Web Inspector: sort probe details sidebar sections by source code location string
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-25  Csaba Osztrogonác  <ossy@webkit.org>
2
3         Remove WinCE port from trunk
4         https://bugs.webkit.org/show_bug.cgi?id=136951
5
6         Reviewed by Alex Christensen.
7
8         * assembler/ARMAssembler.h:
9         (JSC::ARMAssembler::cacheFlush):
10         * assembler/ARMv7Assembler.h:
11         (JSC::ARMv7Assembler::cacheFlush):
12         * config.h:
13         * heap/MachineStackMarker.cpp:
14         (JSC::MachineThreads::gatherFromCurrentThread):
15         (JSC::MachineThreads::gatherFromOtherThread):
16         (JSC::swapIfBackwards): Deleted.
17         * jit/ExecutableAllocator.h:
18         * jsc.cpp:
19         (main):
20         * runtime/DateConstructor.cpp:
21         * runtime/Options.cpp:
22         (JSC::overrideOptionWithHeuristic):
23         * runtime/VM.cpp:
24         (JSC::VM::VM):
25         * testRegExp.cpp:
26         (main):
27         * tools/CodeProfiling.cpp:
28         (JSC::CodeProfiling::notifyAllocator):
29
30 2014-09-24  Brian J. Burg  <burg@cs.washington.edu>
31
32         Web Inspector: subtract elapsed time while debugger is paused from profile nodes
33         https://bugs.webkit.org/show_bug.cgi?id=136796
34
35         Reviewed by Timothy Hatcher.
36
37         Rather than accruing no time to any profile node created while the debugger is paused,
38         we can instead count a node's elapsed time and exclude time elapsed while paused.
39
40         Time for a node may elapse in a non-contiguous fashion depending on the interleaving of
41         didPause, didContinue, willExecute, and didExecute. A node's start time is set to the
42         start of the last such interval that accrues elapsed time.
43
44         * profiler/ProfileGenerator.cpp:
45         (JSC::ProfileGenerator::ProfileGenerator):
46         (JSC::ProfileGenerator::beginCallEntry):
47         (JSC::ProfileGenerator::endCallEntry):
48         (JSC::ProfileGenerator::didPause): Added.
49         (JSC::ProfileGenerator::didContinue): Added.
50         * profiler/ProfileGenerator.h:
51         (JSC::ProfileGenerator::didPause): Deleted.
52         (JSC::ProfileGenerator::didContinue): Deleted.
53         * profiler/ProfileNode.h: Rename totalTime to elapsedTime.
54         (JSC::ProfileNode::Call::Call):
55         (JSC::ProfileNode::Call::elapsedTime): Added.
56         (JSC::ProfileNode::Call::setElapsedTime): Added.
57         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
58         (JSC::ProfileNode::Call::totalTime): Deleted.
59         (JSC::ProfileNode::Call::setTotalTime): Deleted.
60
61 2014-09-24  Commit Queue  <commit-queue@webkit.org>
62
63         Unreviewed, rolling out r173839.
64         https://bugs.webkit.org/show_bug.cgi?id=137062
65
66         NumberConstruct should no longer use static tables (Requested
67         by dpino on #webkit).
68
69         Reverted changeset:
70
71         "Simple ES6 feature: Number constructor extras"
72         https://bugs.webkit.org/show_bug.cgi?id=131707
73         http://trac.webkit.org/changeset/173839
74
75 2014-09-23  Mark Lam  <mark.lam@apple.com>
76
77         DebuggerCallFrame::invalidate() should invalidate all DebuggerScope chains.
78         <https://webkit.org/b/137045>
79
80         Reviewed by Geoffrey Garen.
81
82         DebuggerCallFrame::invalidate() currently invalidates all DebuggerCallFrames
83         in the debugger stack, but only invalidates the DebuggerScope chain of the
84         top most frame.  We should also invalidate all the DebuggerScope chains of
85         the other frames in the debugger stack.
86
87         * debugger/DebuggerCallFrame.cpp:
88         (JSC::DebuggerCallFrame::invalidate):
89         * debugger/DebuggerScope.cpp:
90         (JSC::DebuggerScope::invalidateChain):
91
92 2014-09-23  Mark Lam  <mark.lam@apple.com>
93
94         Renamed DebuggerCallFrameScope to DebuggerPausedScope.
95         <https://webkit.org/b/137042>
96
97         Reviewed by Michael Saboff.
98
99         DebuggerPausedScope is a better name for this data structure because it
100         is meant for tracking the period within which the debugger is paused,
101         and doing clean ups after the pause ends.
102
103         * debugger/Debugger.cpp:
104         (JSC::DebuggerPausedScope::DebuggerPausedScope):
105         (JSC::DebuggerPausedScope::~DebuggerPausedScope):
106         (JSC::Debugger::pauseIfNeeded):
107         (JSC::DebuggerCallFrameScope::DebuggerCallFrameScope): Deleted.
108         (JSC::DebuggerCallFrameScope::~DebuggerCallFrameScope): Deleted.
109         * debugger/Debugger.h:
110         * debugger/DebuggerCallFrame.h:
111
112 2014-09-23  Tomas Popela  <tpopela@redhat.com>
113
114         [CLoop] - Fix CLoop on the 32-bit Big-Endians
115         https://bugs.webkit.org/show_bug.cgi?id=137020
116
117         Reviewed by Mark Lam.
118
119         * llint/LowLevelInterpreter.asm:
120         * llint/LowLevelInterpreter32_64.asm:
121
122 2014-09-23  Joseph Pecoraro  <pecoraro@apple.com>
123
124         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
125         https://bugs.webkit.org/show_bug.cgi?id=136893
126
127         Reviewed by Timothy Hatcher.
128
129         Adds new remote inspector protocol handling for automatic inspection.
130         Debuggers can signal they have enabled automatic inspection, and
131         when debuggables are created the current application will pause to
132         see if the debugger will inspect or decline to inspect the debuggable.
133
134         * inspector/remote/RemoteInspectorConstants.h:
135         * inspector/remote/RemoteInspector.h:
136         * inspector/remote/RemoteInspector.mm:
137         (Inspector::globalAutomaticInspectionState):
138         (Inspector::RemoteInspector::RemoteInspector):
139         (Inspector::RemoteInspector::start):
140         When first starting, check the global "is there an auto-inspect" debugger state.
141         This is necessary so that the current application knows if it should pause or
142         not when a debuggable is created, even without having connected to webinspectord yet.
143
144         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
145         When a debuggable has enabled remote inspection, take this path to propose
146         it as an automatic inspection candidate if there is an auto-inspect debugger.
147
148         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
149         Send the automatic inspection candidate message.
150
151         (Inspector::RemoteInspector::receivedSetupMessage):
152         (Inspector::RemoteInspector::setupFailed):
153         (Inspector::RemoteInspector::setupSucceeded):
154         After attempting to open an inspector, unpause if it was for the
155         automatic inspection candidate.
156
157         (Inspector::RemoteInspector::waitingForAutomaticInspection):
158         When running a nested runloop, check if we should remain paused.
159
160         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
161         If by the time we connect to webinspectord we have a candidate, then
162         immediately send the candidate message.
163
164         (Inspector::RemoteInspector::stopInternal):
165         (Inspector::RemoteInspector::xpcConnectionFailed):
166         In error cases, clear our state.
167
168         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
169         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
170         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
171         Update state when receiving new messages.
172
173
174         * inspector/remote/RemoteInspectorDebuggable.h:
175         * inspector/remote/RemoteInspectorDebuggable.cpp:
176         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
177         Special case when a debuggable is newly allowed to be debuggable.
178
179         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
180         Run a nested run loop while this is an automatic inspection candidate.
181
182         * inspector/JSGlobalObjectInspectorController.h:
183         * inspector/JSGlobalObjectInspectorController.cpp:
184         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
185         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
186         When the inspector starts via automatic inspection automatically pause.
187         We plan on removing this condition by having the frontend signal to the
188         backend when it is completely initialized.
189         
190         * inspector/remote/RemoteInspectorDebuggableConnection.h:
191         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
192         (Inspector::RemoteInspectorDebuggableConnection::setup):
193         Pass on the flag of whether or not this was automatic inspection.
194
195         * runtime/JSGlobalObjectDebuggable.h:
196         * runtime/JSGlobalObjectDebuggable.cpp:
197         (JSC::JSGlobalObjectDebuggable::connect):
198         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
199         When pausing in a JSGlobalObject we need to release the API lock.
200
201 2014-09-22  Filip Pizlo  <fpizlo@apple.com>
202
203         FTL allocatePropertyStorage code should involve less copy-paste
204         https://bugs.webkit.org/show_bug.cgi?id=137006
205
206         Reviewed by Michael Saboff.
207
208         * ftl/FTLLowerDFGToLLVM.cpp:
209         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
210         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
211         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorageWithSizeImpl):
212
213 2014-09-22  Diego Pino Garcia  <dpino@igalia.com>
214
215         Simple ES6 feature: Number constructor extras
216         https://bugs.webkit.org/show_bug.cgi?id=131707
217
218         Reviewed by Darin Adler.
219
220         * runtime/CommonIdentifiers.h: Added new identifiers.
221         * runtime/NumberConstructor.cpp:
222         (JSC::NumberConstructor::getOwnPropertySlot):
223         (JSC::NumberConstructor::isFunction): Added.
224         (JSC::numberConstructorEpsilonValue): Added.
225         (JSC::numberConstructorNegInfinity): Added.
226         (JSC::numberConstructorPosInfinity): Added.
227         (JSC::numberConstructorMaxValue): Added.
228         (JSC::numberConstructorMinValue): Added.
229         (JSC::numberConstructorMaxSafeInteger): Added.
230         (JSC::numberConstructorMinSafeInteger): Added.
231         (JSC::numberConstructorFuncIsFinite): Added.
232         (JSC::numberConstructorFuncIsInteger): Added.
233         (JSC::numberConstructorFuncIsNaN): Added.
234         (JSC::numberConstructorFuncIsSafeInteger): Added.
235         * runtime/NumberConstructor.h:
236
237 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
238
239         FTL should store the four bytes of the cell header using a 32-bit store rather than four 8-bit stores
240         https://bugs.webkit.org/show_bug.cgi?id=136992
241
242         Reviewed by Sam Weinig.
243         
244         LLVM ought to be able to do this optimization for us given how the code was written, but
245         any such lower-level attempts to optimize this would get into trouble with the weird
246         object materialization logic I'll be introducing in bug 136330. So, this brings the
247         merging of the byte stores into the FTL lowering so that we can control it explicitly.
248
249         * ftl/FTLAbstractHeap.h:
250         (JSC::FTL::AbstractHeap::changeParent):
251         * ftl/FTLAbstractHeapRepository.cpp:
252         (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
253         * ftl/FTLAbstractHeapRepository.h:
254         * ftl/FTLLowerDFGToLLVM.cpp:
255         (JSC::FTL::LowerDFGToLLVM::allocateCell):
256
257 2014-09-21  Saam Barati  <saambarati1@gmail.com>
258
259         Web Inspector: fix TypeSet hierarchy in TypeTokenView
260         https://bugs.webkit.org/show_bug.cgi?id=136982
261
262         Reviewed by Joseph Pecoraro.
263
264         TypeSet was computing the set of type booleans in the Inspector::Protocol::Runtime::TypeSet 
265         object incorrectly because it was calling TypeSet::doesTypeConformTo(T) which checks if the 
266         type set has only been of type T. It now checks '(m_seenTypes & T) != TypeNothing' to see 
267         if type T is in the set of seen types, but not the entire set itself.
268
269         * runtime/TypeSet.cpp:
270         (JSC::TypeSet::inspectorTypeSet):
271
272 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
273
274         Structure should have a method for concurrently getting all of the property map entries, and this method shouldn't involve copy-paste
275         https://bugs.webkit.org/show_bug.cgi?id=136983
276
277         Reviewed by Mark Hahnenberg.
278
279         * runtime/PropertyMapHashTable.h:
280         (JSC::PropertyMapEntry::PropertyMapEntry): Moved PropertyMapEntry struct to Structure.h so that Structure can refer to it.
281         * runtime/Structure.cpp:
282         (JSC::Structure::getConcurrently): Switch to using the new forEachPropertyConcurrently() method.
283         (JSC::Structure::getPropertiesConcurrently): The subject of this patch. It will be useful for object allocation sinking (bug 136330).
284         (JSC::Structure::dump): Switch to using the new forEachPropertyConcurrently() method.
285         * runtime/Structure.h:
286         (JSC::PropertyMapEntry::PropertyMapEntry): Moved from PropertyMapHashTable.h.
287         * runtime/StructureInlines.h:
288         (JSC::Structure::forEachPropertyConcurrently): Capture this very common concurrent structure iteration pattern into a template method.
289
290 2014-09-21  Filip Pizlo  <fpizlo@apple.com>
291
292         Structure::getConcurrently() doesn't need to take a VM& argument.
293
294         Rubber stamped by Dan Bernstein.
295         
296         Removed the extra argument, and then removed similar arguments from other methods until
297         I could build successfully again. It turned out that many methods took a VM& argument
298         just for calling getConcurrently().
299
300         * bytecode/CodeBlock.cpp:
301         (JSC::dumpStructure):
302         (JSC::dumpChain):
303         (JSC::CodeBlock::printGetByIdCacheStatus):
304         (JSC::CodeBlock::printPutByIdCacheStatus):
305         * bytecode/ComplexGetStatus.cpp:
306         (JSC::ComplexGetStatus::computeFor):
307         * bytecode/GetByIdStatus.cpp:
308         (JSC::GetByIdStatus::computeFromLLInt):
309         (JSC::GetByIdStatus::computeForStubInfo):
310         (JSC::GetByIdStatus::computeFor):
311         * bytecode/GetByIdStatus.h:
312         * bytecode/PutByIdStatus.cpp:
313         (JSC::PutByIdStatus::computeFromLLInt):
314         (JSC::PutByIdStatus::computeForStubInfo):
315         (JSC::PutByIdStatus::computeFor):
316         * bytecode/PutByIdStatus.h:
317         * dfg/DFGAbstractInterpreterInlines.h:
318         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
319         * dfg/DFGByteCodeParser.cpp:
320         (JSC::DFG::ByteCodeParser::parseBlock):
321         * dfg/DFGConstantFoldingPhase.cpp:
322         (JSC::DFG::ConstantFoldingPhase::foldConstants):
323         * dfg/DFGFixupPhase.cpp:
324         (JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
325         * runtime/IntendedStructureChain.cpp:
326         (JSC::IntendedStructureChain::mayInterceptStoreTo):
327         * runtime/IntendedStructureChain.h:
328         * runtime/Structure.cpp:
329         (JSC::Structure::getConcurrently):
330         * runtime/Structure.h:
331         * runtime/StructureInlines.h:
332         (JSC::Structure::getConcurrently):
333
334 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
335
336         FTL OSRExit construction should be based on methods that return ExitValues rather than methods that add ExitValues to OSRExit
337         https://bugs.webkit.org/show_bug.cgi?id=136978
338
339         Reviewed by Dean Jackson.
340
341         * ftl/FTLLowerDFGToLLVM.cpp:
342         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
343         (JSC::FTL::LowerDFGToLLVM::exitValueForNode):
344         (JSC::FTL::LowerDFGToLLVM::exitArgument):
345         (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): Deleted.
346         (JSC::FTL::LowerDFGToLLVM::tryToSetConstantExitArgument): Deleted.
347         (JSC::FTL::LowerDFGToLLVM::addExitArgument): Deleted.
348
349 2014-09-20  Filip Pizlo  <fpizlo@apple.com>
350
351         FTL OSR exit should do reboxing and value recovery in the same pass
352         https://bugs.webkit.org/show_bug.cgi?id=136977
353
354         Reviewed by Oliver Hunt.
355         
356         It's conceptually simpler to have all of the logic in one place. After the
357         recover-and-rebox loop is done, all of the exit values are in the form that the baseline
358         JIT would want them to be in; the only remaining task is to move them into the right
359         place on the stack after we do all of the necessary stack adjustments.
360
361         * ftl/FTLOSRExitCompiler.cpp:
362         (JSC::FTL::compileStub):
363
364 2014-09-19  Filip Pizlo  <fpizlo@apple.com>
365
366         StorageAccessData should be referenced in a sensible way
367         https://bugs.webkit.org/show_bug.cgi?id=136963
368
369         Reviewed and rubber stamped by Michael Saboff.
370
371         * dfg/DFGAbstractInterpreterInlines.h:
372         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
373         * dfg/DFGByteCodeParser.cpp:
374         (JSC::DFG::ByteCodeParser::handleGetByOffset):
375         (JSC::DFG::ByteCodeParser::handlePutByOffset):
376         (JSC::DFG::ByteCodeParser::handlePutById):
377         * dfg/DFGClobberize.h:
378         (JSC::DFG::clobberize):
379         * dfg/DFGConstantFoldingPhase.cpp:
380         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
381         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
382         * dfg/DFGGraph.cpp:
383         (JSC::DFG::Graph::dump):
384         * dfg/DFGGraph.h:
385         * dfg/DFGNode.h:
386         (JSC::DFG::Node::convertToGetByOffset):
387         (JSC::DFG::Node::convertToPutByOffset):
388         (JSC::DFG::Node::storageAccessData):
389         (JSC::DFG::Node::storageAccessDataIndex): Deleted.
390         * dfg/DFGSafeToExecute.h:
391         (JSC::DFG::safeToExecute):
392         * dfg/DFGSpeculativeJIT32_64.cpp:
393         (JSC::DFG::SpeculativeJIT::compile):
394         * dfg/DFGSpeculativeJIT64.cpp:
395         (JSC::DFG::SpeculativeJIT::compile):
396         * ftl/FTLLowerDFGToLLVM.cpp:
397         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
398         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
399
400 2014-09-19  Ryosuke Niwa  <rniwa@webkit.org>
401
402         Leak of mallocs under StructureSet::OutOfLineList::create
403         https://bugs.webkit.org/show_bug.cgi?id=136970
404
405         Reviewed by Filip Pizlo.
406
407         addOutOfLine should free the old list when expanding the capacity.
408
409         * bytecode/StructureSet.cpp:
410         (JSC::StructureSet::addOutOfLine):
411
412 2014-09-19  Daniel Bates  <dabates@apple.com>
413
414         Always assume internal SDK when building configuration Production
415         https://bugs.webkit.org/show_bug.cgi?id=136925
416         <rdar://problem/18362399>
417
418         Reviewed by Dan Bernstein.
419
420         As a side effect of this change we will always enable ENABLE_TOUCH_EVENTS, ENABLE_IOS_{GESTURE, TOUCH}_EVENTS,
421         and ENABLE_XSLT when either building configuration Production or building with the Internal SDK.
422
423         * Configurations/Base.xcconfig:
424
425 2014-09-19  Diego Pino Garcia  <dpino@igalia.com>
426
427         Simple ES6 feature:String prototype additions
428         https://bugs.webkit.org/show_bug.cgi?id=131704
429
430         Reviewed by Darin Adler.
431
432         * runtime/StringPrototype.cpp:
433         (JSC::StringPrototype::finishCreation):
434         (JSC::stringProtoFuncStartsWith): Added.
435         (JSC::stringProtoFuncEndsWith): Added.
436         (JSC::stringProtoFuncContains): Added.
437
438 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
439
440         Unreviewed rollout r173731. Broke multiple builds.
441
442         * inspector/JSGlobalObjectInspectorController.cpp:
443         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
444         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
445         * inspector/JSGlobalObjectInspectorController.h:
446         * inspector/remote/RemoteInspector.h:
447         * inspector/remote/RemoteInspector.mm:
448         (Inspector::RemoteInspector::RemoteInspector):
449         (Inspector::RemoteInspector::setupFailed):
450         (Inspector::RemoteInspector::start):
451         (Inspector::RemoteInspector::stopInternal):
452         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
453         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
454         (Inspector::RemoteInspector::xpcConnectionFailed):
455         (Inspector::RemoteInspector::receivedSetupMessage):
456         (Inspector::globalAutomaticInspectionState): Deleted.
457         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate): Deleted.
458         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage): Deleted.
459         (Inspector::RemoteInspector::setupSucceeded): Deleted.
460         (Inspector::RemoteInspector::waitingForAutomaticInspection): Deleted.
461         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage): Deleted.
462         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage): Deleted.
463         * inspector/remote/RemoteInspectorConstants.h:
464         * inspector/remote/RemoteInspectorDebuggable.cpp:
465         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
466         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection): Deleted.
467         * inspector/remote/RemoteInspectorDebuggable.h:
468         * inspector/remote/RemoteInspectorDebuggableConnection.h:
469         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
470         (Inspector::RemoteInspectorDebuggableConnection::setup):
471         * runtime/JSGlobalObjectDebuggable.cpp:
472         (JSC::JSGlobalObjectDebuggable::connect):
473         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection): Deleted.
474         * runtime/JSGlobalObjectDebuggable.h:
475
476 2014-09-18  Joseph Pecoraro  <pecoraro@apple.com>
477
478         Web Inspector: Should be able to attach a debugger to a JSContext before anything is executed
479         https://bugs.webkit.org/show_bug.cgi?id=136893
480
481         Reviewed by Timothy Hatcher.
482
483         Adds new remote inspector protocol handling for automatic inspection.
484         Debuggers can signal they have enabled automatic inspection, and
485         when debuggables are created the current application will pause to
486         see if the debugger will inspect or decline to inspect the debuggable.
487
488         * inspector/remote/RemoteInspectorConstants.h:
489         * inspector/remote/RemoteInspector.h:
490         * inspector/remote/RemoteInspector.mm:
491         (Inspector::globalAutomaticInspectionState):
492         (Inspector::RemoteInspector::RemoteInspector):
493         (Inspector::RemoteInspector::start):
494         When first starting, check the global "is there an auto-inspect" debugger state.
495         This is necessary so that the current application knows if it should pause or
496         not when a debuggable is created, even without having connected to webinspectord yet.
497
498         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
499         When a debuggable has enabled remote inspection, take this path to propose
500         it as an automatic inspection candidate if there is an auto-inspect debugger.
501
502         (Inspector::RemoteInspector::sendAutomaticInspectionCandidateMessage):
503         Send the automatic inspection candidate message.
504
505         (Inspector::RemoteInspector::receivedSetupMessage):
506         (Inspector::RemoteInspector::setupFailed):
507         (Inspector::RemoteInspector::setupSucceeded):
508         After attempting to open an inspector, unpause if it was for the
509         automatic inspection candidate.
510
511         (Inspector::RemoteInspector::waitingForAutomaticInspection):
512         When running a nested runloop, check if we should remain paused.
513
514         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
515         If by the time we connect to webinspectord we have a candidate, then
516         immediately send the candidate message.
517
518         (Inspector::RemoteInspector::stopInternal):
519         (Inspector::RemoteInspector::xpcConnectionFailed):
520         In error cases, clear our state.
521
522         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
523         (Inspector::RemoteInspector::receivedAutomaticInspectionConfigurationMessage):
524         (Inspector::RemoteInspector::receivedAutomaticInspectionRejectMessage):
525         Update state when receiving new messages.
526
527
528         * inspector/remote/RemoteInspectorDebuggable.h:
529         * inspector/remote/RemoteInspectorDebuggable.cpp:
530         (Inspector::RemoteInspectorDebuggable::setRemoteDebuggingAllowed):
531         Special case when a debuggable is newly allowed to be debuggable.
532
533         (Inspector::RemoteInspectorDebuggable::pauseWaitingForAutomaticInspection):
534         Run a nested run loop while this is an automatic inspection candidate.
535
536         * inspector/JSGlobalObjectInspectorController.h:
537         * inspector/JSGlobalObjectInspectorController.cpp:
538         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
539         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
540         When the inspector starts via automatic inspection automatically pause.
541         We plan on removing this condition by having the frontend signal to the
542         backend when it is completely initialized.
543         
544         * inspector/remote/RemoteInspectorDebuggableConnection.h:
545         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
546         (Inspector::RemoteInspectorDebuggableConnection::setup):
547         Pass on the flag of whether or not this was automatic inspection.
548
549         * runtime/JSGlobalObjectDebuggable.h:
550         * runtime/JSGlobalObjectDebuggable.cpp:
551         (JSC::JSGlobalObjectDebuggable::connect):
552         (JSC::JSGlobalObjectDebuggable::pauseWaitingForAutomaticInspection):
553         When pausing in a JSGlobalObject we need to release the API lock.
554
555 2014-09-18  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
556
557         Fix "Tools/Scripts/build-webkit --efl --no-inspector" build
558         https://bugs.webkit.org/show_bug.cgi?id=136912
559
560         Reviewed by Darin Adler.
561
562         * runtime/TypeSet.cpp:
563         (JSC::TypeSet::leastCommonAncestor):
564
565 2014-09-17  Michael Saboff  <msaboff@apple.com>
566
567         Change CallFrame to use Callee instead of JSScope to implement vm()
568         https://bugs.webkit.org/show_bug.cgi?id=136894
569
570         Reviewed by Geoffrey Garen.
571
572         Added JSCell::vm() method that can be used on any JSObject.  Changed CallFrame::vm() to
573         use JSCell::vm with the Callee.  Made similar changes in the LLInt.
574         In support of this, changed JSGlobalObject::init() to take a VM& parameter, as there is
575         a chicken/egg problem with trying to use the Callee in the global exec before the Callee
576         has been create.  Besides, the vm is readily available in finishCreation(), the caller of
577         init().
578
579         * llint/LowLevelInterpreter32_64.asm:
580         * llint/LowLevelInterpreter64.asm:
581         Changed the calculation of CallFrame::VM to use the Callee instead of JSScope.
582
583         * runtime/JSCell.h:
584         * runtime/JSCellInlines.h:
585         (JSC::JSCell::vm): New method for getting VM from the pointer.
586         (JSC::ExecState::vm): Moved this method from JSScope.h to here since this file
587         contains the implementation of JSCell::vm(), this file is included by all users
588         of CallFrame::vm, and lastly putting it in CallFrameInlines.h required changing
589         many other .h files and possible the WebCore generator generate-bindings.pl.
590
591         * runtime/JSGlobalObject.cpp:
592         (JSC::JSGlobalObject::init):
593         * runtime/JSGlobalObject.h:
594         (JSC::JSGlobalObject::finishCreation):
595         Changed init() to take a VM parameter.
596
597         * runtime/JSScope.h:
598         (JSC::ExecState::vm): Deleted.
599
600 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
601
602         Unreviewed, disable native inlining because it causes build failures.
603
604         * JavaScriptCore.xcodeproj/project.pbxproj:
605
606 2014-09-16  Joseph Pecoraro  <pecoraro@apple.com>
607
608         Web Inspector: Reduce a bit of churn setting initial remote inspection state
609         https://bugs.webkit.org/show_bug.cgi?id=136875
610
611         Reviewed by Timothy Hatcher.
612
613         * API/JSContextRef.cpp:
614         (JSGlobalContextCreateInGroup):
615         Set the defaultl remote debuggable state at the API boundary.
616
617         * runtime/JSGlobalObject.cpp:
618         (JSC::JSGlobalObject::init):
619         Do not set remote debuggable state here. Let clients set it.
620
621 2014-09-16  Yusuke Suzuki  <utatane.tea@gmail.com>
622
623         Promise: Drop Promise.cast
624         https://bugs.webkit.org/show_bug.cgi?id=136222
625
626         Reviewed by Sam Weinig.
627
628         Promise.cast is dropped and Promise.resolve is replaced with old Promise.cast.
629
630         * runtime/CommonIdentifiers.h:
631         * runtime/JSPromiseConstructor.cpp:
632         (JSC::JSPromiseConstructorFuncResolve):
633         (JSC::JSPromiseConstructorFuncRace):
634         (JSC::JSPromiseConstructorFuncAll):
635         (JSC::JSPromiseConstructorFuncCast): Deleted.
636
637 2014-09-16  Filip Pizlo  <fpizlo@apple.com>
638
639         Local OSR availability calculation should be reusable
640         https://bugs.webkit.org/show_bug.cgi?id=136860
641
642         Reviewed by Oliver Hunt.
643         
644         Previously, the FTL lowering repeated some of the logic of the OSR availability analysis
645         phase. Humorously, it actually did this logic a bit differently; for example the phase
646         would claim that a SetLocal makes both the flush and the node available while the FTL
647         only claimed that the flush was available. This different was benign, but still: yuck!
648         
649         Also, previously if you wanted to use availability information then you'd have to repeat
650         some of the logic that both the phase itself and the FTL lowering already had.
651         Presumably, you could get epic style points for finding other benign ways in which to
652         make your copy of the logic different from the other two!
653         
654         This reduces the amount of style points one could conceivably get in the future when
655         hacking JSC, by creating a single reusable thingy for computing local OSR availability.
656
657         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
658         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
659         (JSC::DFG::LocalOSRAvailabilityCalculator::LocalOSRAvailabilityCalculator):
660         (JSC::DFG::LocalOSRAvailabilityCalculator::~LocalOSRAvailabilityCalculator):
661         (JSC::DFG::LocalOSRAvailabilityCalculator::beginBlock):
662         (JSC::DFG::LocalOSRAvailabilityCalculator::executeNode):
663         * dfg/DFGOSRAvailabilityAnalysisPhase.h:
664         * ftl/FTLLowerDFGToLLVM.cpp:
665         (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
666         (JSC::FTL::LowerDFGToLLVM::compileBlock):
667         (JSC::FTL::LowerDFGToLLVM::compileNode):
668         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
669         (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
670         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
671         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
672         (JSC::FTL::LowerDFGToLLVM::availability):
673         (JSC::FTL::LowerDFGToLLVM::compileMovHint): Deleted.
674         (JSC::FTL::LowerDFGToLLVM::compileZombieHint): Deleted.
675         (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock): Deleted.
676
677 2014-09-16  Csaba Osztrogonác  <ossy@webkit.org>
678
679         JSC test gardening
680         https://bugs.webkit.org/show_bug.cgi?id=136823
681
682         Reviewed by Geoffrey Garen.
683
684         * tests/mozilla/mozilla-tests.yaml: Unskip passing tests.
685
686 2014-09-15  Michael Saboff  <msaboff@apple.com>
687
688         Create a JSCallee for GlobalExec object
689         https://bugs.webkit.org/show_bug.cgi?id=136840
690
691         Reviewed by Geoffrey Garen.
692
693         Added m_globalCallee, initialized it and then used it to set the globalExec's callee.
694
695         * runtime/JSGlobalObject.cpp:
696         (JSC::JSGlobalObject::init):
697         (JSC::JSGlobalObject::visitChildren):
698         * runtime/JSGlobalObject.h:
699
700 2014-09-14  Filip Pizlo  <fpizlo@apple.com>
701
702         DFG ref count calculation should be reusable
703         https://bugs.webkit.org/show_bug.cgi?id=136811
704
705         Reviewed by Oliver Hunt.
706         
707         Henceforth if you call Graph::computeRefCounts(), a nifty O(n) operation, every Node
708         will be able to tell you how many places it is used from. Currently only DCE uses this,
709         but it will be useful for https://bugs.webkit.org/show_bug.cgi?id=136330.
710
711         * dfg/DFGDCEPhase.cpp:
712         (JSC::DFG::DCEPhase::run):
713         (JSC::DFG::DCEPhase::findTypeCheckRoot): Deleted.
714         (JSC::DFG::DCEPhase::countNode): Deleted.
715         (JSC::DFG::DCEPhase::countEdge): Deleted.
716         * dfg/DFGGraph.cpp:
717         (JSC::DFG::Graph::computeRefCounts):
718         * dfg/DFGGraph.h:
719
720 2014-09-12  Michael Saboff  <msaboff@apple.com>
721
722         Merge JSGlobalObject::reset() into ::init()
723         https://bugs.webkit.org/show_bug.cgi?id=136800
724
725         Reviewed by Oliver Hunt.
726
727         Moved the contents of reset() into init().
728         Note that the diff shows more changes.
729
730         * runtime/JSGlobalObject.cpp:
731         (JSC::JSGlobalObject::init): Moved body of reset() into init.
732         (JSC::JSGlobalObject::put):
733         (JSC::JSGlobalObject::defineOwnProperty):
734         (JSC::JSGlobalObject::addGlobalVar):
735         (JSC::JSGlobalObject::addFunction):
736         (JSC::lastInPrototypeChain):
737         (JSC::JSGlobalObject::reset): Deleted.
738         * runtime/JSGlobalObject.h:
739
740 2014-09-12  Michael Saboff  <msaboff@apple.com>
741
742         Add JSCallee to program and eval CallFrames
743         https://bugs.webkit.org/show_bug.cgi?id=136785
744
745         Reviewed by Mark Lam.
746
747         Populated Callee slot for program and call eval CallFrames with a JSCallee objects.
748         Made supporting changes including adding a JSCallee structure to global object and adding
749         JSCallee::create() method.  Added code so that the newly added callee object won't be
750         returned by Function.caller.  Changed null pointer checks of callee to check the if
751         the type is JSFunction* or JSCallee*.
752
753         * debugger/DebuggerCallFrame.cpp:
754         (JSC::DebuggerCallFrame::functionName):
755         (JSC::DebuggerCallFrame::type):
756         * profiler/LegacyProfiler.cpp:
757         (JSC::LegacyProfiler::createCallIdentifier):
758         * interpreter/Interpreter.cpp:
759         (JSC::unwindCallFrame):
760         Changed checks of callee is a JSFunction* or JSCallee* instead of just checking
761         if it is null or not.
762
763         * interpreter/Interpreter.cpp:
764         (JSC::Interpreter::execute): Create and use JSCallee objects for execute(EvalExecutable, ...)
765         and execute(ProgramExecutable, ...)
766
767         * jit/JITCode.cpp:
768         (JSC::JITCode::execute): Use jsDynamicCast to cast only JSFunctions.
769
770         * runtime/JSCallee.cpp:
771         (JSC::JSCallee::create): Not used, therefore deleted.
772
773         * runtime/JSCallee.h:
774         (JSC::JSCallee::create): Added.
775
776         * runtime/JSFunction.cpp:
777         (JSC::JSFunction::callerGetter): Added test to return null for JSCallee's that aren't
778         JSFunction's.  This can only be the case when the JSCallee comes from a program or
779         call eval CallFrame.
780
781         * runtime/JSGlobalObject.cpp:
782         (JSC::JSGlobalObject::reset):
783         (JSC::JSGlobalObject::visitChildren):
784         * runtime/JSGlobalObject.h:
785         (JSC::JSGlobalObject::calleeStructure):
786         Added new JSCallee structure.
787
788 2014-09-10  Jon Honeycutt  <jhoneycutt@apple.com>
789
790         Re-add the request autocomplete feature
791
792         <https://bugs.webkit.org/show_bug.cgi?id=136730>
793
794         This feature was rolled out in r148731 because it was only used by
795         Chromium. As we consider supporting this feature, roll it back in, but
796         leave it disabled.
797
798         This rolls out r148731 (which removed the feature) with small changes
799         needed to make the code build in ToT, to match modern style, to make
800         the tests run, and to remove unused code.
801
802         Reviewed by Andy Estes.
803
804         * Configurations/FeatureDefines.xcconfig:
805
806 2014-09-12  Julien Brianceau  <jbriance@cisco.com>
807
808         [x86] moveDoubleToInts() does not clobber its source register anymore
809         https://bugs.webkit.org/show_bug.cgi?id=131690
810
811         Reviewed by Oliver Hunt.
812
813         * assembler/MacroAssemblerX86.h:
814         (JSC::MacroAssemblerX86::moveDoubleToInts):
815         * dfg/DFGSpeculativeJIT.cpp:
816         (JSC::DFG::SpeculativeJIT::compileValueRep):
817         * jit/SpecializedThunkJIT.h:
818         (JSC::SpecializedThunkJIT::returnDouble):
819
820 2014-09-12  Mark Lam  <mark.lam@apple.com>
821
822         Unreviewed build fix for CLOOP build.
823
824         * runtime/JSCallee.h:
825
826 2014-09-12  Michael Saboff  <msaboff@apple.com>
827
828         Remove unneeded declarations from JSCallee.h
829         https://bugs.webkit.org/show_bug.cgi?id=136783
830
831         Reviewed by Mark Lam.
832
833         * runtime/JSCallee.h:
834         (JSCallee::name): Deleted.
835         (JSCallee::displayName): Deleted.
836         (JSCallee::calculatedDisplayName): Deleted.
837
838 2014-09-11  Brian J. Burg  <burg@cs.washington.edu>
839
840         Web Inspector: disambiguate double and integer primitive types in the protocol
841         https://bugs.webkit.org/show_bug.cgi?id=136606
842
843         Reviewed by Timothy Hatcher.
844
845         Right now it's really easy to mix up doubles and integers when serializing or deserializing
846         values for the inspector protocol. This patch disambiguates setting/getting doubles and integers
847         so that it is clearer as to which type is intended.
848
849         A new InspectorValue::Type is added for Integer types, and the Number type is renamed to Double.
850         The existing callsites for asNumber/getNumber/setNumber have been fixed.
851
852         Address various integration points to make sure the right type tag is assigned to InspectorValues.
853
854         * bindings/ScriptValue.cpp:
855         (Deprecated::jsToInspectorValue): Make an Integer if the JSValue is Int52 or smaller.
856         * inspector/InjectedScriptManager.cpp:
857         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
858         * inspector/InspectorBackendDispatcher.cpp:
859         (Inspector::InspectorBackendDispatcher::dispatch):
860         (Inspector::InspectorBackendDispatcher::sendResponse):
861         (Inspector::InspectorBackendDispatcher::reportProtocolError):
862         (Inspector::AsMethodBridges::asInteger):
863         (Inspector::AsMethodBridges::asDouble):
864         (Inspector::InspectorBackendDispatcher::getInteger):
865         (Inspector::InspectorBackendDispatcher::getDouble):
866         (Inspector::AsMethodBridges::asInt): Deleted.
867         (Inspector::InspectorBackendDispatcher::getInt): Deleted.
868         * inspector/InspectorBackendDispatcher.h:
869         * inspector/InspectorProtocolTypes.h: Remove the special case for checking int type tags.
870         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw):
871         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw):
872         (Inspector::Protocol::BindingTraits<int>::assertValueHasExpectedType): Deleted.
873         * inspector/InspectorValues.cpp: Allow integers and doubles to be convertible using asInteger/asDouble.
874         (Inspector::InspectorValue::asDouble):
875         (Inspector::InspectorValue::asInteger):
876         (Inspector::InspectorBasicValue::asDouble):
877         (Inspector::InspectorBasicValue::asInteger):
878         (Inspector::InspectorBasicValue::writeJSON):
879         (Inspector::InspectorValue::asNumber): Deleted.
880         (Inspector::InspectorBasicValue::asNumber): Deleted.
881         * inspector/InspectorValues.h:
882         (Inspector::InspectorObjectBase::setInteger):
883         (Inspector::InspectorObjectBase::setDouble):
884         (Inspector::InspectorArrayBase::pushInteger):
885         (Inspector::InspectorArrayBase::pushDouble):
886         (Inspector::InspectorObjectBase::setNumber): Deleted.
887         (Inspector::InspectorArrayBase::pushInt): Deleted.
888         (Inspector::InspectorArrayBase::pushNumber): Deleted.
889         * inspector/agents/InspectorDebuggerAgent.cpp:
890         (Inspector::buildObjectForBreakpointCookie):
891         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
892         (Inspector::parseLocation):
893         (Inspector::InspectorDebuggerAgent::didParseSource):
894         * inspector/agents/InspectorRuntimeAgent.cpp:
895         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
896         * inspector/scripts/codegen/generator.py: Update emitted code and rebaseline test results.
897         (Generator.keyed_get_method_for_type):
898         (Generator.keyed_set_method_for_type):
899         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
900         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
901         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
902         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
903         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
904         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
905         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
906         * replay/EncodedValue.cpp:
907         (JSC::EncodedValue::convertTo<double>):
908         (JSC::EncodedValue::convertTo<float>):
909         (JSC::EncodedValue::convertTo<int32_t>):
910         (JSC::EncodedValue::convertTo<int64_t>):
911         (JSC::EncodedValue::convertTo<uint32_t>):
912         (JSC::EncodedValue::convertTo<uint64_t>):
913
914 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
915
916         Web Inspector: Occasional ASSERT closing web inspector
917         https://bugs.webkit.org/show_bug.cgi?id=136762
918
919         Reviewed by Timothy Hatcher.
920
921         It is harmless, and indeed possible to have an empty set of listeners
922         now that each Page gets its own PageDebugServer instead of a shared
923         global. So we should replace the null checks with isEmpty checks.
924         Since nobody was ever returning null, convert to references as well.
925
926         * inspector/JSGlobalObjectScriptDebugServer.h:
927         * inspector/ScriptDebugServer.cpp:
928         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
929         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
930         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
931         (Inspector::ScriptDebugServer::sourceParsed):
932         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
933         (Inspector::ScriptDebugServer::notifyDoneProcessingDebuggerEvents):
934         (Inspector::ScriptDebugServer::handlePause):
935         (Inspector::ScriptDebugServer::needPauseHandling): Deleted.
936         * inspector/ScriptDebugServer.h:
937
938 2014-09-10  Michael Saboff  <msaboff@apple.com>
939
940         Move JSScope out of JSFunction into separate JSCallee class
941         https://bugs.webkit.org/show_bug.cgi?id=136725
942
943         Reviewed by Oliver Hunt.
944
945         Created new JSCallee class that contains a JSScope*.  Changed JSFunction to inherit from
946         JSCallee.
947
948         * CMakeLists.txt:
949         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
950         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
951         * JavaScriptCore.xcodeproj/project.pbxproj:
952         Build changes.  Added JSCallee.cpp and JSCallee.h.
953
954         * runtime/JSCallee.cpp: Added.
955         (JSC::JSCallee::create):
956         (JSC::JSCallee::destroy):
957         (JSC::JSCallee::JSCallee):
958         (JSC::JSCallee::finishCreation):
959         (JSC::JSCallee::visitChildren):
960         (JSC::JSCallee::getOwnPropertySlot): Pass through wrapper function.
961         (JSC::JSCallee::getOwnNonIndexPropertyNames): Pass through wrapper function.
962         (JSC::JSCallee::put): Pass through wrapper function.
963         (JSC::JSCallee::deleteProperty): Pass through wrapper function.
964         (JSC::JSCallee::defineOwnProperty): Pass through wrapper function.
965
966         * runtime/JSCallee.h: Added.
967         (JSC::JSCallee::scope):
968         (JSC::JSCallee::scopeUnchecked):
969         (JSC::JSCallee::setScope):
970         (JSC::JSCallee::createStructure):
971         (JSC::JSCallee::offsetOfScopeChain):
972
973         * runtime/JSFunction.cpp:
974         (JSC::JSFunction::JSFunction):
975         (JSC::JSFunction::addNameScopeIfNeeded):
976         (JSC::JSFunction::visitChildren):
977         * runtime/JSFunction.h:
978         (JSC::JSFunction::scope): Deleted.
979         (JSC::JSFunction::scopeUnchecked): Deleted.
980         (JSC::JSFunction::setScope): Deleted.
981         (JSC::JSFunction::offsetOfScopeChain): Deleted.
982         * runtime/JSFunctionInlines.h:
983         (JSC::JSFunction::JSFunction):
984         Changed to reference JSCallee and its methods.
985
986         * runtime/JSType.h: Added JSCallee as a TypeEnum.
987
988 2014-09-11  Filip Pizlo  <fpizlo@apple.com>
989
990         REGRESSION (r172129): Vine pages load as blank
991         https://bugs.webkit.org/show_bug.cgi?id=136655
992         rdar://problem/18281215
993
994         Reviewed by Michael Saboff.
995         
996         If lastNode is something that is subject to DCE, then removing the Phantom's reference to something
997         that lastNode references means that the thing being referenced may no longer be kept alive for OSR.
998         Teach PhantomRemovalPhase that it's only safe to do this if lastNode is a Phantom. That's probably too
999         conservative, but that's fine since this is mainly just an optimization to make the IR sane to read and
1000         reasonably compact; it's OK if we miss cases here.
1001
1002         * dfg/DFGPhantomRemovalPhase.cpp:
1003         (JSC::DFG::PhantomRemovalPhase::run):
1004         * tests/stress/remove-phantom-after-setlocal.js: Added.
1005
1006 2014-09-11  Bear Travis  <betravis@adobe.com>
1007
1008         [CSS Font Loading] Enable CSS Font Loading on Mac
1009         https://bugs.webkit.org/show_bug.cgi?id=135473
1010
1011         Reviewed by Antti Koivisto.
1012
1013         Enable CSS Font Loading in FeatureDefines.
1014
1015         * Configurations/FeatureDefines.xcconfig:
1016
1017 2014-09-11  Joseph Pecoraro  <pecoraro@apple.com>
1018
1019         Unreviewed rebaseline of inspector generator test results after r173120.
1020
1021         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1022         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1023         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1024         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1025
1026 2014-09-11  Oliver Hunt  <oliver@apple.com>
1027
1028         Rename activation to be more in line with spec language
1029         https://bugs.webkit.org/show_bug.cgi?id=136721
1030
1031         Reviewed by Michael Saboff.
1032
1033         Somewhat bigger than the last one, but still just a rename.
1034
1035         * CMakeLists.txt:
1036         * JavaScriptCore.order:
1037         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1038         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1039         * JavaScriptCore.xcodeproj/project.pbxproj:
1040         * bytecode/BytecodeList.json:
1041         * bytecode/BytecodeUseDef.h:
1042         (JSC::computeUsesForBytecodeOffset):
1043         (JSC::computeDefsForBytecodeOffset):
1044         * bytecode/CallVariant.h:
1045         * bytecode/CodeBlock.cpp:
1046         (JSC::CodeBlock::dumpBytecode):
1047         (JSC::CodeBlock::CodeBlock):
1048         (JSC::CodeBlock::finalizeUnconditionally):
1049         (JSC::CodeBlock::isCaptured):
1050         (JSC::CodeBlock::nameForRegister):
1051         * bytecode/CodeBlock.h:
1052         (JSC::CodeBlock::setActivationRegister):
1053         (JSC::CodeBlock::activationRegister):
1054         (JSC::CodeBlock::uncheckedActivationRegister):
1055         (JSC::CodeBlock::needsActivation):
1056         * bytecode/Instruction.h:
1057         * bytecode/UnlinkedCodeBlock.h:
1058         (JSC::UnlinkedCodeBlock::setActivationRegister):
1059         (JSC::UnlinkedCodeBlock::activationRegister):
1060         (JSC::UnlinkedCodeBlock::hasActivationRegister):
1061         * bytecompiler/BytecodeGenerator.cpp:
1062         (JSC::BytecodeGenerator::BytecodeGenerator):
1063         (JSC::BytecodeGenerator::emitReturn):
1064         * bytecompiler/BytecodeGenerator.h:
1065         * debugger/DebuggerCallFrame.cpp:
1066         (JSC::DebuggerCallFrame::scope):
1067         * debugger/DebuggerScope.cpp:
1068         (JSC::DebuggerScope::isFunctionOrEvalScope):
1069         * dfg/DFGByteCodeParser.cpp:
1070         (JSC::DFG::ByteCodeParser::parseBlock):
1071         * dfg/DFGCapabilities.cpp:
1072         (JSC::DFG::capabilityLevel):
1073         * dfg/DFGGraph.cpp:
1074         (JSC::DFG::Graph::tryGetActivation):
1075         (JSC::DFG::Graph::tryGetRegisters):
1076         * dfg/DFGGraph.h:
1077         * dfg/DFGNodeType.h:
1078         * dfg/DFGOperations.cpp:
1079         * dfg/DFGSpeculativeJIT32_64.cpp:
1080         (JSC::DFG::SpeculativeJIT::compile):
1081         * dfg/DFGSpeculativeJIT64.cpp:
1082         (JSC::DFG::SpeculativeJIT::compile):
1083         * interpreter/CallFrame.cpp:
1084         (JSC::CallFrame::lexicalEnvironment):
1085         (JSC::CallFrame::setActivation):
1086         (JSC::CallFrame::activation): Deleted.
1087         * interpreter/CallFrame.h:
1088         * interpreter/Interpreter.cpp:
1089         (JSC::unwindCallFrame):
1090         * interpreter/Register.h:
1091         * jit/JIT.cpp:
1092         (JSC::JIT::privateCompileMainPass):
1093         * jit/JIT.h:
1094         * jit/JITOpcodes.cpp:
1095         (JSC::JIT::emit_op_tear_off_lexical_environment):
1096         (JSC::JIT::emit_op_tear_off_arguments):
1097         (JSC::JIT::emit_op_create_lexical_environment):
1098         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1099         (JSC::JIT::emit_op_create_activation): Deleted.
1100         * jit/JITOpcodes32_64.cpp:
1101         (JSC::JIT::emit_op_tear_off_lexical_environment):
1102         (JSC::JIT::emit_op_tear_off_arguments):
1103         (JSC::JIT::emit_op_create_lexical_environment):
1104         (JSC::JIT::emit_op_tear_off_activation): Deleted.
1105         (JSC::JIT::emit_op_create_activation): Deleted.
1106         * jit/JITOperations.cpp:
1107         * jit/JITOperations.h:
1108         * llint/LLIntSlowPaths.cpp:
1109         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1110         * llint/LLIntSlowPaths.h:
1111         * llint/LowLevelInterpreter32_64.asm:
1112         * llint/LowLevelInterpreter64.asm:
1113         * runtime/Arguments.cpp:
1114         (JSC::Arguments::visitChildren):
1115         (JSC::Arguments::tearOff):
1116         (JSC::Arguments::didTearOffActivation):
1117         * runtime/Arguments.h:
1118         (JSC::Arguments::offsetOfActivation):
1119         (JSC::Arguments::argument):
1120         (JSC::Arguments::finishCreation):
1121         * runtime/CommonSlowPaths.cpp:
1122         * runtime/JSFunction.h:
1123         * runtime/JSGlobalObject.cpp:
1124         (JSC::JSGlobalObject::reset):
1125         (JSC::JSGlobalObject::visitChildren):
1126         * runtime/JSGlobalObject.h:
1127         (JSC::JSGlobalObject::activationStructure):
1128         * runtime/JSLexicalEnvironment.cpp: Renamed from Source/JavaScriptCore/runtime/JSActivation.cpp.
1129         (JSC::JSLexicalEnvironment::visitChildren):
1130         (JSC::JSLexicalEnvironment::symbolTableGet):
1131         (JSC::JSLexicalEnvironment::symbolTablePut):
1132         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
1133         (JSC::JSLexicalEnvironment::symbolTablePutWithAttributes):
1134         (JSC::JSLexicalEnvironment::getOwnPropertySlot):
1135         (JSC::JSLexicalEnvironment::put):
1136         (JSC::JSLexicalEnvironment::deleteProperty):
1137         (JSC::JSLexicalEnvironment::toThis):
1138         (JSC::JSLexicalEnvironment::argumentsGetter):
1139         * runtime/JSLexicalEnvironment.h: Renamed from Source/JavaScriptCore/runtime/JSActivation.h.
1140         (JSC::JSLexicalEnvironment::create):
1141         (JSC::JSLexicalEnvironment::createStructure):
1142         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
1143         (JSC::asActivation):
1144         (JSC::Register::lexicalEnvironment):
1145         (JSC::JSLexicalEnvironment::registersOffset):
1146         (JSC::JSLexicalEnvironment::tearOff):
1147         (JSC::JSLexicalEnvironment::isTornOff):
1148         (JSC::JSLexicalEnvironment::storageOffset):
1149         (JSC::JSLexicalEnvironment::storage):
1150         (JSC::JSLexicalEnvironment::allocationSize):
1151         (JSC::JSLexicalEnvironment::isValidIndex):
1152         (JSC::JSLexicalEnvironment::isValid):
1153         (JSC::JSLexicalEnvironment::registerAt):
1154         * runtime/JSObject.h:
1155         * runtime/JSScope.cpp:
1156         (JSC::abstractAccess):
1157         * runtime/JSScope.h:
1158         (JSC::ResolveOp::ResolveOp):
1159         * runtime/JSSymbolTableObject.cpp:
1160         * runtime/StrictEvalActivation.h:
1161         (JSC::StrictEvalActivation::create):
1162         * runtime/VM.cpp:
1163
1164 2014-09-11  László Langó  <llango.u-szeged@partner.samsung.com>
1165
1166         [JavaScriptCore] Fix FTL on platform EFL.
1167         https://bugs.webkit.org/show_bug.cgi?id=133571
1168
1169         Reviewed by Filip Pizlo.
1170
1171         There are no compact_unwind sections on Linux systems so FTL crashes.
1172         We have to parse eh_frame in FTLUnwindInfo instead of compact_unwind
1173         and get the information for stack unwinding from there.
1174
1175         * CMakeLists.txt: Revert r169181.
1176         * ftl/FTLCompile.cpp:
1177         Change section name literals to use SECTION_NAME macro, because of architecture differencies.
1178         (JSC::FTL::mmAllocateCodeSection):
1179         (JSC::FTL::mmAllocateDataSection):
1180         (JSC::FTL::compile):
1181         * ftl/FTLJITCode.h:
1182         We need the SECTION_NAME macro in FTLCompile and FTLLink, so we define it here.
1183         * ftl/FTLLink.cpp:
1184         (JSC::FTL::link):
1185         * ftl/FTLState.h:
1186         * ftl/FTLState.cpp:
1187         (JSC::FTL::State::State):
1188         * ftl/FTLUnwindInfo.h:
1189         * ftl/FTLUnwindInfo.cpp:
1190         Lift the eh_frame parsing method from LLVM/libcxxabi project and modify it for our purposes.
1191         Parse eh_frame on Linux instead of compact_unwind.
1192         (JSC::FTL::UnwindInfo::parse):
1193
1194 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1195
1196         Web Inspector: Modify the type profiler runtime protocol to transfer some computation into the WebInspector
1197         https://bugs.webkit.org/show_bug.cgi?id=136500
1198
1199         Reviewed by Joseph Pecoraro.
1200
1201         This patch changes the type profiler protocol to the Web Inspector
1202         by moving the work of calculating computed properties that effect the UI 
1203         into the Web Inspector. This makes the Web Inspector have control over the 
1204         strings it displays as UI elements representing type information to the user 
1205         instead of JavaScriptCore deciding on a convention for these strings.
1206         JavaScriptCore now sends enough information to the Web Inspector so that 
1207         it can compute the properties JavaScriptCore used to compute.
1208
1209         * inspector/agents/InspectorRuntimeAgent.cpp:
1210         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1211         * inspector/protocol/Runtime.json:
1212         * runtime/TypeProfiler.cpp:
1213         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector): Deleted.
1214         * runtime/TypeProfiler.h:
1215         * runtime/TypeSet.cpp:
1216         (JSC::TypeSet::inspectorTypeSet):
1217         (JSC::StructureShape::leastCommonAncestor):
1218         (JSC::StructureShape::inspectorRepresentation):
1219         * runtime/TypeSet.h:
1220
1221 2014-09-10  Akos Kiss  <akiss@inf.u-szeged.hu>
1222
1223         Apply ARM64-specific lowering to load/store instructions in offlineasm
1224         https://bugs.webkit.org/show_bug.cgi?id=136569
1225
1226         Reviewed by Michael Saboff.
1227
1228         The standard risc lowering of load/store instructions with base +
1229         immediate offset addresses is to move the offset to a temporary, add the
1230         base to the temporary, and then change the load/store to use the
1231         temporary + 0 immediate offset address. However, on ARM64, base +
1232         register offset addressing mode is available, so it is unnecessary to
1233         perform explicit register additions but it is enough to change load/store
1234         to use base + temporary as the address.
1235
1236         * offlineasm/arm64.rb: Added arm64LowerMalformedLoadStoreAddresses
1237
1238 2014-09-10  Oliver Hunt  <oliver@apple.com>
1239
1240         Rename JSVariableObject to JSEnvironmentRecord to align naming with ES spec
1241         https://bugs.webkit.org/show_bug.cgi?id=136710
1242
1243         Reviewed by Anders Carlsson.
1244
1245         This is a trivial rename.
1246
1247         * CMakeLists.txt:
1248         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1249         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1250         * JavaScriptCore.xcodeproj/project.pbxproj:
1251         * dfg/DFGAbstractHeap.h:
1252         * dfg/DFGClobberize.h:
1253         (JSC::DFG::clobberize):
1254         * dfg/DFGSpeculativeJIT32_64.cpp:
1255         (JSC::DFG::SpeculativeJIT::compile):
1256         * dfg/DFGSpeculativeJIT64.cpp:
1257         (JSC::DFG::SpeculativeJIT::compile):
1258         * ftl/FTLAbstractHeapRepository.cpp:
1259         * ftl/FTLAbstractHeapRepository.h:
1260         * ftl/FTLLowerDFGToLLVM.cpp:
1261         (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
1262         * jit/JITOpcodes32_64.cpp:
1263         * jit/JITPropertyAccess.cpp:
1264         (JSC::JIT::emitGetClosureVar):
1265         (JSC::JIT::emitPutClosureVar):
1266         * jit/JITPropertyAccess32_64.cpp:
1267         (JSC::JIT::emitGetClosureVar):
1268         (JSC::JIT::emitPutClosureVar):
1269         * llint/LLIntOffsetsExtractor.cpp:
1270         * llint/LowLevelInterpreter32_64.asm:
1271         * llint/LowLevelInterpreter64.asm:
1272         * runtime/JSActivation.cpp:
1273         (JSC::JSActivation::getOwnNonIndexPropertyNames):
1274         * runtime/JSActivation.h:
1275         * runtime/JSEnvironmentRecord.cpp: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.cpp.
1276         * runtime/JSEnvironmentRecord.h: Renamed from Source/JavaScriptCore/runtime/JSVariableObject.h.
1277         (JSC::JSEnvironmentRecord::registers):
1278         (JSC::JSEnvironmentRecord::registerAt):
1279         (JSC::JSEnvironmentRecord::addressOfRegisters):
1280         (JSC::JSEnvironmentRecord::offsetOfRegisters):
1281         (JSC::JSEnvironmentRecord::JSEnvironmentRecord):
1282         * runtime/JSNameScope.h:
1283         * runtime/JSSegmentedVariableObject.h:
1284
1285 2014-09-10  Julien Brianceau   <jbriance@cisco.com>
1286
1287         [mips] Add missing parts and fix LLINT mips backend
1288         https://bugs.webkit.org/show_bug.cgi?id=136706
1289
1290         Reviewed by Michael Saboff.
1291
1292         * llint/LowLevelInterpreter.asm: Fix invalid CalleeSave register number.
1293         Implement initPCRelative and setEntryAddress macros.
1294         * llint/LowLevelInterpreter32_64.asm: Fix register distribution in
1295         doVMEntry macro.
1296
1297 2014-09-10  Saam Barati  <saambarati1@gmail.com>
1298
1299         TypeSet needs a mode where it no longer profiles structure shapes
1300         https://bugs.webkit.org/show_bug.cgi?id=136263
1301
1302         Reviewed by Filip Pizlo.
1303
1304         The TypeSet data structure used to gather as many StructureShape
1305         objects as it encountered during type profiling. But, this meant 
1306         that there was no upper limit on how many objects it could allocate. 
1307         This patch places a fixed upper bound on the number of StructureShapes
1308         allocated per TypeSet to prevent using too much memory for little gain
1309         in type profiling usefulness.
1310
1311         StructureShape objects are now also aware of when they are created
1312         from Structures which are dictionaries.
1313
1314         In total, this patch lays the final groundwork needed in refactoring 
1315         the inspector protocol for the type profiler.
1316
1317         * runtime/Structure.cpp:
1318         (JSC::Structure::toStructureShape):
1319         * runtime/TypeProfiler.cpp:
1320         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
1321         * runtime/TypeSet.cpp:
1322         (JSC::TypeSet::TypeSet):
1323         (JSC::TypeSet::addTypeInformation):
1324         (JSC::StructureShape::StructureShape):
1325         (JSC::StructureShape::toJSONString):
1326         (JSC::StructureShape::enterDictionaryMode):
1327         * runtime/TypeSet.h:
1328         (JSC::TypeSet::isOverflown):
1329         * tests/typeProfiler/dictionary-mode.js: Added.
1330         (wrapper):
1331         * tests/typeProfiler/driver/driver.js:
1332         * tests/typeProfiler/overflow.js: Added.
1333         (wrapper.Proto):
1334         (wrapper):
1335
1336 2014-09-10  Peter Gal  <galpeter@inf.u-szeged.hu>
1337
1338         [MIPS] branch32WithPatch missing
1339         https://bugs.webkit.org/show_bug.cgi?id=136696
1340
1341         Reviewed by Michael Saboff.
1342
1343         Added the missing branch32WithPatch. The implementation
1344         is currently the same as the branchPtrithPatch because
1345         the macro assembler supports only 32 bit MIPS.
1346
1347         * assembler/MacroAssemblerMIPS.h:
1348         (JSC::MacroAssemblerMIPS::branch32WithPatch):
1349
1350 2014-09-10  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
1351
1352         Fix !ENABLE(DFG_JIT) build
1353         https://bugs.webkit.org/show_bug.cgi?id=136702
1354
1355         Reviewed by Michael Saboff.
1356
1357         * bytecode/CallEdgeProfile.h:
1358
1359 2014-09-09  Benjamin Poulain  <bpoulain@apple.com>
1360
1361         Disable the "unreachable-code" warning
1362         https://bugs.webkit.org/show_bug.cgi?id=136677
1363
1364         Reviewed by Darin Adler.
1365
1366         * Configurations/Base.xcconfig:
1367
1368 2014-09-08  Filip Pizlo  <fpizlo@apple.com>
1369
1370         DFG should have a reusable SSA builder
1371         https://bugs.webkit.org/show_bug.cgi?id=136331
1372
1373         Reviewed by Oliver Hunt.
1374         
1375         We want to implement sophisticated SSA transformations like object allocation sinking
1376         (https://bugs.webkit.org/show_bug.cgi?id=136330), but to do that, we need to be able to do
1377         updates to SSA that require inserting new Phi's. This requires calculating where Phis go.
1378         Previously, our Phi calculation was based on Aycock and Horspool's algorithm, and our
1379         implementation of this algorithm only worked when doing CPS->SSA conversion. The code
1380         could not be reused for cases where some phase happens to know that it introduced a few
1381         defs in some blocks and it wants to figure out where the Phis should go. Moreover, even
1382         the general algorithm of Aycock and Horspool is not well suited to such targetted SSA
1383         updates, since it requires first inserting maximal Phis. That scales well when the Phis
1384         were already there (like in our CPS form) but otherwise it's quite unnatural and may be
1385         difficult to make efficient.
1386         
1387         The usual way of handling both SSA conversion and SSA update is to use Cytron et al's
1388         algorithm based on dominance frontiers. For a while now, I've been working on creating a
1389         Cytron-based SSA calculator that can be used both as a replacement for our current SSA
1390         converter and as a reusable tool for any phase that needs to do SSA update. I previously
1391         optimized our dominator calculation and representation to use dominator trees computed
1392         using Lengauer and Tarjan's algorithm - mainly to make it more scalable to enumerate over
1393         the set of blocks that dominate you or vice-versa, and then I implemented a dominance
1394         frontier calculator. This patch implements the final step towards making SSA update
1395         available to all SSA phases: it implements an SSACalculator that can tell you where Phis
1396         go when given an arbitrary set of Defs. To keep things simple, and to ensure that we have
1397         good test coverage for this SSACalculator, this patch replaces the old Aycock-Horspool
1398         SSA converter with one based on the SSACalculator.
1399         
1400         This has no observable impact. It does reduce the amount of code in SSAConversionPhase.
1401         But even better, it makes SSAConversionPhase have significantly less tricky logic. It
1402         mostly just relies on SSACalculator to do the tricky stuff, and SSAConversionPhase mostly
1403         just reasons about the weirdnesses unique to the ThreadedCPS form that it sees as input.
1404         In fact, using the Cytron et al approach means that there isn't really any "smoke and
1405         mirrors" trickyness related to SSA. SSACalculator's only "tricks" are using the pruned
1406         iterated dominance frontier to place Phi's and using the dom tree to find reaching defs.
1407         The complexity is mostly confined to Dominators, which computes various dominator-related
1408         properties over the control flow graph. That class can be difficult to understand, but at
1409         least it follows well-known graph theory wisdom.
1410
1411         * CMakeLists.txt:
1412         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1413         * JavaScriptCore.xcodeproj/project.pbxproj:
1414         * dfg/DFGAnalysis.h:
1415         * dfg/DFGCSEPhase.cpp:
1416         * dfg/DFGDCEPhase.cpp:
1417         (JSC::DFG::DCEPhase::run):
1418         * dfg/DFGDominators.h:
1419         (JSC::DFG::Dominators::immediateDominatorOf):
1420         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
1421         (JSC::DFG::Dominators::forAllBlocksInPrunedIteratedDominanceFrontierOf):
1422         * dfg/DFGGraph.cpp:
1423         (JSC::DFG::Graph::dump):
1424         (JSC::DFG::Graph::blocksInPreOrder):
1425         (JSC::DFG::Graph::blocksInPostOrder):
1426         (JSC::DFG::Graph::getBlocksInPreOrder): Deleted.
1427         (JSC::DFG::Graph::getBlocksInPostOrder): Deleted.
1428         * dfg/DFGGraph.h:
1429         * dfg/DFGLICMPhase.cpp:
1430         (JSC::DFG::LICMPhase::run):
1431         * dfg/DFGNodeFlags.h:
1432         * dfg/DFGPhase.cpp:
1433         (JSC::DFG::Phase::beginPhase):
1434         (JSC::DFG::Phase::endPhase):
1435         * dfg/DFGPhase.h:
1436         * dfg/DFGSSACalculator.cpp: Added.
1437         (JSC::DFG::SSACalculator::Variable::dump):
1438         (JSC::DFG::SSACalculator::Variable::dumpVerbose):
1439         (JSC::DFG::SSACalculator::Def::dump):
1440         (JSC::DFG::SSACalculator::SSACalculator):
1441         (JSC::DFG::SSACalculator::~SSACalculator):
1442         (JSC::DFG::SSACalculator::newVariable):
1443         (JSC::DFG::SSACalculator::newDef):
1444         (JSC::DFG::SSACalculator::nonLocalReachingDef):
1445         (JSC::DFG::SSACalculator::reachingDefAtTail):
1446         (JSC::DFG::SSACalculator::dump):
1447         * dfg/DFGSSACalculator.h: Added.
1448         (JSC::DFG::SSACalculator::Variable::index):
1449         (JSC::DFG::SSACalculator::Variable::Variable):
1450         (JSC::DFG::SSACalculator::Def::variable):
1451         (JSC::DFG::SSACalculator::Def::block):
1452         (JSC::DFG::SSACalculator::Def::value):
1453         (JSC::DFG::SSACalculator::Def::Def):
1454         (JSC::DFG::SSACalculator::variable):
1455         (JSC::DFG::SSACalculator::computePhis):
1456         (JSC::DFG::SSACalculator::phisForBlock):
1457         (JSC::DFG::SSACalculator::reachingDefAtHead):
1458         * dfg/DFGSSAConversionPhase.cpp:
1459         (JSC::DFG::SSAConversionPhase::SSAConversionPhase):
1460         (JSC::DFG::SSAConversionPhase::run):
1461         (JSC::DFG::SSAConversionPhase::forwardPhiChildren): Deleted.
1462         (JSC::DFG::SSAConversionPhase::forwardPhi): Deleted.
1463         (JSC::DFG::SSAConversionPhase::forwardPhiEdge): Deleted.
1464         (JSC::DFG::SSAConversionPhase::deduplicateChildren): Deleted.
1465         * dfg/DFGSSAConversionPhase.h:
1466         * dfg/DFGValidate.cpp:
1467         (JSC::DFG::Validate::Validate):
1468         (JSC::DFG::Validate::dumpGraphIfAppropriate):
1469         (JSC::DFG::validate):
1470         * dfg/DFGValidate.h:
1471         * ftl/FTLLowerDFGToLLVM.cpp:
1472         (JSC::FTL::LowerDFGToLLVM::lower):
1473         * runtime/Options.h:
1474
1475 2014-09-08  Commit Queue  <commit-queue@webkit.org>
1476
1477         Unreviewed, rolling out r173402.
1478         https://bugs.webkit.org/show_bug.cgi?id=136649
1479
1480         Breaking buildw with error "unable to restore file position to
1481         0x00000c60 for section __DWARF.__debug_info (errno = 9)"
1482         (Requested by mlam_ on #webkit).
1483
1484         Reverted changeset:
1485
1486         "Move CallFrame and Register inlines functions out of
1487         JSScope.h."
1488         https://bugs.webkit.org/show_bug.cgi?id=136579
1489         http://trac.webkit.org/changeset/173402
1490
1491 2014-09-08  Mark Lam  <mark.lam@apple.com>
1492
1493         Move CallFrame and Register inlines functions out of JSScope.h.
1494         <https://webkit.org/b/136579>
1495
1496         Reviewed by Geoffrey Garen.
1497
1498         This include fixing up some files to #include JSCInlines.h to pick up
1499         these inline functions.  I also added JSCellInlines.h to JSCInlines.h
1500         since it is included from many of the affected .cpp files.
1501
1502         * API/ObjCCallbackFunction.mm:
1503         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1504         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1505         * JavaScriptCore.xcodeproj/project.pbxproj:
1506         * bindings/ScriptValue.cpp:
1507         * inspector/InjectedScriptHost.cpp:
1508         * inspector/InjectedScriptManager.cpp:
1509         * inspector/JSGlobalObjectInspectorController.cpp:
1510         * inspector/JSJavaScriptCallFrame.cpp:
1511         * inspector/ScriptDebugServer.cpp:
1512         * interpreter/CallFrameInlines.h:
1513         (JSC::CallFrame::vm):
1514         (JSC::CallFrame::lexicalGlobalObject):
1515         (JSC::CallFrame::globalThisValue):
1516         * interpreter/RegisterInlines.h: Added.
1517         (JSC::Register::operator=):
1518         (JSC::Register::scope):
1519         * runtime/ArgumentsIteratorConstructor.cpp:
1520         * runtime/JSArrayIterator.cpp:
1521         * runtime/JSCInlines.h:
1522         * runtime/JSCJSValue.cpp:
1523         * runtime/JSMapIterator.cpp:
1524         * runtime/JSPromiseConstructor.cpp:
1525         * runtime/JSPromiseDeferred.cpp:
1526         * runtime/JSPromiseFunctions.cpp:
1527         * runtime/JSPromisePrototype.cpp:
1528         * runtime/JSPromiseReaction.cpp:
1529         * runtime/JSScope.h:
1530         (JSC::Register::operator=): Deleted.
1531         (JSC::Register::scope): Deleted.
1532         (JSC::ExecState::vm): Deleted.
1533         (JSC::ExecState::lexicalGlobalObject): Deleted.
1534         (JSC::ExecState::globalThisValue): Deleted.
1535         * runtime/JSSetIterator.cpp:
1536         * runtime/MapConstructor.cpp:
1537         * runtime/MapData.cpp:
1538         * runtime/MapIteratorPrototype.cpp:
1539         * runtime/MapPrototype.cpp:
1540         * runtime/SetConstructor.cpp:
1541         * runtime/SetIteratorPrototype.cpp:
1542         * runtime/SetPrototype.cpp:
1543         * runtime/WeakMapConstructor.cpp:
1544         * runtime/WeakMapPrototype.cpp:
1545
1546 2014-09-08  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
1547
1548         Remove FILTERS flag
1549         https://bugs.webkit.org/show_bug.cgi?id=136571
1550
1551         Reviewed by Darin Adler.
1552
1553         * Configurations/FeatureDefines.xcconfig:
1554
1555 2014-09-08  Saam Barati  <saambarati1@gmail.com>
1556
1557         Merge StructureShapes that share the same prototype chain
1558         https://bugs.webkit.org/show_bug.cgi?id=136549
1559
1560         Reviewed by Filip Pizlo.
1561
1562         Instead of keeping track of many discrete StructureShapes that share
1563         the same prototype chain, TypeSet should merge StructureShapes that 
1564         have the same prototype chain and provide a new member variable for 
1565         optional structure fields. This provides a cleaner and more concise
1566         interface for dealing with StructureShapes within TypeSet. Instead
1567         of having many discrete shapes that are almost identical, almost 
1568         identical shapes will be merged together with an interface for 
1569         understanding what fields the shapes being merged together differ in.
1570
1571         * runtime/TypeSet.cpp:
1572         (JSC::TypeSet::addTypeInformation):
1573         (JSC::StructureShape::addProperty):
1574         (JSC::StructureShape::toJSONString):
1575         (JSC::StructureShape::inspectorRepresentation):
1576         (JSC::StructureShape::hasSamePrototypeChain):
1577         (JSC::StructureShape::merge):
1578         * runtime/TypeSet.h:
1579         * tests/typeProfiler/optional-fields.js: Added.
1580         (wrapper.func):
1581         (wrapper):
1582
1583 2014-09-08  Jessie Berlin  <jberlin@apple.com>
1584
1585         More 32-bit Release build fixes after r173364.
1586
1587         * dfg/DFGSpeculativeJIT32_64.cpp:
1588         (JSC::DFG::SpeculativeJIT::compile):
1589
1590 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
1591
1592         Fix typos in last patch to fix build.
1593
1594         Unreviewed build fix.
1595
1596         * dfg/DFGSpeculativeJIT.cpp:
1597         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
1598         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
1599
1600 2014-09-07  Maciej Stachowiak  <mjs@apple.com>
1601
1602         Introduce COMPILER_QUIRK(CONSIDERS_UNREACHABLE_CODE) and use it
1603         https://bugs.webkit.org/show_bug.cgi?id=136616
1604
1605         Reviewed by Darin Adler.
1606         
1607         Many compilers will analyze unrechable code paths (e.g. after an
1608         unreachable code path), so sometimes they need dead code initializations.
1609         But clang with suitable warnings will complain about unreachable code. So
1610         use the quirk to include it conditionally.
1611
1612         * bytecode/CodeBlock.cpp:
1613         (JSC::CodeBlock::printGetByIdOp):
1614         * dfg/DFGOSRExitCompilerCommon.cpp:
1615         (JSC::DFG::handleExitCounts):
1616         * dfg/DFGPlan.cpp:
1617         (JSC::DFG::Plan::compileInThread):
1618         * dfg/DFGSpeculativeJIT.cpp:
1619         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
1620         * jsc.cpp:
1621         * runtime/JSArray.cpp:
1622         (JSC::JSArray::fillArgList):
1623         (JSC::JSArray::copyToArguments):
1624         * runtime/RegExp.cpp:
1625         (JSC::RegExp::compile):
1626         (JSC::RegExp::compileMatchOnly):
1627
1628 2014-09-06  Darin Adler  <darin@apple.com>
1629
1630         Make updates suggested by new version of Xcode
1631         https://bugs.webkit.org/show_bug.cgi?id=136603
1632
1633         Reviewed by Mark Rowe.
1634
1635         * Configurations/Base.xcconfig: Added CLANG_WARN_UNREACHABLE_CODE, COMBINE_HIDPI_IMAGES,
1636         and ENABLE_STRICT_OBJC_MSGSEND as suggested by Xcode upgrade check.
1637
1638         * JavaScriptCore.xcodeproj/project.pbxproj: Update LastUpgradeCheck.
1639
1640         * dfg/DFGSpeculativeJIT.cpp:
1641         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): Compile out unreachable code
1642         for clang, since it understands the code is unreachable.
1643         * runtime/JSArray.cpp:
1644         (JSC::JSArray::fillArgList): Ditto.
1645         (JSC::JSArray::copyToArguments): Ditto.
1646
1647 2014-09-05  Matt Baker  <mattbaker@apple.com>
1648
1649         Web Inspector: breakpoint actions should work regardless of Content Security Policy
1650         https://bugs.webkit.org/show_bug.cgi?id=136542
1651
1652         Reviewed by Mark Lam.
1653
1654         Added JSC::DebuggerEvalEnabler, an RAII object which enables eval on a 
1655         JSGlobalObject for the duration of a scope, returning the eval enabled state to its
1656         original value when the scope exits. Used by JSC::DebuggerCallFrame::evaluate 
1657         to allow breakpoint actions to execute JS in pages with a Content Security Policy
1658         that would normally prohibit this (such as Inspector's Main.html).
1659
1660         Refactored Inspector::InjectedScriptBase to use the RAII object instead of manually
1661         setting eval enabled and then resetting the original eval enabled state.
1662
1663         NOTE: The JS::DebuggerEvalEnabler constructor checks the passed in ExecState pointer
1664         for null to be equivalent with the original code in Inspector::InjectedScriptBase.
1665         InjectedScriptBase is getting the ExecState from ScriptObject::scriptState(), which
1666         can currently be null.
1667
1668         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1669         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1670         * JavaScriptCore.xcodeproj/project.pbxproj:
1671         * debugger/DebuggerCallFrame.cpp:
1672         (JSC::DebuggerCallFrame::evaluate):
1673         * debugger/DebuggerEvalEnabler.h: Added.
1674         (JSC::DebuggerEvalEnabler::DebuggerEvalEnabler):
1675         (JSC::DebuggerEvalEnabler::~DebuggerEvalEnabler):
1676         * inspector/InjectedScriptBase.cpp:
1677         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
1678
1679 2014-09-05  peavo@outlook.com  <peavo@outlook.com>
1680
1681         [WinCairo] jsc.exe won't run.
1682         https://bugs.webkit.org/show_bug.cgi?id=136481
1683
1684         Reviewed by Alex Christensen.
1685         
1686         We need to define WIN_CAIRO to avoid looking for the AAS folder.
1687
1688         * JavaScriptCore.vcxproj/jsc/DLLLauncherWinCairo.props: Added.
1689         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1690         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1691         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props:
1692         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1693
1694 2014-09-05  David Kilzer  <ddkilzer@apple.com>
1695
1696         JavaScriptCore should build with newer clang
1697         <http://webkit.org/b/136002>
1698         <rdar://problem/18020616>
1699
1700         Reviewed by Geoffrey Garen.
1701
1702         Other than the JSC::SourceProvider::asID() change (which simply
1703         removes code that the optimizing compiler would have discarded
1704         in Release builds), we move the |this| checks in OpaqueJSString
1705         to NULL checks in to JSBase, JSObjectRef, JSScriptRef,
1706         JSStringRef{CF} and JSValueRef.
1707
1708         Note that the following function arguments are _not_ NULL-checked
1709         since doing so would just cover up bugs (and were not needed to
1710         prevent any tests from failing):
1711         - |script| in JSEvaluateScript(), JSCheckScriptSyntax();
1712         - |body| in JSObjectMakeFunction();
1713         - |source| in JSScriptCreateReferencingImmortalASCIIText()
1714           (which is a const char* anyway);
1715         - |source| in JSScriptCreateFromString().
1716
1717         * API/JSBase.cpp:
1718         (JSEvaluateScript): Add NULL check for |sourceURL|.
1719         (JSCheckScriptSyntax): Ditto.
1720         * API/JSObjectRef.cpp:
1721         (JSObjectMakeFunction): Ditto.
1722         * API/JSScriptRef.cpp:
1723         (JSScriptCreateReferencingImmortalASCIIText): Ditto.
1724         (JSScriptCreateFromString): Add NULL check for |url|.
1725         * API/JSStringRef.cpp:
1726         (JSStringGetLength): Return early if NULL pointer is passed in.
1727         (JSStringGetCharactersPtr): Ditto.
1728         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
1729         * API/JSStringRefCF.cpp:
1730         (JSStringCopyCFString): Ditto.
1731         * API/JSValueRef.cpp:
1732         (JSValueMakeString): Add NULL check for |string|.
1733
1734         * API/OpaqueJSString.cpp:
1735         (OpaqueJSString::string): Remove code that checks |this|.
1736         (OpaqueJSString::identifier): Ditto.
1737         (OpaqueJSString::characters): Ditto.
1738         * API/OpaqueJSString.h:
1739         (OpaqueJSString::is8Bit): Remove code that checks |this|.
1740         (OpaqueJSString::characters8): Ditto.
1741         (OpaqueJSString::characters16): Ditto.
1742         (OpaqueJSString::length): Ditto.
1743
1744         * parser/SourceProvider.h:
1745         (JSC::SourceProvider::asID): Remove code that checks |this|.
1746
1747 2014-06-06  Jer Noble  <jer.noble@apple.com>
1748
1749         Refactoring: make MediaTime the primary time type for audiovisual times.
1750         https://bugs.webkit.org/show_bug.cgi?id=133579
1751
1752         Reviewed by Eric Carlson.
1753
1754         Add a utility function which converts a MediaTime to a JSNumber.
1755
1756         * runtime/JSCJSValue.h:
1757         (JSC::jsNumber):
1758
1759 2014-09-04  Michael Saboff  <msaboff@apple.com>
1760
1761         ARM: Add more coverage to ARMv7 disassembler
1762         https://bugs.webkit.org/show_bug.cgi?id=136565
1763
1764         Reviewed by Mark Lam.
1765
1766         Added ARMV7 disassembler support for Push/Pop multiple and floating point instructions
1767         VCMP, VCVT[R] between floating point and integer, and VLDR.
1768
1769         * disassembler/ARMv7/ARMv7DOpcode.cpp:
1770         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::appendRegisterList):
1771         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPopMultiple::format):
1772         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushMultiple::format):
1773         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::format):
1774         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::format):
1775         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::format):
1776         * disassembler/ARMv7/ARMv7DOpcode.h:
1777         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::registerList):
1778         (JSC::ARMv7Disassembler::ARMv7DOpcodeDataPushPopMultiple::condition):
1779         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::condition):
1780         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::dBit):
1781         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vd):
1782         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::szBit):
1783         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::eBit):
1784         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::mBit):
1785         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCMP::vm):
1786         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::condition):
1787         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::dBit):
1788         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op2):
1789         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vd):
1790         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::szBit):
1791         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::op):
1792         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::mBit):
1793         (JSC::ARMv7Disassembler::ARMv7DOpcodeVCVTBetweenFPAndInt::vm):
1794         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::condition):
1795         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::uBit):
1796         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::rn):
1797         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::vd):
1798         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::doubleReg):
1799         (JSC::ARMv7Disassembler::ARMv7DOpcodeVLDR::immediate8):
1800
1801 2014-09-04  Mark Lam  <mark.lam@apple.com>
1802
1803         Move PropertySlot's inline functions back to PropertySlot.h.
1804         <https://webkit.org/b/136547>
1805
1806         Reviewed by Filip Pizlo.
1807
1808         * runtime/JSObject.h:
1809         (JSC::PropertySlot::getValue): Deleted.
1810         * runtime/PropertySlot.h:
1811         (JSC::PropertySlot::getValue):
1812
1813 2014-09-04  Filip Pizlo  <fpizlo@apple.com>
1814
1815         Make sure that deleting all code first processes the call edge log, and reenable call edge profiling.
1816
1817         Rubber stamped by Sam Weinig.
1818
1819         * debugger/Debugger.cpp:
1820         (JSC::Debugger::forEachCodeBlock):
1821         (JSC::Debugger::setSteppingMode):
1822         (JSC::Debugger::recompileAllJSFunctions):
1823         * inspector/agents/InspectorRuntimeAgent.cpp:
1824         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1825         * runtime/Options.h: Reenable call edge profiling.
1826         * runtime/VM.cpp:
1827         (JSC::VM::prepareToDiscardCode): Make sure this also processes the call edge log, in case any call edge profiles are about to be destroyed.
1828         (JSC::VM::discardAllCode):
1829         (JSC::VM::releaseExecutableMemory):
1830         (JSC::VM::setEnabledProfiler):
1831         (JSC::VM::waitForCompilationsToComplete): Deleted.
1832         * runtime/VM.h: Rename waitForCompilationsToComplete() back to prepareToDiscardCode() because the purpose of the method - now as ever - is to do all of the things that need to be done to ensure that code may be safely deleted.
1833
1834 2014-09-04  Akos Kiss  <akiss@inf.u-szeged.hu>
1835
1836         Ensure that the call frame set up by vmEntryToNative does not overlap with the stack of the callee
1837         https://bugs.webkit.org/show_bug.cgi?id=136485
1838
1839         Reviewed by Michael Saboff.
1840
1841         Changed makeHostFunctionCall to keep the stack pointer above the call
1842         frame set up by doVMEntry. Thus the callee will/can not override the top
1843         of the call frame.
1844
1845         Refactored the two (32_64 and 64) versions of makeHostFunctionCall to be
1846         more alike to help future maintenance.
1847
1848         * llint/LowLevelInterpreter32_64.asm:
1849         * llint/LowLevelInterpreter64.asm:
1850
1851 2014-09-04  Michael Saboff  <msaboff@apple.com>
1852
1853         REGRESSION(r173031): crashes during run-layout-jsc on x86/Linux
1854         https://bugs.webkit.org/show_bug.cgi?id=136436
1855
1856         Reviewed by Geoffrey Garen.
1857
1858         Instead of trying to calculate a stack pointer that allows for possible
1859         stacked argument space, just use the "home" stack pointer location.
1860         That stack pointer provides space for the worst case number of stacked
1861         arguments on architectures that use stacked arguments.  It also provides
1862         stack space so that the return PC and caller frame pointer that are stored
1863         as part of making the call to operationCallEval will not override any part
1864         of the callee frame created on the stack.
1865
1866         Changed compileCallEval() to use the stackPointer value of the calling
1867         function.  That stack pointer is calculated to have enough space for
1868         outgoing stacked arguments.  By moving the stack pointer to its "home"
1869         position, the caller frame and return PC are not set as part of making
1870         the call to operationCallEval().  Moved the explicit setting of the
1871         callerFrame field of the callee CallFrame from operationCallEval() to
1872         compileCallEval() since it has been the artifact of making a call for
1873         most architectures.  Simplified the exception logic in compileCallEval()
1874         as a result of the change.  To be compliant with the stack state
1875         expected by virtualCallThunkGenerator(), moved the stack pointer to
1876         point above the CallerFrameAndPC of the callee CallFrame.
1877
1878         * jit/JIT.h: Changed callOperationNoExceptionCheck(J_JITOperation_EE, ...)
1879         to callOperation(J_JITOperation_EE, ...) as it now can do a typical exception
1880         check.
1881         * jit/JITCall.cpp & jit/JITCall32_64.cpp:
1882         (JSC::JIT::compileCallEval): Use the home stack pointer when making the call
1883         to operationCallEval.  Since the stack pointer adjustment no longer needs
1884         to be done after making the call to operationCallEval(), the exception check
1885         logic can be simplified.
1886         (JSC::JIT::compileCallEvalSlowCase): Restored the stack pointer to point
1887         to above the calleeFrame as this is what the generated thunk expects.
1888         * jit/JITInlines.h:
1889         (JSC::JIT::callOperation): Refactor of callOperationNoExceptionCheck
1890         with the addition of a standard exception check.
1891         (JSC::JIT::callOperationNoExceptionCheck): Deleted.
1892         * jit/JITOperations.cpp:
1893         (JSC::operationCallEval): Eliminated the explicit setting of caller frame
1894         as that is now done in the code generated by compileCallEval().
1895
1896 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
1897
1898         Beef up the DFG's CFG analyses to include iterated dominance frontiers and more user-friendly BlockSets
1899         https://bugs.webkit.org/show_bug.cgi?id=136520
1900
1901         Reviewed by Geoffrey Garen.
1902         
1903         Add code to compute iterated dominance frontiers. This involves using BlockSet a lot, so
1904         this patch also makes BlockSet a lot more user-friendly.
1905
1906         * CMakeLists.txt:
1907         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1908         * JavaScriptCore.xcodeproj/project.pbxproj:
1909         * dfg/DFGBasicBlock.h:
1910         * dfg/DFGBlockSet.cpp: Added.
1911         (JSC::DFG::BlockSet::dump):
1912         * dfg/DFGBlockSet.h:
1913         (JSC::DFG::BlockSet::iterator::iterator):
1914         (JSC::DFG::BlockSet::iterator::operator++):
1915         (JSC::DFG::BlockSet::iterator::operator==):
1916         (JSC::DFG::BlockSet::iterator::operator!=):
1917         (JSC::DFG::BlockSet::Iterable::Iterable):
1918         (JSC::DFG::BlockSet::Iterable::begin):
1919         (JSC::DFG::BlockSet::Iterable::end):
1920         (JSC::DFG::BlockSet::iterable):
1921         (JSC::DFG::BlockAdder::BlockAdder):
1922         (JSC::DFG::BlockAdder::operator()):
1923         * dfg/DFGBlockSetInlines.h: Added.
1924         (JSC::DFG::BlockSet::iterator::operator*):
1925         * dfg/DFGDominators.cpp:
1926         (JSC::DFG::Dominators::strictDominatorsOf):
1927         (JSC::DFG::Dominators::dominatorsOf):
1928         (JSC::DFG::Dominators::blocksStrictlyDominatedBy):
1929         (JSC::DFG::Dominators::blocksDominatedBy):
1930         (JSC::DFG::Dominators::dominanceFrontierOf):
1931         (JSC::DFG::Dominators::iteratedDominanceFrontierOf):
1932         * dfg/DFGDominators.h:
1933         (JSC::DFG::Dominators::forAllStrictDominatorsOf):
1934         (JSC::DFG::Dominators::forAllDominatorsOf):
1935         (JSC::DFG::Dominators::forAllBlocksStrictlyDominatedBy):
1936         (JSC::DFG::Dominators::forAllBlocksDominatedBy):
1937         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOf):
1938         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOf):
1939         (JSC::DFG::Dominators::forAllBlocksInDominanceFrontierOfImpl):
1940         (JSC::DFG::Dominators::forAllBlocksInIteratedDominanceFrontierOfImpl):
1941         * dfg/DFGGraph.cpp:
1942         (JSC::DFG::Graph::dumpBlockHeader):
1943         * dfg/DFGInvalidationPointInjectionPhase.cpp:
1944         (JSC::DFG::InvalidationPointInjectionPhase::run):
1945
1946 2014-09-04  Mark Lam  <mark.lam@apple.com>
1947
1948         Fixed indentations and some style warnings in JavaScriptCore/runtime.
1949         <https://webkit.org/b/136518>
1950
1951         Reviewed by Michael Saboff.
1952
1953         Also removed some superflous spaces.  There are no semantic changes.
1954
1955         * runtime/Completion.h:
1956         * runtime/ConstructData.h:
1957         * runtime/DateConstructor.h:
1958         * runtime/DateInstance.h:
1959         * runtime/DateInstanceCache.h:
1960         * runtime/DatePrototype.h:
1961         * runtime/Error.h:
1962         * runtime/ErrorConstructor.h:
1963         * runtime/ErrorInstance.h:
1964         * runtime/ErrorPrototype.h:
1965         * runtime/FunctionConstructor.h:
1966         * runtime/FunctionPrototype.h:
1967         * runtime/GetterSetter.h:
1968         * runtime/Identifier.h:
1969         * runtime/InitializeThreading.h:
1970         * runtime/InternalFunction.h:
1971         * runtime/JSAPIValueWrapper.h:
1972         * runtime/JSFunction.h:
1973         * runtime/JSLock.h:
1974         * runtime/JSNotAnObject.h:
1975         * runtime/JSONObject.h:
1976         * runtime/JSString.h:
1977         * runtime/JSTypeInfo.h:
1978         * runtime/JSWrapperObject.h:
1979         * runtime/Lookup.h:
1980         * runtime/MathObject.h:
1981         * runtime/NativeErrorConstructor.h:
1982         * runtime/NativeErrorPrototype.h:
1983         * runtime/NumberConstructor.h:
1984         * runtime/NumberObject.h:
1985         * runtime/NumberPrototype.h:
1986         * runtime/NumericStrings.h:
1987         * runtime/ObjectConstructor.h:
1988         * runtime/ObjectPrototype.h:
1989         * runtime/PropertyDescriptor.h:
1990         * runtime/Protect.h:
1991         * runtime/PutPropertySlot.h:
1992         * runtime/RegExp.h:
1993         * runtime/RegExpCachedResult.h:
1994         * runtime/RegExpConstructor.h:
1995         * runtime/RegExpMatchesArray.h:
1996         * runtime/RegExpObject.h:
1997         * runtime/RegExpPrototype.h:
1998         * runtime/SmallStrings.h:
1999         * runtime/StringConstructor.h:
2000         * runtime/StringObject.h:
2001         * runtime/StringPrototype.h:
2002         * runtime/StructureChain.h:
2003         * runtime/VM.h:
2004
2005 2014-09-04  Eva Balazsfalvi  <evab.u-szeged@partner.samsung.com>
2006
2007         Remove CSS_FILTERS flag
2008         https://bugs.webkit.org/show_bug.cgi?id=136529
2009
2010         Reviewed by Dirk Schulze.
2011
2012         * Configurations/FeatureDefines.xcconfig:
2013
2014 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2015
2016         Unreviewed, rolling out r173248.
2017         https://bugs.webkit.org/show_bug.cgi?id=136536
2018
2019         call edge profiling and polymorphic call inlining are still
2020         causing crashes (Requested by eric_carlson on #webkit).
2021
2022         Reverted changeset:
2023
2024         "Reenable call edge profiling and polymorphic call inlining,
2025         now that a bunch of the bugs"
2026         http://trac.webkit.org/changeset/173248
2027
2028 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2029
2030         Web Inspector: the profiler should not accrue time to nodes while the debugger is paused
2031         https://bugs.webkit.org/show_bug.cgi?id=136352
2032
2033         Reviewed by Timothy Hatcher.
2034
2035         Hook up pause/continue events to the LegacyProfiler and any active
2036         ProfilerGenerators. If the debugger is paused, all intervening call
2037         entries will be created with totalTime as 0.0.
2038
2039         * inspector/ScriptDebugServer.cpp:
2040         (Inspector::ScriptDebugServer::handlePause):
2041         * profiler/LegacyProfiler.cpp: Move from typedef'd callbacks to using
2042         std::function. This allows callbacks to take different argument types.
2043
2044         (JSC::callFunctionForProfilesWithGroup):
2045         (JSC::LegacyProfiler::willExecute):
2046         (JSC::LegacyProfiler::didExecute):
2047         (JSC::LegacyProfiler::exceptionUnwind):
2048         (JSC::LegacyProfiler::didPause):
2049         (JSC::LegacyProfiler::didContinue):
2050         (JSC::dispatchFunctionToProfiles): Deleted.
2051         * profiler/LegacyProfiler.h:
2052         * profiler/ProfileGenerator.cpp:
2053         (JSC::ProfileGenerator::ProfileGenerator):
2054         (JSC::ProfileGenerator::endCallEntry):
2055         (JSC::ProfileGenerator::didExecute): Deleted.
2056         * profiler/ProfileGenerator.h:
2057         (JSC::ProfileGenerator::didPause):
2058         (JSC::ProfileGenerator::didContinue):
2059
2060 2014-09-04  Commit Queue  <commit-queue@webkit.org>
2061
2062         Unreviewed, rolling out r173245.
2063         https://bugs.webkit.org/show_bug.cgi?id=136533
2064
2065         Broke JSC tests. (Requested by ddkilzer on #webkit).
2066
2067         Reverted changeset:
2068
2069         "JavaScriptCore should build with newer clang"
2070         https://bugs.webkit.org/show_bug.cgi?id=136002
2071         http://trac.webkit.org/changeset/173245
2072
2073 2014-09-04  Brian J. Burg  <burg@cs.washington.edu>
2074
2075         LegacyProfiler: ProfileNodes should be used more like structs
2076         https://bugs.webkit.org/show_bug.cgi?id=136381
2077
2078         Reviewed by Timothy Hatcher.
2079
2080         Previously, both the profile generator and individual profile nodes
2081         were collectively responsible for creating new Call entries and
2082         maintaining data structure invariants. This complexity is unnecessary.
2083
2084         This patch centralizes profile data creation inside the profile generator.
2085         The profile nodes manage nextSibling and parent pointers, but do not
2086         collect the current time or create new Call entries themselves.
2087
2088         Since ProfileNode::nextSibling and its callers are only used within
2089         debug printing code, it should be compiled out for release builds.
2090
2091         * profiler/ProfileGenerator.cpp:
2092         (JSC::ProfileGenerator::ProfileGenerator):
2093         (JSC::AddParentForConsoleStartFunctor::operator()):
2094         (JSC::ProfileGenerator::beginCallEntry): create a new Call entry.
2095         (JSC::ProfileGenerator::endCallEntry): finish the last Call entry.
2096         (JSC::ProfileGenerator::willExecute): inline ProfileNode::willExecute()
2097         (JSC::ProfileGenerator::didExecute): inline ProfileNode::didExecute()
2098         (JSC::ProfileGenerator::stopProfiling): Only walk up the spine.
2099         (JSC::ProfileGenerator::removeProfileStart):
2100         (JSC::ProfileGenerator::removeProfileEnd):
2101         * profiler/ProfileGenerator.h:
2102         * profiler/ProfileNode.cpp:
2103         (JSC::ProfileNode::ProfileNode):
2104         (JSC::ProfileNode::addChild):
2105         (JSC::ProfileNode::removeChild):
2106         (JSC::ProfileNode::spliceNode): Renamed from insertNode.
2107         (JSC::ProfileNode::debugPrintRecursively):
2108         (JSC::ProfileNode::willExecute): Deleted.
2109         (JSC::ProfileNode::insertNode): Deleted.
2110         (JSC::ProfileNode::stopProfiling): Deleted.
2111         (JSC::ProfileNode::traverseNextNodePostOrder):
2112         (JSC::ProfileNode::endAndRecordCall): Deleted.
2113         (JSC::ProfileNode::debugPrintDataSampleStyle):
2114         * profiler/ProfileNode.h:
2115         (JSC::ProfileNode::Call::setStartTime):
2116         (JSC::ProfileNode::Call::setTotalTime):
2117         (JSC::ProfileNode::appendCall):
2118         (JSC::ProfileNode::firstChild):
2119         (JSC::ProfileNode::lastChild):
2120         (JSC::ProfileNode::nextSibling):
2121         (JSC::ProfileNode::setNextSibling):
2122
2123 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2124
2125         Web Inspector: fix prefixes for subclasses of JSC::ConsoleClient
2126         https://bugs.webkit.org/show_bug.cgi?id=136476
2127
2128         Reviewed by Timothy Hatcher.
2129
2130         * CMakeLists.txt:
2131         * JavaScriptCore.xcodeproj/project.pbxproj:
2132         * inspector/JSGlobalObjectConsoleClient.cpp: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.cpp.
2133         * inspector/JSGlobalObjectConsoleClient.h: Renamed from Source/JavaScriptCore/inspector/JSConsoleClient.h.
2134         * inspector/JSGlobalObjectInspectorController.cpp:
2135         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2136         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2137         * inspector/JSGlobalObjectInspectorController.h:
2138
2139 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2140
2141         Reenable call edge profiling and polymorphic call inlining, now that a bunch of the bugs
2142         are fixed.
2143
2144         * runtime/Options.h:
2145
2146 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2147
2148         JavaScriptCore should build with newer clang
2149         <http://webkit.org/b/136002>
2150         <rdar://problem/18020616>
2151
2152         Reviewed by Geoffrey Garen.
2153
2154         Other than the JSC::SourceProvider::asID() change (which simply
2155         removes code that the optimizing compiler would have discarded
2156         in Release builds), we move the |this| checks in OpaqueJSString
2157         to NULL checks in to JSBase, JSScriptRef, JSStringRef{CF} and
2158         JSValueRef.
2159
2160         * API/JSBase.cpp:
2161         (JSEvaluateScript): Use String() in case |script| or |sourceURL|
2162         are NULL.
2163         * API/JSScriptRef.cpp:
2164         (JSScriptCreateReferencingImmortalASCIIText): Use String() in
2165         case |url| is NULL.
2166         * API/JSStringRef.cpp:
2167         (JSStringGetLength): Return early if NULL pointer is passed in.
2168         (JSStringGetCharactersPtr): Ditto.
2169         (JSStringGetUTF8CString): Ditto.  Also check |buffer| parameter.
2170         * API/JSStringRefCF.cpp:
2171         (JSStringCopyCFString): Ditto.
2172         * API/JSValueRef.cpp:
2173         (JSValueMakeString): Use String() in case |string| is NULL.
2174
2175         * API/OpaqueJSString.cpp:
2176         (OpaqueJSString::string): Remove code that checks |this|.
2177         (OpaqueJSString::identifier): Ditto.
2178         (OpaqueJSString::characters): Ditto.
2179         * API/OpaqueJSString.h:
2180         (OpaqueJSString::is8Bit): Remove code that checks |this|.
2181         (OpaqueJSString::characters8): Ditto.
2182         (OpaqueJSString::characters16): Ditto.
2183         (OpaqueJSString::length): Ditto.
2184
2185         * parser/SourceProvider.h:
2186         (JSC::SourceProvider::asID): Remove code that checks |this|.
2187
2188 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2189
2190         CallEdgeProfile::visitWeak() shouldn't attempt to despecify empty profiles
2191         https://bugs.webkit.org/show_bug.cgi?id=136511
2192
2193         Reviewed by Geoffrey Garen.
2194
2195         * bytecode/CallEdgeProfile.cpp:
2196         (JSC::CallEdgeProfile::worthDespecifying):
2197         (JSC::CallEdgeProfile::visitWeak):
2198         (JSC::CallEdgeProfile::mergeBack):
2199
2200 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2201
2202         REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction.h was removed
2203         <http://webkit.org/b/136509>
2204
2205         Reviewed by Daniel Bates.
2206
2207         * JavaScriptCore.xcodeproj/project.pbxproj: Remove the (null)
2208         entry left behind when JSBoundFunction.h was removed.
2209
2210 2014-09-03  Joseph Pecoraro  <pecoraro@apple.com>
2211
2212         Avoid warning if a process does not have access to com.apple.webinspector
2213         https://bugs.webkit.org/show_bug.cgi?id=136473
2214
2215         Reviewed by Alexey Proskuryakov.
2216
2217         Pre-check for access to the mach port to avoid emitting warnings
2218         in syslog for processes that do not have access.
2219
2220         * inspector/remote/RemoteInspector.mm:
2221         (Inspector::canAccessWebInspectorMachPort):
2222         (Inspector::RemoteInspector::shared):
2223
2224 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2225
2226         Temporarily disable call edge profiling. It is causing crashes and I'm still investigating
2227         them.
2228
2229         * runtime/Options.h:
2230
2231 2014-09-03  Balazs Kilvady  <kilvadyb@homejinni.com>
2232
2233         [MIPS] Wrong register usage in LLInt op_catch.
2234         https://bugs.webkit.org/show_bug.cgi?id=125168
2235
2236         Reviewed by Geoffrey Garen.
2237
2238         Fix register usage and add PIC header to all the ops in LLInt.
2239
2240         * offlineasm/instructions.rb:
2241         * offlineasm/mips.rb:
2242
2243 2014-09-03  Saam Barati  <saambarati1@gmail.com>
2244
2245         Create tests for type profiling
2246         https://bugs.webkit.org/show_bug.cgi?id=136161
2247
2248         Reviewed by Geoffrey Garen.
2249
2250         The type profiler is now being tested. These are basic tests that don't 
2251         check every edge case, but will catch any major failures in the type profiler. 
2252         These tests cover:
2253         - The basic, inheritance-based type system in TypeSet.
2254         - Function return types.
2255         - Correct merging of types for multiple assignments to one variable.
2256
2257         This patch also provides an API for writing new tests for
2258         the type profiler. The API works by passing in a function and a 
2259         unique substring of an expression contained in that function, and 
2260         returns an object representing type information for that expression.
2261
2262         * jsc.cpp:
2263         (GlobalObject::finishCreation):
2264         (functionFindTypeForExpression):
2265         (functionReturnTypeFor):
2266         * runtime/TypeProfiler.cpp:
2267         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
2268         * runtime/TypeProfiler.h:
2269         * runtime/TypeProfilerLog.h:
2270         * runtime/TypeSet.cpp:
2271         (JSC::TypeSet::toJSONString):
2272         (JSC::StructureShape::toJSONString):
2273         * runtime/TypeSet.h:
2274         * tests/typeProfiler: Added.
2275         * tests/typeProfiler.yaml: Added.
2276         * tests/typeProfiler/basic.js: Added.
2277         (wrapper.foo):
2278         (wrapper):
2279         * tests/typeProfiler/captured.js: Added.
2280         (wrapper.changeFoo):
2281         (wrapper):
2282         * tests/typeProfiler/driver: Added.
2283         * tests/typeProfiler/driver/driver.js: Added.
2284         (assert):
2285         * tests/typeProfiler/inheritance.js: Added.
2286         (wrapper.A):
2287         (wrapper.B):
2288         (wrapper.C):
2289         (wrapper):
2290         * tests/typeProfiler/return.js: Added.
2291         (foo):
2292         (Ctor):
2293
2294 2014-09-03  Julien Brianceau   <jbriance@cisco.com>
2295
2296         Add missing implementations to fix build for sh4 architecture
2297         https://bugs.webkit.org/show_bug.cgi?id=136455
2298
2299         Reviewed by Geoffrey Garen.
2300
2301         * assembler/MacroAssemblerSH4.h:
2302         (JSC::MacroAssemblerSH4::store8):
2303         (JSC::MacroAssemblerSH4::moveWithPatch):
2304         (JSC::MacroAssemblerSH4::branchAdd32):
2305         (JSC::MacroAssemblerSH4::branch32WithPatch):
2306         (JSC::MacroAssemblerSH4::abortWithReason):
2307         (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranch32WithPatch):
2308         (JSC::MacroAssemblerSH4::startOfPatchableBranch32WithPatchOnAddress):
2309         (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranch32WithPatch):
2310         * jit/AssemblyHelpers.h:
2311         (JSC::AssemblyHelpers::emitFunctionPrologue):
2312         (JSC::AssemblyHelpers::emitFunctionEpilogue):
2313
2314 2014-09-03  Dan Bernstein  <mitz@apple.com>
2315
2316         Get rid of HIGH_DPI_CANVAS leftovers
2317         https://bugs.webkit.org/show_bug.cgi?id=136491
2318
2319         Reviewed by Benjamin Poulain.
2320
2321         * Configurations/FeatureDefines.xcconfig: Removed definition of ENABLE_HIGH_DPI_CANVAS
2322         and removed it from FEATURE_DEFINES.
2323
2324 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2325
2326         CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
2327         https://bugs.webkit.org/show_bug.cgi?id=136490
2328
2329         Reviewed by Geoffrey Garen.
2330
2331         * bytecode/CallEdgeProfile.cpp:
2332         (JSC::CallEdgeProfile::visitWeak):
2333
2334 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
2335
2336         FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
2337         https://bugs.webkit.org/show_bug.cgi?id=136488
2338
2339         Reviewed by Mark Hahnenberg.
2340
2341         * ftl/FTLCompile.cpp:
2342         (JSC::FTL::generateCheckInICFastPath): The call is in the slow path.
2343         * tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.
2344         (foo):
2345
2346 2014-09-03  Akos Kiss  <akiss@inf.u-szeged.hu>
2347
2348         Don't generate superfluous mov instructions for move immediate on ARM64.
2349         https://bugs.webkit.org/show_bug.cgi?id=136435
2350
2351         Reviewed by Michael Saboff.
2352
2353         On ARM64, the size of an immediate operand for a mov instruction is 16
2354         bits. Thus, a move immediate offlineasm instruction may potentially be
2355         split up to several machine level instructions. The current
2356         implementation always emits a mov for the least significant 16 bits of
2357         the value. However, if any of the bits 63:16 are significant then the
2358         first emitted mov already filled bits 15:0 with zeroes (or ones, for
2359         negative values). So, if bits 15:0 of the value are all zeroes (or ones)
2360         then the last mov does not need to be emitted.
2361
2362         * offlineasm/arm64.rb:
2363
2364 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2365
2366         LegacyProfiler: remove redundant ProfileNode members and other cleanup
2367         https://bugs.webkit.org/show_bug.cgi?id=136380
2368
2369         Reviewed by Timothy Hatcher.
2370
2371         ProfileNode's selfTime and totalTime members are redundant and only used
2372         for dumping profile data from debug-only code. Remove the members and compute
2373         the same data on-demand when necessary using a postorder traversal functor.
2374
2375         Remove ProfileNode.head since it is only used to calculate percentages for
2376         dumped profile data. This can be explicitly passed around when needed.
2377
2378         Rename Profile.head to Profile.rootNode, and other various renamings.
2379
2380         Rearrange some header includes so that touching LegacyProfiler-related headers
2381         will no longer cause a full rebuild.
2382
2383         * inspector/JSConsoleClient.cpp: Add header include.
2384         * inspector/agents/InspectorProfilerAgent.cpp:
2385         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
2386         * inspector/protocol/Profiler.json: Remove unused Profile.idleTime member.
2387         * jit/JIT.h: Remove header include.
2388         * jit/JITCode.h: Remove header include.
2389         * jit/JITOperations.cpp: Sort and add header include.
2390         * llint/LLIntSlowPaths.cpp: Sort and add header include.
2391         * profiler/Profile.cpp: Rename the debug dumping functions. Move the node
2392         postorder traversal code to ProfileNode so we can traverse any subtree.
2393         (JSC::Profile::Profile):
2394         (JSC::Profile::debugPrint):
2395         (JSC::Profile::debugPrintSampleStyle):
2396         (JSC::Profile::forEach): Deleted.
2397         (JSC::Profile::debugPrintData): Deleted.
2398         (JSC::Profile::debugPrintDataSampleStyle): Deleted.
2399         * profiler/Profile.h:
2400         * profiler/ProfileGenerator.cpp:
2401         (JSC::ProfileGenerator::ProfileGenerator):
2402         (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
2403         (JSC::AddParentForConsoleStartFunctor::operator()):
2404         (JSC::ProfileGenerator::addParentForConsoleStart):
2405         (JSC::ProfileGenerator::didExecute):
2406         (JSC::StopProfilingFunctor::operator()):
2407         (JSC::ProfileGenerator::stopProfiling):
2408         (JSC::ProfileGenerator::removeProfileStart):
2409         (JSC::ProfileGenerator::removeProfileEnd):
2410         * profiler/ProfileGenerator.h:
2411         * profiler/ProfileNode.cpp:
2412         (JSC::ProfileNode::ProfileNode):
2413         (JSC::ProfileNode::willExecute):
2414         (JSC::ProfileNode::removeChild):
2415         (JSC::ProfileNode::stopProfiling):
2416         (JSC::ProfileNode::endAndRecordCall):
2417         (JSC::ProfileNode::debugPrint):
2418         (JSC::ProfileNode::debugPrintSampleStyle):
2419         (JSC::ProfileNode::debugPrintRecursively):
2420         (JSC::ProfileNode::debugPrintSampleStyleRecursively):
2421         (JSC::ProfileNode::debugPrintData): Deleted.
2422         (JSC::ProfileNode::debugPrintDataSampleStyle): Deleted.
2423         * profiler/ProfileNode.h: Calculate per-node self and total times using a postorder traversal.
2424         The forEachNodePostorder functor traverses the subtree rooted at |this|.
2425         (JSC::ProfileNode::create):
2426         (JSC::ProfileNode::calls):
2427         (JSC::ProfileNode::forEachNodePostorder):
2428         (JSC::CalculateProfileSubtreeDataFunctor::returnValue):
2429         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
2430         (JSC::ProfileNode::head): Deleted.
2431         (JSC::ProfileNode::setHead): Deleted.
2432         (JSC::ProfileNode::totalTime): Deleted.
2433         (JSC::ProfileNode::setTotalTime): Deleted.
2434         (JSC::ProfileNode::selfTime): Deleted.
2435         (JSC::ProfileNode::setSelfTime): Deleted.
2436         (JSC::ProfileNode::totalPercent): Deleted.
2437         (JSC::ProfileNode::selfPercent): Deleted.
2438         * runtime/ConsoleClient.h: Remove header include.
2439
2440 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
2441
2442         Web Inspector: remove ProfilerAgent and legacy profiler files in the frontend
2443         https://bugs.webkit.org/show_bug.cgi?id=136462
2444
2445         Reviewed by Timothy Hatcher.
2446
2447         It's not used by the frontend anymore.
2448
2449         * CMakeLists.txt:
2450         * DerivedSources.make:
2451         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2452         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2453         * JavaScriptCore.xcodeproj/project.pbxproj:
2454
2455         * inspector/JSConsoleClient.cpp:
2456         (Inspector::JSConsoleClient::JSConsoleClient): Stub out console.profile/profileEnd
2457         methods since they didn't work for JSContexts anyway.
2458         (Inspector::JSConsoleClient::profile):
2459         (Inspector::JSConsoleClient::profileEnd):
2460         * inspector/JSConsoleClient.h:
2461
2462         * inspector/JSGlobalObjectInspectorController.cpp:
2463         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2464         * inspector/agents/InspectorProfilerAgent.cpp: Removed.
2465         * inspector/agents/InspectorProfilerAgent.h: Removed.
2466         * inspector/agents/JSGlobalObjectProfilerAgent.cpp: Removed.
2467         * inspector/agents/JSGlobalObjectProfilerAgent.h: Removed.
2468         * inspector/protocol/Profiler.json: Removed.
2469
2470 2014-09-02  Andreas Kling  <akling@apple.com>
2471
2472         Optimize own property GetByVals with rope string subscripts.
2473         <https://webkit.org/b/136458>
2474
2475         For simple JSObjects that don't override getOwnPropertySlot to implement
2476         custom properties, we have a fast path that grabs directly at the object
2477         property storage.
2478
2479         Make this fast path even faster when the property name is an unresolved
2480         rope string by using JSString::toExistingAtomicString(). This is faster
2481         because it avoids allocating a new StringImpl if the string is already
2482         a known Identifier, which is guaranteed to be the case if it's present
2483         as an own property on the object.)
2484
2485         ~10% speed-up on Dromaeo/dom-attr.html
2486
2487         Reviewed by Geoffrey Garen.
2488
2489         * dfg/DFGOperations.cpp:
2490         * jit/JITOperations.cpp:
2491         (JSC::getByVal):
2492         * llint/LLIntSlowPaths.cpp:
2493         (JSC::LLInt::getByVal):
2494
2495             When using the fastGetOwnProperty() optimization, get the String
2496             out of JSString by using toExistingAtomicString(). This avoids
2497             StringImpl allocation and lets us bypass the PropertyTable lookup
2498             entirely if no AtomicString is found.
2499
2500         * runtime/JSCell.h:
2501         * runtime/JSCellInlines.h:
2502         (JSC::JSCell::fastGetOwnProperty):
2503
2504             Make fastGetOwnProperty() take a PropertyName instead of a String.
2505             This avoids churning the ref count, since we don't need to create
2506             a temporary wrapper around the AtomicStringImpl* found in GetByVal.
2507
2508         * runtime/PropertyName.h:
2509         (JSC::PropertyName::PropertyName):
2510
2511             Add constructor: PropertyName(AtomicStringImpl*)
2512
2513         * runtime/PropertyMapHashTable.h:
2514         (JSC::PropertyTable::get):
2515         (JSC::PropertyTable::findWithString): Deleted.
2516         * runtime/Structure.h:
2517         * runtime/StructureInlines.h:
2518         (JSC::Structure::get):
2519
2520             Remove code for querying a PropertyTable with an unhashed string key
2521             since the only client is now gone.
2522
2523 2014-09-02  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2524
2525         [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
2526         https://bugs.webkit.org/show_bug.cgi?id=136429
2527
2528         Reviewed by Csaba Osztrogonác.
2529
2530         Changed test32 to use tst to check if reg is zero, instead of cmp.
2531
2532         * assembler/MacroAssemblerARM.h:
2533         (JSC::MacroAssemblerARM::test32):
2534
2535 2014-09-02  Michael Saboff  <msaboff@apple.com>
2536
2537         Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
2538         https://bugs.webkit.org/show_bug.cgi?id=136305
2539
2540         Reviewed by Filip Pizlo.
2541
2542         While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
2543         and then JITCode::execute() calls the normal entrypoint.  This is incompatible
2544         with the expectation of FTL generated functions.  Changed ProtoCallFrame to not 
2545         perform the arity fix, but just flag an arity mismatch.  now JITCode::execute()
2546         uses that arity mismatch condition to select the normal or arity check
2547         entrypoint.  The entrypoint selection is only done for functions, programs
2548         and eval always have one parameter.
2549
2550         * interpreter/ProtoCallFrame.cpp:
2551         (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
2552         * interpreter/ProtoCallFrame.h:
2553         (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
2554         should be called.
2555         * jit/JITCode.cpp:
2556         (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
2557
2558 2014-09-02  peavo@outlook.com  <peavo@outlook.com>
2559
2560         [WinCairo] testapi.exe is not built.
2561         https://bugs.webkit.org/show_bug.cgi?id=136369
2562
2563         Reviewed by Alex Christensen.
2564
2565         The testapi project should be of type Application.
2566
2567         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
2568         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
2569         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
2570         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
2571
2572 2014-09-01  Akos Kiss  <akiss@inf.u-szeged.hu>
2573
2574         [CMAKE] Add missing offlineasm dependencies
2575         https://bugs.webkit.org/show_bug.cgi?id=136437
2576
2577         Reviewed by Csaba Osztrogonác.
2578
2579         Add the ARM64, MIPS and SH4 backends to the dependencies.
2580
2581         * CMakeLists.txt:
2582
2583 2014-09-01  Brian J. Burg  <burg@cs.washington.edu>
2584
2585         Provide column numbers to DTrace willExecute/didExecute probes
2586         https://bugs.webkit.org/show_bug.cgi?id=136434
2587
2588         Reviewed by Antti Koivisto.
2589
2590         Provide the columnNumber and update stubs for !HAVE(DTRACE).
2591
2592         * profiler/ProfileGenerator.cpp:
2593         (JSC::ProfileGenerator::willExecute):
2594         (JSC::ProfileGenerator::didExecute):
2595         * runtime/Tracing.d:
2596         * runtime/Tracing.h:
2597
2598 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2599
2600         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
2601         https://bugs.webkit.org/show_bug.cgi?id=136194
2602
2603         Reviewed by Csaba Osztrogonác.
2604
2605         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
2606
2607         * CMakeLists.txt:
2608
2609 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
2610
2611         Use RetainPtr::autorelease in some places where it seems appropriate
2612         https://bugs.webkit.org/show_bug.cgi?id=136280
2613
2614         Reviewed by Darin Adler.
2615
2616         * API/JSContext.mm:
2617         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
2618         * API/JSValue.mm:
2619         (valueToString): Make appropriate use of RetainPtr
2620
2621 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
2622
2623         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
2624         https://bugs.webkit.org/show_bug.cgi?id=136391
2625
2626         Reviewed by Michael Saboff.
2627
2628         Do not rely on calling conventions to fill in the CallerFrame component
2629         of the ExecState* parameter of the called function.
2630
2631         * llint/LowLevelInterpreter32_64.asm:
2632         * llint/LowLevelInterpreter64.asm:
2633
2634 2014-08-29  Saam Barati  <sbarati@apple.com>
2635
2636         emit op_profile_type for deconstruction assignments
2637         https://bugs.webkit.org/show_bug.cgi?id=136274
2638
2639         Reviewed by Filip Pizlo.
2640
2641         Enable type profiling for ES6 deconstruction expressions.
2642
2643         * bytecompiler/NodesCodegen.cpp:
2644         (JSC::BindingNode::bindValue):
2645
2646 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
2647
2648         JavaScriptCore: Use ASCIILiteral where possible
2649         https://bugs.webkit.org/show_bug.cgi?id=136179
2650
2651         Reviewed by Michael Saboff.
2652
2653         General string / character related changes. Use ASCIILiteral where
2654         possible, jsNontrivialString where possible, and replace string
2655         literals with character literals in some places.
2656
2657         No new tests, no changes to functionality.
2658
2659         * bytecode/CodeBlock.cpp:
2660         (JSC::CodeBlock::nameForRegister):
2661         * bytecompiler/NodesCodegen.cpp:
2662         (JSC::PostfixNode::emitBytecode):
2663         (JSC::PrefixNode::emitBytecode):
2664         (JSC::AssignErrorNode::emitBytecode):
2665         (JSC::ForInNode::emitMultiLoopBytecode):
2666         (JSC::ForOfNode::emitBytecode):
2667         (JSC::ObjectPatternNode::toString):
2668         * dfg/DFGFunctionWhitelist.cpp:
2669         (JSC::DFG::FunctionWhitelist::contains):
2670         * dfg/DFGOperations.cpp:
2671         (JSC::DFG::newTypedArrayWithSize):
2672         (JSC::DFG::newTypedArrayWithOneArgument):
2673         * inspector/ConsoleMessage.cpp:
2674         (Inspector::ConsoleMessage::addToFrontend):
2675         * inspector/InspectorBackendDispatcher.cpp:
2676         (Inspector::InspectorBackendDispatcher::dispatch):
2677         * inspector/ScriptCallStackFactory.cpp:
2678         (Inspector::extractSourceInformationFromException):
2679         * inspector/scripts/codegen/generator_templates.py:
2680         * interpreter/StackVisitor.cpp:
2681         (JSC::StackVisitor::Frame::functionName):
2682         (JSC::StackVisitor::Frame::sourceURL):
2683         * jit/JITOperations.cpp:
2684         * jsc.cpp:
2685         (functionDescribeArray):
2686         (functionRun):
2687         (functionLoad):
2688         (functionReadFile):
2689         (functionCheckSyntax):
2690         (functionTransferArrayBuffer):
2691         (runWithScripts):
2692         (runInteractive):
2693         * parser/Lexer.cpp:
2694         (JSC::Lexer<T>::invalidCharacterMessage):
2695         (JSC::Lexer<T>::parseString):
2696         (JSC::Lexer<T>::parseStringSlowCase):
2697         (JSC::Lexer<T>::lex):
2698         * profiler/Profile.cpp:
2699         (JSC::Profile::Profile):
2700         * runtime/Arguments.cpp:
2701         (JSC::argumentsFuncIterator):
2702         * runtime/ArrayPrototype.cpp:
2703         (JSC::performSlowSort):
2704         (JSC::arrayProtoFuncSort):
2705         * runtime/ExceptionHelpers.cpp:
2706         (JSC::createError):
2707         (JSC::createInvalidParameterError):
2708         (JSC::createNotAConstructorError):
2709         (JSC::createNotAFunctionError):
2710         (JSC::createNotAnObjectError):
2711         (JSC::createErrorForInvalidGlobalAssignment):
2712         * runtime/FunctionPrototype.cpp:
2713         (JSC::insertSemicolonIfNeeded):
2714         * runtime/JSArray.cpp:
2715         (JSC::JSArray::defineOwnProperty):
2716         (JSC::JSArray::pop):
2717         (JSC::JSArray::push):
2718         * runtime/JSArrayBufferConstructor.cpp:
2719         (JSC::JSArrayBufferConstructor::finishCreation):
2720         * runtime/JSArrayBufferPrototype.cpp:
2721         (JSC::arrayBufferProtoFuncSlice):
2722         * runtime/JSDataView.cpp:
2723         (JSC::JSDataView::create):
2724         * runtime/JSDataViewPrototype.cpp:
2725         (JSC::getData):
2726         (JSC::setData):
2727         * runtime/JSGlobalObject.cpp:
2728         (JSC::JSGlobalObject::reset):
2729         * runtime/JSGlobalObjectFunctions.cpp:
2730         (JSC::globalFuncProtoSetter):
2731         * runtime/JSPromiseConstructor.cpp:
2732         (JSC::JSPromiseConstructor::finishCreation):
2733         * runtime/LiteralParser.cpp:
2734         (JSC::LiteralParser<CharType>::Lexer::lex):
2735         (JSC::LiteralParser<CharType>::Lexer::lexString):
2736         (JSC::LiteralParser<CharType>::parse):
2737         * runtime/LiteralParser.h:
2738         (JSC::LiteralParser::getErrorMessage):
2739         * runtime/TypeSet.cpp:
2740         (JSC::TypeSet::seenTypes):
2741         (JSC::TypeSet::displayName):
2742         (JSC::TypeSet::allPrimitiveTypeNames):
2743         (JSC::StructureShape::propertyHash):
2744         (JSC::StructureShape::stringRepresentation):
2745
2746 2014-08-29  Csaba Osztrogonác  <ossy@webkit.org>
2747
2748         Unreviwed, remove empty directories.
2749
2750         * qt: Removed.
2751
2752 2014-08-28  Mark Lam  <mark.lam@apple.com>
2753
2754         DebuggerCallFrame::scope() should return a DebuggerScope.
2755         <https://webkit.org/b/134420>
2756
2757         Reviewed by Geoffrey Garen.
2758
2759         Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
2760
2761         Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
2762         peers) which the WebInspector will use to introspect CallFrame variables.
2763         Instead, we should be returning a DebuggerScope as an abstraction layer that
2764         provides the introspection functionality that the WebInspector needs.  This
2765         is the first step towards not forcing every frame to have a JSActivation
2766         object just because the debugger is enabled.
2767
2768         1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
2769            instead of the VM.  This allows JSObject::globalObject() to be able to
2770            return the global object for the DebuggerScope.
2771
2772         2. On the DebuggerScope's life-cycle management:
2773
2774            The DebuggerCallFrame is designed to be "valid" only during a debugging session
2775            (while the debugger is broken) through the use of a DebuggerCallFrameScope in
2776            Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
2777            DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
2778            We can't guarantee (from this code alone) that the Inspector code isn't still
2779            holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
2780            the frame will be invalidated, and any attempt to query it will return null values.
2781            This is pre-existing behavior.
2782
2783            Now, we're adding the DebuggerScope into the picture.  While a single debugger
2784            pause session is in progress, the Inspector may request the scope from the
2785            DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
2786            DebuggerCallFrame::scope() to always return the same DebuggerScope object.
2787            This is why we hold on to the DebuggerScope with a strong ref.
2788
2789            If we use a weak ref instead, the following cooky behavior can manifest:
2790            1. The Inspector calls Debugger::scope() to get the top scope.
2791            2. The Inspector iterates down the scope chain and is now only holding a
2792               reference to a parent scope.  It is no longer referencing the top scope.
2793            3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
2794               gets cleared.
2795            4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
2796               a different DebuggerScope instance.
2797            5. The Inspector iterates down the scope chain but never sees the parent scope
2798               instance that retained a ref to in step 2 above.  This is because when iterating
2799               this new DebuggerScope instance (which has no knowledge of the previous parent
2800               DebuggerScope instance), a new DebuggerScope instance will get created for the
2801               same parent scope. 
2802
2803            Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
2804            However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
2805            When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
2806            instantiated) will also get invalidated.  This is why we need the
2807            DebuggerScope::invalidateChain() method.  The Inspector should not be using the
2808            DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
2809            those methods will do nothing or returned a failed status.
2810
2811         Fix for <https://webkit.org/b/135656>:
2812         3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
2813            m_thisValue in the returned slot to the wrapped scope object.  Previously,
2814            it was pointing to the DebuggerScope though the rest of the fields in the
2815            returned slot will be set to data pertaining the wrapped scope object.
2816
2817         4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
2818            wrapped scope.  This is because JSObject::getPropertySlot() cannot be
2819            overridden, and when called on a DebuggerScope, will not know to look in
2820            the ptototype chain of the DebuggerScope's wrapped scope.  Hence, we'll
2821            treat all properties in the wrapped scope as own properties in the
2822            DebuggerScope.  This is fine because the WebInspector does not presently
2823            care about where in the prototype chain the scope property comes from.
2824
2825            Note that the DebuggerScope and the JSActivation objects that it wraps do
2826            not have prototypes.  They are always jsNull().  This works perfectly with
2827            the above change to use getPropertySlot() instead of getOwnPropertySlot().
2828            To make this an explicit invariant, I also changed DebuggerScope::createStructure()
2829            and JSActivation::createStructure() to not take a prototype argument, and
2830            to always use jsNull() for their prototype value.
2831
2832         * debugger/Debugger.h:
2833         * debugger/DebuggerCallFrame.cpp:
2834         (JSC::DebuggerCallFrame::scope):
2835         (JSC::DebuggerCallFrame::evaluate):
2836         (JSC::DebuggerCallFrame::invalidate):
2837         * debugger/DebuggerCallFrame.h:
2838         * debugger/DebuggerScope.cpp:
2839         (JSC::DebuggerScope::DebuggerScope):
2840         (JSC::DebuggerScope::finishCreation):
2841         (JSC::DebuggerScope::visitChildren):
2842         (JSC::DebuggerScope::className):
2843         (JSC::DebuggerScope::getOwnPropertySlot):
2844         (JSC::DebuggerScope::put):
2845         (JSC::DebuggerScope::deleteProperty):
2846         (JSC::DebuggerScope::getOwnPropertyNames):
2847         (JSC::DebuggerScope::defineOwnProperty):
2848         (JSC::DebuggerScope::next):
2849         (JSC::DebuggerScope::invalidateChain):
2850         (JSC::DebuggerScope::isWithScope):
2851         (JSC::DebuggerScope::isGlobalScope):
2852         (JSC::DebuggerScope::isFunctionOrEvalScope):
2853         * debugger/DebuggerScope.h:
2854         (JSC::DebuggerScope::create):
2855         (JSC::DebuggerScope::createStructure):
2856         (JSC::DebuggerScope::iterator::iterator):
2857         (JSC::DebuggerScope::iterator::get):
2858         (JSC::DebuggerScope::iterator::operator++):
2859         (JSC::DebuggerScope::iterator::operator==):
2860         (JSC::DebuggerScope::iterator::operator!=):
2861         (JSC::DebuggerScope::isValid):
2862         (JSC::DebuggerScope::jsScope):
2863         (JSC::DebuggerScope::begin):
2864         (JSC::DebuggerScope::end):
2865         * inspector/JSJavaScriptCallFrame.cpp:
2866         (Inspector::JSJavaScriptCallFrame::scopeType):
2867         (Inspector::JSJavaScriptCallFrame::scopeChain):
2868         * inspector/JavaScriptCallFrame.h:
2869         (Inspector::JavaScriptCallFrame::scopeChain):
2870         * inspector/ScriptDebugServer.cpp:
2871         * runtime/JSActivation.h:
2872         (JSC::JSActivation::createStructure):
2873         * runtime/JSGlobalObject.cpp:
2874         (JSC::JSGlobalObject::reset):
2875         (JSC::JSGlobalObject::visitChildren):
2876         * runtime/JSGlobalObject.h:
2877         (JSC::JSGlobalObject::debuggerScopeStructure):
2878         * runtime/JSObject.cpp:
2879         * runtime/JSObject.h:
2880         (JSC::JSObject::isWithScope):
2881         * runtime/JSScope.h:
2882         * runtime/PropertySlot.h:
2883         (JSC::PropertySlot::setThisValue):
2884         * runtime/PutPropertySlot.h:
2885         (JSC::PutPropertySlot::setThisValue):
2886         * runtime/VM.cpp:
2887         (JSC::VM::VM):
2888         * runtime/VM.h:
2889
2890 2014-08-28  Andreas Kling  <akling@apple.com>
2891
2892         Use JSString::toIdentifier() in more places.
2893         <https://webkit.org/b/136348>
2894
2895         Call sites that grab the WTF::String from a JSString using value() can
2896         use the more efficient toIdentifier() if the string is going to be used
2897         to construct an Identifier.
2898
2899         If the JSString is a rope that resolves to something that is already
2900         present in the VM's Identifier table, using toIdentifier() can avoid
2901         allocating a new StringImpl.
2902
2903         Reviewed by Geoffrey Garen.
2904
2905         * jit/JITOperations.cpp:
2906         * llint/LLIntSlowPaths.cpp:
2907         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2908         * runtime/CommonSlowPaths.cpp:
2909         (JSC::SLOW_PATH_DECL):
2910         * runtime/CommonSlowPaths.h:
2911         (JSC::CommonSlowPaths::opIn):
2912         * runtime/JSONObject.cpp:
2913         (JSC::Stringifier::Stringifier):
2914         * runtime/ObjectConstructor.cpp:
2915         (JSC::objectConstructorGetOwnPropertyDescriptor):
2916         (JSC::objectConstructorDefineProperty):
2917         * runtime/ObjectPrototype.cpp:
2918         (JSC::objectProtoFuncPropertyIsEnumerable):
2919
2920 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
2921
2922         DFG should compute immediate dominators using the O(n log n) form of Lengauer and Tarjan's "A Fast Algorithm for Finding Dominators in a Flowgraph"
2923         https://bugs.webkit.org/show_bug.cgi?id=93361
2924
2925         Reviewed by Mark Hahnenberg.
2926         
2927         This patch also adds some new utilities for reasoning about block-keyed maps, block sets,
2928         and block worklists. It changes preexisting code to use these abstractions.
2929         
2930         The main effect of this code is that all current clients of dominators end up using the
2931         results of the new idom calculation. We convert the dom tree to a dominance test using
2932         Dietz's pre/post number range check trick.
2933
2934         * CMakeLists.txt:
2935         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2936         * JavaScriptCore.xcodeproj/project.pbxproj:
2937         * dfg/DFGAnalysis.h:
2938         (JSC::DFG::Analysis::computeIfNecessary):
2939         (JSC::DFG::Analysis::computeDependencies):
2940         * dfg/DFGBlockMap.h: Added.
2941         (JSC::DFG::BlockMap::BlockMap):
2942         (JSC::DFG::BlockMap::size):
2943         (JSC::DFG::BlockMap::atIndex):
2944         (JSC::DFG::BlockMap::operator[]):
2945         * dfg/DFGBlockMapInlines.h: Added.
2946         (JSC::DFG::BlockMap<T>::BlockMap):
2947         * dfg/DFGBlockSet.h: Added.
2948         (JSC::DFG::BlockSet::BlockSet):
2949         (JSC::DFG::BlockSet::add):
2950         (JSC::DFG::BlockSet::contains):
2951         * dfg/DFGBlockWorklist.cpp: Added.
2952         (JSC::DFG::BlockWorklist::BlockWorklist):
2953         (JSC::DFG::BlockWorklist::~BlockWorklist):
2954         (JSC::DFG::BlockWorklist::push):
2955         (JSC::DFG::BlockWorklist::pop):
2956         (JSC::DFG::PostOrderBlockWorklist::PostOrderBlockWorklist):
2957         (JSC::DFG::PostOrderBlockWorklist::~PostOrderBlockWorklist):
2958         (JSC::DFG::PostOrderBlockWorklist::pushPre):
2959         (JSC::DFG::PostOrderBlockWorklist::pushPost):
2960         (JSC::DFG::PostOrderBlockWorklist::pop):
2961         * dfg/DFGBlockWorklist.h: Added.
2962         (JSC::DFG::BlockWorklist::notEmpty):
2963         (JSC::DFG::BlockWith::BlockWith):
2964         (JSC::DFG::BlockWith::operator UnspecifiedBoolType*):
2965         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist):
2966         (JSC::DFG::ExtendedBlockWorklist::forcePush):
2967         (JSC::DFG::ExtendedBlockWorklist::push):
2968         (JSC::DFG::ExtendedBlockWorklist::notEmpty):
2969         (JSC::DFG::ExtendedBlockWorklist::pop):
2970         (JSC::DFG::BlockWithOrder::BlockWithOrder):
2971         (JSC::DFG::BlockWithOrder::operator UnspecifiedBoolType*):
2972         (JSC::DFG::PostOrderBlockWorklist::push):
2973         (JSC::DFG::PostOrderBlockWorklist::notEmpty):
2974         * dfg/DFGCSEPhase.cpp:
2975         * dfg/DFGDominators.cpp:
2976         (JSC::DFG::Dominators::compute):
2977         (JSC::DFG::Dominators::naiveDominates):
2978         (JSC::DFG::Dominators::dump):
2979         (JSC::DFG::Dominators::pruneDominators): Deleted.
2980         * dfg/DFGDominators.h:
2981         (JSC::DFG::Dominators::strictlyDominates):
2982         (JSC::DFG::Dominators::dominates):
2983         (JSC::DFG::Dominators::BlockData::BlockData):
2984         * dfg/DFGGraph.cpp:
2985         (JSC::DFG::Graph::dumpBlockHeader):
2986         (JSC::DFG::Graph::getBlocksInPreOrder):
2987         (JSC::DFG::Graph::getBlocksInPostOrder):
2988         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2989         (JSC::DFG::InvalidationPointInjectionPhase::run):
2990         * dfg/DFGNaiveDominators.cpp: Added.
2991         (JSC::DFG::NaiveDominators::NaiveDominators):
2992         (JSC::DFG::NaiveDominators::~NaiveDominators):
2993         (JSC::DFG::NaiveDominators::compute):
2994         (JSC::DFG::NaiveDominators::pruneDominators):
2995         (JSC::DFG::NaiveDominators::dump):
2996         * dfg/DFGNaiveDominators.h: Added.
2997         (JSC::DFG::NaiveDominators::dominates):
2998         * dfg/DFGNaturalLoops.cpp:
2999         (JSC::DFG::NaturalLoops::computeDependencies):
3000         (JSC::DFG::NaturalLoops::compute):
3001         * dfg/DFGNaturalLoops.h:
3002
3003 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
3004
3005         FTL should be able to do polymorphic call inlining
3006         https://bugs.webkit.org/show_bug.cgi?id=135145
3007
3008         Reviewed by Geoffrey Garen.
3009         
3010         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
3011         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
3012         inlining sites use the call edge profile if it is available, but they will still fall back
3013         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
3014         multiple possible callees can be inlined with a switch to guard them. The slow path may
3015         either be an OSR exit or a virtual call.
3016         
3017         The call edge profiling added in this patch is very precise - it will tell you about every
3018         call that has ever happened. It took some effort to reduce the overhead of this profiling.
3019         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
3020         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
3021         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
3022         I also experimented with reducing the precision of the profiling. This led to a significant
3023         reduction in the speed-up, so I avoided this approach. I also explored making log processing
3024         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
3025         found that most of the overhead of this profiling is actually in putting things into the log
3026         rather than in processing the log - that part appears to be surprisingly cheap.
3027         
3028         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
3029         and if we guarded such inlining sites with some profiling mechanism to detect
3030         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
3031         it's actually monomorphic).
3032         
3033         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
3034         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
3035         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
3036         highlighting the increase in profiling overhead. But since this doesn't show up on any major
3037         score (code-load or SunSpider), it's probably not relevant.
3038         
3039         Relanding after fixing debug assertions in fast/storage/serialized-script-value.html.
3040
3041         * CMakeLists.txt:
3042         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3043         * JavaScriptCore.xcodeproj/project.pbxproj:
3044         * bytecode/CallEdge.cpp: Added.
3045         (JSC::CallEdge::dump):
3046         * bytecode/CallEdge.h: Added.
3047         (JSC::CallEdge::operator!):
3048         (JSC::CallEdge::callee):
3049         (JSC::CallEdge::count):
3050         (JSC::CallEdge::despecifiedClosure):
3051         (JSC::CallEdge::CallEdge):
3052         * bytecode/CallEdgeProfile.cpp: Added.
3053         (JSC::CallEdgeProfile::callEdges):
3054         (JSC::CallEdgeProfile::numCallsToKnownCells):
3055         (JSC::worthDespecifying):
3056         (JSC::CallEdgeProfile::worthDespecifying):
3057         (JSC::CallEdgeProfile::visitWeak):
3058         (JSC::CallEdgeProfile::addSlow):
3059         (JSC::CallEdgeProfile::mergeBack):
3060         (JSC::CallEdgeProfile::fadeByHalf):
3061         (JSC::CallEdgeLog::CallEdgeLog):
3062         (JSC::CallEdgeLog::~CallEdgeLog):
3063         (JSC::CallEdgeLog::isEnabled):
3064         (JSC::operationProcessCallEdgeLog):
3065         (JSC::CallEdgeLog::emitLogCode):
3066         (JSC::CallEdgeLog::processLog):
3067         * bytecode/CallEdgeProfile.h: Added.
3068         (JSC::CallEdgeProfile::numCallsToNotCell):
3069         (JSC::CallEdgeProfile::numCallsToUnknownCell):
3070         (JSC::CallEdgeProfile::totalCalls):
3071         * bytecode/CallEdgeProfileInlines.h: Added.
3072         (JSC::CallEdgeProfile::CallEdgeProfile):
3073         (JSC::CallEdgeProfile::add):
3074         * bytecode/CallLinkInfo.cpp:
3075         (JSC::CallLinkInfo::visitWeak):
3076         * bytecode/CallLinkInfo.h:
3077         * bytecode/CallLinkStatus.cpp:
3078         (JSC::CallLinkStatus::CallLinkStatus):
3079         (JSC::CallLinkStatus::computeFromLLInt):
3080         (JSC::CallLinkStatus::computeFor):
3081         (JSC::CallLinkStatus::computeExitSiteData):
3082         (JSC::CallLinkStatus::computeFromCallLinkInfo):
3083         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
3084         (JSC::CallLinkStatus::computeDFGStatuses):
3085         (JSC::CallLinkStatus::isClosureCall):
3086         (JSC::CallLinkStatus::makeClosureCall):
3087         (JSC::CallLinkStatus::dump):
3088         (JSC::CallLinkStatus::function): Deleted.
3089         (JSC::CallLinkStatus::internalFunction): Deleted.
3090         (JSC::CallLinkStatus::intrinsicFor): Deleted.
3091         * bytecode/CallLinkStatus.h:
3092         (JSC::CallLinkStatus::CallLinkStatus):
3093         (JSC::CallLinkStatus::isSet):
3094         (JSC::CallLinkStatus::couldTakeSlowPath):
3095         (JSC::CallLinkStatus::edges):
3096         (JSC::CallLinkStatus::size):
3097         (JSC::CallLinkStatus::at):
3098         (JSC::CallLinkStatus::operator[]):
3099         (JSC::CallLinkStatus::canOptimize):
3100         (JSC::CallLinkStatus::canTrustCounts):
3101         (JSC::CallLinkStatus::isClosureCall): Deleted.
3102         (JSC::CallLinkStatus::callTarget): Deleted.
3103         (JSC::CallLinkStatus::executable): Deleted.
3104         (JSC::CallLinkStatus::makeClosureCall): Deleted.
3105         * bytecode/CallVariant.cpp: Added.
3106         (JSC::CallVariant::dump):
3107         * bytecode/CallVariant.h: Added.
3108         (JSC::CallVariant::CallVariant):
3109         (JSC::CallVariant::operator!):
3110         (JSC::CallVariant::despecifiedClosure):
3111         (JSC::CallVariant::rawCalleeCell):
3112         (JSC::CallVariant::internalFunction):
3113         (JSC::CallVariant::function):
3114         (JSC::CallVariant::isClosureCall):
3115         (JSC::CallVariant::executable):
3116         (JSC::CallVariant::nonExecutableCallee):
3117         (JSC::CallVariant::intrinsicFor):
3118         (JSC::CallVariant::functionExecutable):
3119         (JSC::CallVariant::isHashTableDeletedValue):
3120         (JSC::CallVariant::operator==):
3121         (JSC::CallVariant::operator!=):
3122         (JSC::CallVariant::operator<):
3123         (JSC::CallVariant::operator>):
3124         (JSC::CallVariant::operator<=):
3125         (JSC::CallVariant::operator>=):
3126         (JSC::CallVariant::hash):
3127         (JSC::CallVariant::deletedToken):
3128         (JSC::CallVariantHash::hash):
3129         (JSC::CallVariantHash::equal):
3130         * bytecode/CodeOrigin.h:
3131         (JSC::InlineCallFrame::isNormalCall):
3132         * bytecode/ExitKind.cpp:
3133         (JSC::exitKindToString):
3134         * bytecode/ExitKind.h:
3135         * bytecode/GetByIdStatus.cpp:
3136         (JSC::GetByIdStatus::computeForStubInfo):
3137         * bytecode/PutByIdStatus.cpp:
3138         (JSC::PutByIdStatus::computeForStubInfo):
3139         * dfg/DFGAbstractInterpreterInlines.h:
3140         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3141         * dfg/DFGBackwardsPropagationPhase.cpp:
3142         (JSC::DFG::BackwardsPropagationPhase::propagate):
3143         * dfg/DFGBasicBlock.cpp:
3144         (JSC::DFG::BasicBlock::~BasicBlock):
3145         * dfg/DFGBasicBlock.h:
3146         (JSC::DFG::BasicBlock::takeLast):
3147         (JSC::DFG::BasicBlock::didLink):
3148         * dfg/DFGByteCodeParser.cpp:
3149         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
3150         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
3151         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
3152         (JSC::DFG::ByteCodeParser::addCall):
3153         (JSC::DFG::ByteCodeParser::handleCall):
3154         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
3155         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
3156         (JSC::DFG::ByteCodeParser::inliningCost):
3157         (JSC::DFG::ByteCodeParser::inlineCall):
3158         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
3159         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
3160         (JSC::DFG::ByteCodeParser::handleInlining):
3161         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3162         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
3163         (JSC::DFG::ByteCodeParser::clearCaches):
3164         (JSC::DFG::ByteCodeParser::parseBlock):
3165         (JSC::DFG::ByteCodeParser::linkBlock):
3166         (JSC::DFG::ByteCodeParser::linkBlocks):
3167         (JSC::DFG::ByteCodeParser::parseCodeBlock):
3168         * dfg/DFGCPSRethreadingPhase.cpp:
3169         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
3170         * dfg/DFGClobberize.h:
3171         (JSC::DFG::clobberize):
3172         * dfg/DFGCommon.h:
3173         * dfg/DFGConstantFoldingPhase.cpp:
3174         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3175         * dfg/DFGDoesGC.cpp:
3176         (JSC::DFG::doesGC):
3177         * dfg/DFGDriver.cpp:
3178         (JSC::DFG::compileImpl):
3179         * dfg/DFGFixupPhase.cpp:
3180         (JSC::DFG::FixupPhase::fixupNode):
3181         * dfg/DFGGraph.cpp:
3182         (JSC::DFG::Graph::dump):
3183         (JSC::DFG::Graph::getBlocksInPreOrder):
3184         (JSC::DFG::Graph::visitChildren):
3185         * dfg/DFGJITCompiler.cpp:
3186         (JSC::DFG::JITCompiler::link):
3187         * dfg/DFGLazyJSValue.cpp:
3188         (JSC::DFG::LazyJSValue::switchLookupValue):
3189         * dfg/DFGLazyJSValue.h:
3190         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
3191         * dfg/DFGNode.cpp:
3192         (WTF::printInternal):
3193         * dfg/DFGNode.h:
3194         (JSC::DFG::OpInfo::OpInfo):
3195         (JSC::DFG::Node::hasHeapPrediction):
3196         (JSC::DFG::Node::hasCellOperand):
3197         (JSC::DFG::Node::cellOperand):
3198         (JSC::DFG::Node::setCellOperand):
3199         (JSC::DFG::Node::canBeKnownFunction): Deleted.
3200         (JSC::DFG::Node::hasKnownFunction): Deleted.
3201         (JSC::DFG::Node::knownFunction): Deleted.
3202         (JSC::DFG::Node::giveKnownFunction): Deleted.
3203         (JSC::DFG::Node::hasFunction): Deleted.
3204         (JSC::DFG::Node::function): Deleted.
3205         (JSC::DFG::Node::hasExecutable): Deleted.
3206         (JSC::DFG::Node::executable): Deleted.
3207         * dfg/DFGNodeType.h:
3208         * dfg/DFGPhantomCanonicalizationPhase.cpp:
3209         (JSC::DFG::PhantomCanonicalizationPhase::run):
3210         * dfg/DFGPhantomRemovalPhase.cpp:
3211         (JSC::DFG::PhantomRemovalPhase::run):
3212         * dfg/DFGPredictionPropagationPhase.cpp:
3213         (JSC::DFG::PredictionPropagationPhase::propagate):
3214         * dfg/DFGSafeToExecute.h:
3215         (JSC::DFG::safeToExecute):
3216         * dfg/DFGSpeculativeJIT.cpp:
3217         (JSC::DFG::SpeculativeJIT::emitSwitch):
3218         * dfg/DFGSpeculativeJIT32_64.cpp:
3219         (JSC::DFG::SpeculativeJIT::emitCall):
3220         (JSC::DFG::SpeculativeJIT::compile):
3221         * dfg/DFGSpeculativeJIT64.cpp:
3222         (JSC::DFG::SpeculativeJIT::emitCall):
3223         (JSC::DFG::SpeculativeJIT::compile):
3224         * dfg/DFGStructureRegistrationPhase.cpp:
3225         (JSC::DFG::StructureRegistrationPhase::run):
3226         * dfg/DFGTierUpCheckInjectionPhase.cpp:
3227         (JSC::DFG::TierUpCheckInjectionPhase::run):
3228         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
3229         * dfg/DFGValidate.cpp:
3230         (JSC::DFG::Validate::validate):
3231         * dfg/DFGWatchpointCollectionPhase.cpp:
3232         (JSC::DFG::WatchpointCollectionPhase::handle):
3233         * ftl/FTLCapabilities.cpp:
3234         (JSC::FTL::canCompile):
3235         * ftl/FTLLowerDFGToLLVM.cpp:
3236         (JSC::FTL::ftlUnreachable):
3237         (JSC::FTL::LowerDFGToLLVM::lower):
3238         (JSC::FTL::LowerDFGToLLVM::compileNode):
3239         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
3240         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
3241         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
3242         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
3243         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
3244         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
3245         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
3246         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
3247         * heap/Heap.cpp:
3248         (JSC::Heap::collect):
3249         * jit/AssemblyHelpers.h:
3250         (JSC::AssemblyHelpers::storeValue):
3251         (JSC::AssemblyHelpers::loadValue):
3252         * jit/CCallHelpers.h:
3253         (JSC::CCallHelpers::setupArguments):
3254         * jit/GPRInfo.h:
3255         (JSC::JSValueRegs::uses):
3256         * jit/JITCall.cpp:
3257         (JSC::JIT::compileOpCall):
3258         * jit/JITCall32_64.cpp:
3259         (JSC::JIT::compileOpCall):
3260         * runtime/Options.h:
3261         * runtime/VM.cpp:
3262         (JSC::VM::ensureCallEdgeLog):
3263         * runtime/VM.h:
3264         * tests/stress/fold-profiled-call-to-call.js: Added. This test pinpoints the problem we saw in fast/storage/serialized-script-value.html.
3265         * tests/stress/new-array-then-exit.js: Added.
3266         * tests/stress/poly-call-exit-this.js: Added.
3267         * tests/stress/poly-call-exit.js: Added.
3268
3269 2014-08-28  Julien Brianceau   <jbriance@cisco.com>
3270
3271         Correct GC length unit and prevent division by 0 in showObjectStatistics.
3272         https://bugs.webkit.org/show_bug.cgi?id=136340
3273
3274         Reviewed by Mark Hahnenberg.
3275
3276         * heap/HeapStatistics.cpp:
3277         (JSC::HeapStatistics::showObjectStatistics):
3278
3279 2014-08-27  Akos Kiss  <akiss@inf.u-szeged.hu>
3280
3281         Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
3282         https://bugs.webkit.org/show_bug.cgi?id=136313
3283
3284         Reviewed by Michael Saboff.
3285
3286         Do not rely on calling conventions to fill in the CallerFrame component
3287         of the execCallee parameter of JSC::operationCallEval.
3288
3289         * jit/JITOperations.cpp:
3290
3291 2014-08-27  Saam Barati  <sbarati@apple.com>
3292
3293         Deconstruction object pattern node emits the wrong start/end text positions
3294         https://bugs.webkit.org/show_bug.cgi?id=136304
3295
3296         Reviewed by Geoffrey Garen.
3297
3298         Object pattern nodes that used the syntactic sugar binding: 
3299         'var {foo} = {foo:20}' instead of 'var {foo:foo} = {foo:20}' 
3300         would get the wrong text position for variable 'foo'. The position 
3301         would be placed on the comma(s)/closing brace instead of the identifier. 
3302         This patch fixes this bug by caching the identifier's JSToken before 
3303         trying to parse an optional colon.
3304
3305         * parser/Parser.cpp:
3306         (JSC::Parser<LexerType>::parseVarDeclarationList):
3307         (JSC::Parser<LexerType>::createBindingPattern):
3308         (JSC::Parser<LexerType>::parseDeconstructionPattern):
3309         * parser/Parser.h:
3310
3311 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
3312
3313         [Win] Build fix after last commit.
3314
3315         Check in new DLLLauncherMain.cpp file.
3316
3317         * JavaScriptCore.vcxproj/jsc/DLLLauncherMain.cpp: Added.
3318         (enableTerminationOnHeapCorruption):
3319         (getStringValue):
3320         (applePathFromRegistry):
3321         (appleApplicationSupportDirectory):
3322         (copyEnvironmentVariable):
3323         (prependPath):
3324         (fatalError):
3325         (directoryExists):
3326         (modifyPath):
3327         (getLastErrorString):
3328         (wWinMain):
3329
3330 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
3331
3332         [Win] testapi and testRegExp need to find support libraries.
3333         https://bugs.webkit.org/show_bug.cgi?id=136008.
3334
3335         Reviewed by Dean Jackson.
3336
3337         Revise the Windows build of jsc, testapi, and testRegExp so that they
3338         find and use the proper runtime support libraries.
3339
3340         These locations vary between the Apple Windows build and WinCairo, and
3341         are generally not in the system PATH environment setting. Consequently,
3342         these applications fail on launch unless the user modifies their
3343         PATH.
3344
3345         This patch revises these tools to work like WinLauncher and DumpRenderTree
3346         so that they run reliably.
3347
3348         * API/tests/testapi.c:
3349         (dllLauncherEntryPoint): Added.
3350         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Add new build projects and
3351           provide proper dependencies with existing projects.
3352         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Ditto.
3353         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Switch to build
3354           a DLL, rather than an executable.
3355         * JavaScriptCore.vcxproj/jsc/jscCommon.props: Add shlwapi.lib
3356           to the list of libraries needed at link-time, and to use
3357           the DLL/Console combination entry point.
3358         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Added.
3359         * JavaScriptCore.vcxproj/jsc/jscLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd.
3360