b39e60df2b42a51faafdaf57df4dca3b0e2aad75
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-29  Csaba Osztrogonác  <ossy@webkit.org>
2
3         Move HAVE_DTRACE definition back to Platform.h
4         https://bugs.webkit.org/show_bug.cgi?id=141033
5
6         Reviewed by Dan Bernstein.
7
8         * Configurations/Base.xcconfig:
9         * JavaScriptCore.xcodeproj/project.pbxproj:
10
11 2015-01-28  Geoffrey Garen  <ggaren@apple.com>
12
13         Removed fastMallocForbid / fastMallocAllow
14         https://bugs.webkit.org/show_bug.cgi?id=141012
15
16         Reviewed by Mark Hahnenberg.
17
18         Copy non-current thread stacks before scanning them instead of scanning
19         them in-place.
20
21         This operation is uncommon (i.e., never in the web content process),
22         and even in a stress test with 4 threads it only copies about 27kB,
23         so I think the performance cost is OK.
24
25         Scanning in-place requires a complex dance where we constrain our GC
26         data structures not to use malloc, free, or any other interesting functions
27         that might acquire locks. We've gotten this wrong many times in the past,
28         and I just got it wrong again yesterday. Since this code path is rarely
29         tested, I want it to just make sense, and not depend on or constrain the
30         details of the rest of the GC heap's design.
31
32         * heap/MachineStackMarker.cpp:
33         (JSC::otherThreadStack): Factored out a helper function for dealing with
34         unaligned and/or backwards pointers.
35
36         (JSC::MachineThreads::tryCopyOtherThreadStack): This is now the only
37         constrained function, and it only calls memcpy and low-level thread APIs.
38
39         (JSC::MachineThreads::tryCopyOtherThreadStacks): The design here is that
40         you do one pass over all the threads to compute their combined size,
41         and then a second pass to do all the copying. In theory, the threads may
42         grow in between passes, in which case you'll continue until the threads
43         stop growing. In practice, you never continue.
44
45         (JSC::growBuffer): Helper function for growing.
46
47         (JSC::MachineThreads::gatherConservativeRoots):
48         (JSC::MachineThreads::gatherFromOtherThread): Deleted.
49         * heap/MachineStackMarker.h: Updated for interface changes.
50
51 2015-01-28  Brian J. Burg  <burg@cs.washington.edu>
52
53         Web Inspector: remove CSS.setPropertyText, CSS.toggleProperty and related dead code
54         https://bugs.webkit.org/show_bug.cgi?id=140961
55
56         Reviewed by Timothy Hatcher.
57
58         * inspector/protocol/CSS.json: Remove unused protocol methods.
59
60 2015-01-28  Dana Burkart  <dburkart@apple.com>
61
62         Move ASan flag settings from DebugRelease.xcconfig to Base.xcconfig
63         https://bugs.webkit.org/show_bug.cgi?id=136765
64
65         Reviewed by Alexey Proskuryakov.
66
67         * Configurations/Base.xcconfig:
68         * Configurations/DebugRelease.xcconfig:
69
70 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
71
72         ExitSiteData saying m_takesSlowPath shouldn't mean early returning takesSlowPath() since for the non-LLInt case we later set m_couldTakeSlowPath, which is more precise
73         https://bugs.webkit.org/show_bug.cgi?id=140980
74
75         Reviewed by Oliver Hunt.
76
77         * bytecode/CallLinkStatus.cpp:
78         (JSC::CallLinkStatus::computeFor):
79
80 2015-01-27  Filip Pizlo  <fpizlo@apple.com>
81
82         Move DFGBinarySwitch out of the DFG so that all of the JITs can use it
83         https://bugs.webkit.org/show_bug.cgi?id=140959
84
85         Rubber stamped by Geoffrey Garen.
86         
87         I want to use this for polymorphic stubs for https://bugs.webkit.org/show_bug.cgi?id=140660.
88         This code no longer has DFG dependencies so this is a very clean move.
89
90         * CMakeLists.txt:
91         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
92         * JavaScriptCore.xcodeproj/project.pbxproj:
93         * dfg/DFGBinarySwitch.cpp: Removed.
94         * dfg/DFGBinarySwitch.h: Removed.
95         * dfg/DFGSpeculativeJIT.cpp:
96         * jit/BinarySwitch.cpp: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.cpp.
97         * jit/BinarySwitch.h: Copied from Source/JavaScriptCore/dfg/DFGBinarySwitch.h.
98
99 2015-01-27  Commit Queue  <commit-queue@webkit.org>
100
101         Unreviewed, rolling out r179192.
102         https://bugs.webkit.org/show_bug.cgi?id=140953
103
104         Caused numerous layout test failures (Requested by mattbaker_
105         on #webkit).
106
107         Reverted changeset:
108
109         "Use FastMalloc (bmalloc) instead of BlockAllocator for GC
110         pages"
111         https://bugs.webkit.org/show_bug.cgi?id=140900
112         http://trac.webkit.org/changeset/179192
113
114 2015-01-27  Michael Saboff  <msaboff@apple.com>
115
116         REGRESSION(r178591): 20% regression in Octane box2d
117         https://bugs.webkit.org/show_bug.cgi?id=140948
118
119         Reviewed by Geoffrey Garen.
120
121         Added check that we have a lexical environment to the arguments is captured check.
122         It doesn't make sense to resolve "arguments" when it really isn't captured.
123
124         * bytecompiler/BytecodeGenerator.cpp:
125         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
126
127 2015-01-26  Geoffrey Garen  <ggaren@apple.com>
128
129         Use FastMalloc (bmalloc) instead of BlockAllocator for GC pages
130         https://bugs.webkit.org/show_bug.cgi?id=140900
131
132         Reviewed by Mark Hahnenberg.
133
134         Removes some more custom allocation code.
135
136         Looks like a speedup. (See results attached to bugzilla.)
137
138         Will hopefully reduce memory use by improving sharing between the GC and
139         malloc heaps.
140
141         * API/JSBase.cpp:
142         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
143         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
144         * JavaScriptCore.xcodeproj/project.pbxproj: Feed the compiler.
145
146         * heap/BlockAllocator.cpp: Removed.
147         * heap/BlockAllocator.h: Removed. No need for a custom allocator anymore.
148
149         * heap/CodeBlockSet.cpp:
150         (JSC::CodeBlockSet::CodeBlockSet):
151         * heap/CodeBlockSet.h: Feed the compiler.
152
153         * heap/CopiedBlock.h:
154         (JSC::CopiedBlock::createNoZeroFill):
155         (JSC::CopiedBlock::create):
156         (JSC::CopiedBlock::CopiedBlock):
157         (JSC::CopiedBlock::isOversize):
158         (JSC::CopiedBlock::payloadEnd):
159         (JSC::CopiedBlock::capacity):
160         * heap/CopiedBlockInlines.h:
161         (JSC::CopiedBlock::reportLiveBytes): Each copied block now tracks its
162         own size, since we can't rely on Region to tell us our size anymore.
163
164         * heap/CopiedSpace.cpp:
165         (JSC::CopiedSpace::~CopiedSpace):
166         (JSC::CopiedSpace::tryAllocateOversize):
167         (JSC::CopiedSpace::tryReallocateOversize):
168         * heap/CopiedSpaceInlines.h:
169         (JSC::CopiedSpace::recycleEvacuatedBlock):
170         (JSC::CopiedSpace::recycleBorrowedBlock):
171         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
172         (JSC::CopiedSpace::allocateBlock):
173         (JSC::CopiedSpace::startedCopying): Deallocate blocks directly, rather
174         than pushing them onto the block allocator's free list; the block
175         allocator doesn't exist anymore.
176
177         * heap/CopyWorkList.h:
178         (JSC::CopyWorkListSegment::create):
179         (JSC::CopyWorkListSegment::CopyWorkListSegment):
180         (JSC::CopyWorkList::~CopyWorkList):
181         (JSC::CopyWorkList::append):
182         (JSC::CopyWorkList::CopyWorkList): Deleted.
183         * heap/GCSegmentedArray.h:
184         (JSC::GCArraySegment::GCArraySegment):
185         * heap/GCSegmentedArrayInlines.h:
186         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
187         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
188         (JSC::GCSegmentedArray<T>::clear):
189         (JSC::GCSegmentedArray<T>::expand):
190         (JSC::GCSegmentedArray<T>::refill):
191         (JSC::GCArraySegment<T>::create):
192         * heap/GCThreadSharedData.cpp:
193         (JSC::GCThreadSharedData::GCThreadSharedData):
194         * heap/GCThreadSharedData.h: Feed the compiler.
195
196         * heap/HandleBlock.h:
197         * heap/HandleBlockInlines.h:
198         (JSC::HandleBlock::create):
199         (JSC::HandleBlock::HandleBlock):
200         (JSC::HandleBlock::payloadEnd):
201         * heap/HandleSet.cpp:
202         (JSC::HandleSet::~HandleSet):
203         (JSC::HandleSet::grow): Same as above.
204
205         * heap/Heap.cpp:
206         (JSC::Heap::Heap):
207         * heap/Heap.h: Removed the block allocator since it is unused now.
208
209         * heap/HeapBlock.h:
210         (JSC::HeapBlock::destroy):
211         (JSC::HeapBlock::HeapBlock):
212         (JSC::HeapBlock::region): Deleted. Removed the Region pointer from each
213         HeapBlock since a HeapBlock is just a normal allocation now.
214
215         * heap/HeapInlines.h:
216         (JSC::Heap::blockAllocator): Deleted.
217
218         * heap/HeapTimer.cpp:
219         * heap/MarkStack.cpp:
220         (JSC::MarkStackArray::MarkStackArray):
221         * heap/MarkStack.h: Feed the compiler.
222
223         * heap/MarkedAllocator.cpp:
224         (JSC::MarkedAllocator::allocateBlock): No need to use a custom code path
225         based on size, since we use a general purpose allocator now.
226
227         * heap/MarkedBlock.cpp:
228         (JSC::MarkedBlock::create):
229         (JSC::MarkedBlock::destroy):
230         (JSC::MarkedBlock::MarkedBlock):
231         * heap/MarkedBlock.h:
232         (JSC::MarkedBlock::capacity): Track block size explicitly, like CopiedBlock.
233
234         * heap/MarkedSpace.cpp:
235         (JSC::MarkedSpace::freeBlock):
236         * heap/MarkedSpace.h:
237
238         * heap/Region.h: Removed.
239
240         * heap/SlotVisitor.cpp:
241         (JSC::SlotVisitor::SlotVisitor): Removed reference to block allocator.
242
243         * heap/SuperRegion.cpp: Removed.
244         * heap/SuperRegion.h: Removed.
245
246         * heap/WeakBlock.cpp:
247         (JSC::WeakBlock::create):
248         (JSC::WeakBlock::WeakBlock):
249         * heap/WeakBlock.h:
250         * heap/WeakSet.cpp:
251         (JSC::WeakSet::~WeakSet):
252         (JSC::WeakSet::addAllocator):
253         (JSC::WeakSet::removeAllocator): Removed reference to block allocator.
254
255 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
256
257         [ARM] Typo fix after r176083
258         https://bugs.webkit.org/show_bug.cgi?id=140937
259
260         Reviewed by Anders Carlsson.
261
262         * assembler/ARMv7Assembler.h:
263         (JSC::ARMv7Assembler::ldrh):
264
265 2015-01-27  Csaba Osztrogonác  <ossy@webkit.org>
266
267         [Win] Unreviewed gardening, skip failing tests.
268
269         * tests/exceptionFuzz.yaml: Skip exception fuzz tests due to bug140928.
270         * tests/mozilla/mozilla-tests.yaml: Skip ecma/Date/15.9.5.28-1.js due to bug140927.
271
272 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
273
274         [Win] Enable JSC stress tests by default
275         https://bugs.webkit.org/show_bug.cgi?id=128307
276
277         Unreviewed typo fix after r179165.
278
279         * tests/mozilla/mozilla-tests.yaml:
280
281 2015-01-26  Csaba Osztrogonác  <ossy@webkit.org>
282
283         [Win] Enable JSC stress tests by default
284         https://bugs.webkit.org/show_bug.cgi?id=128307
285
286         Reviewed by Brent Fulgham.
287
288         * tests/mozilla/mozilla-tests.yaml: Skipped on Windows.
289         * tests/stress/ftl-arithcos.js: Skipped on Windows.
290
291 2015-01-26  Ryosuke Niwa  <rniwa@webkit.org>
292
293         Parse a function expression as a primary expression
294         https://bugs.webkit.org/show_bug.cgi?id=140908
295
296         Reviewed by Mark Lam.
297
298         Moved the code to generate an AST node for a function expression from parseMemberExpression
299         to parsePrimaryExpression to match the ES6 specification terminology:
300         https://people.mozilla.org/~jorendorff/es6-draft.html#sec-primary-expression
301
302         There should be no behavior change from this change since parsePrimaryExpression is only
303         called in parseMemberExpression other than the fact failIfStackOverflow() is called.
304
305         * parser/Parser.cpp:
306         (JSC::Parser<LexerType>::parsePrimaryExpression):
307         (JSC::Parser<LexerType>::parseMemberExpression):
308
309 2015-01-26  Myles C. Maxfield  <mmaxfield@apple.com>
310
311         [iOS] [SVG -> OTF Converter] Flip the switch off on iOS
312         https://bugs.webkit.org/show_bug.cgi?id=140860
313
314         Reviewed by Darin Adler.
315
316         The fonts it makes are grotesque. (See what I did there? Typographic
317         humor is the best humor.)
318
319         * Configurations/FeatureDefines.xcconfig:
320
321 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
322
323         Web Inspector: Rename InjectedScriptHost::type to subtype
324         https://bugs.webkit.org/show_bug.cgi?id=140841
325
326         Reviewed by Timothy Hatcher.
327
328         We were using this to set the subtype of an "object" type RemoteObject
329         so we should clean up the name and call it subtype.
330
331         * inspector/InjectedScriptHost.h:
332         * inspector/InjectedScriptSource.js:
333         * inspector/JSInjectedScriptHost.cpp:
334         (Inspector::JSInjectedScriptHost::subtype):
335         (Inspector::JSInjectedScriptHost::type): Deleted.
336         * inspector/JSInjectedScriptHost.h:
337         * inspector/JSInjectedScriptHostPrototype.cpp:
338         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
339         (Inspector::jsInjectedScriptHostPrototypeFunctionSubtype):
340         (Inspector::jsInjectedScriptHostPrototypeFunctionType): Deleted.
341
342 2015-01-23  Michael Saboff  <msaboff@apple.com>
343
344         LayoutTests/js/script-tests/reentrant-caching.js crashing on 32 bit builds
345         https://bugs.webkit.org/show_bug.cgi?id=140843
346
347         Reviewed by Oliver Hunt.
348
349         When we are in vmEntryToJavaScript, we keep the stack pointer at an
350         alignment sutiable for pointing to a call frame header, which is the
351         alignment post making a call.  We adjust the sp when calling to JS code,
352         but don't adjust it before calling the out of stack handler.
353
354         * llint/LowLevelInterpreter32_64.asm:
355         Moved stack point down 8 bytes to get it aligned.
356
357 2015-01-23  Joseph Pecoraro  <pecoraro@apple.com>
358
359         Web Inspector: Object Previews in the Console
360         https://bugs.webkit.org/show_bug.cgi?id=129204
361
362         Reviewed by Timothy Hatcher.
363
364         Update the very old, unused object preview code. Part of this comes from
365         the earlier WebKit legacy implementation, and the Blink implementation.
366
367         A RemoteObject may include a preview, if it is asked for, and if the
368         RemoteObject is an object. Previews are a shallow (single level) list
369         of a limited number of properties on the object. The previewed
370         properties are always stringified (even if primatives). Previews are
371         limited to just 5 properties or 100 indices. Previews are marked
372         as lossless if they are a complete snapshot of the object.
373
374         There is a path to make previews two levels deep, that is currently
375         unused but should soon be used for tables (e.g. IndexedDB).
376
377         * inspector/InjectedScriptSource.js:
378         - Move some code off of InjectedScript to be generic functions
379         usable by RemoteObject as well.
380         - Update preview generation to use 
381
382         * inspector/protocol/Runtime.json:
383         - Add a new type, "accessor" for preview objects. This represents
384         a getter / setter. We currently don't get the value.
385
386 2015-01-23  Michael Saboff  <msaboff@apple.com>
387
388         Immediate crash when setting JS breakpoint
389         https://bugs.webkit.org/show_bug.cgi?id=140811
390
391         Reviewed by Mark Lam.
392
393         When the DFG stack layout phase doesn't allocate a register for the scope register,
394         it incorrectly sets the scope register in the code block to a bad value, one with
395         an offset of 0.  Changed it so that we set the code block's scope register to the 
396         invalid VirtualRegister instead.
397
398         No tests needed as adding the ASSERT in setScopeRegister() was used to find the bug.
399         We crash with that ASSERT in testapi and likely many other tests as well.
400
401         * bytecode/CodeBlock.cpp:
402         (JSC::CodeBlock::CodeBlock):
403         * bytecode/CodeBlock.h:
404         (JSC::CodeBlock::setScopeRegister):
405         (JSC::CodeBlock::scopeRegister):
406         Added ASSERTs to catch any future improper setting of the code block's scope register.
407
408         * dfg/DFGStackLayoutPhase.cpp:
409         (JSC::DFG::StackLayoutPhase::run):
410
411 2015-01-22  Mark Hahnenberg  <mhahnenb@gmail.com>
412
413         EdenCollections unnecessarily visit SmallStrings
414         https://bugs.webkit.org/show_bug.cgi?id=140762
415
416         Reviewed by Geoffrey Garen.
417
418         * heap/Heap.cpp:
419         (JSC::Heap::copyBackingStores): Also added a GCPhase for copying
420         backing stores, which is a significant portion of garbage collection.
421         (JSC::Heap::visitSmallStrings): Check to see if we need to visit
422         SmallStrings based on the collection type.
423         * runtime/SmallStrings.cpp:
424         (JSC::SmallStrings::SmallStrings):
425         (JSC::SmallStrings::visitStrongReferences): Set the fact that we have
426         visited the SmallStrings since the last modification.
427         * runtime/SmallStrings.h:
428         (JSC::SmallStrings::needsToBeVisited): If we're doing a
429         FullCollection, we need to visit. Otherwise, it depends on whether
430         we've been visited since the last modification/allocation.
431
432 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
433
434         Add a build flag for ES6 class syntax
435         https://bugs.webkit.org/show_bug.cgi?id=140760
436
437         Reviewed by Michael Saboff.
438
439         Added ES6_CLASS_SYNTAX build flag and used it in tokenizer to recognize
440         "class", "extends", "static" and "super" keywords.
441
442         * Configurations/FeatureDefines.xcconfig:
443         * parser/Keywords.table:
444         * parser/ParserTokens.h:
445
446 2015-01-22  Commit Queue  <commit-queue@webkit.org>
447
448         Unreviewed, rolling out r178894.
449         https://bugs.webkit.org/show_bug.cgi?id=140775
450
451         Broke JSC and bindings tests (Requested by ap_ on #webkit).
452
453         Reverted changeset:
454
455         "put_by_val_direct need to check the property is index or not
456         for using putDirect / putDirectIndex"
457         https://bugs.webkit.org/show_bug.cgi?id=140426
458         http://trac.webkit.org/changeset/178894
459
460 2015-01-22  Mark Lam  <mark.lam@apple.com>
461
462         BytecodeGenerator::initializeCapturedVariable() sets a misleading value for the 5th operand of op_put_to_scope.
463         <https://webkit.org/b/140743>
464
465         Reviewed by Oliver Hunt.
466
467         BytecodeGenerator::initializeCapturedVariable() was setting the 5th operand to
468         op_put_to_scope to an inappropriate value (i.e. 0).  As a result, the execution
469         of put_to_scope could store a wrong inferred value into the VariableWatchpointSet
470         for which ever captured variable is at local index 0.  In practice, this turns
471         out to be the local for the Arguments object.  In this reproduction case in the
472         bug, the wrong inferred value written there is the boolean true.
473
474         Subsequently, DFG compilation occurs and CreateArguments is emitted to first do
475         a check of the local for the Arguments object.  But because that local has a
476         wrong inferred value, the check always discovers a non-null value and we never
477         actually create the Arguments object.  Immediately after this, an OSR exit
478         occurs leaving the Arguments object local uninitialized.  Later on at arguments
479         tear off, we run into a boolean true where we had expected to find an Arguments
480         object, which in turn, leads to the crash.
481
482         The fix is to:
483         1. In the case where the resolveModeType is LocalClosureVar, change the
484            5th operand of op_put_to_scope to be a boolean.  True means that the
485            local var is watchable.  False means it is not watchable.  We no longer
486            pass the local index (instead of true) and UINT_MAX (instead of false).
487
488            This allows us to express more clearer in the code what that value means,
489            as well as remove the redundant way of getting the local's identifier.
490            The identifier is always the one passed in the 2nd operand. 
491
492         2. Previously, though intuitively, we know that the watchable variable
493            identifier should be the same as the one that is passed in operand 2, this
494            relationship was not clear in the code.  By code analysis, I confirmed that 
495            the callers of BytecodeGenerator::emitPutToScope() always use the same
496            identifier for operand 2 and for filling out the ResolveScopeInfo from
497            which we get the watchable variable identifier later.  I've changed the
498            code to make this clear now by always using the identifier passed in
499            operand 2.
500
501         3. In the case where the resolveModeType is LocalClosureVar,
502            initializeCapturedVariable() and emitPutToScope() will now query
503            hasWatchableVariable() to determine if the local is watchable or not.
504            Accordingly, we pass the boolean result of hasWatchableVariable() as
505            operand 5 of op_put_to_scope.
506
507         Also added some assertions.
508
509         * bytecode/CodeBlock.cpp:
510         (JSC::CodeBlock::CodeBlock):
511         * bytecompiler/BytecodeGenerator.cpp:
512         (JSC::BytecodeGenerator::initializeCapturedVariable):
513         (JSC::BytecodeGenerator::hasConstant):
514         (JSC::BytecodeGenerator::emitPutToScope):
515         * bytecompiler/BytecodeGenerator.h:
516         (JSC::BytecodeGenerator::hasWatchableVariable):
517         (JSC::BytecodeGenerator::watchableVariableIdentifier):
518         (JSC::BytecodeGenerator::watchableVariable): Deleted.
519
520 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
521
522         PropertyListNode::emitNode duplicates the code to put a constant property
523         https://bugs.webkit.org/show_bug.cgi?id=140761
524
525         Reviewed by Geoffrey Garen.
526
527         Extracted PropertyListNode::emitPutConstantProperty to share the code.
528
529         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
530
531         * bytecompiler/NodesCodegen.cpp:
532         (JSC::PropertyListNode::emitBytecode):
533         (JSC::PropertyListNode::emitPutConstantProperty): Added.
534         * parser/Nodes.h:
535
536 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
537
538         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
539         https://bugs.webkit.org/show_bug.cgi?id=140426
540
541         Reviewed by Geoffrey Garen.
542
543         In the put_by_val_direct operation, we use JSObject::putDirect.
544         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
545         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
546         It forces callers to check the value is index or not explicitly.
547         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
548
549         * bytecode/GetByIdStatus.cpp:
550         (JSC::GetByIdStatus::computeFor):
551         * bytecode/PutByIdStatus.cpp:
552         (JSC::PutByIdStatus::computeFor):
553         * bytecompiler/BytecodeGenerator.cpp:
554         (JSC::BytecodeGenerator::emitDirectPutById):
555         * dfg/DFGOperations.cpp:
556         (JSC::DFG::operationPutByValInternal):
557         * jit/JITOperations.cpp:
558         * jit/Repatch.cpp:
559         (JSC::emitPutTransitionStubAndGetOldStructure):
560         * jsc.cpp:
561         * llint/LLIntSlowPaths.cpp:
562         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
563         * runtime/Arguments.cpp:
564         (JSC::Arguments::getOwnPropertySlot):
565         (JSC::Arguments::put):
566         (JSC::Arguments::deleteProperty):
567         (JSC::Arguments::defineOwnProperty):
568         * runtime/ArrayPrototype.cpp:
569         (JSC::arrayProtoFuncSort):
570         * runtime/JSArray.cpp:
571         (JSC::JSArray::defineOwnProperty):
572         * runtime/JSCJSValue.cpp:
573         (JSC::JSValue::putToPrimitive):
574         * runtime/JSGenericTypedArrayViewInlines.h:
575         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
576         (JSC::JSGenericTypedArrayView<Adaptor>::put):
577         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
578         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
579         * runtime/JSObject.cpp:
580         (JSC::JSObject::put):
581         (JSC::JSObject::putDirectAccessor):
582         (JSC::JSObject::putDirectCustomAccessor):
583         (JSC::JSObject::deleteProperty):
584         (JSC::JSObject::putDirectMayBeIndex):
585         (JSC::JSObject::defineOwnProperty):
586         * runtime/JSObject.h:
587         (JSC::JSObject::getOwnPropertySlot):
588         (JSC::JSObject::getPropertySlot):
589         (JSC::JSObject::putDirectInternal):
590         * runtime/JSString.cpp:
591         (JSC::JSString::getStringPropertyDescriptor):
592         * runtime/JSString.h:
593         (JSC::JSString::getStringPropertySlot):
594         * runtime/LiteralParser.cpp:
595         (JSC::LiteralParser<CharType>::parse):
596         * runtime/PropertyName.h:
597         (JSC::toUInt32FromCharacters):
598         (JSC::toUInt32FromStringImpl):
599         (JSC::PropertyName::asIndex):
600         * runtime/PropertyNameArray.cpp:
601         (JSC::PropertyNameArray::add):
602         * runtime/StringObject.cpp:
603         (JSC::StringObject::deleteProperty):
604         * runtime/Structure.cpp:
605         (JSC::Structure::prototypeChainMayInterceptStoreTo):
606
607 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
608
609         Consolidate out arguments of parseFunctionInfo into a struct
610         https://bugs.webkit.org/show_bug.cgi?id=140754
611
612         Reviewed by Oliver Hunt.
613
614         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
615
616         * JavaScriptCore.xcodeproj/project.pbxproj:
617         * parser/ASTBuilder.h:
618         (JSC::ASTBuilder::createFunctionExpr):
619         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
620         ParserFunctionInfo since the property name and the function name could differ.
621         (JSC::ASTBuilder::createFuncDeclStatement):
622         * parser/Parser.cpp:
623         (JSC::Parser<LexerType>::parseFunctionInfo):
624         (JSC::Parser<LexerType>::parseFunctionDeclaration):
625         (JSC::Parser<LexerType>::parseProperty):
626         (JSC::Parser<LexerType>::parseMemberExpression):
627         * parser/Parser.h:
628         * parser/ParserFunctionInfo.h: Added.
629         * parser/SyntaxChecker.h:
630         (JSC::SyntaxChecker::createFunctionExpr):
631         (JSC::SyntaxChecker::createFuncDeclStatement):
632         (JSC::SyntaxChecker::createClassDeclStatement):
633         (JSC::SyntaxChecker::createGetterOrSetterProperty):
634
635 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
636
637         Change Heap::m_compiledCode to use a Vector
638         https://bugs.webkit.org/show_bug.cgi?id=140717
639
640         Reviewed by Andreas Kling.
641
642         Right now it's a DoublyLinkedList, which is iterated during each
643         collection. This contributes to some of the longish Eden pause times.
644         A Vector would be more appropriate and would also allow ExecutableBase
645         to be 2 pointers smaller.
646
647         * heap/Heap.cpp:
648         (JSC::Heap::deleteAllCompiledCode):
649         (JSC::Heap::deleteAllUnlinkedFunctionCode):
650         (JSC::Heap::clearUnmarkedExecutables):
651         * heap/Heap.h:
652         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
653
654 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
655
656         BytecodeGenerator shouldn't expose all of its member variables
657         https://bugs.webkit.org/show_bug.cgi?id=140752
658
659         Reviewed by Mark Lam.
660
661         Added "private:" and removed unused data members as detected by clang.
662
663         * bytecompiler/BytecodeGenerator.cpp:
664         (JSC::BytecodeGenerator::BytecodeGenerator):
665         * bytecompiler/BytecodeGenerator.h:
666         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
667         * bytecompiler/NodesCodegen.cpp:
668         (JSC::BinaryOpNode::emitBytecode):
669
670 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
671
672         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
673         https://bugs.webkit.org/show_bug.cgi?id=140746
674
675         Reviewed by Timothy Hatcher.
676
677         * inspector/InjectedScriptSource.js:
678         Do not add impure properties to the descriptor object that will
679         eventually be sent to the frontend.
680
681 2015-01-21  Matthew Mirman  <mmirman@apple.com>
682
683         Updated split such that it does not include the empty end of input string match.
684         https://bugs.webkit.org/show_bug.cgi?id=138129
685         <rdar://problem/18807403>
686
687         Reviewed by Filip Pizlo.
688
689         * runtime/StringPrototype.cpp:
690         (JSC::stringProtoFuncSplit):
691         * tests/stress/empty_eos_regex_split.js: Added.
692
693 2015-01-21  Michael Saboff  <msaboff@apple.com>
694
695         Eliminate Scope slot from JavaScript CallFrame
696         https://bugs.webkit.org/show_bug.cgi?id=136724
697
698         Reviewed by Geoffrey Garen.
699
700         This finishes the removal of the scope chain slot from the call frame header.
701
702         * dfg/DFGOSRExitCompilerCommon.cpp:
703         (JSC::DFG::reifyInlinedCallFrames):
704         * dfg/DFGPreciseLocalClobberize.h:
705         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
706         * dfg/DFGSpeculativeJIT32_64.cpp:
707         (JSC::DFG::SpeculativeJIT::emitCall):
708         * dfg/DFGSpeculativeJIT64.cpp:
709         (JSC::DFG::SpeculativeJIT::emitCall):
710         * ftl/FTLJSCall.cpp:
711         (JSC::FTL::JSCall::emit):
712         * ftl/FTLLowerDFGToLLVM.cpp:
713         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
714         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
715         * interpreter/JSStack.h:
716         * interpreter/VMInspector.cpp:
717         (JSC::VMInspector::dumpFrame):
718         * jit/JITCall.cpp:
719         (JSC::JIT::compileOpCall):
720         * jit/JITCall32_64.cpp:
721         (JSC::JIT::compileOpCall):
722         * jit/JITOpcodes32_64.cpp:
723         (JSC::JIT::privateCompileCTINativeCall):
724         * jit/Repatch.cpp:
725         (JSC::generateByIdStub):
726         (JSC::linkClosureCall):
727         * jit/ThunkGenerators.cpp:
728         (JSC::virtualForThunkGenerator):
729         (JSC::nativeForGenerator):
730         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
731         read or set.  In most cases this was where we make JS calls.
732
733         * interpreter/CallFrameClosure.h:
734         (JSC::CallFrameClosure::setArgument):
735         (JSC::CallFrameClosure::resetCallFrame): Deleted.
736         * interpreter/Interpreter.cpp:
737         (JSC::Interpreter::execute):
738         (JSC::Interpreter::executeCall):
739         (JSC::Interpreter::executeConstruct):
740         (JSC::Interpreter::prepareForRepeatCall):
741         * interpreter/ProtoCallFrame.cpp:
742         (JSC::ProtoCallFrame::init):
743         * interpreter/ProtoCallFrame.h:
744         (JSC::ProtoCallFrame::scope): Deleted.
745         (JSC::ProtoCallFrame::setScope): Deleted.
746         * llint/LLIntData.cpp:
747         (JSC::LLInt::Data::performAssertions):
748         * llint/LowLevelInterpreter.asm:
749         * llint/LowLevelInterpreter64.asm:
750         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
751         registers that needed to be copied from the ProtoCallFrame to a callee's frame
752         from 5 to 4.
753
754         * llint/LowLevelInterpreter32_64.asm:
755         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
756
757 2015-01-21  Michael Saboff  <msaboff@apple.com>
758
759         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
760         https://bugs.webkit.org/show_bug.cgi?id=140708
761
762         Reviewed by Mark Lam.
763
764         Eliminated construct methods and change getConstructData() for both classes to return
765         ConstructTypeNone as they can never be called.
766
767         * runtime/NullGetterFunction.cpp:
768         (JSC::NullGetterFunction::getConstructData):
769         (JSC::constructReturnUndefined): Deleted.
770         * runtime/NullSetterFunction.cpp:
771         (JSC::NullSetterFunction::getConstructData):
772         (JSC::constructReturnUndefined): Deleted.
773
774 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
775
776         Remove ENABLE(INSPECTOR) ifdef guards
777         https://bugs.webkit.org/show_bug.cgi?id=140668
778
779         Reviewed by Darin Adler.
780
781         * Configurations/FeatureDefines.xcconfig:
782         * bindings/ScriptValue.cpp:
783         (Deprecated::ScriptValue::toInspectorValue):
784         * bindings/ScriptValue.h:
785         * inspector/ConsoleMessage.cpp:
786         * inspector/ConsoleMessage.h:
787         * inspector/ContentSearchUtilities.cpp:
788         * inspector/ContentSearchUtilities.h:
789         * inspector/IdentifiersFactory.cpp:
790         * inspector/IdentifiersFactory.h:
791         * inspector/InjectedScript.cpp:
792         * inspector/InjectedScript.h:
793         * inspector/InjectedScriptBase.cpp:
794         * inspector/InjectedScriptBase.h:
795         * inspector/InjectedScriptHost.cpp:
796         * inspector/InjectedScriptHost.h:
797         * inspector/InjectedScriptManager.cpp:
798         * inspector/InjectedScriptManager.h:
799         * inspector/InjectedScriptModule.cpp:
800         * inspector/InjectedScriptModule.h:
801         * inspector/InspectorAgentRegistry.cpp:
802         * inspector/InspectorBackendDispatcher.cpp:
803         * inspector/InspectorBackendDispatcher.h:
804         * inspector/InspectorProtocolTypes.h:
805         * inspector/JSGlobalObjectConsoleClient.cpp:
806         * inspector/JSGlobalObjectInspectorController.cpp:
807         * inspector/JSGlobalObjectInspectorController.h:
808         * inspector/JSGlobalObjectScriptDebugServer.cpp:
809         * inspector/JSGlobalObjectScriptDebugServer.h:
810         * inspector/JSInjectedScriptHost.cpp:
811         * inspector/JSInjectedScriptHost.h:
812         * inspector/JSInjectedScriptHostPrototype.cpp:
813         * inspector/JSInjectedScriptHostPrototype.h:
814         * inspector/JSJavaScriptCallFrame.cpp:
815         * inspector/JSJavaScriptCallFrame.h:
816         * inspector/JSJavaScriptCallFramePrototype.cpp:
817         * inspector/JSJavaScriptCallFramePrototype.h:
818         * inspector/JavaScriptCallFrame.cpp:
819         * inspector/JavaScriptCallFrame.h:
820         * inspector/ScriptCallFrame.cpp:
821         (Inspector::ScriptCallFrame::buildInspectorObject):
822         * inspector/ScriptCallFrame.h:
823         * inspector/ScriptCallStack.cpp:
824         (Inspector::ScriptCallStack::buildInspectorArray):
825         * inspector/ScriptCallStack.h:
826         * inspector/ScriptDebugServer.cpp:
827         * inspector/agents/InspectorAgent.cpp:
828         * inspector/agents/InspectorAgent.h:
829         * inspector/agents/InspectorConsoleAgent.cpp:
830         * inspector/agents/InspectorConsoleAgent.h:
831         * inspector/agents/InspectorDebuggerAgent.cpp:
832         * inspector/agents/InspectorDebuggerAgent.h:
833         * inspector/agents/InspectorRuntimeAgent.cpp:
834         * inspector/agents/InspectorRuntimeAgent.h:
835         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
836         * inspector/agents/JSGlobalObjectConsoleAgent.h:
837         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
838         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
839         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
840         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
841         * inspector/scripts/codegen/cpp_generator_templates.py:
842         (CppGeneratorTemplates):
843         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
844         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
845         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
846         * inspector/scripts/tests/expected/enum-values.json-result:
847         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
848         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
849         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
850         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
851         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
852         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
853         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
854         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
855         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
856         * runtime/TypeSet.cpp:
857         (JSC::TypeSet::inspectorTypeSet):
858         (JSC::StructureShape::inspectorRepresentation):
859
860 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
861
862         Web Inspector: Clean up InjectedScriptSource.js
863         https://bugs.webkit.org/show_bug.cgi?id=140709
864
865         Reviewed by Timothy Hatcher.
866
867         This patch includes some relevant Blink patches and small changes.
868         
869         Patch by <aandrey@chromium.org>
870         DevTools: Remove console last result $_ on console clear.
871         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
872
873         Patch by <eustas@chromium.org>
874         [Inspect DOM properties] incorrect CSS Selector Syntax
875         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
876
877         * inspector/InjectedScriptSource.js:
878
879 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
880
881         Web Inspector: Cleanup RuntimeAgent a bit
882         https://bugs.webkit.org/show_bug.cgi?id=140706
883
884         Reviewed by Timothy Hatcher.
885
886         * inspector/InjectedScript.h:
887         * inspector/InspectorBackendDispatcher.h:
888         * inspector/ScriptCallFrame.cpp:
889         * inspector/agents/InspectorRuntimeAgent.cpp:
890         (Inspector::InspectorRuntimeAgent::evaluate):
891         (Inspector::InspectorRuntimeAgent::getProperties):
892         (Inspector::InspectorRuntimeAgent::run):
893         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
894         (Inspector::recompileAllJSFunctionsForTypeProfiling):
895         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
896
897 2015-01-20  Matthew Mirman  <mmirman@apple.com>
898
899         Made Identity in the DFG allocate a new temp register and move 
900         the old data to it.
901         https://bugs.webkit.org/show_bug.cgi?id=140700
902         <rdar://problem/19339106>
903
904         Reviewed by Filip Pizlo.
905
906         * dfg/DFGSpeculativeJIT64.cpp:
907         (JSC::DFG::SpeculativeJIT::compile): 
908         Added scratch registers for Identity. 
909         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
910
911 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
912
913         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
914         https://bugs.webkit.org/show_bug.cgi?id=137306
915
916         Reviewed by Timothy Hatcher.
917
918         Provide another optional parameter to getProperties, to gather a list
919         of all own and getter properties.
920
921         * inspector/InjectedScript.cpp:
922         (Inspector::InjectedScript::getProperties):
923         * inspector/InjectedScript.h:
924         * inspector/InjectedScriptSource.js:
925         * inspector/agents/InspectorRuntimeAgent.cpp:
926         (Inspector::InspectorRuntimeAgent::getProperties):
927         * inspector/agents/InspectorRuntimeAgent.h:
928         * inspector/protocol/Runtime.json:
929
930 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
931
932         Web Inspector: Should show dynamic specificity values
933         https://bugs.webkit.org/show_bug.cgi?id=140647
934
935         Reviewed by Benjamin Poulain.
936
937         * inspector/protocol/CSS.json:
938         Clarify CSSSelector optional values and add "dynamic" property indicating
939         if the selector can be dynamic based on the element it is matched against.
940
941 2015-01-20  Commit Queue  <commit-queue@webkit.org>
942
943         Unreviewed, rolling out r178751.
944         https://bugs.webkit.org/show_bug.cgi?id=140694
945
946         Caused 32-bit JSC test failures (Requested by JoePeck on
947         #webkit).
948
949         Reverted changeset:
950
951         "put_by_val_direct need to check the property is index or not
952         for using putDirect / putDirectIndex"
953         https://bugs.webkit.org/show_bug.cgi?id=140426
954         http://trac.webkit.org/changeset/178751
955
956 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
957
958         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
959         https://bugs.webkit.org/show_bug.cgi?id=140426
960
961         Reviewed by Geoffrey Garen.
962
963         In the put_by_val_direct operation, we use JSObject::putDirect.
964         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
965         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
966         It forces callers to check the value is index or not explicitly.
967         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
968
969         * bytecode/GetByIdStatus.cpp:
970         (JSC::GetByIdStatus::computeFor):
971         * bytecode/PutByIdStatus.cpp:
972         (JSC::PutByIdStatus::computeFor):
973         * bytecompiler/BytecodeGenerator.cpp:
974         (JSC::BytecodeGenerator::emitDirectPutById):
975         * dfg/DFGOperations.cpp:
976         (JSC::DFG::operationPutByValInternal):
977         * jit/JITOperations.cpp:
978         * jit/Repatch.cpp:
979         (JSC::emitPutTransitionStubAndGetOldStructure):
980         * jsc.cpp:
981         * llint/LLIntSlowPaths.cpp:
982         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
983         * runtime/Arguments.cpp:
984         (JSC::Arguments::getOwnPropertySlot):
985         (JSC::Arguments::put):
986         (JSC::Arguments::deleteProperty):
987         (JSC::Arguments::defineOwnProperty):
988         * runtime/ArrayPrototype.cpp:
989         (JSC::arrayProtoFuncSort):
990         * runtime/JSArray.cpp:
991         (JSC::JSArray::defineOwnProperty):
992         * runtime/JSCJSValue.cpp:
993         (JSC::JSValue::putToPrimitive):
994         * runtime/JSGenericTypedArrayViewInlines.h:
995         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
996         (JSC::JSGenericTypedArrayView<Adaptor>::put):
997         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
998         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
999         * runtime/JSObject.cpp:
1000         (JSC::JSObject::put):
1001         (JSC::JSObject::putDirectAccessor):
1002         (JSC::JSObject::putDirectCustomAccessor):
1003         (JSC::JSObject::deleteProperty):
1004         (JSC::JSObject::putDirectMayBeIndex):
1005         (JSC::JSObject::defineOwnProperty):
1006         * runtime/JSObject.h:
1007         (JSC::JSObject::getOwnPropertySlot):
1008         (JSC::JSObject::getPropertySlot):
1009         (JSC::JSObject::putDirectInternal):
1010         * runtime/JSString.cpp:
1011         (JSC::JSString::getStringPropertyDescriptor):
1012         * runtime/JSString.h:
1013         (JSC::JSString::getStringPropertySlot):
1014         * runtime/LiteralParser.cpp:
1015         (JSC::LiteralParser<CharType>::parse):
1016         * runtime/PropertyName.h:
1017         (JSC::toUInt32FromCharacters):
1018         (JSC::toUInt32FromStringImpl):
1019         (JSC::PropertyName::asIndex):
1020         * runtime/PropertyNameArray.cpp:
1021         (JSC::PropertyNameArray::add):
1022         * runtime/StringObject.cpp:
1023         (JSC::StringObject::deleteProperty):
1024         * runtime/Structure.cpp:
1025         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1026
1027 2015-01-20  Michael Saboff  <msaboff@apple.com>
1028
1029         REGRESSION(178696): Sporadic crashes while garbage collecting
1030         https://bugs.webkit.org/show_bug.cgi?id=140688
1031
1032         Reviewed by Geoffrey Garen.
1033
1034         Added missing visitor.append(&thisObject->m_nullSetterFunction).
1035
1036         * runtime/JSGlobalObject.cpp:
1037         (JSC::JSGlobalObject::visitChildren):
1038
1039 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1040
1041         Web Replay: code generator should take supplemental specifications and allow cross-framework references
1042         https://bugs.webkit.org/show_bug.cgi?id=136312
1043
1044         Reviewed by Joseph Pecoraro.
1045
1046         Some types are shared between replay inputs from different frameworks.
1047         Previously, these type declarations were duplicated in every input
1048         specification file in which they were used. This caused some type encoding
1049         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
1050
1051         This patch teaches the replay inputs code generator to accept multiple
1052         input specification files. Inputs can freely reference types from other
1053         frameworks without duplicating declarations.
1054
1055         On the code generation side, the model could contain types and inputs from
1056         frameworks that are not the target framework. Only generate code for the
1057         target framework.
1058
1059         To properly generate cross-framework type encoding traits, use
1060         Type.encoding_type_argument in more places, and add the export macro for WebCore
1061         and the Test framework.
1062
1063         Adjust some tests so that enum coverage is preserved by moving the enum types
1064         into "Test" (the target framework for tests).
1065
1066         * JavaScriptCore.vcxproj/copy-files.cmd:
1067         For Windows, copy over JSInputs.json as if it were a private header.
1068
1069         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
1070         * replay/JSInputs.json:
1071         Put all primitive types and WTF types in this specification file.
1072
1073         * replay/scripts/CodeGeneratorReplayInputs.py:
1074         (Input.__init__):
1075         (InputsModel.__init__): Keep track of the input's framework.
1076         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
1077         and allow either types or inputs to be missing from a single file.
1078
1079         (InputsModel.parse_type_with_framework):
1080         (InputsModel.parse_input_with_framework):
1081         (Generator.should_generate_item): Added helper method.
1082         (Generator.generate_header): Filter inputs to generate.
1083         (Generator.generate_implementation): Filter inputs to generate.
1084         (Generator.generate_enum_trait_declaration): Filter enums to generate.
1085         Add WEBCORE_EXPORT macro to enum encoding traits.
1086
1087         (Generator.generate_for_each_macro): Filter inputs to generate.
1088         (Generator.generate_enum_trait_implementation): Filter enums to generate.
1089         (generate_from_specifications): Added.
1090         (generate_from_specifications.parse_json_from_file):
1091         (InputsModel.parse_toplevel): Deleted.
1092         (InputsModel.parse_type_with_framework_name): Deleted.
1093         (InputsModel.parse_input): Deleted.
1094         (generate_from_specification): Deleted.
1095         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
1096         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
1097         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
1098         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
1099         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1100         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
1101         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1102         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
1103         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1104         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
1105         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1106         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1107         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1108         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1109         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1110         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
1111         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
1112         * replay/scripts/tests/fail-on-duplicate-input-names.json:
1113         * replay/scripts/tests/fail-on-duplicate-type-names.json:
1114         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
1115         * replay/scripts/tests/fail-on-missing-input-member-name.json:
1116         * replay/scripts/tests/fail-on-missing-input-name.json:
1117         * replay/scripts/tests/fail-on-missing-input-queue.json:
1118         * replay/scripts/tests/fail-on-missing-type-mode.json:
1119         * replay/scripts/tests/fail-on-missing-type-name.json:
1120         * replay/scripts/tests/fail-on-no-inputs.json:
1121         Removed, no longer required to be in a single file.
1122
1123         * replay/scripts/tests/fail-on-no-types.json:
1124         Removed, no longer required to be in a single file.
1125
1126         * replay/scripts/tests/fail-on-unknown-input-queue.json:
1127         * replay/scripts/tests/fail-on-unknown-member-type.json:
1128         * replay/scripts/tests/fail-on-unknown-type-mode.json:
1129         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
1130         * replay/scripts/tests/generate-enum-encoding-helpers.json:
1131         * replay/scripts/tests/generate-enum-with-guard.json:
1132         Include enums that are and are not generated.
1133
1134         * replay/scripts/tests/generate-enums-with-same-base-name.json:
1135         * replay/scripts/tests/generate-event-loop-shape-types.json:
1136         * replay/scripts/tests/generate-input-with-guard.json:
1137         * replay/scripts/tests/generate-input-with-vector-members.json:
1138         * replay/scripts/tests/generate-inputs-with-flags.json:
1139         * replay/scripts/tests/generate-memoized-type-modes.json:
1140
1141 2015-01-20  Tomas Popela  <tpopela@redhat.com>
1142
1143         [GTK] Cannot compile 2.7.3 on PowerPC machines
1144         https://bugs.webkit.org/show_bug.cgi?id=140616
1145
1146         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
1147
1148         Reviewed by Csaba Osztrogonác.
1149
1150         * runtime/BasicBlockLocation.cpp:
1151
1152 2015-01-19  Michael Saboff  <msaboff@apple.com>
1153
1154         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
1155         https://bugs.webkit.org/show_bug.cgi?id=139418
1156
1157         Reviewed by Filip Pizlo.
1158
1159         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
1160         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
1161
1162         * CMakeLists.txt:
1163         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1164         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1165         * JavaScriptCore.xcodeproj/project.pbxproj:
1166         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
1167
1168         * runtime/GetterSetter.h:
1169         (JSC::GetterSetter::GetterSetter):
1170         (JSC::GetterSetter::isSetterNull):
1171         (JSC::GetterSetter::setSetter):
1172         Change setter instances from using NullGetterFunction to using NullSetterFunction.
1173
1174         * runtime/JSGlobalObject.cpp:
1175         (JSC::JSGlobalObject::init):
1176         * runtime/JSGlobalObject.h:
1177         (JSC::JSGlobalObject::nullSetterFunction):
1178         Added m_nullSetterFunction and accessor.
1179
1180         * runtime/NullSetterFunction.cpp: Added.
1181         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
1182         (JSC::GetCallerStrictnessFunctor::operator()):
1183         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
1184         (JSC::callerIsStrict):
1185         Method to determine if the caller is in strict mode.
1186
1187         (JSC::callReturnUndefined):
1188         (JSC::constructReturnUndefined):
1189         (JSC::NullSetterFunction::getCallData):
1190         (JSC::NullSetterFunction::getConstructData):
1191         * runtime/NullSetterFunction.h: Added.
1192         (JSC::NullSetterFunction::create):
1193         (JSC::NullSetterFunction::createStructure):
1194         (JSC::NullSetterFunction::NullSetterFunction):
1195         Class with handlers for a null setter.
1196
1197 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1198
1199         Web Inspector: Provide a front end for JSC's Control Flow Profiler
1200         https://bugs.webkit.org/show_bug.cgi?id=138454
1201
1202         Reviewed by Timothy Hatcher.
1203
1204         This patch puts the final touches on what JSC needs to provide
1205         for the Web Inspector to show a UI for the control flow profiler.
1206
1207         * inspector/agents/InspectorRuntimeAgent.cpp:
1208         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1209         * runtime/ControlFlowProfiler.cpp:
1210         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
1211         * runtime/FunctionHasExecutedCache.cpp:
1212         (JSC::FunctionHasExecutedCache::getFunctionRanges):
1213         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
1214         * runtime/FunctionHasExecutedCache.h:
1215
1216 2015-01-19  David Kilzer  <ddkilzer@apple.com>
1217
1218         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
1219         <http://webkit.org/b/140658>
1220
1221         Reviewed by Filip Pizlo.
1222
1223         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
1224         only when building for 64-bit architectures.
1225
1226 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
1227
1228         ClosureCallStubRoutine no longer needs codeOrigin
1229         https://bugs.webkit.org/show_bug.cgi?id=140659
1230
1231         Reviewed by Michael Saboff.
1232         
1233         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
1234         would start with the CodeBlock according to the caller frame's call frame header. But if the
1235         call was a closure call, the return PC would be inside some closure call stub. So if the
1236         CodeBlock search failed, we would search *all* closure call stub routines to see which one
1237         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
1238         object. This was all a bunch of madness, and we actually got rid of it - we now determine
1239         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
1240         argument count.
1241         
1242         This patch removes the final vestiges of the madness:
1243         
1244         - Remove the totally unused method declaration for the thing that did the closure call stub
1245           search.
1246         
1247         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
1248           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
1249           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
1250           anymore.
1251
1252         * bytecode/CodeBlock.h:
1253         * jit/ClosureCallStubRoutine.cpp:
1254         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
1255         * jit/ClosureCallStubRoutine.h:
1256         (JSC::ClosureCallStubRoutine::executable):
1257         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
1258         * jit/Repatch.cpp:
1259         (JSC::linkClosureCall):
1260
1261 2015-01-19  Saam Barati  <saambarati1@gmail.com>
1262
1263         Basic block start offsets should never be larger than end offsets in the control flow profiler
1264         https://bugs.webkit.org/show_bug.cgi?id=140377
1265
1266         Reviewed by Filip Pizlo.
1267
1268         The bytecode generator will emit code more than once for some AST nodes. For instance, 
1269         the finally block of TryNode will emit two code paths for its finally block: one for 
1270         the normal path, and another for the path where an exception is thrown in the catch block. 
1271         
1272         This repeated code emission of the same AST node previously broke how the control 
1273         flow profiler computed text ranges of basic blocks because when the same AST node 
1274         is emitted multiple times, there is a good chance that there are ranges that span 
1275         from the end offset of one of these duplicated nodes back to the start offset of 
1276         the same duplicated node. This caused a basic block range to report a larger start 
1277         offset than end offset. This was incorrect. Now, when this situation is encountered 
1278         while linking a CodeBlock, the faulty range in question is ignored.
1279
1280         * bytecode/CodeBlock.cpp:
1281         (JSC::CodeBlock::CodeBlock):
1282         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
1283         * bytecode/CodeBlock.h:
1284         * bytecompiler/NodesCodegen.cpp:
1285         (JSC::ForInNode::emitMultiLoopBytecode):
1286         (JSC::ForOfNode::emitBytecode):
1287         (JSC::TryNode::emitBytecode):
1288         * parser/Parser.cpp:
1289         (JSC::Parser<LexerType>::parseConditionalExpression):
1290         * runtime/ControlFlowProfiler.cpp:
1291         (JSC::ControlFlowProfiler::ControlFlowProfiler):
1292         * runtime/ControlFlowProfiler.h:
1293         (JSC::ControlFlowProfiler::dummyBasicBlock):
1294
1295 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
1296
1297         [SVG -> OTF Converter] Flip the switch on
1298         https://bugs.webkit.org/show_bug.cgi?id=140592
1299
1300         Reviewed by Antti Koivisto.
1301
1302         * Configurations/FeatureDefines.xcconfig:
1303
1304 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
1305
1306         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
1307         https://bugs.webkit.org/show_bug.cgi?id=140512
1308
1309         Reviewed by Chris Dumez.
1310
1311         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
1312         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
1313         input types, and the type traits macro is defined in namespace WTF.
1314
1315         * replay/NondeterministicInput.h: Make overridden methods public.
1316         * replay/scripts/CodeGeneratorReplayInputs.py:
1317         (Generator.generate_header):
1318         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
1319         (Generator.generate_input_type_trait_declaration): Added.
1320         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
1321         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
1322         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
1323         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
1324         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
1325         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
1326         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
1327         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
1328         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
1329
1330 2015-01-19  Commit Queue  <commit-queue@webkit.org>
1331
1332         Unreviewed, rolling out r178653.
1333         https://bugs.webkit.org/show_bug.cgi?id=140634
1334
1335         Broke multiple SVG tests on Mountain Lion (Requested by ap on
1336         #webkit).
1337
1338         Reverted changeset:
1339
1340         "[SVG -> OTF Converter] Flip the switch on"
1341         https://bugs.webkit.org/show_bug.cgi?id=140592
1342         http://trac.webkit.org/changeset/178653
1343
1344 2015-01-18  Dean Jackson  <dino@apple.com>
1345
1346         ES6: Support Array.of construction
1347         https://bugs.webkit.org/show_bug.cgi?id=140605
1348         <rdar://problem/19513655>
1349
1350         Reviewed by Geoffrey Garen.
1351
1352         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
1353         specification (15 Jan 2015). The Array.of() method creates a new Array
1354         instance with a variable number of arguments, regardless of number or type
1355         of the arguments.
1356
1357         * runtime/ArrayConstructor.cpp:
1358         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
1359         over the arguments, setting them to the appropriate index.
1360
1361 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
1362
1363         [SVG -> OTF Converter] Flip the switch on
1364         https://bugs.webkit.org/show_bug.cgi?id=140592
1365
1366         Reviewed by Antti Koivisto.
1367
1368         * Configurations/FeatureDefines.xcconfig:
1369
1370 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
1371
1372         Web Inspector: highlight data for overlay should use protocol type builders
1373         https://bugs.webkit.org/show_bug.cgi?id=129441
1374
1375         Reviewed by Timothy Hatcher.
1376
1377         Add a new domain for overlay types.
1378
1379         * CMakeLists.txt:
1380         * DerivedSources.make:
1381         * inspector/protocol/OverlayTypes.json: Added.
1382
1383 2015-01-17  Michael Saboff  <msaboff@apple.com>
1384
1385         Crash in JSScope::resolve() on tools.ups.com
1386         https://bugs.webkit.org/show_bug.cgi?id=140579
1387
1388         Reviewed by Geoffrey Garen.
1389
1390         For op_resolve_scope of a global property or variable that needs to check for the var
1391         injection check watchpoint, we need to keep the scope around with a Phantom.  The
1392         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
1393         fired.
1394
1395         * dfg/DFGByteCodeParser.cpp:
1396         (JSC::DFG::ByteCodeParser::parseBlock):
1397
1398 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1399
1400         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
1401         https://bugs.webkit.org/show_bug.cgi?id=140557
1402
1403         Reviewed by Joseph Pecoraro.
1404
1405         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
1406         This makes it longwinded and confusing to use the type in C++ code.
1407
1408         This patch adds a typedef for array type declarations, so types such as Console::CallStack
1409         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
1410
1411         Some tests were updated to cover array type declarations used as parameters and type members.
1412
1413         * inspector/ScriptCallStack.cpp: Use the new typedef.
1414         (Inspector::ScriptCallStack::buildInspectorArray):
1415         * inspector/ScriptCallStack.h:
1416         * inspector/scripts/codegen/cpp_generator.py:
1417         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
1418         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1419         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
1420         (_generate_typedefs_for_domain.Inspector):
1421         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
1422         (ArrayType.__init__):
1423         (Protocol.resolve_types):
1424         (Protocol.lookup_type_reference):
1425         * inspector/scripts/tests/commands-with-async-attribute.json:
1426         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
1427         * inspector/scripts/tests/events-with-optional-parameters.json:
1428         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1429         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1430         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1431         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1432         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1433         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1434         * inspector/scripts/tests/type-declaration-object-type.json:
1435
1436 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1437
1438         Web Replay: purge remaining PassRefPtr uses and minor cleanup
1439         https://bugs.webkit.org/show_bug.cgi?id=140456
1440
1441         Reviewed by Andreas Kling.
1442
1443         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
1444         Remove mistaken uses of AtomicString that were not removed as part of r174113.
1445
1446         * replay/EmptyInputCursor.h:
1447         * replay/InputCursor.h:
1448         (JSC::InputCursor::InputCursor):
1449
1450 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
1451
1452         Web Inspector: code generator should fail on duplicate parameter and member names
1453         https://bugs.webkit.org/show_bug.cgi?id=140555
1454
1455         Reviewed by Timothy Hatcher.
1456
1457         * inspector/scripts/codegen/models.py:
1458         (find_duplicates): Add a helper function to find duplicates in a list.
1459         (Protocol.parse_type_declaration):
1460         (Protocol.parse_command):
1461         (Protocol.parse_event):
1462         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
1463         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
1464         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
1465         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
1466         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
1467         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
1468         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
1469         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
1470
1471 2015-01-16  Michael Saboff  <msaboff@apple.com>
1472
1473         REGRESSION (r174226): Header on huffingtonpost.com is too large
1474         https://bugs.webkit.org/show_bug.cgi?id=140306
1475
1476         Reviewed by Filip Pizlo.
1477
1478         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
1479         arguments register or whether we need to resolve "arguments".  If the arguments have
1480         been captured, then they are stored in the lexical environment and the arguments
1481         register is not used.
1482
1483         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
1484         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
1485         better indicate what we are checking.
1486
1487         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
1488         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
1489         incorrectly calculated the location of the reified callee frame.  This alignment resulted
1490         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
1491
1492         * bytecompiler/BytecodeGenerator.cpp:
1493         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
1494         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
1495         (JSC::BytecodeGenerator::emitCall):
1496         (JSC::BytecodeGenerator::emitConstruct):
1497         (JSC::BytecodeGenerator::emitEnumeration):
1498         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
1499         * bytecompiler/BytecodeGenerator.h:
1500         * bytecompiler/NodesCodegen.cpp:
1501         (JSC::BracketAccessorNode::emitBytecode):
1502         (JSC::DotAccessorNode::emitBytecode):
1503         (JSC::getArgumentByVal):
1504         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1505         (JSC::ArrayPatternNode::emitDirectBinding):
1506         * dfg/DFGOSRExitCompilerCommon.cpp:
1507         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
1508         * dfg/DFGOperations.cpp:
1509         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1510         * dfg/DFGOperations.h:
1511         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
1512
1513 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
1514
1515         Remove ENABLE(SQL_DATABASE) guards
1516         https://bugs.webkit.org/show_bug.cgi?id=140434
1517
1518         Reviewed by Darin Adler.
1519
1520         * CMakeLists.txt:
1521         * Configurations/FeatureDefines.xcconfig:
1522         * DerivedSources.make:
1523         * inspector/protocol/Database.json:
1524
1525 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
1526
1527         Web Inspector and regular console use different source code locations for messages
1528         https://bugs.webkit.org/show_bug.cgi?id=140478
1529
1530         Reviewed by Brian Burg.
1531
1532         * inspector/ConsoleMessage.h: Expose computed source location.
1533
1534         * inspector/agents/InspectorConsoleAgent.cpp:
1535         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1536         (Inspector::InspectorConsoleAgent::stopTiming):
1537         (Inspector::InspectorConsoleAgent::count):
1538         * inspector/agents/InspectorConsoleAgent.h:
1539         addMessageToConsole() now takes a pre-made ConsoleMessage object.
1540
1541         * inspector/JSGlobalObjectConsoleClient.cpp:
1542         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1543         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
1544         * inspector/JSGlobalObjectInspectorController.cpp:
1545         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1546         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1547         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1548         Updated for the above changes.
1549
1550 2015-01-15  Mark Lam  <mark.lam@apple.com>
1551
1552         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
1553         <https://webkit.org/b/140093>
1554
1555         Reviewed by Geoffrey Garen.
1556
1557         * interpreter/StackVisitor.cpp:
1558         (JSC::StackVisitor::Frame::createArguments):
1559         - We should not fetching the lexicalEnvironment here.  The reason we've
1560           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
1561           may not be available to us at this point.  Instead, we'll just pass a nullptr.
1562
1563         * runtime/Arguments.cpp:
1564         (JSC::Arguments::tearOffForCloning):
1565         * runtime/Arguments.h:
1566         (JSC::Arguments::finishCreation):
1567         - Use the new tearOffForCloning() to tear off arguments right out of the values
1568           passed on the stack.  tearOff() is not appropriate for this purpose because
1569           it takes slowArgumentsData into account.
1570
1571 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1572
1573         Removed accidental commit of "invalid_array.js" 
1574         http://trac.webkit.org/changeset/178439
1575
1576         * tests/stress/invalid_array.js: Removed.
1577
1578 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1579
1580         Fixes operationPutByIdOptimizes such that they check that the put didn't
1581         change the structure of the object who's property access is being
1582         cached.  Also removes uses of the new base value from the cache generation code.
1583         https://bugs.webkit.org/show_bug.cgi?id=139500
1584
1585         Reviewed by Filip Pizlo.
1586
1587         * jit/JITOperations.cpp:
1588         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
1589         (JSC::operationPutByIdNonStrictOptimize): ditto.
1590         (JSC::operationPutByIdDirectStrictOptimize): ditto.
1591         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
1592         * jit/Repatch.cpp:
1593         (JSC::generateByIdStub):
1594         (JSC::tryCacheGetByID):
1595         (JSC::tryBuildGetByIDList):
1596         (JSC::emitPutReplaceStub):
1597         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
1598         (JSC::tryCachePutByID):
1599         (JSC::repatchPutByID):
1600         (JSC::tryBuildPutByIdList):
1601         (JSC::tryRepatchIn):
1602         (JSC::emitPutTransitionStub): Deleted.
1603         * jit/Repatch.h:
1604         * llint/LLIntSlowPaths.cpp:
1605         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1606         * runtime/JSPropertyNameEnumerator.h:
1607         (JSC::genericPropertyNameEnumerator):
1608         * runtime/Operations.h:
1609         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
1610         (JSC::normalizePrototypeChain): restructured to not use the base value.
1611         * tests/mozilla/mozilla-tests.yaml:
1612         * tests/stress/proto-setter.js: Added.
1613         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
1614         Added test that fails without this patch.
1615
1616 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
1617
1618         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
1619         https://bugs.webkit.org/show_bug.cgi?id=140404
1620
1621         Reviewed by Timothy Hatcher.
1622
1623         * inspector/protocol/Timeline.json:
1624
1625 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1626
1627         DFG can call PutByValDirect for generic arrays
1628         https://bugs.webkit.org/show_bug.cgi?id=140389
1629
1630         Reviewed by Geoffrey Garen.
1631
1632         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
1633         However, current DFG asserts that put_by_val_direct is not used for the generic array,
1634         the assertion failure is raised.
1635         This patch allow DFG to use put_by_val_direct to generic arrays.
1636
1637         And fix the DFG put_by_val_direct implementation for string properties.
1638         At first, put_by_val_direct is inteded to be used for spread elements.
1639         So the property keys were limited to numbers (indexes).
1640         But now, it's also used for computed properties in object initializers.
1641
1642         * dfg/DFGOperations.cpp:
1643         (JSC::DFG::operationPutByValInternal):
1644         * dfg/DFGSpeculativeJIT64.cpp:
1645         (JSC::DFG::SpeculativeJIT::compile):
1646
1647 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
1648
1649         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
1650         https://bugs.webkit.org/show_bug.cgi?id=140397
1651
1652         Reviewed by Geoffrey Garen.
1653
1654         Patch by Alexey Proskuryakov.
1655
1656         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
1657
1658         No performance change.
1659
1660         No test, since this is a small past-the-end read, which is very
1661         difficult to turn into a reproducible failing test -- and existing tests
1662         crash reliably using ASan.
1663
1664         * bytecompiler/NodesCodegen.cpp:
1665         (JSC::BracketAccessorNode::emitBytecode):
1666         (JSC::DotAccessorNode::emitBytecode):
1667         (JSC::FunctionCallBracketNode::emitBytecode):
1668         (JSC::PostfixNode::emitResolve):
1669         (JSC::DeleteBracketNode::emitBytecode):
1670         (JSC::DeleteDotNode::emitBytecode):
1671         (JSC::PrefixNode::emitResolve):
1672         (JSC::UnaryOpNode::emitBytecode):
1673         (JSC::BitwiseNotNode::emitBytecode):
1674         (JSC::BinaryOpNode::emitBytecode):
1675         (JSC::EqualNode::emitBytecode):
1676         (JSC::StrictEqualNode::emitBytecode):
1677         (JSC::ThrowableBinaryOpNode::emitBytecode):
1678         (JSC::AssignDotNode::emitBytecode):
1679         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1680         register used across a call to a function that might allocate a new
1681         temporary register must be held in a RefPtr.
1682
1683 2015-01-12  Michael Saboff  <msaboff@apple.com>
1684
1685         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1686         https://bugs.webkit.org/show_bug.cgi?id=140348
1687
1688         Reviewed by Mark Lam.
1689
1690         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1691         because those registers may have been spilled on the stack and replaced with other values by
1692         the time we call down to gatherFromCurrentThread().
1693
1694         Now we get the register contents at the same place that we demarcate the current top of
1695         stack using the address of a local variable, in Heap::markRoots().  The register contents
1696         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1697         in the call tree and no lower, as markRoots() calls various functions that visit object
1698         pointers that may be latter proven dead.  Any of those pointers that are left on the
1699         stack or in registers could be incorrectly marked as live if we scan the stack contents
1700         from a called function or one of its callees.  The stack demarcation pointer and register
1701         saving need to be done in the same function so that we have a consistent stack, active
1702         and spilled registers.
1703
1704         Because we don't want to make unnecessary calls to get the register contents, we use
1705         a macro to allocated, and possibly align, the register structure and get the actual
1706         register contents.
1707
1708
1709         * heap/Heap.cpp:
1710         (JSC::Heap::markRoots):
1711         (JSC::Heap::gatherStackRoots):
1712         * heap/Heap.h:
1713         * heap/MachineStackMarker.cpp:
1714         (JSC::MachineThreads::gatherFromCurrentThread):
1715         (JSC::MachineThreads::gatherConservativeRoots):
1716         * heap/MachineStackMarker.h:
1717
1718 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1719
1720         Add basic pattern matching support to the url filters
1721         https://bugs.webkit.org/show_bug.cgi?id=140283
1722
1723         Reviewed by Andreas Kling.
1724
1725         * JavaScriptCore.xcodeproj/project.pbxproj:
1726         Make YarrParser.h private in order to use it from WebCore.
1727
1728 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1729
1730         Out of bounds read in IdentifierArena::makeIdentifier
1731         https://bugs.webkit.org/show_bug.cgi?id=140376
1732
1733         Patch by Alexey Proskuryakov.
1734
1735         Reviewed and ChangeLogged by Geoffrey Garen.
1736
1737         No test, since this is a small past-the-end read, which is very
1738         difficult to turn into a reproducible failing test -- and existing tests
1739         crash reliably using ASan.
1740
1741         * parser/ParserArena.h:
1742         (JSC::IdentifierArena::makeIdentifier):
1743         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1744         zero-length string input, like we do in the literal parser, since it is
1745         not valid to dereference characters in a zero-length string.
1746
1747         A zero-length string is allowed in JavaScript -- for example, "".
1748
1749 2015-01-11  Sam Weinig  <sam@webkit.org>
1750
1751         Remove support for SharedWorkers
1752         https://bugs.webkit.org/show_bug.cgi?id=140344
1753
1754         Reviewed by Anders Carlsson.
1755
1756         * Configurations/FeatureDefines.xcconfig:
1757
1758 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1759
1760         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1761         https://bugs.webkit.org/show_bug.cgi?id=136769
1762
1763         Reviewed by Antti Koivisto.
1764
1765         * Configurations/FeatureDefines.xcconfig:
1766
1767 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1768
1769         Unreviewed, rolling out r178266.
1770         https://bugs.webkit.org/show_bug.cgi?id=140363
1771
1772         Broke a JSC test (Requested by ap on #webkit).
1773
1774         Reverted changeset:
1775
1776         "Local JSArray* "keys" in objectConstructorKeys() is not
1777         marked during garbage collection"
1778         https://bugs.webkit.org/show_bug.cgi?id=140348
1779         http://trac.webkit.org/changeset/178266
1780
1781 2015-01-12  Michael Saboff  <msaboff@apple.com>
1782
1783         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1784         https://bugs.webkit.org/show_bug.cgi?id=140348
1785
1786         Reviewed by Mark Lam.
1787
1788         Move the address of the local variable that is used to demarcate the top of the stack for 
1789         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1790         the register values using setjmp().  That way we don't lose any callee save register
1791         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1792         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1793         erroneously.
1794
1795         * heap/Heap.cpp:
1796         (JSC::Heap::markRoots):
1797         (JSC::Heap::gatherStackRoots):
1798         * heap/Heap.h:
1799         * heap/MachineStackMarker.cpp:
1800         (JSC::MachineThreads::gatherFromCurrentThread):
1801         (JSC::MachineThreads::gatherConservativeRoots):
1802         * heap/MachineStackMarker.h:
1803
1804 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1805
1806         Fix typo in testate.c error messages
1807         https://bugs.webkit.org/show_bug.cgi?id=140305
1808
1809         Reviewed by Geoffrey Garen.
1810
1811         * API/tests/testapi.c:
1812         (main): "... script did not timed out ..." -> "... script did not time out ..."
1813
1814 2015-01-09  Michael Saboff  <msaboff@apple.com>
1815
1816         Breakpoint doesn't fire in this HTML5 game
1817         https://bugs.webkit.org/show_bug.cgi?id=140269
1818
1819         Reviewed by Mark Lam.
1820
1821         When parsing a single line cached function, use the lineStartOffset of the
1822         location where we found the cached function instead of the cached lineStartOffset.
1823         The cache location's lineStartOffset has not been adjusted for any possible
1824         containing functions.
1825
1826         This change is not needed for multi-line cached functions.  Consider the
1827         single line source:
1828
1829         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1830
1831         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1832         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1833         character is at outer()'s outermost open brace.  That is what we should use for
1834         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1835         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1836         to use the value of lineStartOffset before we started parsing inner1().  That is
1837         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1838
1839         For a multi-line function, the close brace is guaranteed to be on a different line
1840         than the open brace.  Hence, its lineStartOffset will not change with the change of
1841         the SourceCode start character
1842
1843         * parser/Parser.cpp:
1844         (JSC::Parser<LexerType>::parseFunctionInfo):
1845
1846 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1847
1848         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1849         https://bugs.webkit.org/show_bug.cgi?id=140279
1850         rdar://problem/19422299
1851
1852         Reviewed by Oliver Hunt.
1853
1854         * runtime/MapData.cpp:
1855         (JSC::MapData::replaceAndPackBackingStore):
1856         The cell table also needs to have its values fixed.
1857
1858 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1859
1860         Web Inspector: Remove or use TimelineAgent Resource related event types
1861         https://bugs.webkit.org/show_bug.cgi?id=140155
1862
1863         Reviewed by Timothy Hatcher.
1864
1865         Remove unused / stale Timeline event types.
1866
1867         * inspector/protocol/Timeline.json:
1868
1869 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1870
1871         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1872         https://bugs.webkit.org/show_bug.cgi?id=140098
1873
1874         Reviewed by Brian Burg.
1875
1876         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1877
1878 2015-01-08  Mark Lam  <mark.lam@apple.com>
1879
1880         Argument object created by "Function dot arguments" should use a clone of the argument values.
1881         <https://webkit.org/b/140093>
1882
1883         Reviewed by Geoffrey Garen.
1884
1885         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1886         test will crash.  The relevant code which manifests the issue is as follows:
1887
1888             function bar() {
1889                 return foo.arguments;
1890             }
1891
1892             function foo(p) {
1893                 var x = 42;
1894                 if (p)
1895                     return (function() { return x; });
1896                 else
1897                     return bar();
1898             }
1899
1900         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1901         has dead code eliminated the SetLocal that stores it into its designated local.
1902         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1903         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1904         but instead, finds it to be uninitialized.  This results in a null pointer access
1905         which causes a crash.
1906
1907         This can be resolved by having bar() instantiate a clone of the Arguments object
1908         instead, and populate its elements with values fetched directly from foo's frame.
1909         There's no need to reference foo's LexicalEnvironment (whether present or not).
1910
1911         * interpreter/StackVisitor.cpp:
1912         (JSC::StackVisitor::Frame::createArguments):
1913         * runtime/Arguments.h:
1914         (JSC::Arguments::finishCreation):
1915
1916 2015-01-08  Mark Lam  <mark.lam@apple.com>
1917
1918         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1919         <https://webkit.org/b/140236>
1920
1921         Reviewed by Geoffrey Garen.
1922
1923         Will change the DFG to use the operand on a subsequent pass.  For now,
1924         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1925         retain the old behavior of getting the lexicalEnviroment from the
1926         ExecState.
1927
1928         * bytecompiler/BytecodeGenerator.cpp:
1929         (JSC::BytecodeGenerator::BytecodeGenerator):
1930         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1931         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1932         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1933           instead of an empty JSValue as the lexicalEnvironment operand.
1934
1935         * dfg/DFGOperations.cpp:
1936         - Use the lexicalEnvironment from the ExecState for now.
1937
1938         * dfg/DFGSpeculativeJIT32_64.cpp:
1939         (JSC::DFG::SpeculativeJIT::compile):
1940         * dfg/DFGSpeculativeJIT64.cpp:
1941         (JSC::DFG::SpeculativeJIT::compile):
1942         - Use the operationCreateArgumentsForDFG() thunk for now.
1943
1944         * interpreter/CallFrame.cpp:
1945         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1946         * interpreter/CallFrame.h:
1947         - Added this convenience function to return either the
1948           lexicalEnvironment or a nullptr so that we don't need to do a
1949           conditional check on codeBlock->needsActivation() at multiple sites.
1950
1951         * interpreter/StackVisitor.cpp:
1952         (JSC::StackVisitor::Frame::createArguments):
1953         * jit/JIT.h:
1954         * jit/JITInlines.h:
1955         (JSC::JIT::callOperation):
1956         * jit/JITOpcodes.cpp:
1957         (JSC::JIT::emit_op_create_arguments):
1958         (JSC::JIT::emitSlow_op_get_argument_by_val):
1959         * jit/JITOpcodes32_64.cpp:
1960         (JSC::JIT::emit_op_create_arguments):
1961         (JSC::JIT::emitSlow_op_get_argument_by_val):
1962         * jit/JITOperations.cpp:
1963         * jit/JITOperations.h:
1964         * llint/LLIntSlowPaths.cpp:
1965         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1966         * runtime/Arguments.h:
1967         (JSC::Arguments::create):
1968         (JSC::Arguments::finishCreation):
1969         * runtime/CommonSlowPaths.cpp:
1970         (JSC::SLOW_PATH_DECL):
1971         * runtime/JSLexicalEnvironment.cpp:
1972         (JSC::JSLexicalEnvironment::argumentsGetter):
1973
1974 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1975
1976         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1977         https://bugs.webkit.org/show_bug.cgi?id=138991
1978
1979         Reviewed by Timothy Hatcher.
1980
1981         * debugger/Debugger.cpp:
1982         (JSC::Debugger::Debugger):
1983         (JSC::Debugger::pauseIfNeeded):
1984         (JSC::Debugger::didReachBreakpoint):
1985         When actually pausing, if we hit a breakpoint ensure the reason
1986         is PausedForBreakpoint, otherwise use the current reason.
1987
1988         * debugger/Debugger.h:
1989         Make pause reason and pausing breakpoint ID public.
1990
1991         * inspector/agents/InspectorDebuggerAgent.h:
1992         * inspector/agents/InspectorDebuggerAgent.cpp:
1993         (Inspector::buildAssertPauseReason):
1994         (Inspector::buildCSPViolationPauseReason):
1995         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1996         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1997         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1998         (Inspector::buildObjectForBreakpointCookie):
1999         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2000         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
2001         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2002         (Inspector::InspectorDebuggerAgent::pause):
2003         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2004         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2005         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
2006         Clean up creation of pause reason objects and other cleanup
2007         of PassRefPtr use and InjectedScript use.
2008
2009         (Inspector::InspectorDebuggerAgent::didPause):
2010         Clean up so that we first check for an Exception, and then fall
2011         back to including a Pause Reason derived from the Debugger.
2012
2013         * inspector/protocol/Debugger.json:
2014         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
2015
2016 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
2017
2018         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
2019         https://bugs.webkit.org/show_bug.cgi?id=140209
2020
2021         Reviewed by Timothy Hatcher.
2022
2023         Check the types of objects in NSArrays for all interfaces (commands, events, types)
2024         when the user can set an array of objects. Previously we were only type checking
2025         they were RWIJSONObjects, now we add an explicit check for the exact object type.
2026
2027         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2028         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2029         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2030         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2031         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2032         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
2033         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
2034         * inspector/scripts/codegen/objc_generator.py:
2035         (ObjCGenerator.objc_class_for_array_type):
2036         (ObjCGenerator):
2037
2038 2015-01-07  Mark Lam  <mark.lam@apple.com>
2039
2040         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
2041         <https://webkit.org/b/140233>
2042
2043         Reviewed by Filip Pizlo.
2044
2045         This patch only adds the operand to the bytecode.  It is not in use yet.
2046
2047         * bytecode/BytecodeList.json:
2048         * bytecode/BytecodeUseDef.h:
2049         (JSC::computeUsesForBytecodeOffset):
2050         * bytecode/CodeBlock.cpp:
2051         (JSC::CodeBlock::dumpBytecode):
2052         * bytecompiler/BytecodeGenerator.cpp:
2053         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2054         * llint/LowLevelInterpreter32_64.asm:
2055         * llint/LowLevelInterpreter64.asm:
2056
2057 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2058
2059         Investigate the character type of repeated string instead of checking is8Bit flag
2060         https://bugs.webkit.org/show_bug.cgi?id=140139
2061
2062         Reviewed by Darin Adler.
2063
2064         Instead of checking is8Bit flag of the repeated string, investigate
2065         the actual value of the repeated character since i8Bit flag give a false negative case.
2066
2067         * runtime/StringPrototype.cpp:
2068         (JSC::repeatCharacter):
2069         (JSC::stringProtoFuncRepeat):
2070         (JSC::repeatSmallString): Deleted.
2071
2072 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2073
2074         Web Inspector: ObjC Generate types from the GenericTypes domain
2075         https://bugs.webkit.org/show_bug.cgi?id=140229
2076
2077         Reviewed by Timothy Hatcher.
2078
2079         Generate types from the GenericTypes domain, as they are expected
2080         by other domains (like Page domain). Also, don't include the @protocol
2081         forward declaration for a domain if it doesn't have any commands.
2082
2083         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
2084         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
2085         (ObjCBackendDispatcherHeaderGenerator): Deleted.
2086         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
2087         * inspector/scripts/codegen/objc_generator.py:
2088         (ObjCGenerator):
2089         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2090         * inspector/scripts/tests/expected/enum-values.json-result:
2091         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2092         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2093         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2094         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2095         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2096         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2097         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2098         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2099         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2100
2101 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
2102
2103         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
2104         https://bugs.webkit.org/show_bug.cgi?id=140228
2105
2106         Reviewed by Timothy Hatcher.
2107
2108         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2109         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2110         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2111         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2112         * inspector/scripts/tests/expected/enum-values.json-result:
2113         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2114
2115 2015-01-07  Saam Barati  <saambarati1@gmail.com>
2116
2117         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
2118         https://bugs.webkit.org/show_bug.cgi?id=140165
2119
2120         Reviewed by Michael Saboff.
2121
2122         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
2123         into the LLInt speeds up type profiling.
2124
2125         * llint/LLIntOffsetsExtractor.cpp:
2126         * llint/LowLevelInterpreter.asm:
2127         * llint/LowLevelInterpreter32_64.asm:
2128         * llint/LowLevelInterpreter64.asm:
2129         * runtime/CommonSlowPaths.cpp:
2130         (JSC::SLOW_PATH_DECL):
2131         * runtime/CommonSlowPaths.h:
2132         * runtime/TypeProfilerLog.h:
2133         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
2134
2135 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
2136
2137         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2138         https://bugs.webkit.org/show_bug.cgi?id=140053
2139
2140         Reviewed by Andreas Kling.
2141
2142         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2143         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2144         references are always non-null. These two refactorings have been combined since
2145         they tend to require similar changes to the code.
2146
2147         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2148         have been updated to take a Ref instead of RefPtr.
2149
2150         Builders for typed protocol objects now return a Ref. Since there is no implicit
2151         call to operator&, callsites now must explicitly call .release() to convert a
2152         builder object into the corresponding protocol object once required fields are set.
2153         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2154
2155         Tests for inspector protocol and replay inputs have been rebaselined.
2156
2157         * bindings/ScriptValue.cpp:
2158         (Deprecated::jsToInspectorValue):
2159         (Deprecated::ScriptValue::toInspectorValue):
2160         * bindings/ScriptValue.h:
2161         * inspector/ConsoleMessage.cpp:
2162         (Inspector::ConsoleMessage::addToFrontend):
2163         * inspector/ContentSearchUtilities.cpp:
2164         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2165         (Inspector::ContentSearchUtilities::searchInTextByLines):
2166         * inspector/ContentSearchUtilities.h:
2167         * inspector/InjectedScript.cpp:
2168         (Inspector::InjectedScript::getFunctionDetails):
2169         (Inspector::InjectedScript::getProperties):
2170         (Inspector::InjectedScript::getInternalProperties):
2171         (Inspector::InjectedScript::wrapCallFrames):
2172         (Inspector::InjectedScript::wrapObject):
2173         (Inspector::InjectedScript::wrapTable):
2174         * inspector/InjectedScript.h:
2175         * inspector/InjectedScriptBase.cpp:
2176         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2177         * inspector/InspectorBackendDispatcher.cpp:
2178         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2179         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2180         (Inspector::InspectorBackendDispatcher::create):
2181         (Inspector::InspectorBackendDispatcher::dispatch):
2182         (Inspector::InspectorBackendDispatcher::sendResponse):
2183         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2184         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2185         (Inspector::InspectorBackendDispatcher::getInteger):
2186         (Inspector::InspectorBackendDispatcher::getDouble):
2187         (Inspector::InspectorBackendDispatcher::getString):
2188         (Inspector::InspectorBackendDispatcher::getBoolean):
2189         (Inspector::InspectorBackendDispatcher::getObject):
2190         (Inspector::InspectorBackendDispatcher::getArray):
2191         (Inspector::InspectorBackendDispatcher::getValue):
2192         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2193         protocol error strings.
2194         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2195         Convert the supplemental dispatcher's reference to Ref since it is never null.
2196         * inspector/InspectorEnvironment.h:
2197         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2198         StructItemTraits. Add more versions of addItem to handle pushing various types.
2199         (Inspector::Protocol::Array::openAccessors):
2200         (Inspector::Protocol::Array::addItem):
2201         (Inspector::Protocol::Array::create):
2202         (Inspector::Protocol::StructItemTraits::push):
2203         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2204         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2205         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2206         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2207         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2208         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2209         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2210         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2211         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2212         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2213         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2214         the same call signature as other getters. Use Ref where possible.
2215         (Inspector::InspectorObjectBase::getBoolean):
2216         (Inspector::InspectorObjectBase::getString):
2217         (Inspector::InspectorObjectBase::getObject):
2218         (Inspector::InspectorObjectBase::getArray):
2219         (Inspector::InspectorObjectBase::getValue):
2220         (Inspector::InspectorObjectBase::writeJSON):
2221         (Inspector::InspectorArrayBase::get):
2222         (Inspector::InspectorObject::create):
2223         (Inspector::InspectorArray::create):
2224         (Inspector::InspectorValue::null):
2225         (Inspector::InspectorString::create):
2226         (Inspector::InspectorBasicValue::create):
2227         (Inspector::InspectorObjectBase::get): Deleted.
2228         * inspector/InspectorValues.h:
2229         (Inspector::InspectorObjectBase::setValue):
2230         (Inspector::InspectorObjectBase::setObject):
2231         (Inspector::InspectorObjectBase::setArray):
2232         (Inspector::InspectorArrayBase::pushValue):
2233         (Inspector::InspectorArrayBase::pushObject):
2234         (Inspector::InspectorArrayBase::pushArray):
2235         * inspector/JSGlobalObjectConsoleClient.cpp:
2236         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2237         (Inspector::JSGlobalObjectConsoleClient::count):
2238         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2239         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2240         * inspector/JSGlobalObjectConsoleClient.h:
2241         * inspector/JSGlobalObjectInspectorController.cpp:
2242         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2243         * inspector/JSGlobalObjectInspectorController.h:
2244         * inspector/ScriptCallFrame.cpp:
2245         (Inspector::ScriptCallFrame::buildInspectorObject):
2246         * inspector/ScriptCallFrame.h:
2247         * inspector/ScriptCallStack.cpp:
2248         (Inspector::ScriptCallStack::create):
2249         (Inspector::ScriptCallStack::buildInspectorArray):
2250         * inspector/ScriptCallStack.h:
2251         * inspector/agents/InspectorAgent.cpp:
2252         (Inspector::InspectorAgent::enable):
2253         (Inspector::InspectorAgent::inspect):
2254         (Inspector::InspectorAgent::activateExtraDomain):
2255         * inspector/agents/InspectorAgent.h:
2256         * inspector/agents/InspectorDebuggerAgent.cpp:
2257         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2258         (Inspector::buildObjectForBreakpointCookie):
2259         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2260         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2261         (Inspector::InspectorDebuggerAgent::continueToLocation):
2262         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2263         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2264         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2265         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2266         (Inspector::InspectorDebuggerAgent::didParseSource):
2267         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2268         (Inspector::InspectorDebuggerAgent::breakProgram):
2269         * inspector/agents/InspectorDebuggerAgent.h:
2270         * inspector/agents/InspectorRuntimeAgent.cpp:
2271         (Inspector::buildErrorRangeObject):
2272         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2273         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2274         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2275         * inspector/agents/InspectorRuntimeAgent.h:
2276         * inspector/scripts/codegen/cpp_generator.py:
2277         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2278         (CppGenerator.cpp_type_for_type_with_name):
2279         (CppGenerator.cpp_type_for_formal_async_parameter):
2280         (CppGenerator.should_use_references_for_type):
2281         (CppGenerator):
2282         * inspector/scripts/codegen/cpp_generator_templates.py:
2283         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2284         (CppBackendDispatcherHeaderGenerator.generate_output):
2285         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2286         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2287         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2288         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2289         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2290         (CppFrontendDispatcherHeaderGenerator.generate_output):
2291         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2292         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2293         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2294         (CppProtocolTypesHeaderGenerator.generate_output):
2295         (_generate_class_for_object_declaration):
2296         (_generate_unchecked_setter_for_member):
2297         (_generate_forward_declarations_for_binding_traits):
2298         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2299         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2300         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2301         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2302         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2303         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2304         (ObjCProtocolTypesImplementationGenerator.generate_output):
2305         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2306         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2307         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2308         * inspector/scripts/tests/expected/enum-values.json-result:
2309         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2310         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2311         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2312         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2313         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2314         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2315         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2316         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2317         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2318         * replay/EncodedValue.cpp:
2319         (JSC::EncodedValue::asObject):
2320         (JSC::EncodedValue::asArray):
2321         (JSC::EncodedValue::put<EncodedValue>):
2322         (JSC::EncodedValue::append<EncodedValue>):
2323         (JSC::EncodedValue::get<EncodedValue>):
2324         * replay/EncodedValue.h:
2325         * replay/scripts/CodeGeneratorReplayInputs.py:
2326         (Type.borrow_type):
2327         (Type.argument_type):
2328         (Generator.generate_member_move_expression):
2329         * runtime/ConsoleClient.cpp:
2330         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2331         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2332         (JSC::ConsoleClient::logWithLevel):
2333         (JSC::ConsoleClient::clear):
2334         (JSC::ConsoleClient::dir):
2335         (JSC::ConsoleClient::dirXML):
2336         (JSC::ConsoleClient::table):
2337         (JSC::ConsoleClient::trace):
2338         (JSC::ConsoleClient::assertCondition):
2339         (JSC::ConsoleClient::group):
2340         (JSC::ConsoleClient::groupCollapsed):
2341         (JSC::ConsoleClient::groupEnd):
2342         * runtime/ConsoleClient.h:
2343         * runtime/TypeSet.cpp:
2344         (JSC::TypeSet::allStructureRepresentations):
2345         (JSC::TypeSet::inspectorTypeSet):
2346         (JSC::StructureShape::inspectorRepresentation):
2347         * runtime/TypeSet.h:
2348
2349 2015-01-07  Commit Queue  <commit-queue@webkit.org>
2350
2351         Unreviewed, rolling out r178039.
2352         https://bugs.webkit.org/show_bug.cgi?id=140187
2353
2354         Breaks ObjC Inspector Protocol (Requested by JoePeck on
2355         #webkit).
2356
2357         Reverted changeset:
2358
2359         "Web Inspector: purge PassRefPtr from Inspector code and use
2360         Ref for typed and untyped protocol objects"
2361         https://bugs.webkit.org/show_bug.cgi?id=140053
2362         http://trac.webkit.org/changeset/178039
2363
2364 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
2365
2366         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
2367         https://bugs.webkit.org/show_bug.cgi?id=140053
2368
2369         Reviewed by Andreas Kling.
2370
2371         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
2372         related to Web Inspector. It also converts many uses of RefPtr to Ref where
2373         references are always non-null. These two refactorings have been combined since
2374         they tend to require similar changes to the code.
2375
2376         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
2377         have been updated to take a Ref instead of RefPtr.
2378
2379         Builders for typed protocol objects now return a Ref. Since there is no implicit
2380         call to operator&, callsites now must explicitly call .release() to convert a
2381         builder object into the corresponding protocol object once required fields are set.
2382         Update callsites and use auto to eliminate repetition of longwinded protocol types.
2383
2384         Tests for inspector protocol and replay inputs have been rebaselined.
2385
2386         * bindings/ScriptValue.cpp:
2387         (Deprecated::jsToInspectorValue):
2388         (Deprecated::ScriptValue::toInspectorValue):
2389         * bindings/ScriptValue.h:
2390         * inspector/ConsoleMessage.cpp:
2391         (Inspector::ConsoleMessage::addToFrontend):
2392         * inspector/ContentSearchUtilities.cpp:
2393         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2394         (Inspector::ContentSearchUtilities::searchInTextByLines):
2395         * inspector/ContentSearchUtilities.h:
2396         * inspector/InjectedScript.cpp:
2397         (Inspector::InjectedScript::getFunctionDetails):
2398         (Inspector::InjectedScript::getProperties):
2399         (Inspector::InjectedScript::getInternalProperties):
2400         (Inspector::InjectedScript::wrapCallFrames):
2401         (Inspector::InjectedScript::wrapObject):
2402         (Inspector::InjectedScript::wrapTable):
2403         * inspector/InjectedScript.h:
2404         * inspector/InjectedScriptBase.cpp:
2405         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
2406         * inspector/InspectorBackendDispatcher.cpp:
2407         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
2408         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
2409         (Inspector::InspectorBackendDispatcher::create):
2410         (Inspector::InspectorBackendDispatcher::dispatch):
2411         (Inspector::InspectorBackendDispatcher::sendResponse):
2412         (Inspector::InspectorBackendDispatcher::reportProtocolError):
2413         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
2414         (Inspector::InspectorBackendDispatcher::getInteger):
2415         (Inspector::InspectorBackendDispatcher::getDouble):
2416         (Inspector::InspectorBackendDispatcher::getString):
2417         (Inspector::InspectorBackendDispatcher::getBoolean):
2418         (Inspector::InspectorBackendDispatcher::getObject):
2419         (Inspector::InspectorBackendDispatcher::getArray):
2420         (Inspector::InspectorBackendDispatcher::getValue):
2421         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
2422         protocol error strings.
2423         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
2424         Convert the supplemental dispatcher's reference to Ref since it is never null.
2425         * inspector/InspectorEnvironment.h:
2426         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
2427         StructItemTraits. Add more versions of addItem to handle pushing various types.
2428         (Inspector::Protocol::Array::openAccessors):
2429         (Inspector::Protocol::Array::addItem):
2430         (Inspector::Protocol::Array::create):
2431         (Inspector::Protocol::StructItemTraits::push):
2432         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
2433         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
2434         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
2435         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
2436         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
2437         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
2438         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
2439         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
2440         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
2441         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
2442         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
2443         the same call signature as other getters. Use Ref where possible.
2444         (Inspector::InspectorObjectBase::getBoolean):
2445         (Inspector::InspectorObjectBase::getString):
2446         (Inspector::InspectorObjectBase::getObject):
2447         (Inspector::InspectorObjectBase::getArray):
2448         (Inspector::InspectorObjectBase::getValue):
2449         (Inspector::InspectorObjectBase::writeJSON):
2450         (Inspector::InspectorArrayBase::get):
2451         (Inspector::InspectorObject::create):
2452         (Inspector::InspectorArray::create):
2453         (Inspector::InspectorValue::null):
2454         (Inspector::InspectorString::create):
2455         (Inspector::InspectorBasicValue::create):
2456         (Inspector::InspectorObjectBase::get): Deleted.
2457         * inspector/InspectorValues.h:
2458         (Inspector::InspectorObjectBase::setValue):
2459         (Inspector::InspectorObjectBase::setObject):
2460         (Inspector::InspectorObjectBase::setArray):
2461         (Inspector::InspectorArrayBase::pushValue):
2462         (Inspector::InspectorArrayBase::pushObject):
2463         (Inspector::InspectorArrayBase::pushArray):
2464         * inspector/JSGlobalObjectConsoleClient.cpp:
2465         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
2466         (Inspector::JSGlobalObjectConsoleClient::count):
2467         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
2468         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
2469         * inspector/JSGlobalObjectConsoleClient.h:
2470         * inspector/JSGlobalObjectInspectorController.cpp:
2471         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2472         * inspector/JSGlobalObjectInspectorController.h:
2473         * inspector/ScriptCallFrame.cpp:
2474         (Inspector::ScriptCallFrame::buildInspectorObject):
2475         * inspector/ScriptCallFrame.h:
2476         * inspector/ScriptCallStack.cpp:
2477         (Inspector::ScriptCallStack::create):
2478         (Inspector::ScriptCallStack::buildInspectorArray):
2479         * inspector/ScriptCallStack.h:
2480         * inspector/agents/InspectorAgent.cpp:
2481         (Inspector::InspectorAgent::enable):
2482         (Inspector::InspectorAgent::inspect):
2483         (Inspector::InspectorAgent::activateExtraDomain):
2484         * inspector/agents/InspectorAgent.h:
2485         * inspector/agents/InspectorDebuggerAgent.cpp:
2486         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
2487         (Inspector::buildObjectForBreakpointCookie):
2488         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
2489         (Inspector::InspectorDebuggerAgent::setBreakpoint):
2490         (Inspector::InspectorDebuggerAgent::continueToLocation):
2491         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
2492         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2493         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
2494         (Inspector::InspectorDebuggerAgent::currentCallFrames):
2495         (Inspector::InspectorDebuggerAgent::didParseSource):
2496         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2497         (Inspector::InspectorDebuggerAgent::breakProgram):
2498         * inspector/agents/InspectorDebuggerAgent.h:
2499         * inspector/agents/InspectorRuntimeAgent.cpp:
2500         (Inspector::buildErrorRangeObject):
2501         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2502         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2503         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2504         * inspector/agents/InspectorRuntimeAgent.h:
2505         * inspector/scripts/codegen/cpp_generator.py:
2506         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
2507         (CppGenerator.cpp_type_for_type_with_name):
2508         (CppGenerator.cpp_type_for_formal_async_parameter):
2509         (CppGenerator.should_use_references_for_type):
2510         (CppGenerator):
2511         * inspector/scripts/codegen/cpp_generator_templates.py:
2512         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
2513         (CppBackendDispatcherHeaderGenerator.generate_output):
2514         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2515         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
2516         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2517         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2518         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2519         (CppFrontendDispatcherHeaderGenerator.generate_output):
2520         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2521         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2522         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2523         (CppProtocolTypesHeaderGenerator.generate_output):
2524         (_generate_class_for_object_declaration):
2525         (_generate_unchecked_setter_for_member):
2526         (_generate_forward_declarations_for_binding_traits):
2527         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2528         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2529         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2530         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2531         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2532         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2533         (ObjCProtocolTypesImplementationGenerator.generate_output):
2534         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2535         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2536         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2537         * inspector/scripts/tests/expected/enum-values.json-result:
2538         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2539         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2540         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2541         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2542         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2543         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2544         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2545         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2546         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2547         * replay/EncodedValue.cpp:
2548         (JSC::EncodedValue::asObject):
2549         (JSC::EncodedValue::asArray):
2550         (JSC::EncodedValue::put<EncodedValue>):
2551         (JSC::EncodedValue::append<EncodedValue>):
2552         (JSC::EncodedValue::get<EncodedValue>):
2553         * replay/EncodedValue.h:
2554         * replay/scripts/CodeGeneratorReplayInputs.py:
2555         (Type.borrow_type):
2556         (Type.argument_type):
2557         (Generator.generate_member_move_expression):
2558         * runtime/ConsoleClient.cpp:
2559         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2560         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2561         (JSC::ConsoleClient::logWithLevel):
2562         (JSC::ConsoleClient::clear):
2563         (JSC::ConsoleClient::dir):
2564         (JSC::ConsoleClient::dirXML):
2565         (JSC::ConsoleClient::table):
2566         (JSC::ConsoleClient::trace):
2567         (JSC::ConsoleClient::assertCondition):
2568         (JSC::ConsoleClient::group):
2569         (JSC::ConsoleClient::groupCollapsed):
2570         (JSC::ConsoleClient::groupEnd):
2571         * runtime/ConsoleClient.h:
2572         * runtime/TypeSet.cpp:
2573         (JSC::TypeSet::allStructureRepresentations):
2574         (JSC::TypeSet::inspectorTypeSet):
2575         (JSC::StructureShape::inspectorRepresentation):
2576         * runtime/TypeSet.h:
2577
2578 2015-01-06  Chris Dumez  <cdumez@apple.com>
2579
2580         Drop ResourceResponseBase::connectionID and connectionReused members
2581         https://bugs.webkit.org/show_bug.cgi?id=140158
2582
2583         Reviewed by Sam Weinig.
2584
2585         Drop ResourceResponseBase::connectionID and connectionReused members.
2586         Those were needed by the Chromium port but are no longer used.
2587
2588         * inspector/protocol/Network.json:
2589
2590 2015-01-06  Mark Lam  <mark.lam@apple.com>
2591
2592         Add the lexicalEnvironment as an operand to op_create_arguments.
2593         <https://webkit.org/b/140148>
2594
2595         Reviewed by Geoffrey Garen.
2596
2597         This patch only adds the operand to the bytecode.  It is not in use yet.
2598
2599         * bytecode/BytecodeList.json:
2600         * bytecode/BytecodeUseDef.h:
2601         (JSC::computeUsesForBytecodeOffset):
2602         * bytecode/CodeBlock.cpp:
2603         (JSC::CodeBlock::dumpBytecode):
2604         * bytecompiler/BytecodeGenerator.cpp:
2605         (JSC::BytecodeGenerator::BytecodeGenerator):
2606         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2607         - Adds the lexicalEnvironment register (if present) as an operand to
2608           op_create_arguments.  Else, adds a constant empty JSValue.
2609         * llint/LowLevelInterpreter32_64.asm:
2610         * llint/LowLevelInterpreter64.asm:
2611
2612 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
2613
2614         ADDRESS_SANITIZER macro is overloaded
2615         https://bugs.webkit.org/show_bug.cgi?id=140130
2616
2617         Reviewed by Anders Carlsson.
2618
2619         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
2620         This code is nearly unused (only compiled in when JIT is disabled at build time),
2621         however I've been told that it's best to keep it.
2622
2623 2015-01-06  Mark Lam  <mark.lam@apple.com>
2624
2625         Fix Use details for op_create_arguments.
2626         <https://webkit.org/b/140110>
2627
2628         Rubber stamped by Filip Pizlo.
2629
2630         The previous patch was wrong about op_create_arguments not using its 1st operand.
2631         It does read from it (hence, used) to check if the Arguments object has already
2632         been created or not.  This patch reverts the change for op_create_arguments.
2633
2634         * bytecode/BytecodeUseDef.h:
2635         (JSC::computeUsesForBytecodeOffset):
2636
2637 2015-01-06  Mark Lam  <mark.lam@apple.com>
2638
2639         Fix Use details for op_create_lexical_environment and op_create_arguments.
2640         <https://webkit.org/b/140110>
2641
2642         Reviewed by Filip Pizlo.
2643
2644         The current "Use" details for op_create_lexical_environment and
2645         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
2646         1st operand (the output local).  op_create_lexical_environment uses its 2nd
2647         operand (the scope chain) instead of the 1st (the output local).
2648         This patch fixes them to specify the proper uses.
2649
2650         * bytecode/BytecodeUseDef.h:
2651         (JSC::computeUsesForBytecodeOffset):
2652
2653 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2654
2655         Implement ES6 String.prototype.repeat(count)
2656         https://bugs.webkit.org/show_bug.cgi?id=140047
2657
2658         Reviewed by Darin Adler.
2659
2660         Introducing ES6 String.prototype.repeat(count) function.
2661
2662         * runtime/JSString.h:
2663         * runtime/StringPrototype.cpp:
2664         (JSC::StringPrototype::finishCreation):
2665         (JSC::repeatSmallString):
2666         (JSC::stringProtoFuncRepeat):
2667
2668 2015-01-03  Michael Saboff  <msaboff@apple.com>
2669
2670         Crash in operationNewFunction when scrolling on Google+
2671         https://bugs.webkit.org/show_bug.cgi?id=140033
2672
2673         Reviewed by Oliver Hunt.
2674
2675         In DFG code, the scope register can be eliminated because all uses have been
2676         dead code eliminated.  In the case where one of the uses was creating a function
2677         that is never used, the baseline code will still create the function.  If we OSR
2678         exit to a path where that function gets created, check the scope register value
2679         and set the new, but dead, function to undefined instead of creating a new function.
2680
2681         * jit/JITOpcodes.cpp:
2682         (JSC::JIT::emit_op_new_func_exp):
2683
2684 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2685
2686         String includes methods perform toString on searchString before toInt32 on a offset
2687         https://bugs.webkit.org/show_bug.cgi?id=140031
2688
2689         Reviewed by Darin Adler.
2690
2691         * runtime/StringPrototype.cpp:
2692         (JSC::stringProtoFuncStartsWith):
2693         (JSC::stringProtoFuncEndsWith):
2694         (JSC::stringProtoFuncIncludes):
2695
2696 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2697
2698         Change to return std::unique_ptr<> in fooCreate()
2699         https://bugs.webkit.org/show_bug.cgi?id=139983
2700
2701         Reviewed by Darin Adler.
2702
2703         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2704
2705         * create_regex_tables:
2706         * yarr/YarrPattern.h:
2707         (JSC::Yarr::YarrPattern::reset):
2708         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2709         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2710         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2711         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2712         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2713         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2714         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2715
2716 2015-01-01  Jeff Miller  <jeffm@apple.com>
2717
2718         Update user-visible copyright strings to include 2015
2719         https://bugs.webkit.org/show_bug.cgi?id=139880
2720
2721         Reviewed by Darin Adler.
2722
2723         * Info.plist:
2724
2725 2015-01-01  Darin Adler  <darin@apple.com>
2726
2727         We often misspell identifier as "identifer"
2728         https://bugs.webkit.org/show_bug.cgi?id=140025
2729
2730         Reviewed by Michael Saboff.
2731
2732         * runtime/ArrayConventions.h: Fix it.
2733
2734 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2735
2736         Move JavaScriptCore/yarr to std::unique_ptr
2737         https://bugs.webkit.org/show_bug.cgi?id=139621
2738
2739         Reviewed by Anders Carlsson.
2740
2741         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2742
2743         * yarr/YarrInterpreter.cpp:
2744         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2745         * yarr/YarrInterpreter.h:
2746         (JSC::Yarr::BytecodePattern::BytecodePattern):
2747         * yarr/YarrJIT.cpp:
2748         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2749         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2750         (JSC::Yarr::YarrGenerator::opCompileBody):
2751         * yarr/YarrPattern.cpp:
2752         (JSC::Yarr::CharacterClassConstructor::charClass):
2753         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2754         (JSC::Yarr::YarrPatternConstructor::reset):
2755         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2756         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2757         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2758         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2759         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2760         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2761         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2762         * yarr/YarrPattern.h:
2763         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2764         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2765         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2766         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2767         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2768         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2769         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2770         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2771
2772 2014-12-26  Dan Bernstein  <mitz@apple.com>
2773
2774         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2775         https://bugs.webkit.org/show_bug.cgi?id=139950
2776
2777         Reviewed by David Kilzer.
2778
2779         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2780         in a manner that works with Xcode 5.1.1.
2781
2782 2014-12-22  Mark Lam  <mark.lam@apple.com>
2783
2784         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2785         <https://webkit.org/b/139892>
2786
2787         Reviewed by Michael Saboff.
2788
2789         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2790         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2791         This patch changes it to use the helper function consistently.
2792
2793         * jit/JITOperations.cpp:
2794
2795 2014-12-22  Mark Lam  <mark.lam@apple.com>
2796
2797         Fix some typos in a comment.
2798         <https://webkit.org/b/139882>
2799
2800         Reviewed by Michael Saboff.
2801
2802         * jit/JITPropertyAccess.cpp:
2803         (JSC::JIT::emit_op_get_by_val):
2804
2805 2014-12-22  Mark Lam  <mark.lam@apple.com>
2806
2807         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2808         <https://webkit.org/b/138118>
2809
2810         Reviewed by Michael Saboff.
2811
2812         * runtime/JSObject.cpp:
2813         (JSC::JSObject::convertInt32ToArrayStorage):
2814         (JSC::JSObject::convertDoubleToArrayStorage):
2815         (JSC::JSObject::convertContiguousToArrayStorage):
2816
2817 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2818
2819         [iOS] add optimized fullscreen API
2820         https://bugs.webkit.org/show_bug.cgi?id=139833
2821         <rdar://problem/18844486>
2822
2823         Reviewed by Simon Fraser.
2824
2825         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2826
2827 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2828
2829         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2830         <http://webkit.org/b/139463>
2831
2832         Reviewed by Mark Rowe.
2833
2834         * Configurations/JavaScriptCore.xcconfig:
2835         - Simplify SECTORDER_FLAGS.
2836
2837 2014-12-19  Andreas Kling  <akling@apple.com>
2838
2839         Plug leak below LLVMCopyStringRepOfTargetData().
2840         <https://webkit.org/b/139832>
2841
2842         Reviewed by Michael Saboff.
2843
2844         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2845         to free() it after we're done using it.
2846
2847         * ftl/FTLCompile.cpp:
2848         (JSC::FTL::mmAllocateDataSection):
2849
2850 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2851
2852         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2853         https://bugs.webkit.org/show_bug.cgi?id=139797
2854
2855         Reviewed by Mark Lam.
2856
2857         * debugger/Debugger.h:
2858         * debugger/Debugger.cpp:
2859         (JSC::Debugger::isAttached):
2860         Check if we are the debugger for a particular global object.
2861         (JSC::Debugger::pauseIfNeeded):
2862         Pass the global object on when hitting a brekapoint.
2863
2864         * inspector/ScriptDebugServer.h:
2865         * inspector/ScriptDebugServer.cpp:
2866         (Inspector::ScriptDebugServer::handleBreakpointHit):
2867         Stop evaluting breakpoint actions if a previous action caused the
2868         debugger to detach from this global object.
2869         (Inspector::ScriptDebugServer::handlePause):
2870         Standardize on passing JSGlobalObject parameter first.
2871
2872 2014-12-19  Mark Lam  <mark.lam@apple.com>
2873
2874         [Win] Endless compiler warnings created by DFGEdge.h.
2875         <https://webkit.org/b/139801>
2876
2877         Reviewed by Brent Fulgham.
2878
2879         Add a cast to fix the type just the way the 64-bit version does.
2880
2881         * dfg/DFGEdge.h:
2882         (JSC::DFG::Edge::makeWord):
2883
2884 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2885
2886         Unreviewed, rolling out r177574.
2887         https://bugs.webkit.org/show_bug.cgi?id=139821
2888
2889         "Broke Production builds by installing
2890         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2891         by ddkilzer on #webkit).
2892
2893         Reverted changeset:
2894
2895         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2896         WebInspectorUI, WebKit, WebKit2"
2897         https://bugs.webkit.org/show_bug.cgi?id=139463
2898         http://trac.webkit.org/changeset/177574
2899
2900 2014-12-19  Michael Saboff  <msaboff@apple.com>
2901
2902         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2903         https://bugs.webkit.org/show_bug.cgi?id=139808
2904
2905         Reviewed by Oliver Hunt.
2906
2907         There are three changes here.
2908         1) Create a VariableWatchpointSet for captured arguments variables.
2909         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2910         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2911
2912         * bytecompiler/BytecodeGenerator.cpp:
2913         (JSC::BytecodeGenerator::BytecodeGenerator):
2914         * llint/LowLevelInterpreter32_64.asm:
2915         * llint/LowLevelInterpreter64.asm:
2916
2917 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2918
2919         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2920         <http://webkit.org/b/139463>
2921
2922         Reviewed by Mark Rowe.
2923
2924         * Configurations/JavaScriptCore.xcconfig:
2925         - Simplify SECTORDER_FLAGS.
2926
2927 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2928
2929         Unreviewed build fix.
2930
2931         * jsc.cpp: Remove typo.
2932
2933 2014-12-17  Michael Saboff  <msaboff@apple.com>
2934
2935         Tests with infinite recursion frequently crash
2936         https://bugs.webkit.org/show_bug.cgi?id=139548
2937
2938         Reviewed by Geoffrey Garen.
2939
2940         While unwinding, if the call frame doesn't have a codeblock, then we
2941         are in native code, handle appropriately.
2942
2943         * interpreter/Interpreter.cpp:
2944         (JSC::unwindCallFrame):
2945         (JSC::UnwindFunctor::operator()):
2946         Added checks for null CodeBlock.
2947
2948         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2949
2950 2014-12-17  Chris Dumez  <cdumez@apple.com>
2951
2952         [iOS] Make it possible to toggle FeatureCounter support at runtime
2953         https://bugs.webkit.org/show_bug.cgi?id=139688
2954         <rdar://problem/19266254>
2955
2956         Reviewed by Andreas Kling.
2957
2958         Stop linking against AppSupport framework as the functionality is no
2959         longer in WTF (it was moved to WebCore).
2960
2961         * Configurations/JavaScriptCore.xcconfig:
2962
2963 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2964
2965         [Win] Correct DebugSuffix builds under MSBuild
2966         https://bugs.webkit.org/show_bug.cgi?id=139733
2967         <rdar://problem/19276880>
2968
2969         Reviewed by Simon Fraser.
2970
2971         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2972         '_debug' suffix when building the DebugSuffix target.
2973
2974 2014-12-16  Enrica Casucci  <enrica@apple.com>
2975
2976         Fix iOS builders for 8.0
2977         https://bugs.webkit.org/show_bug.cgi?id=139495
2978
2979         Reviewed by Michael Saboff.
2980
2981         * Configurations/LLVMForJSC.xcconfig:
2982         * llvm/library/LLVMExports.cpp:
2983         (initializeAndGetJSCLLVMAPI):
2984
2985 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2986
2987         Unreviewed, rolling out r177380.
2988         https://bugs.webkit.org/show_bug.cgi?id=139707
2989
2990         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2991         msaboff_ on #webkit).
2992
2993         Reverted changeset:
2994
2995         "Fixes operationPutByIdOptimizes such that they check that the
2996         put didn't"
2997         https://bugs.webkit.org/show_bug.cgi?id=139500
2998         http://trac.webkit.org/changeset/177380
2999
3000 2014-12-16  Matthew Mirman  <mmirman@apple.com>
3001
3002         Fixes operationPutByIdOptimizes such that they check that the put didn't
3003         change the structure of the object who's property access is being
3004         cached.
3005         https://bugs.webkit.org/show_bug.cgi?id=139500
3006
3007         Reviewed by Geoffrey Garen.
3008
3009         * jit/JITOperations.cpp:
3010         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
3011         (JSC::operationPutByIdNonStrictOptimize): ditto.
3012         (JSC::operationPutByIdDirectStrictOptimize): ditto.
3013         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
3014         * jit/Repatch.cpp:
3015         (JSC::tryCachePutByID): Added argument for the old structure
3016         (JSC::repatchPutByID): Added argument for the old structure
3017         * jit/Repatch.h:
3018         * tests/stress/put-by-id-build-list-order-recurse.js: 
3019         Added test that fails without this patch.
3020
3021 2014-12-15  Chris Dumez  <cdumez@apple.com>
3022
3023         [iOS] Add feature counting support
3024         https://bugs.webkit.org/show_bug.cgi?id=139652
3025         <rdar://problem/19255690>
3026
3027         Reviewed by Gavin Barraclough.
3028
3029         Link against AppSupport framework on iOS as we need it to implement
3030         the new FeatureCounter API in WTF.
3031
3032         * Configurations/JavaScriptCore.xcconfig:
3033
3034 2014-12-15  Commit Queue  <commit-queue@webkit.org>
3035
3036         Unreviewed, rolling out r177284.
3037         https://bugs.webkit.org/show_bug.cgi?id=139658
3038
3039         "Breaks API tests and LayoutTests on Yosemite Debug"
3040         (Requested by msaboff on #webkit).
3041
3042         Reverted changeset:
3043
3044         "Make sure range based iteration of Vector<> still receives
3045         bounds checking"
3046         https://bugs.webkit.org/show_bug.cgi?id=138821
3047         http://trac.webkit.org/changeset/177284
3048
3049 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
3050
3051         [EFL] FTL JIT not working on ARM64
3052         https://bugs.webkit.org/show_bug.cgi?id=139295
3053
3054         Reviewed by Michael Saboff.
3055
3056         Added the missing code for stack unwinding and some additional small fixes
3057         to get FTL working correctly.
3058
3059         * ftl/FTLCompile.cpp:
3060         (JSC::FTL::mmAllocateDataSection):
3061         * ftl/FTLUnwindInfo.cpp:
3062         (JSC::FTL::UnwindInfo::parse):
3063
3064 2014-12-15  Oliver Hunt  <oliver@apple.com>
3065
3066         Make sure range based iteration of Vector<> still receives bounds checking
3067         https://bugs.webkit.org/show_bug.cgi?id=138821
3068
3069         Reviewed by Mark Lam.
3070
3071         Update code to deal with slightly changed iterator semantics.
3072
3073         * bytecode/UnlinkedCodeBlock.cpp:
3074         (JSC::UnlinkedCodeBlock::visitChildren):
3075         * bytecompiler/BytecodeGenerator.cpp:
3076         (JSC::BytecodeGenerator::emitComplexPopScopes):
3077         * dfg/DFGSpeculativeJIT.cpp:
3078         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
3079         * ftl/FTLAbbreviations.h:
3080         (JSC::FTL::mdNode):
3081         (JSC::FTL::buildCall):
3082         * llint/LLIntData.cpp:
3083         (JSC::LLInt::Data::performAssertions):
3084         * parser/Parser.h:
3085         (JSC::Scope::Scope):
3086         * runtime/JSArray.cpp:
3087         (JSC::JSArray::setLengthWithArrayStorage):
3088         (JSC::JSArray::sortCompactedVector):
3089         * tools/ProfileTreeNode.h:
3090         (JSC::ProfileTreeNode::dumpInternal):
3091         * yarr/YarrJIT.cpp:
3092         (JSC::Yarr::YarrGenerator::matchCharacterClass):
3093
3094 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
3095
3096         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
3097         https://bugs.webkit.org/show_bug.cgi?id=139630
3098
3099         Reviewed by Oliver Hunt.
3100         
3101         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
3102         comments that reconstruct my reasoning about this code. I had to work hard to remember how
3103         deferral worked so I wrote my discoveries down.
3104
3105         * dfg/DFGInsertionSet.h:
3106         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
3107         * dfg/DFGPutLocalSinkingPhase.cpp:
3108         * tests/stress/put-local-conservative.js: Added.
3109         (foo):
3110         (.result):
3111         (bar):
3112
3113 2014-12-14  Andreas Kling  <akling@apple.com>
3114
3115         Replace PassRef with Ref/Ref&& across the board.
3116         <https://webkit.org/b/139587>
3117
3118         Reviewed by Darin Adler.
3119
3120         * runtime/Identifier.cpp:
3121         (JSC::Identifier::add):
3122         (JSC::Identifier::add8):
3123         * runtime/Identifier.h:
3124         (JSC::Identifier::add):
3125         * runtime/IdentifierInlines.h:
3126         (JSC::Identifier::add):
3127
3128 2014-12-12  Matthew Mirman  <mmirman@apple.com>
3129
3130         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
3131         https://bugs.webkit.org/show_bug.cgi?id=139598
3132         <rdar://problem/18779367>
3133
3134         Reviewed by Filip Pizlo.
3135
3136         * runtime/JSArray.cpp:
3137         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
3138         * tests/stress/sparse_splice.js: Added.
3139
3140 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3141
3142         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
3143         https://bugs.webkit.org/show_bug.cgi?id=139532
3144
3145         Reviewed by Mark Lam.
3146
3147         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
3148
3149         * builtins/BuiltinExecutables.h:
3150         * bytecode/CodeBlock.h:
3151         * bytecode/UnlinkedCodeBlock.cpp:
3152         (JSC::generateFunctionCodeBlock):
3153         * ftl/FTLAbstractHeap.cpp:
3154         (JSC::FTL::IndexedAbstractHeap::atSlow):
3155         * ftl/FTLAbstractHeap.h:
3156         * ftl/FTLCompile.cpp:
3157         (JSC::FTL::mmAllocateDataSection):
3158         * ftl/FTLJITFinalizer.h:
3159         * jsc.cpp:
3160         (jscmain):
3161         * parser/Lexer.h:
3162         * runtime/PropertyMapHashTable.h:
3163         (JSC::PropertyTable::clearDeletedOffsets):
3164         (JSC::PropertyTable::addDeletedOffset):
3165         * runtime/PropertyTable.cpp:
3166         (JSC::PropertyTable::PropertyTable):
3167         * runtime/RegExpObject.cpp:
3168         * runtime/SmallStrings.cpp:
3169         * runtime/Structure.cpp:
3170         * runtime/StructureIDTable.cpp:
3171         (JSC::StructureIDTable::StructureIDTable):
3172         (JSC::StructureIDTable::resize):
3173         * runtime/StructureIDTable.h:
3174         * runtime/StructureTransitionTable.h:
3175         * runtime/VM.cpp:
3176         (JSC::VM::VM):
3177         (JSC::VM::~VM):
3178         * runtime/VM.h:
3179         * tools/CodeProfile.h:
3180         (JSC::CodeProfile::CodeProfile):
3181         (JSC::CodeProfile::addChild):
3182
3183 2014-12-11  Dan Bernstein  <mitz@apple.com>
3184
3185         iOS Simulator production build fix.
3186
3187         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
3188         Simulator, as we did prior to 177027.
3189
3190 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
3191
3192         Explicitly export somre more RWIProtocol classes.
3193         rdar://problem/19220408
3194
3195         Unreviewed build fix.
3196
3197         * inspector/scripts/codegen/generate_objc_configuration_header.py:
3198         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
3199         * inspector/scripts/codegen/generate_objc_header.py:
3200         (ObjCHeaderGenerator._generate_event_interfaces):
3201         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3202         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3203         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
3204         * inspector/scripts/tests/expected/enum-values.json-result:
3205         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3206         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3207         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
3208         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3209         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
3210         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
3211         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
3212         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3213         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3214
3215 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
3216
3217         Explicitly export some RWIProtocol classes
3218         rdar://problem/19220408
3219
3220         * inspector/scripts/codegen/generate_objc_header.py:
3221         (ObjCHeaderGenerator._generate_type_interface):
3222         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
3223         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
3224         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
3225         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
3226         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
3227         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
3228         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
3229
3230 2014-12-11  Mark Lam  <mark.lam@apple.com>
3231
3232         Fix broken build after r177146.
3233         https://bugs.webkit.org/show_bug.cgi?id=139533 
3234
3235         Not reviewed.
3236
3237         * interpreter/CallFrame.h:
3238         (JSC::ExecState::init):
3239         - Restored CallFrame::init() minus the unused JSScope* arg.
3240         * runtime/JSGlobalObject.cpp:
3241         (JSC::JSGlobalObject::init):
3242         - Remove JSScope* arg when calling CallFrame::init().
3243
3244 2014-12-11  Michael Saboff  <msaboff@apple.com>
3245
3246         REGRESSION: Use of undefined CallFrame::ScopeChain value
3247         https://bugs.webkit.org/show_bug.cgi?id=139533
3248
3249         Reviewed by Mark Lam.
3250
3251         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
3252         all usages of these funcitons.  In some cases the scope is passed in or determined
3253         another way.  In some cases the scope is used to calculate other values.  Lastly
3254         were places where these functions where used that are no longer needed.  For
3255         example when making a call, the caller's ScopeChain was copied to the callee's
3256         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
3257         That slot will be removed in a future patch.
3258
3259         * dfg/DFGByteCodeParser.cpp:
3260         (JSC::DFG::ByteCodeParser::parseBlock):
3261         * dfg/DFGSpeculativeJIT32_64.cpp:
3262         (JSC::DFG::SpeculativeJIT::compile):
3263         * dfg/DFGSpeculativeJIT64.cpp:
3264         (JSC::DFG::SpeculativeJIT::compile):
3265         * dfg/DFGSpeculativeJIT.h:
3266         (JSC::DFG::SpeculativeJIT::callOperation):
3267         * jit/JIT.h:
3268         * jit/JITInlines.h:
3269         (JSC::JIT::callOperation):
3270         * runtime/JSLexicalEnvironment.h:
3271         (JSC::JSLexicalEnvironment::create):
3272         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
3273         * jit/JITOpcodes.cpp:
3274         (JSC::JIT::emit_op_create_lexical_environment):
3275         * jit/JITOpcodes32_64.cpp:
3276         (JSC::JIT::emit_op_create_lexical_environment):
3277         * jit/JITOperations.cpp:
3278         * jit/JITOperations.h:
3279         * llint/LLIntSlowPaths.cpp:
3280         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3281         (JSC::LLInt::handleHostCall):
3282         (JSC::LLInt::setUpCall):
3283         (JSC::LLInt::llint_throw_stack_overflow_error):
3284         Pass the current scope value to the helper operationCreateActivation() and
3285         the call to JSLexicalEnvironment::create() instead of using the stack frame
3286         scope chain value.
3287
3288         * dfg/DFGFixupPhase.cpp:
3289         (JSC::DFG::FixupPhase::fixupNode):
3290         CreateActivation now has a second child, the scope.
3291
3292         * interpreter/CallFrame.h:
3293         (JSC::ExecState::init): Deleted.  This is dead code.
3294         (JSC::ExecState::scope): Deleted.
3295         (JSC::ExecState::setScope): Deleted.
3296
3297         * interpreter/Interpreter.cpp:
3298         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
3299         chain slot.  
3300         
3301         (JSC::Interpreter::execute):
3302         (JSC::Interpreter::executeCall):
3303         (JSC::Interpreter::executeConstruct):
3304         Changed process to find JSScope values on the stack or by some other means.
3305
3306         * runtime/JSWithScope.h:
3307         (JSC::JSWithScope::JSWithScope): Deleted.
3308         Eliminated unused constructor.
3309
3310         * runtime/StrictEvalActivation.cpp:
3311         (JSC::StrictEvalActivation::StrictEvalActivation):
3312         * runtime/StrictEvalActivation.h:
3313         (JSC::StrictEvalActivation::create):
3314         Changed to pass in the current scope.
3315
3316 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3317
3318         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
3319         https://bugs.webkit.org/show_bug.cgi?id=139351
3320
3321         Reviewed by Filip Pizlo.
3322
3323         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
3324
3325         * bytecode/SamplingTool.h:
3326         (JSC::SamplingTool::SamplingTool):
3327         * heap/CopiedBlock.h:
3328         (JSC::CopiedBlock::didSurviveGC):
3329         (JSC::CopiedBlock::pin):
3330         * heap/CopiedBlockInlines.h:
3331         (JSC::CopiedBlock::reportLiveBytes):
3332         * heap/GCActivityCallback.h:
3333         * heap/GCThread.cpp:
3334         * heap/Heap.h:
3335         * heap/HeapInlines.h:
3336         (JSC::Heap::markListSet):
3337         * jit/ExecutableAllocator.cpp:
3338         * jit/JIT.cpp:
3339         (JSC::JIT::privateCompile):
3340         * jit/JIT.h:
3341         * jit/JITThunks.cpp:
3342         (JSC::JITThunks::JITThunks):
3343         (JSC::JITThunks::clearHostFunctionStubs):
3344         * jit/JITThunks.h:
3345         * parser/Parser.cpp:
3346         (JSC::Parser<LexerType>::Parser):
3347         * parser/Parser.h:
3348         (JSC::Scope::Scope):
3349         (JSC::Scope::pushLabel):
3350         * parser/ParserArena.cpp:
3351         * parser/ParserArena.h:
3352         (JSC::ParserArena::identifierArena):
3353         * parser/SourceProviderCache.h:
3354         * runtime/CodeCache.h:
3355         * runtime/Executable.h:
3356         * runtime/JSArray.cpp:
3357         (JSC::JSArray::sortVector):
3358         * runtime/JSGlobalObject.h:
3359
3360 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
3361
3362         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
3363         https://bugs.webkit.org/show_bug.cgi?id=139501
3364
3365         Reviewed by Gavin Barraclough.
3366
3367         NSVersionOfLinkTimeLibrary only works if you link directly against
3368         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
3369
3370         It's easy enough just to disable this check on Apple TV, since it has no
3371         backwards compatibility requirement.
3372
3373         * API/JSWrapperMap.mm:
3374         (supportsInitMethodConstructors):
3375
3376 2014-12-10  Matthew Mirman  <mmirman@apple.com>
3377
3378         Fixes operationPutByIds such that they check that the put didn't
3379         change the structure of the object who's property access is being
3380         cached.
3381         https://bugs.webkit.org/show_bug.cgi?id=139196
3382
3383         Reviewed by Filip Pizlo.
3384
3385         * jit/JITOperations.cpp:
3386         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3387         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3388         (JSC::operationPutByIdNonStrictBuildList): ditto.
3389         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3390         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3391         * jit/Repatch.cpp:
3392         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3393         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3394         is the same as the new.
3395         (JSC::buildPutByIdList): Added an argument
3396         * jit/Repatch.h: 
3397         (JSC::buildPutByIdList): Added an argument
3398         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3399
3400 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
3401
3402         URTBF after r177030.
3403
3404         Fix linking failure occured on ARM buildbots:
3405         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
3406
3407         * runtime/NullGetterFunction.cpp:
3408
3409 2014-12-09  Michael Saboff  <msaboff@apple.com>
3410
3411         DFG Tries using an inner object's getter/setter when one hasn't been defined
3412         https://bugs.webkit.org/show_bug.cgi?id=139229
3413
3414         Reviewed by Filip Pizlo.
3415
3416         Added a new NullGetterFunction singleton class to use for getters and setters that
3417         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
3418         and createReturnUndefined() methods return undefined.  Changed all null checks of the
3419         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
3420         helper methods.  
3421
3422         * CMakeLists.txt:
3423         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3424         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3425         * JavaScriptCore.xcodeproj/project.pbxproj:
3426         Added NullGetterFunction.cpp & .h to build files.
3427
3428         * dfg/DFGAbstractInterpreterInlines.h:
3429         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3430         * runtime/ObjectPrototype.cpp:
3431         (JSC::objectProtoFuncLookupGetter):
3432         (JSC::objectProtoFuncLookupSetter):
3433         * runtime/PropertyDescriptor.cpp:
3434         (JSC::PropertyDescriptor::setDescriptor):
3435         (JSC::PropertyDescriptor::setAccessorDescriptor):
3436         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
3437         helpers.
3438
3439         * inspector/JSInjectedScriptHostPrototype.cpp:
3440         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
3441         * inspector/JSJavaScriptCallFramePrototype.cpp:
3442         * jit/JITOperations.cpp:
3443         * llint/LLIntSlowPaths.cpp:
3444         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3445         * runtime/JSObject.cpp:
3446         (JSC::JSObject::putIndexedDescriptor):
3447         (JSC::putDescriptor):
3448         (JSC::JSObject::defineOwnNonIndexProperty):
3449         * runtime/MapPrototype.cpp:
3450         (JSC::MapPrototype::finishCreation):
3451         * runtime/SetPrototype.cpp:
3452         (JSC::SetPrototype::finishCreation):
3453         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
3454         and withSetter() to provide a global object.
3455
3456         * runtime/GetterSetter.cpp:
3457         (JSC::GetterSetter::withGetter):
3458         (JSC::GetterSetter::withSetter):
3459         (JSC::callGetter):
3460         (JSC::callSetter):
3461         * runtime/GetterSetter.h:
3462         (JSC::GetterSetter::GetterSetter):
3463         (JSC::GetterSetter::create):
3464         (JSC::GetterSetter::isGetterNull):
3465         (JSC::GetterSetter::isSetterNull):
3466         (JSC::GetterSetter::setGetter):
3467         (JSC::GetterSetter::setSetter):
3468         Changed to use NullGetterFunction for unspecified getters / setters.
3469
3470         * runtime/JSGlobalObject.cpp:
3471         (JSC::JSGlobalObject::init):
3472         (JSC::JSGlobalObject::createThrowTypeError):
3473         (JSC::JSGlobalObject::visitChildren):
3474         * runtime/JSGlobalObject.h:
3475         (JSC::JSGlobalObject::nullGetterFunction):
3476         (JSC::JSGlobalObject::evalFunction):
3477         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
3478         setGetter() and setSetter() to provide a global object.
3479
3480         * runtime/NullGetterFunction.cpp: Added.
3481         (JSC::callReturnUndefined):
3482         (JSC::constructReturnUndefined):
3483         (JSC::NullGetterFunction::getCallData):
3484         (JSC::NullGetterFunction::getConstructData):
3485         * runtime/NullGetterFunction.h: Added.
3486         (JSC::NullGetterFunction::create):
3487         (JSC::NullGetterFunction::createStructure):
3488         (JSC::NullGetterFunction::NullGetterFunction):
3489         New singleton class that returns undefined when called.
3490
3491 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
3492
3493         Re-enable function.arguments
3494         https://bugs.webkit.org/show_bug.cgi?id=139452
3495         <rdar://problem/18848149>
3496
3497         Reviewed by Sam Weinig.
3498
3499         Disabling function.arguments broke a few websites, and we don't have
3500         time right now to work through the details.
3501
3502         I'm re-enabling function.arguments but leaving in the infrastructure
3503         to re-disable it, so we can try this experiment again in the future.
3504
3505         * runtime/Options.h:
3506
3507 2014-12-09  David Kilzer  <ddkilzer@apple.com>
3508
3509         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
3510         <http://webkit.org/b/139212>
3511
3512         Reviewed by Joseph Pecoraro.
3513
3514         * Configurations/Base.xcconfig:
3515         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
3516           on OS X.
3517         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
3518           OS X.
3519         - Set JAVASCRIPTCORE_CONTENTS_DIR and
3520           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
3521
3522         * Configurations/DebugRelease.xcconfig:
3523         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
3524
3525         * Configurations/JSC.xcconfig:
3526         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
3527
3528         * Configurations/JavaScriptCore.xcconfig:
3529         - Set OTHER_LDFLAGS separately for iOS and OS X.
3530         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
3531           Production builds.
3532         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
3533
3534         * Configurations/LLVMForJSC.xcconfig:
3535         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
3536         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
3537           separately for iOS hardware and OS X.
3538         - Fix curly braces in LIBRARY_SEARCH_PATHS.
3539         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
3540           done before this patch.)
3541
3542         * Configurations/ToolExecutable.xcconfig:
3543         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
3544         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
3545         - Add missing newline.
3546
3547         * Configurations/Version.xcconfig:
3548         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
3549
3550 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3551
3552         Fix EFL build fix since r177001
3553         https://bugs.webkit.org/show_bug.cgi?id=139428
3554
3555         Unreviewed, EFL build fix.
3556
3557         Do not inherit duplicated class. ExpressionNode is already
3558         child of ParserArenaFreeable class.
3559
3560         * parser/Nodes.h:
3561
3562 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
3563
3564         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
3565         https://bugs.webkit.org/show_bug.cgi?id=139384
3566
3567         Reviewed by Mark Lam.
3568
3569         Fix Build Warning by using dataLog() function instead of dataLogF() function.
3570
3571         * runtime/ControlFlowProfiler.cpp:
3572         (JSC::ControlFlowProfiler::dumpData):
3573
3574 2014-12-08  Saam Barati  <saambarati1@gmail.com>
3575
3576         Web Inspector: Enable runtime API for JSC's control flow profiler
3577         https://bugs.webkit.org/show_bug.cgi?id=139346
3578
3579         Reviewed by Joseph Pecoraro.
3580
3581         This patch creates an API that the Web Inspector can use
3582         to get information about which basic blocks have exectued
3583         from JSC's control flow profiler.
3584
3585         * inspector/agents/InspectorRuntimeAgent.cpp:
3586         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3587         * inspector/agents/InspectorRuntimeAgent.h:
3588         * inspector/protocol/Runtime.json:
3589
3590 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
3591
3592         Removed some allocation and cruft from the parser
3593         https://bugs.webkit.org/show_bug.cgi?id=139416
3594
3595         Reviewed by Mark Lam.
3596
3597         Now, the only AST nodes that require a destructor are the ones that
3598         relate to pickling a function's arguments -- which will required some
3599         deeper thinking to resolve.
3600
3601         This is a < 1% parser speedup.
3602
3603         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3604         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3605         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
3606         was unused.
3607
3608         * bytecompiler/NodesCodegen.cpp:
3609         (JSC::CommaNode::emitBytecode):
3610         (JSC::SourceElements::lastStatement):
3611         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
3612
3613         * parser/ASTBuilder.h:
3614         (JSC::ASTBuilder::ASTBuilder):
3615         (JSC::ASTBuilder::varDeclarations):
3616         (JSC::ASTBuilder::funcDeclarations):
3617         (JSC::ASTBuilder::createFuncDeclStatement):
3618         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
3619         it wasn't buying us anything. We can just use Vector directly.
3620
3621         (JSC::ASTBuilder::createCommaExpr):
3622         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
3623         of a vector, to avoid allocating a vector with inline capacity in the
3624         common case in which an expression is not followed by a vector.
3625
3626         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
3627         up a Vector*.
3628
3629         (JSC::ASTBuilder::appendToComma): Deleted.
3630         (JSC::ASTBuilder::combineCommaNodes): Deleted.
3631
3632         * parser/Lexer.cpp:
3633
3634         * parser/NodeConstructors.h:
3635         (JSC::StatementNode::StatementNode):
3636         (JSC::CommaNode::CommaNode):
3637         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
3638
3639         * parser/NodeInfo.h: Removed.
3640
3641         * parser/Nodes.cpp:
3642         (JSC::SourceElements::append):
3643         (JSC::SourceElements::singleStatement): Use a linked list instead of a
3644         vector to track the statements in a list. This removes some allocation
3645         and it means that we don't need a destructor anymore.
3646
3647         (JSC::ScopeNode::ScopeNode):
3648         (JSC::ProgramNode::ProgramNode):
3649         (JSC::EvalNode::EvalNode):
3650         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
3651         since these values are never null.
3652
3653         * parser/Nodes.h:
3654         (JSC::StatementNode::next):
3655         (JSC::StatementNode::setNext):
3656         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
3657
3658         * parser/Parser.cpp:
3659         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
3660
3661         (JSC::Parser<LexerType>::parseVarDeclarationList):
3662         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
3663         an explicit list of CommaNodes, removing a use of vector and a destructor.
3664
3665         * parser/Parser.h:
3666         (JSC::Parser<LexerType>::parse):
3667         * parser/SyntaxChecker.h:
3668         (JSC::SyntaxChecker::createCommaExpr):
3669         (JSC::SyntaxChecker::appendToCommaExpr):
3670         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
3671
3672 2014-12-08  Commit Queue  <commit-queue@webkit.org>
3673
3674         Unreviewed, rolling out r176979.
3675         https://bugs.webkit.org/show_bug.cgi?id=139424
3676
3677         "New JSC test in this patch is failing" (Requested by mlam on
3678         #webkit).
3679
3680         Reverted changeset:
3681
3682         "Fixes operationPutByIds such that they check that the put
3683         didn't"
3684         https://bugs.webkit.org/show_bug.cgi?id=139196
3685         http://trac.webkit.org/changeset/176979
3686
3687 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3688
3689         Fixes operationPutByIds such that they check that the put didn't
3690         change the structure of the object who's property access is being
3691         cached.
3692         https://bugs.webkit.org/show_bug.cgi?id=139196
3693
3694         Reviewed by Filip Pizlo.
3695
3696         * jit/JITOperations.cpp:
3697         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3698         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3699         (JSC::operationPutByIdNonStrictBuildList): ditto.
3700         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3701         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3702         * jit/Repatch.cpp:
3703         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3704         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3705         is the same as the new.
3706         (JSC::buildPutByIdList): Added an argument
3707         * jit/Repatch.h: 
3708         (JSC::buildPutByIdList): Added an argument
3709         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3710         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3711
3712  
3713 2014-12-08  Anders Carlsson  <andersca@apple.com>
3714
3715         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3716         https://bugs.webkit.org/show_bug.cgi?id=139410
3717
3718         Reviewed by Andreas Kling.
3719
3720         * API/JSContextRef.cpp:
3721         (JSContextGroupSetExecutionTimeLimit):
3722         (JSContextGroupClearExecutionTimeLimit):
3723         * runtime/Watchdog.cpp:
3724         (JSC::Watchdog::setTimeLimit):
3725         (JSC::Watchdog::didFire):
3726         (JSC::Watchdog::startCountdownIfNeeded):
3727         (JSC::Watchdog::startCountdown):
3728         * runtime/Watchdog.h:
3729         * runtime/WatchdogMac.cpp:
3730         (JSC::Watchdog::startTimer):
3731
3732 2014-12-08  Mark Lam  <mark.lam@apple.com>
3733
3734         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3735         <https://webkit.org/b/139327>
3736
3737         Reviewed by Michael Saboff.
3738
3739         The code generator and runtime slow paths expects otherwise.  This patch fixes
3740         CFA to match the code generator's expectation.
3741
3742         * dfg/DFGArrayMode.h:
3743         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3744         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3745
3746 2014-12-08  Chris Dumez  <cdumez@apple.com>
3747
3748         Revert r176293 & r176275
3749
3750         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3751         instead of size_t. There is some disagreement regarding the long-term direction
3752         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3753         while making a decision.
3754
3755         * bytecode/PreciseJumpTargets.cpp:
3756         * replay/EncodedValue.h:
3757
3758 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3759
3760         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3761         https://bugs.webkit.org/show_bug.cgi?id=139373
3762
3763         Reviewed by Sam Weinig.
3764
3765         * interpreter/Interpreter.cpp:
3766
3767 2014-12-06  Anders Carlsson  <andersca@apple.com>
3768
3769         Fix build with newer versions of clang.
3770         rdar://problem/18978716
3771
3772         * ftl/FTLJITCode.h:
3773         Add missing overrides.
3774
3775 2014-12-05  Roger Fong  <roger_fong@apple.com>
3776
3777         [Win] proj files copying over too many resources..
3778         https://bugs.webkit.org/show_bug.cgi?id=139315.
3779         <rdar://problem/19148278>
3780
3781         Reviewed by Brent Fulgham.
3782
3783         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3784
3785 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3786
3787         [JSC][FTL] Add the data layout to the module and fix the pass order.
3788         https://bugs.webkit.org/show_bug.cgi?id=138748
3789
3790         Reviewed by Oliver Hunt.
3791
3792         This adds the data layout to the module, so it can be used by all
3793         optimization passes in the LLVM optimizer pipeline. This also allows
3794         FastISel to select more instructions, because less non-legal types are
3795         generated.
3796         
3797         Also fix the order of the alias analysis passes in the optimization
3798         pipeline.
3799
3800         * ftl/FTLCompile.cpp:
3801         (JSC::FTL::mmAllocateDataSection):
3802
3803 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3804
3805         Removed an unused function.
3806
3807         Reviewed by Michael Saboff.
3808
3809         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3810
3811         * parser/ParserArena.h:
3812
3813 2014-12-05  David Kilzer  <ddkilzer@apple.com>
3814
3815         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
3816         <http://webkit.org/b/139286>
3817
3818         Reviewed by Daniel Bates.
3819
3820         * Configurations/FeatureDefines.xcconfig: Switch back to using
3821         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
3822
3823 2014-12-04  Mark Rowe  <mrowe@apple.com>
3824
3825         Build fix after r176836.
3826
3827         Reviewed by Mark Lam.
3828
3829         * runtime/VM.h:
3830         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
3831         Doing so results in a weak external symbol being generated.
3832
3833 2014-12-04  Saam Barati  <saambarati1@gmail.com>
3834
3835         JavaScript Control Flow Profiler
3836         https://bugs.webkit.org/show_bug.cgi?id=137785
3837
3838         Reviewed by Filip Pizlo.
3839
3840         This patch introduces a mechanism for JavaScriptCore to profile
3841         which basic blocks have executed. This mechanism will then be
3842         used by the Web Inspector to indicate which basic blocks
3843         have and have not executed.
3844         
3845         The profiling works by compiling in an op_profile_control_flow
3846         at the start of every basic block. Then, whenever this op code 
3847         executes, we know that a particular basic block has executed.
3848         
3849         When we tier up a CodeBlock that contains an op_profile_control_flow
3850         that corresponds to an already executed basic block, we don't
3851         have to emit code for that particular op_profile_control_flow
3852         because the internal data structures used to keep track of 
3853         basic block locations has already recorded that the corresponding
3854         op_profile_control_flow has executed.
3855
3856         * CMakeLists.txt:
3857         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3858         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3859         * JavaScriptCore.xcodeproj/project.pbxproj:
3860         * bytecode/BytecodeList.json:
3861         * bytecode/BytecodeUseDef.h:
3862         (JSC::computeUsesForBytecodeOffset):
3863         (JSC::computeDefsForBytecodeOffset):
3864         * bytecode/CodeBlock.cpp:
3865         (JSC::CodeBlock::dumpBytecode):
3866         (JSC::CodeBlock::CodeBlock):
3867         * bytecode/Instruction.h:
3868         * bytecode/UnlinkedCodeBlock.cpp:
3869         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3870         * bytecode/UnlinkedCodeBlock.h:
3871         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3872         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
3873         * bytecompiler/BytecodeGenerator.cpp:
3874         (JSC::BytecodeGenerator::emitProfileControlFlow):
3875         * bytecompiler/BytecodeGenerator.h:
3876         * bytecompiler/NodesCodegen.cpp:
3877         (JSC::ConditionalNode::emitBytecode):
3878         (JSC::IfElseNode::emitBytecode):
3879         (JSC::WhileNode::emitBytecode):
3880         (JSC::ForNode::emitBytecode):
3881         (JSC::ContinueNode::emitBytecode):
3882         (JSC::BreakNode::emitBytecode):
3883         (JSC::ReturnNode::emitBytecode):
3884         (JSC::CaseClauseNode::emitBytecode):
3885         (JSC::SwitchNode::emitBytecode):
3886         (JSC::ThrowNode::emitBytecode):
3887         (JSC::TryNode::emitBytecode):
3888         (JSC::ProgramNode::emitBytecode):
3889         (JSC::FunctionNode::emitBytecode):
3890         * dfg/DFGAbstractInterpreterInlines.h:
3891         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3892         * dfg/DFGByteCodeParser.cpp:
3893         (JSC::DFG::ByteCodeParser::parseBlock):
3894         * dfg/DFGCapabilities.cpp:
3895         (JSC::DFG::capabilityLevel):
3896         * dfg/DFGClobberize.h:
3897         (JSC::DFG::clobberize):
3898         * dfg/DFGDoesGC.cpp:
3899         (JSC::DFG::doesGC):
3900         * dfg/DFGFixupPhase.cpp:
3901         (JSC::DFG::FixupPhase::fixupNode):
3902         * dfg/DFGNode.h:
3903         (JSC::DFG::Node::basicBlockLocation):
3904         * dfg/DFGNodeType.h:
3905         * dfg/DFGPredictionPropagationPhase.cpp:
3906         (JSC::DFG::PredictionPropagationPhase::propagate):
3907         * dfg/DFGSafeToExecute.h:
3908         (JSC::DFG::safeToExecute):
3909         * dfg/DFGSpeculativeJIT32_64.cpp:
3910         (JSC::DFG::SpeculativeJIT::compile):
3911         * dfg/DFGSpeculativeJIT64.cpp:
3912         (JSC::DFG::SpeculativeJIT::compile):
3913         * inspector/agents/InspectorRuntimeAgent.cpp:
3914         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3915         * jit/JIT.cpp:
3916         (JSC::JIT::privateCompileMainPass):
3917         * jit/JIT.h:
3918         * jit/JITOpcodes.cpp:
3919         (JSC::JIT::emit_op_profile_control_flow):
3920         * jit/JITOpcodes32_64.cpp:
3921         (JSC::JIT::emit_op_profile_control_flow):
3922         * jsc.cpp:
3923         (GlobalObject::finishCreation):
3924         (functionFindTypeForExpression):
3925         (functionReturnTypeFor):
3926         (functionDumpBasicBlockExecutionRanges):
3927         * llint/LowLevelInterpreter.asm:
3928         * parser/ASTBuilder.h:
3929         (JSC::ASTBuilder::createFunctionExpr):
3930         (JSC::ASTBuilder::createGetterOrSetterProperty):
3931         (JSC::ASTBuilder::createFuncDeclStatement):
3932         (JSC::ASTBuilder::endOffset):
3933         (JSC::ASTBuilder::setStartOffset):
3934         * parser/NodeConstructors.h:
3935         (JSC::Node::Node):
3936         * parser/Nodes.h:
3937         (JSC::CaseClauseNode::setStartOffset):
3938         * parser/Parser.cpp:
3939         (JSC::Parser<LexerType>::parseSwitchClauses):
3940         (JSC::Parser<LexerType>::parseSwitchDefaultClause):
3941         (JSC::Parser<LexerType>::parseBlockStatement):
3942         (JSC::Parser<LexerType>::parseStatement):
3943         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3944         (JSC::Parser<LexerType>::parseIfStatement):
3945         (JSC::Parser<LexerType>::parseExpression):
3946         (JSC::Parser<LexerType>::parseConditionalExpression):
3947         (JSC::Parser<LexerType>::parseProperty):
3948         (JSC::Parser<LexerType>::parseMemberExpression):
3949         * parser/SyntaxChecker.h:
3950         (JSC::SyntaxChecker::createFunctionExpr):
3951         (JSC::SyntaxChecker::createFuncDeclStatement):
3952         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3953         (JSC::SyntaxChecker::operatorStackPop):
3954         * runtime/BasicBlockLocation.cpp: Added.
3955         (JSC::Ba