.__init__):
1709         (InputQueue.setting):
1710         (InputQueue.fromString):
1711         (InputQueues):
1712         (Input):
1713         (Input.__init__):
1714         (Input.setting):
1715         (InputMember):
1716         (InputMember.__init__):
1717         (InputMember.has_flag):
1718         (TypeMode):
1719         (TypeMode.__init__):
1720         (TypeMode.fromString):
1721         (TypeModes):
1722         (Type):
1723         (Type.__init__):
1724         (Type.__eq__):
1725         (Type.__hash__):
1726         (Type.has_flag):
1727         (Type.is_struct):
1728         (Type.is_enum):
1729         (Type.is_enum_class):
1730         (Type.declaration_kind):
1731         (Type.qualified_prefix):
1732         (Type.qualified_prefix.is):
1733         (Type.type_name):
1734         (Type.storage_type):
1735         (Type.borrow_type):
1736         (Type.argument_type):
1737         (check_properties):
1738         (VectorType):
1739         (VectorType.__init__):
1740         (VectorType.has_flag):
1741         (VectorType.is_struct):
1742         (VectorType.is_enum):
1743         (VectorType.is_enum_class):
1744         (VectorType.qualified_prefix):
1745         (VectorType.type_name):
1746         (VectorType.argument_type):
1747         (InputsModel):
1748         (InputsModel.__init__):
1749         (InputsModel.enum_types):
1750         (InputsModel.get_type_for_member):
1751         (InputsModel.parse_toplevel):
1752         (InputsModel.parse_type_with_framework_name):
1753         (InputsModel.parse_input):
1754         (InputsModel.typecheck):
1755         (InputsModel.typecheck_type):
1756         (InputsModel.typecheck_input):
1757         (InputsModel.typecheck_input_member):
1758         (IncrementalFileWriter):
1759         (IncrementalFileWriter.__init__):
1760         (IncrementalFileWriter.write):
1761         (IncrementalFileWriter.close):
1762         (lcfirst):
1763         (wrap_with_guard):
1764         (Generator):
1765         (Generator.__init__):
1766         (Generator.setting):
1767         (Generator.output_filename):
1768         (Generator.write_output_files):
1769         (Generator.generate_header):
1770         (Generator.generate_implementation):
1771         (Generator.generate_license):
1772         (Generator.generate_includes):
1773         (Generator.generate_includes.declaration):
1774         (Generator.generate_includes.declaration.is):
1775         (Generator.generate_type_forward_declarations):
1776         (Generator.generate_type_forward_declarations.is):
1777         (Generator.generate_class_declaration):
1778         (Generator.generate_input_constructor_declaration):
1779         (Generator.generate_input_destructor_declaration):
1780         (Generator.generate_input_member_getter):
1781         (Generator.generate_input_member_declaration):
1782         (Generator.generate_input_member_tuples):
1783         (Generator.qualified_input_name):
1784         (Generator.generate_input_trait_declaration):
1785         (Generator.generate_enum_trait_declaration):
1786         (Generator.generate_for_each_macro):
1787         (Generator.generate_class_implementation):
1788         (Generator.generate_enum_trait_implementation):
1789         (Generator.generate_enum_trait_implementation.is):
1790         (Generator.generate_input_trait_implementation):
1791         (Generator.generate_input_encode_implementation):
1792         (Generator.generate_input_decode_implementation):
1793         (Generator.generate_constructor_initializer_list):
1794         (Generator.generate_constructor_formals_list):
1795         (Generator.generate_member_borrow_expression):
1796         (Generator.generate_member_move_expression):
1797         (Generator.generate_constructor_arguments_list):
1798         (generate_from_specification):
1799         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Added.
1800         (Templates):
1801         * replay/scripts/tests/expected/JSInputs.json-TestReplayInputs.cpp: Added.
1802         * replay/scripts/tests/expected/JSInputs.json-TestReplayInputs.h: Added.
1803         * replay/scripts/tests/expected/fail-on-c-style-enum-no-storage.json-error: Added.
1804         * replay/scripts/tests/expected/fail-on-duplicate-input-names.json-error: Added.
1805         * replay/scripts/tests/expected/fail-on-duplicate-type-names.json-error: Added.
1806         * replay/scripts/tests/expected/fail-on-enum-type-missing-values.json-error: Added.
1807         * replay/scripts/tests/expected/fail-on-missing-input-member-name.json-error: Added.
1808         * replay/scripts/tests/expected/fail-on-missing-input-name.json-error: Added.
1809         * replay/scripts/tests/expected/fail-on-missing-input-queue.json-error: Added.
1810         * replay/scripts/tests/expected/fail-on-missing-type-mode.json-error: Added.
1811         * replay/scripts/tests/expected/fail-on-missing-type-name.json-error: Added.
1812         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Added.
1813         * replay/scripts/tests/expected/fail-on-no-types.json-error: Added.
1814         * replay/scripts/tests/expected/fail-on-unknown-input-queue.json-error: Added.
1815         * replay/scripts/tests/expected/fail-on-unknown-member-type.json-error: Added.
1816         * replay/scripts/tests/expected/fail-on-unknown-type-mode.json-error: Added.
1817         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp: Added.
1818         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h: Added.
1819         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp: Added.
1820         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h: Added.
1821         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-error: Added.
1822         * replay/scripts/tests/expected/generate-event-loop-shape-types.json-error: Added.
1823         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.cpp: Added.
1824         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h: Added.
1825         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.cpp: Added.
1826         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h: Added.
1827         * replay/scripts/tests/expected/generate-inputs-with-flags.json-error: Added.
1828         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.cpp: Added.
1829         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h: Added.
1830         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json: Added.
1831         * replay/scripts/tests/fail-on-duplicate-input-names.json: Added.
1832         * replay/scripts/tests/fail-on-duplicate-type-names.json: Added.
1833         * replay/scripts/tests/fail-on-enum-type-missing-values.json: Added.
1834         * replay/scripts/tests/fail-on-missing-input-member-name.json: Added.
1835         * replay/scripts/tests/fail-on-missing-input-name.json: Added.
1836         * replay/scripts/tests/fail-on-missing-input-queue.json: Added.
1837         * replay/scripts/tests/fail-on-missing-type-mode.json: Added.
1838         * replay/scripts/tests/fail-on-missing-type-name.json: Added.
1839         * replay/scripts/tests/fail-on-no-inputs.json: Added.
1840         * replay/scripts/tests/fail-on-no-types.json: Added.
1841         * replay/scripts/tests/fail-on-unknown-input-queue.json: Added.
1842         * replay/scripts/tests/fail-on-unknown-member-type.json: Added.
1843         * replay/scripts/tests/fail-on-unknown-type-mode.json: Added.
1844         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json: Added.
1845         * replay/scripts/tests/generate-enum-encoding-helpers.json: Added.
1846         * replay/scripts/tests/generate-event-loop-shape-types.json: Added.
1847         * replay/scripts/tests/generate-input-with-guard.json: Added.
1848         * replay/scripts/tests/generate-input-with-vector-members.json: Added.
1849         * replay/scripts/tests/generate-inputs-with-flags.json: Added.
1850         * replay/scripts/tests/generate-memoized-type-modes.json: Added.
1851
1852 2014-02-11  Joseph Pecoraro  <pecoraro@apple.com>
1853
1854         Add Availability Macros to new JSC APIs
1855         https://bugs.webkit.org/show_bug.cgi?id=128615
1856
1857         Reviewed by Mark Rowe.
1858
1859         * API/JSContext.h:
1860         * API/JSContextRef.h:
1861
1862 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1863
1864         FTL should support CompareEq(ObjectOrOther:, Object:)
1865         https://bugs.webkit.org/show_bug.cgi?id=127752
1866
1867         Reviewed by Oliver Hunt.
1868         
1869         Also introduce some helpers for reasoning about nullness and truthyness.
1870
1871         * ftl/FTLCapabilities.cpp:
1872         (JSC::FTL::canCompile):
1873         * ftl/FTLLowerDFGToLLVM.cpp:
1874         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
1875         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1876         (JSC::FTL::LowerDFGToLLVM::speculateTruthyObject):
1877         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1878         (JSC::FTL::LowerDFGToLLVM::isNotNully):
1879         (JSC::FTL::LowerDFGToLLVM::isNully):
1880         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
1881         * tests/stress/compare-eq-object-or-other-to-object.js: Added.
1882         (foo):
1883         (test):
1884         * tests/stress/compare-eq-object-to-object-or-other.js: Added.
1885         (foo):
1886         (test):
1887
1888 2014-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1889
1890         32-bit LLInt writeBarrierOnGlobalObject is wrong
1891         https://bugs.webkit.org/show_bug.cgi?id=128556
1892
1893         Reviewed by Geoffrey Garen.
1894
1895         * llint/LowLevelInterpreter32_64.asm:
1896         * llint/LowLevelInterpreter64.asm: Also fixed the value check on 64-bit.
1897
1898 2014-02-11  Gabor Rapcsanyi  <rgabor@webkit.org>
1899
1900         LLInt typo error after r139004.
1901         https://bugs.webkit.org/show_bug.cgi?id=128592
1902
1903         Reviewed by Michael Saboff.
1904
1905         * offlineasm/arm.rb: change immediate to register in the condition
1906
1907 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
1908
1909         LICM should gracefully handle unprofiled code
1910         https://bugs.webkit.org/show_bug.cgi?id=127848
1911
1912         Reviewed by Mark Hahnenberg.
1913
1914         * dfg/DFGLICMPhase.cpp:
1915         (JSC::DFG::LICMPhase::run):
1916
1917 2014-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1918
1919         Obj-C API: JSExport doesn't work for methods that contain protocols in their type signature
1920         https://bugs.webkit.org/show_bug.cgi?id=128540
1921
1922         Reviewed by Oliver Hunt.
1923
1924         The bug is in parseObjCType in ObjcRuntimeExtras.h. When we see an '@' in the 
1925         type signature of a method, we assume that what follows the '@' is a class name, 
1926         so we call objc_getClass, and if that returns nil then we give up on the method 
1927         and don't export it.
1928
1929         This assumption doesn't work in the case of id<Protocol> because it's the name 
1930         of the protocol that follows the '@', not the name of a class. We should have 
1931         another fallback case for protocol names.
1932
1933         There's another case that also doesn't work, and that's the case of a named class 
1934         with a specified prototype in a method signature (e.g. NSObject<MyProtocol>). 
1935         There the substring of the type signature that represents the class is "NSObject<MyProtocol>", 
1936         which will also cause objc_getClass to return nil.
1937
1938         * API/ObjcRuntimeExtras.h:
1939         (parseObjCType):
1940         * API/tests/DateTests.mm: Also fixed an issue I noticed where we don't use an autorelease pool
1941         for the DateTests.
1942         * API/tests/JSExportTests.h: Added.
1943         * API/tests/JSExportTests.mm: Added.
1944         (-[TruthTeller returnTrue]):
1945         (-[ExportMethodWithIdProtocol methodWithIdProtocol:]):
1946         (-[ExportMethodWithClassProtocol methodWithClassProtocol:]):
1947         (+[JSExportTests exportInstanceMethodWithIdProtocolTest]):
1948         (+[JSExportTests exportInstanceMethodWithClassProtocolTest]):
1949         (runJSExportTests):
1950         * API/tests/testapi.mm:
1951         * JavaScriptCore.xcodeproj/project.pbxproj:
1952
1953 2014-02-10  Michael Saboff  <msaboff@apple.com>
1954
1955         Re-enable ARM Thumb2 disassembler
1956         https://bugs.webkit.org/show_bug.cgi?id=128577
1957
1958         Reviewed by Filip Pizlo.
1959
1960         Changed signature of tryToDisassemble() to match updates.
1961         Fixed typo in disassembler.
1962
1963         * disassembler/ARMv7/ARMv7DOpcode.cpp:
1964         * disassembler/ARMv7Disassembler.cpp:
1965         (JSC::tryToDisassemble):
1966
1967 2014-02-10  Mark Lam  <mark.lam@apple.com>
1968
1969         Removing limitation on JSLock's lockDropDepth.
1970         <https://webkit.org/b/128570>
1971
1972         Reviewed by Geoffrey Garen.
1973
1974         Now that we've switched to using the C stack, we no longer need to limit
1975         the JSLock::lockDropDepth to 2.
1976
1977         For C loop builds which still use the separate JSStack, the JSLock will
1978         enforce ordering for re-grabbing the lock after dropping it. Re-grabbing
1979         must occur in the reverse order of the dropping of the locks.
1980
1981         Ordering is achieved by JSLock::dropAllLocks() stashing away the
1982         JSLock:: m_lockDropDepth in its DropAllLocks instance's m_dropDepth
1983         before unlocking the lock. Subsequently, JSLock::grabAllLocks() will
1984         ensure that JSLocks::m_lockDropDepth equals its DropAllLocks instance's
1985         m_dropDepth before allowing the lock to be re-grabbed. Otherwise, it
1986         will yield execution and retry again later.
1987
1988         Note: because JSLocks::m_lockDropDepth is protected by the JSLock's
1989         mutex, grabAllLocks() will optimistically lock the JSLock before doing
1990         the check on m_lockDropDepth. If the check fails, it will unlock the
1991         JSLock, yield, and then relock it again later before retrying the check.
1992         This ensures that m_lockDropDepth remains under the protection of the
1993         JSLock's mutex.
1994
1995         * runtime/JSLock.cpp:
1996         (JSC::JSLock::dropAllLocks):
1997         (JSC::JSLock::grabAllLocks):
1998         (JSC::JSLock::DropAllLocks::DropAllLocks):
1999         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2000         * runtime/JSLock.h:
2001         (JSC::JSLock::DropAllLocks::setDropDepth):
2002         (JSC::JSLock::DropAllLocks::dropDepth):
2003
2004 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2005
2006         FTL should support ToThis
2007         https://bugs.webkit.org/show_bug.cgi?id=127751
2008
2009         Reviewed by Oliver Hunt.
2010
2011         * ftl/FTLCapabilities.cpp:
2012         (JSC::FTL::canCompile):
2013         * ftl/FTLIntrinsicRepository.h:
2014         * ftl/FTLLowerDFGToLLVM.cpp:
2015         (JSC::FTL::LowerDFGToLLVM::compileNode):
2016         (JSC::FTL::LowerDFGToLLVM::compileToThis):
2017         * tests/stress/to-this-polymorphic.js: Added.
2018         (foo):
2019
2020 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2021
2022         Rename Operations.h to JSCInlines.h
2023         https://bugs.webkit.org/show_bug.cgi?id=128543
2024
2025         Rubber stamped by Geoffrey Garen.
2026         
2027         Well, what this actually does is it splits Operations.h into a real Operations.h that
2028         actually contains "operations", and JSCInlines.h, which serves the role of being an
2029         inlines umbrella.
2030         
2031         * API/JSBase.cpp:
2032         * API/JSCTestRunnerUtils.cpp:
2033         * API/JSCallbackConstructor.cpp:
2034         * API/JSCallbackFunction.cpp:
2035         * API/JSCallbackObject.cpp:
2036         * API/JSClassRef.cpp:
2037         * API/JSContext.mm:
2038         * API/JSContextRef.cpp:
2039         * API/JSManagedValue.mm:
2040         * API/JSObjectRef.cpp:
2041         * API/JSScriptRef.cpp:
2042         * API/JSValue.mm:
2043         * API/JSValueRef.cpp:
2044         * API/JSWeakObjectMapRefPrivate.cpp:
2045         * API/JSWrapperMap.mm:
2046         * GNUmakefile.list.am:
2047         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2048         * JavaScriptCore.xcodeproj/project.pbxproj:
2049         * assembler/LinkBuffer.cpp:
2050         * bindings/ScriptFunctionCall.cpp:
2051         * bindings/ScriptObject.cpp:
2052         * bytecode/ArrayAllocationProfile.cpp:
2053         * bytecode/ArrayProfile.cpp:
2054         * bytecode/BytecodeBasicBlock.cpp:
2055         * bytecode/CallLinkInfo.cpp:
2056         * bytecode/CallLinkStatus.cpp:
2057         * bytecode/CodeBlock.cpp:
2058         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2059         * bytecode/CodeOrigin.cpp:
2060         * bytecode/ExecutionCounter.cpp:
2061         * bytecode/GetByIdStatus.cpp:
2062         * bytecode/LazyOperandValueProfile.cpp:
2063         * bytecode/MethodOfGettingAValueProfile.cpp:
2064         * bytecode/PreciseJumpTargets.cpp:
2065         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
2066         * bytecode/PutByIdStatus.cpp:
2067         * bytecode/SamplingTool.cpp:
2068         * bytecode/SpecialPointer.cpp:
2069         * bytecode/SpeculatedType.cpp:
2070         * bytecode/StructureStubClearingWatchpoint.cpp:
2071         * bytecode/UnlinkedCodeBlock.cpp:
2072         * bytecode/ValueRecovery.cpp:
2073         * bytecompiler/BytecodeGenerator.cpp:
2074         * bytecompiler/NodesCodegen.cpp:
2075         * debugger/Debugger.cpp:
2076         * debugger/DebuggerActivation.cpp:
2077         * debugger/DebuggerCallFrame.cpp:
2078         * dfg/DFGAbstractHeap.cpp:
2079         * dfg/DFGAbstractValue.cpp:
2080         * dfg/DFGArgumentsSimplificationPhase.cpp:
2081         * dfg/DFGArithMode.cpp:
2082         * dfg/DFGArrayMode.cpp:
2083         * dfg/DFGAtTailAbstractState.cpp:
2084         * dfg/DFGAvailability.cpp:
2085         * dfg/DFGBackwardsPropagationPhase.cpp:
2086         * dfg/DFGBasicBlock.cpp:
2087         * dfg/DFGBinarySwitch.cpp:
2088         * dfg/DFGBlockInsertionSet.cpp:
2089         * dfg/DFGByteCodeParser.cpp:
2090         * dfg/DFGCFAPhase.cpp:
2091         * dfg/DFGCFGSimplificationPhase.cpp:
2092         * dfg/DFGCPSRethreadingPhase.cpp:
2093         * dfg/DFGCSEPhase.cpp:
2094         * dfg/DFGCapabilities.cpp:
2095         * dfg/DFGClobberSet.cpp:
2096         * dfg/DFGClobberize.cpp:
2097         * dfg/DFGCommon.cpp:
2098         * dfg/DFGCommonData.cpp:
2099         * dfg/DFGCompilationKey.cpp:
2100         * dfg/DFGCompilationMode.cpp:
2101         * dfg/DFGConstantFoldingPhase.cpp:
2102         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2103         * dfg/DFGDCEPhase.cpp:
2104         * dfg/DFGDesiredIdentifiers.cpp:
2105         * dfg/DFGDesiredStructureChains.cpp:
2106         * dfg/DFGDesiredTransitions.cpp:
2107         * dfg/DFGDesiredWatchpoints.cpp:
2108         * dfg/DFGDesiredWeakReferences.cpp:
2109         * dfg/DFGDesiredWriteBarriers.cpp:
2110         * dfg/DFGDisassembler.cpp:
2111         * dfg/DFGDominators.cpp:
2112         * dfg/DFGDriver.cpp:
2113         * dfg/DFGEdge.cpp:
2114         * dfg/DFGFailedFinalizer.cpp:
2115         * dfg/DFGFinalizer.cpp:
2116         * dfg/DFGFixupPhase.cpp:
2117         * dfg/DFGFlushFormat.cpp:
2118         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2119         * dfg/DFGFlushedAt.cpp:
2120         * dfg/DFGGraph.cpp:
2121         * dfg/DFGGraphSafepoint.cpp:
2122         * dfg/DFGInPlaceAbstractState.cpp:
2123         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2124         * dfg/DFGJITCode.cpp:
2125         * dfg/DFGJITCompiler.cpp:
2126         * dfg/DFGJITFinalizer.cpp:
2127         * dfg/DFGJumpReplacement.cpp:
2128         * dfg/DFGLICMPhase.cpp:
2129         * dfg/DFGLazyJSValue.cpp:
2130         * dfg/DFGLivenessAnalysisPhase.cpp:
2131         * dfg/DFGLongLivedState.cpp:
2132         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2133         * dfg/DFGMinifiedNode.cpp:
2134         * dfg/DFGNaturalLoops.cpp:
2135         * dfg/DFGNode.cpp:
2136         * dfg/DFGNodeFlags.cpp:
2137         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2138         * dfg/DFGOSREntry.cpp:
2139         * dfg/DFGOSREntrypointCreationPhase.cpp:
2140         * dfg/DFGOSRExit.cpp:
2141         * dfg/DFGOSRExitBase.cpp:
2142         * dfg/DFGOSRExitCompiler.cpp:
2143         * dfg/DFGOSRExitCompiler32_64.cpp:
2144         * dfg/DFGOSRExitCompiler64.cpp:
2145         * dfg/DFGOSRExitCompilerCommon.cpp:
2146         * dfg/DFGOSRExitJumpPlaceholder.cpp:
2147         * dfg/DFGOSRExitPreparation.cpp:
2148         * dfg/DFGOperations.cpp:
2149         * dfg/DFGPhase.cpp:
2150         * dfg/DFGPlan.cpp:
2151         * dfg/DFGPredictionInjectionPhase.cpp:
2152         * dfg/DFGPredictionPropagationPhase.cpp:
2153         * dfg/DFGResurrectionForValidationPhase.cpp:
2154         * dfg/DFGSSAConversionPhase.cpp:
2155         * dfg/DFGSSALoweringPhase.cpp:
2156         * dfg/DFGSafepoint.cpp:
2157         * dfg/DFGSpeculativeJIT.cpp:
2158         * dfg/DFGSpeculativeJIT32_64.cpp:
2159         * dfg/DFGSpeculativeJIT64.cpp:
2160         * dfg/DFGStackLayoutPhase.cpp:
2161         * dfg/DFGStoreBarrierElisionPhase.cpp:
2162         * dfg/DFGStrengthReductionPhase.cpp:
2163         * dfg/DFGThreadData.cpp:
2164         * dfg/DFGThunks.cpp:
2165         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2166         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
2167         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
2168         * dfg/DFGTypeCheckHoistingPhase.cpp:
2169         * dfg/DFGUnificationPhase.cpp:
2170         * dfg/DFGUseKind.cpp:
2171         * dfg/DFGValidate.cpp:
2172         * dfg/DFGValueSource.cpp:
2173         * dfg/DFGVariableAccessDataDump.cpp:
2174         * dfg/DFGVariableEvent.cpp:
2175         * dfg/DFGVariableEventStream.cpp:
2176         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2177         * dfg/DFGWatchpointCollectionPhase.cpp:
2178         * dfg/DFGWorklist.cpp:
2179         * ftl/FTLAbstractHeap.cpp:
2180         * ftl/FTLAbstractHeapRepository.cpp:
2181         * ftl/FTLExitValue.cpp:
2182         * ftl/FTLLink.cpp:
2183         * ftl/FTLLowerDFGToLLVM.cpp:
2184         * ftl/FTLOSREntry.cpp:
2185         * ftl/FTLOSRExit.cpp:
2186         * ftl/FTLOSRExitCompiler.cpp:
2187         * ftl/FTLSlowPathCall.cpp:
2188         * heap/BlockAllocator.cpp:
2189         * heap/CodeBlockSet.cpp:
2190         * heap/ConservativeRoots.cpp:
2191         * heap/CopiedSpace.cpp:
2192         * heap/CopyVisitor.cpp:
2193         * heap/DeferGC.cpp:
2194         * heap/GCThread.cpp:
2195         * heap/GCThreadSharedData.cpp:
2196         * heap/HandleSet.cpp:
2197         * heap/HandleStack.cpp:
2198         * heap/Heap.cpp:
2199         * heap/HeapStatistics.cpp:
2200         * heap/HeapTimer.cpp:
2201         * heap/IncrementalSweeper.cpp:
2202         * heap/JITStubRoutineSet.cpp:
2203         * heap/MachineStackMarker.cpp:
2204         * heap/MarkStack.cpp:
2205         * heap/MarkedAllocator.cpp:
2206         * heap/MarkedBlock.cpp:
2207         * heap/MarkedSpace.cpp:
2208         * heap/SlotVisitor.cpp:
2209         * heap/SuperRegion.cpp:
2210         * heap/Weak.cpp:
2211         * heap/WeakBlock.cpp:
2212         * heap/WeakHandleOwner.cpp:
2213         * heap/WeakSet.cpp:
2214         * heap/WriteBarrierBuffer.cpp:
2215         * heap/WriteBarrierSupport.cpp:
2216         * inspector/InjectedScript.cpp:
2217         * inspector/InjectedScriptBase.cpp:
2218         * inspector/JSGlobalObjectScriptDebugServer.cpp:
2219         * inspector/JSInjectedScriptHost.cpp:
2220         * inspector/ScriptArguments.cpp:
2221         * inspector/ScriptCallStackFactory.cpp:
2222         * interpreter/AbstractPC.cpp:
2223         * interpreter/CallFrame.cpp:
2224         * interpreter/Interpreter.cpp:
2225         * interpreter/JSStack.cpp:
2226         * interpreter/ProtoCallFrame.cpp:
2227         * interpreter/StackVisitor.cpp:
2228         * interpreter/VMInspector.cpp:
2229         * jit/ArityCheckFailReturnThunks.cpp:
2230         * jit/AssemblyHelpers.cpp:
2231         * jit/ClosureCallStubRoutine.cpp:
2232         * jit/ExecutableAllocator.cpp:
2233         * jit/ExecutableAllocatorFixedVMPool.cpp:
2234         * jit/GCAwareJITStubRoutine.cpp:
2235         * jit/HostCallReturnValue.cpp:
2236         * jit/JIT.cpp:
2237         * jit/JITArithmetic.cpp:
2238         * jit/JITArithmetic32_64.cpp:
2239         * jit/JITCall.cpp:
2240         * jit/JITCall32_64.cpp:
2241         * jit/JITCode.cpp:
2242         * jit/JITDisassembler.cpp:
2243         * jit/JITExceptions.cpp:
2244         * jit/JITInlineCacheGenerator.cpp:
2245         * jit/JITInlines.h:
2246         * jit/JITOperations.cpp:
2247         * jit/JITOperationsMSVC64.cpp:
2248         * jit/JITStubRoutine.cpp:
2249         * jit/JITStubs.cpp:
2250         * jit/JITThunks.cpp:
2251         * jit/JITToDFGDeferredCompilationCallback.cpp:
2252         * jit/RegisterPreservationWrapperGenerator.cpp:
2253         * jit/RegisterSet.cpp:
2254         * jit/Repatch.cpp:
2255         * jit/TempRegisterSet.cpp:
2256         * jit/ThunkGenerators.cpp:
2257         * jsc.cpp:
2258         * llint/LLIntExceptions.cpp:
2259         * llint/LLIntSlowPaths.cpp:
2260         * llint/LowLevelInterpreter.cpp:
2261         * parser/Lexer.cpp:
2262         * parser/Nodes.cpp:
2263         * parser/Parser.cpp:
2264         * parser/ParserArena.cpp:
2265         * parser/SourceCode.cpp:
2266         * parser/SourceProvider.cpp:
2267         * parser/SourceProviderCache.cpp:
2268         * profiler/LegacyProfiler.cpp:
2269         * profiler/ProfileGenerator.cpp:
2270         * profiler/ProfilerBytecode.cpp:
2271         * profiler/ProfilerBytecodeSequence.cpp:
2272         * profiler/ProfilerBytecodes.cpp:
2273         * profiler/ProfilerCompilation.cpp:
2274         * profiler/ProfilerCompiledBytecode.cpp:
2275         * profiler/ProfilerDatabase.cpp:
2276         * profiler/ProfilerOSRExit.cpp:
2277         * profiler/ProfilerOSRExitSite.cpp:
2278         * profiler/ProfilerOrigin.cpp:
2279         * profiler/ProfilerOriginStack.cpp:
2280         * profiler/ProfilerProfiledBytecodes.cpp:
2281         * runtime/ArgList.cpp:
2282         * runtime/Arguments.cpp:
2283         * runtime/ArgumentsIteratorPrototype.cpp:
2284         * runtime/ArrayBuffer.cpp:
2285         * runtime/ArrayBufferNeuteringWatchpoint.cpp:
2286         * runtime/ArrayConstructor.cpp:
2287         * runtime/ArrayPrototype.cpp:
2288         * runtime/BooleanConstructor.cpp:
2289         * runtime/BooleanObject.cpp:
2290         * runtime/BooleanPrototype.cpp:
2291         * runtime/CallData.cpp:
2292         * runtime/CodeCache.cpp:
2293         * runtime/CommonSlowPaths.cpp:
2294         * runtime/CommonSlowPathsExceptions.cpp:
2295         * runtime/Completion.cpp:
2296         * runtime/ConstructData.cpp:
2297         * runtime/DateConstructor.cpp:
2298         * runtime/DateInstance.cpp:
2299         * runtime/DatePrototype.cpp:
2300         * runtime/Error.cpp:
2301         * runtime/ErrorConstructor.cpp:
2302         * runtime/ErrorInstance.cpp:
2303         * runtime/ErrorPrototype.cpp:
2304         * runtime/ExceptionHelpers.cpp:
2305         * runtime/Executable.cpp:
2306         * runtime/FunctionConstructor.cpp:
2307         * runtime/FunctionPrototype.cpp:
2308         * runtime/GetterSetter.cpp:
2309         * runtime/Identifier.cpp:
2310         * runtime/IntendedStructureChain.cpp:
2311         * runtime/InternalFunction.cpp:
2312         * runtime/JSActivation.cpp:
2313         * runtime/JSArgumentsIterator.cpp:
2314         * runtime/JSArray.cpp:
2315         * runtime/JSArrayBuffer.cpp:
2316         * runtime/JSArrayBufferConstructor.cpp:
2317         * runtime/JSArrayBufferPrototype.cpp:
2318         * runtime/JSArrayBufferView.cpp:
2319         * runtime/JSBoundFunction.cpp:
2320         * runtime/JSCInlines.h: Copied from Source/JavaScriptCore/runtime/Operations.h.
2321         * runtime/JSCell.cpp:
2322         * runtime/JSDataView.cpp:
2323         * runtime/JSDataViewPrototype.cpp:
2324         * runtime/JSDateMath.cpp:
2325         * runtime/JSFunction.cpp:
2326         * runtime/JSGlobalObject.cpp:
2327         * runtime/JSGlobalObjectFunctions.cpp:
2328         * runtime/JSLock.cpp:
2329         * runtime/JSNameScope.cpp:
2330         * runtime/JSNotAnObject.cpp:
2331         * runtime/JSONObject.cpp:
2332         * runtime/JSObject.cpp:
2333         * runtime/JSPropertyNameIterator.cpp:
2334         * runtime/JSPropertyNameIterator.h:
2335         * runtime/JSProxy.cpp:
2336         * runtime/JSScope.cpp:
2337         * runtime/JSSegmentedVariableObject.cpp:
2338         * runtime/JSString.cpp:
2339         * runtime/JSStringJoiner.cpp:
2340         * runtime/JSSymbolTableObject.cpp:
2341         * runtime/JSTypedArrayConstructors.cpp:
2342         * runtime/JSTypedArrayPrototypes.cpp:
2343         * runtime/JSTypedArrays.cpp:
2344         * runtime/JSVariableObject.cpp:
2345         * runtime/JSWithScope.cpp:
2346         * runtime/JSWrapperObject.cpp:
2347         * runtime/LiteralParser.cpp:
2348         * runtime/Lookup.cpp:
2349         * runtime/MathObject.cpp:
2350         * runtime/NameConstructor.cpp:
2351         * runtime/NameInstance.cpp:
2352         * runtime/NamePrototype.cpp:
2353         * runtime/NativeErrorConstructor.cpp:
2354         * runtime/NativeErrorPrototype.cpp:
2355         * runtime/NumberConstructor.cpp:
2356         * runtime/NumberObject.cpp:
2357         * runtime/NumberPrototype.cpp:
2358         * runtime/ObjectConstructor.cpp:
2359         * runtime/ObjectPrototype.cpp:
2360         * runtime/Operations.cpp:
2361         * runtime/Operations.h:
2362         * runtime/PropertyDescriptor.cpp:
2363         * runtime/PrototypeMap.cpp:
2364         * runtime/RegExp.cpp:
2365         * runtime/RegExpCache.cpp:
2366         * runtime/RegExpCachedResult.cpp:
2367         * runtime/RegExpConstructor.cpp:
2368         * runtime/RegExpMatchesArray.cpp:
2369         * runtime/RegExpObject.cpp:
2370         * runtime/RegExpPrototype.cpp:
2371         * runtime/SimpleTypedArrayController.cpp:
2372         * runtime/SmallStrings.cpp:
2373         * runtime/SparseArrayValueMap.cpp:
2374         * runtime/StrictEvalActivation.cpp:
2375         * runtime/StringConstructor.cpp:
2376         * runtime/StringObject.cpp:
2377         * runtime/StringPrototype.cpp:
2378         * runtime/StringRecursionChecker.cpp:
2379         * runtime/Structure.cpp:
2380         * runtime/StructureChain.cpp:
2381         * runtime/StructureRareData.cpp:
2382         * runtime/SymbolTable.cpp:
2383         * runtime/TestRunnerUtils.cpp:
2384         * runtime/VM.cpp:
2385         * testRegExp.cpp:
2386
2387 2014-02-10  Matthew Mirman  <mmirman@apple.com>
2388
2389         Removes the inline assert from SpeculativeJIT's ReallocatePropertyStorage
2390         https://bugs.webkit.org/show_bug.cgi?id=128566
2391
2392         Reviewed by Filip Pizlo.
2393
2394         * dfg/DFGSpeculativeJIT.cpp:
2395         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2396
2397 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2398
2399         Rename getRecordMap to computeRecordMap.
2400
2401         Rubber stamped by Michael Saboff.
2402         
2403         "get" is such a weird prefix. It implies a getter. We don't prefix our getters with
2404         anything in WebKit. Also, this isn't a getter. It actually does work to transform
2405         the stackmaps into a hashmap. So, computeRecordMap is a much better name.
2406
2407         * ftl/FTLCompile.cpp:
2408         (JSC::FTL::compile):
2409         * ftl/FTLJITFinalizer.cpp:
2410         (JSC::FTL::JITFinalizer::finalizeFunction):
2411         * ftl/FTLStackMaps.cpp:
2412         (JSC::FTL::StackMaps::computeRecordMap):
2413         * ftl/FTLStackMaps.h:
2414
2415 2014-02-10  Matthew Mirman  <mmirman@apple.com>
2416
2417         ReallocatePropertyStorage in FTL
2418         https://bugs.webkit.org/show_bug.cgi?id=128352
2419
2420         Reviewed by Filip Pizlo.
2421
2422         * ftl/FTLCapabilities.cpp:
2423         (JSC::FTL::canCompile):
2424         * ftl/FTLIntrinsicRepository.h:
2425         * ftl/FTLLowerDFGToLLVM.cpp:
2426         (JSC::FTL::LowerDFGToLLVM::compileNode):
2427         (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
2428         * tests/stress/ftl-reallocatepropertystorage.js: Added.
2429         (foo):
2430
2431 2014-02-10  Michael Saboff  <msaboff@apple.com>
2432
2433         Fail FTL compilation if the required stack is too big
2434         https://bugs.webkit.org/show_bug.cgi?id=128560
2435
2436         Reviewed by Filip Pizlo.
2437
2438         Added StackSize struct to FTLStackMaps and populated it.  Added and updated
2439         related dump functions.  Use the stack size found at the end of the compilation
2440         to compare against the value of a new option, llvmMaxStackSize.  We fail the
2441         compile if the function's stack size is greater than llvmMaxStackSize.
2442
2443         * dfg/DFGPlan.cpp:
2444         (JSC::DFG::Plan::compileInThreadImpl):
2445         * ftl/FTLStackMaps.cpp:
2446         (JSC::FTL::StackMaps::StackSize::parse):
2447         (JSC::FTL::StackMaps::StackSize::dump):
2448         (JSC::FTL::StackMaps::parse):
2449         (JSC::FTL::StackMaps::dump):
2450         (JSC::FTL::StackMaps::dumpMultiline):
2451         (JSC::FTL::StackMaps::getStackSize):
2452         * ftl/FTLStackMaps.h:
2453         * runtime/Options.h:
2454
2455 2014-02-10  Mark Lam  <mark.lam@apple.com>
2456
2457         Change JSLock::dropAllLocks() and friends to use lock() and unlock().
2458         <https://webkit.org/b/128451>
2459
2460         Reviewed by Geoffrey Garen.
2461
2462         Currently, JSLock's dropAllLocks(), dropAllLocksUnconditionally(), and
2463         grabAllLocks() implement locking / unlocking by duplicating the code from
2464         lock() and unlock(). Instead, they should just call lock() and unlock().
2465
2466         * runtime/JSLock.cpp:
2467         (JSC::JSLock::lock):
2468         (JSC::JSLock::unlock):
2469         - Modified lock() and unlock() into a version that takes an entry count
2470           to lock / unlock. The previous lock() and unlock() now calls these
2471           new versions with an entry count of 1.
2472
2473         (JSC::JSLock::dropAllLocks):
2474         (JSC::JSLock::dropAllLocksUnconditionally):
2475         (JSC::JSLock::grabAllLocks):
2476         - Delegate to unlock() and lock() instead of duplicating the lock / unlock
2477           code.
2478         - There a some differences with calling lock() instead of duplicating its
2479           code in grabAllLock() i.e. lock() does the following additional work:
2480
2481           1. lock() does a re-entry check that is not needed by grabAllLocks().
2482              However, this is effectively a no-op since we never own the JSLock
2483              before calling grabAllLocks().
2484
2485           2. set VM stackPointerAtVMEntry.
2486           3. update VM stackLimit and reservedZoneSize.
2487           4. set VM lastStackTop.
2488              These 3 steps are just busy work which are also effective no-ops
2489              because immediately after lock() returns, grabAllLocks() will write
2490              over those values with their saved versions in the threadData.
2491
2492         * runtime/JSLock.h:
2493
2494 2014-02-10  Anders Carlsson  <andersca@apple.com>
2495
2496         Try to fix the Windows build.
2497
2498         * heap/UnconditionalFinalizer.h:
2499         * runtime/SymbolTable.h:
2500
2501 2014-02-10  Andreas Kling  <akling@apple.com>
2502
2503         Make the Identifier::add() family return PassRef<StringImpl>.
2504         <https://webkit.org/b/128542>
2505
2506         This knocks one branch off of creating an Identifier from another
2507         string source.
2508
2509         Reviewed by Oliver Hunt.
2510
2511         * runtime/Identifier.cpp:
2512         (JSC::Identifier::add):
2513         (JSC::Identifier::add8):
2514         (JSC::Identifier::addSlowCase):
2515         * runtime/Identifier.h:
2516         (JSC::Identifier::add):
2517         * runtime/Lookup.cpp:
2518         (JSC::HashTable::createTable):
2519
2520 2014-02-09  Mark Lam  <mark.lam@apple.com>
2521
2522         Remove unnecessary spinLock in JSLock.
2523         <https://webkit.org/b/128450>
2524
2525         Reviewed by Filip Pizlo.
2526
2527         The JSLock's mutex already provides protection for write access to
2528         JSLock's internal state. The only JSLock state that needs to be read
2529         from any thread including threads that don't own the JSLock is
2530         m_ownerThread, which is used in currentThreadIsHoldingLock() to do an
2531         ownership test on the lock.
2532
2533         It is safe for other threads to read from m_ownerThread because they
2534         only need to know whether its value matches their own thread id
2535         (provided by WTF::currentThread()).
2536
2537         Here are the scenarios for how the ownership test can go:
2538
2539         1. The JSLock has just been initialized and is not owned by any thread.
2540
2541            In this case, m_ownerThread will be 0 and will not match any thread's
2542            thread id. The checking thread will know that it needs to lock the
2543            JSLock before using the VM.
2544
2545         2. The JSLock was previously locked, but now is unlocked.
2546
2547            When we unlock it in JSLock::unlock(), the owner thread clears
2548            m_ownerThread to 0. Hence, this case is the same as (1) above.
2549
2550         3. The JSLock is locked by Thread A. Thread B is checking ownership.
2551
2552            In this case, m_ownerThread will contains the Thread A's thread id.
2553            Thread B will see that the thread id does not match its own and will
2554            proceed to block on the JSLock's mutex to wait for its turn to use
2555            the VM.
2556
2557            With Weak Memory Ordering architectures, Thread A's thread id may
2558            not get written out to memory before Thread B inspects m_ownerThread.
2559            However, though Thread B may not see Thread A's thread id in
2560            m_ownerThread, it will see 0 which is the last value written to it
2561            before the JSLock mutex was unlocked. The mutex unlock would have
2562            executed a memory fence which would have flushed the 0 to
2563            m_ownerThread in memory. Hence, Thread B will know that it does not
2564            own the lock.
2565
2566         Apart from removing the unneeded spin lock code, I also changed the
2567         JSLock code to use currentThreadIsHoldingLock() and setOwnerThread()
2568         instead of accessing m_ownerThread directly.
2569
2570         * runtime/JSLock.cpp:
2571         (JSC::JSLock::JSLock):
2572
2573         (JSC::JSLock::lock):
2574         - Removed spinLock but left the indentation as is to keep the diff to a
2575           minimum for better readability. Will unindent in a subsequent patch.
2576
2577         (JSC::JSLock::unlock):
2578         - Before unlocking the mutex, clear m_ownerThread to indicate that the
2579           lock is no longer owned.
2580
2581         (JSC::JSLock::currentThreadIsHoldingLock):
2582         - Removed the check of m_lockCount for determining ownership. Checking
2583           m_ownerThread is sufficient.
2584
2585         (JSC::JSLock::dropAllLocks):
2586         (JSC::JSLock::dropAllLocksUnconditionally):
2587         - Renamed local locksToDrop to the better name droppedLockCount.
2588         - Clear m_ownerThread since we're unlocking the JSLock.
2589
2590         (JSC::JSLock::grabAllLocks):
2591         - Removed unneeded lock ownership test for lock re-entry case because
2592           grabAllLocks() is never used to re-enter a locked JSLock.
2593
2594         (JSC::JSLock::DropAllLocks::DropAllLocks):
2595         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2596
2597         * runtime/JSLock.h:
2598         (JSC::JSLock::setOwnerThread):
2599
2600 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2601
2602         Unreviewed, roll out http://trac.webkit.org/changeset/163796
2603
2604         The change was not justified in any way and it has a net negative effect on the code.
2605
2606         * dfg/DFGAbstractInterpreter.h:
2607         * dfg/DFGAbstractValue.h:
2608         * dfg/DFGAdjacencyList.h:
2609         * dfg/DFGArgumentPosition.h:
2610         * dfg/DFGArgumentsSimplificationPhase.cpp:
2611         * dfg/DFGArrayMode.cpp:
2612         * dfg/DFGArrayifySlowPathGenerator.h:
2613         * dfg/DFGAtTailAbstractState.h:
2614         * dfg/DFGAvailability.h:
2615         * dfg/DFGBackwardsPropagationPhase.cpp:
2616         * dfg/DFGBasicBlock.h:
2617         * dfg/DFGBasicBlockInlines.h:
2618         * dfg/DFGByteCodeParser.cpp:
2619         * dfg/DFGCFAPhase.cpp:
2620         * dfg/DFGCFGSimplificationPhase.cpp:
2621         * dfg/DFGCPSRethreadingPhase.cpp:
2622         * dfg/DFGCSEPhase.cpp:
2623         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2624         * dfg/DFGCapabilities.cpp:
2625         * dfg/DFGCapabilities.h:
2626         * dfg/DFGClobberize.h:
2627         * dfg/DFGCommonData.cpp:
2628         * dfg/DFGConstantFoldingPhase.cpp:
2629         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2630         * dfg/DFGDCEPhase.cpp:
2631         * dfg/DFGDominators.h:
2632         * dfg/DFGDriver.cpp:
2633         * dfg/DFGDriver.h:
2634         * dfg/DFGFixupPhase.cpp:
2635         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2636         * dfg/DFGGenerationInfo.h:
2637         * dfg/DFGGraph.cpp:
2638         * dfg/DFGGraph.h:
2639         * dfg/DFGInPlaceAbstractState.cpp:
2640         * dfg/DFGInPlaceAbstractState.h:
2641         * dfg/DFGInlineCacheWrapperInlines.h:
2642         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2643         * dfg/DFGJITCode.h:
2644         * dfg/DFGJITCompiler.cpp:
2645         * dfg/DFGJITCompiler.h:
2646         * dfg/DFGJITFinalizer.cpp:
2647         * dfg/DFGJITFinalizer.h:
2648         * dfg/DFGLICMPhase.cpp:
2649         * dfg/DFGLivenessAnalysisPhase.cpp:
2650         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2651         * dfg/DFGMinifiedNode.h:
2652         * dfg/DFGNaturalLoops.h:
2653         * dfg/DFGNode.cpp:
2654         * dfg/DFGNode.h:
2655         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2656         * dfg/DFGOSREntry.cpp:
2657         * dfg/DFGOSREntrypointCreationPhase.cpp:
2658         * dfg/DFGOSRExit.cpp:
2659         * dfg/DFGOSRExit.h:
2660         * dfg/DFGOSRExitBase.cpp:
2661         * dfg/DFGOSRExitCompilationInfo.h:
2662         * dfg/DFGOSRExitCompiler.cpp:
2663         * dfg/DFGOSRExitCompiler32_64.cpp:
2664         * dfg/DFGOSRExitCompiler64.cpp:
2665         * dfg/DFGOSRExitJumpPlaceholder.cpp:
2666         * dfg/DFGOperations.cpp:
2667         * dfg/DFGPhase.h:
2668         * dfg/DFGPlan.h:
2669         * dfg/DFGPredictionInjectionPhase.cpp:
2670         * dfg/DFGPredictionPropagationPhase.cpp:
2671         * dfg/DFGResurrectionForValidationPhase.cpp:
2672         * dfg/DFGSSAConversionPhase.cpp:
2673         * dfg/DFGSSALoweringPhase.cpp:
2674         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
2675         * dfg/DFGSlowPathGenerator.h:
2676         * dfg/DFGSpeculativeJIT.cpp:
2677         * dfg/DFGSpeculativeJIT.h:
2678         * dfg/DFGSpeculativeJIT32_64.cpp:
2679         * dfg/DFGSpeculativeJIT64.cpp:
2680         * dfg/DFGStackLayoutPhase.cpp:
2681         * dfg/DFGStoreBarrierElisionPhase.cpp:
2682         * dfg/DFGStrengthReductionPhase.cpp:
2683         * dfg/DFGThunks.cpp:
2684         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2685         * dfg/DFGTypeCheckHoistingPhase.cpp:
2686         * dfg/DFGUnificationPhase.cpp:
2687         * dfg/DFGValidate.h:
2688         * dfg/DFGValueSource.h:
2689         * dfg/DFGVariableAccessData.h:
2690         * dfg/DFGVariableAccessDataDump.cpp:
2691         * dfg/DFGVariableEvent.h:
2692         * dfg/DFGVariableEventStream.h:
2693         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2694         * dfg/DFGWatchpointCollectionPhase.cpp:
2695         * dfg/DFGWorklist.cpp:
2696
2697 2014-02-10  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com> 
2698  
2699         Remove extra includes from DFG 
2700         https://bugs.webkit.org/show_bug.cgi?id=126983 
2701  
2702         Reviewed by Andreas Kling. 
2703
2704         * dfg/DFGAbstractInterpreter.h:
2705         * dfg/DFGAbstractValue.h:
2706         * dfg/DFGAdjacencyList.h:
2707         * dfg/DFGArgumentPosition.h:
2708         * dfg/DFGArgumentsSimplificationPhase.cpp:
2709         * dfg/DFGArrayMode.cpp:
2710         * dfg/DFGArrayifySlowPathGenerator.h:
2711         * dfg/DFGAtTailAbstractState.h:
2712         * dfg/DFGAvailability.h:
2713         * dfg/DFGBackwardsPropagationPhase.cpp:
2714         * dfg/DFGBasicBlock.h:
2715         * dfg/DFGBasicBlockInlines.h:
2716         * dfg/DFGByteCodeParser.cpp:
2717         * dfg/DFGCFAPhase.cpp:
2718         * dfg/DFGCFGSimplificationPhase.cpp:
2719         * dfg/DFGCPSRethreadingPhase.cpp:
2720         * dfg/DFGCSEPhase.cpp:
2721         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2722         * dfg/DFGCapabilities.cpp:
2723         * dfg/DFGCapabilities.h:
2724         * dfg/DFGClobberize.h:
2725         * dfg/DFGCommonData.cpp:
2726         * dfg/DFGConstantFoldingPhase.cpp:
2727         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2728         * dfg/DFGDCEPhase.cpp:
2729         * dfg/DFGDominators.h:
2730         * dfg/DFGDriver.cpp:
2731         * dfg/DFGDriver.h:
2732         * dfg/DFGFixupPhase.cpp:
2733         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2734         * dfg/DFGGenerationInfo.h:
2735         * dfg/DFGGraph.cpp:
2736         * dfg/DFGGraph.h:
2737         * dfg/DFGInPlaceAbstractState.cpp:
2738         * dfg/DFGInPlaceAbstractState.h:
2739         * dfg/DFGInlineCacheWrapperInlines.h:
2740         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2741         * dfg/DFGJITCode.h:
2742         * dfg/DFGJITCompiler.cpp:
2743         * dfg/DFGJITCompiler.h:
2744         * dfg/DFGJITFinalizer.cpp:
2745         * dfg/DFGJITFinalizer.h:
2746         * dfg/DFGLICMPhase.cpp:
2747         * dfg/DFGLivenessAnalysisPhase.cpp:
2748         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2749         * dfg/DFGMinifiedNode.h:
2750         * dfg/DFGNaturalLoops.h:
2751         * dfg/DFGNode.cpp:
2752         * dfg/DFGNode.h:
2753         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2754         * dfg/DFGOSREntry.cpp:
2755         * dfg/DFGOSREntrypointCreationPhase.cpp:
2756         * dfg/DFGOSRExit.cpp:
2757         * dfg/DFGOSRExit.h:
2758         * dfg/DFGOSRExitBase.cpp:
2759         * dfg/DFGOSRExitCompilationInfo.h:
2760         * dfg/DFGOSRExitCompiler.cpp:
2761         * dfg/DFGOSRExitCompiler32_64.cpp:
2762         * dfg/DFGOSRExitCompiler64.cpp:
2763         * dfg/DFGOSRExitJumpPlaceholder.cpp:
2764         * dfg/DFGOperations.cpp:
2765         * dfg/DFGPhase.h:
2766         * dfg/DFGPlan.h:
2767         * dfg/DFGPredictionInjectionPhase.cpp:
2768         * dfg/DFGPredictionPropagationPhase.cpp:
2769         * dfg/DFGResurrectionForValidationPhase.cpp:
2770         * dfg/DFGSSAConversionPhase.cpp:
2771         * dfg/DFGSSALoweringPhase.cpp:
2772         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
2773         * dfg/DFGSlowPathGenerator.h:
2774         * dfg/DFGSpeculativeJIT.cpp:
2775         * dfg/DFGSpeculativeJIT.h:
2776         * dfg/DFGSpeculativeJIT32_64.cpp:
2777         * dfg/DFGSpeculativeJIT64.cpp:
2778         * dfg/DFGStackLayoutPhase.cpp:
2779         * dfg/DFGStoreBarrierElisionPhase.cpp:
2780         * dfg/DFGStrengthReductionPhase.cpp:
2781         * dfg/DFGThunks.cpp:
2782         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2783         * dfg/DFGTypeCheckHoistingPhase.cpp:
2784         * dfg/DFGUnificationPhase.cpp:
2785         * dfg/DFGValidate.h:
2786         * dfg/DFGValueSource.h:
2787         * dfg/DFGVariableAccessData.h:
2788         * dfg/DFGVariableAccessDataDump.cpp:
2789         * dfg/DFGVariableEvent.h:
2790         * dfg/DFGVariableEventStream.h:
2791         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2792         * dfg/DFGWatchpointCollectionPhase.cpp:
2793         * dfg/DFGWorklist.cpp:
2794
2795 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2796
2797         JSC environment variables should override other mechanisms for setting options
2798         https://bugs.webkit.org/show_bug.cgi?id=128511
2799
2800         Reviewed by Geoffrey Garen.
2801
2802         * runtime/Options.cpp:
2803         (JSC::Options::setOption):
2804         * runtime/Options.h:
2805
2806 2014-02-10  Darin Adler  <darin@apple.com>
2807
2808         Stop using String::deprecatedCharacters to call WTF::Collator
2809         https://bugs.webkit.org/show_bug.cgi?id=128517
2810
2811         Reviewed by Alexey Proskuryakov.
2812
2813         * runtime/StringPrototype.cpp:
2814         (JSC::stringProtoFuncLocaleCompare): Use the default constructor for Collator, which now
2815         gives the default locale collation rules. Use the new arguments for Collator::collate, which
2816         are now StringView. These two changes together eliminate the need for a separate helper function.
2817
2818 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2819
2820         <1/100 probability FTL failure: v8-v6/v8-deltablue.js.ftl-eager: Exception: TypeError: undefined is not an object (evaluating 'c.isInput')
2821         https://bugs.webkit.org/show_bug.cgi?id=128278
2822
2823         Reviewed by Mark Hahnenberg.
2824         
2825         Fix another FTL flake due to bytecode liveness corner cases. Hopefully it's the last
2826         one.
2827
2828         * dfg/DFGByteCodeParser.cpp:
2829         (JSC::DFG::ByteCodeParser::parseBlock): Make sure that inside a constructor, the 'this' result is always set. This makes it easier to unify the treatment of 'this' for OSR exit: we just say that it's always live.
2830         * dfg/DFGGraph.cpp:
2831         (JSC::DFG::Graph::isLiveInBytecode): Assume that 'this' is live. We were already sort of doing this for calls because the callsite would claim it to be live. But we didn't do it for constructors. It's true that *at the callsite* 'this' won't be live, but inside the inlined constructor, it almost certainly will be.
2832         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2833         (JSC::DFG::TierUpCheckInjectionPhase::run): I just noticed this benign bug. We should only return 'true' if we actually injected checks.
2834         * ftl/FTLOSRExitCompiler.cpp:
2835         (JSC::FTL::compileStub): Make it easier to just dump disassembly for FTL OSR exits.
2836         * runtime/Options.h: Ditto.
2837         * tests/stress/inlined-constructor-this-liveness.js: Added.
2838         (Foo):
2839         (foo):
2840         * tests/stress/inlined-function-this-liveness.js: Added.
2841         (bar):
2842         (foo):
2843
2844 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2845
2846         Actually register those DFG::Safepoints
2847         https://bugs.webkit.org/show_bug.cgi?id=128521
2848
2849         Reviewed by Mark Hahnenberg.
2850         
2851         No test because GC + thread + JIT = ???.
2852
2853         * dfg/DFGSafepoint.cpp:
2854         (JSC::DFG::Safepoint::~Safepoint):
2855         (JSC::DFG::Safepoint::begin):
2856
2857 2014-02-10  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
2858
2859         Fix EFL build with INSPECTOR disabled
2860         https://bugs.webkit.org/show_bug.cgi?id=125064
2861
2862         Reviewed by Csaba Osztrogonác.
2863
2864         * inspector/InjectedScriptManager.h:
2865         * inspector/ScriptDebugServer.cpp:
2866         * inspector/agents/InspectorAgent.h:
2867         * inspector/scripts/CodeGeneratorInspectorStrings.py:
2868         (Inspector):
2869
2870 2014-02-09  Filip Pizlo  <fpizlo@apple.com>
2871
2872         GC blocks on FTL and then badness
2873         https://bugs.webkit.org/show_bug.cgi?id=128291
2874
2875         Reviewed by Oliver Hunt.
2876         
2877         Introduce the notion of a DFG::Safepoint, which allows you to unlock the rightToRun
2878         mutex for your JIT thread, while supplying the GC with all of the information it would
2879         need to scan you at that moment in time. The default way of using this is
2880         DFG::GraphSafepoint, where you just supply the Graph. There's a lot of machinery in
2881         this patch just to make the Graph scannable.
2882         
2883         We then use DFG::GraphSafepoint in just two places for now: (1) while initializing LLVM
2884         and (2) while invoking LLVM' optimizer and backend.
2885         
2886         This is a 30% speed-up on Octane/typescript and a 10% speed-up on Octane/gbemu. 2-3%
2887         speed-up overall on Octane.
2888         
2889         * CMakeLists.txt:
2890         * GNUmakefile.list.am:
2891         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2892         * JavaScriptCore.xcodeproj/project.pbxproj:
2893         * dfg/DFGDriver.cpp:
2894         (JSC::DFG::compileImpl):
2895         * dfg/DFGGraph.cpp:
2896         (JSC::DFG::Graph::visitChildren):
2897         * dfg/DFGGraph.h:
2898         * dfg/DFGGraphSafepoint.cpp: Added.
2899         (JSC::DFG::GraphSafepoint::GraphSafepoint):
2900         (JSC::DFG::GraphSafepoint::~GraphSafepoint):
2901         * dfg/DFGGraphSafepoint.h: Added.
2902         * dfg/DFGOperations.h:
2903         * dfg/DFGPlan.cpp:
2904         (JSC::DFG::Plan::compileInThread):
2905         (JSC::DFG::Plan::compileInThreadImpl):
2906         * dfg/DFGPlan.h:
2907         * dfg/DFGSafepoint.cpp: Added.
2908         (JSC::DFG::Safepoint::Safepoint):
2909         (JSC::DFG::Safepoint::~Safepoint):
2910         (JSC::DFG::Safepoint::add):
2911         (JSC::DFG::Safepoint::begin):
2912         (JSC::DFG::Safepoint::visitChildren):
2913         * dfg/DFGSafepoint.h: Added.
2914         * dfg/DFGScannable.h: Added.
2915         (JSC::DFG::Scannable::Scannable):
2916         (JSC::DFG::Scannable::~Scannable):
2917         * dfg/DFGThreadData.cpp: Added.
2918         (JSC::DFG::ThreadData::ThreadData):
2919         (JSC::DFG::ThreadData::~ThreadData):
2920         * dfg/DFGThreadData.h: Added.
2921         * dfg/DFGWorklist.cpp:
2922         (JSC::DFG::Worklist::finishCreation):
2923         (JSC::DFG::Worklist::visitChildren):
2924         (JSC::DFG::Worklist::runThread):
2925         * dfg/DFGWorklist.h:
2926         * ftl/FTLCompile.cpp:
2927         (JSC::FTL::compile):
2928         * heap/SlotVisitor.h:
2929         * heap/SlotVisitorInlines.h:
2930         (JSC::SlotVisitor::appendUnbarrieredReadOnlyPointer):
2931         (JSC::SlotVisitor::appendUnbarrieredReadOnlyValue):
2932
2933 2014-02-09  Filip Pizlo  <fpizlo@apple.com>
2934
2935         Never include *Inlines.h files in interface headers, and never include *Inlines.h when you could include Operations.h instead
2936         https://bugs.webkit.org/show_bug.cgi?id=128505
2937
2938         Reviewed by Mark Hahnenberg and Oliver Hunt.
2939
2940         * API/JSContextRef.cpp:
2941         * assembler/LinkBuffer.cpp:
2942         * bytecode/ArrayProfile.cpp:
2943         * bytecode/BytecodeBasicBlock.cpp:
2944         * bytecode/BytecodeLivenessAnalysisInlines.h:
2945         * bytecode/CallLinkInfo.cpp:
2946         * bytecode/CodeBlock.cpp:
2947         * bytecode/CodeBlock.h:
2948         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2949         * bytecode/ExecutionCounter.cpp:
2950         * bytecode/MethodOfGettingAValueProfile.cpp:
2951         * bytecode/PreciseJumpTargets.cpp:
2952         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
2953         * bytecode/SamplingTool.cpp:
2954         * bytecode/SpecialPointer.cpp:
2955         * bytecode/StructureStubClearingWatchpoint.cpp:
2956         * debugger/DebuggerCallFrame.cpp:
2957         * dfg/DFGAbstractHeap.cpp:
2958         * dfg/DFGAbstractValue.cpp:
2959         * dfg/DFGArgumentsSimplificationPhase.cpp:
2960         * dfg/DFGArithMode.cpp:
2961         * dfg/DFGArrayMode.cpp:
2962         * dfg/DFGAtTailAbstractState.cpp:
2963         * dfg/DFGAvailability.cpp:
2964         * dfg/DFGBackwardsPropagationPhase.cpp:
2965         * dfg/DFGBasicBlock.cpp:
2966         * dfg/DFGBinarySwitch.cpp:
2967         * dfg/DFGBlockInsertionSet.cpp:
2968         * dfg/DFGByteCodeParser.cpp:
2969         * dfg/DFGCFAPhase.cpp:
2970         * dfg/DFGCFGSimplificationPhase.cpp:
2971         * dfg/DFGCPSRethreadingPhase.cpp:
2972         * dfg/DFGCSEPhase.cpp:
2973         * dfg/DFGCapabilities.cpp:
2974         * dfg/DFGClobberSet.cpp:
2975         * dfg/DFGClobberize.cpp:
2976         * dfg/DFGCommon.cpp:
2977         * dfg/DFGCommonData.cpp:
2978         * dfg/DFGCompilationKey.cpp:
2979         * dfg/DFGCompilationMode.cpp:
2980         * dfg/DFGConstantFoldingPhase.cpp:
2981         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2982         * dfg/DFGDCEPhase.cpp:
2983         * dfg/DFGDesiredIdentifiers.cpp:
2984         * dfg/DFGDesiredStructureChains.cpp:
2985         * dfg/DFGDesiredTransitions.cpp:
2986         * dfg/DFGDesiredWatchpoints.cpp:
2987         * dfg/DFGDisassembler.cpp:
2988         * dfg/DFGDisassembler.h:
2989         * dfg/DFGDominators.cpp:
2990         * dfg/DFGEdge.cpp:
2991         * dfg/DFGFailedFinalizer.cpp:
2992         * dfg/DFGFinalizer.cpp:
2993         * dfg/DFGFixupPhase.cpp:
2994         * dfg/DFGFlushFormat.cpp:
2995         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2996         * dfg/DFGFlushedAt.cpp:
2997         * dfg/DFGGraph.cpp:
2998         * dfg/DFGInPlaceAbstractState.cpp:
2999         * dfg/DFGInvalidationPointInjectionPhase.cpp:
3000         * dfg/DFGJITCode.cpp:
3001         * dfg/DFGJITCompiler.cpp:
3002         * dfg/DFGJITCompiler.h:
3003         * dfg/DFGJITFinalizer.cpp:
3004         * dfg/DFGJumpReplacement.cpp:
3005         * dfg/DFGLICMPhase.cpp:
3006         * dfg/DFGLazyJSValue.cpp:
3007         * dfg/DFGLivenessAnalysisPhase.cpp:
3008         * dfg/DFGLongLivedState.cpp:
3009         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
3010         * dfg/DFGMinifiedNode.cpp:
3011         * dfg/DFGNaturalLoops.cpp:
3012         * dfg/DFGNode.cpp:
3013         * dfg/DFGNodeFlags.cpp:
3014         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
3015         * dfg/DFGOSREntry.cpp:
3016         * dfg/DFGOSREntrypointCreationPhase.cpp:
3017         * dfg/DFGOSRExit.cpp:
3018         * dfg/DFGOSRExitBase.cpp:
3019         * dfg/DFGOSRExitCompiler.cpp:
3020         * dfg/DFGOSRExitCompiler32_64.cpp:
3021         * dfg/DFGOSRExitCompiler64.cpp:
3022         * dfg/DFGOSRExitCompilerCommon.cpp:
3023         * dfg/DFGOSRExitJumpPlaceholder.cpp:
3024         * dfg/DFGOSRExitPreparation.cpp:
3025         * dfg/DFGOperations.cpp:
3026         * dfg/DFGOperations.h:
3027         * dfg/DFGPhase.cpp:
3028         * dfg/DFGPlan.cpp:
3029         * dfg/DFGPredictionInjectionPhase.cpp:
3030         * dfg/DFGPredictionPropagationPhase.cpp:
3031         * dfg/DFGResurrectionForValidationPhase.cpp:
3032         * dfg/DFGSSAConversionPhase.cpp:
3033         * dfg/DFGSSALoweringPhase.cpp:
3034         * dfg/DFGSpeculativeJIT.cpp:
3035         * dfg/DFGSpeculativeJIT32_64.cpp:
3036         * dfg/DFGSpeculativeJIT64.cpp:
3037         * dfg/DFGStackLayoutPhase.cpp:
3038         * dfg/DFGStoreBarrierElisionPhase.cpp:
3039         * dfg/DFGStrengthReductionPhase.cpp:
3040         * dfg/DFGThunks.cpp:
3041         * dfg/DFGTierUpCheckInjectionPhase.cpp:
3042         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
3043         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
3044         * dfg/DFGTypeCheckHoistingPhase.cpp:
3045         * dfg/DFGUnificationPhase.cpp:
3046         * dfg/DFGUseKind.cpp:
3047         * dfg/DFGValidate.cpp:
3048         * dfg/DFGValueSource.cpp:
3049         * dfg/DFGVariableAccessDataDump.cpp:
3050         * dfg/DFGVariableEvent.cpp:
3051         * dfg/DFGVariableEventStream.cpp:
3052         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
3053         * dfg/DFGWatchpointCollectionPhase.cpp:
3054         * dfg/DFGWorklist.cpp:
3055         * disassembler/Disassembler.cpp:
3056         * ftl/FTLLink.cpp:
3057         * ftl/FTLOSRExitCompiler.cpp:
3058         * ftl/FTLSlowPathCall.cpp:
3059         * ftl/FTLThunks.cpp:
3060         (JSC::FTL::slowPathCallThunkGenerator):
3061         * heap/BlockAllocator.cpp:
3062         * heap/CodeBlockSet.cpp:
3063         * heap/ConservativeRoots.cpp:
3064         * heap/DeferGC.cpp:
3065         * heap/GCThread.cpp:
3066         * heap/GCThreadSharedData.cpp:
3067         * heap/HeapTimer.cpp:
3068         * heap/IncrementalSweeper.cpp:
3069         * heap/JITStubRoutineSet.cpp:
3070         * heap/MachineStackMarker.cpp:
3071         * heap/MarkStack.cpp:
3072         * heap/MarkedAllocator.cpp:
3073         * heap/MarkedSpace.cpp:
3074         * heap/SuperRegion.cpp:
3075         * heap/Weak.cpp:
3076         * heap/WeakHandleOwner.cpp:
3077         * heap/WeakSet.cpp:
3078         * heap/WriteBarrierBuffer.cpp:
3079         * heap/WriteBarrierSupport.cpp:
3080         * inspector/ScriptCallStackFactory.cpp:
3081         * interpreter/AbstractPC.cpp:
3082         * interpreter/JSStack.cpp:
3083         * interpreter/ProtoCallFrame.cpp:
3084         * interpreter/VMInspector.cpp:
3085         * jit/ArityCheckFailReturnThunks.cpp:
3086         * jit/AssemblyHelpers.cpp:
3087         * jit/ExecutableAllocator.cpp:
3088         * jit/ExecutableAllocatorFixedVMPool.cpp:
3089         * jit/GCAwareJITStubRoutine.cpp:
3090         * jit/HostCallReturnValue.cpp:
3091         * jit/JITDisassembler.cpp:
3092         * jit/JITDisassembler.h:
3093         * jit/JITExceptions.cpp:
3094         * jit/JITInlines.h:
3095         * jit/JITOperations.cpp:
3096         * jit/JITOperationsMSVC64.cpp:
3097         * jit/JITStubRoutine.cpp:
3098         * jit/JITStubs.cpp:
3099         * jit/JITToDFGDeferredCompilationCallback.cpp:
3100         * jit/RegisterPreservationWrapperGenerator.cpp:
3101         * jit/RegisterSet.cpp:
3102         * jit/Repatch.cpp:
3103         * jit/TempRegisterSet.cpp:
3104         * jsc.cpp:
3105         * parser/Lexer.cpp:
3106         * parser/Parser.cpp:
3107         * parser/ParserArena.cpp:
3108         * parser/SourceCode.cpp:
3109         * parser/SourceProvider.cpp:
3110         * parser/SourceProviderCache.cpp:
3111         * profiler/ProfileGenerator.cpp:
3112         * runtime/Arguments.cpp:
3113         * runtime/ArgumentsIteratorPrototype.cpp:
3114         * runtime/CommonSlowPathsExceptions.cpp:
3115         * runtime/JSArgumentsIterator.cpp:
3116         * runtime/JSFunction.cpp:
3117         * runtime/JSGlobalObjectFunctions.cpp:
3118         * runtime/ObjectConstructor.cpp:
3119         * runtime/Operations.h:
3120         * runtime/VM.cpp:
3121
3122 2014-02-09  Filip Pizlo  <fpizlo@apple.com>
3123
3124         Unreviewed, don't mark isHostFunction() inline in the header file because that really confuses EFL.
3125
3126         * runtime/JSFunction.h:
3127
3128 2014-02-09  Anders Carlsson  <andersca@apple.com>
3129
3130         Add WTF_MAKE_FAST_ALLOCATED to more classes
3131         https://bugs.webkit.org/show_bug.cgi?id=128506
3132
3133         Reviewed by Andreas Kling.
3134
3135         * bytecode/UnlinkedInstructionStream.h:
3136         * runtime/SymbolTable.h:
3137         * runtime/WriteBarrier.h:
3138
3139 2014-02-09  Mark Hahnenberg  <mhahnenberg@apple.com>
3140
3141         Objective-C API NSDate conversion is off by 1000x (ms vs s)
3142         https://bugs.webkit.org/show_bug.cgi?id=128386
3143
3144         Reviewed by Michael Saboff.
3145
3146         * API/JSValue.mm:
3147         (valueToObjectWithoutCopy):
3148         (valueToDate):
3149         (objectToValueWithoutCopy):
3150         * API/tests/DateTests.h: Added.
3151         * API/tests/DateTests.mm: Added.
3152         (+[DateTests NSDateToJSDateTest]):
3153         (+[DateTests JSDateToNSDateTest]):
3154         (+[DateTests roundTripThroughJSDateTest]):
3155         (+[DateTests roundTripThroughObjCDateTest]):
3156         * API/tests/testapi.mm:
3157         (checkResult):
3158         * JavaScriptCore.xcodeproj/project.pbxproj:
3159
3160 2014-02-09  Andreas Kling  <akling@apple.com>
3161
3162         Pass VM instead of ExecState to JSCell::fastGetOwnProperty().
3163         <https://webkit.org/b/128497>
3164
3165         Knocks off a couple of instructions.
3166
3167         Reviewed by Anders Carlsson.
3168
3169         * dfg/DFGOperations.cpp:
3170         * jit/JITOperations.cpp:
3171         (JSC::getByVal):
3172         * llint/LLIntSlowPaths.cpp:
3173         (JSC::LLInt::getByVal):
3174         * runtime/JSCell.h:
3175         * runtime/JSCellInlines.h:
3176         (JSC::JSCell::fastGetOwnProperty):
3177
3178 2014-02-09  Anders Carlsson  <andersca@apple.com>
3179
3180         Convert some JSC code over to std::mutex
3181         https://bugs.webkit.org/show_bug.cgi?id=128500
3182
3183         Reviewed by Dan Bernstein.
3184
3185         * API/JSVirtualMachine.mm:
3186         (wrapperCacheMutex):
3187         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
3188         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
3189         * heap/GCThreadSharedData.h:
3190         * heap/SlotVisitor.cpp:
3191         (JSC::SlotVisitor::mergeOpaqueRoots):
3192         * heap/SlotVisitorInlines.h:
3193         (JSC::SlotVisitor::containsOpaqueRootTriState):
3194         * inspector/remote/RemoteInspector.h:
3195         * inspector/remote/RemoteInspector.mm:
3196         (Inspector::RemoteInspector::registerDebuggable):
3197         (Inspector::RemoteInspector::unregisterDebuggable):
3198         (Inspector::RemoteInspector::updateDebuggable):
3199         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
3200         (Inspector::RemoteInspector::start):
3201         (Inspector::RemoteInspector::stop):
3202         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
3203         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
3204         (Inspector::RemoteInspector::xpcConnectionFailed):
3205         (Inspector::RemoteInspector::pushListingSoon):
3206         (Inspector::RemoteInspector::receivedIndicateMessage):
3207         * inspector/remote/RemoteInspectorDebuggableConnection.h:
3208         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
3209         (Inspector::RemoteInspectorDebuggableConnection::setup):
3210         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
3211         (Inspector::RemoteInspectorDebuggableConnection::close):
3212         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
3213         * jit/ExecutableAllocator.cpp:
3214         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
3215         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
3216         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
3217         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
3218         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
3219         (JSC::DemandExecutableAllocator::allocatorsMutex):
3220
3221 2014-02-09  Commit Queue  <commit-queue@webkit.org>
3222
3223         Unreviewed, rolling out r163737.
3224         http://trac.webkit.org/changeset/163737
3225         https://bugs.webkit.org/show_bug.cgi?id=128491
3226
3227         Caused 8+ tests to fail on Mavericks and Mountain Lion bots
3228         (Requested by rniwa on #webkit).
3229
3230         * runtime/JSString.h:
3231         (JSC::jsSingleCharacterString):
3232         (JSC::jsSingleCharacterSubstring):
3233         (JSC::jsString):
3234         (JSC::jsSubstring8):
3235         * runtime/SmallStrings.cpp:
3236         (JSC::SmallStringsStorage::SmallStringsStorage):
3237         (JSC::SmallStrings::SmallStrings):
3238
3239 2014-02-08  Anders Carlsson  <andersca@apple.com>
3240
3241         Simplify single character substrings in JSC
3242         https://bugs.webkit.org/show_bug.cgi?id=128483
3243
3244         Reviewed by Andreas Kling.
3245
3246         With the recent work to make StringImpl occupy less space, it is actually more
3247         efficient to allocate a single character string that it is to use createSubstringSharingImpl!
3248         
3249         * runtime/JSString.h:
3250         (JSC::jsSingleCharacterString):
3251         (JSC::jsSingleCharacterSubstring):
3252         (JSC::jsString):
3253         (JSC::jsSubstring8):
3254         * runtime/SmallStrings.cpp:
3255         (JSC::SmallStringsStorage::SmallStringsStorage):
3256         (JSC::SmallStrings::SmallStrings):
3257
3258 2014-02-08  Mark Hahnenberg  <mhahnenberg@apple.com>
3259
3260         Baseline JIT uses the wrong version of checkMarkWord in emitWriteBarrier
3261         https://bugs.webkit.org/show_bug.cgi?id=128474
3262
3263         Reviewed by Michael Saboff.
3264
3265         * jit/JITPropertyAccess.cpp:
3266         (JSC::JIT::emitWriteBarrier):
3267
3268 2014-02-08  Mark Lam  <mark.lam@apple.com>
3269
3270         Rename a field and some variables in JSLock to better describe what they contain.
3271         <https://webkit.org/b/128475>
3272
3273         Reviewed by Oliver Hunt.
3274
3275         * runtime/JSLock.cpp:
3276         (JSC::JSLock::dropAllLocks):
3277         (JSC::JSLock::dropAllLocksUnconditionally):
3278         (JSC::JSLock::grabAllLocks):
3279         (JSC::JSLock::DropAllLocks::DropAllLocks):
3280         (JSC::JSLock::DropAllLocks::~DropAllLocks):
3281         * runtime/JSLock.h:
3282
3283 2014-02-08  Anders Carlsson  <andersca@apple.com>
3284
3285         Stop using getCharactersWithUpconvert in JavaScriptCore
3286         https://bugs.webkit.org/show_bug.cgi?id=128457
3287
3288         Reviewed by Andreas Kling.
3289
3290         Change substituteBackreferencesSlow to take StringViews and use a StringBuilder instead of upconverting
3291         if the source or replacement strings area 16-bit.
3292
3293         * runtime/StringPrototype.cpp:
3294         (JSC::substituteBackreferencesSlow):
3295         (JSC::substituteBackreferences):
3296
3297 2014-02-08  Mark Rowe  <mrowe@apple.com>
3298
3299         <https://webkit.org/b/128452> Don't duplicate the list of input files for postprocess-headers.sh
3300
3301         Reviewed by Dan Bernstein.
3302
3303         * postprocess-headers.sh: Pull the list of headers to process out of the environment.
3304
3305 2014-02-08  Mark Rowe  <mrowe@apple.com>
3306
3307         Fix the iOS build.
3308
3309         * API/WebKitAvailability.h: Skip the workarounds specific to OS X when we're building for iOS.
3310
3311 2014-02-07  Mark Rowe  <mrowe@apple.com>
3312
3313         <https://webkit.org/b/128448> Fix use of availability macros on recently-added APIs
3314
3315         Reviewed by Dan Bernstein.
3316
3317         * API/JSContext.h: Remove some #ifs.
3318         * API/JSManagedValue.h: Ditto.
3319         * API/WebKitAvailability.h: #define the macros that availability macros mentioning
3320         newer OS X versions would expand to when building on older OS versions.
3321         * JavaScriptCore.xcodeproj/project.pbxproj: Call the new postprocess-headers.sh.
3322         * postprocess-headers.sh: Extracted from the Xcode project. Updated to remove content
3323         from headers based on the __MAC_OS_X_VERSION_MIN_REQUIRED macro, and to
3324         process WebKitAvailability.h.
3325
3326 2014-02-07  Mark Lam  <mark.lam@apple.com>
3327
3328         JSLock should not "restore" VM stack values if it did not re-grab locks.
3329         <https://webkit.org/b/128447>
3330
3331         Reviewed by Geoffrey Garen.
3332
3333         In the existing code, if DropAllLocks is instantiate with DontAlwaysDropLocks
3334         in a thread that does not own the JSLock, then a bug will manifest where:
3335
3336         1. The DropAllLocks constructor will save the VM's stackPointerAtEntry,
3337            lastStackTop, and reservedZoneSize even though it will not drop the JSLock.
3338         2. The DropAllLocks destructor will restore those 3 values to the VM even
3339            though the JSLock will not grab its internal lock.
3340
3341         The former only causes busy work but does not impact correctness. The latter
3342         however, will corrupt those 3 VM values which belong to the thread that
3343         actually owns the JSLock.
3344
3345         The fix is to only save the values when the JSLock will actually drop its
3346         internal lock, and only restore the values if it did re-grab the internal lock.
3347
3348         * runtime/JSLock.cpp:
3349         (JSC::JSLock::dropAllLocks):
3350         (JSC::JSLock::dropAllLocksUnconditionally):
3351         (JSC::JSLock::grabAllLocks):
3352         (JSC::JSLock::DropAllLocks::DropAllLocks):
3353         - Moved the saving of VM stack values to dropAllLocks() and
3354           dropAllLocksUnconditionally().
3355         (JSC::JSLock::DropAllLocks::~DropAllLocks):
3356         - Moved the restoring of VM stack values to grabAllLocks().
3357
3358 2014-02-07  Filip Pizlo  <fpizlo@apple.com>
3359
3360         Don't throw away code if there is code on the worklists
3361         https://bugs.webkit.org/show_bug.cgi?id=128443
3362
3363         Reviewed by Joseph Pecoraro.
3364         
3365         If we throw away compiled code and there is code currently being JITed then the JIT
3366         will get confused after it resumes: it will see a code block that had claimed to belong
3367         to an executable except that it doesn't belong to any executables anymore.
3368
3369         * dfg/DFGWorklist.h:
3370         (JSC::DFG::Worklist::isActive):
3371         * heap/Heap.cpp:
3372         (JSC::Heap::deleteAllCompiledCode):
3373
3374 2014-02-07  Filip Pizlo  <fpizlo@apple.com>
3375
3376         GC should safepoint the DFG worklist in a smarter way rather than just waiting for everything to complete
3377         https://bugs.webkit.org/show_bug.cgi?id=128297
3378
3379         Reviewed by Oliver Hunt.
3380         
3381         This makes DFG worklist threads have a rightToRun lock that gives them the ability to