efd55bff103a156ac795754d6448a5a8c7c5b2d8
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-13  Commit Queue  <commit-queue@webkit.org>
2
3         Unreviewed, rolling out r188428.
4         https://bugs.webkit.org/show_bug.cgi?id=148015
5
6         broke cmake build (Requested by alexchristensen on #webkit).
7
8         Reverted changeset:
9
10         "Move some commands from ./CMakeLists.txt to Source/cmake"
11         https://bugs.webkit.org/show_bug.cgi?id=148003
12         http://trac.webkit.org/changeset/188428
13
14 2015-08-13  Commit Queue  <commit-queue@webkit.org>
15
16         Unreviewed, rolling out r188431.
17         https://bugs.webkit.org/show_bug.cgi?id=148013
18
19         JSC headers are too hard to understand (Requested by smfr on
20         #webkit).
21
22         Reverted changeset:
23
24         "Remove a few includes from JSGlobalObject.h"
25         https://bugs.webkit.org/show_bug.cgi?id=148004
26         http://trac.webkit.org/changeset/188431
27
28 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
29
30         [JSC] Add support for GetByVal on arrays of Undecided shape
31         https://bugs.webkit.org/show_bug.cgi?id=147814
32
33         Reviewed by Filip Pizlo.
34
35         Previously, GetByVal on Array::Undecided would just take
36         the generic path. The problem is the generic path is so
37         slow that it could take a significant amount of time
38         even for unfrequent accesses.
39
40         With this patch, if the following conditions are met,
41         the GetByVal just returns a "undefined" constant:
42         -The object is an OriginalArray.
43         -The prototype chain is sane.
44         -The index is an integer.
45         -The integer is positive (runtime check).
46
47         Ideally, the 4th conditions should be removed
48         deducing a compile-time constant gives us so much better
49         opportunities at getting rid of this code.
50
51         There are two cases where this patch removes the runtime
52         check:
53         -If the index is constant (uncommon but easy)
54         -If the index is within a range known to be positive.
55          (common case and made possible with DFGIntegerRangeOptimizationPhase).
56
57         When we get into those cases, DFG just nukes everything
58         and all we have left is a structure check :)
59
60         This patch is a 14% improvement on audio-beat-detection,
61         a few percent faster here and there and no regression.
62
63         * dfg/DFGAbstractInterpreterInlines.h:
64         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
65         If the index is a positive constant, we can get rid of the GetByVal
66         entirely. :)
67
68         * dfg/DFGArrayMode.cpp:
69         (JSC::DFG::ArrayMode::fromObserved):
70         The returned type is now Array::Undecided + profiling information.
71         The useful type is set in ArrayMode::refine().
72
73         (JSC::DFG::ArrayMode::refine):
74         If we meet the particular set conditions, we speculate an Undecided
75         array type with sane chain. Anything else comes back to Generic.
76
77         (JSC::DFG::ArrayMode::originalArrayStructure):
78         To enable the structure check for Undecided array.
79
80         (JSC::DFG::ArrayMode::alreadyChecked):
81         * dfg/DFGArrayMode.h:
82         (JSC::DFG::ArrayMode::withProfile):
83         (JSC::DFG::ArrayMode::canCSEStorage):
84         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
85         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
86         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
87
88         * dfg/DFGByteCodeParser.cpp:
89         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
90         This is somewhat unrelated.
91
92         Having Array::Undecided on ArrayPush was impossible before
93         since ArrayMode::fromObserved() used to return Array::Generic.
94
95         Now that Array::Undecided is possible, we must make sure not
96         to provide it to ArrayPush since there is no code to handle it
97         properly.
98
99         * dfg/DFGClobberize.h:
100         (JSC::DFG::clobberize):
101         The operation only depends on the index, it is pure.
102
103         * dfg/DFGFixupPhase.cpp:
104         (JSC::DFG::FixupPhase::fixupNode): Deleted.
105         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
106         * dfg/DFGSpeculativeJIT.cpp:
107         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
108         (JSC::DFG::SpeculativeJIT::checkArray):
109         * dfg/DFGSpeculativeJIT32_64.cpp:
110         (JSC::DFG::SpeculativeJIT::compile):
111         * dfg/DFGSpeculativeJIT64.cpp:
112         (JSC::DFG::SpeculativeJIT::compile):
113         * ftl/FTLCapabilities.cpp:
114         (JSC::FTL::canCompile):
115         * ftl/FTLLowerDFGToLLVM.cpp:
116         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
117         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
118         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
119         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
120         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
121         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
122         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
123         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
124
125 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
126
127         Remove a few includes from JSGlobalObject.h
128         https://bugs.webkit.org/show_bug.cgi?id=148004
129
130         Reviewed by Tim Horton.
131         
132         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
133
134         * parser/VariableEnvironment.cpp:
135         * parser/VariableEnvironment.h:
136         * runtime/JSGlobalObject.h:
137         * runtime/Structure.h:
138         * runtime/StructureInlines.h:
139
140 2015-08-13  Alex Christensen  <achristensen@webkit.org>
141
142         Move some commands from ./CMakeLists.txt to Source/cmake
143         https://bugs.webkit.org/show_bug.cgi?id=148003
144
145         Reviewed by Brent Fulgham.
146
147         * CMakeLists.txt:
148         Added commands needed to build JSC by itself.
149
150 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
151
152         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
153         https://bugs.webkit.org/show_bug.cgi?id=147353
154
155         Reviewed by Saam Barati.
156
157         This is the follow-up patch after r188355.
158         It includes the following changes.
159
160         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
161         - Make SourceParseMode to C++ strongly-typed enum.
162         - Fix the comments.
163         - Rename ModuleSpecifier to ModuleName.
164         - Add the type name `ImportEntry` before the C++11 uniform initialization.
165         - Fix the thrown message for duplicate 'default' names.
166         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
167
168         * API/JSScriptRef.cpp:
169         (parseScript):
170         * builtins/BuiltinExecutables.cpp:
171         (JSC::BuiltinExecutables::createExecutableInternal):
172         * bytecode/UnlinkedFunctionExecutable.cpp:
173         (JSC::generateFunctionCodeBlock):
174         * bytecode/UnlinkedFunctionExecutable.h:
175         * bytecompiler/BytecodeGenerator.h:
176         (JSC::BytecodeGenerator::makeFunction):
177         * parser/ASTBuilder.h:
178         (JSC::ASTBuilder::createFunctionMetadata):
179         (JSC::ASTBuilder::createModuleName):
180         (JSC::ASTBuilder::createImportDeclaration):
181         (JSC::ASTBuilder::createExportAllDeclaration):
182         (JSC::ASTBuilder::createExportNamedDeclaration):
183         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
184         * parser/ModuleAnalyzer.cpp:
185         (JSC::ModuleAnalyzer::analyze):
186         * parser/NodeConstructors.h:
187         (JSC::ModuleNameNode::ModuleNameNode):
188         (JSC::ImportDeclarationNode::ImportDeclarationNode):
189         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
190         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
191         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
192         * parser/Nodes.cpp:
193         (JSC::FunctionMetadataNode::FunctionMetadataNode):
194         * parser/Nodes.h:
195         (JSC::StatementNode::isModuleDeclarationNode):
196         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
197         (JSC::ImportDeclarationNode::moduleName):
198         (JSC::ExportAllDeclarationNode::moduleName):
199         (JSC::ExportNamedDeclarationNode::moduleName):
200         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
201         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
202         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
203         * parser/NodesAnalyzeModule.cpp:
204         (JSC::SourceElements::analyzeModule):
205         (JSC::ImportDeclarationNode::analyzeModule):
206         (JSC::ExportAllDeclarationNode::analyzeModule):
207         (JSC::ExportNamedDeclarationNode::analyzeModule):
208         * parser/Parser.cpp:
209         (JSC::Parser<LexerType>::Parser):
210         (JSC::Parser<LexerType>::parseInner):
211         (JSC::Parser<LexerType>::parseModuleSourceElements):
212         (JSC::Parser<LexerType>::parseFunctionBody):
213         (JSC::stringForFunctionMode):
214         (JSC::Parser<LexerType>::parseFunctionParameters):
215         (JSC::Parser<LexerType>::parseFunctionInfo):
216         (JSC::Parser<LexerType>::parseFunctionDeclaration):
217         (JSC::Parser<LexerType>::parseClass):
218         (JSC::Parser<LexerType>::parseModuleName):
219         (JSC::Parser<LexerType>::parseImportDeclaration):
220         (JSC::Parser<LexerType>::parseExportDeclaration):
221         (JSC::Parser<LexerType>::parsePropertyMethod):
222         (JSC::Parser<LexerType>::parseGetterSetter):
223         (JSC::Parser<LexerType>::parsePrimaryExpression):
224         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
225         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
226         * parser/Parser.h:
227         (JSC::Parser<LexerType>::parse):
228         (JSC::parse):
229         * parser/ParserModes.h:
230         (JSC::isFunctionParseMode):
231         (JSC::isModuleParseMode):
232         (JSC::isProgramParseMode):
233         * parser/SyntaxChecker.h:
234         (JSC::SyntaxChecker::createFunctionMetadata):
235         (JSC::SyntaxChecker::createModuleName):
236         (JSC::SyntaxChecker::createImportDeclaration):
237         (JSC::SyntaxChecker::createExportAllDeclaration):
238         (JSC::SyntaxChecker::createExportNamedDeclaration):
239         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
240         * runtime/CodeCache.cpp:
241         (JSC::CodeCache::getGlobalCodeBlock):
242         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
243         * runtime/Completion.cpp:
244         (JSC::checkSyntax):
245         (JSC::checkModuleSyntax):
246         * runtime/Executable.cpp:
247         (JSC::ProgramExecutable::checkSyntax):
248         * tests/stress/modules-syntax-error-with-names.js:
249
250 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
251
252         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
253         https://bugs.webkit.org/show_bug.cgi?id=147966
254
255         Reviewed by Timothy Hatcher.
256
257         * inspector/InjectedScriptSource.js:
258         (InjectedScript.prototype._initialPreview):
259         Renamed to initial preview. This is not a complete preview for
260         this object, and it needs some processing in order to be a
261         complete accurate preview.
262
263         (InjectedScript.RemoteObject.prototype._emptyPreview):
264         This attempts to be an accurate empty preview for the given object.
265         For types with entries, it adds an empty entries list and updates
266         the overflow and lossless properties.
267
268         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
269         Take a generatePreview parameter to generate a full preview or empty preview.
270
271         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
272         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
273         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
274         Take care to avoid cycles.
275
276 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
277
278         Periodic code deletion should delete RegExp code
279         https://bugs.webkit.org/show_bug.cgi?id=147990
280
281         Reviewed by Filip Pizlo.
282
283         The RegExp code cache was created for the sake of simple loops that
284         re-created the same RegExps. It's reasonable to delete it periodically.
285
286         * heap/Heap.cpp:
287         (JSC::Heap::deleteOldCode):
288
289 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
290
291         RegExpCache::finalize should not delete code
292         https://bugs.webkit.org/show_bug.cgi?id=147987
293
294         Reviewed by Mark Lam.
295
296         The RegExp object already knows how to delete its own code in its
297         destructor. Our job is just to clear our stale pointer.
298
299         * runtime/RegExpCache.cpp:
300         (JSC::RegExpCache::finalize):
301         (JSC::RegExpCache::addToStrongCache):
302
303 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
304
305         Standardize on the phrase "delete code"
306         https://bugs.webkit.org/show_bug.cgi?id=147984
307
308         Reviewed by Mark Lam.
309
310         Use "delete" when we talk about throwing away code, as opposed to
311         "invalidate" or "discard".
312
313         * debugger/Debugger.cpp:
314         (JSC::Debugger::forEachCodeBlock):
315         (JSC::Debugger::setSteppingMode):
316         (JSC::Debugger::recompileAllJSFunctions):
317         * heap/Heap.cpp:
318         (JSC::Heap::deleteAllCompiledCode):
319         * inspector/agents/InspectorRuntimeAgent.cpp:
320         (Inspector::recompileAllJSFunctionsForTypeProfiling):
321         * runtime/RegExp.cpp:
322         (JSC::RegExp::match):
323         (JSC::RegExp::deleteCode):
324         (JSC::RegExp::invalidateCode): Deleted.
325         * runtime/RegExp.h:
326         * runtime/RegExpCache.cpp:
327         (JSC::RegExpCache::finalize):
328         (JSC::RegExpCache::addToStrongCache):
329         (JSC::RegExpCache::deleteAllCode):
330         (JSC::RegExpCache::invalidateCode): Deleted.
331         * runtime/RegExpCache.h:
332         * runtime/VM.cpp:
333         (JSC::VM::stopSampling):
334         (JSC::VM::prepareToDeleteCode):
335         (JSC::VM::deleteAllCode):
336         (JSC::VM::setEnabledProfiler):
337         (JSC::VM::prepareToDiscardCode): Deleted.
338         (JSC::VM::discardAllCode): Deleted.
339         * runtime/VM.h:
340         (JSC::VM::apiLock):
341         (JSC::VM::codeCache):
342         * runtime/Watchdog.cpp:
343         (JSC::Watchdog::setTimeLimit):
344
345 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
346
347         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
348         https://bugs.webkit.org/show_bug.cgi?id=147930
349
350         Reviewed by Saam Barati.
351
352         When the passed prototype object to be set is the same to the existing
353         prototype object, [[SetPrototypeOf]] just finishes its operation even
354         if the extensibility of the target object is `false`.
355
356         * runtime/JSGlobalObjectFunctions.cpp:
357         (JSC::globalFuncProtoSetter):
358         * runtime/ObjectConstructor.cpp:
359         (JSC::objectConstructorSetPrototypeOf):
360         * runtime/ReflectObject.cpp:
361         (JSC::reflectObjectSetPrototypeOf):
362         * tests/stress/set-same-prototype.js: Added.
363         (shouldBe):
364         (shouldThrow):
365
366 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
367
368         Removed clearEvalCodeCache()
369         https://bugs.webkit.org/show_bug.cgi?id=147957
370
371         Reviewed by Filip Pizlo.
372
373         It was unused.
374
375         * bytecode/CodeBlock.cpp:
376         (JSC::CodeBlock::linkIncomingCall):
377         (JSC::CodeBlock::install):
378         (JSC::CodeBlock::clearEvalCache): Deleted.
379         * bytecode/CodeBlock.h:
380         (JSC::CodeBlock::numberOfJumpTargets):
381         (JSC::CodeBlock::jumpTarget):
382         (JSC::CodeBlock::numberOfArgumentValueProfiles):
383
384 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
385
386         [ES6] Implement Reflect.defineProperty
387         https://bugs.webkit.org/show_bug.cgi?id=147943
388
389         Reviewed by Saam Barati.
390
391         This patch implements Reflect.defineProperty.
392         The difference from the Object.defineProperty is,
393
394         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
395         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
396         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
397
398         And this patch comments the links to the ES6 spec.
399
400         * builtins/ReflectObject.js:
401         * runtime/ObjectConstructor.cpp:
402         (JSC::toPropertyDescriptor):
403         * runtime/ObjectConstructor.h:
404         * runtime/ReflectObject.cpp:
405         (JSC::reflectObjectDefineProperty):
406         * tests/stress/reflect-define-property.js: Added.
407         (shouldBe):
408         (shouldThrow):
409         (.set getter):
410         (setter):
411         (.get testDescriptor):
412         (.set get var):
413         (.set testDescriptor):
414         (.set get testDescriptor):
415         (.set get shouldThrow):
416         (.get var):
417
418 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
419
420         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
421         https://bugs.webkit.org/show_bug.cgi?id=147950
422
423         Reviewed by Michael Saboff.
424
425         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
426         responsible for memory corruption, since it would sometimes install watchpoints on structures that
427         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
428         entirely since later phases also do constant folding, and they do it without introducing the bug.
429         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
430         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
431         be maximally aggressive in constant-folding whenever possible.
432
433         So, this change now brings back that constant folding rule - for loads from object constants that
434         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
435         tryGetConstantProperty() if we have registered the structure set.
436
437         * dfg/DFGByteCodeParser.cpp:
438         (JSC::DFG::ByteCodeParser::load):
439
440 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
441
442         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
443         https://bugs.webkit.org/show_bug.cgi?id=147353
444
445         Reviewed by Geoffrey Garen.
446
447         This patch implements ModuleRecord and ModuleAnalyzer.
448         ModuleAnalyzer analyzes the produced AST from the parser.
449         By collaborating with the parser, ModuleAnalyzer collects the information
450         that is necessary to request the loading for the dependent modules and
451         construct module's environment and namespace object before executing the actual
452         module body.
453
454         In the parser, we annotate which variable is imported binding and which variable
455         is exported from the current module. This information is leveraged in the ModuleAnalyzer
456         to categorize the export entries.
457
458         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
459         instead of introducing a new TreeContext type. This is because only 2 users use the
460         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
461         enough to switch the context to the SyntaxChecker when parsing the non-module related
462         statement in the preparsing phase.
463
464         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
465         into the JSC shell. By specifying this, the result of analysis is dumped when the module
466         is parsed and analyzed.
467
468         * CMakeLists.txt:
469         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
470         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
471         * JavaScriptCore.xcodeproj/project.pbxproj:
472         * builtins/BuiltinNames.h:
473         * parser/ASTBuilder.h:
474         (JSC::ASTBuilder::createExportDefaultDeclaration):
475         * parser/ModuleAnalyzer.cpp: Added.
476         (JSC::ModuleAnalyzer::ModuleAnalyzer):
477         (JSC::ModuleAnalyzer::exportedBinding):
478         (JSC::ModuleAnalyzer::declareExportAlias):
479         (JSC::ModuleAnalyzer::exportVariable):
480         (JSC::ModuleAnalyzer::analyze):
481         * parser/ModuleAnalyzer.h: Added.
482         (JSC::ModuleAnalyzer::vm):
483         (JSC::ModuleAnalyzer::moduleRecord):
484         * parser/ModuleRecord.cpp: Added.
485         (JSC::printableName):
486         (JSC::ModuleRecord::dump):
487         * parser/ModuleRecord.h: Added.
488         (JSC::ModuleRecord::ImportEntry::isNamespace):
489         (JSC::ModuleRecord::create):
490         (JSC::ModuleRecord::appendRequestedModule):
491         (JSC::ModuleRecord::addImportEntry):
492         (JSC::ModuleRecord::addExportEntry):
493         (JSC::ModuleRecord::addStarExportEntry):
494         * parser/NodeConstructors.h:
495         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
496         (JSC::ImportDeclarationNode::ImportDeclarationNode):
497         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
498         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
499         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
500         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
501         * parser/Nodes.h:
502         (JSC::ExportDefaultDeclarationNode::localName):
503         * parser/NodesAnalyzeModule.cpp: Added.
504         (JSC::ScopeNode::analyzeModule):
505         (JSC::SourceElements::analyzeModule):
506         (JSC::ImportDeclarationNode::analyzeModule):
507         (JSC::ExportAllDeclarationNode::analyzeModule):
508         (JSC::ExportDefaultDeclarationNode::analyzeModule):
509         (JSC::ExportLocalDeclarationNode::analyzeModule):
510         (JSC::ExportNamedDeclarationNode::analyzeModule):
511         * parser/Parser.cpp:
512         (JSC::Parser<LexerType>::parseInner):
513         (JSC::Parser<LexerType>::parseModuleSourceElements):
514         (JSC::Parser<LexerType>::parseVariableDeclarationList):
515         (JSC::Parser<LexerType>::createBindingPattern):
516         (JSC::Parser<LexerType>::parseFunctionDeclaration):
517         (JSC::Parser<LexerType>::parseClassDeclaration):
518         (JSC::Parser<LexerType>::parseImportClauseItem):
519         (JSC::Parser<LexerType>::parseExportSpecifier):
520         (JSC::Parser<LexerType>::parseExportDeclaration):
521         * parser/Parser.h:
522         (JSC::Scope::lexicalVariables):
523         (JSC::Scope::declareLexicalVariable):
524         (JSC::Parser::declareVariable):
525         (JSC::Parser::exportName):
526         (JSC::Parser<LexerType>::parse):
527         (JSC::parse):
528         * parser/ParserModes.h:
529         * parser/SyntaxChecker.h:
530         (JSC::SyntaxChecker::createExportDefaultDeclaration):
531         * parser/VariableEnvironment.cpp:
532         (JSC::VariableEnvironment::markVariableAsImported):
533         (JSC::VariableEnvironment::markVariableAsExported):
534         * parser/VariableEnvironment.h:
535         (JSC::VariableEnvironmentEntry::isExported):
536         (JSC::VariableEnvironmentEntry::isImported):
537         (JSC::VariableEnvironmentEntry::setIsExported):
538         (JSC::VariableEnvironmentEntry::setIsImported):
539         * runtime/CommonIdentifiers.h:
540         * runtime/Completion.cpp:
541         (JSC::checkModuleSyntax):
542         * runtime/Options.h:
543
544 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
545
546         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
547
548         * jit/ExecutableAllocator.h:
549         * jsc.cpp:
550         (GlobalObject::finishCreation):
551         (functionAddressOf):
552         (functionVersion):
553         (functionReleaseExecutableMemory): Deleted.
554         * runtime/VM.cpp:
555         (JSC::StackPreservingRecompiler::operator()):
556         (JSC::VM::throwException):
557         (JSC::VM::updateFTLLargestStackSize):
558         (JSC::VM::gatherConservativeRoots):
559         (JSC::VM::releaseExecutableMemory): Deleted.
560         (JSC::releaseExecutableMemory): Deleted.
561         * runtime/VM.h:
562         (JSC::VM::isCollectorBusy):
563         * runtime/Watchdog.cpp:
564         (JSC::Watchdog::setTimeLimit):
565
566 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
567
568         Roll out r188339, which broke the build.
569
570         Unreviewed.
571
572         * jit/ExecutableAllocator.h:
573         * jsc.cpp:
574         (GlobalObject::finishCreation):
575         (functionReleaseExecutableMemory):
576         * runtime/VM.cpp:
577         (JSC::StackPreservingRecompiler::visit):
578         (JSC::StackPreservingRecompiler::operator()):
579         (JSC::VM::releaseExecutableMemory):
580         (JSC::releaseExecutableMemory):
581         * runtime/VM.h:
582         * runtime/Watchdog.cpp:
583         (JSC::Watchdog::setTimeLimit):
584
585 2015-08-12  Alex Christensen  <achristensen@webkit.org>
586
587         Fix Debug CMake builds on Windows
588         https://bugs.webkit.org/show_bug.cgi?id=147940
589
590         Reviewed by Chris Dumez.
591
592         * PlatformWin.cmake:
593         Copy the plist to the JavaScriptCore.resources directory.
594
595 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
596
597         Remove VM::releaseExecutableMemory
598         https://bugs.webkit.org/show_bug.cgi?id=147915
599
600         Reviewed by Saam Barati.
601
602         releaseExecutableMemory() was only used in one place, where discardAllCode()
603         would work just as well.
604
605         It's confusing to have two slightly different ways to discard code. Also,
606         releaseExecutableMemory() is unused in any production code, and it seems
607         to have bit-rotted.
608
609         * jit/ExecutableAllocator.h:
610         * jsc.cpp:
611         (GlobalObject::finishCreation):
612         (functionAddressOf):
613         (functionVersion):
614         (functionReleaseExecutableMemory): Deleted.
615         * runtime/VM.cpp:
616         (JSC::StackPreservingRecompiler::operator()):
617         (JSC::VM::throwException):
618         (JSC::VM::updateFTLLargestStackSize):
619         (JSC::VM::gatherConservativeRoots):
620         (JSC::VM::releaseExecutableMemory): Deleted.
621         (JSC::releaseExecutableMemory): Deleted.
622         * runtime/VM.h:
623         (JSC::VM::isCollectorBusy):
624         * runtime/Watchdog.cpp:
625         (JSC::Watchdog::setTimeLimit):
626
627 2015-08-12  Mark Lam  <mark.lam@apple.com>
628
629         Add a JSC option to enable the watchdog for testing.
630         https://bugs.webkit.org/show_bug.cgi?id=147939
631
632         Reviewed by Michael Saboff.
633
634         * API/JSContextRef.cpp:
635         (JSContextGroupSetExecutionTimeLimit):
636         (createWatchdogIfNeeded): Deleted.
637         * runtime/Options.h:
638         * runtime/VM.cpp:
639         (JSC::VM::VM):
640         (JSC::VM::~VM):
641         (JSC::VM::sharedInstanceInternal):
642         (JSC::VM::ensureWatchdog):
643         (JSC::thunkGeneratorForIntrinsic):
644         * runtime/VM.h:
645
646 2015-08-11  Mark Lam  <mark.lam@apple.com>
647
648         Implementation JavaScript watchdog using WTF::WorkQueue.
649         https://bugs.webkit.org/show_bug.cgi?id=147107
650
651         Reviewed by Geoffrey Garen.
652
653         How the Watchdog works?
654         ======================
655
656         1. When do we start the Watchdog?
657            =============================
658            The watchdog should only be started if both the following conditions are true:
659            1. A time limit has been set.
660            2. We have entered the VM.
661  
662         2. CPU time vs Wall Clock time
663            ===========================
664            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
665
666            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
667            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
668            indicates the wall clock time point when the WorkQueue timer is expected to fire.
669
670            The time limit for which we allow JS code to run should be measured in CPU time, which can
671            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
672            should fire.
673
674            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
675            we need to check if m_cpuDeadline has been reached.
676
677            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
678
679            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
680            code to continue to run for.  Hence, we need to start a new timer to fire again after
681            Tremainder microseconds.
682     
683            See Watchdog::didFireSlow().
684
685         3. Spurious wake ups
686            =================
687            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
688            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
689            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
690            wake ups are considered to be spurious and will be ignored.
691  
692            See Watchdog::didFireSlow().
693  
694         4. Minimizing Timer creation cost
695            ==============================
696            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
697            than this.
698  
699            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
700            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
701            time limit. Consider the following example:
702  
703                |---|-----|---|----------------|---------|
704                t0  t1    t2  t3            t0 + L    t2 + L 
705
706                |<--- T1 --------------------->|
707                          |<--- T2 --------------------->|
708                |<-- Td ->|                    |<-- Td ->|
709
710            1. The user initializes the watchdog with time limit L.
711            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
712               The timer is set to expire at t0 + L.
713            3. At t1, we exit the VM.
714            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
715          
716               However, we can note that the expiration time for T2 would be after the expiration time
717               of T1. Specifically, T2 would have expired at Td after T1 expires.
718          
719               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
720               for a period or Td instead.
721
722            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
723            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
724            automatically take care of starting a new timer for the difference Td in the example above.
725            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
726            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
727
728            The benefit:
729
730            1. we minimize the number of timer instances we have queued in the workqueue at the same time
731               (ideally only 1 or 0), and use less peak memory usage.
732
733            2. we minimize the frequency of instantiating timer instances. By waiting for the current
734               active timer to expire first, on average, we get to start one timer per time limit
735               (which is infrequent because time limits tend to be long) instead of one timer per
736               VM entry (which tends to be frequent).
737
738            See Watchdog::startTimer().
739
740         * API/JSContextRef.cpp:
741         (createWatchdogIfNeeded):
742         (JSContextGroupClearExecutionTimeLimit):
743         - No need to create the watchdog (if not already created) just to clear it.
744           If the watchdog is not created yet, then it is effectively cleared.
745
746         * API/tests/ExecutionTimeLimitTest.cpp:
747         (currentCPUTimeAsJSFunctionCallback):
748         (testExecutionTimeLimit):
749         (currentCPUTime): Deleted.
750         * API/tests/testapi.c:
751         (main):
752         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
753         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
754         - Enable watchdog tests for all platforms.
755
756         * CMakeLists.txt:
757         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
758         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
759         * JavaScriptCore.xcodeproj/project.pbxproj:
760         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
761
762         * PlatformEfl.cmake:
763
764         * dfg/DFGByteCodeParser.cpp:
765         (JSC::DFG::ByteCodeParser::parseBlock):
766         * dfg/DFGSpeculativeJIT32_64.cpp:
767         * dfg/DFGSpeculativeJIT64.cpp:
768         * interpreter/Interpreter.cpp:
769         (JSC::Interpreter::execute):
770         (JSC::Interpreter::executeCall):
771         (JSC::Interpreter::executeConstruct):
772         * jit/JITOpcodes.cpp:
773         (JSC::JIT::emit_op_loop_hint):
774         (JSC::JIT::emitSlow_op_loop_hint):
775         * jit/JITOperations.cpp:
776         * llint/LLIntOffsetsExtractor.cpp:
777         * llint/LLIntSlowPaths.cpp:
778         * runtime/VM.cpp:
779         - #include Watchdog.h in these files directly instead of doing it via VM.h.
780           These saves us from having to recompile the world when we change Watchdog.h.
781
782         * runtime/VM.h:
783         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
784           thread-safe ref counted.
785
786         * runtime/VMEntryScope.cpp:
787         (JSC::VMEntryScope::VMEntryScope):
788         (JSC::VMEntryScope::~VMEntryScope):
789         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
790           Instead, the VMEntryScope will inform the watchdog of when we have entered and
791           exited the VM.
792
793         * runtime/Watchdog.cpp:
794         (JSC::currentWallClockTime):
795         (JSC::Watchdog::Watchdog):
796         (JSC::Watchdog::hasStartedTimer):
797         (JSC::Watchdog::setTimeLimit):
798         (JSC::Watchdog::didFireSlow):
799         (JSC::Watchdog::hasTimeLimit):
800         (JSC::Watchdog::fire):
801         (JSC::Watchdog::enteredVM):
802         (JSC::Watchdog::exitedVM):
803
804         (JSC::Watchdog::startTimer):
805         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
806           (from a different thread) even after the VM shuts down.  We need to keep it
807           alive until the WorkQueue callback completes.
808
809           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
810           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
811           is done with it.  This ensures that the Watchdog is kept alive until all
812           WorkQueue callbacks are done.
813
814         (JSC::Watchdog::stopTimer):
815         (JSC::Watchdog::~Watchdog): Deleted.
816         (JSC::Watchdog::didFire): Deleted.
817         (JSC::Watchdog::isEnabled): Deleted.
818         (JSC::Watchdog::arm): Deleted.
819         (JSC::Watchdog::disarm): Deleted.
820         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
821         (JSC::Watchdog::startCountdown): Deleted.
822         (JSC::Watchdog::stopCountdown): Deleted.
823         * runtime/Watchdog.h:
824         (JSC::Watchdog::didFire):
825         (JSC::Watchdog::timerDidFireAddress):
826         (JSC::Watchdog::isArmed): Deleted.
827         (JSC::Watchdog::Scope::Scope): Deleted.
828         (JSC::Watchdog::Scope::~Scope): Deleted.
829         * runtime/WatchdogMac.cpp:
830         (JSC::Watchdog::initTimer): Deleted.
831         (JSC::Watchdog::destroyTimer): Deleted.
832         (JSC::Watchdog::startTimer): Deleted.
833         (JSC::Watchdog::stopTimer): Deleted.
834         * runtime/WatchdogNone.cpp:
835         (JSC::Watchdog::initTimer): Deleted.
836         (JSC::Watchdog::destroyTimer): Deleted.
837         (JSC::Watchdog::startTimer): Deleted.
838         (JSC::Watchdog::stopTimer): Deleted.
839
840 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
841
842         Always use a byte-sized lock implementation
843         https://bugs.webkit.org/show_bug.cgi?id=147908
844
845         Reviewed by Geoffrey Garen.
846
847         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
848
849 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
850
851         Make ASan build not depend on asan.xcconfig
852         https://bugs.webkit.org/show_bug.cgi?id=147840
853         rdar://problem/21093702
854
855         Reviewed by Daniel Bates.
856
857         * dfg/DFGOSREntry.cpp:
858         (JSC::DFG::OSREntryData::dump):
859         (JSC::DFG::prepareOSREntry):
860         * ftl/FTLOSREntry.cpp:
861         (JSC::FTL::prepareOSREntry):
862         * heap/ConservativeRoots.cpp:
863         (JSC::ConservativeRoots::genericAddPointer):
864         (JSC::ConservativeRoots::genericAddSpan):
865         * heap/MachineStackMarker.cpp:
866         (JSC::MachineThreads::removeThreadIfFound):
867         (JSC::MachineThreads::gatherFromCurrentThread):
868         (JSC::MachineThreads::Thread::captureStack):
869         (JSC::copyMemory):
870         * interpreter/Register.h:
871         (JSC::Register::operator=):
872         (JSC::Register::asanUnsafeJSValue):
873         (JSC::Register::jsValue):
874
875 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
876
877         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
878         https://bugs.webkit.org/show_bug.cgi?id=147480
879
880         Reviewed by Filip Pizlo.
881
882         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
883         The IC site only caches one id. After checking that the given id is the same to the
884         cached one, we perform the get_by_id IC onto it.
885         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
886         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
887         operations when the given get_by_val leverages the property load with the cached id.
888
889         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
890         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
891         This can be leveraged to optimize symbol operations in DFG.
892
893         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
894         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
895         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
896         argument ArrayProfile* in the operations with ByValInfo*.
897
898         * bytecode/ByValInfo.h:
899         (JSC::ByValInfo::ByValInfo):
900         * bytecode/CodeBlock.cpp:
901         (JSC::CodeBlock::getByValInfoMap):
902         (JSC::CodeBlock::addByValInfo):
903         * bytecode/CodeBlock.h:
904         (JSC::CodeBlock::getByValInfo): Deleted.
905         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
906         (JSC::CodeBlock::numberOfByValInfos): Deleted.
907         (JSC::CodeBlock::byValInfo): Deleted.
908         * bytecode/ExitKind.cpp:
909         (JSC::exitKindToString):
910         * bytecode/ExitKind.h:
911         * bytecode/GetByIdStatus.cpp:
912         (JSC::GetByIdStatus::computeFor):
913         (JSC::GetByIdStatus::computeForStubInfo):
914         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
915         * bytecode/GetByIdStatus.h:
916         * dfg/DFGAbstractInterpreterInlines.h:
917         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
918         * dfg/DFGByteCodeParser.cpp:
919         (JSC::DFG::ByteCodeParser::parseBlock):
920         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
921         * dfg/DFGClobberize.h:
922         (JSC::DFG::clobberize):
923         * dfg/DFGConstantFoldingPhase.cpp:
924         (JSC::DFG::ConstantFoldingPhase::foldConstants):
925         * dfg/DFGDoesGC.cpp:
926         (JSC::DFG::doesGC):
927         * dfg/DFGFixupPhase.cpp:
928         (JSC::DFG::FixupPhase::fixupNode):
929         (JSC::DFG::FixupPhase::observeUseKindOnNode):
930         * dfg/DFGNode.h:
931         (JSC::DFG::Node::hasUidOperand):
932         (JSC::DFG::Node::uidOperand):
933         * dfg/DFGNodeType.h:
934         * dfg/DFGPredictionPropagationPhase.cpp:
935         (JSC::DFG::PredictionPropagationPhase::propagate):
936         * dfg/DFGSafeToExecute.h:
937         (JSC::DFG::SafeToExecuteEdge::operator()):
938         (JSC::DFG::safeToExecute):
939         * dfg/DFGSpeculativeJIT.cpp:
940         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
941         (JSC::DFG::SpeculativeJIT::speculateSymbol):
942         (JSC::DFG::SpeculativeJIT::speculate):
943         * dfg/DFGSpeculativeJIT.h:
944         * dfg/DFGSpeculativeJIT32_64.cpp:
945         (JSC::DFG::SpeculativeJIT::compile):
946         * dfg/DFGSpeculativeJIT64.cpp:
947         (JSC::DFG::SpeculativeJIT::compile):
948         * dfg/DFGUseKind.cpp:
949         (WTF::printInternal):
950         * dfg/DFGUseKind.h:
951         (JSC::DFG::typeFilterFor):
952         (JSC::DFG::isCell):
953         * ftl/FTLAbstractHeapRepository.h:
954         * ftl/FTLCapabilities.cpp:
955         (JSC::FTL::canCompile):
956         * ftl/FTLLowerDFGToLLVM.cpp:
957         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
958         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
959         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
960         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
961         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
962         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
963         * jit/JIT.cpp:
964         (JSC::JIT::privateCompile):
965         * jit/JIT.h:
966         (JSC::ByValCompilationInfo::ByValCompilationInfo):
967         (JSC::JIT::compileGetByValWithCachedId):
968         * jit/JITInlines.h:
969         (JSC::JIT::callOperation):
970         * jit/JITOpcodes.cpp:
971         (JSC::JIT::emit_op_has_indexed_property):
972         (JSC::JIT::emitSlow_op_has_indexed_property):
973         * jit/JITOpcodes32_64.cpp:
974         (JSC::JIT::emit_op_has_indexed_property):
975         (JSC::JIT::emitSlow_op_has_indexed_property):
976         * jit/JITOperations.cpp:
977         (JSC::getByVal):
978         * jit/JITOperations.h:
979         * jit/JITPropertyAccess.cpp:
980         (JSC::JIT::emit_op_get_by_val):
981         (JSC::JIT::emitGetByValWithCachedId):
982         (JSC::JIT::emitSlow_op_get_by_val):
983         (JSC::JIT::emit_op_put_by_val):
984         (JSC::JIT::emitSlow_op_put_by_val):
985         (JSC::JIT::privateCompileGetByVal):
986         (JSC::JIT::privateCompileGetByValWithCachedId):
987         * jit/JITPropertyAccess32_64.cpp:
988         (JSC::JIT::emit_op_get_by_val):
989         (JSC::JIT::emitGetByValWithCachedId):
990         (JSC::JIT::emitSlow_op_get_by_val):
991         (JSC::JIT::emit_op_put_by_val):
992         (JSC::JIT::emitSlow_op_put_by_val):
993         * runtime/Symbol.h:
994         * tests/stress/get-by-val-with-string-constructor.js: Added.
995         (Hello):
996         (get Hello.prototype.generate):
997         (ok):
998         * tests/stress/get-by-val-with-string-exit.js: Added.
999         (shouldBe):
1000         (getByVal):
1001         (getStr1):
1002         (getStr2):
1003         * tests/stress/get-by-val-with-string-generated.js: Added.
1004         (shouldBe):
1005         (getByVal):
1006         (getStr1):
1007         (getStr2):
1008         * tests/stress/get-by-val-with-string-getter.js: Added.
1009         (object.get hello):
1010         (ok):
1011         * tests/stress/get-by-val-with-string.js: Added.
1012         (shouldBe):
1013         (getByVal):
1014         (getStr1):
1015         (getStr2):
1016         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1017         (Hello):
1018         (get Hello.prototype.generate):
1019         (ok):
1020         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1021         (shouldBe):
1022         (getByVal):
1023         (getSym1):
1024         (getSym2):
1025         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1026         (object.get hello):
1027         (.get ok):
1028         * tests/stress/get-by-val-with-symbol.js: Added.
1029         (shouldBe):
1030         (getByVal):
1031         (getSym1):
1032         (getSym2):
1033
1034 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1035
1036         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
1037         https://bugs.webkit.org/show_bug.cgi?id=147891
1038         rdar://problem/22129447
1039
1040         Reviewed by Mark Lam.
1041
1042         * dfg/DFGByteCodeParser.cpp:
1043         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
1044         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
1045         * dfg/DFGGraph.cpp:
1046         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
1047         * dfg/DFGStructureRegistrationPhase.cpp:
1048         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
1049
1050 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1051
1052         [Win] Switch Windows build to Visual Studio 2015
1053         https://bugs.webkit.org/show_bug.cgi?id=147887
1054         <rdar://problem/22235098>
1055
1056         Reviewed by Alex Christensen.
1057
1058         Update Visual Studio project file settings to use the current Visual
1059         Studio and compiler. Continue targeting binaries to run on our minimum
1060         supported configuration of Windows 7.
1061
1062         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1063         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1064         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1065         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1066         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1067         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1068         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1069         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
1070         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1071         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1072         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1073         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1074
1075 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
1076
1077         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
1078         https://bugs.webkit.org/show_bug.cgi?id=147665
1079
1080         Reviewed by Mark Lam.
1081
1082         Replace ByteSpinLock with ByteLock.
1083
1084         * runtime/ConcurrentJITLock.h:
1085
1086 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1087
1088         Numeric setter on prototype doesn't get called.
1089         https://bugs.webkit.org/show_bug.cgi?id=144252
1090
1091         Reviewed by Darin Adler.
1092
1093         When switching the blank indexing type to the other one in putByIndex,
1094         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
1095         it to the slow put indexing type and reloop the putByIndex since there may
1096         be some indexing accessor in the prototype chain. Previously, we just set
1097         the value into the allocated vector.
1098
1099         In the putDirectIndex case, we just store the value to the vector.
1100         This is because putDirectIndex is the operation to store the own property
1101         and it does not check the accessors in the prototype chain.
1102
1103         * runtime/JSObject.cpp:
1104         (JSC::JSObject::putByIndexBeyondVectorLength):
1105         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
1106         (shouldBe):
1107         (Trace):
1108         (Trace.prototype.trace):
1109         (Trace.prototype.get count):
1110         (.):
1111         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
1112         (shouldBe):
1113         (Trace):
1114         (Trace.prototype.trace):
1115         (Trace.prototype.get count):
1116         (.):
1117         * tests/stress/numeric-setter-on-prototype.js: Added.
1118         (shouldBe):
1119         (Trace):
1120         (Trace.prototype.trace):
1121         (Trace.prototype.get count):
1122         (.z.__proto__.set 3):
1123         * tests/stress/numeric-setter-on-self.js: Added.
1124         (shouldBe):
1125         (Trace):
1126         (Trace.prototype.trace):
1127         (Trace.prototype.get count):
1128         (.y.set 2):
1129
1130 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1131
1132         [Win] Unreviewed gardening.
1133
1134         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
1135         file references so they appear in the proper IDE locations.
1136
1137 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1138
1139         Unreviewed windows build fix for VS2015.
1140
1141         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
1142
1143 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1144
1145         [ES6] Implement Reflect.has
1146         https://bugs.webkit.org/show_bug.cgi?id=147875
1147
1148         Reviewed by Sam Weinig.
1149
1150         This patch implements Reflect.has[1].
1151         Since the semantics is the same to the `in` operator in the JS[2],
1152         we can implement it in builtin JS code.
1153
1154         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1155         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1156
1157         * builtins/ReflectObject.js:
1158         (has):
1159         * runtime/ReflectObject.cpp:
1160         * tests/stress/reflect-has.js: Added.
1161         (shouldBe):
1162         (shouldThrow):
1163
1164 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1165
1166         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1167         https://bugs.webkit.org/show_bug.cgi?id=147874
1168
1169         Reviewed by Darin Adler.
1170
1171         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1172         The difference from the Object.* one is
1173
1174         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1175         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1176
1177         * runtime/ObjectConstructor.cpp:
1178         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1179         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1180         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1181         (JSC::objectConstructorGetPrototypeOf):
1182         * runtime/ObjectConstructor.h:
1183         * runtime/ReflectObject.cpp:
1184         (JSC::reflectObjectGetPrototypeOf):
1185         (JSC::reflectObjectSetPrototypeOf):
1186         * tests/stress/reflect-get-prototype-of.js: Added.
1187         (shouldBe):
1188         (shouldThrow):
1189         (Base):
1190         (Derived):
1191         * tests/stress/reflect-set-prototype-of.js: Added.
1192         (shouldBe):
1193         (shouldThrow):
1194
1195 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1196
1197         Fix debug build when optimization is enabled
1198         https://bugs.webkit.org/show_bug.cgi?id=147816
1199
1200         Reviewed by Alexey Proskuryakov.
1201
1202         * llint/LLIntEntrypoint.cpp:
1203         * runtime/FunctionExecutableDump.cpp:
1204
1205 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1206
1207         Ensure that Reflect.enumerate does not produce the deleted keys
1208         https://bugs.webkit.org/show_bug.cgi?id=147677
1209
1210         Reviewed by Darin Adler.
1211
1212         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1213
1214         * tests/stress/reflect-enumerate.js:
1215
1216 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1217
1218         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1219         https://bugs.webkit.org/show_bug.cgi?id=147856
1220
1221         Reviewed by Saam Barati.
1222
1223         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1224
1225         * CMakeLists.txt:
1226         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1227         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1228         * JavaScriptCore.xcodeproj/project.pbxproj:
1229         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1230         (JSC::ExecutableInfo::ExecutableInfo):
1231         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1232         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1233         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1234         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1235         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1236         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1237         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1238         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1239         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1240         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1241         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1242         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1243         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1244         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1245         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1246         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1247         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1248         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1249         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1250         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1251         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1252         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1253         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1254         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1255         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1256         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1257         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1258         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1259         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1260         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1261         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1262         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1263         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1264         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1265         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1266         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1267         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1268         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1269         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1270         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1271         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1272         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1273         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1274         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1275         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1276         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1277         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1278         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1279         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1280         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1281         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1282         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1283         (JSC::UnlinkedCodeBlock::vm): Deleted.
1284         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1285         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1286         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1287         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1288         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1289         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1290         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1291         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1292         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1293         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1294         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1295         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1296         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1297         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1298         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1299         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1300         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1301         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1302         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1303         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1304         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1305         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1306         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1307         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1308         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1309         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1310         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1311         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1312         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1313         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1314         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1315         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1316         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1317         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1318         * bytecode/UnlinkedCodeBlock.cpp:
1319         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1320         (JSC::generateFunctionCodeBlock): Deleted.
1321         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1322         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1323         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1324         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1325         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1326         * bytecode/UnlinkedCodeBlock.h:
1327         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1328         (JSC::ExecutableInfo::needsActivation): Deleted.
1329         (JSC::ExecutableInfo::usesEval): Deleted.
1330         (JSC::ExecutableInfo::isStrictMode): Deleted.
1331         (JSC::ExecutableInfo::isConstructor): Deleted.
1332         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1333         (JSC::ExecutableInfo::constructorKind): Deleted.
1334         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1335         (JSC::generateFunctionCodeBlock):
1336         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1337         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1338         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1339         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1340         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1341         (JSC::dumpLineColumnEntry): Deleted.
1342         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1343         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1344         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1345         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1346         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1347         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1348         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1349         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1350         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1351         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1352         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1353         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1354         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1355         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1356         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1357         (JSC::ExecutableInfo::needsActivation): Deleted.
1358         (JSC::ExecutableInfo::usesEval): Deleted.
1359         (JSC::ExecutableInfo::isStrictMode): Deleted.
1360         (JSC::ExecutableInfo::isConstructor): Deleted.
1361         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1362         (JSC::ExecutableInfo::constructorKind): Deleted.
1363         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1364         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1365         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1366         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1367         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1368         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1369         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1370         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1371         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1372         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1373         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1374         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1375         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1376         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1377         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1378         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1379         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1380         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1381         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1382         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1383         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1384         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1385         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1386         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1387         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1388         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1389         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1390         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1391         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1392         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1393         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1394         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1395         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1396         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1397         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1398         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1399         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1400         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1401         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1402         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1403         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1404         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1405         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1406         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1407         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1408         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1409         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1410         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1411         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1412         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1413         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1414         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1415         (JSC::UnlinkedCodeBlock::vm): Deleted.
1416         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1417         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1418         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1419         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1420         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1421         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1422         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1423         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1424         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1425         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1426         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1427         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1428         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1429         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1430         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1431         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1432         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1433         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1434         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1435         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1436         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1437         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1438         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1439         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1440         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1441         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1442         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1443         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1444         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1445         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1446         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1447         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1448         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1449         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1450         * runtime/Executable.h:
1451
1452 2015-08-10  Mark Lam  <mark.lam@apple.com>
1453
1454         Refactor LiveObjectList and LiveObjectData into their own files.
1455         https://bugs.webkit.org/show_bug.cgi?id=147843
1456
1457         Reviewed by Saam Barati.
1458
1459         There is no behavior change in this patch.
1460
1461         * CMakeLists.txt:
1462         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1463         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1464         * JavaScriptCore.xcodeproj/project.pbxproj:
1465         * heap/HeapVerifier.cpp:
1466         (JSC::HeapVerifier::HeapVerifier):
1467         (JSC::LiveObjectList::findObject): Deleted.
1468         * heap/HeapVerifier.h:
1469         (JSC::LiveObjectData::LiveObjectData): Deleted.
1470         (JSC::LiveObjectList::LiveObjectList): Deleted.
1471         (JSC::LiveObjectList::reset): Deleted.
1472         * heap/LiveObjectData.h: Added.
1473         (JSC::LiveObjectData::LiveObjectData):
1474         * heap/LiveObjectList.cpp: Added.
1475         (JSC::LiveObjectList::findObject):
1476         * heap/LiveObjectList.h: Added.
1477         (JSC::LiveObjectList::LiveObjectList):
1478         (JSC::LiveObjectList::reset):
1479
1480 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1481
1482         Let's rename FunctionBodyNode
1483         https://bugs.webkit.org/show_bug.cgi?id=147292
1484
1485         Reviewed by Mark Lam & Saam Barati.
1486
1487         FunctionBodyNode => FunctionMetadataNode
1488
1489         Make FunctionMetadataNode inherit from Node instead of StatementNode
1490         because a FunctionMetadataNode can appear in expression context and does
1491         not have a next statement.
1492
1493         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1494         and to retain "Node" in its name, because it really is a parsing
1495         construct, and we transform its data before consuming it elsewhere.
1496
1497         There is still room for a future patch to distill and simplify the
1498         metadata we track about functions between FunDeclNode/FuncExprNode,
1499         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1500
1501         * builtins/BuiltinExecutables.cpp:
1502         (JSC::BuiltinExecutables::createExecutableInternal):
1503         * bytecode/UnlinkedCodeBlock.cpp:
1504         (JSC::generateFunctionCodeBlock):
1505         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1506         * bytecode/UnlinkedCodeBlock.h:
1507         * bytecompiler/BytecodeGenerator.cpp:
1508         (JSC::BytecodeGenerator::generate):
1509         (JSC::BytecodeGenerator::BytecodeGenerator):
1510         (JSC::BytecodeGenerator::emitNewArray):
1511         (JSC::BytecodeGenerator::emitNewFunction):
1512         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1513         * bytecompiler/BytecodeGenerator.h:
1514         (JSC::BytecodeGenerator::makeFunction):
1515         * bytecompiler/NodesCodegen.cpp:
1516         (JSC::EvalNode::emitBytecode):
1517         (JSC::FunctionNode::emitBytecode):
1518         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1519         * parser/ASTBuilder.h:
1520         (JSC::ASTBuilder::createFunctionExpr):
1521         (JSC::ASTBuilder::createFunctionBody):
1522         * parser/NodeConstructors.h:
1523         (JSC::FunctionParameters::FunctionParameters):
1524         (JSC::FuncExprNode::FuncExprNode):
1525         (JSC::FuncDeclNode::FuncDeclNode):
1526         * parser/Nodes.cpp:
1527         (JSC::EvalNode::EvalNode):
1528         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1529         (JSC::FunctionMetadataNode::finishParsing):
1530         (JSC::FunctionMetadataNode::setEndPosition):
1531         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1532         (JSC::FunctionBodyNode::finishParsing): Deleted.
1533         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1534         * parser/Nodes.h:
1535         (JSC::FuncExprNode::body):
1536         (JSC::FuncDeclNode::body):
1537         * parser/Parser.h:
1538         (JSC::Parser::isFunctionMetadataNode):
1539         (JSC::Parser::next):
1540         (JSC::Parser<LexerType>::parse):
1541         (JSC::Parser::isFunctionBodyNode): Deleted.
1542         * runtime/CodeCache.cpp:
1543         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1544         * runtime/CodeCache.h:
1545
1546 2015-08-09  Chris Dumez  <cdumez@apple.com>
1547
1548         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1549         https://bugs.webkit.org/show_bug.cgi?id=147818
1550
1551         Unreviewed, roll out r188105.
1552
1553         * bytecode/ByValInfo.h:
1554         (JSC::ByValInfo::ByValInfo):
1555         * bytecode/CodeBlock.cpp:
1556         (JSC::CodeBlock::getByValInfoMap): Deleted.
1557         (JSC::CodeBlock::addByValInfo): Deleted.
1558         * bytecode/CodeBlock.h:
1559         (JSC::CodeBlock::getByValInfo):
1560         (JSC::CodeBlock::setNumberOfByValInfos):
1561         (JSC::CodeBlock::numberOfByValInfos):
1562         (JSC::CodeBlock::byValInfo):
1563         * bytecode/ExitKind.cpp:
1564         (JSC::exitKindToString): Deleted.
1565         * bytecode/ExitKind.h:
1566         * bytecode/GetByIdStatus.cpp:
1567         (JSC::GetByIdStatus::computeFor):
1568         (JSC::GetByIdStatus::computeForStubInfo):
1569         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1570         * bytecode/GetByIdStatus.h:
1571         * dfg/DFGAbstractInterpreterInlines.h:
1572         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1573         * dfg/DFGByteCodeParser.cpp:
1574         (JSC::DFG::ByteCodeParser::parseBlock):
1575         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1576         * dfg/DFGClobberize.h:
1577         (JSC::DFG::clobberize): Deleted.
1578         * dfg/DFGConstantFoldingPhase.cpp:
1579         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1580         * dfg/DFGDoesGC.cpp:
1581         (JSC::DFG::doesGC): Deleted.
1582         * dfg/DFGFixupPhase.cpp:
1583         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1584         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1585         * dfg/DFGNode.h:
1586         (JSC::DFG::Node::hasUidOperand): Deleted.
1587         (JSC::DFG::Node::uidOperand): Deleted.
1588         * dfg/DFGNodeType.h:
1589         * dfg/DFGPredictionPropagationPhase.cpp:
1590         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1591         * dfg/DFGSafeToExecute.h:
1592         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1593         (JSC::DFG::safeToExecute): Deleted.
1594         * dfg/DFGSpeculativeJIT.cpp:
1595         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1596         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1597         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1598         * dfg/DFGSpeculativeJIT.h:
1599         * dfg/DFGSpeculativeJIT32_64.cpp:
1600         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1601         * dfg/DFGSpeculativeJIT64.cpp:
1602         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1603         * dfg/DFGUseKind.cpp:
1604         (WTF::printInternal): Deleted.
1605         * dfg/DFGUseKind.h:
1606         (JSC::DFG::typeFilterFor): Deleted.
1607         (JSC::DFG::isCell): Deleted.
1608         * ftl/FTLAbstractHeapRepository.h:
1609         * ftl/FTLCapabilities.cpp:
1610         (JSC::FTL::canCompile): Deleted.
1611         * ftl/FTLLowerDFGToLLVM.cpp:
1612         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1613         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1614         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1615         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1616         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1617         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1618         * jit/JIT.cpp:
1619         (JSC::JIT::privateCompile):
1620         * jit/JIT.h:
1621         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1622         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1623         * jit/JITInlines.h:
1624         (JSC::JIT::callOperation): Deleted.
1625         * jit/JITOpcodes.cpp:
1626         (JSC::JIT::emit_op_has_indexed_property):
1627         (JSC::JIT::emitSlow_op_has_indexed_property):
1628         * jit/JITOpcodes32_64.cpp:
1629         (JSC::JIT::emit_op_has_indexed_property):
1630         (JSC::JIT::emitSlow_op_has_indexed_property):
1631         * jit/JITOperations.cpp:
1632         (JSC::getByVal):
1633         * jit/JITOperations.h:
1634         * jit/JITPropertyAccess.cpp:
1635         (JSC::JIT::emit_op_get_by_val):
1636         (JSC::JIT::emitSlow_op_get_by_val):
1637         (JSC::JIT::emit_op_put_by_val):
1638         (JSC::JIT::emitSlow_op_put_by_val):
1639         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1640         (JSC::JIT::privateCompileGetByVal): Deleted.
1641         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1642         * jit/JITPropertyAccess32_64.cpp:
1643         (JSC::JIT::emit_op_get_by_val):
1644         (JSC::JIT::emitSlow_op_get_by_val):
1645         (JSC::JIT::emit_op_put_by_val):
1646         (JSC::JIT::emitSlow_op_put_by_val):
1647         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1648         * runtime/Symbol.h:
1649         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1650         * tests/stress/get-by-val-with-string-exit.js: Removed.
1651         * tests/stress/get-by-val-with-string-generated.js: Removed.
1652         * tests/stress/get-by-val-with-string-getter.js: Removed.
1653         * tests/stress/get-by-val-with-string.js: Removed.
1654         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1655         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1656         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1657         * tests/stress/get-by-val-with-symbol.js: Removed.
1658
1659 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1660
1661         Reduce uses of PassRefPtr in bindings
1662         https://bugs.webkit.org/show_bug.cgi?id=147781
1663
1664         Reviewed by Chris Dumez.
1665
1666         Use RefPtr when function can return null or an instance. If not, Ref is used.
1667
1668         * runtime/JSGenericTypedArrayView.h:
1669         (JSC::toNativeTypedView):
1670
1671 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1672
1673         Build more testing binaries with CMake on Windows
1674         https://bugs.webkit.org/show_bug.cgi?id=147799
1675
1676         Reviewed by Brent Fulgham.
1677
1678         * shell/PlatformWin.cmake: Added.
1679         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1680
1681 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1682
1683         Lightweight locks should be adaptive
1684         https://bugs.webkit.org/show_bug.cgi?id=147545
1685
1686         Reviewed by Geoffrey Garen.
1687
1688         * dfg/DFGCommon.cpp:
1689         (JSC::DFG::startCrashing):
1690         * heap/CopiedBlock.h:
1691         (JSC::CopiedBlock::workListLock):
1692         * heap/CopiedBlockInlines.h:
1693         (JSC::CopiedBlock::shouldReportLiveBytes):
1694         (JSC::CopiedBlock::reportLiveBytes):
1695         * heap/CopiedSpace.cpp:
1696         (JSC::CopiedSpace::doneFillingBlock):
1697         * heap/CopiedSpace.h:
1698         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1699         * heap/CopiedSpaceInlines.h:
1700         (JSC::CopiedSpace::recycleEvacuatedBlock):
1701         * heap/GCThreadSharedData.cpp:
1702         (JSC::GCThreadSharedData::didStartCopying):
1703         * heap/GCThreadSharedData.h:
1704         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1705         * heap/ListableHandler.h:
1706         (JSC::ListableHandler::List::addThreadSafe):
1707         (JSC::ListableHandler::List::addNotThreadSafe):
1708         * heap/MachineStackMarker.cpp:
1709         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1710         * heap/SlotVisitorInlines.h:
1711         (JSC::SlotVisitor::copyLater):
1712         * parser/SourceProvider.cpp:
1713         (JSC::SourceProvider::~SourceProvider):
1714         (JSC::SourceProvider::getID):
1715         * profiler/ProfilerDatabase.cpp:
1716         (JSC::Profiler::Database::addDatabaseToAtExit):
1717         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1718         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1719         * runtime/TypeProfilerLog.h:
1720
1721 2015-08-07  Mark Lam  <mark.lam@apple.com>
1722
1723         Rename some variables in the JSC watchdog implementation.
1724         https://bugs.webkit.org/show_bug.cgi?id=147790
1725
1726         Rubber stamped by Benjamin Poulain.
1727
1728         This is just a refactoring patch to give the variable better names that describe their
1729         intended use.  There is no behavior change.
1730
1731         * runtime/Watchdog.cpp:
1732         (JSC::Watchdog::Watchdog):
1733         (JSC::Watchdog::setTimeLimit):
1734         (JSC::Watchdog::didFire):
1735         (JSC::Watchdog::isEnabled):
1736         (JSC::Watchdog::fire):
1737         (JSC::Watchdog::startCountdownIfNeeded):
1738         * runtime/Watchdog.h:
1739
1740 2015-08-07  Saam barati  <saambarati1@gmail.com>
1741
1742         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1743         https://bugs.webkit.org/show_bug.cgi?id=147666
1744
1745         Reviewed by Geoffrey Garen.
1746
1747         If we make the bytecode generator know about every local scope it 
1748         creates, and if we give each local scope a unique register, the
1749         bytecode generator has all the information it needs to assign
1750         the correct scope to a catch handler. Because the bytecode generator
1751         knows this information, it's a better separation of responsibilties
1752         for it to set up the proper scope instead of relying on the exception
1753         handling runtime to find the scope.
1754
1755         * bytecode/BytecodeList.json:
1756         * bytecode/BytecodeUseDef.h:
1757         (JSC::computeUsesForBytecodeOffset):
1758         * bytecode/CodeBlock.cpp:
1759         (JSC::CodeBlock::dumpBytecode):
1760         (JSC::CodeBlock::CodeBlock):
1761         * bytecode/HandlerInfo.h:
1762         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1763         (JSC::HandlerInfo::initialize):
1764         * bytecompiler/BytecodeGenerator.cpp:
1765         (JSC::BytecodeGenerator::generate):
1766         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1767         (JSC::BytecodeGenerator::emitGetScope):
1768         (JSC::BytecodeGenerator::emitPushWithScope):
1769         (JSC::BytecodeGenerator::emitGetParentScope):
1770         (JSC::BytecodeGenerator::emitPopScope):
1771         (JSC::BytecodeGenerator::emitPopWithScope):
1772         (JSC::BytecodeGenerator::allocateAndEmitScope):
1773         (JSC::BytecodeGenerator::emitComplexPopScopes):
1774         (JSC::BytecodeGenerator::pushTry):
1775         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1776         (JSC::BytecodeGenerator::localScopeDepth):
1777         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1778         * bytecompiler/BytecodeGenerator.h:
1779         * bytecompiler/NodesCodegen.cpp:
1780         (JSC::WithNode::emitBytecode):
1781         * interpreter/Interpreter.cpp:
1782         (JSC::Interpreter::unwind):
1783         * jit/JITOpcodes.cpp:
1784         (JSC::JIT::emit_op_push_with_scope):
1785         (JSC::JIT::compileOpStrictEq):
1786         * jit/JITOpcodes32_64.cpp:
1787         (JSC::JIT::emit_op_push_with_scope):
1788         (JSC::JIT::emit_op_to_number):
1789         * jit/JITOperations.cpp:
1790         * jit/JITOperations.h:
1791         * llint/LLIntSlowPaths.cpp:
1792         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1793         * llint/LLIntSlowPaths.h:
1794         * llint/LowLevelInterpreter.asm:
1795         * runtime/CommonSlowPaths.cpp:
1796         (JSC::SLOW_PATH_DECL):
1797         * runtime/CommonSlowPaths.h:
1798         * runtime/JSScope.cpp:
1799         (JSC::JSScope::objectAtScope):
1800         (JSC::isUnscopable):
1801         (JSC::JSScope::depth): Deleted.
1802         * runtime/JSScope.h:
1803
1804 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1805
1806         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1807         https://bugs.webkit.org/show_bug.cgi?id=147761
1808
1809         Reviewed by Mark Lam.
1810
1811         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1812         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1813         it truncates the immediate pointer into the 32bit immediate.
1814         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1815
1816         * assembler/MacroAssemblerARM64.h:
1817         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1818         (JSC::MacroAssemblerARM64::patchableBranch64):
1819         * assembler/MacroAssemblerX86_64.h:
1820         (JSC::MacroAssemblerX86_64::patchableBranch64):
1821         * jit/JIT.h:
1822         * jit/JITInlines.h:
1823         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1824         * jit/JITPropertyAccess.cpp:
1825         (JSC::JIT::emit_op_get_by_val):
1826
1827 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1828
1829         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1830         https://bugs.webkit.org/show_bug.cgi?id=147480
1831
1832         Reviewed by Filip Pizlo.
1833
1834         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1835         The IC site only caches one id. After checking that the given id is the same to the
1836         cached one, we perform the get_by_id IC onto it.
1837         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1838         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1839         operations when the given get_by_val leverages the property load with the cached id.
1840
1841         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1842         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1843         This can be leveraged to optimize symbol operations in DFG.
1844
1845         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1846         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1847         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1848         argument ArrayProfile* in the operations with ByValInfo*.
1849
1850         * bytecode/ByValInfo.h:
1851         (JSC::ByValInfo::ByValInfo):
1852         * bytecode/CodeBlock.cpp:
1853         (JSC::CodeBlock::getByValInfoMap):
1854         (JSC::CodeBlock::addByValInfo):
1855         * bytecode/CodeBlock.h:
1856         (JSC::CodeBlock::getByValInfo): Deleted.
1857         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1858         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1859         (JSC::CodeBlock::byValInfo): Deleted.
1860         * bytecode/ExitKind.cpp:
1861         (JSC::exitKindToString):
1862         * bytecode/ExitKind.h:
1863         * bytecode/GetByIdStatus.cpp:
1864         (JSC::GetByIdStatus::computeFor):
1865         (JSC::GetByIdStatus::computeForStubInfo):
1866         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1867         * bytecode/GetByIdStatus.h:
1868         * dfg/DFGAbstractInterpreterInlines.h:
1869         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1870         * dfg/DFGByteCodeParser.cpp:
1871         (JSC::DFG::ByteCodeParser::parseBlock):
1872         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1873         * dfg/DFGClobberize.h:
1874         (JSC::DFG::clobberize):
1875         * dfg/DFGConstantFoldingPhase.cpp:
1876         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1877         * dfg/DFGDoesGC.cpp:
1878         (JSC::DFG::doesGC):
1879         * dfg/DFGFixupPhase.cpp:
1880         (JSC::DFG::FixupPhase::fixupNode):
1881         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1882         * dfg/DFGNode.h:
1883         (JSC::DFG::Node::hasUidOperand):
1884         (JSC::DFG::Node::uidOperand):
1885         * dfg/DFGNodeType.h:
1886         * dfg/DFGPredictionPropagationPhase.cpp:
1887         (JSC::DFG::PredictionPropagationPhase::propagate):
1888         * dfg/DFGSafeToExecute.h:
1889         (JSC::DFG::SafeToExecuteEdge::operator()):
1890         (JSC::DFG::safeToExecute):
1891         * dfg/DFGSpeculativeJIT.cpp:
1892         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1893         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1894         (JSC::DFG::SpeculativeJIT::speculate):
1895         * dfg/DFGSpeculativeJIT.h:
1896         * dfg/DFGSpeculativeJIT32_64.cpp:
1897         (JSC::DFG::SpeculativeJIT::compile):
1898         * dfg/DFGSpeculativeJIT64.cpp:
1899         (JSC::DFG::SpeculativeJIT::compile):
1900         * dfg/DFGUseKind.cpp:
1901         (WTF::printInternal):
1902         * dfg/DFGUseKind.h:
1903         (JSC::DFG::typeFilterFor):
1904         (JSC::DFG::isCell):
1905         * ftl/FTLAbstractHeapRepository.h:
1906         * ftl/FTLCapabilities.cpp:
1907         (JSC::FTL::canCompile):
1908         * ftl/FTLLowerDFGToLLVM.cpp:
1909         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1910         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1911         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1912         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1913         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1914         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1915         * jit/JIT.cpp:
1916         (JSC::JIT::privateCompile):
1917         * jit/JIT.h:
1918         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1919         (JSC::JIT::compileGetByValWithCachedId):
1920         * jit/JITInlines.h:
1921         (JSC::JIT::callOperation):
1922         * jit/JITOpcodes.cpp:
1923         (JSC::JIT::emit_op_has_indexed_property):
1924         (JSC::JIT::emitSlow_op_has_indexed_property):
1925         * jit/JITOpcodes32_64.cpp:
1926         (JSC::JIT::emit_op_has_indexed_property):
1927         (JSC::JIT::emitSlow_op_has_indexed_property):
1928         * jit/JITOperations.cpp:
1929         (JSC::getByVal):
1930         * jit/JITOperations.h:
1931         * jit/JITPropertyAccess.cpp:
1932         (JSC::JIT::emit_op_get_by_val):
1933         (JSC::JIT::emitGetByValWithCachedId):
1934         (JSC::JIT::emitSlow_op_get_by_val):
1935         (JSC::JIT::emit_op_put_by_val):
1936         (JSC::JIT::emitSlow_op_put_by_val):
1937         (JSC::JIT::privateCompileGetByVal):
1938         (JSC::JIT::privateCompileGetByValWithCachedId):
1939         * jit/JITPropertyAccess32_64.cpp:
1940         (JSC::JIT::emit_op_get_by_val):
1941         (JSC::JIT::emitGetByValWithCachedId):
1942         (JSC::JIT::emitSlow_op_get_by_val):
1943         (JSC::JIT::emit_op_put_by_val):
1944         (JSC::JIT::emitSlow_op_put_by_val):
1945         * runtime/Symbol.h:
1946         * tests/stress/get-by-val-with-string-constructor.js: Added.
1947         (Hello):
1948         (get Hello.prototype.generate):
1949         (ok):
1950         * tests/stress/get-by-val-with-string-exit.js: Added.
1951         (shouldBe):
1952         (getByVal):
1953         (getStr1):
1954         (getStr2):
1955         * tests/stress/get-by-val-with-string-generated.js: Added.
1956         (shouldBe):
1957         (getByVal):
1958         (getStr1):
1959         (getStr2):
1960         * tests/stress/get-by-val-with-string-getter.js: Added.
1961         (object.get hello):
1962         (ok):
1963         * tests/stress/get-by-val-with-string.js: Added.
1964         (shouldBe):
1965         (getByVal):
1966         (getStr1):
1967         (getStr2):
1968         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1969         (Hello):
1970         (get Hello.prototype.generate):
1971         (ok):
1972         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1973         (shouldBe):
1974         (getByVal):
1975         (getSym1):
1976         (getSym2):
1977         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1978         (object.get hello):
1979         (.get ok):
1980         * tests/stress/get-by-val-with-symbol.js: Added.
1981         (shouldBe):
1982         (getByVal):
1983         (getSym1):
1984         (getSym2):
1985
1986 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1987
1988         Parse the entire WebAssembly modules
1989         https://bugs.webkit.org/show_bug.cgi?id=147393
1990
1991         Reviewed by Geoffrey Garen.
1992
1993         Parse the entire WebAssembly modules from files produced by pack-asmjs
1994         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1995         parse modules whose function definition section contains only functions that
1996         have "return 0;" as their only statement. Parsing of any functions will be
1997         implemented in a subsequent patch.
1998
1999         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2000         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2001         * JavaScriptCore.xcodeproj/project.pbxproj:
2002         * wasm/JSWASMModule.cpp:
2003         (JSC::JSWASMModule::destroy):
2004         * wasm/JSWASMModule.h:
2005         (JSC::JSWASMModule::i32Constants):
2006         (JSC::JSWASMModule::f32Constants):
2007         (JSC::JSWASMModule::f64Constants):
2008         (JSC::JSWASMModule::signatures):
2009         (JSC::JSWASMModule::functionImports):
2010         (JSC::JSWASMModule::functionImportSignatures):
2011         (JSC::JSWASMModule::globalVariableTypes):
2012         (JSC::JSWASMModule::functionDeclarations):
2013         (JSC::JSWASMModule::functionPointerTables):
2014         * wasm/WASMFormat.h: Added.
2015         * wasm/WASMModuleParser.cpp:
2016         (JSC::WASMModuleParser::parse):
2017         (JSC::WASMModuleParser::parseModule):
2018         (JSC::WASMModuleParser::parseConstantPoolSection):
2019         (JSC::WASMModuleParser::parseSignatureSection):
2020         (JSC::WASMModuleParser::parseFunctionImportSection):
2021         (JSC::WASMModuleParser::parseGlobalSection):
2022         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
2023         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
2024         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
2025         (JSC::WASMModuleParser::parseFunctionDefinition):
2026         (JSC::WASMModuleParser::parseExportSection):
2027         * wasm/WASMModuleParser.h:
2028         * wasm/WASMReader.cpp:
2029         (JSC::WASMReader::readUInt32):
2030         (JSC::WASMReader::readCompactUInt32):
2031         (JSC::WASMReader::readString):
2032         (JSC::WASMReader::readType):
2033         (JSC::WASMReader::readExpressionType):
2034         (JSC::WASMReader::readExportFormat):
2035         (JSC::WASMReader::readByte):
2036         (JSC::WASMReader::readUnsignedInt32): Deleted.
2037         * wasm/WASMReader.h:
2038
2039 2015-08-06  Keith Miller  <keith_miller@apple.com>
2040
2041         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
2042         https://bugs.webkit.org/show_bug.cgi?id=147749
2043
2044         Reviewed by Filip Pizlo.
2045
2046         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
2047         thus no one calls this code.
2048
2049         * ftl/FTLLowerDFGToLLVM.cpp:
2050         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
2051
2052 2015-08-06  Keith Miller  <keith_miller@apple.com>
2053
2054         The JSONP parser incorrectly parsers -0 as +0.
2055         https://bugs.webkit.org/show_bug.cgi?id=147590
2056
2057         Reviewed by Michael Saboff.
2058
2059         In the LiteralParser we should use a double to store the accumulator for numerical tokens
2060         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
2061
2062         * runtime/LiteralParser.cpp:
2063         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
2064
2065 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
2066
2067         Structures used for tryGetConstantProperty() should be registered first
2068         https://bugs.webkit.org/show_bug.cgi?id=147750
2069
2070         Reviewed by Saam Barati and Michael Saboff.
2071
2072         * dfg/DFGGraph.cpp:
2073         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
2074         * dfg/DFGGraph.h:
2075         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
2076         * dfg/DFGStructureRegistrationPhase.cpp:
2077         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
2078         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2079         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2080         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
2081         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
2082         (JSC::DFG::performStructureRegistration):
2083
2084 2015-08-06  Keith Miller  <keith_miller@apple.com>
2085
2086         Remove UnspecifiedBoolType from JSC
2087         https://bugs.webkit.org/show_bug.cgi?id=147597
2088
2089         Reviewed by Mark Lam.
2090
2091         We were using the safe bool pattern in the code base for implicit casting to booleans.
2092         With C++11 this is no longer necessary and we can instead create an operator bool.
2093
2094         * API/JSRetainPtr.h:
2095         (JSRetainPtr::operator bool):
2096         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
2097         * dfg/DFGEdge.h:
2098         (JSC::DFG::Edge::operator bool):
2099         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
2100         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2101         * heap/Weak.h:
2102         * heap/WeakInlines.h:
2103         (JSC::bool):
2104         (JSC::UnspecifiedBoolType): Deleted.
2105
2106 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
2107
2108         [ES6] Class parser does not allow methods named set and get.
2109         https://bugs.webkit.org/show_bug.cgi?id=147150
2110
2111         Reviewed by Oliver Hunt.
2112
2113         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
2114         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
2115         so that we only treat them as such when it's followed by another token that could be a method name.
2116
2117         * parser/Parser.cpp:
2118         (JSC::Parser<LexerType>::parseClass):
2119
2120 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
2121
2122         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
2123
2124         * bytecode/SamplingTool.cpp:
2125         (JSC::SamplingTool::doRun):
2126         (JSC::SamplingTool::notifyOfScope):
2127         * bytecode/SamplingTool.h:
2128         * dfg/DFGThreadData.h:
2129         * dfg/DFGWorklist.cpp:
2130         (JSC::DFG::Worklist::~Worklist):
2131         (JSC::DFG::Worklist::isActiveForVM):
2132         (JSC::DFG::Worklist::enqueue):
2133         (JSC::DFG::Worklist::compilationState):
2134         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2135         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2136         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2137         (JSC::DFG::Worklist::visitWeakReferences):
2138         (JSC::DFG::Worklist::removeDeadPlans):
2139         (JSC::DFG::Worklist::queueLength):
2140         (JSC::DFG::Worklist::dump):
2141         (JSC::DFG::Worklist::runThread):
2142         * dfg/DFGWorklist.h:
2143         * disassembler/Disassembler.cpp:
2144         * heap/CopiedSpace.cpp:
2145         (JSC::CopiedSpace::doneFillingBlock):
2146         (JSC::CopiedSpace::doneCopying):
2147         * heap/CopiedSpace.h:
2148         * heap/CopiedSpaceInlines.h:
2149         (JSC::CopiedSpace::recycleBorrowedBlock):
2150         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2151         * heap/HeapTimer.h:
2152         * heap/MachineStackMarker.cpp:
2153         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2154         (JSC::ActiveMachineThreadsManager::add):
2155         (JSC::ActiveMachineThreadsManager::remove):
2156         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2157         (JSC::MachineThreads::~MachineThreads):
2158         (JSC::MachineThreads::addCurrentThread):
2159         (JSC::MachineThreads::removeThreadIfFound):
2160         (JSC::MachineThreads::tryCopyOtherThreadStack):
2161         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2162         (JSC::MachineThreads::gatherConservativeRoots):
2163         * heap/MachineStackMarker.h:
2164         * interpreter/JSStack.cpp:
2165         (JSC::stackStatisticsMutex):
2166         (JSC::JSStack::addToCommittedByteCount):
2167         (JSC::JSStack::committedByteCount):
2168         * jit/JITThunks.h:
2169         * profiler/ProfilerDatabase.h:
2170
2171 2015-08-05  Saam barati  <saambarati1@gmail.com>
2172
2173         Bytecodegenerator emits crappy code for returns in a lexical scope.
2174         https://bugs.webkit.org/show_bug.cgi?id=147688
2175
2176         Reviewed by Mark Lam.
2177
2178         When returning, we only need to emit complex pop scopes if we're in 
2179         a finally block. Otherwise, we can just return like normal. This saves
2180         us from inefficiently emitting unnecessary pop scopes.
2181
2182         * bytecompiler/BytecodeGenerator.h:
2183         (JSC::BytecodeGenerator::isInFinallyBlock):
2184         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2185         * bytecompiler/NodesCodegen.cpp:
2186         (JSC::ReturnNode::emitBytecode):
2187
2188 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2189
2190         Add the Intl API to the status page
2191
2192         * features.json:
2193         Andy VanWagoner landed the skeleton of the API and it is
2194         enabled by default.
2195
2196 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2197
2198         Rename Mutex to DeprecatedMutex
2199         https://bugs.webkit.org/show_bug.cgi?id=147675
2200
2201         Reviewed by Geoffrey Garen.
2202
2203         * bytecode/SamplingTool.cpp:
2204         (JSC::SamplingTool::doRun):
2205         (JSC::SamplingTool::notifyOfScope):
2206         * bytecode/SamplingTool.h:
2207         * dfg/DFGThreadData.h:
2208         * dfg/DFGWorklist.cpp:
2209         (JSC::DFG::Worklist::~Worklist):
2210         (JSC::DFG::Worklist::isActiveForVM):
2211         (JSC::DFG::Worklist::enqueue):
2212         (JSC::DFG::Worklist::compilationState):
2213         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2214         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2215         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2216         (JSC::DFG::Worklist::visitWeakReferences):
2217         (JSC::DFG::Worklist::removeDeadPlans):
2218         (JSC::DFG::Worklist::queueLength):
2219         (JSC::DFG::Worklist::dump):
2220         (JSC::DFG::Worklist::runThread):
2221         * dfg/DFGWorklist.h:
2222         * disassembler/Disassembler.cpp:
2223         * heap/CopiedSpace.cpp:
2224         (JSC::CopiedSpace::doneFillingBlock):
2225         (JSC::CopiedSpace::doneCopying):
2226         * heap/CopiedSpace.h:
2227         * heap/CopiedSpaceInlines.h:
2228         (JSC::CopiedSpace::recycleBorrowedBlock):
2229         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2230         * heap/HeapTimer.h:
2231         * heap/MachineStackMarker.cpp:
2232         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2233         (JSC::ActiveMachineThreadsManager::add):
2234         (JSC::ActiveMachineThreadsManager::remove):
2235         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2236         (JSC::MachineThreads::~MachineThreads):
2237         (JSC::MachineThreads::addCurrentThread):
2238         (JSC::MachineThreads::removeThreadIfFound):
2239         (JSC::MachineThreads::tryCopyOtherThreadStack):
2240         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2241         (JSC::MachineThreads::gatherConservativeRoots):
2242         * heap/MachineStackMarker.h:
2243         * interpreter/JSStack.cpp:
2244         (JSC::stackStatisticsMutex):
2245         (JSC::JSStack::addToCommittedByteCount):
2246         (JSC::JSStack::committedByteCount):
2247         * jit/JITThunks.h:
2248         * profiler/ProfilerDatabase.h:
2249
2250 2015-08-05  Saam barati  <saambarati1@gmail.com>
2251
2252         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2253         https://bugs.webkit.org/show_bug.cgi?id=147657
2254
2255         Reviewed by Mark Lam.
2256
2257         This kills the last of the name scope objects. Function name scopes are
2258         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2259         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2260         function name scoped variable carefully depending on if the function is in
2261         strict mode. If we're in strict mode, then we treat the variable exactly
2262         like a "const" variable. If we're not in strict mode, we can't treat
2263         this variable like like ES6 "const" because that would cause the bytecode
2264         generator to throw an exception when it shouldn't.
2265
2266         * CMakeLists.txt:
2267         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2268         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2269         * JavaScriptCore.xcodeproj/project.pbxproj:
2270         * bytecode/BytecodeList.json:
2271         * bytecode/BytecodeUseDef.h:
2272         (JSC::computeUsesForBytecodeOffset):
2273         (JSC::computeDefsForBytecodeOffset):
2274         * bytecode/CodeBlock.cpp:
2275         (JSC::CodeBlock::dumpBytecode):
2276         * bytecompiler/BytecodeGenerator.cpp:
2277         (JSC::BytecodeGenerator::BytecodeGenerator):
2278         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2279         (JSC::BytecodeGenerator::pushLexicalScope):
2280         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2281         (JSC::BytecodeGenerator::variable):
2282         (JSC::BytecodeGenerator::resolveType):
2283         (JSC::BytecodeGenerator::emitThrowTypeError):
2284         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2285         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2286         (JSC::BytecodeGenerator::emitPushCatchScope):
2287         * bytecompiler/BytecodeGenerator.h:
2288         * bytecompiler/NodesCodegen.cpp:
2289         * debugger/DebuggerScope.cpp:
2290         * dfg/DFGOperations.cpp:
2291         * interpreter/Interpreter.cpp:
2292         * jit/JIT.cpp:
2293         (JSC::JIT::privateCompileMainPass):
2294         * jit/JIT.h:
2295         * jit/JITOpcodes.cpp:
2296         (JSC::JIT::emit_op_to_string):
2297         (JSC::JIT::emit_op_catch):
2298         (JSC::JIT::emit_op_push_name_scope): Deleted.
2299         * jit/JITOpcodes32_64.cpp:
2300         (JSC::JIT::emitSlow_op_to_string):
2301         (JSC::JIT::emit_op_catch):
2302         (JSC::JIT::emit_op_push_name_scope): Deleted.
2303         * jit/JITOperations.cpp:
2304         (JSC::pushNameScope): Deleted.
2305         * llint/LLIntSlowPaths.cpp:
2306         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2307         * llint/LLIntSlowPaths.h:
2308         * llint/LowLevelInterpreter.asm:
2309         * parser/Nodes.cpp:
2310         * runtime/CommonSlowPaths.cpp:
2311         * runtime/Executable.cpp:
2312         (JSC::ScriptExecutable::newCodeBlockFor):
2313         * runtime/JSFunctionNameScope.cpp: Removed.
2314         * runtime/JSFunctionNameScope.h: Removed.
2315         * runtime/JSGlobalObject.cpp:
2316         (JSC::JSGlobalObject::init):
2317         (JSC::JSGlobalObject::visitChildren):
2318         * runtime/JSGlobalObject.h:
2319         (JSC::JSGlobalObject::withScopeStructure):
2320         (JSC::JSGlobalObject::strictEvalActivationStructure):
2321         (JSC::JSGlobalObject::activationStructure):
2322         (JSC::JSGlobalObject::directArgumentsStructure):
2323         (JSC::JSGlobalObject::scopedArgumentsStructure):
2324         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2325         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2326         * runtime/JSNameScope.cpp: Removed.
2327         * runtime/JSNameScope.h: Removed.
2328         * runtime/JSObject.cpp:
2329         (JSC::JSObject::toThis):
2330         (JSC::JSObject::seal):
2331         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2332         * runtime/JSObject.h:
2333         * runtime/JSScope.cpp:
2334         (JSC::JSScope::isCatchScope):
2335         (JSC::JSScope::isFunctionNameScopeObject):
2336         (JSC::resolveModeName):
2337         * runtime/JSScope.h:
2338         * runtime/JSSymbolTableObject.cpp:
2339         * runtime/SymbolTable.h:
2340         * runtime/VM.cpp:
2341
2342 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2343
2344         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2345         https://bugs.webkit.org/show_bug.cgi?id=147679
2346
2347         Reviewed by Timothy Hatcher.
2348
2349         Improve native iterator support for the PropertyName Iterator by
2350         allowing inspection of the internal object within the iterator
2351         and peeking of the next upcoming values of the iterator.
2352
2353         * inspector/JSInjectedScriptHost.cpp:
2354         (Inspector::JSInjectedScriptHost::subtype):
2355         (Inspector::JSInjectedScriptHost::getInternalProperties):
2356         (Inspector::JSInjectedScriptHost::iteratorEntries):
2357         * runtime/JSPropertyNameIterator.h:
2358         (JSC::JSPropertyNameIterator::iteratedValue):
2359
2360 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2361
2362         [Win] Update Apple Windows build for VS2015
2363         https://bugs.webkit.org/show_bug.cgi?id=147653
2364
2365         Reviewed by Dean Jackson.
2366
2367         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2368         Show JSC files in proper project locations in IDE.
2369
2370 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2371
2372         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2373         https://bugs.webkit.org/show_bug.cgi?id=147328
2374
2375         Reviewed by Timothy Hatcher.
2376
2377         * inspector/InjectedScriptSource.js:
2378         Use classList and classList.toString instead of className.
2379
2380 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2381
2382         [ES6] Support Module Syntax
2383         https://bugs.webkit.org/show_bug.cgi?id=147422
2384
2385         Reviewed by Saam Barati.
2386
2387         This patch introduces ES6 Modules syntax parsing part.
2388         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2389         and this patch does not include the code generator part.
2390
2391         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2392         and do not execute the body or construct the AST. And after analyzing all the dependent
2393         modules, we will parse the dependent modules next.
2394         After all analyzing part is done, we will start the second pass. In the second pass, we
2395         will parse the module, produce the AST, and execute the body.
2396         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2397         because the given module can be executed after the all dependent modules are executed. It
2398         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2399         the dependent modules' information.
2400
2401         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2402         This patch aims at just implementing the syntax parsing functionality correctly.
2403         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2404         to collect the dependent modules fast[1].
2405
2406         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2407         By using this, we can parse the given string as the module.
2408
2409         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2410
2411         * bytecompiler/NodesCodegen.cpp:
2412         (JSC::ModuleProgramNode::emitBytecode):
2413         (JSC::ImportDeclarationNode::emitBytecode):
2414         (JSC::ExportAllDeclarationNode::emitBytecode):
2415         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2416         (JSC::ExportLocalDeclarationNode::emitBytecode):
2417         (JSC::ExportNamedDeclarationNode::emitBytecode):
2418         * jsc.cpp:
2419         (GlobalObject::finishCreation):
2420         (functionCheckModuleSyntax):
2421         * parser/ASTBuilder.h:
2422         (JSC::ASTBuilder::createModuleSpecifier):
2423         (JSC::ASTBuilder::createImportSpecifier):
2424         (JSC::ASTBuilder::createImportSpecifierList):
2425         (JSC::ASTBuilder::appendImportSpecifier):
2426         (JSC::ASTBuilder::createImportDeclaration):
2427         (JSC::ASTBuilder::createExportAllDeclaration):
2428         (JSC::ASTBuilder::createExportDefaultDeclaration):
2429         (JSC::ASTBuilder::createExportLocalDeclaration):
2430         (JSC::ASTBuilder::createExportNamedDeclaration):
2431         (JSC::ASTBuilder::createExportSpecifier):
2432         (JSC::ASTBuilder::createExportSpecifierList):
2433         (JSC::ASTBuilder::appendExportSpecifier):
2434         * parser/Keywords.table:
2435         * parser/NodeConstructors.h:
2436         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2437         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2438         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2439         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2440         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2441         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2442         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2443         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2444         * parser/Nodes.cpp:
2445         (JSC::ModuleProgramNode::ModuleProgramNode):
2446         * parser/Nodes.h:
2447         (JSC::ModuleProgramNode::startColumn):
2448         (JSC::ModuleProgramNode::endColumn):
2449         (JSC::ModuleSpecifierNode::moduleName):
2450         (JSC::ImportSpecifierNode::importedName):
2451         (JSC::ImportSpecifierNode::localName):
2452         (JSC::ImportSpecifierListNode::specifiers):
2453         (JSC::ImportSpecifierListNode::append):
2454         (JSC::ImportDeclarationNode::specifierList):
2455         (JSC::ImportDeclarationNode::moduleSpecifier):
2456         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2457         (JSC::ExportDefaultDeclarationNode::declaration):
2458         (JSC::ExportLocalDeclarationNode::declaration):
2459         (JSC::ExportSpecifierNode::exportedName):
2460         (JSC::ExportSpecifierNode::localName):
2461         (JSC::ExportSpecifierListNode::specifiers):
2462         (JSC::ExportSpecifierListNode::append):
2463         (JSC::ExportNamedDeclarationNode::specifierList):
2464         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2465         * parser/Parser.cpp:
2466         (JSC::Parser<LexerType>::Parser):
2467         (JSC::Parser<LexerType>::parseInner):
2468         (JSC::Parser<LexerType>::parseModuleSourceElements):
2469         (JSC::Parser<LexerType>::parseVariableDeclaration):
2470         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2471         (JSC::Parser<LexerType>::createBindingPattern):
2472         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2473         (JSC::Parser<LexerType>::parseDestructuringPattern):
2474         (JSC::Parser<LexerType>::parseForStatement):
2475         (JSC::Parser<LexerType>::parseFormalParameters):
2476         (JSC::Parser<LexerType>::parseFunctionParameters):
2477         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2478         (JSC::Parser<LexerType>::parseClassDeclaration):
2479         (JSC::Parser<LexerType>::parseModuleSpecifier):
2480         (JSC::Parser<LexerType>::parseImportClauseItem):
2481         (JSC::Parser<LexerType>::parseImportDeclaration):
2482         (JSC::Parser<LexerType>::parseExportSpecifier):
2483         (JSC::Parser<LexerType>::parseExportDeclaration):
2484         (JSC::Parser<LexerType>::parseMemberExpression):
2485         * parser/Parser.h:
2486         (JSC::isIdentifierOrKeyword):
2487         (JSC::ModuleScopeData::create):
2488         (JSC::ModuleScopeData::exportedBindings):
2489         (JSC::ModuleScopeData::exportName):
2490         (JSC::ModuleScopeData::exportBinding):
2491         (JSC::Scope::Scope):
2492         (JSC::Scope::setIsModule):
2493         (JSC::Scope::moduleScopeData):
2494         (JSC::Parser::matchContextualKeyword):
2495         (JSC::Parser::matchIdentifierOrKeyword):
2496         (JSC::Parser::isofToken): Deleted.
2497         * parser/ParserModes.h:
2498         * parser/ParserTokens.h:
2499         * parser/SyntaxChecker.h:
2500         (JSC::SyntaxChecker::createModuleSpecifier):
2501         (JSC::SyntaxChecker::createImportSpecifier):
2502         (JSC::SyntaxChecker::createImportSpecifierList):
2503         (JSC::SyntaxChecker::appendImportSpecifier):
2504         (JSC::SyntaxChecker::createImportDeclaration):
2505         (JSC::SyntaxChecker::createExportAllDeclaration):
2506         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2507         (JSC::SyntaxChecker::createExportLocalDeclaration):
2508         (JSC::SyntaxChecker::createExportNamedDeclaration):
2509         (JSC::SyntaxChecker::createExportSpecifier):
2510         (JSC::SyntaxChecker::createExportSpecifierList):
2511         (JSC::SyntaxChecker::appendExportSpecifier):
2512         * runtime/CommonIdentifiers.cpp:
2513         (JSC::CommonIdentifiers::CommonIdentifiers):
2514         * runtime/CommonIdentifiers.h:
2515         * runtime/Completion.cpp:
2516         (JSC::checkModuleSyntax):
2517         * runtime/Completion.h:
2518         * tests/stress/modules-syntax-error-with-names.js: Added.
2519         (shouldThrow):
2520         * tests/stress/modules-syntax-error.js: Added.
2521         (shouldThrow):
2522         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2523         * tests/stress/modules-syntax.js: Added.
2524         (prototype.checkModuleSyntax):
2525         (checkModuleSyntax):
2526         * tests/stress/tagged-templates-syntax.js:
2527
2528 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2529
2530         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2531         https://bugs.webkit.org/show_bug.cgi?id=146833
2532
2533         Reviewed by Alexey Proskuryakov.
2534
2535         * assembler/ARM64Assembler.h:
2536         * assembler/ARMAssembler.h:
2537         (JSC::ARMAssembler::cacheFlush):
2538         * assembler/MacroAssemblerARM.cpp:
2539         (JSC::isVFPPresent):
2540         * assembler/MacroAssemblerX86Common.h:
2541         (JSC::MacroAssemblerX86Common::isSSE2Present):
2542         * heap/MachineStackMarker.h:
2543         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2544         (JSC::logF):
2545         * jit/HostCallReturnValue.h:
2546         * jit/JIT.h:
2547         * jit/JITOperations.cpp:
2548         * jit/JITStubsARM.h:
2549         * jit/JITStubsARMv7.h:
2550         * jit/JITStubsX86.h:
2551         * jit/JITStubsX86Common.h:
2552         * jit/JITStubsX86_64.h:
2553         * jit/ThunkGenerators.cpp:
2554         * runtime/JSExportMacros.h:
2555         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2556         (JSC::clz32):
2557
2558 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2559
2560         Unreviewed, fix uninitialized property leading to an assert.
2561
2562         * runtime/PutPropertySlot.h:
2563         (JSC::PutPropertySlot::PutPropertySlot):
2564
2565 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2566
2567         Unreviewed, fix Windows.
2568
2569         * bytecode/ObjectPropertyConditionSet.h:
2570         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2571
2572 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2573
2574         DFG should have adaptive structure watchpoints
2575         https://bugs.webkit.org/show_bug.cgi?id=146929
2576
2577         Reviewed by Geoffrey Garen.
2578
2579         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2580         property, you'd check that the object still has the structure that you first saw the object have. We
2581         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2582         elide the structure check.
2583
2584         But this approach fails when that object frequently has new properties added to it. This would
2585         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2586         we'd have to recompile either the IC or an entire code block.
2587
2588         This change introduces a new concept: an object property condition. This value describes some
2589         condition involving a property on some object. There are four kinds: presence, absence,
2590         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2591         object has some property at some offset with some attributes. This allows us to implement a new kind
2592         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2593         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2594         on the new structure.
2595
2596         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2597         and prototype accesses. They are also used for any DFG accesses to object constants, including
2598         global property accesses.
2599
2600         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2601         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2602         chain situation. It's also a small speed-up on getter-richards.
2603
2604         * CMakeLists.txt:
2605         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2606         * JavaScriptCore.xcodeproj/project.pbxproj:
2607         * bytecode/CodeBlock.cpp:
2608         (JSC::CodeBlock::printGetByIdCacheStatus):
2609         (JSC::CodeBlock::printPutByIdCacheStatus):
2610         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2611         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2612         * bytecode/ComplexGetStatus.cpp:
2613         (JSC::ComplexGetStatus::computeFor):
2614         * bytecode/ComplexGetStatus.h:
2615         (JSC::ComplexGetStatus::ComplexGetStatus):
2616         (JSC::ComplexGetStatus::takesSlowPath):
2617         (JSC::ComplexGetStatus::kind):
2618         (JSC::ComplexGetStatus::offset):
2619         (JSC::ComplexGetStatus::conditionSet):
2620         (JSC::ComplexGetStatus::attributes): Deleted.
2621         (JSC::ComplexGetStatus::specificValue): Deleted.
2622         (JSC::ComplexGetStatus::chain): Deleted.
2623         * bytecode/ConstantStructureCheck.cpp: Removed.
2624         * bytecode/ConstantStructureCheck.h: Removed.
2625         * bytecode/GetByIdStatus.cpp:
2626         (JSC::GetByIdStatus::computeForStubInfo):
2627         * bytecode/GetByIdVariant.cpp:
2628         (JSC::GetByIdVariant::GetByIdVariant):
2629         (JSC::GetByIdVariant::~GetByIdVariant):
2630         (JSC::GetByIdVariant::operator=):
2631         (JSC::GetByIdVariant::attemptToMerge):
2632         (JSC::GetByIdVariant::dumpInContext):
2633         (JSC::GetByIdVariant::baseStructure): Deleted.
2634         * bytecode/GetByIdVariant.h:
2635         (JSC::GetByIdVariant::operator!):
2636         (JSC::GetByIdVariant::structureSet):
2637         (JSC::GetByIdVariant::conditionSet):
2638         (JSC::GetByIdVariant::offset):
2639         (JSC::GetByIdVariant::callLinkStatus):
2640         (JSC::GetByIdVariant::constantChecks): Deleted.
2641         (JSC::GetByIdVariant::alternateBase): Deleted.
2642         * bytecode/ObjectPropertyCondition.cpp: Added.
2643         (JSC::ObjectPropertyCondition::dumpInContext):
2644         (JSC::ObjectPropertyCondition::dump):
2645         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2646         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2647         (JSC::ObjectPropertyCondition::isStillValid):
2648         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2649         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2650         (JSC::ObjectPropertyCondition::isWatchable):
2651         (JSC::ObjectPropertyCondition::isStillLive):
2652         (JSC::ObjectPropertyCondition::validateReferences):
2653         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2654         * bytecode/ObjectPropertyCondition.h: Added.
2655         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2656         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2657         (JSC::ObjectPropertyCondition::presence):
2658         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2659         (JSC::ObjectPropertyCondition::absence):
2660         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2661         (JSC::ObjectPropertyCondition::absenceOfSetter):
2662         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2663         (JSC::ObjectPropertyCondition::equivalence):
2664         (JSC::ObjectPropertyCondition::operator!):
2665         (JSC::ObjectPropertyCondition::object):
2666         (JSC::ObjectPropertyCondition::condition):
2667         (JSC::ObjectPropertyCondition::kind):
2668         (JSC::ObjectPropertyCondition::uid):
2669         (JSC::ObjectPropertyCondition::hasOffset):
2670         (JSC::ObjectPropertyCondition::offset):
2671         (JSC::ObjectPropertyCondition::hasAttributes):
2672         (JSC::ObjectPropertyCondition::attributes):
2673         (JSC::ObjectPropertyCondition::hasPrototype):
2674         (JSC::ObjectPropertyCondition::prototype):
2675         (JSC::ObjectPropertyCondition::hasRequiredValue):
2676         (JSC::ObjectPropertyCondition::requiredValue):
2677         (JSC::ObjectPropertyCondition::hash):
2678         (JSC::ObjectPropertyCondition::operator==):
2679         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2680         (JSC::ObjectPropertyCondition::isCompatibleWith):
2681         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2682         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2683         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2684         (JSC::ObjectPropertyConditionHash::hash):
2685         (JSC::ObjectPropertyConditionHash::equal):
2686         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2687         (JSC::ObjectPropertyConditionSet::forObject):
2688         (JSC::ObjectPropertyConditionSet::forConditionKind):
2689         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2690         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2691         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2692         (JSC::ObjectPropertyConditionSet::mergedWith):
2693         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2694         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2695         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2696         (JSC::ObjectPropertyConditionSet::areStillLive):
2697         (JSC::ObjectPropertyConditionSet::dumpInContext):
2698         (JSC::ObjectPropertyConditionSet::dump):
2699         (JSC::generateConditionsForPropertyMiss):
2700         (JSC::generateConditionsForPropertySetterMiss):
2701         (JSC::generateConditionsForPrototypePropertyHit):
2702         (JSC::generateConditionsForPrototypePropertyHitCustom):
2703         (JSC::generateConditionsForPropertySetterMissConcurrently):
2704         * bytecode/ObjectPropertyConditionSet.h: Added.
2705         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2706         (JSC::ObjectPropertyConditionSet::invalid):
2707         (JSC::ObjectPropertyConditionSet::nonEmpty):
2708         (JSC::ObjectPropertyConditionSet::isValid):
2709         (JSC::ObjectPropertyConditionSet::isEmpty):
2710         (JSC::ObjectPropertyConditionSet::begin):
2711         (JSC::ObjectPropertyConditionSet::end):
2712         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2713         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2714         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2715         (JSC::ObjectPropertyConditionSet::Data::Data):
2716         * bytecode/PolymorphicGetByIdList.cpp:
2717         (JSC::GetByIdAccess::GetByIdAccess):
2718         (JSC::GetByIdAccess::~GetByIdAccess):
2719         (JSC::GetByIdAccess::visitWeak):
2720         * bytecode/PolymorphicGetByIdList.h:
2721         (JSC::GetByIdAccess::GetByIdAccess):
2722         (JSC::GetByIdAccess::structure):
2723         (JSC::GetByIdAccess::conditionSet):
2724         (JSC::GetByIdAccess::stubRoutine):
2725         (JSC::GetByIdAccess::chain): Deleted.
2726         (JSC::GetByIdAccess::chainCount): Deleted.
2727         * bytecode/PolymorphicPutByIdList.cpp:
2728         (JSC::PutByIdAccess::fromStructureStubInfo):
2729         (JSC::PutByIdAccess::visitWeak):
2730         * bytecode/PolymorphicPutByIdList.h:
2731         (JSC::PutByIdAccess::PutByIdAccess):
2732         (JSC::PutByIdAccess::transition):
2733         (JSC::PutByIdAccess::setter):
2734         (JSC::PutByIdAccess::newStructure):
2735         (JSC::PutByIdAccess::conditionSet):
2736         (JSC::PutByIdAccess::stubRoutine):
2737         (JSC::PutByIdAccess::chain): Deleted.
2738         (JSC::PutByIdAccess::chainCount): Deleted.
2739         * bytecode/PropertyCondition.cpp: Added.
2740         (JSC::PropertyCondition::dumpInContext):
2741         (JSC::PropertyCondition::dump):
2742         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2743         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2744         (JSC::PropertyCondition::isStillValid):
2745         (JSC::PropertyCondition::isWatchableWhenValid):
2746         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2747         (JSC::PropertyCondition::isWatchable):
2748         (JSC::PropertyCondition::isStillLive):
2749         (JSC::PropertyCondition::validateReferences):
2750         (JSC::PropertyCondition::isValidValueForAttributes):
2751         (JSC::PropertyCondition::isValidValueForPresence):
2752         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2753         (WTF::printInternal):
2754         * bytecode/PropertyCondition.h: Added.
2755         (JSC::PropertyCondition::PropertyCondition):
2756         (JSC::PropertyCondition::presenceWithoutBarrier):
2757         (JSC::PropertyCondition::presence):
2758         (JSC::PropertyCondition::absenceWithoutBarrier):
2759         (JSC::PropertyCondition::absence):
2760         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2761         (JSC::PropertyCondition::absenceOfSetter):
2762         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2763         (JSC::PropertyCondition::equivalence):
2764         (JSC::PropertyCondition::operator!):
2765         (JSC::PropertyCondition::kind):
2766         (JSC::PropertyCondition::uid):
2767         (JSC::PropertyCondition::hasOffset):
2768         (JSC::PropertyCondition::offset):
2769         (JSC::PropertyCondition::hasAttributes):
2770         (JSC::PropertyCondition::attributes):
2771         (JSC::PropertyCondition::hasPrototype):
2772         (JSC::PropertyCondition::prototype):
2773         (JSC::PropertyCondition::hasRequiredValue):
2774         (JSC::PropertyCondition::requiredValue):
2775         (JSC::PropertyCondition::hash):
2776         (JSC::PropertyCondition::operator==):
2777         (JSC::PropertyCondition::isHashTableDeletedValue):
2778         (JSC::PropertyCondition::isCompatibleWith):
2779         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2780         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2781         (JSC::PropertyConditionHash::hash):
2782         (JSC::PropertyConditionHash::equal):
2783         * bytecode/PutByIdStatus.cpp:
2784         (JSC::PutByIdStatus::computeFromLLInt):
2785         (JSC::PutByIdStatus::computeFor):
2786         (JSC::PutByIdStatus::computeForStubInfo):
2787         * bytecode/PutByIdVariant.cpp:
2788         (JSC::PutByIdVariant::operator=):
2789         (JSC::PutByIdVariant::transition):
2790         (JSC::PutByIdVariant::setter):
2791         (JSC::PutByIdVariant::makesCalls):
2792         (JSC::PutByIdVariant::attemptToMerge):
2793         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2794         (JSC::PutByIdVariant::dumpInContext):
2795         (JSC::PutByIdVariant::baseStructure): Deleted.
2796         * bytecode/PutByIdVariant.h:
2797         (JSC::PutByIdVariant::PutByIdVariant):
2798         (JSC::PutByIdVariant::kind):
2799         (JSC::PutByIdVariant::structure):
2800         (JSC::PutByIdVariant::structureSet):
2801         (JSC::PutByIdVariant::oldStructure):
2802         (JSC::PutByIdVariant::conditionSet):
2803         (JSC::PutByIdVariant::offset):
2804         (JSC::PutByIdVariant::callLinkStatus):
2805         (JSC::PutByIdVariant::constantChecks): Deleted.
2806         (JSC::PutByIdVariant::alternateBase): Deleted.
2807         * bytecode/StructureStubClearingWatchpoint.cpp:
2808         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2809         (JSC::StructureStubClearingWatchpoint::push):
2810         (JSC::StructureStubClearingWatchpoint::fireInternal):
2811         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2812         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2813         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2814         * bytecode/StructureStubClearingWatchpoint.h:
2815         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2816         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2817         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2818         * bytecode/StructureStubInfo.cpp:
2819         (JSC::StructureStubInfo::deref):
2820         (JSC::StructureStubInfo::visitWeakReferences):
2821         * bytecode/StructureStubInfo.h:
2822         (JSC::StructureStubInfo::initPutByIdTransition):
2823         (JSC::StructureStubInfo::initPutByIdReplace):
2824         (JSC::StructureStubInfo::setSeen):
2825         (JSC::StructureStubInfo::addWatchpoint):
2826         * dfg/DFGAbstractInterpreterInlines.h:
2827         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2828         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2829         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2830         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2831         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2832         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2833         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2834         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2835         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2836         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2837         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2838         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2839         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2840         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2841         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2842         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2843         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2844         * dfg/DFGByteCodeParser.cpp:
2845         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2846         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2847         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2848         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2849         (JSC::DFG::ByteCodeParser::check):
2850         (JSC::DFG::ByteCodeParser::promoteToConstant):
2851         (JSC::DFG::ByteCodeParser::planLoad):
2852         (JSC::DFG::ByteCodeParser::load):
2853         (JSC::DFG::ByteCodeParser::presenceLike):
2854         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2855         (JSC::DFG::ByteCodeParser::store):
2856         (JSC::DFG::ByteCodeParser::handleGetById):
2857         (JSC::DFG::ByteCodeParser::handlePutById):
2858         (JSC::DFG::ByteCodeParser::parseBlock):
2859         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2860         * dfg/DFGCommonData.cpp:
2861         (JSC::DFG::CommonData::validateReferences):
2862         * dfg/DFGCommonData.h:
2863         * dfg/DFGConstantFoldingPhase.cpp:
2864         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2865         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2866         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2867         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2868         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2869         * dfg/DFGDesiredWatchpoints.cpp:
2870         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2871         (JSC::DFG::InferredValueAdaptor::add):
2872         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2873         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2874         (JSC::DFG::DesiredWatchpoints::addLazily):
2875         (JSC::DFG::DesiredWatchpoints::consider):
2876         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2877         (JSC::DFG::DesiredWatchpoints::areStillValid):
2878         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2879         * dfg/DFGDesiredWatchpoints.h:
2880         (JSC::DFG::SetPointerAdaptor::add):
2881         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2882         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2883         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2884         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2885         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2886         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2887         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2888         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2889         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2890         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2891         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2892         (JSC::DFG::DesiredWatchpoints::isWatched):
2893         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2894         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2895         * dfg/DFGDesiredWeakReferences.cpp:
2896         (JSC::DFG::DesiredWeakReferences::addLazily):
2897         (JSC::DFG::DesiredWeakReferences::contains):
2898         * dfg/DFGDesiredWeakReferences.h:
2899         * dfg/DFGGraph.cpp:
2900         (JSC::DFG::Graph::dump):
2901         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2902         (JSC::DFG::Graph::watchCondition):
2903         (JSC::DFG::Graph::isSafeToLoad):
2904         (JSC::DFG::Graph::livenessFor):
2905         (JSC::DFG::Graph::tryGetConstantProperty):
2906         (JSC::DFG::Graph::visitChildren):
2907         * dfg/DFGGraph.h:
2908         (JSC::DFG::Graph::identifiers):
2909         (JSC::DFG::Graph::watchpoints):
2910         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2911         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2912         (JSC::DFG::GetByOffsetMethod::dump):
2913         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2914         (JSC::DFG::MultiGetByOffsetCase::dump):
2915         (WTF::printInternal):
2916         * dfg/DFGMultiGetByOffsetData.h: Added.
2917         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2918         (JSC::DFG::GetByOffsetMethod::constant):
2919         (JSC::DFG::GetByOffsetMethod::load):
2920         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2921         (JSC::DFG::GetByOffsetMethod::operator!):
2922         (JSC::DFG::GetByOffsetMethod::kind):
2923         (JSC::DFG::GetByOffsetMethod::prototype):
2924         (JSC::DFG::GetByOffsetMethod::offset):
2925         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2926         (JSC::DFG::MultiGetByOffsetCase::set):
2927         (JSC::DFG::MultiGetByOffsetCase::method):
2928         * dfg/DFGNode.h:
2929         * dfg/DFGSafeToExecute.h:
2930         (JSC::DFG::safeToExecute):
2931         * dfg/DFGStructureRegistrationPhase.cpp:
2932         (JSC::DFG::StructureRegistrationPhase::run):
2933         * ftl/FTLLowerDFGToLLVM.cpp:
2934         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2935         * jit/Repatch.cpp:
2936         (JSC::repatchByIdSelfAccess):
2937         (JSC::checkObjectPropertyCondition):
2938         (JSC::checkObjectPropertyConditions):
2939         (JSC::replaceWithJump):
2940         (JSC::generateByIdStub):
2941         (JSC::actionForCell):
2942         (JSC::tryBuildGetByIDList):
2943         (JSC::emitPutReplaceStub):
2944         (JSC::emitPutTransitionStub):
2945         (JSC::tryCachePutByID):
2946         (JSC::tryBuildPutByIdList):
2947         (JSC::tryRepatchIn):
2948         (JSC::addStructureTransitionCheck): Deleted.
2949         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2950         * runtime/IntendedStructureChain.cpp: Removed.
2951         * runtime/IntendedStructureChain.h: Removed.
2952         * runtime/JSCJSValue.h:
2953         * runtime/JSObject.cpp:
2954         (JSC::throwTypeError):
2955         (JSC::JSObject::convertToDictionary):
2956         (JSC::JSObject::shiftButterflyAfterFlattening):
2957         * runtime/JSObject.h:
2958         (JSC::JSObject::flattenDictionaryObject):
2959         (JSC::JSObject::convertToDictionary): Deleted.
2960         * runtime/Operations.h:
2961         (JSC::normalizePrototypeChain):
2962         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2963         (JSC::isPrototypeChainNormalized): Deleted.
2964         * runtime/PropertySlot.h:
2965         (JSC::PropertySlot::PropertySlot):
2966         (JSC::PropertySlot::slotBase):
2967         * runtime/Structure.cpp:
2968         (JSC::Structure::addPropertyTransition):
2969         (JSC::Structure::attributeChangeTransition):
2970         (JSC::Structure::toDictionaryTransition):
2971         (JSC::Structure::toCacheableDictionaryTransition):
2972         (JSC::Structure::toUncacheableDictionaryTransition):
2973         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2974         (JSC::Structure::startWatchingPropertyForReplacements):
2975         (JSC::Structure::didCachePropertyReplacement):
2976         (JSC::Structure::dump):
2977         * runtime/Structure.h:
2978         * runtime/VM.h:
2979         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2980         (foo):
2981         (bar):
2982         (baz):
2983         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2984         (foo):
2985         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2986         (foo):
2987         * tests/stress/replacement-watchpoint.js: Added.
2988         (foo):
2989         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2990         (foo):
2991         * tests/stress/undefined-access-then-proto-change.js: Added.
2992         (foo):
2993
2994 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2995
2996         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2997         https://bugs.webkit.org/show_bug.cgi?id=147538
2998
2999         Reviewed by Geoffrey Garen.
3000
3001         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
3002         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
3003         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
3004
3005         * parser/ParserTokens.h:
3006         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
3007         (testSyntaxError):
3008
3009 2015-08-03  Keith Miller  <keith_miller@apple.com>
3010
3011         Clean up the naming for AST expression generation.
3012         https://bugs.webkit.org/show_bug.cgi?id=147581
3013
3014         Reviewed by Yusuke Suzuki.
3015
3016         * parser/ASTBuilder.h:
3017         (JSC::ASTBuilder::createThisExpr):
3018         (JSC::ASTBuilder::createSuperExpr):
3019         (JSC::ASTBuilder::createNewTargetExpr):
3020         (JSC::ASTBuilder::thisExpr): Deleted.
3021         (JSC::ASTBuilder::superExpr): Deleted.
3022         (JSC::ASTBuilder::newTargetExpr): Deleted.
3023         * parser/Parser.cpp:
3024         (JSC::Parser<LexerType>::parsePrimaryExpression):
3025         (JSC::Parser<LexerType>::parseMemberExpression):
3026         * parser/SyntaxChecker.h:
3027         (JSC::SyntaxChecker::createThisExpr):
3028         (JSC::SyntaxChecker::createSuperExpr):
3029         (JSC::SyntaxChecker::createNewTargetExpr):
3030         (JSC::SyntaxChecker::thisExpr): Deleted.
3031         (JSC::SyntaxChecker::superExpr): Deleted.
3032         (JSC::SyntaxChecker::newTargetExpr): Deleted.
3033
3034 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3035
3036         Don't set up the callsite to operationGetByValDefault when the optimization is already done
3037         https://bugs.webkit.org/show_bug.cgi?id=147577
3038
3039         Reviewed by Filip Pizlo.
3040
3041         operationGetByValDefault should be called only when the IC is not set.
3042         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
3043         operationGetByValDefault raises the assertion failure.
3044         In this patch, we change the callsite setting up code in operationGetByValString when
3045         the IC is already set. And to make the operation's meaning explicitly, we changed the
3046         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
3047         GetById case.
3048
3049         * jit/JITOperations.cpp:
3050         * jit/JITOperations.h:
3051         * jit/JITPropertyAccess.cpp:
3052         (JSC::JIT::emitSlow_op_get_by_val):
3053         * jit/JITPropertyAccess32_64.cpp:
3054         (JSC::JIT::emitSlow_op_get_by_val):
3055         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
3056         (hello):
3057
3058 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
3059
3060         [FTL] Remove unused scripts related to native call inlining
3061         https://bugs.webkit.org/show_bug.cgi?id=147448
3062
3063         Reviewed by Filip Pizlo.
3064
3065         * build-symbol-table-index.py: Removed.
3066         * copy-llvm-ir-to-derived-sources.sh: Removed.
3067         * create-llvm-ir-from-source-file.py: Removed.
3068         * create-symbol-table-index.py: Removed.
3069
3070 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
3071
3072         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
3073         https://bugs.webkit.org/show_bug.cgi?id=118455
3074
3075         Reviewed by Filip Pizlo.
3076
3077         LivenessAnalysisPhase lights up like a christmas tree in profiles.
3078
3079         This patch cuts its cost by 4.
3080         About half of the gains come from removing many rehash() when copying
3081         the HashSet.
3082         The last quarter is achieved by having a special add() function for initializing
3083         a HashSet.
3084
3085         This makes benchmarks progress by 1-2% here and there. Nothing massive.
3086
3087         * dfg/DFGLivenessAnalysisPhase.cpp:
3088         (JSC::DFG::LivenessAnalysisPhase::process):
3089         The m_live HashSet is only useful per block. When we are done with it,
3090         we can transfer it to liveAtHead to avoid a copy.
3091
3092 2015-08-01  Saam barati  <saambarati1@gmail.com>
3093
3094         Unreviewed. Remove unintentional "print" statement in test case.
3095         https://bugs.webkit.org/show_bug.cgi?id=142567
3096
3097         * tests/stress/class-syntax-definition-semantics.js:
3098         (shouldBeSyntaxError):
3099
3100 2015-07-31  Alex Christensen  <achristensen@webkit.org>
3101
3102         Prepare for VS2015
3103         https://bugs.webkit.org/show_bug.cgi?id=146579
3104
3105         Reviewed by Jon Honeycutt.
3106
3107         * heap/Heap.h:
3108         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
3109
3110 2015-07-31  Saam barati  <saambarati1@gmail.com>
3111
3112         ES6 class syntax should use block scoping
3113         https://bugs.webkit.org/show_bug.cgi?id=142567
3114
3115         Reviewed by Geoffrey Garen.
3116
3117         We treat class declarations like we do "let" declarations.
3118         The class name is under TDZ until the class declaration
3119         statement is evaluated. Class declarations also follow
3120         the same rules as "let": No duplicate definitions inside
3121         a lexical environment.
3122
3123         * parser/ASTBuilder.h:
3124         (JSC::ASTBuilder::createClassDeclStatement):
3125         * parser/Parser.cpp:
3126         (JSC::Parser<LexerType>::parseClassDeclaration):
3127         * tests/stress/class-syntax-block-scoping.js: Added.
3128         (assert):
3129         (truth):
3130         (.):
3131         * tests/stress/class-syntax-definition-semantics.js: Added.
3132         (shouldBeSyntaxError):
3133         (shouldNotBeSyntaxError):
3134         (truth):
3135         * tests/stress/class-syntax-tdz.js:
3136         (assert):
3137         (shouldThrowTDZ):
3138         (truth):
3139         (.):
3140
3141 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3142
3143         Implement WebAssembly module parser
3144         https://bugs.webkit.org/show_bug.cgi?id=147293
3145
3146         Reviewed by Mark Lam.
3147
3148         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
3149         include file: 'JSWASMModule.h'" issue on Windows.
3150
3151         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3152         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3153         the magic number at the beginning of the files. Parsing of the rest will be
3154         implemented in a subsequent patch.
3155
3156         * CMakeLists.txt:
3157         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3158         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3159         * JavaScriptCore.xcodeproj/project.pbxproj:
3160         * jsc.cpp:
3161         (GlobalObject::finishCreation):
3162         (functionLoadWebAssembly):
3163         * parser/SourceProvider.h:
3164         (JSC::WebAssemblySourceProvider::create):
3165         (JSC::WebAssemblySourceProvider::data):
3166         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3167         * runtime/JSGlobalObject.cpp:
3168         (JSC::JSGlobalObject::init):
3169         (JSC::JSGlobalObject::visitChildren):
3170         * runtime/JSGlobalObject.h:
3171         (JSC::JSGlobalObject::wasmModuleStructure):
3172         * wasm/WASMMagicNumber.h: Added.
3173         * wasm/WASMModuleParser.cpp: Added.
3174         (JSC::WASMModuleParser::WASMModuleParser):
3175         (JSC::WASMModuleParser::parse):
3176         (JSC::WASMModuleParser::parseModule):
3177         (JSC::parseWebAssembly):
3178         * wasm/WASMModuleParser.h: Added.
3179         * wasm/WASMReader.cpp: Added.
3180         (JSC::WASMReader::readUnsignedInt32):
3181         (JSC::WASMReader::readFloat):
3182         (JSC::WASMReader::readDouble):
3183         * wasm/WASMReader.h: Added.
3184         (JSC::WASMReader::WASMReader):
3185
3186 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3187
3188         Add the "wasm" directory to the Additional Include Directories for jsc.exe
3189         https://bugs.webkit.org/show_bug.cgi?id=147443
3190
3191         Reviewed by Mark Lam.
3192
3193         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
3194         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
3195
3196         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
3197
3198 2015-07-30  Chris Dumez  <cdumez@apple.com>
3199
3200         Mark more classes as fast allocated
3201         https://bugs.webkit.org/show_bug.cgi?id=147440
3202
3203         Reviewed by Sam Weinig.
3204
3205         Mark more classes as fast allocated for performance. We heap-allocate
3206         objects of those types throughout the code base.
3207
3208         * API/JSCallbackObject.h:
3209         * API/ObjCCallbackFunction.mm:
3210         * bytecode/BytecodeKills.h:
3211         * bytecode/BytecodeLivenessAnalysis.h:
3212         * bytecode/CallLinkStatus.h:
3213         * bytecode/FullBytecodeLiveness.h:
3214         * bytecode/SamplingTool.h:
3215         * bytecompiler/BytecodeGenerator.h:
3216         * dfg/DFGBasicBlock.h:
3217         * dfg/DFGBlockMap.h:
3218         * dfg/DFGInPlaceAbstractState.h:
3219         * dfg/DFGThreadData.h:
3220         * heap/HeapVerifier.h:
3221         * heap/SlotVisitor.h:
3222         * parser/Lexer.h:
3223         * runtime/ControlFlowProfiler.h:
3224         * runtime/TypeProfiler.h:
3225         * runtime/TypeProfilerLog.h:
3226         * runtime/Watchdog.h:
3227
3228 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
3229
3230         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
3231         https://bugs.webkit.org/show_bug.cgi?id=147433
3232         rdar://problem/21668986
3233
3234         Reviewed by Mark Lam.
3235
3236         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
3237         currently that's not what it does - it emits a SetArgument for every argument that a varargs
3238         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
3239         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
3240         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
3241         have a PutStack.
3242
3243         This fixes the bug by removing the code to optimize away PutStacks in
3244         ArgumentsEliminationPhase.
3245
3246         * dfg/DFGArgumentsEliminationPhase.cpp:
3247         * tests/stress/varargs-inlining-underflow.js: Added.
3248         (baz):
3249         (bar):
3250         (foo):
3251
3252 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
3253
3254         Implement basic types for ECMAScript Internationalization API
3255         https://bugs.webkit.org/show_bug.cgi?id=146926
3256
3257         Reviewed by Benjamin Poulain.
3258
3259         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
3260         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
3261
3262         * CMakeLists.txt: Added new Intl files.
3263         * Configurations/FeatureDefines.xcconfig: Enable INTL.
3264         * DerivedSources.make: Added Intl files.
3265         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
3266         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
3267         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
3268         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
3269         * runtime/DateConstructor.cpp: Made Date.now public.
3270         * runtime/DateConstructor.h: Made Date.now public.
3271         * runtime/IntlCollator.cpp: Added.
3272         (JSC::IntlCollator::create):
3273         (JSC::IntlCollator::createStructure):
3274         (JSC::IntlCollator::IntlCollator):
3275         (JSC::IntlCollator::finishCreation):
3276         (JSC::IntlCollator::destroy):
3277         (JSC::IntlCollator::visitChildren):
3278         (JSC::IntlCollator::setBoundCompare):
3279         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
3280         * runtime/IntlCollator.h: Added.
3281         (JSC::IntlCollator::constructor):
3282         (JSC::IntlCollator::boundCompare):
3283         * runtime/IntlCollatorConstructor.cpp: Added.
3284         (JSC::IntlCollatorConstructor::create):
3285         (JSC::IntlCollatorConstructor::createStructure):
3286         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
3287         (JSC::IntlCollatorConstructor::finishCreation):
3288         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
3289         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
3290         (JSC::IntlCollatorConstructor::getConstructData):
3291         (JSC::IntlCollatorConstructor::getCallData):
3292         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
3293         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3294         (JSC::IntlCollatorConstructor::visitChildren):
3295         * runtime/IntlCollatorConstructor.h: Added.
3296         (JSC::IntlCollatorConstructor::collatorStructure):
3297         * runtime/IntlCollatorPrototype.cpp: Added.
3298         (JSC::IntlCollatorPrototype::create):
3299         (JSC::IntlCollatorPrototype::createStructure):
3300         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
3301         (JSC::IntlCollatorPrototype::finishCreation):
3302         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
3303         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
3304         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3305         * runtime/IntlCollatorPrototype.h: Added.
3306         * runtime/IntlDateTimeFormat.cpp: Added.
3307         (JSC::IntlDateTimeFormat::create):
3308         (JSC::IntlDateTimeFormat::createStructure):
3309         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
3310         (JSC::IntlDateTimeFormat::finishCreation):
3311         (JSC::IntlDateTimeFormat::destroy):
3312         (JSC::IntlDateTimeFormat::visitChildren):
3313         (JSC::IntlDateTimeFormat::setBoundFormat):
3314         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
3315         * runtime/IntlDateTimeFormat.h: Added.
3316         (JSC::IntlDateTimeFormat::constructor):
3317         (JSC::IntlDateTimeFormat::boundFormat):
3318         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
3319         (JSC::IntlDateTimeFormatConstructor::create):
3320         (JSC::IntlDateTimeFormatConstructor::createStructure):
3321         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
3322         (JSC::IntlDateTimeFormatConstructor::finishCreation):
3323         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3324         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3325         (JSC::IntlDateTimeFormatConstructor::getConstructData):
3326         (JSC::IntlDateTimeFormatConstructor::getCallData):
3327         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
3328         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3329         (JSC::IntlDateTimeFormatConstructor::visitChildren):
3330         * runtime/IntlDateTimeFormatConstructor.h: Added.
3331         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
3332         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
3333         (JSC::IntlDateTimeFormatPrototype::create):
3334         (JSC::IntlDateTimeFormatPrototype::createStructure):
3335         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
3336         (JSC::IntlDateTimeFormatPrototype::finishCreation):
3337         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
3338         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
3339         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3340         * runtime/IntlDateTimeFormatPrototype.h: Added.
3341         * runtime/IntlNumberFormat.cpp: Added.
3342         (JSC::IntlNumberFormat::create):
3343         (JSC::IntlNumberFormat::createStructure):
3344         (JSC::IntlNumberFormat::IntlNumberFormat):
3345         (JSC::IntlNumberFormat::finishCreation):
3346         (JSC::IntlNumberFormat::destroy):
3347         (JSC::IntlNumberFormat::visitChildren):
3348         (JSC::IntlNumberFormat::setBoundFormat):
3349         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
3350         * runtime/IntlNumberFormat.h: Added.
3351         (JSC::IntlNumberFormat::constructor):
3352         (JSC::IntlNumberFormat::boundFormat):
3353         * runtime/IntlNumberFormatConstructor.cpp: Added.
3354         (JSC::IntlNumberFormatConstructor::create):
3355         (JSC::IntlNumberFormatConstructor::createStructure):
3356         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
3357         (JSC::IntlNumberFormatConstructor::finishCreation):
3358         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3359         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3360         (JSC::IntlNumberFormatConstructor::getConstructData):
3361         (JSC::IntlNumberFormatConstructor::getCallData):
3362         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
3363         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3364         (JSC::IntlNumberFormatConstructor::visitChildren):
3365         * runtime/IntlNumberFormatConstructor.h: Added.
3366         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
3367         * runtime/IntlNumberFormatPrototype.cpp: Added.
3368         (JSC::IntlNumberFormatPrototype::create):
3369         (JSC::IntlNumberFormatPrototype::createStructure):
3370         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
3371         (JSC::IntlNumberFormatPrototype::finishCreation):
3372         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
3373         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
3374         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3375         * runtime/IntlNumberFormatPrototype.h: Added.
3376         * runtime/IntlObject.cpp:
3377         (JSC::IntlObject::create):
3378         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
3379         (JSC::IntlObject::visitChildren):
3380         * runtime/IntlObject.h:
3381         (JSC::IntlObject::collatorConstructor):
3382         (JSC::IntlObject::collatorPrototype):
3383         (JSC::IntlObject::collatorStructure):
3384         (JSC::IntlObject::numberFormatConstructor):
3385         (JSC::IntlObject::numberFormatPrototype):
3386         (JSC::IntlObject::numberFormatStructure):
3387         (JSC::IntlObject::dateTimeFormatConstructor):
3388         (JSC::IntlObject::dateTimeFormatPrototype):
3389         (JSC::IntlObject::dateTimeFormatStructure):
3390         * runtime/JSGlobalObject.cpp:
3391         (JSC::JSGlobalObject::init):
3392
3393 2015-07-29  Commit Queue  <commit-queue@webkit.org>
3394
3395         Unreviewed, rolling out r187550.
3396         https://bugs.webkit.org/show_bug.cgi?id=147420
3397
3398         Broke Windows build (again) (Requested by smfr on #webkit).
3399
3400         Reverted changeset:
3401
3402         "Implement WebAssembly module parser"
3403         https://bugs.webkit.org/show_bug.cgi?id=147293
3404         http://trac.webkit.org/changeset/187550
3405
3406 2015-07-29  Basile Clement  <basile_clement@apple.com>
3407
3408         Remove native call inlining
3409         https://bugs.webkit.org/show_bug.cgi?id=147417
3410
3411         Rubber Stamped by Filip Pizlo.
3412
3413         * CMakeLists.txt:
3414         * dfg/DFGAbstractInterpreterInlines.h:
3415         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
3416         * dfg/DFGByteCodeParser.cpp:
3417         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
3418         * dfg/DFGClobberize.h:
3419         (JSC::DFG::clobberize): Deleted.
3420         * dfg/DFGDoesGC.cpp:
3421         (JSC::DFG::doesGC): Deleted.
3422         * dfg/DFGFixupPhase.cpp:
3423         (JSC::DFG::FixupPhase::fixupNode): Deleted.
3424         * dfg/DFGNode.h:
3425         (JSC::DFG::Node::hasHeapPrediction): Deleted.
3426         (JSC::DFG::Node::hasCellOperand): Deleted.
3427         * dfg/DFGNodeType.h:
3428         * dfg/DFGPredictionPropagationPhase.cpp:
3429         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
3430         * dfg/DFGSafeToExecute.h:
3431         (JSC::DFG::safeToExecute): Deleted.
3432         * dfg/DFGSpeculativeJIT32_64.cpp:
3433         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3434         * dfg/DFGSpeculativeJIT64.cpp:
3435         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3436         * ftl/FTLCapabilities.cpp:
3437         (JSC::FTL::canCompile): Deleted.
3438         * ftl/FTLLowerDFGToLLVM.cpp:
3439         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
3440         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
3441         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
3442         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
3443         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
3444         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
3445         * ftl/FTLState.cpp:
3446         (JSC::FTL::State::State): Deleted.
3447         * ftl/FTLState.h:
3448         * runtime/BundlePath.cpp: Removed.
3449         (JSC::bundlePath): Deleted.
3450         * runtime/JSDataViewPrototype.cpp:
3451         (JSC::getData):
3452         (JSC::setData):
3453         * runtime/Options.h:
3454
3455 2015-07-29  Basile Clement  <basile_clement@apple.com>
3456
3457         Unreviewed, skipping a test that is too complex for its own good
3458         https://bugs.webkit.org/show_bug.cgi?id=147167
3459
3460         * tests/stress/math-pow-coherency.js:
3461
3462 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3463
3464         Implement WebAssembly module parser
3465         https://bugs.webkit.org/show_bug.cgi?id=147293
3466
3467         Reviewed by Mark Lam.
3468
3469         Reupload the patch, since r187539 should fix the "Cannot open include file:
3470         'JSWASMModule.h'" issue in the Windows build.
3471
3472         * CMakeLists.txt:
3473         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3474         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3475         * JavaScriptCore.xcodeproj/project.pbxproj:
3476         * jsc.cpp:
3477         (GlobalObject::finishCreation):
3478         (functionLoadWebAssembly):
3479         * parser/SourceProvider.h:
3480         (JSC::WebAssemblySourceProvider::create):
3481         (JSC::WebAssemblySourceProvider::data):
3482         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3483         * runtime/JSGlobalObject.cpp:
3484         (JSC::JSGlobalObject::init):
3485         (JSC::JSGlobalObject::visitChildren):
3486         * runtime/JSGlobalObject.h:
3487         (JSC::JSGlobalObject::wasmModuleStructure):
3488         * wasm/WASMMagicNumber.h: Added.
3489         * wasm/WASMModuleParser.cpp: Added.
3490         (JSC::WASMModuleParser::WASMModuleParser):
3491         (JSC::WASMModuleParser::parse):
3492         (JSC::WASMModuleParser::parseModule):
3493         (JSC::parseWebAssembly):
3494         * wasm/WASMModuleParser.h: Added.
3495         * wasm/WASMReader.cpp: Added.
3496         (JSC::WASMReader::readUnsignedInt32):
3497         (JSC::WASMReader::readFloat):
3498         (JSC::WASMReader::readDouble):
3499         * wasm/WASMReader.h: Added.
3500         (JSC::WASMReader::WASMReader):
3501
3502 2015-07-29  Basile Clement  <basile_clement@apple.com>
3503
3504         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
3505         https://bugs.webkit.org/show_bug.cgi?id=147167
3506
3507         * tests/stress/math-pow-coherency.js:
3508
3509 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3510
3511         Add the "wasm" directory to Visual Studio project files
3512         https://bugs.webkit.org/show_bug.cgi?id=147400
3513
3514         Reviewed by Simon Fraser.
3515
3516         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
3517         in the Windows build.
3518
3519         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3520         * JavaScriptCore.vcxproj/copy-files.cmd:
3521
3522 2015-07-28  Commit Queue  <commit-queue@webkit.org>
3523
3524         Unreviewed, rolling out r187531.
3525         https://bugs.webkit.org/show_bug.cgi?id=147397
3526
3527         Broke Windows bild (Requested by smfr on #webkit).
3528
3529         Reverted changeset:
3530
3531         "Implement WebAssembly module parser"
3532         https://bugs.webkit.org/show_bug.cgi?id=147293
3533         http://trac.webkit.org/changeset/187531
3534
3535 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
3536
3537         Speed up the Stringifier::toJSON() fast case
3538         https://bugs.webkit.org/show_bug.cgi?id=147383
3539
3540         Reviewed by Andreas Kling.
3541
3542         * runtime/JSONObject.cpp:
3543         (JSC::Stringifier::toJSON):
3544         (JSC::Stringifier::toJSONImpl):
3545
3546 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3547
3548         Implement WebAssembly module parser
3549         https://bugs.webkit.org/show_bug.cgi?id=147293
3550
3551         Reviewed by Geoffrey Garen.
3552
3553         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3554         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3555         the magic number at the beginning of the files. Parsing of the rest will be
3556         implemented in a subsequent patch.
3557
3558         * CMakeLists.txt:
3559         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3560         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3561         * JavaScriptCore.xcodeproj/project.pbxproj:
3562         * jsc.cpp:
3563         (GlobalObject::finishCreation):
3564         (functionLoadWebAssembly):
3565         * parser/SourceProvider.h:
3566         (JSC::WebAssemblySourceProvider::create):
3567         (JSC::WebAssemblySourceProvider::data):
3568         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3569         * runtime/JSGlobalObject.cpp:
3570         (JSC::JSGlobalObject::init):
3571         (JSC::JSGlobalObject::visitChildren):
3572         * runtime/JSGlobalObject.h:
3573         (JSC::JSGlobalObject::wasmModuleStructure):
3574         * wasm/WASMMagicNumber.h: Added.
3575         * wasm/WASMModuleParser.cpp: Added.
3576         (JSC::WASMModuleParser::WASMModuleParser):
3577         (JSC::WASMModuleParser::parse):
3578         (JSC::WASMModuleParser::parseModule):
3579         (JSC::parseWebAssembly):
3580         * wasm/WASMModuleParser.h: Added.
3581         * wasm/WASMReader.cpp: Added.
3582         (JSC::WASMReader::readUnsignedInt32):
3583         (JSC::WASMReader::readFloat):
3584         (JSC::WASMReader::readDouble):
3585         * wasm/WASMReader.h: Added.
3586         (JSC::WASMReader::WASMReader):
3587
3588 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
3589
3590         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
3591         https://bugs.webkit.org/show_bug.cgi?id=147350
3592
3593         Reviewed by Sam Weinig.
3594
3595         * Configurations/FeatureDefines.xcconfig:
3596
3597 2015-07-28  Saam barati  <saambarati1@gmail.com>
3598
3599         Make the type profiler work with lexical scoping and add tests
3600         https://bugs.webkit.org/show_bug.cgi?id=145438
3601
3602         Reviewed by Geoffrey Garen.
3603
3604         op_profile_type now knows how to resolve variables allocated within
3605         the local scope stack. This means it knows how to resolve "let"
3606         and "const" variables. Also, some refactoring was done inside
3607         the BytecodeGenerator to make writing code to support the type
3608         profiler much simpler and clearer.
3609
3610         * bytecode/CodeBlock.cpp:
3611         (JSC::CodeBlock::CodeBlock):
3612         * bytecode/CodeBlock.h:
3613         (JSC::CodeBlock::symbolTable): Deleted.
3614         * bytecode/UnlinkedCodeBlock.h:
3615         (JSC::UnlinkedCodeBlock::addExceptionHandler):
3616         (JSC::UnlinkedCodeBlock::exceptionHandler):
3617         (JSC::UnlinkedCodeBlock::vm):
3618         (JSC::UnlinkedCodeBlock::addArrayProfile):
3619         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
3620         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
3621         * bytecompiler/BytecodeGenerator.cpp:
3622         (JSC::BytecodeGenerator::BytecodeGenerator):
3623         (JSC::BytecodeGenerator::emitMove):
3624         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
3625         (JSC::BytecodeGenerator::emitProfileType):
3626         (JSC::BytecodeGenerator::emitProfileControlFlow):
3627         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3628         * bytecompiler/BytecodeGenerator.h:
3629         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3630         * bytecompiler/NodesCodegen.cpp:
3631         (JSC::ThisNode::emitBytecode):
3632         (JSC::ResolveNode::emitBytecode):
3633         (JSC::BracketAccessorNode::emitBytecode):
3634         (JSC::DotAccessorNode::emitBytecode):
3635         (JSC::FunctionCallValueNode::emitBytecode):
3636         (JSC::FunctionCallResolveNode::emitBytecode):
3637         (JSC::FunctionCallBracketNode::emitBytecode):
3638         (JSC::FunctionCallDotNode::emitBytecode):
3639         (JSC::CallFunctionCallDotNode::emitBytecode):
3640         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3641         (JSC::PostfixNode::emitResolve):
3642         (JSC::PostfixNode::emitBracket):
3643         (JSC::PostfixNode::emitDot):
3644         (JSC::PrefixNode::emitResolve):
3645         (JSC::PrefixNode::emitBracket):
3646         (JSC::PrefixNode::emitDot):
3647         (JSC::ReadModifyResolveNode::emitBytecode):
3648         (JSC::AssignResolveNode::emitBytecode):
3649         (JSC::AssignDotNode::emitBytecode):
3650         (JSC::ReadModifyDotNode::emitBytecode):
3651         (JSC::AssignBracketNode::emitBytecode):
3652         (JSC::ReadModifyBracketNode::emitBytecode):
3653         (JSC::EmptyVarExpression::emitBytecode):
3654         (JSC::EmptyLetExpression::emitBytecode):
3655         (JSC::ForInNode::emitLoopHeader):
3656         (JSC::ForOfNode::emitBytecode):
3657         (JSC::ReturnNode::emitBytecode):
3658         (JSC::FunctionNode::emitBytecode):
3659         (JSC::BindingNode::bindValue):
3660         * dfg/DFGSpeculativeJIT32_64.cpp:
3661         (JSC::DFG::SpeculativeJIT::compile):
3662         * dfg/DFGSpeculativeJIT64.cpp:
3663         (JSC::DFG::SpeculativeJIT::compile):
3664         * jit/JITOpcodes.cpp:
3665         (JSC::JIT::emit_op_profile_type):
3666         * jit/JITOpcodes32_64.cpp:
3667         (JSC::JIT::emit_op_profile_type):
3668         * llint/LowLevelInterpreter32_64.asm:
3669         * llint/LowLevelInterpreter64.asm:
3670         * tests/typeProfiler/es6-block-scoping.js: Added.
3671         (noop):
3672         (arr):
3673         (wrapper.changeFoo):
3674         (wrapper.scoping):
3675         (wrapper.scoping2):
3676         (wrapper):
3677         * tests/typeProfiler/es6-classes.js: Added.
3678         (noop):
3679         (wrapper.Animal):
3680         (wrapper.Animal.prototype.methodA):
3681         (wrapper.Dog):
3682         (wrapper.Dog.prototype.methodB):
3683         (wrapper):
3684
3685 2015-07-28  Saam barati  <saambarati1@gmail.com>
3686
3687         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
3688         https://bugs.webkit.org/show_bug.cgi?id=146979
3689
3690         Reviewed by Geoffrey Garen.
3691
3692         Now that BytecodeGenerator has a notion of local scope depth,
3693         we can easily implement a catch scope that doesn't claim that
3694         all variables are dynamically scoped. This means that functions
3695         that use try/catch can have local variable resolution. This also
3696         means that all functions that use try/catch don't have all
3697         their variables marked as being captured.
3698
3699         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
3700         single variable. Catch scopes are now just JSLexicalEnvironments and the 
3701         symbol table backing the catch scope knows that it corresponds to a catch scope.
3702
3703         * CMakeLists.txt:
3704         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3705         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3706         * JavaScriptCore.xcodeproj/project.pbxproj:
3707         * bytecode/CodeBlock.cpp:
3708         (JSC::CodeBlock::dumpBytecode):
3709         * bytecode/EvalCodeCache.h:
3710         (JSC::EvalCodeCache::isCacheable):
3711         * bytecompiler/BytecodeGenerator.cpp:
3712         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3713         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3714         (JSC::BytecodeGenerator::pushLexicalScope):
3715         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3716         (JSC::BytecodeGenerator::popLexicalScope):
3717         (JSC::BytecodeGenerator::popLexicalScopeInternal):
3718         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3719         (JSC::BytecodeGenerator::variable):
3720         (JSC::BytecodeGenerator::resolveType):
3721         (JSC::BytecodeGenerator::emitResolveScope):
3722         (JSC::BytecodeGenerator::emitPopScope):
3723         (JSC::BytecodeGenerator::emitPopWithScope):
3724         (JSC::BytecodeGenerator::emitDebugHook):
3725         (JSC::BytecodeGenerator::popScopedControlFlowContext):
3726         (JSC::BytecodeGenerator::emitPushCatchScope):
3727         (JSC::BytecodeGenerator::emitPopCatchScope):
3728         (JSC::BytecodeGenerator::beginSwitch):
3729         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
3730         * bytecompiler/BytecodeGenerator.h:
3731         (JSC::BytecodeGenerator::lastOpcodeID):
3732         * bytecompiler/NodesCodegen.cpp:
3733         (JSC::AssignResolveNode::emitBytecode):
3734         (JSC::WithNode::emitBytecode):
3735         (JSC::TryNode::emitBytecode):
3736         * debugger/DebuggerScope.cpp:
3737         (JSC::DebuggerScope::isCatchScope):
3738         (JSC::DebuggerScope::isFunctionNameScope):
3739         (JSC::DebuggerScope::isFunctionOrEvalScope):
3740         (JSC::DebuggerScope::caughtValue):
3741         * debugger/DebuggerScope.h:
3742         * inspector/ScriptDebugServer.cpp:
3743         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
3744         * interpreter/Interpreter.cpp:
3745         (JSC::Interpreter::execute):
3746         * jit/JITOpcodes.cpp:
3747         (JSC::JIT::emit_op_push_name_scope):
3748         * jit/JITOpcodes32_64.cpp:
3749         (JSC::JIT::emit_op_push_name_scope):
3750         * jit/JITOperations.cpp:
3751         * jit/JITOperations.h:
3752         * parser/ASTBuilder.h:
3753         (JSC::ASTBuilder::createContinueStatement):
3754         (JSC::ASTBuilder::createTryStatement):
3755         * parser/NodeConstructors.h:
3756         (JSC::ThrowNode::ThrowNode):
3757         (JSC::TryNode::TryNode):
3758         (JSC::FunctionParameters::FunctionParameters):
3759         * parser/Nodes.h:
3760         * parser/Parser.cpp:
3761         (JSC::Parser<LexerType>::parseTryStatement):
3762         * parser/SyntaxChecker.h:
3763         (JSC::SyntaxChecker::createBreakStatement):
3764         (JSC::SyntaxChecker::createContinueStatement):
3765         (JSC::SyntaxChecker::createTryStatement):
3766         (JSC::SyntaxChecker::createSwitchStatement):
3767         (JSC::SyntaxChecker::createWhileStatement):
3768         (JSC::SyntaxChecker::createWithStatement):
3769         * runtime/JSCatchScope.cpp:
3770         * runtime/JSCatchScope.h:
3771         (JSC::JSCatchScope::JSCatchScope): Deleted.
3772         (JSC::JSCatchScope::create): Deleted.
3773         (JSC::JSCatchScope::createStructure): Deleted.
3774         * runtime/JSFunctionNameScope.h:
3775         (JSC::JSFunctionNameScope::JSFunctionNameScope):
3776         * runtime/JSGlobalObject.cpp:
3777         (JSC::JSGlobalObject::init):
3778         (JSC::JSGlobalObject::visitChildren):
3779         * runtime/JSGlobalObject.h:
3780         (JSC::JSGlobalObject::withScopeStructure):
3781         (JSC::JSGlobalObject::strictEvalActivationStructure):
3782         (JSC::JSGlobalObject::activationStructure):
3783         (JSC::JSGlobalObject::functionNameScopeStructure):
3784         (JSC::JSGlobalObject::directArgumentsStructure):
3785         (JSC::JSGlobalObject::scopedArgumentsStructure):
3786         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
3787         * runtime/JSNameScope.cpp:
3788         (JSC::JSNameScope::create):
3789         (JSC::JSNameScope::toThis):
3790         * runtime/JSNameScope.h:
3791         * runtime/JSObject.cpp:
3792         (JSC::JSObject::toThis):
3793         (JSC::JSObject::isFunctionNameScopeObject):
3794         (JSC::JSObject::isCatchScopeObject): Deleted.
3795         * runtime/JSObject.h:
3796         * runtime/JSScope.cpp:
3797         (JSC::JSScope::collectVariablesUnderTDZ):
3798         (JSC::JSScope::isLexicalScope):
3799         (JSC::JSScope::isCatchScope):
3800         (JSC::resolveModeName):
3801         * runtime/JSScope.h:
3802         * runtime/SymbolTable.cpp:
3803         (JSC::SymbolTable::SymbolTable):
3804         (JSC::SymbolTable::cloneScopePart):
3805         * runtime/SymbolTable.h:
3806         * tests/stress/const-semantics.js:
3807         (.):
3808
3809 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3810
3811         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
3812         https://bugs.webkit.org/show_bug.cgi?id=147373
3813
3814         Reviewed by Mark Lam.
3815
3816         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
3817         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
3818         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
3819
3820         When converting a GetByVal to GetStack, there are three possibilities:
3821
3822         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
3823            know to have stored to the stack. For example, if we inline a function that does
3824            "arguments[42]" at a call that passes no arguments.
3825
3826         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
3827            can happen for "arguments[42]" with no inline call frame (since we don't know statically
3828            how many arguments we will be passed) or in a varargs call frame.
3829
3830         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
3831            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
3832            frame, and we know that the caller passed 42 or more arguments.
3833
3834         The way the phase handles this is it first determines that we're not in case (1). This is
3835         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
3836         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
3837         is in-bounds (i.e. case (3)).
3838
3839         But the phase was again doing a check for whether the index is in-bounds for non-varargs
3840         inline call frames even when safeToGetStack was true. That check is redundant and should be
3841         eliminated, since it makes the code confusing.
3842
3843         * dfg/DFGArgumentsEliminationPhase.cpp:
3844
3845 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3846
3847         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
3848         https://bugs.webkit.org/show_bug.cgi?id=147371
3849
3850         Reviewed by Mark Lam.
3851
3852         Two fixes:
3853
3854         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
3855           using ConflictingFlush for arguments.
3856
3857         - Assert that a GetStack never sees ConflictingFlush.
3858
3859         * dfg/DFGPutStackSinkingPhase.cpp:
3860
3861 2015-07-28  Basile Clement  <basile_clement@apple.com>
3862
3863         Misleading error message: "At least one digit must occur after a decimal point"
3864         https://bugs.webkit.org/show_bug.cgi?id=146238
3865
3866         Reviewed by Geoffrey Garen.
3867
3868         Interestingly, we had a comment explaining what this error message was
3869         about that is much clearer than the error message itself. This patch
3870         simply replaces the error message with the explanation from the
3871         comment.
3872
3873         * parser/Lexer.cpp:
3874         (JSC::Lexer<T>::lex):
3875
3876 2015-07-28  Basile Clement  <basile_clement@apple.com>
3877
3878         Simplify call linking
3879         https://bugs.webkit.org/show_bug.cgi?id=147363
3880
3881         Reviewed by Filip Pizlo.
3882
3883         Previously, we were passing both the CallLinkInfo and a
3884         (CodeSpecializationKind, RegisterPreservationMode) pair to the
3885         different call linking slow paths. However, the CallLinkInfo already
3886         has all of that information, and we don't gain anything by having them
3887         in additional static parameters - except possibly a very small
3888         performance gain in presence of inlining. However since those are
3889         already slow paths, this performance loss (if it exists) will not be
3890         visible in practice.
3891
3892         This patch removes the various specialized thunks and JIT operations
3893         for regular and polymorphic call linking with a single thunk and
3894         operation for each case. Moreover, it removes the four specialized
3895         virtual call thunks and operations with one virtual call thunk for each
3896         call link info, allowing for better branch prediction by the CPU and
3897         fixing a pre-existing FIXME.
3898
3899         * bytecode/CallLinkInfo.cpp:
3900         (JSC::CallLinkInfo::unlink):
3901         (JSC::CallLinkInfo::dummy): Deleted.
3902         * bytecode/CallLinkInfo.h:
3903         (JSC::CallLinkInfo::CallLinkInfo):
3904         (JSC::CallLinkInfo::registerPreservationMode):
3905         (JSC::CallLinkInfo::setUpCallFromFTL):
3906         (JSC::CallLinkInfo::setSlowStub):
3907         (JSC::CallLinkInfo::clearSlowStub):
3908         (JSC::CallLinkInfo::slowStub):
3909         * dfg/DFGDriver.cpp:
3910         (JSC::DFG::compileImpl):
3911         * dfg/DFGJITCompiler.cpp:
3912         (JSC::DFG::JITCompiler::link):
3913         * ftl/FTLJSCallBase.cpp: