Web Inspector: InjectedScripts should not be profiled or displayed in Timeline
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-29  Brian J. Burg  <burg@cs.washington.edu>
2
3         Web Inspector: InjectedScripts should not be profiled or displayed in Timeline
4         https://bugs.webkit.org/show_bug.cgi?id=136806
5
6         Reviewed by Timothy Hatcher.
7
8         It doesn't make sense to show profile nodes for injected scripts when profiling user content.
9         For now, omit nodes by suspending profiling before and after executing injected scripts.
10
11         * profiler/LegacyProfiler.cpp:
12         (JSC::LegacyProfiler::suspendProfiling): Added.
13         (JSC::LegacyProfiler::unsuspendProfiling): Added.
14         * profiler/LegacyProfiler.h:
15         * profiler/ProfileGenerator.cpp: Add isSuspended() flag, remove unused typedef.
16         (JSC::ProfileGenerator::ProfileGenerator):
17         (JSC::ProfileGenerator::willExecute):
18         (JSC::ProfileGenerator::didExecute):
19         * profiler/ProfileGenerator.h:
20         (JSC::ProfileGenerator::setIsSuspended): Added.
21
22 2014-09-29  Brian J. Burg  <burg@cs.washington.edu>
23
24         Web Inspector: InspectorValues should use references for out parameters
25         https://bugs.webkit.org/show_bug.cgi?id=137190
26
27         Reviewed by Joseph Pecoraro.
28
29         Use references for out parameters in asType() and getType() methods.
30         Also convert to references in some miscellaneous code where we don't
31         expect or handle null values.
32
33         Remove variants of asObject() and asArray() that return a nullable RefPtr.
34         Now, client code is forced to use out parameters and check for cast failure.
35
36         Iron out control flow in some functions and fix some style issues.
37
38         * inspector/InjectedScript.cpp:
39         (Inspector::InjectedScript::getFunctionDetails):
40         (Inspector::InjectedScript::wrapObject):
41         (Inspector::InjectedScript::wrapTable):
42         * inspector/InjectedScriptBase.cpp:
43         (Inspector::InjectedScriptBase::makeEvalCall):
44         * inspector/InjectedScriptManager.cpp:
45         (Inspector::InjectedScriptManager::injectedScriptForObjectId): Simplify control flow.
46         * inspector/InspectorBackendDispatcher.cpp:
47         (Inspector::InspectorBackendDispatcher::dispatch):
48         (Inspector::getPropertyValue):
49         (Inspector::AsMethodBridges::asInteger):
50         (Inspector::AsMethodBridges::asDouble):
51         (Inspector::AsMethodBridges::asString):
52         (Inspector::AsMethodBridges::asBoolean):
53         (Inspector::AsMethodBridges::asObject):
54         (Inspector::AsMethodBridges::asArray):
55         * inspector/InspectorProtocolTypes.h:
56         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast):
57         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::assertValueHasExpectedType):
58         * inspector/InspectorValues.cpp: Use more by-reference out parameters. Add more spacing.
59         (Inspector::InspectorValue::asBoolean):
60         (Inspector::InspectorValue::asDouble):
61         (Inspector::InspectorValue::asInteger):
62         (Inspector::InspectorValue::asString):
63         (Inspector::InspectorValue::asValue):
64         (Inspector::InspectorValue::asObject):
65         (Inspector::InspectorValue::asArray):
66         (Inspector::InspectorValue::parseJSON):
67         (Inspector::InspectorValue::toJSONString):
68         (Inspector::InspectorValue::writeJSON):
69         (Inspector::InspectorBasicValue::asBoolean):
70         (Inspector::InspectorBasicValue::asDouble):
71         (Inspector::InspectorBasicValue::asInteger):
72         (Inspector::InspectorBasicValue::writeJSON):
73         (Inspector::InspectorString::asString):
74         (Inspector::InspectorString::writeJSON):
75         (Inspector::InspectorObjectBase::asObject):
76         (Inspector::InspectorObjectBase::openAccessors):
77         (Inspector::InspectorObjectBase::getBoolean):
78         (Inspector::InspectorObjectBase::getString):
79         (Inspector::InspectorObjectBase::getObject):
80         (Inspector::InspectorObjectBase::getArray):
81         (Inspector::InspectorObjectBase::writeJSON):
82         (Inspector::InspectorArrayBase::asArray):
83         (Inspector::InspectorArrayBase::writeJSON):
84         * inspector/InspectorValues.h:
85         * inspector/agents/InspectorDebuggerAgent.cpp:
86         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
87         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
88         (Inspector::parseLocation):
89         (Inspector::InspectorDebuggerAgent::setBreakpoint):
90         (Inspector::InspectorDebuggerAgent::continueToLocation):
91         (Inspector::InspectorDebuggerAgent::didParseSource):
92         * inspector/agents/InspectorRuntimeAgent.cpp:
93         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
94         * inspector/scripts/codegen/generate_protocol_types_implementation.py:
95         (ProtocolTypesImplementationGenerator):
96         (ProtocolTypesImplementationGenerator._generate_assertion_for_enum):
97         * inspector/scripts/codegen/generator_templates.py:
98         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
99         * replay/EncodedValue.cpp:
100         (JSC::EncodedValue::asObject):
101         (JSC::EncodedValue::asArray):
102         (JSC::EncodedValue::convertTo<bool>):
103         (JSC::EncodedValue::convertTo<double>):
104         (JSC::EncodedValue::convertTo<float>):
105         (JSC::EncodedValue::convertTo<int32_t>):
106         (JSC::EncodedValue::convertTo<int64_t>):
107         (JSC::EncodedValue::convertTo<uint32_t>):
108         (JSC::EncodedValue::convertTo<uint64_t>):
109         (JSC::EncodedValue::convertTo<String>):
110
111 2014-09-29  Filip Pizlo  <fpizlo@apple.com>
112
113         DFG HasStructureProperty codegen should use one fewer registers
114         https://bugs.webkit.org/show_bug.cgi?id=137235
115
116         Reviewed by Andreas Kling.
117         
118         This was an obvious source of inefficiency and it was causing us to run out of registers on
119         x86-32.
120
121         * dfg/DFGSpeculativeJIT32_64.cpp:
122         (JSC::DFG::SpeculativeJIT::compile):
123         * dfg/DFGSpeculativeJIT64.cpp:
124         (JSC::DFG::SpeculativeJIT::compile):
125
126 2014-09-29  Filip Pizlo  <fpizlo@apple.com>
127
128         Don't use GPRResult unless you're flushing registers and making a runtime function call
129         https://bugs.webkit.org/show_bug.cgi?id=137234
130
131         Rubber stamped by Andreas Kling.
132
133         Rename GPRResult to GPRFlushedCallResult, in an attempt to dissuade people from using it for results in the
134         general case.
135         
136         Replace GPRResult with GPRTemporary in those places where it was causing bugs: particularly in GetDirectPname it
137         would cause us to spill the register that has the base, and the code was assuming (rightly) that the base and the
138         result were in different registers. That's a valid assumption when using GPRTemporary but not with GPRResult.
139         Also this code wasn't getting any benefit from using GPRResult because it wasn't doing flushRegisters().
140         
141         I don't know how to test this. A test would require setting up a particularly awkward register allocation state.
142         
143         * dfg/DFGSpeculativeJIT.cpp:
144         (JSC::DFG::SpeculativeJIT::compileIn):
145         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
146         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
147         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
148         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
149         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
150         (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
151         * dfg/DFGSpeculativeJIT.h:
152         (JSC::DFG::GPRFlushedCallResult::GPRFlushedCallResult):
153         (JSC::DFG::GPRFlushedCallResult2::GPRFlushedCallResult2):
154         (JSC::DFG::GPRResult::GPRResult): Deleted.
155         (JSC::DFG::GPRResult2::GPRResult2): Deleted.
156         * dfg/DFGSpeculativeJIT32_64.cpp:
157         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
158         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
159         (JSC::DFG::SpeculativeJIT::emitCall):
160         (JSC::DFG::SpeculativeJIT::compile):
161         * dfg/DFGSpeculativeJIT64.cpp:
162         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
163         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
164         (JSC::DFG::SpeculativeJIT::emitCall):
165         (JSC::DFG::SpeculativeJIT::compile):
166         (JSC::DFG::SpeculativeJIT::speculateDoubleRepMachineInt):
167
168 2014-09-29  Diego Pino Garcia  <dpino@igalia.com>
169
170         Missing changes from r174049
171         https://bugs.webkit.org/show_bug.cgi?id=137206
172
173         Reviewed by Darin Adler.
174
175         * runtime/CommonIdentifiers.h:
176
177 2014-09-28  Diego Pino Garcia  <dpino@igalia.com>
178
179         Simple ES6 feature: Number constructor extras
180         https://bugs.webkit.org/show_bug.cgi?id=131707
181
182         Reviewed by Darin Adler.
183
184         * runtime/CommonIdentifiers.h:
185         * runtime/NumberConstructor.cpp:
186         (JSC::NumberConstructor::finishCreation): Setup constants and
187         functions.
188         (JSC::numberConstructorFuncIsFinite): Added.
189         (JSC::numberConstructorFuncIsInteger): Added.
190         (JSC::numberConstructorFuncIsNaN): Added.
191         (JSC::numberConstructorFuncIsSafeInteger): Added.
192         (JSC::NumberConstructor::getOwnPropertySlot): Deleted.
193         (JSC::numberConstructorNaNValue): Deleted.
194         (JSC::numberConstructorNegInfinity): Deleted.
195         (JSC::numberConstructorPosInfinity): Deleted.
196         (JSC::numberConstructorMaxValue): Deleted.
197         (JSC::numberConstructorMinValue): Deleted.
198         * runtime/NumberConstructor.h:
199
200 2014-09-26  Filip Pizlo  <fpizlo@apple.com>
201
202         Disable function.arguments
203         https://bugs.webkit.org/show_bug.cgi?id=137167
204
205         Rubber stamped by Geoffrey Garen.
206         
207         Add an option to disable function.arguments. Add a test for disabling it.
208         
209         Disabling function.arguments means that it returns an Arguments object that claims that
210         there were zero arguments. All other Arguments functionality still works, so any code
211         that tries to inspect this object will still think that it is looking at a perfectly
212         valid Arguments object.
213         
214         This also makes function.arguments disabled by default. Note that the RJST harness will
215         enable them by default, to continue to get test coverage for the code that implements
216         the feature.
217         
218         We will rip out that code once we're confident that it's really safe to remove this
219         feature. Only once we rip out that support will we be able to do optimizations to
220         leverage the lack of this feature. It's important to keep the support code, and the test
221         infrastructure, in place before we are confident. The logic to keep this working touches
222         the entire compiler and a large chunk of the runtime, so reimplementing it - or even
223         merging it back in - would be a nightmare. That's also basically the reason why we want
224         to rip it out if at all possible. It's a lot of terrible code.
225
226         * interpreter/StackVisitor.cpp:
227         (JSC::StackVisitor::Frame::createArguments):
228         * runtime/Arguments.h:
229         (JSC::Arguments::create):
230         (JSC::Arguments::finishCreation):
231         * runtime/Options.h:
232         * tests/stress/disable-function-dot-arguments.js: Added.
233         (foo):
234         (bar):
235
236 2014-09-26  Joseph Pecoraro  <pecoraro@apple.com>
237
238         Web Inspector: Automatic Inspection should continue once all breakpoints are loaded
239         https://bugs.webkit.org/show_bug.cgi?id=137038
240
241         Reviewed by Timothy Hatcher.
242
243         Add a new protocol command "Inspector.initialized" that signifies to the backend
244         when the frontend has sent all its initialization messages to the backend. This
245         can include information like breakpoints, which we would want to have loaded
246         before any JavaScript evaluates in the context.
247
248         * inspector/protocol/InspectorDomain.json:
249         New protocol command, Inspector.initialized.
250
251         * inspector/agents/InspectorAgent.h:
252         * inspector/agents/InspectorAgent.cpp:
253         (Inspector::InspectorAgent::InspectorAgent):
254         (Inspector::InspectorAgent::initialized):
255         Tell the InspectorEnvironment (the Controller) the frontend has initialized.
256
257         * inspector/InspectorEnvironment.h:
258         Abstract virtual method to handle frontend initialization. To be
259         implemented by all of the InspectorControllers.
260
261         * inspector/JSGlobalObjectInspectorController.h:
262         * inspector/JSGlobalObjectInspectorController.cpp:
263         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
264         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
265         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
266         (Inspector::JSGlobalObjectInspectorController::frontendInitialized):
267         When a frontend is initialized, if it was automatic inspection unpause the debuggable.
268
269         * inspector/remote/RemoteInspectorDebuggable.cpp:
270         (Inspector::RemoteInspectorDebuggable::unpauseForInitializedInspector):
271         Complete setup for this debuggable.
272
273         * inspector/remote/RemoteInspectorDebuggable.h:
274         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
275         (Inspector::RemoteInspectorDebuggableConnection::setup):
276         Move the setup complete to later, when the frontend sends an "initialized" message.
277
278         * inspector/remote/RemoteInspector.h:
279         * inspector/remote/RemoteInspector.mm:
280         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
281         Provide a longer timeout now that the frontend must send messages after the connection
282         has established. The longest I have seen in  600ms, but the average tends to be 200ms.
283         So bump the timeout to 800ms for a buffer.
284
285         (Inspector::RemoteInspector::setupSucceeded): Deleted.
286         (Inspector::RemoteInspector::setupCompleted):
287         Rename, as this happens at a slightly different time.
288
289 2014-09-26  Filip Pizlo  <fpizlo@apple.com>
290
291         DFG shouldn't insert store barriers when it has it on good authority that we're not storing a cell
292         https://bugs.webkit.org/show_bug.cgi?id=137161
293
294         Reviewed by Mark Hahnenberg.
295         
296         This looks like a 1% Octane speed-up.
297
298         * bytecode/SpeculatedType.h:
299         (JSC::isNotCellSpeculation):
300         * dfg/DFGFixupPhase.cpp:
301         (JSC::DFG::FixupPhase::fixupNode):
302         (JSC::DFG::FixupPhase::insertStoreBarrier):
303         (JSC::DFG::FixupPhase::insertCheck):
304         * dfg/DFGNode.h:
305         (JSC::DFG::Node::shouldSpeculateNotCell):
306
307 2014-09-26  Peter Varga  <pvarga@webkit.org>
308
309         Fix typo in YARR at BOL check
310         https://bugs.webkit.org/show_bug.cgi?id=137144
311
312         Reviewed by Darin Adler.
313
314         * yarr/YarrPattern.cpp: replace bitwise and operator by logical and
315         (JSC::Yarr::YarrPatternConstructor::assertionBOL):
316
317 2014-09-25  Saam Barati  <saambarati1@gmail.com>
318
319         Web Inspector: console.assert(bitString) TypeSet:50 
320         https://bugs.webkit.org/show_bug.cgi?id=137051
321
322         Reviewed by Joseph Pecoraro.
323
324         This patch creates stricter requirements on a TypeDescription
325         being valid. To be valid, a TypeDescription now ensures that 
326         the TypeSet it describes has non null type information.
327
328         * inspector/agents/InspectorRuntimeAgent.cpp:
329         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
330         * runtime/TypeSet.h:
331         (JSC::TypeSet::isEmpty):
332
333 2014-09-25  Filip Pizlo  <fpizlo@apple.com>
334
335         FTL should sink object allocations
336         https://bugs.webkit.org/show_bug.cgi?id=136330
337
338         Reviewed by Oliver Hunt.
339         
340         This adds a comprehensive infrastructure for sinking object allocations in DFG SSA form. The
341         ultimate goal of sinking is to sink an allocation "past the points of its death" - i.e. to
342         eliminate it completely. The way sinking reasons about the CFG means that it resembles a
343         partial escape analysis: we create paths through a function where some allocation(s) don't
344         have to be done at all even if there are other paths along which those allocations still have
345         to happen. But it also produces other side benefits. Even if an allocation isn't eliminated
346         along any path, the act of sinking reduces the number of barriers that have to execute.
347         
348         Because this was a fairly ambituous SSA analysis and transformation, I added a bunch of C++11
349         sugar to the DFG's internal APIs to allow for easier iteration over blocks, nodes, and
350         successors; and to add more functor goodness to allow for more lambdas.
351         
352         This is just the beginning. The bug has a bunch of other bugs that depend on it. So far this
353         is a spectacular speed-up on microbenchmarks but it's still too limited to affect big
354         benchmarks. For example, doing o == p makes the sinking phase think that o and p escape.
355         That's just an omission and there are likely others; we can easily fix them. I think it's
356         best to land it in its current form and then to worry about the big benchmarks in subsequent
357         work (see bug 137126).
358
359         * CMakeLists.txt:
360         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
361         * JavaScriptCore.xcodeproj/project.pbxproj:
362         * bytecode/StructureSet.h:
363         (JSC::StructureSet::iterator::iterator):
364         (JSC::StructureSet::iterator::operator*):
365         (JSC::StructureSet::iterator::operator++):
366         (JSC::StructureSet::iterator::operator==):
367         (JSC::StructureSet::iterator::operator!=):
368         (JSC::StructureSet::begin):
369         (JSC::StructureSet::end):
370         * dfg/DFGAbstractInterpreter.h:
371         (JSC::DFG::AbstractInterpreter::phiChildren):
372         * dfg/DFGAbstractInterpreterInlines.h:
373         (JSC::DFG::AbstractInterpreter<AbstractStateType>::AbstractInterpreter):
374         (JSC::DFG::AbstractInterpreter<AbstractStateType>::startExecuting):
375         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
376         (JSC::DFG::AbstractInterpreter<AbstractStateType>::execute):
377         * dfg/DFGAvailability.h:
378         (JSC::DFG::Availability::shouldUseNode):
379         (JSC::DFG::Availability::isFlushUseful):
380         (JSC::DFG::Availability::isDead):
381         (JSC::DFG::Availability::operator!=):
382         * dfg/DFGAvailabilityMap.cpp: Added.
383         (JSC::DFG::AvailabilityMap::prune):
384         (JSC::DFG::AvailabilityMap::clear):
385         (JSC::DFG::AvailabilityMap::dump):
386         (JSC::DFG::AvailabilityMap::operator==):
387         (JSC::DFG::AvailabilityMap::merge):
388         * dfg/DFGAvailabilityMap.h: Added.
389         (JSC::DFG::AvailabilityMap::forEachAvailability):
390         * dfg/DFGBasicBlock.cpp:
391         (JSC::DFG::BasicBlock::SSAData::SSAData):
392         * dfg/DFGBasicBlock.h:
393         (JSC::DFG::BasicBlock::begin):
394         (JSC::DFG::BasicBlock::end):
395         (JSC::DFG::BasicBlock::SuccessorsIterable::SuccessorsIterable):
396         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::iterator):
397         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator*):
398         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator++):
399         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator==):
400         (JSC::DFG::BasicBlock::SuccessorsIterable::iterator::operator!=):
401         (JSC::DFG::BasicBlock::SuccessorsIterable::begin):
402         (JSC::DFG::BasicBlock::SuccessorsIterable::end):
403         (JSC::DFG::BasicBlock::successors):
404         * dfg/DFGClobberize.h:
405         (JSC::DFG::clobberize):
406         * dfg/DFGConstantFoldingPhase.cpp:
407         (JSC::DFG::ConstantFoldingPhase::foldConstants):
408         * dfg/DFGDoesGC.cpp:
409         (JSC::DFG::doesGC):
410         * dfg/DFGFixupPhase.cpp:
411         (JSC::DFG::FixupPhase::fixupNode):
412         * dfg/DFGFlushedAt.cpp:
413         (JSC::DFG::FlushedAt::dump):
414         * dfg/DFGFlushedAt.h:
415         (JSC::DFG::FlushedAt::FlushedAt):
416         * dfg/DFGGraph.cpp:
417         (JSC::DFG::Graph::dump):
418         (JSC::DFG::Graph::dumpBlockHeader):
419         (JSC::DFG::Graph::mergeRelevantToOSR):
420         (JSC::DFG::Graph::invalidateCFG):
421         * dfg/DFGGraph.h:
422         (JSC::DFG::Graph::NaturalBlockIterable::NaturalBlockIterable):
423         (JSC::DFG::Graph::NaturalBlockIterable::iterator::iterator):
424         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator*):
425         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator++):
426         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator==):
427         (JSC::DFG::Graph::NaturalBlockIterable::iterator::operator!=):
428         (JSC::DFG::Graph::NaturalBlockIterable::iterator::findNext):
429         (JSC::DFG::Graph::NaturalBlockIterable::begin):
430         (JSC::DFG::Graph::NaturalBlockIterable::end):
431         (JSC::DFG::Graph::blocksInNaturalOrder):
432         (JSC::DFG::Graph::doToChildrenWithNode):
433         (JSC::DFG::Graph::doToChildren):
434         * dfg/DFGHeapLocation.cpp:
435         (WTF::printInternal):
436         * dfg/DFGHeapLocation.h:
437         * dfg/DFGInsertOSRHintsForUpdate.cpp: Added.
438         (JSC::DFG::insertOSRHintsForUpdate):
439         * dfg/DFGInsertOSRHintsForUpdate.h: Added.
440         * dfg/DFGInsertionSet.h:
441         (JSC::DFG::InsertionSet::graph):
442         * dfg/DFGMayExit.cpp:
443         (JSC::DFG::mayExit):
444         * dfg/DFGNode.h:
445         (JSC::DFG::Node::convertToPutByOffsetHint):
446         (JSC::DFG::Node::convertToPutStructureHint):
447         (JSC::DFG::Node::convertToPhantomNewObject):
448         (JSC::DFG::Node::isCellConstant):
449         (JSC::DFG::Node::castConstant):
450         (JSC::DFG::Node::hasIdentifier):
451         (JSC::DFG::Node::hasStorageAccessData):
452         (JSC::DFG::Node::hasObjectMaterializationData):
453         (JSC::DFG::Node::objectMaterializationData):
454         (JSC::DFG::Node::isPhantomObjectAllocation):
455         * dfg/DFGNodeType.h:
456         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
457         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
458         (JSC::DFG::LocalOSRAvailabilityCalculator::endBlock):
459         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
460         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
461         * dfg/DFGObjectAllocationSinkingPhase.cpp: Added.
462         (JSC::DFG::ObjectAllocationSinkingPhase::ObjectAllocationSinkingPhase):
463         (JSC::DFG::ObjectAllocationSinkingPhase::run):
464         (JSC::DFG::ObjectAllocationSinkingPhase::performSinking):
465         (JSC::DFG::ObjectAllocationSinkingPhase::determineMaterializationPoints):
466         (JSC::DFG::ObjectAllocationSinkingPhase::placeMaterializationPoints):
467         (JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
468         (JSC::DFG::ObjectAllocationSinkingPhase::promoteSunkenFields):
469         (JSC::DFG::ObjectAllocationSinkingPhase::resolve):
470         (JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
471         (JSC::DFG::ObjectAllocationSinkingPhase::createMaterialize):
472         (JSC::DFG::ObjectAllocationSinkingPhase::populateMaterialize):
473         (JSC::DFG::performObjectAllocationSinking):
474         * dfg/DFGObjectAllocationSinkingPhase.h: Added.
475         * dfg/DFGObjectMaterializationData.cpp: Added.
476         (JSC::DFG::PhantomPropertyValue::dump):
477         (JSC::DFG::ObjectMaterializationData::dump):
478         (JSC::DFG::ObjectMaterializationData::oneWaySimilarityScore):
479         (JSC::DFG::ObjectMaterializationData::similarityScore):
480         * dfg/DFGObjectMaterializationData.h: Added.
481         (JSC::DFG::PhantomPropertyValue::PhantomPropertyValue):
482         (JSC::DFG::PhantomPropertyValue::operator==):
483         * dfg/DFGPhantomCanonicalizationPhase.cpp:
484         (JSC::DFG::PhantomCanonicalizationPhase::run):
485         * dfg/DFGPhantomRemovalPhase.cpp:
486         (JSC::DFG::PhantomRemovalPhase::run):
487         * dfg/DFGPhiChildren.cpp: Added.
488         (JSC::DFG::PhiChildren::PhiChildren):
489         (JSC::DFG::PhiChildren::~PhiChildren):
490         (JSC::DFG::PhiChildren::upsilonsOf):
491         * dfg/DFGPhiChildren.h: Added.
492         (JSC::DFG::PhiChildren::forAllIncomingValues):
493         (JSC::DFG::PhiChildren::forAllTransitiveIncomingValues):
494         * dfg/DFGPlan.cpp:
495         (JSC::DFG::Plan::compileInThreadImpl):
496         * dfg/DFGPrePostNumbering.cpp: Added.
497         (JSC::DFG::PrePostNumbering::PrePostNumbering):
498         (JSC::DFG::PrePostNumbering::~PrePostNumbering):
499         (JSC::DFG::PrePostNumbering::compute):
500         (WTF::printInternal):
501         * dfg/DFGPrePostNumbering.h: Added.
502         (JSC::DFG::PrePostNumbering::preNumber):
503         (JSC::DFG::PrePostNumbering::postNumber):
504         (JSC::DFG::PrePostNumbering::isStrictAncestorOf):
505         (JSC::DFG::PrePostNumbering::isAncestorOf):
506         (JSC::DFG::PrePostNumbering::isStrictDescendantOf):
507         (JSC::DFG::PrePostNumbering::isDescendantOf):
508         (JSC::DFG::PrePostNumbering::edgeKind):
509         * dfg/DFGPredictionPropagationPhase.cpp:
510         (JSC::DFG::PredictionPropagationPhase::propagate):
511         * dfg/DFGPromoteHeapAccess.h: Added.
512         (JSC::DFG::promoteHeapAccess):
513         * dfg/DFGPromotedHeapLocation.cpp: Added.
514         (JSC::DFG::PromotedLocationDescriptor::dump):
515         (JSC::DFG::PromotedHeapLocation::createHint):
516         (JSC::DFG::PromotedHeapLocation::dump):
517         (WTF::printInternal):
518         * dfg/DFGPromotedHeapLocation.h: Added.
519         (JSC::DFG::PromotedLocationDescriptor::PromotedLocationDescriptor):
520         (JSC::DFG::PromotedLocationDescriptor::operator!):
521         (JSC::DFG::PromotedLocationDescriptor::kind):
522         (JSC::DFG::PromotedLocationDescriptor::info):
523         (JSC::DFG::PromotedLocationDescriptor::hash):
524         (JSC::DFG::PromotedLocationDescriptor::operator==):
525         (JSC::DFG::PromotedLocationDescriptor::operator!=):
526         (JSC::DFG::PromotedLocationDescriptor::isHashTableDeletedValue):
527         (JSC::DFG::PromotedHeapLocation::PromotedHeapLocation):
528         (JSC::DFG::PromotedHeapLocation::operator!):
529         (JSC::DFG::PromotedHeapLocation::kind):
530         (JSC::DFG::PromotedHeapLocation::base):
531         (JSC::DFG::PromotedHeapLocation::info):
532         (JSC::DFG::PromotedHeapLocation::descriptor):
533         (JSC::DFG::PromotedHeapLocation::hash):
534         (JSC::DFG::PromotedHeapLocation::operator==):
535         (JSC::DFG::PromotedHeapLocation::isHashTableDeletedValue):
536         (JSC::DFG::PromotedHeapLocationHash::hash):
537         (JSC::DFG::PromotedHeapLocationHash::equal):
538         * dfg/DFGSSACalculator.cpp:
539         (JSC::DFG::SSACalculator::reset):
540         * dfg/DFGSSACalculator.h:
541         * dfg/DFGSafeToExecute.h:
542         (JSC::DFG::safeToExecute):
543         * dfg/DFGSpeculativeJIT.cpp:
544         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
545         * dfg/DFGSpeculativeJIT32_64.cpp:
546         (JSC::DFG::SpeculativeJIT::compile):
547         * dfg/DFGSpeculativeJIT64.cpp:
548         (JSC::DFG::SpeculativeJIT::compile):
549         * dfg/DFGStructureRegistrationPhase.cpp:
550         (JSC::DFG::StructureRegistrationPhase::run):
551         * dfg/DFGValidate.cpp:
552         (JSC::DFG::Validate::validate):
553         * ftl/FTLCapabilities.cpp:
554         (JSC::FTL::canCompile):
555         * ftl/FTLExitPropertyValue.cpp: Added.
556         (JSC::FTL::ExitPropertyValue::dump):
557         * ftl/FTLExitPropertyValue.h: Added.
558         (JSC::FTL::ExitPropertyValue::ExitPropertyValue):
559         (JSC::FTL::ExitPropertyValue::operator!):
560         (JSC::FTL::ExitPropertyValue::location):
561         (JSC::FTL::ExitPropertyValue::value):
562         * ftl/FTLExitTimeObjectMaterialization.cpp: Added.
563         (JSC::FTL::ExitTimeObjectMaterialization::ExitTimeObjectMaterialization):
564         (JSC::FTL::ExitTimeObjectMaterialization::~ExitTimeObjectMaterialization):
565         (JSC::FTL::ExitTimeObjectMaterialization::add):
566         (JSC::FTL::ExitTimeObjectMaterialization::get):
567         (JSC::FTL::ExitTimeObjectMaterialization::dump):
568         * ftl/FTLExitTimeObjectMaterialization.h: Added.
569         (JSC::FTL::ExitTimeObjectMaterialization::type):
570         (JSC::FTL::ExitTimeObjectMaterialization::properties):
571         * ftl/FTLExitValue.cpp:
572         (JSC::FTL::ExitValue::materializeNewObject):
573         (JSC::FTL::ExitValue::dumpInContext):
574         * ftl/FTLExitValue.h:
575         (JSC::FTL::ExitValue::isObjectMaterialization):
576         (JSC::FTL::ExitValue::objectMaterialization):
577         (JSC::FTL::ExitValue::withVirtualRegister):
578         (JSC::FTL::ExitValue::valueFormat):
579         * ftl/FTLLowerDFGToLLVM.cpp:
580         (JSC::FTL::LowerDFGToLLVM::compileNode):
581         (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
582         (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
583         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
584         (JSC::FTL::LowerDFGToLLVM::compileNewObject):
585         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
586         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
587         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
588         (JSC::FTL::LowerDFGToLLVM::compileCheckStructureImmediate):
589         (JSC::FTL::LowerDFGToLLVM::compileMaterializeNewObject):
590         (JSC::FTL::LowerDFGToLLVM::checkStructure):
591         (JSC::FTL::LowerDFGToLLVM::allocateCell):
592         (JSC::FTL::LowerDFGToLLVM::storeStructure):
593         (JSC::FTL::LowerDFGToLLVM::allocateObject):
594         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID):
595         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
596         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
597         (JSC::FTL::LowerDFGToLLVM::exitValueForAvailability):
598         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
599         (JSC::FTL::LowerDFGToLLVM::weakStructureID):
600         (JSC::FTL::LowerDFGToLLVM::weakStructure):
601         (JSC::FTL::LowerDFGToLLVM::availabilityMap):
602         (JSC::FTL::LowerDFGToLLVM::availability): Deleted.
603         * ftl/FTLOSRExit.h:
604         * ftl/FTLOSRExitCompiler.cpp:
605         (JSC::FTL::compileRecovery):
606         (JSC::FTL::compileStub):
607         * ftl/FTLOperations.cpp: Added.
608         (JSC::FTL::operationNewObjectWithButterfly):
609         (JSC::FTL::operationMaterializeObjectInOSR):
610         * ftl/FTLOperations.h: Added.
611         * ftl/FTLSwitchCase.h:
612         (JSC::FTL::SwitchCase::SwitchCase):
613         * runtime/JSObject.h:
614         (JSC::JSObject::finishCreation):
615         (JSC::JSFinalObject::JSFinalObject):
616         (JSC::JSFinalObject::create):
617         * runtime/Structure.cpp:
618         (JSC::Structure::canUseForAllocationsOf):
619         * runtime/Structure.h:
620         * tests/stress/elidable-new-object-roflcopter-then-exit.js: Added.
621         (sumOfArithSeries):
622         (foo):
623         * tests/stress/elide-new-object-dag-then-exit.js: Added.
624         (sumOfArithSeries):
625         (bar):
626         (verify):
627         (foo):
628         * tests/stress/obviously-elidable-new-object-then-exit.js: Added.
629         (sumOfArithSeries):
630         (foo):
631
632 2014-09-25  Brian J. Burg  <burg@cs.washington.edu>
633
634         Web Replay: Check event loop input extents during replaying too
635         https://bugs.webkit.org/show_bug.cgi?id=136316
636
637         Reviewed by Timothy Hatcher.
638
639         Sometimes we see different nondeterminism during capture and replay
640         executions, so we should add determinism checks during replay too.
641
642         Move the withinEventLoopInputExtent flag to the base class, and tighten
643         the assertion to address <http://webkit.org/b/133019>.
644
645         * replay/InputCursor.h:
646         (JSC::InputCursor::InputCursor):
647         (JSC::InputCursor::setWithinEventLoopInputExtent): Added.
648         This assertion is slightly wrong because it does not account for nested run loops.
649         We can be within two input extents when a nested run loop processes additional
650         user inputs while the debugger is paused.
651
652         This should only be the case when execution is being neither captured or
653         replayed. The debugger should not pause when capturing, and we should not replay
654         event loop inputs while in a nested run loop.
655
656         (JSC::InputCursor::withinEventLoopInputExtent): Added.
657
658 2014-09-25  Csaba Osztrogonác  <ossy@webkit.org>
659
660         Remove WinCE port from trunk
661         https://bugs.webkit.org/show_bug.cgi?id=136951
662
663         Reviewed by Alex Christensen.
664
665         * assembler/ARMAssembler.h:
666         (JSC::ARMAssembler::cacheFlush):
667         * assembler/ARMv7Assembler.h:
668         (JSC::ARMv7Assembler::cacheFlush):
669         * config.h:
670         * heap/MachineStackMarker.cpp:
671         (JSC::MachineThreads::gatherFromCurrentThread):
672         (JSC::MachineThreads::gatherFromOtherThread):
673         (JSC::swapIfBackwards): Deleted.
674         * jit/ExecutableAllocator.h:
675         * jsc.cpp:
676         (main):
677         * runtime/DateConstructor.cpp:
678         * runtime/Options.cpp:
679         (JSC::overrideOptionWithHeuristic):
680         * runtime/VM.cpp:
681         (JSC::VM::VM):
682         * testRegExp.cpp:
683         (main):
684         * tools/CodeProfiling.cpp:
685         (JSC::CodeProfiling::notifyAllocator):
686
687 2014-09-24  Brian J. Burg  <burg@cs.washington.edu>
688
689         Web Inspector: subtract elapsed time while debugger is paused from profile nodes
690         https://bugs.webkit.org/show_bug.cgi?id=136796
691
692         Reviewed by Timothy Hatcher.
693
694         Rather than accruing no time to any profile node created while the debugger is paused,
695         we can instead count a node's elapsed time and exclude time elapsed while paused.
696
697         Time for a node may elapse in a non-contiguous fashion depending on the interleaving of
698         didPause, didContinue, willExecute, and didExecute. A node's start time is set to the
699         start of the last such interval that accrues elapsed time.
700
701         * profiler/ProfileGenerator.cpp:
702         (JSC::ProfileGenerator::ProfileGenerator):
703         (JSC::ProfileGenerator::beginCallEntry):
704         (JSC::ProfileGenerator::endCallEntry):
705         (JSC::ProfileGenerator::didPause): Added.
706         (JSC::ProfileGenerator::didContinue): Added.
707         * profiler/ProfileGenerator.h:
708         (JSC::ProfileGenerator::didPause): Deleted.
709         (JSC::ProfileGenerator::didContinue): Deleted.
710         * profiler/ProfileNode.h: Rename totalTime to elapsedTime.
711         (JSC::ProfileNode::Call::Call):
712         (JSC::ProfileNode::Call::elapsedTime): Added.
713         (JSC::ProfileNode::Call::setElapsedTime): Added.
714         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
715         (JSC::ProfileNode::Call::totalTime): Deleted.
716         (JSC::ProfileNode::Call::setTotalTime): Deleted.
717
718 2014-09-24  Commit Queue  <commit-queue@webkit.org>
719
720         Unreviewed, rolling out r173839.
721         https://bugs.webkit.org/show_bug.cgi?id=137062
722
723         NumberConstruct should no longer use static tables (Requested
724         by dpino on #webkit).
725
726         Reverted changeset:
727
728         "Simple ES6 feature: Number constructor extras"
729         https://bugs.webkit.org/show_bug.cgi?id=131707
730         http://trac.webkit.org/changeset/173839
731
732 2014-09-23  Mark Lam  <mark.lam@apple.com>
733
734         DebuggerCallFrame::invalidate() should invalidate all DebuggerScope chains.
735         <https://webkit.org/b/137045>
736
737         Reviewed by Geoffrey Garen.
738
739         DebuggerCallFrame::invalidate() currently invalidates all DebuggerCallFrames
740         in the debugger stack, but only invalidates the DebuggerScope chain of the
741         top most frame.  We should also invalidate all the DebuggerScope chains of
742         the other frames in the debugger stack.
743
744         * debugger/DebuggerCallFrame.cpp:
745         (JSC::DebuggerCallFrame::invalidate):
746         * debugger/DebuggerScope.cpp:
747         (JSC::DebuggerScope::invalidateChain):
748
749 2014-09-23  Mark Lam  <mark.lam@apple.com>
750
751         Renamed DebuggerCallFrameScope to DebuggerPausedScope.
752         <https://webkit.org/b/137042>
753
754         Reviewed by Michael Saboff.
755
756         DebuggerPausedScope is a better name for this data structure because it
757         is meant for tracking the period within which the debugger is paused,
758         and doing clean ups after the pause ends.
759
760         * debugger/Debugger.cpp:
761         (JSC::DebuggerPausedScope::DebuggerPausedScope):
762         (JSC::DebuggerPausedScope::~DebuggerPausedScope):
763         (JSC::Debugger::pauseIfNeeded):
764         (JSC::DebuggerCallFrameScope::DebuggerCallFrameScope): Deleted.
765         (JSC::DebuggerCallFrameScope::~DebuggerCallFrameScope): Deleted.
766         * debugger/Debugger.h:
767         * debugger/DebuggerCallFrame.h:
768
769 2014-09-23  Tomas Popela  <tpopela@redhat.com>
770
771         [CLoop] - Fix CLoop on the 32-bit Big-Endians
772         https://bugs.webkit.org/show_bug.cgi?id=137020
773
774         Reviewed by Mark Lam.
775
776         * llint/LowLevelInterpreter.asm:
777         * llint/LowLevelInterpreter32_64.asm:
778
779 2014-09-23  Joseph Pecoraro  <pecoraro@apple.com>
780
781         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
782         https://bugs.webkit.org/show_bug.cgi?id=136893
783
784         Reviewed by Timothy Hatcher.
785
786         Adds new remote inspector protocol handling for automatic inspection.
787         Debuggers can signal they have enabled automatic inspection, and
788         when debuggables are created the current application will pause to
789         see if the debugger will inspect or decline to inspect the debuggable.
790
791         * inspector/remote/RemoteInspectorConstants.h:
792         * inspector/remote/RemoteInspector.h:
793         * inspector/remote/RemoteInspector.mm:
794         (Inspector::globalAutomaticInspectionState):
795         (Inspector::RemoteInspector::RemoteInspector):
796         (Inspector::RemoteInspector::start):
797         When first starting, check the global "is there an auto-inspect" debugger state.
798         This is necessary so that the current application knows if it should pause or
799         not when a debuggable is created, even without having connected to webinspectord yet.
800
801         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
802         When a debuggable has enabled remote inspection, take this path to propose
803         it as an automatic inspection candidate if there is an auto-inspect debugger.
804
805         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
806         Send the automatic inspection candidate message.
807
808         (Inspector::RemoteInspector::receivedSetupMessage):
809         (Inspector::RemoteInspector::setupFailed):
810         (Inspector::RemoteInspector::setupSucceeded):
811         After attempting to open an inspector, unpause if it was for the
812         automatic inspection candidate.
813
814         (Inspector::RemoteInspector::waitingForAutomaticInspection):
815         When running a nested runloop, check if we should remain paused.
816
817         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
818         If by the time we connect to webinspectord we have a candidate, then
819         immediately send the candidate message.
820
821         (Inspector::RemoteInspector::stopInternal):
822         (Inspector::RemoteInspector::xpcConnectionFailed):
823         In error cases, clear our state.
824
825         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
826         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
827         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
828         Update state when receiving new messages.
829
830
831         * inspector/remote/RemoteInspectorDebuggable.h:
832         * inspector/remote/RemoteInspectorDebuggable.cpp:
833         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
834         Special case when a debuggable is newly allowed to be debuggable.
835
836         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
837         Run a nested run loop while this is an automatic inspection candidate.
838
839         * inspector/JSGlobalObjectInspectorController.h:
840         * inspector/JSGlobalObjectInspectorController.cpp:
841         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
842         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
843         When the inspector starts via automatic inspection automatically pause.
844         We plan on removing this condition by having the frontend signal to the
845         backend when it is completely initialized.
846         
847         * inspector/remote/RemoteInspectorDebuggableConnection.h:
848         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
849         (Inspector::RemoteInspectorDebuggableConnection::setup):
850         Pass on the flag of whether or not this was automatic inspection.
851
852         * runtime/JSGlobalObjectDebuggable.h:
853         * runtime/JSGlobalObjectDebuggable.cpp:
854         (JSC::JSGlobalObjectDebuggable::connect):
855         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
856         When pausing in a JSGlobalObject we need to release the API lock.
857
858 2014-09-22  Filip Pizlo  <fpizlo@apple.com>
859
860         FTL allocatePropertyStorage code should involve less copy-paste
861         https://bugs.webkit.org/show_bug.cgi?id=137006
862
863         Reviewed by Michael Saboff.
864
865         * ftl/FTLLowerDFGToLLVM.cpp:
866         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
867         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
868         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorageWithSizeImpl):
869
870 2014-09-22  Diego Pino Garcia  <dpino@igalia.com>
871
872         Simple ES6 feature: Number constructor extras
873         https://bugs.webkit.org/show_bug.cgi?id=131707
874
875         Reviewed by Darin Adler.
876
877         * runtime/CommonIdentifiers.h: Added new identifiers.
878         * runtime/NumberConstructor.cpp:
879         (JSC::NumberConstructor::getOwnPropertySlot):
880         (JSC::NumberConstructor::isFunction): Added.
881         (JSC::numberConstructorEpsilonValue): Added.
882         (JSC::numberConstructorNegInfinity): Added.
883         (JSC::numberConstructorPosInfinity): Added.
884         (JSC::numberConstructorMaxValue): Added.
885         (JSC::numberConstructorMinValue): Added.
886         (JSC::numberConstructorMaxSafeInteger): Added.
887         (JSC::numberConstructorMinSafeInteger): Added.
888         (JSC::numberConstructorFuncIsFinite): Added.
889         (JSC::numberConstructorFuncIsInteger): Added.
890         (JSC::numberConstructorFuncIsNaN): Added.
891         (JSC::numberConstructorFuncIsSafeInteger): Added.
892         * runtime/NumberConstructor.h:
893
894 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
895
896         FTL should store the four bytes of the cell header using a 32-bit store rather than four 8-bit stores
897         https://bugs.webkit.org/show_bug.cgi?id=136992
898
899         Reviewed by Sam Weinig.
900         
901         LLVM ought to be able to do this optimization for us given how the code was written, but
902         any such lower-level attempts to optimize this would get into trouble with the weird
903         object materialization logic I'll be introducing in bug 136330. So, this brings the
904         merging of the byte stores into the FTL lowering so that we can control it explicitly.
905
906         * ftl/FTLAbstractHeap.h:
907         (JSC::FTL::AbstractHeap::changeParent):
908         * ftl/FTLAbstractHeapRepository.cpp:
909         (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
910         * ftl/FTLAbstractHeapRepository.h:
911         * ftl/FTLLowerDFGToLLVM.cpp:
912         (JSC::FTL::LowerDFGToLLVM::allocateCell):
913
914 2014-09-21  Saam Barati  <saambarati1@gmail.com>
915
916         Web Inspector: fix TypeSet hierarchy in TypeTokenView
917         https://bugs.webkit.org/show_bug.cgi?id=136982
918
919         Reviewed by Joseph Pecoraro.
920
921         TypeSet was computing the set of type booleans in the Inspector::Protocol::Runtime::TypeSet 
922         object incorrectly because it was calling TypeSet::doesTypeConformTo(T) which checks if the 
923         type set has only been of type T. It now checks '(m_seenTypes & T) != TypeNothing' to see 
924         if type T is in the set of seen types, but not the entire set itself.
925
926         * runtime/TypeSet.cpp:
927         (JSC::TypeSet::inspectorTypeSet):
928
929 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
930
931         Structure should have a method for concurrently getting all of the property map entries, and this method shouldn't involve copy-paste
932         https://bugs.webkit.org/show_bug.cgi?id=136983
933
934         Reviewed by Mark Hahnenberg.
935
936         * runtime/PropertyMapHashTable.h:
937         (JSC::PropertyMapEntry::PropertyMapEntry): Moved PropertyMapEntry struct to Structure.h so that Structure can refer to it.
938         * runtime/Structure.cpp:
939         (JSC::Structure::getConcurrently): Switch to using the new forEachPropertyConcurrently() method.
940         (JSC::Structure::getPropertiesConcurrently): The subject of this patch. It will be useful for object allocation sinking (bug 136330).
941         (JSC::Structure::dump): Switch to using the new forEachPropertyConcurrently() method.
942         * runtime/Structure.h:
943         (JSC::PropertyMapEntry::PropertyMapEntry): Moved from PropertyMapHashTable.h.
944         * runtime/StructureInlines.h:
945         (JSC::Structure::forEachPropertyConcurrently): Capture this very common concurrent structure iteration pattern into a template method.
946
947 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
948
949         Structure::getConcurrently() doesn't need to take a VM& argument.
950
951         Rubber stamped by Dan Bernstein.
952         
953         Removed the extra argument, and then removed similar arguments from other methods until
954         I could build successfully again. It turned out that many methods took a VM& argument
955         just for calling getConcurrently().
956
957         * bytecode/CodeBlock.cpp:
958         (JSC::dumpStructure):
959         (JSC::dumpChain):
960         (JSC::CodeBlock::printGetByIdCacheStatus):
961         (JSC::CodeBlock::printPutByIdCacheStatus):
962         * bytecode/ComplexGetStatus.cpp:
963         (JSC::ComplexGetStatus::computeFor):
964         * bytecode/GetByIdStatus.cpp:
965         (JSC::GetByIdStatus::computeFromLLInt):
966         (JSC::GetByIdStatus::computeForStubInfo):
967         (JSC::GetByIdStatus::computeFor):
968         * bytecode/GetByIdStatus.h:
969         * bytecode/PutByIdStatus.cpp:
970         (JSC::PutByIdStatus::computeFromLLInt):
971         (JSC::PutByIdStatus::computeForStubInfo):
972         (JSC::PutByIdStatus::computeFor):
973         * bytecode/PutByIdStatus.h:
974         * dfg/DFGAbstractInterpreterInlines.h:
975         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
976         * dfg/DFGByteCodeParser.cpp:
977         (JSC::DFG::ByteCodeParser::parseBlock):
978         * dfg/DFGConstantFoldingPhase.cpp:
979         (JSC::DFG::ConstantFoldingPhase::foldConstants):
980         * dfg/DFGFixupPhase.cpp:
981         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
982         * runtime/IntendedStructureChain.cpp:
983         (JSC::IntendedStructureChain::mayInterceptStoreTo):
984         * runtime/IntendedStructureChain.h:
985         * runtime/Structure.cpp:
986         (JSC::Structure::getConcurrently):
987         * runtime/Structure.h:
988         * runtime/StructureInlines.h:
989         (JSC::Structure::getConcurrently):
990
991 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
992
993         FTL OSRExit construction should be based on methods that return ExitValues rather than methods that add ExitValues to OSRExit
994         https://bugs.webkit.org/show_bug.cgi?id=136978
995
996         Reviewed by Dean Jackson.
997
998         * ftl/FTLLowerDFGToLLVM.cpp:
999         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
1000         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
1001         (JSC::FTL::LowerDFGToLLVM::exitArgument):
1002         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): Deleted.
1003         (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument): Deleted.
1004         (JSC::FTL::LowerDFGToLLVM::addExitArgument): Deleted.
1005
1006 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
1007
1008         FTL OSR exit should do reboxing and value recovery in the same pass
1009         https://bugs.webkit.org/show_bug.cgi?id=136977
1010
1011         Reviewed by Oliver Hunt.
1012         
1013         It's conceptually simpler to have all of the logic in one place. After the
1014         recover-and-rebox loop is done, all of the exit values are in the form that the baseline
1015         JIT would want them to be in; the only remaining task is to move them into the right
1016         place on the stack after we do all of the necessary stack adjustments.
1017
1018         * ftl/FTLOSRExitCompiler.cpp:
1019         (JSC::FTL::compileStub):
1020
1021 2014-09-19  Filip Pizlo  <fpizlo@apple.com>
1022
1023         StorageAccessData should be referenced in a sensible way
1024         https://bugs.webkit.org/show_bug.cgi?id=136963
1025
1026         Reviewed and rubber stamped by Michael Saboff.
1027
1028         * dfg/DFGAbstractInterpreterInlines.h:
1029         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1030         * dfg/DFGByteCodeParser.cpp:
1031         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1032         (JSC::DFG::ByteCodeParser::handlePutByOffset):
1033         (JSC::DFG::ByteCodeParser::handlePutById):
1034         * dfg/DFGClobberize.h:
1035         (JSC::DFG::clobberize):
1036         * dfg/DFGConstantFoldingPhase.cpp:
1037         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
1038         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
1039         * dfg/DFGGraph.cpp:
1040         (JSC::DFG::Graph::dump):
1041         * dfg/DFGGraph.h:
1042         * dfg/DFGNode.h:
1043         (JSC::DFG::Node::convertToGetByOffset):
1044         (JSC::DFG::Node::convertToPutByOffset):
1045         (JSC::DFG::Node::storageAccessData):
1046         (JSC::DFG::Node::storageAccessDataIndex): Deleted.
1047         * dfg/DFGSafeToExecute.h:
1048         (JSC::DFG::safeToExecute):
1049         * dfg/DFGSpeculativeJIT32_64.cpp:
1050         (JSC::DFG::SpeculativeJIT::compile):
1051         * dfg/DFGSpeculativeJIT64.cpp:
1052         (JSC::DFG::SpeculativeJIT::compile):
1053         * ftl/FTLLowerDFGToLLVM.cpp:
1054         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
1055         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
1056
1057 2014-09-19  Ryosuke Niwa  <rniwa@webkit.org>
1058
1059         Leak of mallocs under StructureSet::OutOfLineList::create
1060         https://bugs.webkit.org/show_bug.cgi?id=136970
1061
1062         Reviewed by Filip Pizlo.
1063
1064         addOutOfLine should free the old list when expanding the capacity.
1065
1066         * bytecode/StructureSet.cpp:
1067         (JSC::StructureSet::addOutOfLine):
1068
1069 2014-09-19  Daniel Bates  <dabates@apple.com>
1070
1071         Always assume internal SDK when building configuration Production
1072         https://bugs.webkit.org/show_bug.cgi?id=136925
1073         <rdar://problem/18362399>
1074
1075         Reviewed by Dan Bernstein.
1076
1077         As a side effect of this change we will always enable ENABLE_TOUCH_EVENTS, ENABLE_IOS_{GESTURE, TOUCH}_EVENTS,
1078         and ENABLE_XSLT when either building configuration Production or building with the Internal SDK.
1079
1080         * Configurations/Base.xcconfig:
1081
1082 2014-09-19  Diego Pino Garcia  <dpino@igalia.com>
1083
1084         Simple ES6 feature:String prototype additions
1085         https://bugs.webkit.org/show_bug.cgi?id=131704
1086
1087         Reviewed by Darin Adler.
1088
1089         * runtime/StringPrototype.cpp:
1090         (JSC::StringPrototype::finishCreation):
1091         (JSC::stringProtoFuncStartsWith): Added.
1092         (JSC::stringProtoFuncEndsWith): Added.
1093         (JSC::stringProtoFuncContains): Added.
1094
1095 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
1096
1097         Unreviewed rollout r173731. Broke multiple builds.
1098
1099         * inspector/JSGlobalObjectInspectorController.cpp:
1100         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1101         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1102         * inspector/JSGlobalObjectInspectorController.h:
1103         * inspector/remote/RemoteInspector.h:
1104         * inspector/remote/RemoteInspector.mm:
1105         (Inspector::RemoteInspector::RemoteInspector):
1106         (Inspector::RemoteInspector::setupFailed):
1107         (Inspector::RemoteInspector::start):
1108         (Inspector::RemoteInspector::stopInternal):
1109         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1110         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
1111         (Inspector::RemoteInspector::xpcConnectionFailed):
1112         (Inspector::RemoteInspector::receivedSetupMessage):
1113         (Inspector::globalAutomaticInspectionState): Deleted.
1114         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
1115         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage): Deleted.
1116         (Inspector::RemoteInspector::setupSucceeded): Deleted.
1117         (Inspector::RemoteInspector::waitingForAutomaticInspection): Deleted.
1118         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage): Deleted.
1119         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage): Deleted.
1120         * inspector/remote/RemoteInspectorConstants.h:
1121         * inspector/remote/RemoteInspectorDebuggable.cpp:
1122         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
1123         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection): Deleted.
1124         * inspector/remote/RemoteInspectorDebuggable.h:
1125         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1126         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1127         (Inspector::RemoteInspectorDebuggableConnection::setup):
1128         * runtime/JSGlobalObjectDebuggable.cpp:
1129         (JSC::JSGlobalObjectDebuggable::connect):
1130         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection): Deleted.
1131         * runtime/JSGlobalObjectDebuggable.h:
1132
1133 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
1134
1135         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
1136         https://bugs.webkit.org/show_bug.cgi?id=136893
1137
1138         Reviewed by Timothy Hatcher.
1139
1140         Adds new remote inspector protocol handling for automatic inspection.
1141         Debuggers can signal they have enabled automatic inspection, and
1142         when debuggables are created the current application will pause to
1143         see if the debugger will inspect or decline to inspect the debuggable.
1144
1145         * inspector/remote/RemoteInspectorConstants.h:
1146         * inspector/remote/RemoteInspector.h:
1147         * inspector/remote/RemoteInspector.mm:
1148         (Inspector::globalAutomaticInspectionState):
1149         (Inspector::RemoteInspector::RemoteInspector):
1150         (Inspector::RemoteInspector::start):
1151         When first starting, check the global "is there an auto-inspect" debugger state.
1152         This is necessary so that the current application knows if it should pause or
1153         not when a debuggable is created, even without having connected to webinspectord yet.
1154
1155         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
1156         When a debuggable has enabled remote inspection, take this path to propose
1157         it as an automatic inspection candidate if there is an auto-inspect debugger.
1158
1159         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
1160         Send the automatic inspection candidate message.
1161
1162         (Inspector::RemoteInspector::receivedSetupMessage):
1163         (Inspector::RemoteInspector::setupFailed):
1164         (Inspector::RemoteInspector::setupSucceeded):
1165         After attempting to open an inspector, unpause if it was for the
1166         automatic inspection candidate.
1167
1168         (Inspector::RemoteInspector::waitingForAutomaticInspection):
1169         When running a nested runloop, check if we should remain paused.
1170
1171         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1172         If by the time we connect to webinspectord we have a candidate, then
1173         immediately send the candidate message.
1174
1175         (Inspector::RemoteInspector::stopInternal):
1176         (Inspector::RemoteInspector::xpcConnectionFailed):
1177         In error cases, clear our state.
1178
1179         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
1180         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
1181         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
1182         Update state when receiving new messages.
1183
1184
1185         * inspector/remote/RemoteInspectorDebuggable.h:
1186         * inspector/remote/RemoteInspectorDebuggable.cpp:
1187         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
1188         Special case when a debuggable is newly allowed to be debuggable.
1189
1190         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
1191         Run a nested run loop while this is an automatic inspection candidate.
1192
1193         * inspector/JSGlobalObjectInspectorController.h:
1194         * inspector/JSGlobalObjectInspectorController.cpp:
1195         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1196         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1197         When the inspector starts via automatic inspection automatically pause.
1198         We plan on removing this condition by having the frontend signal to the
1199         backend when it is completely initialized.
1200         
1201         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1202         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1203         (Inspector::RemoteInspectorDebuggableConnection::setup):
1204         Pass on the flag of whether or not this was automatic inspection.
1205
1206         * runtime/JSGlobalObjectDebuggable.h:
1207         * runtime/JSGlobalObjectDebuggable.cpp:
1208         (JSC::JSGlobalObjectDebuggable::connect):
1209         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
1210         When pausing in a JSGlobalObject we need to release the API lock.
1211
1212 2014-09-18  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
1213
1214         Fix "Tools/Scripts/build-webkit --efl --no-inspector" build
1215         https://bugs.webkit.org/show_bug.cgi?id=136912
1216
1217         Reviewed by Darin Adler.
1218
1219         * runtime/TypeSet.cpp:
1220         (JSC::TypeSet::leastCommonAncestor):
1221
1222 2014-09-17  Michael Saboff  <msaboff@apple.com>
1223
1224         Change CallFrame to use Callee instead of JSScope to implement vm()
1225         https://bugs.webkit.org/show_bug.cgi?id=136894
1226
1227         Reviewed by Geoffrey Garen.
1228
1229         Added JSCell::vm() method that can be used on any JSObject.  Changed CallFrame::vm() to
1230         use JSCell::vm with the Callee.  Made similar changes in the LLInt.
1231         In support of this, changed JSGlobalObject::init() to take a VM& parameter, as there is
1232         a chicken/egg problem with trying to use the Callee in the global exec before the Callee
1233         has been create.  Besides, the vm is readily available in finishCreation(), the caller of
1234         init().
1235
1236         * llint/LowLevelInterpreter32_64.asm:
1237         * llint/LowLevelInterpreter64.asm:
1238         Changed the calculation of CallFrame::VM to use the Callee instead of JSScope.
1239
1240         * runtime/JSCell.h:
1241         * runtime/JSCellInlines.h:
1242         (JSC::JSCell::vm): New method for getting VM from the pointer.
1243         (JSC::ExecState::vm): Moved this method from JSScope.h to here since this file
1244         contains the implementation of JSCell::vm(), this file is included by all users
1245         of CallFrame::vm, and lastly putting it in CallFrameInlines.h required changing
1246         many other .h files and possible the WebCore generator generate-bindings.pl.
1247
1248         * runtime/JSGlobalObject.cpp:
1249         (JSC::JSGlobalObject::init):
1250         * runtime/JSGlobalObject.h:
1251         (JSC::JSGlobalObject::finishCreation):
1252         Changed init() to take a VM parameter.
1253
1254         * runtime/JSScope.h:
1255         (JSC::ExecState::vm): Deleted.
1256
1257 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
1258
1259         Unreviewed, disable native inlining because it causes build failures.
1260
1261         * JavaScriptCore.xcodeproj/project.pbxproj:
1262
1263 2014-09-16  Joseph Pecoraro  <pecoraro@apple.com>
1264
1265         Web Inspector: Reduce a bit of churn setting initial remote inspection state
1266         https://bugs.webkit.org/show_bug.cgi?id=136875
1267
1268         Reviewed by Timothy Hatcher.
1269
1270         * API/JSContextRef.cpp:
1271         (JSGlobalContextCreateInGroup):
1272         Set the defaultl remote debuggable state at the API boundary.
1273
1274         * runtime/JSGlobalObject.cpp:
1275         (JSC::JSGlobalObject::init):
1276         Do not set remote debuggable state here. Let clients set it.
1277
1278 2014-09-16  Yusuke Suzuki  <utatane.tea@gmail.com>
1279
1280         Promise: Drop Promise.cast
1281         https://bugs.webkit.org/show_bug.cgi?id=136222
1282
1283         Reviewed by Sam Weinig.
1284
1285         Promise.cast is dropped and Promise.resolve is replaced with old Promise.cast.
1286
1287         * runtime/CommonIdentifiers.h:
1288         * runtime/JSPromiseConstructor.cpp:
1289         (JSC::JSPromiseConstructorFuncResolve):
1290         (JSC::JSPromiseConstructorFuncRace):
1291         (JSC::JSPromiseConstructorFuncAll):
1292         (JSC::JSPromiseConstructorFuncCast): Deleted.
1293
1294 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
1295
1296         Local OSR availability calculation should be reusable
1297         https://bugs.webkit.org/show_bug.cgi?id=136860
1298
1299         Reviewed by Oliver Hunt.
1300         
1301         Previously, the FTL lowering repeated some of the logic of the OSR availability analysis
1302         phase. Humorously, it actually did this logic a bit differently; for example the phase
1303         would claim that a SetLocal makes both the flush and the node available while the FTL
1304         only claimed that the flush was available. This different was benign, but still: yuck!
1305         
1306         Also, previously if you wanted to use availability information then you'd have to repeat
1307         some of the logic that both the phase itself and the FTL lowering already had.
1308         Presumably, you could get epic style points for finding other benign ways in which to
1309         make your copy of the logic different from the other two!
1310         
1311         This reduces the amount of style points one could conceivably get in the future when
1312         hacking JSC, by creating a single reusable thingy for computing local OSR availability.
1313
1314         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
1315         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
1316         (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
1317         (JSC::DFG::LocalOSRAvailabilityCalculator::~LocalOSRAvailabilityCalculator):
1318         (JSC::DFG::LocalOSRAvailabilityCalculator::beginBlock):
1319         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
1320         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
1321         * ftl/FTLLowerDFGToLLVM.cpp:
1322         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
1323         (JSC::FTL::LowerDFGToLLVM::compileBlock):
1324         (JSC::FTL::LowerDFGToLLVM::compileNode):
1325         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
1326         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
1327         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
1328         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
1329         (JSC::FTL::LowerDFGToLLVM::availability):
1330         (JSC::FTL::LowerDFGToLLVM::compileMovHint): Deleted.
1331         (JSC::FTL::LowerDFGToLLVM::compileZombieHint): Deleted.
1332         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock): Deleted.
1333
1334 2014-09-16  Csaba Osztrogonác  <ossy@webkit.org>
1335
1336         JSC test gardening
1337         https://bugs.webkit.org/show_bug.cgi?id=136823
1338
1339         Reviewed by Geoffrey Garen.
1340
1341         * tests/mozilla/mozilla-tests.yaml: Unskip passing tests.
1342
1343 2014-09-15  Michael Saboff  <msaboff@apple.com>
1344
1345         Create a JSCallee for GlobalExec object
1346         https://bugs.webkit.org/show_bug.cgi?id=136840
1347
1348         Reviewed by Geoffrey Garen.
1349
1350         Added m_globalCallee, initialized it and then used it to set the globalExec's callee.
1351
1352         * runtime/JSGlobalObject.cpp:
1353         (JSC::JSGlobalObject::init):
1354         (JSC::JSGlobalObject::visitChildren):
1355         * runtime/JSGlobalObject.h:
1356
1357 2014-09-14  Filip Pizlo  <fpizlo@apple.com>
1358
1359         DFG ref count calculation should be reusable
1360         https://bugs.webkit.org/show_bug.cgi?id=136811
1361
1362         Reviewed by Oliver Hunt.
1363         
1364         Henceforth if you call Graph::computeRefCounts(), a nifty O(n) operation, every Node
1365         will be able to tell you how many places it is used from. Currently only DCE uses this,
1366         but it will be useful for https://bugs.webkit.org/show_bug.cgi?id=136330.
1367
1368         * dfg/DFGDCEPhase.cpp:
1369         (JSC::DFG::DCEPhase::run):
1370         (JSC::DFG::DCEPhase::findTypeCheckRoot): Deleted.
1371         (JSC::DFG::DCEPhase::countNode): Deleted.
1372         (JSC::DFG::DCEPhase::countEdge): Deleted.
1373         * dfg/DFGGraph.cpp:
1374         (JSC::DFG::Graph::computeRefCounts):
1375         * dfg/DFGGraph.h:
1376
1377 2014-09-12  Michael Saboff  <msaboff@apple.com>
1378
1379         Merge JSGlobalObject::reset() into ::init()
1380         https://bugs.webkit.org/show_bug.cgi?id=136800
1381
1382         Reviewed by Oliver Hunt.
1383
1384         Moved the contents of reset() into init().
1385         Note that the diff shows more changes.
1386
1387         * runtime/JSGlobalObject.cpp:
1388         (JSC::JSGlobalObject::init): Moved body of reset() into init.
1389         (JSC::JSGlobalObject::put):
1390         (JSC::JSGlobalObject::defineOwnProperty):
1391         (JSC::JSGlobalObject::addGlobalVar):
1392         (JSC::JSGlobalObject::addFunction):
1393         (JSC::lastInPrototypeChain):
1394         (JSC::JSGlobalObject::reset): Deleted.
1395         * runtime/JSGlobalObject.h:
1396
1397 2014-09-12  Michael Saboff  <msaboff@apple.com>
1398
1399         Add JSCallee to program and eval CallFrames
1400         https://bugs.webkit.org/show_bug.cgi?id=136785
1401
1402         Reviewed by Mark Lam.
1403
1404         Populated Callee slot for program and call eval CallFrames with a JSCallee objects.
1405         Made supporting changes including adding a JSCallee structure to global object and adding
1406         JSCallee::create() method.  Added code so that the newly added callee object won't be
1407         returned by Function.caller.  Changed null pointer checks of callee to check the if
1408         the type is JSFunction* or JSCallee*.
1409
1410         * debugger/DebuggerCallFrame.cpp:
1411         (JSC::DebuggerCallFrame::functionName):
1412         (JSC::DebuggerCallFrame::type):
1413         * profiler/LegacyProfiler.cpp:
1414         (JSC::LegacyProfiler::createCallIdentifier):
1415         * interpreter/Interpreter.cpp:
1416         (JSC::unwindCallFrame):
1417         Changed checks of callee is a JSFunction* or JSCallee* instead of just checking
1418         if it is null or not.
1419
1420         * interpreter/Interpreter.cpp:
1421         (JSC::Interpreter::execute): Create and use JSCallee objects for execute(EvalExecutable, ...)
1422         and execute(ProgramExecutable, ...)
1423
1424         * jit/JITCode.cpp:
1425         (JSC::JITCode::execute): Use jsDynamicCast to cast only JSFunctions.
1426
1427         * runtime/JSCallee.cpp:
1428         (JSC::JSCallee::create): Not used, therefore deleted.
1429
1430         * runtime/JSCallee.h:
1431         (JSC::JSCallee::create): Added.
1432
1433         * runtime/JSFunction.cpp:
1434         (JSC::JSFunction::callerGetter): Added test to return null for JSCallee's that aren't
1435         JSFunction's.  This can only be the case when the JSCallee comes from a program or
1436         call eval CallFrame.
1437
1438         * runtime/JSGlobalObject.cpp:
1439         (JSC::JSGlobalObject::reset):
1440         (JSC::JSGlobalObject::visitChildren):
1441         * runtime/JSGlobalObject.h:
1442         (JSC::JSGlobalObject::calleeStructure):
1443         Added new JSCallee structure.
1444
1445 2014-09-10  Jon Honeycutt  <jhoneycutt@apple.com>
1446
1447         Re-add the request autocomplete feature
1448
1449         <https://bugs.webkit.org/show_bug.cgi?id=136730>
1450
1451         This feature was rolled out in r148731 because it was only used by
1452         Chromium. As we consider supporting this feature, roll it back in, but
1453         leave it disabled.
1454
1455         This rolls out r148731 (which removed the feature) with small changes
1456         needed to make the code build in ToT, to match modern style, to make
1457         the tests run, and to remove unused code.
1458
1459         Reviewed by Andy Estes.
1460
1461         * Configurations/FeatureDefines.xcconfig:
1462
1463 2014-09-12  Julien Brianceau  <jbriance@cisco.com>
1464
1465         [x86] moveDoubleToInts() does not clobber its source register anymore
1466         https://bugs.webkit.org/show_bug.cgi?id=131690
1467
1468         Reviewed by Oliver Hunt.
1469
1470         * assembler/MacroAssemblerX86.h:
1471         (JSC::MacroAssemblerX86::moveDoubleToInts):
1472         * dfg/DFGSpeculativeJIT.cpp:
1473         (JSC::DFG::SpeculativeJIT::compileValueRep):
1474         * jit/SpecializedThunkJIT.h:
1475         (JSC::SpecializedThunkJIT::returnDouble):
1476
1477 2014-09-12  Mark Lam  <mark.lam@apple.com>
1478
1479         Unreviewed build fix for CLOOP build.
1480
1481         * runtime/JSCallee.h:
1482
1483 2014-09-12  Michael Saboff  <msaboff@apple.com>
1484
1485         Remove unneeded declarations from JSCallee.h
1486         https://bugs.webkit.org/show_bug.cgi?id=136783
1487
1488         Reviewed by Mark Lam.
1489
1490         * runtime/JSCallee.h:
1491         (JSCallee::name): Deleted.
1492         (JSCallee::displayName): Deleted.
1493         (JSCallee::calculatedDisplayName): Deleted.
1494
1495 2014-09-11  Brian J. Burg  <burg@cs.washington.edu>
1496
1497         Web Inspector: disambiguate double and integer primitive types in the protocol
1498         https://bugs.webkit.org/show_bug.cgi?id=136606
1499
1500         Reviewed by Timothy Hatcher.
1501
1502         Right now it's really easy to mix up doubles and integers when serializing or deserializing
1503         values for the inspector protocol. This patch disambiguates setting/getting doubles and integers
1504         so that it is clearer as to which type is intended.
1505
1506         A new InspectorValue::Type is added for Integer types, and the Number type is renamed to Double.
1507         The existing callsites for asNumber/getNumber/setNumber have been fixed.
1508
1509         Address various integration points to make sure the right type tag is assigned to InspectorValues.
1510
1511         * bindings/ScriptValue.cpp:
1512         (Deprecated::jsToInspectorValue): Make an Integer if the JSValue is Int52 or smaller.
1513         * inspector/InjectedScriptManager.cpp:
1514         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
1515         * inspector/InspectorBackendDispatcher.cpp:
1516         (Inspector::InspectorBackendDispatcher::dispatch):
1517         (Inspector::InspectorBackendDispatcher::sendResponse):
1518         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1519         (Inspector::AsMethodBridges::asInteger):
1520         (Inspector::AsMethodBridges::asDouble):
1521         (Inspector::InspectorBackendDispatcher::getInteger):
1522         (Inspector::InspectorBackendDispatcher::getDouble):
1523         (Inspector::AsMethodBridges::asInt): Deleted.
1524         (Inspector::InspectorBackendDispatcher::getInt): Deleted.
1525         * inspector/InspectorBackendDispatcher.h:
1526         * inspector/InspectorProtocolTypes.h: Remove the special case for checking int type tags.
1527         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw):
1528         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw):
1529         (Inspector::Protocol::BindingTraits<int>::assertValueHasExpectedType): Deleted.
1530         * inspector/InspectorValues.cpp: Allow integers and doubles to be convertible using asInteger/asDouble.
1531         (Inspector::InspectorValue::asDouble):
1532         (Inspector::InspectorValue::asInteger):
1533         (Inspector::InspectorBasicValue::asDouble):
1534         (Inspector::InspectorBasicValue::asInteger):
1535         (Inspector::InspectorBasicValue::writeJSON):
1536         (Inspector::InspectorValue::asNumber): Deleted.
1537         (Inspector::InspectorBasicValue::asNumber): Deleted.
1538         * inspector/InspectorValues.h:
1539         (Inspector::InspectorObjectBase::setInteger):
1540         (Inspector::InspectorObjectBase::setDouble):
1541         (Inspector::InspectorArrayBase::pushInteger):
1542         (Inspector::InspectorArrayBase::pushDouble):
1543         (Inspector::InspectorObjectBase::setNumber): Deleted.
1544         (Inspector::InspectorArrayBase::pushInt): Deleted.
1545         (Inspector::InspectorArrayBase::pushNumber): Deleted.
1546         * inspector/agents/InspectorDebuggerAgent.cpp:
1547         (Inspector::buildObjectForBreakpointCookie):
1548         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
1549         (Inspector::parseLocation):
1550         (Inspector::InspectorDebuggerAgent::didParseSource):
1551         * inspector/agents/InspectorRuntimeAgent.cpp:
1552         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1553         * inspector/scripts/codegen/generator.py: Update emitted code and rebaseline test results.
1554         (Generator.keyed_get_method_for_type):
1555         (Generator.keyed_set_method_for_type):
1556         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1557         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1558         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1559         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1560         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1561         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1562         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1563         * replay/EncodedValue.cpp:
1564         (JSC::EncodedValue::convertTo<double>):
1565         (JSC::EncodedValue::convertTo<float>):
1566         (JSC::EncodedValue::convertTo<int32_t>):
1567         (JSC::EncodedValue::convertTo<int64_t>):
1568         (JSC::EncodedValue::convertTo<uint32_t>):
1569         (JSC::EncodedValue::convertTo<uint64_t>):
1570
1571 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1572
1573         Web Inspector: Occasional ASSERT closing web inspector
1574         https://bugs.webkit.org/show_bug.cgi?id=136762
1575
1576         Reviewed by Timothy Hatcher.
1577
1578         It is harmless, and indeed possible to have an empty set of listeners
1579         now that each Page gets its own PageDebugServer instead of a shared
1580         global. So we should replace the null checks with isEmpty checks.
1581         Since nobody was ever returning null, convert to references as well.
1582
1583         * inspector/JSGlobalObjectScriptDebugServer.h:
1584         * inspector/ScriptDebugServer.cpp:
1585         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
1586         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1587         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
1588         (Inspector::ScriptDebugServer::sourceParsed):
1589         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
1590         (Inspector::ScriptDebugServer::notifyDoneProcessingDebuggerEvents):
1591         (Inspector::ScriptDebugServer::handlePause):
1592         (Inspector::ScriptDebugServer::needPauseHandling): Deleted.
1593         * inspector/ScriptDebugServer.h:
1594
1595 2014-09-10  Michael Saboff  <msaboff@apple.com>
1596
1597         Move JSScope out of JSFunction into separate JSCallee class
1598         https://bugs.webkit.org/show_bug.cgi?id=136725
1599
1600         Reviewed by Oliver Hunt.
1601
1602         Created new JSCallee class that contains a JSScope*.  Changed JSFunction to inherit from
1603         JSCallee.
1604
1605         * CMakeLists.txt:
1606         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1607         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1608         * JavaScriptCore.xcodeproj/project.pbxproj:
1609         Build changes.  Added JSCallee.cpp and JSCallee.h.
1610
1611         * runtime/JSCallee.cpp: Added.
1612         (JSC::JSCallee::create):
1613         (JSC::JSCallee::destroy):
1614         (JSC::JSCallee::JSCallee):
1615         (JSC::JSCallee::finishCreation):
1616         (JSC::JSCallee::visitChildren):
1617         (JSC::JSCallee::getOwnPropertySlot): Pass through wrapper function.
1618         (JSC::JSCallee::getOwnNonIndexPropertyNames): Pass through wrapper function.
1619         (JSC::JSCallee::put): Pass through wrapper function.
1620         (JSC::JSCallee::deleteProperty): Pass through wrapper function.
1621         (JSC::JSCallee::defineOwnProperty): Pass through wrapper function.
1622
1623         * runtime/JSCallee.h: Added.
1624         (JSC::JSCallee::scope):
1625         (JSC::JSCallee::scopeUnchecked):
1626         (JSC::JSCallee::setScope):
1627         (JSC::JSCallee::createStructure):
1628         (JSC::JSCallee::offsetOfScopeChain):
1629
1630         * runtime/JSFunction.cpp:
1631         (JSC::JSFunction::JSFunction):
1632         (JSC::JSFunction::addNameScopeIfNeeded):
1633         (JSC::JSFunction::visitChildren):
1634         * runtime/JSFunction.h:
1635         (JSC::JSFunction::scope): Deleted.
1636         (JSC::JSFunction::scopeUnchecked): Deleted.
1637         (JSC::JSFunction::setScope): Deleted.
1638         (JSC::JSFunction::offsetOfScopeChain): Deleted.
1639         * runtime/JSFunctionInlines.h:
1640         (JSC::JSFunction::JSFunction):
1641         Changed to reference JSCallee and its methods.
1642
1643         * runtime/JSType.h: Added JSCallee as a TypeEnum.
1644
1645 2014-09-11  Filip Pizlo  <fpizlo@apple.com>
1646
1647         REGRESSION (r172129): Vine pages load as blank
1648         https://bugs.webkit.org/show_bug.cgi?id=136655
1649         rdar://problem/18281215
1650
1651         Reviewed by Michael Saboff.
1652         
1653         If lastNode is something that is subject to DCE, then removing the Phantom's reference to something
1654         that lastNode references means that the thing being referenced may no longer be kept alive for OSR.
1655         Teach PhantomRemovalPhase that it's only safe to do this if lastNode is a Phantom. That's probably too
1656         conservative, but that's fine since this is mainly just an optimization to make the IR sane to read and
1657         reasonably compact; it's OK if we miss cases here.
1658
1659         * dfg/DFGPhantomRemovalPhase.cpp:
1660         (JSC::DFG::PhantomRemovalPhase::run):
1661         * tests/stress/remove-phantom-after-setlocal.js: Added.
1662
1663 2014-09-11  Bear Travis  <betravis@adobe.com>
1664
1665         [CSS Font Loading] Enable CSS Font Loading on Mac
1666         https://bugs.webkit.org/show_bug.cgi?id=135473
1667
1668         Reviewed by Antti Koivisto.
1669
1670         Enable CSS Font Loading in FeatureDefines.
1671
1672         * Configurations/FeatureDefines.xcconfig:
1673
1674 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1675
1676         Unreviewed rebaseline of inspector generator test results after r173120.
1677
1678         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1679         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1680         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1681         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1682
1683 2014-09-11  Oliver Hunt  <oliver@apple.com>
1684
1685         Rename activation to be more in line with spec language
1686         https://bugs.webkit.org/show_bug.cgi?id=136721
1687
1688         Reviewed by Michael Saboff.
1689
1690         Somewhat bigger than the last one, but still just a rename.
1691
1692         * CMakeLists.txt:
1693         * JavaScriptCore.order:
1694         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1695         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1696         * JavaScriptCore.xcodeproj/project.pbxproj:
1697         * bytecode/BytecodeList.json:
1698         * bytecode/BytecodeUseDef.h:
1699         (JSC::computeUsesForBytecodeOffset):
1700         (JSC::computeDefsForBytecodeOffset):
1701         * bytecode/CallVariant.h:
1702         * bytecode/CodeBlock.cpp:
1703         (JSC::CodeBlock::dumpBytecode):
1704         (JSC::CodeBlock::CodeBlock):
1705         (JSC::CodeBlock::finalizeUnconditionally):
1706         (JSC::CodeBlock::isCaptured):
1707         (JSC::CodeBlock::nameForRegister):
1708         * bytecode/CodeBlock.h:
1709         (JSC::CodeBlock::setActivationRegister):
1710         (JSC::CodeBlock::activationRegister):
1711         (JSC::CodeBlock::uncheckedActivationRegister):
1712         (JSC::CodeBlock::needsActivation):
1713         * bytecode/Instruction.h:
1714         * bytecode/UnlinkedCodeBlock.h:
1715         (JSC::UnlinkedCodeBlock::setActivationRegister):
1716         (JSC::UnlinkedCodeBlock::activationRegister):
1717         (JSC::UnlinkedCodeBlock::hasActivationRegister):
1718         * bytecompiler/BytecodeGenerator.cpp:
1719         (JSC::BytecodeGenerator::BytecodeGenerator):
1720         (JSC::BytecodeGenerator::emitReturn):
1721         * bytecompiler/BytecodeGenerator.h:
1722         * debugger/DebuggerCallFrame.cpp:
1723         (JSC::DebuggerCallFrame::scope):
1724         * debugger/DebuggerScope.cpp:
1725         (JSC::DebuggerScope::isFunctionOrEvalScope):
1726         * dfg/DFGByteCodeParser.cpp:
1727         (JSC::DFG::ByteCodeParser::parseBlock):
1728         * dfg/DFGCapabilities.cpp:
1729         (JSC::DFG::capabilityLevel):
1730         * dfg/DFGGraph.cpp:
1731         (JSC::DFG::Graph::tryGetActivation):
1732         (JSC::DFG::Graph::tryGetRegisters):
1733         * dfg/DFGGraph.h:
1734         * dfg/DFGNodeType.h:
1735         * dfg/DFGOperations.cpp:
1736         * dfg/DFGSpeculativeJIT32_64.cpp:
1737         (JSC::DFG::SpeculativeJIT::compile):
1738         * dfg/DFGSpeculativeJIT64.cpp:
1739         (JSC::DFG::SpeculativeJIT::compile):
1740         * interpreter/CallFrame.cpp:
1741         (JSC::CallFrame::lexicalEnvironment):
1742         (JSC::CallFrame::setActivation):
1743         (JSC::CallFrame::activation): Deleted.
1744         * interpreter/CallFrame.h:
1745         * interpreter/Interpreter.cpp:
1746         (JSC::unwindCallFrame):
1747         * interpreter/Register.h:
1748         * jit/JIT.cpp:
1749         (JSC::JIT::privateCompileMainPass):
1750         * jit/JIT.h:
1751         * jit/JITOpcodes.cpp:
1752         (JSC::JIT::emit_op_tear_off_lexical_environment):
1753         (JSC::JIT::emit_op_tear_off_arguments):
1754         (JSC::JIT::emit_op_create_lexical_environment):
1755         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1756         (JSC::JIT::emit_op_create_activation): Deleted.
1757         * jit/JITOpcodes32_64.cpp:
1758         (JSC::JIT::emit_op_tear_off_lexical_environment):
1759         (JSC::JIT::emit_op_tear_off_arguments):
1760         (JSC::JIT::emit_op_create_lexical_environment):
1761         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1762         (JSC::JIT::emit_op_create_activation): Deleted.
1763         * jit/JITOperations.cpp:
1764         * jit/JITOperations.h:
1765         * llint/LLIntSlowPaths.cpp:
1766         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1767         * llint/LLIntSlowPaths.h:
1768         * llint/LowLevelInterpreter32_64.asm:
1769         * llint/LowLevelInterpreter64.asm:
1770         * runtime/Arguments.cpp:
1771         (JSC::Arguments::visitChildren):
1772         (JSC::Arguments::tearOff):
1773         (JSC::Arguments::didTearOffActivation):
1774         * runtime/Arguments.h:
1775         (JSC::Arguments::offsetOfActivation):
1776         (JSC::Arguments::argument):
1777         (JSC::Arguments::finishCreation):
1778         * runtime/CommonSlowPaths.cpp:
1779         * runtime/JSFunction.h:
1780         * runtime/JSGlobalObject.cpp:
1781         (JSC::JSGlobalObject::reset):
1782         (JSC::JSGlobalObject::visitChildren):
1783         * runtime/JSGlobalObject.h:
1784         (JSC::JSGlobalObject::activationStructure):
1785         * runtime/JSLexicalEnvironment.cpp: Renamed from Source/JavaScriptCore/runtime/JSActivation.cpp.
1786         (JSC::JSLexicalEnvironment::visitChildren):
1787         (JSC::JSLexicalEnvironment::symbolTableGet):
1788         (JSC::JSLexicalEnvironment::symbolTablePut):
1789         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
1790         (JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
1791         (JSC::JSLexicalEnvironment::getOwnPropertySlot):
1792         (JSC::JSLexicalEnvironment::put):
1793         (JSC::JSLexicalEnvironment::deleteProperty):
1794         (JSC::JSLexicalEnvironment::toThis):
1795         (JSC::JSLexicalEnvironment::argumentsGetter):
1796         * runtime/JSLexicalEnvironment.h: Renamed from Source/JavaScriptCore/runtime/JSActivation.h.
1797         (JSC::JSLexicalEnvironment::create):
1798         (JSC::JSLexicalEnvironment::createStructure):
1799         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
1800         (JSC::asActivation):
1801         (JSC::Register::lexicalEnvironment):
1802         (JSC::JSLexicalEnvironment::registersOffset):
1803         (JSC::JSLexicalEnvironment::tearOff):
1804         (JSC::JSLexicalEnvironment::isTornOff):
1805         (JSC::JSLexicalEnvironment::storageOffset):
1806         (JSC::JSLexicalEnvironment::storage):
1807         (JSC::JSLexicalEnvironment::allocationSize):
1808         (JSC::JSLexicalEnvironment::isValidIndex):
1809         (JSC::JSLexicalEnvironment::isValid):
1810         (JSC::JSLexicalEnvironment::registerAt):
1811         * runtime/JSObject.h:
1812         * runtime/JSScope.cpp:
1813         (JSC::abstractAccess):
1814         * runtime/JSScope.h:
1815         (JSC::ResolveOp::ResolveOp):
1816         * runtime/JSSymbolTableObject.cpp:
1817         * runtime/StrictEvalActivation.h:
1818         (JSC::StrictEvalActivation::create):
1819         * runtime/VM.cpp:
1820
1821 2014-09-11  László Langó  <llango.u-szeged@partner.samsung.com>
1822
1823         [JavaScriptCore] Fix FTL on platform EFL.
1824         https://bugs.webkit.org/show_bug.cgi?id=133571
1825
1826         Reviewed by Filip Pizlo.
1827
1828         There are no compact_unwind sections on Linux systems so FTL crashes.
1829         We have to parse eh_frame in FTLUnwindInfo instead of compact_unwind
1830         and get the information for stack unwinding from there.
1831
1832         * CMakeLists.txt: Revert r169181.
1833         * ftl/FTLCompile.cpp:
1834         Change section name literals to use SECTION_NAME macro, because of architecture differencies.
1835         (JSC::FTL::mmAllocateCodeSection):
1836         (JSC::FTL::mmAllocateDataSection):
1837         (JSC::FTL::compile):
1838         * ftl/FTLJITCode.h:
1839         We need the SECTION_NAME macro in FTLCompile and FTLLink, so we define it here.
1840         * ftl/FTLLink.cpp:
1841         (JSC::FTL::link):
1842         * ftl/FTLState.h:
1843         * ftl/FTLState.cpp:
1844         (JSC::FTL::State::State):
1845         * ftl/FTLUnwindInfo.h:
1846         * ftl/FTLUnwindInfo.cpp:
1847         Lift the eh_frame parsing method from LLVM/libcxxabi project and modify it for our purposes.
1848         Parse eh_frame on Linux instead of compact_unwind.
1849         (JSC::FTL::UnwindInfo::parse):
1850
1851 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1852
1853         Web Inspector: Modify the type profiler runtime protocol to transfer some computation into the WebInspector
1854         https://bugs.webkit.org/show_bug.cgi?id=136500
1855
1856         Reviewed by Joseph Pecoraro.
1857
1858         This patch changes the type profiler protocol to the Web Inspector
1859         by moving the work of calculating computed properties that effect the UI 
1860         into the Web Inspector. This makes the Web Inspector have control over the 
1861         strings it displays as UI elements representing type information to the user 
1862         instead of JavaScriptCore deciding on a convention for these strings.
1863         JavaScriptCore now sends enough information to the Web Inspector so that 
1864         it can compute the properties JavaScriptCore used to compute.
1865
1866         * inspector/agents/InspectorRuntimeAgent.cpp:
1867         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1868         * inspector/protocol/Runtime.json:
1869         * runtime/TypeProfiler.cpp:
1870         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector): Deleted.
1871         * runtime/TypeProfiler.h:
1872         * runtime/TypeSet.cpp:
1873         (JSC::TypeSet::inspectorTypeSet):
1874         (JSC::StructureShape::leastCommonAncestor):
1875         (JSC::StructureShape::inspectorRepresentation):
1876         * runtime/TypeSet.h:
1877
1878 2014-09-10  Akos Kiss  <akiss@inf.u-szeged.hu>
1879
1880         Apply ARM64-specific lowering to load/store instructions in offlineasm
1881         https://bugs.webkit.org/show_bug.cgi?id=136569
1882
1883         Reviewed by Michael Saboff.
1884
1885         The standard risc lowering of load/store instructions with base +
1886         immediate offset addresses is to move the offset to a temporary, add the
1887         base to the temporary, and then change the load/store to use the
1888         temporary + 0 immediate offset address. However, on ARM64, base +
1889         register offset addressing mode is available, so it is unnecessary to
1890         perform explicit register additions but it is enough to change load/store
1891         to use base + temporary as the address.
1892
1893         * offlineasm/arm64.rb: Added arm64LowerMalformedLoadStoreAddresses
1894
1895 2014-09-10  Oliver Hunt  <oliver@apple.com>
1896
1897         Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec
1898         https://bugs.webkit.org/show_bug.cgi?id=136710
1899
1900         Reviewed by Anders Carlsson.
1901
1902         This is a trivial rename.
1903
1904         * CMakeLists.txt:
1905         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1906         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1907         * JavaScriptCore.xcodeproj/project.pbxproj:
1908         * dfg/DFGAbstractHeap.h:
1909         * dfg/DFGClobberize.h:
1910         (JSC::DFG::clobberize):
1911         * dfg/DFGSpeculativeJIT32_64.cpp:
1912         (JSC::DFG::SpeculativeJIT::compile):
1913         * dfg/DFGSpeculativeJIT64.cpp:
1914         (JSC::DFG::SpeculativeJIT::compile):
1915         * ftl/FTLAbstractHeapRepository.cpp:
1916         * ftl/FTLAbstractHeapRepository.h:
1917         * ftl/FTLLowerDFGToLLVM.cpp:
1918         (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
1919         * jit/JITOpcodes32_64.cpp:
1920         * jit/JITPropertyAccess.cpp:
1921         (JSC::JIT::emitGetClosureVar):
1922         (JSC::JIT::emitPutClosureVar):
1923         * jit/JITPropertyAccess32_64.cpp:
1924         (JSC::JIT::emitGetClosureVar):
1925         (JSC::JIT::emitPutClosureVar):
1926         * llint/LLIntOffsetsExtractor.cpp:
1927         * llint/LowLevelInterpreter32_64.asm:
1928         * llint/LowLevelInterpreter64.asm:
1929         * runtime/JSActivation.cpp:
1930         (JSC::JSActivation::getOwnNonIndexPropertyNames):
1931         * runtime/JSActivation.h:
1932         * runtime/JSEnvironmentRecord.cpp: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.cpp.
1933         * runtime/JSEnvironmentRecord.h: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.h.
1934         (JSC::JSEnvironmentRecord::registers):
1935         (JSC::JSEnvironmentRecord::registerAt):
1936         (JSC::JSEnvironmentRecord::addressOfRegisters):
1937         (JSC::JSEnvironmentRecord::offsetOfRegisters):
1938         (JSC::JSEnvironmentRecord::JSEnvironmentRecord):
1939         * runtime/JSNameScope.h:
1940         * runtime/JSSegmentedVariableObject.h:
1941
1942 2014-09-10  Julien Brianceau   <jbriance@cisco.com>
1943
1944         [mips] Add missing parts and fix LLINT mips backend
1945         https://bugs.webkit.org/show_bug.cgi?id=136706
1946
1947         Reviewed by Michael Saboff.
1948
1949         * llint/LowLevelInterpreter.asm: Fix invalid CalleeSave register number.
1950         Implement initPCRelative and setEntryAddress macros.
1951         * llint/LowLevelInterpreter32_64.asm: Fix register distribution in
1952         doVMEntry macro.
1953
1954 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1955
1956         TypeSet needs a mode where it no longer profiles structure shapes
1957         https://bugs.webkit.org/show_bug.cgi?id=136263
1958
1959         Reviewed by Filip Pizlo.
1960
1961         The TypeSet data structure used to gather as many StructureShape
1962         objects as it encountered during type profiling. But, this meant 
1963         that there was no upper limit on how many objects it could allocate. 
1964         This patch places a fixed upper bound on the number of StructureShapes
1965         allocated per TypeSet to prevent using too much memory for little gain
1966         in type profiling usefulness.
1967
1968         StructureShape objects are now also aware of when they are created
1969         from Structures which are dictionaries.
1970
1971         In total, this patch lays the final groundwork needed in refactoring 
1972         the inspector protocol for the type profiler.
1973
1974         * runtime/Structure.cpp:
1975         (JSC::Structure::toStructureShape):
1976         * runtime/TypeProfiler.cpp:
1977         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
1978         * runtime/TypeSet.cpp:
1979         (JSC::TypeSet::TypeSet):
1980         (JSC::TypeSet::addTypeInformation):
1981         (JSC::StructureShape::StructureShape):
1982         (JSC::StructureShape::toJSONString):
1983         (JSC::StructureShape::enterDictionaryMode):
1984         * runtime/TypeSet.h:
1985         (JSC::TypeSet::isOverflown):
1986         * tests/typeProfiler/dictionary-mode.js: Added.
1987         (wrapper):
1988         * tests/typeProfiler/driver/driver.js:
1989         * tests/typeProfiler/overflow.js: Added.
1990         (wrapper.Proto):
1991         (wrapper):
1992
1993 2014-09-10  Peter Gal  <galpeter@inf.u-szeged.hu>
1994
1995         [MIPS] branch32WithPatch missing
1996         https://bugs.webkit.org/show_bug.cgi?id=136696
1997
1998         Reviewed by Michael Saboff.
1999
2000         Added the missing branch32WithPatch. The implementation
2001         is currently the same as the branchPtrithPatch because
2002         the macro assembler supports only 32 bit MIPS.
2003
2004         * assembler/MacroAssemblerMIPS.h:
2005         (JSC::MacroAssemblerMIPS::branch32WithPatch):
2006
2007 2014-09-10  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2008
2009         Fix !ENABLE(DFG_JIT) build
2010         https://bugs.webkit.org/show_bug.cgi?id=136702
2011
2012         Reviewed by Michael Saboff.
2013
2014         * bytecode/CallEdgeProfile.h:
2015
2016 2014-09-09  Benjamin Poulain  <bpoulain@apple.com>
2017
2018         Disable the "unreachable-code" warning
2019         https://bugs.webkit.org/show_bug.cgi?id=136677
2020
2021         Reviewed by Darin Adler.
2022
2023         * Configurations/Base.xcconfig:
2024
2025 2014-09-08  Filip Pizlo  <fpizlo@apple.com>
2026
2027         DFG should have a reusable SSA builder
2028         https://bugs.webkit.org/show_bug.cgi?id=136331
2029
2030         Reviewed by Oliver Hunt.
2031         
2032         We want to implement sophisticated SSA transformations like object allocation sinking
2033         (https://bugs.webkit.org/show_bug.cgi?id=136330), but to do that, we need to be able to do
2034         updates to SSA that require inserting new Phi's. This requires calculating where Phis go.
2035         Previously, our Phi calculation was based on Aycock and Horspool's algorithm, and our
2036         implementation of this algorithm only worked when doing CPS->SSA conversion. The code
2037         could not be reused for cases where some phase happens to know that it introduced a few
2038         defs in some blocks and it wants to figure out where the Phis should go. Moreover, even
2039         the general algorithm of Aycock and Horspool is not well suited to such targetted SSA
2040         updates, since it requires first inserting maximal Phis. That scales well when the Phis
2041         were already there (like in our CPS form) but otherwise it's quite unnatural and may be
2042         difficult to make efficient.
2043         
2044         The usual way of handling both SSA conversion and SSA update is to use Cytron et al's
2045         algorithm based on dominance frontiers. For a while now, I've been working on creating a
2046         Cytron-based SSA calculator that can be used both as a replacement for our current SSA
2047         converter and as a reusable tool for any phase that needs to do SSA update. I previously
2048         optimized our dominator calculation and representation to use dominator trees computed
2049         using Lengauer and Tarjan's algorithm - mainly to make it more scalable to enumerate over
2050         the set of blocks that dominate you or vice-versa, and then I implemented a dominance
2051         frontier calculator. This patch implements the final step towards making SSA update
2052         available to all SSA phases: it implements an SSACalculator that can tell you where Phis
2053         go when given an arbitrary set of Defs. To keep things simple, and to ensure that we have
2054         good test coverage for this SSACalculator, this patch replaces the old Aycock-Horspool
2055         SSA converter with one based on the SSACalculator.
2056         
2057         This has no observable impact. It does reduce the amount of code in SSAConversionPhase.
2058         But even better, it makes SSAConversionPhase have significantly less tricky logic. It
2059         mostly just relies on SSACalculator to do the tricky stuff, and SSAConversionPhase mostly
2060         just reasons about the weirdnesses unique to the ThreadedCPS form that it sees as input.
2061         In fact, using the Cytron et al approach means that there isn't really any "smoke and
2062         mirrors" trickyness related to SSA. SSACalculator's only "tricks" are using the pruned
2063         iterated dominance frontier to place Phi's and using the dom tree to find reaching defs.
2064         The complexity is mostly confined to Dominators, which computes various dominator-related
2065         properties over the control flow graph. That class can be difficult to understand, but at
2066         least it follows well-known graph theory wisdom.
2067
2068         * CMakeLists.txt:
2069         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2070         * JavaScriptCore.xcodeproj/project.pbxproj:
2071         * dfg/DFGAnalysis.h:
2072         * dfg/DFGCSEPhase.cpp:
2073         * dfg/DFGDCEPhase.cpp:
2074         (JSC::DFG::DCEPhase::run):
2075         * dfg/DFGDominators.h:
2076         (JSC::DFG::Dominators::immediateDominatorOf):
2077         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
2078         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf):
2079         * dfg/DFGGraph.cpp:
2080         (JSC::DFG::Graph::dump):
2081         (JSC::DFG::Graph::blocksInPreOrder):
2082         (JSC::DFG::Graph::blocksInPostOrder):
2083         (JSC::DFG::Graph::getBlocksInPreOrder): Deleted.
2084         (JSC::DFG::Graph::getBlocksInPostOrder): Deleted.
2085         * dfg/DFGGraph.h:
2086         * dfg/DFGLICMPhase.cpp:
2087         (JSC::DFG::LICMPhase::run):
2088         * dfg/DFGNodeFlags.h:
2089         * dfg/DFGPhase.cpp:
2090         (JSC::DFG::Phase::beginPhase):
2091         (JSC::DFG::Phase::endPhase):
2092         * dfg/DFGPhase.h:
2093         * dfg/DFGSSACalculator.cpp: Added.
2094         (JSC::DFG::SSACalculator::Variable::dump):
2095         (JSC::DFG::SSACalculator::Variable::dumpVerbose):
2096         (JSC::DFG::SSACalculator::Def::dump):
2097         (JSC::DFG::SSACalculator::SSACalculator):
2098         (JSC::DFG::SSACalculator::~SSACalculator):
2099         (JSC::DFG::SSACalculator::newVariable):
2100         (JSC::DFG::SSACalculator::newDef):
2101         (JSC::DFG::SSACalculator::nonLocalReachingDef):
2102         (JSC::DFG::SSACalculator::reachingDefAtTail):
2103         (JSC::DFG::SSACalculator::dump):
2104         * dfg/DFGSSACalculator.h: Added.
2105         (JSC::DFG::SSACalculator::Variable::index):
2106         (JSC::DFG::SSACalculator::Variable::Variable):
2107         (JSC::DFG::SSACalculator::Def::variable):
2108         (JSC::DFG::SSACalculator::Def::block):
2109         (JSC::DFG::SSACalculator::Def::value):
2110         (JSC::DFG::SSACalculator::Def::Def):
2111         (JSC::DFG::SSACalculator::variable):
2112         (JSC::DFG::SSACalculator::computePhis):
2113         (JSC::DFG::SSACalculator::phisForBlock):
2114         (JSC::DFG::SSACalculator::reachingDefAtHead):
2115         * dfg/DFGSSAConversionPhase.cpp:
2116         (JSC::DFG::SSAConversionPhase::SSAConversionPhase):
2117         (JSC::DFG::SSAConversionPhase::run):
2118         (JSC::DFG::SSAConversionPhase::forwardPhiChildren): Deleted.
2119         (JSC::DFG::SSAConversionPhase::forwardPhi): Deleted.
2120         (JSC::DFG::SSAConversionPhase::forwardPhiEdge): Deleted.
2121         (JSC::DFG::SSAConversionPhase::deduplicateChildren): Deleted.
2122         * dfg/DFGSSAConversionPhase.h:
2123         * dfg/DFGValidate.cpp:
2124         (JSC::DFG::Validate::Validate):
2125         (JSC::DFG::Validate::dumpGraphIfAppropriate):
2126         (JSC::DFG::validate):
2127         * dfg/DFGValidate.h:
2128         * ftl/FTLLowerDFGToLLVM.cpp:
2129         (JSC::FTL::LowerDFGToLLVM::lower):
2130         * runtime/Options.h:
2131
2132 2014-09-08  Commit Queue  <commit-queue@webkit.org>
2133
2134         Unreviewed, rolling out r173402.
2135         https://bugs.webkit.org/show_bug.cgi?id=136649
2136
2137         Breaking buildw with error "unable to restore file position to
2138         0x00000c60 for section __DWARF.__debug_info (errno = 9)"
2139         (Requested by mlam_ on #webkit).
2140
2141         Reverted changeset:
2142
2143         "Move CallFrame and Register inlines functions out of
2144         JSScope.h."
2145         https://bugs.webkit.org/show_bug.cgi?id=136579
2146         http://trac.webkit.org/changeset/173402
2147
2148 2014-09-08  Mark Lam  <mark.lam@apple.com>
2149
2150         Move CallFrame and Register inlines functions out of JSScope.h.
2151         <https://webkit.org/b/136579>
2152
2153         Reviewed by Geoffrey Garen.
2154
2155         This include fixing up some files to #include JSCInlines.h to pick up
2156         these inline functions.  I also added JSCellInlines.h to JSCInlines.h
2157         since it is included from many of the affected .cpp files.
2158
2159         * API/ObjCCallbackFunction.mm:
2160         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2161         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2162         * JavaScriptCore.xcodeproj/project.pbxproj:
2163         * bindings/ScriptValue.cpp:
2164         * inspector/InjectedScriptHost.cpp:
2165         * inspector/InjectedScriptManager.cpp:
2166         * inspector/JSGlobalObjectInspectorController.cpp:
2167         * inspector/JSJavaScriptCallFrame.cpp:
2168         * inspector/ScriptDebugServer.cpp:
2169         * interpreter/CallFrameInlines.h:
2170         (JSC::CallFrame::vm):
2171         (JSC::CallFrame::lexicalGlobalObject):
2172         (JSC::CallFrame::globalThisValue):
2173         * interpreter/RegisterInlines.h: Added.
2174         (JSC::Register::operator=):
2175         (JSC::Register::scope):
2176         * runtime/ArgumentsIteratorConstructor.cpp:
2177         * runtime/JSArrayIterator.cpp:
2178         * runtime/JSCInlines.h:
2179         * runtime/JSCJSValue.cpp:
2180         * runtime/JSMapIterator.cpp:
2181         * runtime/JSPromiseConstructor.cpp:
2182         * runtime/JSPromiseDeferred.cpp:
2183         * runtime/JSPromiseFunctions.cpp:
2184         * runtime/JSPromisePrototype.cpp:
2185         * runtime/JSPromiseReaction.cpp:
2186         * runtime/JSScope.h:
2187         (JSC::Register::operator=): Deleted.
2188         (JSC::Register::scope): Deleted.
2189         (JSC::ExecState::vm): Deleted.
2190         (JSC::ExecState::lexicalGlobalObject): Deleted.
2191         (JSC::ExecState::globalThisValue): Deleted.
2192         * runtime/JSSetIterator.cpp:
2193         * runtime/MapConstructor.cpp:
2194         * runtime/MapData.cpp:
2195         * runtime/MapIteratorPrototype.cpp:
2196         * runtime/MapPrototype.cpp:
2197         * runtime/SetConstructor.cpp:
2198         * runtime/SetIteratorPrototype.cpp:
2199         * runtime/SetPrototype.cpp:
2200         * runtime/WeakMapConstructor.cpp:
2201         * runtime/WeakMapPrototype.cpp:
2202
2203 2014-09-08  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2204
2205         Remove FILTERS flag
2206         https://bugs.webkit.org/show_bug.cgi?id=136571
2207
2208         Reviewed by Darin Adler.
2209
2210         * Configurations/FeatureDefines.xcconfig:
2211
2212 2014-09-08  Saam Barati  <saambarati1@gmail.com>
2213
2214         Merge StructureShapes that share the same prototype chain
2215         https://bugs.webkit.org/show_bug.cgi?id=136549
2216
2217         Reviewed by Filip Pizlo.
2218
2219         Instead of keeping track of many discrete StructureShapes that share
2220         the same prototype chain, TypeSet should merge StructureShapes that 
2221         have the same prototype chain and provide a new member variable for 
2222         optional structure fields. This provides a cleaner and more concise
2223         interface for dealing with StructureShapes within TypeSet. Instead
2224         of having many discrete shapes that are almost identical, almost 
2225         identical shapes will be merged together with an interface for 
2226         understanding what fields the shapes being merged together differ in.
2227
2228         * runtime/TypeSet.cpp:
2229         (JSC::TypeSet::addTypeInformation):
2230         (JSC::StructureShape::addProperty):
2231         (JSC::StructureShape::toJSONString):
2232         (JSC::StructureShape::inspectorRepresentation):
2233         (JSC::StructureShape::hasSamePrototypeChain):
2234         (JSC::StructureShape::merge):
2235         * runtime/TypeSet.h:
2236         * tests/typeProfiler/optional-fields.js: Added.
2237         (wrapper.func):
2238         (wrapper):
2239
2240 2014-09-08  Jessie Berlin  <jberlin@apple.com>
2241
2242         More 32-bit Release build fixes after r173364.
2243
2244         * dfg/DFGSpeculativeJIT32_64.cpp:
2245         (JSC::DFG::SpeculativeJIT::compile):
2246
2247 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
2248
2249         Fix typos in last patch to fix build.
2250
2251         Unreviewed build fix.
2252
2253         * dfg/DFGSpeculativeJIT.cpp:
2254         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2255         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2256
2257 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
2258
2259         Introduce COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE) and use it
2260         https://bugs.webkit.org/show_bug.cgi?id=136616
2261
2262         Reviewed by Darin Adler.
2263         
2264         Many compilers will analyze unrechable code paths (e.g. after an
2265         unreachable code path), so sometimes they need dead code initializations.
2266         But clang with suitable warnings will complain about unreachable code. So
2267         use the quirk to include it conditionally.
2268
2269         * bytecode/CodeBlock.cpp:
2270         (JSC::CodeBlock::printGetByIdOp):
2271         * dfg/DFGOSRExitCompilerCommon.cpp:
2272         (JSC::DFG::handleExitCounts):
2273         * dfg/DFGPlan.cpp:
2274         (JSC::DFG::Plan::compileInThread):
2275         * dfg/DFGSpeculativeJIT.cpp:
2276         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
2277         * jsc.cpp:
2278         * runtime/JSArray.cpp:
2279         (JSC::JSArray::fillArgList):
2280         (JSC::JSArray::copyToArguments):
2281         * runtime/RegExp.cpp:
2282         (JSC::RegExp::compile):
2283         (JSC::RegExp::compileMatchOnly):
2284
2285 2014-09-06  Darin Adler  <darin@apple.com>
2286
2287         Make updates suggested by new version of Xcode
2288         https://bugs.webkit.org/show_bug.cgi?id=136603
2289
2290         Reviewed by Mark Rowe.
2291
2292         * Configurations/Base.xcconfig: Added CLANG_WARN_UNREACHABLE_CODE, COMBINE_HIDPI_IMAGES,
2293         and ENABLE_STRICT_OBJC_MSGSEND as suggested by Xcode upgrade check.
2294
2295         * JavaScriptCore.xcodeproj/project.pbxproj: Update LastUpgradeCheck.
2296
2297         * dfg/DFGSpeculativeJIT.cpp:
2298         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): Compile out unreachable code
2299         for clang, since it understands the code is unreachable.
2300         * runtime/JSArray.cpp:
2301         (JSC::JSArray::fillArgList): Ditto.
2302         (JSC::JSArray::copyToArguments): Ditto.
2303
2304 2014-09-05  Matt Baker  <mattbaker@apple.com>
2305
2306         Web Inspector: breakpoint actions should work regardless of Content Security Policy
2307         https://bugs.webkit.org/show_bug.cgi?id=136542
2308
2309         Reviewed by Mark Lam.
2310
2311         Added JSC::DebuggerEvalEnabler, an RAII object which enables eval on a 
2312         JSGlobalObject for the duration of a scope, returning the eval enabled state to its
2313         original value when the scope exits. Used by JSC::DebuggerCallFrame::evaluate 
2314         to allow breakpoint actions to execute JS in pages with a Content Security Policy
2315         that would normally prohibit this (such as Inspector's Main.html).
2316
2317         Refactored Inspector::InjectedScriptBase to use the RAII object instead of manually
2318         setting eval enabled and then resetting the original eval enabled state.
2319
2320         NOTE: The JS::DebuggerEvalEnabler constructor checks the passed in ExecState pointer
2321         for null to be equivalent with the original code in Inspector::InjectedScriptBase.
2322         InjectedScriptBase is getting the ExecState from ScriptObject::scriptState(), which
2323         can currently be null.
2324
2325         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2326         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2327         * JavaScriptCore.xcodeproj/project.pbxproj:
2328         * debugger/DebuggerCallFrame.cpp:
2329         (JSC::DebuggerCallFrame::evaluate):
2330         * debugger/DebuggerEvalEnabler.h: Added.
2331         (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
2332         (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
2333         * inspector/InjectedScriptBase.cpp:
2334         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
2335
2336 2014-09-05  peavo@outlook.com  <peavo@outlook.com>
2337
2338         [WinCairo] jsc.exe won't run.
2339         https://bugs.webkit.org/show_bug.cgi?id=136481
2340
2341         Reviewed by Alex Christensen.
2342         
2343         We need to define WIN_CAIRO to avoid looking for the AAS folder.
2344
2345         * JavaScriptCore.vcxproj/jsc/DLLLauncherWinCairo.props: Added.
2346         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
2347         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
2348         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
2349         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
2350
2351 2014-09-05  David Kilzer  <ddkilzer@apple.com>
2352
2353         JavaScriptCore should build with newer clang
2354         <http://webkit.org/b/136002>
2355         <rdar://problem/18020616>
2356
2357         Reviewed by Geoffrey Garen.
2358
2359         Other than the JSC::SourceProvider::asID() change (which simply
2360         removes code that the optimizing compiler would have discarded
2361         in Release builds), we move the |this| checks in OpaqueJSString
2362         to NULL checks in to JSBase, JSObjectRef, JSScriptRef,
2363         JSStringRef{CF} and JSValueRef.
2364
2365         Note that the following function arguments are _not_ NULL-checked
2366         since doing so would just cover up bugs (and were not needed to
2367         prevent any tests from failing):
2368         - |script| in JSEvaluateScript(), JSCheckScriptSyntax();
2369         - |body| in JSObjectMakeFunction();
2370         - |source| in JSScriptCreateReferencingImmortalASCIIText()
2371           (which is a const char* anyway);
2372         - |source| in JSScriptCreateFromString().
2373
2374         * API/JSBase.cpp:
2375         (JSEvaluateScript): Add NULL check for |sourceURL|.
2376         (JSCheckScriptSyntax): Ditto.
2377         * API/JSObjectRef.cpp:
2378         (JSObjectMakeFunction): Ditto.
2379         * API/JSScriptRef.cpp:
2380         (JSScriptCreateReferencingImmortalASCIIText): Ditto.
2381         (JSScriptCreateFromString): Add NULL check for |url|.
2382         * API/JSStringRef.cpp:
2383         (JSStringGetLength): Return early if NULL pointer is passed in.
2384         (JSStringGetCharactersPtr): Ditto.
2385         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2386         * API/JSStringRefCF.cpp:
2387         (JSStringCopyCFString): Ditto.
2388         * API/JSValueRef.cpp:
2389         (JSValueMakeString): Add NULL check for |string|.
2390
2391         * API/OpaqueJSString.cpp:
2392         (OpaqueJSString::string): Remove code that checks |this|.
2393         (OpaqueJSString::identifier): Ditto.
2394         (OpaqueJSString::characters): Ditto.
2395         * API/OpaqueJSString.h:
2396         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2397         (OpaqueJSString::characters8): Ditto.
2398         (OpaqueJSString::characters16): Ditto.
2399         (OpaqueJSString::length): Ditto.
2400
2401         * parser/SourceProvider.h:
2402         (JSC::SourceProvider::asID): Remove code that checks |this|.
2403
2404 2014-06-06  Jer Noble  <jer.noble@apple.com>
2405
2406         Refactoring: make MediaTime the primary time type for audiovisual times.
2407         https://bugs.webkit.org/show_bug.cgi?id=133579
2408
2409         Reviewed by Eric Carlson.
2410
2411         Add a utility function which converts a MediaTime to a JSNumber.
2412
2413         * runtime/JSCJSValue.h:
2414         (JSC::jsNumber):
2415
2416 2014-09-04  Michael Saboff  <msaboff@apple.com>
2417
2418         ARM: Add more coverage to ARMv7 disassembler
2419         https://bugs.webkit.org/show_bug.cgi?id=136565
2420
2421         Reviewed by Mark Lam.
2422
2423         Added ARMV7 disassembler support for Push/Pop multiple and floating point instructions
2424         VCMP, VCVT[R] between floating point and integer, and VLDR.
2425
2426         * disassembler/ARMv7/ARMv7DOpcode.cpp:
2427         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::appendRegisterList):
2428         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPopMultiple::format):
2429         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushMultiple::format):
2430         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::format):
2431         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::format):
2432         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::format):
2433         * disassembler/ARMv7/ARMv7DOpcode.h:
2434         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::registerList):
2435         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::condition):
2436         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::condition):
2437         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::dBit):
2438         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vd):
2439         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::szBit):
2440         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::eBit):
2441         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::mBit):
2442         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vm):
2443         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::condition):
2444         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::dBit):
2445         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op2):
2446         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vd):
2447         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::szBit):
2448         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op):
2449         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::mBit):
2450         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vm):
2451         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::condition):
2452         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::uBit):
2453         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::rn):
2454         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::vd):
2455         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::doubleReg):
2456         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::immediate8):
2457
2458 2014-09-04  Mark Lam  <mark.lam@apple.com>
2459
2460         Move PropertySlot's inline functions back to PropertySlot.h.
2461         <https://webkit.org/b/136547>
2462
2463         Reviewed by Filip Pizlo.
2464
2465         * runtime/JSObject.h:
2466         (JSC::PropertySlot::getValue): Deleted.
2467         * runtime/PropertySlot.h:
2468         (JSC::PropertySlot::getValue):
2469
2470 2014-09-04  Filip Pizlo  <fpizlo@apple.com>
2471
2472         Make sure that deleting all code first processes the call edge log, and reenable call edge profiling.
2473
2474         Rubber stamped by Sam Weinig.
2475
2476         * debugger/Debugger.cpp:
2477         (JSC::Debugger::forEachCodeBlock):
2478         (JSC::Debugger::setSteppingMode):
2479         (JSC::Debugger::recompileAllJSFunctions):
2480         * inspector/agents/InspectorRuntimeAgent.cpp:
2481         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2482         * runtime/Options.h: Reenable call edge profiling.
2483         * runtime/VM.cpp:
2484         (JSC::VM::prepareToDiscardCode): Make sure this also processes the call edge log, in case any call edge profiles are about to be destroyed.
2485         (JSC::VM::discardAllCode):
2486         (JSC::VM::releaseExecutableMemory):
2487         (JSC::VM::setEnabledProfiler):
2488         (JSC::VM::waitForCompilationsToComplete): Deleted.
2489         * runtime/VM.h: Rename waitForCompilationsToComplete() back to prepareToDiscardCode() because the purpose of the method - now as ever - is to do all of the things that need to be done to ensure that code may be safely deleted.
2490
2491 2014-09-04  Akos Kiss  <akiss@inf.u-szeged.hu>
2492
2493         Ensure that the call frame set up by vmEntryToNative does not overlap with the stack of the callee
2494         https://bugs.webkit.org/show_bug.cgi?id=136485
2495
2496         Reviewed by Michael Saboff.
2497
2498         Changed makeHostFunctionCall to keep the stack pointer above the call
2499         frame set up by doVMEntry. Thus the callee will/can not override the top
2500         of the call frame.
2501
2502         Refactored the two (32_64 and 64) versions of makeHostFunctionCall to be
2503         more alike to help future maintenance.
2504
2505         * llint/LowLevelInterpreter32_64.asm:
2506         * llint/LowLevelInterpreter64.asm:
2507
2508 2014-09-04  Michael Saboff  <msaboff@apple.com>
2509
2510         REGRESSION(r173031): crashes during run-layout-jsc on x86/Linux
2511         https://bugs.webkit.org/show_bug.cgi?id=136436
2512
2513         Reviewed by Geoffrey Garen.
2514
2515         Instead of trying to calculate a stack pointer that allows for possible
2516         stacked argument space, just use the "home" stack pointer location.
2517         That stack pointer provides space for the worst case number of stacked
2518         arguments on architectures that use stacked arguments.  It also provides
2519         stack space so that the return PC and caller frame pointer that are stored
2520         as part of making the call to operationCallEval will not override any part
2521         of the callee frame created on the stack.
2522
2523         Changed compileCallEval() to use the stackPointer value of the calling
2524         function.  That stack pointer is calculated to have enough space for
2525         outgoing stacked arguments.  By moving the stack pointer to its "home"
2526         position, the caller frame and return PC are not set as part of making
2527         the call to operationCallEval().  Moved the explicit setting of the
2528         callerFrame field of the callee CallFrame from operationCallEval() to
2529         compileCallEval() since it has been the artifact of making a call for
2530         most architectures.  Simplified the exception logic in compileCallEval()
2531         as a result of the change.  To be compliant with the stack state
2532         expected by virtualCallThunkGenerator(), moved the stack pointer to
2533         point above the CallerFrameAndPC of the callee CallFrame.
2534
2535         * jit/JIT.h: Changed callOperationNoExceptionCheck(J_JITOperation_EE, ...)
2536         to callOperation(J_JITOperation_EE, ...) as it now can do a typical exception
2537         check.
2538         * jit/JITCall.cpp & jit/JITCall32_64.cpp:
2539         (JSC::JIT::compileCallEval): Use the home stack pointer when making the call
2540         to operationCallEval.  Since the stack pointer adjustment no longer needs
2541         to be done after making the call to operationCallEval(), the exception check
2542         logic can be simplified.
2543         (JSC::JIT::compileCallEvalSlowCase): Restored the stack pointer to point
2544         to above the calleeFrame as this is what the generated thunk expects.
2545         * jit/JITInlines.h:
2546         (JSC::JIT::callOperation): Refactor of callOperationNoExceptionCheck
2547         with the addition of a standard exception check.
2548         (JSC::JIT::callOperationNoExceptionCheck): Deleted.
2549         * jit/JITOperations.cpp:
2550         (JSC::operationCallEval): Eliminated the explicit setting of caller frame
2551         as that is now done in the code generated by compileCallEval().
2552
2553 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2554
2555         Beef up the DFG's CFG analyses to include iterated dominance frontiers and more user-friendly BlockSets
2556         https://bugs.webkit.org/show_bug.cgi?id=136520
2557
2558         Reviewed by Geoffrey Garen.
2559         
2560         Add code to compute iterated dominance frontiers. This involves using BlockSet a lot, so
2561         this patch also makes BlockSet a lot more user-friendly.
2562
2563         * CMakeLists.txt:
2564         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2565         * JavaScriptCore.xcodeproj/project.pbxproj:
2566         * dfg/DFGBasicBlock.h:
2567         * dfg/DFGBlockSet.cpp: Added.
2568         (JSC::DFG::BlockSet::dump):
2569         * dfg/DFGBlockSet.h:
2570         (JSC::DFG::BlockSet::iterator::iterator):
2571         (JSC::DFG::BlockSet::iterator::operator++):
2572         (JSC::DFG::BlockSet::iterator::operator==):
2573         (JSC::DFG::BlockSet::iterator::operator!=):
2574         (JSC::DFG::BlockSet::Iterable::Iterable):
2575         (JSC::DFG::BlockSet::Iterable::begin):
2576         (JSC::DFG::BlockSet::Iterable::end):
2577         (JSC::DFG::BlockSet::iterable):
2578         (JSC::DFG::BlockAdder::BlockAdder):
2579         (JSC::DFG::BlockAdder::operator()):
2580         * dfg/DFGBlockSetInlines.h: Added.
2581         (JSC::DFG::BlockSet::iterator::operator*):
2582         * dfg/DFGDominators.cpp:
2583         (JSC::DFG::Dominators::strictDominatorsOf):
2584         (JSC::DFG::Dominators::dominatorsOf):
2585         (JSC::DFG::Dominators::blocksStrictlyDominatedBy):
2586         (JSC::DFG::Dominators::blocksDominatedBy):
2587         (JSC::DFG::Dominators::dominanceFrontierOf):
2588         (JSC::DFG::Dominators::iteratedDominanceFrontierOf):
2589         * dfg/DFGDominators.h:
2590         (JSC::DFG::Dominators::forAllStrictDominatorsOf):
2591         (JSC::DFG::Dominators::forAllDominatorsOf):
2592         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy):
2593         (JSC::DFG::Dominators::forAllBlocksDominatedBy):
2594         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf):
2595         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
2596         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl):
2597         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl):
2598         * dfg/DFGGraph.cpp:
2599         (JSC::DFG::Graph::dumpBlockHeader):
2600         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2601         (JSC::DFG::InvalidationPointInjectionPhase::run):
2602
2603 2014-09-04  Mark Lam  <mark.lam@apple.com>
2604
2605         Fixed indentations and some style warnings in JavaScriptCore/runtime.
2606         <https://webkit.org/b/136518>
2607
2608         Reviewed by Michael Saboff.
2609
2610         Also removed some superflous spaces.  There are no semantic changes.
2611
2612         * runtime/Completion.h:
2613         * runtime/ConstructData.h:
2614         * runtime/DateConstructor.h:
2615         * runtime/DateInstance.h:
2616         * runtime/DateInstanceCache.h:
2617         * runtime/DatePrototype.h:
2618         * runtime/Error.h:
2619         * runtime/ErrorConstructor.h:
2620         * runtime/ErrorInstance.h:
2621         * runtime/ErrorPrototype.h:
2622         * runtime/FunctionConstructor.h:
2623         * runtime/FunctionPrototype.h:
2624         * runtime/GetterSetter.h:
2625         * runtime/Identifier.h:
2626         * runtime/InitializeThreading.h:
2627         * runtime/InternalFunction.h:
2628         * runtime/JSAPIValueWrapper.h:
2629         * runtime/JSFunction.h:
2630         * runtime/JSLock.h:
2631         * runtime/JSNotAnObject.h:
2632         * runtime/JSONObject.h:
2633         * runtime/JSString.h:
2634         * runtime/JSTypeInfo.h:
2635         * runtime/JSWrapperObject.h:
2636         * runtime/Lookup.h:
2637         * runtime/MathObject.h:
2638         * runtime/NativeErrorConstructor.h:
2639         * runtime/NativeErrorPrototype.h:
2640         * runtime/NumberConstructor.h:
2641         * runtime/NumberObject.h:
2642         * runtime/NumberPrototype.h:
2643         * runtime/NumericStrings.h:
2644         * runtime/ObjectConstructor.h:
2645         * runtime/ObjectPrototype.h:
2646         * runtime/PropertyDescriptor.h:
2647         * runtime/Protect.h:
2648         * runtime/PutPropertySlot.h:
2649         * runtime/RegExp.h:
2650         * runtime/RegExpCachedResult.h:
2651         * runtime/RegExpConstructor.h:
2652         * runtime/RegExpMatchesArray.h:
2653         * runtime/RegExpObject.h:
2654         * runtime/RegExpPrototype.h:
2655         * runtime/SmallStrings.h:
2656         * runtime/StringConstructor.h:
2657         * runtime/StringObject.h:
2658         * runtime/StringPrototype.h:
2659         * runtime/StructureChain.h:
2660         * runtime/VM.h:
2661
2662 2014-09-04  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2663
2664         Remove CSS_FILTERS flag
2665         https://bugs.webkit.org/show_bug.cgi?id=136529
2666
2667         Reviewed by Dirk Schulze.
2668
2669         * Configurations/FeatureDefines.xcconfig:
2670
2671 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2672
2673         Unreviewed, rolling out r173248.
2674         https://bugs.webkit.org/show_bug.cgi?id=136536
2675
2676         call edge profiling and polymorphic call inlining are still
2677         causing crashes (Requested by eric_carlson on #webkit).
2678
2679         Reverted changeset:
2680
2681         "Reenable call edge profiling and polymorphic call inlining,
2682         now that a bunch of the bugs"
2683         http://trac.webkit.org/changeset/173248
2684
2685 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2686
2687         Web Inspector: the profiler should not accrue time to nodes while the debugger is paused
2688         https://bugs.webkit.org/show_bug.cgi?id=136352
2689
2690         Reviewed by Timothy Hatcher.
2691
2692         Hook up pause/continue events to the LegacyProfiler and any active
2693         ProfilerGenerators. If the debugger is paused, all intervening call
2694         entries will be created with totalTime as 0.0.
2695
2696         * inspector/ScriptDebugServer.cpp:
2697         (Inspector::ScriptDebugServer::handlePause):
2698         * profiler/LegacyProfiler.cpp: Move from typedef'd callbacks to using
2699         std::function. This allows callbacks to take different argument types.
2700
2701         (JSC::callFunctionForProfilesWithGroup):
2702         (JSC::LegacyProfiler::willExecute):
2703         (JSC::LegacyProfiler::didExecute):
2704         (JSC::LegacyProfiler::exceptionUnwind):
2705         (JSC::LegacyProfiler::didPause):
2706         (JSC::LegacyProfiler::didContinue):
2707         (JSC::dispatchFunctionToProfiles): Deleted.
2708         * profiler/LegacyProfiler.h:
2709         * profiler/ProfileGenerator.cpp:
2710         (JSC::ProfileGenerator::ProfileGenerator):
2711         (JSC::ProfileGenerator::endCallEntry):
2712         (JSC::ProfileGenerator::didExecute): Deleted.
2713         * profiler/ProfileGenerator.h:
2714         (JSC::ProfileGenerator::didPause):
2715         (JSC::ProfileGenerator::didContinue):
2716
2717 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2718
2719         Unreviewed, rolling out r173245.
2720         https://bugs.webkit.org/show_bug.cgi?id=136533
2721
2722         Broke JSC tests. (Requested by ddkilzer on #webkit).
2723
2724         Reverted changeset:
2725
2726         "JavaScriptCore should build with newer clang"
2727         https://bugs.webkit.org/show_bug.cgi?id=136002
2728         http://trac.webkit.org/changeset/173245
2729
2730 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2731
2732         LegacyProfiler: ProfileNodes should be used more like structs
2733         https://bugs.webkit.org/show_bug.cgi?id=136381
2734
2735         Reviewed by Timothy Hatcher.
2736
2737         Previously, both the profile generator and individual profile nodes
2738         were collectively responsible for creating new Call entries and
2739         maintaining data structure invariants. This complexity is unnecessary.
2740
2741         This patch centralizes profile data creation inside the profile generator.
2742         The profile nodes manage nextSibling and parent pointers, but do not
2743         collect the current time or create new Call entries themselves.
2744
2745         Since ProfileNode::nextSibling and its callers are only used within
2746         debug printing code, it should be compiled out for release builds.
2747
2748         * profiler/ProfileGenerator.cpp:
2749         (JSC::ProfileGenerator::ProfileGenerator):
2750         (JSC::AddParentForConsoleStartFunctor::operator()):
2751         (JSC::ProfileGenerator::beginCallEntry): create a new Call entry.
2752         (JSC::ProfileGenerator::endCallEntry): finish the last Call entry.
2753         (JSC::ProfileGenerator::willExecute): inline ProfileNode::willExecute()
2754         (JSC::ProfileGenerator::didExecute): inline ProfileNode::didExecute()
2755         (JSC::ProfileGenerator::stopProfiling): Only walk up the spine.
2756         (JSC::ProfileGenerator::removeProfileStart):
2757         (JSC::ProfileGenerator::removeProfileEnd):
2758         * profiler/ProfileGenerator.h:
2759         * profiler/ProfileNode.cpp:
2760         (JSC::ProfileNode::ProfileNode):
2761         (JSC::ProfileNode::addChild):
2762         (JSC::ProfileNode::removeChild):
2763         (JSC::ProfileNode::spliceNode): Renamed from insertNode.
2764         (JSC::ProfileNode::debugPrintRecursively):
2765         (JSC::ProfileNode::willExecute): Deleted.
2766         (JSC::ProfileNode::insertNode): Deleted.
2767         (JSC::ProfileNode::stopProfiling): Deleted.
2768         (JSC::ProfileNode::traverseNextNodePostOrder):
2769         (JSC::ProfileNode::endAndRecordCall): Deleted.
2770         (JSC::ProfileNode::debugPrintDataSampleStyle):
2771         * profiler/ProfileNode.h:
2772         (JSC::ProfileNode::Call::setStartTime):
2773         (JSC::ProfileNode::Call::setTotalTime):
2774         (JSC::ProfileNode::appendCall):
2775         (JSC::ProfileNode::firstChild):
2776         (JSC::ProfileNode::lastChild):
2777         (JSC::ProfileNode::nextSibling):
2778         (JSC::ProfileNode::setNextSibling):
2779
2780 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2781
2782         Web Inspector: fix prefixes for subclasses of JSC::ConsoleClient
2783         https://bugs.webkit.org/show_bug.cgi?id=136476
2784
2785         Reviewed by Timothy Hatcher.
2786
2787         * CMakeLists.txt:
2788         * JavaScriptCore.xcodeproj/project.pbxproj:
2789         * inspector/JSGlobalObjectConsoleClient.cpp: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.cpp.
2790         * inspector/JSGlobalObjectConsoleClient.h: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.h.
2791         * inspector/JSGlobalObjectInspectorController.cpp:
2792         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2793         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2794         * inspector/JSGlobalObjectInspectorController.h:
2795
2796 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2797
2798         Reenable call edge profiling and polymorphic call inlining, now that a bunch of the bugs
2799         are fixed.
2800
2801         * runtime/Options.h:
2802
2803 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2804
2805         JavaScriptCore should build with newer clang
2806         <http://webkit.org/b/136002>
2807         <rdar://problem/18020616>
2808
2809         Reviewed by Geoffrey Garen.
2810
2811         Other than the JSC::SourceProvider::asID() change (which simply
2812         removes code that the optimizing compiler would have discarded
2813         in Release builds), we move the |this| checks in OpaqueJSString
2814         to NULL checks in to JSBase, JSScriptRef, JSStringRef{CF} and
2815         JSValueRef.
2816
2817         * API/JSBase.cpp:
2818         (JSEvaluateScript): Use String() in case |script| or |sourceURL|
2819         are NULL.
2820         * API/JSScriptRef.cpp:
2821         (JSScriptCreateReferencingImmortalASCIIText): Use String() in
2822         case |url| is NULL.
2823         * API/JSStringRef.cpp:
2824         (JSStringGetLength): Return early if NULL pointer is passed in.
2825         (JSStringGetCharactersPtr): Ditto.
2826         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2827         * API/JSStringRefCF.cpp:
2828         (JSStringCopyCFString): Ditto.
2829         * API/JSValueRef.cpp:
2830         (JSValueMakeString): Use String() in case |string| is NULL.
2831
2832         * API/OpaqueJSString.cpp:
2833         (OpaqueJSString::string): Remove code that checks |this|.
2834         (OpaqueJSString::identifier): Ditto.
2835         (OpaqueJSString::characters): Ditto.
2836         * API/OpaqueJSString.h:
2837         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2838         (OpaqueJSString::characters8): Ditto.
2839         (OpaqueJSString::characters16): Ditto.
2840         (OpaqueJSString::length): Ditto.
2841
2842         * parser/SourceProvider.h:
2843         (JSC::SourceProvider::asID): Remove code that checks |this|.
2844
2845 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2846
2847         CallEdgeProfile::visitWeak() shouldn't attempt to despecify empty profiles
2848         https://bugs.webkit.org/show_bug.cgi?id=136511
2849
2850         Reviewed by Geoffrey Garen.
2851
2852         * bytecode/CallEdgeProfile.cpp:
2853         (JSC::CallEdgeProfile::worthDespecifying):
2854         (JSC::CallEdgeProfile::visitWeak):
2855         (JSC::CallEdgeProfile::mergeBack):
2856
2857 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2858
2859         REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction.h was removed
2860         <http://webkit.org/b/136509>
2861
2862         Reviewed by Daniel Bates.
2863
2864         * JavaScriptCore.xcodeproj/project.pbxproj: Remove the (null)
2865         entry left behind when JSBoundFunction.h was removed.
2866
2867 2014-09-03  Joseph Pecoraro  <pecoraro@apple.com>
2868
2869         Avoid warning if a process does not have access to com.apple.webinspector
2870         https://bugs.webkit.org/show_bug.cgi?id=136473
2871
2872         Reviewed by Alexey Proskuryakov.
2873
2874         Pre-check for access to the mach port to avoid emitting warnings
2875         in syslog for processes that do not have access.
2876
2877         * inspector/remote/RemoteInspector.mm:
2878         (Inspector::canAccessWebInspectorMachPort):
2879         (Inspector::RemoteInspector::shared):
2880
2881 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2882
2883         Temporarily disable call edge profiling. It is causing crashes and I'm still investigating
2884         them.
2885
2886         * runtime/Options.h:
2887
2888 2014-09-03  Balazs Kilvady  <kilvadyb@homejinni.com>
2889
2890         [MIPS] Wrong register usage in LLInt op_catch.
2891         https://bugs.webkit.org/show_bug.cgi?id=125168
2892
2893         Reviewed by Geoffrey Garen.
2894
2895         Fix register usage and add PIC header to all the ops in LLInt.
2896
2897         * offlineasm/instructions.rb:
2898         * offlineasm/mips.rb:
2899
2900 2014-09-03  Saam Barati  <saambarati1@gmail.com>
2901
2902         Create tests for type profiling
2903         https://bugs.webkit.org/show_bug.cgi?id=136161
2904
2905         Reviewed by Geoffrey Garen.
2906
2907         The type profiler is now being tested. These are basic tests that don't 
2908         check every edge case, but will catch any major failures in the type profiler. 
2909         These tests cover:
2910         - The basic, inheritance-based type system in TypeSet.
2911         - Function return types.
2912         - Correct merging of types for multiple assignments to one variable.
2913
2914         This patch also provides an API for writing new tests for
2915         the type profiler. The API works by passing in a function and a 
2916         unique substring of an expression contained in that function, and 
2917         returns an object representing type information for that expression.
2918
2919         * jsc.cpp:
2920         (GlobalObject::finishCreation):
2921         (functionFindTypeForExpression):
2922         (functionReturnTypeFor):
2923         * runtime/TypeProfiler.cpp:
2924         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
2925         * runtime/TypeProfiler.h:
2926         * runtime/TypeProfilerLog.h:
2927         * runtime/TypeSet.cpp:
2928         (JSC::TypeSet::toJSONString):
2929         (JSC::StructureShape::toJSONString):
2930         * runtime/TypeSet.h:
2931         * tests/typeProfiler: Added.
2932         * tests/typeProfiler.yaml: Added.
2933         * tests/typeProfiler/basic.js: Added.
2934         (wrapper.foo):
2935         (wrapper):
2936         * tests/typeProfiler/captured.js: Added.
2937         (wrapper.changeFoo):
2938         (wrapper):
2939         * tests/typeProfiler/driver: Added.
2940         * tests/typeProfiler/driver/driver.js: Added.
2941         (assert):
2942         * tests/typeProfiler/inheritance.js: Added.
2943         (wrapper.A):
2944         (wrapper.B):
2945         (wrapper.C):
2946         (wrapper):
2947         * tests/typeProfiler/return.js: Added.
2948         (foo):
2949         (Ctor):
2950
2951 2014-09-03  Julien Brianceau   <jbriance@cisco.com>
2952
2953         Add missing implementations to fix build for sh4 architecture
2954         https://bugs.webkit.org/show_bug.cgi?id=136455
2955
2956         Reviewed by Geoffrey Garen.
2957
2958         * assembler/MacroAssemblerSH4.h:
2959         (JSC::MacroAssemblerSH4::store8):
2960         (JSC::MacroAssemblerSH4::moveWithPatch):
2961         (JSC::MacroAssemblerSH4::branchAdd32):
2962         (JSC::MacroAssemblerSH4::branch32WithPatch):
2963         (JSC::MacroAssemblerSH4::abortWithReason):
2964         (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranch32WithPatch):
2965         (JSC::MacroAssemblerSH4::startOfPatchableBranch32WithPatchOnAddress):
2966         (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranch32WithPatch):
2967         * jit/AssemblyHelpers.h:
2968         (JSC::AssemblyHelpers::emitFunctionPrologue):
2969         (JSC::AssemblyHelpers::emitFunctionEpilogue):
2970
2971 2014-09-03  Dan Bernstein  <mitz@apple.com>
2972
2973         Get rid of HIGH_DPI_CANVAS leftovers
2974         https://bugs.webkit.org/show_bug.cgi?id=136491
2975
2976         Reviewed by Benjamin Poulain.
2977
2978         * Configurations/FeatureDefines.xcconfig: Removed definition of ENABLE_HIGH_DPI_CANVAS
2979         and removed it from FEATURE_DEFINES.
2980
2981 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2982
2983         CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
2984         https://bugs.webkit.org/show_bug.cgi?id=136490
2985
2986         Reviewed by Geoffrey Garen.
2987
2988         * bytecode/CallEdgeProfile.cpp:
2989         (JSC::CallEdgeProfile::visitWeak):
2990
2991 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2992
2993         FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
2994         https://bugs.webkit.org/show_bug.cgi?id=136488
2995
2996         Reviewed by Mark Hahnenberg.
2997
2998         * ftl/FTLCompile.cpp:
2999         (JSC::FTL::generateCheckInICFastPath): The call is in the slow path.
3000         * tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.
3001         (foo):
3002
3003 2014-09-03  Akos Kiss  <akiss@inf.u-szeged.hu>
3004
3005         Don't generate superfluous mov instructions for move immediate on ARM64.
3006         https://bugs.webkit.org/show_bug.cgi?id=136435
3007
3008         Reviewed by Michael Saboff.
3009
3010         On ARM64, the size of an immediate operand for a mov instruction is 16
3011         bits. Thus, a move immediate offlineasm instruction may potentially be
3012         split up to several machine level instructions. The current
3013         implementation always emits a mov for the least significant 16 bits of
3014         the value. However, if any of the bits 63:16 are significant then the
3015         first emitted mov already filled bits 15:0 with zeroes (or ones, for
3016         negative values). So, if bits 15:0 of the value are all zeroes (or ones)
3017         then the last mov does not need to be emitted.
3018
3019         * offlineasm/arm64.rb:
3020
3021 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
3022
3023         LegacyProfiler: remove redundant ProfileNode members and other cleanup
3024         https://bugs.webkit.org/show_bug.cgi?id=136380
3025
3026         Reviewed by Timothy Hatcher.
3027
3028         ProfileNode's selfTime and totalTime members are redundant and only used
3029         for dumping profile data from debug-only code. Remove the members and compute
3030         the same data on-demand when necessary using a postorder traversal functor.
3031
3032         Remove ProfileNode.head since it is only used to calculate percentages for
3033         dumped profile data. This can be explicitly passed around when needed.
3034
3035         Rename Profile.head to Profile.rootNode, and other various renamings.
3036
3037         Rearrange some header includes so that touching LegacyProfiler-related headers
3038         will no longer cause a full rebuild.
3039
3040         * inspector/JSConsoleClient.cpp: Add header include.
3041         * inspector/agents/InspectorProfilerAgent.cpp:
3042         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
3043         * inspector/protocol/Profiler.json: Remove unused Profile.idleTime member.
3044         * jit/JIT.h: Remove header include.
3045         * jit/JITCode.h: Remove header include.
3046         * jit/JITOperations.cpp: Sort and add header include.
3047         * llint/LLIntSlowPaths.cpp: Sort and add header include.
3048         * profiler/Profile.cpp: Rename the debug dumping functions. Move the node
3049         postorder traversal code to ProfileNode so we can traverse any subtree.
3050         (JSC::Profile::Profile):
3051         (JSC::Profile::debugPrint):
3052         (JSC::Profile::debugPrintSampleStyle):
3053         (JSC::Profile::forEach): Deleted.
3054         (JSC::Profile::debugPrintData): Deleted.
3055         (JSC::Profile::debugPrintDataSampleStyle): Deleted.
3056         * profiler/Profile.h:
3057         * profiler/ProfileGenerator.cpp:
3058         (JSC::ProfileGenerator::ProfileGenerator):
3059         (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
3060         (JSC::AddParentForConsoleStartFunctor::operator()):
3061         (JSC::ProfileGenerator::addParentForConsoleStart):
3062         (JSC::ProfileGenerator::didExecute):
3063         (JSC::StopProfilingFunctor::operator()):
3064         (JSC::ProfileGenerator::stopProfiling):
3065         (JSC::ProfileGenerator::removeProfileStart):
3066         (JSC::ProfileGenerator::removeProfileEnd):
3067         * profiler/ProfileGenerator.h:
3068         * profiler/ProfileNode.cpp:
3069         (JSC::ProfileNode::ProfileNode):
3070         (JSC::ProfileNode::willExecute):
3071         (JSC::ProfileNode::removeChild):
3072         (JSC::ProfileNode::stopProfiling):
3073         (JSC::ProfileNode::endAndRecordCall):
3074         (JSC::ProfileNode::debugPrint):
3075         (JSC::ProfileNode::debugPrintSampleStyle):
3076         (JSC::ProfileNode::debugPrintRecursively):
3077         (JSC::ProfileNode::debugPrintSampleStyleRecursively):
3078         (JSC::ProfileNode::debugPrintData): Deleted.
3079         (JSC::ProfileNode::debugPrintDataSampleStyle): Deleted.
3080         * profiler/ProfileNode.h: Calculate per-node self and total times using a postorder traversal.
3081         The forEachNodePostorder functor traverses the subtree rooted at |this|.
3082         (JSC::ProfileNode::create):
3083         (JSC::ProfileNode::calls):
3084         (JSC::ProfileNode::forEachNodePostorder):
3085         (JSC::CalculateProfileSubtreeDataFunctor::returnValue):
3086         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
3087         (JSC::ProfileNode::head): Deleted.
3088         (JSC::ProfileNode::setHead): Deleted.
3089         (JSC::ProfileNode::totalTime): Deleted.
3090         (JSC::ProfileNode::setTotalTime): Deleted.
3091         (JSC::ProfileNode::selfTime): Deleted.
3092         (JSC::ProfileNode::setSelfTime): Deleted.
3093         (JSC::ProfileNode::totalPercent): Deleted.
3094         (JSC::ProfileNode::selfPercent): Deleted.
3095         * runtime/ConsoleClient.h: Remove header include.
3096
3097 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
3098
3099         Web Inspector: remove ProfilerAgent and legacy profiler files in the frontend
3100         https://bugs.webkit.org/show_bug.cgi?id=136462
3101
3102         Reviewed by Timothy Hatcher.
3103
3104         It's not used by the frontend anymore.
3105
3106         * CMakeLists.txt:
3107         * DerivedSources.make:
3108         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3109         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3110         * JavaScriptCore.xcodeproj/project.pbxproj:
3111
3112         * inspector/JSConsoleClient.cpp:
3113         (Inspector::JSConsoleClient::JSConsoleClient): Stub out console.profile/profileEnd
3114         methods since they didn't work for JSContexts anyway.
3115         (Inspector::JSConsoleClient::profile):
3116         (Inspector::JSConsoleClient::profileEnd):
3117         * inspector/JSConsoleClient.h:
3118
3119         * inspector/JSGlobalObjectInspectorController.cpp:
3120         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
3121         * inspector/agents/InspectorProfilerAgent.cpp: Removed.
3122         * inspector/agents/InspectorProfilerAgent.h: Removed.
3123         * inspector/agents/JSGlobalObjectProfilerAgent.cpp: Removed.
3124         * inspector/agents/JSGlobalObjectProfilerAgent.h: Removed.
3125         * inspector/protocol/Profiler.json: Removed.
3126
3127 2014-09-02  Andreas Kling  <akling@apple.com>
3128
3129         Optimize own property GetByVals with rope string subscripts.
3130         <https://webkit.org/b/136458>
3131
3132         For simple JSObjects that don't override getOwnPropertySlot to implement
3133         custom properties, we have a fast path that grabs directly at the object
3134         property storage.
3135
3136         Make this fast path even faster when the property name is an unresolved
3137         rope string by using JSString::toExistingAtomicString(). This is faster
3138         because it avoids allocating a new StringImpl if the string is already
3139         a known Identifier, which is guaranteed to be the case if it's present
3140         as an own property on the object.)
3141
3142         ~10% speed-up on Dromaeo/dom-attr.html
3143
3144         Reviewed by Geoffrey Garen.
3145
3146         * dfg/DFGOperations.cpp:
3147         * jit/JITOperations.cpp:
3148         (JSC::getByVal):
3149         * llint/LLIntSlowPaths.cpp:
3150         (JSC::LLInt::getByVal):
3151
3152             When using the fastGetOwnProperty() optimization, get the String
3153             out of JSString by using toExistingAtomicString(). This avoids
3154             StringImpl allocation and lets us bypass the PropertyTable lookup
3155             entirely if no AtomicString is found.
3156
3157         * runtime/JSCell.h:
3158         * runtime/JSCellInlines.h:
3159         (JSC::JSCell::fastGetOwnProperty):
3160
3161             Make fastGetOwnProperty() take a PropertyName instead of a String.
3162             This avoids churning the ref count, since we don't need to create
3163             a temporary wrapper around the AtomicStringImpl* found in GetByVal.
3164
3165         * runtime/PropertyName.h:
3166         (JSC::PropertyName::PropertyName):
3167
3168             Add constructor: PropertyName(AtomicStringImpl*)
3169
3170         * runtime/PropertyMapHashTable.h:
3171         (JSC::PropertyTable::get):
3172         (JSC::PropertyTable::findWithString): Deleted.
3173         * runtime/Structure.h:
3174         * runtime/StructureInlines.h:
3175         (JSC::Structure::get):
3176
3177             Remove code for querying a PropertyTable with an unhashed string key
3178             since the only client is now gone.
3179
3180 2014-09-02  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
3181
3182         [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
3183         https://bugs.webkit.org/show_bug.cgi?id=136429
3184
3185         Reviewed by Csaba Osztrogonác.
3186
3187         Changed test32 to use tst to check if reg is zero, instead of cmp.
3188
3189         * assembler/MacroAssemblerARM.h:
3190         (JSC::MacroAssemblerARM::test32):
3191
3192 2014-09-02  Michael Saboff  <msaboff@apple.com>
3193
3194         Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
3195         https://bugs.webkit.org/show_bug.cgi?id=136305
3196
3197         Reviewed by Filip Pizlo.
3198
3199         While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
3200         and then JITCode::execute() calls the normal entrypoint.  This is incompatible
3201         with the expectation of FTL generated functions.  Changed ProtoCallFrame to not 
3202         perform the arity fix, but just flag an arity mismatch.  now JITCode::execute()
3203         uses that arity mismatch condition to select the normal or arity check
3204         entrypoint.  The entrypoint selection is only done for functions, programs
3205         and eval always have one parameter.
3206
3207         * interpreter/ProtoCallFrame.cpp:
3208         (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
3209         * interpreter/ProtoCallFrame.h:
3210         (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
3211         should be called.
3212         * jit/JITCode.cpp:
3213         (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
3214
3215 2014-09-02  peavo@outlook.com  <peavo@outlook.com>
3216
3217         [WinCairo] testapi.exe is not built.
3218         https://bugs.webkit.org/show_bug.cgi?id=136369
3219
3220         Reviewed by Alex Christensen.
3221
3222         The testapi project should be of type Application.
3223
3224         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
3225         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
3226         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
3227         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
3228
3229 2014-09-01  Akos Kiss  <akiss@inf.u-szeged.hu>
3230
3231         [CMAKE] Add missing offlineasm dependencies
3232         https://bugs.webkit.org/show_bug.cgi?id=136437
3233
3234         Reviewed by Csaba Osztrogonác.
3235
3236         Add the ARM64, MIPS and SH4 backends to the dependencies.
3237
3238         * CMakeLists.txt:
3239
3240 2014-09-01  Brian J. Burg  <burg@cs.washington.edu>
3241
3242         Provide column numbers to DTrace willExecute/didExecute probes
3243         https://bugs.webkit.org/show_bug.cgi?id=136434
3244
3245         Reviewed by Antti Koivisto.
3246
3247         Provide the columnNumber and update stubs for !HAVE(DTRACE).
3248
3249         * profiler/ProfileGenerator.cpp:
3250         (JSC::ProfileGenerator::willExecute):
3251         (JSC::ProfileGenerator::didExecute):
3252         * runtime/Tracing.d:
3253         * runtime/Tracing.h:
3254
3255 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3256
3257         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
3258         https://bugs.webkit.org/show_bug.cgi?id=136194
3259
3260         Reviewed by Csaba Osztrogonác.
3261
3262         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
3263
3264         * CMakeLists.txt:
3265
3266 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
3267
3268         Use RetainPtr::autorelease in some places where it seems appropriate
3269         https://bugs.webkit.org/show_bug.cgi?id=136280
3270
3271         Reviewed by Darin Adler.
3272
3273         * API/JSContext.mm:
3274         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
3275         * API/JSValue.mm:
3276         (valueToString): Make appropriate use of RetainPtr
3277
3278 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
3279
3280         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
3281         https://bugs.webkit.org/show_bug.cgi?id=136391
3282
3283         Reviewed by Michael Saboff.
3284
3285         Do not rely on calling conventions to fill in the CallerFrame component
3286         of the ExecState* parameter of the called function.
3287
3288         * llint/LowLevelInterpreter32_64.asm:
3289         * llint/LowLevelInterpreter64.asm:
3290
3291 2014-08-29  Saam Barati  <sbarati@apple.com>
3292
3293         emit op_profile_type for deconstruction assignments
3294         https://bugs.webkit.org/show_bug.cgi?id=136274
3295
3296         Reviewed by Filip Pizlo.
3297
3298         Enable type profiling for ES6 deconstruction expressions.
3299
3300         * bytecompiler/NodesCodegen.cpp:
3301         (JSC::BindingNode::bindValue):
3302
3303 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
3304
3305         JavaScriptCore: Use ASCIILiteral where possible
3306         https://bugs.webkit.org/show_bug.cgi?id=136179
3307
3308         Reviewed by Michael Saboff.
3309
3310         General string / character related changes. Use ASCIILiteral where
3311         possible, jsNontrivialString where possible, and replace string
3312         literals with character literals in some places.
3313
3314         No new tests, no changes to functionality.
3315
3316         * bytecode/CodeBlock.cpp:
3317         (JSC::CodeBlock::nameForRegister):
3318         * bytecompiler/NodesCodegen.cpp:
3319         (JSC::PostfixNode::emitBytecode):
3320         (JSC::PrefixNode::emitBytecode):
3321         (JSC::AssignErrorNode::emitBytecode):
3322         (JSC::ForInNode::emitMultiLoopBytecode):
3323         (JSC::ForOfNode::emitBytecode):
3324         (JSC::ObjectPatternNode::toString):
3325         * dfg/DFGFunctionWhitelist.cpp:
3326         (JSC::DFG::FunctionWhitelist::contains):
3327         * dfg/DFGOperations.cpp:
3328         (JSC::DFG::newTypedArrayWithSize):
3329         (JSC::DFG::newTypedArrayWithOneArgument):
3330         * inspector/ConsoleMessage.cpp:
3331         (Inspector::ConsoleMessage::addToFrontend):
3332         * inspector/InspectorBackendDispatcher.cpp:
3333         (Inspector::InspectorBackendDispatcher::dispatch):
3334         * inspector/ScriptCallStackFactory.cpp:
3335         (Inspector::extractSourceInformationFromException):
3336         * inspector/scripts/codegen/generator_templates.py:
3337         * interpreter/StackVisitor.cpp:
3338         (JSC::StackVisitor::Frame::functionName):
3339         (JSC::StackVisitor::Frame::sourceURL):
3340         * jit/JITOperations.cpp:
3341         * jsc.cpp:
3342         (functionDescribeArray):
3343         (functionRun):
3344         (functionLoad):
3345         (functionReadFile):
3346         (functionCheckSyntax):
3347         (functionTransferArrayBuffer):
3348         (runWithScripts):
3349         (runInteractive):
3350         * parser/Lexer.cpp:
3351         (JSC::Lexer<T>::invalidCharacterMessage):
3352         (JSC::Lexer<T>::parseString):
3353         (JSC::Lexer<T>::parseStringSlowCase):
3354         (JSC::Lexer<T>::lex):
3355         * profiler/Profile.cpp:
3356         (JSC::Profile::Profile):
3357         * runtime/Arguments.cpp:
3358         (JSC::argumentsFuncIterator):
3359         * runtime/ArrayPrototype.cpp:
3360         (JSC::performSlowSort):
3361         (JSC::arrayProtoFuncSort):
3362         * runtime/ExceptionHelpers.cpp:
3363         (JSC::createError):
3364         (JSC::createInvalidParameterError):
3365         (JSC::createNotAConstructorError):
3366        &