f623d0b8f7f64669fd4f23b17927f04bb61eb029
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
2
3         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
4         https://bugs.webkit.org/show_bug.cgi?id=147999
5
6         Reviewed by Geoffrey Garen.
7
8         * API/JSVirtualMachine.mm:
9         (initWrapperCache):
10         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
11         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
12         (wrapperCacheMutex): Deleted.
13         * bytecode/SamplingTool.cpp:
14         (JSC::SamplingTool::doRun):
15         (JSC::SamplingTool::notifyOfScope):
16         * bytecode/SamplingTool.h:
17         * dfg/DFGThreadData.h:
18         * dfg/DFGWorklist.cpp:
19         (JSC::DFG::Worklist::~Worklist):
20         (JSC::DFG::Worklist::isActiveForVM):
21         (JSC::DFG::Worklist::enqueue):
22         (JSC::DFG::Worklist::compilationState):
23         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
24         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
25         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
26         (JSC::DFG::Worklist::visitWeakReferences):
27         (JSC::DFG::Worklist::removeDeadPlans):
28         (JSC::DFG::Worklist::queueLength):
29         (JSC::DFG::Worklist::dump):
30         (JSC::DFG::Worklist::runThread):
31         * dfg/DFGWorklist.h:
32         * disassembler/Disassembler.cpp:
33         * heap/CopiedSpace.cpp:
34         (JSC::CopiedSpace::doneFillingBlock):
35         (JSC::CopiedSpace::doneCopying):
36         * heap/CopiedSpace.h:
37         * heap/CopiedSpaceInlines.h:
38         (JSC::CopiedSpace::recycleBorrowedBlock):
39         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
40         * heap/GCThread.cpp:
41         (JSC::GCThread::waitForNextPhase):
42         (JSC::GCThread::gcThreadMain):
43         * heap/GCThreadSharedData.cpp:
44         (JSC::GCThreadSharedData::GCThreadSharedData):
45         (JSC::GCThreadSharedData::~GCThreadSharedData):
46         (JSC::GCThreadSharedData::startNextPhase):
47         (JSC::GCThreadSharedData::endCurrentPhase):
48         (JSC::GCThreadSharedData::didStartMarking):
49         (JSC::GCThreadSharedData::didFinishMarking):
50         * heap/GCThreadSharedData.h:
51         * heap/HeapTimer.h:
52         * heap/MachineStackMarker.cpp:
53         (JSC::ActiveMachineThreadsManager::Locker::Locker):
54         (JSC::ActiveMachineThreadsManager::add):
55         (JSC::ActiveMachineThreadsManager::remove):
56         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
57         (JSC::MachineThreads::~MachineThreads):
58         (JSC::MachineThreads::addCurrentThread):
59         (JSC::MachineThreads::removeThreadIfFound):
60         (JSC::MachineThreads::tryCopyOtherThreadStack):
61         (JSC::MachineThreads::tryCopyOtherThreadStacks):
62         (JSC::MachineThreads::gatherConservativeRoots):
63         * heap/MachineStackMarker.h:
64         * heap/SlotVisitor.cpp:
65         (JSC::SlotVisitor::donateKnownParallel):
66         (JSC::SlotVisitor::drain):
67         (JSC::SlotVisitor::drainFromShared):
68         (JSC::SlotVisitor::mergeOpaqueRoots):
69         * heap/SlotVisitorInlines.h:
70         (JSC::SlotVisitor::containsOpaqueRootTriState):
71         * inspector/remote/RemoteInspectorDebuggableConnection.h:
72         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
73         (Inspector::RemoteInspectorHandleRunSourceGlobal):
74         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
75         (Inspector::RemoteInspectorInitializeGlobalQueue):
76         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
77         (Inspector::RemoteInspectorDebuggableConnection::setup):
78         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
79         (Inspector::RemoteInspectorDebuggableConnection::close):
80         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
81         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
82         * interpreter/JSStack.cpp:
83         (JSC::JSStack::JSStack):
84         (JSC::JSStack::releaseExcessCapacity):
85         (JSC::JSStack::addToCommittedByteCount):
86         (JSC::JSStack::committedByteCount):
87         (JSC::stackStatisticsMutex): Deleted.
88         (JSC::JSStack::initializeThreading): Deleted.
89         * interpreter/JSStack.h:
90         (JSC::JSStack::gatherConservativeRoots):
91         (JSC::JSStack::sanitizeStack):
92         (JSC::JSStack::size):
93         (JSC::JSStack::initializeThreading): Deleted.
94         * jit/ExecutableAllocator.cpp:
95         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
96         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
97         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
98         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
99         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
100         (JSC::DemandExecutableAllocator::allocators):
101         (JSC::DemandExecutableAllocator::allocatorsMutex):
102         * jit/JITThunks.cpp:
103         (JSC::JITThunks::ctiStub):
104         * jit/JITThunks.h:
105         * profiler/ProfilerDatabase.cpp:
106         (JSC::Profiler::Database::ensureBytecodesFor):
107         (JSC::Profiler::Database::notifyDestruction):
108         * profiler/ProfilerDatabase.h:
109         * runtime/InitializeThreading.cpp:
110         (JSC::initializeThreading):
111         * runtime/JSLock.cpp:
112         (JSC::GlobalJSLock::GlobalJSLock):
113         (JSC::GlobalJSLock::~GlobalJSLock):
114         (JSC::JSLockHolder::JSLockHolder):
115         (JSC::GlobalJSLock::initialize): Deleted.
116         * runtime/JSLock.h:
117
118 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
119
120         ES6 class syntax should allow computed name method
121         https://bugs.webkit.org/show_bug.cgi?id=142690
122
123         Reviewed by Saam Barati.
124
125         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
126         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
127         getters and setters for classes. Without this, getters and setters could erroneously override methods.
128
129         * bytecode/BytecodeList.json:
130         * bytecode/BytecodeUseDef.h:
131         (JSC::computeUsesForBytecodeOffset):
132         * bytecode/CodeBlock.cpp:
133         (JSC::CodeBlock::dumpBytecode):
134         * bytecompiler/BytecodeGenerator.cpp:
135         (JSC::BytecodeGenerator::emitDirectPutById):
136         (JSC::BytecodeGenerator::emitPutGetterById):
137         (JSC::BytecodeGenerator::emitPutSetterById):
138         (JSC::BytecodeGenerator::emitPutGetterSetter):
139         * bytecompiler/BytecodeGenerator.h:
140         * bytecompiler/NodesCodegen.cpp:
141         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
142         as done for object literals.
143         (JSC::PropertyListNode::emitPutConstantProperty):
144         (JSC::ClassExprNode::emitBytecode):
145         * jit/CCallHelpers.h:
146         (JSC::CCallHelpers::setupArgumentsWithExecState):
147         * jit/JIT.h:
148         * jit/JITInlines.h:
149         (JSC::JIT::callOperation):
150         * jit/JITOperations.cpp:
151         * jit/JITOperations.h:
152         * jit/JITPropertyAccess.cpp:
153         (JSC::JIT::emit_op_put_getter_by_id):
154         (JSC::JIT::emit_op_put_setter_by_id):
155         (JSC::JIT::emit_op_put_getter_setter):
156         (JSC::JIT::emit_op_del_by_id):
157         * jit/JITPropertyAccess32_64.cpp:
158         (JSC::JIT::emit_op_put_getter_by_id):
159         (JSC::JIT::emit_op_put_setter_by_id):
160         (JSC::JIT::emit_op_put_getter_setter):
161         (JSC::JIT::emit_op_del_by_id):
162         * llint/LLIntSlowPaths.cpp:
163         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
164         * llint/LowLevelInterpreter.asm:
165         * parser/ASTBuilder.h:
166         (JSC::ASTBuilder::createProperty):
167         (JSC::ASTBuilder::createPropertyList):
168         * parser/NodeConstructors.h:
169         (JSC::PropertyNode::PropertyNode):
170         * parser/Nodes.h:
171         (JSC::PropertyNode::expressionName):
172         (JSC::PropertyNode::name):
173         * parser/Parser.cpp:
174         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
175         for getters and setters.
176         * parser/SyntaxChecker.h:
177         (JSC::SyntaxChecker::createProperty):
178         * runtime/JSObject.cpp:
179         (JSC::JSObject::allowsAccessFrom):
180         (JSC::JSObject::putGetter):
181         (JSC::JSObject::putSetter):
182         * runtime/JSObject.h:
183         * runtime/PropertyDescriptor.h:
184
185 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
186
187         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
188         https://bugs.webkit.org/show_bug.cgi?id=147942
189
190         Reviewed by Geoffrey Garen.
191
192         This patch adds new private global object, @InspectorInstrumentation.
193         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
194         instrumentation system and it is used to instrument the builtin JS code, like Promises.
195
196         * CMakeLists.txt:
197         * DerivedSources.make:
198         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
199         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
200         * JavaScriptCore.xcodeproj/project.pbxproj:
201         * builtins/InspectorInstrumentationObject.js: Added.
202         (debug):
203         (promiseFulfilled):
204         (promiseRejected):
205         * builtins/Operations.Promise.js:
206         (rejectPromise):
207         (fulfillPromise):
208         * runtime/CommonIdentifiers.h:
209         * runtime/InspectorInstrumentationObject.cpp: Added.
210         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
211         (JSC::InspectorInstrumentationObject::finishCreation):
212         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
213         (JSC::InspectorInstrumentationObject::isEnabled):
214         (JSC::InspectorInstrumentationObject::enable):
215         (JSC::InspectorInstrumentationObject::disable):
216         (JSC::inspectorInstrumentationObjectDataLogImpl):
217         * runtime/InspectorInstrumentationObject.h: Added.
218         (JSC::InspectorInstrumentationObject::create):
219         (JSC::InspectorInstrumentationObject::createStructure):
220         * runtime/JSGlobalObject.cpp:
221         (JSC::JSGlobalObject::init):
222
223 2015-08-14  Commit Queue  <commit-queue@webkit.org>
224
225         Unreviewed, rolling out r188444.
226         https://bugs.webkit.org/show_bug.cgi?id=148029
227
228         Broke GTK and EFL (see bug #148027) (Requested by philn on
229         #webkit).
230
231         Reverted changeset:
232
233         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
234         WTF::ThreadCondition, std::mutex, and std::condition_variable"
235         https://bugs.webkit.org/show_bug.cgi?id=147999
236         http://trac.webkit.org/changeset/188444
237
238 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
239
240         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
241         https://bugs.webkit.org/show_bug.cgi?id=147999
242
243         Reviewed by Geoffrey Garen.
244
245         * API/JSVirtualMachine.mm:
246         (initWrapperCache):
247         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
248         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
249         (wrapperCacheMutex): Deleted.
250         * bytecode/SamplingTool.cpp:
251         (JSC::SamplingTool::doRun):
252         (JSC::SamplingTool::notifyOfScope):
253         * bytecode/SamplingTool.h:
254         * dfg/DFGThreadData.h:
255         * dfg/DFGWorklist.cpp:
256         (JSC::DFG::Worklist::~Worklist):
257         (JSC::DFG::Worklist::isActiveForVM):
258         (JSC::DFG::Worklist::enqueue):
259         (JSC::DFG::Worklist::compilationState):
260         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
261         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
262         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
263         (JSC::DFG::Worklist::visitWeakReferences):
264         (JSC::DFG::Worklist::removeDeadPlans):
265         (JSC::DFG::Worklist::queueLength):
266         (JSC::DFG::Worklist::dump):
267         (JSC::DFG::Worklist::runThread):
268         * dfg/DFGWorklist.h:
269         * disassembler/Disassembler.cpp:
270         * heap/CopiedSpace.cpp:
271         (JSC::CopiedSpace::doneFillingBlock):
272         (JSC::CopiedSpace::doneCopying):
273         * heap/CopiedSpace.h:
274         * heap/CopiedSpaceInlines.h:
275         (JSC::CopiedSpace::recycleBorrowedBlock):
276         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
277         * heap/GCThread.cpp:
278         (JSC::GCThread::waitForNextPhase):
279         (JSC::GCThread::gcThreadMain):
280         * heap/GCThreadSharedData.cpp:
281         (JSC::GCThreadSharedData::GCThreadSharedData):
282         (JSC::GCThreadSharedData::~GCThreadSharedData):
283         (JSC::GCThreadSharedData::startNextPhase):
284         (JSC::GCThreadSharedData::endCurrentPhase):
285         (JSC::GCThreadSharedData::didStartMarking):
286         (JSC::GCThreadSharedData::didFinishMarking):
287         * heap/GCThreadSharedData.h:
288         * heap/HeapTimer.h:
289         * heap/MachineStackMarker.cpp:
290         (JSC::ActiveMachineThreadsManager::Locker::Locker):
291         (JSC::ActiveMachineThreadsManager::add):
292         (JSC::ActiveMachineThreadsManager::remove):
293         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
294         (JSC::MachineThreads::~MachineThreads):
295         (JSC::MachineThreads::addCurrentThread):
296         (JSC::MachineThreads::removeThreadIfFound):
297         (JSC::MachineThreads::tryCopyOtherThreadStack):
298         (JSC::MachineThreads::tryCopyOtherThreadStacks):
299         (JSC::MachineThreads::gatherConservativeRoots):
300         * heap/MachineStackMarker.h:
301         * heap/SlotVisitor.cpp:
302         (JSC::SlotVisitor::donateKnownParallel):
303         (JSC::SlotVisitor::drain):
304         (JSC::SlotVisitor::drainFromShared):
305         (JSC::SlotVisitor::mergeOpaqueRoots):
306         * heap/SlotVisitorInlines.h:
307         (JSC::SlotVisitor::containsOpaqueRootTriState):
308         * inspector/remote/RemoteInspectorDebuggableConnection.h:
309         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
310         (Inspector::RemoteInspectorHandleRunSourceGlobal):
311         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
312         (Inspector::RemoteInspectorInitializeGlobalQueue):
313         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
314         (Inspector::RemoteInspectorDebuggableConnection::setup):
315         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
316         (Inspector::RemoteInspectorDebuggableConnection::close):
317         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
318         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
319         * interpreter/JSStack.cpp:
320         (JSC::JSStack::JSStack):
321         (JSC::JSStack::releaseExcessCapacity):
322         (JSC::JSStack::addToCommittedByteCount):
323         (JSC::JSStack::committedByteCount):
324         (JSC::stackStatisticsMutex): Deleted.
325         (JSC::JSStack::initializeThreading): Deleted.
326         * interpreter/JSStack.h:
327         (JSC::JSStack::gatherConservativeRoots):
328         (JSC::JSStack::sanitizeStack):
329         (JSC::JSStack::size):
330         (JSC::JSStack::initializeThreading): Deleted.
331         * jit/ExecutableAllocator.cpp:
332         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
333         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
334         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
335         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
336         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
337         (JSC::DemandExecutableAllocator::allocators):
338         (JSC::DemandExecutableAllocator::allocatorsMutex):
339         * jit/JITThunks.cpp:
340         (JSC::JITThunks::ctiStub):
341         * jit/JITThunks.h:
342         * profiler/ProfilerDatabase.cpp:
343         (JSC::Profiler::Database::ensureBytecodesFor):
344         (JSC::Profiler::Database::notifyDestruction):
345         * profiler/ProfilerDatabase.h:
346         * runtime/InitializeThreading.cpp:
347         (JSC::initializeThreading):
348         * runtime/JSLock.cpp:
349         (JSC::GlobalJSLock::GlobalJSLock):
350         (JSC::GlobalJSLock::~GlobalJSLock):
351         (JSC::JSLockHolder::JSLockHolder):
352         (JSC::GlobalJSLock::initialize): Deleted.
353         * runtime/JSLock.h:
354
355 2015-08-13  Commit Queue  <commit-queue@webkit.org>
356
357         Unreviewed, rolling out r188428.
358         https://bugs.webkit.org/show_bug.cgi?id=148015
359
360         broke cmake build (Requested by alexchristensen on #webkit).
361
362         Reverted changeset:
363
364         "Move some commands from ./CMakeLists.txt to Source/cmake"
365         https://bugs.webkit.org/show_bug.cgi?id=148003
366         http://trac.webkit.org/changeset/188428
367
368 2015-08-13  Commit Queue  <commit-queue@webkit.org>
369
370         Unreviewed, rolling out r188431.
371         https://bugs.webkit.org/show_bug.cgi?id=148013
372
373         JSC headers are too hard to understand (Requested by smfr on
374         #webkit).
375
376         Reverted changeset:
377
378         "Remove a few includes from JSGlobalObject.h"
379         https://bugs.webkit.org/show_bug.cgi?id=148004
380         http://trac.webkit.org/changeset/188431
381
382 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
383
384         [JSC] Add support for GetByVal on arrays of Undecided shape
385         https://bugs.webkit.org/show_bug.cgi?id=147814
386
387         Reviewed by Filip Pizlo.
388
389         Previously, GetByVal on Array::Undecided would just take
390         the generic path. The problem is the generic path is so
391         slow that it could take a significant amount of time
392         even for unfrequent accesses.
393
394         With this patch, if the following conditions are met,
395         the GetByVal just returns a "undefined" constant:
396         -The object is an OriginalArray.
397         -The prototype chain is sane.
398         -The index is an integer.
399         -The integer is positive (runtime check).
400
401         Ideally, the 4th conditions should be removed
402         deducing a compile-time constant gives us so much better
403         opportunities at getting rid of this code.
404
405         There are two cases where this patch removes the runtime
406         check:
407         -If the index is constant (uncommon but easy)
408         -If the index is within a range known to be positive.
409          (common case and made possible with DFGIntegerRangeOptimizationPhase).
410
411         When we get into those cases, DFG just nukes everything
412         and all we have left is a structure check :)
413
414         This patch is a 14% improvement on audio-beat-detection,
415         a few percent faster here and there and no regression.
416
417         * dfg/DFGAbstractInterpreterInlines.h:
418         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
419         If the index is a positive constant, we can get rid of the GetByVal
420         entirely. :)
421
422         * dfg/DFGArrayMode.cpp:
423         (JSC::DFG::ArrayMode::fromObserved):
424         The returned type is now Array::Undecided + profiling information.
425         The useful type is set in ArrayMode::refine().
426
427         (JSC::DFG::ArrayMode::refine):
428         If we meet the particular set conditions, we speculate an Undecided
429         array type with sane chain. Anything else comes back to Generic.
430
431         (JSC::DFG::ArrayMode::originalArrayStructure):
432         To enable the structure check for Undecided array.
433
434         (JSC::DFG::ArrayMode::alreadyChecked):
435         * dfg/DFGArrayMode.h:
436         (JSC::DFG::ArrayMode::withProfile):
437         (JSC::DFG::ArrayMode::canCSEStorage):
438         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
439         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
440         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
441
442         * dfg/DFGByteCodeParser.cpp:
443         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
444         This is somewhat unrelated.
445
446         Having Array::Undecided on ArrayPush was impossible before
447         since ArrayMode::fromObserved() used to return Array::Generic.
448
449         Now that Array::Undecided is possible, we must make sure not
450         to provide it to ArrayPush since there is no code to handle it
451         properly.
452
453         * dfg/DFGClobberize.h:
454         (JSC::DFG::clobberize):
455         The operation only depends on the index, it is pure.
456
457         * dfg/DFGFixupPhase.cpp:
458         (JSC::DFG::FixupPhase::fixupNode): Deleted.
459         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
460         * dfg/DFGSpeculativeJIT.cpp:
461         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
462         (JSC::DFG::SpeculativeJIT::checkArray):
463         * dfg/DFGSpeculativeJIT32_64.cpp:
464         (JSC::DFG::SpeculativeJIT::compile):
465         * dfg/DFGSpeculativeJIT64.cpp:
466         (JSC::DFG::SpeculativeJIT::compile):
467         * ftl/FTLCapabilities.cpp:
468         (JSC::FTL::canCompile):
469         * ftl/FTLLowerDFGToLLVM.cpp:
470         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
471         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
472         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
473         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
474         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
475         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
476         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
477         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
478
479 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
480
481         Remove a few includes from JSGlobalObject.h
482         https://bugs.webkit.org/show_bug.cgi?id=148004
483
484         Reviewed by Tim Horton.
485         
486         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
487
488         * parser/VariableEnvironment.cpp:
489         * parser/VariableEnvironment.h:
490         * runtime/JSGlobalObject.h:
491         * runtime/Structure.h:
492         * runtime/StructureInlines.h:
493
494 2015-08-13  Alex Christensen  <achristensen@webkit.org>
495
496         Move some commands from ./CMakeLists.txt to Source/cmake
497         https://bugs.webkit.org/show_bug.cgi?id=148003
498
499         Reviewed by Brent Fulgham.
500
501         * CMakeLists.txt:
502         Added commands needed to build JSC by itself.
503
504 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
505
506         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
507         https://bugs.webkit.org/show_bug.cgi?id=147353
508
509         Reviewed by Saam Barati.
510
511         This is the follow-up patch after r188355.
512         It includes the following changes.
513
514         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
515         - Make SourceParseMode to C++ strongly-typed enum.
516         - Fix the comments.
517         - Rename ModuleSpecifier to ModuleName.
518         - Add the type name `ImportEntry` before the C++11 uniform initialization.
519         - Fix the thrown message for duplicate 'default' names.
520         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
521
522         * API/JSScriptRef.cpp:
523         (parseScript):
524         * builtins/BuiltinExecutables.cpp:
525         (JSC::BuiltinExecutables::createExecutableInternal):
526         * bytecode/UnlinkedFunctionExecutable.cpp:
527         (JSC::generateFunctionCodeBlock):
528         * bytecode/UnlinkedFunctionExecutable.h:
529         * bytecompiler/BytecodeGenerator.h:
530         (JSC::BytecodeGenerator::makeFunction):
531         * parser/ASTBuilder.h:
532         (JSC::ASTBuilder::createFunctionMetadata):
533         (JSC::ASTBuilder::createModuleName):
534         (JSC::ASTBuilder::createImportDeclaration):
535         (JSC::ASTBuilder::createExportAllDeclaration):
536         (JSC::ASTBuilder::createExportNamedDeclaration):
537         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
538         * parser/ModuleAnalyzer.cpp:
539         (JSC::ModuleAnalyzer::analyze):
540         * parser/NodeConstructors.h:
541         (JSC::ModuleNameNode::ModuleNameNode):
542         (JSC::ImportDeclarationNode::ImportDeclarationNode):
543         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
544         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
545         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
546         * parser/Nodes.cpp:
547         (JSC::FunctionMetadataNode::FunctionMetadataNode):
548         * parser/Nodes.h:
549         (JSC::StatementNode::isModuleDeclarationNode):
550         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
551         (JSC::ImportDeclarationNode::moduleName):
552         (JSC::ExportAllDeclarationNode::moduleName):
553         (JSC::ExportNamedDeclarationNode::moduleName):
554         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
555         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
556         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
557         * parser/NodesAnalyzeModule.cpp:
558         (JSC::SourceElements::analyzeModule):
559         (JSC::ImportDeclarationNode::analyzeModule):
560         (JSC::ExportAllDeclarationNode::analyzeModule):
561         (JSC::ExportNamedDeclarationNode::analyzeModule):
562         * parser/Parser.cpp:
563         (JSC::Parser<LexerType>::Parser):
564         (JSC::Parser<LexerType>::parseInner):
565         (JSC::Parser<LexerType>::parseModuleSourceElements):
566         (JSC::Parser<LexerType>::parseFunctionBody):
567         (JSC::stringForFunctionMode):
568         (JSC::Parser<LexerType>::parseFunctionParameters):
569         (JSC::Parser<LexerType>::parseFunctionInfo):
570         (JSC::Parser<LexerType>::parseFunctionDeclaration):
571         (JSC::Parser<LexerType>::parseClass):
572         (JSC::Parser<LexerType>::parseModuleName):
573         (JSC::Parser<LexerType>::parseImportDeclaration):
574         (JSC::Parser<LexerType>::parseExportDeclaration):
575         (JSC::Parser<LexerType>::parsePropertyMethod):
576         (JSC::Parser<LexerType>::parseGetterSetter):
577         (JSC::Parser<LexerType>::parsePrimaryExpression):
578         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
579         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
580         * parser/Parser.h:
581         (JSC::Parser<LexerType>::parse):
582         (JSC::parse):
583         * parser/ParserModes.h:
584         (JSC::isFunctionParseMode):
585         (JSC::isModuleParseMode):
586         (JSC::isProgramParseMode):
587         * parser/SyntaxChecker.h:
588         (JSC::SyntaxChecker::createFunctionMetadata):
589         (JSC::SyntaxChecker::createModuleName):
590         (JSC::SyntaxChecker::createImportDeclaration):
591         (JSC::SyntaxChecker::createExportAllDeclaration):
592         (JSC::SyntaxChecker::createExportNamedDeclaration):
593         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
594         * runtime/CodeCache.cpp:
595         (JSC::CodeCache::getGlobalCodeBlock):
596         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
597         * runtime/Completion.cpp:
598         (JSC::checkSyntax):
599         (JSC::checkModuleSyntax):
600         * runtime/Executable.cpp:
601         (JSC::ProgramExecutable::checkSyntax):
602         * tests/stress/modules-syntax-error-with-names.js:
603
604 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
605
606         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
607         https://bugs.webkit.org/show_bug.cgi?id=147966
608
609         Reviewed by Timothy Hatcher.
610
611         * inspector/InjectedScriptSource.js:
612         (InjectedScript.prototype._initialPreview):
613         Renamed to initial preview. This is not a complete preview for
614         this object, and it needs some processing in order to be a
615         complete accurate preview.
616
617         (InjectedScript.RemoteObject.prototype._emptyPreview):
618         This attempts to be an accurate empty preview for the given object.
619         For types with entries, it adds an empty entries list and updates
620         the overflow and lossless properties.
621
622         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
623         Take a generatePreview parameter to generate a full preview or empty preview.
624
625         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
626         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
627         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
628         Take care to avoid cycles.
629
630 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
631
632         Periodic code deletion should delete RegExp code
633         https://bugs.webkit.org/show_bug.cgi?id=147990
634
635         Reviewed by Filip Pizlo.
636
637         The RegExp code cache was created for the sake of simple loops that
638         re-created the same RegExps. It's reasonable to delete it periodically.
639
640         * heap/Heap.cpp:
641         (JSC::Heap::deleteOldCode):
642
643 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
644
645         RegExpCache::finalize should not delete code
646         https://bugs.webkit.org/show_bug.cgi?id=147987
647
648         Reviewed by Mark Lam.
649
650         The RegExp object already knows how to delete its own code in its
651         destructor. Our job is just to clear our stale pointer.
652
653         * runtime/RegExpCache.cpp:
654         (JSC::RegExpCache::finalize):
655         (JSC::RegExpCache::addToStrongCache):
656
657 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
658
659         Standardize on the phrase "delete code"
660         https://bugs.webkit.org/show_bug.cgi?id=147984
661
662         Reviewed by Mark Lam.
663
664         Use "delete" when we talk about throwing away code, as opposed to
665         "invalidate" or "discard".
666
667         * debugger/Debugger.cpp:
668         (JSC::Debugger::forEachCodeBlock):
669         (JSC::Debugger::setSteppingMode):
670         (JSC::Debugger::recompileAllJSFunctions):
671         * heap/Heap.cpp:
672         (JSC::Heap::deleteAllCompiledCode):
673         * inspector/agents/InspectorRuntimeAgent.cpp:
674         (Inspector::recompileAllJSFunctionsForTypeProfiling):
675         * runtime/RegExp.cpp:
676         (JSC::RegExp::match):
677         (JSC::RegExp::deleteCode):
678         (JSC::RegExp::invalidateCode): Deleted.
679         * runtime/RegExp.h:
680         * runtime/RegExpCache.cpp:
681         (JSC::RegExpCache::finalize):
682         (JSC::RegExpCache::addToStrongCache):
683         (JSC::RegExpCache::deleteAllCode):
684         (JSC::RegExpCache::invalidateCode): Deleted.
685         * runtime/RegExpCache.h:
686         * runtime/VM.cpp:
687         (JSC::VM::stopSampling):
688         (JSC::VM::prepareToDeleteCode):
689         (JSC::VM::deleteAllCode):
690         (JSC::VM::setEnabledProfiler):
691         (JSC::VM::prepareToDiscardCode): Deleted.
692         (JSC::VM::discardAllCode): Deleted.
693         * runtime/VM.h:
694         (JSC::VM::apiLock):
695         (JSC::VM::codeCache):
696         * runtime/Watchdog.cpp:
697         (JSC::Watchdog::setTimeLimit):
698
699 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
700
701         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
702         https://bugs.webkit.org/show_bug.cgi?id=147930
703
704         Reviewed by Saam Barati.
705
706         When the passed prototype object to be set is the same to the existing
707         prototype object, [[SetPrototypeOf]] just finishes its operation even
708         if the extensibility of the target object is `false`.
709
710         * runtime/JSGlobalObjectFunctions.cpp:
711         (JSC::globalFuncProtoSetter):
712         * runtime/ObjectConstructor.cpp:
713         (JSC::objectConstructorSetPrototypeOf):
714         * runtime/ReflectObject.cpp:
715         (JSC::reflectObjectSetPrototypeOf):
716         * tests/stress/set-same-prototype.js: Added.
717         (shouldBe):
718         (shouldThrow):
719
720 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
721
722         Removed clearEvalCodeCache()
723         https://bugs.webkit.org/show_bug.cgi?id=147957
724
725         Reviewed by Filip Pizlo.
726
727         It was unused.
728
729         * bytecode/CodeBlock.cpp:
730         (JSC::CodeBlock::linkIncomingCall):
731         (JSC::CodeBlock::install):
732         (JSC::CodeBlock::clearEvalCache): Deleted.
733         * bytecode/CodeBlock.h:
734         (JSC::CodeBlock::numberOfJumpTargets):
735         (JSC::CodeBlock::jumpTarget):
736         (JSC::CodeBlock::numberOfArgumentValueProfiles):
737
738 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
739
740         [ES6] Implement Reflect.defineProperty
741         https://bugs.webkit.org/show_bug.cgi?id=147943
742
743         Reviewed by Saam Barati.
744
745         This patch implements Reflect.defineProperty.
746         The difference from the Object.defineProperty is,
747
748         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
749         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
750         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
751
752         And this patch comments the links to the ES6 spec.
753
754         * builtins/ReflectObject.js:
755         * runtime/ObjectConstructor.cpp:
756         (JSC::toPropertyDescriptor):
757         * runtime/ObjectConstructor.h:
758         * runtime/ReflectObject.cpp:
759         (JSC::reflectObjectDefineProperty):
760         * tests/stress/reflect-define-property.js: Added.
761         (shouldBe):
762         (shouldThrow):
763         (.set getter):
764         (setter):
765         (.get testDescriptor):
766         (.set get var):
767         (.set testDescriptor):
768         (.set get testDescriptor):
769         (.set get shouldThrow):
770         (.get var):
771
772 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
773
774         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
775         https://bugs.webkit.org/show_bug.cgi?id=147950
776
777         Reviewed by Michael Saboff.
778
779         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
780         responsible for memory corruption, since it would sometimes install watchpoints on structures that
781         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
782         entirely since later phases also do constant folding, and they do it without introducing the bug.
783         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
784         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
785         be maximally aggressive in constant-folding whenever possible.
786
787         So, this change now brings back that constant folding rule - for loads from object constants that
788         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
789         tryGetConstantProperty() if we have registered the structure set.
790
791         * dfg/DFGByteCodeParser.cpp:
792         (JSC::DFG::ByteCodeParser::load):
793
794 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
795
796         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
797         https://bugs.webkit.org/show_bug.cgi?id=147353
798
799         Reviewed by Geoffrey Garen.
800
801         This patch implements ModuleRecord and ModuleAnalyzer.
802         ModuleAnalyzer analyzes the produced AST from the parser.
803         By collaborating with the parser, ModuleAnalyzer collects the information
804         that is necessary to request the loading for the dependent modules and
805         construct module's environment and namespace object before executing the actual
806         module body.
807
808         In the parser, we annotate which variable is imported binding and which variable
809         is exported from the current module. This information is leveraged in the ModuleAnalyzer
810         to categorize the export entries.
811
812         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
813         instead of introducing a new TreeContext type. This is because only 2 users use the
814         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
815         enough to switch the context to the SyntaxChecker when parsing the non-module related
816         statement in the preparsing phase.
817
818         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
819         into the JSC shell. By specifying this, the result of analysis is dumped when the module
820         is parsed and analyzed.
821
822         * CMakeLists.txt:
823         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
824         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
825         * JavaScriptCore.xcodeproj/project.pbxproj:
826         * builtins/BuiltinNames.h:
827         * parser/ASTBuilder.h:
828         (JSC::ASTBuilder::createExportDefaultDeclaration):
829         * parser/ModuleAnalyzer.cpp: Added.
830         (JSC::ModuleAnalyzer::ModuleAnalyzer):
831         (JSC::ModuleAnalyzer::exportedBinding):
832         (JSC::ModuleAnalyzer::declareExportAlias):
833         (JSC::ModuleAnalyzer::exportVariable):
834         (JSC::ModuleAnalyzer::analyze):
835         * parser/ModuleAnalyzer.h: Added.
836         (JSC::ModuleAnalyzer::vm):
837         (JSC::ModuleAnalyzer::moduleRecord):
838         * parser/ModuleRecord.cpp: Added.
839         (JSC::printableName):
840         (JSC::ModuleRecord::dump):
841         * parser/ModuleRecord.h: Added.
842         (JSC::ModuleRecord::ImportEntry::isNamespace):
843         (JSC::ModuleRecord::create):
844         (JSC::ModuleRecord::appendRequestedModule):
845         (JSC::ModuleRecord::addImportEntry):
846         (JSC::ModuleRecord::addExportEntry):
847         (JSC::ModuleRecord::addStarExportEntry):
848         * parser/NodeConstructors.h:
849         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
850         (JSC::ImportDeclarationNode::ImportDeclarationNode):
851         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
852         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
853         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
854         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
855         * parser/Nodes.h:
856         (JSC::ExportDefaultDeclarationNode::localName):
857         * parser/NodesAnalyzeModule.cpp: Added.
858         (JSC::ScopeNode::analyzeModule):
859         (JSC::SourceElements::analyzeModule):
860         (JSC::ImportDeclarationNode::analyzeModule):
861         (JSC::ExportAllDeclarationNode::analyzeModule):
862         (JSC::ExportDefaultDeclarationNode::analyzeModule):
863         (JSC::ExportLocalDeclarationNode::analyzeModule):
864         (JSC::ExportNamedDeclarationNode::analyzeModule):
865         * parser/Parser.cpp:
866         (JSC::Parser<LexerType>::parseInner):
867         (JSC::Parser<LexerType>::parseModuleSourceElements):
868         (JSC::Parser<LexerType>::parseVariableDeclarationList):
869         (JSC::Parser<LexerType>::createBindingPattern):
870         (JSC::Parser<LexerType>::parseFunctionDeclaration):
871         (JSC::Parser<LexerType>::parseClassDeclaration):
872         (JSC::Parser<LexerType>::parseImportClauseItem):
873         (JSC::Parser<LexerType>::parseExportSpecifier):
874         (JSC::Parser<LexerType>::parseExportDeclaration):
875         * parser/Parser.h:
876         (JSC::Scope::lexicalVariables):
877         (JSC::Scope::declareLexicalVariable):
878         (JSC::Parser::declareVariable):
879         (JSC::Parser::exportName):
880         (JSC::Parser<LexerType>::parse):
881         (JSC::parse):
882         * parser/ParserModes.h:
883         * parser/SyntaxChecker.h:
884         (JSC::SyntaxChecker::createExportDefaultDeclaration):
885         * parser/VariableEnvironment.cpp:
886         (JSC::VariableEnvironment::markVariableAsImported):
887         (JSC::VariableEnvironment::markVariableAsExported):
888         * parser/VariableEnvironment.h:
889         (JSC::VariableEnvironmentEntry::isExported):
890         (JSC::VariableEnvironmentEntry::isImported):
891         (JSC::VariableEnvironmentEntry::setIsExported):
892         (JSC::VariableEnvironmentEntry::setIsImported):
893         * runtime/CommonIdentifiers.h:
894         * runtime/Completion.cpp:
895         (JSC::checkModuleSyntax):
896         * runtime/Options.h:
897
898 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
899
900         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
901
902         * jit/ExecutableAllocator.h:
903         * jsc.cpp:
904         (GlobalObject::finishCreation):
905         (functionAddressOf):
906         (functionVersion):
907         (functionReleaseExecutableMemory): Deleted.
908         * runtime/VM.cpp:
909         (JSC::StackPreservingRecompiler::operator()):
910         (JSC::VM::throwException):
911         (JSC::VM::updateFTLLargestStackSize):
912         (JSC::VM::gatherConservativeRoots):
913         (JSC::VM::releaseExecutableMemory): Deleted.
914         (JSC::releaseExecutableMemory): Deleted.
915         * runtime/VM.h:
916         (JSC::VM::isCollectorBusy):
917         * runtime/Watchdog.cpp:
918         (JSC::Watchdog::setTimeLimit):
919
920 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
921
922         Roll out r188339, which broke the build.
923
924         Unreviewed.
925
926         * jit/ExecutableAllocator.h:
927         * jsc.cpp:
928         (GlobalObject::finishCreation):
929         (functionReleaseExecutableMemory):
930         * runtime/VM.cpp:
931         (JSC::StackPreservingRecompiler::visit):
932         (JSC::StackPreservingRecompiler::operator()):
933         (JSC::VM::releaseExecutableMemory):
934         (JSC::releaseExecutableMemory):
935         * runtime/VM.h:
936         * runtime/Watchdog.cpp:
937         (JSC::Watchdog::setTimeLimit):
938
939 2015-08-12  Alex Christensen  <achristensen@webkit.org>
940
941         Fix Debug CMake builds on Windows
942         https://bugs.webkit.org/show_bug.cgi?id=147940
943
944         Reviewed by Chris Dumez.
945
946         * PlatformWin.cmake:
947         Copy the plist to the JavaScriptCore.resources directory.
948
949 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
950
951         Remove VM::releaseExecutableMemory
952         https://bugs.webkit.org/show_bug.cgi?id=147915
953
954         Reviewed by Saam Barati.
955
956         releaseExecutableMemory() was only used in one place, where discardAllCode()
957         would work just as well.
958
959         It's confusing to have two slightly different ways to discard code. Also,
960         releaseExecutableMemory() is unused in any production code, and it seems
961         to have bit-rotted.
962
963         * jit/ExecutableAllocator.h:
964         * jsc.cpp:
965         (GlobalObject::finishCreation):
966         (functionAddressOf):
967         (functionVersion):
968         (functionReleaseExecutableMemory): Deleted.
969         * runtime/VM.cpp:
970         (JSC::StackPreservingRecompiler::operator()):
971         (JSC::VM::throwException):
972         (JSC::VM::updateFTLLargestStackSize):
973         (JSC::VM::gatherConservativeRoots):
974         (JSC::VM::releaseExecutableMemory): Deleted.
975         (JSC::releaseExecutableMemory): Deleted.
976         * runtime/VM.h:
977         (JSC::VM::isCollectorBusy):
978         * runtime/Watchdog.cpp:
979         (JSC::Watchdog::setTimeLimit):
980
981 2015-08-12  Mark Lam  <mark.lam@apple.com>
982
983         Add a JSC option to enable the watchdog for testing.
984         https://bugs.webkit.org/show_bug.cgi?id=147939
985
986         Reviewed by Michael Saboff.
987
988         * API/JSContextRef.cpp:
989         (JSContextGroupSetExecutionTimeLimit):
990         (createWatchdogIfNeeded): Deleted.
991         * runtime/Options.h:
992         * runtime/VM.cpp:
993         (JSC::VM::VM):
994         (JSC::VM::~VM):
995         (JSC::VM::sharedInstanceInternal):
996         (JSC::VM::ensureWatchdog):
997         (JSC::thunkGeneratorForIntrinsic):
998         * runtime/VM.h:
999
1000 2015-08-11  Mark Lam  <mark.lam@apple.com>
1001
1002         Implementation JavaScript watchdog using WTF::WorkQueue.
1003         https://bugs.webkit.org/show_bug.cgi?id=147107
1004
1005         Reviewed by Geoffrey Garen.
1006
1007         How the Watchdog works?
1008         ======================
1009
1010         1. When do we start the Watchdog?
1011            =============================
1012            The watchdog should only be started if both the following conditions are true:
1013            1. A time limit has been set.
1014            2. We have entered the VM.
1015  
1016         2. CPU time vs Wall Clock time
1017            ===========================
1018            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
1019
1020            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
1021            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
1022            indicates the wall clock time point when the WorkQueue timer is expected to fire.
1023
1024            The time limit for which we allow JS code to run should be measured in CPU time, which can
1025            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
1026            should fire.
1027
1028            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
1029            we need to check if m_cpuDeadline has been reached.
1030
1031            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
1032
1033            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
1034            code to continue to run for.  Hence, we need to start a new timer to fire again after
1035            Tremainder microseconds.
1036     
1037            See Watchdog::didFireSlow().
1038
1039         3. Spurious wake ups
1040            =================
1041            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
1042            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
1043            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
1044            wake ups are considered to be spurious and will be ignored.
1045  
1046            See Watchdog::didFireSlow().
1047  
1048         4. Minimizing Timer creation cost
1049            ==============================
1050            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
1051            than this.
1052  
1053            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
1054            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
1055            time limit. Consider the following example:
1056  
1057                |---|-----|---|----------------|---------|
1058                t0  t1    t2  t3            t0 + L    t2 + L 
1059
1060                |<--- T1 --------------------->|
1061                          |<--- T2 --------------------->|
1062                |<-- Td ->|                    |<-- Td ->|
1063
1064            1. The user initializes the watchdog with time limit L.
1065            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
1066               The timer is set to expire at t0 + L.
1067            3. At t1, we exit the VM.
1068            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
1069          
1070               However, we can note that the expiration time for T2 would be after the expiration time
1071               of T1. Specifically, T2 would have expired at Td after T1 expires.
1072          
1073               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
1074               for a period or Td instead.
1075
1076            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
1077            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
1078            automatically take care of starting a new timer for the difference Td in the example above.
1079            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
1080            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
1081
1082            The benefit:
1083
1084            1. we minimize the number of timer instances we have queued in the workqueue at the same time
1085               (ideally only 1 or 0), and use less peak memory usage.
1086
1087            2. we minimize the frequency of instantiating timer instances. By waiting for the current
1088               active timer to expire first, on average, we get to start one timer per time limit
1089               (which is infrequent because time limits tend to be long) instead of one timer per
1090               VM entry (which tends to be frequent).
1091
1092            See Watchdog::startTimer().
1093
1094         * API/JSContextRef.cpp:
1095         (createWatchdogIfNeeded):
1096         (JSContextGroupClearExecutionTimeLimit):
1097         - No need to create the watchdog (if not already created) just to clear it.
1098           If the watchdog is not created yet, then it is effectively cleared.
1099
1100         * API/tests/ExecutionTimeLimitTest.cpp:
1101         (currentCPUTimeAsJSFunctionCallback):
1102         (testExecutionTimeLimit):
1103         (currentCPUTime): Deleted.
1104         * API/tests/testapi.c:
1105         (main):
1106         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1107         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
1108         - Enable watchdog tests for all platforms.
1109
1110         * CMakeLists.txt:
1111         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1112         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1113         * JavaScriptCore.xcodeproj/project.pbxproj:
1114         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
1115
1116         * PlatformEfl.cmake:
1117
1118         * dfg/DFGByteCodeParser.cpp:
1119         (JSC::DFG::ByteCodeParser::parseBlock):
1120         * dfg/DFGSpeculativeJIT32_64.cpp:
1121         * dfg/DFGSpeculativeJIT64.cpp:
1122         * interpreter/Interpreter.cpp:
1123         (JSC::Interpreter::execute):
1124         (JSC::Interpreter::executeCall):
1125         (JSC::Interpreter::executeConstruct):
1126         * jit/JITOpcodes.cpp:
1127         (JSC::JIT::emit_op_loop_hint):
1128         (JSC::JIT::emitSlow_op_loop_hint):
1129         * jit/JITOperations.cpp:
1130         * llint/LLIntOffsetsExtractor.cpp:
1131         * llint/LLIntSlowPaths.cpp:
1132         * runtime/VM.cpp:
1133         - #include Watchdog.h in these files directly instead of doing it via VM.h.
1134           These saves us from having to recompile the world when we change Watchdog.h.
1135
1136         * runtime/VM.h:
1137         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
1138           thread-safe ref counted.
1139
1140         * runtime/VMEntryScope.cpp:
1141         (JSC::VMEntryScope::VMEntryScope):
1142         (JSC::VMEntryScope::~VMEntryScope):
1143         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
1144           Instead, the VMEntryScope will inform the watchdog of when we have entered and
1145           exited the VM.
1146
1147         * runtime/Watchdog.cpp:
1148         (JSC::currentWallClockTime):
1149         (JSC::Watchdog::Watchdog):
1150         (JSC::Watchdog::hasStartedTimer):
1151         (JSC::Watchdog::setTimeLimit):
1152         (JSC::Watchdog::didFireSlow):
1153         (JSC::Watchdog::hasTimeLimit):
1154         (JSC::Watchdog::fire):
1155         (JSC::Watchdog::enteredVM):
1156         (JSC::Watchdog::exitedVM):
1157
1158         (JSC::Watchdog::startTimer):
1159         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
1160           (from a different thread) even after the VM shuts down.  We need to keep it
1161           alive until the WorkQueue callback completes.
1162
1163           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
1164           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
1165           is done with it.  This ensures that the Watchdog is kept alive until all
1166           WorkQueue callbacks are done.
1167
1168         (JSC::Watchdog::stopTimer):
1169         (JSC::Watchdog::~Watchdog): Deleted.
1170         (JSC::Watchdog::didFire): Deleted.
1171         (JSC::Watchdog::isEnabled): Deleted.
1172         (JSC::Watchdog::arm): Deleted.
1173         (JSC::Watchdog::disarm): Deleted.
1174         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
1175         (JSC::Watchdog::startCountdown): Deleted.
1176         (JSC::Watchdog::stopCountdown): Deleted.
1177         * runtime/Watchdog.h:
1178         (JSC::Watchdog::didFire):
1179         (JSC::Watchdog::timerDidFireAddress):
1180         (JSC::Watchdog::isArmed): Deleted.
1181         (JSC::Watchdog::Scope::Scope): Deleted.
1182         (JSC::Watchdog::Scope::~Scope): Deleted.
1183         * runtime/WatchdogMac.cpp:
1184         (JSC::Watchdog::initTimer): Deleted.
1185         (JSC::Watchdog::destroyTimer): Deleted.
1186         (JSC::Watchdog::startTimer): Deleted.
1187         (JSC::Watchdog::stopTimer): Deleted.
1188         * runtime/WatchdogNone.cpp:
1189         (JSC::Watchdog::initTimer): Deleted.
1190         (JSC::Watchdog::destroyTimer): Deleted.
1191         (JSC::Watchdog::startTimer): Deleted.
1192         (JSC::Watchdog::stopTimer): Deleted.
1193
1194 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1195
1196         Always use a byte-sized lock implementation
1197         https://bugs.webkit.org/show_bug.cgi?id=147908
1198
1199         Reviewed by Geoffrey Garen.
1200
1201         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
1202
1203 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
1204
1205         Make ASan build not depend on asan.xcconfig
1206         https://bugs.webkit.org/show_bug.cgi?id=147840
1207         rdar://problem/21093702
1208
1209         Reviewed by Daniel Bates.
1210
1211         * dfg/DFGOSREntry.cpp:
1212         (JSC::DFG::OSREntryData::dump):
1213         (JSC::DFG::prepareOSREntry):
1214         * ftl/FTLOSREntry.cpp:
1215         (JSC::FTL::prepareOSREntry):
1216         * heap/ConservativeRoots.cpp:
1217         (JSC::ConservativeRoots::genericAddPointer):
1218         (JSC::ConservativeRoots::genericAddSpan):
1219         * heap/MachineStackMarker.cpp:
1220         (JSC::MachineThreads::removeThreadIfFound):
1221         (JSC::MachineThreads::gatherFromCurrentThread):
1222         (JSC::MachineThreads::Thread::captureStack):
1223         (JSC::copyMemory):
1224         * interpreter/Register.h:
1225         (JSC::Register::operator=):
1226         (JSC::Register::asanUnsafeJSValue):
1227         (JSC::Register::jsValue):
1228
1229 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1230
1231         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1232         https://bugs.webkit.org/show_bug.cgi?id=147480
1233
1234         Reviewed by Filip Pizlo.
1235
1236         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1237         The IC site only caches one id. After checking that the given id is the same to the
1238         cached one, we perform the get_by_id IC onto it.
1239         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1240         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1241         operations when the given get_by_val leverages the property load with the cached id.
1242
1243         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1244         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1245         This can be leveraged to optimize symbol operations in DFG.
1246
1247         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1248         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1249         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1250         argument ArrayProfile* in the operations with ByValInfo*.
1251
1252         * bytecode/ByValInfo.h:
1253         (JSC::ByValInfo::ByValInfo):
1254         * bytecode/CodeBlock.cpp:
1255         (JSC::CodeBlock::getByValInfoMap):
1256         (JSC::CodeBlock::addByValInfo):
1257         * bytecode/CodeBlock.h:
1258         (JSC::CodeBlock::getByValInfo): Deleted.
1259         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1260         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1261         (JSC::CodeBlock::byValInfo): Deleted.
1262         * bytecode/ExitKind.cpp:
1263         (JSC::exitKindToString):
1264         * bytecode/ExitKind.h:
1265         * bytecode/GetByIdStatus.cpp:
1266         (JSC::GetByIdStatus::computeFor):
1267         (JSC::GetByIdStatus::computeForStubInfo):
1268         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1269         * bytecode/GetByIdStatus.h:
1270         * dfg/DFGAbstractInterpreterInlines.h:
1271         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1272         * dfg/DFGByteCodeParser.cpp:
1273         (JSC::DFG::ByteCodeParser::parseBlock):
1274         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1275         * dfg/DFGClobberize.h:
1276         (JSC::DFG::clobberize):
1277         * dfg/DFGConstantFoldingPhase.cpp:
1278         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1279         * dfg/DFGDoesGC.cpp:
1280         (JSC::DFG::doesGC):
1281         * dfg/DFGFixupPhase.cpp:
1282         (JSC::DFG::FixupPhase::fixupNode):
1283         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1284         * dfg/DFGNode.h:
1285         (JSC::DFG::Node::hasUidOperand):
1286         (JSC::DFG::Node::uidOperand):
1287         * dfg/DFGNodeType.h:
1288         * dfg/DFGPredictionPropagationPhase.cpp:
1289         (JSC::DFG::PredictionPropagationPhase::propagate):
1290         * dfg/DFGSafeToExecute.h:
1291         (JSC::DFG::SafeToExecuteEdge::operator()):
1292         (JSC::DFG::safeToExecute):
1293         * dfg/DFGSpeculativeJIT.cpp:
1294         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1295         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1296         (JSC::DFG::SpeculativeJIT::speculate):
1297         * dfg/DFGSpeculativeJIT.h:
1298         * dfg/DFGSpeculativeJIT32_64.cpp:
1299         (JSC::DFG::SpeculativeJIT::compile):
1300         * dfg/DFGSpeculativeJIT64.cpp:
1301         (JSC::DFG::SpeculativeJIT::compile):
1302         * dfg/DFGUseKind.cpp:
1303         (WTF::printInternal):
1304         * dfg/DFGUseKind.h:
1305         (JSC::DFG::typeFilterFor):
1306         (JSC::DFG::isCell):
1307         * ftl/FTLAbstractHeapRepository.h:
1308         * ftl/FTLCapabilities.cpp:
1309         (JSC::FTL::canCompile):
1310         * ftl/FTLLowerDFGToLLVM.cpp:
1311         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1312         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1313         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1314         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1315         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1316         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1317         * jit/JIT.cpp:
1318         (JSC::JIT::privateCompile):
1319         * jit/JIT.h:
1320         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1321         (JSC::JIT::compileGetByValWithCachedId):
1322         * jit/JITInlines.h:
1323         (JSC::JIT::callOperation):
1324         * jit/JITOpcodes.cpp:
1325         (JSC::JIT::emit_op_has_indexed_property):
1326         (JSC::JIT::emitSlow_op_has_indexed_property):
1327         * jit/JITOpcodes32_64.cpp:
1328         (JSC::JIT::emit_op_has_indexed_property):
1329         (JSC::JIT::emitSlow_op_has_indexed_property):
1330         * jit/JITOperations.cpp:
1331         (JSC::getByVal):
1332         * jit/JITOperations.h:
1333         * jit/JITPropertyAccess.cpp:
1334         (JSC::JIT::emit_op_get_by_val):
1335         (JSC::JIT::emitGetByValWithCachedId):
1336         (JSC::JIT::emitSlow_op_get_by_val):
1337         (JSC::JIT::emit_op_put_by_val):
1338         (JSC::JIT::emitSlow_op_put_by_val):
1339         (JSC::JIT::privateCompileGetByVal):
1340         (JSC::JIT::privateCompileGetByValWithCachedId):
1341         * jit/JITPropertyAccess32_64.cpp:
1342         (JSC::JIT::emit_op_get_by_val):
1343         (JSC::JIT::emitGetByValWithCachedId):
1344         (JSC::JIT::emitSlow_op_get_by_val):
1345         (JSC::JIT::emit_op_put_by_val):
1346         (JSC::JIT::emitSlow_op_put_by_val):
1347         * runtime/Symbol.h:
1348         * tests/stress/get-by-val-with-string-constructor.js: Added.
1349         (Hello):
1350         (get Hello.prototype.generate):
1351         (ok):
1352         * tests/stress/get-by-val-with-string-exit.js: Added.
1353         (shouldBe):
1354         (getByVal):
1355         (getStr1):
1356         (getStr2):
1357         * tests/stress/get-by-val-with-string-generated.js: Added.
1358         (shouldBe):
1359         (getByVal):
1360         (getStr1):
1361         (getStr2):
1362         * tests/stress/get-by-val-with-string-getter.js: Added.
1363         (object.get hello):
1364         (ok):
1365         * tests/stress/get-by-val-with-string.js: Added.
1366         (shouldBe):
1367         (getByVal):
1368         (getStr1):
1369         (getStr2):
1370         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1371         (Hello):
1372         (get Hello.prototype.generate):
1373         (ok):
1374         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1375         (shouldBe):
1376         (getByVal):
1377         (getSym1):
1378         (getSym2):
1379         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1380         (object.get hello):
1381         (.get ok):
1382         * tests/stress/get-by-val-with-symbol.js: Added.
1383         (shouldBe):
1384         (getByVal):
1385         (getSym1):
1386         (getSym2):
1387
1388 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
1389
1390         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
1391         https://bugs.webkit.org/show_bug.cgi?id=147891
1392         rdar://problem/22129447
1393
1394         Reviewed by Mark Lam.
1395
1396         * dfg/DFGByteCodeParser.cpp:
1397         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
1398         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
1399         * dfg/DFGGraph.cpp:
1400         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
1401         * dfg/DFGStructureRegistrationPhase.cpp:
1402         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
1403
1404 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1405
1406         [Win] Switch Windows build to Visual Studio 2015
1407         https://bugs.webkit.org/show_bug.cgi?id=147887
1408         <rdar://problem/22235098>
1409
1410         Reviewed by Alex Christensen.
1411
1412         Update Visual Studio project file settings to use the current Visual
1413         Studio and compiler. Continue targeting binaries to run on our minimum
1414         supported configuration of Windows 7.
1415
1416         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1417         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
1418         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
1419         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
1420         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
1421         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
1422         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
1423         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
1424         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
1425         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
1426         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
1427         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
1428
1429 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
1430
1431         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
1432         https://bugs.webkit.org/show_bug.cgi?id=147665
1433
1434         Reviewed by Mark Lam.
1435
1436         Replace ByteSpinLock with ByteLock.
1437
1438         * runtime/ConcurrentJITLock.h:
1439
1440 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1441
1442         Numeric setter on prototype doesn't get called.
1443         https://bugs.webkit.org/show_bug.cgi?id=144252
1444
1445         Reviewed by Darin Adler.
1446
1447         When switching the blank indexing type to the other one in putByIndex,
1448         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
1449         it to the slow put indexing type and reloop the putByIndex since there may
1450         be some indexing accessor in the prototype chain. Previously, we just set
1451         the value into the allocated vector.
1452
1453         In the putDirectIndex case, we just store the value to the vector.
1454         This is because putDirectIndex is the operation to store the own property
1455         and it does not check the accessors in the prototype chain.
1456
1457         * runtime/JSObject.cpp:
1458         (JSC::JSObject::putByIndexBeyondVectorLength):
1459         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
1460         (shouldBe):
1461         (Trace):
1462         (Trace.prototype.trace):
1463         (Trace.prototype.get count):
1464         (.):
1465         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
1466         (shouldBe):
1467         (Trace):
1468         (Trace.prototype.trace):
1469         (Trace.prototype.get count):
1470         (.):
1471         * tests/stress/numeric-setter-on-prototype.js: Added.
1472         (shouldBe):
1473         (Trace):
1474         (Trace.prototype.trace):
1475         (Trace.prototype.get count):
1476         (.z.__proto__.set 3):
1477         * tests/stress/numeric-setter-on-self.js: Added.
1478         (shouldBe):
1479         (Trace):
1480         (Trace.prototype.trace):
1481         (Trace.prototype.get count):
1482         (.y.set 2):
1483
1484 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1485
1486         [Win] Unreviewed gardening.
1487
1488         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
1489         file references so they appear in the proper IDE locations.
1490
1491 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
1492
1493         Unreviewed windows build fix for VS2015.
1494
1495         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
1496
1497 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1498
1499         [ES6] Implement Reflect.has
1500         https://bugs.webkit.org/show_bug.cgi?id=147875
1501
1502         Reviewed by Sam Weinig.
1503
1504         This patch implements Reflect.has[1].
1505         Since the semantics is the same to the `in` operator in the JS[2],
1506         we can implement it in builtin JS code.
1507
1508         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
1509         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
1510
1511         * builtins/ReflectObject.js:
1512         (has):
1513         * runtime/ReflectObject.cpp:
1514         * tests/stress/reflect-has.js: Added.
1515         (shouldBe):
1516         (shouldThrow):
1517
1518 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1519
1520         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
1521         https://bugs.webkit.org/show_bug.cgi?id=147874
1522
1523         Reviewed by Darin Adler.
1524
1525         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
1526         The difference from the Object.* one is
1527
1528         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
1529         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
1530
1531         * runtime/ObjectConstructor.cpp:
1532         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
1533         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
1534         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
1535         (JSC::objectConstructorGetPrototypeOf):
1536         * runtime/ObjectConstructor.h:
1537         * runtime/ReflectObject.cpp:
1538         (JSC::reflectObjectGetPrototypeOf):
1539         (JSC::reflectObjectSetPrototypeOf):
1540         * tests/stress/reflect-get-prototype-of.js: Added.
1541         (shouldBe):
1542         (shouldThrow):
1543         (Base):
1544         (Derived):
1545         * tests/stress/reflect-set-prototype-of.js: Added.
1546         (shouldBe):
1547         (shouldThrow):
1548
1549 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
1550
1551         Fix debug build when optimization is enabled
1552         https://bugs.webkit.org/show_bug.cgi?id=147816
1553
1554         Reviewed by Alexey Proskuryakov.
1555
1556         * llint/LLIntEntrypoint.cpp:
1557         * runtime/FunctionExecutableDump.cpp:
1558
1559 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1560
1561         Ensure that Reflect.enumerate does not produce the deleted keys
1562         https://bugs.webkit.org/show_bug.cgi?id=147677
1563
1564         Reviewed by Darin Adler.
1565
1566         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
1567
1568         * tests/stress/reflect-enumerate.js:
1569
1570 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
1571
1572         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
1573         https://bugs.webkit.org/show_bug.cgi?id=147856
1574
1575         Reviewed by Saam Barati.
1576
1577         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
1578
1579         * CMakeLists.txt:
1580         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1581         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1582         * JavaScriptCore.xcodeproj/project.pbxproj:
1583         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1584         (JSC::ExecutableInfo::ExecutableInfo):
1585         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1586         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1587         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1588         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1589         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1590         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1591         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1592         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1593         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1594         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1595         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1596         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1597         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1598         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1599         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1600         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1601         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1602         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1603         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1604         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1605         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1606         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1607         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1608         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1609         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1610         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1611         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1612         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1613         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1614         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1615         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1616         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1617         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1618         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1619         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1620         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1621         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1622         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1623         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1624         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1625         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1626         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1627         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1628         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1629         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1630         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1631         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1632         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1633         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1634         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1635         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1636         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1637         (JSC::UnlinkedCodeBlock::vm): Deleted.
1638         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1639         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1640         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1641         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1642         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1643         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1644         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1645         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1646         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1647         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1648         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1649         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1650         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1651         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1652         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1653         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1654         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1655         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1656         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1657         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1658         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1659         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1660         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1661         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1662         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1663         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1664         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1665         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1666         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1667         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1668         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1669         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1670         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1671         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1672         * bytecode/UnlinkedCodeBlock.cpp:
1673         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1674         (JSC::generateFunctionCodeBlock): Deleted.
1675         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
1676         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
1677         (JSC::UnlinkedFunctionExecutable::link): Deleted.
1678         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
1679         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
1680         * bytecode/UnlinkedCodeBlock.h:
1681         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1682         (JSC::ExecutableInfo::needsActivation): Deleted.
1683         (JSC::ExecutableInfo::usesEval): Deleted.
1684         (JSC::ExecutableInfo::isStrictMode): Deleted.
1685         (JSC::ExecutableInfo::isConstructor): Deleted.
1686         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1687         (JSC::ExecutableInfo::constructorKind): Deleted.
1688         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
1689         (JSC::generateFunctionCodeBlock):
1690         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1691         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
1692         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
1693         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
1694         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
1695         (JSC::dumpLineColumnEntry): Deleted.
1696         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
1697         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
1698         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
1699         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
1700         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
1701         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
1702         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
1703         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
1704         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
1705         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
1706         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
1707         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
1708         (JSC::UnlinkedCodeBlock::instructions): Deleted.
1709         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
1710         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
1711         (JSC::ExecutableInfo::needsActivation): Deleted.
1712         (JSC::ExecutableInfo::usesEval): Deleted.
1713         (JSC::ExecutableInfo::isStrictMode): Deleted.
1714         (JSC::ExecutableInfo::isConstructor): Deleted.
1715         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
1716         (JSC::ExecutableInfo::constructorKind): Deleted.
1717         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
1718         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1719         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1720         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1721         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1722         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1723         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1724         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1725         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1726         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1727         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1728         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1729         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1730         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1731         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1732         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1733         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1734         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1735         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1736         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1737         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1738         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1739         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1740         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1741         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1742         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1743         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1744         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1745         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1746         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1747         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1748         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1749         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1750         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1751         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1752         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1753         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1754         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1755         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1756         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1757         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1758         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1759         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1760         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1761         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1762         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1763         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1764         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1765         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1766         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1767         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1768         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1769         (JSC::UnlinkedCodeBlock::vm): Deleted.
1770         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1771         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1772         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1773         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1774         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1775         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1776         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1777         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1778         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1779         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1780         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1781         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1782         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1783         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1784         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1785         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1786         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1787         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1788         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1789         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1790         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1791         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1792         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1793         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1794         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1795         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1796         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1797         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1798         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1799         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1800         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1801         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1802         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1803         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1804         * runtime/Executable.h:
1805
1806 2015-08-10  Mark Lam  <mark.lam@apple.com>
1807
1808         Refactor LiveObjectList and LiveObjectData into their own files.
1809         https://bugs.webkit.org/show_bug.cgi?id=147843
1810
1811         Reviewed by Saam Barati.
1812
1813         There is no behavior change in this patch.
1814
1815         * CMakeLists.txt:
1816         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1817         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1818         * JavaScriptCore.xcodeproj/project.pbxproj:
1819         * heap/HeapVerifier.cpp:
1820         (JSC::HeapVerifier::HeapVerifier):
1821         (JSC::LiveObjectList::findObject): Deleted.
1822         * heap/HeapVerifier.h:
1823         (JSC::LiveObjectData::LiveObjectData): Deleted.
1824         (JSC::LiveObjectList::LiveObjectList): Deleted.
1825         (JSC::LiveObjectList::reset): Deleted.
1826         * heap/LiveObjectData.h: Added.
1827         (JSC::LiveObjectData::LiveObjectData):
1828         * heap/LiveObjectList.cpp: Added.
1829         (JSC::LiveObjectList::findObject):
1830         * heap/LiveObjectList.h: Added.
1831         (JSC::LiveObjectList::LiveObjectList):
1832         (JSC::LiveObjectList::reset):
1833
1834 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1835
1836         Let's rename FunctionBodyNode
1837         https://bugs.webkit.org/show_bug.cgi?id=147292
1838
1839         Reviewed by Mark Lam & Saam Barati.
1840
1841         FunctionBodyNode => FunctionMetadataNode
1842
1843         Make FunctionMetadataNode inherit from Node instead of StatementNode
1844         because a FunctionMetadataNode can appear in expression context and does
1845         not have a next statement.
1846
1847         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1848         and to retain "Node" in its name, because it really is a parsing
1849         construct, and we transform its data before consuming it elsewhere.
1850
1851         There is still room for a future patch to distill and simplify the
1852         metadata we track about functions between FunDeclNode/FuncExprNode,
1853         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1854
1855         * builtins/BuiltinExecutables.cpp:
1856         (JSC::BuiltinExecutables::createExecutableInternal):
1857         * bytecode/UnlinkedCodeBlock.cpp:
1858         (JSC::generateFunctionCodeBlock):
1859         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1860         * bytecode/UnlinkedCodeBlock.h:
1861         * bytecompiler/BytecodeGenerator.cpp:
1862         (JSC::BytecodeGenerator::generate):
1863         (JSC::BytecodeGenerator::BytecodeGenerator):
1864         (JSC::BytecodeGenerator::emitNewArray):
1865         (JSC::BytecodeGenerator::emitNewFunction):
1866         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1867         * bytecompiler/BytecodeGenerator.h:
1868         (JSC::BytecodeGenerator::makeFunction):
1869         * bytecompiler/NodesCodegen.cpp:
1870         (JSC::EvalNode::emitBytecode):
1871         (JSC::FunctionNode::emitBytecode):
1872         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1873         * parser/ASTBuilder.h:
1874         (JSC::ASTBuilder::createFunctionExpr):
1875         (JSC::ASTBuilder::createFunctionBody):
1876         * parser/NodeConstructors.h:
1877         (JSC::FunctionParameters::FunctionParameters):
1878         (JSC::FuncExprNode::FuncExprNode):
1879         (JSC::FuncDeclNode::FuncDeclNode):
1880         * parser/Nodes.cpp:
1881         (JSC::EvalNode::EvalNode):
1882         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1883         (JSC::FunctionMetadataNode::finishParsing):
1884         (JSC::FunctionMetadataNode::setEndPosition):
1885         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1886         (JSC::FunctionBodyNode::finishParsing): Deleted.
1887         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1888         * parser/Nodes.h:
1889         (JSC::FuncExprNode::body):
1890         (JSC::FuncDeclNode::body):
1891         * parser/Parser.h:
1892         (JSC::Parser::isFunctionMetadataNode):
1893         (JSC::Parser::next):
1894         (JSC::Parser<LexerType>::parse):
1895         (JSC::Parser::isFunctionBodyNode): Deleted.
1896         * runtime/CodeCache.cpp:
1897         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1898         * runtime/CodeCache.h:
1899
1900 2015-08-09  Chris Dumez  <cdumez@apple.com>
1901
1902         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1903         https://bugs.webkit.org/show_bug.cgi?id=147818
1904
1905         Unreviewed, roll out r188105.
1906
1907         * bytecode/ByValInfo.h:
1908         (JSC::ByValInfo::ByValInfo):
1909         * bytecode/CodeBlock.cpp:
1910         (JSC::CodeBlock::getByValInfoMap): Deleted.
1911         (JSC::CodeBlock::addByValInfo): Deleted.
1912         * bytecode/CodeBlock.h:
1913         (JSC::CodeBlock::getByValInfo):
1914         (JSC::CodeBlock::setNumberOfByValInfos):
1915         (JSC::CodeBlock::numberOfByValInfos):
1916         (JSC::CodeBlock::byValInfo):
1917         * bytecode/ExitKind.cpp:
1918         (JSC::exitKindToString): Deleted.
1919         * bytecode/ExitKind.h:
1920         * bytecode/GetByIdStatus.cpp:
1921         (JSC::GetByIdStatus::computeFor):
1922         (JSC::GetByIdStatus::computeForStubInfo):
1923         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1924         * bytecode/GetByIdStatus.h:
1925         * dfg/DFGAbstractInterpreterInlines.h:
1926         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1927         * dfg/DFGByteCodeParser.cpp:
1928         (JSC::DFG::ByteCodeParser::parseBlock):
1929         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1930         * dfg/DFGClobberize.h:
1931         (JSC::DFG::clobberize): Deleted.
1932         * dfg/DFGConstantFoldingPhase.cpp:
1933         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1934         * dfg/DFGDoesGC.cpp:
1935         (JSC::DFG::doesGC): Deleted.
1936         * dfg/DFGFixupPhase.cpp:
1937         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1938         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1939         * dfg/DFGNode.h:
1940         (JSC::DFG::Node::hasUidOperand): Deleted.
1941         (JSC::DFG::Node::uidOperand): Deleted.
1942         * dfg/DFGNodeType.h:
1943         * dfg/DFGPredictionPropagationPhase.cpp:
1944         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1945         * dfg/DFGSafeToExecute.h:
1946         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1947         (JSC::DFG::safeToExecute): Deleted.
1948         * dfg/DFGSpeculativeJIT.cpp:
1949         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1950         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1951         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1952         * dfg/DFGSpeculativeJIT.h:
1953         * dfg/DFGSpeculativeJIT32_64.cpp:
1954         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1955         * dfg/DFGSpeculativeJIT64.cpp:
1956         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1957         * dfg/DFGUseKind.cpp:
1958         (WTF::printInternal): Deleted.
1959         * dfg/DFGUseKind.h:
1960         (JSC::DFG::typeFilterFor): Deleted.
1961         (JSC::DFG::isCell): Deleted.
1962         * ftl/FTLAbstractHeapRepository.h:
1963         * ftl/FTLCapabilities.cpp:
1964         (JSC::FTL::canCompile): Deleted.
1965         * ftl/FTLLowerDFGToLLVM.cpp:
1966         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1967         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1968         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1969         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1970         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1971         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1972         * jit/JIT.cpp:
1973         (JSC::JIT::privateCompile):
1974         * jit/JIT.h:
1975         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1976         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1977         * jit/JITInlines.h:
1978         (JSC::JIT::callOperation): Deleted.
1979         * jit/JITOpcodes.cpp:
1980         (JSC::JIT::emit_op_has_indexed_property):
1981         (JSC::JIT::emitSlow_op_has_indexed_property):
1982         * jit/JITOpcodes32_64.cpp:
1983         (JSC::JIT::emit_op_has_indexed_property):
1984         (JSC::JIT::emitSlow_op_has_indexed_property):
1985         * jit/JITOperations.cpp:
1986         (JSC::getByVal):
1987         * jit/JITOperations.h:
1988         * jit/JITPropertyAccess.cpp:
1989         (JSC::JIT::emit_op_get_by_val):
1990         (JSC::JIT::emitSlow_op_get_by_val):
1991         (JSC::JIT::emit_op_put_by_val):
1992         (JSC::JIT::emitSlow_op_put_by_val):
1993         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1994         (JSC::JIT::privateCompileGetByVal): Deleted.
1995         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1996         * jit/JITPropertyAccess32_64.cpp:
1997         (JSC::JIT::emit_op_get_by_val):
1998         (JSC::JIT::emitSlow_op_get_by_val):
1999         (JSC::JIT::emit_op_put_by_val):
2000         (JSC::JIT::emitSlow_op_put_by_val):
2001         (JSC::JIT::emitGetByValWithCachedId): Deleted.
2002         * runtime/Symbol.h:
2003         * tests/stress/get-by-val-with-string-constructor.js: Removed.
2004         * tests/stress/get-by-val-with-string-exit.js: Removed.
2005         * tests/stress/get-by-val-with-string-generated.js: Removed.
2006         * tests/stress/get-by-val-with-string-getter.js: Removed.
2007         * tests/stress/get-by-val-with-string.js: Removed.
2008         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
2009         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
2010         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
2011         * tests/stress/get-by-val-with-symbol.js: Removed.
2012
2013 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2014
2015         Reduce uses of PassRefPtr in bindings
2016         https://bugs.webkit.org/show_bug.cgi?id=147781
2017
2018         Reviewed by Chris Dumez.
2019
2020         Use RefPtr when function can return null or an instance. If not, Ref is used.
2021
2022         * runtime/JSGenericTypedArrayView.h:
2023         (JSC::toNativeTypedView):
2024
2025 2015-08-07  Alex Christensen  <achristensen@webkit.org>
2026
2027         Build more testing binaries with CMake on Windows
2028         https://bugs.webkit.org/show_bug.cgi?id=147799
2029
2030         Reviewed by Brent Fulgham.
2031
2032         * shell/PlatformWin.cmake: Added.
2033         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
2034
2035 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
2036
2037         Lightweight locks should be adaptive
2038         https://bugs.webkit.org/show_bug.cgi?id=147545
2039
2040         Reviewed by Geoffrey Garen.
2041
2042         * dfg/DFGCommon.cpp:
2043         (JSC::DFG::startCrashing):
2044         * heap/CopiedBlock.h:
2045         (JSC::CopiedBlock::workListLock):
2046         * heap/CopiedBlockInlines.h:
2047         (JSC::CopiedBlock::shouldReportLiveBytes):
2048         (JSC::CopiedBlock::reportLiveBytes):
2049         * heap/CopiedSpace.cpp:
2050         (JSC::CopiedSpace::doneFillingBlock):
2051         * heap/CopiedSpace.h:
2052         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
2053         * heap/CopiedSpaceInlines.h:
2054         (JSC::CopiedSpace::recycleEvacuatedBlock):
2055         * heap/GCThreadSharedData.cpp:
2056         (JSC::GCThreadSharedData::didStartCopying):
2057         * heap/GCThreadSharedData.h:
2058         (JSC::GCThreadSharedData::getNextBlocksToCopy):
2059         * heap/ListableHandler.h:
2060         (JSC::ListableHandler::List::addThreadSafe):
2061         (JSC::ListableHandler::List::addNotThreadSafe):
2062         * heap/MachineStackMarker.cpp:
2063         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2064         * heap/SlotVisitorInlines.h:
2065         (JSC::SlotVisitor::copyLater):
2066         * parser/SourceProvider.cpp:
2067         (JSC::SourceProvider::~SourceProvider):
2068         (JSC::SourceProvider::getID):
2069         * profiler/ProfilerDatabase.cpp:
2070         (JSC::Profiler::Database::addDatabaseToAtExit):
2071         (JSC::Profiler::Database::removeDatabaseFromAtExit):
2072         (JSC::Profiler::Database::removeFirstAtExitDatabase):
2073         * runtime/TypeProfilerLog.h:
2074
2075 2015-08-07  Mark Lam  <mark.lam@apple.com>
2076
2077         Rename some variables in the JSC watchdog implementation.
2078         https://bugs.webkit.org/show_bug.cgi?id=147790
2079
2080         Rubber stamped by Benjamin Poulain.
2081
2082         This is just a refactoring patch to give the variable better names that describe their
2083         intended use.  There is no behavior change.
2084
2085         * runtime/Watchdog.cpp:
2086         (JSC::Watchdog::Watchdog):
2087         (JSC::Watchdog::setTimeLimit):
2088         (JSC::Watchdog::didFire):
2089         (JSC::Watchdog::isEnabled):
2090         (JSC::Watchdog::fire):
2091         (JSC::Watchdog::startCountdownIfNeeded):
2092         * runtime/Watchdog.h:
2093
2094 2015-08-07  Saam barati  <saambarati1@gmail.com>
2095
2096         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
2097         https://bugs.webkit.org/show_bug.cgi?id=147666
2098
2099         Reviewed by Geoffrey Garen.
2100
2101         If we make the bytecode generator know about every local scope it 
2102         creates, and if we give each local scope a unique register, the
2103         bytecode generator has all the information it needs to assign
2104         the correct scope to a catch handler. Because the bytecode generator
2105         knows this information, it's a better separation of responsibilties
2106         for it to set up the proper scope instead of relying on the exception
2107         handling runtime to find the scope.
2108
2109         * bytecode/BytecodeList.json:
2110         * bytecode/BytecodeUseDef.h:
2111         (JSC::computeUsesForBytecodeOffset):
2112         * bytecode/CodeBlock.cpp:
2113         (JSC::CodeBlock::dumpBytecode):
2114         (JSC::CodeBlock::CodeBlock):
2115         * bytecode/HandlerInfo.h:
2116         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
2117         (JSC::HandlerInfo::initialize):
2118         * bytecompiler/BytecodeGenerator.cpp:
2119         (JSC::BytecodeGenerator::generate):
2120         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2121         (JSC::BytecodeGenerator::emitGetScope):
2122         (JSC::BytecodeGenerator::emitPushWithScope):
2123         (JSC::BytecodeGenerator::emitGetParentScope):
2124         (JSC::BytecodeGenerator::emitPopScope):
2125         (JSC::BytecodeGenerator::emitPopWithScope):
2126         (JSC::BytecodeGenerator::allocateAndEmitScope):
2127         (JSC::BytecodeGenerator::emitComplexPopScopes):
2128         (JSC::BytecodeGenerator::pushTry):
2129         (JSC::BytecodeGenerator::popTryAndEmitCatch):
2130         (JSC::BytecodeGenerator::localScopeDepth):
2131         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
2132         * bytecompiler/BytecodeGenerator.h:
2133         * bytecompiler/NodesCodegen.cpp:
2134         (JSC::WithNode::emitBytecode):
2135         * interpreter/Interpreter.cpp:
2136         (JSC::Interpreter::unwind):
2137         * jit/JITOpcodes.cpp:
2138         (JSC::JIT::emit_op_push_with_scope):
2139         (JSC::JIT::compileOpStrictEq):
2140         * jit/JITOpcodes32_64.cpp:
2141         (JSC::JIT::emit_op_push_with_scope):
2142         (JSC::JIT::emit_op_to_number):
2143         * jit/JITOperations.cpp:
2144         * jit/JITOperations.h:
2145         * llint/LLIntSlowPaths.cpp:
2146         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2147         * llint/LLIntSlowPaths.h:
2148         * llint/LowLevelInterpreter.asm:
2149         * runtime/CommonSlowPaths.cpp:
2150         (JSC::SLOW_PATH_DECL):
2151         * runtime/CommonSlowPaths.h:
2152         * runtime/JSScope.cpp:
2153         (JSC::JSScope::objectAtScope):
2154         (JSC::isUnscopable):
2155         (JSC::JSScope::depth): Deleted.
2156         * runtime/JSScope.h:
2157
2158 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
2159
2160         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
2161         https://bugs.webkit.org/show_bug.cgi?id=147761
2162
2163         Reviewed by Mark Lam.
2164
2165         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
2166         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
2167         it truncates the immediate pointer into the 32bit immediate.
2168         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
2169
2170         * assembler/MacroAssemblerARM64.h:
2171         (JSC::MacroAssemblerARM64::patchableBranchPtr):
2172         (JSC::MacroAssemblerARM64::patchableBranch64):
2173         * assembler/MacroAssemblerX86_64.h:
2174         (JSC::MacroAssemblerX86_64::patchableBranch64):
2175         * jit/JIT.h:
2176         * jit/JITInlines.h:
2177         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
2178         * jit/JITPropertyAccess.cpp:
2179         (JSC::JIT::emit_op_get_by_val):
2180
2181 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2182
2183         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
2184         https://bugs.webkit.org/show_bug.cgi?id=147480
2185
2186         Reviewed by Filip Pizlo.
2187
2188         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
2189         The IC site only caches one id. After checking that the given id is the same to the
2190         cached one, we perform the get_by_id IC onto it.
2191         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
2192         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
2193         operations when the given get_by_val leverages the property load with the cached id.
2194
2195         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
2196         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
2197         This can be leveraged to optimize symbol operations in DFG.
2198
2199         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
2200         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
2201         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
2202         argument ArrayProfile* in the operations with ByValInfo*.
2203
2204         * bytecode/ByValInfo.h:
2205         (JSC::ByValInfo::ByValInfo):
2206         * bytecode/CodeBlock.cpp:
2207         (JSC::CodeBlock::getByValInfoMap):
2208         (JSC::CodeBlock::addByValInfo):
2209         * bytecode/CodeBlock.h:
2210         (JSC::CodeBlock::getByValInfo): Deleted.
2211         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
2212         (JSC::CodeBlock::numberOfByValInfos): Deleted.
2213         (JSC::CodeBlock::byValInfo): Deleted.
2214         * bytecode/ExitKind.cpp:
2215         (JSC::exitKindToString):
2216         * bytecode/ExitKind.h:
2217         * bytecode/GetByIdStatus.cpp:
2218         (JSC::GetByIdStatus::computeFor):
2219         (JSC::GetByIdStatus::computeForStubInfo):
2220         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
2221         * bytecode/GetByIdStatus.h:
2222         * dfg/DFGAbstractInterpreterInlines.h:
2223         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2224         * dfg/DFGByteCodeParser.cpp:
2225         (JSC::DFG::ByteCodeParser::parseBlock):
2226         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
2227         * dfg/DFGClobberize.h:
2228         (JSC::DFG::clobberize):
2229         * dfg/DFGConstantFoldingPhase.cpp:
2230         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2231         * dfg/DFGDoesGC.cpp:
2232         (JSC::DFG::doesGC):
2233         * dfg/DFGFixupPhase.cpp:
2234         (JSC::DFG::FixupPhase::fixupNode):
2235         (JSC::DFG::FixupPhase::observeUseKindOnNode):
2236         * dfg/DFGNode.h:
2237         (JSC::DFG::Node::hasUidOperand):
2238         (JSC::DFG::Node::uidOperand):
2239         * dfg/DFGNodeType.h:
2240         * dfg/DFGPredictionPropagationPhase.cpp:
2241         (JSC::DFG::PredictionPropagationPhase::propagate):
2242         * dfg/DFGSafeToExecute.h:
2243         (JSC::DFG::SafeToExecuteEdge::operator()):
2244         (JSC::DFG::safeToExecute):
2245         * dfg/DFGSpeculativeJIT.cpp:
2246         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
2247         (JSC::DFG::SpeculativeJIT::speculateSymbol):
2248         (JSC::DFG::SpeculativeJIT::speculate):
2249         * dfg/DFGSpeculativeJIT.h:
2250         * dfg/DFGSpeculativeJIT32_64.cpp:
2251         (JSC::DFG::SpeculativeJIT::compile):
2252         * dfg/DFGSpeculativeJIT64.cpp:
2253         (JSC::DFG::SpeculativeJIT::compile):
2254         * dfg/DFGUseKind.cpp:
2255         (WTF::printInternal):
2256         * dfg/DFGUseKind.h:
2257         (JSC::DFG::typeFilterFor):
2258         (JSC::DFG::isCell):
2259         * ftl/FTLAbstractHeapRepository.h:
2260         * ftl/FTLCapabilities.cpp:
2261         (JSC::FTL::canCompile):
2262         * ftl/FTLLowerDFGToLLVM.cpp:
2263         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
2264         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
2265         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
2266         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
2267         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
2268         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
2269         * jit/JIT.cpp:
2270         (JSC::JIT::privateCompile):
2271         * jit/JIT.h:
2272         (JSC::ByValCompilationInfo::ByValCompilationInfo):
2273         (JSC::JIT::compileGetByValWithCachedId):
2274         * jit/JITInlines.h:
2275         (JSC::JIT::callOperation):
2276         * jit/JITOpcodes.cpp:
2277         (JSC::JIT::emit_op_has_indexed_property):
2278         (JSC::JIT::emitSlow_op_has_indexed_property):
2279         * jit/JITOpcodes32_64.cpp:
2280         (JSC::JIT::emit_op_has_indexed_property):
2281         (JSC::JIT::emitSlow_op_has_indexed_property):
2282         * jit/JITOperations.cpp:
2283         (JSC::getByVal):
2284         * jit/JITOperations.h:
2285         * jit/JITPropertyAccess.cpp:
2286         (JSC::JIT::emit_op_get_by_val):
2287         (JSC::JIT::emitGetByValWithCachedId):
2288         (JSC::JIT::emitSlow_op_get_by_val):
2289         (JSC::JIT::emit_op_put_by_val):
2290         (JSC::JIT::emitSlow_op_put_by_val):
2291         (JSC::JIT::privateCompileGetByVal):
2292         (JSC::JIT::privateCompileGetByValWithCachedId):
2293         * jit/JITPropertyAccess32_64.cpp:
2294         (JSC::JIT::emit_op_get_by_val):
2295         (JSC::JIT::emitGetByValWithCachedId):
2296         (JSC::JIT::emitSlow_op_get_by_val):
2297         (JSC::JIT::emit_op_put_by_val):
2298         (JSC::JIT::emitSlow_op_put_by_val):
2299         * runtime/Symbol.h:
2300         * tests/stress/get-by-val-with-string-constructor.js: Added.
2301         (Hello):
2302         (get Hello.prototype.generate):
2303         (ok):
2304         * tests/stress/get-by-val-with-string-exit.js: Added.
2305         (shouldBe):
2306         (getByVal):
2307         (getStr1):
2308         (getStr2):
2309         * tests/stress/get-by-val-with-string-generated.js: Added.
2310         (shouldBe):
2311         (getByVal):
2312         (getStr1):
2313         (getStr2):
2314         * tests/stress/get-by-val-with-string-getter.js: Added.
2315         (object.get hello):
2316         (ok):
2317         * tests/stress/get-by-val-with-string.js: Added.
2318         (shouldBe):
2319         (getByVal):
2320         (getStr1):
2321         (getStr2):
2322         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
2323         (Hello):
2324         (get Hello.prototype.generate):
2325         (ok):
2326         * tests/stress/get-by-val-with-symbol-exit.js: Added.
2327         (shouldBe):
2328         (getByVal):
2329         (getSym1):
2330         (getSym2):
2331         * tests/stress/get-by-val-with-symbol-getter.js: Added.
2332         (object.get hello):
2333         (.get ok):
2334         * tests/stress/get-by-val-with-symbol.js: Added.
2335         (shouldBe):
2336         (getByVal):
2337         (getSym1):
2338         (getSym2):
2339
2340 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2341
2342         Parse the entire WebAssembly modules
2343         https://bugs.webkit.org/show_bug.cgi?id=147393
2344
2345         Reviewed by Geoffrey Garen.
2346
2347         Parse the entire WebAssembly modules from files produced by pack-asmjs
2348         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
2349         parse modules whose function definition section contains only functions that
2350         have "return 0;" as their only statement. Parsing of any functions will be
2351         implemented in a subsequent patch.
2352
2353         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2354         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2355         * JavaScriptCore.xcodeproj/project.pbxproj:
2356         * wasm/JSWASMModule.cpp:
2357         (JSC::JSWASMModule::destroy):
2358         * wasm/JSWASMModule.h:
2359         (JSC::JSWASMModule::i32Constants):
2360         (JSC::JSWASMModule::f32Constants):
2361         (JSC::JSWASMModule::f64Constants):
2362         (JSC::JSWASMModule::signatures):
2363         (JSC::JSWASMModule::functionImports):
2364         (JSC::JSWASMModule::functionImportSignatures):
2365         (JSC::JSWASMModule::globalVariableTypes):
2366         (JSC::JSWASMModule::functionDeclarations):
2367         (JSC::JSWASMModule::functionPointerTables):
2368         * wasm/WASMFormat.h: Added.
2369         * wasm/WASMModuleParser.cpp:
2370         (JSC::WASMModuleParser::parse):
2371         (JSC::WASMModuleParser::parseModule):
2372         (JSC::WASMModuleParser::parseConstantPoolSection):
2373         (JSC::WASMModuleParser::parseSignatureSection):
2374         (JSC::WASMModuleParser::parseFunctionImportSection):
2375         (JSC::WASMModuleParser::parseGlobalSection):
2376         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
2377         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
2378         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
2379         (JSC::WASMModuleParser::parseFunctionDefinition):
2380         (JSC::WASMModuleParser::parseExportSection):
2381         * wasm/WASMModuleParser.h:
2382         * wasm/WASMReader.cpp:
2383         (JSC::WASMReader::readUInt32):
2384         (JSC::WASMReader::readCompactUInt32):
2385         (JSC::WASMReader::readString):
2386         (JSC::WASMReader::readType):
2387         (JSC::WASMReader::readExpressionType):
2388         (JSC::WASMReader::readExportFormat):
2389         (JSC::WASMReader::readByte):
2390         (JSC::WASMReader::readUnsignedInt32): Deleted.
2391         * wasm/WASMReader.h:
2392
2393 2015-08-06  Keith Miller  <keith_miller@apple.com>
2394
2395         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
2396         https://bugs.webkit.org/show_bug.cgi?id=147749
2397
2398         Reviewed by Filip Pizlo.
2399
2400         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
2401         thus no one calls this code.
2402
2403         * ftl/FTLLowerDFGToLLVM.cpp:
2404         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
2405
2406 2015-08-06  Keith Miller  <keith_miller@apple.com>
2407
2408         The JSONP parser incorrectly parsers -0 as +0.
2409         https://bugs.webkit.org/show_bug.cgi?id=147590
2410
2411         Reviewed by Michael Saboff.
2412
2413         In the LiteralParser we should use a double to store the accumulator for numerical tokens
2414         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
2415
2416         * runtime/LiteralParser.cpp:
2417         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
2418
2419 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
2420
2421         Structures used for tryGetConstantProperty() should be registered first
2422         https://bugs.webkit.org/show_bug.cgi?id=147750
2423
2424         Reviewed by Saam Barati and Michael Saboff.
2425
2426         * dfg/DFGGraph.cpp:
2427         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
2428         * dfg/DFGGraph.h:
2429         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
2430         * dfg/DFGStructureRegistrationPhase.cpp:
2431         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
2432         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2433         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2434         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
2435         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
2436         (JSC::DFG::performStructureRegistration):
2437
2438 2015-08-06  Keith Miller  <keith_miller@apple.com>
2439
2440         Remove UnspecifiedBoolType from JSC
2441         https://bugs.webkit.org/show_bug.cgi?id=147597
2442
2443         Reviewed by Mark Lam.
2444
2445         We were using the safe bool pattern in the code base for implicit casting to booleans.
2446         With C++11 this is no longer necessary and we can instead create an operator bool.
2447
2448         * API/JSRetainPtr.h:
2449         (JSRetainPtr::operator bool):
2450         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
2451         * dfg/DFGEdge.h:
2452         (JSC::DFG::Edge::operator bool):
2453         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
2454         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2455         * heap/Weak.h:
2456         * heap/WeakInlines.h:
2457         (JSC::bool):
2458         (JSC::UnspecifiedBoolType): Deleted.
2459
2460 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
2461
2462         [ES6] Class parser does not allow methods named set and get.
2463         https://bugs.webkit.org/show_bug.cgi?id=147150
2464
2465         Reviewed by Oliver Hunt.
2466
2467         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
2468         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
2469         so that we only treat them as such when it's followed by another token that could be a method name.
2470
2471         * parser/Parser.cpp:
2472         (JSC::Parser<LexerType>::parseClass):
2473
2474 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
2475
2476         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
2477
2478         * bytecode/SamplingTool.cpp:
2479         (JSC::SamplingTool::doRun):
2480         (JSC::SamplingTool::notifyOfScope):
2481         * bytecode/SamplingTool.h:
2482         * dfg/DFGThreadData.h:
2483         * dfg/DFGWorklist.cpp:
2484         (JSC::DFG::Worklist::~Worklist):
2485         (JSC::DFG::Worklist::isActiveForVM):
2486         (JSC::DFG::Worklist::enqueue):
2487         (JSC::DFG::Worklist::compilationState):
2488         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2489         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2490         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2491         (JSC::DFG::Worklist::visitWeakReferences):
2492         (JSC::DFG::Worklist::removeDeadPlans):
2493         (JSC::DFG::Worklist::queueLength):
2494         (JSC::DFG::Worklist::dump):
2495         (JSC::DFG::Worklist::runThread):
2496         * dfg/DFGWorklist.h:
2497         * disassembler/Disassembler.cpp:
2498         * heap/CopiedSpace.cpp:
2499         (JSC::CopiedSpace::doneFillingBlock):
2500         (JSC::CopiedSpace::doneCopying):
2501         * heap/CopiedSpace.h:
2502         * heap/CopiedSpaceInlines.h:
2503         (JSC::CopiedSpace::recycleBorrowedBlock):
2504         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2505         * heap/HeapTimer.h:
2506         * heap/MachineStackMarker.cpp:
2507         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2508         (JSC::ActiveMachineThreadsManager::add):
2509         (JSC::ActiveMachineThreadsManager::remove):
2510         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2511         (JSC::MachineThreads::~MachineThreads):
2512         (JSC::MachineThreads::addCurrentThread):
2513         (JSC::MachineThreads::removeThreadIfFound):
2514         (JSC::MachineThreads::tryCopyOtherThreadStack):
2515         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2516         (JSC::MachineThreads::gatherConservativeRoots):
2517         * heap/MachineStackMarker.h:
2518         * interpreter/JSStack.cpp:
2519         (JSC::stackStatisticsMutex):
2520         (JSC::JSStack::addToCommittedByteCount):
2521         (JSC::JSStack::committedByteCount):
2522         * jit/JITThunks.h:
2523         * profiler/ProfilerDatabase.h:
2524
2525 2015-08-05  Saam barati  <saambarati1@gmail.com>
2526
2527         Bytecodegenerator emits crappy code for returns in a lexical scope.
2528         https://bugs.webkit.org/show_bug.cgi?id=147688
2529
2530         Reviewed by Mark Lam.
2531
2532         When returning, we only need to emit complex pop scopes if we're in 
2533         a finally block. Otherwise, we can just return like normal. This saves
2534         us from inefficiently emitting unnecessary pop scopes.
2535
2536         * bytecompiler/BytecodeGenerator.h:
2537         (JSC::BytecodeGenerator::isInFinallyBlock):
2538         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
2539         * bytecompiler/NodesCodegen.cpp:
2540         (JSC::ReturnNode::emitBytecode):
2541
2542 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
2543
2544         Add the Intl API to the status page
2545
2546         * features.json:
2547         Andy VanWagoner landed the skeleton of the API and it is
2548         enabled by default.
2549
2550 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
2551
2552         Rename Mutex to DeprecatedMutex
2553         https://bugs.webkit.org/show_bug.cgi?id=147675
2554
2555         Reviewed by Geoffrey Garen.
2556
2557         * bytecode/SamplingTool.cpp:
2558         (JSC::SamplingTool::doRun):
2559         (JSC::SamplingTool::notifyOfScope):
2560         * bytecode/SamplingTool.h:
2561         * dfg/DFGThreadData.h:
2562         * dfg/DFGWorklist.cpp:
2563         (JSC::DFG::Worklist::~Worklist):
2564         (JSC::DFG::Worklist::isActiveForVM):
2565         (JSC::DFG::Worklist::enqueue):
2566         (JSC::DFG::Worklist::compilationState):
2567         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2568         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2569         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2570         (JSC::DFG::Worklist::visitWeakReferences):
2571         (JSC::DFG::Worklist::removeDeadPlans):
2572         (JSC::DFG::Worklist::queueLength):
2573         (JSC::DFG::Worklist::dump):
2574         (JSC::DFG::Worklist::runThread):
2575         * dfg/DFGWorklist.h:
2576         * disassembler/Disassembler.cpp:
2577         * heap/CopiedSpace.cpp:
2578         (JSC::CopiedSpace::doneFillingBlock):
2579         (JSC::CopiedSpace::doneCopying):
2580         * heap/CopiedSpace.h:
2581         * heap/CopiedSpaceInlines.h:
2582         (JSC::CopiedSpace::recycleBorrowedBlock):
2583         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2584         * heap/HeapTimer.h:
2585         * heap/MachineStackMarker.cpp:
2586         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2587         (JSC::ActiveMachineThreadsManager::add):
2588         (JSC::ActiveMachineThreadsManager::remove):
2589         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2590         (JSC::MachineThreads::~MachineThreads):
2591         (JSC::MachineThreads::addCurrentThread):
2592         (JSC::MachineThreads::removeThreadIfFound):
2593         (JSC::MachineThreads::tryCopyOtherThreadStack):
2594         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2595         (JSC::MachineThreads::gatherConservativeRoots):
2596         * heap/MachineStackMarker.h:
2597         * interpreter/JSStack.cpp:
2598         (JSC::stackStatisticsMutex):
2599         (JSC::JSStack::addToCommittedByteCount):
2600         (JSC::JSStack::committedByteCount):
2601         * jit/JITThunks.h:
2602         * profiler/ProfilerDatabase.h:
2603
2604 2015-08-05  Saam barati  <saambarati1@gmail.com>
2605
2606         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
2607         https://bugs.webkit.org/show_bug.cgi?id=147657
2608
2609         Reviewed by Mark Lam.
2610
2611         This kills the last of the name scope objects. Function name scopes are
2612         now built on top of the scoping mechanisms introduced with ES6 block scoping.
2613         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
2614         function name scoped variable carefully depending on if the function is in
2615         strict mode. If we're in strict mode, then we treat the variable exactly
2616         like a "const" variable. If we're not in strict mode, we can't treat
2617         this variable like like ES6 "const" because that would cause the bytecode
2618         generator to throw an exception when it shouldn't.
2619
2620         * CMakeLists.txt:
2621         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2622         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2623         * JavaScriptCore.xcodeproj/project.pbxproj:
2624         * bytecode/BytecodeList.json:
2625         * bytecode/BytecodeUseDef.h:
2626         (JSC::computeUsesForBytecodeOffset):
2627         (JSC::computeDefsForBytecodeOffset):
2628         * bytecode/CodeBlock.cpp:
2629         (JSC::CodeBlock::dumpBytecode):
2630         * bytecompiler/BytecodeGenerator.cpp:
2631         (JSC::BytecodeGenerator::BytecodeGenerator):
2632         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2633         (JSC::BytecodeGenerator::pushLexicalScope):
2634         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2635         (JSC::BytecodeGenerator::variable):
2636         (JSC::BytecodeGenerator::resolveType):
2637         (JSC::BytecodeGenerator::emitThrowTypeError):
2638         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
2639         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
2640         (JSC::BytecodeGenerator::emitPushCatchScope):
2641         * bytecompiler/BytecodeGenerator.h:
2642         * bytecompiler/NodesCodegen.cpp:
2643         * debugger/DebuggerScope.cpp:
2644         * dfg/DFGOperations.cpp:
2645         * interpreter/Interpreter.cpp:
2646         * jit/JIT.cpp:
2647         (JSC::JIT::privateCompileMainPass):
2648         * jit/JIT.h:
2649         * jit/JITOpcodes.cpp:
2650         (JSC::JIT::emit_op_to_string):
2651         (JSC::JIT::emit_op_catch):
2652         (JSC::JIT::emit_op_push_name_scope): Deleted.
2653         * jit/JITOpcodes32_64.cpp:
2654         (JSC::JIT::emitSlow_op_to_string):
2655         (JSC::JIT::emit_op_catch):
2656         (JSC::JIT::emit_op_push_name_scope): Deleted.
2657         * jit/JITOperations.cpp:
2658         (JSC::pushNameScope): Deleted.
2659         * llint/LLIntSlowPaths.cpp:
2660         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2661         * llint/LLIntSlowPaths.h:
2662         * llint/LowLevelInterpreter.asm:
2663         * parser/Nodes.cpp:
2664         * runtime/CommonSlowPaths.cpp:
2665         * runtime/Executable.cpp:
2666         (JSC::ScriptExecutable::newCodeBlockFor):
2667         * runtime/JSFunctionNameScope.cpp: Removed.
2668         * runtime/JSFunctionNameScope.h: Removed.
2669         * runtime/JSGlobalObject.cpp:
2670         (JSC::JSGlobalObject::init):
2671         (JSC::JSGlobalObject::visitChildren):
2672         * runtime/JSGlobalObject.h:
2673         (JSC::JSGlobalObject::withScopeStructure):
2674         (JSC::JSGlobalObject::strictEvalActivationStructure):
2675         (JSC::JSGlobalObject::activationStructure):
2676         (JSC::JSGlobalObject::directArgumentsStructure):
2677         (JSC::JSGlobalObject::scopedArgumentsStructure):
2678         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
2679         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
2680         * runtime/JSNameScope.cpp: Removed.
2681         * runtime/JSNameScope.h: Removed.
2682         * runtime/JSObject.cpp:
2683         (JSC::JSObject::toThis):
2684         (JSC::JSObject::seal):
2685         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
2686         * runtime/JSObject.h:
2687         * runtime/JSScope.cpp:
2688         (JSC::JSScope::isCatchScope):
2689         (JSC::JSScope::isFunctionNameScopeObject):
2690         (JSC::resolveModeName):
2691         * runtime/JSScope.h:
2692         * runtime/JSSymbolTableObject.cpp:
2693         * runtime/SymbolTable.h:
2694         * runtime/VM.cpp:
2695
2696 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
2697
2698         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
2699         https://bugs.webkit.org/show_bug.cgi?id=147679
2700
2701         Reviewed by Timothy Hatcher.
2702
2703         Improve native iterator support for the PropertyName Iterator by
2704         allowing inspection of the internal object within the iterator
2705         and peeking of the next upcoming values of the iterator.
2706
2707         * inspector/JSInjectedScriptHost.cpp:
2708         (Inspector::JSInjectedScriptHost::subtype):
2709         (Inspector::JSInjectedScriptHost::getInternalProperties):
2710         (Inspector::JSInjectedScriptHost::iteratorEntries):
2711         * runtime/JSPropertyNameIterator.h:
2712         (JSC::JSPropertyNameIterator::iteratedValue):
2713
2714 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
2715
2716         [Win] Update Apple Windows build for VS2015
2717         https://bugs.webkit.org/show_bug.cgi?id=147653
2718
2719         Reviewed by Dean Jackson.
2720
2721         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2722         Show JSC files in proper project locations in IDE.
2723
2724 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2725
2726         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2727         https://bugs.webkit.org/show_bug.cgi?id=147328
2728
2729         Reviewed by Timothy Hatcher.
2730
2731         * inspector/InjectedScriptSource.js:
2732         Use classList and classList.toString instead of className.
2733
2734 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2735
2736         [ES6] Support Module Syntax
2737         https://bugs.webkit.org/show_bug.cgi?id=147422
2738
2739         Reviewed by Saam Barati.
2740
2741         This patch introduces ES6 Modules syntax parsing part.
2742         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2743         and this patch does not include the code generator part.
2744
2745         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2746         and do not execute the body or construct the AST. And after analyzing all the dependent
2747         modules, we will parse the dependent modules next.
2748         After all analyzing part is done, we will start the second pass. In the second pass, we
2749         will parse the module, produce the AST, and execute the body.
2750         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2751         because the given module can be executed after the all dependent modules are executed. It
2752         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2753         the dependent modules' information.
2754
2755         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2756         This patch aims at just implementing the syntax parsing functionality correctly.
2757         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2758         to collect the dependent modules fast[1].
2759
2760         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2761         By using this, we can parse the given string as the module.
2762
2763         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2764
2765         * bytecompiler/NodesCodegen.cpp:
2766         (JSC::ModuleProgramNode::emitBytecode):
2767         (JSC::ImportDeclarationNode::emitBytecode):
2768         (JSC::ExportAllDeclarationNode::emitBytecode):
2769         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2770         (JSC::ExportLocalDeclarationNode::emitBytecode):
2771         (JSC::ExportNamedDeclarationNode::emitBytecode):
2772         * jsc.cpp:
2773         (GlobalObject::finishCreation):
2774         (functionCheckModuleSyntax):
2775         * parser/ASTBuilder.h:
2776         (JSC::ASTBuilder::createModuleSpecifier):
2777         (JSC::ASTBuilder::createImportSpecifier):
2778         (JSC::ASTBuilder::createImportSpecifierList):
2779         (JSC::ASTBuilder::appendImportSpecifier):
2780         (JSC::ASTBuilder::createImportDeclaration):
2781         (JSC::ASTBuilder::createExportAllDeclaration):
2782         (JSC::ASTBuilder::createExportDefaultDeclaration):
2783         (JSC::ASTBuilder::createExportLocalDeclaration):
2784         (JSC::ASTBuilder::createExportNamedDeclaration):
2785         (JSC::ASTBuilder::createExportSpecifier):
2786         (JSC::ASTBuilder::createExportSpecifierList):
2787         (JSC::ASTBuilder::appendExportSpecifier):
2788         * parser/Keywords.table:
2789         * parser/NodeConstructors.h:
2790         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2791         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2792         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2793         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2794         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2795         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2796         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2797         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2798         * parser/Nodes.cpp:
2799         (JSC::ModuleProgramNode::ModuleProgramNode):
2800         * parser/Nodes.h:
2801         (JSC::ModuleProgramNode::startColumn):
2802         (JSC::ModuleProgramNode::endColumn):
2803         (JSC::ModuleSpecifierNode::moduleName):
2804         (JSC::ImportSpecifierNode::importedName):
2805         (JSC::ImportSpecifierNode::localName):
2806         (JSC::ImportSpecifierListNode::specifiers):
2807         (JSC::ImportSpecifierListNode::append):
2808         (JSC::ImportDeclarationNode::specifierList):
2809         (JSC::ImportDeclarationNode::moduleSpecifier):
2810         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2811         (JSC::ExportDefaultDeclarationNode::declaration):
2812         (JSC::ExportLocalDeclarationNode::declaration):
2813         (JSC::ExportSpecifierNode::exportedName):
2814         (JSC::ExportSpecifierNode::localName):
2815         (JSC::ExportSpecifierListNode::specifiers):
2816         (JSC::ExportSpecifierListNode::append):
2817         (JSC::ExportNamedDeclarationNode::specifierList):
2818         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2819         * parser/Parser.cpp:
2820         (JSC::Parser<LexerType>::Parser):
2821         (JSC::Parser<LexerType>::parseInner):
2822         (JSC::Parser<LexerType>::parseModuleSourceElements):
2823         (JSC::Parser<LexerType>::parseVariableDeclaration):
2824         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2825         (JSC::Parser<LexerType>::createBindingPattern):
2826         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2827         (JSC::Parser<LexerType>::parseDestructuringPattern):
2828         (JSC::Parser<LexerType>::parseForStatement):
2829         (JSC::Parser<LexerType>::parseFormalParameters):
2830         (JSC::Parser<LexerType>::parseFunctionParameters):
2831         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2832         (JSC::Parser<LexerType>::parseClassDeclaration):
2833         (JSC::Parser<LexerType>::parseModuleSpecifier):
2834         (JSC::Parser<LexerType>::parseImportClauseItem):
2835         (JSC::Parser<LexerType>::parseImportDeclaration):
2836         (JSC::Parser<LexerType>::parseExportSpecifier):
2837         (JSC::Parser<LexerType>::parseExportDeclaration):
2838         (JSC::Parser<LexerType>::parseMemberExpression):
2839         * parser/Parser.h:
2840         (JSC::isIdentifierOrKeyword):
2841         (JSC::ModuleScopeData::create):
2842         (JSC::ModuleScopeData::exportedBindings):
2843         (JSC::ModuleScopeData::exportName):
2844         (JSC::ModuleScopeData::exportBinding):
2845         (JSC::Scope::Scope):
2846         (JSC::Scope::setIsModule):
2847         (JSC::Scope::moduleScopeData):
2848         (JSC::Parser::matchContextualKeyword):
2849         (JSC::Parser::matchIdentifierOrKeyword):
2850         (JSC::Parser::isofToken): Deleted.
2851         * parser/ParserModes.h:
2852         * parser/ParserTokens.h:
2853         * parser/SyntaxChecker.h:
2854         (JSC::SyntaxChecker::createModuleSpecifier):
2855         (JSC::SyntaxChecker::createImportSpecifier):
2856         (JSC::SyntaxChecker::createImportSpecifierList):
2857         (JSC::SyntaxChecker::appendImportSpecifier):
2858         (JSC::SyntaxChecker::createImportDeclaration):
2859         (JSC::SyntaxChecker::createExportAllDeclaration):
2860         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2861         (JSC::SyntaxChecker::createExportLocalDeclaration):
2862         (JSC::SyntaxChecker::createExportNamedDeclaration):
2863         (JSC::SyntaxChecker::createExportSpecifier):
2864         (JSC::SyntaxChecker::createExportSpecifierList):
2865         (JSC::SyntaxChecker::appendExportSpecifier):
2866         * runtime/CommonIdentifiers.cpp:
2867         (JSC::CommonIdentifiers::CommonIdentifiers):
2868         * runtime/CommonIdentifiers.h:
2869         * runtime/Completion.cpp:
2870         (JSC::checkModuleSyntax):
2871         * runtime/Completion.h:
2872         * tests/stress/modules-syntax-error-with-names.js: Added.
2873         (shouldThrow):
2874         * tests/stress/modules-syntax-error.js: Added.
2875         (shouldThrow):
2876         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2877         * tests/stress/modules-syntax.js: Added.
2878         (prototype.checkModuleSyntax):
2879         (checkModuleSyntax):
2880         * tests/stress/tagged-templates-syntax.js:
2881
2882 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2883
2884         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2885         https://bugs.webkit.org/show_bug.cgi?id=146833
2886
2887         Reviewed by Alexey Proskuryakov.
2888
2889         * assembler/ARM64Assembler.h:
2890         * assembler/ARMAssembler.h:
2891         (JSC::ARMAssembler::cacheFlush):
2892         * assembler/MacroAssemblerARM.cpp:
2893         (JSC::isVFPPresent):
2894         * assembler/MacroAssemblerX86Common.h:
2895         (JSC::MacroAssemblerX86Common::isSSE2Present):
2896         * heap/MachineStackMarker.h:
2897         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2898         (JSC::logF):
2899         * jit/HostCallReturnValue.h:
2900         * jit/JIT.h:
2901         * jit/JITOperations.cpp:
2902         * jit/JITStubsARM.h:
2903         * jit/JITStubsARMv7.h:
2904         * jit/JITStubsX86.h:
2905         * jit/JITStubsX86Common.h:
2906         * jit/JITStubsX86_64.h:
2907         * jit/ThunkGenerators.cpp:
2908         * runtime/JSExportMacros.h:
2909         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2910         (JSC::clz32):
2911
2912 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2913
2914         Unreviewed, fix uninitialized property leading to an assert.
2915
2916         * runtime/PutPropertySlot.h:
2917         (JSC::PutPropertySlot::PutPropertySlot):
2918
2919 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2920
2921         Unreviewed, fix Windows.
2922
2923         * bytecode/ObjectPropertyConditionSet.h:
2924         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2925
2926 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2927
2928         DFG should have adaptive structure watchpoints
2929         https://bugs.webkit.org/show_bug.cgi?id=146929
2930
2931         Reviewed by Geoffrey Garen.
2932
2933         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2934         property, you'd check that the object still has the structure that you first saw the object have. We
2935         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2936         elide the structure check.
2937
2938         But this approach fails when that object frequently has new properties added to it. This would
2939         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2940         we'd have to recompile either the IC or an entire code block.
2941
2942         This change introduces a new concept: an object property condition. This value describes some
2943         condition involving a property on some object. There are four kinds: presence, absence,
2944         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2945         object has some property at some offset with some attributes. This allows us to implement a new kind
2946         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2947         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2948         on the new structure.
2949
2950         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2951         and prototype accesses. They are also used for any DFG accesses to object constants, including
2952         global property accesses.
2953
2954         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2955         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2956         chain situation. It's also a small speed-up on getter-richards.
2957
2958         * CMakeLists.txt:
2959         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2960         * JavaScriptCore.xcodeproj/project.pbxproj:
2961         * bytecode/CodeBlock.cpp:
2962         (JSC::CodeBlock::printGetByIdCacheStatus):
2963         (JSC::CodeBlock::printPutByIdCacheStatus):
2964         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2965         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2966         * bytecode/ComplexGetStatus.cpp:
2967         (JSC::ComplexGetStatus::computeFor):
2968         * bytecode/ComplexGetStatus.h:
2969         (JSC::ComplexGetStatus::ComplexGetStatus):
2970         (JSC::ComplexGetStatus::takesSlowPath):
2971         (JSC::ComplexGetStatus::kind):
2972         (JSC::ComplexGetStatus::offset):
2973         (JSC::ComplexGetStatus::conditionSet):
2974         (JSC::ComplexGetStatus::attributes): Deleted.
2975         (JSC::ComplexGetStatus::specificValue): Deleted.
2976         (JSC::ComplexGetStatus::chain): Deleted.
2977         * bytecode/ConstantStructureCheck.cpp: Removed.
2978         * bytecode/ConstantStructureCheck.h: Removed.
2979         * bytecode/GetByIdStatus.cpp:
2980         (JSC::GetByIdStatus::computeForStubInfo):
2981         * bytecode/GetByIdVariant.cpp:
2982         (JSC::GetByIdVariant::GetByIdVariant):
2983         (JSC::GetByIdVariant::~GetByIdVariant):
2984         (JSC::GetByIdVariant::operator=):
2985         (JSC::GetByIdVariant::attemptToMerge):
2986         (JSC::GetByIdVariant::dumpInContext):
2987         (JSC::GetByIdVariant::baseStructure): Deleted.
2988         * bytecode/GetByIdVariant.h:
2989         (JSC::GetByIdVariant::operator!):
2990         (JSC::GetByIdVariant::structureSet):
2991         (JSC::GetByIdVariant::conditionSet):
2992         (JSC::GetByIdVariant::offset):
2993         (JSC::GetByIdVariant::callLinkStatus):
2994         (JSC::GetByIdVariant::constantChecks): Deleted.
2995         (JSC::GetByIdVariant::alternateBase): Deleted.
2996         * bytecode/ObjectPropertyCondition.cpp: Added.
2997         (JSC::ObjectPropertyCondition::dumpInContext):
2998         (JSC::ObjectPropertyCondition::dump):
2999         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
3000         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
3001         (JSC::ObjectPropertyCondition::isStillValid):
3002         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
3003         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3004         (JSC::ObjectPropertyCondition::isWatchable):
3005         (JSC::ObjectPropertyCondition::isStillLive):
3006         (JSC::ObjectPropertyCondition::validateReferences):
3007         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3008         * bytecode/ObjectPropertyCondition.h: Added.
3009         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
3010         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
3011         (JSC::ObjectPropertyCondition::presence):
3012         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
3013         (JSC::ObjectPropertyCondition::absence):
3014         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
3015         (JSC::ObjectPropertyCondition::absenceOfSetter):
3016         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
3017         (JSC::ObjectPropertyCondition::equivalence):
3018         (JSC::ObjectPropertyCondition::operator!):
3019         (JSC::ObjectPropertyCondition::object):
3020         (JSC::ObjectPropertyCondition::condition):
3021         (JSC::ObjectPropertyCondition::kind):
3022         (JSC::ObjectPropertyCondition::uid):
3023         (JSC::ObjectPropertyCondition::hasOffset):
3024         (JSC::ObjectPropertyCondition::offset):
3025         (JSC::ObjectPropertyCondition::hasAttributes):
3026         (JSC::ObjectPropertyCondition::attributes):
3027         (JSC::ObjectPropertyCondition::hasPrototype):
3028         (JSC::ObjectPropertyCondition::prototype):
3029         (JSC::ObjectPropertyCondition::hasRequiredValue):
3030         (JSC::ObjectPropertyCondition::requiredValue):
3031         (JSC::ObjectPropertyCondition::hash):
3032         (JSC::ObjectPropertyCondition::operator==):
3033         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
3034         (JSC::ObjectPropertyCondition::isCompatibleWith):
3035         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3036         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
3037         (JSC::ObjectPropertyCondition::isValidValueForPresence):
3038         (JSC::ObjectPropertyConditionHash::hash):
3039         (JSC::ObjectPropertyConditionHash::equal):
3040         * bytecode/ObjectPropertyConditionSet.cpp: Added.
3041         (JSC::ObjectPropertyConditionSet::forObject):
3042         (JSC::ObjectPropertyConditionSet::forConditionKind):
3043         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
3044         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
3045         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
3046         (JSC::ObjectPropertyConditionSet::mergedWith):
3047         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
3048         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
3049         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
3050         (JSC::ObjectPropertyConditionSet::areStillLive):
3051         (JSC::ObjectPropertyConditionSet::dumpInContext):
3052         (JSC::ObjectPropertyConditionSet::dump):
3053         (JSC::generateConditionsForPropertyMiss):
3054         (JSC::generateConditionsForPropertySetterMiss):
3055         (JSC::generateConditionsForPrototypePropertyHit):
3056         (JSC::generateConditionsForPrototypePropertyHitCustom):
3057         (JSC::generateConditionsForPropertySetterMissConcurrently):
3058         * bytecode/ObjectPropertyConditionSet.h: Added.
3059         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
3060         (JSC::ObjectPropertyConditionSet::invalid):
3061         (JSC::ObjectPropertyConditionSet::nonEmpty):
3062         (JSC::ObjectPropertyConditionSet::isValid):
3063         (JSC::ObjectPropertyConditionSet::isEmpty):
3064         (JSC::ObjectPropertyConditionSet::begin):
3065         (JSC::ObjectPropertyConditionSet::end):
3066         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
3067         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
3068         (JSC::ObjectPropertyConditionSet::fromRawPointer):
3069         (JSC::ObjectPropertyConditionSet::Data::Data):
3070         * bytecode/PolymorphicGetByIdList.cpp:
3071         (JSC::GetByIdAccess::GetByIdAccess):
3072         (JSC::GetByIdAccess::~GetByIdAccess):
3073         (JSC::GetByIdAccess::visitWeak):
3074         * bytecode/PolymorphicGetByIdList.h:
3075         (JSC::GetByIdAccess::GetByIdAccess):
3076         (JSC::GetByIdAccess::structure):
3077         (JSC::GetByIdAccess::conditionSet):
3078         (JSC::GetByIdAccess::stubRoutine):
3079         (JSC::GetByIdAccess::chain): Deleted.
3080         (JSC::GetByIdAccess::chainCount): Deleted.
3081         * bytecode/PolymorphicPutByIdList.cpp:
3082         (JSC::PutByIdAccess::fromStructureStubInfo):
3083         (JSC::PutByIdAccess::visitWeak):
3084         * bytecode/PolymorphicPutByIdList.h:
3085         (JSC::PutByIdAccess::PutByIdAccess):
3086         (JSC::PutByIdAccess::transition):
3087         (JSC::PutByIdAccess::setter):
3088         (JSC::PutByIdAccess::newStructure):
3089         (JSC::PutByIdAccess::conditionSet):
3090         (JSC::PutByIdAccess::stubRoutine):
3091         (JSC::PutByIdAccess::chain): Deleted.
3092         (JSC::PutByIdAccess::chainCount): Deleted.
3093         * bytecode/PropertyCondition.cpp: Added.
3094         (JSC::PropertyCondition::dumpInContext):
3095         (JSC::PropertyCondition::dump):
3096         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
3097         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
3098         (JSC::PropertyCondition::isStillValid):
3099         (JSC::PropertyCondition::isWatchableWhenValid):
3100         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
3101         (JSC::PropertyCondition::isWatchable):
3102         (JSC::PropertyCondition::isStillLive):
3103         (JSC::PropertyCondition::validateReferences):
3104         (JSC::PropertyCondition::isValidValueForAttributes):
3105         (JSC::PropertyCondition::isValidValueForPresence):
3106         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
3107         (WTF::printInternal):
3108         * bytecode/PropertyCondition.h: Added.
3109         (JSC::PropertyCondition::PropertyCondition):
3110         (JSC::PropertyCondition::presenceWithoutBarrier):
3111         (JSC::PropertyCondition::presence):
3112         (JSC::PropertyCondition::absenceWithoutBarrier):
3113         (JSC::PropertyCondition::absence):
3114         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
3115         (JSC::PropertyCondition::absenceOfSetter):
3116         (JSC::PropertyCondition::equivalenceWithoutBarrier):
3117         (JSC::PropertyCondition::equivalence):
3118         (JSC::PropertyCondition::operator!):
3119         (JSC::PropertyCondition::kind):
3120         (JSC::PropertyCondition::uid):
3121         (JSC::PropertyCondition::hasOffset):
3122         (JSC::PropertyCondition::offset):
3123         (JSC::PropertyCondition::hasAttributes):
3124         (JSC::PropertyCondition::attributes):
3125         (JSC::PropertyCondition::hasPrototype):
3126         (JSC::PropertyCondition::prototype):
3127         (JSC::PropertyCondition::hasRequiredValue):
3128         (JSC::PropertyCondition::requiredValue):
3129         (JSC::PropertyCondition::hash):
3130         (JSC::PropertyCondition::operator==):
3131         (JSC::PropertyCondition::isHashTableDeletedValue):
3132         (JSC::PropertyCondition::isCompatibleWith):
3133         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
3134         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
3135         (JSC::PropertyConditionHash::hash):
3136         (JSC::PropertyConditionHash::equal):
3137         * bytecode/PutByIdStatus.cpp:
3138         (JSC::PutByIdStatus::computeFromLLInt):
3139         (JSC::PutByIdStatus::computeFor):
3140         (JSC::PutByIdStatus::computeForStubInfo):
3141         * bytecode/PutByIdVariant.cpp:
3142         (JSC::PutByIdVariant::operator=):
3143         (JSC::PutByIdVariant::transition):
3144         (JSC::PutByIdVariant::setter):
3145         (JSC::PutByIdVariant::makesCalls):
3146         (JSC::PutByIdVariant::attemptToMerge):
3147         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
3148         (JSC::PutByIdVariant::dumpInContext):
3149         (JSC::PutByIdVariant::baseStructure): Deleted.
3150         * bytecode/PutByIdVariant.h:
3151         (JSC::PutByIdVariant::PutByIdVariant):
3152         (JSC::PutByIdVariant::kind):
3153         (JSC::PutByIdVariant::structure):
3154         (JSC::PutByIdVariant::structureSet):
3155         (JSC::PutByIdVariant::oldStructure):
3156         (JSC::PutByIdVariant::conditionSet):
3157         (JSC::PutByIdVariant::offset):
3158         (JSC::PutByIdVariant::callLinkStatus):
3159         (JSC::PutByIdVariant::constantChecks): Deleted.
3160         (JSC::PutByIdVariant::alternateBase): Deleted.
3161         * bytecode/StructureStubClearingWatchpoint.cpp:
3162         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
3163         (JSC::StructureStubClearingWatchpoint::push):
3164         (JSC::StructureStubClearingWatchpoint::fireInternal):
3165         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
3166         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
3167         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
3168         * bytecode/StructureStubClearingWatchpoint.h:
3169         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
3170         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
3171         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
3172         * bytecode/StructureStubInfo.cpp:
3173         (JSC::StructureStubInfo::deref):
3174         (JSC::StructureStubInfo::visitWeakReferences):
3175         * bytecode/StructureStubInfo.h:
3176         (JSC::StructureStubInfo::initPutByIdTransition):
3177         (JSC::StructureStubInfo::initPutByIdReplace):
3178         (JSC::StructureStubInfo::setSeen):
3179         (JSC::StructureStubInfo::addWatchpoint):
3180         * dfg/DFGAbstractInterpreterInlines.h:
3181         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3182         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
3183         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
3184         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
3185         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
3186         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
3187         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
3188         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
3189         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
3190         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
3191         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
3192         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
3193         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
3194         (JSC::DFG::AdaptiveStructureWatchpoint::install):
3195         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
3196         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
3197         (JSC::DFG::AdaptiveStructureWatchpoint::key):
3198         * dfg/DFGByteCodeParser.cpp:
3199         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
3200         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
3201         (JSC::DFG::ByteCodeParser::handleGetByOffset):
3202         (JSC::DFG::ByteCodeParser::handlePutByOffset):
3203         (JSC::DFG::ByteCodeParser::check):
3204         (JSC::DFG::ByteCodeParser::promoteToConstant):
3205         (JSC::DFG::ByteCodeParser::planLoad):
3206         (JSC::DFG::ByteCodeParser::load):
3207         (JSC::DFG::ByteCodeParser::presenceLike):
3208         (JSC::DFG::ByteCodeParser::checkPresenceLike):
3209         (JSC::DFG::ByteCodeParser::store):
3210         (JSC::DFG::ByteCodeParser::handleGetById):
3211         (JSC::DFG::ByteCodeParser::handlePutById):
3212         (JSC::DFG::ByteCodeParser::parseBlock):
3213         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
3214         * dfg/DFGCommonData.cpp:
3215         (JSC::DFG::CommonData::validateReferences):
3216         * dfg/DFGCommonData.h:
3217         * dfg/DFGConstantFoldingPhase.cpp:
3218         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3219         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
3220         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
3221         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
3222         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
3223         * dfg/DFGDesiredWatchpoints.cpp:
3224         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
3225         (JSC::DFG::InferredValueAdaptor::add):
3226         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
3227         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
3228         (JSC::DFG::DesiredWatchpoints::addLazily):
3229         (JSC::DFG::DesiredWatchpoints::consider):
3230         (JSC::DFG::DesiredWatchpoints::reallyAdd):
3231         (JSC::DFG::DesiredWatchpoints::areStillValid):
3232         (JSC::DFG::DesiredWatchpoints::dumpInContext):
3233         * dfg/DFGDesiredWatchpoints.h:
3234         (JSC::DFG::SetPointerAdaptor::add):
3235         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
3236         (JSC::DFG::SetPointerAdaptor::dumpInContext):
3237         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
3238         (JSC::DFG::InferredValueAdaptor::dumpInContext):
3239         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
3240         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
3241         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
3242         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
3243         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
3244         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
3245         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
3246         (JSC::DFG::DesiredWatchpoints::isWatched):
3247         (JSC::DFG::GenericSetAdaptor::add): Deleted.
3248         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
3249         * dfg/DFGDesiredWeakReferences.cpp:
3250         (JSC::DFG::DesiredWeakReferences::addLazily):
3251         (JSC::DFG::DesiredWeakReferences::contains):
3252         * dfg/DFGDesiredWeakReferences.h:
3253         * dfg/DFGGraph.cpp:
3254         (JSC::DFG::Graph::dump):
3255         (JSC::DFG::Graph::clearFlagsOnAllNodes):
3256         (JSC::DFG::Graph::watchCondition):
3257         (JSC::DFG::Graph::isSafeToLoad):
3258         (JSC::DFG::Graph::livenessFor):
3259         (JSC::DFG::Graph::tryGetConstantProperty):
3260         (JSC::DFG::Graph::visitChildren):
3261         * dfg/DFGGraph.h:
3262         (JSC::DFG::Graph::identifiers):
3263         (JSC::DFG::Graph::watchpoints):
3264         * dfg/DFGMultiGetByOffsetData.cpp: Added.
3265         (JSC::DFG::GetByOffsetMethod::dumpInContext):
3266         (JSC::DFG::GetByOffsetMethod::dump):
3267         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
3268         (JSC::DFG::MultiGetByOffsetCase::dump):
3269         (WTF::printInternal):
3270         * dfg/DFGMultiGetByOffsetData.h: Added.
3271         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
3272         (JSC::DFG::GetByOffsetMethod::constant):
3273         (JSC::DFG::GetByOffsetMethod::load):
3274         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
3275         (JSC::DFG::GetByOffsetMethod::operator!):
3276         (JSC::DFG::GetByOffsetMethod::kind):
3277         (JSC::DFG::GetByOffsetMethod::prototype):
3278         (JSC::DFG::GetByOffsetMethod::offset):
3279         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
3280         (JSC::DFG::MultiGetByOffsetCase::set):
3281         (JSC::DFG::MultiGetByOffsetCase::method):
3282         * dfg/DFGNode.h:
3283         * dfg/DFGSafeToExecute.h:
3284         (JSC::DFG::safeToExecute):
3285         * dfg/DFGStructureRegistrationPhase.cpp:
3286         (JSC::DFG::StructureRegistrationPhase::run):
3287         * ftl/FTLLowerDFGToLLVM.cpp:
3288         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
3289         * jit/Repatch.cpp:
3290         (JSC::repatchByIdSelfAccess):
3291         (JSC::checkObjectPropertyCondition):
3292         (JSC::checkObjectPropertyConditions):
3293         (JSC::replaceWithJump):
3294         (JSC::generateByIdStub):
3295         (JSC::actionForCell):
3296         (JSC::tryBuildGetByIDList):
3297         (JSC::emitPutReplaceStub):
3298         (JSC::emitPutTransitionStub):
3299         (JSC::tryCachePutByID):
3300         (JSC::tryBuildPutByIdList):
3301         (JSC::tryRepatchIn):
3302         (JSC::addStructureTransitionCheck): Deleted.
3303         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
3304         * runtime/IntendedStructureChain.cpp: Removed.
3305         * runtime/IntendedStructureChain.h: Removed.
3306         * runtime/JSCJSValue.h:
3307         * runtime/JSObject.cpp:
3308         (JSC::throwTypeError):
3309         (JSC::JSObject::convertToDictionary):
3310         (JSC::JSObject::shiftButterflyAfterFlattening):
3311         * runtime/JSObject.h:
3312         (JSC::JSObject::flattenDictionaryObject):
3313         (JSC::JSObject::convertToDictionary): Deleted.
3314         * runtime/Operations.h:
3315         (JSC::normalizePrototypeChain):
3316         (JSC::normalizePrototypeChainForChainAccess): Deleted.
3317         (JSC::isPrototypeChainNormalized): Deleted.
3318         * runtime/PropertySlot.h:
3319         (JSC::PropertySlot::PropertySlot):
3320         (JSC::PropertySlot::slotBase):
3321         * runtime/Structure.cpp:
3322         (JSC::Structure::addPropertyTransition):
3323         (JSC::Structure::attributeChangeTransition):
3324         (JSC::Structure::toDictionaryTransition):
3325         (JSC::Structure::toCacheableDictionaryTransition):
3326         (JSC::Structure::toUncacheableDictionaryTransition):
3327         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
3328         (JSC::Structure::startWatchingPropertyForReplacements):
3329         (JSC::Structure::didCachePropertyReplacement):
3330         (JSC::Structure::dump):
3331         * runtime/Structure.h:
3332         * runtime/VM.h:
3333         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
3334         (foo):
3335         (bar):
3336         (baz):
3337         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
3338         (foo):
3339         * tests/stress/replacement-watchpoint-dictionary.js: Added.
3340         (foo):
3341         * tests/stress/replacement-watchpoint.js: Added.
3342         (foo):
3343         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
3344         (foo):
3345         * tests/stress/undefined-access-then-proto-change.js: Added.
3346         (foo):
3347
3348 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3349
3350         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
3351         https://bugs.webkit.org/show_bug.cgi?id=147538
3352
3353         Reviewed by Geoffrey Garen.
3354
3355         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
3356         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
3357         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
3358
3359         * parser/ParserTokens.h:
3360         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
3361         (testSyntaxError):
3362
3363 2015-08-03  Keith Miller  <keith_miller@apple.com>
3364
3365         Clean up the naming for AST expression generation.
3366         https://bugs.webkit.org/show_bug.cgi?id=147581
3367
3368         Reviewed by Yusuke Suzuki.
3369
3370         * parser/ASTBuilder.h:
3371         (JSC::ASTBuilder::createThisExpr):
3372         (JSC::ASTBuilder::createSuperExpr):
3373         (JSC::ASTBuilder::createNewTargetExpr):
3374         (JSC::ASTBuilder::thisExpr): Deleted.
3375         (JSC::ASTBuilder::superExpr): Deleted.
3376         (JSC::ASTBuilder::newTargetExpr): Deleted.
3377         * parser/Parser.cpp:
3378         (JSC::Parser<LexerType>::parsePrimaryExpression):
3379         (JSC::Parser<LexerType>::parseMemberExpression):
3380         * parser/SyntaxChecker.h:
3381         (JSC::SyntaxChecker::createThisExpr):
3382         (JSC::SyntaxChecker::createSuperExpr):
3383         (JSC::SyntaxChecker::createNewTargetExpr):
3384         (JSC::SyntaxChecker::thisExpr): Deleted.
3385         (JSC::SyntaxChecker::superExpr): Deleted.
3386         (JSC::SyntaxChecker::newTargetExpr): Deleted.
3387
3388 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
3389
3390         Don't set up the callsite to operationGetByValDefault when the optimization is already done
3391         https://bugs.webkit.org/show_bug.cgi?id=147577
3392
3393         Reviewed by Filip Pizlo.
3394
3395         operationGetByValDefault should be called only when the IC is not set.
3396         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
3397         operationGetByValDefault raises the assertion failure.
3398         In this patch, we change the callsite setting up code in operationGetByValString when
3399         the IC is already set. And to make the operation's meaning explicitly, we changed the
3400         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
3401         GetById case.
3402
3403         * jit/JITOperations.cpp:
3404         * jit/JITOperations.h:
3405         * jit/JITPropertyAccess.cpp:
3406         (JSC::JIT::emitSlow_op_get_by_val):
3407         * jit/JITPropertyAccess32_64.cpp:
3408         (JSC::JIT::emitSlow_op_get_by_val):
3409         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
3410         (hello):
3411
3412 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
3413
3414         [FTL] Remove unused scripts related to native call inlining
3415         https://bugs.webkit.org/show_bug.cgi?id=147448
3416
3417         Reviewed by Filip Pizlo.
3418
3419         * build-symbol-table-index.py: Removed.
3420         * copy-llvm-ir-to-derived-sources.sh: Removed.
3421         * create-llvm-ir-from-source-file.py: Removed.
3422         * create-symbol-table-index.py: Removed.
3423
3424 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
3425
3426         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
3427         https://bugs.webkit.org/show_bug.cgi?id=118455
3428
3429         Reviewed by Filip Pizlo.
3430
3431         LivenessAnalysisPhase lights up like a christmas tree in profiles.
3432
3433         This patch cuts its cost by 4.
3434         About half of the gains come from removing many rehash() when copying
3435         the HashSet.
3436         The last quarter is achieved by having a special add() function for initializing
3437         a HashSet.
3438
3439         This makes benchmarks progress by 1-2% here and there. Nothing massive.
3440
3441         * dfg/DFGLivenessAnalysisPhase.cpp:
3442         (JSC::DFG::LivenessAnalysisPhase::process):
3443         The m_live HashSet is only useful per block. When we are done with it,
3444         we can transfer it to liveAtHead to avoid a copy.
3445
3446 2015-08-01  Saam barati  <saambarati1@gmail.com>
3447
3448         Unreviewed. Remove unintentional "print" statement in test case.
3449         https://bugs.webkit.org/show_bug.cgi?id=142567
3450
3451         * tests/stress/class-syntax-definition-semantics.js:
3452         (shouldBeSyntaxError):
3453
3454 2015-07-31  Alex Christensen  <achristensen@webkit.org>
3455
3456         Prepare for VS2015
3457         https://bugs.webkit.org/show_bug.cgi?id=146579
3458
3459         Reviewed by Jon Honeycutt.
3460
3461         * heap/Heap.h:
3462         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
3463
3464 2015-07-31  Saam barati  <saambarati1@gmail.com>
3465
3466         ES6 class syntax should use block scoping
3467         https://bugs.webkit.org/show_bug.cgi?id=142567
3468
3469         Reviewed by Geoffrey Garen.
3470
3471         We treat class declarations like we do "let" declarations.
3472         The class name is under TDZ until the class declaration
3473         statement is evaluated. Class declarations also follow
3474         the same rules as "let": No duplicate definitions inside
3475         a lexical environment.
3476
3477         * parser/ASTBuilder.h:
3478         (JSC::ASTBuilder::createClassDeclStatement):
3479         * parser/Parser.cpp:
3480         (JSC::Parser<LexerType>::parseClassDeclaration):
3481         * tests/stress/class-syntax-block-scoping.js: Added.
3482         (assert):
3483         (truth):
3484         (.):
3485         * tests/stress/class-syntax-definition-semantics.js: Added.
3486         (shouldBeSyntaxError):
3487         (shouldNotBeSyntaxError):
3488         (truth):
3489         * tests/stress/class-syntax-tdz.js:
3490         (assert):
3491         (shouldThrowTDZ):
3492         (truth):
3493         (.):
3494
3495 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3496
3497         Implement WebAssembly module parser
3498         https://bugs.webkit.org/show_bug.cgi?id=147293
3499
3500         Reviewed by Mark Lam.
3501
3502         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
3503         include file: 'JSWASMModule.h'" issue on Windows.
3504
3505         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3506         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3507         the magic number at the beginning of the files. Parsing of the rest will be
3508         implemented in a subsequent patch.
3509
3510         * CMakeLists.txt:
3511         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3512         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3513         * JavaScriptCore.xcodeproj/project.pbxproj:
3514         * jsc.cpp:
3515         (GlobalObject::finishCreation):
3516         (functionLoadWebAssembly):
3517         * parser/SourceProvider.h:
3518         (JSC::WebAssemblySourceProvider::create):
3519         (JSC::WebAssemblySourceProvider::data):
3520         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3521         * runtime/JSGlobalObject.cpp:
3522         (JSC::JSGlobalObject::init):
3523         (JSC::JSGlobalObject::visitChildren):
3524         * runtime/JSGlobalObject.h:
3525         (JSC::JSGlobalObject::wasmModuleStructure):
3526         * wasm/WASMMagicNumber.h: Added.
3527         * wasm/WASMModuleParser.cpp: Added.
3528         (JSC::WASMModuleParser::WASMModuleParser):
3529         (JSC::WASMModuleParser::parse):
3530         (JSC::WASMModuleParser::parseModule):
3531         (JSC::parseWebAssembly):
3532         * wasm/WASMModuleParser.h: Added.
3533         * wasm/WASMReader.cpp: Added.
3534         (JSC::WASMReader::readUnsignedInt32):
3535         (JSC::WASMReader::readFloat):
3536         (JSC::WASMReader::readDouble):
3537         * wasm/WASMReader.h: Added.
3538         (JSC::WASMReader::WASMReader):
3539
3540 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3541
3542         Add the "wasm" directory to the Additional Include Directories for jsc.exe
3543         https://bugs.webkit.org/show_bug.cgi?id=147443
3544
3545         Reviewed by Mark Lam.
3546
3547         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
3548         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
3549
3550         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
3551
3552 2015-07-30  Chris Dumez  <cdumez@apple.com>
3553
3554         Mark more classes as fast allocated
3555         https://bugs.webkit.org/show_bug.cgi?id=147440
3556
3557         Reviewed by Sam Weinig.
3558
3559         Mark more classes as fast allocated for performance. We heap-allocate
3560         objects of those types throughout the code base.
3561
3562         * API/JSCallbackObject.h:
3563         * API/ObjCCallbackFunction.mm:
3564         * bytecode/BytecodeKills.h:
3565         * bytecode/BytecodeLivenessAnalysis.h:
3566         * bytecode/CallLinkStatus.h:
3567         * bytecode/FullBytecodeLiveness.h:
3568         * bytecode/SamplingTool.h:
3569         * bytecompiler/BytecodeGenerator.h:
3570         * dfg/DFGBasicBlock.h:
3571         * dfg/DFGBlockMap.h:
3572         * dfg/DFGInPlaceAbstractState.h:
3573         * dfg/DFGThreadData.h:
3574         * heap/HeapVerifier.h:
3575         * heap/SlotVisitor.h:
3576         * parser/Lexer.h:
3577         * runtime/ControlFlowProfiler.h:
3578         * runtime/TypeProfiler.h:
3579         * runtime/TypeProfilerLog.h:
3580         * runtime/Watchdog.h:
3581
3582 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
3583
3584         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
3585         https://bugs.webkit.org/show_bug.cgi?id=147433
3586         rdar://problem/21668986
3587
3588         Reviewed by Mark Lam.
3589
3590         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
3591         currently that's not what it does - it emits a SetArgument for every argument that a varargs
3592         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
3593         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
3594         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
3595         have a PutStack.
3596
3597         This fixes the bug by removing the code to optimize away PutStacks in
3598         ArgumentsEliminationPhase.
3599
3600         * dfg/DFGArgumentsEliminationPhase.cpp:
3601         * tests/stress/varargs-inlining-underflow.js: Added.
3602         (baz):
3603         (bar):
3604         (foo):
3605
3606 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
3607
3608         Implement basic types for ECMAScript Internationalization API
3609         https://bugs.webkit.org/show_bug.cgi?id=146926
3610
3611         Reviewed by Benjamin Poulain.
3612
3613         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
3614         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
3615
3616         * CMakeLists.txt: Added new Intl files.
3617         * Configurations/FeatureDefines.xcconfig: Enable INTL.
3618         * DerivedSources.make: Added Intl files.
3619         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
3620         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
3621         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
3622         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
3623         * runtime/DateConstructor.cpp: Made Date.now public.
3624         * runtime/DateConstructor.h: Made Date.now public.
3625         * runtime/IntlCollator.cpp: Added.
3626         (JSC::IntlCollator::create):
3627         (JSC::IntlCollator::createStructure):
3628         (JSC::IntlCollator::IntlCollator):
3629         (JSC::IntlCollator::finishCreation):
3630         (JSC::IntlCollator::destroy):
3631         (JSC::IntlCollator::visitChildren):
3632         (JSC::IntlCollator::setBoundCompare):
3633         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
3634         * runtime/IntlCollator.h: Added.
3635         (JSC::IntlCollator::constructor):
3636         (JSC::IntlCollator::boundCompare):
3637         * runtime/IntlCollatorConstructor.cpp: Added.
3638         (JSC::IntlCollatorConstructor::create):
3639         (JSC::IntlCollatorConstructor::createStructure):
3640         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
3641         (JSC::IntlCollatorConstructor::finishCreation):
3642         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
3643         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
3644         (JSC::IntlCollatorConstructor::getConstructData):
3645         (JSC::IntlCollatorConstructor::getCallData):
3646         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
3647         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3648         (JSC::IntlCollatorConstructor::visitChildren):
3649         * runtime/IntlCollatorConstructor.h: Added.
3650         (JSC::IntlCollatorConstructor::collatorStructure):
3651         * runtime/IntlCollatorPrototype.cpp: Added.
3652         (JSC::IntlCollatorPrototype::create):
3653         (JSC::IntlCollatorPrototype::createStructure):
3654         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
3655         (JSC::IntlCollatorPrototype::finishCreation):
3656         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
3657         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
3658         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3659         * runtime/IntlCollatorPrototype.h: Added.
3660         * runtime/IntlDateTimeFormat.cpp: Added.
3661         (JSC::IntlDateTimeFormat::create):
3662         (JSC::IntlDateTimeFormat::createStructure):
3663         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
3664         (JSC::IntlDateTimeFormat::finishCreation):
3665         (JSC::IntlDateTimeFormat::destroy):
3666         (JSC::IntlDateTimeFormat::visitChildren):
3667         (JSC::IntlDateTimeFormat::setBoundFormat):
3668         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
3669         * runtime/IntlDateTimeFormat.h: Added.
3670         (JSC::IntlDateTimeFormat::constructor):
3671         (JSC::IntlDateTimeFormat::boundFormat):
3672         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
3673         (JSC::IntlDateTimeFormatConstructor::create):
3674         (JSC::IntlDateTimeFormatConstructor::createStructure):
3675         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
3676         (JSC::IntlDateTimeFormatConstructor::finishCreation):
3677         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3678         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
3679         (JSC::IntlDateTimeFormatConstructor::getConstructData):
3680         (JSC::IntlDateTimeFormatConstructor::getCallData):
3681         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
3682         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3683         (JSC::IntlDateTimeFormatConstructor::visitChildren):
3684         * runtime/IntlDateTimeFormatConstructor.h: Added.
3685         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
3686         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
3687         (JSC::IntlDateTimeFormatPrototype::create):
3688         (JSC::IntlDateTimeFormatPrototype::createStructure):
3689         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
3690         (JSC::IntlDateTimeFormatPrototype::finishCreation):
3691         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
3692         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
3693         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3694         * runtime/IntlDateTimeFormatPrototype.h: Added.
3695         * runtime/IntlNumberFormat.cpp: Added.
3696         (JSC::IntlNumberFormat::create):
3697         (JSC::IntlNumberFormat::createStructure):
3698         (JSC::IntlNumberFormat::IntlNumberFormat):
3699         (JSC::IntlNumberFormat::finishCreation):
3700         (JSC::IntlNumberFormat::destroy):
3701         (JSC::IntlNumberFormat::visitChildren):
3702         (JSC::IntlNumberFormat::setBoundFormat):
3703         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
3704         * runtime/IntlNumberFormat.h: Added.
3705         (JSC::IntlNumberFormat::constructor):
3706         (JSC::IntlNumberFormat::boundFormat):
3707         * runtime/IntlNumberFormatConstructor.cpp: Added.
3708         (JSC::IntlNumberFormatConstructor::create):
3709         (JSC::IntlNumberFormatConstructor::createStructure):
3710         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
3711         (JSC::IntlNumberFormatConstructor::finishCreation):
3712         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3713         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
3714         (JSC::IntlNumberFormatConstructor::getConstructData):
3715         (JSC::IntlNumberFormatConstructor::getCallData):
3716         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
3717         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
3718         (JSC::IntlNumberFormatConstructor::visitChildren):
3719         * runtime/IntlNumberFormatConstructor.h: Added.
3720         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
3721         * runtime/IntlNumberFormatPrototype.cpp: Added.
3722         (JSC::IntlNumberFormatPrototype::create):
3723         (JSC::IntlNumberFormatPrototype::createStructure):
3724         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
3725         (JSC::IntlNumberFormatPrototype::finishCreation):
3726         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
3727         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
3728         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3729         * runtime/IntlNumberFormatPrototype.h: Added.
3730         * runtime/IntlObject.cpp:
3731         (JSC::IntlObject::create):
3732         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
3733         (JSC::IntlObject::visitChildren):
3734         * runtime/IntlObject.h:
3735         (JSC::IntlObject::collatorConstructor):
3736         (JSC::IntlObject::collatorPrototype):
3737         (JSC::IntlObject::collatorStructure):
3738         (JSC::IntlObject::numberFormatConstructor):
3739         (JSC::IntlObject::numberFormatPrototype):
3740         (JSC::IntlObject::numberFormatStructure):
3741         (JSC::IntlObject::dateTimeFormatConstructor):
3742         (JSC::IntlObject::dateTimeFormatPrototype):
3743         (JSC::IntlObject::dateTimeFormatStructure):
3744         * runtime/JSGlobalObject.cpp:
3745         (JSC::JSGlobalObject::init):
3746
3747 2015-07-29  Commit Queue  <commit-queue@webkit.org>
3748
3749         Unreviewed, rolling out r187550.
3750         https://bugs.webkit.org/show_bug.cgi?id=147420
3751
3752         Broke Windows build (again) (Requested by smfr on #webkit).
3753
3754         Reverted changeset:
3755
3756         "Implement WebAssembly module parser"
3757         https://bugs.webkit.org/show_bug.cgi?id=147293
3758         http://trac.webkit.org/changeset/187550
3759
3760 2015-07-29  Basile Clement  <basile_clement@apple.com>
3761
3762         Remove native call inlining
3763         https://bugs.webkit.org/show_bug.cgi?id=147417
3764
3765         Rubber Stamped by Filip Pizlo.
3766
3767         * CMakeLists.txt:
3768         * dfg/DFGAbstractInterpreterInlines.h:
3769         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
3770         * dfg/DFGByteCodeParser.cpp:
3771         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
3772         * dfg/DFGClobberize.h:
3773         (JSC::DFG::clobberize): Deleted.
3774         * dfg/DFGDoesGC.cpp:
3775         (JSC::DFG::doesGC): Deleted.
3776         * dfg/DFGFixupPhase.cpp:
3777         (JSC::DFG::FixupPhase::fixupNode): Deleted.
3778         * dfg/DFGNode.h:
3779         (JSC::DFG::Node::hasHeapPrediction): Deleted.
3780         (JSC::DFG::Node::hasCellOperand): Deleted.
3781         * dfg/DFGNodeType.h:
3782         * dfg/DFGPredictionPropagationPhase.cpp:
3783         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
3784         * dfg/DFGSafeToExecute.h:
3785         (JSC::DFG::safeToExecute): Deleted.
3786         * dfg/DFGSpeculativeJIT32_64.cpp:
3787         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3788         * dfg/DFGSpeculativeJIT64.cpp:
3789         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3790         * ftl/FTLCapabilities.cpp:
3791         (JSC::FTL::canCompile): Deleted.
3792         * ftl/FTLLowerDFGToLLVM.cpp:
3793         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
3794         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
3795         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
3796         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
3797         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
3798         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
3799         * ftl/FTLState.cpp:
3800         (JSC::FTL::State::State): Deleted.
3801         * ftl/FTLState.h:
3802         * runtime/BundlePath.cpp: Removed.
3803         (JSC::bundlePath): Deleted.
3804         * runtime/JSDataViewPrototype.cpp:
3805         (JSC::getData):
3806         (JSC::setData):
3807         * runtime/Options.h:
3808
3809 2015-07-29  Basile Clement  <basile_clement@apple.com>
3810
3811         Unreviewed, skipping a test that is too complex for its own good
3812         https://bugs.webkit.org/show_bug.cgi?id=147167
3813
3814         * tests/stress/math-pow-coherency.js:
3815
3816 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3817
3818         Implement WebAssembly module parser
3819         https://bugs.webkit.org/show_bug.cgi?id=147293
3820
3821         Reviewed by Mark Lam.
3822
3823         Reupload the patch, since r187539 should fix the "Cannot open include file:
3824         'JSWASMModule.h'" issue in the Windows build.
3825
3826         * CMakeLists.txt:
3827         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3828         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3829         * JavaScriptCore.xcodeproj/project.pbxproj:
3830         * jsc.cpp:
3831         (GlobalObject::finishCreation):
3832         (functionLoadWebAssembly):
3833         * parser/SourceProvider.h:
3834         (JSC::WebAssemblySourceProvider::create):
3835         (JSC::WebAssemblySourceProvider::data):
3836         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3837         * runtime/JSGlobalObject.cpp:
3838         (JSC::JSGlobalObject::init):
3839         (JSC::JSGlobalObject::visitChildren):
3840         * runtime/JSGlobalObject.h:
3841         (JSC::JSGlobalObject::wasmModuleStructure):
3842         * wasm/WASMMagicNumber.h: Added.
3843         * wasm/WASMModuleParser.cpp: Added.
3844         (JSC::WASMModuleParser::WASMModuleParser):
3845         (JSC::WASMModuleParser::parse):
3846         (JSC::WASMModuleParser::parseModule):
3847         (JSC::parseWebAssembly):
3848         * wasm/WASMModuleParser.h: Added.
3849         * wasm/WASMReader.cpp: Added.
3850         (JSC::WASMReader::readUnsignedInt32):
3851         (JSC::WASMReader::readFloat):
3852         (JSC::WASMReader::readDouble):
3853         * wasm/WASMReader.h: Added.
3854         (JSC::WASMReader::WASMReader):
3855
3856 2015-07-29  Basile Clement  <basile_clement@apple.com>
3857
3858         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
3859         https://bugs.webkit.org/show_bug.cgi?id=147167
3860
3861         * tests/stress/math-pow-coherency.js:
3862
3863 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3864
3865         Add the "wasm" directory to Visual Studio project files
3866         https://bugs.webkit.org/show_bug.cgi?id=147400
3867
3868         Reviewed by Simon Fraser.
3869
3870         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
3871         in the Windows build.
3872
3873         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3874         * JavaScriptCore.vcxproj/copy-files.cmd:
3875
3876 2015-07-28  Commit Queue  <commit-queue@webkit.org>
3877
3878         Unreviewed, rolling out r187531.
3879         https://bugs.webkit.org/show_bug.cgi?id=147397
3880
3881         Broke Windows bild (Requested by smfr on #webkit).
3882
3883         Reverted changeset:
3884
3885         "Implement WebAssembly module parser"
3886         https://bugs.webkit.org/show_bug.cgi?id=147293
3887         http://trac.webkit.org/changeset/187531
3888
3889 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
3890
3891         Speed up the Stringifier::toJSON() fast case
3892         https://bugs.webkit.org/show_bug.cgi?id=147383
3893
3894         Reviewed by Andreas Kling.
3895
3896         * runtime/JSONObject.cpp:
3897         (JSC::Stringifier::toJSON):
3898         (JSC::Stringifier::toJSONImpl):
3899
3900 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3901
3902         Implement WebAssembly module parser
3903         https://bugs.webkit.org/show_bug.cgi?id=147293
3904
3905         Reviewed by Geoffrey Garen.
3906
3907         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3908         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3909         the magic number at the beginning of the files. Parsing of the rest will be
3910         implemented in a subsequent patch.
3911
3912         * CMakeLists.txt:
3913         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3914         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3915         * JavaScriptCore.xcodeproj/project.pbxproj:
3916         * jsc.cpp:
3917         (GlobalObject::finishCreation):