Web Inspector: Provide $exception in the console for the thrown exception value
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-11-19  Joseph Pecoraro  <pecoraro@apple.com>
2
3         Web Inspector: Provide $exception in the console for the thrown exception value
4         https://bugs.webkit.org/show_bug.cgi?id=138726
5
6         Reviewed by Timothy Hatcher.
7
8         * debugger/DebuggerScope.cpp:
9         (JSC::DebuggerScope::caughtValue):
10         * debugger/DebuggerScope.h:
11         Access the caught value if this scope is a catch scope.
12
13         * runtime/JSNameScope.h:
14         (JSC::JSNameScope::isFunctionNameScope):
15         (JSC::JSNameScope::isCatchScope):
16         (JSC::JSNameScope::value):
17         Provide an accessor for the single value in the JSNameScope (with / catch block).
18
19         * inspector/InjectedScriptSource.js:
20         Save the exception value and expose it via $exception. Since the command line api
21         is recreated on each evaluation, $exception is essentially readonly.
22
23         * inspector/ScriptDebugServer.h:
24         * inspector/ScriptDebugServer.cpp:
25         (Inspector::ScriptDebugServer::dispatchDidPause):
26         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
27         When pausing, get the exception or caught value. The exception will be provided
28         if we are breaking on an explicit exception. When inside of a catch block, we
29         can get the caught value by walking up the scope chain.
30
31         * inspector/agents/InspectorDebuggerAgent.h:
32         * inspector/agents/InspectorDebuggerAgent.cpp:
33         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
34         (Inspector::InspectorDebuggerAgent::resume):
35         (Inspector::InspectorDebuggerAgent::stepOver):
36         (Inspector::InspectorDebuggerAgent::stepInto):
37         (Inspector::InspectorDebuggerAgent::stepOut):
38         Clearing state can be done in didContinue.
39
40         (Inspector::InspectorDebuggerAgent::didPause):
41         Set the exception value explicitly in the injected script when we have it.
42
43         (Inspector::InspectorDebuggerAgent::didContinue):
44         Clear state saved when we had paused, including clearly an exception value if needed.
45
46         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
47         (Inspector::InspectorDebuggerAgent::clearExceptionValue):
48         Call into the injected script only when needed.
49
50         * inspector/InjectedScript.cpp:
51         (Inspector::InjectedScript::setExceptionValue):
52         (Inspector::InjectedScript::clearExceptionValue):
53         * inspector/InjectedScript.h:
54         * inspector/InjectedScriptManager.cpp:
55         (Inspector::InjectedScriptManager::clearExceptionValue):
56         * inspector/InjectedScriptManager.h:
57         Clear on all injected scripts.
58
59 2014-11-19  Joseph Pecoraro  <pecoraro@apple.com>
60
61         Unreviewed build fixes after r176329.
62
63           - export all of the codegen python files as they are included by the main generator
64           - update the imports of the main generator to match __init__.py
65           - remove bundling the python scripts as framework resources, just have them PrivateHeaders
66
67         * JavaScriptCore.xcodeproj/project.pbxproj:
68         * inspector/scripts/generate-inspector-protocol-bindings.py:
69
70 2014-11-18  Brian J. Burg  <burg@cs.washington.edu>
71
72         Web Inspector: standardize language-specific protocol generator file, class, and method prefixes
73         https://bugs.webkit.org/show_bug.cgi?id=138237
74
75         Reviewed by Joseph Pecoraro.
76
77         Settle on cpp/objc/js file prefixes and Cpp/ObjC/JS class prefixes for generators.
78         Move C++-specific static methods into CppGenerator and add cpp_ prefixes where relevant.
79         Split the templates file into language-specific template files.
80
81         * CMakeLists.txt:
82         * DerivedSources.make:
83         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
84         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
85         * JavaScriptCore.xcodeproj/project.pbxproj:
86         * inspector/scripts/codegen/__init__.py:
87         * inspector/scripts/codegen/cpp_generator.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generator.py.
88         * inspector/scripts/codegen/cpp_generator_templates.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generator_templates.py.
89         (CppGeneratorTemplates):
90         * inspector/scripts/codegen/generate_cpp_alternate_backend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py.
91         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_backend_dispatcher_header.py.
92         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_backend_dispatcher_implementation.py.
93         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_frontend_dispatcher_header.py.
94         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py.
95         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_protocol_types_header.py.
96         * inspector/scripts/codegen/generate_cpp_protocol_types_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_protocol_types_implementation.py.
97         * inspector/scripts/codegen/generate_js_backend_commands.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_backend_commands.py.
98         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_backend_dispatcher_header.py.
99         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_backend_dispatcher_implementation.py.
100         * inspector/scripts/codegen/generate_objc_configuration_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_configuration_header.py.
101         * inspector/scripts/codegen/generate_objc_configuration_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_configuration_implementation.py.
102         * inspector/scripts/codegen/generate_objc_conversion_helpers.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_conversion_helpers.py.
103         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_frontend_dispatcher_implementation.py.
104         * inspector/scripts/codegen/generate_objc_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_header.py.
105         * inspector/scripts/codegen/generate_objc_internal_header.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_internal_header.py.
106         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c_types_implementation.py.
107         * inspector/scripts/codegen/generator.py:
108         * inspector/scripts/codegen/generator_templates.py:
109         * inspector/scripts/codegen/objc_generator.py: Renamed from Source/JavaScriptCore/inspector/scripts/codegen/generate_objective_c.py.
110         * inspector/scripts/codegen/objc_generator_templates.py: Added.
111         * inspector/scripts/generate-inspector-protocol-bindings.py:
112
113 2014-11-19  Juergen Ributzka  <juergen@apple.com>
114
115         Update WebKit to build with LLVM TOT
116         https://bugs.webkit.org/show_bug.cgi?id=138519
117
118         Reviewed by Alexey Proskuryakov.
119
120         * Configurations/LLVMForJSC.xcconfig:
121         * llvm/LLVMAPIFunctions.h:
122         * llvm/library/LLVMExports.cpp:
123         (initializeAndGetJSCLLVMAPI):
124
125 2014-11-18  David Kilzer  <ddkilzer@apple.com>
126
127         FeatureDefines.xcconfig: Switch from using PLATFORM_NAME to SDK selectors
128         <http://webkit.org/b/138813>
129
130         Reviewed by Mark Rowe.
131
132         * Configurations/FeatureDefines.xcconfig: Switch to using SDK
133         selectors.
134
135 2014-11-18  Chris Dumez  <cdumez@apple.com>
136
137         Update the Vector API to deal with unsigned types instead of size_t
138         https://bugs.webkit.org/show_bug.cgi?id=138824
139
140         Reviewed by Andreas Kling.
141
142         Update code base to fix build errors related to the typing changes
143         in the Vector API (size_t -> unsigned).
144
145         * bytecode/PreciseJumpTargets.cpp:
146         * replay/EncodedValue.h:
147
148 2014-11-18  Commit Queue  <commit-queue@webkit.org>
149
150         Unreviewed, rolling out r176207.
151         https://bugs.webkit.org/show_bug.cgi?id=138836
152
153         Not ready yet (Requested by ap on #webkit).
154
155         Reverted changeset:
156
157         "Update WebKit to build with LLVM TOT"
158         https://bugs.webkit.org/show_bug.cgi?id=138519
159         http://trac.webkit.org/changeset/176207
160
161 2014-11-17  Mark Lam  <mark.lam@apple.com>
162
163         Add printing functionality in JITted code for debugging purposes.
164         <https://webkit.org/b/138660>
165
166         Reviewed by Geoffrey Garen.
167
168         Sometimes, for debugging, it'd be nice to be able to just print the
169         values of constants or registers used in JITted code, or even just
170         a string to log that certain pieces of JITted code have been executed.
171         Using the JIT probe mechanism, we can make this happen.
172
173         * assembler/ARMv7Assembler.h:
174         * assembler/AbstractMacroAssembler.h:
175         (JSC::AbstractMacroAssembler::CPUState::registerName):
176         (JSC::AbstractMacroAssembler::CPUState::registerValue):
177         (JSC::AbstractMacroAssembler::print):
178         (JSC::AbstractMacroAssembler::PrintArg::PrintArg):
179         (JSC::AbstractMacroAssembler::appendPrintArg):
180         (JSC::AbstractMacroAssembler::printInternal):
181         (JSC::AbstractMacroAssembler::printCallback):
182         * assembler/MacroAssemblerARM.cpp:
183         (JSC::MacroAssemblerARM::printCPURegisters):
184         (JSC::MacroAssemblerARM::printRegister):
185         * assembler/MacroAssemblerARM.h:
186         * assembler/MacroAssemblerARMv7.cpp:
187         (JSC::MacroAssemblerARMv7::printCPURegisters):
188         (JSC::MacroAssemblerARMv7::printRegister):
189         * assembler/MacroAssemblerARMv7.h:
190         * assembler/MacroAssemblerX86Common.cpp:
191         (JSC::MacroAssemblerX86Common::printRegister):
192         * assembler/MacroAssemblerX86Common.h:
193
194 2014-11-17  Anders Carlsson  <andersca@apple.com>
195
196         Fix JavaScriptCore build with newer versions of clang.
197         <rdar://problem/18978716>
198
199         * heap/Heap.cpp:
200         (JSC::Heap::visitTempSortVectors):
201         (JSC::Heap::deleteAllCompiledCode): Deleted.
202         * inspector/agents/InspectorConsoleAgent.h:
203
204 2014-11-17  Juergen Ributzka  <juergen@apple.com>
205
206         Update WebKit to build with LLVM TOT
207         https://bugs.webkit.org/show_bug.cgi?id=138519
208
209         Reviewed by Alexey Proskuryakov.
210
211         * Configurations/LLVMForJSC.xcconfig:
212         * llvm/LLVMAPIFunctions.h:
213         * llvm/library/LLVMExports.cpp:
214         (initializeAndGetJSCLLVMAPI):
215
216 2014-11-14  Benjamin Poulain  <bpoulain@apple.com>
217
218         STRH can store values with the wrong offset
219         https://bugs.webkit.org/show_bug.cgi?id=138723
220
221         Reviewed by Michael Saboff.
222
223         This is the counterpart of r176083 for the str instruction.
224
225         I believe this code is currently unreachable because there is only one client of strh()
226         in the MacroAssembler and it always setup the scale explicitely.
227
228         * assembler/ARMv7Assembler.h:
229         (JSC::ARMv7Assembler::strh):
230
231 2014-11-13  Mark Lam  <mark.lam@apple.com>
232
233         Reduce amount of cut-and-paste needed for probe mechanism implementations.
234         <https://webkit.org/b/138671>
235
236         Reviewed by Geoffrey Garen.
237
238         The existing code requires that each MacroAssembler implementation provide
239         their own copy of all of the probe implementations even when most of it is
240         identical.  This patch hoists the common parts into AbstractMacroAssembler
241         (with some minor renaming).  Each target specific MacroAssembler now only
242         need to implement a few target specific methods that are expected by and
243         documented in AbstractMacroAssembler.h in the ENABLE(MASM_PROBE) section.
244
245         In this patch, I also simplified the X86 and X86_64 ports to use the same
246         port implementation.  The ARMv7 probe implementation should not conditionally
247         exclude the higher FP registers (since the JIT doesn't).  Fixed the ARMv7
248         probe code to include the higher FP registers always. 
249
250         This is all done in preparation to add printing functionality in JITted code
251         for debugging.
252
253         * assembler/AbstractMacroAssembler.h:
254         (JSC::AbstractMacroAssembler::Label::Label):
255         (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
256         (JSC::AbstractMacroAssembler::DataLabelPtr::DataLabelPtr):
257         (JSC::AbstractMacroAssembler::DataLabel32::DataLabel32):
258         (JSC::AbstractMacroAssembler::DataLabelCompact::DataLabelCompact):
259         (JSC::AbstractMacroAssembler::Jump::link):
260         (JSC::AbstractMacroAssembler::Jump::linkTo):
261         (JSC::AbstractMacroAssembler::JumpList::link):
262         (JSC::AbstractMacroAssembler::JumpList::linkTo):
263         (JSC::AbstractMacroAssembler::ProbeContext::print):
264         (JSC::AbstractMacroAssembler::printIndent):
265         (JSC::AbstractMacroAssembler::printCPU):
266         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
267         - Except for the 3 printing methods (which are for the probe), the rest
268           are touched simply because we need to add the MacroAssemblerType to the
269           template args.
270           The MacroAssemblerType is used by the abstract probe code to call the
271           few probe methods that need to have CPU specific implementations.
272
273         * assembler/MacroAssemblerARM.cpp:
274         (JSC::MacroAssemblerARM::printCPURegisters):
275         - This was refactored from ProbeContext::dumpCPURegisters() which no
276           longer exists.
277         (JSC::MacroAssemblerARM::ProbeContext::dumpCPURegisters): Deleted.
278         (JSC::MacroAssemblerARM::ProbeContext::dump): Deleted.
279
280         * assembler/MacroAssemblerARM.h:
281         * assembler/MacroAssemblerARM64.h:
282
283         * assembler/MacroAssemblerARMv7.cpp:
284         (JSC::MacroAssemblerARMv7::printCPURegisters):
285         - This was refactored from ProbeContext::dumpCPURegisters() which no
286           longer exists.
287         (JSC::MacroAssemblerARMv7::ProbeContext::dumpCPURegisters): Deleted.
288         (JSC::MacroAssemblerARMv7::ProbeContext::dump): Deleted.
289
290         * assembler/MacroAssemblerARMv7.h:
291         * assembler/MacroAssemblerMIPS.h:
292         * assembler/MacroAssemblerSH4.h:
293         * assembler/MacroAssemblerX86.h:
294         (JSC::MacroAssemblerX86::trustedImm32FromPtr): Deleted.
295         (JSC::MacroAssemblerX86::probe): Deleted.
296
297         * assembler/MacroAssemblerX86Common.cpp:
298         (JSC::MacroAssemblerX86Common::printCPURegisters):
299         - This was refactored from ProbeContext::dumpCPURegisters() which no
300           longer exists.
301         (JSC::MacroAssemblerX86Common::probe):
302         - This implementation of probe() is based on the one originally in
303           MacroAssemblerX86_64.h.  It is generic and should work for both
304           32-bit and 64-bit.
305         (JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters): Deleted.
306         (JSC::MacroAssemblerX86Common::ProbeContext::dump): Deleted.
307
308         * assembler/MacroAssemblerX86Common.h:
309         * assembler/MacroAssemblerX86_64.h:
310         (JSC::MacroAssemblerX86_64::trustedImm64FromPtr): Deleted.
311         (JSC::MacroAssemblerX86_64::probe): Deleted.
312         * jit/JITStubsARMv7.h:
313
314 2014-11-13  Michael Saboff  <msaboff@apple.com>
315
316         Add scope operand to op_new_func* byte codes
317         https://bugs.webkit.org/show_bug.cgi?id=138707
318
319         Reviewed by Mark Lam.
320
321         Added scope operand to op_new_func and op_new_func_expr to replace the implicit use
322         of exec->scope().
323
324         * bytecode/BytecodeList.json: Increased size of op_new_func & op_new_func_expr bytecodes.
325
326         * bytecode/CodeBlock.cpp:
327         (JSC::CodeBlock::dumpBytecode): Added scope operand to dump output.
328
329         * bytecompiler/BytecodeGenerator.cpp:
330         (JSC::BytecodeGenerator::emitNewFunctionInternal):
331         (JSC::BytecodeGenerator::emitNewFunctionExpression):
332         Emit scope operand.
333
334         * dfg/DFGByteCodeParser.cpp:
335         (JSC::DFG::ByteCodeParser::parseBlock):
336         * dfg/DFGFixupPhase.cpp:
337         (JSC::DFG::FixupPhase::fixupNode):
338         Added new scope source nodes to NewFunction, NewFunctionExpression & NewFunctionNoCheck.
339         
340         * dfg/DFGSpeculativeJIT.cpp:
341         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
342         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
343         * dfg/DFGSpeculativeJIT32_64.cpp:
344         (JSC::DFG::SpeculativeJIT::compile):
345         * dfg/DFGSpeculativeJIT64.cpp:
346         (JSC::DFG::SpeculativeJIT::compile):
347         Use scope children when making new function JIT_Operation calls.  Use JSScope* value instead of
348         exec->scope().
349
350         * dfg/DFGOperations.h:
351         * dfg/DFGOperations.cpp:
352         * dfg/DFGSpeculativeJIT.h:
353         (JSC::DFG::SpeculativeJIT::callOperation):
354         * jit/JIT.h:
355         * jit/JITInlines.h:
356         (JSC::JIT::callOperation):
357         * jit/JITOpcodes.cpp:
358         (JSC::JIT::emit_op_new_func):
359         (JSC::JIT::emit_op_new_func_exp):
360         * jit/JITOperations.cpp:
361         * jit/JITOperations.h:
362         Added new Jsc JIT_Operation parameter type for JSScope* values.  Created declarations and
363         definitions for new JIT_Operations with Jsc parameters.  Use the JSScope* parameters in lieu
364         of exec->scope() in operationNewFunction().
365         Removed comment for unused Jsa (JSLexicalEnvironment*) JIT_Operation parameter type.
366
367         * llint/LLIntSlowPaths.cpp:
368         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
369         Use the scope operand instead of exec->scope().
370
371         * llint/LowLevelInterpreter.asm:
372         * llint/LowLevelInterpreter32_64.asm:
373         * llint/LowLevelInterpreter64.asm:
374         Changed the operand indecies for added scope operand.
375
376 2014-11-13  Mark Lam  <mark.lam@apple.com>
377
378         Change X86/64 JIT probes to save/restore xmm regs as double instead of __m128. [Follow up]
379         <https://webkit.org/b/138708>
380
381         Reviewed by Michael Saboff.
382
383         Removed a stale comment and a now unnecessary #include. 
384
385         * assembler/X86Assembler.h:
386
387 2014-11-13  Commit Queue  <commit-queue@webkit.org>
388
389         Unreviewed, rolling out r176087.
390         https://bugs.webkit.org/show_bug.cgi?id=138714
391
392         Broke the build (Requested by ap on #webkit).
393
394         Reverted changeset:
395
396         "Update WebKit to build with LLVM TOT"
397         https://bugs.webkit.org/show_bug.cgi?id=138519
398         http://trac.webkit.org/changeset/176087
399
400 2014-11-13  Mark Lam  <mark.lam@apple.com>
401
402         Change X86/64 JIT probes to save/restore xmm regs as double instead of __m128.
403         <https://webkit.org/b/138708>
404
405         Reviewed by Michael Saboff.
406
407         The JIT code only uses the xmm regs as double registers.  This patch changes
408         the storage types of the FP registers in X86Assembler.h to double instead of
409         __m128, and updates the X86 and X86_64 JIT probe implementations accordingly.
410
411         Also made some minor cosmetic changes in the output of the probe dump functions.
412
413         * assembler/MacroAssemblerX86Common.cpp:
414         (JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):
415         * assembler/X86Assembler.h:
416         * jit/JITStubsX86.h:
417         * jit/JITStubsX86Common.h:
418         * jit/JITStubsX86_64.h:
419
420 2014-11-13  Juergen Ributzka  <juergen@apple.com>
421
422         Update WebKit to build with LLVM TOT
423         https://bugs.webkit.org/show_bug.cgi?id=138519
424
425         Reviewed by Geoffrey Garen.
426
427         * Configurations/LLVMForJSC.xcconfig:
428         * llvm/LLVMAPIFunctions.h:
429         * llvm/library/LLVMExports.cpp:
430         (initializeAndGetJSCLLVMAPI):
431
432 2014-11-13  Benjamin Poulain  <benjamin@webkit.org>
433
434         ARMv7(s) Assembler: LDRH with immediate offset is loading from the wrong offset
435         https://bugs.webkit.org/show_bug.cgi?id=136914
436
437         Reviewed by Michael Saboff.
438
439         TLDR: the immediate offset of half-word load was divided by 2.
440
441         Story time: So I started getting those weird reports of :nth-child() behaving bizarrely
442         on ARMv7 and ARMv7s. To make things worse, the behavior changes depending on style updates.
443
444         I started looking the disassembly on the tests cases...
445
446         The first thing I noticed was that the computation of An+B looked wrong. For example,
447         in the case of n+6, the instruction should have been:
448             subs r1, r1, #6
449         but was
450             subs r1, r1, #2
451
452         After spending a lot of time trying to find the error in the assembler, I discovered
453         the problem was not real, but just a bug in the disassembler.
454         This is the first fix: ARMv7DOpcodeAddSubtractImmediate3's immediate3() was truncating
455         the value to 2 bits instead of 3 bits.
456
457         The disassembler being fixed, I still have no lead on the weird bug. Some disassembly later,
458         I realize the LDRH instruction is not decoded at all. The reason is that both LDRH and STRH
459         were under the umbrella ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord but the pattern
460         only matched SRTH.
461
462         I fix that next, ARMv7DOpcodeLoadStoreRegisterImmediateHalfWord is split into
463         ARMv7DOpcodeStoreRegisterImmediateHalfWord and ARMv7DOpcodeLoadRegisterImmediateHalfWord,
464         each with their own pattern and their instruction group.
465
466         Now that I can see the LDRHs correctly, there is something fishy about them, their offset
467         is way too small for the data I load.
468
469         This time, looking at the binary, the generated code is indeed incorrect. It turns out that
470         the ARMv7 assembler shifted the offset of half-word load as if they were byte load: divided by 4.
471         As a result, all the load of half-words with more than zero offset were loading
472         values with a smaller offset than what they should have.
473
474         That being fixed, I dump the assembly: still wrong. I am ready to throw my keyboard through
475         my screen at that point.
476
477         Looking at the disassembler, there is yet again a bug. The computation of the scale() adjustment
478         of the offset was incorrect for anything but word loads.
479         I replaced it by a switch-case to make it explicit.
480
481         STRH is likely incorrect too. I'll fix that in a follow up, I want to survey all the 16 bits cases
482         that are not directly used by the CSS JIT.
483
484         * assembler/ARMv7Assembler.h:
485         (JSC::ARMv7Assembler::ldrh):
486         Fix the immediate scaling. Add an assertion to make sure the alignment of the input is correct.
487
488         * disassembler/ARMv7/ARMv7DOpcode.cpp:
489         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale):
490         Fix the scaling code. Just hardcode instruction-to-scale table.
491
492         * disassembler/ARMv7/ARMv7DOpcode.h:
493         (JSC::ARMv7Disassembler::ARMv7DOpcodeAddSubtractImmediate3::immediate3):
494         The mask for a 3 bits immediate is not 3 :)
495
496         (JSC::ARMv7Disassembler::ARMv7DOpcodeLoadStoreRegisterImmediate::scale): Deleted.
497
498 2014-11-13  Andreas Kling  <akling@apple.com>
499
500         Generate put_by_id for bracket assignment with constant string subscript.
501         <https://webkit.org/b/138702>
502
503         Reviewed by Geoffrey Garen.
504
505         Transform o["f"]=x to o.f=x when generating bytecode. This allows our JIT
506         to inline-cache those accesses instead of always dropping out to C++.
507
508         Just like the get_by_id transformations, this gets a bunch of use on
509         real-web content (and Speedometer) but little/none on raw JS benchmarks.
510
511         * bytecompiler/NodesCodegen.cpp:
512         (JSC::AssignBracketNode::emitBytecode):
513
514 2014-11-12  Mark Lam  <mark.lam@apple.com>
515
516         Create canonical lists of registers used by both the Assemblers and the JIT probes.
517         <https://webkit.org/b/138681>
518
519         Reviewed by Filip Pizlo.
520
521         * assembler/ARMAssembler.h:
522         * assembler/ARMv7Assembler.h:
523         * assembler/X86Assembler.h:
524         - The FP register storage type is still defined as __m128 because the JIT
525           probe code still expects that amount of storage to be available.  Will
526           change this to double when the JIT probe code is updated accordingly in a
527           later patch.
528
529 2014-11-12  Andreas Kling  <akling@apple.com>
530
531         Generate get_by_id for bracket access with constant string subscript.
532         <https://webkit.org/b/138663>
533
534         Reviewed by Michael Saboff.
535
536         Transform o["f"] into o.f when generating bytecode. This allows our JIT
537         to inline-cache those accesses instead of always dropping out to C++.
538
539         This is surprisingly common in real-web content, less so in benchmarks.
540         Interestingly, Speedometer does hit the optimization quite a bit.
541
542         * bytecompiler/NodesCodegen.cpp:
543         (JSC::BracketAccessorNode::emitBytecode):
544
545 2014-11-12  Mark Lam  <mark.lam@apple.com>
546
547         Rename USE(MASM_PROBE) to ENABLE(MASM_PROBE).
548         <https://webkit.org/b/138661>
549
550         Reviewed by Michael Saboff.
551
552         Also move the switch for enabling the use of MASM_PROBE from JavaScriptCore's
553         config.h to WTF's Platform.h.  This ensures that the setting is consistently
554         applied even when building WebCore parts as well.
555
556         * assembler/ARMAssembler.h:
557         * assembler/ARMv7Assembler.h:
558         * assembler/MacroAssemblerARM.cpp:
559         * assembler/MacroAssemblerARM.h:
560         * assembler/MacroAssemblerARMv7.cpp:
561         * assembler/MacroAssemblerARMv7.h:
562         * assembler/MacroAssemblerX86.h:
563         * assembler/MacroAssemblerX86Common.cpp:
564         * assembler/MacroAssemblerX86Common.h:
565         * assembler/MacroAssemblerX86_64.h:
566         * assembler/X86Assembler.h:
567         * config.h:
568         * jit/JITStubs.h:
569         * jit/JITStubsARM.h:
570         * jit/JITStubsARMv7.h:
571         * jit/JITStubsX86.h:
572         * jit/JITStubsX86Common.h:
573         * jit/JITStubsX86_64.h:
574
575 2014-11-12  peavo@outlook.com  <peavo@outlook.com>
576
577         [WinCairo] Incorrect names for test executables in debug mode.
578         https://bugs.webkit.org/show_bug.cgi?id=138659
579
580         Reviewed by Alex Christensen.
581
582         In debug mode, jsc.exe, and testapi.exe are not created, causing JSC test failures.
583
584         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
585         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
586
587 2014-11-11  Michael Saboff  <msaboff@apple.com>
588
589         Change DFG to use scope operand for op_resolve_scope
590         https://bugs.webkit.org/show_bug.cgi?id=138651
591
592         Reviewed by Geoffrey Garen.
593
594         Changed to use the provided scope VirtualRegister.
595
596         * dfg/DFGByteCodeParser.cpp:
597         (JSC::DFG::ByteCodeParser::getScope): Changed to use an argument scope register.
598         (JSC::DFG::ByteCodeParser::parseBlock): Created VirtualRegister from scope operand.
599
600 2014-11-11  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
601
602         Remove IncrementalSweeper::create()
603         https://bugs.webkit.org/show_bug.cgi?id=138243
604
605         Reviewed by Filip Pizlo.
606
607         As a step to use std::unique_ptr<> and std::make_unique<>, this patch removes
608         IncrementalSweeper::create(), then set constructor of IncrementalSweeper to public.
609         Now we begins to use std::make_unique<> to create IncrementalSweeper instance.
610
611         * heap/Heap.cpp:
612         (JSC::Heap::Heap):
613         (JSC::Heap::setIncrementalSweeper):
614         * heap/Heap.h:
615         * heap/IncrementalSweeper.cpp:
616         (JSC::IncrementalSweeper::create): Deleted.
617         * heap/IncrementalSweeper.h:
618
619 2014-11-11  Joseph Pecoraro  <pecoraro@apple.com>
620
621         Web Inspector: Handle activating extra agents properly after inspector has connected
622         https://bugs.webkit.org/show_bug.cgi?id=138639
623
624         Reviewed by Timothy Hatcher.
625
626         Instead of having the protocol configuration directly add the extra agent
627         to the inspector registry, isntead go through the augmentable controller.
628         The controller will initialize as required if we are already connected or not,
629         and will add to the registry.
630
631         The functional change here is that the frontend can be notified to activate
632         extra agents multiple times as agents eventually become available.
633
634         * inspector/JSGlobalObjectInspectorController.cpp:
635         (Inspector::JSGlobalObjectInspectorController::appendExtraAgent):
636         * inspector/JSGlobalObjectInspectorController.h:
637         * inspector/agents/InspectorAgent.cpp:
638         (Inspector::InspectorAgent::activateExtraDomain):
639         * inspector/agents/InspectorAgent.h:
640         * inspector/augmentable/AugmentableInspectorController.h:
641         * inspector/scripts/codegen/generator_templates.py:
642         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
643         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
644         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
645         * inspector/scripts/tests/expected/enum-values.json-result:
646         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
647         Rebased results.
648
649 2014-11-11  Michael Saboff  <msaboff@apple.com>
650
651         Use scope register when processing op_resolve_scope in LLInt and Baseline JIT
652         https://bugs.webkit.org/show_bug.cgi?id=138637
653
654         Reviewed by Mark Lam.
655
656         Filled out op_resolve_scope processing to use the scope operand to access the current
657         scope chain.
658
659         * jit/JIT.h:
660         * jit/JITInlines.h:
661         (JSC::JIT::callOperation):
662         * jit/JITOperations.cpp:
663         * jit/JITOperations.h:
664         Added scope virtual register parameter to emitResolveClosure().  Added new callOperation() to
665         support the additional argument.
666
667         * jit/JITPropertyAccess.cpp:
668         (JSC::JIT::emitResolveClosure):
669         (JSC::JIT::emit_op_resolve_scope):
670         (JSC::JIT::emitSlow_op_resolve_scope):
671         * jit/JITPropertyAccess32_64.cpp:
672         (JSC::JIT::emitResolveClosure):
673         (JSC::JIT::emit_op_resolve_scope):
674         (JSC::JIT::emitSlow_op_resolve_scope):
675         * llint/LLIntSlowPaths.cpp:
676         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
677         Added "scope" parameter to emitResolveClosure().  Passed scope register index to slow path.
678         Used scope virtual register instead of JSStack::ScopeChain.
679
680 2014-11-11  Joseph Pecoraro  <pecoraro@apple.com>
681
682         Web Inspector: Don't require a debugger be attached for inspector auto attach
683         https://bugs.webkit.org/show_bug.cgi?id=138638
684
685         Reviewed by Timothy Hatcher.
686
687         * inspector/remote/RemoteInspector.mm:
688         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
689
690 2014-11-11  Akos Kiss  <akiss@inf.u-szeged.hu>
691
692         Handle cases in StackVisitor::Frame::existingArguments() when lexicalEnvironment and/or unmodifiedArgumentsRegister is not set up yet
693         https://bugs.webkit.org/show_bug.cgi?id=138543
694
695         Reviewed by Geoffrey Garen.
696
697         Exception fuzzing may may raise exceptions in places where they would be
698         otherwise impossible. Therefore, a callFrame may lack activation even if
699         the codeBlock signals need of activation. Also, even if codeBlock
700         signals the use of arguments, the unmodifiedArgumentsRegister may not be
701         initialized yet (neither locally nor in lexicalEnvironment).
702
703         If codeBlock()->needsActivation() is false, unmodifiedArgumentsRegister
704         is already checked for Undefined. This patch applies the same check when
705         the condition is true (and also checks whether
706         callFrame()->hasActivation()).
707
708         * interpreter/CallFrame.h:
709         (JSC::ExecState::hasActivation):
710         Moved to interpreter/CallFrameInlines.h.
711         * interpreter/CallFrameInlines.h:
712         (JSC::CallFrame::hasActivation):
713         Fixed to verify that the JSValue returned by uncheckedActivation() is a
714         cell.
715         * interpreter/StackVisitor.cpp:
716         (JSC::StackVisitor::Frame::existingArguments):
717
718 2014-11-11  Andreas Kling  <akling@apple.com>
719
720         Another assertion fix for debug builds after r175846.
721
722         generateByIdStub() can now be called with an empty prototype chain
723         if kind == GetUndefined, so tweak the assertion to cover that.
724
725         * jit/Repatch.cpp:
726         (JSC::generateByIdStub):
727
728 2014-11-10  Andreas Kling  <akling@apple.com>
729
730         Assertion fix for debug builds after r175846.
731
732         PropertySlot::slotBase() will assert if the slot is unset, so reorder
733         the tests to check for isCacheableValue() first.
734
735         * jit/Repatch.cpp:
736         (JSC::tryCacheGetByID):
737
738 2014-11-10  Andreas Kling  <akling@apple.com>
739
740         The JIT should cache property lookup misses.
741         <https://webkit.org/b/135578>
742
743         Add support for inline caching of missed property lookups.
744         Previously this would banish us to C++ slow path.
745
746         It's implemented as a simple GetById cache that returns jsUndefined()
747         as long as the Structure chain check passes. There's no DFG exploitation
748         of this knowledge in this patch.
749
750         Test: js/regress/undefined-property-access.js (~5.5x speedup)
751
752         Reviewed by Filip Pizlo.
753
754         * bytecode/PolymorphicGetByIdList.h:
755         * bytecode/GetByIdStatus.cpp:
756         (JSC::GetByIdStatus::computeForStubInfo):
757
758             Add GetByIdAccess::SimpleMiss so we can communicate to the DFG that
759             the access has been cached.
760
761         * jit/Repatch.cpp:
762         (JSC::toString):
763         (JSC::kindFor):
764         (JSC::generateByIdStub):
765         (JSC::tryCacheGetByID):
766         (JSC::tryBuildGetByIDList):
767
768             Added a GetUndefined stub kind, just a simple "store jsUndefined()" snippet.
769             Use this to cache missed lookups, piggybacking mostly on the GetValue kind.
770
771         * runtime/PropertySlot.h:
772         (JSC::PropertySlot::isUnset):
773
774             Exposed the unset state so PropertySlot can communicate that lookup failed.
775
776 2014-11-10  Michael Saboff  <msaboff@apple.com>
777
778         Add scope operand to op_create_lexical_environment
779         https://bugs.webkit.org/show_bug.cgi?id=138588
780
781         Reviewed by Geoffrey Garen.
782
783         Added a second operand to op_create_lexical_environment that contains the scope register
784         to update.  Note that the DFG relies on operationCreateActivation() to update the
785         scope register since we can't issue a set() with a non-local, non-argument register.
786         This is temporary until the scope register is allocated as a local.
787
788         * bytecode/BytecodeList.json:
789         * bytecode/CodeBlock.cpp:
790         (JSC::CodeBlock::dumpBytecode):
791         Added the scope register operand.
792
793         * bytecompiler/BytecodeGenerator.cpp:
794         (JSC::BytecodeGenerator::BytecodeGenerator):
795         Filled in the scope register operand.
796
797         * jit/JITOpcodes.cpp:
798         (JSC::JIT::emit_op_create_lexical_environment):
799         * jit/JITOpcodes32_64.cpp:
800         (JSC::JIT::emit_op_create_lexical_environment):
801         * llint/LLIntSlowPaths.cpp:
802         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
803         * llint/LowLevelInterpreter32_64.asm:
804         * llint/LowLevelInterpreter64.asm:
805         Set the scope register with the result of the appropriate create activation slow call.
806
807 2014-11-09  Akos Kiss  <akiss@inf.u-szeged.hu>
808
809         Fix 'noreturn' function does return warning in LLVMOverrides.cpp
810         https://bugs.webkit.org/show_bug.cgi?id=138306
811
812         Reviewed by Filip Pizlo.
813
814         Adding NO_RETURN where needed.
815
816         * llvm/library/LLVMExports.cpp:
817         (initializeAndGetJSCLLVMAPI):
818         * llvm/library/LLVMOverrides.cpp:
819         * llvm/library/LLVMTrapCallback.h:
820
821 2014-11-07  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
822
823         Fix an alignment issue with operationPushCatchScope on ARMv7
824         https://bugs.webkit.org/show_bug.cgi?id=138510
825
826         Reviewed by Csaba Osztrogonác.
827
828         * jit/CCallHelpers.h:
829         (JSC::CCallHelpers::setupArgumentsWithExecState):
830         * jit/JITInlines.h:
831         (JSC::JIT::callOperation):
832
833 2014-11-07  Michael Saboff  <msaboff@apple.com>
834
835         Update scope related slow path code to use scope register added to opcodes
836         https://bugs.webkit.org/show_bug.cgi?id=138254
837
838         Reviewed by Mark Lam.
839
840         Updated slow paths for op_pop_scope, op_push_name_scope and op_push_with_scope.
841         Added scope register index parameter to the front of the relevant argument lists of the
842         slow functions.  In the case of op_push_name_scope for x86 (32 bit), there aren't enough
843         registers to accomodate all the parameters.  Therefore, added two new JSVALUE32_64 slow
844         paths called operationPushCatchScope() and operationPushFunctionNameScope() to eliminate
845         the last "type" argument.
846         
847
848         * assembler/MacroAssemblerCodeRef.h:
849         (JSC::FunctionPtr::FunctionPtr): Added a new template to take 6 arguments.
850
851         * jit/CCallHelpers.h:
852         (JSC::CCallHelpers::setupArgumentsWithExecState):
853         * jit/JIT.h:
854         * jit/JITInlines.h:
855         (JSC::JIT::callOperation):
856         New variants of setupArgumentsWithExecState() and callOperation() to handle the new
857         combinations of argument types and counts.
858
859         * jit/JITOpcodes.cpp:
860         (JSC::JIT::emit_op_push_with_scope):
861         (JSC::JIT::emit_op_pop_scope):
862         (JSC::JIT::emit_op_push_name_scope):
863         * jit/JITOpcodes32_64.cpp:
864         (JSC::JIT::emit_op_push_with_scope):
865         (JSC::JIT::emit_op_pop_scope):
866         (JSC::JIT::emit_op_push_name_scope):
867         Use the new slow paths.
868
869         * jit/JITOperations.cpp:
870         * jit/JITOperations.h:
871         Updates to set the scope result using the scope register index.  Added operationPushCatchScope()
872         and operationPushFunctionNameScope().
873
874         * llint/LLIntSlowPaths.cpp:
875         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
876         Updated the scope slow paths to use the scope register index in the instruction to read and
877         write the register instead of using CallFrame::scope() and CallFrame::setScope().
878
879 2014-11-07  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
880
881         Apply std::unique_ptr to slowPathCall()
882         https://bugs.webkit.org/show_bug.cgi?id=138489
883
884         Reviewed by Mark Lam.
885
886         As a step to use std::unique_ptr<>, this patch makes slowPathCall() use std::unique_ptr<>,
887         std::make_unique<>, and WTF::move(). 
888
889         * dfg/DFGSlowPathGenerator.h:
890         (JSC::DFG::slowPathCall):
891         (JSC::DFG::slowPathMove):
892         * dfg/DFGSpeculativeJIT.cpp:
893         (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
894         (JSC::DFG::SpeculativeJIT::addSlowPathGenerator):
895         (JSC::DFG::SpeculativeJIT::arrayify):
896         (JSC::DFG::SpeculativeJIT::compileIn):
897         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
898         * dfg/DFGSpeculativeJIT.h:
899         * dfg/DFGSpeculativeJIT32_64.cpp:
900         (JSC::DFG::SpeculativeJIT::cachedGetById):
901         (JSC::DFG::SpeculativeJIT::cachedPutById):
902         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
903         (JSC::DFG::SpeculativeJIT::compile):
904         * dfg/DFGSpeculativeJIT64.cpp:
905         (JSC::DFG::SpeculativeJIT::cachedGetById):
906         (JSC::DFG::SpeculativeJIT::cachedPutById):
907         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
908         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
909         (JSC::DFG::SpeculativeJIT::compile):
910
911 2014-11-06  Mark Lam  <mark.lam@apple.com>
912
913         slow_path_get_direct_pname() needs to be hardened against a constant baseValue.
914         <https://webkit.org/b/138476>
915
916         Reviewed by Michael Saboff.
917
918         slow_path_get_direct_pname() currently assumes that the baseValue is always a
919         non-constant virtual register.  However, this is not always the case like in the
920         following:
921
922             function foo() {
923                 var o = { a:1 };
924                 for (var n in o)
925                     0[n];
926             }
927             foo();
928
929         This patch fixes it to also check for constant virtual register indexes.
930
931         * runtime/CommonSlowPaths.cpp:
932         (JSC::SLOW_PATH_DECL):
933
934 2014-11-06  Michael Saboff  <msaboff@apple.com>
935
936         REGRESSION (r174985-174986): Site display disappears 
937         https://bugs.webkit.org/show_bug.cgi?id=138082
938
939         Reviewed by Geoffrey Garen.
940
941         In support of the change in WebCore, this adds a new functor class to unwind to our
942         caller's frame possibly skipping of intermediate C++ frames.
943
944         * interpreter/StackVisitor.h:
945         (JSC::CallerFunctor::CallerFunctor):
946         (JSC::CallerFunctor::callerFrame):
947         (JSC::CallerFunctor::operator()):
948
949 2014-11-06  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
950
951         Use std::unique_ptr in CodeBlock class
952         https://bugs.webkit.org/show_bug.cgi?id=138395
953
954         Reviewed by Darin Adler.
955
956         * bytecode/CodeBlock.h: Use std::unique_ptr.
957         (JSC::CodeBlock::setJITCodeMap):
958         * jit/CompactJITCodeMap.h: Use std::unique_ptr instead of OwnPtr|PassOwnPtr.
959         (JSC::CompactJITCodeMap::CompactJITCodeMap):
960         (JSC::CompactJITCodeMap::Encoder::finish): Use std::unique_ptr instead of PassOwnPtr.
961
962 2014-11-05  Mark Lam  <mark.lam@apple.com>
963
964         PutById inline caches should have a store barrier when it triggers a structure transition.
965         <https://webkit.org/b/138441>
966
967         Reviewed by Geoffrey Garen.
968
969         After r174025, we no longer insert DFG store barriers when the payload of a
970         PutById operation is not a cell.  However, this can lead to a crash when we have
971         PutById inline cache code transitioning the structure and re-allocating the
972         butterfly of an old gen object.  The lack of a store barrier in that inline
973         cache results in the old gen object not being noticed during an eden GC scan.
974         As a result, its newly allocated butterfly will not be kept alive, which leads
975         to a stale butterfly pointer and, eventually, a crash.
976
977         It is also possible that the new structure can be collected by the eden GC if
978         (at GC time):
979         1. It is in the eden gen.
980         2. The inline cache that installed it has been evicted.
981         3. There are no live eden gen objects referring to it.
982
983         The chances of this should be more rare than the butterfly re-allocation, but
984         it is still possible.  Hence, the fix is to always add a store barrier if the
985         inline caches performs a structure transition.
986
987         * jit/Repatch.cpp:
988         (JSC::emitPutTransitionStub):
989         - Added store barrier code based on SpeculativeJIT::storeToWriteBarrierBuffer()'s
990           implementation.
991
992 2014-11-05  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
993
994         Use std::unique_ptr in JSClassRef and JSCallbackObject
995         https://bugs.webkit.org/show_bug.cgi?id=138402
996
997         Reviewed by Geoffrey Garen.
998
999         * API/JSCallbackObject.h: Use std::unique_ptr instead of OwnPtr|PassOwnPtr.
1000         (JSC::JSCallbackObjectData::setPrivateProperty): ditto.
1001         * API/JSClassRef.cpp: ditto.
1002         * API/JSClassRef.h: ditto.
1003
1004 2014-11-05  Michael Saboff  <msaboff@apple.com>
1005
1006         Disable flakey float32-repeat-out-of-bounds.js and int8-repeat-out-of-bounds.js tests for ARM64
1007         https://bugs.webkit.org/show_bug.cgi?id=138381
1008
1009         Reviewed by Mark Lam.
1010
1011         Disabled these test for ARM64.  Will address the failures and then re-enable.
1012
1013         * tests/stress/float32-repeat-out-of-bounds.js:
1014         * tests/stress/int8-repeat-out-of-bounds.js:
1015
1016 2014-11-05  Alexey Proskuryakov  <ap@apple.com>
1017
1018         Incorrect sandbox_check in RemoteInspector.mm
1019         https://bugs.webkit.org/show_bug.cgi?id=138408
1020
1021         Reviewed by Joseph Pecoraro.
1022
1023         * inspector/remote/RemoteInspector.mm:
1024         (Inspector::canAccessWebInspectorMachPort):
1025
1026 2014-11-03  Dean Jackson  <dino@apple.com>
1027
1028         Add ENABLE_FILTERS_LEVEL_2 feature guard.
1029         https://bugs.webkit.org/show_bug.cgi?id=138362
1030
1031         Reviewed by Tim Horton.
1032
1033         Add a new feature define for Level 2 of CSS Filters.
1034         http://dev.w3.org/fxtf/filters-2/
1035
1036         * Configurations/FeatureDefines.xcconfig:
1037
1038 2014-11-04  Mark Lam  <mark.lam@apple.com>
1039
1040         Rename checkMarkByte() to jumpIfIsRememberedOrInEden().
1041         <https://webkit.org/b/138369>
1042
1043         Reviewed by Geoffrey Garen.
1044
1045         Write barriers are needed for GC Eden collections so that we can scan pointers
1046         pointing from old generation objects to eden generation objects.  The barrier
1047         currently checks the mark byte in a cell to see if we should skip adding the
1048         cell to the GC remembered set.  The addition should be skipped if:
1049
1050         1. The cell is in the young generation.  It has no old to eden pointers by
1051            definition.
1052         2. The cell is already in the remembered set.  While it is ok to add the cell
1053            to the GC remembered set more than once, it would be redundant.  Hence,
1054            we skip this as an optimization to avoid doing unnecessary work.
1055
1056         The barrier currently names this check as checkMarkByte().  We should rename it
1057         to jumpIfIsRememberedOrInEden() to be clearer about its intent.
1058
1059         Similarly, Jump results of this check are currently named
1060         ownerNotMarkedOrAlreadyRemembered.  This can be misinterpreted as the owner is
1061         not marked or not already remembered.  We should rename it to
1062         ownerIsRememberedOrInEden which is clearer about the intent of the
1063         check.  What we are really checking for is that the cell is in the eden gen,
1064         which is implied by it being "not marked".
1065
1066         * dfg/DFGOSRExitCompilerCommon.cpp:
1067         (JSC::DFG::osrWriteBarrier):
1068         * dfg/DFGSpeculativeJIT.cpp:
1069         (JSC::DFG::SpeculativeJIT::writeBarrier):
1070         * dfg/DFGSpeculativeJIT32_64.cpp:
1071         (JSC::DFG::SpeculativeJIT::writeBarrier):
1072         * dfg/DFGSpeculativeJIT64.cpp:
1073         (JSC::DFG::SpeculativeJIT::writeBarrier):
1074         * jit/AssemblyHelpers.h:
1075         (JSC::AssemblyHelpers::jumpIfIsRememberedOrInEden):
1076         (JSC::AssemblyHelpers::checkMarkByte): Deleted.
1077         * jit/JITPropertyAccess.cpp:
1078         (JSC::JIT::emitWriteBarrier):
1079         * llint/LowLevelInterpreter.asm:
1080         * llint/LowLevelInterpreter32_64.asm:
1081         * llint/LowLevelInterpreter64.asm:
1082         * runtime/JSCell.h:
1083
1084 2014-11-04  Joseph Pecoraro  <pecoraro@apple.com>
1085
1086         Web Inspector: Pause on exceptions should show the actual exception
1087         https://bugs.webkit.org/show_bug.cgi?id=63096
1088
1089         Reviewed by Timothy Hatcher.
1090
1091         * debugger/Debugger.h:
1092         Expose accessor for the pause reason to subclasses.
1093
1094         * inspector/JSInjectedScriptHost.cpp:
1095         (Inspector::JSInjectedScriptHost::type):
1096         New "error" subtype for error objects.
1097
1098         * inspector/InjectedScriptSource.js:
1099         When an object is an error object, use toString to provide a richer description.
1100
1101         * inspector/protocol/Runtime.json:
1102         Expose a new "error" subtype for Error types (TypeError, ReferenceError, EvalError, etc).
1103
1104         * inspector/protocol/Debugger.json:
1105         Provide type checked objects for different Debugger.pause pause reasons.
1106         An exception provides the thrown object, but assert / CSP pauses provide
1107         a richer typed object as the auxiliary data.
1108
1109         * inspector/ScriptDebugServer.cpp:
1110         (Inspector::ScriptDebugServer::dispatchDidPause):
1111         When paused because of an exception, pass the exception on.
1112
1113         * inspector/agents/InspectorDebuggerAgent.h:
1114         * inspector/agents/InspectorDebuggerAgent.cpp:
1115         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1116         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1117         Provide richer data in pause events.
1118
1119         * inspector/scripts/codegen/generate_backend_commands.py:
1120         (BackendCommandsGenerator.generate_domain.is_anonymous_enum_param):
1121         (BackendCommandsGenerator.generate_domain):
1122         * inspector/scripts/tests/expected/enum-values.json-result:
1123         Generate frontend enums for anonymous enum event parameters.
1124
1125 2014-11-04  Michael Saboff  <msaboff@apple.com>
1126
1127         Disable flakey float32-repeat-out-of-bounds.js and int8-repeat-out-of-bounds.js tests for ARM64
1128         https://bugs.webkit.org/show_bug.cgi?id=138381
1129
1130         Reviewed by Mark Lam.
1131
1132         Disabled these test for ARM64.  Will address the failures and then re-enable.
1133
1134         * tests/stress/float32-repeat-out-of-bounds.js:
1135         * tests/stress/int8-repeat-out-of-bounds.js:
1136
1137 2014-11-04  Joseph Pecoraro  <pecoraro@apple.com>
1138
1139         Web Inspector: Enum value collisions between different generators
1140         https://bugs.webkit.org/show_bug.cgi?id=138343
1141
1142         Reviewed by Brian Burg.
1143
1144         Each generator was using its own filtered list of domains_to_generate
1145         to build the shared unique list of enum value encodings. This list
1146         was slightly different across different generators. Instead always
1147         use the list of all non-supplemental domains to generate the shared
1148         list of enum values.
1149
1150         * inspector/scripts/codegen/generator.py:
1151         (Generator.non_supplemental_domains):
1152         (Generator.domains_to_generate):
1153         (Generator._traverse_and_assign_enum_values):
1154         * inspector/scripts/tests/enum-values.json: Added.
1155         * inspector/scripts/tests/expected/enum-values.json-result: Added.
1156
1157 2014-11-03  Akos Kiss  <akiss@inf.u-szeged.hu>
1158
1159         Workaround for Cortex-A53 erratum 835769
1160         https://bugs.webkit.org/show_bug.cgi?id=138315
1161
1162         Reviewed by Filip Pizlo.
1163
1164         This patch introduces CMake variable and preprocessor macro
1165         WTF_CPU_ARM64_CORTEXA53 with the aim of enabling Cortex-A53-specific
1166         code paths, if set true. The patch also implements one case where such
1167         code paths are needed: the workaround for Cortex-A53 erratum 835769. If
1168         WTF_CPU_ARM64_CORTEXA53 is set then:
1169         - CMake checks whether the compiler already has support for a workaround
1170           and adds -mfix-cortex-a53-835769 to the compiler flags if so,
1171         - the ARM64 backend of offlineasm inserts a nop between memory and
1172           multiply-accumulate instructions, and
1173         - the ARM64 assembler also inserts a nop between memory and (64-bit) 
1174           multiply-accumulate instructions.
1175
1176         * assembler/ARM64Assembler.h:
1177         (JSC::ARM64Assembler::madd):
1178         Call nopCortexA53Fix835769() to insert a nop if CPU(ARM64_CORTEXA53) and
1179         if necessary.
1180         (JSC::ARM64Assembler::msub): Likewise.
1181         (JSC::ARM64Assembler::smaddl): Likewise.
1182         (JSC::ARM64Assembler::smsubl): Likewise.
1183         (JSC::ARM64Assembler::umaddl): Likewise.
1184         (JSC::ARM64Assembler::umsubl): Likewise.
1185         (JSC::ARM64Assembler::nopCortexA53Fix835769):
1186         Added. Insert a nop if the previously emitted instruction was a load, a
1187         store, or a prefetch, and if the current instruction is 64-bit.
1188         * offlineasm/arm64.rb:
1189         Add the arm64CortexA53Fix835769 phase and call it from
1190         getModifiedListARM64 to insert nopCortexA53Fix835769 between appropriate
1191         macro instructions. Also, lower nopCortexA53Fix835769 to nop if
1192         CPU(ARM64_CORTEXA53), to nothing otherwise.
1193         * offlineasm/instructions.rb:
1194         Define macro instruction nopFixCortexA53Err835769.
1195
1196 2014-11-03  Commit Queue  <commit-queue@webkit.org>
1197
1198         Unreviewed, rolling out r175509.
1199         https://bugs.webkit.org/show_bug.cgi?id=138349
1200
1201         broke some builds (Requested by msaboff on #webkit).
1202
1203         Reverted changeset:
1204
1205         "Update scope related slow path code to use scope register
1206         added to opcodes"
1207         https://bugs.webkit.org/show_bug.cgi?id=138254
1208         http://trac.webkit.org/changeset/175509
1209
1210 2014-11-03  Michael Saboff  <msaboff@apple.com>
1211
1212         Update scope related slow path code to use scope register added to opcodes
1213         https://bugs.webkit.org/show_bug.cgi?id=138254
1214
1215         Reviewed by Mark Lam.
1216
1217         Updated slow paths for op_pop_scope, op_push_name_scope and op_push_with_scope.
1218         Added scope register index parameter to the front of the relevant argument lists of the
1219         slow functions.  In the case of op_push_name_scope for x86 (32 bit), there aren't enough
1220         registers to accomodate all the parameters.  Therefore, added two new JSVALUE32_64 slow
1221         paths called operationPushCatchScope() and operationPushFunctionNameScope() to eliminate
1222         the last "type" argument.
1223         
1224
1225         * assembler/MacroAssemblerCodeRef.h:
1226         (JSC::FunctionPtr::FunctionPtr): Added a new template to take 6 arguments.
1227
1228         * jit/CCallHelpers.h:
1229         (JSC::CCallHelpers::setupArgumentsWithExecState):
1230         * jit/JIT.h:
1231         * jit/JITInlines.h:
1232         (JSC::JIT::callOperation):
1233         New variants of setupArgumentsWithExecState() and callOperation() to handle the new
1234         combinations of argument types and counts.
1235
1236         * jit/JITOpcodes.cpp:
1237         (JSC::JIT::emit_op_push_with_scope):
1238         (JSC::JIT::emit_op_pop_scope):
1239         (JSC::JIT::emit_op_push_name_scope):
1240         * jit/JITOpcodes32_64.cpp:
1241         (JSC::JIT::emit_op_push_with_scope):
1242         (JSC::JIT::emit_op_pop_scope):
1243         (JSC::JIT::emit_op_push_name_scope):
1244         Use the new slow paths.
1245
1246         * jit/JITOperations.cpp:
1247         * jit/JITOperations.h:
1248         Updates to set the scope result using the scope register index.  Added operationPushCatchScope()
1249         and operationPushFunctionNameScope().
1250
1251         * llint/LLIntSlowPaths.cpp:
1252         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1253         Updated the scope slow paths to use the scope register index in the instruction to read and
1254         write the register instead of using CallFrame::scope() and CallFrame::setScope().
1255
1256 2014-11-03  Michael Saboff  <msaboff@apple.com>
1257
1258         Add "get scope" byte code
1259         https://bugs.webkit.org/show_bug.cgi?id=138326
1260
1261         Reviewed by Mark Lam.
1262
1263         Added op_get_scope.  Added implementations for the LLInt and baseline JIT.
1264         Provided nop implementation for DFG and FTL.  The new byte code is emitted
1265         after op_enter for any function, program or eval.  It is expected that the
1266         DFG will be implemented such that unneeded op_get_scope would be eliminated
1267         during DFG compilation.
1268
1269         * bytecode/BytecodeList.json:
1270         * bytecode/BytecodeUseDef.h:
1271         (JSC::computeUsesForBytecodeOffset):
1272         (JSC::computeDefsForBytecodeOffset):
1273         Added new op_get_scope bytecode.
1274
1275         * bytecompiler/BytecodeGenerator.cpp:
1276         (JSC::BytecodeGenerator::BytecodeGenerator):
1277         (JSC::BytecodeGenerator::emitGetScope):
1278         * bytecompiler/BytecodeGenerator.h:
1279         Emit new op_get_scope bytecode.
1280
1281         * dfg/DFGByteCodeParser.cpp:
1282         (JSC::DFG::ByteCodeParser::parseBlock):
1283         * dfg/DFGCapabilities.cpp:
1284         (JSC::DFG::capabilityLevel):
1285         Added framework for new op_get_scope bytecode.
1286
1287         * bytecode/CodeBlock.cpp:
1288         (JSC::CodeBlock::dumpBytecode):
1289         * jit/JIT.cpp:
1290         (JSC::JIT::privateCompileMainPass):
1291         * jit/JIT.h:
1292         * jit/JITOpcodes.cpp:
1293         (JSC::JIT::emit_op_get_scope):
1294         * jit/JITOpcodes32_64.cpp:
1295         (JSC::JIT::emit_op_get_scope):
1296         * llint/LowLevelInterpreter32_64.asm:
1297         * llint/LowLevelInterpreter64.asm:
1298         Implementation of op_get_scope bytecode.
1299
1300 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
1301
1302         Web Inspector: Fix RWIProtocol 64-to-32 bit conversion warnings
1303         https://bugs.webkit.org/show_bug.cgi?id=138325
1304
1305         Reviewed by Timothy Hatcher.
1306
1307         * inspector/InspectorValues.h:
1308         Vector's length really is an unsigned, so a static_cast here is fine.
1309
1310         * inspector/scripts/codegen/generate_objective_c.py:
1311         (ObjCGenerator.objc_type_for_raw_name):
1312         Use int instead of NSInteger for APIs that eventually map to
1313         InspectorObject's setInteger, which takes an int.
1314
1315         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1316         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1317         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1318         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1319         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1320         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1321         Rebaselined results with the type change.
1322
1323 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
1324
1325         Web Inspector: Show Selector's Specificity
1326         https://bugs.webkit.org/show_bug.cgi?id=138189
1327
1328         Reviewed by Timothy Hatcher.
1329
1330         * inspector/protocol/CSS.json:
1331         Create a new named type CSSSelector to include a selector's text and specificity.
1332         The specificity tuple is optional as it may soon be made dynamic in some cases.
1333
1334 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
1335
1336         Web Inspector: ObjC Protocol Interfaces should throw exceptions for nil arguments
1337         https://bugs.webkit.org/show_bug.cgi?id=138221
1338
1339         Reviewed by Timothy Hatcher.
1340
1341         The RWIProtocol APIs will now raise exceptions when:
1342
1343           - any properties are set on a type with a nil value or key (handled by RWIProtocolJSONObject)
1344           - required parameters in type constructors have nil value
1345           - required or optional command return parameters have nil values
1346           - required or optional event parameters have nil values
1347
1348         The exceptions include the name of the field when possible.
1349
1350         * inspector/scripts/codegen/generate_objective_c.py:
1351         (ObjCGenerator.is_type_objc_pointer_type):
1352         Provide a quick check to see if type would be a pointer or not
1353         in the ObjC API. Enums for example are not pointers in the API
1354         because we manage converting them to/from strings.
1355
1356         * inspector/scripts/codegen/generate_objective_c_backend_dispatcher_implementation.py:
1357         (ObjectiveCConfigurationImplementationGenerator._generate_success_block_for_command):
1358         * inspector/scripts/codegen/generate_objective_c_frontend_dispatcher_implementation.py:
1359         (ObjectiveCFrontendDispatcherImplementationGenerator._generate_event):
1360         * inspector/scripts/codegen/generate_objective_c_types_implementation.py:
1361         (ObjectiveCTypesImplementationGenerator._generate_init_method_for_required_members):
1362         (ObjectiveCTypesImplementationGenerator._generate_setter_for_member):
1363         Throw exceptions when nil values are disallowed.
1364
1365         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1366         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1367         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1368         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1369         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1370         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1371         Rebaseline tests which include the exception raise calls.
1372
1373 2014-11-03  Joseph Pecoraro  <pecoraro@apple.com>
1374
1375         Web Inspector: ALTERNATE_DISPATCHERS Let the frontend know about extra agents
1376         https://bugs.webkit.org/show_bug.cgi?id=138236
1377
1378         Reviewed by Brian Burg.
1379
1380         Inform the frontend about any extra domains the backend may have
1381         above and beyond the default list of domains for the debuggable type.
1382         This approach means there is almost no cost to normal debugging.
1383         When a JSContext is debugged with extra agents, a message is sent
1384         to the frontend letting it know which domains to then activate,
1385         and perform any initialization work that may be required.
1386
1387         * inspector/InspectorAgentBase.h:
1388         (Inspector::InspectorAgentBase::domainName):
1389         * inspector/InspectorAgentRegistry.cpp:
1390         (Inspector::InspectorAgentRegistry::appendExtraAgent):
1391         * inspector/InspectorAgentRegistry.h:
1392         * inspector/scripts/codegen/generator_templates.py:
1393         Provide a way to get a list of just the extra domains.
1394         To aggregate this list provide a different "append"
1395         specifically for extra agents.
1396
1397         * inspector/JSGlobalObjectInspectorController.h:
1398         * inspector/JSGlobalObjectInspectorController.cpp:
1399         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1400         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1401         When a frontend connects, inform it of the extra domains.
1402
1403         * inspector/protocol/Inspector.json:
1404         * inspector/agents/InspectorAgent.h:
1405         * inspector/agents/InspectorAgent.cpp:
1406         (Inspector::InspectorAgent::enable):
1407         (Inspector::InspectorAgent::activateExtraDomains):
1408         Send an event with the extra domains to activate.
1409
1410 2014-11-01  Michael Saboff  <msaboff@apple.com>
1411
1412         Add scope operand to op_resolve_scope
1413         https://bugs.webkit.org/show_bug.cgi?id=138253
1414
1415         Reviewed by Mark Lam.
1416
1417         Added scope operand to op_resolve_scope.  Although the scope register is filled in with
1418         the ScopeChain register, this operand is not used in the processing of the bytecode.
1419         That will be addressed in a future patch.
1420
1421         * bytecode/BytecodeList.json: Lengthened the three bytecodes.
1422         * bytecode/CodeBlock.cpp:
1423         (JSC::CodeBlock::dumpBytecode): Added code to dump the scope operand.
1424
1425         (JSC::CodeBlock::CodeBlock): 
1426         (JSC::CodeBlock::finalizeUnconditionally):
1427         Updated the operand indecies for the processing of op_resolve_scope.
1428
1429         * bytecompiler/BytecodeGenerator.cpp:
1430         (JSC::BytecodeGenerator::emitResolveScope):
1431         (JSC::BytecodeGenerator::emitGetOwnScope):
1432         (JSC::BytecodeGenerator::emitReturn):
1433         Added scope register to these emit functions and the bytecodes they emit.
1434
1435         * dfg/DFGByteCodeParser.cpp:
1436         (JSC::DFG::ByteCodeParser::parseBlock):
1437         * dfg/DFGCapabilities.cpp:
1438         (JSC::DFG::capabilityLevel):
1439         * jit/JITPropertyAccess.cpp:
1440         (JSC::JIT::emit_op_resolve_scope):
1441         (JSC::JIT::emitSlow_op_resolve_scope):
1442         * jit/JITPropertyAccess32_64.cpp:
1443         (JSC::JIT::emit_op_resolve_scope):
1444         (JSC::JIT::emitSlow_op_resolve_scope):
1445         * llint/LLIntSlowPaths.cpp:
1446         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1447         * llint/LowLevelInterpreter32_64.asm:
1448         * llint/LowLevelInterpreter64.asm:
1449         Updated the operand indecies for the processing of op_resolve_scope.
1450
1451 2014-11-01  Carlos Garcia Campos  <cgarcia@igalia.com>
1452
1453         REGRESSION(CMake): Make it possible to build without introspection
1454         https://bugs.webkit.org/show_bug.cgi?id=138006
1455
1456         Reviewed by Philippe Normand.
1457
1458         Do not install introspection files when introspection is disabled.
1459
1460         * PlatformGTK.cmake:
1461
1462 2014-10-31  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1463
1464         Use std::unique_ptr for TypeCountSet
1465         https://bugs.webkit.org/show_bug.cgi?id=138242
1466
1467         Reviewed by Andreas Kling.
1468
1469         * heap/Heap.cpp:
1470         (JSC::Heap::protectedObjectTypeCounts):
1471         Use std::unique_ptr<> instead of PassOwnPtr|OwnPtr.
1472         (JSC::Heap::objectTypeCounts): ditto.
1473         * heap/Heap.h:
1474
1475 2014-10-31  Michael Saboff  <msaboff@apple.com>
1476
1477         Add scope operand to op_push_with_scope, op_push_name_scope and op_pop_scope
1478         https://bugs.webkit.org/show_bug.cgi?id=138252
1479
1480         Reviewed by Geoffrey Garen.
1481
1482         Added scope operand to op_push_with_scope, op_push_name_scope and op_pop_scope.
1483         Although the scope register is filled in with the ScopeChain register for all 
1484         three bytecodes, this operand is not used in the processing of the bytecodes.
1485         That will be addressed in a future patch.
1486
1487         * bytecode/BytecodeList.json: Lengthened the three bytecodes.
1488         * bytecode/CodeBlock.cpp:
1489         (JSC::CodeBlock::dumpBytecode): Added code to dump the scope operand.
1490         * bytecompiler/BytecodeGenerator.cpp:
1491         (JSC::BytecodeGenerator::BytecodeGenerator):
1492         (JSC::BytecodeGenerator::emitPushWithScope):
1493         (JSC::BytecodeGenerator::emitPopScope):
1494         (JSC::BytecodeGenerator::emitComplexPopScopes):
1495         (JSC::BytecodeGenerator::emitPopScopes):
1496         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1497         (JSC::BytecodeGenerator::emitPushCatchScope):
1498         * bytecompiler/BytecodeGenerator.h:
1499         (JSC::BytecodeGenerator::scopeRegister):
1500         Added scope register to these emit functions and the bytecodes they emit.
1501         New m_scopeRegister and accessor.
1502
1503         * bytecompiler/NodesCodegen.cpp:
1504         (JSC::ContinueNode::emitBytecode):
1505         (JSC::BreakNode::emitBytecode):
1506         (JSC::ReturnNode::emitBytecode):
1507         (JSC::WithNode::emitBytecode):
1508         (JSC::TryNode::emitBytecode):
1509         Created a RegisterID for the ScopeChain register and used it to emit the updated
1510         bytecodes.
1511
1512         * jit/JITOpcodes.cpp:
1513         (JSC::JIT::emit_op_push_with_scope):
1514         (JSC::JIT::emit_op_push_name_scope):
1515         * jit/JITOpcodes32_64.cpp:
1516         (JSC::JIT::emit_op_push_with_scope):
1517         (JSC::JIT::emit_op_push_name_scope):
1518         * llint/LLIntSlowPaths.cpp:
1519         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1520         * llint/LowLevelInterpreter.asm:
1521         Updated the operand indecies for the processing of the updated bytecodes.
1522
1523 2014-10-31  Andreas Kling  <akling@apple.com>
1524
1525         Make writes to RegExpObject.lastIndex cacheable.
1526         <https://webkit.org/b/138255>
1527
1528         Reviewed by Geoffrey Garen.
1529
1530         We were neglecting to IC the puts to RegExpObject.lastIndex on Octane/regexp,
1531         and ended up spending 4.5% of a time profile in operationPutByIdNonStrict.
1532
1533         ~3% progression on Octane/regexp.
1534
1535         * runtime/RegExpObject.cpp:
1536         (JSC::regExpObjectSetLastIndexStrict):
1537         (JSC::regExpObjectSetLastIndexNonStrict):
1538         (JSC::RegExpObject::put):
1539
1540 2014-10-31  Chris Dumez  <cdumez@apple.com>
1541
1542         Fix a couple of warnings in JSC reported by clang static analyzer
1543         https://bugs.webkit.org/show_bug.cgi?id=138240
1544
1545         Reviewed by Geoffrey Garen.
1546
1547         Fix a couple of warnings in JSC reported by clang static analyzer about
1548         value stored in variables never being read. This is addressed by
1549         reducing the scope of the variable or removing the variable entirely.
1550
1551         * dfg/DFGConstantFoldingPhase.cpp:
1552         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
1553         * runtime/VM.cpp:
1554         (JSC::VM::throwException):
1555
1556 2014-10-30  Dana Burkart  <dburkart@apple.com>
1557
1558         <rdar://problem/18821260> Prepare for the mysterious future
1559
1560         Reviewed by Lucas Forschler.
1561
1562         * Configurations/Base.xcconfig:
1563         * Configurations/DebugRelease.xcconfig:
1564         * Configurations/FeatureDefines.xcconfig:
1565         * Configurations/Version.xcconfig:
1566
1567 2014-10-30  Saam Barati  <saambarati1@gmail.com>
1568
1569         AST Nodes should keep track of their end offset
1570         https://bugs.webkit.org/show_bug.cgi?id=138143
1571
1572         Reviewed by Filip Pizlo.
1573
1574         AST nodes nodes now have an int property for their end text 
1575         offsets. This change lays some foundational work that will be 
1576         needed in profiling which basic blocks have executed.
1577
1578         * parser/ASTBuilder.h:
1579         (JSC::ASTBuilder::setEndOffset):
1580         * parser/Nodes.h:
1581         (JSC::Node::endOffset):
1582         (JSC::Node::setEndOffset):
1583         * parser/Parser.cpp:
1584         (JSC::Parser<LexerType>::parseStatement):
1585         (JSC::Parser<LexerType>::parseFunctionInfo):
1586         (JSC::Parser<LexerType>::parseExpression):
1587         (JSC::Parser<LexerType>::parseProperty):
1588         * parser/Parser.h:
1589         (JSC::Parser<LexerType>::parse):
1590         * parser/SyntaxChecker.h:
1591         (JSC::SyntaxChecker::operatorStackPop):
1592
1593 2014-10-30  Joseph Pecoraro  <pecoraro@apple.com>
1594
1595         Web Inspector: Generate ObjC inspector protocol types and alternate dispatcher interfaces
1596         https://bugs.webkit.org/show_bug.cgi?id=138048
1597
1598         Reviewed by Brian Burg.
1599
1600         Generate Objective-C interfaces for inspector protocol types, command, and event dispatchers.
1601         This is very much like the InspectorProtocolTypes, BackendDispatchers, and FrontendDispatchers,
1602         but with an ObjC spin on things.
1603
1604         The private API that clients would use is all encapsulated in RWIProtocol.h. It includes the
1605         types interfaces, command handler protocol, and event dispatcher interface. Where possible the
1606         API uses real enums, which hides the raw protocol enum strings from clients.
1607
1608         Inspector protocol types are, like InspectorProtocolObjects, built on top of an InspectorObject.
1609         This offers the flexibilty of adding arbitrary key/values using the RWIProtocolJSONObject
1610         interface, which may be required for certain protocol objects like "Network.Headers" which
1611         have no fields, but expect arbitrary properties to be added.
1612
1613         Command handler protocols always have two callbacks. An error callback and a success callback.
1614         The signature is very much like BackendDispatchers. In parameters are passed directly to
1615         the selectors, and out parameters are defined by the success callback. It will be the client's
1616         responsibility to call either of these callbacks to complete handling of a request.
1617
1618         Event dispatcher interfaces are straight forward, just packaging up the arguments and sending
1619         the message to the frontend.
1620
1621         ObjC <-> Protocol conversion happens in each of the generated files. In type getters / setters,
1622         in commands parameters and event parameters. For this to work we generate conversion helpers
1623         for all enums, ObjC enum <-> protocol strings. For NSArray <-> InspectorArray there are some
1624         static helpers to do the conversions. We do lose some type safety in these conversions.
1625
1626         * JavaScriptCore.xcodeproj/project.pbxproj:
1627         * inspector/scripts/codegen/__init__.py:
1628         * inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py:
1629         (AlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
1630         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
1631         (BackendDispatcherHeaderGenerator._generate_alternate_handler_forward_declarations_for_domains.AlternateInspector):
1632         (BackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
1633         (BackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1634         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
1635         (BackendDispatcherImplementationGenerator._generate_handler_class_destructor_for_domain):
1636         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
1637         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
1638         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
1639         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
1640         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
1641         * inspector/scripts/codegen/generate_objective_c.py: Added.
1642         (join_type_and_name):
1643         (strip_comment_markers):
1644         (remove_duplicate_from_str):
1645         (ObjCTypeCategory):
1646         (ObjCTypeCategory.category_of_type):
1647         (ObjCGenerator):
1648         (ObjCGenerator.identifier_to_objc_identifier):
1649         (ObjCGenerator.objc_identifier_to_identifier):
1650         (ObjCGenerator.should_generate_domain_types_filter):
1651         (ObjCGenerator.should_generate_domain_types_filter.should_generate_domain_types):
1652         (ObjCGenerator.should_generate_domain_command_handler_filter):
1653         (ObjCGenerator.should_generate_domain_command_handler_filter.should_generate_domain_command_handler):
1654         (ObjCGenerator.should_generate_domain_event_dispatcher_filter):
1655         (ObjCGenerator.should_generate_domain_event_dispatcher_filter.should_generate_domain_event_dispatcher):
1656         (ObjCGenerator.objc_name_for_type):
1657         (ObjCGenerator.objc_enum_name_for_anonymous_enum_declaration):
1658         (ObjCGenerator.objc_enum_name_for_anonymous_enum_member):
1659         (ObjCGenerator.objc_enum_name_for_anonymous_enum_parameter):
1660         (ObjCGenerator.objc_enum_name_for_non_anonymous_enum):
1661         (ObjCGenerator.variable_name_prefix_for_domain):
1662         (ObjCGenerator.objc_accessor_type_for_raw_name):
1663         (ObjCGenerator.objc_type_for_raw_name):
1664         (ObjCGenerator.objc_class_for_raw_name):
1665         (ObjCGenerator.protocol_type_for_raw_name):
1666         (ObjCGenerator.protocol_type_for_type):
1667         (ObjCGenerator.objc_class_for_type):
1668         (ObjCGenerator.objc_accessor_type_for_member):
1669         (ObjCGenerator.objc_accessor_type_for_member_internal):
1670         (ObjCGenerator.objc_type_for_member):
1671         (ObjCGenerator.objc_type_for_member_internal):
1672         (ObjCGenerator.objc_type_for_param):
1673         (ObjCGenerator.objc_type_for_param_internal):
1674         (ObjCGenerator.objc_protocol_export_expression_for_variable):
1675         (ObjCGenerator.objc_protocol_import_expression_for_member):
1676         (ObjCGenerator.objc_protocol_import_expression_for_parameter):
1677         (ObjCGenerator.objc_protocol_import_expression_for_variable):
1678         (ObjCGenerator.objc_to_protocol_expression_for_member):
1679         (ObjCGenerator.protocol_to_objc_expression_for_member):
1680         (ObjCGenerator.objc_setter_method_for_member):
1681         (ObjCGenerator.objc_setter_method_for_member_internal):
1682         (ObjCGenerator.objc_getter_method_for_member):
1683         (ObjCGenerator.objc_getter_method_for_member_internal):
1684         * inspector/scripts/codegen/generate_objective_c_backend_dispatcher_header.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py.
1685         (ObjectiveCBackendDispatcherHeaderGenerator):
1686         (ObjectiveCBackendDispatcherHeaderGenerator.output_filename):
1687         (ObjectiveCBackendDispatcherHeaderGenerator.domains_to_generate):
1688         (ObjectiveCBackendDispatcherHeaderGenerator.generate_output):
1689         (ObjectiveCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1690         (ObjectiveCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains):
1691         (ObjectiveCBackendDispatcherHeaderGenerator._generate_objc_handler_declarations_for_domain):
1692         (ObjectiveCBackendDispatcherHeaderGenerator._generate_objc_handler_declaration_for_command):
1693         * inspector/scripts/codegen/generate_objective_c_backend_dispatcher_implementation.py: Added.
1694         (ObjectiveCConfigurationImplementationGenerator):
1695         (ObjectiveCConfigurationImplementationGenerator.__init__):
1696         (ObjectiveCConfigurationImplementationGenerator.output_filename):
1697         (ObjectiveCConfigurationImplementationGenerator.domains_to_generate):
1698         (ObjectiveCConfigurationImplementationGenerator.generate_output):
1699         (ObjectiveCConfigurationImplementationGenerator._generate_handler_implementation_for_domain):
1700         (ObjectiveCConfigurationImplementationGenerator._generate_handler_implementation_for_command):
1701         (ObjectiveCConfigurationImplementationGenerator._generate_success_block_for_command):
1702         (ObjectiveCConfigurationImplementationGenerator._generate_conversions_for_command):
1703         (ObjectiveCConfigurationImplementationGenerator._generate_invocation_for_command):
1704         * inspector/scripts/codegen/generate_objective_c_configuration_header.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py.
1705         (ObjectiveCConfigurationHeaderGenerator):
1706         (ObjectiveCConfigurationHeaderGenerator.output_filename):
1707         (ObjectiveCConfigurationHeaderGenerator.generate_output):
1708         (ObjectiveCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
1709         (ObjectiveCConfigurationHeaderGenerator._generate_properties_for_domain):
1710         * inspector/scripts/codegen/generate_objective_c_configuration_implementation.py: Added.
1711         (ObjectiveCBackendDispatcherImplementationGenerator):
1712         (ObjectiveCBackendDispatcherImplementationGenerator.__init__):
1713         (ObjectiveCBackendDispatcherImplementationGenerator.output_filename):
1714         (ObjectiveCBackendDispatcherImplementationGenerator.generate_output):
1715         (ObjectiveCBackendDispatcherImplementationGenerator._generate_configuration_implementation_for_domains):
1716         (ObjectiveCBackendDispatcherImplementationGenerator._generate_ivars):
1717         (ObjectiveCBackendDispatcherImplementationGenerator._generate_dealloc):
1718         (ObjectiveCBackendDispatcherImplementationGenerator._generate_handler_setter_for_domain):
1719         (ObjectiveCBackendDispatcherImplementationGenerator._generate_event_dispatcher_getter_for_domain):
1720         * inspector/scripts/codegen/generate_objective_c_conversion_helpers.py: Added.
1721         (add_whitespace_separator):
1722         (ObjectiveCConversionHelpersGenerator):
1723         (ObjectiveCConversionHelpersGenerator.__init__):
1724         (ObjectiveCConversionHelpersGenerator.output_filename):
1725         (ObjectiveCConversionHelpersGenerator.domains_to_generate):
1726         (ObjectiveCConversionHelpersGenerator.generate_output):
1727         (ObjectiveCConversionHelpersGenerator._generate_enum_conversion_functions):
1728         (ObjectiveCConversionHelpersGenerator._generate_anonymous_enum_conversion_for_declaration):
1729         (ObjectiveCConversionHelpersGenerator._generate_anonymous_enum_conversion_for_member):
1730         (ObjectiveCConversionHelpersGenerator._generate_anonymous_enum_conversion_for_parameter):
1731         (ObjectiveCConversionHelpersGenerator._generate_enum_objc_to_protocol_string):
1732         (ObjectiveCConversionHelpersGenerator._generate_enum_from_protocol_string):
1733         * inspector/scripts/codegen/generate_objective_c_frontend_dispatcher_implementation.py: Added.
1734         (ObjectiveCFrontendDispatcherImplementationGenerator):
1735         (ObjectiveCFrontendDispatcherImplementationGenerator.__init__):
1736         (ObjectiveCFrontendDispatcherImplementationGenerator.output_filename):
1737         (ObjectiveCFrontendDispatcherImplementationGenerator.domains_to_generate):
1738         (ObjectiveCFrontendDispatcherImplementationGenerator.generate_output):
1739         (ObjectiveCFrontendDispatcherImplementationGenerator._generate_event_dispatcher_implementations):
1740         (ObjectiveCFrontendDispatcherImplementationGenerator._generate_event):
1741         (ObjectiveCFrontendDispatcherImplementationGenerator._generate_event_signature):
1742         (ObjectiveCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1743         * inspector/scripts/codegen/generate_objective_c_header.py: Added.
1744         (add_whitespace_separator):
1745         (ObjectiveCHeaderGenerator):
1746         (ObjectiveCHeaderGenerator.__init__):
1747         (ObjectiveCHeaderGenerator.output_filename):
1748         (ObjectiveCHeaderGenerator.generate_output):
1749         (ObjectiveCHeaderGenerator._generate_forward_declarations):
1750         (ObjectiveCHeaderGenerator._generate_enums):
1751         (ObjectiveCHeaderGenerator._generate_types):
1752         (ObjectiveCHeaderGenerator._generate_anonymous_enum_for_declaration):
1753         (ObjectiveCHeaderGenerator._generate_anonymous_enum_for_member):
1754         (ObjectiveCHeaderGenerator._generate_anonymous_enum_for_parameter):
1755         (ObjectiveCHeaderGenerator._generate_enum):
1756         (ObjectiveCHeaderGenerator._generate_enum.NS_ENUM):
1757         (ObjectiveCHeaderGenerator._generate_type_interface):
1758         (ObjectiveCHeaderGenerator._generate_init_method_for_required_members):
1759         (ObjectiveCHeaderGenerator._generate_member_property):
1760         (ObjectiveCHeaderGenerator._generate_command_protocols):
1761         (ObjectiveCHeaderGenerator._generate_single_command_protocol):
1762         (ObjectiveCHeaderGenerator._callback_block_for_command):
1763         (ObjectiveCHeaderGenerator._generate_event_interfaces):
1764         (ObjectiveCHeaderGenerator._generate_single_event_interface):
1765         * inspector/scripts/codegen/generate_objective_c_internal_header.py: Copied from Source/JavaScriptCore/inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py.
1766         (ObjectiveCTypesInternalHeaderGenerator):
1767         (ObjectiveCTypesInternalHeaderGenerator.output_filename):
1768         (ObjectiveCTypesInternalHeaderGenerator.generate_output):
1769         (ObjectiveCTypesInternalHeaderGenerator._generate_event_dispatcher_private_interfaces):
1770         * inspector/scripts/codegen/generate_objective_c_types_implementation.py: Added.
1771         (add_whitespace_separator):
1772         (ObjectiveCTypesImplementationGenerator):
1773         (ObjectiveCTypesImplementationGenerator.__init__):
1774         (ObjectiveCTypesImplementationGenerator.output_filename):
1775         (ObjectiveCTypesImplementationGenerator.domains_to_generate):
1776         (ObjectiveCTypesImplementationGenerator.generate_output):
1777         (ObjectiveCTypesImplementationGenerator.generate_type_implementations):
1778         (ObjectiveCTypesImplementationGenerator.generate_type_implementation):
1779         (ObjectiveCTypesImplementationGenerator._generate_init_method_for_required_members):
1780         (ObjectiveCTypesImplementationGenerator._generate_setter_for_member):
1781         (ObjectiveCTypesImplementationGenerator._generate_getter_for_member):
1782         * inspector/scripts/codegen/generate_protocol_types_header.py:
1783         (ProtocolTypesHeaderGenerator._generate_forward_declarations):
1784         (_generate_typedefs_for_domain):
1785         (_generate_builders_for_domain):
1786         * inspector/scripts/codegen/generator.py:
1787         (Generator.wrap_with_guard_for_domain):
1788         (Generator):
1789         (Generator.wrap_with_guard):
1790         * inspector/scripts/codegen/generator_templates.py:
1791         (AlternateInspector):
1792         (ObjCInspector):
1793         * inspector/scripts/codegen/models.py:
1794         (Framework.fromString):
1795         (Frameworks):
1796         * inspector/scripts/generate-inspector-protocol-bindings.py:
1797         (generate_from_specification):
1798         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1799         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1800         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1801         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1802         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1803         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1804         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1805         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1806         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1807         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1808         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1809         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1810
1811 2014-10-30  Andreas Kling  <akling@apple.com>
1812
1813         Unreviewed assertion fix.
1814
1815         RegExpCachedResult::m_reified is now the dedicated member that knows whether
1816         the result was reified into an array or not. Check that instead of m_result
1817         which is now single-purpose.
1818
1819         * runtime/RegExpCachedResult.cpp:
1820         (JSC::RegExpCachedResult::setInput):
1821
1822 2014-10-29  Andreas Kling  <akling@apple.com>
1823
1824         Use plain JSArray for RegExp matches instead of a lazily populated custom object.
1825         <https://webkit.org/b/138191>
1826
1827         Reviewed by Geoffrey Garen.
1828
1829         We're already offering two RegExp matching APIs, one that collects subpattern
1830         matches (exec), and one that simply tests for a match (test).
1831         Given that, it was pretty overkill to lazily populate the resulting array of
1832         matches, since the user could simply use test() if they didn't need them.
1833
1834         This allows the JIT to generate better code for RegExp match arrays, and also
1835         enables some fast paths in the JSC runtime that check if an object isJSArray().
1836
1837         Looks like ~1.5% improvement on Octane/regexp according to run-jsc-benchmarks.
1838
1839         * jit/Repatch.cpp:
1840         (JSC::tryCacheGetByID):
1841         * runtime/JSArray.h:
1842         (JSC::createArrayButterflyWithExactLength): Deleted.
1843         * runtime/JSGlobalObject.cpp:
1844         (JSC::JSGlobalObject::init):
1845         * runtime/RegExpCachedResult.cpp:
1846         (JSC::RegExpCachedResult::visitChildren):
1847         (JSC::RegExpCachedResult::lastResult):
1848         (JSC::RegExpCachedResult::leftContext):
1849         (JSC::RegExpCachedResult::rightContext):
1850         * runtime/RegExpCachedResult.h:
1851         (JSC::RegExpCachedResult::RegExpCachedResult):
1852         (JSC::RegExpCachedResult::record):
1853         (JSC::RegExpCachedResult::input):
1854         * runtime/RegExpConstructor.cpp:
1855         (JSC::RegExpConstructor::getBackref):
1856         (JSC::RegExpConstructor::getLastParen):
1857         (JSC::RegExpConstructor::getLeftContext):
1858         (JSC::RegExpConstructor::getRightContext):
1859         * runtime/RegExpMatchesArray.cpp:
1860         (JSC::createRegExpMatchesArray):
1861         (JSC::RegExpMatchesArray::RegExpMatchesArray): Deleted.
1862         (JSC::RegExpMatchesArray::create): Deleted.
1863         (JSC::RegExpMatchesArray::finishCreation): Deleted.
1864         (JSC::RegExpMatchesArray::visitChildren): Deleted.
1865         (JSC::RegExpMatchesArray::reifyAllProperties): Deleted.
1866         (JSC::RegExpMatchesArray::reifyMatchProperty): Deleted.
1867         (JSC::RegExpMatchesArray::leftContext): Deleted.
1868         (JSC::RegExpMatchesArray::rightContext): Deleted.
1869         * runtime/RegExpMatchesArray.h:
1870         (JSC::RegExpMatchesArray::createStructure): Deleted.
1871         (JSC::RegExpMatchesArray::reifyAllPropertiesIfNecessary): Deleted.
1872         (JSC::RegExpMatchesArray::reifyMatchPropertyIfNecessary): Deleted.
1873         (JSC::RegExpMatchesArray::getOwnPropertySlot): Deleted.
1874         (JSC::RegExpMatchesArray::getOwnPropertySlotByIndex): Deleted.
1875         (JSC::RegExpMatchesArray::put): Deleted.
1876         (JSC::RegExpMatchesArray::putByIndex): Deleted.
1877         (JSC::RegExpMatchesArray::deleteProperty): Deleted.
1878         (JSC::RegExpMatchesArray::deletePropertyByIndex): Deleted.
1879         (JSC::RegExpMatchesArray::getOwnPropertyNames): Deleted.
1880         (JSC::RegExpMatchesArray::defineOwnProperty): Deleted.
1881         (JSC::isRegExpMatchesArray): Deleted.
1882         * runtime/RegExpObject.cpp:
1883         (JSC::RegExpObject::exec):
1884         * runtime/StringPrototype.cpp:
1885         (JSC::stringProtoFuncMatch):
1886
1887 2014-10-29  Joseph Pecoraro  <pecoraro@apple.com>
1888
1889         Web Inspector: Fix Type Dependency Issues
1890         https://bugs.webkit.org/show_bug.cgi?id=125664
1891
1892         Reviewed by Brian Burg.
1893
1894         Now that all JSON protocol files are processed together again
1895         in r174892, we can remove the duplicated types which were only
1896         needed when the domains were split.
1897
1898         * inspector/protocol/Console.json:
1899         * inspector/protocol/Runtime.json:
1900
1901 2014-10-28  Commit Queue  <commit-queue@webkit.org>
1902
1903         Unreviewed, rolling out r175249.
1904         https://bugs.webkit.org/show_bug.cgi?id=138138
1905
1906         Appears to be failing some JS tests (Requested by mlam_ on
1907         #webkit).
1908
1909         Reverted changeset:
1910
1911         "Holes are not copied properly when Arrays change shape to
1912         ArrayStorage type."
1913         https://bugs.webkit.org/show_bug.cgi?id=138118
1914         http://trac.webkit.org/changeset/175249
1915
1916 2014-10-27  Mark Lam  <mark.lam@apple.com>
1917
1918         Holes are not copied properly when Arrays change shape to ArrayStorage type.
1919         <https://webkit.org/b/138118>
1920
1921         Reviewed by Mark Hahnenberg.
1922
1923         When we convert non-ArrayStorage typed arrays into ArrayStorage typed arrays,
1924         we skipped the holes.  As a result, the slots in the ArrayStorage vector that
1925         corresponds to those holes are uninitialize.  This is now fixed.
1926
1927         * runtime/JSObject.cpp:
1928         (JSC::JSObject::convertUndecidedToArrayStorage):
1929         (JSC::JSObject::convertInt32ToArrayStorage):
1930         (JSC::JSObject::convertDoubleToArrayStorage):
1931         (JSC::JSObject::convertContiguousToArrayStorage):
1932
1933 2014-10-27  Mark Lam  <mark.lam@apple.com>
1934
1935         Crash when attempting to perform array iteration on a non-array with numeric keys not initialized.
1936         <https://webkit.org/b/137814>
1937
1938         Reviewed by Geoffrey Garen.
1939
1940         The arrayIteratorNextThunkGenerator() thunk was not checking for the case where
1941         the butterfly may be NULL.  This was the source of the crash, and is now fixed.
1942
1943         In addition, it is also not checking for the case where a property named "length"
1944         may have been set on the iterated object.  The thunk only checks the butterfly's
1945         publicLength for its iteration operation.  Array objects will work fine with this
1946         because it always updates its butterfly's publicLength when its length changes.
1947         In the case of iterable non-Array objects, the "length" property will require a
1948         look up outside of the scope of this thunk.  The fix is simply to limit the fast
1949         case checks in this thunk to Array objects.
1950
1951         * jit/ThunkGenerators.cpp:
1952         (JSC::arrayIteratorNextThunkGenerator):
1953
1954 2014-10-27  Mark Lam  <mark.lam@apple.com>
1955
1956         Simplified some JSObject methods for converting arrays to ArrayStorage shape.
1957         <https://webkit.org/b/138119>
1958
1959         Reviewed by Filip Pizlo.
1960
1961         Currently, for each Undecided, Int32, Double, and Contiguous array shapes,
1962         there are 3 JSObject methods to convert them to ArrayStorage shape:
1963             ArrayStorage* convert<shape>ToArrayStorage(VM&, NonPropertyTransition, unsigned neededLength);
1964             ArrayStorage* convert<shape>ToArrayStorage(VM&, NonPropertyTransition);
1965             ArrayStorage* convert<shape>ToArrayStorage(VM&);
1966
1967         However, the neededLength that is passed is always m_butterfly->vectorLength().
1968         Hence, the method that takes a neededLength is really not needed.  This patch
1969         removes this unneeded verbosity.
1970
1971         * runtime/JSObject.cpp:
1972         (JSC::JSObject::convertUndecidedToArrayStorage):
1973         (JSC::JSObject::convertInt32ToArrayStorage):
1974         - Also reordered the placement of the DeferGC statement so this Int32 function
1975           will look more similar to the others.
1976         (JSC::JSObject::convertDoubleToArrayStorage):
1977         (JSC::JSObject::convertContiguousToArrayStorage):
1978         * runtime/JSObject.h:
1979
1980 2014-10-25  Brian J. Burg  <burg@cs.washington.edu>
1981
1982         Web Inspector: timelines should not count time elapsed while paused in the debugger
1983         https://bugs.webkit.org/show_bug.cgi?id=136351
1984
1985         Unreviewed, follow-up fix after r175203. The debugger agent should not assume
1986         that the inspector environment's stopwatch has already been started.
1987
1988         * inspector/agents/InspectorDebuggerAgent.cpp:
1989         (Inspector::InspectorDebuggerAgent::didPause): Check if the stopwatch isActive() before stopping.
1990
1991 2014-10-18  Brian J. Burg  <burg@cs.washington.edu>
1992
1993         Web Inspector: timelines should not count time elapsed while paused in the debugger
1994         https://bugs.webkit.org/show_bug.cgi?id=136351
1995
1996         Reviewed by Timothy Hatcher.
1997
1998         Now that we have a stopwatch to provide pause-aware timing data, we can remove the
1999         profiler's handling of debugger pause/continue callbacks. The debugger agent accounts
2000         for suspended execution by pausing and resuming the stopwatch.
2001
2002         * API/JSProfilerPrivate.cpp:
2003         (JSStartProfiling): Use a fresh stopwatch when profiling from the JSC API.
2004         * inspector/InspectorEnvironment.h:
2005         * inspector/JSGlobalObjectInspectorController.cpp:
2006         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2007         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
2008         * inspector/JSGlobalObjectInspectorController.h:
2009         * inspector/ScriptDebugServer.cpp:
2010         (Inspector::ScriptDebugServer::handlePause):
2011         * inspector/agents/InspectorDebuggerAgent.cpp:
2012         (Inspector::InspectorDebuggerAgent::didPause):
2013         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
2014         (Inspector::InspectorDebuggerAgent::didContinue):
2015         * inspector/agents/InspectorDebuggerAgent.h:
2016         * profiler/LegacyProfiler.cpp:
2017         (JSC::LegacyProfiler::profiler): Use nullptr.
2018         (JSC::LegacyProfiler::startProfiling): Hand off a stopwatch to the profile generator.
2019         (JSC::LegacyProfiler::stopProfiling): Use nullptr.
2020         (JSC::LegacyProfiler::didPause): Deleted.
2021         (JSC::LegacyProfiler::didContinue): Deleted.
2022         * profiler/LegacyProfiler.h:
2023         * profiler/Profile.cpp: The root node should always have a start time of 0.0.
2024         (JSC::Profile::Profile):
2025         * profiler/ProfileGenerator.cpp: Remove debugger pause/continue callbacks and the
2026         timestamp member that was used to track time elapsed by the debugger. Just use the
2027         stopwatch's elapsed times to generate start/elapsed times for function calls.
2028
2029         (JSC::ProfileGenerator::create):
2030         (JSC::ProfileGenerator::ProfileGenerator):
2031         (JSC::AddParentForConsoleStartFunctor::operator()): The parent node of |console.profile|
2032         should have a start time of 0.0, since it represents the starting node of profiling.
2033
2034         (JSC::ProfileGenerator::beginCallEntry):
2035         (JSC::ProfileGenerator::endCallEntry):
2036         (JSC::ProfileGenerator::didPause): Deleted.
2037         (JSC::ProfileGenerator::didContinue): Deleted.
2038         * profiler/ProfileGenerator.h:
2039
2040 2014-10-24  Mark Lam  <mark.lam@apple.com>
2041
2042         Simplified IndexingType's hasAnyArrayStorage().
2043         <https://webkit.org/b/138051>
2044
2045         Reviewed by Michael Saboff.
2046
2047         IndexingType's hasAnyArrayStorage() currently does subtraction of ArrayStorageShape
2048         with the purpose of making non-ArrayStorage types underflow (with that subtraction)
2049         and have a result that exceeds SlowPutArrayStorageShape.  What it is doing is
2050         basically checking for a shape value that is greater equal to ArrayStorageShape.
2051         We can just simplify the code as such.
2052
2053         Also added a comment to describe the structure of the bits in IndexingType.
2054
2055         * runtime/IndexingType.h:
2056         (JSC::hasAnyArrayStorage):
2057
2058 2014-10-23  Joseph Pecoraro  <pecoraro@apple.com>
2059
2060         Web Inspector: Provide a way to have alternate inspector agents
2061         https://bugs.webkit.org/show_bug.cgi?id=137901
2062
2063         Reviewed by Brian Burg.
2064
2065         Provide a way to use alternate inspector agents debugging a JSContext.
2066         Expose a very slim private API that a client could use to know when
2067         an inspector has connected/disconnected, and a way to register its
2068         augmentative agents.
2069
2070         * Configurations/FeatureDefines.xcconfig:
2071         * JavaScriptCore.xcodeproj/project.pbxproj:
2072         New feature guard. New files.
2073
2074         * API/JSContextRef.cpp:
2075         (JSGlobalContextGetAugmentableInspectorController):
2076         * API/JSContextRefInspectorSupport.h: Added.
2077         Access to the private interface from a JSContext.
2078
2079         * inspector/JSGlobalObjectInspectorController.cpp:
2080         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2081         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
2082         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
2083         * inspector/JSGlobalObjectInspectorController.h:
2084         * inspector/augmentable/AugmentableInspectorController.h: Added.
2085         (Inspector::AugmentableInspectorController::~AugmentableInspectorController):
2086         (Inspector::AugmentableInspectorController::connected):
2087         * inspector/augmentable/AugmentableInspectorControllerClient.h: Added.
2088         (Inspector::AugmentableInspectorControllerClient::~AugmentableInspectorControllerClient):
2089         * inspector/augmentable/AlternateDispatchableAgent.h: Added.
2090         (Inspector::AlternateDispatchableAgent::AlternateDispatchableAgent):
2091         Provide the private APIs a client could use to add alternate agents using alternate backend dispatchers.
2092
2093         * inspector/scripts/codegen/__init__.py:
2094         * inspector/scripts/generate-inspector-protocol-bindings.py:
2095         (generate_from_specification):
2096         New includes, and use the new generator.
2097         
2098         * inspector/scripts/codegen/generate_alternate_backend_dispatcher_header.py: Added.
2099         (AlternateBackendDispatcherHeaderGenerator):
2100         (AlternateBackendDispatcherHeaderGenerator.__init__):
2101         (AlternateBackendDispatcherHeaderGenerator.output_filename):
2102         (AlternateBackendDispatcherHeaderGenerator.generate_output):
2103         (AlternateBackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2104         (AlternateBackendDispatcherHeaderGenerator._generate_handler_declaration_for_command):
2105         Generate the abstract AlternateInspectorBackendDispatcher interfaces.
2106
2107         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
2108         (BackendDispatcherHeaderGenerator.generate_output):
2109         (BackendDispatcherHeaderGenerator._generate_alternate_handler_forward_declarations_for_domains):
2110         (BackendDispatcherHeaderGenerator._generate_alternate_handler_forward_declarations_for_domains.AlternateInspector):
2111         Forward declare alternate dispatchers, and allow setting an alternate dispatcher on a domain dispatcher.
2112
2113         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
2114         (BackendDispatcherImplementationGenerator.generate_output):
2115         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2116         Check for and dispatch on an AlternateInspectorBackendDispatcher if there is one for this domain.
2117
2118         * inspector/scripts/codegen/generator_templates.py:
2119         (AlternateInspectorBackendDispatcher):
2120         (AlternateInspector):
2121         Template boilerplate for prelude and postlude.
2122
2123         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2124         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2125         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2126         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2127         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2128         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2129         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2130         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2131         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2132         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2133         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2134         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2135         Rebaseline tests.
2136
2137 2014-10-23  Michael Saboff  <msaboff@apple.com>
2138
2139         offsets.rb:183:in `buildOffsetsMap': unhandled exception - is offlineasm dependency tracking broken? (132668)
2140         https://bugs.webkit.org/show_bug.cgi?id=138017
2141
2142         Reviewed by Mark Lam.
2143
2144         Removed from the nput file $(SRCROOT)/llint/LowLevelAssembler.asm and output file
2145         $(BUILT_PRODUCTS_DIR)/LLIntOffsets/LLIntDesiredOffsets.h from the Generate Derived Sources
2146         build phase in the LLInt Offset target.  There is no need for Xcode to do any dependency
2147         checking with these files as the ruby script offlineasm/generate_offset_extractor.rb will
2148         do that for us.
2149
2150         * JavaScriptCore.xcodeproj/project.pbxproj:
2151
2152 2014-10-23  Michael Saboff  <msaboff@apple.com>
2153
2154         Change CallFrame::lexicalGlobalObject() to use Callee instead of JSScope
2155         https://bugs.webkit.org/show_bug.cgi?id=136901
2156
2157         Reviewed by Mark Lam.
2158
2159         Implement ExecState::lexicalGlobalObject() using Callee.
2160         
2161         * runtime/JSScope.h:
2162         (JSC::ExecState::lexicalGlobalObject):
2163
2164 2014-10-22  Milan Crha  <mcrha@redhat.com>
2165
2166         Prefix isnan() with std::.
2167         <https://webkit.org/b/137966>.
2168
2169         Reviewed by Carlos Garcia Campos.
2170
2171         * profiler/ProfileNode.h:
2172         (JSC::ProfileNode::Call::setStartTime):
2173         (JSC::ProfileNode::Call::setElapsedTime):
2174
2175 2014-10-22  Mark Lam  <mark.lam@apple.com>
2176
2177         Refactoring to simplify some code in DatePrototype.cpp.
2178         <https://webkit.org/b/137997>
2179
2180         Reviewed by Filip Pizlo.
2181
2182         A bunch of functions in DatePrototype.cpp have the pattern of loading a
2183         constant into a local variable only to pass it to a callee function
2184         immediately after.  There is no other use for that variable.  This adds
2185         additional verbosity with no added benefit.
2186
2187         This patch refactors those functions to just pass the constant arg directly.
2188
2189         * runtime/DatePrototype.cpp:
2190         (JSC::dateProtoFuncSetMilliSeconds):
2191         (JSC::dateProtoFuncSetUTCMilliseconds):
2192         (JSC::dateProtoFuncSetSeconds):
2193         (JSC::dateProtoFuncSetUTCSeconds):
2194         (JSC::dateProtoFuncSetMinutes):
2195         (JSC::dateProtoFuncSetUTCMinutes):
2196         (JSC::dateProtoFuncSetHours):
2197         (JSC::dateProtoFuncSetUTCHours):
2198         (JSC::dateProtoFuncSetDate):
2199         (JSC::dateProtoFuncSetUTCDate):
2200         (JSC::dateProtoFuncSetMonth):
2201         (JSC::dateProtoFuncSetUTCMonth):
2202         (JSC::dateProtoFuncSetFullYear):
2203         (JSC::dateProtoFuncSetUTCFullYear):
2204
2205 2014-10-22  Byungseon Shin  <sun.shin@lge.com>
2206
2207         String(new Date(Mar 30 2014 01:00:00)) is wrong in CET
2208         https://bugs.webkit.org/show_bug.cgi?id=130967
2209
2210         Reviewed by Mark Lam.
2211
2212         By definition of calculateLocalTimeOffset, input time should be UTC time.
2213         But there are many cases when input time is based on local time.
2214         So, it gives erroneous results while calculating offset of DST boundary time.
2215         By adding a argument to distinguish UTC and local time, we can get the correct offset.
2216
2217         * JavaScriptCore.order:
2218         * runtime/DateConstructor.cpp:
2219         (JSC::constructDate):
2220         (JSC::callDate):
2221         (JSC::dateUTC):
2222         * runtime/DateInstance.cpp:
2223         (JSC::DateInstance::calculateGregorianDateTime):
2224         (JSC::DateInstance::calculateGregorianDateTimeUTC):
2225         * runtime/DatePrototype.cpp:
2226         (JSC::setNewValueFromTimeArgs):
2227         (JSC::setNewValueFromDateArgs):
2228         (JSC::dateProtoFuncSetMilliSeconds):
2229         (JSC::dateProtoFuncSetUTCMilliseconds):
2230         (JSC::dateProtoFuncSetSeconds):
2231         (JSC::dateProtoFuncSetUTCSeconds):
2232         (JSC::dateProtoFuncSetMinutes):
2233         (JSC::dateProtoFuncSetUTCMinutes):
2234         (JSC::dateProtoFuncSetHours):
2235         (JSC::dateProtoFuncSetUTCHours):
2236         (JSC::dateProtoFuncSetDate):
2237         (JSC::dateProtoFuncSetUTCDate):
2238         (JSC::dateProtoFuncSetMonth):
2239         (JSC::dateProtoFuncSetUTCMonth):
2240         (JSC::dateProtoFuncSetFullYear):
2241         (JSC::dateProtoFuncSetUTCFullYear):
2242         (JSC::dateProtoFuncSetYear):
2243         * runtime/JSDateMath.cpp:
2244         (JSC::localTimeOffset):
2245         (JSC::gregorianDateTimeToMS):
2246         (JSC::msToGregorianDateTime):
2247         (JSC::parseDateFromNullTerminatedCharacters):
2248         * runtime/JSDateMath.h:
2249         * runtime/VM.h:
2250         (JSC::LocalTimeOffsetCache::LocalTimeOffsetCache):
2251         (JSC::LocalTimeOffsetCache::reset):
2252         Passing TimeType argument to distingush UTC time and local time.
2253
2254 2014-10-22  Joseph Pecoraro  <pecoraro@apple.com>
2255
2256         Web Inspector: Fix generator importing of protocol type "any", treat as value
2257         https://bugs.webkit.org/show_bug.cgi?id=137931
2258
2259         Reviewed by Timothy Hatcher.
2260
2261         Treat incoming "any" objects as InspectorValues, which can be any type.
2262         Add the necessary boilerplate to import.
2263
2264         * inspector/InspectorBackendDispatcher.cpp:
2265         (Inspector::AsMethodBridges::asValue):
2266         (Inspector::InspectorBackendDispatcher::getValue):
2267         * inspector/InspectorBackendDispatcher.h:
2268         * inspector/scripts/codegen/generator.py:
2269         (Generator.keyed_get_method_for_type):
2270         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2271
2272 2014-10-22  Michael Saboff  <msaboff@apple.com>
2273
2274         REGRESSION(r174996): Broke C_LOOP
2275         https://bugs.webkit.org/show_bug.cgi?id=137971
2276
2277         Reviewed by Mark Lam.
2278
2279         Removed incorrect move to cfr (CallFrameRegister) before we make the call to a native function.
2280         After r174996, the source register for the move contained garbage causing the crash.  The move
2281         to cfr before making the call to the native function is wrong and should have been removed
2282         some time ago.  This brings the ARM64 / C_LOOP code path inline with the other CPU paths.
2283         Tested on ARM64 as well as a C_LOOP build.
2284
2285         * llint/LowLevelInterpreter64.asm:
2286
2287 2014-10-21  Mark Lam  <mark.lam@apple.com>
2288
2289         Remove erroneous canUseJIT() in the intrinsics version of JITThunks::hostFunctionStub().
2290         <https://webkit.org/b/137937>
2291
2292         Reviewed by Michael Saboff.
2293
2294         This version of JITThunks::hostFunctionStub() can only be called from the intrinsics
2295         version of VM::getHostFunction() which asserts canUseJIT().  Hence, we can eliminate
2296         the canUseJIT() check in JITThunks::hostFunctionStub().  We don't handle the
2297         !canUseJIT() case properly there anyway.
2298
2299         * jit/JITThunks.cpp:
2300         (JSC::JITThunks::hostFunctionStub):
2301
2302 2014-10-21  Michael Saboff  <msaboff@apple.com>
2303
2304         Add operator==(PropertyName, const char*)
2305         https://bugs.webkit.org/show_bug.cgi?id=137925
2306
2307         Reviewed by Mark Lam.
2308
2309         * runtime/PropertyName.h:
2310         (JSC::operator==): Added to simplify comparison with string literals.
2311
2312
2313 2014-10-21  Michael Saboff  <msaboff@apple.com>
2314
2315         Change native call frames to use the scope from their Callee instead of their caller's scope
2316         https://bugs.webkit.org/show_bug.cgi?id=137907
2317
2318         Reviewed by Mark Lam.
2319
2320         Changed setting of scope for native CallFrames to use the scope associated with the
2321         Callee instead of the caller's scope.
2322
2323         * jit/ThunkGenerators.cpp:
2324         (JSC::nativeForGenerator):
2325         * llint/LowLevelInterpreter32_64.asm:
2326         * llint/LowLevelInterpreter64.asm:
2327
2328 2014-10-21  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>
2329
2330         Add missing ENABLE(FTL_NATIVE_CALL_INLINING) guard to BundlePath.cpp after r174940
2331         https://bugs.webkit.org/show_bug.cgi?id=137924
2332
2333         Reviewed by Csaba Osztrogonác.
2334
2335         * runtime/BundlePath.cpp:
2336
2337 2014-10-21  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2338
2339         Fix FTL Native Inlining for EFL
2340         https://bugs.webkit.org/show_bug.cgi?id=137774
2341
2342         Reviewed by Michael Saboff.
2343
2344         Added required functionality for Native Inlining to EFL, and fixed a bug/typo in the original code,
2345         which caused incorrect memory allocation.
2346
2347         * CMakeLists.txt:
2348         * create-llvm-ir-from-source-file.py: Added.
2349         * create-symbol-table-index.py: Added.
2350         * ftl/FTLLowerDFGToLLVM.cpp:
2351         (JSC::FTL::LowerDFGToLLVM::lower):
2352         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol):
2353         (JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
2354         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
2355         * runtime/BundlePath.cpp: Added.
2356         (JSC::bundlePath):
2357         * runtime/JSDataViewPrototype.cpp:
2358         (JSC::getData):
2359         (JSC::setData):
2360         * runtime/MathObject.cpp:
2361
2362 2014-10-21  Milan Crha  <mcrha@redhat.com>
2363
2364         Move JSC::MacroAssemblerX86Common::s_sse2CheckState definition to MacroAssemblerX86Common.cpp.
2365         <https://webkit.org/b/137807>
2366
2367         Reviewed by Csaba Osztrogonác.
2368
2369         * assembler/MacroAssemblerX86Common.cpp:
2370         * jit/JIT.cpp:
2371
2372 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2373
2374         Unreviewed add back copyright line that was accidentally removed.
2375
2376         * inspector/scripts/codegen/generator_templates.py:
2377         (GeneratorTemplates):
2378
2379 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2380
2381         Web Inspector: InspectorBackendCommands should include when to activate particular domains
2382         https://bugs.webkit.org/show_bug.cgi?id=137753
2383
2384         Reviewed by Timothy Hatcher.
2385
2386         Add an availability property to domains that only activate for
2387         particular debuggable types. If missing, the domain is always
2388         activated. Otherwise it must be a debuggable type string.
2389         When a frontend is opened for that debuggable type, the domain
2390         will be activated.
2391
2392         * inspector/scripts/codegen/models.py:
2393         (Protocol.parse_domain):
2394         (Domain.__init__):
2395         (Domains):
2396         Parse and validate the Domain's "availability" property.
2397
2398         * inspector/scripts/codegen/generate_backend_commands.py:
2399         (BackendCommandsGenerator.generate_domain):
2400         Emit InspectorBackend.activateDomain with debuggable type filter.
2401
2402         * inspector/protocol/ApplicationCache.json:
2403         * inspector/protocol/CSS.json:
2404         * inspector/protocol/DOM.json:
2405         * inspector/protocol/DOMDebugger.json:
2406         * inspector/protocol/DOMStorage.json:
2407         * inspector/protocol/Database.json:
2408         * inspector/protocol/IndexedDB.json:
2409         * inspector/protocol/LayerTree.json:
2410         * inspector/protocol/Network.json:
2411         * inspector/protocol/Page.json:
2412         * inspector/protocol/Replay.json:
2413         * inspector/protocol/Timeline.json:
2414         * inspector/protocol/Worker.json:
2415         These domains only activate for Web debuggables.
2416
2417         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2418         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2419         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2420         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2421         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2422         Update existing tests that now have activate output.
2423
2424         * inspector/scripts/tests/expected/fail-on-domain-availability.json-error: Added.
2425         * inspector/scripts/tests/fail-on-domain-availability.json: Added.
2426         Add a test for "availability" validation.
2427
2428 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2429
2430         [Win] Build fix for generated inspector files.
2431
2432         Rubberstamped by Brent Fulgham.
2433
2434         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
2435         (BackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2436         * inspector/scripts/codegen/generator_templates.py:
2437         (GeneratorTemplates):
2438
2439 2014-10-20  Brent Fulgham  <bfulgham@apple.com>
2440
2441         [Win] Unreviewed build fix.
2442
2443         We need to (1) pass the 'windows' argument to our script for checking feature definitions,
2444         and (2) we must use Cwd::realpath on our path input arguments to avoid Cygwin and Windows
2445         getting confused about path separators versus escape characters.
2446
2447
2448         * JavaScriptCore.vcxproj/build-generated-files.pl:
2449
2450 2014-10-20  Mark Lam  <mark.lam@apple.com>
2451
2452         [Follow up] Web Process crash when starting the web inspector after r174025.
2453         <https://webkit.org/b/137340>
2454
2455         Reviewed by Geoffrey Garen.
2456
2457         Applied Geoff's feedback to clean up some code for better clarity after
2458         r174856.
2459
2460         * dfg/DFGFixupPhase.cpp:
2461         (JSC::DFG::FixupPhase::insertCheck):
2462         * dfg/DFGInsertionSet.h:
2463         (JSC::DFG::InsertionSet::insertOutOfOrder):
2464
2465 2014-10-20  Mark Lam  <mark.lam@apple.com>
2466
2467         Factor out JITCode::typeName() for debugging use.
2468         <https://webkit.org/b/137888>
2469
2470         Reviewed by Geoffrey Garen.
2471
2472         JITCode's printInternal() currently decodes the JITType into a string and
2473         prints it.  This change factors out the part that decodes the JITType into
2474         JITCode::typeName() so that we can call it from lldb while debugging to
2475         quickly decode a JITType value.
2476
2477         * jit/JITCode.cpp:
2478         (JSC::JITCode::typeName):
2479         (WTF::printInternal):
2480         * jit/JITCode.h:
2481
2482 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2483
2484         Unreviewed Windows Build Fix #2 after r174892.
2485
2486         * JavaScriptCore.vcxproj/build-generated-files.pl:
2487         Define FEATURE_DEFINES for JavaScriptCore's DerivedSources.make.
2488         This uses the same technique as WebCore.
2489
2490 2014-10-20  Mark Lam  <mark.lam@apple.com>
2491
2492         Fix placement of a few items in vcxproj ItemGroups.
2493         <https://webkit.org/b/137886>
2494
2495         Reviewed by Geoffrey Garen.
2496
2497         https://webkit.org/b/137873 is likely a cut-and-paste error that manifested
2498         because we had ClCompile and ClInclude entries mixed up in the wrong ItemGroups.
2499         We should fix these so that ClCompile entries are in the ClCompile ItemGroup,
2500         and ClInclude entries in the ClInclude ItemGroup.  This will help reduce the
2501         chance of future cut-and-paste errors of this nature.
2502
2503         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2504         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2505
2506 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2507
2508         Unreviewed Windows Build Fix after r174892.
2509
2510         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2511         Update file name to the new generated file name.
2512
2513 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2514
2515         Web Inspector: Rename generated Inspector.json to CombinedDomains.json to prevent name collisions
2516         https://bugs.webkit.org/show_bug.cgi?id=137825
2517
2518         Reviewed by Timothy Hatcher.
2519
2520         * CMakeLists.txt:
2521         * DerivedSources.make:
2522         * JavaScriptCore.vcxproj/copy-files.cmd:
2523         * JavaScriptCore.xcodeproj/project.pbxproj:
2524         * inspector/protocol/Inspector.json: Renamed from Source/JavaScriptCore/inspector/protocol/InspectorDomain.json.
2525
2526 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
2527
2528         Web Inspector: Generate all Inspector domains together in JavaScriptCore
2529         https://bugs.webkit.org/show_bug.cgi?id=137748
2530
2531         Reviewed by Brian Burg.
2532
2533         * inspector/protocol/ApplicationCache.json: Renamed from Source/WebCore/inspector/protocol/ApplicationCache.json.
2534         * inspector/protocol/CSS.json: Renamed from Source/WebCore/inspector/protocol/CSS.json.
2535         * inspector/protocol/DOM.json: Renamed from Source/WebCore/inspector/protocol/DOM.json.
2536         * inspector/protocol/DOMDebugger.json: Renamed from Source/WebCore/inspector/protocol/DOMDebugger.json.
2537         * inspector/protocol/DOMStorage.json: Renamed from Source/WebCore/inspector/protocol/DOMStorage.json.
2538         * inspector/protocol/Database.json: Renamed from Source/WebCore/inspector/protocol/Database.json.
2539         * inspector/protocol/IndexedDB.json: Renamed from Source/WebCore/inspector/protocol/IndexedDB.json.
2540         * inspector/protocol/LayerTree.json: Renamed from Source/WebCore/inspector/protocol/LayerTree.json.
2541         * inspector/protocol/Network.json: Renamed from Source/WebCore/inspector/protocol/Network.json.
2542         * inspector/protocol/Page.json: Renamed from Source/WebCore/inspector/protocol/Page.json.
2543         * inspector/protocol/Replay.json: Renamed from Source/WebCore/inspector/protocol/Replay.json.
2544         * inspector/protocol/Timeline.json: Renamed from Source/WebCore/inspector/protocol/Timeline.json.
2545         * inspector/protocol/Worker.json: Renamed from Source/WebCore/inspector/protocol/Worker.json.
2546         Move all protocol files into this directory.
2547
2548         * inspector/InspectorProtocolTypesBase.h: Renamed from Source/JavaScriptCore/inspector/InspectorProtocolTypes.h.
2549         Renamed the base types file to not clash with the generated types file.
2550
2551         * CMakeLists.txt:
2552         * DerivedSources.make:
2553         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2554         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2555         * JavaScriptCore.vcxproj/copy-files.cmd:
2556         * JavaScriptCore.xcodeproj/project.pbxproj:
2557         Update build phases for new JSON files and new filenames.
2558
2559         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2560         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2561         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2562         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2563         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2564         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2565         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2566         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2567         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2568         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2569         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2570         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2571         Updated names of things now that prefixes are no longer needed.
2572
2573         * inspector/ConsoleMessage.h:
2574         * inspector/ContentSearchUtilities.cpp:
2575         * inspector/ContentSearchUtilities.h:
2576         * inspector/InjectedScript.h:
2577         * inspector/InjectedScriptBase.h:
2578         * inspector/ScriptCallFrame.h:
2579         * inspector/ScriptCallStack.h:
2580         * inspector/agents/InspectorAgent.h:
2581         * inspector/agents/InspectorConsoleAgent.h:
2582         * inspector/agents/InspectorDebuggerAgent.cpp:
2583         (Inspector::breakpointActionTypeForString):
2584         * inspector/agents/InspectorDebuggerAgent.h:
2585         * inspector/agents/InspectorRuntimeAgent.h:
2586         * runtime/TypeProfiler.cpp:
2587         * runtime/TypeSet.cpp:
2588         Update includes and update a few function names that are generated.
2589
2590         * inspector/scripts/codegen/generate_protocol_types_header.py:
2591         (ProtocolTypesHeaderGenerator.output_filename):
2592         (ProtocolTypesHeaderGenerator.generate_output):
2593         Include an export macro for type string constants defined in the implementation file.
2594
2595         * inspector/scripts/codegen/generate_backend_commands.py:
2596         (BackendCommandsGenerator.output_filename):
2597         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
2598         (BackendDispatcherHeaderGenerator.output_filename):
2599         (BackendDispatcherHeaderGenerator.generate_output):
2600         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
2601         (BackendDispatcherImplementationGenerator.output_filename):
2602         (BackendDispatcherImplementationGenerator.generate_output):
2603         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
2604         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2605         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
2606         (FrontendDispatcherHeaderGenerator.output_filename):
2607         (FrontendDispatcherHeaderGenerator.generate_output):
2608         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
2609         (FrontendDispatcherImplementationGenerator.output_filename):
2610         (FrontendDispatcherImplementationGenerator.generate_output):
2611         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2612         (_generate_class_for_object_declaration):
2613         (_generate_builder_setter_for_member):
2614         (_generate_unchecked_setter_for_member):
2615         * inspector/scripts/codegen/generate_protocol_types_implementation.py:
2616         (ProtocolTypesImplementationGenerator.output_filename):
2617         (ProtocolTypesImplementationGenerator.generate_output):
2618         (ProtocolTypesImplementationGenerator._generate_enum_mapping):
2619         * inspector/scripts/codegen/models.py:
2620         (Framework.fromString):
2621         (Frameworks):
2622         * inspector/scripts/generate-inspector-protocol-bindings.py:
2623         Simplify generator now that prefixes are no longer needed. This updates
2624         filenames, includes, and the list of supported directories.
2625
2626 2014-10-20  Csaba Osztrogonác  <ossy@webkit.org>
2627
2628         Remove obsolete comments after r99798
2629         https://bugs.webkit.org/show_bug.cgi?id=137871
2630
2631         Reviewed by Darin Adler.
2632
2633         r99798 removed the comment in MacroAssemblerARMv7::supportsFloatingPointTruncate(),
2634         so we should remove the stale references to this removed comment.
2635
2636         * assembler/MacroAssemblerX86.h:
2637         * assembler/MacroAssemblerX86_64.h:
2638
2639 2014-10-20  Csaba Osztrogonác  <ossy@webkit.org>
2640
2641         MacroAssemblerX86Common.cpp should be built on Windows too
2642         https://bugs.webkit.org/show_bug.cgi?id=137873
2643
2644         Reviewed by Brent Fulgham.
2645
2646         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2647         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2648
2649 2014-10-20  Csaba Osztrogonác  <ossy@webkit.org>
2650
2651         [cmake] Remove duplicated source files
2652         https://bugs.webkit.org/show_bug.cgi?id=137875
2653
2654         Reviewed by Gyuyoung Kim.
2655
2656         * CMakeLists.txt:
2657
2658 2014-10-18  Brian J. Burg  <burg@cs.washington.edu>
2659
2660         Web Replay: code generator shouldn't complain about enums without a storage type if they are in an enclosing scope
2661         https://bugs.webkit.org/show_bug.cgi?id=137084
2662
2663         Reviewed by Joseph Pecoraro.
2664
2665         In order to generate encode/decode method declarations without pulling in lots of headers,
2666         the generator must forward declare enums (for enum classes or enums with explicit sizes).
2667
2668         Change the generator to not require an explicit size if an enum is declared inside a struct
2669         or class definition. In that case, it must pull in headers since scoped enums can't be
2670         forward declared.
2671
2672         This patch also fixes some chained if-statements that should be if-else statements.
2673
2674         Test: updated replay/scripts/tests/generate-enum-encoding-helpers.json to cover the new case.
2675
2676         * replay/scripts/CodeGeneratorReplayInputs.py:
2677         (InputsModel.parse_type_with_framework_name.is):
2678         (InputsModel.parse_type_with_framework_name.is.must):
2679         (Generator.generate_enum_trait_implementation):
2680         (InputsModel.parse_type_with_framework_name): Deleted.
2681         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
2682         * replay/scripts/tests/expected/fail-on-c-style-enum-no-storage.json-error:
2683         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
2684         (JSC::EncodingTraits<WebCore::MouseButton>::decodeValue):
2685         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
2686         (JSC::EncodingTraits<WebCore::MouseButton>::decodeValue):
2687         (JSC::EncodingTraits<WebCore::PlatformEvent::Type>::encodeValue):
2688         (JSC::EncodingTraits<WebCore::PlatformEvent::Type>::decodeValue):
2689         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
2690         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
2691         (JSC::EncodingTraits<WebCore::FormData1::Type>::decodeValue):
2692         (JSC::EncodingTraits<PlatformEvent1::Type>::decodeValue):
2693         * replay/scripts/tests/generate-enum-encoding-helpers.json: Added a new input to cover this case.
2694
2695 2014-10-17  Mark Lam  <mark.lam@apple.com>
2696
2697         Web Process crash when starting the web inspector after r174025.
2698         <https://webkit.org/b/137340>
2699
2700         Reviewed by Filip Pizlo.
2701
2702         After r174025, we can generate a bad graph in the DFG fixup phase like so:
2703
2704             102:<!0:-> StoreBarrier(Check:KnownCell:@19, ..., bc#44)
2705             60:<!0:->  PutStructure(Check:KnownCell:@19, ..., bc#44)
2706             103:<!0:-> Check(Check:NotCell:@54, ..., bc#44)
2707                     // ^-- PutByOffset's StoreBarrier has been elided and replaced
2708                     //     with a speculation check which can OSR exit.
2709             61:<!0:->  PutByOffset(Check:KnownCell:@19, ..., bc#44)
2710
2711         As a result, the structure change will get executed even if we end up OSR
2712         exiting before the PutByOffset.  In the baseline JIT code, the structure now
2713         erroneously tells the put operation that there is a value in that property
2714         slot when it is actually uninitialized (hence, the crash).
2715
2716         The fix is to insert the Check at the earliest point possible:
2717
2718         1. If the checked node is in the same bytecode as the PutByOffset, then
2719            the earliest point where we can insert the Check is right after the
2720            checked node.
2721
2722         2. If the checked node is from a preceding bytecode (before the PutByOffset),
2723            then the earliest point where we can insert the Check is at the start
2724            of the current bytecode.
2725
2726         Also reverted the workaround from r174749: https://webkit.org/b/137758.
2727
2728         Benchmark results appear to be a wash on aggregate.
2729
2730         * dfg/DFGFixupPhase.cpp:
2731         (JSC::DFG::FixupPhase::indexOfNode):
2732         (JSC::DFG::FixupPhase::indexOfFirstNodeOfExitOrigin):
2733         (JSC::DFG::FixupPhase::fixupNode):
2734         (JSC::DFG::FixupPhase::insertCheck):
2735         * dfg/DFGInsertionSet.h:
2736         (JSC::DFG::InsertionSet::insertOutOfOrder):
2737         (JSC::DFG::InsertionSet::insertOutOfOrderNode):
2738
2739 2014-10-10  Oliver Hunt  <oliver@apple.com>
2740
2741         Various arguments optimisations in codegen fail to account for arguments being in lexical record
2742         https://bugs.webkit.org/show_bug.cgi?id=137617
2743
2744         Reviewed by Michael Saboff.
2745
2746         Rework the way we track |arguments| references so that we don't try
2747         to use the |arguments| reference on the stack if it's not safe.
2748
2749         To do this without nuking performance it was necessary to update
2750         the parser to track modification of the |arguments| reference
2751         itself.
2752
2753         * bytecode/CodeBlock.cpp:
2754         * bytecompiler/BytecodeGenerator.cpp:
2755         (JSC::BytecodeGenerator::BytecodeGenerator):
2756         (JSC::BytecodeGenerator::willResolveToArguments):
2757         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
2758         (JSC::BytecodeGenerator::emitCall):
2759         (JSC::BytecodeGenerator::emitConstruct):
2760         (JSC::BytecodeGenerator::emitEnumeration):
2761         (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted.
2762         * bytecompiler/BytecodeGenerator.h:
2763         (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister):
2764         * bytecompiler/NodesCodegen.cpp:
2765         (JSC::BracketAccessorNode::emitBytecode):
2766         (JSC::DotAccessorNode::emitBytecode):
2767         (JSC::getArgumentByVal):
2768         (JSC::CallFunctionCallDotNode::emitBytecode):
2769         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2770         (JSC::ArrayPatternNode::emitDirectBinding):
2771         * interpreter/StackVisitor.cpp:
2772         (JSC::StackVisitor::Frame::existingArguments):
2773         * parser/Nodes.h:
2774         (JSC::ScopeNode::modifiesArguments):
2775         * parser/Parser.cpp:
2776         (JSC::Parser<LexerType>::parseInner):
2777         * parser/Parser.h:
2778         (JSC::Scope::getCapturedVariables):
2779         * parser/ParserModes.h:
2780
2781 2014-10-17  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2782
2783         Use WTF::move() instead of std::move() to help ensure move semantics in JavaScriptCore
2784         https://bugs.webkit.org/show_bug.cgi?id=137809
2785
2786         Reviewed by Csaba Osztrogonác.
2787
2788         Substitution of WTF::move() for std::move(). Clean up std::move() in JavaScriptCore.
2789
2790         * bytecode/GetByIdStatus.cpp:
2791         (JSC::GetByIdStatus::computeForStubInfo):
2792         * bytecode/PutByIdStatus.cpp:
2793         (JSC::PutByIdStatus::computeForStubInfo):
2794         * bytecode/PutByIdVariant.cpp:
2795         (JSC::PutByIdVariant::setter):
2796
2797 2014-10-15  Oliver Hunt  <oliver@apple.com>
2798
2799         Use a single allocation for the Arguments object
2800         https://bugs.webkit.org/show_bug.cgi?id=137751
2801
2802         Reviewed by Filip Pizlo.
2803
2804         This patch removes the secondary allocation for parameters in the Arguments
2805         object.  This is faily simple, but we needed to make it possible for the JIT
2806         to allocate a variable GC object.  To do this i've added a new 
2807         emitAllocateVariableSizedJSObject function to the JIT that does the work to
2808         find the correct heap for a variable sized allocation and then bump that
2809         allocator.
2810
2811         * dfg/DFGSpeculativeJIT.cpp:
2812         (JSC::DFG::SpeculativeJIT::emitAllocateArguments):
2813         * dfg/DFGSpeculativeJIT.h:
2814         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
2815         * heap/CopyToken.h:
2816         * heap/Heap.h:
2817         (JSC::Heap::subspaceForObjectWithoutDestructor):
2818         (JSC::Heap::subspaceForObjectNormalDestructor):
2819         (JSC::Heap::subspaceForObjectsWithImmortalStructure):
2820         * heap/MarkedSpace.h:
2821         (JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor):
2822         (JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure):
2823         (JSC::MarkedSpace::subspaceForObjectsWithoutDestructor):
2824         * interpreter/StackVisitor.cpp:
2825         (JSC::StackVisitor::Frame::createArguments):
2826         * runtime/Arguments.cpp:
2827         (JSC::Arguments::visitChildren):
2828         (JSC::Arguments::copyBackingStore):
2829         (JSC::Arguments::tearOff):
2830         (JSC::Arguments::allocateRegisterArray): Deleted.
2831         * runtime/Arguments.h:
2832         (JSC::Arguments::create):
2833         (JSC::Arguments::isTornOff):
2834         (JSC::Arguments::offsetOfRegisterArray):
2835         (JSC::Arguments::registerArraySizeInBytes):
2836         (JSC::Arguments::registerArray):
2837         (JSC::Arguments::allocationSize): Deleted.
2838
2839 2014-10-15  Filip Pizlo  <fpizlo@apple.com>
2840
2841         Apparently we've had a hole in arguments capture all along
2842         https://bugs.webkit.org/show_bug.cgi?id=137767
2843
2844         Reviewed by Oliver Hunt.
2845
2846         * dfg/DFGByteCodeParser.cpp:
2847         (JSC::DFG::ByteCodeParser::getArgument):
2848         * tests/stress/arguments-captured.js: Added.
2849         (foo):
2850         (bar):
2851
2852 2014-10-16  Saam Barati  <saambarati1@gmail.com>
2853
2854         Have the ProfileType node in the DFG convert to a structure check where it can
2855         https://bugs.webkit.org/show_bug.cgi?id=137596
2856
2857         Reviewed by Filip Pizlo.
2858
2859         TypeSet now keeps track of the live set of Structures it has seen.
2860         It no longer nukes everything during GC. It now only removes unmarked
2861         structures during GC. This modification allows the ProfileType node 
2862         to convert into a CheckStructure node safely in the DFG. 
2863
2864         This change brings up the conversion rate from ProfileType to Check 
2865         or CheckStructrue from ~45% to ~65%. This change also speeds the 
2866         type profiler up significantly: consistently between 2x-20x faster. 
2867
2868         This patch also does some slight refactoring: a few type profiler
2869         related fields are moved from VM to TypeProfiler.
2870
2871         * bytecode/CodeBlock.cpp:
2872         (JSC::CodeBlock::CodeBlock):
2873         * dfg/DFGFixupPhase.cpp:
2874         (JSC::DFG::FixupPhase::fixupNode):
2875         * dfg/DFGNode.h:
2876         (JSC::DFG::Node::convertToCheckStructure):
2877         * heap/Heap.cpp:
2878         (JSC::Heap::collect):
2879         * runtime/SymbolTable.cpp:
2880         (JSC::SymbolTable::uniqueIDForVariable):
2881         * runtime/SymbolTable.h:
2882         * runtime/TypeLocationCache.cpp:
2883         (JSC::TypeLocationCache::getTypeLocation):
2884         * runtime/TypeProfiler.cpp:
2885         (JSC::TypeProfiler::TypeProfiler):
2886         (JSC::TypeProfiler::nextTypeLocation):
2887         (JSC::TypeProfiler::invalidateTypeSetCache):
2888         (JSC::TypeProfiler::dumpTypeProfilerData):
2889         * runtime/TypeProfiler.h:
2890         (JSC::TypeProfiler::getNextUniqueVariableID):
2891         * runtime/TypeProfilerLog.cpp:
2892         (JSC::TypeProfilerLog::processLogEntries):
2893         * runtime/TypeSet.cpp:
2894         (JSC::TypeSet::addTypeInformation):
2895         (JSC::TypeSet::invalidateCache):
2896         * runtime/TypeSet.h:
2897         (JSC::TypeSet::structureSet):
2898         * runtime/VM.cpp:
2899         (JSC::VM::VM):
2900         (JSC::VM::enableTypeProfiler):
2901         (JSC::VM::disableTypeProfiler):
2902         (JSC::VM::dumpTypeProfilerData):
2903         (JSC::VM::nextTypeLocation): Deleted.
2904         (JSC::VM::invalidateTypeSetCache): Deleted.
2905         * runtime/VM.h:
2906         (JSC::VM::typeProfiler):
2907         (JSC::VM::getNextUniqueVariableID): Deleted.
2908         * tests/typeProfiler/dfg-jit-optimizations.js:
2909
2910 2014-10-16  Adrien Destugues  <pulkomandy@gmail.com>
2911
2912         Use isnan from std namespace in ProfileGenerator.cpp
2913         https://bugs.webkit.org/show_bug.cgi?id=137653
2914
2915         Reviewed by Darin Adler.
2916
2917         The C++ isnan() function is in the std namespace. The unprefixed isnan
2918         may be available because of C99 headers leakage in C++, but should not
2919         be used.
2920
2921         No new tests: no functional change, build fix on platforms which don't
2922         export C99 functions in C++.
2923
2924         * profiler/ProfileGenerator.cpp:
2925         (JSC::ProfileGenerator::beginCallEntry):
2926         (JSC::ProfileGenerator::endCallEntry):
2927         (JSC::ProfileGenerator::didPause):
2928         (JSC::ProfileGenerator::didContinue):
2929
2930 2014-10-15  Michael Saboff  <msaboff@apple.com>
2931
2932         REGRESSION(r174025): remote inspector crashes frequently when executing inspector frontend's JavaScript
2933         https://bugs.webkit.org/show_bug.cgi?id=137758
2934
2935         Rubber stamped by Filip Pizlo.
2936
2937         Reverted r174025 for just PutByOffset Nodes.
2938
2939         * dfg/DFGFixupPhase.cpp:
2940         (JSC::DFG::FixupPhase::fixupNode):
2941
2942 2014-10-14  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2943
2944         Clean up unnecessary PassOwnPtr.h inclusion
2945         https://bugs.webkit.org/show_bug.cgi?id=137726
2946
2947         Reviewed by Chris Dumez.
2948
2949         * API/JSCallbackObject.h: Remove PassOwnPtr.h inclusion.
2950         * bytecode/DFGExitProfile.cpp: ditto.
2951
2952 2014-10-14  Brent Fulgham  <bfulgham@apple.com>
2953
2954         [Win] Unreviewed gardening. Ignore Visual Studio *.sdf files.
2955
2956         * JavaScriptCore.vcxproj: Modified properties svn:ignore and svn:ignore.
2957         * JavaScriptCore.vcxproj/jsc: Modified property svn:ignore.
2958
2959 2014-10-14  Matthew Mirman  <mmirman@apple.com>
2960
2961         Removes references to LLVMJIT which is no longer part of LLVM
2962         https://bugs.webkit.org/show_bug.cgi?id=137708
2963
2964         Reviewed by Filip Pizlo.
2965
2966         * Configurations/LLVMForJSC.xcconfig: removed -lLLVMJIT
2967         * llvm/LLVMAPIFunctions.h: removed LinkInJIT
2968
2969 2014-10-14  peavo@outlook.com  <peavo@outlook.com>
2970
2971         [Win32] Thunk is not implemented.
2972         https://bugs.webkit.org/show_bug.cgi?id=137691
2973
2974         Reviewed by Mark Lam.
2975
2976         Thunks for functions with double operands (floor, etc.) are not implemented on Win32.
2977
2978         * jit/ThunkGenerators.cpp:
2979
2980 2014-10-12  Alexey Proskuryakov  <ap@apple.com>
2981
2982         Adding svn:ignore so that .pyc files don't show up as new.
2983
2984         * inspector/scripts/codegen: Added property svn:ignore.
2985
2986 2014-10-10  Commit Queue  <commit-queue@webkit.org>
2987
2988         Unreviewed, rolling out r174606.
2989         https://bugs.webkit.org/show_bug.cgi?id=137621
2990
2991         broke a JSC test (Requested by estes on #webkit).
2992
2993         Reverted changeset:
2994
2995         "Various arguments optimisations in codegen fail to account
2996         for arguments being in lexical record"
2997         https://bugs.webkit.org/show_bug.cgi?id=137617
2998         http://trac.webkit.org/changeset/174606
2999
3000 2014-10-10  Oliver Hunt  <oliver@apple.com>
3001
3002         Various arguments optimisations in codegen fail to account for arguments being in lexical record
3003         https://bugs.webkit.org/show_bug.cgi?id=137617
3004
3005         Reviewed by Michael Saboff.
3006
3007         Rework the way we track |arguments| references so that we don't try
3008         to use the |arguments| reference on the stack if it's not safe.
3009
3010         To do this without nuking performance it was necessary to update
3011         the parser to track modification of the |arguments| reference
3012         itself.
3013
3014         * bytecode/CodeBlock.cpp:
3015         * bytecompiler/BytecodeGenerator.cpp:
3016         (JSC::BytecodeGenerator::BytecodeGenerator):
3017         (JSC::BytecodeGenerator::willResolveToArguments):
3018         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
3019         (JSC::BytecodeGenerator::emitCall):
3020         (JSC::BytecodeGenerator::emitConstruct):
3021         (JSC::BytecodeGenerator::emitEnumeration):
3022         (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted.
3023         * bytecompiler/BytecodeGenerator.h:
3024         (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister):
3025         * bytecompiler/NodesCodegen.cpp:
3026         (JSC::BracketAccessorNode::emitBytecode):
3027         (JSC::DotAccessorNode::emitBytecode):
3028         (JSC::getArgumentByVal):
3029         (JSC::CallFunctionCallDotNode::emitBytecode):
3030         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3031         (JSC::ArrayPatternNode::emitDirectBinding):
3032         * interpreter/StackVisitor.cpp:
3033         (JSC::StackVisitor::Frame::existingArguments):
3034         * parser/Nodes.h:
3035         (JSC::ScopeNode::modifiesArguments):
3036         * parser/Parser.cpp:
3037         (JSC::Parser<LexerType>::parseInner):
3038         * parser/Parser.h:
3039         (JSC::Scope::getCapturedVariables):
3040         * parser/ParserModes.h:
3041
3042 2014-10-09  Joseph Pecoraro  <pecoraro@apple.com>
3043
3044         Web Inspector: Remove unused generator code
3045         https://bugs.webkit.org/show_bug.cgi?id=137564
3046
3047         Reviewed by Brian Burg.
3048
3049         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
3050         (BackendDispatcherHeaderGenerator.generate_output): Deleted.
3051         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
3052         (BackendDispatcherImplementationGenerator.generate_output):
3053         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
3054         (FrontendDispatcherHeaderGenerator.generate_output):
3055         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
3056         (FrontendDispatcherImplementationGenerator.generate_output):
3057         * inspector/scripts/codegen/generate_protocol_types_header.py:
3058         (ProtocolTypesHeaderGenerator.generate_output):
3059         * inspector/scripts/codegen/generate_protocol_types_implementation.py:
3060         (ProtocolTypesImplementationGenerator.generate_output):
3061         inputFilename is now handled by the generic generator base class.
3062
3063         * inspector/scripts/codegen/models.py:
3064         (Framework.fromString):
3065         (Frameworks):
3066         * inspector/scripts/generate-inspector-protocol-bindings.py:
3067         The WTF framework is unused. Remove unexpected frameworks.
3068
3069 2014-10-09  Dean Jackson  <dino@apple.com>
3070
3071         Remove ENABLE_CSS3_CONDITIONAL_RULES
3072         https://bugs.webkit.org/show_bug.cgi?id=137571
3073
3074         Reviewed by Simon Fraser.
3075
3076         * Configurations/FeatureDefines.xcconfig:
3077
3078 2014-10-09  Adrien Destugues  <pulkomandy@gmail.com>
3079
3080         Fix compiler warning on noreturn function
3081         https://bugs.webkit.org/show_bug.cgi?id=137558
3082
3083         Reviewed by Darin Adler.
3084
3085         The function is marked "noreturn", but the stub implementation does
3086         return. No new tests: function is never called. Only fixes a warning.
3087
3088         * heap/HeapStatistics.cpp:
3089         (JSC::HeapStatistics::exitWithFailure):
3090
3091 2014-10-09  Akos Kiss  <akiss@inf.u-szeged.hu>
3092
3093         Ensure that inline assembly Thunk functions don't conflict with the section designations of the compiler
3094         https://bugs.webkit.org/show_bug.cgi?id=137434
3095
3096         Reviewed by Michael Saboff.
3097
3098         The ARM64 version of the defineUnaryDoubleOpWrapper macro in
3099         ThunkGenerators.cpp contains inline assembly with .text assembler
3100         directive followed by a static variable declaration. This macro gets
3101         expanded several times afterwards, however, only during the compilation
3102         of the first expansion does gcc insert a .data assembler directive
3103         before the assembled version of the static variable. Thus, only the
3104         first variable gets allocated in the .data section, all the others
3105         remain in .text. If JavaScriptCore is built as a shared library then
3106         this causes a segmentation fault during dynamic linking.
3107
3108         This patch puts a .previous directive at the end of the inline assembly
3109         to ensure that the assumptions of the compiler about the sections are
3110         not broken and the following variable goes to the right place.
3111
3112         * jit/ThunkGenerators.cpp:
3113
3114 2014-10-08  Oliver Hunt  <oliver@apple.com>
3115
3116         Make sure arguments tearoff is performed through the environment record if necessary
3117         https://bugs.webkit.org/show_bug.cgi?id=137538
3118
3119         Reviewed by Michael Saboff.
3120
3121         Fairly simple change.  If we have a lexical record we need to pull the unmodified
3122         arguments object from the record and then use the standard op_tear_off_arguments
3123         instruction on the temporary.
3124
3125         * bytecompiler/BytecodeGenerator.cpp:
3126         (JSC::BytecodeGenerator::emitGetOwnScope):
3127         (JSC::BytecodeGenerator::emitReturn):
3128         * bytecompiler/BytecodeGenerator.h:
3129
3130 2014-10-08  peavo@outlook.com  <peavo@outlook.com>
3131
3132         [WinCairo] Enable JIT on 32-bit.
3133         https://bugs.webkit.org/show_bug.cgi?id=137521
3134
3135         Reviewed by Mark Lam.
3136
3137         Enable JIT on Windows 32-bit, but disable it at runtime if SSE2 is not present.
3138
3139         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.pl:
3140         * runtime/Options.cpp:
3141         (JSC::recomputeDependentOptions):
3142
3143 2014-10-08  Brent Fulgham  <bfulgham@apple.com>
3144
3145         [Win] Resolve some static analysis warnings in JavaScriptCore
3146         https://bugs.webkit.org/show_bug.cgi?id=137508
3147
3148         Reviewed by Geoffrey Garen.
3149
3150         * API/tests/testapi.c:
3151         (assertEqualsAsCharactersPtr): MSVC insists on using %Iu as its format specifier
3152         for size_t. Make the format string conditional on Windows.
3153         * bytecode/Watchpoint.h:
3154         (JSC::InlineWatchpointSet::encodeState): Silence warning about left-shifting 'state'
3155         as a 32-bit value before OR-ing it with a 64-bit value.
3156         * dfg/DFGFixupPhase.cpp:
3157         (JSC::DFG::FixupPhase::fixupNode): Silence warning about operator prescedence
3158         causing the || operation to take place before the >= test.
3159         * dfg/DFGInPlaceAbstractState.cpp:
3160         (JSC::DFG::InPlaceAbstractState::endBasicBlock): Ditto (|| before !=)
3161         * testRegExp.cpp:
3162         (testOneRegExp): Ditto %Iu format specifier.
3163         * yarr/YarrInterpreter.cpp:
3164         (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Silence warning about
3165         using a 32-bit value as part of a 64-bit calculation.
3166
3167 2014-10-07  Simon Fraser  <simon.fraser@apple.com>
3168
3169         Roll-over Changelogs.
3170
3171         * ChangeLog-2014-10-07: Copied from Source/JavaScriptCore/ChangeLog.
3172
3173 == Rolled over to ChangeLog-2014-10-07 ==