c7e56d40cf65f40a595a8d01d6553462be4c0830
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
4         https://bugs.webkit.org/show_bug.cgi?id=147353
5
6         Reviewed by Saam Barati.
7
8         This is the follow-up patch after r188355.
9         It includes the following changes.
10
11         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
12         - Make SourceParseMode to C++ strongly-typed enum.
13         - Fix the comments.
14         - Rename ModuleSpecifier to ModuleName.
15         - Add the type name `ImportEntry` before the C++11 uniform initialization.
16         - Fix the thrown message for duplicate 'default' names.
17         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
18
19         * API/JSScriptRef.cpp:
20         (parseScript):
21         * builtins/BuiltinExecutables.cpp:
22         (JSC::BuiltinExecutables::createExecutableInternal):
23         * bytecode/UnlinkedFunctionExecutable.cpp:
24         (JSC::generateFunctionCodeBlock):
25         * bytecode/UnlinkedFunctionExecutable.h:
26         * bytecompiler/BytecodeGenerator.h:
27         (JSC::BytecodeGenerator::makeFunction):
28         * parser/ASTBuilder.h:
29         (JSC::ASTBuilder::createFunctionMetadata):
30         (JSC::ASTBuilder::createModuleName):
31         (JSC::ASTBuilder::createImportDeclaration):
32         (JSC::ASTBuilder::createExportAllDeclaration):
33         (JSC::ASTBuilder::createExportNamedDeclaration):
34         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
35         * parser/ModuleAnalyzer.cpp:
36         (JSC::ModuleAnalyzer::analyze):
37         * parser/NodeConstructors.h:
38         (JSC::ModuleNameNode::ModuleNameNode):
39         (JSC::ImportDeclarationNode::ImportDeclarationNode):
40         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
41         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
42         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
43         * parser/Nodes.cpp:
44         (JSC::FunctionMetadataNode::FunctionMetadataNode):
45         * parser/Nodes.h:
46         (JSC::StatementNode::isModuleDeclarationNode):
47         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
48         (JSC::ImportDeclarationNode::moduleName):
49         (JSC::ExportAllDeclarationNode::moduleName):
50         (JSC::ExportNamedDeclarationNode::moduleName):
51         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
52         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
53         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
54         * parser/NodesAnalyzeModule.cpp:
55         (JSC::SourceElements::analyzeModule):
56         (JSC::ImportDeclarationNode::analyzeModule):
57         (JSC::ExportAllDeclarationNode::analyzeModule):
58         (JSC::ExportNamedDeclarationNode::analyzeModule):
59         * parser/Parser.cpp:
60         (JSC::Parser<LexerType>::Parser):
61         (JSC::Parser<LexerType>::parseInner):
62         (JSC::Parser<LexerType>::parseModuleSourceElements):
63         (JSC::Parser<LexerType>::parseFunctionBody):
64         (JSC::stringForFunctionMode):
65         (JSC::Parser<LexerType>::parseFunctionParameters):
66         (JSC::Parser<LexerType>::parseFunctionInfo):
67         (JSC::Parser<LexerType>::parseFunctionDeclaration):
68         (JSC::Parser<LexerType>::parseClass):
69         (JSC::Parser<LexerType>::parseModuleName):
70         (JSC::Parser<LexerType>::parseImportDeclaration):
71         (JSC::Parser<LexerType>::parseExportDeclaration):
72         (JSC::Parser<LexerType>::parsePropertyMethod):
73         (JSC::Parser<LexerType>::parseGetterSetter):
74         (JSC::Parser<LexerType>::parsePrimaryExpression):
75         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
76         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
77         * parser/Parser.h:
78         (JSC::Parser<LexerType>::parse):
79         (JSC::parse):
80         * parser/ParserModes.h:
81         (JSC::isFunctionParseMode):
82         (JSC::isModuleParseMode):
83         (JSC::isProgramParseMode):
84         * parser/SyntaxChecker.h:
85         (JSC::SyntaxChecker::createFunctionMetadata):
86         (JSC::SyntaxChecker::createModuleName):
87         (JSC::SyntaxChecker::createImportDeclaration):
88         (JSC::SyntaxChecker::createExportAllDeclaration):
89         (JSC::SyntaxChecker::createExportNamedDeclaration):
90         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
91         * runtime/CodeCache.cpp:
92         (JSC::CodeCache::getGlobalCodeBlock):
93         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
94         * runtime/Completion.cpp:
95         (JSC::checkSyntax):
96         (JSC::checkModuleSyntax):
97         * runtime/Executable.cpp:
98         (JSC::ProgramExecutable::checkSyntax):
99         * tests/stress/modules-syntax-error-with-names.js:
100
101 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
102
103         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
104         https://bugs.webkit.org/show_bug.cgi?id=147966
105
106         Reviewed by Timothy Hatcher.
107
108         * inspector/InjectedScriptSource.js:
109         (InjectedScript.prototype._initialPreview):
110         Renamed to initial preview. This is not a complete preview for
111         this object, and it needs some processing in order to be a
112         complete accurate preview.
113
114         (InjectedScript.RemoteObject.prototype._emptyPreview):
115         This attempts to be an accurate empty preview for the given object.
116         For types with entries, it adds an empty entries list and updates
117         the overflow and lossless properties.
118
119         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
120         Take a generatePreview parameter to generate a full preview or empty preview.
121
122         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
123         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
124         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
125         Take care to avoid cycles.
126
127 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
128
129         Periodic code deletion should delete RegExp code
130         https://bugs.webkit.org/show_bug.cgi?id=147990
131
132         Reviewed by Filip Pizlo.
133
134         The RegExp code cache was created for the sake of simple loops that
135         re-created the same RegExps. It's reasonable to delete it periodically.
136
137         * heap/Heap.cpp:
138         (JSC::Heap::deleteOldCode):
139
140 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
141
142         RegExpCache::finalize should not delete code
143         https://bugs.webkit.org/show_bug.cgi?id=147987
144
145         Reviewed by Mark Lam.
146
147         The RegExp object already knows how to delete its own code in its
148         destructor. Our job is just to clear our stale pointer.
149
150         * runtime/RegExpCache.cpp:
151         (JSC::RegExpCache::finalize):
152         (JSC::RegExpCache::addToStrongCache):
153
154 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
155
156         Standardize on the phrase "delete code"
157         https://bugs.webkit.org/show_bug.cgi?id=147984
158
159         Reviewed by Mark Lam.
160
161         Use "delete" when we talk about throwing away code, as opposed to
162         "invalidate" or "discard".
163
164         * debugger/Debugger.cpp:
165         (JSC::Debugger::forEachCodeBlock):
166         (JSC::Debugger::setSteppingMode):
167         (JSC::Debugger::recompileAllJSFunctions):
168         * heap/Heap.cpp:
169         (JSC::Heap::deleteAllCompiledCode):
170         * inspector/agents/InspectorRuntimeAgent.cpp:
171         (Inspector::recompileAllJSFunctionsForTypeProfiling):
172         * runtime/RegExp.cpp:
173         (JSC::RegExp::match):
174         (JSC::RegExp::deleteCode):
175         (JSC::RegExp::invalidateCode): Deleted.
176         * runtime/RegExp.h:
177         * runtime/RegExpCache.cpp:
178         (JSC::RegExpCache::finalize):
179         (JSC::RegExpCache::addToStrongCache):
180         (JSC::RegExpCache::deleteAllCode):
181         (JSC::RegExpCache::invalidateCode): Deleted.
182         * runtime/RegExpCache.h:
183         * runtime/VM.cpp:
184         (JSC::VM::stopSampling):
185         (JSC::VM::prepareToDeleteCode):
186         (JSC::VM::deleteAllCode):
187         (JSC::VM::setEnabledProfiler):
188         (JSC::VM::prepareToDiscardCode): Deleted.
189         (JSC::VM::discardAllCode): Deleted.
190         * runtime/VM.h:
191         (JSC::VM::apiLock):
192         (JSC::VM::codeCache):
193         * runtime/Watchdog.cpp:
194         (JSC::Watchdog::setTimeLimit):
195
196 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
197
198         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
199         https://bugs.webkit.org/show_bug.cgi?id=147930
200
201         Reviewed by Saam Barati.
202
203         When the passed prototype object to be set is the same to the existing
204         prototype object, [[SetPrototypeOf]] just finishes its operation even
205         if the extensibility of the target object is `false`.
206
207         * runtime/JSGlobalObjectFunctions.cpp:
208         (JSC::globalFuncProtoSetter):
209         * runtime/ObjectConstructor.cpp:
210         (JSC::objectConstructorSetPrototypeOf):
211         * runtime/ReflectObject.cpp:
212         (JSC::reflectObjectSetPrototypeOf):
213         * tests/stress/set-same-prototype.js: Added.
214         (shouldBe):
215         (shouldThrow):
216
217 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
218
219         Removed clearEvalCodeCache()
220         https://bugs.webkit.org/show_bug.cgi?id=147957
221
222         Reviewed by Filip Pizlo.
223
224         It was unused.
225
226         * bytecode/CodeBlock.cpp:
227         (JSC::CodeBlock::linkIncomingCall):
228         (JSC::CodeBlock::install):
229         (JSC::CodeBlock::clearEvalCache): Deleted.
230         * bytecode/CodeBlock.h:
231         (JSC::CodeBlock::numberOfJumpTargets):
232         (JSC::CodeBlock::jumpTarget):
233         (JSC::CodeBlock::numberOfArgumentValueProfiles):
234
235 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
236
237         [ES6] Implement Reflect.defineProperty
238         https://bugs.webkit.org/show_bug.cgi?id=147943
239
240         Reviewed by Saam Barati.
241
242         This patch implements Reflect.defineProperty.
243         The difference from the Object.defineProperty is,
244
245         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
246         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
247         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
248
249         And this patch comments the links to the ES6 spec.
250
251         * builtins/ReflectObject.js:
252         * runtime/ObjectConstructor.cpp:
253         (JSC::toPropertyDescriptor):
254         * runtime/ObjectConstructor.h:
255         * runtime/ReflectObject.cpp:
256         (JSC::reflectObjectDefineProperty):
257         * tests/stress/reflect-define-property.js: Added.
258         (shouldBe):
259         (shouldThrow):
260         (.set getter):
261         (setter):
262         (.get testDescriptor):
263         (.set get var):
264         (.set testDescriptor):
265         (.set get testDescriptor):
266         (.set get shouldThrow):
267         (.get var):
268
269 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
270
271         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
272         https://bugs.webkit.org/show_bug.cgi?id=147950
273
274         Reviewed by Michael Saboff.
275
276         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
277         responsible for memory corruption, since it would sometimes install watchpoints on structures that
278         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
279         entirely since later phases also do constant folding, and they do it without introducing the bug.
280         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
281         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
282         be maximally aggressive in constant-folding whenever possible.
283
284         So, this change now brings back that constant folding rule - for loads from object constants that
285         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
286         tryGetConstantProperty() if we have registered the structure set.
287
288         * dfg/DFGByteCodeParser.cpp:
289         (JSC::DFG::ByteCodeParser::load):
290
291 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
292
293         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
294         https://bugs.webkit.org/show_bug.cgi?id=147353
295
296         Reviewed by Geoffrey Garen.
297
298         This patch implements ModuleRecord and ModuleAnalyzer.
299         ModuleAnalyzer analyzes the produced AST from the parser.
300         By collaborating with the parser, ModuleAnalyzer collects the information
301         that is necessary to request the loading for the dependent modules and
302         construct module's environment and namespace object before executing the actual
303         module body.
304
305         In the parser, we annotate which variable is imported binding and which variable
306         is exported from the current module. This information is leveraged in the ModuleAnalyzer
307         to categorize the export entries.
308
309         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
310         instead of introducing a new TreeContext type. This is because only 2 users use the
311         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
312         enough to switch the context to the SyntaxChecker when parsing the non-module related
313         statement in the preparsing phase.
314
315         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
316         into the JSC shell. By specifying this, the result of analysis is dumped when the module
317         is parsed and analyzed.
318
319         * CMakeLists.txt:
320         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
321         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
322         * JavaScriptCore.xcodeproj/project.pbxproj:
323         * builtins/BuiltinNames.h:
324         * parser/ASTBuilder.h:
325         (JSC::ASTBuilder::createExportDefaultDeclaration):
326         * parser/ModuleAnalyzer.cpp: Added.
327         (JSC::ModuleAnalyzer::ModuleAnalyzer):
328         (JSC::ModuleAnalyzer::exportedBinding):
329         (JSC::ModuleAnalyzer::declareExportAlias):
330         (JSC::ModuleAnalyzer::exportVariable):
331         (JSC::ModuleAnalyzer::analyze):
332         * parser/ModuleAnalyzer.h: Added.
333         (JSC::ModuleAnalyzer::vm):
334         (JSC::ModuleAnalyzer::moduleRecord):
335         * parser/ModuleRecord.cpp: Added.
336         (JSC::printableName):
337         (JSC::ModuleRecord::dump):
338         * parser/ModuleRecord.h: Added.
339         (JSC::ModuleRecord::ImportEntry::isNamespace):
340         (JSC::ModuleRecord::create):
341         (JSC::ModuleRecord::appendRequestedModule):
342         (JSC::ModuleRecord::addImportEntry):
343         (JSC::ModuleRecord::addExportEntry):
344         (JSC::ModuleRecord::addStarExportEntry):
345         * parser/NodeConstructors.h:
346         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
347         (JSC::ImportDeclarationNode::ImportDeclarationNode):
348         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
349         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
350         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
351         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
352         * parser/Nodes.h:
353         (JSC::ExportDefaultDeclarationNode::localName):
354         * parser/NodesAnalyzeModule.cpp: Added.
355         (JSC::ScopeNode::analyzeModule):
356         (JSC::SourceElements::analyzeModule):
357         (JSC::ImportDeclarationNode::analyzeModule):
358         (JSC::ExportAllDeclarationNode::analyzeModule):
359         (JSC::ExportDefaultDeclarationNode::analyzeModule):
360         (JSC::ExportLocalDeclarationNode::analyzeModule):
361         (JSC::ExportNamedDeclarationNode::analyzeModule):
362         * parser/Parser.cpp:
363         (JSC::Parser<LexerType>::parseInner):
364         (JSC::Parser<LexerType>::parseModuleSourceElements):
365         (JSC::Parser<LexerType>::parseVariableDeclarationList):
366         (JSC::Parser<LexerType>::createBindingPattern):
367         (JSC::Parser<LexerType>::parseFunctionDeclaration):
368         (JSC::Parser<LexerType>::parseClassDeclaration):
369         (JSC::Parser<LexerType>::parseImportClauseItem):
370         (JSC::Parser<LexerType>::parseExportSpecifier):
371         (JSC::Parser<LexerType>::parseExportDeclaration):
372         * parser/Parser.h:
373         (JSC::Scope::lexicalVariables):
374         (JSC::Scope::declareLexicalVariable):
375         (JSC::Parser::declareVariable):
376         (JSC::Parser::exportName):
377         (JSC::Parser<LexerType>::parse):
378         (JSC::parse):
379         * parser/ParserModes.h:
380         * parser/SyntaxChecker.h:
381         (JSC::SyntaxChecker::createExportDefaultDeclaration):
382         * parser/VariableEnvironment.cpp:
383         (JSC::VariableEnvironment::markVariableAsImported):
384         (JSC::VariableEnvironment::markVariableAsExported):
385         * parser/VariableEnvironment.h:
386         (JSC::VariableEnvironmentEntry::isExported):
387         (JSC::VariableEnvironmentEntry::isImported):
388         (JSC::VariableEnvironmentEntry::setIsExported):
389         (JSC::VariableEnvironmentEntry::setIsImported):
390         * runtime/CommonIdentifiers.h:
391         * runtime/Completion.cpp:
392         (JSC::checkModuleSyntax):
393         * runtime/Options.h:
394
395 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
396
397         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
398
399         * jit/ExecutableAllocator.h:
400         * jsc.cpp:
401         (GlobalObject::finishCreation):
402         (functionAddressOf):
403         (functionVersion):
404         (functionReleaseExecutableMemory): Deleted.
405         * runtime/VM.cpp:
406         (JSC::StackPreservingRecompiler::operator()):
407         (JSC::VM::throwException):
408         (JSC::VM::updateFTLLargestStackSize):
409         (JSC::VM::gatherConservativeRoots):
410         (JSC::VM::releaseExecutableMemory): Deleted.
411         (JSC::releaseExecutableMemory): Deleted.
412         * runtime/VM.h:
413         (JSC::VM::isCollectorBusy):
414         * runtime/Watchdog.cpp:
415         (JSC::Watchdog::setTimeLimit):
416
417 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
418
419         Roll out r188339, which broke the build.
420
421         Unreviewed.
422
423         * jit/ExecutableAllocator.h:
424         * jsc.cpp:
425         (GlobalObject::finishCreation):
426         (functionReleaseExecutableMemory):
427         * runtime/VM.cpp:
428         (JSC::StackPreservingRecompiler::visit):
429         (JSC::StackPreservingRecompiler::operator()):
430         (JSC::VM::releaseExecutableMemory):
431         (JSC::releaseExecutableMemory):
432         * runtime/VM.h:
433         * runtime/Watchdog.cpp:
434         (JSC::Watchdog::setTimeLimit):
435
436 2015-08-12  Alex Christensen  <achristensen@webkit.org>
437
438         Fix Debug CMake builds on Windows
439         https://bugs.webkit.org/show_bug.cgi?id=147940
440
441         Reviewed by Chris Dumez.
442
443         * PlatformWin.cmake:
444         Copy the plist to the JavaScriptCore.resources directory.
445
446 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
447
448         Remove VM::releaseExecutableMemory
449         https://bugs.webkit.org/show_bug.cgi?id=147915
450
451         Reviewed by Saam Barati.
452
453         releaseExecutableMemory() was only used in one place, where discardAllCode()
454         would work just as well.
455
456         It's confusing to have two slightly different ways to discard code. Also,
457         releaseExecutableMemory() is unused in any production code, and it seems
458         to have bit-rotted.
459
460         * jit/ExecutableAllocator.h:
461         * jsc.cpp:
462         (GlobalObject::finishCreation):
463         (functionAddressOf):
464         (functionVersion):
465         (functionReleaseExecutableMemory): Deleted.
466         * runtime/VM.cpp:
467         (JSC::StackPreservingRecompiler::operator()):
468         (JSC::VM::throwException):
469         (JSC::VM::updateFTLLargestStackSize):
470         (JSC::VM::gatherConservativeRoots):
471         (JSC::VM::releaseExecutableMemory): Deleted.
472         (JSC::releaseExecutableMemory): Deleted.
473         * runtime/VM.h:
474         (JSC::VM::isCollectorBusy):
475         * runtime/Watchdog.cpp:
476         (JSC::Watchdog::setTimeLimit):
477
478 2015-08-12  Mark Lam  <mark.lam@apple.com>
479
480         Add a JSC option to enable the watchdog for testing.
481         https://bugs.webkit.org/show_bug.cgi?id=147939
482
483         Reviewed by Michael Saboff.
484
485         * API/JSContextRef.cpp:
486         (JSContextGroupSetExecutionTimeLimit):
487         (createWatchdogIfNeeded): Deleted.
488         * runtime/Options.h:
489         * runtime/VM.cpp:
490         (JSC::VM::VM):
491         (JSC::VM::~VM):
492         (JSC::VM::sharedInstanceInternal):
493         (JSC::VM::ensureWatchdog):
494         (JSC::thunkGeneratorForIntrinsic):
495         * runtime/VM.h:
496
497 2015-08-11  Mark Lam  <mark.lam@apple.com>
498
499         Implementation JavaScript watchdog using WTF::WorkQueue.
500         https://bugs.webkit.org/show_bug.cgi?id=147107
501
502         Reviewed by Geoffrey Garen.
503
504         How the Watchdog works?
505         ======================
506
507         1. When do we start the Watchdog?
508            =============================
509            The watchdog should only be started if both the following conditions are true:
510            1. A time limit has been set.
511            2. We have entered the VM.
512  
513         2. CPU time vs Wall Clock time
514            ===========================
515            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
516
517            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
518            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
519            indicates the wall clock time point when the WorkQueue timer is expected to fire.
520
521            The time limit for which we allow JS code to run should be measured in CPU time, which can
522            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
523            should fire.
524
525            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
526            we need to check if m_cpuDeadline has been reached.
527
528            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
529
530            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
531            code to continue to run for.  Hence, we need to start a new timer to fire again after
532            Tremainder microseconds.
533     
534            See Watchdog::didFireSlow().
535
536         3. Spurious wake ups
537            =================
538            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
539            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
540            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
541            wake ups are considered to be spurious and will be ignored.
542  
543            See Watchdog::didFireSlow().
544  
545         4. Minimizing Timer creation cost
546            ==============================
547            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
548            than this.
549  
550            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
551            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
552            time limit. Consider the following example:
553  
554                |---|-----|---|----------------|---------|
555                t0  t1    t2  t3            t0 + L    t2 + L 
556
557                |<--- T1 --------------------->|
558                          |<--- T2 --------------------->|
559                |<-- Td ->|                    |<-- Td ->|
560
561            1. The user initializes the watchdog with time limit L.
562            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
563               The timer is set to expire at t0 + L.
564            3. At t1, we exit the VM.
565            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
566          
567               However, we can note that the expiration time for T2 would be after the expiration time
568               of T1. Specifically, T2 would have expired at Td after T1 expires.
569          
570               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
571               for a period or Td instead.
572
573            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
574            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
575            automatically take care of starting a new timer for the difference Td in the example above.
576            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
577            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
578
579            The benefit:
580
581            1. we minimize the number of timer instances we have queued in the workqueue at the same time
582               (ideally only 1 or 0), and use less peak memory usage.
583
584            2. we minimize the frequency of instantiating timer instances. By waiting for the current
585               active timer to expire first, on average, we get to start one timer per time limit
586               (which is infrequent because time limits tend to be long) instead of one timer per
587               VM entry (which tends to be frequent).
588
589            See Watchdog::startTimer().
590
591         * API/JSContextRef.cpp:
592         (createWatchdogIfNeeded):
593         (JSContextGroupClearExecutionTimeLimit):
594         - No need to create the watchdog (if not already created) just to clear it.
595           If the watchdog is not created yet, then it is effectively cleared.
596
597         * API/tests/ExecutionTimeLimitTest.cpp:
598         (currentCPUTimeAsJSFunctionCallback):
599         (testExecutionTimeLimit):
600         (currentCPUTime): Deleted.
601         * API/tests/testapi.c:
602         (main):
603         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
604         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
605         - Enable watchdog tests for all platforms.
606
607         * CMakeLists.txt:
608         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
609         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
610         * JavaScriptCore.xcodeproj/project.pbxproj:
611         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
612
613         * PlatformEfl.cmake:
614
615         * dfg/DFGByteCodeParser.cpp:
616         (JSC::DFG::ByteCodeParser::parseBlock):
617         * dfg/DFGSpeculativeJIT32_64.cpp:
618         * dfg/DFGSpeculativeJIT64.cpp:
619         * interpreter/Interpreter.cpp:
620         (JSC::Interpreter::execute):
621         (JSC::Interpreter::executeCall):
622         (JSC::Interpreter::executeConstruct):
623         * jit/JITOpcodes.cpp:
624         (JSC::JIT::emit_op_loop_hint):
625         (JSC::JIT::emitSlow_op_loop_hint):
626         * jit/JITOperations.cpp:
627         * llint/LLIntOffsetsExtractor.cpp:
628         * llint/LLIntSlowPaths.cpp:
629         * runtime/VM.cpp:
630         - #include Watchdog.h in these files directly instead of doing it via VM.h.
631           These saves us from having to recompile the world when we change Watchdog.h.
632
633         * runtime/VM.h:
634         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
635           thread-safe ref counted.
636
637         * runtime/VMEntryScope.cpp:
638         (JSC::VMEntryScope::VMEntryScope):
639         (JSC::VMEntryScope::~VMEntryScope):
640         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
641           Instead, the VMEntryScope will inform the watchdog of when we have entered and
642           exited the VM.
643
644         * runtime/Watchdog.cpp:
645         (JSC::currentWallClockTime):
646         (JSC::Watchdog::Watchdog):
647         (JSC::Watchdog::hasStartedTimer):
648         (JSC::Watchdog::setTimeLimit):
649         (JSC::Watchdog::didFireSlow):
650         (JSC::Watchdog::hasTimeLimit):
651         (JSC::Watchdog::fire):
652         (JSC::Watchdog::enteredVM):
653         (JSC::Watchdog::exitedVM):
654
655         (JSC::Watchdog::startTimer):
656         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
657           (from a different thread) even after the VM shuts down.  We need to keep it
658           alive until the WorkQueue callback completes.
659
660           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
661           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
662           is done with it.  This ensures that the Watchdog is kept alive until all
663           WorkQueue callbacks are done.
664
665         (JSC::Watchdog::stopTimer):
666         (JSC::Watchdog::~Watchdog): Deleted.
667         (JSC::Watchdog::didFire): Deleted.
668         (JSC::Watchdog::isEnabled): Deleted.
669         (JSC::Watchdog::arm): Deleted.
670         (JSC::Watchdog::disarm): Deleted.
671         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
672         (JSC::Watchdog::startCountdown): Deleted.
673         (JSC::Watchdog::stopCountdown): Deleted.
674         * runtime/Watchdog.h:
675         (JSC::Watchdog::didFire):
676         (JSC::Watchdog::timerDidFireAddress):
677         (JSC::Watchdog::isArmed): Deleted.
678         (JSC::Watchdog::Scope::Scope): Deleted.
679         (JSC::Watchdog::Scope::~Scope): Deleted.
680         * runtime/WatchdogMac.cpp:
681         (JSC::Watchdog::initTimer): Deleted.
682         (JSC::Watchdog::destroyTimer): Deleted.
683         (JSC::Watchdog::startTimer): Deleted.
684         (JSC::Watchdog::stopTimer): Deleted.
685         * runtime/WatchdogNone.cpp:
686         (JSC::Watchdog::initTimer): Deleted.
687         (JSC::Watchdog::destroyTimer): Deleted.
688         (JSC::Watchdog::startTimer): Deleted.
689         (JSC::Watchdog::stopTimer): Deleted.
690
691 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
692
693         Always use a byte-sized lock implementation
694         https://bugs.webkit.org/show_bug.cgi?id=147908
695
696         Reviewed by Geoffrey Garen.
697
698         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
699
700 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
701
702         Make ASan build not depend on asan.xcconfig
703         https://bugs.webkit.org/show_bug.cgi?id=147840
704         rdar://problem/21093702
705
706         Reviewed by Daniel Bates.
707
708         * dfg/DFGOSREntry.cpp:
709         (JSC::DFG::OSREntryData::dump):
710         (JSC::DFG::prepareOSREntry):
711         * ftl/FTLOSREntry.cpp:
712         (JSC::FTL::prepareOSREntry):
713         * heap/ConservativeRoots.cpp:
714         (JSC::ConservativeRoots::genericAddPointer):
715         (JSC::ConservativeRoots::genericAddSpan):
716         * heap/MachineStackMarker.cpp:
717         (JSC::MachineThreads::removeThreadIfFound):
718         (JSC::MachineThreads::gatherFromCurrentThread):
719         (JSC::MachineThreads::Thread::captureStack):
720         (JSC::copyMemory):
721         * interpreter/Register.h:
722         (JSC::Register::operator=):
723         (JSC::Register::asanUnsafeJSValue):
724         (JSC::Register::jsValue):
725
726 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
727
728         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
729         https://bugs.webkit.org/show_bug.cgi?id=147480
730
731         Reviewed by Filip Pizlo.
732
733         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
734         The IC site only caches one id. After checking that the given id is the same to the
735         cached one, we perform the get_by_id IC onto it.
736         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
737         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
738         operations when the given get_by_val leverages the property load with the cached id.
739
740         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
741         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
742         This can be leveraged to optimize symbol operations in DFG.
743
744         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
745         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
746         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
747         argument ArrayProfile* in the operations with ByValInfo*.
748
749         * bytecode/ByValInfo.h:
750         (JSC::ByValInfo::ByValInfo):
751         * bytecode/CodeBlock.cpp:
752         (JSC::CodeBlock::getByValInfoMap):
753         (JSC::CodeBlock::addByValInfo):
754         * bytecode/CodeBlock.h:
755         (JSC::CodeBlock::getByValInfo): Deleted.
756         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
757         (JSC::CodeBlock::numberOfByValInfos): Deleted.
758         (JSC::CodeBlock::byValInfo): Deleted.
759         * bytecode/ExitKind.cpp:
760         (JSC::exitKindToString):
761         * bytecode/ExitKind.h:
762         * bytecode/GetByIdStatus.cpp:
763         (JSC::GetByIdStatus::computeFor):
764         (JSC::GetByIdStatus::computeForStubInfo):
765         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
766         * bytecode/GetByIdStatus.h:
767         * dfg/DFGAbstractInterpreterInlines.h:
768         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
769         * dfg/DFGByteCodeParser.cpp:
770         (JSC::DFG::ByteCodeParser::parseBlock):
771         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
772         * dfg/DFGClobberize.h:
773         (JSC::DFG::clobberize):
774         * dfg/DFGConstantFoldingPhase.cpp:
775         (JSC::DFG::ConstantFoldingPhase::foldConstants):
776         * dfg/DFGDoesGC.cpp:
777         (JSC::DFG::doesGC):
778         * dfg/DFGFixupPhase.cpp:
779         (JSC::DFG::FixupPhase::fixupNode):
780         (JSC::DFG::FixupPhase::observeUseKindOnNode):
781         * dfg/DFGNode.h:
782         (JSC::DFG::Node::hasUidOperand):
783         (JSC::DFG::Node::uidOperand):
784         * dfg/DFGNodeType.h:
785         * dfg/DFGPredictionPropagationPhase.cpp:
786         (JSC::DFG::PredictionPropagationPhase::propagate):
787         * dfg/DFGSafeToExecute.h:
788         (JSC::DFG::SafeToExecuteEdge::operator()):
789         (JSC::DFG::safeToExecute):
790         * dfg/DFGSpeculativeJIT.cpp:
791         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
792         (JSC::DFG::SpeculativeJIT::speculateSymbol):
793         (JSC::DFG::SpeculativeJIT::speculate):
794         * dfg/DFGSpeculativeJIT.h:
795         * dfg/DFGSpeculativeJIT32_64.cpp:
796         (JSC::DFG::SpeculativeJIT::compile):
797         * dfg/DFGSpeculativeJIT64.cpp:
798         (JSC::DFG::SpeculativeJIT::compile):
799         * dfg/DFGUseKind.cpp:
800         (WTF::printInternal):
801         * dfg/DFGUseKind.h:
802         (JSC::DFG::typeFilterFor):
803         (JSC::DFG::isCell):
804         * ftl/FTLAbstractHeapRepository.h:
805         * ftl/FTLCapabilities.cpp:
806         (JSC::FTL::canCompile):
807         * ftl/FTLLowerDFGToLLVM.cpp:
808         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
809         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
810         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
811         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
812         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
813         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
814         * jit/JIT.cpp:
815         (JSC::JIT::privateCompile):
816         * jit/JIT.h:
817         (JSC::ByValCompilationInfo::ByValCompilationInfo):
818         (JSC::JIT::compileGetByValWithCachedId):
819         * jit/JITInlines.h:
820         (JSC::JIT::callOperation):
821         * jit/JITOpcodes.cpp:
822         (JSC::JIT::emit_op_has_indexed_property):
823         (JSC::JIT::emitSlow_op_has_indexed_property):
824         * jit/JITOpcodes32_64.cpp:
825         (JSC::JIT::emit_op_has_indexed_property):
826         (JSC::JIT::emitSlow_op_has_indexed_property):
827         * jit/JITOperations.cpp:
828         (JSC::getByVal):
829         * jit/JITOperations.h:
830         * jit/JITPropertyAccess.cpp:
831         (JSC::JIT::emit_op_get_by_val):
832         (JSC::JIT::emitGetByValWithCachedId):
833         (JSC::JIT::emitSlow_op_get_by_val):
834         (JSC::JIT::emit_op_put_by_val):
835         (JSC::JIT::emitSlow_op_put_by_val):
836         (JSC::JIT::privateCompileGetByVal):
837         (JSC::JIT::privateCompileGetByValWithCachedId):
838         * jit/JITPropertyAccess32_64.cpp:
839         (JSC::JIT::emit_op_get_by_val):
840         (JSC::JIT::emitGetByValWithCachedId):
841         (JSC::JIT::emitSlow_op_get_by_val):
842         (JSC::JIT::emit_op_put_by_val):
843         (JSC::JIT::emitSlow_op_put_by_val):
844         * runtime/Symbol.h:
845         * tests/stress/get-by-val-with-string-constructor.js: Added.
846         (Hello):
847         (get Hello.prototype.generate):
848         (ok):
849         * tests/stress/get-by-val-with-string-exit.js: Added.
850         (shouldBe):
851         (getByVal):
852         (getStr1):
853         (getStr2):
854         * tests/stress/get-by-val-with-string-generated.js: Added.
855         (shouldBe):
856         (getByVal):
857         (getStr1):
858         (getStr2):
859         * tests/stress/get-by-val-with-string-getter.js: Added.
860         (object.get hello):
861         (ok):
862         * tests/stress/get-by-val-with-string.js: Added.
863         (shouldBe):
864         (getByVal):
865         (getStr1):
866         (getStr2):
867         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
868         (Hello):
869         (get Hello.prototype.generate):
870         (ok):
871         * tests/stress/get-by-val-with-symbol-exit.js: Added.
872         (shouldBe):
873         (getByVal):
874         (getSym1):
875         (getSym2):
876         * tests/stress/get-by-val-with-symbol-getter.js: Added.
877         (object.get hello):
878         (.get ok):
879         * tests/stress/get-by-val-with-symbol.js: Added.
880         (shouldBe):
881         (getByVal):
882         (getSym1):
883         (getSym2):
884
885 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
886
887         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
888         https://bugs.webkit.org/show_bug.cgi?id=147891
889         rdar://problem/22129447
890
891         Reviewed by Mark Lam.
892
893         * dfg/DFGByteCodeParser.cpp:
894         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
895         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
896         * dfg/DFGGraph.cpp:
897         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
898         * dfg/DFGStructureRegistrationPhase.cpp:
899         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
900
901 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
902
903         [Win] Switch Windows build to Visual Studio 2015
904         https://bugs.webkit.org/show_bug.cgi?id=147887
905         <rdar://problem/22235098>
906
907         Reviewed by Alex Christensen.
908
909         Update Visual Studio project file settings to use the current Visual
910         Studio and compiler. Continue targeting binaries to run on our minimum
911         supported configuration of Windows 7.
912
913         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
914         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
915         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
916         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
917         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
918         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
919         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
920         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
921         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
922         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
923         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
924         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
925
926 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
927
928         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
929         https://bugs.webkit.org/show_bug.cgi?id=147665
930
931         Reviewed by Mark Lam.
932
933         Replace ByteSpinLock with ByteLock.
934
935         * runtime/ConcurrentJITLock.h:
936
937 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
938
939         Numeric setter on prototype doesn't get called.
940         https://bugs.webkit.org/show_bug.cgi?id=144252
941
942         Reviewed by Darin Adler.
943
944         When switching the blank indexing type to the other one in putByIndex,
945         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
946         it to the slow put indexing type and reloop the putByIndex since there may
947         be some indexing accessor in the prototype chain. Previously, we just set
948         the value into the allocated vector.
949
950         In the putDirectIndex case, we just store the value to the vector.
951         This is because putDirectIndex is the operation to store the own property
952         and it does not check the accessors in the prototype chain.
953
954         * runtime/JSObject.cpp:
955         (JSC::JSObject::putByIndexBeyondVectorLength):
956         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
957         (shouldBe):
958         (Trace):
959         (Trace.prototype.trace):
960         (Trace.prototype.get count):
961         (.):
962         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
963         (shouldBe):
964         (Trace):
965         (Trace.prototype.trace):
966         (Trace.prototype.get count):
967         (.):
968         * tests/stress/numeric-setter-on-prototype.js: Added.
969         (shouldBe):
970         (Trace):
971         (Trace.prototype.trace):
972         (Trace.prototype.get count):
973         (.z.__proto__.set 3):
974         * tests/stress/numeric-setter-on-self.js: Added.
975         (shouldBe):
976         (Trace):
977         (Trace.prototype.trace):
978         (Trace.prototype.get count):
979         (.y.set 2):
980
981 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
982
983         [Win] Unreviewed gardening.
984
985         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
986         file references so they appear in the proper IDE locations.
987
988 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
989
990         Unreviewed windows build fix for VS2015.
991
992         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
993
994 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
995
996         [ES6] Implement Reflect.has
997         https://bugs.webkit.org/show_bug.cgi?id=147875
998
999         Reviewed by Sam Weinig.
1000
1001         This patch implements Reflect.has[1].
1002         Since the semantics is the same to the `in` operator in the JS[2],
1003         we can implement it in builtin JS code.
1004
1005         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1006         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1007
1008         * builtins/ReflectObject.js:
1009         (has):
1010         * runtime/ReflectObject.cpp:
1011         * tests/stress/reflect-has.js: Added.
1012         (shouldBe):
1013         (shouldThrow):
1014
1015 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1016
1017         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1018         https://bugs.webkit.org/show_bug.cgi?id=147874
1019
1020         Reviewed by Darin Adler.
1021
1022         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1023         The difference from the Object.* one is
1024
1025         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1026         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1027
1028         * runtime/ObjectConstructor.cpp:
1029         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1030         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1031         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1032         (JSC::objectConstructorGetPrototypeOf):
1033         * runtime/ObjectConstructor.h:
1034         * runtime/ReflectObject.cpp:
1035         (JSC::reflectObjectGetPrototypeOf):
1036         (JSC::reflectObjectSetPrototypeOf):
1037         * tests/stress/reflect-get-prototype-of.js: Added.
1038         (shouldBe):
1039         (shouldThrow):
1040         (Base):
1041         (Derived):
1042         * tests/stress/reflect-set-prototype-of.js: Added.
1043         (shouldBe):
1044         (shouldThrow):
1045
1046 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1047
1048         Fix debug build when optimization is enabled
1049         https://bugs.webkit.org/show_bug.cgi?id=147816
1050
1051         Reviewed by Alexey Proskuryakov.
1052
1053         * llint/LLIntEntrypoint.cpp:
1054         * runtime/FunctionExecutableDump.cpp:
1055
1056 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1057
1058         Ensure that Reflect.enumerate does not produce the deleted keys
1059         https://bugs.webkit.org/show_bug.cgi?id=147677
1060
1061         Reviewed by Darin Adler.
1062
1063         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1064
1065         * tests/stress/reflect-enumerate.js:
1066
1067 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1068
1069         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1070         https://bugs.webkit.org/show_bug.cgi?id=147856
1071
1072         Reviewed by Saam Barati.
1073
1074         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1075
1076         * CMakeLists.txt:
1077         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1078         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1079         * JavaScriptCore.xcodeproj/project.pbxproj:
1080         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1081         (JSC::ExecutableInfo::ExecutableInfo):
1082         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1083         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1084         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1085         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1086         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1087         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1088         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1089         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1090         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1091         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1092         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1093         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1094         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1095         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1096         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1097         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1098         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1099         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1100         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1101         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1102         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1103         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1104         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1105         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1106         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1107         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1108         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1109         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1110         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1111         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1112         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1113         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1114         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1115         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1116         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1117         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1118         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1119         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1120         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1121         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1122         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1123         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1124         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1125         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1126         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1127         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1128         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1129         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1130         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1131         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1132         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1133         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1134         (JSC::UnlinkedCodeBlock::vm): Deleted.
1135         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1136         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1137         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1138         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1139         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1140         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1141         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1142         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1143         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1144         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1145         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1146         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1147         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1148         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1149         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1150         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1151         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1152         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1153         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1154         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1155         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1156         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1157         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1158         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1159         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1160         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1161         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1162         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1163         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1164         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1165         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1166         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1167         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1168         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1169         * bytecode/UnlinkedCodeBlock.cpp:
1170         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1171         (JSC::generateFunctionCodeBlock): Deleted.
1172         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1173         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1174         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1175         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1176         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1177         * bytecode/UnlinkedCodeBlock.h:
1178         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1179         (JSC::ExecutableInfo::needsActivation): Deleted.
1180         (JSC::ExecutableInfo::usesEval): Deleted.
1181         (JSC::ExecutableInfo::isStrictMode): Deleted.
1182         (JSC::ExecutableInfo::isConstructor): Deleted.
1183         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1184         (JSC::ExecutableInfo::constructorKind): Deleted.
1185         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1186         (JSC::generateFunctionCodeBlock):
1187         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1188         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1189         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1190         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1191         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1192         (JSC::dumpLineColumnEntry): Deleted.
1193         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1194         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1195         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1196         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1197         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1198         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1199         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1200         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1201         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1202         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1203         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1204         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1205         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1206         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1207         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1208         (JSC::ExecutableInfo::needsActivation): Deleted.
1209         (JSC::ExecutableInfo::usesEval): Deleted.
1210         (JSC::ExecutableInfo::isStrictMode): Deleted.
1211         (JSC::ExecutableInfo::isConstructor): Deleted.
1212         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1213         (JSC::ExecutableInfo::constructorKind): Deleted.
1214         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1215         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1216         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1217         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1218         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1219         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1220         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1221         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1222         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1223         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1224         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1225         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1226         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1227         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1228         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1229         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1230         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1231         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1232         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1233         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1234         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1235         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1236         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1237         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1238         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1239         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1240         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1241         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1242         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1243         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1244         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1245         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1246         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1247         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1248         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1249         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1250         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1251         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1252         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1253         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1254         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1255         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1256         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1257         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1258         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1259         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1260         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1261         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1262         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1263         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1264         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1265         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1266         (JSC::UnlinkedCodeBlock::vm): Deleted.
1267         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1268         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1269         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1270         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1271         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1272         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1273         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1274         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1275         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1276         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1277         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1278         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1279         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1280         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1281         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1282         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1283         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1284         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1285         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1286         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1287         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1288         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1289         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1290         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1291         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1292         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1293         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1294         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1295         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1296         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1297         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1298         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1299         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1300         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1301         * runtime/Executable.h:
1302
1303 2015-08-10  Mark Lam  <mark.lam@apple.com>
1304
1305         Refactor LiveObjectList and LiveObjectData into their own files.
1306         https://bugs.webkit.org/show_bug.cgi?id=147843
1307
1308         Reviewed by Saam Barati.
1309
1310         There is no behavior change in this patch.
1311
1312         * CMakeLists.txt:
1313         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1314         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1315         * JavaScriptCore.xcodeproj/project.pbxproj:
1316         * heap/HeapVerifier.cpp:
1317         (JSC::HeapVerifier::HeapVerifier):
1318         (JSC::LiveObjectList::findObject): Deleted.
1319         * heap/HeapVerifier.h:
1320         (JSC::LiveObjectData::LiveObjectData): Deleted.
1321         (JSC::LiveObjectList::LiveObjectList): Deleted.
1322         (JSC::LiveObjectList::reset): Deleted.
1323         * heap/LiveObjectData.h: Added.
1324         (JSC::LiveObjectData::LiveObjectData):
1325         * heap/LiveObjectList.cpp: Added.
1326         (JSC::LiveObjectList::findObject):
1327         * heap/LiveObjectList.h: Added.
1328         (JSC::LiveObjectList::LiveObjectList):
1329         (JSC::LiveObjectList::reset):
1330
1331 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1332
1333         Let's rename FunctionBodyNode
1334         https://bugs.webkit.org/show_bug.cgi?id=147292
1335
1336         Reviewed by Mark Lam & Saam Barati.
1337
1338         FunctionBodyNode => FunctionMetadataNode
1339
1340         Make FunctionMetadataNode inherit from Node instead of StatementNode
1341         because a FunctionMetadataNode can appear in expression context and does
1342         not have a next statement.
1343
1344         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1345         and to retain "Node" in its name, because it really is a parsing
1346         construct, and we transform its data before consuming it elsewhere.
1347
1348         There is still room for a future patch to distill and simplify the
1349         metadata we track about functions between FunDeclNode/FuncExprNode,
1350         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1351
1352         * builtins/BuiltinExecutables.cpp:
1353         (JSC::BuiltinExecutables::createExecutableInternal):
1354         * bytecode/UnlinkedCodeBlock.cpp:
1355         (JSC::generateFunctionCodeBlock):
1356         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1357         * bytecode/UnlinkedCodeBlock.h:
1358         * bytecompiler/BytecodeGenerator.cpp:
1359         (JSC::BytecodeGenerator::generate):
1360         (JSC::BytecodeGenerator::BytecodeGenerator):
1361         (JSC::BytecodeGenerator::emitNewArray):
1362         (JSC::BytecodeGenerator::emitNewFunction):
1363         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1364         * bytecompiler/BytecodeGenerator.h:
1365         (JSC::BytecodeGenerator::makeFunction):
1366         * bytecompiler/NodesCodegen.cpp:
1367         (JSC::EvalNode::emitBytecode):
1368         (JSC::FunctionNode::emitBytecode):
1369         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1370         * parser/ASTBuilder.h:
1371         (JSC::ASTBuilder::createFunctionExpr):
1372         (JSC::ASTBuilder::createFunctionBody):
1373         * parser/NodeConstructors.h:
1374         (JSC::FunctionParameters::FunctionParameters):
1375         (JSC::FuncExprNode::FuncExprNode):
1376         (JSC::FuncDeclNode::FuncDeclNode):
1377         * parser/Nodes.cpp:
1378         (JSC::EvalNode::EvalNode):
1379         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1380         (JSC::FunctionMetadataNode::finishParsing):
1381         (JSC::FunctionMetadataNode::setEndPosition):
1382         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1383         (JSC::FunctionBodyNode::finishParsing): Deleted.
1384         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1385         * parser/Nodes.h:
1386         (JSC::FuncExprNode::body):
1387         (JSC::FuncDeclNode::body):
1388         * parser/Parser.h:
1389         (JSC::Parser::isFunctionMetadataNode):
1390         (JSC::Parser::next):
1391         (JSC::Parser<LexerType>::parse):
1392         (JSC::Parser::isFunctionBodyNode): Deleted.
1393         * runtime/CodeCache.cpp:
1394         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1395         * runtime/CodeCache.h:
1396
1397 2015-08-09  Chris Dumez  <cdumez@apple.com>
1398
1399         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1400         https://bugs.webkit.org/show_bug.cgi?id=147818
1401
1402         Unreviewed, roll out r188105.
1403
1404         * bytecode/ByValInfo.h:
1405         (JSC::ByValInfo::ByValInfo):
1406         * bytecode/CodeBlock.cpp:
1407         (JSC::CodeBlock::getByValInfoMap): Deleted.
1408         (JSC::CodeBlock::addByValInfo): Deleted.
1409         * bytecode/CodeBlock.h:
1410         (JSC::CodeBlock::getByValInfo):
1411         (JSC::CodeBlock::setNumberOfByValInfos):
1412         (JSC::CodeBlock::numberOfByValInfos):
1413         (JSC::CodeBlock::byValInfo):
1414         * bytecode/ExitKind.cpp:
1415         (JSC::exitKindToString): Deleted.
1416         * bytecode/ExitKind.h:
1417         * bytecode/GetByIdStatus.cpp:
1418         (JSC::GetByIdStatus::computeFor):
1419         (JSC::GetByIdStatus::computeForStubInfo):
1420         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1421         * bytecode/GetByIdStatus.h:
1422         * dfg/DFGAbstractInterpreterInlines.h:
1423         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1424         * dfg/DFGByteCodeParser.cpp:
1425         (JSC::DFG::ByteCodeParser::parseBlock):
1426         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1427         * dfg/DFGClobberize.h:
1428         (JSC::DFG::clobberize): Deleted.
1429         * dfg/DFGConstantFoldingPhase.cpp:
1430         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1431         * dfg/DFGDoesGC.cpp:
1432         (JSC::DFG::doesGC): Deleted.
1433         * dfg/DFGFixupPhase.cpp:
1434         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1435         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1436         * dfg/DFGNode.h:
1437         (JSC::DFG::Node::hasUidOperand): Deleted.
1438         (JSC::DFG::Node::uidOperand): Deleted.
1439         * dfg/DFGNodeType.h:
1440         * dfg/DFGPredictionPropagationPhase.cpp:
1441         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1442         * dfg/DFGSafeToExecute.h:
1443         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1444         (JSC::DFG::safeToExecute): Deleted.
1445         * dfg/DFGSpeculativeJIT.cpp:
1446         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1447         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1448         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1449         * dfg/DFGSpeculativeJIT.h:
1450         * dfg/DFGSpeculativeJIT32_64.cpp:
1451         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1452         * dfg/DFGSpeculativeJIT64.cpp:
1453         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1454         * dfg/DFGUseKind.cpp:
1455         (WTF::printInternal): Deleted.
1456         * dfg/DFGUseKind.h:
1457         (JSC::DFG::typeFilterFor): Deleted.
1458         (JSC::DFG::isCell): Deleted.
1459         * ftl/FTLAbstractHeapRepository.h:
1460         * ftl/FTLCapabilities.cpp:
1461         (JSC::FTL::canCompile): Deleted.
1462         * ftl/FTLLowerDFGToLLVM.cpp:
1463         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1464         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1465         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1466         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1467         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1468         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1469         * jit/JIT.cpp:
1470         (JSC::JIT::privateCompile):
1471         * jit/JIT.h:
1472         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1473         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1474         * jit/JITInlines.h:
1475         (JSC::JIT::callOperation): Deleted.
1476         * jit/JITOpcodes.cpp:
1477         (JSC::JIT::emit_op_has_indexed_property):
1478         (JSC::JIT::emitSlow_op_has_indexed_property):
1479         * jit/JITOpcodes32_64.cpp:
1480         (JSC::JIT::emit_op_has_indexed_property):
1481         (JSC::JIT::emitSlow_op_has_indexed_property):
1482         * jit/JITOperations.cpp:
1483         (JSC::getByVal):
1484         * jit/JITOperations.h:
1485         * jit/JITPropertyAccess.cpp:
1486         (JSC::JIT::emit_op_get_by_val):
1487         (JSC::JIT::emitSlow_op_get_by_val):
1488         (JSC::JIT::emit_op_put_by_val):
1489         (JSC::JIT::emitSlow_op_put_by_val):
1490         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1491         (JSC::JIT::privateCompileGetByVal): Deleted.
1492         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1493         * jit/JITPropertyAccess32_64.cpp:
1494         (JSC::JIT::emit_op_get_by_val):
1495         (JSC::JIT::emitSlow_op_get_by_val):
1496         (JSC::JIT::emit_op_put_by_val):
1497         (JSC::JIT::emitSlow_op_put_by_val):
1498         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1499         * runtime/Symbol.h:
1500         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1501         * tests/stress/get-by-val-with-string-exit.js: Removed.
1502         * tests/stress/get-by-val-with-string-generated.js: Removed.
1503         * tests/stress/get-by-val-with-string-getter.js: Removed.
1504         * tests/stress/get-by-val-with-string.js: Removed.
1505         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1506         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1507         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1508         * tests/stress/get-by-val-with-symbol.js: Removed.
1509
1510 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1511
1512         Reduce uses of PassRefPtr in bindings
1513         https://bugs.webkit.org/show_bug.cgi?id=147781
1514
1515         Reviewed by Chris Dumez.
1516
1517         Use RefPtr when function can return null or an instance. If not, Ref is used.
1518
1519         * runtime/JSGenericTypedArrayView.h:
1520         (JSC::toNativeTypedView):
1521
1522 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1523
1524         Build more testing binaries with CMake on Windows
1525         https://bugs.webkit.org/show_bug.cgi?id=147799
1526
1527         Reviewed by Brent Fulgham.
1528
1529         * shell/PlatformWin.cmake: Added.
1530         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1531
1532 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1533
1534         Lightweight locks should be adaptive
1535         https://bugs.webkit.org/show_bug.cgi?id=147545
1536
1537         Reviewed by Geoffrey Garen.
1538
1539         * dfg/DFGCommon.cpp:
1540         (JSC::DFG::startCrashing):
1541         * heap/CopiedBlock.h:
1542         (JSC::CopiedBlock::workListLock):
1543         * heap/CopiedBlockInlines.h:
1544         (JSC::CopiedBlock::shouldReportLiveBytes):
1545         (JSC::CopiedBlock::reportLiveBytes):
1546         * heap/CopiedSpace.cpp:
1547         (JSC::CopiedSpace::doneFillingBlock):
1548         * heap/CopiedSpace.h:
1549         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1550         * heap/CopiedSpaceInlines.h:
1551         (JSC::CopiedSpace::recycleEvacuatedBlock):
1552         * heap/GCThreadSharedData.cpp:
1553         (JSC::GCThreadSharedData::didStartCopying):
1554         * heap/GCThreadSharedData.h:
1555         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1556         * heap/ListableHandler.h:
1557         (JSC::ListableHandler::List::addThreadSafe):
1558         (JSC::ListableHandler::List::addNotThreadSafe):
1559         * heap/MachineStackMarker.cpp:
1560         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1561         * heap/SlotVisitorInlines.h:
1562         (JSC::SlotVisitor::copyLater):
1563         * parser/SourceProvider.cpp:
1564         (JSC::SourceProvider::~SourceProvider):
1565         (JSC::SourceProvider::getID):
1566         * profiler/ProfilerDatabase.cpp:
1567         (JSC::Profiler::Database::addDatabaseToAtExit):
1568         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1569         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1570         * runtime/TypeProfilerLog.h:
1571
1572 2015-08-07  Mark Lam  <mark.lam@apple.com>
1573
1574         Rename some variables in the JSC watchdog implementation.
1575         https://bugs.webkit.org/show_bug.cgi?id=147790
1576
1577         Rubber stamped by Benjamin Poulain.
1578
1579         This is just a refactoring patch to give the variable better names that describe their
1580         intended use.  There is no behavior change.
1581
1582         * runtime/Watchdog.cpp:
1583         (JSC::Watchdog::Watchdog):
1584         (JSC::Watchdog::setTimeLimit):
1585         (JSC::Watchdog::didFire):
1586         (JSC::Watchdog::isEnabled):
1587         (JSC::Watchdog::fire):
1588         (JSC::Watchdog::startCountdownIfNeeded):
1589         * runtime/Watchdog.h:
1590
1591 2015-08-07  Saam barati  <saambarati1@gmail.com>
1592
1593         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1594         https://bugs.webkit.org/show_bug.cgi?id=147666
1595
1596         Reviewed by Geoffrey Garen.
1597
1598         If we make the bytecode generator know about every local scope it 
1599         creates, and if we give each local scope a unique register, the
1600         bytecode generator has all the information it needs to assign
1601         the correct scope to a catch handler. Because the bytecode generator
1602         knows this information, it's a better separation of responsibilties
1603         for it to set up the proper scope instead of relying on the exception
1604         handling runtime to find the scope.
1605
1606         * bytecode/BytecodeList.json:
1607         * bytecode/BytecodeUseDef.h:
1608         (JSC::computeUsesForBytecodeOffset):
1609         * bytecode/CodeBlock.cpp:
1610         (JSC::CodeBlock::dumpBytecode):
1611         (JSC::CodeBlock::CodeBlock):
1612         * bytecode/HandlerInfo.h:
1613         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1614         (JSC::HandlerInfo::initialize):
1615         * bytecompiler/BytecodeGenerator.cpp:
1616         (JSC::BytecodeGenerator::generate):
1617         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1618         (JSC::BytecodeGenerator::emitGetScope):
1619         (JSC::BytecodeGenerator::emitPushWithScope):
1620         (JSC::BytecodeGenerator::emitGetParentScope):
1621         (JSC::BytecodeGenerator::emitPopScope):
1622         (JSC::BytecodeGenerator::emitPopWithScope):
1623         (JSC::BytecodeGenerator::allocateAndEmitScope):
1624         (JSC::BytecodeGenerator::emitComplexPopScopes):
1625         (JSC::BytecodeGenerator::pushTry):
1626         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1627         (JSC::BytecodeGenerator::localScopeDepth):
1628         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1629         * bytecompiler/BytecodeGenerator.h:
1630         * bytecompiler/NodesCodegen.cpp:
1631         (JSC::WithNode::emitBytecode):
1632         * interpreter/Interpreter.cpp:
1633         (JSC::Interpreter::unwind):
1634         * jit/JITOpcodes.cpp:
1635         (JSC::JIT::emit_op_push_with_scope):
1636         (JSC::JIT::compileOpStrictEq):
1637         * jit/JITOpcodes32_64.cpp:
1638         (JSC::JIT::emit_op_push_with_scope):
1639         (JSC::JIT::emit_op_to_number):
1640         * jit/JITOperations.cpp:
1641         * jit/JITOperations.h:
1642         * llint/LLIntSlowPaths.cpp:
1643         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1644         * llint/LLIntSlowPaths.h:
1645         * llint/LowLevelInterpreter.asm:
1646         * runtime/CommonSlowPaths.cpp:
1647         (JSC::SLOW_PATH_DECL):
1648         * runtime/CommonSlowPaths.h:
1649         * runtime/JSScope.cpp:
1650         (JSC::JSScope::objectAtScope):
1651         (JSC::isUnscopable):
1652         (JSC::JSScope::depth): Deleted.
1653         * runtime/JSScope.h:
1654
1655 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1656
1657         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1658         https://bugs.webkit.org/show_bug.cgi?id=147761
1659
1660         Reviewed by Mark Lam.
1661
1662         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1663         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1664         it truncates the immediate pointer into the 32bit immediate.
1665         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1666
1667         * assembler/MacroAssemblerARM64.h:
1668         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1669         (JSC::MacroAssemblerARM64::patchableBranch64):
1670         * assembler/MacroAssemblerX86_64.h:
1671         (JSC::MacroAssemblerX86_64::patchableBranch64):
1672         * jit/JIT.h:
1673         * jit/JITInlines.h:
1674         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1675         * jit/JITPropertyAccess.cpp:
1676         (JSC::JIT::emit_op_get_by_val):
1677
1678 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1679
1680         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1681         https://bugs.webkit.org/show_bug.cgi?id=147480
1682
1683         Reviewed by Filip Pizlo.
1684
1685         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1686         The IC site only caches one id. After checking that the given id is the same to the
1687         cached one, we perform the get_by_id IC onto it.
1688         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1689         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1690         operations when the given get_by_val leverages the property load with the cached id.
1691
1692         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1693         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1694         This can be leveraged to optimize symbol operations in DFG.
1695
1696         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1697         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1698         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1699         argument ArrayProfile* in the operations with ByValInfo*.
1700
1701         * bytecode/ByValInfo.h:
1702         (JSC::ByValInfo::ByValInfo):
1703         * bytecode/CodeBlock.cpp:
1704         (JSC::CodeBlock::getByValInfoMap):
1705         (JSC::CodeBlock::addByValInfo):
1706         * bytecode/CodeBlock.h:
1707         (JSC::CodeBlock::getByValInfo): Deleted.
1708         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1709         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1710         (JSC::CodeBlock::byValInfo): Deleted.
1711         * bytecode/ExitKind.cpp:
1712         (JSC::exitKindToString):
1713         * bytecode/ExitKind.h:
1714         * bytecode/GetByIdStatus.cpp:
1715         (JSC::GetByIdStatus::computeFor):
1716         (JSC::GetByIdStatus::computeForStubInfo):
1717         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1718         * bytecode/GetByIdStatus.h:
1719         * dfg/DFGAbstractInterpreterInlines.h:
1720         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1721         * dfg/DFGByteCodeParser.cpp:
1722         (JSC::DFG::ByteCodeParser::parseBlock):
1723         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1724         * dfg/DFGClobberize.h:
1725         (JSC::DFG::clobberize):
1726         * dfg/DFGConstantFoldingPhase.cpp:
1727         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1728         * dfg/DFGDoesGC.cpp:
1729         (JSC::DFG::doesGC):
1730         * dfg/DFGFixupPhase.cpp:
1731         (JSC::DFG::FixupPhase::fixupNode):
1732         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1733         * dfg/DFGNode.h:
1734         (JSC::DFG::Node::hasUidOperand):
1735         (JSC::DFG::Node::uidOperand):
1736         * dfg/DFGNodeType.h:
1737         * dfg/DFGPredictionPropagationPhase.cpp:
1738         (JSC::DFG::PredictionPropagationPhase::propagate):
1739         * dfg/DFGSafeToExecute.h:
1740         (JSC::DFG::SafeToExecuteEdge::operator()):
1741         (JSC::DFG::safeToExecute):
1742         * dfg/DFGSpeculativeJIT.cpp:
1743         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1744         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1745         (JSC::DFG::SpeculativeJIT::speculate):
1746         * dfg/DFGSpeculativeJIT.h:
1747         * dfg/DFGSpeculativeJIT32_64.cpp:
1748         (JSC::DFG::SpeculativeJIT::compile):
1749         * dfg/DFGSpeculativeJIT64.cpp:
1750         (JSC::DFG::SpeculativeJIT::compile):
1751         * dfg/DFGUseKind.cpp:
1752         (WTF::printInternal):
1753         * dfg/DFGUseKind.h:
1754         (JSC::DFG::typeFilterFor):
1755         (JSC::DFG::isCell):
1756         * ftl/FTLAbstractHeapRepository.h:
1757         * ftl/FTLCapabilities.cpp:
1758         (JSC::FTL::canCompile):
1759         * ftl/FTLLowerDFGToLLVM.cpp:
1760         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1761         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1762         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1763         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1764         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1765         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1766         * jit/JIT.cpp:
1767         (JSC::JIT::privateCompile):
1768         * jit/JIT.h:
1769         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1770         (JSC::JIT::compileGetByValWithCachedId):
1771         * jit/JITInlines.h:
1772         (JSC::JIT::callOperation):
1773         * jit/JITOpcodes.cpp:
1774         (JSC::JIT::emit_op_has_indexed_property):
1775         (JSC::JIT::emitSlow_op_has_indexed_property):
1776         * jit/JITOpcodes32_64.cpp:
1777         (JSC::JIT::emit_op_has_indexed_property):
1778         (JSC::JIT::emitSlow_op_has_indexed_property):
1779         * jit/JITOperations.cpp:
1780         (JSC::getByVal):
1781         * jit/JITOperations.h:
1782         * jit/JITPropertyAccess.cpp:
1783         (JSC::JIT::emit_op_get_by_val):
1784         (JSC::JIT::emitGetByValWithCachedId):
1785         (JSC::JIT::emitSlow_op_get_by_val):
1786         (JSC::JIT::emit_op_put_by_val):
1787         (JSC::JIT::emitSlow_op_put_by_val):
1788         (JSC::JIT::privateCompileGetByVal):
1789         (JSC::JIT::privateCompileGetByValWithCachedId):
1790         * jit/JITPropertyAccess32_64.cpp:
1791         (JSC::JIT::emit_op_get_by_val):
1792         (JSC::JIT::emitGetByValWithCachedId):
1793         (JSC::JIT::emitSlow_op_get_by_val):
1794         (JSC::JIT::emit_op_put_by_val):
1795         (JSC::JIT::emitSlow_op_put_by_val):
1796         * runtime/Symbol.h:
1797         * tests/stress/get-by-val-with-string-constructor.js: Added.
1798         (Hello):
1799         (get Hello.prototype.generate):
1800         (ok):
1801         * tests/stress/get-by-val-with-string-exit.js: Added.
1802         (shouldBe):
1803         (getByVal):
1804         (getStr1):
1805         (getStr2):
1806         * tests/stress/get-by-val-with-string-generated.js: Added.
1807         (shouldBe):
1808         (getByVal):
1809         (getStr1):
1810         (getStr2):
1811         * tests/stress/get-by-val-with-string-getter.js: Added.
1812         (object.get hello):
1813         (ok):
1814         * tests/stress/get-by-val-with-string.js: Added.
1815         (shouldBe):
1816         (getByVal):
1817         (getStr1):
1818         (getStr2):
1819         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1820         (Hello):
1821         (get Hello.prototype.generate):
1822         (ok):
1823         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1824         (shouldBe):
1825         (getByVal):
1826         (getSym1):
1827         (getSym2):
1828         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1829         (object.get hello):
1830         (.get ok):
1831         * tests/stress/get-by-val-with-symbol.js: Added.
1832         (shouldBe):
1833         (getByVal):
1834         (getSym1):
1835         (getSym2):
1836
1837 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1838
1839         Parse the entire WebAssembly modules
1840         https://bugs.webkit.org/show_bug.cgi?id=147393
1841
1842         Reviewed by Geoffrey Garen.
1843
1844         Parse the entire WebAssembly modules from files produced by pack-asmjs
1845         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1846         parse modules whose function definition section contains only functions that
1847         have "return 0;" as their only statement. Parsing of any functions will be
1848         implemented in a subsequent patch.
1849
1850         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1851         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1852         * JavaScriptCore.xcodeproj/project.pbxproj:
1853         * wasm/JSWASMModule.cpp:
1854         (JSC::JSWASMModule::destroy):
1855         * wasm/JSWASMModule.h:
1856         (JSC::JSWASMModule::i32Constants):
1857         (JSC::JSWASMModule::f32Constants):
1858         (JSC::JSWASMModule::f64Constants):
1859         (JSC::JSWASMModule::signatures):
1860         (JSC::JSWASMModule::functionImports):
1861         (JSC::JSWASMModule::functionImportSignatures):
1862         (JSC::JSWASMModule::globalVariableTypes):
1863         (JSC::JSWASMModule::functionDeclarations):
1864         (JSC::JSWASMModule::functionPointerTables):
1865         * wasm/WASMFormat.h: Added.
1866         * wasm/WASMModuleParser.cpp:
1867         (JSC::WASMModuleParser::parse):
1868         (JSC::WASMModuleParser::parseModule):
1869         (JSC::WASMModuleParser::parseConstantPoolSection):
1870         (JSC::WASMModuleParser::parseSignatureSection):
1871         (JSC::WASMModuleParser::parseFunctionImportSection):
1872         (JSC::WASMModuleParser::parseGlobalSection):
1873         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
1874         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
1875         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
1876         (JSC::WASMModuleParser::parseFunctionDefinition):
1877         (JSC::WASMModuleParser::parseExportSection):
1878         * wasm/WASMModuleParser.h:
1879         * wasm/WASMReader.cpp:
1880         (JSC::WASMReader::readUInt32):
1881         (JSC::WASMReader::readCompactUInt32):
1882         (JSC::WASMReader::readString):
1883         (JSC::WASMReader::readType):
1884         (JSC::WASMReader::readExpressionType):
1885         (JSC::WASMReader::readExportFormat):
1886         (JSC::WASMReader::readByte):
1887         (JSC::WASMReader::readUnsignedInt32): Deleted.
1888         * wasm/WASMReader.h:
1889
1890 2015-08-06  Keith Miller  <keith_miller@apple.com>
1891
1892         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
1893         https://bugs.webkit.org/show_bug.cgi?id=147749
1894
1895         Reviewed by Filip Pizlo.
1896
1897         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
1898         thus no one calls this code.
1899
1900         * ftl/FTLLowerDFGToLLVM.cpp:
1901         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
1902
1903 2015-08-06  Keith Miller  <keith_miller@apple.com>
1904
1905         The JSONP parser incorrectly parsers -0 as +0.
1906         https://bugs.webkit.org/show_bug.cgi?id=147590
1907
1908         Reviewed by Michael Saboff.
1909
1910         In the LiteralParser we should use a double to store the accumulator for numerical tokens
1911         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
1912
1913         * runtime/LiteralParser.cpp:
1914         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
1915
1916 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
1917
1918         Structures used for tryGetConstantProperty() should be registered first
1919         https://bugs.webkit.org/show_bug.cgi?id=147750
1920
1921         Reviewed by Saam Barati and Michael Saboff.
1922
1923         * dfg/DFGGraph.cpp:
1924         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
1925         * dfg/DFGGraph.h:
1926         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
1927         * dfg/DFGStructureRegistrationPhase.cpp:
1928         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
1929         (JSC::DFG::StructureRegistrationPhase::registerStructures):
1930         (JSC::DFG::StructureRegistrationPhase::registerStructure):
1931         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
1932         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
1933         (JSC::DFG::performStructureRegistration):
1934
1935 2015-08-06  Keith Miller  <keith_miller@apple.com>
1936
1937         Remove UnspecifiedBoolType from JSC
1938         https://bugs.webkit.org/show_bug.cgi?id=147597
1939
1940         Reviewed by Mark Lam.
1941
1942         We were using the safe bool pattern in the code base for implicit casting to booleans.
1943         With C++11 this is no longer necessary and we can instead create an operator bool.
1944
1945         * API/JSRetainPtr.h:
1946         (JSRetainPtr::operator bool):
1947         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
1948         * dfg/DFGEdge.h:
1949         (JSC::DFG::Edge::operator bool):
1950         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
1951         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1952         * heap/Weak.h:
1953         * heap/WeakInlines.h:
1954         (JSC::bool):
1955         (JSC::UnspecifiedBoolType): Deleted.
1956
1957 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
1958
1959         [ES6] Class parser does not allow methods named set and get.
1960         https://bugs.webkit.org/show_bug.cgi?id=147150
1961
1962         Reviewed by Oliver Hunt.
1963
1964         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
1965         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
1966         so that we only treat them as such when it's followed by another token that could be a method name.
1967
1968         * parser/Parser.cpp:
1969         (JSC::Parser<LexerType>::parseClass):
1970
1971 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
1972
1973         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
1974
1975         * bytecode/SamplingTool.cpp:
1976         (JSC::SamplingTool::doRun):
1977         (JSC::SamplingTool::notifyOfScope):
1978         * bytecode/SamplingTool.h:
1979         * dfg/DFGThreadData.h:
1980         * dfg/DFGWorklist.cpp:
1981         (JSC::DFG::Worklist::~Worklist):
1982         (JSC::DFG::Worklist::isActiveForVM):
1983         (JSC::DFG::Worklist::enqueue):
1984         (JSC::DFG::Worklist::compilationState):
1985         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1986         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1987         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1988         (JSC::DFG::Worklist::visitWeakReferences):
1989         (JSC::DFG::Worklist::removeDeadPlans):
1990         (JSC::DFG::Worklist::queueLength):
1991         (JSC::DFG::Worklist::dump):
1992         (JSC::DFG::Worklist::runThread):
1993         * dfg/DFGWorklist.h:
1994         * disassembler/Disassembler.cpp:
1995         * heap/CopiedSpace.cpp:
1996         (JSC::CopiedSpace::doneFillingBlock):
1997         (JSC::CopiedSpace::doneCopying):
1998         * heap/CopiedSpace.h:
1999         * heap/CopiedSpaceInlines.h:
2000         (JSC::CopiedSpace::recycleBorrowedBlock):
2001         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2002         * heap/HeapTimer.h:
2003         * heap/MachineStackMarker.cpp:
2004         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2005         (JSC::ActiveMachineThreadsManager::add):
2006         (JSC::ActiveMachineThreadsManager::remove):
2007         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2008         (JSC::MachineThreads::~MachineThreads):
2009         (JSC::MachineThreads::addCurrentThread):
2010         (JSC::MachineThreads::removeThreadIfFound):
2011         (JSC::MachineThreads::tryCopyOtherThreadStack):
2012         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2013         (JSC::MachineThreads::gatherConservativeRoots):
2014         * heap/MachineStackMarker.h:
2015         * interpreter/JSStack.cpp:
2016         (JSC::stackStatisticsMutex):
2017         (JSC::JSStack::addToCommittedByteCount):
2018         (JSC::JSStack::committedByteCount):
2019         * jit/JITThunks.h:
2020         * profiler/ProfilerDatabase.h:
2021
2022 2015-08-05  Saam barati  <saambarati1@gmail.com>
2023
2024         Bytecodegenerator emits crappy code for returns in a lexical scope.
2025         https://bugs.webkit.org/show_bug.cgi?id=147688
2026
2027         Reviewed by Mark Lam.
2028
2029         When returning, we only need to emit complex pop scopes if we're in 
2030         a finally block. Otherwise, we can just return like normal. This saves
2031         us from inefficiently emitting unnecessary pop scopes.
2032
2033         * bytecompiler/BytecodeGenerator.h:
2034         (JSC::BytecodeGenerator::isInFinallyBlock):
2035         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2036         * bytecompiler/NodesCodegen.cpp:
2037         (JSC::ReturnNode::emitBytecode):
2038
2039 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2040
2041         Add the Intl API to the status page
2042
2043         * features.json:
2044         Andy VanWagoner landed the skeleton of the API and it is
2045         enabled by default.
2046
2047 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2048
2049         Rename Mutex to DeprecatedMutex
2050         https://bugs.webkit.org/show_bug.cgi?id=147675
2051
2052         Reviewed by Geoffrey Garen.
2053
2054         * bytecode/SamplingTool.cpp:
2055         (JSC::SamplingTool::doRun):
2056         (JSC::SamplingTool::notifyOfScope):
2057         * bytecode/SamplingTool.h:
2058         * dfg/DFGThreadData.h:
2059         * dfg/DFGWorklist.cpp:
2060         (JSC::DFG::Worklist::~Worklist):
2061         (JSC::DFG::Worklist::isActiveForVM):
2062         (JSC::DFG::Worklist::enqueue):
2063         (JSC::DFG::Worklist::compilationState):
2064         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2065         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2066         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2067         (JSC::DFG::Worklist::visitWeakReferences):
2068         (JSC::DFG::Worklist::removeDeadPlans):
2069         (JSC::DFG::Worklist::queueLength):
2070         (JSC::DFG::Worklist::dump):
2071         (JSC::DFG::Worklist::runThread):
2072         * dfg/DFGWorklist.h:
2073         * disassembler/Disassembler.cpp:
2074         * heap/CopiedSpace.cpp:
2075         (JSC::CopiedSpace::doneFillingBlock):
2076         (JSC::CopiedSpace::doneCopying):
2077         * heap/CopiedSpace.h:
2078         * heap/CopiedSpaceInlines.h:
2079         (JSC::CopiedSpace::recycleBorrowedBlock):
2080         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2081         * heap/HeapTimer.h:
2082         * heap/MachineStackMarker.cpp:
2083         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2084         (JSC::ActiveMachineThreadsManager::add):
2085         (JSC::ActiveMachineThreadsManager::remove):
2086         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2087         (JSC::MachineThreads::~MachineThreads):
2088         (JSC::MachineThreads::addCurrentThread):
2089         (JSC::MachineThreads::removeThreadIfFound):
2090         (JSC::MachineThreads::tryCopyOtherThreadStack):
2091         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2092         (JSC::MachineThreads::gatherConservativeRoots):
2093         * heap/MachineStackMarker.h:
2094         * interpreter/JSStack.cpp:
2095         (JSC::stackStatisticsMutex):
2096         (JSC::JSStack::addToCommittedByteCount):
2097         (JSC::JSStack::committedByteCount):
2098         * jit/JITThunks.h:
2099         * profiler/ProfilerDatabase.h:
2100
2101 2015-08-05  Saam barati  <saambarati1@gmail.com>
2102
2103         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2104         https://bugs.webkit.org/show_bug.cgi?id=147657
2105
2106         Reviewed by Mark Lam.
2107
2108         This kills the last of the name scope objects. Function name scopes are
2109         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2110         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2111         function name scoped variable carefully depending on if the function is in
2112         strict mode. If we're in strict mode, then we treat the variable exactly
2113         like a "const" variable. If we're not in strict mode, we can't treat
2114         this variable like like ES6 "const" because that would cause the bytecode
2115         generator to throw an exception when it shouldn't.
2116
2117         * CMakeLists.txt:
2118         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2119         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2120         * JavaScriptCore.xcodeproj/project.pbxproj:
2121         * bytecode/BytecodeList.json:
2122         * bytecode/BytecodeUseDef.h:
2123         (JSC::computeUsesForBytecodeOffset):
2124         (JSC::computeDefsForBytecodeOffset):
2125         * bytecode/CodeBlock.cpp:
2126         (JSC::CodeBlock::dumpBytecode):
2127         * bytecompiler/BytecodeGenerator.cpp:
2128         (JSC::BytecodeGenerator::BytecodeGenerator):
2129         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2130         (JSC::BytecodeGenerator::pushLexicalScope):
2131         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2132         (JSC::BytecodeGenerator::variable):
2133         (JSC::BytecodeGenerator::resolveType):
2134         (JSC::BytecodeGenerator::emitThrowTypeError):
2135         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2136         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2137         (JSC::BytecodeGenerator::emitPushCatchScope):
2138         * bytecompiler/BytecodeGenerator.h:
2139         * bytecompiler/NodesCodegen.cpp:
2140         * debugger/DebuggerScope.cpp:
2141         * dfg/DFGOperations.cpp:
2142         * interpreter/Interpreter.cpp:
2143         * jit/JIT.cpp:
2144         (JSC::JIT::privateCompileMainPass):
2145         * jit/JIT.h:
2146         * jit/JITOpcodes.cpp:
2147         (JSC::JIT::emit_op_to_string):
2148         (JSC::JIT::emit_op_catch):
2149         (JSC::JIT::emit_op_push_name_scope): Deleted.
2150         * jit/JITOpcodes32_64.cpp:
2151         (JSC::JIT::emitSlow_op_to_string):
2152         (JSC::JIT::emit_op_catch):
2153         (JSC::JIT::emit_op_push_name_scope): Deleted.
2154         * jit/JITOperations.cpp:
2155         (JSC::pushNameScope): Deleted.
2156         * llint/LLIntSlowPaths.cpp:
2157         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2158         * llint/LLIntSlowPaths.h:
2159         * llint/LowLevelInterpreter.asm:
2160         * parser/Nodes.cpp:
2161         * runtime/CommonSlowPaths.cpp:
2162         * runtime/Executable.cpp:
2163         (JSC::ScriptExecutable::newCodeBlockFor):
2164         * runtime/JSFunctionNameScope.cpp: Removed.
2165         * runtime/JSFunctionNameScope.h: Removed.
2166         * runtime/JSGlobalObject.cpp:
2167         (JSC::JSGlobalObject::init):
2168         (JSC::JSGlobalObject::visitChildren):
2169         * runtime/JSGlobalObject.h:
2170         (JSC::JSGlobalObject::withScopeStructure):
2171         (JSC::JSGlobalObject::strictEvalActivationStructure):
2172         (JSC::JSGlobalObject::activationStructure):
2173         (JSC::JSGlobalObject::directArgumentsStructure):
2174         (JSC::JSGlobalObject::scopedArgumentsStructure):
2175         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2176         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2177         * runtime/JSNameScope.cpp: Removed.
2178         * runtime/JSNameScope.h: Removed.
2179         * runtime/JSObject.cpp:
2180         (JSC::JSObject::toThis):
2181         (JSC::JSObject::seal):
2182         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2183         * runtime/JSObject.h:
2184         * runtime/JSScope.cpp:
2185         (JSC::JSScope::isCatchScope):
2186         (JSC::JSScope::isFunctionNameScopeObject):
2187         (JSC::resolveModeName):
2188         * runtime/JSScope.h:
2189         * runtime/JSSymbolTableObject.cpp:
2190         * runtime/SymbolTable.h:
2191         * runtime/VM.cpp:
2192
2193 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2194
2195         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2196         https://bugs.webkit.org/show_bug.cgi?id=147679
2197
2198         Reviewed by Timothy Hatcher.
2199
2200         Improve native iterator support for the PropertyName Iterator by
2201         allowing inspection of the internal object within the iterator
2202         and peeking of the next upcoming values of the iterator.
2203
2204         * inspector/JSInjectedScriptHost.cpp:
2205         (Inspector::JSInjectedScriptHost::subtype):
2206         (Inspector::JSInjectedScriptHost::getInternalProperties):
2207         (Inspector::JSInjectedScriptHost::iteratorEntries):
2208         * runtime/JSPropertyNameIterator.h:
2209         (JSC::JSPropertyNameIterator::iteratedValue):
2210
2211 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2212
2213         [Win] Update Apple Windows build for VS2015
2214         https://bugs.webkit.org/show_bug.cgi?id=147653
2215
2216         Reviewed by Dean Jackson.
2217
2218         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2219         Show JSC files in proper project locations in IDE.
2220
2221 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2222
2223         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2224         https://bugs.webkit.org/show_bug.cgi?id=147328
2225
2226         Reviewed by Timothy Hatcher.
2227
2228         * inspector/InjectedScriptSource.js:
2229         Use classList and classList.toString instead of className.
2230
2231 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2232
2233         [ES6] Support Module Syntax
2234         https://bugs.webkit.org/show_bug.cgi?id=147422
2235
2236         Reviewed by Saam Barati.
2237
2238         This patch introduces ES6 Modules syntax parsing part.
2239         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2240         and this patch does not include the code generator part.
2241
2242         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2243         and do not execute the body or construct the AST. And after analyzing all the dependent
2244         modules, we will parse the dependent modules next.
2245         After all analyzing part is done, we will start the second pass. In the second pass, we
2246         will parse the module, produce the AST, and execute the body.
2247         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2248         because the given module can be executed after the all dependent modules are executed. It
2249         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2250         the dependent modules' information.
2251
2252         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2253         This patch aims at just implementing the syntax parsing functionality correctly.
2254         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2255         to collect the dependent modules fast[1].
2256
2257         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2258         By using this, we can parse the given string as the module.
2259
2260         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2261
2262         * bytecompiler/NodesCodegen.cpp:
2263         (JSC::ModuleProgramNode::emitBytecode):
2264         (JSC::ImportDeclarationNode::emitBytecode):
2265         (JSC::ExportAllDeclarationNode::emitBytecode):
2266         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2267         (JSC::ExportLocalDeclarationNode::emitBytecode):
2268         (JSC::ExportNamedDeclarationNode::emitBytecode):
2269         * jsc.cpp:
2270         (GlobalObject::finishCreation):
2271         (functionCheckModuleSyntax):
2272         * parser/ASTBuilder.h:
2273         (JSC::ASTBuilder::createModuleSpecifier):
2274         (JSC::ASTBuilder::createImportSpecifier):
2275         (JSC::ASTBuilder::createImportSpecifierList):
2276         (JSC::ASTBuilder::appendImportSpecifier):
2277         (JSC::ASTBuilder::createImportDeclaration):
2278         (JSC::ASTBuilder::createExportAllDeclaration):
2279         (JSC::ASTBuilder::createExportDefaultDeclaration):
2280         (JSC::ASTBuilder::createExportLocalDeclaration):
2281         (JSC::ASTBuilder::createExportNamedDeclaration):
2282         (JSC::ASTBuilder::createExportSpecifier):
2283         (JSC::ASTBuilder::createExportSpecifierList):
2284         (JSC::ASTBuilder::appendExportSpecifier):
2285         * parser/Keywords.table:
2286         * parser/NodeConstructors.h:
2287         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2288         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2289         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2290         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2291         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2292         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2293         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2294         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2295         * parser/Nodes.cpp:
2296         (JSC::ModuleProgramNode::ModuleProgramNode):
2297         * parser/Nodes.h:
2298         (JSC::ModuleProgramNode::startColumn):
2299         (JSC::ModuleProgramNode::endColumn):
2300         (JSC::ModuleSpecifierNode::moduleName):
2301         (JSC::ImportSpecifierNode::importedName):
2302         (JSC::ImportSpecifierNode::localName):
2303         (JSC::ImportSpecifierListNode::specifiers):
2304         (JSC::ImportSpecifierListNode::append):
2305         (JSC::ImportDeclarationNode::specifierList):
2306         (JSC::ImportDeclarationNode::moduleSpecifier):
2307         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2308         (JSC::ExportDefaultDeclarationNode::declaration):
2309         (JSC::ExportLocalDeclarationNode::declaration):
2310         (JSC::ExportSpecifierNode::exportedName):
2311         (JSC::ExportSpecifierNode::localName):
2312         (JSC::ExportSpecifierListNode::specifiers):
2313         (JSC::ExportSpecifierListNode::append):
2314         (JSC::ExportNamedDeclarationNode::specifierList):
2315         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2316         * parser/Parser.cpp:
2317         (JSC::Parser<LexerType>::Parser):
2318         (JSC::Parser<LexerType>::parseInner):
2319         (JSC::Parser<LexerType>::parseModuleSourceElements):
2320         (JSC::Parser<LexerType>::parseVariableDeclaration):
2321         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2322         (JSC::Parser<LexerType>::createBindingPattern):
2323         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2324         (JSC::Parser<LexerType>::parseDestructuringPattern):
2325         (JSC::Parser<LexerType>::parseForStatement):
2326         (JSC::Parser<LexerType>::parseFormalParameters):
2327         (JSC::Parser<LexerType>::parseFunctionParameters):
2328         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2329         (JSC::Parser<LexerType>::parseClassDeclaration):
2330         (JSC::Parser<LexerType>::parseModuleSpecifier):
2331         (JSC::Parser<LexerType>::parseImportClauseItem):
2332         (JSC::Parser<LexerType>::parseImportDeclaration):
2333         (JSC::Parser<LexerType>::parseExportSpecifier):
2334         (JSC::Parser<LexerType>::parseExportDeclaration):
2335         (JSC::Parser<LexerType>::parseMemberExpression):
2336         * parser/Parser.h:
2337         (JSC::isIdentifierOrKeyword):
2338         (JSC::ModuleScopeData::create):
2339         (JSC::ModuleScopeData::exportedBindings):
2340         (JSC::ModuleScopeData::exportName):
2341         (JSC::ModuleScopeData::exportBinding):
2342         (JSC::Scope::Scope):
2343         (JSC::Scope::setIsModule):
2344         (JSC::Scope::moduleScopeData):
2345         (JSC::Parser::matchContextualKeyword):
2346         (JSC::Parser::matchIdentifierOrKeyword):
2347         (JSC::Parser::isofToken): Deleted.
2348         * parser/ParserModes.h:
2349         * parser/ParserTokens.h:
2350         * parser/SyntaxChecker.h:
2351         (JSC::SyntaxChecker::createModuleSpecifier):
2352         (JSC::SyntaxChecker::createImportSpecifier):
2353         (JSC::SyntaxChecker::createImportSpecifierList):
2354         (JSC::SyntaxChecker::appendImportSpecifier):
2355         (JSC::SyntaxChecker::createImportDeclaration):
2356         (JSC::SyntaxChecker::createExportAllDeclaration):
2357         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2358         (JSC::SyntaxChecker::createExportLocalDeclaration):
2359         (JSC::SyntaxChecker::createExportNamedDeclaration):
2360         (JSC::SyntaxChecker::createExportSpecifier):
2361         (JSC::SyntaxChecker::createExportSpecifierList):
2362         (JSC::SyntaxChecker::appendExportSpecifier):
2363         * runtime/CommonIdentifiers.cpp:
2364         (JSC::CommonIdentifiers::CommonIdentifiers):
2365         * runtime/CommonIdentifiers.h:
2366         * runtime/Completion.cpp:
2367         (JSC::checkModuleSyntax):
2368         * runtime/Completion.h:
2369         * tests/stress/modules-syntax-error-with-names.js: Added.
2370         (shouldThrow):
2371         * tests/stress/modules-syntax-error.js: Added.
2372         (shouldThrow):
2373         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2374         * tests/stress/modules-syntax.js: Added.
2375         (prototype.checkModuleSyntax):
2376         (checkModuleSyntax):
2377         * tests/stress/tagged-templates-syntax.js:
2378
2379 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2380
2381         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2382         https://bugs.webkit.org/show_bug.cgi?id=146833
2383
2384         Reviewed by Alexey Proskuryakov.
2385
2386         * assembler/ARM64Assembler.h:
2387         * assembler/ARMAssembler.h:
2388         (JSC::ARMAssembler::cacheFlush):
2389         * assembler/MacroAssemblerARM.cpp:
2390         (JSC::isVFPPresent):
2391         * assembler/MacroAssemblerX86Common.h:
2392         (JSC::MacroAssemblerX86Common::isSSE2Present):
2393         * heap/MachineStackMarker.h:
2394         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2395         (JSC::logF):
2396         * jit/HostCallReturnValue.h:
2397         * jit/JIT.h:
2398         * jit/JITOperations.cpp:
2399         * jit/JITStubsARM.h:
2400         * jit/JITStubsARMv7.h:
2401         * jit/JITStubsX86.h:
2402         * jit/JITStubsX86Common.h:
2403         * jit/JITStubsX86_64.h:
2404         * jit/ThunkGenerators.cpp:
2405         * runtime/JSExportMacros.h:
2406         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2407         (JSC::clz32):
2408
2409 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2410
2411         Unreviewed, fix uninitialized property leading to an assert.
2412
2413         * runtime/PutPropertySlot.h:
2414         (JSC::PutPropertySlot::PutPropertySlot):
2415
2416 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2417
2418         Unreviewed, fix Windows.
2419
2420         * bytecode/ObjectPropertyConditionSet.h:
2421         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2422
2423 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2424
2425         DFG should have adaptive structure watchpoints
2426         https://bugs.webkit.org/show_bug.cgi?id=146929
2427
2428         Reviewed by Geoffrey Garen.
2429
2430         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2431         property, you'd check that the object still has the structure that you first saw the object have. We
2432         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2433         elide the structure check.
2434
2435         But this approach fails when that object frequently has new properties added to it. This would
2436         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2437         we'd have to recompile either the IC or an entire code block.
2438
2439         This change introduces a new concept: an object property condition. This value describes some
2440         condition involving a property on some object. There are four kinds: presence, absence,
2441         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2442         object has some property at some offset with some attributes. This allows us to implement a new kind
2443         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2444         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2445         on the new structure.
2446
2447         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2448         and prototype accesses. They are also used for any DFG accesses to object constants, including
2449         global property accesses.
2450
2451         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2452         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2453         chain situation. It's also a small speed-up on getter-richards.
2454
2455         * CMakeLists.txt:
2456         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2457         * JavaScriptCore.xcodeproj/project.pbxproj:
2458         * bytecode/CodeBlock.cpp:
2459         (JSC::CodeBlock::printGetByIdCacheStatus):
2460         (JSC::CodeBlock::printPutByIdCacheStatus):
2461         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2462         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2463         * bytecode/ComplexGetStatus.cpp:
2464         (JSC::ComplexGetStatus::computeFor):
2465         * bytecode/ComplexGetStatus.h:
2466         (JSC::ComplexGetStatus::ComplexGetStatus):
2467         (JSC::ComplexGetStatus::takesSlowPath):
2468         (JSC::ComplexGetStatus::kind):
2469         (JSC::ComplexGetStatus::offset):
2470         (JSC::ComplexGetStatus::conditionSet):
2471         (JSC::ComplexGetStatus::attributes): Deleted.
2472         (JSC::ComplexGetStatus::specificValue): Deleted.
2473         (JSC::ComplexGetStatus::chain): Deleted.
2474         * bytecode/ConstantStructureCheck.cpp: Removed.
2475         * bytecode/ConstantStructureCheck.h: Removed.
2476         * bytecode/GetByIdStatus.cpp:
2477         (JSC::GetByIdStatus::computeForStubInfo):
2478         * bytecode/GetByIdVariant.cpp:
2479         (JSC::GetByIdVariant::GetByIdVariant):
2480         (JSC::GetByIdVariant::~GetByIdVariant):
2481         (JSC::GetByIdVariant::operator=):
2482         (JSC::GetByIdVariant::attemptToMerge):
2483         (JSC::GetByIdVariant::dumpInContext):
2484         (JSC::GetByIdVariant::baseStructure): Deleted.
2485         * bytecode/GetByIdVariant.h:
2486         (JSC::GetByIdVariant::operator!):
2487         (JSC::GetByIdVariant::structureSet):
2488         (JSC::GetByIdVariant::conditionSet):
2489         (JSC::GetByIdVariant::offset):
2490         (JSC::GetByIdVariant::callLinkStatus):
2491         (JSC::GetByIdVariant::constantChecks): Deleted.
2492         (JSC::GetByIdVariant::alternateBase): Deleted.
2493         * bytecode/ObjectPropertyCondition.cpp: Added.
2494         (JSC::ObjectPropertyCondition::dumpInContext):
2495         (JSC::ObjectPropertyCondition::dump):
2496         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2497         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2498         (JSC::ObjectPropertyCondition::isStillValid):
2499         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2500         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2501         (JSC::ObjectPropertyCondition::isWatchable):
2502         (JSC::ObjectPropertyCondition::isStillLive):
2503         (JSC::ObjectPropertyCondition::validateReferences):
2504         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2505         * bytecode/ObjectPropertyCondition.h: Added.
2506         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2507         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2508         (JSC::ObjectPropertyCondition::presence):
2509         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2510         (JSC::ObjectPropertyCondition::absence):
2511         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2512         (JSC::ObjectPropertyCondition::absenceOfSetter):
2513         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2514         (JSC::ObjectPropertyCondition::equivalence):
2515         (JSC::ObjectPropertyCondition::operator!):
2516         (JSC::ObjectPropertyCondition::object):
2517         (JSC::ObjectPropertyCondition::condition):
2518         (JSC::ObjectPropertyCondition::kind):
2519         (JSC::ObjectPropertyCondition::uid):
2520         (JSC::ObjectPropertyCondition::hasOffset):
2521         (JSC::ObjectPropertyCondition::offset):
2522         (JSC::ObjectPropertyCondition::hasAttributes):
2523         (JSC::ObjectPropertyCondition::attributes):
2524         (JSC::ObjectPropertyCondition::hasPrototype):
2525         (JSC::ObjectPropertyCondition::prototype):
2526         (JSC::ObjectPropertyCondition::hasRequiredValue):
2527         (JSC::ObjectPropertyCondition::requiredValue):
2528         (JSC::ObjectPropertyCondition::hash):
2529         (JSC::ObjectPropertyCondition::operator==):
2530         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2531         (JSC::ObjectPropertyCondition::isCompatibleWith):
2532         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2533         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2534         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2535         (JSC::ObjectPropertyConditionHash::hash):
2536         (JSC::ObjectPropertyConditionHash::equal):
2537         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2538         (JSC::ObjectPropertyConditionSet::forObject):
2539         (JSC::ObjectPropertyConditionSet::forConditionKind):
2540         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2541         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2542         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2543         (JSC::ObjectPropertyConditionSet::mergedWith):
2544         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2545         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2546         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2547         (JSC::ObjectPropertyConditionSet::areStillLive):
2548         (JSC::ObjectPropertyConditionSet::dumpInContext):
2549         (JSC::ObjectPropertyConditionSet::dump):
2550         (JSC::generateConditionsForPropertyMiss):
2551         (JSC::generateConditionsForPropertySetterMiss):
2552         (JSC::generateConditionsForPrototypePropertyHit):
2553         (JSC::generateConditionsForPrototypePropertyHitCustom):
2554         (JSC::generateConditionsForPropertySetterMissConcurrently):
2555         * bytecode/ObjectPropertyConditionSet.h: Added.
2556         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2557         (JSC::ObjectPropertyConditionSet::invalid):
2558         (JSC::ObjectPropertyConditionSet::nonEmpty):
2559         (JSC::ObjectPropertyConditionSet::isValid):
2560         (JSC::ObjectPropertyConditionSet::isEmpty):
2561         (JSC::ObjectPropertyConditionSet::begin):
2562         (JSC::ObjectPropertyConditionSet::end):
2563         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2564         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2565         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2566         (JSC::ObjectPropertyConditionSet::Data::Data):
2567         * bytecode/PolymorphicGetByIdList.cpp:
2568         (JSC::GetByIdAccess::GetByIdAccess):
2569         (JSC::GetByIdAccess::~GetByIdAccess):
2570         (JSC::GetByIdAccess::visitWeak):
2571         * bytecode/PolymorphicGetByIdList.h:
2572         (JSC::GetByIdAccess::GetByIdAccess):
2573         (JSC::GetByIdAccess::structure):
2574         (JSC::GetByIdAccess::conditionSet):
2575         (JSC::GetByIdAccess::stubRoutine):
2576         (JSC::GetByIdAccess::chain): Deleted.
2577         (JSC::GetByIdAccess::chainCount): Deleted.
2578         * bytecode/PolymorphicPutByIdList.cpp:
2579         (JSC::PutByIdAccess::fromStructureStubInfo):
2580         (JSC::PutByIdAccess::visitWeak):
2581         * bytecode/PolymorphicPutByIdList.h:
2582         (JSC::PutByIdAccess::PutByIdAccess):
2583         (JSC::PutByIdAccess::transition):
2584         (JSC::PutByIdAccess::setter):
2585         (JSC::PutByIdAccess::newStructure):
2586         (JSC::PutByIdAccess::conditionSet):
2587         (JSC::PutByIdAccess::stubRoutine):
2588         (JSC::PutByIdAccess::chain): Deleted.
2589         (JSC::PutByIdAccess::chainCount): Deleted.
2590         * bytecode/PropertyCondition.cpp: Added.
2591         (JSC::PropertyCondition::dumpInContext):
2592         (JSC::PropertyCondition::dump):
2593         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2594         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2595         (JSC::PropertyCondition::isStillValid):
2596         (JSC::PropertyCondition::isWatchableWhenValid):
2597         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2598         (JSC::PropertyCondition::isWatchable):
2599         (JSC::PropertyCondition::isStillLive):
2600         (JSC::PropertyCondition::validateReferences):
2601         (JSC::PropertyCondition::isValidValueForAttributes):
2602         (JSC::PropertyCondition::isValidValueForPresence):
2603         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2604         (WTF::printInternal):
2605         * bytecode/PropertyCondition.h: Added.
2606         (JSC::PropertyCondition::PropertyCondition):
2607         (JSC::PropertyCondition::presenceWithoutBarrier):
2608         (JSC::PropertyCondition::presence):
2609         (JSC::PropertyCondition::absenceWithoutBarrier):
2610         (JSC::PropertyCondition::absence):
2611         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2612         (JSC::PropertyCondition::absenceOfSetter):
2613         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2614         (JSC::PropertyCondition::equivalence):
2615         (JSC::PropertyCondition::operator!):
2616         (JSC::PropertyCondition::kind):
2617         (JSC::PropertyCondition::uid):
2618         (JSC::PropertyCondition::hasOffset):
2619         (JSC::PropertyCondition::offset):
2620         (JSC::PropertyCondition::hasAttributes):
2621         (JSC::PropertyCondition::attributes):
2622         (JSC::PropertyCondition::hasPrototype):
2623         (JSC::PropertyCondition::prototype):
2624         (JSC::PropertyCondition::hasRequiredValue):
2625         (JSC::PropertyCondition::requiredValue):
2626         (JSC::PropertyCondition::hash):
2627         (JSC::PropertyCondition::operator==):
2628         (JSC::PropertyCondition::isHashTableDeletedValue):
2629         (JSC::PropertyCondition::isCompatibleWith):
2630         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2631         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2632         (JSC::PropertyConditionHash::hash):
2633         (JSC::PropertyConditionHash::equal):
2634         * bytecode/PutByIdStatus.cpp:
2635         (JSC::PutByIdStatus::computeFromLLInt):
2636         (JSC::PutByIdStatus::computeFor):
2637         (JSC::PutByIdStatus::computeForStubInfo):
2638         * bytecode/PutByIdVariant.cpp:
2639         (JSC::PutByIdVariant::operator=):
2640         (JSC::PutByIdVariant::transition):
2641         (JSC::PutByIdVariant::setter):
2642         (JSC::PutByIdVariant::makesCalls):
2643         (JSC::PutByIdVariant::attemptToMerge):
2644         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2645         (JSC::PutByIdVariant::dumpInContext):
2646         (JSC::PutByIdVariant::baseStructure): Deleted.
2647         * bytecode/PutByIdVariant.h:
2648         (JSC::PutByIdVariant::PutByIdVariant):
2649         (JSC::PutByIdVariant::kind):
2650         (JSC::PutByIdVariant::structure):
2651         (JSC::PutByIdVariant::structureSet):
2652         (JSC::PutByIdVariant::oldStructure):
2653         (JSC::PutByIdVariant::conditionSet):
2654         (JSC::PutByIdVariant::offset):
2655         (JSC::PutByIdVariant::callLinkStatus):
2656         (JSC::PutByIdVariant::constantChecks): Deleted.
2657         (JSC::PutByIdVariant::alternateBase): Deleted.
2658         * bytecode/StructureStubClearingWatchpoint.cpp:
2659         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2660         (JSC::StructureStubClearingWatchpoint::push):
2661         (JSC::StructureStubClearingWatchpoint::fireInternal):
2662         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2663         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2664         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2665         * bytecode/StructureStubClearingWatchpoint.h:
2666         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2667         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2668         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2669         * bytecode/StructureStubInfo.cpp:
2670         (JSC::StructureStubInfo::deref):
2671         (JSC::StructureStubInfo::visitWeakReferences):
2672         * bytecode/StructureStubInfo.h:
2673         (JSC::StructureStubInfo::initPutByIdTransition):
2674         (JSC::StructureStubInfo::initPutByIdReplace):
2675         (JSC::StructureStubInfo::setSeen):
2676         (JSC::StructureStubInfo::addWatchpoint):
2677         * dfg/DFGAbstractInterpreterInlines.h:
2678         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2679         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2680         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2681         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2682         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2683         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2684         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2685         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2686         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2687         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2688         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2689         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2690         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2691         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2692         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2693         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2694         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2695         * dfg/DFGByteCodeParser.cpp:
2696         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2697         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2698         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2699         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2700         (JSC::DFG::ByteCodeParser::check):
2701         (JSC::DFG::ByteCodeParser::promoteToConstant):
2702         (JSC::DFG::ByteCodeParser::planLoad):
2703         (JSC::DFG::ByteCodeParser::load):
2704         (JSC::DFG::ByteCodeParser::presenceLike):
2705         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2706         (JSC::DFG::ByteCodeParser::store):
2707         (JSC::DFG::ByteCodeParser::handleGetById):
2708         (JSC::DFG::ByteCodeParser::handlePutById):
2709         (JSC::DFG::ByteCodeParser::parseBlock):
2710         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2711         * dfg/DFGCommonData.cpp:
2712         (JSC::DFG::CommonData::validateReferences):
2713         * dfg/DFGCommonData.h:
2714         * dfg/DFGConstantFoldingPhase.cpp:
2715         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2716         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2717         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2718         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2719         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2720         * dfg/DFGDesiredWatchpoints.cpp:
2721         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2722         (JSC::DFG::InferredValueAdaptor::add):
2723         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2724         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2725         (JSC::DFG::DesiredWatchpoints::addLazily):
2726         (JSC::DFG::DesiredWatchpoints::consider):
2727         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2728         (JSC::DFG::DesiredWatchpoints::areStillValid):
2729         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2730         * dfg/DFGDesiredWatchpoints.h:
2731         (JSC::DFG::SetPointerAdaptor::add):
2732         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2733         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2734         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2735         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2736         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2737         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2738         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2739         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2740         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2741         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2742         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2743         (JSC::DFG::DesiredWatchpoints::isWatched):
2744         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2745         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2746         * dfg/DFGDesiredWeakReferences.cpp:
2747         (JSC::DFG::DesiredWeakReferences::addLazily):
2748         (JSC::DFG::DesiredWeakReferences::contains):
2749         * dfg/DFGDesiredWeakReferences.h:
2750         * dfg/DFGGraph.cpp:
2751         (JSC::DFG::Graph::dump):
2752         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2753         (JSC::DFG::Graph::watchCondition):
2754         (JSC::DFG::Graph::isSafeToLoad):
2755         (JSC::DFG::Graph::livenessFor):
2756         (JSC::DFG::Graph::tryGetConstantProperty):
2757         (JSC::DFG::Graph::visitChildren):
2758         * dfg/DFGGraph.h:
2759         (JSC::DFG::Graph::identifiers):
2760         (JSC::DFG::Graph::watchpoints):
2761         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2762         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2763         (JSC::DFG::GetByOffsetMethod::dump):
2764         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2765         (JSC::DFG::MultiGetByOffsetCase::dump):
2766         (WTF::printInternal):
2767         * dfg/DFGMultiGetByOffsetData.h: Added.
2768         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2769         (JSC::DFG::GetByOffsetMethod::constant):
2770         (JSC::DFG::GetByOffsetMethod::load):
2771         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2772         (JSC::DFG::GetByOffsetMethod::operator!):
2773         (JSC::DFG::GetByOffsetMethod::kind):
2774         (JSC::DFG::GetByOffsetMethod::prototype):
2775         (JSC::DFG::GetByOffsetMethod::offset):
2776         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2777         (JSC::DFG::MultiGetByOffsetCase::set):
2778         (JSC::DFG::MultiGetByOffsetCase::method):
2779         * dfg/DFGNode.h:
2780         * dfg/DFGSafeToExecute.h:
2781         (JSC::DFG::safeToExecute):
2782         * dfg/DFGStructureRegistrationPhase.cpp:
2783         (JSC::DFG::StructureRegistrationPhase::run):
2784         * ftl/FTLLowerDFGToLLVM.cpp:
2785         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2786         * jit/Repatch.cpp:
2787         (JSC::repatchByIdSelfAccess):
2788         (JSC::checkObjectPropertyCondition):
2789         (JSC::checkObjectPropertyConditions):
2790         (JSC::replaceWithJump):
2791         (JSC::generateByIdStub):
2792         (JSC::actionForCell):
2793         (JSC::tryBuildGetByIDList):
2794         (JSC::emitPutReplaceStub):
2795         (JSC::emitPutTransitionStub):
2796         (JSC::tryCachePutByID):
2797         (JSC::tryBuildPutByIdList):
2798         (JSC::tryRepatchIn):
2799         (JSC::addStructureTransitionCheck): Deleted.
2800         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2801         * runtime/IntendedStructureChain.cpp: Removed.
2802         * runtime/IntendedStructureChain.h: Removed.
2803         * runtime/JSCJSValue.h:
2804         * runtime/JSObject.cpp:
2805         (JSC::throwTypeError):
2806         (JSC::JSObject::convertToDictionary):
2807         (JSC::JSObject::shiftButterflyAfterFlattening):
2808         * runtime/JSObject.h:
2809         (JSC::JSObject::flattenDictionaryObject):
2810         (JSC::JSObject::convertToDictionary): Deleted.
2811         * runtime/Operations.h:
2812         (JSC::normalizePrototypeChain):
2813         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2814         (JSC::isPrototypeChainNormalized): Deleted.
2815         * runtime/PropertySlot.h:
2816         (JSC::PropertySlot::PropertySlot):
2817         (JSC::PropertySlot::slotBase):
2818         * runtime/Structure.cpp:
2819         (JSC::Structure::addPropertyTransition):
2820         (JSC::Structure::attributeChangeTransition):
2821         (JSC::Structure::toDictionaryTransition):
2822         (JSC::Structure::toCacheableDictionaryTransition):
2823         (JSC::Structure::toUncacheableDictionaryTransition):
2824         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2825         (JSC::Structure::startWatchingPropertyForReplacements):
2826         (JSC::Structure::didCachePropertyReplacement):
2827         (JSC::Structure::dump):
2828         * runtime/Structure.h:
2829         * runtime/VM.h:
2830         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2831         (foo):
2832         (bar):
2833         (baz):
2834         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2835         (foo):
2836         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2837         (foo):
2838         * tests/stress/replacement-watchpoint.js: Added.
2839         (foo):
2840         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2841         (foo):
2842         * tests/stress/undefined-access-then-proto-change.js: Added.
2843         (foo):
2844
2845 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2846
2847         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2848         https://bugs.webkit.org/show_bug.cgi?id=147538
2849
2850         Reviewed by Geoffrey Garen.
2851
2852         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
2853         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
2854         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
2855
2856         * parser/ParserTokens.h:
2857         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
2858         (testSyntaxError):
2859
2860 2015-08-03  Keith Miller  <keith_miller@apple.com>
2861
2862         Clean up the naming for AST expression generation.
2863         https://bugs.webkit.org/show_bug.cgi?id=147581
2864
2865         Reviewed by Yusuke Suzuki.
2866
2867         * parser/ASTBuilder.h:
2868         (JSC::ASTBuilder::createThisExpr):
2869         (JSC::ASTBuilder::createSuperExpr):
2870         (JSC::ASTBuilder::createNewTargetExpr):
2871         (JSC::ASTBuilder::thisExpr): Deleted.
2872         (JSC::ASTBuilder::superExpr): Deleted.
2873         (JSC::ASTBuilder::newTargetExpr): Deleted.
2874         * parser/Parser.cpp:
2875         (JSC::Parser<LexerType>::parsePrimaryExpression):
2876         (JSC::Parser<LexerType>::parseMemberExpression):
2877         * parser/SyntaxChecker.h:
2878         (JSC::SyntaxChecker::createThisExpr):
2879         (JSC::SyntaxChecker::createSuperExpr):
2880         (JSC::SyntaxChecker::createNewTargetExpr):
2881         (JSC::SyntaxChecker::thisExpr): Deleted.
2882         (JSC::SyntaxChecker::superExpr): Deleted.
2883         (JSC::SyntaxChecker::newTargetExpr): Deleted.
2884
2885 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2886
2887         Don't set up the callsite to operationGetByValDefault when the optimization is already done
2888         https://bugs.webkit.org/show_bug.cgi?id=147577
2889
2890         Reviewed by Filip Pizlo.
2891
2892         operationGetByValDefault should be called only when the IC is not set.
2893         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
2894         operationGetByValDefault raises the assertion failure.
2895         In this patch, we change the callsite setting up code in operationGetByValString when
2896         the IC is already set. And to make the operation's meaning explicitly, we changed the
2897         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
2898         GetById case.
2899
2900         * jit/JITOperations.cpp:
2901         * jit/JITOperations.h:
2902         * jit/JITPropertyAccess.cpp:
2903         (JSC::JIT::emitSlow_op_get_by_val):
2904         * jit/JITPropertyAccess32_64.cpp:
2905         (JSC::JIT::emitSlow_op_get_by_val):
2906         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
2907         (hello):
2908
2909 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2910
2911         [FTL] Remove unused scripts related to native call inlining
2912         https://bugs.webkit.org/show_bug.cgi?id=147448
2913
2914         Reviewed by Filip Pizlo.
2915
2916         * build-symbol-table-index.py: Removed.
2917         * copy-llvm-ir-to-derived-sources.sh: Removed.
2918         * create-llvm-ir-from-source-file.py: Removed.
2919         * create-symbol-table-index.py: Removed.
2920
2921 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
2922
2923         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
2924         https://bugs.webkit.org/show_bug.cgi?id=118455
2925
2926         Reviewed by Filip Pizlo.
2927
2928         LivenessAnalysisPhase lights up like a christmas tree in profiles.
2929
2930         This patch cuts its cost by 4.
2931         About half of the gains come from removing many rehash() when copying
2932         the HashSet.
2933         The last quarter is achieved by having a special add() function for initializing
2934         a HashSet.
2935
2936         This makes benchmarks progress by 1-2% here and there. Nothing massive.
2937
2938         * dfg/DFGLivenessAnalysisPhase.cpp:
2939         (JSC::DFG::LivenessAnalysisPhase::process):
2940         The m_live HashSet is only useful per block. When we are done with it,
2941         we can transfer it to liveAtHead to avoid a copy.
2942
2943 2015-08-01  Saam barati  <saambarati1@gmail.com>
2944
2945         Unreviewed. Remove unintentional "print" statement in test case.
2946         https://bugs.webkit.org/show_bug.cgi?id=142567
2947
2948         * tests/stress/class-syntax-definition-semantics.js:
2949         (shouldBeSyntaxError):
2950
2951 2015-07-31  Alex Christensen  <achristensen@webkit.org>
2952
2953         Prepare for VS2015
2954         https://bugs.webkit.org/show_bug.cgi?id=146579
2955
2956         Reviewed by Jon Honeycutt.
2957
2958         * heap/Heap.h:
2959         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
2960
2961 2015-07-31  Saam barati  <saambarati1@gmail.com>
2962
2963         ES6 class syntax should use block scoping
2964         https://bugs.webkit.org/show_bug.cgi?id=142567
2965
2966         Reviewed by Geoffrey Garen.
2967
2968         We treat class declarations like we do "let" declarations.
2969         The class name is under TDZ until the class declaration
2970         statement is evaluated. Class declarations also follow
2971         the same rules as "let": No duplicate definitions inside
2972         a lexical environment.
2973
2974         * parser/ASTBuilder.h:
2975         (JSC::ASTBuilder::createClassDeclStatement):
2976         * parser/Parser.cpp:
2977         (JSC::Parser<LexerType>::parseClassDeclaration):
2978         * tests/stress/class-syntax-block-scoping.js: Added.
2979         (assert):
2980         (truth):
2981         (.):
2982         * tests/stress/class-syntax-definition-semantics.js: Added.
2983         (shouldBeSyntaxError):
2984         (shouldNotBeSyntaxError):
2985         (truth):
2986         * tests/stress/class-syntax-tdz.js:
2987         (assert):
2988         (shouldThrowTDZ):
2989         (truth):
2990         (.):
2991
2992 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2993
2994         Implement WebAssembly module parser
2995         https://bugs.webkit.org/show_bug.cgi?id=147293
2996
2997         Reviewed by Mark Lam.
2998
2999         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
3000         include file: 'JSWASMModule.h'" issue on Windows.
3001
3002         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3003         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3004         the magic number at the beginning of the files. Parsing of the rest will be
3005         implemented in a subsequent patch.
3006
3007         * CMakeLists.txt:
3008         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3009         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3010         * JavaScriptCore.xcodeproj/project.pbxproj:
3011         * jsc.cpp:
3012         (GlobalObject::finishCreation):
3013         (functionLoadWebAssembly):
3014         * parser/SourceProvider.h:
3015         (JSC::WebAssemblySourceProvider::create):
3016         (JSC::WebAssemblySourceProvider::data):
3017         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3018         * runtime/JSGlobalObject.cpp:
3019         (JSC::JSGlobalObject::init):
3020         (JSC::JSGlobalObject::visitChildren):
3021         * runtime/JSGlobalObject.h:
3022         (JSC::JSGlobalObject::wasmModuleStructure):
3023         * wasm/WASMMagicNumber.h: Added.
3024         * wasm/WASMModuleParser.cpp: Added.
3025         (JSC::WASMModuleParser::WASMModuleParser):
3026         (JSC::WASMModuleParser::parse):
3027         (JSC::WASMModuleParser::parseModule):
3028         (JSC::parseWebAssembly):
3029         * wasm/WASMModuleParser.h: Added.
3030         * wasm/WASMReader.cpp: Added.
3031         (JSC::WASMReader::readUnsignedInt32):
3032         (JSC::WASMReader::readFloat):
3033         (JSC::WASMReader::readDouble):
3034         * wasm/WASMReader.h: Added.
3035         (JSC::WASMReader::WASMReader):
3036
3037 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3038
3039         Add the "wasm" directory to the Additional Include Directories for jsc.exe
3040         https://bugs.webkit.org/show_bug.cgi?id=147443
3041
3042         Reviewed by Mark Lam.
3043
3044         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
3045         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
3046
3047         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
3048
3049 2015-07-30  Chris Dumez  <cdumez@apple.com>
3050
3051         Mark more classes as fast allocated
3052         https://bugs.webkit.org/show_bug.cgi?id=147440
3053
3054         Reviewed by Sam Weinig.
3055
3056         Mark more classes as fast allocated for performance. We heap-allocate
3057         objects of those types throughout the code base.
3058
3059         * API/JSCallbackObject.h:
3060         * API/ObjCCallbackFunction.mm:
3061         * bytecode/BytecodeKills.h:
3062         * bytecode/BytecodeLivenessAnalysis.h:
3063         * bytecode/CallLinkStatus.h:
3064         * bytecode/FullBytecodeLiveness.h:
3065         * bytecode/SamplingTool.h:
3066         * bytecompiler/BytecodeGenerator.h:
3067         * dfg/DFGBasicBlock.h:
3068         * dfg/DFGBlockMap.h:
3069         * dfg/DFGInPlaceAbstractState.h:
3070         * dfg/DFGThreadData.h:
3071         * heap/HeapVerifier.h:
3072         * heap/SlotVisitor.h:
3073         * parser/Lexer.h:
3074         * runtime/ControlFlowProfiler.h:
3075         * runtime/TypeProfiler.h:
3076         * runtime/TypeProfilerLog.h:
3077         * runtime/Watchdog.h:
3078
3079 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
3080
3081         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
3082         https://bugs.webkit.org/show_bug.cgi?id=147433
3083         rdar://problem/21668986
3084
3085         Reviewed by Mark Lam.
3086
3087         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
3088         currently that's not what it does - it emits a SetArgument for every argument that a varargs
3089         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
3090         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
3091         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
3092         have a PutStack.
3093
3094         This fixes the bug by removing the code to optimize away PutStacks in
3095         ArgumentsEliminationPhase.
3096
3097         * dfg/DFGArgumentsEliminationPhase.cpp:
3098         * tests/stress/varargs-inlining-underflow.js: Added.
3099         (baz):
3100         (bar):
3101         (foo):
3102
3103 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
3104
3105         Implement basic types for ECMAScript Internationalization API
3106         https://bugs.webkit.org/show_bug.cgi?id=146926
3107
3108         Reviewed by Benjamin Poulain.
3109
3110         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
3111         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
3112
3113         * CMakeLists.txt: Added new Intl files.
3114         * Configurations/FeatureDefines.xcconfig: Enable INTL.
3115         * DerivedSources.make: Added Intl files.
3116         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
3117         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
3118         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
3119         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
3120         * runtime/DateConstructor.cpp: Made Date.now public.
3121         * runtime/DateConstructor.h: Made Date.now public.
3122         * runtime/IntlCollator.cpp: Added.
3123         (JSC::IntlCollator::create):
3124         (JSC::IntlCollator::createStructure):
3125         (JSC::IntlCollator::IntlCollator):
3126         (JSC::IntlCollator::finishCreation):
3127         (JSC::IntlCollator::destroy):
3128         (JSC::IntlCollator::visitChildren):
3129         (JSC::IntlCollator::setBoundCompare):
3130         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
3131         * runtime/IntlCollator.h: Added.
3132         (JSC::IntlCollator::constructor):
3133         (JSC::IntlCollator::boundCompare):
3134         * runtime/IntlCollatorConstructor.cpp: Added.
3135         (JSC::IntlCollatorConstructor::create):
3136         (JSC::IntlCollatorConstructor::createStructure):
3137         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
3138         (JSC::IntlCollatorConstructor::finishCreation):
3139         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
3140         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
3141         (JSC::IntlCollatorConstructor::getConstructData):
3142         (JSC::IntlCollatorConstructor::getCallData):
3143         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
3144         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3145         (JSC::IntlCollatorConstructor::visitChildren):
3146         * runtime/IntlCollatorConstructor.h: Added.
3147         (JSC::IntlCollatorConstructor::collatorStructure):
3148         * runtime/IntlCollatorPrototype.cpp: Added.
3149         (JSC::IntlCollatorPrototype::create):
3150         (JSC::IntlCollatorPrototype::createStructure):
3151         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
3152         (JSC::IntlCollatorPrototype::finishCreation):
3153         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
3154         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
3155         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3156         * runtime/IntlCollatorPrototype.h: Added.
3157         * runtime/IntlDateTimeFormat.cpp: Added.
3158         (JSC::IntlDateTimeFormat::create):
3159         (JSC::IntlDateTimeFormat::createStructure):
3160         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
3161         (JSC::IntlDateTimeFormat::finishCreation):
3162         (JSC::IntlDateTimeFormat::destroy):
3163         (JSC::IntlDateTimeFormat::visitChildren):
3164         (JSC::IntlDateTimeFormat::setBoundFormat):
3165         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
3166         * runtime/IntlDateTimeFormat.h: Added.
3167         (JSC::IntlDateTimeFormat::constructor):
3168         (JSC::IntlDateTimeFormat::boundFormat):
3169         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
3170         (JSC::IntlDateTimeFormatConstructor::create):
3171         (JSC::IntlDateTimeFormatConstructor::createStructure):
3172         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
3173         (JSC::IntlDateTimeFormatConstructor::finishCreation):
3174         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3175         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3176         (JSC::IntlDateTimeFormatConstructor::getConstructData):
3177         (JSC::IntlDateTimeFormatConstructor::getCallData):
3178         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
3179         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3180         (JSC::IntlDateTimeFormatConstructor::visitChildren):
3181         * runtime/IntlDateTimeFormatConstructor.h: Added.
3182         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
3183         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
3184         (JSC::IntlDateTimeFormatPrototype::create):
3185         (JSC::IntlDateTimeFormatPrototype::createStructure):
3186         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
3187         (JSC::IntlDateTimeFormatPrototype::finishCreation):
3188         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
3189         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
3190         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3191         * runtime/IntlDateTimeFormatPrototype.h: Added.
3192         * runtime/IntlNumberFormat.cpp: Added.
3193         (JSC::IntlNumberFormat::create):
3194         (JSC::IntlNumberFormat::createStructure):
3195         (JSC::IntlNumberFormat::IntlNumberFormat):
3196         (JSC::IntlNumberFormat::finishCreation):
3197         (JSC::IntlNumberFormat::destroy):
3198         (JSC::IntlNumberFormat::visitChildren):
3199         (JSC::IntlNumberFormat::setBoundFormat):
3200         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
3201         * runtime/IntlNumberFormat.h: Added.
3202         (JSC::IntlNumberFormat::constructor):
3203         (JSC::IntlNumberFormat::boundFormat):
3204         * runtime/IntlNumberFormatConstructor.cpp: Added.
3205         (JSC::IntlNumberFormatConstructor::create):
3206         (JSC::IntlNumberFormatConstructor::createStructure):
3207         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
3208         (JSC::IntlNumberFormatConstructor::finishCreation):
3209         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3210         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3211         (JSC::IntlNumberFormatConstructor::getConstructData):
3212         (JSC::IntlNumberFormatConstructor::getCallData):
3213         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
3214         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3215         (JSC::IntlNumberFormatConstructor::visitChildren):
3216         * runtime/IntlNumberFormatConstructor.h: Added.
3217         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
3218         * runtime/IntlNumberFormatPrototype.cpp: Added.
3219         (JSC::IntlNumberFormatPrototype::create):
3220         (JSC::IntlNumberFormatPrototype::createStructure):
3221         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
3222         (JSC::IntlNumberFormatPrototype::finishCreation):
3223         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
3224         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
3225         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3226         * runtime/IntlNumberFormatPrototype.h: Added.
3227         * runtime/IntlObject.cpp:
3228         (JSC::IntlObject::create):
3229         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
3230         (JSC::IntlObject::visitChildren):
3231         * runtime/IntlObject.h:
3232         (JSC::IntlObject::collatorConstructor):
3233         (JSC::IntlObject::collatorPrototype):
3234         (JSC::IntlObject::collatorStructure):
3235         (JSC::IntlObject::numberFormatConstructor):
3236         (JSC::IntlObject::numberFormatPrototype):
3237         (JSC::IntlObject::numberFormatStructure):
3238         (JSC::IntlObject::dateTimeFormatConstructor):
3239         (JSC::IntlObject::dateTimeFormatPrototype):
3240         (JSC::IntlObject::dateTimeFormatStructure):
3241         * runtime/JSGlobalObject.cpp:
3242         (JSC::JSGlobalObject::init):
3243
3244 2015-07-29  Commit Queue  <commit-queue@webkit.org>
3245
3246         Unreviewed, rolling out r187550.
3247         https://bugs.webkit.org/show_bug.cgi?id=147420
3248
3249         Broke Windows build (again) (Requested by smfr on #webkit).
3250
3251         Reverted changeset:
3252
3253         "Implement WebAssembly module parser"
3254         https://bugs.webkit.org/show_bug.cgi?id=147293
3255         http://trac.webkit.org/changeset/187550
3256
3257 2015-07-29  Basile Clement  <basile_clement@apple.com>
3258
3259         Remove native call inlining
3260         https://bugs.webkit.org/show_bug.cgi?id=147417
3261
3262         Rubber Stamped by Filip Pizlo.
3263
3264         * CMakeLists.txt:
3265         * dfg/DFGAbstractInterpreterInlines.h:
3266         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
3267         * dfg/DFGByteCodeParser.cpp:
3268         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
3269         * dfg/DFGClobberize.h:
3270         (JSC::DFG::clobberize): Deleted.
3271         * dfg/DFGDoesGC.cpp:
3272         (JSC::DFG::doesGC): Deleted.
3273         * dfg/DFGFixupPhase.cpp:
3274         (JSC::DFG::FixupPhase::fixupNode): Deleted.
3275         * dfg/DFGNode.h:
3276         (JSC::DFG::Node::hasHeapPrediction): Deleted.
3277         (JSC::DFG::Node::hasCellOperand): Deleted.
3278         * dfg/DFGNodeType.h:
3279         * dfg/DFGPredictionPropagationPhase.cpp:
3280         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
3281         * dfg/DFGSafeToExecute.h:
3282         (JSC::DFG::safeToExecute): Deleted.
3283         * dfg/DFGSpeculativeJIT32_64.cpp:
3284         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3285         * dfg/DFGSpeculativeJIT64.cpp:
3286         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3287         * ftl/FTLCapabilities.cpp:
3288         (JSC::FTL::canCompile): Deleted.
3289         * ftl/FTLLowerDFGToLLVM.cpp:
3290         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
3291         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
3292         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
3293         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
3294         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
3295         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
3296         * ftl/FTLState.cpp:
3297         (JSC::FTL::State::State): Deleted.
3298         * ftl/FTLState.h:
3299         * runtime/BundlePath.cpp: Removed.
3300         (JSC::bundlePath): Deleted.
3301         * runtime/JSDataViewPrototype.cpp:
3302         (JSC::getData):
3303         (JSC::setData):
3304         * runtime/Options.h:
3305
3306 2015-07-29  Basile Clement  <basile_clement@apple.com>
3307
3308         Unreviewed, skipping a test that is too complex for its own good
3309         https://bugs.webkit.org/show_bug.cgi?id=147167
3310
3311         * tests/stress/math-pow-coherency.js:
3312
3313 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3314
3315         Implement WebAssembly module parser
3316         https://bugs.webkit.org/show_bug.cgi?id=147293
3317
3318         Reviewed by Mark Lam.
3319
3320         Reupload the patch, since r187539 should fix the "Cannot open include file:
3321         'JSWASMModule.h'" issue in the Windows build.
3322
3323         * CMakeLists.txt:
3324         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3325         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3326         * JavaScriptCore.xcodeproj/project.pbxproj:
3327         * jsc.cpp:
3328         (GlobalObject::finishCreation):
3329         (functionLoadWebAssembly):
3330         * parser/SourceProvider.h:
3331         (JSC::WebAssemblySourceProvider::create):
3332         (JSC::WebAssemblySourceProvider::data):
3333         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3334         * runtime/JSGlobalObject.cpp:
3335         (JSC::JSGlobalObject::init):
3336         (JSC::JSGlobalObject::visitChildren):
3337         * runtime/JSGlobalObject.h:
3338         (JSC::JSGlobalObject::wasmModuleStructure):
3339         * wasm/WASMMagicNumber.h: Added.
3340         * wasm/WASMModuleParser.cpp: Added.
3341         (JSC::WASMModuleParser::WASMModuleParser):
3342         (JSC::WASMModuleParser::parse):
3343         (JSC::WASMModuleParser::parseModule):
3344         (JSC::parseWebAssembly):
3345         * wasm/WASMModuleParser.h: Added.
3346         * wasm/WASMReader.cpp: Added.
3347         (JSC::WASMReader::readUnsignedInt32):
3348         (JSC::WASMReader::readFloat):
3349         (JSC::WASMReader::readDouble):
3350         * wasm/WASMReader.h: Added.
3351         (JSC::WASMReader::WASMReader):
3352
3353 2015-07-29  Basile Clement  <basile_clement@apple.com>
3354
3355         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
3356         https://bugs.webkit.org/show_bug.cgi?id=147167
3357
3358         * tests/stress/math-pow-coherency.js:
3359
3360 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3361
3362         Add the "wasm" directory to Visual Studio project files
3363         https://bugs.webkit.org/show_bug.cgi?id=147400
3364
3365         Reviewed by Simon Fraser.
3366
3367         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
3368         in the Windows build.
3369
3370         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3371         * JavaScriptCore.vcxproj/copy-files.cmd:
3372
3373 2015-07-28  Commit Queue  <commit-queue@webkit.org>
3374
3375         Unreviewed, rolling out r187531.
3376         https://bugs.webkit.org/show_bug.cgi?id=147397
3377
3378         Broke Windows bild (Requested by smfr on #webkit).
3379
3380         Reverted changeset:
3381
3382         "Implement WebAssembly module parser"
3383         https://bugs.webkit.org/show_bug.cgi?id=147293
3384         http://trac.webkit.org/changeset/187531
3385
3386 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
3387
3388         Speed up the Stringifier::toJSON() fast case
3389         https://bugs.webkit.org/show_bug.cgi?id=147383
3390
3391         Reviewed by Andreas Kling.
3392
3393         * runtime/JSONObject.cpp:
3394         (JSC::Stringifier::toJSON):
3395         (JSC::Stringifier::toJSONImpl):
3396
3397 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3398
3399         Implement WebAssembly module parser
3400         https://bugs.webkit.org/show_bug.cgi?id=147293
3401
3402         Reviewed by Geoffrey Garen.
3403
3404         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3405         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3406         the magic number at the beginning of the files. Parsing of the rest will be
3407         implemented in a subsequent patch.
3408
3409         * CMakeLists.txt:
3410         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3411         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3412         * JavaScriptCore.xcodeproj/project.pbxproj:
3413         * jsc.cpp:
3414         (GlobalObject::finishCreation):
3415         (functionLoadWebAssembly):
3416         * parser/SourceProvider.h:
3417         (JSC::WebAssemblySourceProvider::create):
3418         (JSC::WebAssemblySourceProvider::data):
3419         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3420         * runtime/JSGlobalObject.cpp:
3421         (JSC::JSGlobalObject::init):
3422         (JSC::JSGlobalObject::visitChildren):
3423         * runtime/JSGlobalObject.h:
3424         (JSC::JSGlobalObject::wasmModuleStructure):
3425         * wasm/WASMMagicNumber.h: Added.
3426         * wasm/WASMModuleParser.cpp: Added.
3427         (JSC::WASMModuleParser::WASMModuleParser):
3428         (JSC::WASMModuleParser::parse):
3429         (JSC::WASMModuleParser::parseModule):
3430         (JSC::parseWebAssembly):
3431         * wasm/WASMModuleParser.h: Added.
3432         * wasm/WASMReader.cpp: Added.
3433         (JSC::WASMReader::readUnsignedInt32):
3434         (JSC::WASMReader::readFloat):
3435         (JSC::WASMReader::readDouble):
3436         * wasm/WASMReader.h: Added.
3437         (JSC::WASMReader::WASMReader):
3438
3439 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
3440
3441         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
3442         https://bugs.webkit.org/show_bug.cgi?id=147350
3443
3444         Reviewed by Sam Weinig.
3445
3446         * Configurations/FeatureDefines.xcconfig:
3447
3448 2015-07-28  Saam barati  <saambarati1@gmail.com>
3449
3450         Make the type profiler work with lexical scoping and add tests
3451         https://bugs.webkit.org/show_bug.cgi?id=145438
3452
3453         Reviewed by Geoffrey Garen.
3454
3455         op_profile_type now knows how to resolve variables allocated within
3456         the local scope stack. This means it knows how to resolve "let"
3457         and "const" variables. Also, some refactoring was done inside
3458         the BytecodeGenerator to make writing code to support the type
3459         profiler much simpler and clearer.
3460
3461         * bytecode/CodeBlock.cpp:
3462         (JSC::CodeBlock::CodeBlock):
3463         * bytecode/CodeBlock.h:
3464         (JSC::CodeBlock::symbolTable): Deleted.
3465         * bytecode/UnlinkedCodeBlock.h:
3466         (JSC::UnlinkedCodeBlock::addExceptionHandler):
3467         (JSC::UnlinkedCodeBlock::exceptionHandler):
3468         (JSC::UnlinkedCodeBlock::vm):
3469         (JSC::UnlinkedCodeBlock::addArrayProfile):
3470         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
3471         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
3472         * bytecompiler/BytecodeGenerator.cpp:
3473         (JSC::BytecodeGenerator::BytecodeGenerator):
3474         (JSC::BytecodeGenerator::emitMove):
3475         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
3476         (JSC::BytecodeGenerator::emitProfileType):
3477         (JSC::BytecodeGenerator::emitProfileControlFlow):
3478         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3479         * bytecompiler/BytecodeGenerator.h:
3480         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3481         * bytecompiler/NodesCodegen.cpp:
3482         (JSC::ThisNode::emitBytecode):
3483         (JSC::ResolveNode::emitBytecode):
3484         (JSC::BracketAccessorNode::emitBytecode):
3485         (JSC::DotAccessorNode::emitBytecode):
3486         (JSC::FunctionCallValueNode::emitBytecode):
3487         (JSC::FunctionCallResolveNode::emitBytecode):
3488         (JSC::FunctionCallBracketNode::emitBytecode):
3489         (JSC::FunctionCallDotNode::emitBytecode):
3490         (JSC::CallFunctionCallDotNode::emitBytecode):
3491         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3492         (JSC::PostfixNode::emitResolve):
3493         (JSC::PostfixNode::emitBracket):
3494         (JSC::PostfixNode::emitDot):
3495         (JSC::PrefixNode::emitResolve):
3496         (JSC::PrefixNode::emitBracket):
3497         (JSC::PrefixNode::emitDot):
3498         (JSC::ReadModifyResolveNode::emitBytecode):
3499         (JSC::AssignResolveNode::emitBytecode):
3500         (JSC::AssignDotNode::emitBytecode):
3501         (JSC::ReadModifyDotNode::emitBytecode):
3502         (JSC::AssignBracketNode::emitBytecode):
3503         (JSC::ReadModifyBracketNode::emitBytecode):
3504         (JSC::EmptyVarExpression::emitBytecode):
3505         (JSC::EmptyLetExpression::emitBytecode):
3506         (JSC::ForInNode::emitLoopHeader):
3507         (JSC::ForOfNode::emitBytecode):
3508         (JSC::ReturnNode::emitBytecode):
3509         (JSC::FunctionNode::emitBytecode):
3510         (JSC::BindingNode::bindValue):
3511         * dfg/DFGSpeculativeJIT32_64.cpp:
3512         (JSC::DFG::SpeculativeJIT::compile):
3513         * dfg/DFGSpeculativeJIT64.cpp:
3514         (JSC::DFG::SpeculativeJIT::compile):
3515         * jit/JITOpcodes.cpp:
3516         (JSC::JIT::emit_op_profile_type):
3517         * jit/JITOpcodes32_64.cpp:
3518         (JSC::JIT::emit_op_profile_type):
3519         * llint/LowLevelInterpreter32_64.asm:
3520         * llint/LowLevelInterpreter64.asm:
3521         * tests/typeProfiler/es6-block-scoping.js: Added.
3522         (noop):
3523         (arr):
3524         (wrapper.changeFoo):
3525         (wrapper.scoping):
3526         (wrapper.scoping2):
3527         (wrapper):
3528         * tests/typeProfiler/es6-classes.js: Added.
3529         (noop):
3530         (wrapper.Animal):
3531         (wrapper.Animal.prototype.methodA):
3532         (wrapper.Dog):
3533         (wrapper.Dog.prototype.methodB):
3534         (wrapper):
3535
3536 2015-07-28  Saam barati  <saambarati1@gmail.com>
3537
3538         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
3539         https://bugs.webkit.org/show_bug.cgi?id=146979
3540
3541         Reviewed by Geoffrey Garen.
3542
3543         Now that BytecodeGenerator has a notion of local scope depth,
3544         we can easily implement a catch scope that doesn't claim that
3545         all variables are dynamically scoped. This means that functions
3546         that use try/catch can have local variable resolution. This also
3547         means that all functions that use try/catch don't have all
3548         their variables marked as being captured.
3549
3550         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
3551         single variable. Catch scopes are now just JSLexicalEnvironments and the 
3552         symbol table backing the catch scope knows that it corresponds to a catch scope.
3553
3554         * CMakeLists.txt:
3555         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3556         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3557         * JavaScriptCore.xcodeproj/project.pbxproj:
3558         * bytecode/CodeBlock.cpp:
3559         (JSC::CodeBlock::dumpBytecode):
3560         * bytecode/EvalCodeCache.h:
3561         (JSC::EvalCodeCache::isCacheable):
3562         * bytecompiler/BytecodeGenerator.cpp:
3563         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3564         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3565         (JSC::BytecodeGenerator::pushLexicalScope):
3566         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3567         (JSC::BytecodeGenerator::popLexicalScope):
3568         (JSC::BytecodeGenerator::popLexicalScopeInternal):
3569         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3570         (JSC::BytecodeGenerator::variable):
3571         (JSC::BytecodeGenerator::resolveType):
3572         (JSC::BytecodeGenerator::emitResolveScope):
3573         (JSC::BytecodeGenerator::emitPopScope):
3574         (JSC::BytecodeGenerator::emitPopWithScope):
3575         (JSC::BytecodeGenerator::emitDebugHook):
3576         (JSC::BytecodeGenerator::popScopedControlFlowContext):
3577         (JSC::BytecodeGenerator::emitPushCatchScope):
3578         (JSC::BytecodeGenerator::emitPopCatchScope):
3579         (JSC::BytecodeGenerator::beginSwitch):
3580         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
3581         * bytecompiler/BytecodeGenerator.h:
3582         (JSC::BytecodeGenerator::lastOpcodeID):
3583         * bytecompiler/NodesCodegen.cpp:
3584         (JSC::AssignResolveNode::emitBytecode):
3585         (JSC::WithNode::emitBytecode):
3586         (JSC::TryNode::emitBytecode):
3587         * debugger/DebuggerScope.cpp:
3588         (JSC::DebuggerScope::isCatchScope):
3589         (JSC::DebuggerScope::isFunctionNameScope):
3590         (JSC::DebuggerScope::isFunctionOrEvalScope):
3591         (JSC::DebuggerScope::caughtValue):
3592         * debugger/DebuggerScope.h:
3593         * inspector/ScriptDebugServer.cpp:
3594         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
3595         * interpreter/Interpreter.cpp:
3596         (JSC::Interpreter::execute):
3597         * jit/JITOpcodes.cpp:
3598         (JSC::JIT::emit_op_push_name_scope):
3599         * jit/JITOpcodes32_64.cpp:
3600         (JSC::JIT::emit_op_push_name_scope):
3601         * jit/JITOperations.cpp:
3602         * jit/JITOperations.h:
3603         * parser/ASTBuilder.h:
3604         (JSC::ASTBuilder::createContinueStatement):
3605         (JSC::ASTBuilder::createTryStatement):
3606         * parser/NodeConstructors.h:
3607         (JSC::ThrowNode::ThrowNode):
3608         (JSC::TryNode::TryNode):
3609         (JSC::FunctionParameters::FunctionParameters):
3610         * parser/Nodes.h:
3611         * parser/Parser.cpp:
3612         (JSC::Parser<LexerType>::parseTryStatement):
3613         * parser/SyntaxChecker.h:
3614         (JSC::SyntaxChecker::createBreakStatement):
3615         (JSC::SyntaxChecker::createContinueStatement):
3616         (JSC::SyntaxChecker::createTryStatement):
3617         (JSC::SyntaxChecker::createSwitchStatement):
3618         (JSC::SyntaxChecker::createWhileStatement):
3619         (JSC::SyntaxChecker::createWithStatement):
3620         * runtime/JSCatchScope.cpp:
3621         * runtime/JSCatchScope.h:
3622         (JSC::JSCatchScope::JSCatchScope): Deleted.
3623         (JSC::JSCatchScope::create): Deleted.
3624         (JSC::JSCatchScope::createStructure): Deleted.
3625         * runtime/JSFunctionNameScope.h:
3626         (JSC::JSFunctionNameScope::JSFunctionNameScope):
3627         * runtime/JSGlobalObject.cpp:
3628         (JSC::JSGlobalObject::init):
3629         (JSC::JSGlobalObject::visitChildren):
3630         * runtime/JSGlobalObject.h:
3631         (JSC::JSGlobalObject::withScopeStructure):
3632         (JSC::JSGlobalObject::strictEvalActivationStructure):
3633         (JSC::JSGlobalObject::activationStructure):
3634         (JSC::JSGlobalObject::functionNameScopeStructure):
3635         (JSC::JSGlobalObject::directArgumentsStructure):
3636         (JSC::JSGlobalObject::scopedArgumentsStructure):
3637         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
3638         * runtime/JSNameScope.cpp:
3639         (JSC::JSNameScope::create):
3640         (JSC::JSNameScope::toThis):
3641         * runtime/JSNameScope.h:
3642         * runtime/JSObject.cpp:
3643         (JSC::JSObject::toThis):
3644         (JSC::JSObject::isFunctionNameScopeObject):
3645         (JSC::JSObject::isCatchScopeObject): Deleted.
3646         * runtime/JSObject.h:
3647         * runtime/JSScope.cpp:
3648         (JSC::JSScope::collectVariablesUnderTDZ):
3649         (JSC::JSScope::isLexicalScope):
3650         (JSC::JSScope::isCatchScope):
3651         (JSC::resolveModeName):
3652         * runtime/JSScope.h:
3653         * runtime/SymbolTable.cpp:
3654         (JSC::SymbolTable::SymbolTable):
3655         (JSC::SymbolTable::cloneScopePart):
3656         * runtime/SymbolTable.h:
3657         * tests/stress/const-semantics.js:
3658         (.):
3659
3660 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3661
3662         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
3663         https://bugs.webkit.org/show_bug.cgi?id=147373
3664
3665         Reviewed by Mark Lam.
3666
3667         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
3668         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
3669         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
3670
3671         When converting a GetByVal to GetStack, there are three possibilities:
3672
3673         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
3674            know to have stored to the stack. For example, if we inline a function that does
3675            "arguments[42]" at a call that passes no arguments.
3676
3677         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
3678            can happen for "arguments[42]" with no inline call frame (since we don't know statically
3679            how many arguments we will be passed) or in a varargs call frame.
3680
3681         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
3682            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
3683            frame, and we know that the caller passed 42 or more arguments.
3684
3685         The way the phase handles this is it first determines that we're not in case (1). This is
3686         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
3687         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
3688         is in-bounds (i.e. case (3)).
3689
3690         But the phase was again doing a check for whether the index is in-bounds for non-varargs
3691         inline call frames even when safeToGetStack was true. That check is redundant and should be
3692         eliminated, since it makes the code confusing.
3693
3694         * dfg/DFGArgumentsEliminationPhase.cpp:
3695
3696 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3697
3698         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
3699         https://bugs.webkit.org/show_bug.cgi?id=147371
3700
3701         Reviewed by Mark Lam.
3702
3703         Two fixes:
3704
3705         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
3706           using ConflictingFlush for arguments.
3707
3708         - Assert that a GetStack never sees ConflictingFlush.
3709
3710         * dfg/DFGPutStackSinkingPhase.cpp:
3711
3712 2015-07-28  Basile Clement  <basile_clement@apple.com>
3713
3714         Misleading error message: "At least one digit must occur after a decimal point"
3715         https://bugs.webkit.org/show_bug.cgi?id=146238
3716
3717         Reviewed by Geoffrey Garen.
3718
3719         Interestingly, we had a comment explaining what this error message was
3720         about that is much clearer than the error message itself. This patch
3721         simply replaces the error message with the explanation from the
3722         comment.
3723
3724         * parser/Lexer.cpp:
3725         (JSC::Lexer<T>::lex):
3726
3727 2015-07-28  Basile Clement  <basile_clement@apple.com>
3728
3729         Simplify call linking
3730         https://bugs.webkit.org/show_bug.cgi?id=147363
3731
3732         Reviewed by Filip Pizlo.
3733
3734         Previously, we were passing both the CallLinkInfo and a
3735         (CodeSpecializationKind, RegisterPreservationMode) pair to the
3736         different call linking slow paths. However, the CallLinkInfo already
3737         has all of that information, and we don't gain anything by having them
3738         in additional static parameters - except possibly a very small
3739         performance gain in presence of inlining. However since those are
3740         already slow paths, this performance loss (if it exists) will not be
3741         visible in practice.
3742
3743         This patch removes the various specialized thunks and JIT operations
3744         for regular and polymorphic call linking with a single thunk and
3745         operation for each case. Moreover, it removes the four specialized
3746         virtual call thunks and operations with one virtual call thunk for each
3747         call link info, allowing for better branch prediction by the CPU and
3748         fixing a pre-existing FIXME.
3749
3750         * bytecode/CallLinkInfo.cpp:
3751         (JSC::CallLinkInfo::unlink):
3752         (JSC::CallLinkInfo::dummy): Deleted.
3753         * bytecode/CallLinkInfo.h:
3754         (JSC::CallLinkInfo::CallLinkInfo):
3755         (JSC::CallLinkInfo::registerPreservationMode):
3756         (JSC::CallLinkInfo::setUpCallFromFTL):
3757         (JSC::CallLinkInfo::setSlowStub):
3758         (JSC::CallLinkInfo::clearSlowStub):
3759         (JSC::CallLinkInfo::slowStub):
3760         * dfg/DFGDriver.cpp:
3761         (JSC::DFG::compileImpl):
3762         * dfg/DFGJITCompiler.cpp:
3763         (JSC::DFG::JITCompiler::link):
3764         * ftl/FTLJSCallBase.cpp:
3765         (JSC::FTL::JSCallBase::link):
3766         * jit/JITCall.cpp:
3767         (JSC::JIT::compileCallEvalSlowCase):
3768         (JSC::JIT::compileOpCall):
3769         (JSC::JIT::compileOpCallSlowCase):
3770         * jit/JITCall32_64.cpp:
3771         (JSC::JIT::compileCallEvalSlowCase):
3772         (JSC::JIT::compileOpCall):
3773         (JSC::JIT::compileOpCallSlowCase):
3774         * jit/JITOperations.cpp:
3775         * jit/JITOperations.h:
3776         (JSC::operationLinkFor): Deleted.
3777         (JSC::operationVirtualFor): Deleted.
3778         (JSC::operationLinkPolymorphicCallFor): Deleted.
3779         * jit/Repatch.cpp:
3780         (JSC::generateByIdStub):
3781         (JSC::linkSlowFor):
3782         (JSC::linkFor):
3783         (JSC::revertCall):
3784         (JSC::unlinkFor):
3785         (JSC::linkVirtualFor):
3786         (JSC::linkPolymorphicCall):
3787         * jit/Repatch.h:
3788         * jit/ThunkGenerators.cpp:
3789         (JSC::linkCallThunkGenerator):
3790         (JSC::linkPolymorphicCallThunkGenerator):
3791         (JSC::virtualThunkFor):
3792         (JSC::linkForThunkGenerator): Deleted.
3793         (JSC::linkConstructThunkGenerator): Deleted.
3794         (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
3795         (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
3796         (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
3797         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
3798         (JSC::virtualForThunkGenerator): Deleted.
3799         (JSC::virtualCallThunkGenerator): Deleted.
3800         (JSC::virtualConstructThunkGenerator): Deleted.
3801         (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
3802         (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
3803         * jit/ThunkGenerators.h:
3804         (JSC::linkThunkGeneratorFor): Deleted.
3805         (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
3806         (JSC::virtualThunkGeneratorFor): Deleted.
3807
3808 2015-07-28  Basile Clement  <basile_clement@apple.com>
3809
3810         stress/math-pow-with-constants.js fails in cloop
3811         https://bugs.webkit.org/show_bug.cgi?id=147167
3812
3813         Reviewed by Geoffrey Garen.
3814
3815         Baseline JIT, DFG and FTL are using a fast exponentiation fast path
3816         when computing Math.pow() with an integer exponent that is not taken in
3817         the LLInt (or the DFG abstract interpreter). This leads to the result
3818         of pow changing depending on the compilation tier or the fact that
3819         constant propagation kicks in, which is undesirable.
3820
3821         This patch adds the fast path to the slow operationMathPow in order to
3822         maintain an illusion of consistency.
3823
3824         * runtime/MathCommon.cpp:
3825         (JSC::operationMathPow):
3826         * tests/stress/math-pow-coherency.js: Added.
3827         (pow42):
3828         (build42AsDouble.opaqueAdd):
3829         (build42AsDouble):
3830         (powDouble42):
3831         (clobber):
3832         (pow42NoConstantFolding):
3833         (powDouble42NoConstantFolding):
3834
3835 2015-07-28  Joseph Pecoraro  <pecoraro@apple.com>
3836
3837         Web Inspector: Show Pseudo Elements in DOM Tree
3838         https://bugs.webkit.org/show_bug.cgi?id=139612
3839
3840         Reviewed by Timothy Hatcher.
3841
3842         * inspector/protocol/DOM.json:
3843         Add new properties to DOMNode if it is a pseudo element or if it has
3844         pseudo element children. Add new events for if a pseudo element is
3845         added or removed dynamically to an existing DOMNode.
3846
3847 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
3848
3849         Add logging when executable code gets deallocated
3850         https://bugs.webkit.org/show_bug.cgi?id=147355
3851
3852         Reviewed by Mark Lam.
3853
3854         * ftl/FTLJITCode.cpp:
3855         (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
3856         * jit/JITCode.cpp:
3857         (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
3858
3859 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
3860
3861         DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
3862         https://bugs.webkit.org/show_bug.cgi?id=147354
3863
3864         Reviewed by Michael Saboff.
3865
3866         If m_structure.isClobbered(), it means that we had a side effect that clobbered
3867         the abstract value but it may recover back to its original value at the next
3868         invalidation point. Since the invalidation point hasn't been reached yet, we need
3869         to conservatively treat the clobbered state as if it was top. At the invalidation
3870         point, the clobbered set will return back to being unclobbered.
3871
3872         In addition to fixing the bug, this introduces isInfinite(), which should be used
3873         in places where it's tempting to just use isTop().
3874
3875         * dfg/DFGSafeToExecute.h:
3876         (JSC::DFG::safeToExecute): Fix the bug.
3877         * dfg/DFGStructureAbstractValue.cpp:
3878         (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
3879         (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
3880         (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
3881         (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
3882         * dfg/DFGStructureAbstractValue.h:
3883         (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
3884         (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
3885         (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
3886
3887 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3888
3889         [ES6] Implement Reflect.enumerate
3890         https://bugs.webkit.org/show_bug.cgi?id=147347
3891
3892         Reviewed by Sam Weinig.
3893
3894         This patch implements Reflect.enumerate.
3895         It returns the iterator that iterates the enumerable keys of the given object.
3896         It follows the for-in's enumeration order.
3897
3898         To implement it, we write down the same logic to the for-in's enumeration code in C++.
3899
3900         * CMakeLists.txt:
3901         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3902         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3903         * JavaScriptCore.xcodeproj/project.pbxproj:
3904         * runtime/JSGlobalObject.cpp:
3905         (JSC::JSGlobalObject::init):
3906         (JSC::JSGlobalObject::visitChildren):
3907         * runtime/JSGlobalObject.h:
3908         (JSC::JSGlobalObject::propertyNameIteratorStructure):
3909         * runtime/JSPropertyNameIterator.cpp: Added.