c04220e9ec937334fb727f8789925bf738409a00
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
2
3         Fix the cloop due to GenGC
4         https://bugs.webkit.org/show_bug.cgi?id=128137
5
6         Reviewed by Geoffrey Garen.
7
8         * llint/LLIntSlowPaths.cpp:
9         (JSC::LLInt::llint_write_barrier_slow):
10         * llint/LLIntSlowPaths.h:
11         * llint/LowLevelInterpreter.cpp:
12         (JSC::CLoopRegister::operator JSCell*):
13         * llint/LowLevelInterpreter32_64.asm:
14         * llint/LowLevelInterpreter64.asm:
15         * offlineasm/cloop.rb:
16         * offlineasm/instructions.rb:
17
18 2014-02-03  Michael Saboff  <msaboff@apple.com>
19
20         REGRESSION (r163011-r163031): Web Inspector: Latest nightly crashes when showing the Web Inspector
21         https://bugs.webkit.org/show_bug.cgi?id=127901
22
23         Reviewed by Geoffrey Garen.
24
25         Set VM::topCallFrame before making calls to possible C++ code in
26         generateProtoChainAccessStub() and tryBuildGetByIDList().
27
28         * jit/Repatch.cpp:
29         (JSC::generateProtoChainAccessStub):
30         (JSC::tryBuildGetByIDList):
31
32 2014-02-03  Andreas Kling  <akling@apple.com>
33
34         Keep only captured symbols in CodeBlock symbol tables.
35         <https://webkit.org/b/128050>
36
37         Discard all uncaptured symbols at the end of codegen since only
38         the captured ones will be used after that point.
39
40         ~2MB progression on Membuster OSUS.
41
42         Reviewed by Geoffrey Garen.
43
44         * bytecode/UnlinkedCodeBlock.h:
45         (JSC::UnlinkedCodeBlock::setSymbolTable):
46         * bytecompiler/BytecodeGenerator.cpp:
47         (JSC::BytecodeGenerator::generate):
48
49 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
50
51         Fix the LLInt C loop
52
53         Rubber stamped by Mark Lam.
54
55         * llint/LLIntSlowPaths.cpp:
56         (JSC::LLInt::llint_write_barrier_slow):
57         * llint/LLIntSlowPaths.h:
58
59 2014-02-03  Dean Jackson  <dino@apple.com>
60
61         Feature flag for shape-inside
62         https://bugs.webkit.org/show_bug.cgi?id=128001
63
64         Reviewed by Simon Fraser.
65
66         Add CSS_SHAPE_INSIDE flag.
67
68         * Configurations/FeatureDefines.xcconfig:
69
70 2014-02-03  Oliver Hunt  <oliver@apple.com>
71
72         Deconstructed parameters aren't being placed in the correct scope
73         https://bugs.webkit.org/show_bug.cgi?id=128126
74
75         Reviewed by Antti Koivisto.
76
77         Make sure we declare the bound parameter names as variables when
78         we reparse.  In the BytecodeGenerator we now also directly ensure
79         that bound parameters are placed in the symbol table of the function
80         we're currently compiling.  We then delay binding until just before
81         we start codegen for the body of the function so that we can ensure
82         the function has completely initialised all scope details.
83
84         * bytecompiler/BytecodeGenerator.cpp:
85         (JSC::BytecodeGenerator::generate):
86         (JSC::BytecodeGenerator::BytecodeGenerator):
87         * bytecompiler/BytecodeGenerator.h:
88         * parser/Parser.cpp:
89         (JSC::Parser<LexerType>::Parser):
90         (JSC::Parser<LexerType>::createBindingPattern):
91
92 2014-02-03  Alexey Proskuryakov  <ap@apple.com>
93
94         Update JS whitespace definition for changes in Unicode 6.3
95         https://bugs.webkit.org/show_bug.cgi?id=127450
96
97         Reviewed by Oliver Hunt.
98
99         * parser/Lexer.h: (JSC::Lexer<UChar>::isWhiteSpace): Part 2 of the fix, update lexer too.
100
101 2014-02-03  Matthew Mirman  <mmirman@apple.com>
102
103         Added GetTypedArrayByteOffset to FTL
104         https://bugs.webkit.org/show_bug.cgi?id=127589
105
106         Reviewed by Filip Pizlo.
107
108         * ftl/FTLAbstractHeapRepository.h:
109         * ftl/FTLCapabilities.cpp:
110         (JSC::FTL::canCompile):
111         * ftl/FTLLowerDFGToLLVM.cpp:
112         (JSC::FTL::LowerDFGToLLVM::compileNode):
113         (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
114         * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
115         (foo):
116         * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
117         (foo):
118
119 2014-02-03  Mark Lam  <mark.lam@apple.com>
120
121         Debugger created JSActivations should account for CodeBlock::framePointerOffsetToGetActivationRegisters().
122         <https://webkit.org/b/128112>
123
124         Reviewed by Geoffrey Garen.
125
126         Currently, when the DebuggerCallFrame creates the JSActivation object
127         for a frame, it does not account for the framePointerOffsetToGetActivationRegisters()
128         offset that needs to be added for DFG frames.
129
130         Instead of special casing the fix in DebuggerCallFrame::scope(), we fix
131         this by adding CodeBlock::framePointerOffsetToGetActivationRegisters() to
132         callFrame->registers() in the JSActivation::create() method that does not
133         explicitly take a Register*. This ensures that JSActivation::create() will
134         always do the right thing instead of only being a special case for the
135         LLINT and baselineJIT.
136
137         Apart from the DebuggerCallFrame, this create() function is only called by
138         slow paths in the LLINT and baselineJIT. Hence, it is not performance
139         critical.
140
141         * runtime/JSActivation.h:
142         (JSC::JSActivation::create):
143
144 2014-01-31  Geoffrey Garen  <ggaren@apple.com>
145
146         Simplified name scope creation for function expressions
147         https://bugs.webkit.org/show_bug.cgi?id=128031
148
149         Reviewed by Mark Lam.
150
151         3X speedup on js/regress/script-tests/function-with-eval.js.
152
153         We used to emit bytecode to push a name into local scope every
154         time a function that needed such a name executed. Now, we push the name
155         into scope once on the function object, and leave it there.
156
157         This is faster, and it also reduces the number of variable resolution
158         modes you have to worry about when thinking about bytecode and the
159         debugger.
160
161         This patch is slightly complicated by the fact that we don't know if
162         a function needs a name scope until we parse its body. So, there's some
163         glue code in here to delay filling in a function's scope until we parse
164         its body for the first time.
165
166         * bytecode/UnlinkedCodeBlock.cpp:
167         (JSC::generateFunctionCodeBlock):
168         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
169         * bytecode/UnlinkedCodeBlock.h:
170         (JSC::UnlinkedFunctionExecutable::functionMode): Renamed
171         functionNameIsInScopeToggle to functionMode.
172
173         * bytecompiler/BytecodeGenerator.cpp:
174         (JSC::BytecodeGenerator::BytecodeGenerator): No need to emit convert_this
175         when debugging. The debugger will perform the conversion as needed.
176
177         (JSC::BytecodeGenerator::resolveCallee):
178         (JSC::BytecodeGenerator::addCallee): Simplified this code by removing
179         the "my function needs a name scope, but didn't allocate one" mode.
180
181         * interpreter/Interpreter.cpp:
182         (JSC::Interpreter::execute):
183         (JSC::Interpreter::executeCall):
184         (JSC::Interpreter::executeConstruct):
185         (JSC::Interpreter::prepareForRepeatCall): Pass a scope slot through to
186         CodeBlock generation, so we can add a function name scope if the parsed
187         function body requires one.
188
189         * jit/JITOperations.cpp:
190         * llint/LLIntSlowPaths.cpp:
191         (JSC::LLInt::setUpCall): Ditto.
192
193         * parser/NodeConstructors.h:
194         (JSC::FuncExprNode::FuncExprNode):
195         (JSC::FuncDeclNode::FuncDeclNode):
196         * parser/Nodes.cpp:
197         (JSC::FunctionBodyNode::finishParsing):
198         * parser/Nodes.h:
199         (JSC::FunctionBodyNode::functionMode): Updated for rename.
200
201         * parser/ParserModes.h:
202         (JSC::functionNameIsInScope):
203         (JSC::functionNameScopeIsDynamic): Helper functions for reasoning about
204         how crazy JavaScript language semantics are.
205
206         * runtime/ArrayPrototype.cpp:
207         (JSC::isNumericCompareFunction):
208         (JSC::attemptFastSort): Updated for interface changes above.
209
210         * runtime/Executable.cpp:
211         (JSC::ScriptExecutable::newCodeBlockFor):
212         (JSC::ScriptExecutable::prepareForExecutionImpl):
213         (JSC::FunctionExecutable::FunctionExecutable):
214         * runtime/Executable.h:
215         (JSC::ScriptExecutable::prepareForExecution):
216         (JSC::FunctionExecutable::functionMode):
217         * runtime/JSFunction.cpp:
218         (JSC::JSFunction::addNameScopeIfNeeded):
219         * runtime/JSFunction.h:
220         * runtime/JSNameScope.h:
221         (JSC::JSNameScope::create):
222         (JSC::JSNameScope::JSNameScope): Added machinery for pushing a function
223         name scope onto a function when we first discover that it's needed.
224
225 2014-01-25  Darin Adler  <darin@apple.com>
226
227         Stop using Unicode.h
228         https://bugs.webkit.org/show_bug.cgi?id=127633
229
230         Reviewed by Anders Carlsson.
231
232         * parser/Lexer.h:
233         * runtime/JSGlobalObjectFunctions.h:
234         * yarr/YarrCanonicalizeUCS2.h:
235         * yarr/YarrInterpreter.h:
236         * yarr/YarrParser.h:
237         * yarr/YarrPattern.h:
238         Removed includes of <wtf/unicode/Unicode.h>, adding includes of
239         ICU headers and <wtf/text/LChar.h> as needed to replace it.
240
241 2014-02-03  Dan Bernstein  <mitz@apple.com>
242
243         Correctly address Darin’s review comment on the last change.
244
245         * runtime/Watchdog.h: Changed an OS(DARWIN) guard around formerly PLATFORM(MAC)-only member
246         variables to the equivalent OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
247
248 2014-02-03  Dan Bernstein  <mitz@apple.com>
249
250         Stop using PLATFORM(MAC) in JavaScriptCore except where it means “OS X but not iOS”
251         https://bugs.webkit.org/show_bug.cgi?id=128098
252
253         Reviewed by Darin Adler.
254
255         * API/JSValueRef.cpp:
256         (JSValueUnprotect): Added an explicit !PLATFORM(IOS) in guards for the Evernote workaround,
257         which is only needed on OS X.
258
259         * API/tests/testapi.c:
260         (main): Changed PLATFORM(MAC) || PLATFORM(IOS) guards to OS(DARWIN), because they were
261         surrounding tests for code that is itself guarded by OS(DARWIN).
262
263         * runtime/Watchdog.h: Changed PLATFORM(MAC) to OS(DARWIN).
264
265         * tools/CodeProfiling.cpp:
266         (JSC::CodeProfiling::begin): Changed PLATFORM(MAC) to
267         OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
268         (JSC::CodeProfiling::end): Ditto.
269
270 2014-02-02  Mark Lam  <mark.lam@apple.com>
271
272         Repatch code is passing the wrong args to lookupExceptionHandler.
273         <https://webkit.org/b/128085>
274
275         Reviewed by Oliver Hunt.
276
277         lookupExceptionHandler() is expecting 2 args: VM*, ExecState*.
278         The repatch code was only passing an ExecState*. A crash ensues.
279         This is now fixed.
280
281         * jit/JIT.cpp:
282         (JSC::JIT::privateCompileExceptionHandlers):
283         * jit/Repatch.cpp:
284         (JSC::generateProtoChainAccessStub):
285
286 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
287
288         JSC profiler's stub info profiling support should work again
289         https://bugs.webkit.org/show_bug.cgi?id=128057
290
291         Reviewed by Mark Lam.
292
293         * bytecode/CodeBlock.cpp:
294         (JSC::CodeBlock::printGetByIdCacheStatus): We want to know if the cache was ever reset by GC, since the DFG uses this information.
295         (JSC::CodeBlock::printLocationAndOp): This shouldn't have been inline.
296         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Ditto.
297         (JSC::CodeBlock::dumpBytecode): Dump the profiling field, and make sure that the caller can pass a StubInfoMap, which is necessary for dumping StructureStubInfo profiling.
298         * bytecode/CodeBlock.h: Out-of-line some methods and add the StubInfoMap parameter.
299         * profiler/ProfilerBytecodeSequence.cpp:
300         (JSC::Profiler::BytecodeSequence::BytecodeSequence): Create a StubInfoMap before dumping bytecodes.
301
302 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
303
304         JSC profiler should show reasons for jettison
305         https://bugs.webkit.org/show_bug.cgi?id=128047
306
307         Reviewed by Geoffrey Garen.
308         
309         Henceforth if you want to jettison a CodeBlock, you gotta tell the Profiler why you did
310         it. This makes figuring out convergence issues - where some code seems to take a long
311         time to get into the top tier compiler - a lot easier.
312
313         * CMakeLists.txt:
314         * GNUmakefile.list.am:
315         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
316         * JavaScriptCore.xcodeproj/project.pbxproj:
317         * bytecode/CodeBlock.cpp:
318         (JSC::CodeBlock::finalizeUnconditionally):
319         (JSC::CodeBlock::jettison):
320         (JSC::CodeBlock::addBreakpoint):
321         (JSC::CodeBlock::setSteppingMode):
322         * bytecode/CodeBlock.h:
323         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
324         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
325         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
326         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
327         * dfg/DFGOperations.cpp:
328         * jit/JITOperations.cpp:
329         * profiler/ProfilerCompilation.cpp:
330         (JSC::Profiler::Compilation::Compilation):
331         (JSC::Profiler::Compilation::toJS):
332         * profiler/ProfilerCompilation.h:
333         (JSC::Profiler::Compilation::setJettisonReason):
334         * profiler/ProfilerJettisonReason.cpp: Added.
335         (WTF::printInternal):
336         * profiler/ProfilerJettisonReason.h: Added.
337         * runtime/CommonIdentifiers.h:
338         * runtime/VM.cpp:
339         (JSC::SetEnabledProfilerFunctor::operator()):
340
341 2014-02-01  Mark Lam  <mark.lam@apple.com>
342
343         Saying "jitType() == JITCode::DFGJIT" is almost never correct.
344         <http://webkit.org/b/128045>
345
346         Reviewed by Filip Pizlo.
347
348         JITCode::isOptimizingJIT(jitType()) is the right way to say it.
349
350         * bytecode/CodeBlock.cpp:
351         (JSC::CodeBlock::addBreakpoint):
352         (JSC::CodeBlock::setSteppingMode):
353         * runtime/VM.cpp:
354         (JSC::SetEnabledProfilerFunctor::operator()):
355
356 2014-02-01  Michael Saboff  <msaboff@apple.com>
357
358         REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.JavaScriptCore: JSC::ArrayProfile::computeUpdatedPrediction + 4
359         https://bugs.webkit.org/show_bug.cgi?id=128037
360
361         Reviewed by Mark Lam.
362
363         op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
364         change set r162739.
365
366         * bytecode/CodeBlock.cpp:
367         (JSC::CodeBlock::CodeBlock):
368         * bytecompiler/BytecodeGenerator.cpp:
369         (JSC::BytecodeGenerator::emitCallVarargs):
370
371 2014-01-31  Mark Lam  <mark.lam@apple.com>
372
373         Gardening: fix build breakage.
374
375         Not reviewed.
376
377         * interpreter/CallFrame.h:
378
379 2014-01-31  Mark Lam  <mark.lam@apple.com>
380
381         Gardening: Fix a merge problem to unbreak bots.
382
383         Not reviewed.
384
385         * bytecompiler/BytecodeGenerator.cpp:
386         (JSC::BytecodeGenerator::BytecodeGenerator):
387
388 2014-01-31  Oliver Hunt  <oliver@apple.com>
389
390         Rollout r163195 and related patches
391
392         * API/JSCallbackObjectFunctions.h:
393         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
394         (JSC::JSCallbackObject<Parent>::put):
395         (JSC::JSCallbackObject<Parent>::deleteProperty):
396         (JSC::JSCallbackObject<Parent>::getStaticValue):
397         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
398         (JSC::JSCallbackObject<Parent>::callbackGetter):
399         * CMakeLists.txt:
400         * DerivedSources.make:
401         * GNUmakefile.am:
402         * GNUmakefile.list.am:
403         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
404         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
405         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
406         * JavaScriptCore.vcxproj/copy-files.cmd:
407         * JavaScriptCore.xcodeproj/project.pbxproj:
408         * builtins/Array.prototype.js: Removed.
409         * builtins/BuiltinExecutables.cpp: Removed.
410         * builtins/BuiltinExecutables.h: Removed.
411         * bytecode/CodeBlock.cpp:
412         (JSC::CodeBlock::CodeBlock):
413         * bytecode/CodeBlock.h:
414         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
415         * bytecode/UnlinkedCodeBlock.cpp:
416         (JSC::generateFunctionCodeBlock):
417         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
418         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
419         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
420         * bytecode/UnlinkedCodeBlock.h:
421         (JSC::ExecutableInfo::ExecutableInfo):
422         (JSC::UnlinkedFunctionExecutable::create):
423         * bytecompiler/BytecodeGenerator.cpp:
424         (JSC::BytecodeGenerator::BytecodeGenerator):
425         * bytecompiler/BytecodeGenerator.h:
426         (JSC::BytecodeGenerator::makeFunction):
427         * bytecompiler/NodesCodegen.cpp:
428         (JSC::CallFunctionCallDotNode::emitBytecode):
429         (JSC::ApplyFunctionCallDotNode::emitBytecode):
430         * create_hash_table:
431         * dfg/DFGDominators.cpp:
432         * dfg/DFGJITCode.cpp:
433         * dfg/DFGOperations.cpp:
434         * generate-js-builtins: Removed.
435         * interpreter/CachedCall.h:
436         (JSC::CachedCall::CachedCall):
437         * interpreter/Interpreter.cpp:
438         * interpreter/ProtoCallFrame.cpp:
439         * jit/JITOpcodes.cpp:
440         * jit/JITOpcodes32_64.cpp:
441         * jit/JITOperations.cpp:
442         * jit/JITPropertyAccess.cpp:
443         * jit/JITPropertyAccess32_64.cpp:
444         * jsc.cpp:
445         * llint/LLIntOffsetsExtractor.cpp:
446         * llint/LLIntSlowPaths.cpp:
447         * parser/ASTBuilder.h:
448         (JSC::ASTBuilder::makeFunctionCallNode):
449         * parser/Lexer.cpp:
450         (JSC::Lexer<T>::Lexer):
451         (JSC::Lexer<LChar>::parseIdentifier):
452         (JSC::Lexer<UChar>::parseIdentifier):
453         (JSC::Lexer<T>::lex):
454         * parser/Lexer.h:
455         (JSC::Lexer<T>::lexExpectIdentifier):
456         * parser/Nodes.cpp:
457         * parser/Nodes.h:
458         * parser/Parser.cpp:
459         (JSC::Parser<LexerType>::Parser):
460         (JSC::Parser<LexerType>::parseInner):
461         (JSC::Parser<LexerType>::didFinishParsing):
462         (JSC::Parser<LexerType>::printUnexpectedTokenText):
463         * parser/Parser.h:
464         (JSC::parse):
465         * parser/ParserModes.h:
466         * parser/ParserTokens.h:
467         * runtime/Arguments.h:
468         * runtime/ArgumentsIteratorPrototype.cpp:
469         * runtime/ArrayPrototype.cpp:
470         (JSC::arrayProtoFuncEvery):
471         * runtime/CodeCache.cpp:
472         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
473         * runtime/CommonIdentifiers.cpp:
474         (JSC::CommonIdentifiers::CommonIdentifiers):
475         * runtime/CommonIdentifiers.h:
476         * runtime/CommonSlowPaths.cpp:
477         * runtime/CommonSlowPathsExceptions.cpp:
478         * runtime/ExceptionHelpers.cpp:
479         (JSC::createUndefinedVariableError):
480         * runtime/Executable.h:
481         (JSC::EvalExecutable::executableInfo):
482         (JSC::ProgramExecutable::executableInfo):
483         (JSC::isHostFunction):
484         * runtime/FunctionPrototype.cpp:
485         (JSC::functionProtoFuncToString):
486         * runtime/JSActivation.cpp:
487         (JSC::JSActivation::symbolTableGet):
488         (JSC::JSActivation::symbolTablePut):
489         (JSC::JSActivation::symbolTablePutWithAttributes):
490         * runtime/JSArgumentsIterator.cpp:
491         * runtime/JSArray.cpp:
492         * runtime/JSArrayIterator.cpp:
493         * runtime/JSCJSValue.cpp:
494         * runtime/JSCellInlines.h:
495         * runtime/JSFunction.cpp:
496         (JSC::JSFunction::calculatedDisplayName):
497         (JSC::JSFunction::sourceCode):
498         (JSC::JSFunction::callerGetter):
499         (JSC::JSFunction::getOwnPropertySlot):
500         (JSC::JSFunction::getOwnNonIndexPropertyNames):
501         (JSC::JSFunction::put):
502         (JSC::JSFunction::defineOwnProperty):
503         * runtime/JSFunction.h:
504         * runtime/JSFunctionInlines.h:
505         (JSC::JSFunction::nativeFunction):
506         (JSC::JSFunction::nativeConstructor):
507         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
508         * runtime/JSGenericTypedArrayViewInlines.h:
509         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
510         * runtime/JSGlobalObject.cpp:
511         (JSC::JSGlobalObject::reset):
512         (JSC::JSGlobalObject::visitChildren):
513         * runtime/JSGlobalObject.h:
514         (JSC::JSGlobalObject::symbolTableHasProperty):
515         * runtime/JSObject.cpp:
516         (JSC::getClassPropertyNames):
517         (JSC::JSObject::reifyStaticFunctionsForDelete):
518         * runtime/JSObject.h:
519         * runtime/JSPromiseConstructor.cpp:
520         * runtime/JSPromiseDeferred.cpp:
521         * runtime/JSPromisePrototype.cpp:
522         * runtime/JSPromiseReaction.h:
523         * runtime/JSPropertyNameIterator.cpp:
524         * runtime/JSPropertyNameIterator.h:
525         * runtime/JSString.h:
526         (JSC::JSString::getStringPropertySlot):
527         (JSC::inlineJSValueNotStringtoString):
528         (JSC::JSValue::toWTFStringInline):
529         * runtime/JSStringInlines.h: Removed.
530         * runtime/JSSymbolTableObject.cpp:
531         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
532         * runtime/JSSymbolTableObject.h:
533         (JSC::symbolTableGet):
534         (JSC::symbolTablePut):
535         (JSC::symbolTablePutWithAttributes):
536         * runtime/Lookup.cpp:
537         (JSC::setUpStaticFunctionSlot):
538         * runtime/Lookup.h:
539         (JSC::HashEntry::propertyGetter):
540         (JSC::HashEntry::propertyPutter):
541         (JSC::HashTable::entry):
542         (JSC::getStaticPropertySlot):
543         (JSC::getStaticValueSlot):
544         (JSC::putEntry):
545         * runtime/NativeErrorConstructor.cpp:
546         * runtime/NativeErrorConstructor.h:
547         (JSC::NativeErrorConstructor::finishCreation):
548         * runtime/PropertySlot.h:
549         * runtime/RegExpConstructor.cpp:
550         * runtime/RegExpPrototype.cpp:
551         * runtime/SetConstructor.cpp:
552         * runtime/StringObject.cpp:
553         * runtime/Structure.cpp:
554         * runtime/VM.cpp:
555         (JSC::VM::VM):
556         * runtime/VM.h:
557
558 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
559
560         DFG->FTL tier-up shouldn't assume that LoopHints stay at the tops of loops
561         https://bugs.webkit.org/show_bug.cgi?id=128030
562
563         Reviewed by Oliver Hunt.
564         
565         Remove a bogus assertion. The only thing that matters is that the LoopHint had at one
566         point in time been at the top of a loop header, and that it is now at the top of a
567         basic block. But the basic block that it's at the top of now doesn't have to be the
568         same as the loop header that it once was the top of.
569
570         * dfg/DFGTierUpCheckInjectionPhase.cpp:
571         (JSC::DFG::TierUpCheckInjectionPhase::run):
572         * tests/stress/tier-up-in-loop-with-cfg-simplification.js: Added.
573         (foo):
574
575 2014-01-31  Mark Lam  <mark.lam@apple.com>
576
577         Avoid eagerly creating the JSActivation when the debugger is attached.
578         <https://webkit.org/b/127910>
579
580         Reviewed by Oliver Hunt.
581
582         Octane scores for this patch:
583             baseline w/o WebInspector: 11621
584             patched  w/o WebInspector: 11801
585             baseline w/ WebInspector:  3295
586             patched  w/ WebInspector:  7070   2.1x improvement
587
588         1. Because debugger can potentially create a closure from any call frame,
589            we need every function to allocate an activation register and check for
590            the need to tear off the activation (if needed) on return.
591
592            However, we do not need to eagerly create the activation object.
593            This patch implements the optimization to defer creation of the
594            activation object until we actually need it i.e. when:
595
596            1. We encounter a "eval", "with", or "catch" statement.
597            2. We've paused in the debugger, and called DebuggerCallFrame::scope().
598
599         2. The UnlinkedCodeBlock provides a needsFullScopeChain flag that is used
600            to indicate whether the linked CodeBlock will need an activation
601            object or not. Under normal circumstances, needsFullScopeChain and
602            needsActivation are synonymous. However, with a debugger attached, we
603            want the CodeBlock to always allocate an activationRegister even if
604            it does not need a "full scope chain".
605
606            Hence, we apply the following definitions to the "flags":
607
608            1. UnlinkedCodeBlock::needsFullScopeChain() - this flag indicates that
609               the parser discovered JS artifacts (e.g. use of "eval", "with", etc.)
610               that requires an activation.
611
612               BytecodeGenerator's destinationForAssignResult() and leftHandSideNeedsCopy()
613               checks needsFullScopeChain().
614
615            2. UnlinkedCodeBlock::hasActivationRegister() - this flag indicates that
616               an activation register was created for the UnlinkedCodeBlock either
617               because it needsFullScopeChain() or because the debugger is attached.
618
619            3. CodeBlock::needsActivation() reflects UnlinkedCodeBlock's
620               hasActivationRegister().
621
622         3. Introduced BytecodeGenerator::emitPushFunctionNameScope() and
623            BytecodeGenerator::emitPushCatchScope() because the JSNameScope
624            pushed for a function name cannot be popped unlike the JSNameScope
625            pushed for a "catch". Hence, we have 2 functions to handle the 2 cases
626            differently.
627
628         4. Removed DebuggerCallFrame::evaluateWithCallFrame() and require that all
629            debugger evaluations go through the DebuggerCallFrame::evaluate(). This
630            ensures that debugger evaluations require a DebuggerCallFrame.
631
632            DebuggerCallFrame::evaluateWithCallFrame() was used previously because
633            we didn't want to instantiate a DebuggerCallFrame on every debug hook
634            callback. However, we now only call the debug hooks when needed, and
635            this no longer poses a performance problem.
636
637            In addition, when the debug hook does an eval to test a breakpoint
638            condition, it is incorrect to evaluate it without a DebuggerCallFrame
639            anyway.
640
641         5. Added some utility functions to the CallFrame to make it easier to work
642            with the activation register in the frame (if present). These utility
643            functions should only be called if the CodeBlock::needsActivation() is
644            true (which indicates the presence of the activation register). The
645            utlity functions are:
646
647            1. CallFrame::hasActivation()
648               - checks if the frame's activation object has been created.
649
650            2. CallFrame::activation()
651               - returns the frame's activation object.
652
653            3. CallFrame::uncheckedActivation()
654               - returns the JSValue in the frame's activation register. May be null.
655
656            4. CallFrame::setActivation()
657               - sets the frame's activation object.
658
659         * bytecode/CodeBlock.cpp:
660         (JSC::CodeBlock::dumpBytecode):
661         - added symbollic dumping of ResolveMode and ResolveType values for some
662           bytecodes.
663         (JSC::CodeBlock::CodeBlock):
664         * bytecode/CodeBlock.h:
665         (JSC::CodeBlock::activationRegister):
666         (JSC::CodeBlock::uncheckedActivationRegister):
667         (JSC::CodeBlock::needsActivation):
668         * bytecode/UnlinkedCodeBlock.h:
669         (JSC::UnlinkedCodeBlock::needsFullScopeChain):
670         (JSC::UnlinkedCodeBlock::hasActivationRegister):
671         * bytecompiler/BytecodeGenerator.cpp:
672         (JSC::BytecodeGenerator::BytecodeGenerator):
673         (JSC::BytecodeGenerator::resolveCallee):
674         (JSC::BytecodeGenerator::createActivationIfNecessary):
675         (JSC::BytecodeGenerator::emitCallEval):
676         (JSC::BytecodeGenerator::emitReturn):
677         (JSC::BytecodeGenerator::emitPushWithScope):
678         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
679         (JSC::BytecodeGenerator::emitPushCatchScope):
680         * bytecompiler/BytecodeGenerator.h:
681         * bytecompiler/NodesCodegen.cpp:
682         (JSC::TryNode::emitBytecode):
683         * debugger/Debugger.cpp:
684         (JSC::Debugger::hasBreakpoint):
685         (JSC::Debugger::pauseIfNeeded):
686         * debugger/DebuggerCallFrame.cpp:
687         (JSC::DebuggerCallFrame::scope):
688         (JSC::DebuggerCallFrame::evaluate):
689         * debugger/DebuggerCallFrame.h:
690         * dfg/DFGByteCodeParser.cpp:
691         (JSC::DFG::ByteCodeParser::parseCodeBlock):
692         * dfg/DFGGraph.h:
693         - Removed an unused function DFGGraph::needsActivation().
694         * interpreter/CallFrame.cpp:
695         (JSC::CallFrame::activation):
696         (JSC::CallFrame::setActivation):
697         * interpreter/CallFrame.h:
698         (JSC::ExecState::hasActivation):
699         (JSC::ExecState::registers):
700         * interpreter/CallFrameInlines.h:
701         (JSC::CallFrame::uncheckedActivation):
702         * interpreter/Interpreter.cpp:
703         (JSC::unwindCallFrame):
704         (JSC::Interpreter::unwind):
705         * jit/JITOperations.cpp:
706         * llint/LLIntSlowPaths.cpp:
707         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
708         * runtime/CommonSlowPaths.cpp:
709         (JSC::SLOW_PATH_DECL):
710
711         * runtime/JSScope.cpp:
712         * runtime/JSScope.h:
713         (JSC::resolveModeName):
714         (JSC::resolveTypeName):
715         - utility functions for decoding names of the ResolveMode and ResolveType.
716           These are used in CodeBlock::dumpBytecode().
717
718 2014-01-31  Michael Saboff  <msaboff@apple.com>
719
720         REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
721         https://bugs.webkit.org/show_bug.cgi?id=128017
722
723         Reviewed by Filip Pizlo.
724
725         Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
726         to JSLock and JSLock::DropAllLocks.  The saved data is now stored in per-thread in
727         WTFThreadData.
728
729         * runtime/InitializeThreading.cpp:
730         (JSC::initializeThreading):
731         * runtime/JSLock.cpp:
732         (JSC::JSLock::lock):
733         (JSC::JSLock::unlock):
734         (JSC::JSLock::DropAllLocks::DropAllLocks):
735         (JSC::JSLock::DropAllLocks::~DropAllLocks):
736         * runtime/JSLock.h:
737         * runtime/VMEntryScope.cpp:
738         (JSC::VMEntryScope::VMEntryScope):
739         (JSC::VMEntryScope::~VMEntryScope):
740         * runtime/VMEntryScope.h:
741
742 2014-01-31  Mark Lam  <mark.lam@apple.com>
743
744         Don't need a JSNameScope for the callee name just for the debugger.
745         <https://webkit.org/b/128024>
746
747         Reviewed by Geoffrey Garen.
748
749         Currently, in the bytecode for a function, we push a JSNamedScope for
750         the name of the function when a debugger is attached. The name scope for
751         the function name is only needed for evals which can redefine the name
752         to resolve to something else, and can later delete the redefined name
753         which should revert the resolution of the name to the original function.
754         The debugger does not need this feature because it declares all new vars
755         in a temporary nested scope. Hence, we can remove the presence of the
756         debugger as a criteria for pushing the JSNameScope.
757
758         * bytecompiler/BytecodeGenerator.cpp:
759         (JSC::BytecodeGenerator::resolveCallee):
760         (JSC::BytecodeGenerator::addCallee):
761
762 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
763
764         Unreviewed, build fix.
765
766         * ftl/FTLOSREntry.cpp:
767
768 2014-01-31  Oliver Hunt  <oliver@apple.com>
769
770         Fix windows
771
772         * generate-js-builtins:
773
774 2014-01-31  Oliver Hunt  <oliver@apple.com>
775
776         Fix 32bit.
777
778         * jit/JITPropertyAccess32_64.cpp:
779
780 2014-01-31  Mark Lam  <mark.lam@apple.com>
781
782         Add options to force debugger / profiler bytecode generation.
783         <https://webkit.org/b/128014>
784
785         Reviewed by Oliver Hunt.
786
787         Add Options::forceDebuggerBytecodeGeneration() and
788         Options::forceProfilerBytecodeGeneration(). These options make it more
789         convenient to do correctness testing when debugger / profiler bytecodes
790         are generated.
791
792         These options are disabled by default.
793
794         * bytecompiler/BytecodeGenerator.cpp:
795         (JSC::BytecodeGenerator::BytecodeGenerator):
796         * runtime/Options.h:
797
798 2014-01-29  Oliver Hunt  <oliver@apple.com>
799
800         Make it possible to implement JS builtins in JS
801         https://bugs.webkit.org/show_bug.cgi?id=127887
802
803         Reviewed by Michael Saboff.
804
805         This patch makes it possible to write builtin functions in JS.
806         The bindings, generators, and definitions are all created automatically
807         based on js files in the builtins/ directory.  This patch includes one
808         such case: Array.prototype.js with an implementation of every().
809
810         There's a lot of refactoring to make it possible for CommonIdentifiers
811         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
812         without breaking the offset extractor. The result of this refactoring
813         is that CommonIdentifiers, and a few other miscellaneous headers now
814         need to be included directly as they were formerly captured through other
815         paths.
816
817         In addition this adds a flag to the Lookup table's hashentry to indicate
818         that a static function is actually backed by JS. There is then a lot of
819         logic to thread the special nature of the functon to where it matters.
820         This allows toString(), .caller, etc to mimic the behaviour of a host
821         function.
822
823         Notes on writing builtins:
824          - Each function is compiled independently of the others, and those
825            implementations cannot currently capture all global properties (as
826            that could be potentially unsafe). If a function does capture a
827            global we will deliberately crash.
828          - For those "global" properties that we do want access to, we use
829            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
830            are private names, and behave just like regular properties, only
831            without the risk of adulteration. Again, in the @Object case, we
832            explicitly duplicate the ObjectConstructor reference on the GlobalObject
833            so that we have guaranteed access to the original version of the
834            constructor.
835          - call, apply, eval, and Function are all rejected identifiers, again
836            to prevent anything from accidentally using an adulterated object.
837            Instead @call and @apply are available, and happily they completely
838            drop the neq_ptr instruction as they're defined as always being the
839            original call/apply functions.
840
841         These restrictions are just intended to make it harder to accidentally
842         make changes that are incorrect (for instance calling whatever has been
843         assigned to global.Object, instead of the original constructor function).
844         However, making a mistake like this should result in a purely semantic
845         error as fundamentally these functions are treated as though they were
846         regular JS code in the host global, and have no more privileges than
847         any other JS.
848
849         The initial proof of concept is Array.prototype.every, this shows a 65%
850         performance improvement, and that improvement is significantly hurt by
851         our poor optimisation of op_in.
852
853         As this is such a limited function, we have not yet exported all symbols
854         that we could possibly need, but as we implement more, the likelihood
855         of encountering missing features will reduce.
856
857         This did require breaking out a JSStringInlines header, and required
858         fixing a few objects that were trying to using PropertyName::publicName
859         rather than PropertyName::uid.
860
861         * API/JSCallbackObjectFunctions.h:
862         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
863         (JSC::JSCallbackObject<Parent>::put):
864         (JSC::JSCallbackObject<Parent>::deleteProperty):
865         (JSC::JSCallbackObject<Parent>::getStaticValue):
866         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
867         (JSC::JSCallbackObject<Parent>::callbackGetter):
868         * CMakeLists.txt:
869         * DerivedSources.make:
870         * GNUmakefile.list.am:
871         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
872         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
873         * JavaScriptCore.xcodeproj/project.pbxproj:
874         * builtins/Array.prototype.js:
875         (every):
876         * builtins/BuiltinExecutables.cpp: Added.
877         (JSC::BuiltinExecutables::BuiltinExecutables):
878         (JSC::BuiltinExecutables::createBuiltinExecutable):
879         * builtins/BuiltinExecutables.h:
880         (JSC::BuiltinExecutables::create):
881         * bytecode/CodeBlock.cpp:
882         (JSC::CodeBlock::CodeBlock):
883         * bytecode/CodeBlock.h:
884         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
885         * bytecode/UnlinkedCodeBlock.cpp:
886         (JSC::generateFunctionCodeBlock):
887         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
888         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
889         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
890         * bytecode/UnlinkedCodeBlock.h:
891         (JSC::ExecutableInfo::ExecutableInfo):
892         (JSC::UnlinkedFunctionExecutable::create):
893         (JSC::UnlinkedFunctionExecutable::toStrictness):
894         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
895         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
896         * bytecompiler/BytecodeGenerator.cpp:
897         (JSC::BytecodeGenerator::BytecodeGenerator):
898         * bytecompiler/BytecodeGenerator.h:
899         (JSC::BytecodeGenerator::isBuiltinFunction):
900         (JSC::BytecodeGenerator::makeFunction):
901         * bytecompiler/NodesCodegen.cpp:
902         (JSC::CallFunctionCallDotNode::emitBytecode):
903         (JSC::ApplyFunctionCallDotNode::emitBytecode):
904         * create_hash_table:
905         * dfg/DFGOperations.cpp:
906         * generate-js-builtins: Added.
907         (getCopyright):
908         (getFunctions):
909         (generateCode):
910         (mangleName):
911         (FunctionExecutable):
912         (Identifier):
913         (JSGlobalObject):
914         (SourceCode):
915         (UnlinkedFunctionExecutable):
916         (VM):
917         * interpreter/Interpreter.cpp:
918         * interpreter/ProtoCallFrame.cpp:
919         * jit/JITOpcodes.cpp:
920         * jit/JITOpcodes32_64.cpp:
921         * jit/JITOperations.cpp:
922         * jit/JITPropertyAccess.cpp:
923         * jit/JITPropertyAccess32_64.cpp:
924         * jsc.cpp:
925         * llint/LLIntSlowPaths.cpp:
926         * parser/ASTBuilder.h:
927         (JSC::ASTBuilder::makeFunctionCallNode):
928         * parser/Lexer.cpp:
929         (JSC::Lexer<T>::Lexer):
930         (JSC::isSafeIdentifier):
931         (JSC::Lexer<LChar>::parseIdentifier):
932         (JSC::Lexer<UChar>::parseIdentifier):
933         (JSC::Lexer<T>::lex):
934         * parser/Lexer.h:
935         (JSC::isSafeIdentifier):
936         (JSC::Lexer<T>::lexExpectIdentifier):
937         * parser/Nodes.cpp:
938         (JSC::ProgramNode::setClosedVariables):
939         * parser/Nodes.h:
940         (JSC::ScopeNode::capturedVariables):
941         (JSC::ScopeNode::setClosedVariables):
942         (JSC::ProgramNode::closedVariables):
943         * parser/Parser.cpp:
944         (JSC::Parser<LexerType>::Parser):
945         (JSC::Parser<LexerType>::parseInner):
946         (JSC::Parser<LexerType>::didFinishParsing):
947         (JSC::Parser<LexerType>::printUnexpectedTokenText):
948         * parser/Parser.h:
949         (JSC::Scope::getUsedVariables):
950         (JSC::Parser::closedVariables):
951         (JSC::parse):
952         * parser/ParserModes.h:
953         * parser/ParserTokens.h:
954         * runtime/ArgList.cpp:
955         * runtime/Arguments.cpp:
956         * runtime/Arguments.h:
957         * runtime/ArgumentsIteratorConstructor.cpp:
958         * runtime/ArgumentsIteratorPrototype.cpp:
959         * runtime/ArrayPrototype.cpp:
960         * runtime/CodeCache.cpp:
961         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
962         * runtime/CommonIdentifiers.cpp:
963         (JSC::CommonIdentifiers::CommonIdentifiers):
964         (JSC::CommonIdentifiers::getPrivateName):
965         (JSC::CommonIdentifiers::getPublicName):
966         * runtime/CommonIdentifiers.h:
967         * runtime/CommonSlowPaths.cpp:
968         * runtime/CommonSlowPathsExceptions.cpp:
969         * runtime/ExceptionHelpers.cpp:
970         (JSC::createUndefinedVariableError):
971         * runtime/Executable.h:
972         (JSC::EvalExecutable::executableInfo):
973         (JSC::ProgramExecutable::executableInfo):
974         (JSC::FunctionExecutable::isBuiltinFunction):
975         * runtime/FunctionPrototype.cpp:
976         (JSC::functionProtoFuncToString):
977         * runtime/JSActivation.cpp:
978         (JSC::JSActivation::symbolTableGet):
979         (JSC::JSActivation::symbolTablePut):
980         (JSC::JSActivation::symbolTablePutWithAttributes):
981         * runtime/JSArgumentsIterator.cpp:
982         * runtime/JSArray.cpp:
983         * runtime/JSArrayIterator.cpp:
984         * runtime/JSCJSValue.cpp:
985         * runtime/JSCellInlines.h:
986         * runtime/JSFunction.cpp:
987         (JSC::JSFunction::createBuiltinFunction):
988         (JSC::JSFunction::calculatedDisplayName):
989         (JSC::JSFunction::sourceCode):
990         (JSC::JSFunction::isHostOrBuiltinFunction):
991         (JSC::JSFunction::isBuiltinFunction):
992         (JSC::JSFunction::callerGetter):
993         (JSC::JSFunction::getOwnPropertySlot):
994         (JSC::JSFunction::getOwnNonIndexPropertyNames):
995         (JSC::JSFunction::put):
996         (JSC::JSFunction::defineOwnProperty):
997         * runtime/JSFunction.h:
998         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
999         * runtime/JSGenericTypedArrayViewInlines.h:
1000         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
1001         * runtime/JSGlobalObject.cpp:
1002         (JSC::JSGlobalObject::reset):
1003         (JSC::JSGlobalObject::visitChildren):
1004         * runtime/JSGlobalObject.h:
1005         (JSC::JSGlobalObject::objectConstructor):
1006         (JSC::JSGlobalObject::symbolTableHasProperty):
1007         * runtime/JSObject.cpp:
1008         (JSC::getClassPropertyNames):
1009         (JSC::JSObject::reifyStaticFunctionsForDelete):
1010         (JSC::JSObject::putDirectBuiltinFunction):
1011         * runtime/JSObject.h:
1012         * runtime/JSPropertyNameIterator.cpp:
1013         * runtime/JSPropertyNameIterator.h:
1014         * runtime/JSString.h:
1015         * runtime/JSStringInlines.h: Added.
1016         (JSC::JSString::getStringPropertySlot):
1017         (JSC::inlineJSValueNotStringtoString):
1018         (JSC::JSValue::toWTFStringInline):
1019         * runtime/JSSymbolTableObject.cpp:
1020         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
1021            Don't report private names.
1022         * runtime/JSSymbolTableObject.h:
1023         (JSC::symbolTableGet):
1024         (JSC::symbolTablePut):
1025         (JSC::symbolTablePutWithAttributes):
1026         * runtime/Lookup.cpp:
1027         (JSC::setUpStaticFunctionSlot):
1028         * runtime/Lookup.h:
1029         (JSC::HashEntry::builtinGenerator):
1030         (JSC::HashEntry::propertyGetter):
1031         (JSC::HashEntry::propertyPutter):
1032         (JSC::HashTable::entry):
1033         (JSC::getStaticPropertySlot):
1034         (JSC::getStaticValueSlot):
1035         (JSC::putEntry):
1036         * runtime/NativeErrorConstructor.cpp:
1037         (JSC::NativeErrorConstructor::finishCreation):
1038         * runtime/NativeErrorConstructor.h:
1039         * runtime/PropertySlot.h:
1040         * runtime/RegExpPrototype.cpp:
1041         * runtime/SetConstructor.cpp:
1042         * runtime/StringObject.cpp:
1043         * runtime/Structure.cpp:
1044         * runtime/VM.cpp:
1045         (JSC::VM::VM):
1046         * runtime/VM.h:
1047         (JSC::VM::builtinExecutables):
1048
1049 2014-01-31  Gabor Rapcsanyi  <rgabor@webkit.org>
1050
1051         Fix the ARM Thumb2 build after jsCStack branch merge
1052         https://bugs.webkit.org/show_bug.cgi?id=127903
1053
1054         Reviewed by Michael Saboff.
1055
1056         SP register cannot be used as a destination register of SUB or ADD on Thumb mode.
1057
1058         * llint/LowLevelInterpreter.asm:
1059         * llint/LowLevelInterpreter32_64.asm:
1060
1061 2014-01-31  Julien Brianceau  <jbriance@cisco.com>
1062
1063         [arm] Add missing pushPair/popPair implementations in MacroAssemblerARM.h
1064         https://bugs.webkit.org/show_bug.cgi?id=127904
1065
1066         Reviewed by Zoltan Herczeg.
1067
1068         * assembler/MacroAssemblerARM.h:
1069         (JSC::MacroAssemblerARM::popPair):
1070         (JSC::MacroAssemblerARM::pushPair):
1071
1072 2014-01-30  Martin Robinson  <mrobinson@igalia.com>
1073
1074         [GTK] [CMake] Add support for building against GTK+ 2
1075         https://bugs.webkit.org/show_bug.cgi?id=127959
1076
1077         Reviewed by Anders Carlsson.
1078
1079         * PlatformGTK.cmake: Use the new API version variable and don't use GTK3 directly.
1080
1081 2014-01-30  Andreas Kling  <akling@apple.com>
1082
1083         CodeBlock's cloned SymbolTables only need the captured names.
1084         <https://webkit.org/b/127978>
1085
1086         Renamed SymbolTable::clone() to SymbolTable::cloneCapturedNames()
1087         and make it skip over any symbols that aren't captured, since those
1088         won't be needed after codegen.
1089
1090         This is a first step towards getting rid of redundant symbol tables.
1091
1092         Reviewed by Geoffrey Garen.
1093
1094         * bytecode/CodeBlock.cpp:
1095         (JSC::CodeBlock::CodeBlock):
1096         * runtime/SymbolTable.cpp:
1097         (JSC::SymbolTable::cloneCapturedNames):
1098         * runtime/SymbolTable.h:
1099
1100 2014-01-28  Timothy Hatcher  <timothy@apple.com>
1101
1102         Add column number and call timing support to LegacyProfiler.
1103
1104         https://bugs.webkit.org/show_bug.cgi?id=127764
1105
1106         Reviewed by Joseph Pecoraro.
1107
1108         * interpreter/Interpreter.cpp:
1109         (JSC::Interpreter::execute):
1110         * profiler/CallIdentifier.h:
1111         (JSC::CallIdentifier::CallIdentifier):
1112         (JSC::CallIdentifier::functionName):
1113         (JSC::CallIdentifier::url):
1114         (JSC::CallIdentifier::lineNumber):
1115         (JSC::CallIdentifier::columnNumber):
1116         (JSC::CallIdentifier::operator==):
1117         (JSC::CallIdentifier::operator!=):
1118         (JSC::CallIdentifier::Hash::hash):
1119         (WTF::HashTraits<JSC::CallIdentifier>::constructDeletedValue):
1120         (WTF::HashTraits<JSC::CallIdentifier>::isDeletedValue):
1121         * profiler/LegacyProfiler.cpp:
1122         (JSC::LegacyProfiler::willExecute):
1123         (JSC::LegacyProfiler::didExecute):
1124         (JSC::LegacyProfiler::exceptionUnwind):
1125         (JSC::LegacyProfiler::createCallIdentifier):
1126         (JSC::createCallIdentifierFromFunctionImp):
1127         * profiler/LegacyProfiler.h:
1128         * profiler/Profile.cpp:
1129         (JSC::Profile::Profile):
1130         * profiler/Profile.h:
1131         (JSC::Profile::uid):
1132         (JSC::Profile::idleTime):
1133         (JSC::Profile::setIdleTime):
1134         * profiler/ProfileGenerator.cpp:
1135         (JSC::AddParentForConsoleStartFunctor::operator()):
1136         (JSC::ProfileGenerator::addParentForConsoleStart):
1137         (JSC::ProfileGenerator::willExecute):
1138         (JSC::ProfileGenerator::didExecute):
1139         (JSC::ProfileGenerator::stopProfiling):
1140         (JSC::ProfileGenerator::removeProfileStart):
1141         (JSC::ProfileGenerator::removeProfileEnd):
1142         * profiler/ProfileNode.cpp:
1143         (JSC::ProfileNode::ProfileNode):
1144         (JSC::ProfileNode::stopProfiling):
1145         (JSC::ProfileNode::endAndRecordCall):
1146         (JSC::ProfileNode::startTimer):
1147         (JSC::ProfileNode::debugPrintData):
1148         * profiler/ProfileNode.h:
1149         (JSC::ProfileNode::Call::Call):
1150         (JSC::ProfileNode::Call::startTime):
1151         (JSC::ProfileNode::Call::setStartTime):
1152         (JSC::ProfileNode::Call::totalTime):
1153         (JSC::ProfileNode::Call::setTotalTime):
1154         (JSC::ProfileNode::id):
1155         (JSC::ProfileNode::functionName):
1156         (JSC::ProfileNode::url):
1157         (JSC::ProfileNode::lineNumber):
1158         (JSC::ProfileNode::columnNumber):
1159         (JSC::ProfileNode::calls):
1160         (JSC::ProfileNode::lastCall):
1161         (JSC::ProfileNode::numberOfCalls):
1162
1163 2014-01-26  Timothy Hatcher  <timothy@apple.com>
1164
1165         Include profile with FunctionCall and EvaluateScript Timeline records.
1166
1167         https://bugs.webkit.org/show_bug.cgi?id=127663
1168
1169         Reviewed by Joseph Pecoraro.
1170
1171         * inspector/InjectedScriptBase.cpp:
1172         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
1173         * inspector/InspectorEnvironment.h:
1174         * inspector/JSGlobalObjectInspectorController.h:
1175
1176 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1177
1178         FTL should support GetById(Untyped:)
1179         https://bugs.webkit.org/show_bug.cgi?id=127750
1180
1181         Reviewed by Oliver Hunt.
1182         
1183         This was supposed to be easy. Indeed, the actual GetById UntypedUse case was easy. But
1184         then it expanded coverage by a lot and I got to deal with three bugs. So, this has
1185         some additional changes:
1186         
1187         Also make it safe for LLVM to duplicate calls to patchpoints and stackmaps. Previously
1188         we incorrectly assumed that if we emitted a patchpoint, then there would only be one
1189         copy of that patchpoint (with that ID) in the resulting machine code and in the
1190         stackmaps section. That's obviously a bad assumption - LLVM is allowed to do anything
1191         it wants so long as the outcome of executing the code has a semantically equivalent
1192         meaning to the IR we gave it, and duplicating code is trivially OK under this rule. We
1193         should be OK with it, too. The solution is to add Vectors in a bunch of places that
1194         previously just thought they only had one value. For example, an InlineCacheDescriptor
1195         now has a Vector of generators - one generator for each copy that LLVM stamped out.
1196         Normally there will only be one copy, of course - since duplication is usually
1197         unprofitable. But, if LLVM decides that copying would be groovy then we will no longer
1198         barf.
1199         
1200         Also fix SSA conversion. It turns out that we mishandled the case where a block had
1201         multiple Phi functions for the same local. If any of those CPS Phis fail to trivialize
1202         in the Aycock-Horspool fixpoint, we need to insert an SSA Phi. Previously, it was
1203         assuming that so long as the head CPS Phi was trivial, we could forego SSA Phi
1204         insertion. That's wrong if the head CPS Phi trivialized but ended up pointing to a
1205         non-trivial CPS Phi in the same block. This madness with trees of Phis occurs because
1206         we try to save on compile times: no Phi ever has more than three children even if the
1207         block has more than three predecessors; we just build out a tree of Phis to satisfy
1208         all predecessors. So weird.
1209         
1210         And finally, fix DFG->FTL OSR entry's reconstruction of 'this' in a constructor. That
1211         reconstruction code, JITCode::reconstruct(), had a work-around for the case where we
1212         were entering into a constructor at the prologue. In that case, 'this' is definitely
1213         unavailable. But the OSR code does reconstructions at LoopHints, which aren't at the
1214         prologue, and so 'this' should totally be available.
1215
1216         * dfg/DFGGraph.cpp:
1217         (JSC::DFG::Graph::dump):
1218         * dfg/DFGJITCode.cpp:
1219         (JSC::DFG::JITCode::reconstruct):
1220         * dfg/DFGNode.h:
1221         (JSC::DFG::Node::tryGetVariableAccessData):
1222         * dfg/DFGSSAConversionPhase.cpp:
1223         (JSC::DFG::SSAConversionPhase::run):
1224         * ftl/FTLCapabilities.cpp:
1225         (JSC::FTL::canCompile):
1226         * ftl/FTLCompile.cpp:
1227         (JSC::FTL::generateICFastPath):
1228         (JSC::FTL::fixFunctionBasedOnStackMaps):
1229         * ftl/FTLInlineCacheDescriptor.h:
1230         * ftl/FTLJITFinalizer.cpp:
1231         (JSC::FTL::JITFinalizer::codeSize):
1232         * ftl/FTLJSCall.cpp:
1233         (JSC::FTL::JSCall::JSCall):
1234         * ftl/FTLJSCall.h:
1235         * ftl/FTLLowerDFGToLLVM.cpp:
1236         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1237         (JSC::FTL::LowerDFGToLLVM::getById):
1238         * ftl/FTLOSREntry.cpp:
1239         (JSC::FTL::prepareOSREntry):
1240         * ftl/FTLStackMaps.cpp:
1241         (JSC::FTL::StackMaps::getRecordMap):
1242         * ftl/FTLStackMaps.h:
1243         * tests/stress/get-by-id-untyped.js: Added.
1244         (foo):
1245
1246 2014-01-30  Geoffrey Garen  <ggaren@apple.com>
1247
1248         Part 2: REGRESSION: JavascriptCore crash during OS Installation (due to
1249         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1250         https://bugs.webkit.org/show_bug.cgi?id=127950
1251
1252         Reviewed by Mark Hahnenberg.
1253
1254         Scope the APICallbackShim to make sure that we re-acquire the lock
1255         before putting the heap back into the "unsafe to allocate" state.
1256         Otherwise, the heap will seem to be in the "unsafe to allocate" state
1257         during any GC that happens before we re-acquire the lock.
1258
1259         No regression test because threads.
1260
1261         * heap/DelayedReleaseScope.h:
1262         (JSC::DelayedReleaseScope::~DelayedReleaseScope):
1263
1264 2014-01-30  Filip Pizlo  <fpizlo@apple.com>
1265
1266         Update FTL StackMaps parser to stackSize change
1267         https://bugs.webkit.org/show_bug.cgi?id=127933
1268
1269         Reviewed by Oliver Hunt.
1270
1271         * ftl/FTLStackMaps.cpp:
1272         (JSC::FTL::StackMaps::parse):
1273
1274 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1275
1276         [GTK] Only disable -ftree-dce optimization when compiling with GCC
1277         https://bugs.webkit.org/show_bug.cgi?id=127911
1278
1279         Reviewed by Carlos Garcia Campos.
1280
1281         * GNUmakefile.am: Only disable the -ftree-dce optimization when using the GCC compiler.
1282         Some Clang versions/configurations don't support the flag.
1283
1284 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1285
1286         [GTK] Disable optimizations for JSC that turned out malignant after jsCStack branch merge
1287         https://bugs.webkit.org/show_bug.cgi?id=127909
1288
1289         Reviewed by Carlos Garcia Campos.
1290
1291         * GNUmakefile.am: Disable the -fomit-frame-pointer optimization to achieve proper register usage
1292         in operationCallEval. Disable the -ftree-dce optimization since it is causing additional failures
1293         when using GCC 4.8, possibly due to a bug in the compiler itself.
1294
1295 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1296
1297         Remove ENABLE(JAVASCRIPT_DEBUGGER) leftovers
1298         https://bugs.webkit.org/show_bug.cgi?id=127845
1299
1300         Reviewed by Joseph Pecoraro.
1301
1302         * Configurations/FeatureDefines.xcconfig:
1303
1304 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1305
1306         Web Inspector: Play Breakpoint Sound in Frontend
1307         https://bugs.webkit.org/show_bug.cgi?id=127885
1308
1309         Reviewed by Timothy Hatcher.
1310
1311         * inspector/ScriptDebugListener.h:
1312         * inspector/ScriptDebugServer.cpp:
1313         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
1314         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1315         * inspector/ScriptDebugServer.h:
1316         Pass the breakpoint action identifier through when the
1317         sound breakpoint action is triggered.
1318
1319         * inspector/protocol/Debugger.json:
1320         New "playBreakpointActionSound" event when a "sound" breakpoint action triggers.
1321
1322         * inspector/agents/InspectorDebuggerAgent.h:
1323         * inspector/agents/InspectorDebuggerAgent.cpp:
1324         (Inspector::InspectorDebuggerAgent::breakpointActionSound):
1325         Send the new event so the frontend can handle it.
1326
1327 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1328
1329         Merge final changesets from the jsCStack branch (r162969, r162975, r162992, r163004, r163069).
1330
1331     2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1332     
1333             DFG ArrayPop double array mishandles the NaN hole installation
1334             https://bugs.webkit.org/show_bug.cgi?id=127813
1335     
1336             Reviewed by Mark Rowe.
1337             
1338             Our object model for arrays inferred double dictates that we use quiet NaN (QNaN) to
1339             mark holes. Holes, in this context, are any entries in the allocated array buffer
1340             (i.e. from index 0 up to the vectorLength) that don't currently hold a value. Popping
1341             creates a hole, since it deletes the value at publicLength - 1.
1342             
1343             But, because of some sloppy copy-and-paste, we were storing (int64_t)0 when creating
1344             the hole, instead of storing QNaN. That's likely because for other kinds of arrays,
1345             64-bit zero is the hole marker, instead of QNaN.
1346             
1347             The attached test case illustrates the problem. In the LLInt and Baseline JIT, the
1348             result returned from foo() is "1.5,2.5,,4.5", since array.pop() removes 3.5 and
1349             replaces it with a hole and then the assignment "array[3] = 4.5" creates an element
1350             just beyond that hole. But, once we tier-up to the DFG, the result previously became
1351             "1.5,2.5,0,4.5", which is wrong. The 0 appeared because the IEEE double
1352             interpretation of 64-bit zero is simply zero.
1353             
1354             This patch fixes that problem. Now the DFG agrees with the other engines.
1355             
1356             This patch also fixes style. For some reason that copy-pasted code wasn't even
1357             indented correctly.
1358     
1359             * dfg/DFGSpeculativeJIT64.cpp:
1360             (JSC::DFG::SpeculativeJIT::compile):
1361             * tests/stress/array-pop-double-hole.js: Added.
1362             (foo):
1363     
1364     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1365     
1366             FTL should support ArrayPush
1367             https://bugs.webkit.org/show_bug.cgi?id=127748
1368     
1369             Not reviewed, remove some debug code.
1370     
1371             * ftl/FTLLowerDFGToLLVM.cpp:
1372             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1373     
1374     2014-01-27  Filip Pizlo  <fpizlo@apple.com>
1375     
1376             FTL should support ArrayPush
1377             https://bugs.webkit.org/show_bug.cgi?id=127748
1378     
1379             Reviewed by Oliver Hunt.
1380     
1381             * ftl/FTLAbstractHeapRepository.h:
1382             (JSC::FTL::AbstractHeapRepository::forArrayType):
1383             * ftl/FTLCapabilities.cpp:
1384             (JSC::FTL::canCompile):
1385             * ftl/FTLIntrinsicRepository.h:
1386             * ftl/FTLLowerDFGToLLVM.cpp:
1387             (JSC::FTL::LowerDFGToLLVM::compileNode):
1388             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1389             * tests/stress/array-push-contiguous.js: Added.
1390             (foo):
1391             * tests/stress/array-push-double.js: Added.
1392             (foo):
1393     
1394     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1395     
1396             FTL should support ArrayPop
1397             https://bugs.webkit.org/show_bug.cgi?id=127749
1398     
1399             Reviewed by Geoffrey Garen.
1400     
1401             * ftl/FTLCapabilities.cpp:
1402             (JSC::FTL::canCompile):
1403             * ftl/FTLIntrinsicRepository.h:
1404             * ftl/FTLLowerDFGToLLVM.cpp:
1405             (JSC::FTL::LowerDFGToLLVM::compileNode):
1406             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1407             (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
1408             * tests/stress/array-pop-contiguous.js: Added.
1409             (foo):
1410             * tests/stress/array-pop-double.js: Added.
1411             (foo):
1412             * tests/stress/array-pop-int32.js: Added.
1413             (foo):
1414     
1415 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1416
1417         DFG::ByteCodeParser::m_dfgCodeBlock is sometimes uninitialized
1418         <rdar://problem/15939032>
1419
1420         Reviewed by Dan Bernstein.
1421
1422         * dfg/DFGByteCodeParser.cpp:
1423         (JSC::DFG::ByteCodeParser::parse):
1424
1425 2014-01-29  Geoffrey Garen  <ggaren@apple.com>
1426
1427         50% time on Dromaeo Selector * benchmark spent allocating oversized backing stores (but not in Chrome)
1428         https://bugs.webkit.org/show_bug.cgi?id=127879
1429
1430         Reviewed by Gavin Barraclough.
1431
1432         Let's not dynamically resize an array whose size is statically known,
1433         mmmkay?
1434
1435         * runtime/ArrayPrototype.cpp:
1436         (JSC::arrayProtoFuncConcat): Use nullptr to disambiguate vs the numeric
1437         argument.
1438
1439         (JSC::arrayProtoFuncSlice): The fix.
1440
1441         (JSC::arrayProtoFuncSort):
1442         (JSC::arrayProtoFuncSplice):
1443         (JSC::arrayProtoFuncFilter):
1444         (JSC::arrayProtoFuncMap): Use nullptr.
1445
1446 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1447
1448         Web Inspector: Run JSC Inspector EventLoop in a custom run loop mode to prevent default observers from running
1449         https://bugs.webkit.org/show_bug.cgi?id=127865
1450
1451         Reviewed by Geoffrey Garen.
1452
1453         When hitting a breakpoint in a JSContext Inspector we want to entirely
1454         pause the process and all access to the JSContext and only move forward
1455         based on debugger commands. Having the nested run loop run in a default
1456         mode allowed NSTimers scheduled on the thread to regularly run and
1457         evaluate code in the JSContext. Using a custom run loop mode gets us
1458         a bit closer to locking down the context. This doesn't handle scenarios
1459         where background threads also access the JSContext, but it handles the
1460         most common scenario.
1461
1462         * inspector/EventLoop.cpp:
1463         (Inspector::EventLoop::cycle):
1464
1465 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1466
1467         Web Inspector: Deadlock hitting breakpoint while inspecting JSContext
1468         https://bugs.webkit.org/show_bug.cgi?id=127864
1469
1470         Reviewed by Geoffrey Garen.
1471
1472         Temporarily drop the lock while we run the nested runloop.
1473
1474         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1475         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1476
1477 2014-01-28  Oliver Hunt  <oliver@apple.com>
1478
1479         Make DOM attributes appear to be faux accessor properties
1480         https://bugs.webkit.org/show_bug.cgi?id=127797
1481
1482         Reviewed by Michael Saboff.
1483
1484         Add flag so we can identify which properties should have the old
1485         custom property semantics vs. the new faux accessors. Update the
1486         inspector protocol accordingly.
1487
1488         These faux accessors produce descriptors with "get" and "set"
1489         properties, but both values are undefined so can't be used
1490         directly. A few custom properties actually require their
1491         existing magical behaviour, so we now have a flag to 
1492         distinguish the expected output.
1493
1494         * inspector/InjectedScriptSource.js:
1495         (.):
1496         * runtime/JSObject.cpp:
1497         (JSC::JSObject::getOwnPropertyDescriptor):
1498         * runtime/PropertyDescriptor.cpp:
1499         (JSC::PropertyDescriptor::setCustomDescriptor):
1500         * runtime/PropertyDescriptor.h:
1501         * runtime/PropertySlot.h:
1502
1503 2014-01-29  Beth Dakin  <bdakin@apple.com>
1504
1505         Build fix.
1506
1507         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1508         * llint/LowLevelInterpreter.cpp:
1509
1510 2014-01-29  Dan Bernstein  <mitz@apple.com>
1511
1512         Build fix.
1513
1514         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added a newline at the end of the
1515         file.
1516
1517 2014-01-28  Michael Saboff  <msaboff@apple.com>
1518
1519         Merge the jsCStack branch
1520         https://bugs.webkit.org/show_bug.cgi?id=127763
1521
1522         Reviewed by Mark Hahnenberg.
1523
1524         Changes from http://svn.webkit.org/repository/webkit/branches/jsCStack
1525         up to changeset 162958.
1526
1527 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1528
1529         Remove ENABLE(JAVASCRIPT_DEBUGGER) guards
1530         https://bugs.webkit.org/show_bug.cgi?id=127840
1531
1532         Reviewed by Mark Lam.
1533
1534         * inspector/scripts/CodeGeneratorInspector.py:
1535
1536 2014-01-28  Commit Queue  <commit-queue@webkit.org>
1537
1538         Unreviewed, rolling out r162987.
1539         http://trac.webkit.org/changeset/162987
1540         https://bugs.webkit.org/show_bug.cgi?id=127825
1541
1542         Broke Mountain Lion build (Requested by andersca on #webkit).
1543
1544         * inspector/InjectedScriptSource.js:
1545         (.):
1546         * runtime/JSObject.cpp:
1547         (JSC::JSObject::getOwnPropertyDescriptor):
1548         * runtime/PropertyDescriptor.cpp:
1549         * runtime/PropertyDescriptor.h:
1550         * runtime/PropertySlot.h:
1551
1552 2014-01-28  Oliver Hunt  <oliver@apple.com>
1553
1554         Make DOM attributes appear to be faux accessor properties
1555         https://bugs.webkit.org/show_bug.cgi?id=127797
1556
1557         Reviewed by Michael Saboff.
1558
1559         Add flag so we can identify which properties should have the old
1560         custom property semantics vs. the new faux accessors. Update the
1561         inspector protocol accordingly.
1562
1563         These faux accessors produce descriptors with "get" and "set"
1564         properties, but both values are undefined so can't be used
1565         directly. A few custom properties actually require their
1566         existing magical behaviour, so we now have a flag to 
1567         distinguish the expected output.
1568
1569         * inspector/InjectedScriptSource.js:
1570         (.):
1571         * runtime/JSObject.cpp:
1572         (JSC::JSObject::getOwnPropertyDescriptor):
1573         * runtime/PropertyDescriptor.cpp:
1574         (JSC::PropertyDescriptor::setCustomDescriptor):
1575         * runtime/PropertyDescriptor.h:
1576         * runtime/PropertySlot.h:
1577
1578 2014-01-28  Mark Lam  <mark.lam@apple.com>
1579
1580         Remove some unneeded debugger code.
1581         https://bugs.webkit.org/show_bug.cgi?id=127805.
1582
1583         Reviewed by Oliver Hunt.
1584
1585         JSC will now always support the debugger. Hence, the #if ENABLE(JAVASCRIPT_DEBUGGER)
1586         checks can be removed.
1587
1588         DebuggerCallFrame::callFrame() is also unused and will be removed.
1589
1590         * debugger/Breakpoint.h:
1591         * debugger/Debugger.cpp:
1592         * debugger/DebuggerCallFrame.h:
1593         * inspector/InjectedScript.cpp:
1594         (Inspector::InjectedScript::wrapCallFrames):
1595         * inspector/InjectedScript.h:
1596         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1597         * inspector/JSGlobalObjectScriptDebugServer.h:
1598         * inspector/JSJavaScriptCallFrame.cpp:
1599         * inspector/JSJavaScriptCallFrame.h:
1600         * inspector/JSJavaScriptCallFramePrototype.cpp:
1601         * inspector/JSJavaScriptCallFramePrototype.h:
1602         * inspector/JavaScriptCallFrame.cpp:
1603         * inspector/JavaScriptCallFrame.h:
1604         * inspector/ScriptDebugListener.h:
1605         * inspector/ScriptDebugServer.cpp:
1606         * inspector/ScriptDebugServer.h:
1607         * inspector/agents/InspectorDebuggerAgent.cpp:
1608         * inspector/agents/InspectorDebuggerAgent.h:
1609         * inspector/agents/InspectorRuntimeAgent.cpp:
1610         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
1611         (Inspector::setPauseOnExceptionsState):
1612         (Inspector::InspectorRuntimeAgent::evaluate):
1613         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1614         (Inspector::InspectorRuntimeAgent::getProperties):
1615         * inspector/agents/InspectorRuntimeAgent.h:
1616
1617 2014-01-28  Geoffrey Garen  <ggaren@apple.com>
1618
1619         REGRESSION: JavascriptCore crash during OS Installation (due to
1620         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1621         https://bugs.webkit.org/show_bug.cgi?id=127793
1622
1623         Reviewed by Mark Hahnenberg.
1624
1625         This was a mistaken ASSERT.
1626
1627         * API/tests/testapi.mm:
1628         (-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
1629         that GC from a DelayedReleaseScope doesn't crash.
1630
1631         * heap/DelayedReleaseScope.h:
1632         (JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
1633         it is valid to do anything while running a DelayedReleaseScope -dealloc
1634         method, so the Heap must be ready for new allocations and collections.
1635
1636         Change the Heap's operationInProgress value to NoOperation while running
1637         -dealloc methods, so that it doesn't ASSERT in the face of new allocations
1638         and collections.
1639
1640         * heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
1641         for m_operationInProgress seemed like the worse of the two options for
1642         encapsulation: we don't really want arbitrary clients to set the Heap's
1643         m_operationInProgress.
1644
1645 2014-01-28  Mark Lam  <mark.lam@apple.com>
1646
1647         Jettison DFG code when neither breakpoints or the profiler are active.
1648         <https://webkit.org/b/127766>
1649
1650         Reviewed by Geoffrey Garen.
1651
1652         We need to jettison the DFG CodeBlocks under the following circumstances:
1653         1. When adding breakpoints to a CodeBlock, jettison it if it is a DFG CodeBlock.
1654         2. When enabling stepping mode in a CodeBlock, jettison it if it a DFG CodeBlock.
1655         3. When settign the enabled profiler in the VM, we need to jettison all DFG
1656            CodeBlocks.
1657
1658         Instead of emitting speculation checks, the DFG code will now treat Breakpoint,
1659         ProfileWillCall, and ProfileDidCall as no-ops similar to a Phantom node. We
1660         still need to track these nodes so that they match the corresponding opcodes
1661         in the baseline JIT when we jettison and OSR exit. Without them, we would OSR
1662         exit to the wrong location in the baseline JIT code.
1663
1664         In DFGDriver's compileImpl() and DFGPlan's finalizeWithoutNotifyingCallback()
1665         we fail the compilation effort with a CompilationInvalidated result. This allows
1666         the DFG compiler to re-attampt the compilation of the function after some time
1667         if it is hot. The CompilationInvalidated result is supposed to cause the DFG
1668         to exercise an exponential back off before re-attempting compilation again
1669         (see runtime/CompilationResult.h).
1670
1671         This patch improves the Octane score from ~2950 to ~3067.
1672
1673         * bytecode/CodeBlock.cpp:
1674         (JSC::CodeBlock::addBreakpoint):
1675         (JSC::CodeBlock::setSteppingMode):
1676         * bytecode/CodeBlock.h:
1677         * debugger/Debugger.h:
1678         * dfg/DFGAbstractInterpreterInlines.h:
1679         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1680         * dfg/DFGClobberize.h:
1681         (JSC::DFG::clobberize):
1682         * dfg/DFGDriver.cpp:
1683         (JSC::DFG::compileImpl):
1684         * dfg/DFGPlan.cpp:
1685         (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
1686         * dfg/DFGSpeculativeJIT32_64.cpp:
1687         (JSC::DFG::SpeculativeJIT::compile):
1688         * dfg/DFGSpeculativeJIT64.cpp:
1689         (JSC::DFG::SpeculativeJIT::compile):
1690         * profiler/LegacyProfiler.cpp:
1691         (JSC::LegacyProfiler::startProfiling):
1692         (JSC::LegacyProfiler::stopProfiling):
1693         * runtime/VM.cpp:
1694         (JSC::VM::VM):
1695         (JSC::SetEnabledProfilerFunctor::operator()):
1696         (JSC::VM::setEnabledProfiler):
1697         * runtime/VM.h:
1698         (JSC::VM::enabledProfiler):
1699
1700 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1701
1702         -[JSContext evaluteScript:] calls JSEvaluteScript with startingLineNumber 0, later interpreted as a oneBasedInt
1703         https://bugs.webkit.org/show_bug.cgi?id=127648
1704
1705         Reviewed by Geoffrey Garen.
1706
1707         The actual bug being fixed here is that the line number for
1708         scripts evaluated via the JSC APIs is now sane. However,
1709         there is no good infrastructure in place right now to test that.
1710
1711         * API/tests/testapi.c:
1712         (main):
1713         * API/tests/testapi.mm:
1714         (testObjectiveCAPI):
1715         Add tests for exception line numbers and handling of bad
1716         startingLineNumbers in public APIs. These tests were already
1717         passing, I just add them to make sure they are not regressed
1718         in the future.
1719
1720         * API/JSBase.cpp:
1721         (JSEvaluateScript):
1722         (JSCheckScriptSyntax):
1723         * API/JSBase.h:
1724         * API/JSObjectRef.cpp:
1725         (JSObjectMakeFunction):
1726         * API/JSObjectRef.h:
1727         * API/JSScriptRef.cpp:
1728         * API/JSScriptRefPrivate.h:
1729         * API/JSStringRef.h:
1730         - Clarify documentation that startingLineNumber is 1 based and clamped.
1731         - Add clamping in the implementation to put sane values into JSC::SourceProvider.
1732
1733         * inspector/agents/InspectorDebuggerAgent.cpp:
1734         (Inspector::InspectorDebuggerAgent::didParseSource):
1735         Remove the FIXME now that the SourceProvider is giving us expected values.
1736
1737 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1738
1739         Web Inspector: CRASH when debugger closes remote inspecting JSContext
1740         https://bugs.webkit.org/show_bug.cgi?id=127738
1741
1742         Reviewed by Timothy Hatcher.
1743
1744         RemoteInspectorXPCConnection could be accessed in a background dispatch
1745         queue, while being deallocated on the main thread when a connection
1746         was suddenly terminated.
1747
1748         Make RemoteInspectorXPCConnection a ThreadSafeRefCounted object. Always
1749         keep the connection object ref'd until the main thread calls close()
1750         and removes its reference. At that point we can close the connection,
1751         queue, and deref safely on the background queue.
1752
1753         * inspector/remote/RemoteInspector.h:
1754         * inspector/remote/RemoteInspector.mm:
1755         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1756         (Inspector::RemoteInspector::xpcConnectionFailed):
1757         For simplicity RemoteInspectorXPCConnections's don't have any threading
1758         primatives to prevent client callbacks after they are closed. RemoteInspector
1759         does, so it just ignores possible callbacks from connections it no longer
1760         cares about.
1761
1762         * inspector/remote/RemoteInspectorXPCConnection.h:
1763         * inspector/remote/RemoteInspectorXPCConnection.mm:
1764         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
1765         (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
1766         (Inspector::RemoteInspectorXPCConnection::close):
1767         Keep the connection alive as long as the queue it can be used on
1768         is alive. Clean up everything on the queue when close() is called.
1769
1770         (Inspector::RemoteInspectorXPCConnection::handleEvent):
1771         Checking if closed here is not thread safe so it is meaningless.
1772         Remove the check.
1773
1774         (Inspector::RemoteInspectorXPCConnection::sendMessage):
1775         Bail based on the m_closed state.
1776
1777 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1778
1779         JavaScriptCore: Enable -Wimplicit-fallthrough and add FALLTHROUGH annotation where needed
1780         https://bugs.webkit.org/show_bug.cgi?id=127647
1781
1782         Reviewed by Anders Carlsson.
1783
1784         Explicitly annotate switch case fallthroughs in JavaScriptCore and
1785         enable warnings for unannotated fallthroughs.
1786
1787         * dfg/DFGArithMode.h:
1788         (doesOverflow):
1789         Only insert FALLTHROUGH in release builds. In debug builds, the
1790         FALLTHROUGH would be unreachable (due to the ASSERT_NOT_REACHED)
1791         and would through a warning.
1792
1793         * dfg/DFGSpeculativeJIT64.cpp:
1794         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
1795         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
1796         Due to the templatized nature of this function, a fallthrough
1797         in one of the template expansions would be unreachable. Disable
1798         the warning for this function.
1799
1800         * Configurations/Base.xcconfig:
1801         * bytecode/CodeBlock.cpp:
1802         (JSC::CodeBlock::CodeBlock):
1803         * dfg/DFGCFGSimplificationPhase.cpp:
1804         (JSC::DFG::CFGSimplificationPhase::run):
1805         * dfg/DFGValidate.cpp:
1806         (JSC::DFG::Validate::validateCPS):
1807         * parser/Lexer.cpp:
1808         (JSC::Lexer<T>::lex):
1809         * parser/Parser.cpp:
1810         (JSC::Parser<LexerType>::parseStatement):
1811         (JSC::Parser<LexerType>::parseProperty):
1812         * runtime/JSArray.cpp:
1813         (JSC::JSArray::push):
1814         * runtime/JSONObject.cpp:
1815         (JSC::Walker::walk):
1816         * runtime/JSObject.cpp:
1817         (JSC::JSObject::putByIndex):
1818         (JSC::JSObject::putByIndexBeyondVectorLength):
1819         * runtime/JSObject.h:
1820         (JSC::JSObject::setIndexQuickly):
1821         (JSC::JSObject::initializeIndex):
1822         * runtime/LiteralParser.cpp:
1823         (JSC::LiteralParser<CharType>::parse):
1824         * yarr/YarrInterpreter.cpp:
1825         (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
1826         (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
1827         * yarr/YarrParser.h:
1828         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
1829         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
1830         (JSC::Yarr::Parser::parseEscape):
1831         (JSC::Yarr::Parser::parseTokens):
1832
1833 2014-01-27  Andy Estes  <aestes@apple.com>
1834
1835         Scrub WebKit API headers of WTF macros
1836         https://bugs.webkit.org/show_bug.cgi?id=127706
1837
1838         Reviewed by David Kilzer.
1839
1840         * Configurations/FeatureDefines.xcconfig: Added ENABLE_INSPECTOR.
1841
1842 2014-01-27  Mark Lam  <mark.lam@apple.com>
1843
1844         Remove unused CodeBlock::createActivation().
1845         <https://webkit.org/b/127686>
1846
1847         Reviewed by Filip Pizlo.
1848
1849         * bytecode/CodeBlock.cpp:
1850         * bytecode/CodeBlock.h:
1851
1852 2014-01-26  Andreas Kling  <akling@apple.com>
1853
1854         JSC: Pack unlinked instructions harder.
1855         <https://webkit.org/b/127660>
1856
1857         Store UnlinkedCodeBlock's instructions in a variable-length stream
1858         to reduce memory usage. Compression rate ends up around 60-61%.
1859
1860         The format is very simple. Every instruction starts with a 1 byte
1861         opcode. It's followed by an opcode-dependent number of argument
1862         values, each encoded separately for maximum packing. There are
1863         7 packed value formats:
1864
1865             5-bit positive integer
1866             5-bit negative integer
1867             13-bit positive integer
1868             13-bit positive integer
1869             5-bit constant register index
1870             13-bit constant register index
1871             32-bit value (fallback)
1872
1873         27.5 MB progression on Membuster3. (~2% of total memory.)
1874
1875         Reviewed by Filip Pizlo.
1876
1877         * JavaScriptCore.xcodeproj/project.pbxproj:
1878         * bytecode/UnlinkedInstructionStream.h: Added.
1879         (JSC::UnlinkedInstructionStream::count):
1880         (JSC::UnlinkedInstructionStream::Reader::atEnd):
1881         * bytecode/UnlinkedInstructionStream.cpp: Added.
1882         (JSC::UnlinkedInstructionStream::Reader::Reader):
1883         (JSC::UnlinkedInstructionStream::Reader::read8):
1884         (JSC::UnlinkedInstructionStream::Reader::read32):
1885         (JSC::UnlinkedInstructionStream::Reader::next):
1886         (JSC::append8):
1887         (JSC::append32):
1888         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
1889         (JSC::UnlinkedInstructionStream::unpackForDebugging):
1890         * bytecompiler/BytecodeGenerator.cpp:
1891         * bytecode/CodeBlock.cpp:
1892         (JSC::CodeBlock::CodeBlock):
1893         * bytecode/UnlinkedCodeBlock.cpp:
1894         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1895         (JSC::dumpLineColumnEntry):
1896         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1897         (JSC::UnlinkedCodeBlock::setInstructions):
1898         (JSC::UnlinkedCodeBlock::instructions):
1899         * bytecode/UnlinkedCodeBlock.h:
1900         (JSC::BytecodeGenerator::generate):
1901
1902 2014-01-26  Joseph Pecoraro  <pecoraro@apple.com>
1903
1904         Web Inspector: Move InspectorDebuggerAgent into JavaScriptCore
1905         https://bugs.webkit.org/show_bug.cgi?id=127629
1906
1907         Rubber-stamped by Sam Weinig.
1908
1909         * CMakeLists.txt:
1910         * GNUmakefile.list.am:
1911         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1912         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1913         * JavaScriptCore.xcodeproj/project.pbxproj:
1914         - Add new files to the build.
1915         - Also, since non REMOTE_INSPECTOR ports cannot yet connect to a
1916           JSGlobalObject for inspection remove those files as they don't
1917           need to be built.
1918
1919         * inspector/EventLoop.cpp: Added.
1920         (Inspector::EventLoop::cycle):
1921         * inspector/EventLoop.h: Added.
1922         (Inspector::EventLoop::EventLoop):
1923         (Inspector::EventLoop::ended):
1924         Add a JavaScriptCore version of EventLoop. This is currently only
1925         used by the Mac port for JSGlobalObject remote inspection. Keep
1926         the WebCore/platform version alive because for the Mac port it does
1927         slightly different things involving AppKit.
1928
1929         * inspector/JSGlobalObjectInspectorController.cpp:
1930         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1931         Create DebuggerAgent and hook up ScriptDebugServer where needed.
1932
1933         * inspector/JSGlobalObjectScriptDebugServer.cpp: Added.
1934         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
1935         (Inspector::JSGlobalObjectScriptDebugServer::addListener):
1936         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
1937         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
1938         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1939         * inspector/JSGlobalObjectScriptDebugServer.h: Added.
1940         Simple implementation of ScriptDebugServer with a JSGlobalObject.
1941
1942         * inspector/agents/InspectorDebuggerAgent.cpp: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.cpp.
1943         * inspector/agents/InspectorDebuggerAgent.h: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.h.
1944         Copied from WebCore. A few methods need to be made virtual so that Web implementations
1945         can override and extend the funcitonality. E.g. sourceMapURLForScript and enable/disable.
1946         
1947         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp: Added.
1948         * inspector/agents/JSGlobalObjectDebuggerAgent.h: Added.
1949         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
1950         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer):
1951         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer):
1952         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
1953         Simple implementation of DebuggerAGent with a JSGlobalObject.
1954
1955 2014-01-25  Mark Lam  <mark.lam@apple.com>
1956
1957         Gardening: fix build breakage from previous commit.
1958
1959         Not reviewed.
1960
1961         * profiler/ProfileNode.cpp:
1962         (JSC::ProfileNode::debugPrintData):
1963         - Removed obsolete references to "visible" timers.
1964
1965 2014-01-25  Timothy Hatcher  <timothy@apple.com>
1966
1967         Remove dead code from the JSC profiler.
1968
1969         https://bugs.webkit.org/show_bug.cgi?id=127643
1970
1971         Reviewed by Mark Lam.
1972
1973         * profiler/Profile.cpp:
1974         * profiler/Profile.h:
1975         * profiler/ProfileGenerator.cpp:
1976         (JSC::ProfileGenerator::stopProfiling):
1977         * profiler/ProfileNode.cpp:
1978         (JSC::ProfileNode::ProfileNode):
1979         (JSC::ProfileNode::stopProfiling):
1980         (JSC::ProfileNode::endAndRecordCall):
1981         (JSC::ProfileNode::debugPrintData):
1982         (JSC::ProfileNode::debugPrintDataSampleStyle):
1983         * profiler/ProfileNode.h:
1984         (JSC::ProfileNode::totalTime):
1985         (JSC::ProfileNode::setTotalTime):
1986         (JSC::ProfileNode::selfTime):
1987         (JSC::ProfileNode::setSelfTime):
1988         (JSC::ProfileNode::totalPercent):
1989         (JSC::ProfileNode::selfPercent):
1990         Remove support for things like focus and exclude. The Inspector does those in JS now.
1991
1992 2014-01-25  Sam Weinig  <sam@webkit.org>
1993
1994         Remove unused support for DRAGGABLE_REGION
1995         https://bugs.webkit.org/show_bug.cgi?id=127642
1996
1997         Reviewed by Simon Fraser.
1998
1999         * Configurations/FeatureDefines.xcconfig:
2000
2001 2014-01-25  Darin Adler  <darin@apple.com>
2002
2003         Try to fix Mac build.
2004
2005         * runtime/DatePrototype.cpp: Put the include of <unicode/udat.h> inside
2006         a conditional since we don't have that header in our Mac build configuration.
2007
2008 2014-01-25  Darin Adler  <darin@apple.com>
2009
2010         Call deprecatedCharacters instead of characters at more call sites
2011         https://bugs.webkit.org/show_bug.cgi?id=127631
2012
2013         Reviewed by Sam Weinig.
2014
2015         * API/JSValueRef.cpp:
2016         (JSValueMakeFromJSONString):
2017         * API/OpaqueJSString.cpp:
2018         (OpaqueJSString::~OpaqueJSString):
2019         * bindings/ScriptValue.cpp:
2020         (Deprecated::jsToInspectorValue):
2021         * inspector/ContentSearchUtilities.cpp:
2022         (Inspector::ContentSearchUtilities::createSearchRegexSource):
2023         * inspector/InspectorValues.cpp:
2024         * runtime/Identifier.h:
2025         (JSC::Identifier::deprecatedCharacters):
2026         * runtime/JSStringBuilder.h:
2027         (JSC::JSStringBuilder::append):
2028         Use the new name.
2029
2030 2014-01-25  Darin Adler  <darin@apple.com>
2031
2032         Get rid of ICU_UNICODE and WCHAR_UNICODE remnants
2033         https://bugs.webkit.org/show_bug.cgi?id=127623
2034
2035         Reviewed by Anders Carlsson.
2036
2037         * runtime/DatePrototype.cpp: Removed USE(ICU_UNICODE) checks, since that's always true now.
2038
2039 2014-01-25  Darin Adler  <darin@apple.com>
2040
2041         [Mac] Rewrite locale-specific date formatting code to remove strange string creation
2042         https://bugs.webkit.org/show_bug.cgi?id=127624
2043
2044         Reviewed by Anders Carlsson.
2045
2046         * runtime/DatePrototype.cpp:
2047         (JSC::formatLocaleDate): Use some smart pointers and conversion operators we already
2048         have to do the formatting in a more straightforward way.
2049
2050 2014-01-25  Anders Carlsson  <andersca@apple.com>
2051
2052         Remove atomicIncrement/atomicDecrement
2053         https://bugs.webkit.org/show_bug.cgi?id=127625
2054
2055         Reviewed by Andreas Kling.
2056
2057         Replace atomicIncrement/atomicDecrement with std::atomic.
2058
2059         * bytecode/Watchpoint.h:
2060         * ftl/FTLLowerDFGToLLVM.cpp:
2061         (JSC::FTL::LowerDFGToLLVM::lower):
2062         * profiler/ProfilerDatabase.cpp:
2063         (JSC::Profiler::Database::Database):
2064         (JSC::Profiler::Database::addDatabaseToAtExit):
2065
2066 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2067
2068         Web Inspector: Move InspectorRuntimeAgent into JavaScriptCore
2069         https://bugs.webkit.org/show_bug.cgi?id=127605
2070
2071         Reviewed by Timothy Hatcher.
2072
2073         * CMakeLists.txt:
2074         * GNUmakefile.list.am:
2075         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2076         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2077         * JavaScriptCore.xcodeproj/project.pbxproj:
2078         Add new files to the build.
2079
2080         * inspector/agents/InspectorRuntimeAgent.h: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.h.
2081         * inspector/agents/InspectorRuntimeAgent.cpp: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.cpp.
2082         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
2083         (Inspector::InspectorRuntimeAgent::parse):
2084         (Inspector::InspectorRuntimeAgent::evaluate):
2085         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2086         (Inspector::InspectorRuntimeAgent::getProperties):
2087         - Move the agent into JavaScriptCore.
2088         - Modernize and cleanup.
2089         - Make globalVM a pure virtual function for subclasses to implement.
2090
2091         * inspector/agents/JSGlobalObjectRuntimeAgent.h: Added.
2092         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp: Added.
2093         (Inspector::JSGlobalObjectRuntimeAgent::JSGlobalObjectRuntimeAgent):
2094         (Inspector::JSGlobalObjectRuntimeAgent::didCreateFrontendAndBackend):
2095         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
2096         (Inspector::JSGlobalObjectRuntimeAgent::globalVM):
2097         (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
2098         Straightforward JSGlobalObject implementation.
2099
2100         * inspector/JSGlobalObjectInspectorController.cpp:
2101         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2102         Add a runtime agent when inspecting a JSContext!
2103
2104 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2105
2106         Move JavaScriptCallFrame and ScriptDebugServer into JavaScriptCore for inspector
2107         https://bugs.webkit.org/show_bug.cgi?id=127543
2108
2109         Reviewed by Geoffrey Garen.
2110
2111         * CMakeLists.txt:
2112         * GNUmakefile.list.am:
2113         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2114         * JavaScriptCore.xcodeproj/project.pbxproj:
2115         Add new files.
2116
2117         * inspector/ScriptDebugListener.h:
2118         Extract WebCore knowledge from ScriptDebugServer. This will
2119         eventually be made to work outside of WebCore.
2120
2121         * inspector/ScriptDebugServer.h: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.h.
2122         * inspector/ScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.cpp.
2123         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
2124         (Inspector::ScriptDebugServer::dispatchDidPause):
2125         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
2126         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
2127         (Inspector::ScriptDebugServer::sourceParsed):
2128         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
2129         (Inspector::ScriptDebugServer::handlePause):
2130         Modernize code, and call the new ScriptDebugListener callbacks where appropriate.
2131
2132         * inspector/JSJavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp.
2133         (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
2134         (Inspector::JSJavaScriptCallFrame::finishCreation):
2135         (Inspector::JSJavaScriptCallFrame::createPrototype):
2136         (Inspector::JSJavaScriptCallFrame::destroy):
2137         (Inspector::JSJavaScriptCallFrame::releaseImpl):
2138         (Inspector::JSJavaScriptCallFrame::~JSJavaScriptCallFrame):
2139         (Inspector::JSJavaScriptCallFrame::evaluate):
2140         (Inspector::JSJavaScriptCallFrame::scopeType):
2141         (Inspector::JSJavaScriptCallFrame::caller):
2142         (Inspector::JSJavaScriptCallFrame::sourceID):
2143         (Inspector::JSJavaScriptCallFrame::line):
2144         (Inspector::JSJavaScriptCallFrame::column):
2145         (Inspector::JSJavaScriptCallFrame::functionName):
2146         (Inspector::JSJavaScriptCallFrame::scopeChain):
2147         (Inspector::JSJavaScriptCallFrame::thisObject):
2148         (Inspector::JSJavaScriptCallFrame::type):
2149         (Inspector::toJS):
2150         (Inspector::toJSJavaScriptCallFrame):
2151         * inspector/JSJavaScriptCallFrame.h: Added.
2152         (Inspector::JSJavaScriptCallFrame::createStructure):
2153         (Inspector::JSJavaScriptCallFrame::create):
2154         (Inspector::JSJavaScriptCallFrame::impl):
2155         * inspector/JSJavaScriptCallFramePrototype.cpp: Added.
2156         (Inspector::JSJavaScriptCallFramePrototype::finishCreation):
2157         (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
2158         (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeType):
2159         (Inspector::jsJavaScriptCallFrameAttributeCaller):
2160         (Inspector::jsJavaScriptCallFrameAttributeSourceID):
2161         (Inspector::jsJavaScriptCallFrameAttributeLine):
2162         (Inspector::jsJavaScriptCallFrameAttributeColumn):
2163         (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
2164         (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
2165         (Inspector::jsJavaScriptCallFrameAttributeThisObject):
2166         (Inspector::jsJavaScriptCallFrameAttributeType):
2167         (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE):
2168         (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE):
2169         (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE):
2170         (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE):
2171         (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE):
2172         * inspector/JSJavaScriptCallFramePrototype.h: Added.
2173         (Inspector::JSJavaScriptCallFramePrototype::create):
2174         (Inspector::JSJavaScriptCallFramePrototype::createStructure):
2175         (Inspector::JSJavaScriptCallFramePrototype::JSJavaScriptCallFramePrototype):
2176         * inspector/JavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.cpp.
2177         (Inspector::JavaScriptCallFrame::caller):
2178         * inspector/JavaScriptCallFrame.h: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.h.
2179         Port of JavaScriptCallFrame.idl to a set of native JS classes.
2180
2181 2014-01-24  Mark Lam  <mark.lam@apple.com>
2182
2183         DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
2184         <https://webkit.org/b/127600>
2185
2186         Reviewed by Oliver Hunt.
2187
2188         In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
2189         is passed in is bad, it will fail to create an Executable i.e.
2190         EvalExecutable::create() returns a null pointer. However,
2191         DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
2192         exception and proceeded to execute the null pointer as an Executable.
2193         A crash ensues.
2194
2195         Now, if an exception is detected while creating the Executable, we
2196         abort instead.
2197
2198         * debugger/DebuggerCallFrame.cpp:
2199         (JSC::DebuggerCallFrame::evaluateWithCallFrame):
2200
2201 2014-01-24  Oliver Hunt  <oliver@apple.com>
2202
2203         Put functions need to take a base object and a this value, and perform type checks on |this|
2204         https://bugs.webkit.org/show_bug.cgi?id=127594
2205
2206         Reviewed by Geoffrey Garen.
2207
2208         Change the signature for static setter functions, and update uses
2209
2210         * create_hash_table:
2211         * runtime/Lookup.h:
2212         (JSC::putEntry):
2213         * runtime/PutPropertySlot.h:
2214         * runtime/RegExpConstructor.cpp:
2215         (JSC::setRegExpConstructorInput):
2216         (JSC::setRegExpConstructorMultiline):
2217
2218 2014-01-24  Oliver Hunt  <oliver@apple.com>
2219
2220         Generic JSObject::put should handle static properties in the classinfo hierarchy
2221         https://bugs.webkit.org/show_bug.cgi?id=127523
2222
2223         Reviewed by Geoffrey Garen.
2224
2225         This patch makes JSObject::put correctly call static setters
2226         defined by the ClassInfo.
2227
2228         To make this not clobber performance, the ClassInfo HashTable
2229         now includes a flag to indicate that it contains setters. This
2230         required updating the lut generator so that it tracked (and emitted)
2231         this.
2232
2233         The rest of the change was making a number of the methods take
2234         a VM rather than an ExecState*, so that Structure could set the
2235         getter/setter flags during construction (if necessary).
2236
2237         This also means most objects do not need to perform a lookupPut
2238         manually anymore, so most custom ::put's are no longer needed.
2239         DOMWindow is the only exception as it has interesting security
2240         related semantics.
2241
2242         * create_hash_table:
2243         * interpreter/CallFrame.h:
2244         (JSC::ExecState::arrayConstructorTable):
2245         (JSC::ExecState::arrayPrototypeTable):
2246         (JSC::ExecState::booleanPrototypeTable):
2247         (JSC::ExecState::dataViewTable):
2248         (JSC::ExecState::dateTable):
2249         (JSC::ExecState::dateConstructorTable):
2250         (JSC::ExecState::errorPrototypeTable):
2251         (JSC::ExecState::globalObjectTable):
2252         (JSC::ExecState::jsonTable):
2253         (JSC::ExecState::numberConstructorTable):
2254         (JSC::ExecState::numberPrototypeTable):
2255         (JSC::ExecState::objectConstructorTable):
2256         (JSC::ExecState::privateNamePrototypeTable):
2257         (JSC::ExecState::regExpTable):
2258         (JSC::ExecState::regExpConstructorTable):
2259         (JSC::ExecState::regExpPrototypeTable):
2260         (JSC::ExecState::stringConstructorTable):
2261         (JSC::ExecState::promisePrototypeTable):
2262         (JSC::ExecState::promiseConstructorTable):
2263         * runtime/ArrayConstructor.cpp:
2264         (JSC::ArrayConstructor::getOwnPropertySlot):
2265         * runtime/ArrayPrototype.cpp:
2266         (JSC::ArrayPrototype::getOwnPropertySlot):
2267         * runtime/BooleanPrototype.cpp:
2268         (JSC::BooleanPrototype::getOwnPropertySlot):
2269         * runtime/ClassInfo.h:
2270         (JSC::ClassInfo::propHashTable):
2271         * runtime/DateConstructor.cpp:
2272         (JSC::DateConstructor::getOwnPropertySlot):
2273         * runtime/DatePrototype.cpp:
2274         (JSC::DatePrototype::getOwnPropertySlot):
2275         * runtime/ErrorPrototype.cpp:
2276         (JSC::ErrorPrototype::getOwnPropertySlot):
2277         * runtime/JSDataViewPrototype.cpp:
2278         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2279         * runtime/JSGlobalObject.cpp:
2280         (JSC::JSGlobalObject::getOwnPropertySlot):
2281         * runtime/JSONObject.cpp:
2282         (JSC::JSONObject::getOwnPropertySlot):
2283         * runtime/JSObject.cpp:
2284         (JSC::JSObject::put):
2285         (JSC::JSObject::deleteProperty):
2286         * runtime/JSPromiseConstructor.cpp:
2287         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2288         * runtime/JSPromisePrototype.cpp:
2289         (JSC::JSPromisePrototype::getOwnPropertySlot):
2290         * runtime/Lookup.h:
2291         (JSC::HashTable::copy):
2292         (JSC::putEntry):
2293         (JSC::lookupPut):
2294         * runtime/NamePrototype.cpp:
2295         (JSC::NamePrototype::getOwnPropertySlot):
2296         * runtime/NumberConstructor.cpp:
2297         (JSC::NumberConstructor::getOwnPropertySlot):
2298         * runtime/NumberConstructor.h:
2299         * runtime/NumberPrototype.cpp:
2300         (JSC::NumberPrototype::getOwnPropertySlot):
2301         * runtime/ObjectConstructor.cpp:
2302         (JSC::ObjectConstructor::getOwnPropertySlot):
2303         * runtime/RegExpConstructor.cpp:
2304         (JSC::RegExpConstructor::getOwnPropertySlot):
2305         * runtime/RegExpConstructor.h:
2306         * runtime/RegExpObject.cpp:
2307         (JSC::RegExpObject::getOwnPropertySlot):
2308         (JSC::RegExpObject::put):
2309         * runtime/RegExpPrototype.cpp:
2310         (JSC::RegExpPrototype::getOwnPropertySlot):
2311         * runtime/StringConstructor.cpp:
2312         (JSC::StringConstructor::getOwnPropertySlot):
2313         * runtime/Structure.cpp:
2314         (JSC::Structure::Structure):
2315         (JSC::Structure::freezeTransition):
2316         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2317
2318 2014-01-24  Commit Queue  <commit-queue@webkit.org>
2319
2320         Unreviewed, rolling out r162713.
2321         http://trac.webkit.org/changeset/162713
2322         https://bugs.webkit.org/show_bug.cgi?id=127593
2323
2324         broke media/network-no-source-const-shadow (Requested by
2325         thorton on #webkit).
2326
2327         * create_hash_table:
2328         * interpreter/CallFrame.h:
2329         (JSC::ExecState::arrayConstructorTable):
2330         (JSC::ExecState::arrayPrototypeTable):
2331         (JSC::ExecState::booleanPrototypeTable):
2332         (JSC::ExecState::dataViewTable):
2333         (JSC::ExecState::dateTable):
2334         (JSC::ExecState::dateConstructorTable):
2335         (JSC::ExecState::errorPrototypeTable):
2336         (JSC::ExecState::globalObjectTable):
2337         (JSC::ExecState::jsonTable):
2338         (JSC::ExecState::numberConstructorTable):
2339         (JSC::ExecState::numberPrototypeTable):
2340         (JSC::ExecState::objectConstructorTable):
2341         (JSC::ExecState::privateNamePrototypeTable):
2342         (JSC::ExecState::regExpTable):
2343         (JSC::ExecState::regExpConstructorTable):
2344         (JSC::ExecState::regExpPrototypeTable):
2345         (JSC::ExecState::stringConstructorTable):
2346         (JSC::ExecState::promisePrototypeTable):
2347         (JSC::ExecState::promiseConstructorTable):
2348         * runtime/ArrayConstructor.cpp:
2349         (JSC::ArrayConstructor::getOwnPropertySlot):
2350         * runtime/ArrayPrototype.cpp:
2351         (JSC::ArrayPrototype::getOwnPropertySlot):
2352         * runtime/BooleanPrototype.cpp:
2353         (JSC::BooleanPrototype::getOwnPropertySlot):
2354         * runtime/ClassInfo.h:
2355         (JSC::ClassInfo::propHashTable):
2356         * runtime/DateConstructor.cpp:
2357         (JSC::DateConstructor::getOwnPropertySlot):
2358         * runtime/DatePrototype.cpp:
2359         (JSC::DatePrototype::getOwnPropertySlot):
2360         * runtime/ErrorPrototype.cpp:
2361         (JSC::ErrorPrototype::getOwnPropertySlot):
2362         * runtime/JSDataViewPrototype.cpp:
2363         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2364         * runtime/JSGlobalObject.cpp:
2365         (JSC::JSGlobalObject::getOwnPropertySlot):
2366         * runtime/JSONObject.cpp:
2367         (JSC::JSONObject::getOwnPropertySlot):
2368         * runtime/JSObject.cpp:
2369         (JSC::JSObject::put):
2370         (JSC::JSObject::deleteProperty):
2371         * runtime/JSPromiseConstructor.cpp:
2372         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2373         * runtime/JSPromisePrototype.cpp:
2374         (JSC::JSPromisePrototype::getOwnPropertySlot):
2375         * runtime/Lookup.h:
2376         (JSC::HashTable::copy):
2377         (JSC::putEntry):
2378         (JSC::lookupPut):
2379         * runtime/NamePrototype.cpp:
2380         (JSC::NamePrototype::getOwnPropertySlot):
2381         * runtime/NumberConstructor.cpp:
2382         (JSC::NumberConstructor::getOwnPropertySlot):
2383         (JSC::NumberConstructor::put):
2384         * runtime/NumberConstructor.h:
2385         * runtime/NumberPrototype.cpp:
2386         (JSC::NumberPrototype::getOwnPropertySlot):
2387         * runtime/ObjectConstructor.cpp:
2388         (JSC::ObjectConstructor::getOwnPropertySlot):
2389         * runtime/RegExpConstructor.cpp:
2390         (JSC::RegExpConstructor::getOwnPropertySlot):
2391         (JSC::RegExpConstructor::put):
2392         * runtime/RegExpConstructor.h:
2393         * runtime/RegExpObject.cpp:
2394         (JSC::RegExpObject::getOwnPropertySlot):
2395         (JSC::RegExpObject::put):
2396         * runtime/RegExpPrototype.cpp:
2397         (JSC::RegExpPrototype::getOwnPropertySlot):
2398         * runtime/StringConstructor.cpp:
2399         (JSC::StringConstructor::getOwnPropertySlot):
2400         * runtime/Structure.cpp:
2401         (JSC::Structure::Structure):
2402         (JSC::Structure::freezeTransition):
2403
2404 2014-01-24  Mark Lam  <mark.lam@apple.com>
2405
2406         ASSERT(!m_markedSpace.m_currentDelayedReleaseScope) reloading page in inspector.
2407         <https://webkit.org/b/127582>
2408
2409         Reviewed by Mark Hahnenberg.
2410
2411         1. We should not enter a HeapIterationScope when we iterate the CodeBlocks.
2412            Apparently, iterating the CodeBlocks does not count as heap iteration.
2413
2414         2. If we're detaching the debugger due to the JSGlobalObject destructing,
2415            then we don't need to clear the debugger requests in the associated
2416            CodeBlocks. The JSGlobalObject destructing would mean that those
2417            CodeBlocks would be destructing too, and it may not be safe to access
2418            them anyway at this point.
2419
2420         The assertion failure is because we had entered a HeapIterationScope
2421         while the JSGlobalObject is destructing, which in turn means that GC
2422         sweeping is in progress. It's not legal to iterate the heap while the GC
2423         is sweeping. Once we fixed the above 2 issues, we will no longer have
2424         the conditions that manifests this assertion failure.
2425
2426         * debugger/Debugger.cpp:
2427         (JSC::Debugger::detach):
2428         (JSC::Debugger::setSteppingMode):
2429         (JSC::Debugger::toggleBreakpoint):
2430         (JSC::Debugger::clearBreakpoints):
2431         (JSC::Debugger::clearDebuggerRequests):
2432         * debugger/Debugger.h:
2433         * runtime/JSGlobalObject.cpp:
2434         (JSC::JSGlobalObject::~JSGlobalObject):
2435
2436 2014-01-24  Brent Fulgham  <bfulgham@apple.com>
2437
2438         [Win] Convert some NMake files to MSBuild project files
2439         https://bugs.webkit.org/show_bug.cgi?id=127579
2440
2441         Reviewed by Tim Horton.
2442
2443         * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
2444         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.
2445
2446 2014-01-24  Mark Lam  <mark.lam@apple.com>
2447
2448         Fixed a bad assertion in CodeBlock::removeBreakpoint().
2449         <https://webkit.org/b/127581>
2450
2451         Reviewed by Joseph Pecoraro.
2452
2453         * bytecode/CodeBlock.h:
2454         (JSC::CodeBlock::removeBreakpoint):
2455
2456 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2457
2458         fast/profiler tests ASSERTing after moving recompileAllJSFunctions off a timer
2459         https://bugs.webkit.org/show_bug.cgi?id=127566
2460
2461         Reviewed by Oliver Hunt.
2462
2463         Make the VM handle recompilation as soon as possible after it is requested.
2464
2465         * debugger/Debugger.cpp:
2466         (JSC::Debugger::recompileAllJSFunctions):
2467         When in a JavaScript stack, mark for recompilation when possible.
2468
2469         * runtime/VMEntryScope.h:
2470         (JSC::VMEntryScope::setRecompilationNeeded):
2471         * runtime/VMEntryScope.cpp:
2472         (JSC::VMEntryScope::VMEntryScope):
2473         (JSC::VMEntryScope::~VMEntryScope):
2474         Handle recompilation when the top VMEntryScope is popped.
2475         Pass the needs recompilation flag up the stack if needed.
2476
2477 2014-01-24  Oliver Hunt  <oliver@apple.com>
2478
2479         Generic JSObject::put should handle static properties in the classinfo hierarchy
2480         https://bugs.webkit.org/show_bug.cgi?id=127523
2481
2482         Reviewed by Geoffrey Garen.
2483
2484         This patch makes JSObject::put correctly call static setters
2485         defined by the ClassInfo.
2486
2487         To make this not clobber performance, the ClassInfo HashTable
2488         now includes a flag to indicate that it contains setters. This
2489         required updating the lut generator so that it tracked (and emitted)
2490         this.
2491
2492         The rest of the change was making a number of the methods take
2493         a VM rather than an ExecState*, so that Structure could set the
2494         getter/setter flags during construction (if necessary).
2495
2496         This also means most objects do not need to perform a lookupPut
2497         manually anymore, so most custom ::put's are no longer needed.
2498         DOMWindow is the only exception as it has interesting security
2499         related semantics.
2500
2501         * create_hash_table:
2502         * interpreter/CallFrame.h:
2503         (JSC::ExecState::arrayConstructorTable):
2504         (JSC::ExecState::arrayPrototypeTable):
2505         (JSC::ExecState::booleanPrototypeTable):
2506         (JSC::ExecState::dataViewTable):
2507         (JSC::ExecState::dateTable):
2508         (JSC::ExecState::dateConstructorTable):
2509         (JSC::ExecState::errorPrototypeTable):
2510         (JSC::ExecState::globalObjectTable):
2511         (JSC::ExecState::jsonTable):
2512         (JSC::ExecState::numberConstructorTable):
2513         (JSC::ExecState::numberPrototypeTable):
2514         (JSC::ExecState::objectConstructorTable):
2515         (JSC::ExecState::privateNamePrototypeTable):
2516         (JSC::ExecState::regExpTable):
2517         (JSC::ExecState::regExpConstructorTable):
2518         (JSC::ExecState::regExpPrototypeTable):
2519         (JSC::ExecState::stringConstructorTable):
2520         (JSC::ExecState::promisePrototypeTable):
2521         (JSC::ExecState::promiseConstructorTable):
2522         * runtime/ArrayConstructor.cpp:
2523         (JSC::ArrayConstructor::getOwnPropertySlot):
2524         * runtime/ArrayPrototype.cpp:
2525         (JSC::ArrayPrototype::getOwnPropertySlot):
2526         * runtime/BooleanPrototype.cpp:
2527         (JSC::BooleanPrototype::getOwnPropertySlot):
2528         * runtime/ClassInfo.h:
2529         (JSC::ClassInfo::propHashTable):
2530         * runtime/DateConstructor.cpp:
2531         (JSC::DateConstructor::getOwnPropertySlot):
2532         * runtime/DatePrototype.cpp:
2533         (JSC::DatePrototype::getOwnPropertySlot):
2534         * runtime/ErrorPrototype.cpp:
2535         (JSC::ErrorPrototype::getOwnPropertySlot):
2536         * runtime/JSDataViewPrototype.cpp:
2537         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2538         * runtime/JSGlobalObject.cpp:
2539         (JSC::JSGlobalObject::getOwnPropertySlot):
2540         * runtime/JSONObject.cpp:
2541         (JSC::JSONObject::getOwnPropertySlot):
2542         * runtime/JSObject.cpp:
2543         (JSC::JSObject::put):
2544         (JSC::JSObject::deleteProperty):
2545         * runtime/JSPromiseConstructor.cpp:
2546         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2547         * runtime/JSPromisePrototype.cpp:
2548         (JSC::JSPromisePrototype::getOwnPropertySlot):
2549         * runtime/Lookup.h:
2550         (JSC::HashTable::copy):
2551         (JSC::putEntry):
2552         (JSC::lookupPut):
2553         * runtime/NamePrototype.cpp:
2554         (JSC::NamePrototype::getOwnPropertySlot):
2555         * runtime/NumberConstructor.cpp:
2556         (JSC::NumberConstructor::getOwnPropertySlot):
2557         * runtime/NumberConstructor.h:
2558         * runtime/NumberPrototype.cpp:
2559         (JSC::NumberPrototype::getOwnPropertySlot):
2560         * runtime/ObjectConstructor.cpp:
2561         (JSC::ObjectConstructor::getOwnPropertySlot):
2562         * runtime/RegExpConstructor.cpp:
2563         (JSC::RegExpConstructor::getOwnPropertySlot):
2564         * runtime/RegExpConstructor.h:
2565         * runtime/RegExpObject.cpp:
2566         (JSC::RegExpObject::getOwnPropertySlot):
2567         (JSC::RegExpObject::put):
2568         * runtime/RegExpPrototype.cpp:
2569         (JSC::RegExpPrototype::getOwnPropertySlot):
2570         * runtime/StringConstructor.cpp:
2571         (JSC::StringConstructor::getOwnPropertySlot):
2572         * runtime/Structure.cpp:
2573         (JSC::Structure::Structure):
2574         (JSC::Structure::freezeTransition):
2575         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2576
2577 2014-01-24  Mark Lam  <mark.lam@apple.com>
2578
2579         Skip op_profiler callbacks if !VM::m_enabledProfiler.
2580         https://bugs.webkit.org/show_bug.cgi?id=127567.
2581
2582         Reviewed by Geoffrey Garen.
2583
2584         The profiler may not be always active (recording). When it's not active
2585         (as in VM::m_enabledProfiler is null), then we might as well skip the
2586         op_profiler callbacks. The callbacks themselves were already previously
2587         gated by a VM::enabledProfiler() check. So, this change does not change
2588         any profiler behavior.
2589
2590         For the DFG, we'll turn the op_profiler handling into speculation checks
2591         and OSR exit to the baseline JIT if the profiler becomes active.
2592
2593         This brings the Octane score up to ~3000 from ~2840.
2594
2595         * dfg/DFGAbstractInterpreterInlines.h:
2596         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2597         * dfg/DFGByteCodeParser.cpp:
2598         (JSC::DFG::ByteCodeParser::parseBlock):
2599         * dfg/DFGClobberize.h:
2600         (JSC::DFG::clobberize):
2601         * dfg/DFGNodeType.h:
2602         * dfg/DFGSpeculativeJIT32_64.cpp:
2603         (JSC::DFG::SpeculativeJIT::compile):
2604         * dfg/DFGSpeculativeJIT64.cpp:
2605         (JSC::DFG::SpeculativeJIT::compile):
2606         * jit/JITOpcodes.cpp:
2607         (JSC::JIT::emit_op_profile_will_call):
2608         (JSC::JIT::emit_op_profile_did_call):
2609         * jit/JITOpcodes32_64.cpp:
2610         (JSC::JIT::emit_op_profile_will_call):
2611         (JSC::JIT::emit_op_profile_did_call):
2612         * llint/LowLevelInterpreter.asm:
2613         * runtime/VM.h:
2614         (JSC::VM::enabledProfilerAddress):
2615
2616 2014-01-24  Mark Lam  <mark.lam@apple.com>
2617
2618         Removing the need for Debugger* and m_shouldPause op_debug check.
2619         <https://webkit.org/b/127532>
2620
2621         Reviewed by Geoffrey Garen.
2622
2623         This patch replaces the checking of the Debugger::m_shouldPause flag
2624         with a procedure to set a SteppingMode flag on all CodeBlocks under
2625         the management of the debugger. This simplifies the op_debug checking
2626         logic in all the execution engines.
2627
2628         * bytecode/CodeBlock.cpp:
2629         * bytecode/CodeBlock.h:
2630         (JSC::CodeBlock::hasDebuggerRequests):
2631         (JSC::CodeBlock::debuggerRequestsAddress):
2632         (JSC::CodeBlock::setSteppingMode):
2633         (JSC::CodeBlock::clearDebuggerRequests):
2634         - CodeBlock::m_debuggerRequests is a union of m_numBreakpoints and the
2635           new m_steppingMode. The debugger can add/remove breakpoints to the
2636           CodeBlock as well as set the stepping mode. By having
2637           m_debuggerRequests as a union of the 2 bit fields, the op_debug code
2638           can now check if any of the 2 requests made on the CodeBlock is still
2639           in effect just by testing a single int.
2640
2641         * debugger/Debugger.cpp:
2642         (JSC::Debugger::Debugger):
2643         (JSC::Debugger::detach):
2644         - This was bug from before where I forgot to clear the CodeBlock
2645           breakpoints before detaching. We now take care of it by clearing all
2646           debugger requests made to the CodeBlock.
2647
2648         (JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
2649         (JSC::Debugger::SetSteppingModeFunctor::operator()):
2650         (JSC::Debugger::setSteppingMode):
2651         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
2652         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
2653         (JSC::Debugger::clearBreakpoints):
2654
2655         (JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
2656         (JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
2657         (JSC::Debugger::clearDebuggerRequests):
2658         - We need a distinct clearDebuggerRequests() from clearBreakpoints()
2659           because:
2660           1. When we detach a globalObject, we only want to clear the debugger
2661              requests in CodeBlocks from that global.
2662           2. Clearing the debugger requests in the CodeBlocks is not the same
2663              as clearing the breakpoints. The breakpoints are still in effect
2664              for the next time a globalObject is attached, or for other
2665              globalObjects that are still attached.
2666
2667         (JSC::Debugger::setPauseOnNextStatement):
2668         (JSC::Debugger::breakProgram):
2669         (JSC::Debugger::stepIntoStatement):
2670         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
2671         (JSC::Debugger::pauseIfNeeded):
2672         (JSC::Debugger::exception):
2673         (JSC::Debugger::willExecuteProgram):
2674         (JSC::Debugger::didReachBreakpoint):
2675         * debugger/Debugger.h:
2676         - We're always going to support the debugger. So, there's no longer
2677           a need to check ENABLE(JAVASCRIPT_DEBUGGER). Removed the unneeded code.
2678
2679         * dfg/DFGSpeculativeJIT32_64.cpp:
2680         (JSC::DFG::SpeculativeJIT::compile):
2681         * dfg/DFGSpeculativeJIT64.cpp:
2682         (JSC::DFG::SpeculativeJIT::compile):
2683         * interpreter/Interpreter.cpp:
2684         (JSC::Interpreter::debug):
2685         * jit/JITOpcodes.cpp:
2686         (JSC::JIT::emit_op_debug):
2687         * jit/JITOpcodes32_64.cpp:
2688         (JSC::JIT::emit_op_debug):
2689         * llint/LowLevelInterpreter.asm:
2690         * runtime/JSGlobalObject.h:
2691         (JSC::JSGlobalObject::setDebugger):
2692
2693 2014-01-24  Michael Saboff  <msaboff@apple.com>
2694
2695         ARM Offline assembler temporary register allocator has duplicate register when building fat binaries
2696         https://bugs.webkit.org/show_bug.cgi?id=127545
2697
2698         Reviewed by Mark Lam.
2699
2700         Eliminate the conditional addition of r11/r7 from getModifiedListARMCommon as the
2701         .concat will add the new register to ARM_EXTRA_GPRS.  If getModifiedListARMCommon is
2702         invoked a second time, there will be a second r11 or r7, which messes things up.
2703         Instead, r6 was added to ARM_EXTRA_GPRS.  r6 is currently an unused register.
2704
2705         * offlineasm/arm.rb:
2706
2707 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2708
2709         Move ContentSearchUtils, ScriptBreakpoint, and ScriptDebugListener into JavaScriptCore for inspector
2710         https://bugs.webkit.org/show_bug.cgi?id=127537
2711
2712         Reviewed by Timothy Hatcher.
2713
2714         * CMakeLists.txt:
2715         * GNUmakefile.list.am:
2716         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2717         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2718         * JavaScriptCore.xcodeproj/project.pbxproj:
2719         * inspector/ContentSearchUtilities.cpp: Renamed from Source/WebCore/inspector/ContentSearchUtils.cpp.
2720         (Inspector::ContentSearchUtilities::createSearchRegexSource):
2721         (Inspector::ContentSearchUtilities::sizetExtractor):
2722         (Inspector::ContentSearchUtilities::textPositionFromOffset):
2723         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
2724         (Inspector::ContentSearchUtilities::lineEndings):
2725         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2726         (Inspector::ContentSearchUtilities::createSearchRegex):
2727         (Inspector::ContentSearchUtilities::countRegularExpressionMatches):
2728         (Inspector::ContentSearchUtilities::searchInTextByLines):
2729         (Inspector::ContentSearchUtilities::scriptCommentPattern):
2730         (Inspector::ContentSearchUtilities::stylesheetCommentPattern):
2731         (Inspector::ContentSearchUtilities::findMagicComment):
2732         (Inspector::ContentSearchUtilities::findScriptSourceURL):
2733         (Inspector::ContentSearchUtilities::findScriptSourceMapURL):
2734         (Inspector::ContentSearchUtilities::findStylesheetSourceMapURL):
2735         * inspector/ContentSearchUtilities.h: Renamed from Source/WebCore/inspector/ContentSearchUtils.h.
2736         * inspector/ScriptBreakpoint.h: Renamed from Source/WebCore/inspector/ScriptBreakpoint.h.
2737         (Inspector::ScriptBreakpointAction::ScriptBreakpointAction):
2738         (Inspector::ScriptBreakpoint::ScriptBreakpoint):
2739         * inspector/ScriptDebugListener.h: Renamed from Source/WebCore/inspector/ScriptDebugListener.h.
2740         (Inspector::ScriptDebugListener::Script::Script):
2741         (Inspector::ScriptDebugListener::~ScriptDebugListener):
2742         * runtime/RegExp.cpp:
2743         (JSC::RegExp::match):
2744
2745 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2746
2747         Move RegularExpression into JavaScriptCore for inspector
2748         https://bugs.webkit.org/show_bug.cgi?id=127526
2749
2750         Reviewed by Geoffrey Garen.
2751
2752         Move RegularExpression into JavaScriptCore/yarr so it can
2753         be used later on by JavaScriptCore/inspector. Convert to
2754         the JSC::Yarr namespace.
2755
2756         * CMakeLists.txt:
2757         * GNUmakefile.list.am:
2758         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2759         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2760         * JavaScriptCore.xcodeproj/project.pbxproj:
2761         * yarr/RegularExpression.cpp: Renamed from Source/WebCore/platform/text/RegularExpression.cpp.
2762         (JSC::Yarr::RegularExpression::Private::create):
2763         (JSC::Yarr::RegularExpression::Private::Private):
2764         (JSC::Yarr::RegularExpression::Private::compile):
2765         (JSC::Yarr::RegularExpression::RegularExpression):
2766         (JSC::Yarr::RegularExpression::~RegularExpression):
2767         (JSC::Yarr::RegularExpression::operator=):
2768         (JSC::Yarr::RegularExpression::match):
2769         (JSC::Yarr::RegularExpression::searchRev):
2770         (JSC::Yarr::RegularExpression::matchedLength):
2771         (JSC::Yarr::replace):
2772         (JSC::Yarr::RegularExpression::isValid):
2773         * yarr/RegularExpression.h: Renamed from Source/WebCore/platform/text/RegularExpression.h.
2774
2775 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2776
2777         Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
2778         https://bugs.webkit.org/show_bug.cgi?id=127409
2779
2780         Reviewed by Geoffrey Garen.
2781
2782         * inspector/InspectorAgentBase.h:
2783         When disconnecting agents, provide a InspectorDisconnectReason for
2784         the disconnection. It could be that an inspector frontend is just
2785         disconnecting or that the inspected object is going away entirely
2786         and we can avoid doing some work.
2787
2788         * runtime/JSGlobalObjectDebuggable.h:
2789         * runtime/JSGlobalObjectDebuggable.cpp:
2790         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
2791         (JSC::JSGlobalObjectDebuggable::disconnect):
2792         (JSC::JSGlobalObjectDebuggable::disconnectInternal):
2793         Pass different reasons for the different disconnects.
2794
2795         * inspector/InspectorAgentRegistry.cpp:
2796         (Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend):
2797         * inspector/InspectorAgentRegistry.h:
2798         * inspector/JSGlobalObjectInspectorController.cpp:
2799         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
2800         * inspector/JSGlobalObjectInspectorController.h:
2801         * inspector/agents/InspectorAgent.cpp:
2802         (Inspector::InspectorAgent::willDestroyFrontendAndBackend):
2803         * inspector/agents/InspectorAgent.h:
2804         Pass InspectorDisconnectReason around where needed.
2805
2806 2014-01-23  Mark Lam  <mark.lam@apple.com>
2807
2808         Enable DFG for the Debugger and Profiler.
2809         <https://webkit.org/b/122847>
2810
2811         Reviewed by Geoffrey Garen.
2812
2813         In this patch, we implement DFG op_debug as a series of 3 checks:
2814         1. Check if the debugger pointer is non-null. This is needed in case
2815            the debugger has been detached but the DFG code is still running
2816            on the stack.
2817         2. Check if Debugger::m_shouldPause is true.
2818         3. Check if CodeBlock::m_numBreakpoints is non-zero.
2819
2820         These are the same 3 checks done in the LLINT and baselineJIT. But unlike
2821         the LLINT and baselineJIT, these DFG checks are implemented as
2822         speculationChecks. If the check fails, we OSR exit to the baselineJIT and
2823         let it do the work of servicing the op_debug callback.
2824
2825         Stepping through code in the debugger would work the same way. The top
2826         function being debugged has to be a LLINT or baselineJIT function because
2827         we would have OSR exited if there is a breakpoint in that function. When
2828         we step out of that function to its caller, we expect that the caller will
2829         call back to the debugger at the next op_debug. If the caller function is
2830         a DFG function, the op_debug site will fail its speculation check on
2831         Debugger::m_shouldPause and deopt into a baselineJIT function. Execution
2832         continues from there as usual, and the debugger gets its callback.
2833
2834         For the profile, op_profile_will_call and op_profile_did_call are
2835         implemented as simple runtime calls to service the profiler.
2836
2837         With this patch, Octane performance with the WebInspector open jump from
2838         ~2000 to ~2500 (25% progression).
2839
2840         * bytecode/CodeBlock.h:
2841         (JSC::CodeBlock::numBreakpointsAddress):
2842         * bytecode/ExitKind.cpp:
2843         (JSC::exitKindToString):
2844         * bytecode/ExitKind.h:
2845         * debugger/Debugger.cpp:
2846         (JSC::Debugger::toggleBreakpoint):
2847         - removed an obsolete assertion. The debugger can now handle DFG
2848           CodeBlocks too.
2849         * debugger/Debugger.h:
2850         * dfg/DFGAbstractInterpreterInlines.h:
2851         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2852         * dfg/DFGByteCodeParser.cpp:
2853         (JSC::DFG::ByteCodeParser::parseBlock):
2854         * dfg/DFGCapabilities.cpp:
2855         (JSC::DFG::capabilityLevel):
2856         * dfg/DFGClobberize.h:
2857         (JSC::DFG::clobberize):
2858         * dfg/DFGFixupPhase.cpp:
2859         (JSC::DFG::FixupPhase::fixupNode):
2860         * dfg/DFGNodeType.h:
2861         * dfg/DFGPredictionPropagationPhase.cpp:
2862         (JSC::DFG::PredictionPropagationPhase::propagate):
2863         * dfg/DFGSafeToExecute.h:
2864         (JSC::DFG::safeToExecute):
2865         * dfg/DFGSpeculativeJIT.h:
2866         (JSC::DFG::SpeculativeJIT::callOperation):
2867         * dfg/DFGSpeculativeJIT32_64.cpp:
2868         (JSC::DFG::SpeculativeJIT::compile):
2869         * dfg/DFGSpeculativeJIT64.cpp:
2870         (JSC::DFG::SpeculativeJIT::compile):
2871         * runtime/JSGlobalObject.h:
2872         (JSC::JSGlobalObject::debuggerAddress):
2873
2874 2014-01-23  Max Vujovic  <mvujovic@adobe.com>
2875
2876         Remove CSS Custom Filters code and tests
2877         https://bugs.webkit.org/show_bug.cgi?id=127382
2878
2879         Reviewed by Simon Fraser.
2880
2881         * Configurations/FeatureDefines.xcconfig:
2882
2883 2014-01-22  Brent Fulgham  <bfulgham@apple.com>
2884
2885         [Win] Update project and solution files for 64-bit builds.
2886         https://bugs.webkit.org/show_bug.cgi?id=127457
2887
2888         Reviewed by Eric Carlson.
2889
2890         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
2891         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
2892         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
2893         file from project view.
2894         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Update for VS2013
2895         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
2896         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
2897
2898 2014-01-22  Mark Lam  <mark.lam@apple.com>
2899
2900         Poor man's fast breakpoints for a 2.3x debugger speedup.
2901         <https://webkit.org/b/122836>
2902
2903         Reviewed by Geoffrey Garen.
2904
2905         Previously we gained back some performance (run at baseline JIT speeds)
2906         when the WebInspector is opened provided no breakpoints are set. This
2907         was achieved by simply skipping all op_debug callbacks to the debugger
2908         if no breakpoints are set. If any breakpoints are set, the debugger will
2909         set a m_needsOpDebugCallbacks flag which causes the callbacks to be
2910         called, and we don't get the baseline JIT speeds anymore.
2911
2912         With this patch, we will now track the number of breakpoints set in the
2913         CodeBlock that they are set in. The LLINT and baseline JIT code will
2914         check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
2915         need to be called. With this, we will only enable op_debug callbacks for
2916         CodeBlocks that need it i.e. those with breakpoints set in them.
2917
2918         Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
2919         JIT code still needs to check Debugger::m_shouldPause to determine if the
2920         debugger is in stepping mode and hence, needs op_debug callbacks enabled
2921         for everything until the debugger "continues" the run and exit stepping
2922         mode.
2923
2924         Also in this patch, I fixed a regression in DOM breakpoints which relies
2925         Debugger::breakProgram() to pause the debugger.
2926
2927         * bytecode/CodeBlock.cpp:
2928         (JSC::CodeBlock::dumpBytecode):
2929         - Missed accounting for op_debug's new hasBreakpointFlag operand here when
2930           it was added.
2931         (JSC::CodeBlock::CodeBlock):
2932         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2933         - This is needed in Debugger::toggleBreakpoint() to determine if a
2934           breakpoint falls within a CodeBlock or not. Simply checking the bounds
2935           of the CodeBlock is insufficient. For example, let's say we have the
2936           following JS code:
2937
2938               // begin global scope
2939               function f1() {
2940                   function f2() {
2941                      ... // set breakpoint here.
2942                   }
2943               }
2944               // end global scope
2945
2946           Using the CodeBlock bounds alone, the breakpoint above will to appear
2947           to be in the global program CodeBlock, and the CodeBlocks for function
2948           f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
2949           rule out the global program CodeBlock and f1(), and only apply the
2950           breakpoint to f2(0 where it belongs.
2951
2952           CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
2953           the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
2954           it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
2955           seach to get the line and column info for that op_debug. This is a
2956           N * log(N) algorithm. However, a quick hands on test using the
2957           WebInspector (with this patch applied) to exercise setting, breaking
2958           on, and clearing breakpoints, as well as stepping through some code
2959           shows no noticeable degradation of the user experience compared to the
2960           baseline without this patch.
2961
2962         * bytecode/CodeBlock.h:
2963         (JSC::CodeBlock::numBreakpoints):
2964         (JSC::CodeBlock::numBreakpointsOffset):
2965         (JSC::CodeBlock::addBreakpoint):
2966         (JSC::CodeBlock::removeBreakpoint):
2967         (JSC::CodeBlock::clearAllBreakpoints):
2968         * debugger/Breakpoint.h:
2969         - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
2970           when the WebInspector was setting a line breakpoint and did not provide
2971           a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
2972           information in order to loosen its matching criteria for op_debug
2973           bytecodes for the specified breakpoint line and column values provided
2974           by the debugger.
2975
2976           Previously, we just hijack a 0 value column as an unspecified column.
2977           However, the WebInspector operates on 0-based ints for column values.
2978           Hence, 0 should be a valid column value and should not be hijacked to
2979           mean an unspecified column.
2980
2981         * debugger/Debugger.cpp:
2982         (JSC::Debugger::Debugger):
2983         - added tracking of the VM that the debugger is used with. This is
2984           needed by Debugger::breakProgram().
2985
2986           The VM pointer is attained from the first JSGlobalObject that the debugger
2987           attaches to. When the debugger detaches from the last JSGlobalObject, it
2988           will nullify its VM pointer to allow a new one to be set on the next
2989           attach.
2990
2991           We were always only using each debugger instance with one VM. This change
2992           makes it explicit with an assert to ensure that all globalObjects that
2993           the debugger attaches to beongs to the same VM.
2994
2995         (JSC::Debugger::attach):
2996         (JSC::Debugger::detach):
2997         (JSC::Debugger::setShouldPause):
2998
2999         (JSC::Debugger::registerCodeBlock):
3000         (JSC::Debugger::unregisterCodeBlock):
3001         - registerCodeBlock() is responsible for applying pre-existing breakpoints
3002           to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
3003           clears the breakpoints.
3004
3005         (JSC::Debugger::toggleBreakpoint):
3006         - This is the workhorse function that checks if a breakpoint falls within
3007           a CodeBlock or not. If it does, then it can either enable or disable
3008           said breakpoint in the CodeBlock. In the current implementation,
3009           enabling/disabling the breakpoint simply means incrementing/decrementing
3010           the CodeBlock's m_numBreakpoints.
3011
3012         (JSC::Debugger::applyBreakpoints):
3013
3014         (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
3015         (JSC::Debugger::ToggleBreakpointFunctor::operator()):
3016         (JSC::Debugger::toggleBreakpoint):
3017         - Iterates all relevant CodeBlocks and apply the specified breakpoint
3018           if appropriate. This is called when a new breakpoint is being defined
3019           by the WebInspector and needs to be applied to an already installed
3020           CodeBlock.
3021
3022         (JSC::Debugger::setBreakpoint):
3023         (JSC::Debugger::removeBreakpoint):
3024         (JSC::Debugger::hasBreakpoint):
3025         (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
3026         (JSC::Debugger::ClearBreakpointsFunctor::operator()):
3027         (JSC::Debugger::clearBreakpoints):
3028
3029         (JSC::Debugger::breakProgram):
3030         - Fixed a regression that broke DOM breakpoints. The issue is that with
3031           the skipping of op_debug callbacks, we don't always have an updated
3032           m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
3033           in the op_debug callback. In this case, we can get the CallFrame* from
3034           m_vm->topCallFrame.
3035
3036         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
3037         (JSC::Debugger::pauseIfNeeded):
3038         (JSC::Debugger::willExecuteProgram):
3039         * debugger/Debugger.h:
3040         (JSC::Debugger::Debugger):
3041         (JSC::Debugger::shouldPause):
3042
3043         * heap/CodeBlockSet.h:
3044         (JSC::CodeBlockSet::iterate):
3045         * heap/Heap.h:
3046         (JSC::Heap::forEachCodeBlock):
3047         - Added utility to iterate all CodeBlocks in the heap / VM.
3048
3049         * interpreter/Interpreter.cpp:
3050         (JSC::Interpreter::debug):
3051
3052         * jit/JITOpcodes.cpp:
3053         (JSC::JIT::emit_op_debug):
3054         * jit/JITOpcodes32_64.cpp:
3055         (JSC::JIT::emit_op_debug):
3056         * llint/LowLevelInterpreter.asm:
3057         - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
3058           instead of Debugger::m_needsOpDebugCallbacks.
3059
3060         * runtime/Executable.cpp:
3061         (JSC::ScriptExecutable::installCode):
3062
3063 2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
3064
3065         Remove CSS3_TEXT_DECORATION define
3066         https://bugs.webkit.org/show_bug.cgi?id=127333
3067
3068         This is required for unprefixing the text-decoration-* CSS properties.
3069
3070         Reviewed by Simon Fraser.
3071
3072         * Configurations/FeatureDefines.xcconfig:
3073
3074 2014-01-22  Alexey Proskuryakov  <ap@apple.com>
3075
3076         Update JS whitespace definition for changes in Unicode 6.3
3077         https://bugs.webkit.org/show_bug.cgi?id=127450
3078         <rdar://15863457>
3079
3080         Reviewed by Oliver Hunt.
3081
3082         Covered by existing tests when running against a Unicode back-end that supports
3083         Unicode 6.3 or higher.
3084
3085         * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
3086         U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
3087         that used to be whitespace.
3088
3089 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3090
3091         Registers used in writeBarrierOnOperand can cause clobbering on some platforms
3092         https://bugs.webkit.org/show_bug.cgi?id=127357
3093
3094         Reviewed by Filip Pizlo.
3095
3096         Some platforms use t0 and t1 for their first two arguments, so using those to load the 
3097         cell for the write barrier is a bad idea because it will get clobbered.
3098
3099         * llint/LowLevelInterpreter32_64.asm:
3100         * llint/LowLevelInterpreter64.asm:
3101
3102 2014-01-21  Mark Rowe  <mrowe@apple.com>
3103
3104         Mac production build fix.
3105
3106         Move the shell script build phase to copy jsc into JavaScriptCore.framework
3107         out of the jsc target and in to the All target so that it's not run during
3108         production builds. Xcode appears to the parent directories of paths referenced
3109         in the Output Files of the build phase, which leads to problems when the
3110         SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.
3111
3112         I've also fixed the path to the Resources folder in the script while I'm here.
3113         On iOS the framework bundle is shallow so the correct destination is Resources/
3114         rather than Versions/A/Resources. This is handled by tweaking the
3115         JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
3116         a complete path so we can reuse it in the script. The references in JSC.xcconfig
3117         and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
3118         to preserve their former values.
3119
3120         * Configurations/Base.xcconfig:
3121         * Configurations/JSC.xcconfig:
3122         * Configurations/ToolExecutable.xcconfig:
3123         * JavaScriptCore.xcodeproj/project.pbxproj:
3124
3125 2014-01-19  Andreas Kling  <akling@apple.com>
3126
3127         JSC Parser: Shrink BindingNode.
3128         <https://webkit.org/b/127253>
3129
3130         The "divot" and "end" source locations are always identical for
3131         BindingNodes, so store only "start" and "end" instead.
3132
3133         1.19 MB progression on Membuster3.
3134
3135         Reviewed by Geoff Garen.
3136
3137         * bytecompiler/NodesCodegen.cpp:
3138         (JSC::BindingNode::bindValue):
3139         * parser/ASTBuilder.h:
3140         (JSC::ASTBuilder::createBindingLocation):
3141         * parser/NodeConstructors.h:
3142         (JSC::BindingNode::create):
3143         (JSC::BindingNode::BindingNode):
3144         * parser/Nodes.h:
3145         (JSC::BindingNode::divotStart):
3146         (JSC::BindingNode::divotEnd):
3147         * parser/Parser.cpp:
3148         (JSC::Parser<LexerType>::createBindingPattern):
3149         * parser/SyntaxChecker.h:
3150         (JSC::SyntaxChecker::operatorStackPop):
3151
3152 2014-01-20  Filip Pizlo  <fpizlo@apple.com>
3153
3154         op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
3155         https://bugs.webkit.org/show_bug.cgi?id=127311
3156         <rdar://problem/15853958>
3157
3158         Reviewed by Andreas Kling.
3159         
3160         This makes UnlinkedCodeBlocks use 32-bit instruction streams again.
3161
3162         * bytecode/CodeBlock.cpp:
3163         (JSC::CodeBlock::CodeBlock):
3164         * bytecode/UnlinkedCodeBlock.h:
3165         (JSC::UnlinkedInstruction::UnlinkedInstruction):
3166         * bytecompiler/BytecodeGenerator.cpp:
3167         (JSC::BytecodeGenerator::addVar):
3168         (JSC::BytecodeGenerator::emitInitLazyRegister):
3169         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3170         * bytecompiler/BytecodeGenerator.h:
3171         (JSC::BytecodeGenerator::watchableVariable):
3172         (JSC::BytecodeGenerator::hasWatchableVariable):
3173
3174 2014-01-20  Mark Lam  <mark.lam@apple.com>
3175
3176         Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
3177         <https://webkit.org/b/127321>
3178
3179         Reviewed by Geoffrey Garen.
3180
3181         We're changing plans and will be going with CodeBlock level breakpoints
3182         instead of bytecode level breakpoints. As a result, we no longer need
3183         the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
3184         friends). This patch will remove that unused code.
3185
3186         * GNUmakefile.list.am:
3187         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3188         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3189         * JavaScriptCore.xcodeproj/project.pbxproj:
3190         * bytecode/CodeBlock.cpp:
3191         * bytecode/CodeBlock.h:
3192         * bytecode/LineColumnInfo.h: Removed.
3193         * bytecode/UnlinkedCodeBlock.cpp:
3194         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
3195         * bytecode/UnlinkedCodeBlock.h:
3196
3197 2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3198
3199         CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
3200         https://bugs.webkit.org/show_bug.cgi?id=127301
3201
3202         Reviewed by Oliver Hunt.
3203
3204         We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
3205         on the ownerExecutable, which is unnecessary. 
3206
3207         * heap/CodeBlockSet.cpp:
3208         (JSC::CodeBlockSet::traceMarked):
3209
3210 2014-01-20  Anders Carlsson  <andersca@apple.com>
3211
3212         Fix build.
3213
3214         * heap/BlockAllocator.h:
3215
3216 2014-01-20  Anders Carlsson  <andersca@apple.com>
3217
3218         Stop using ThreadCondition in BlockAllocator
3219         https://bugs.webkit.org/show_bug.cgi?id=126313
3220
3221         Reviewed by Sam Weinig.
3222
3223         * heap/BlockAllocator.cpp:
3224         (JSC::BlockAllocator::~BlockAllocator):
3225         (JSC::BlockAllocator::waitForDuration):
3226         (JSC::BlockAllocator::blockFreeingThreadMain):
3227         * heap/BlockAllocator.h:
3228         (JSC::BlockAllocator::deallocate):
3229
3230 2014-01-19  Anders Carlsson  <andersca@apple.com>
3231
3232         Convert GCThreadSharedData over to STL threading primitives
3233         https://bugs.webkit.org/show_bug.cgi?id=127256
3234
3235         Reviewed by Andreas Kling.
3236
3237         * heap/GCThread.cpp:
3238         (JSC::GCThread::waitForNextPhase):
3239         (JSC::GCThread::gcThreadMain):
3240         * heap/GCThreadSharedData.cpp:
3241         (JSC::GCThreadSharedData::GCThreadSharedData):
3242         (JSC::GCThreadSharedData::~GCThreadSharedData):
3243         (JSC::GCThreadSharedData::startNextPhase):
3244         (JSC::GCThreadSharedData::endCurrentPhase):
3245         (JSC::GCThreadSharedData::didStartMarking):
3246         (JSC::GCThreadSharedData::didFinishMarking):
3247         * heap/GCThreadSharedData.h:
3248         * heap/SlotVisitor.cpp:
3249         (JSC::SlotVisitor::donateKnownParallel):
3250         (JSC::SlotVisitor::drainFromShared):
3251
3252 2014-01-18  Andreas Kling  <akling@apple.com>
3253
3254         CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
3255         <https://webkit.org/b/127239>
3256
3257         Reviewed by Anders Carlsson.
3258
3259         * bytecode/CodeBlock.h:
3260         (JSC::CodeBlock::setNumberOfByValInfos):
3261         (JSC::CodeBlock::setNumberOfCallLinkInfos):
3262
3263             Use resizeToFit() instead of grow() for these vectors, since
3264             we know the final size here.
3265
3266         * bytecode/CodeBlock.cpp:
3267         (JSC::CodeBlock::shrinkToFit):
3268
3269             No need to shrink here anymore. We were not even shrinking
3270             m_byValInfo before!
3271
3272 2014-01-18  Andreas Kling  <akling@apple.com>
3273
3274         CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
3275         <https://webkit.org/b/127238>
3276
3277         Reviewed by Anders Carlsson.
3278
3279         * bytecode/CodeBlock.cpp:
3280         (JSC::CodeBlock::CodeBlock):
3281
3282             Use resizeToFit() instead of grow() for m_functionExprs and
3283             m_functionDecls since we know they will never change size.
3284
3285         (JSC::CodeBlock::shrinkToFit):
3286
3287             No need to shrink them here anymore.
3288
3289 2014-01-18  Andreas Kling  <akling@apple.com>
3290
3291         Remove unused CodeBlock::m_additionalIdentifiers member.
3292         <https://webkit.org/b/127237>
3293
3294         Reviewed by Anders Carlsson.
3295
3296         * bytecode/CodeBlock.h:
3297         * bytecode/CodeBlock.cpp:
3298         (JSC::CodeBlock::CodeBlock):
3299         (JSC::CodeBlock::shrinkToFit):
3300
3301             Remove m_additionalIdentifiers, nothing uses it.
3302
3303 2014-01-18  Andreas Kling  <akling@apple.com>
3304
3305         Remove two unused CodeBlock functions.
3306         <https://webkit.org/b/127235>
3307
3308         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
3309         since they are not used.
3310
3311         Reviewed by Anders Carlsson.
3312
3313         * bytecode/CodeBlock.cpp:
3314         * bytecode/CodeBlock.h:
3315
3316 2014-01-18  Andreas Kling  <akling@apple.com>
3317
3318         CodeBlock: Size m_exceptionHandlers to fit from creation.
3319         <https://webkit.org/b/127234>
3320
3321         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
3322
3323         Reviewed by Anders Carlsson.
3324
3325         * bytecode/CodeBlock.h:
3326
3327             Removed unused CodeBlock::allocateHandlers() function.
3328
3329         * bytecode/CodeBlock.cpp:
3330         (JSC::CodeBlock::CodeBlock):
3331
3332             Use resizeToFit() instead of grow() for m_exceptionHandlers
3333             since we know it's never going to change size.
3334
3335         (JSC::CodeBlock::shrinkToFit):
3336
3337             No need to shrink m_exceptionHandlers here since it's already
3338             the perfect size.
3339
3340 2014-01-18  Mark Lam  <mark.lam@apple.com>
3341
3342         Add a hasBreakpointFlag arg to the op_debug bytecode.
3343         https://bugs.webkit.org/show_bug.cgi?id=127230.
3344
3345         Reviewed by Geoffrey Garen.
3346
3347         This is in anticipation of upcoming changes to support bytecode level
3348         breakpoints. This patch adds the flag to the op_debug bytecode and
3349         initializes it, but does not use it yet.
3350
3351         * bytecode/Opcode.h:
3352         (JSC::padOpcodeName):
3353         * bytecompiler/BytecodeGenerator.cpp:
3354         (JSC::BytecodeGenerator::emitDebugHook):
3355         * llint/LowLevelInterpreter.asm:
3356
3357 2014-01-18  Alberto Garcia  <berto@igalia.com>
3358
3359         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
3360         https://bugs.webkit.org/show_bug.cgi?id=99683
3361
3362         Reviewed by Anders Carlsson.
3363
3364         * jit/ThunkGenerators.cpp:
3365         * tools/CodeProfile.cpp:
3366         (JSC::symbolName):
3367         (JSC::CodeProfile::sample):
3368
3369 2014-01-18  Anders Carlsson  <andersca@apple.com>
3370
3371         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
3372         https://bugs.webkit.org/show_bug.cgi?id=127225
3373
3374         Reviewed by Andreas Kling.
3375
3376         This concludes the removal of over 8.8 million lines of threaded parser code.
3377
3378         * Configurations/FeatureDefines.xcconfig:
3379
3380 2014-01-18  Mark Lam  <mark.lam@apple.com>
3381
3382         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
3383         https://bugs.webkit.org/show_bug.cgi?id=127127.
3384
3385         Reviewed by Geoffrey Garen.
3386
3387         In order to implement bytecode level breakpoints, we need a mechanism
3388         for computing the best fit op_debug bytecode offset for any valid given
3389         line and column value in the source. The "best fit" op_debug bytecode
3390         in this case is defined below in the comment for
3391         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
3392
3393         * GNUmakefile.list.am:
3394         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3395         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3396         * JavaScriptCore.xcodeproj/project.pbxproj:
3397         * bytecode/CodeBlock.cpp:
3398         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
3399         - Convert the line and column to unlinked line and column values and
3400           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
3401           to do the real work.
3402
3403         * bytecode/CodeBlock.h:
3404         * bytecode/LineColumnInfo.h: Added.
3405         (JSC::LineColumnInfo::operator <):
3406         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
3407         (JSC::LineColumnInfo::operator ==):
3408         (JSC::LineColumnInfo::operator !=):
3409         (JSC::LineColumnInfo::operator <=):
3410         (JSC::LineColumnInfo::operator >):
3411         (JSC::LineColumnInfo::operator >=):
3412         * bytecode/LineInfo.h: Removed.
3413
3414         * bytecode/UnlinkedCodeBlock.cpp:
3415         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
3416         - Factored this out of expressionRangeForBytecodeOffset() so that it can
3417           be called from multiple places.
3418         (JSC::dumpLineColumnEntry):
3419         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
3420         (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
3421         - Some dumpers for debugging use only.
3422         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
3423         (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
3424         - Finds the earliest op_debug bytecode whose line and column matches the
3425           specified line and column values. If an exact match is not found, then
3426           finds the nearest op_debug bytecode that precedes the specified line
3427           and column values. If there are more than one op_debug at that preceding
3428           line and column value, then the earliest of those op_debug bytecodes will
3429           be be selected. The offset of the selected bytecode will be returned.
3430
3431           We want the earliest one because when we have multiple op_debug bytecodes
3432           that map to a given line and column, a debugger user would expect to break
3433           on the first one and step through the rest thereafter if needed.
3434
3435         (JSC::compareLineColumnInfo):
3436         (JSC::UnlinkedCodeBlock::opDebugLineColumnInfoList):
3437         - Creates the sorted opDebugLineColumnInfoList on demand. This list is
3438           stored in the UnlinkedCodeBlock's rareData.
3439         * bytecode/UnlinkedCodeBlock.h:
3440
3441 2014-01-18  Zan Dobersek  <zdobersek@igalia.com>
3442
3443         Inspector scripts are not compatible with Python v3
3444         https://bugs.webkit.org/show_bug.cgi?id=127128
3445
3446         Reviewed by Benjamin Poulain.
3447
3448         * inspector/scripts/generate-combined-inspector-json.py: Turn print statements into print function calls.
3449         * inspector/scripts/jsmin.py: Try importing the StringIO class from the StringIO module (which will work for
3450         Python v2) or, on import error, import the class from the io module (which will work for Python v3).
3451
3452 2014-01-17  Anders Carlsson  <andersca@apple.com>
3453
3454         String::is8Bit() crashes if m_impl is null, handle this.
3455
3456         * API/OpaqueJSString.h:
3457         (OpaqueJSString::OpaqueJSString):
3458
3459 2014-01-17  Anders Carlsson  <andersca@apple.com>
3460
3461         Try to fix the Windows build.
3462
3463         * API/OpaqueJSString.cpp:
3464         (OpaqueJSString::~OpaqueJSString):
3465         (OpaqueJSString::characters):
3466         * API/OpaqueJSString.h:
3467         (OpaqueJSString::OpaqueJSString):
3468
3469 2014-01-17  Anders Carlsson  <andersca@apple.com>
3470
3471         Get rid of OpaqueJSString::deprecatedCharacters()
3472         https://bugs.webkit.org/show_bug.cgi?id=127161
3473
3474         Reviewed by Sam Weinig.
3475
3476         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
3477         code paths for the 8-bit cases.
3478         
3479         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
3480         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
3481         is called and the backing string is 8-bit.
3482         
3483         This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
3484         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
3485         causing an unsafe upconversion to a 16-bit string).
3486
3487         * API/JSStringRef.cpp:
3488         (JSStringGetCharactersPtr):
3489         Call OpaqueJSString::characters.
3490
3491         (JSStringGetUTF8CString):
3492         Add a code path that handles 8-bit strings.
3493
3494         (JSStringIsEqual):
3495         Call OpaqueJSString::equal.
3496
3497         * API/JSStringRefCF.cpp:
3498         (JSStringCreateWithCFString):
3499         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
3500
3501         (JSStringCopyCFString):
3502         Create an 8-bit CFStringRef if possible.
3503
3504         * API/OpaqueJSString.cpp:
3505         (OpaqueJSString::create):
3506         Use nullptr.
3507
3508         (OpaqueJSString::~OpaqueJSString):
3509         Free m_characters.
3510
3511         (OpaqueJSString::characters):
3512         Do the up-conversion and store the result in m_characters.
3513
3514         (OpaqueJSString::equal):
3515         New helper function.
3516
3517         * API/OpaqueJSString.h:
3518         (OpaqueJSString::is8Bit):
3519         New function that returns whether a string is 8-bit or not.
3520
3521         (OpaqueJSString::characters8):
3522         (OpaqueJSString::characters16):
3523         Add getters.
3524
3525 2014-01-17  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
3526
3527         Remove workaround for compilers not supporting deleted functions
3528         https://bugs.webkit.org/show_bug.cgi?id=127166
3529
3530         Reviewed by Andreas Kling.
3531
3532         * inspector/InspectorAgentRegistry.h:
3533
3534 2014-01-17  Commit Queue  <commit-queue@webkit.org>
3535
3536         Unreviewed, rolling out r162185, r162186, and r162187.
3537         http://trac.webkit.org/changeset/162185
3538         http://trac.webkit.org/changeset/162186
3539         http://trac.webkit.org/changeset/162187
3540         https://bugs.webkit.org/show_bug.cgi?id=127164
3541
3542         Broke JSStringCreateWithCharactersNoCopy, as evidenced by a
3543         JSC API test (Requested by ap on #webkit).
3544
3545         * API/JSStringRef.cpp:
3546         (JSStringGetCharactersPtr):
3547         (JSStringGetUTF8CString):
3548         (JSStringIsEqual):
3549         * API/JSStringRefCF.cpp:
3550         (JSStringCreateWithCFString):
3551         (JSStringCopyCFString):
3552         * API/OpaqueJSString.cpp:
3553         (OpaqueJSString::create):
3554         (OpaqueJSString::identifier):
3555         * API/OpaqueJSString.h:
3556         (OpaqueJSString::create):
3557         (OpaqueJSString::characters):
3558         (OpaqueJSString::deprecatedCharacters):
3559         (OpaqueJSString::OpaqueJSString):
3560
3561 2014-01-16  Anders Carlsson  <andersca@apple.com>
3562
3563         Export OpaqueJSString destructor.
3564
3565         * API/OpaqueJSString.h:
3566
3567 2014-01-16  Anders Carlsson  <andersca@apple.com>
3568
3569         Build fix.
3570
3571         * API/OpaqueJSString.h:
3572
3573 2014-01-16  Anders Carlsson  <andersca@apple.com>
3574
3575         Get rid of OpaqueJSString::deprecatedCharacters()
3576         https://bugs.webkit.org/show_bug.cgi?id=127161
3577
3578         Reviewed by Sam Weinig.
3579
3580         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
3581         code paths for the 8-bit cases.
3582         
3583         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
3584         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
3585         is called. This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
3586         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
3587         causing an unsafe upconversion to a 16-bit string).
3588
3589         * API/JSStringRef.cpp:
3590         (JSStringGetCharactersPtr):
3591         Call OpaqueJSString::characters.
3592
3593         (JSStringGetUTF8CString):
3594         Add a code path that handles 8-bit strings.
3595
3596         (JSStringIsEqual):
3597         Call OpaqueJSString::equal.
3598
3599         * API/JSStringRefCF.cpp:
3600         (JSStringCreateWithCFString):
3601         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
3602
3603         (JSStringCopyCFString):
3604         Create an 8-bit CFStringRef if possible.
3605
3606         * API/OpaqueJSString.cpp:
3607         (OpaqueJSString::create):
3608         Use nullptr.
3609
3610         (OpaqueJSString::~OpaqueJSString):
3611         Free m_characters.
3612
3613         (OpaqueJSString::characters):
3614         Do the up-conversion and store the result in m_characters.
3615
3616         (OpaqueJSString::equal):
3617         New helper function.
3618
3619         * API/OpaqueJSString.h:
3620         (OpaqueJSString::is8Bit):
3621         New function that returns whether a string is 8-bit or not.
3622
3623         (OpaqueJSString::characters8):
3624         (OpaqueJSString::characters16):
3625         Add getters.
3626
3627 2014-01-16  Anders Carlsson  <andersca@apple.com>
3628
3629         Change all uses of FINAL to final now that all our compilers support it
3630         https://bugs.webkit.org/show_bug.cgi?id=127142
3631
3632         Reviewed by Benjamin Poulain.
3633
3634         * inspector/JSGlobalObjectInspectorController.h:
3635         * inspector/agents/InspectorAgent.h:
3636         * inspector/remote/RemoteInspector.h:
3637         * inspector/remote/RemoteInspectorDebuggableConnection.h:
3638         * inspector/scripts/CodeGeneratorInspector.py:
3639         (Generator.go):
3640         * runtime/JSGlobalObjectDebuggable.h:
3641         * runtime/JSPromiseReaction.cpp:
3642
3643 2014-01-16  Oliver Hunt  <oliver@apple.com>
3644
3645         throwing an objc object (or general binding object) triggers an assertion
3646         https://bugs.webkit.org/show_bug.cgi?id=127146
3647
3648         Reviewed by Alexey Proskuryakov.
3649
3650         This is simply a bogus assertion as we can't guarantee a bindings object
3651         won't intercept assignment to .stack
3652
3653         * interpreter/Interpreter.cpp:
3654         (JSC::Interpreter::unwind):
3655
3656 2014-01-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
3657
3658         Remove workaround for compilers not supporting explicit override control
3659         https://bugs.webkit.org/show_bug.cgi?id=127111
3660
3661         Reviewed by Anders Carlsson.
3662
3663         Now all compilers support explicit override control, this workaround can be removed.
3664
3665         * API/JSAPIWrapperObject.mm:
3666         * API/JSCallbackObject.h:
3667         * API/JSManagedValue.mm:
3668         * API/JSScriptRef.cpp:
3669         * bytecode/CodeBlock.h:
3670         * bytecode/CodeBlockJettisoningWatchpoint.h:
3671         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
3672         * bytecode/StructureStubClearingWatchpoint.h:
3673         * dfg/DFGArrayifySlowPathGenerator.h:
3674         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
3675         * dfg/DFGFailedFinalizer.h:
3676         * dfg/DFGJITCode.h:
3677         * dfg/DFGJITFinalizer.h:
3678         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
3679         * dfg/DFGSlowPathGenerator.h:
3680         * dfg/DFGSpeculativeJIT64.cpp:
3681         * heap/Heap.h:
3682         * heap/IncrementalSweeper.h:
3683         * heap/SuperRegion.h:
3684         * inspector/InspectorValues.h:
3685         * inspector/JSGlobalObjectInspectorController.h:
3686         * inspector/agents/InspectorAgent.h:
3687         * inspector/remote/RemoteInspector.h:
3688         * inspector/remote/RemoteInspectorDebuggableConnection.h:
3689         * inspector/scripts/CodeGeneratorInspector.py:
3690         (Generator.go):
3691         * jit/ClosureCallStubRoutine.h:
3692         * jit/ExecutableAllocatorFixedVMPool.cpp:
3693         * jit/GCAwareJITStubRoutine.h:
3694         * jit/JITCode.h:
3695         * jit/JITToDFGDeferredCompilationCallback.h:
3696         * parser/Nodes.h:
3697         * parser/SourceProvider.h:
3698         * runtime/DataView.h:
3699         * runtime/GCActivityCallback.h:
3700         * runtime/GenericTypedArrayView.h:
3701         * runtime/JSGlobalObjectDebuggable.h:
3702         * runtime/JSPromiseReaction.cpp:
3703         * runtime/RegExpCache.h:
3704         * runtime/SimpleTypedArrayController.h:
3705         * runtime/SymbolTable.h:
3706         * runtime/WeakMapData.h:
3707
3708 2014-01-15  Joseph Pecoraro  <pecoraro@apple.com>
3709
3710         [iOS] Clean up REMOTE_INSPECTOR code in OpenSource after the iOS merge
3711         https://bugs.webkit.org/show_bug.cgi?id=127069
3712
3713         Reviewed by Timothy Hatcher.
3714
3715         * JavaScriptCore.xcodeproj/project.pbxproj:
3716         Export XPCConnection because it is needed by RemoteInspector.h.
3717
3718         * inspector/remote/RemoteInspectorXPCConnection.h:
3719         * inspector/remote/RemoteInspector.h:
3720         * inspector/remote/RemoteInspector.mm:
3721         (Inspector::RemoteInspector::startDisabled):
3722         (Inspector::RemoteInspector::shared):
3723         Allow RemoteInspector singleton to start disabled.
3724
3725 2014-01-15  Brian Burg  <bburg@apple.com>
3726
3727         Web Inspector: capture probe samples on the backend
3728         https://bugs.webkit.org/show_bug.cgi?id=126668
3729
3730         Reviewed by Joseph Pecoraro.
3731
3732         Add the 'probe' breakpoint action to the protocol. Change the setBreakpoint
3733         commands to return a list of assigned breakpoint action identifiers
3734         Add a type for breakpoint action identifiers. Add an event for sending
3735         captured probe samples to the inspector frontend.
3736
3737         * inspector/protocol/Debugger.json:
3738
3739 2014-01-10  Mark Hahnenberg  <mhahnenberg@apple.com>
3740
3741         Copying should be generational
3742         https://bugs.webkit.org/show_bug.cgi?id=126555
3743
3744         Reviewed by Geoffrey Garen.
3745
3746         This patch adds support for copying to our generational collector. Eden collections 
3747         always trigger copying. Full collections use our normal fragmentation-based heuristics.
3748
3749         The way this works is that the CopiedSpace now has the notion of an old generation set of CopiedBlocks
3750         and a new generation of CopiedBlocks. During each mutator cycle new CopiedSpace allocations reside
3751         in the new generation. When a collection occurs, those blocks are moved to the old generation.
3752
3753         One key thing to remember is that both new and old generation objects in the MarkedSpace can
3754         refer to old or new generation allocations in CopiedSpace. This is why we must fire write barriers 
3755         when assigning to an old (MarkedSpace) object's Butterfly.
3756
3757         * heap/CopiedAllocator.h:
3758         (JSC::CopiedAllocator::tryAllocateDuringCopying):
3759         * heap/CopiedBlock.h:
3760         (JSC::CopiedBlock::CopiedBlock):
3761         (JSC::CopiedBlock::didEvacuateBytes):
3762         (JSC::CopiedBlock::isOld):
3763         (JSC::CopiedBlock::didPromote):
3764         * heap/CopiedBlockInlines.h:
3765         (JSC::CopiedBlock::reportLiveBytes):
3766         (JSC::CopiedBlock::reportLiveBytesDuringCopying):
3767         * heap/CopiedSpace.cpp:
3768         (JSC::CopiedSpace::CopiedSpace):
3769         (JSC::CopiedSpace::~CopiedSpace):
3770         (JSC::CopiedSpace::init):
3771         (JSC::CopiedSpace::tryAllocateOversize):
3772         (JSC::CopiedSpace::tryReallocateOversize):
3773         (JSC::CopiedSpace::doneFillingBlock):
3774         (JSC::CopiedSpace::didStartFullCollection):
3775         (JSC::CopiedSpace::doneCopying):
3776         (JSC::CopiedSpace::size):
3777         (JSC::CopiedSpace::capacity):
3778         (JSC::CopiedSpace::isPagedOut):
3779         * heap/CopiedSpace.h:
3780         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
3781         * heap/CopiedSpaceInlines.h:
3782         (JSC::CopiedSpace::contains):
3783         (JSC::CopiedSpace::recycleEvacuatedBlock):
3784         (JSC::CopiedSpace::allocateBlock):
3785         (JSC::CopiedSpace::startedCopying):
3786         * heap/CopyVisitor.cpp:
3787         (JSC::CopyVisitor::copyFromShared):
3788         * heap/CopyVisitorInlines.h:
3789         (JSC::CopyVisitor::allocateNewSpace):
3790         (JSC::CopyVisitor::allocateNewSpaceSlow):
3791         * heap/GCThreadSharedData.cpp:
3792         (JSC::GCThreadSharedData::didStartCopying):
3793         * heap/Heap.cpp:
3794         (JSC::Heap::copyBackingStores):
3795         * heap/SlotVisitorInlines.h:
3796         (JSC::SlotVisitor::copyLater):
3797         * heap/TinyBloomFilter.h:
3798         (JSC::TinyBloomFilter::add):
3799
3800 2014-01-14  Mark Lam  <mark.lam@apple.com>
3801
3802         ASSERTION FAILED: !hasError() in JSC::Parser<LexerType>::createSavePoint().
3803         https://bugs.webkit.org/show_bug.cgi?id=126990.
3804
3805         Reviewed by Geoffrey Garen.
3806
3807         * parser/Parser.cpp:
3808         (JSC::Parser<LexerType>::parseConstDeclarationList):
3809         - We were missing an error check after attempting to parse an initializer
3810           expression. This is now fixed.
3811
3812 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
3813
3814         Web Inspector: For Remote Inspection link WebProcess's to their parent UIProcess
3815         https://bugs.webkit.org/show_bug.cgi?id=126995
3816
3817         Reviewed by Timothy Hatcher.
3818
3819         * inspector/remote/RemoteInspector.mm:
3820         (Inspector::RemoteInspector::listingForDebuggable):
3821         For each WebView, list the parent process. Listing the parent per WebView
3822         is already supported back when we supported processes that could host WebViews
3823         for multiple applications.
3824
3825         * inspector/remote/RemoteInspectorConstants.h:
3826         Add a separate key for the bundle identifier, separate from application identifier.
3827
3828         * inspector/remote/RemoteInspectorDebuggable.cpp:
3829         (Inspector::RemoteInspectorDebuggable::info):
3830         * inspector/remote/RemoteInspectorDebuggable.h:
3831         (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
3832         (Inspector::RemoteInspectorDebuggableInfo::hasParentProcess):
3833         If a RemoteInspectorDebuggable has a non-zero parent process identifier
3834         it is a proxy for the parent process.
3835
3836 2014-01-14  Brian J. Burg  <burg@cs.washington.edu>
3837
3838         Add ENABLE(WEB_REPLAY) feature flag to the build system
3839         https://bugs.webkit.org/show_bug.cgi?id=126949
3840
3841         Reviewed by Joseph Pecoraro.
3842
3843         * Configurations/FeatureDefines.xcconfig:
3844
3845 2014-01-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
3846
3847         [EFL] FTL buildfix, add missing includes
3848         https://bugs.webkit.org/show_bug.cgi?id=126641
3849
3850         Reviewed by Csaba Osztrogonác.
3851
3852         * ftl/FTLOSREntry.cpp:
3853         * ftl/FTLOSRExitCompiler.cpp:
3854
3855 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
3856
3857         Web Inspector: RemoteInspector::updateDebuggable may miss a push
3858         https://bugs.webkit.org/show_bug.cgi?id=126965
3859
3860         Reviewed by Timothy Hatcher.
3861
3862         * inspector/remote/RemoteInspector.mm:
3863         (Inspector::RemoteInspector::updateDebuggable):
3864         Always push an update. If a debuggable went from allowed to
3865         not allowed, we would have missed pushing an update.
3866
3867 2014-01-13  Mark Hahnenberg  <mhahnenberg@apple.com>
3868
3869         Performance regression on dromaeo due to generational marking
3870         https://bugs.webkit.org/show_bug.cgi?id=126901
3871
3872         Reviewed by Oliver Hunt.
3873
3874         We were seeing some performance regression with ENABLE_GGC == 0, so this patch
3875         ifdefs out more things to get rid of the additional overhead.
3876
3877         * heap/Heap.cpp:
3878         (JSC::Heap::markRoots):
3879         (JSC::Heap::writeBarrier):
3880         * heap/MarkedBlock.cpp:
3881         (JSC::MarkedBlock::clearMarks):
3882         (JSC::MarkedBlock::clearMarksWithCollectionType):
3883         * heap/MarkedSpace.cpp:
3884         (JSC::MarkedSpace::resetAllocators):
3885         * heap/MarkedSpace.h:
3886         (JSC::MarkedSpace::didAllocateInBlock):
3887         * heap/SlotVisitorInlines.h:
3888         (JSC::SlotVisitor::internalAppend):
3889         (JSC::SlotVisitor::reportExtraMemoryUsage):
3890
3891 2014-01-13  Brian Burg  <bburg@apple.com>
3892
3893         Web Inspector: protocol generator should support integer-typed declarations
3894         https://bugs.webkit.org/show_bug.cgi?id=126828
3895
3896         Reviewed by Joseph Pecoraro.
3897
3898         Add new binding classes for parameter/ad-hoc and normal integer type declarations.
3899
3900         * inspector/scripts/CodeGeneratorInspector.py:
3901         (TypeBindings.create_type_declaration_):
3902         (TypeBindings.create_type_declaration_.PlainInteger):
3903         (TypeBindings.create_type_declaration_.PlainInteger.resolve_inner):
3904         (TypeBindings.create_type_declaration_.PlainInteger.request_user_runtime_cast):
3905         (TypeBindings.create_type_declaration_.PlainInteger.request_internal_runtime_cast):
3906         (TypeBindings.create_type_declaration_.PlainInteger.get_code_generator):
3907         (TypeBindings.create_type_declaration_.PlainInteger.get_validator_call_text):
3908         (TypeBindings.create_type_declaration_.PlainInteger.reduce_to_raw_type):
3909         (TypeBindings.create_type_declaration_.PlainInteger.get_type_model):
3910         (TypeBindings.create_type_declaration_.PlainInteger.get_setter_value_expression_pattern):
3911         (TypeBindings.create_type_declaration_.PlainInteger.get_array_item_c_type_text):
3912         (TypeBindings.create_type_declaration_.TypedefInteger):
3913         (TypeBindings.create_type_declaration_.TypedefInteger.resolve_inner):
3914         (TypeBindings.create_type_declaration_.TypedefInteger.request_user_runtime_cast):
3915         (TypeBindings.create_type_declaration_.TypedefInteger.request_internal_runtime_cast):
3916         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator):
3917         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator):
3918         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder):
3919         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder.int):
3920         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.register_use):
3921         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.get_generate_pass_id):
3922         (TypeBindings.create_type_declaration_.TypedefInteger.get_validator_call_text):
3923         (TypeBindings.create_type_declaration_.TypedefInteger.reduce_to_raw_type):
3924         (TypeBindings.create_type_declaration_.TypedefInteger.get_type_model):
3925         (TypeBindings.create_type_declaration_.TypedefInteger.get_setter_value_expression_pattern):
3926         (TypeBindings.create_type_declaration_.TypedefInteger.get_array_item_c_type_text):
3927
3928 2014-01-13  Zalan Bujtas  <zalan@apple.com>
3929
3930         Enable SUBPIXEL_LAYOUT on Mac
3931         <https://webkit.org/b/126283>
3932
3933         Reviewed by Simon Fraser.
3934
3935         * Configurations/FeatureDefines.xcconfig:
3936
3937 2014-01-13  Zan Dobersek  <zdobersek@igalia.com>
3938
3939         Unreviewed. Changes in r161686 are exposing a bug in GCC where the global .cfi_startproc directive
3940         is not inserted early enough into the generated assembler code when building in debug mode, causing
3941         compilation failures on ports using the GCC compilers. To work around the problem, only utilize the
3942         OFFLINE_ASM_* macros that use .cfi_ directives when compiling with Clang.
3943
3944         * llint/LowLevelInterpreter.cpp:
3945
3946 2014-01-12  Commit Queue  <commit-queue@webkit.org>
3947
3948         Unreviewed, rolling out r161840.
3949         http://trac.webkit.org/changeset/161840
3950         https://bugs.webkit.org/show_bug.cgi?id=126870
3951
3952         Caused jsscore and layout test failures (Requested by smfr on
3953         #webkit).
3954
3955         * API/JSValueRef.cpp:
3956         (JSValueMakeFromJSONString):
3957         * bindings/ScriptValue.cpp:
3958         (Deprecated::jsToInspectorValue):
3959         * inspector/InspectorValues.cpp:
3960         * runtime/D