REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-10-22  Geoffrey Garen  <ggaren@apple.com>
2
3         REGRESSION: `if (false === (true && undefined)) console.log("wrong!");` logs "wrong!", shouldn't!
4         https://bugs.webkit.org/show_bug.cgi?id=123179
5
6         Reviewed by Mark Hahnenberg.
7
8         * parser/NodeConstructors.h:
9         (JSC::LogicalOpNode::LogicalOpNode):
10         * parser/ResultType.h:
11         (JSC::ResultType::forLogicalOp): Don't assume that && produces a boolean.
12         This is JavaScript (aka Sparta).
13
14 2013-10-22  Commit Queue  <commit-queue@webkit.org>
15
16         Unreviewed, rolling out r157819.
17         http://trac.webkit.org/changeset/157819
18         https://bugs.webkit.org/show_bug.cgi?id=123180
19
20         Broke 32-bit builds (Requested by smfr on #webkit).
21
22         * Configurations/JavaScriptCore.xcconfig:
23         * Configurations/ToolExecutable.xcconfig:
24
25 2013-10-22  Daniel Bates  <dabates@apple.com>
26
27         [iOS] Upstream more ARMv7s bits
28         https://bugs.webkit.org/show_bug.cgi?id=123052
29
30         Reviewed by Joseph Pecoraro.
31
32         * Configurations/JavaScriptCore.xcconfig:
33         * Configurations/ToolExecutable.xcconfig: Enable CLANG_ENABLE_OBJC_ARC for i386 as I'm
34         modifying a file in JavaScriptCore/Configurations.
35
36 2013-10-22  Daniel Bates  <dabates@apple.com>
37
38         [iOS] Upstream JSLock changes
39         https://bugs.webkit.org/show_bug.cgi?id=123107
40
41         Reviewed by Geoffrey Garen.
42
43         * runtime/JSLock.cpp:
44         (JSC::JSLock::unlock):
45         (JSC::JSLock::dropAllLocks): Modified to take a SpinLock, used only on iOS.
46         (JSC::JSLock::dropAllLocksUnconditionally): Modified to take a SpinLock, used only on iOS. Also
47         use pre-increment instead of post-increment when we're not using the return value of the instruction.
48         (JSC::JSLock::grabAllLocks): Modified to take a SpinLock, used only on iOS. Also change
49         places where we were using post-increment/post-decrement to use pre-increment/pre-decrement,
50         since we don't use the return value of such instructions.
51         (JSC::JSLock::DropAllLocks::DropAllLocks): Modified to support releasing all locks unconditionally.
52         Take a spin lock before releasing all locks on iOS. Also, use nullptr instead of 0.
53         (JSC::JSLock::DropAllLocks::~DropAllLocks): Take a spin lock before acquiring all locks on iOS.
54         * runtime/JSLock.h: Remove extraneous argument name "exec" from DropAllLocks as the data type of
55         the argument is sufficiently descriptive of its purpose.
56
57 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
58
59         [arm] Add missing setupArgumentsWithExecState() prototypes to fix build.
60         https://bugs.webkit.org/show_bug.cgi?id=123166
61
62         Reviewed by Michael Saboff.
63
64         * jit/CCallHelpers.h:
65         (JSC::CCallHelpers::setupArgumentsWithExecState):
66
67 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
68
69         [sh4][mips][arm] Fix crashes in JSC (32-bit only).
70         https://bugs.webkit.org/show_bug.cgi?id=123165
71
72         Reviewed by Michael Saboff.
73
74         * jit/JITInlines.h:
75         (JSC::JIT::callOperationNoExceptionCheck): Add missing EABI_32BIT_DUMMY_ARG.
76         (JSC::JIT::callOperation): The last TrustedImm32(arg3) is a bit overkill for SH4 :)
77         (JSC::JIT::callOperation): Add missing EABI_32BIT_DUMMY_ARG.
78         (JSC::JIT::callOperation): Fix tag and payload order for V_JITOperation_EJJJ prototype.
79
80 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
81
82         REGRESSION(r157690, r157699) Fix architectures using AssemblerBufferWithConstantPool.
83         https://bugs.webkit.org/show_bug.cgi?id=123092
84
85         Reviewed by Michael Saboff.
86
87         Impacted architectures are SH4 and ARM_TRADITIONAL.
88
89         * assembler/ARMAssembler.h:
90         (JSC::ARMAssembler::buffer):
91         * assembler/AssemblerBufferWithConstantPool.h:
92         (JSC::AssemblerBufferWithConstantPool::flushConstantPool):
93         * assembler/LinkBuffer.cpp:
94         (JSC::LinkBuffer::linkCode):
95         * assembler/SH4Assembler.h:
96         (JSC::SH4Assembler::buffer):
97
98 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
99
100         Remove unused stuff in JIT stubs.
101         https://bugs.webkit.org/show_bug.cgi?id=123155
102
103         Reviewed by Michael Saboff.
104
105         * jit/JITStubs.h:
106         * jit/JITStubsARM.h:
107         (JSC::ctiTrampoline):
108         * jit/JITStubsARM64.h:
109         * jit/JITStubsARMv7.h:
110         * jit/JITStubsMIPS.h:
111         * jit/JITStubsSH4.h:
112         * jit/JITStubsX86.h:
113         * jit/JITStubsX86_64.h:
114
115 2013-10-22  Daniel Bates  <dabates@apple.com>
116
117         [iOS] Upstream OS-version-specific install paths for JavaScriptCore.framework
118         https://bugs.webkit.org/show_bug.cgi?id=123115
119         <rdar://problem/13696872>
120
121         Reviewed by Andy Estes.
122
123         Based on a patch by Mark Hahnenberg.
124
125         Add support for running JavaScriptCore-based apps, built against the iOS 7 SDK, on older versions of iOS.
126
127         * API/JSBase.cpp:
128
129 2013-10-22  Julien Brianceau  <jbriance@cisco.com>
130
131         [sh4] Add missing lastRegister(), firstFPRegister() and lastFPRegister(). 
132         https://bugs.webkit.org/show_bug.cgi?id=123157
133
134         Reviewed by Andreas Kling.
135
136         * assembler/SH4Assembler.h:
137         (JSC::SH4Assembler::lastRegister):
138         (JSC::SH4Assembler::firstFPRegister):
139         (JSC::SH4Assembler::lastFPRegister):
140
141 2013-10-22  Brian Holt  <brian.holt@samsung.com>
142
143         Build break on ARMv7 after r157209
144         https://bugs.webkit.org/show_bug.cgi?id=122890
145
146         Reviewed by Csaba Osztrogon√°c.
147
148         Add framePointerRegister and first/last register helpers for ARM_TRADITIONAL.
149
150         * assembler/ARMAssembler.h:
151         * assembler/MacroAssemblerARM.h:
152         (JSC::MacroAssemblerARM::firstRegister):
153         (JSC::MacroAssemblerARM::lastRegister):
154         (JSC::MacroAssemblerARM::firstFPRegister):
155         (JSC::MacroAssemblerARM::lastFPRegister):
156
157 2013-10-21  Daniel Bates  <dabates@apple.com>
158
159         [iOS] Upstream JSGlobalObject::shouldInterruptScriptBeforeTimeout()
160         https://bugs.webkit.org/show_bug.cgi?id=123045
161
162         Reviewed by Joseph Pecoraro.
163
164         * jsc.cpp: Add function pointer for shouldInterruptScriptBeforeTimeout
165         to global method table.
166         * runtime/JSGlobalObject.cpp: Ditto.
167         * runtime/JSGlobalObject.h:
168         (JSC::JSGlobalObject::shouldInterruptScriptBeforeTimeout): Added.
169
170 2013-10-21  Daniel Bates  <dabates@apple.com>
171
172         [iOS] Upstream JSC Objective-C API compiler warning fixes
173         https://bugs.webkit.org/show_bug.cgi?id=123125
174
175         Reviewed by Mark Hahnenberg.
176
177         Based on a patch by Mark Hahnenberg.
178
179         * API/JSValue.mm:
180         (-[JSValue toPoint]): Cast to CGFloat to fix some compiler warnings about double narrowing to float.
181         (-[JSValue toSize]): Ditto.
182         * API/tests/testapi.mm: Changed a test that was failing due to overflow of 32-bit NSUInteger on armv7.
183
184 2013-10-21  Daniel Bates  <dabates@apple.com>
185
186         [iOS] Mark classes JS{Context, ManagedValue, Value, VirtualMachine} as
187         available since iOS 7.0
188         https://bugs.webkit.org/show_bug.cgi?id=123122
189
190         Reviewed by Dan Bernstein.
191
192         * API/JSContext.h:
193         * API/JSManagedValue.h:
194         * API/JSValue.h:
195         * API/JSVirtualMachine.h:
196
197 2013-10-20  Mark Lam  <mark.lam@apple.com>
198
199         Avoid JSC debugger overhead unless needed.
200         https://bugs.webkit.org/show_bug.cgi?id=123084.
201
202         Reviewed by Geoffrey Garen.
203
204         - If no breakpoints are set, we now avoid calling the debug hook callbacks.
205         - If no break on exception is set, we also avoid exception event debug callbacks.
206         - When we return from the ScriptDebugServer to the JSC::Debugger, we may no
207           longer call the debug hook callbacks if not needed. Hence, the m_currentCallFrame
208           pointer in the ScriptDebugServer may become stale. To avoid this issue, before
209           returning, the ScriptDebugServer will clear its m_currentCallFrame if
210           needsOpDebugCallbacks() is false.
211
212         * debugger/Debugger.cpp:
213         (JSC::Debugger::Debugger):
214         (JSC::Debugger::setNeedsExceptionCallbacks):
215         (JSC::Debugger::setShouldPause):
216         (JSC::Debugger::updateNumberOfBreakpoints):
217         (JSC::Debugger::updateNeedForOpDebugCallbacks):
218         * debugger/Debugger.h:
219         * interpreter/Interpreter.cpp:
220         (JSC::Interpreter::unwind):
221         (JSC::Interpreter::debug):
222         * jit/JITOpcodes.cpp:
223         (JSC::JIT::emit_op_debug):
224         * jit/JITOpcodes32_64.cpp:
225         (JSC::JIT::emit_op_debug):
226         * llint/LLIntOffsetsExtractor.cpp:
227         * llint/LowLevelInterpreter.asm:
228
229 2013-10-21  Brent Fulgham  <bfulgham@apple.com>
230
231         [WIN] Unreviewed build correction.
232
233         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Handle new JIT files as C++ implementation
234           sources, not header files.
235         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
236
237 2013-10-21  Oliver Hunt  <oliver@apple.com>
238
239         Support computed property names in object literals
240         https://bugs.webkit.org/show_bug.cgi?id=123112
241
242         Reviewed by Michael Saboff.
243
244         Add support for computed property names to the parser.
245
246         * bytecompiler/NodesCodegen.cpp:
247         (JSC::PropertyListNode::emitBytecode):
248         * parser/ASTBuilder.h:
249         (JSC::ASTBuilder::createProperty):
250         (JSC::ASTBuilder::getName):
251         * parser/NodeConstructors.h:
252         (JSC::PropertyNode::PropertyNode):
253         * parser/Nodes.h:
254         (JSC::PropertyNode::expressionName):
255         (JSC::PropertyNode::name):
256         * parser/Parser.cpp:
257         (JSC::::parseProperty):
258         (JSC::::parseStrictObjectLiteral):
259         * parser/SyntaxChecker.h:
260         (JSC::SyntaxChecker::Property::Property):
261         (JSC::SyntaxChecker::createProperty):
262         (JSC::SyntaxChecker::operatorStackPop):
263
264 2013-10-21  Michael Saboff  <msaboff@apple.com>
265
266         Add option so that JSC will crash if it can't allocate executable memory for the JITs
267         https://bugs.webkit.org/show_bug.cgi?id=123048
268         <rdar://problem/12856193>
269
270         Reviewed by Geoffrey Garen.
271
272         Added new option, called crashIfCantAllocateJITMemory. If this option is true then we crash
273         when checking the validity of the executable allocator. The default value for this option is
274         false, but jsc sets it to true when built for iOS to make it straightforward to identify whether
275         the app can obtain executable memory.
276
277         * jsc.cpp: Explicitly enable crashIfCantAllocateJITMemory on iOS.
278         (main):
279         * runtime/Options.h: Added option crashIfCantAllocateJITMemory.
280         * runtime/VM.cpp:
281         (JSC::enableAssembler): Modified to crash if option crashIfCantAllocateJITMemory
282         is enabled.
283
284 2013-10-21  Nadav Rotem  <nrotem@apple.com>
285
286         Remove AllInOneFile.cpp
287         https://bugs.webkit.org/show_bug.cgi?id=123055
288
289         Reviewed by Csaba Osztrogon√°c.
290
291         * AllInOneFile.cpp: Removed.
292
293 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
294
295         Unreviewed, cleanup a FIXME comment.
296
297         * jit/Repatch.cpp:
298
299 2013-10-20  Filip Pizlo  <fpizlo@apple.com>
300
301         StructureStubInfo's usedRegisters set should be able to track all registers, not just the ones that our JIT's view as temporaries
302         https://bugs.webkit.org/show_bug.cgi?id=123076
303
304         Reviewed by Sam Weinig.
305         
306         Start preparing for a world in which we are patching code generated by LLVM, which may have
307         very different register usage conventions than our JITs. This requires us being more explicit
308         about the registers we are using. For example, the repatching code shouldn't take for granted
309         that tagMaskRegister holds the TagMask or that the register is even in use.
310
311         * CMakeLists.txt:
312         * GNUmakefile.list.am:
313         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
314         * JavaScriptCore.xcodeproj/project.pbxproj:
315         * assembler/MacroAssembler.h:
316         (JSC::MacroAssembler::numberOfRegisters):
317         (JSC::MacroAssembler::registerIndex):
318         (JSC::MacroAssembler::numberOfFPRegisters):
319         (JSC::MacroAssembler::fpRegisterIndex):
320         (JSC::MacroAssembler::totalNumberOfRegisters):
321         * bytecode/StructureStubInfo.h:
322         * dfg/DFGSpeculativeJIT.cpp:
323         (JSC::DFG::SpeculativeJIT::usedRegisters):
324         * dfg/DFGSpeculativeJIT.h:
325         * ftl/FTLSaveRestore.cpp:
326         (JSC::FTL::bytesForGPRs):
327         (JSC::FTL::bytesForFPRs):
328         (JSC::FTL::offsetOfGPR):
329         (JSC::FTL::offsetOfFPR):
330         * jit/JITInlineCacheGenerator.cpp:
331         (JSC::JITByIdGenerator::JITByIdGenerator):
332         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
333         * jit/JITInlineCacheGenerator.h:
334         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
335         * jit/JITPropertyAccess.cpp:
336         (JSC::JIT::emit_op_get_by_id):
337         (JSC::JIT::emit_op_put_by_id):
338         * jit/JITPropertyAccess32_64.cpp:
339         (JSC::JIT::emit_op_get_by_id):
340         (JSC::JIT::emit_op_put_by_id):
341         * jit/RegisterSet.cpp: Added.
342         (JSC::RegisterSet::specialRegisters):
343         * jit/RegisterSet.h: Added.
344         (JSC::RegisterSet::RegisterSet):
345         (JSC::RegisterSet::set):
346         (JSC::RegisterSet::clear):
347         (JSC::RegisterSet::get):
348         (JSC::RegisterSet::merge):
349         * jit/Repatch.cpp:
350         (JSC::generateProtoChainAccessStub):
351         (JSC::tryCacheGetByID):
352         (JSC::tryBuildGetByIDList):
353         (JSC::emitPutReplaceStub):
354         (JSC::tryRepatchIn):
355         (JSC::linkClosureCall):
356         * jit/TempRegisterSet.cpp: Added.
357         (JSC::TempRegisterSet::TempRegisterSet):
358         * jit/TempRegisterSet.h:
359
360 2013-10-20  Julien Brianceau  <jbriance@cisco.com>
361
362         [sh4] Fix build (broken since r157690).
363         https://bugs.webkit.org/show_bug.cgi?id=123081
364
365         Reviewed by Andreas Kling.
366
367         * assembler/AssemblerBufferWithConstantPool.h:
368         * assembler/SH4Assembler.h:
369         (JSC::SH4Assembler::buffer):
370         (JSC::SH4Assembler::readCallTarget):
371
372 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
373
374         Simplify TempRegisterSet - it no longer needs to be convertible to a POD since it's no longer going to be a member of a union
375         https://bugs.webkit.org/show_bug.cgi?id=123079
376
377         Reviewed by Geoffrey Garen.
378
379         * jit/TempRegisterSet.h:
380
381 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
382
383         Rename RegisterSet to TempRegisterSet
384         https://bugs.webkit.org/show_bug.cgi?id=123077
385
386         Reviewed by Dan Bernstein.
387
388         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
389         * JavaScriptCore.xcodeproj/project.pbxproj:
390         * bytecode/StructureStubInfo.h:
391         * dfg/DFGJITCompiler.h:
392         * dfg/DFGSpeculativeJIT.h:
393         (JSC::DFG::SpeculativeJIT::usedRegisters):
394         * jit/JITInlineCacheGenerator.cpp:
395         (JSC::JITByIdGenerator::JITByIdGenerator):
396         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
397         * jit/JITInlineCacheGenerator.h:
398         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
399         * jit/JITPropertyAccess.cpp:
400         (JSC::JIT::emit_op_get_by_id):
401         (JSC::JIT::emit_op_put_by_id):
402         * jit/JITPropertyAccess32_64.cpp:
403         (JSC::JIT::emit_op_get_by_id):
404         (JSC::JIT::emit_op_put_by_id):
405         * jit/RegisterSet.h: Removed.
406         * jit/ScratchRegisterAllocator.h:
407         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
408         * jit/TempRegisterSet.h: Copied from Source/JavaScriptCore/jit/RegisterSet.h.
409         (JSC::TempRegisterSet::TempRegisterSet):
410         (JSC::TempRegisterSet::asPOD):
411         (JSC::TempRegisterSet::copyInfo):
412
413 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
414
415         Restructure LinkBuffer to allow for alternate allocation strategies
416         https://bugs.webkit.org/show_bug.cgi?id=123071
417
418         Reviewed by Oliver Hunt.
419         
420         The idea is to eventually allow a LinkBuffer to place the code into an already
421         allocated region of memory.  That region of memory could be the nop-slide left behind
422         by a llvm.webkit.patchpoint.
423
424         * assembler/ARM64Assembler.h:
425         (JSC::ARM64Assembler::buffer):
426         * assembler/AssemblerBuffer.h:
427         * assembler/LinkBuffer.cpp:
428         (JSC::LinkBuffer::copyCompactAndLinkCode):
429         (JSC::LinkBuffer::linkCode):
430         (JSC::LinkBuffer::allocate):
431         (JSC::LinkBuffer::shrink):
432         * assembler/LinkBuffer.h:
433         (JSC::LinkBuffer::LinkBuffer):
434         (JSC::LinkBuffer::didFailToAllocate):
435         * assembler/X86Assembler.h:
436         (JSC::X86Assembler::buffer):
437         (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
438
439 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
440
441         Some includes in JSC seem to use an incorrect style
442         https://bugs.webkit.org/show_bug.cgi?id=123057
443
444         Reviewed by Geoffrey Garen.
445
446         Changed pseudo-system includes to user ones.
447
448         * API/JSContextRef.cpp:
449         * API/JSStringRefCF.cpp:
450         * API/JSValueRef.cpp:
451         * API/OpaqueJSString.cpp:
452         * jit/JIT.h:
453         * parser/SyntaxChecker.h:
454         * runtime/WeakGCMap.h:
455
456 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
457
458         Baseline JIT and DFG IC code generation should be unified and rationalized
459         https://bugs.webkit.org/show_bug.cgi?id=122939
460
461         Reviewed by Geoffrey Garen.
462         
463         Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
464         some register info and creates JIT inline caches for you. Used this to even furhter
465         unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
466         is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
467         that it needs to do the equivalent of get_by_id, so with this generator it will be able
468         to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
469
470         * CMakeLists.txt:
471         * GNUmakefile.list.am:
472         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
473         * JavaScriptCore.xcodeproj/project.pbxproj:
474         * assembler/AbstractMacroAssembler.h:
475         (JSC::AbstractMacroAssembler::DataLabelCompact::label):
476         * bytecode/CodeBlock.h:
477         (JSC::CodeBlock::ecmaMode):
478         * dfg/DFGInlineCacheWrapper.h: Added.
479         (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
480         * dfg/DFGInlineCacheWrapperInlines.h: Added.
481         (JSC::DFG::::finalize):
482         * dfg/DFGJITCompiler.cpp:
483         (JSC::DFG::JITCompiler::link):
484         * dfg/DFGJITCompiler.h:
485         (JSC::DFG::JITCompiler::addGetById):
486         (JSC::DFG::JITCompiler::addPutById):
487         * dfg/DFGSpeculativeJIT32_64.cpp:
488         (JSC::DFG::SpeculativeJIT::cachedGetById):
489         (JSC::DFG::SpeculativeJIT::cachedPutById):
490         * dfg/DFGSpeculativeJIT64.cpp:
491         (JSC::DFG::SpeculativeJIT::cachedGetById):
492         (JSC::DFG::SpeculativeJIT::cachedPutById):
493         (JSC::DFG::SpeculativeJIT::compile):
494         * jit/AssemblyHelpers.h:
495         (JSC::AssemblyHelpers::isStrictModeFor):
496         (JSC::AssemblyHelpers::strictModeFor):
497         * jit/GPRInfo.h:
498         (JSC::JSValueRegs::tagGPR):
499         * jit/JIT.cpp:
500         (JSC::JIT::JIT):
501         (JSC::JIT::privateCompileSlowCases):
502         (JSC::JIT::privateCompile):
503         * jit/JIT.h:
504         * jit/JITInlineCacheGenerator.cpp: Added.
505         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
506         (JSC::JITByIdGenerator::JITByIdGenerator):
507         (JSC::JITByIdGenerator::finalize):
508         (JSC::JITByIdGenerator::generateFastPathChecks):
509         (JSC::JITGetByIdGenerator::generateFastPath):
510         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
511         (JSC::JITPutByIdGenerator::generateFastPath):
512         (JSC::JITPutByIdGenerator::slowPathFunction):
513         * jit/JITInlineCacheGenerator.h: Added.
514         (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
515         (JSC::JITInlineCacheGenerator::stubInfo):
516         (JSC::JITByIdGenerator::JITByIdGenerator):
517         (JSC::JITByIdGenerator::reportSlowPathCall):
518         (JSC::JITByIdGenerator::slowPathJump):
519         (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
520         (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
521         * jit/JITPropertyAccess.cpp:
522         (JSC::JIT::emit_op_get_by_id):
523         (JSC::JIT::emitSlow_op_get_by_id):
524         (JSC::JIT::emit_op_put_by_id):
525         (JSC::JIT::emitSlow_op_put_by_id):
526         * jit/JITPropertyAccess32_64.cpp:
527         (JSC::JIT::emit_op_get_by_id):
528         (JSC::JIT::emitSlow_op_get_by_id):
529         (JSC::JIT::emit_op_put_by_id):
530         (JSC::JIT::emitSlow_op_put_by_id):
531         * jit/RegisterSet.h:
532         (JSC::RegisterSet::set):
533
534 2013-10-19  Alexey Proskuryakov  <ap@apple.com>
535
536         APICast.h uses functions from JSCJSValueInlines.h, but doesn't include it
537         https://bugs.webkit.org/show_bug.cgi?id=123067
538
539         Reviewed by Geoffrey Garen.
540
541         * API/APICast.h: Include it.
542
543 2013-10-19  Filip Pizlo  <fpizlo@apple.com>
544
545         FTL::Location should treat the offset as an addend in the case of a Register location
546         https://bugs.webkit.org/show_bug.cgi?id=123062
547
548         Reviewed by Sam Weinig.
549
550         * ftl/FTLLocation.cpp:
551         (JSC::FTL::Location::forStackmaps):
552         (JSC::FTL::Location::dump):
553         (JSC::FTL::Location::restoreInto):
554         * ftl/FTLLocation.h:
555         (JSC::FTL::Location::forRegister):
556         (JSC::FTL::Location::hasAddend):
557         (JSC::FTL::Location::addend):
558
559 2013-10-19  Nadav Rotem  <nrotem@apple.com>
560
561         DFG dominators: document and rename stuff.
562         https://bugs.webkit.org/show_bug.cgi?id=123056
563
564         Reviewed by Filip Pizlo.
565
566         Documented the code and renamed some variables.
567
568         * dfg/DFGDominators.cpp:
569         (JSC::DFG::Dominators::compute):
570         (JSC::DFG::Dominators::pruneDominators):
571         * dfg/DFGDominators.h:
572
573 2013-10-19  Julien Brianceau  <jbriance@cisco.com>
574
575         Fix build failure for architectures with 4 argument registers.
576         https://bugs.webkit.org/show_bug.cgi?id=123060
577
578         Reviewed by Michael Saboff.
579
580         Add missing setupArgumentsWithExecState() prototypes for architecture with 4 argument registers.
581         Remove SH4 specific code no longer needed since callOperation prototype change in r157660.
582
583         * dfg/DFGSpeculativeJIT.h:
584         (JSC::DFG::SpeculativeJIT::callOperation):
585         * jit/CCallHelpers.h:
586         (JSC::CCallHelpers::setupArgumentsWithExecState):
587         * jit/JITInlines.h:
588         (JSC::JIT::callOperation):
589
590 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
591
592         Unreviewed, fix FTL build.
593
594         * ftl/FTLIntrinsicRepository.h:
595         * ftl/FTLLowerDFGToLLVM.cpp:
596         (JSC::FTL::LowerDFGToLLVM::compileGetById):
597
598 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
599
600         A CodeBlock's StructureStubInfos shouldn't be in a Vector that we search using code origins and machine code PCs
601         https://bugs.webkit.org/show_bug.cgi?id=122940
602
603         Reviewed by Oliver Hunt.
604         
605         This accomplishes a number of simplifications. StructureStubInfo is now non-moving,
606         whereas previously it was in a Vector, so it moved. This allows you to use pointers to
607         StructureStubInfo. This also eliminates the use of return PC as a way of finding the
608         StructureStubInfo's. It removes some of the need for the compile-time property access
609         records; for example the DFG no longer has to save information about registers in a
610         property access record only to later save it to the stub info.
611         
612         The main thing is accomplishes is that it makes it easier to add StructureStubInfo's
613         at any stage of compilation.
614
615         * bytecode/CodeBlock.cpp:
616         (JSC::CodeBlock::printGetByIdCacheStatus):
617         (JSC::CodeBlock::dumpBytecode):
618         (JSC::CodeBlock::~CodeBlock):
619         (JSC::CodeBlock::propagateTransitions):
620         (JSC::CodeBlock::finalizeUnconditionally):
621         (JSC::CodeBlock::addStubInfo):
622         (JSC::CodeBlock::getStubInfoMap):
623         (JSC::CodeBlock::shrinkToFit):
624         * bytecode/CodeBlock.h:
625         (JSC::CodeBlock::begin):
626         (JSC::CodeBlock::end):
627         (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
628         * bytecode/CodeOrigin.h:
629         (JSC::CodeOrigin::CodeOrigin):
630         (JSC::CodeOrigin::isHashTableDeletedValue):
631         (JSC::CodeOrigin::hash):
632         (JSC::CodeOriginHash::hash):
633         (JSC::CodeOriginHash::equal):
634         * bytecode/GetByIdStatus.cpp:
635         (JSC::GetByIdStatus::computeFor):
636         * bytecode/GetByIdStatus.h:
637         * bytecode/PutByIdStatus.cpp:
638         (JSC::PutByIdStatus::computeFor):
639         * bytecode/PutByIdStatus.h:
640         * bytecode/StructureStubInfo.h:
641         (JSC::getStructureStubInfoCodeOrigin):
642         * dfg/DFGByteCodeParser.cpp:
643         (JSC::DFG::ByteCodeParser::parseBlock):
644         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
645         * dfg/DFGJITCompiler.cpp:
646         (JSC::DFG::JITCompiler::link):
647         * dfg/DFGJITCompiler.h:
648         (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
649         (JSC::DFG::InRecord::InRecord):
650         * dfg/DFGSpeculativeJIT.cpp:
651         (JSC::DFG::SpeculativeJIT::compileIn):
652         * dfg/DFGSpeculativeJIT.h:
653         (JSC::DFG::SpeculativeJIT::callOperation):
654         * dfg/DFGSpeculativeJIT32_64.cpp:
655         (JSC::DFG::SpeculativeJIT::cachedGetById):
656         (JSC::DFG::SpeculativeJIT::cachedPutById):
657         * dfg/DFGSpeculativeJIT64.cpp:
658         (JSC::DFG::SpeculativeJIT::cachedGetById):
659         (JSC::DFG::SpeculativeJIT::cachedPutById):
660         * jit/CCallHelpers.h:
661         (JSC::CCallHelpers::setupArgumentsWithExecState):
662         * jit/JIT.cpp:
663         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
664         (JSC::JIT::privateCompile):
665         * jit/JIT.h:
666         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
667         * jit/JITInlines.h:
668         (JSC::JIT::callOperation):
669         * jit/JITOperations.cpp:
670         * jit/JITOperations.h:
671         * jit/JITPropertyAccess.cpp:
672         (JSC::JIT::emitSlow_op_get_by_id):
673         (JSC::JIT::emitSlow_op_put_by_id):
674         * jit/JITPropertyAccess32_64.cpp:
675         (JSC::JIT::emitSlow_op_get_by_id):
676         (JSC::JIT::emitSlow_op_put_by_id):
677         * jit/Repatch.cpp:
678         (JSC::appropriateGenericPutByIdFunction):
679         (JSC::appropriateListBuildingPutByIdFunction):
680         (JSC::resetPutByID):
681
682 2013-10-18  Oliver Hunt  <oliver@apple.com>
683
684         Spread operator should be performing direct "puts" and not triggering setters
685         https://bugs.webkit.org/show_bug.cgi?id=123047
686
687         Reviewed by Geoffrey Garen.
688
689         Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
690         to array construct.  This required a new PutByValDirect node to be introduced to
691         the DFG.  The current implementation simply changes the slow path function that
692         is called, but in future this could be made faster as it does not need to check
693         the prototype chain.
694
695         * bytecode/CodeBlock.cpp:
696         (JSC::CodeBlock::dumpBytecode):
697         (JSC::CodeBlock::CodeBlock):
698         * bytecode/Opcode.h:
699         (JSC::padOpcodeName):
700         * bytecompiler/BytecodeGenerator.cpp:
701         (JSC::BytecodeGenerator::emitDirectPutByVal):
702         * bytecompiler/BytecodeGenerator.h:
703         * bytecompiler/NodesCodegen.cpp:
704         (JSC::ArrayNode::emitBytecode):
705         * dfg/DFGAbstractInterpreterInlines.h:
706         (JSC::DFG::::executeEffects):
707         * dfg/DFGBackwardsPropagationPhase.cpp:
708         (JSC::DFG::BackwardsPropagationPhase::propagate):
709         * dfg/DFGByteCodeParser.cpp:
710         (JSC::DFG::ByteCodeParser::parseBlock):
711         * dfg/DFGCSEPhase.cpp:
712         (JSC::DFG::CSEPhase::getArrayLengthElimination):
713         (JSC::DFG::CSEPhase::getByValLoadElimination):
714         (JSC::DFG::CSEPhase::checkStructureElimination):
715         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
716         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
717         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
718         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
719         (JSC::DFG::CSEPhase::performNodeCSE):
720         * dfg/DFGCapabilities.cpp:
721         (JSC::DFG::capabilityLevel):
722         * dfg/DFGClobberize.h:
723         (JSC::DFG::clobberize):
724         * dfg/DFGFixupPhase.cpp:
725         (JSC::DFG::FixupPhase::fixupNode):
726         * dfg/DFGGraph.h:
727         (JSC::DFG::Graph::clobbersWorld):
728         * dfg/DFGNode.h:
729         (JSC::DFG::Node::hasArrayMode):
730         * dfg/DFGNodeType.h:
731         * dfg/DFGOperations.cpp:
732         (JSC::DFG::putByVal):
733         (JSC::DFG::operationPutByValInternal):
734         * dfg/DFGOperations.h:
735         * dfg/DFGPredictionPropagationPhase.cpp:
736         (JSC::DFG::PredictionPropagationPhase::propagate):
737         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
738         * dfg/DFGSafeToExecute.h:
739         (JSC::DFG::safeToExecute):
740         * dfg/DFGSpeculativeJIT32_64.cpp:
741         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
742         (JSC::DFG::SpeculativeJIT::compile):
743         * dfg/DFGSpeculativeJIT64.cpp:
744         (JSC::DFG::SpeculativeJIT::compile):
745         * dfg/DFGTypeCheckHoistingPhase.cpp:
746         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
747         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
748         * jit/JIT.cpp:
749         (JSC::JIT::privateCompileMainPass):
750         (JSC::JIT::privateCompileSlowCases):
751         * jit/JIT.h:
752         (JSC::JIT::compileDirectPutByVal):
753         * jit/JITOperations.cpp:
754         * jit/JITOperations.h:
755         * jit/JITPropertyAccess.cpp:
756         (JSC::JIT::emitSlow_op_put_by_val):
757         (JSC::JIT::privateCompilePutByVal):
758         * jit/JITPropertyAccess32_64.cpp:
759         (JSC::JIT::emitSlow_op_put_by_val):
760         * llint/LLIntSlowPaths.cpp:
761         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
762         * llint/LLIntSlowPaths.h:
763         * llint/LowLevelInterpreter32_64.asm:
764         * llint/LowLevelInterpreter64.asm:
765
766 2013-10-18  Daniel Bates  <dabates@apple.com>
767
768         [iOS] Export symbol for VM::sharedInstanceExists()
769         https://bugs.webkit.org/show_bug.cgi?id=123046
770
771         Reviewed by Mark Hahnenberg.
772
773         * runtime/VM.h:
774
775 2013-10-18  Daniel Bates  <dabates@apple.com>
776
777         [iOS] Upstream WebSafe{GCActivityCallback, IncrementalSweeper}IOS
778         https://bugs.webkit.org/show_bug.cgi?id=123049
779
780         Reviewed by Mark Hahnenberg.
781
782         * heap/Heap.cpp:
783         (JSC::Heap::setIncrementalSweeper):
784         * heap/Heap.h:
785         * heap/HeapTimer.h:
786         * heap/IncrementalSweeper.h: Make protected and export CF-variant of constructor.
787         Removed unused include of header RetainPtr.h. Also forward declare class MarkedBlock
788         (we include its header in the .cpp file) and remove include for header wtf/HashSet.h
789         (duplicates the include in the .cpp).
790         * heap/MachineStackMarker.h: Export function makeUsableFromMultipleThreads(). We aren't
791         making use of this now, but we'll make use of it in a subsequent patch.
792
793 2013-10-18  Anders Carlsson  <andersca@apple.com>
794
795         Remove spaces between template angle brackets
796         https://bugs.webkit.org/show_bug.cgi?id=123040
797
798         Reviewed by Andreas Kling.
799
800         * API/JSCallbackObject.cpp:
801         (JSC::::create):
802         * API/JSObjectRef.cpp:
803         * bytecode/CodeBlock.h:
804         (JSC::CodeBlock::constants):
805         (JSC::CodeBlock::setConstantRegisters):
806         * bytecode/DFGExitProfile.h:
807         * bytecode/EvalCodeCache.h:
808         * bytecode/Operands.h:
809         * bytecode/UnlinkedCodeBlock.h:
810         (JSC::UnlinkedCodeBlock::constantRegisters):
811         * bytecode/Watchpoint.h:
812         * bytecompiler/BytecodeGenerator.h:
813         * bytecompiler/StaticPropertyAnalysis.h:
814         * bytecompiler/StaticPropertyAnalyzer.h:
815         * dfg/DFGArgumentsSimplificationPhase.cpp:
816         * dfg/DFGBlockInsertionSet.h:
817         * dfg/DFGCSEPhase.cpp:
818         (JSC::DFG::performCSE):
819         (JSC::DFG::performStoreElimination):
820         * dfg/DFGCommonData.h:
821         * dfg/DFGDesiredStructureChains.h:
822         * dfg/DFGDesiredWatchpoints.h:
823         * dfg/DFGJITCompiler.h:
824         * dfg/DFGOSRExitCompiler32_64.cpp:
825         (JSC::DFG::OSRExitCompiler::compileExit):
826         * dfg/DFGOSRExitCompiler64.cpp:
827         (JSC::DFG::OSRExitCompiler::compileExit):
828         * dfg/DFGWorklist.h:
829         * heap/BlockAllocator.h:
830         (JSC::CopiedBlock):
831         (JSC::MarkedBlock):
832         (JSC::WeakBlock):
833         (JSC::MarkStackSegment):
834         (JSC::CopyWorkListSegment):
835         (JSC::HandleBlock):
836         * heap/Heap.h:
837         * heap/Local.h:
838         * heap/MarkedBlock.h:
839         * heap/Strong.h:
840         * jit/AssemblyHelpers.cpp:
841         (JSC::AssemblyHelpers::decodedCodeMapFor):
842         * jit/AssemblyHelpers.h:
843         * jit/SpecializedThunkJIT.h:
844         * parser/Nodes.h:
845         * parser/Parser.cpp:
846         (JSC::::parseIfStatement):
847         * parser/Parser.h:
848         (JSC::Scope::copyCapturedVariablesToVector):
849         (JSC::parse):
850         * parser/ParserArena.h:
851         * parser/SourceProviderCacheItem.h:
852         * profiler/LegacyProfiler.cpp:
853         (JSC::dispatchFunctionToProfiles):
854         * profiler/LegacyProfiler.h:
855         (JSC::LegacyProfiler::currentProfiles):
856         * profiler/ProfileNode.h:
857         (JSC::ProfileNode::children):
858         * profiler/ProfilerDatabase.h:
859         * runtime/Butterfly.h:
860         (JSC::Butterfly::contiguousInt32):
861         (JSC::Butterfly::contiguous):
862         * runtime/GenericTypedArrayViewInlines.h:
863         (JSC::::create):
864         * runtime/Identifier.h:
865         (JSC::Identifier::add):
866         * runtime/JSPromise.h:
867         * runtime/PropertyMapHashTable.h:
868         * runtime/PropertyNameArray.h:
869         * runtime/RegExpCache.h:
870         * runtime/SparseArrayValueMap.h:
871         * runtime/SymbolTable.h:
872         * runtime/VM.h:
873         * tools/CodeProfile.cpp:
874         (JSC::truncateTrace):
875         * tools/CodeProfile.h:
876         * yarr/YarrInterpreter.cpp:
877         * yarr/YarrInterpreter.h:
878         (JSC::Yarr::BytecodePattern::BytecodePattern):
879         * yarr/YarrJIT.cpp:
880         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
881         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
882         (JSC::Yarr::YarrGenerator::opCompileBody):
883         * yarr/YarrPattern.cpp:
884         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
885         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
886         * yarr/YarrPattern.h:
887
888 2013-10-18  Mark Lam  <mark.lam@apple.com>
889
890         Remove excess reserved space in ctiTrampoline frames for X86 and X86_64.
891         https://bugs.webkit.org/show_bug.cgi?id=123037.
892
893         Reviewed by Geoffrey Garen.
894
895         * jit/JITStubsMSVC64.asm:
896         * jit/JITStubsX86.h:
897         * jit/JITStubsX86_64.h:
898
899 2013-10-18  Filip Pizlo  <fpizlo@apple.com>
900
901         Frequent RELEASE_ASSERT crashes in Structure::checkOffsetConsistency on WebGL swizzler tests
902         https://bugs.webkit.org/show_bug.cgi?id=121661
903
904         Reviewed by Mark Hahnenberg.
905         
906         This method shouldn't have been called from the concurrent JIT thread. That's hard to prevent
907         so I added a return-early check using isCompilationThread().
908         
909         Here's why this makes sense. Structure has two ways to tell you about the layout of the objects
910         it is describing: m_offset and the property table. Most structures only have m_offset and report
911         null for the property table. If the property table is there, it will tell you additional
912         information and that information subsumes m_offset - but the m_offset is still there. So, when
913         we have a property table, we have to keep it in sync with the m_offset. There is a bunch of
914         machinery to do this.
915         
916         Changing the property table only happens on the main thread.
917         
918         Because the machinery to change the property table is so complex, especially with respect to
919         keeping it in sync with m_offset, we have the checkOffsetConsistency method. It's meant to be
920         called at key points before and after changes to the property table or the offset.
921
922         Most clients of Structure who care about object layout, including the concurrent thread, will
923         want to know m_offset and not the property table. If they want the property table, they will
924         already be super careful. The concurrent thread has special methods for this, like
925         Structure::getConcurrently(), which uses fine-grained locking to ensure that it sees a coherent
926         view of the property table.
927         
928         Adding locking to checkOffsetConsistency() is probably a bad idea since that method may be
929         called when the relevant lock is already held. So, we'd have awkward recursive locking issues.
930         
931         But right now, the concurrent JIT thread may call a method, like Structure::outOfLineCapacity(),
932         which has a call to checkOffsetConsistency(). The call to checkOffsetConsistency() is there
933         because we have found that it helps quickly identify situations where the property table and
934         m_offset get out of sync - mainly because code that changes either of those things will usually
935         also want to know the outOfLineCapacity(). But Structure::outOfLineCapacity() doesn't *actually*
936         need the property table; it uses the m_offset. The concurrent JIT is correct to call
937         outOfLineCapacity(), and is right to do so without holding any locks (since in all cases where
938         it calls outOfLineCapacity() it has already proven that m_offset is immutable). But because
939         outOfLineCapacity() calls checkOffsetConsistency(), and checkOffsetConsistency() doesn't grab
940         locks, and that same structure is having its property table modified by the main thread, we end
941         up with these spurious assertion failures. FWIW, the structure isn't *actually* having *its*
942         property table modified - instead what happens is that some downstream structure steals the
943         property table and then starts adding things to it. The concurrent thread loads the property
944         table before it's stolen, and hence the badness.
945         
946         I suspect there are other code paths that lead to the concurrent JIT calling some Structure
947         method that it is fine and safe to call, but then that method calls checkOffsetConsistency(),
948         and then you have a possible crash.
949         
950         The most sensible solution to this appears to be to make sure that checkOffsetConsistency() is
951         aware of its uselessness to the concurrent JIT thread. This change makes it return early if
952         it's in the concurrent JIT.
953         
954         * runtime/StructureInlines.h:
955         (JSC::Structure::checkOffsetConsistency):
956
957 2013-10-18  Daniel Bates  <dabates@apple.com>
958
959         Add SPI to disable the garbage collector timer
960         https://bugs.webkit.org/show_bug.cgi?id=122921
961
962         Add null check to Heap::setGarbageCollectionTimerEnabled() that I inadvertently
963         omitted.
964
965         * heap/Heap.cpp:
966         (JSC::Heap::setGarbageCollectionTimerEnabled):
967
968 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
969
970         Group 64-bit specific and 32-bit specific callOperation implementations.
971         https://bugs.webkit.org/show_bug.cgi?id=123024
972
973         Reviewed by Michael Saboff.
974
975         This is not a big deal, but could be less confusing when reading the code.
976
977         * jit/JITInlines.h:
978         (JSC::JIT::callOperation):
979         (JSC::JIT::callOperationWithCallFrameRollbackOnException):
980         (JSC::JIT::callOperationNoExceptionCheck):
981
982 2013-10-18  Nadav Rotem  <nrotem@apple.com>
983
984         Fix a FlushLiveness problem.
985         https://bugs.webkit.org/show_bug.cgi?id=122984
986
987         Reviewed by Filip Pizlo.
988
989         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
990         (JSC::DFG::FlushLivenessAnalysisPhase::process):
991
992 2013-10-18  Michael Saboff  <msaboff@apple.com>
993
994         Change native function call stubs to use JIT operations instead of ctiVMHandleException
995         https://bugs.webkit.org/show_bug.cgi?id=122982
996
997         Reviewed by Geoffrey Garen.
998
999         Change ctiVMHandleException to operationVMHandleException.  Change all exception operations to
1000         return the catch callFrame and entryPC via vm.callFrameForThrow and vm.targetMachinePCForThrow.
1001         This removed calling convention headaches, fixing https://bugs.webkit.org/show_bug.cgi?id=122980
1002         in the process.
1003
1004         * dfg/DFGJITCompiler.cpp:
1005         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1006         * jit/CCallHelpers.h:
1007         (JSC::CCallHelpers::jumpToExceptionHandler):
1008         * jit/JIT.cpp:
1009         (JSC::JIT::privateCompileExceptionHandlers):
1010         * jit/JIT.h:
1011         * jit/JITExceptions.cpp:
1012         (JSC::genericUnwind):
1013         * jit/JITExceptions.h:
1014         * jit/JITInlines.h:
1015         (JSC::JIT::callOperationNoExceptionCheck):
1016         * jit/JITOpcodes.cpp:
1017         (JSC::JIT::emit_op_throw):
1018         * jit/JITOpcodes32_64.cpp:
1019         (JSC::JIT::privateCompileCTINativeCall):
1020         (JSC::JIT::emit_op_throw):
1021         * jit/JITOperations.cpp:
1022         * jit/JITOperations.h:
1023         * jit/JITStubs.cpp:
1024         * jit/JITStubs.h:
1025         * jit/JITStubsARM.h:
1026         * jit/JITStubsARM64.h:
1027         * jit/JITStubsARMv7.h:
1028         * jit/JITStubsMIPS.h:
1029         * jit/JITStubsMSVC64.asm:
1030         * jit/JITStubsSH4.h:
1031         * jit/JITStubsX86.h:
1032         * jit/JITStubsX86_64.h:
1033         * jit/Repatch.cpp:
1034         (JSC::tryBuildGetByIDList):
1035         * jit/SlowPathCall.h:
1036         (JSC::JITSlowPathCall::call):
1037         * jit/ThunkGenerators.cpp:
1038         (JSC::throwExceptionFromCallSlowPathGenerator):
1039         (JSC::nativeForGenerator):
1040         * runtime/VM.h:
1041         (JSC::VM::callFrameForThrowOffset):
1042         (JSC::VM::targetMachinePCForThrowOffset):
1043
1044 2013-10-18  Julien Brianceau  <jbriance@cisco.com>
1045
1046         Fix J_JITOperation_EAapJ call for MIPS and ARM EABI.
1047         https://bugs.webkit.org/show_bug.cgi?id=123023
1048
1049         Reviewed by Michael Saboff.
1050
1051         * jit/JITInlines.h:
1052         (JSC::JIT::callOperation): EncodedJSValue parameter do not need alignment
1053         using EABI_32BIT_DUMMY_ARG here.
1054
1055 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1056
1057         Unreviewed, another ARM64 build fix.
1058         
1059         Get rid of andPtr(TrustedImmPtr, blah), since it would take Effort to get it to work
1060         on ARM64 and none of its uses are legit - they should all be using
1061         andPtr(TrustedImm32, blah) anyway.
1062
1063         * assembler/MacroAssembler.h:
1064         * assembler/MacroAssemblerARM64.h:
1065         * dfg/DFGJITCompiler.cpp:
1066         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1067         * jit/JIT.cpp:
1068         (JSC::JIT::privateCompileExceptionHandlers):
1069
1070 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1071
1072         Unreviewed, speculative ARM64 build fix.
1073         
1074         move(ImmPtr, blah) is only available in MacroAssembler since that's where blinding is
1075         implemented. So, you have to use TrustedImmPtr in the superclasses.
1076
1077         * assembler/MacroAssemblerARM64.h:
1078         (JSC::MacroAssemblerARM64::store8):
1079         (JSC::MacroAssemblerARM64::branchTest8):
1080
1081 2013-10-17  Filip Pizlo  <fpizlo@apple.com>
1082
1083         Unreviewed, speculative ARM build fix.
1084         https://bugs.webkit.org/show_bug.cgi?id=122890
1085         <rdar://problem/15258624>
1086
1087         * assembler/ARM64Assembler.h:
1088         (JSC::ARM64Assembler::firstRegister):
1089         (JSC::ARM64Assembler::lastRegister):
1090         (JSC::ARM64Assembler::firstFPRegister):
1091         (JSC::ARM64Assembler::lastFPRegister):
1092         * assembler/MacroAssemblerARM64.h:
1093         * assembler/MacroAssemblerARMv7.h:
1094
1095 2013-10-17  Andreas Kling  <akling@apple.com>
1096
1097         Pass VM instead of JSGlobalObject to JSONObject constructor.
1098         <https://webkit.org/b/122999>
1099
1100         JSONObject was only use the JSGlobalObject to grab at the VM.
1101         Dodge a few loads by passing the VM directly instead.
1102
1103         Reviewed by Geoffrey Garen.
1104
1105         * runtime/JSONObject.cpp:
1106         (JSC::JSONObject::JSONObject):
1107         (JSC::JSONObject::finishCreation):
1108         * runtime/JSONObject.h:
1109         (JSC::JSONObject::create):
1110
1111 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1112
1113         Removed the JITStackFrame struct
1114         https://bugs.webkit.org/show_bug.cgi?id=123001
1115
1116         Reviewed by Anders Carlsson.
1117
1118         * jit/JITStubs.h: JITStackFrame and JITStubArg are unused now, since all
1119         our helper functions obey the C function call ABI.
1120
1121 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1122
1123         Removed an unused #define
1124         https://bugs.webkit.org/show_bug.cgi?id=123000
1125
1126         Reviewed by Anders Carlsson.
1127
1128         * jit/JITStubs.h: Removed the concept of JITSTACKFRAME_ARGS_INDEX,
1129         since it is unused now. This is a step toward using the C stack.
1130
1131 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1132
1133         Eliminate uses of JITSTACKFRAME_ARGS_INDEX as scratch area for thunks
1134         https://bugs.webkit.org/show_bug.cgi?id=122973
1135
1136         Reviewed by Michael Saboff.
1137
1138         * jit/ThunkGenerators.cpp:
1139         (JSC::throwExceptionFromCallSlowPathGenerator): This was all dead code,
1140         so I removed it.
1141
1142         The code acted as if it needed to pass an argument to
1143         lookupExceptionHandler, and as if it passed that argument to itself
1144         through JITStackFrame. However, lookupExceptionHandler does not take
1145         an argument (other than the default ExecState argument), and the code
1146         did not initialize the thing that it thought it passed to itself!
1147
1148 2013-10-17  Alex Christensen  <achristensen@webkit.org>
1149
1150         Run JavaScriptCore tests again on Windows.
1151         https://bugs.webkit.org/show_bug.cgi?id=122787
1152
1153         Reviewed by Tim Horton.
1154
1155         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
1156         * jit/JITStubsMSVC64.asm: Removed reference to cti_vm_throw unused since r157581.
1157
1158 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1159
1160         Removed restoreArgumentReference (another use of JITStackFrame)
1161         https://bugs.webkit.org/show_bug.cgi?id=122997
1162
1163         Reviewed by Oliver Hunt.
1164
1165         * jit/JSInterfaceJIT.h: Removed an unused function. This is a step
1166         toward using the C stack.
1167
1168 2013-10-17  Oliver Hunt  <oliver@apple.com>
1169
1170         Remove JITStubCall.h
1171         https://bugs.webkit.org/show_bug.cgi?id=122991
1172
1173         Reviewed by Geoff Garen.
1174
1175         Happily this is no longer used
1176
1177         * GNUmakefile.list.am:
1178         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1179         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1180         * JavaScriptCore.xcodeproj/project.pbxproj:
1181         * jit/JIT.cpp:
1182         * jit/JITArithmetic.cpp:
1183         * jit/JITArithmetic32_64.cpp:
1184         * jit/JITCall.cpp:
1185         * jit/JITCall32_64.cpp:
1186         * jit/JITOpcodes.cpp:
1187         * jit/JITOpcodes32_64.cpp:
1188         * jit/JITPropertyAccess.cpp:
1189         * jit/JITPropertyAccess32_64.cpp:
1190         * jit/JITStubCall.h: Removed.
1191
1192 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1193
1194         Removed a use of JITSTACKFRAME_ARGS_INDEX
1195         https://bugs.webkit.org/show_bug.cgi?id=122989
1196
1197         Reviewed by Oliver Hunt.
1198
1199         * jit/JITStubCall.h: Removed an unused function. This is one step closer
1200         to using the C stack.
1201
1202 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1203
1204         Change emit_op_catch to use another method to materialize VM
1205         https://bugs.webkit.org/show_bug.cgi?id=122977
1206
1207         Reviewed by Oliver Hunt.
1208
1209         * jit/JITOpcodes.cpp:
1210         (JSC::JIT::emit_op_catch):
1211         * jit/JITOpcodes32_64.cpp:
1212         (JSC::JIT::emit_op_catch): Use a constant. It removes our dependency
1213         on JITStackFrame. It is also faster and simpler.
1214
1215 2013-10-17  Geoffrey Garen  <ggaren@apple.com>
1216
1217         Eliminate emitGetJITStubArg() - dead code
1218         https://bugs.webkit.org/show_bug.cgi?id=122975
1219
1220         Reviewed by Anders Carlsson.
1221
1222         * jit/JIT.h:
1223         * jit/JITInlines.h: Removed unused, deprecated function.
1224
1225 2013-10-17  Mark Lam  <mark.lam@apple.com>
1226
1227         Eliminate all ASSERT references to OBJECT_OFFSETOF(struct JITStackFrame,...) in JITStubsXXX.h.
1228         https://bugs.webkit.org/show_bug.cgi?id=122979.
1229
1230         Reviewed by Michael Saboff.
1231
1232         * jit/JITStubs.cpp:
1233         * jit/JITStubs.h:
1234         * jit/JITStubsARM.h:
1235         * jit/JITStubsARM64.h:
1236         * jit/JITStubsARMv7.h:
1237         * jit/JITStubsMIPS.h:
1238         * jit/JITStubsSH4.h:
1239         * jit/JITStubsX86.h:
1240         * jit/JITStubsX86_64.h:
1241         * runtime/VM.cpp:
1242         (JSC::VM::VM):
1243
1244 2013-10-17  Michael Saboff  <msaboff@apple.com>
1245
1246         Remove saving callFrameRegister to JITStackFrame in JITCompiler::compileFunction()
1247         https://bugs.webkit.org/show_bug.cgi?id=122974
1248
1249         Reviewed by Geoffrey Garen.
1250
1251         Eliminated unneeded storing to JITStackFrame.
1252
1253         * dfg/DFGJITCompiler.cpp:
1254         (JSC::DFG::JITCompiler::compileFunction):
1255
1256 2013-10-17  Michael Saboff  <msaboff@apple.com>
1257
1258         Transition cti_op_throw and cti_vm_throw to a JIT operation
1259         https://bugs.webkit.org/show_bug.cgi?id=122931
1260
1261         Reviewed by Filip Pizlo.
1262
1263         Moved cti_op_throw to operationThrow.  Made the caller responsible for jumping to the
1264         catch handler.  Eliminated cti_op_throw_static_error, cti_vm_throw, ctiVMThrowTrampoline()
1265         and their callers as it is now dead code.  There is some work needed on the Microsoft X86
1266         callOperation to handle the need to provide space for structure return value.
1267
1268         * jit/JIT.h:
1269         * jit/JITInlines.h:
1270         (JSC::JIT::callOperation):
1271         * jit/JITOpcodes.cpp:
1272         (JSC::JIT::emit_op_throw):
1273         * jit/JITOpcodes32_64.cpp:
1274         (JSC::JIT::emit_op_throw):
1275         (JSC::JIT::emit_op_catch):
1276         * jit/JITOperations.cpp:
1277         * jit/JITOperations.h:
1278         * jit/JITStubs.cpp:
1279         * jit/JITStubs.h:
1280         * jit/JITStubsARM.h:
1281         * jit/JITStubsARM64.h:
1282         * jit/JITStubsARMv7.h:
1283         * jit/JITStubsMIPS.h:
1284         * jit/JITStubsMSVC64.asm:
1285         * jit/JITStubsSH4.h:
1286         * jit/JITStubsX86.h:
1287         * jit/JITStubsX86_64.h:
1288         * jit/JSInterfaceJIT.h:
1289
1290 2013-10-17  Mark Lam  <mark.lam@apple.com>
1291
1292         Remove JITStackFrame references in the C Loop LLINT.
1293         https://bugs.webkit.org/show_bug.cgi?id=122950.
1294
1295         Reviewed by Michael Saboff.
1296
1297         * jit/JITStubs.h:
1298         * llint/LowLevelInterpreter.cpp:
1299         (JSC::CLoop::execute):
1300         * offlineasm/cloop.rb:
1301
1302 2013-10-17  Mark Lam  <mark.lam@apple.com>
1303
1304         Remove JITStackFrame references in JIT probes.
1305         https://bugs.webkit.org/show_bug.cgi?id=122947.
1306
1307         Reviewed by Michael Saboff.
1308
1309         * assembler/MacroAssemblerARM.cpp:
1310         (JSC::MacroAssemblerARM::ProbeContext::dump):
1311         * assembler/MacroAssemblerARM.h:
1312         * assembler/MacroAssemblerARMv7.cpp:
1313         (JSC::MacroAssemblerARMv7::ProbeContext::dump):
1314         * assembler/MacroAssemblerARMv7.h:
1315         * assembler/MacroAssemblerX86Common.cpp:
1316         (JSC::MacroAssemblerX86Common::ProbeContext::dump):
1317         * assembler/MacroAssemblerX86Common.h:
1318         * jit/JITStubsARM.h:
1319         * jit/JITStubsARMv7.h:
1320         * jit/JITStubsX86.h:
1321         * jit/JITStubsX86Common.h:
1322         * jit/JITStubsX86_64.h:
1323
1324 2013-10-17  Julien Brianceau  <jbriance@cisco.com>
1325
1326         Fix build when NUMBER_OF_ARGUMENT_REGISTERS == 4.
1327         https://bugs.webkit.org/show_bug.cgi?id=122949
1328
1329         Reviewed by Andreas Kling.
1330
1331         * jit/CCallHelpers.h:
1332         (JSC::CCallHelpers::setupArgumentsWithExecState):
1333
1334 2013-10-16  Mark Lam  <mark.lam@apple.com>
1335
1336         Transition remaining op_get* JITStubs to JIT operations.
1337         https://bugs.webkit.org/show_bug.cgi?id=122925.
1338
1339         Reviewed by Geoffrey Garen.
1340
1341         Transitioning:
1342             cti_op_get_by_id_generic
1343             cti_op_get_by_val
1344             cti_op_get_by_val_generic
1345             cti_op_get_by_val_string
1346
1347         * dfg/DFGOperations.cpp:
1348         * dfg/DFGOperations.h:
1349         * jit/JIT.h:
1350         * jit/JITInlines.h:
1351         (JSC::JIT::callOperation):
1352         * jit/JITOpcodes.cpp:
1353         (JSC::JIT::emitSlow_op_get_arguments_length):
1354         (JSC::JIT::emitSlow_op_get_argument_by_val):
1355         * jit/JITOpcodes32_64.cpp:
1356         (JSC::JIT::emitSlow_op_get_arguments_length):
1357         (JSC::JIT::emitSlow_op_get_argument_by_val):
1358         * jit/JITOperations.cpp:
1359         * jit/JITOperations.h:
1360         * jit/JITPropertyAccess.cpp:
1361         (JSC::JIT::emitSlow_op_get_by_val):
1362         (JSC::JIT::emitSlow_op_get_by_pname):
1363         (JSC::JIT::privateCompileGetByVal):
1364         * jit/JITPropertyAccess32_64.cpp:
1365         (JSC::JIT::emitSlow_op_get_by_val):
1366         (JSC::JIT::emitSlow_op_get_by_pname):
1367         * jit/JITStubs.cpp:
1368         * jit/JITStubs.h:
1369         * runtime/Executable.cpp:
1370         (JSC::setupLLInt): Added some UNUSED_PARAMs to fix the no LLINT build.
1371         * runtime/Options.cpp:
1372         (JSC::Options::initialize):
1373
1374 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1375
1376         Introduce WTF::Bag and start using it for InlineCallFrameSet
1377         https://bugs.webkit.org/show_bug.cgi?id=122941
1378
1379         Reviewed by Geoffrey Garen.
1380         
1381         Use Bag for InlineCallFrameSet. If this works out then I'll make other
1382         SegmentedVectors into Bags as well.
1383
1384         * bytecode/InlineCallFrameSet.cpp:
1385         (JSC::InlineCallFrameSet::add):
1386         * bytecode/InlineCallFrameSet.h:
1387         (JSC::InlineCallFrameSet::begin):
1388         (JSC::InlineCallFrameSet::end):
1389         * dfg/DFGArgumentsSimplificationPhase.cpp:
1390         (JSC::DFG::ArgumentsSimplificationPhase::run):
1391         * dfg/DFGJITCompiler.cpp:
1392         (JSC::DFG::JITCompiler::link):
1393         * dfg/DFGStackLayoutPhase.cpp:
1394         (JSC::DFG::StackLayoutPhase::run):
1395         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1396         (JSC::DFG::VirtualRegisterAllocationPhase::run):
1397
1398 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1399
1400         libllvmForJSC shouldn't call exit(1) on report_fatal_error()
1401         https://bugs.webkit.org/show_bug.cgi?id=122905
1402         <rdar://problem/15237856>
1403
1404         Reviewed by Michael Saboff.
1405         
1406         Expose the new LLVMInstallFatalErrorHandler() API through the soft linking magic and
1407         then always call it to install something that calls CRASH().
1408
1409         * llvm/InitializeLLVM.cpp:
1410         (JSC::llvmCrash):
1411         (JSC::initializeLLVMOnce):
1412         (JSC::initializeLLVM):
1413         * llvm/LLVMAPIFunctions.h:
1414
1415 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1416
1417         Prototype chain repatching in the polymorphic case fails to check if the receiver is a dictionary
1418         https://bugs.webkit.org/show_bug.cgi?id=122938
1419
1420         Reviewed by Sam Weinig.
1421         
1422         This fixes jsc-layout-tests.yaml/js/script-tests/dictionary-prototype-caching.js.layout-no-llint.
1423
1424         * jit/Repatch.cpp:
1425         (JSC::tryBuildGetByIDList):
1426
1427 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1428
1429         JIT::appendCall() needs to killLastResultRegister() or equivalent since there's some really bad code that expects it
1430         https://bugs.webkit.org/show_bug.cgi?id=122937
1431
1432         Reviewed by Geoffrey Garen.
1433         
1434         JITStubCall used to do it.
1435         
1436         This makes mozilla-tests.yaml/ecma/Statements/12.10-1.js.mozilla-baseline pass.
1437
1438         * jit/JIT.h:
1439         (JSC::JIT::appendCall):
1440
1441 2013-10-16  Michael Saboff  <msaboff@apple.com>
1442
1443         transition void cti_op_put_by_val* stubs to JIT operations
1444         https://bugs.webkit.org/show_bug.cgi?id=122903
1445
1446         Reviewed by Geoffrey Garen.
1447
1448         Transitioned cti_op_put_by_val and cti_op_put_by_val_generic to operationPutByVal and
1449         operationPutByValGeneric.
1450
1451         * jit/CCallHelpers.h:
1452         (JSC::CCallHelpers::setupArgumentsWithExecState):
1453         * jit/JIT.h:
1454         * jit/JITInlines.h:
1455         (JSC::JIT::callOperation):
1456         * jit/JITOperations.cpp:
1457         * jit/JITOperations.h:
1458         * jit/JITPropertyAccess.cpp:
1459         (JSC::JIT::emitSlow_op_put_by_val):
1460         (JSC::JIT::privateCompilePutByVal):
1461         * jit/JITPropertyAccess32_64.cpp:
1462         (JSC::JIT::emitSlow_op_put_by_val):
1463         * jit/JITStubs.cpp:
1464         * jit/JITStubs.h:
1465         * jit/JSInterfaceJIT.h:
1466
1467 2013-10-16  Oliver Hunt  <oliver@apple.com>
1468
1469         Implement ES6 spread operator
1470         https://bugs.webkit.org/show_bug.cgi?id=122911
1471
1472         Reviewed by Michael Saboff.
1473
1474         Implement the ES6 spread operator
1475
1476         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1477         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1478         driven.
1479
1480         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1481         and actually handling the spread.
1482
1483         * bytecompiler/BytecodeGenerator.cpp:
1484         (JSC::BytecodeGenerator::emitNewArray):
1485         (JSC::BytecodeGenerator::emitCall):
1486         (JSC::BytecodeGenerator::emitEnumeration):
1487         * bytecompiler/BytecodeGenerator.h:
1488         * bytecompiler/NodesCodegen.cpp:
1489         (JSC::ArrayNode::emitBytecode):
1490         (JSC::ForOfNode::emitBytecode):
1491         (JSC::SpreadExpressionNode::emitBytecode):
1492         * parser/ASTBuilder.h:
1493         (JSC::ASTBuilder::createSpreadExpression):
1494         * parser/Lexer.cpp:
1495         (JSC::::lex):
1496         * parser/NodeConstructors.h:
1497         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1498         * parser/Nodes.h:
1499         (JSC::ExpressionNode::isSpreadExpression):
1500         (JSC::SpreadExpressionNode::expression):
1501         * parser/Parser.cpp:
1502         (JSC::::parseArrayLiteral):
1503         (JSC::::parseArguments):
1504         (JSC::::parseMemberExpression):
1505         * parser/Parser.h:
1506         (JSC::Parser::getTokenName):
1507         (JSC::Parser::updateErrorMessageSpecialCase):
1508         * parser/ParserTokens.h:
1509         * parser/SyntaxChecker.h:
1510         (JSC::SyntaxChecker::createSpreadExpression):
1511
1512 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1513
1514         Add a useLLInt option to jsc
1515         https://bugs.webkit.org/show_bug.cgi?id=122930
1516
1517         Reviewed by Geoffrey Garen.
1518
1519         * runtime/Executable.cpp:
1520         (JSC::setupLLInt):
1521         (JSC::setupJIT):
1522         (JSC::ScriptExecutable::prepareForExecutionImpl):
1523         * runtime/Options.h:
1524
1525 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1526
1527         Build fix.
1528
1529         Forgot to svn add DeferGC.cpp
1530
1531         * heap/DeferGC.cpp: Added.
1532
1533 2013-10-16  Filip Pizlo  <fpizlo@apple.com>
1534
1535         r157411 fails run-javascriptcore-tests when run with Baseline JIT
1536         https://bugs.webkit.org/show_bug.cgi?id=122902
1537
1538         Reviewed by Mark Hahnenberg.
1539         
1540         It turns out that this was a long-standing bug in the DFG PutById repatching logic. It's
1541         not legal to patch if the typeInfo tells you that you can't patch. The old JIT's patching
1542         logic did this right, and the DFG's GetById patching logic did it right; but DFG PutById
1543         didn't. Turns out that there's even a helpful method,
1544         Structure::propertyAccessesAreCacheable(), that will even do all of the checks for you!
1545
1546         * jit/Repatch.cpp:
1547         (JSC::tryCachePutByID):
1548
1549 2013-10-16  Mark Hahnenberg  <mhahnenberg@apple.com>
1550
1551         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
1552         https://bugs.webkit.org/show_bug.cgi?id=122667
1553
1554         Reviewed by Geoffrey Garen.
1555
1556         The issue this patch is attempting to fix is that there are places in our codebase
1557         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
1558         operations that can initiate a garbage collection. Garbage collection then calls 
1559         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
1560         always necessarily run during garbage collection). This causes a deadlock.
1561  
1562         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
1563         into a thread-local field that indicates that it is unsafe to perform any operation 
1564         that could trigger garbage collection on the current thread. In debug builds, 
1565         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
1566         detect deadlocks.
1567  
1568         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
1569         which uses the DeferGC mechanism to prevent collections from occurring while the 
1570         lock is held.
1571
1572         * CMakeLists.txt:
1573         * GNUmakefile.list.am:
1574         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1575         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1576         * JavaScriptCore.xcodeproj/project.pbxproj:
1577         * heap/DeferGC.h:
1578         (JSC::DisallowGC::DisallowGC):
1579         (JSC::DisallowGC::~DisallowGC):
1580         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
1581         (JSC::DisallowGC::initialize):
1582         * jit/Repatch.cpp:
1583         (JSC::repatchPutByID):
1584         (JSC::buildPutByIdList):
1585         * llint/LLIntSlowPaths.cpp:
1586         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1587         * runtime/ConcurrentJITLock.h:
1588         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
1589         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
1590         (JSC::ConcurrentJITLockerBase::unlockEarly):
1591         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
1592         (JSC::GCSafeConcurrentJITLocker::~GCSafeConcurrentJITLocker):
1593         (JSC::GCSafeConcurrentJITLocker::NoDefer::NoDefer):
1594         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
1595         * runtime/InitializeThreading.cpp:
1596         (JSC::initializeThreadingOnce):
1597         * runtime/JSCellInlines.h:
1598         (JSC::allocateCell):
1599         * runtime/JSSymbolTableObject.h:
1600         (JSC::symbolTablePut):
1601         * runtime/Structure.cpp: materializePropertyMapIfNecessary* now has a problem in that it
1602         can start a garbage collection when the GCSafeConcurrentJITLocker goes out of scope, but 
1603         before the caller has a chance to use the newly created PropertyTable. The garbage collection
1604         clears the PropertyTable, and then the caller uses it assuming it's valid. To avoid this,
1605         we must DeferGC until the caller is done getting the newly materialized PropertyTable from 
1606         the Structure.
1607         (JSC::Structure::materializePropertyMap):
1608         (JSC::Structure::despecifyDictionaryFunction):
1609         (JSC::Structure::changePrototypeTransition):
1610         (JSC::Structure::despecifyFunctionTransition):
1611         (JSC::Structure::attributeChangeTransition):
1612         (JSC::Structure::toDictionaryTransition):
1613         (JSC::Structure::preventExtensionsTransition):
1614         (JSC::Structure::takePropertyTableOrCloneIfPinned):
1615         (JSC::Structure::isSealed):
1616         (JSC::Structure::isFrozen):
1617         (JSC::Structure::addPropertyWithoutTransition):
1618         (JSC::Structure::removePropertyWithoutTransition):
1619         (JSC::Structure::get):
1620         (JSC::Structure::despecifyFunction):
1621         (JSC::Structure::despecifyAllFunctions):
1622         (JSC::Structure::putSpecificValue):
1623         (JSC::Structure::createPropertyMap):
1624         (JSC::Structure::getPropertyNamesFromStructure):
1625         * runtime/Structure.h:
1626         (JSC::Structure::materializePropertyMapIfNecessary):
1627         (JSC::Structure::materializePropertyMapIfNecessaryForPinning):
1628         * runtime/StructureInlines.h:
1629         (JSC::Structure::get):
1630         * runtime/SymbolTable.h:
1631         (JSC::SymbolTable::find):
1632         (JSC::SymbolTable::end):
1633
1634 2013-10-16  Daniel Bates  <dabates@apple.com>
1635
1636         Add SPI to disable the garbage collector timer
1637         https://bugs.webkit.org/show_bug.cgi?id=122921
1638
1639         Reviewed by Geoffrey Garen.
1640
1641         Based on a patch by Mark Hahnenberg.
1642
1643         * API/JSBase.cpp:
1644         (JSDisableGCTimer): Added; SPI function.
1645         * API/JSBasePrivate.h:
1646         * heap/BlockAllocator.cpp:
1647         (JSC::createBlockFreeingThread): Added.
1648         (JSC::BlockAllocator::BlockAllocator): Modified to use JSC::createBlockFreeingThread()
1649         to conditionally create the "block freeing" thread depending on the value of
1650         GCActivityCallback::s_shouldCreateGCTimer.
1651         (JSC::BlockAllocator::~BlockAllocator):
1652         * heap/BlockAllocator.h:
1653         (JSC::BlockAllocator::deallocate):
1654         * heap/Heap.cpp:
1655         (JSC::Heap::didAbandon):
1656         (JSC::Heap::collect):
1657         (JSC::Heap::didAllocate):
1658         * heap/HeapTimer.cpp:
1659         (JSC::HeapTimer::timerDidFire):
1660         * runtime/GCActivityCallback.cpp:
1661         * runtime/GCActivityCallback.h:
1662         (JSC::DefaultGCActivityCallback::create): Only instantiate a DefaultGCActivityCallback object
1663         when GCActivityCallback::s_shouldCreateGCTimer is true so as to prevent allocating a HeapTimer
1664         object (since DefaultGCActivityCallback ultimately extends HeapTimer).
1665
1666 2013-10-16  Commit Queue  <commit-queue@webkit.org>
1667
1668         Unreviewed, rolling out r157529.
1669         http://trac.webkit.org/changeset/157529
1670         https://bugs.webkit.org/show_bug.cgi?id=122919
1671
1672         Caused score test failures and some build failures. (Requested
1673         by rfong on #webkit).
1674
1675         * bytecompiler/BytecodeGenerator.cpp:
1676         (JSC::BytecodeGenerator::emitNewArray):
1677         (JSC::BytecodeGenerator::emitCall):
1678         (JSC::BytecodeGenerator::emitReadOnlyExceptionIfNeeded):
1679         * bytecompiler/BytecodeGenerator.h:
1680         * bytecompiler/NodesCodegen.cpp:
1681         (JSC::ArrayNode::emitBytecode):
1682         (JSC::CallArguments::CallArguments):
1683         (JSC::ForOfNode::emitBytecode):
1684         (JSC::BindingNode::collectBoundIdentifiers):
1685         * parser/ASTBuilder.h:
1686         * parser/Lexer.cpp:
1687         (JSC::::lex):
1688         * parser/NodeConstructors.h:
1689         (JSC::DotAccessorNode::DotAccessorNode):
1690         * parser/Nodes.h:
1691         * parser/Parser.cpp:
1692         (JSC::::parseArrayLiteral):
1693         (JSC::::parseArguments):
1694         (JSC::::parseMemberExpression):
1695         * parser/Parser.h:
1696         (JSC::Parser::getTokenName):
1697         (JSC::Parser::updateErrorMessageSpecialCase):
1698         * parser/ParserTokens.h:
1699         * parser/SyntaxChecker.h:
1700
1701 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1702
1703         Remove useless architecture specific implementation in DFG.
1704         https://bugs.webkit.org/show_bug.cgi?id=122917.
1705
1706         Reviewed by Michael Saboff.
1707
1708         With CPU(ARM) && CPU(ARM_HARDFP) architecture, the fallback implementation is fine
1709         as FPRInfo::argumentFPR0 == FPRInfo::returnValueFPR in this case.
1710
1711         * dfg/DFGSpeculativeJIT.h:
1712
1713 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1714
1715         Remove unused JIT::restoreArgumentReferenceForTrampoline function.
1716         https://bugs.webkit.org/show_bug.cgi?id=122916.
1717
1718         Reviewed by Michael Saboff.
1719
1720         This architecture specific function is not used anymore, so get rid of it.
1721
1722         * jit/JIT.h:
1723         * jit/JITInlines.h:
1724
1725 2013-10-16  Oliver Hunt  <oliver@apple.com>
1726
1727         Implement ES6 spread operator
1728         https://bugs.webkit.org/show_bug.cgi?id=122911
1729
1730         Reviewed by Michael Saboff.
1731
1732         Implement the ES6 spread operator
1733
1734         This has a little bit of refactoring to move the enumeration logic out ForOfNode
1735         and into BytecodeGenerator, and then adds the logic to make it nicely callback
1736         driven.
1737
1738         The rest of the logic is just the addition of the SpreadExpressionNode, the parsing,
1739         and actually handling the spread.
1740
1741         * bytecompiler/BytecodeGenerator.cpp:
1742         (JSC::BytecodeGenerator::emitNewArray):
1743         (JSC::BytecodeGenerator::emitCall):
1744         (JSC::BytecodeGenerator::emitEnumeration):
1745         * bytecompiler/BytecodeGenerator.h:
1746         * bytecompiler/NodesCodegen.cpp:
1747         (JSC::ArrayNode::emitBytecode):
1748         (JSC::ForOfNode::emitBytecode):
1749         (JSC::SpreadExpressionNode::emitBytecode):
1750         * parser/ASTBuilder.h:
1751         (JSC::ASTBuilder::createSpreadExpression):
1752         * parser/Lexer.cpp:
1753         (JSC::::lex):
1754         * parser/NodeConstructors.h:
1755         (JSC::SpreadExpressionNode::SpreadExpressionNode):
1756         * parser/Nodes.h:
1757         (JSC::ExpressionNode::isSpreadExpression):
1758         (JSC::SpreadExpressionNode::expression):
1759         * parser/Parser.cpp:
1760         (JSC::::parseArrayLiteral):
1761         (JSC::::parseArguments):
1762         (JSC::::parseMemberExpression):
1763         * parser/Parser.h:
1764         (JSC::Parser::getTokenName):
1765         (JSC::Parser::updateErrorMessageSpecialCase):
1766         * parser/ParserTokens.h:
1767         * parser/SyntaxChecker.h:
1768         (JSC::SyntaxChecker::createSpreadExpression):
1769
1770 2013-10-16  Mark Lam  <mark.lam@apple.com>
1771
1772         Transition void cti_op_tear_off* methods to JIT operations for 32 bit.
1773         https://bugs.webkit.org/show_bug.cgi?id=122899.
1774
1775         Reviewed by Michael Saboff.
1776
1777         * jit/JITOpcodes32_64.cpp:
1778         (JSC::JIT::emit_op_tear_off_activation):
1779         (JSC::JIT::emit_op_tear_off_arguments):
1780         * jit/JITStubs.cpp:
1781         * jit/JITStubs.h:
1782
1783 2013-10-16  Julien Brianceau  <jbriance@cisco.com>
1784
1785         Remove more of the UNINTERRUPTED_SEQUENCE thing
1786         https://bugs.webkit.org/show_bug.cgi?id=122885
1787
1788         Reviewed by Andreas Kling.
1789
1790         It was not completely removed by r157481, leading to build failure for sh4 architecture.
1791
1792         * jit/JIT.h:
1793         * jit/JITInlines.h:
1794
1795 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1796
1797         Get rid of the StructureStubInfo::patch union
1798         https://bugs.webkit.org/show_bug.cgi?id=122877
1799
1800         Reviewed by Sam Weinig.
1801         
1802         Just simplifying code by getting rid of data structures that ain't used no more.
1803         
1804         Note that I replace the patch union with a patch struct. This means we say things like
1805         stubInfo.patch.valueGPR instead of stubInfo.valueGPR. I think that this extra
1806         encapsulation makes the code more readable: the patch struct contains just those things
1807         that you need to know to perform patching.
1808
1809         * bytecode/StructureStubInfo.h:
1810         * dfg/DFGJITCompiler.cpp:
1811         (JSC::DFG::JITCompiler::link):
1812         * jit/JIT.cpp:
1813         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1814         * jit/Repatch.cpp:
1815         (JSC::repatchByIdSelfAccess):
1816         (JSC::replaceWithJump):
1817         (JSC::linkRestoreScratch):
1818         (JSC::generateProtoChainAccessStub):
1819         (JSC::tryCacheGetByID):
1820         (JSC::getPolymorphicStructureList):
1821         (JSC::patchJumpToGetByIdStub):
1822         (JSC::tryBuildGetByIDList):
1823         (JSC::emitPutReplaceStub):
1824         (JSC::emitPutTransitionStub):
1825         (JSC::tryCachePutByID):
1826         (JSC::tryBuildPutByIdList):
1827         (JSC::tryRepatchIn):
1828         (JSC::resetGetByID):
1829         (JSC::resetPutByID):
1830         (JSC::resetIn):
1831
1832 2013-10-15  Nadav Rotem  <nrotem@apple.com>
1833
1834         FTL: add support for Int52ToValue and fix putByVal of int52s.
1835         https://bugs.webkit.org/show_bug.cgi?id=122873
1836
1837         Reviewed by Filip Pizlo.
1838
1839         * ftl/FTLCapabilities.cpp:
1840         (JSC::FTL::canCompile):
1841         * ftl/FTLLowerDFGToLLVM.cpp:
1842         (JSC::FTL::LowerDFGToLLVM::compileNode):
1843         (JSC::FTL::LowerDFGToLLVM::compileInt52ToValue):
1844         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1845
1846 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1847
1848         Get rid of the UNINTERRUPTED_SEQUENCE thing
1849         https://bugs.webkit.org/show_bug.cgi?id=122876
1850
1851         Reviewed by Mark Hahnenberg.
1852         
1853         It doesn't make sense anymore. We now use the DFG's IC logic, which never needed that.
1854         
1855         Moreover, we should resist the temptation to bring anything like this back. We don't
1856         want to have inline caches that only work if the assembler lays out code in a specific
1857         predetermined way.
1858
1859         * jit/JIT.h:
1860         * jit/JITCall.cpp:
1861         (JSC::JIT::compileOpCall):
1862         * jit/JITCall32_64.cpp:
1863         (JSC::JIT::compileOpCall):
1864
1865 2013-10-15  Filip Pizlo  <fpizlo@apple.com>
1866
1867         Baseline JIT should use the DFG GetById IC
1868         https://bugs.webkit.org/show_bug.cgi?id=122861
1869
1870         Reviewed by Oliver Hunt.
1871         
1872         This mostly just kills a ton of code.
1873         
1874         Note that this doesn't yet do all of the simplifications that can be done, but it does
1875         kill dead code. I'll have another change to simplify StructureStubInfo's unions and such.
1876
1877         * bytecode/CodeBlock.cpp:
1878         (JSC::CodeBlock::resetStubInternal):
1879         * jit/JIT.cpp:
1880         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
1881         * jit/JIT.h:
1882         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
1883         * jit/JITInlines.h:
1884         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1885         (JSC::JIT::callOperation):
1886         * jit/JITPropertyAccess.cpp:
1887         (JSC::JIT::compileGetByIdHotPath):
1888         (JSC::JIT::emitSlow_op_get_by_id):
1889         (JSC::JIT::emitSlow_op_get_from_scope):
1890         * jit/JITPropertyAccess32_64.cpp:
1891         (JSC::JIT::compileGetByIdHotPath):
1892         (JSC::JIT::emitSlow_op_get_by_id):
1893         (JSC::JIT::emitSlow_op_get_from_scope):
1894         * jit/JITStubs.cpp:
1895         * jit/JITStubs.h:
1896         * jit/Repatch.cpp:
1897         (JSC::repatchGetByID):
1898         (JSC::buildGetByIDList):
1899         * jit/ThunkGenerators.cpp:
1900         * jit/ThunkGenerators.h:
1901
1902 2013-10-15  Dean Jackson  <dino@apple.com>
1903
1904         Add ENABLE_WEB_ANIMATIONS flag
1905         https://bugs.webkit.org/show_bug.cgi?id=122871
1906
1907         Reviewed by Tim Horton.
1908
1909         Eventually might be http://dev.w3.org/fxtf/web-animations/
1910         but this is just engine-internal work at the moment.
1911
1912         * Configurations/FeatureDefines.xcconfig:
1913
1914 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
1915
1916         [sh4] Some calls don't match sh4 ABI.
1917         https://bugs.webkit.org/show_bug.cgi?id=122863
1918
1919         Reviewed by Michael Saboff.
1920
1921         * dfg/DFGSpeculativeJIT.h:
1922         (JSC::DFG::SpeculativeJIT::callOperation):
1923         * jit/CCallHelpers.h:
1924         (JSC::CCallHelpers::setupArgumentsWithExecState):
1925         * jit/JITInlines.h:
1926         (JSC::JIT::callOperation):
1927
1928 2013-10-15  Daniel Bates  <dabates@apple.com>
1929
1930         [iOS] Upstream JavaScriptCore support for ARM64
1931         https://bugs.webkit.org/show_bug.cgi?id=122762
1932
1933         Reviewed by Oliver Hunt and Filip Pizlo.
1934
1935         * Configurations/Base.xcconfig:
1936         * Configurations/DebugRelease.xcconfig:
1937         * Configurations/JavaScriptCore.xcconfig:
1938         * Configurations/ToolExecutable.xcconfig:
1939         * JavaScriptCore.xcodeproj/project.pbxproj:
1940         * assembler/ARM64Assembler.h: Added.
1941         * assembler/AbstractMacroAssembler.h:
1942         (JSC::isARM64):
1943         (JSC::AbstractMacroAssembler::Label::Label):
1944         (JSC::AbstractMacroAssembler::Jump::Jump):
1945         (JSC::AbstractMacroAssembler::Jump::link):
1946         (JSC::AbstractMacroAssembler::Jump::linkTo):
1947         (JSC::AbstractMacroAssembler::CachedTempRegister::CachedTempRegister):
1948         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDInvalidate):
1949         (JSC::AbstractMacroAssembler::CachedTempRegister::registerIDNoInvalidate):
1950         (JSC::AbstractMacroAssembler::CachedTempRegister::value):
1951         (JSC::AbstractMacroAssembler::CachedTempRegister::setValue):
1952         (JSC::AbstractMacroAssembler::CachedTempRegister::invalidate):
1953         (JSC::AbstractMacroAssembler::invalidateAllTempRegisters):
1954         (JSC::AbstractMacroAssembler::isTempRegisterValid):
1955         (JSC::AbstractMacroAssembler::clearTempRegisterValid):
1956         (JSC::AbstractMacroAssembler::setTempRegisterValid):
1957         * assembler/LinkBuffer.cpp:
1958         (JSC::LinkBuffer::copyCompactAndLinkCode):
1959         (JSC::LinkBuffer::linkCode):
1960         * assembler/LinkBuffer.h:
1961         * assembler/MacroAssembler.h:
1962         (JSC::MacroAssembler::isPtrAlignedAddressOffset):
1963         (JSC::MacroAssembler::pushToSave):
1964         (JSC::MacroAssembler::popToRestore):
1965         (JSC::MacroAssembler::patchableBranchTest32):
1966         * assembler/MacroAssemblerARM64.h: Added.
1967         * assembler/MacroAssemblerARMv7.h:
1968         * dfg/DFGFixupPhase.cpp:
1969         (JSC::DFG::FixupPhase::fixupNode):
1970         * dfg/DFGOSRExitCompiler32_64.cpp:
1971         (JSC::DFG::OSRExitCompiler::compileExit):
1972         * dfg/DFGOSRExitCompiler64.cpp:
1973         (JSC::DFG::OSRExitCompiler::compileExit):
1974         * dfg/DFGSpeculativeJIT.cpp:
1975         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1976         (JSC::DFG::SpeculativeJIT::compileArithMod):
1977         * disassembler/ARM64/A64DOpcode.cpp: Added.
1978         * disassembler/ARM64/A64DOpcode.h: Added.
1979         * disassembler/ARM64Disassembler.cpp: Added.
1980         * heap/MachineStackMarker.cpp:
1981         (JSC::getPlatformThreadRegisters):
1982         (JSC::otherThreadStackPointer):
1983         * heap/Region.h:
1984         * jit/AssemblyHelpers.h:
1985         (JSC::AssemblyHelpers::debugCall):
1986         * jit/CCallHelpers.h:
1987         * jit/ExecutableAllocator.h:
1988         * jit/FPRInfo.h:
1989         (JSC::FPRInfo::toRegister):
1990         (JSC::FPRInfo::toIndex):
1991         (JSC::FPRInfo::debugName):
1992         * jit/GPRInfo.h:
1993         (JSC::GPRInfo::toRegister):
1994         (JSC::GPRInfo::toIndex):
1995         (JSC::GPRInfo::debugName):
1996         * jit/JITInlines.h:
1997         (JSC::JIT::restoreArgumentReferenceForTrampoline):
1998         * jit/JITOperationWrappers.h:
1999         * jit/JITOperations.cpp:
2000         * jit/JITStubs.cpp:
2001         (JSC::performPlatformSpecificJITAssertions):
2002         (JSC::tryCachePutByID):
2003         * jit/JITStubs.h:
2004         (JSC::JITStackFrame::returnAddressSlot):
2005         * jit/JITStubsARM64.h: Added.
2006         * jit/JSInterfaceJIT.h:
2007         * jit/Repatch.cpp:
2008         (JSC::emitRestoreScratch):
2009         (JSC::generateProtoChainAccessStub):
2010         (JSC::tryCacheGetByID):
2011         (JSC::emitPutReplaceStub):
2012         (JSC::tryCachePutByID):
2013         (JSC::tryRepatchIn):
2014         * jit/ScratchRegisterAllocator.h:
2015         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2016         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2017         * jit/ThunkGenerators.cpp:
2018         (JSC::nativeForGenerator):
2019         (JSC::floorThunkGenerator):
2020         (JSC::ceilThunkGenerator):
2021         * jsc.cpp:
2022         (main):
2023         * llint/LLIntOfflineAsmConfig.h:
2024         * llint/LLIntSlowPaths.cpp:
2025         (JSC::LLInt::handleHostCall):
2026         * llint/LowLevelInterpreter.asm:
2027         * llint/LowLevelInterpreter64.asm:
2028         * offlineasm/arm.rb:
2029         * offlineasm/arm64.rb: Added.
2030         * offlineasm/backends.rb:
2031         * offlineasm/instructions.rb:
2032         * offlineasm/risc.rb:
2033         * offlineasm/transform.rb:
2034         * yarr/YarrJIT.cpp:
2035         (JSC::Yarr::YarrGenerator::alignCallFrameSizeInBytes):
2036         (JSC::Yarr::YarrGenerator::initCallFrame):
2037         (JSC::Yarr::YarrGenerator::removeCallFrame):
2038         (JSC::Yarr::YarrGenerator::generateEnter):
2039         * yarr/YarrJIT.h:
2040
2041 2013-10-15  Mark Lam  <mark.lam@apple.com>
2042
2043         Fix 3 operand sub operation in C loop LLINT.
2044         https://bugs.webkit.org/show_bug.cgi?id=122866.
2045
2046         Reviewed by Geoffrey Garen.
2047
2048         * offlineasm/cloop.rb:
2049
2050 2013-10-15  Mark Hahnenberg  <mhahnenberg@apple.com>
2051
2052         ObjCCallbackFunctionImpl shouldn't store a JSContext
2053         https://bugs.webkit.org/show_bug.cgi?id=122531
2054
2055         Reviewed by Geoffrey Garen.
2056
2057         The m_context field in ObjCCallbackFunctionImpl is vestigial and is only incidentally correct 
2058         in the common case. It's also no longer necessary in that we can look up the current JSContext 
2059         by looking using the globalObject of the callee when the function callback is invoked.
2060  
2061         Also added a new test that would cause us to crash previously. The test required making 
2062         JSContextGetGlobalContext public API so that clients can obtain a JSContext from the JSContextRef
2063         in C API callbacks.
2064
2065         * API/JSContextRef.h:
2066         * API/JSContextRefPrivate.h:
2067         * API/ObjCCallbackFunction.mm:
2068         (JSC::ObjCCallbackFunctionImpl::ObjCCallbackFunctionImpl):
2069         (JSC::objCCallbackFunctionCallAsFunction):
2070         (objCCallbackFunctionForInvocation):
2071         * API/WebKitAvailability.h:
2072         * API/tests/CurrentThisInsideBlockGetterTest.h: Added.
2073         * API/tests/CurrentThisInsideBlockGetterTest.mm: Added.
2074         (CallAsConstructor):
2075         (ConstructorFinalize):
2076         (ConstructorClass):
2077         (+[JSValue valueWithConstructorDescriptor:inContext:]):
2078         (-[JSContext valueWithConstructorDescriptor:]):
2079         (currentThisInsideBlockGetterTest):
2080         * API/tests/testapi.mm:
2081         * JavaScriptCore.xcodeproj/project.pbxproj:
2082         * debugger/Debugger.cpp: Had to add some fully qualified names to avoid conflicts with Mac OS X headers.
2083
2084 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2085
2086         Fix build after r157457 for architecture with 4 argument registers.
2087         https://bugs.webkit.org/show_bug.cgi?id=122860
2088
2089         Reviewed by Michael Saboff.
2090
2091         * jit/CCallHelpers.h:
2092         (JSC::CCallHelpers::setupStubArguments134):
2093
2094 2013-10-14  Michael Saboff  <msaboff@apple.com>
2095
2096         transition void cti_op_* methods to JIT operations.
2097         https://bugs.webkit.org/show_bug.cgi?id=122617
2098
2099         Reviewed by Geoffrey Garen.
2100
2101         Converted the follow stubs to JIT operations:
2102             cti_handle_watchdog_timer
2103             cti_op_debug
2104             cti_op_pop_scope
2105             cti_op_profile_did_call
2106             cti_op_profile_will_call
2107             cti_op_put_by_index
2108             cti_op_put_getter_setter
2109             cti_op_tear_off_activation
2110             cti_op_tear_off_arguments
2111             cti_op_throw_static_error
2112             cti_optimize
2113
2114         * dfg/DFGOperations.cpp:
2115         * dfg/DFGOperations.h:
2116         * jit/CCallHelpers.h:
2117         (JSC::CCallHelpers::setupArgumentsWithExecState):
2118         (JSC::CCallHelpers::setupThreeStubArgsGPR):
2119         (JSC::CCallHelpers::setupStubArguments):
2120         (JSC::CCallHelpers::setupStubArguments134):
2121         * jit/JIT.cpp:
2122         (JSC::JIT::emitEnterOptimizationCheck):
2123         * jit/JIT.h:
2124         * jit/JITInlines.h:
2125         (JSC::JIT::callOperation):
2126         * jit/JITOpcodes.cpp:
2127         (JSC::JIT::emit_op_tear_off_activation):
2128         (JSC::JIT::emit_op_tear_off_arguments):
2129         (JSC::JIT::emit_op_push_with_scope):
2130         (JSC::JIT::emit_op_pop_scope):
2131         (JSC::JIT::emit_op_push_name_scope):
2132         (JSC::JIT::emit_op_throw_static_error):
2133         (JSC::JIT::emit_op_debug):
2134         (JSC::JIT::emit_op_profile_will_call):
2135         (JSC::JIT::emit_op_profile_did_call):
2136         (JSC::JIT::emitSlow_op_loop_hint):
2137         * jit/JITOpcodes32_64.cpp:
2138         (JSC::JIT::emit_op_push_with_scope):
2139         (JSC::JIT::emit_op_pop_scope):
2140         (JSC::JIT::emit_op_push_name_scope):
2141         (JSC::JIT::emit_op_throw_static_error):
2142         (JSC::JIT::emit_op_debug):
2143         (JSC::JIT::emit_op_profile_will_call):
2144         (JSC::JIT::emit_op_profile_did_call):
2145         * jit/JITOperations.cpp:
2146         * jit/JITOperations.h:
2147         * jit/JITPropertyAccess.cpp:
2148         (JSC::JIT::emit_op_put_by_index):
2149         (JSC::JIT::emit_op_put_getter_setter):
2150         * jit/JITPropertyAccess32_64.cpp:
2151         (JSC::JIT::emit_op_put_by_index):
2152         (JSC::JIT::emit_op_put_getter_setter):
2153         * jit/JITStubs.cpp:
2154         * jit/JITStubs.h:
2155
2156 2013-10-15  Julien Brianceau  <jbriance@cisco.com>
2157
2158         [sh4] Introduce const pools in LLINT.
2159         https://bugs.webkit.org/show_bug.cgi?id=122746
2160
2161         Reviewed by Michael Saboff.
2162
2163         In current implementation of LLINT for sh4, immediate values outside range -128..127 are
2164         loaded this way:
2165
2166             mov.l .label, rx
2167             bra out
2168             nop
2169             .balign 4
2170             .label: .long immvalue
2171             out:
2172
2173         This change introduces const pools for sh4 implementation to avoid lots of useless branches
2174         and reduce code size. It also removes lines of dirty code, like jmpf and callf.
2175
2176         * offlineasm/instructions.rb: Remove jmpf and callf sh4 specific instructions.
2177         * offlineasm/sh4.rb:
2178
2179 2013-10-15  Mark Lam  <mark.lam@apple.com>
2180
2181         Fix broken C Loop LLINT build.
2182         https://bugs.webkit.org/show_bug.cgi?id=122839.
2183
2184         Reviewed by Michael Saboff.
2185
2186         * dfg/DFGFlushedAt.cpp:
2187         * jit/JITOperations.h:
2188
2189 2013-10-14  Mark Lam  <mark.lam@apple.com>
2190
2191         Transition *switch* and *scope* JITStubs to JIT operations.
2192         https://bugs.webkit.org/show_bug.cgi?id=122757.
2193
2194         Reviewed by Geoffrey Garen.
2195
2196         Transitioning:
2197             cti_op_switch_char
2198             cti_op_switch_imm
2199             cti_op_switch_string
2200             cti_op_resolve_scope
2201             cti_op_get_from_scope
2202             cti_op_put_to_scope
2203
2204         * jit/JIT.h:
2205         * jit/JITInlines.h:
2206         (JSC::JIT::callOperation):
2207         * jit/JITOpcodes.cpp:
2208         (JSC::JIT::emit_op_switch_imm):
2209         (JSC::JIT::emit_op_switch_char):
2210         (JSC::JIT::emit_op_switch_string):
2211         * jit/JITOpcodes32_64.cpp:
2212         (JSC::JIT::emit_op_switch_imm):
2213         (JSC::JIT::emit_op_switch_char):
2214         (JSC::JIT::emit_op_switch_string):
2215         * jit/JITOperations.cpp:
2216         * jit/JITOperations.h:
2217         * jit/JITPropertyAccess.cpp:
2218         (JSC::JIT::emitSlow_op_resolve_scope):
2219         (JSC::JIT::emitSlow_op_get_from_scope):
2220         (JSC::JIT::emitSlow_op_put_to_scope):
2221         * jit/JITPropertyAccess32_64.cpp:
2222         (JSC::JIT::emitSlow_op_resolve_scope):
2223         (JSC::JIT::emitSlow_op_get_from_scope):
2224         (JSC::JIT::emitSlow_op_put_to_scope):
2225         * jit/JITStubs.cpp:
2226         * jit/JITStubs.h:
2227
2228 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2229
2230         DFG PutById IC should use the ConcurrentJITLocker since it's now dealing with IC's that get read by the compiler thread
2231         https://bugs.webkit.org/show_bug.cgi?id=122786
2232
2233         Reviewed by Mark Hahnenberg.
2234
2235         * bytecode/CodeBlock.cpp:
2236         (JSC::CodeBlock::resetStub): Resetting a stub should acquire the lock since this is observable from the thread; but we should only acquire the lock if we're resetting outside of GC.
2237         * jit/Repatch.cpp:
2238         (JSC::repatchPutByID): Doing the PutById patching should hold the lock.
2239         (JSC::buildPutByIdList): Ditto.
2240
2241 2013-10-14  Nadav Rotem  <nrotem@apple.com>
2242
2243         Add FTL support for LogicalNot(string)
2244         https://bugs.webkit.org/show_bug.cgi?id=122765
2245
2246         Reviewed by Filip Pizlo.
2247
2248         This patch is tested by:
2249         regress/script-tests/emscripten-cube2hash.js.ftl-eager
2250
2251         * ftl/FTLCapabilities.cpp:
2252         (JSC::FTL::canCompile):
2253         * ftl/FTLLowerDFGToLLVM.cpp:
2254         (JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
2255
2256 2013-10-14  Julien Brianceau  <jbriance@cisco.com>
2257
2258         [sh4] Fixes after r157404 and r157411.
2259         https://bugs.webkit.org/show_bug.cgi?id=122782
2260
2261         Reviewed by Michael Saboff.
2262
2263         * dfg/DFGSpeculativeJIT.h:
2264         (JSC::DFG::SpeculativeJIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2265         * jit/CCallHelpers.h:
2266         (JSC::CCallHelpers::setupArgumentsWithExecState):
2267         * jit/JITInlines.h:
2268         (JSC::JIT::callOperation): Add missing SH4_32BIT_DUMMY_ARG.
2269         * jit/JITPropertyAccess32_64.cpp:
2270         (JSC::JIT::emit_op_put_by_id): Remove unwanted BEGIN_UNINTERRUPTED_SEQUENCE.
2271
2272 2013-10-14  Commit Queue  <commit-queue@webkit.org>
2273
2274         Unreviewed, rolling out r157413.
2275         http://trac.webkit.org/changeset/157413
2276         https://bugs.webkit.org/show_bug.cgi?id=122779
2277
2278         Appears to have caused frequent crashes (Requested by ap on
2279         #webkit).
2280
2281         * CMakeLists.txt:
2282         * GNUmakefile.list.am:
2283         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2284         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2285         * JavaScriptCore.xcodeproj/project.pbxproj:
2286         * heap/DeferGC.cpp: Removed.
2287         * heap/DeferGC.h:
2288         * jit/JITStubs.cpp:
2289         (JSC::tryCacheGetByID):
2290         (JSC::DEFINE_STUB_FUNCTION):
2291         * llint/LLIntSlowPaths.cpp:
2292         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2293         * runtime/ConcurrentJITLock.h:
2294         * runtime/InitializeThreading.cpp:
2295         (JSC::initializeThreadingOnce):
2296         * runtime/JSCellInlines.h:
2297         (JSC::allocateCell):
2298         * runtime/Structure.cpp:
2299         (JSC::Structure::materializePropertyMap):
2300         (JSC::Structure::putSpecificValue):
2301         (JSC::Structure::createPropertyMap):
2302         * runtime/Structure.h:
2303
2304 2013-10-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2305
2306         COLLECT_ON_EVERY_ALLOCATION causes assertion failures
2307         https://bugs.webkit.org/show_bug.cgi?id=122652
2308
2309         Reviewed by Filip Pizlo.
2310
2311         COLLECT_ON_EVERY_ALLOCATION wasn't accounting for the new GC deferral mechanism,
2312         so we would end up ASSERTing during garbage collection.
2313
2314         * heap/MarkedAllocator.cpp:
2315         (JSC::MarkedAllocator::allocateSlowCase):
2316
2317 2013-10-11  Oliver Hunt  <oliver@apple.com>
2318
2319         Separate out array iteration intrinsics
2320         https://bugs.webkit.org/show_bug.cgi?id=122656
2321
2322         Reviewed by Michael Saboff.
2323
2324         Separate out the intrinsics for key and values iteration
2325         of arrays.
2326
2327         This requires moving moving array iteration into the iterator
2328         instance, rather than the prototype, but this is essentially
2329         unobservable so we'll live with it for now.
2330
2331         * jit/ThunkGenerators.cpp:
2332         (JSC::arrayIteratorNextThunkGenerator):
2333         (JSC::arrayIteratorNextKeyThunkGenerator):
2334         (JSC::arrayIteratorNextValueThunkGenerator):
2335         * jit/ThunkGenerators.h:
2336         * runtime/ArrayIteratorPrototype.cpp:
2337         (JSC::ArrayIteratorPrototype::finishCreation):
2338         * runtime/Intrinsic.h:
2339         * runtime/JSArrayIterator.cpp:
2340         (JSC::JSArrayIterator::finishCreation):
2341         (JSC::createIteratorResult):
2342         (JSC::arrayIteratorNext):
2343         (JSC::arrayIteratorNextKey):
2344         (JSC::arrayIteratorNextValue):
2345         (JSC::arrayIteratorNextGeneric):
2346         * runtime/VM.cpp:
2347         (JSC::thunkGeneratorForIntrinsic):
2348
2349 2013-10-11  Mark Hahnenberg  <mhahnenberg@apple.com>
2350
2351         llint_slow_path_put_by_id can deadlock on a ConcurrentJITLock
2352         https://bugs.webkit.org/show_bug.cgi?id=122667
2353
2354         Reviewed by Filip Pizlo.
2355
2356         The issue this patch is attempting to fix is that there are places in our codebase
2357         where we acquire the ConcurrentJITLock for a particular CodeBlock, then we do some
2358         operations that can initiate a garbage collection. Garbage collection then calls 
2359         some methods of CodeBlock that also take the ConcurrentJITLock (because they don't
2360         always necessarily run during garbage collection). This causes a deadlock.
2361
2362         To fix this issue, this patch adds a new RAII-style object (DisallowGC) that stores 
2363         into a thread-local field that indicates that it is unsafe to perform any operation 
2364         that could trigger garbage collection on the current thread. In debug builds, 
2365         ConcurrentJITLocker contains one of these DisallowGC objects so that we can eagerly 
2366         detect deadlocks.
2367
2368         This patch also adds a new type of ConcurrentJITLocker, GCSafeConcurrentJITLocker,
2369         which uses the DeferGC mechanism to prevent collections from occurring while the 
2370         lock is held.
2371
2372         * CMakeLists.txt:
2373         * GNUmakefile.list.am:
2374         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2375         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2376         * JavaScriptCore.xcodeproj/project.pbxproj:
2377         * heap/DeferGC.cpp: Added.
2378         * heap/DeferGC.h:
2379         (JSC::DisallowGC::DisallowGC):
2380         (JSC::DisallowGC::~DisallowGC):
2381         (JSC::DisallowGC::isGCDisallowedOnCurrentThread):
2382         (JSC::DisallowGC::initialize):
2383         * jit/JITStubs.cpp:
2384         (JSC::tryCachePutByID):
2385         (JSC::tryCacheGetByID):
2386         (JSC::DEFINE_STUB_FUNCTION):
2387         * llint/LLIntSlowPaths.cpp:
2388         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2389         * runtime/ConcurrentJITLock.h:
2390         (JSC::ConcurrentJITLockerBase::ConcurrentJITLockerBase):
2391         (JSC::ConcurrentJITLockerBase::~ConcurrentJITLockerBase):
2392         (JSC::ConcurrentJITLockerBase::unlockEarly):
2393         (JSC::GCSafeConcurrentJITLocker::GCSafeConcurrentJITLocker):
2394         (JSC::ConcurrentJITLocker::ConcurrentJITLocker):
2395         * runtime/InitializeThreading.cpp:
2396         (JSC::initializeThreadingOnce):
2397         * runtime/JSCellInlines.h:
2398         (JSC::allocateCell):
2399         * runtime/Structure.cpp:
2400         (JSC::Structure::materializePropertyMap):
2401         (JSC::Structure::putSpecificValue):
2402         (JSC::Structure::createPropertyMap):
2403         * runtime/Structure.h:
2404
2405 2013-10-14  Filip Pizlo  <fpizlo@apple.com>
2406
2407         Baseline JIT should use the DFG's PutById IC
2408         https://bugs.webkit.org/show_bug.cgi?id=122704
2409
2410         Reviewed by Mark Hahnenberg.
2411         
2412         Mostly no big deal, just removing the old Baseline JIT's put_by_id IC support and forcing
2413         that JIT to use the DFG's (i.e. JITOperations) PutById IC.
2414         
2415         The only complicated part was that the PutById operations assumed that we first did a
2416         cell speculation, which the baseline JIT obviously won't do. So I changed all of those
2417         slow paths to deal with EncodedJSValue's.
2418
2419         * bytecode/CodeBlock.cpp:
2420         (JSC::CodeBlock::resetStubInternal):
2421         * bytecode/PutByIdStatus.cpp:
2422         (JSC::PutByIdStatus::computeFor):
2423         * dfg/DFGSpeculativeJIT.h:
2424         (JSC::DFG::SpeculativeJIT::callOperation):
2425         * dfg/DFGSpeculativeJIT32_64.cpp:
2426         (JSC::DFG::SpeculativeJIT::cachedPutById):
2427         * dfg/DFGSpeculativeJIT64.cpp:
2428         (JSC::DFG::SpeculativeJIT::cachedPutById):
2429         * jit/CCallHelpers.h:
2430         (JSC::CCallHelpers::setupArgumentsWithExecState):
2431         * jit/JIT.cpp:
2432         (JSC::PropertyStubCompilationInfo::copyToStubInfo):
2433         * jit/JIT.h:
2434         (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
2435         (JSC::PropertyStubCompilationInfo::slowCaseInfo):
2436         * jit/JITInlines.h:
2437         (JSC::JIT::callOperation):
2438         * jit/JITOperationWrappers.h:
2439         * jit/JITOperations.cpp:
2440         * jit/JITOperations.h:
2441         * jit/JITPropertyAccess.cpp:
2442         (JSC::JIT::compileGetByIdHotPath):
2443         (JSC::JIT::compileGetByIdSlowCase):
2444         (JSC::JIT::emit_op_put_by_id):
2445         (JSC::JIT::emitSlow_op_put_by_id):
2446         * jit/JITPropertyAccess32_64.cpp:
2447         (JSC::JIT::compileGetByIdSlowCase):
2448         (JSC::JIT::emit_op_put_by_id):
2449         (JSC::JIT::emitSlow_op_put_by_id):
2450         * jit/JITStubs.cpp:
2451         * jit/JITStubs.h:
2452         * jit/Repatch.cpp:
2453         (JSC::appropriateGenericPutByIdFunction):
2454         (JSC::appropriateListBuildingPutByIdFunction):
2455         (JSC::resetPutByID):
2456
2457 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2458
2459         FTL should have an inefficient but correct implementation of GetById
2460         https://bugs.webkit.org/show_bug.cgi?id=122740
2461
2462         Reviewed by Mark Hahnenberg.
2463         
2464         It took some effort to realize that the node->prediction() check in the DFG backends
2465         are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
2466         if !prediction.
2467         
2468         But other than that this was an easy patch.
2469
2470         * dfg/DFGByteCodeParser.cpp:
2471         (JSC::DFG::ByteCodeParser::handleGetById):
2472         * dfg/DFGSpeculativeJIT32_64.cpp:
2473         (JSC::DFG::SpeculativeJIT::compile):
2474         * dfg/DFGSpeculativeJIT64.cpp:
2475         (JSC::DFG::SpeculativeJIT::compile):
2476         * ftl/FTLCapabilities.cpp:
2477         (JSC::FTL::canCompile):
2478         * ftl/FTLIntrinsicRepository.h:
2479         * ftl/FTLLowerDFGToLLVM.cpp:
2480         (JSC::FTL::LowerDFGToLLVM::compileNode):
2481         (JSC::FTL::LowerDFGToLLVM::compileGetById):
2482
2483 2013-10-13  Mark Lam  <mark.lam@apple.com>
2484
2485         Transition misc cti_op_* JITStubs to JIT operations.
2486         https://bugs.webkit.org/show_bug.cgi?id=122645.
2487
2488         Reviewed by Michael Saboff.
2489
2490         Stubs converted:
2491             cti_op_check_has_instance
2492             cti_op_create_arguments
2493             cti_op_del_by_id
2494             cti_op_instanceof
2495             cti_to_object
2496             cti_op_push_activation
2497             cti_op_get_pnames
2498             cti_op_load_varargs
2499
2500         * dfg/DFGOperations.cpp:
2501         * dfg/DFGOperations.h:
2502         * jit/CCallHelpers.h:
2503         (JSC::CCallHelpers::setupArgumentsWithExecState):
2504         * jit/JIT.h:
2505         (JSC::JIT::emitStoreCell):
2506         * jit/JITCall.cpp:
2507         (JSC::JIT::compileLoadVarargs):
2508         * jit/JITCall32_64.cpp:
2509         (JSC::JIT::compileLoadVarargs):
2510         * jit/JITInlines.h:
2511         (JSC::JIT::callOperation):
2512         * jit/JITOpcodes.cpp:
2513         (JSC::JIT::emit_op_get_pnames):
2514         (JSC::JIT::emit_op_create_activation):
2515         (JSC::JIT::emit_op_create_arguments):
2516         (JSC::JIT::emitSlow_op_check_has_instance):
2517         (JSC::JIT::emitSlow_op_instanceof):
2518         (JSC::JIT::emitSlow_op_get_argument_by_val):
2519         * jit/JITOpcodes32_64.cpp:
2520         (JSC::JIT::emitSlow_op_check_has_instance):
2521         (JSC::JIT::emitSlow_op_instanceof):
2522         (JSC::JIT::emit_op_get_pnames):
2523         (JSC::JIT::emit_op_create_activation):
2524         (JSC::JIT::emit_op_create_arguments):
2525         (JSC::JIT::emitSlow_op_get_argument_by_val):
2526         * jit/JITOperations.cpp:
2527         * jit/JITOperations.h:
2528         * jit/JITPropertyAccess.cpp:
2529         (JSC::JIT::emit_op_del_by_id):
2530         * jit/JITPropertyAccess32_64.cpp:
2531         (JSC::JIT::emit_op_del_by_id):
2532         * jit/JITStubs.cpp:
2533         * jit/JITStubs.h:
2534
2535 2013-10-13  Filip Pizlo  <fpizlo@apple.com>
2536
2537         FTL OSR exit should perform zero extension on values smaller than 64-bit
2538         https://bugs.webkit.org/show_bug.cgi?id=122688
2539
2540         Reviewed by Gavin Barraclough.
2541         
2542         In the DFG we usually make the simplistic assumption that a 32-bit value in a 64-bit
2543         register will have zeros on the high bits.  In the few cases where the high bits are
2544         non-zero, the DFG sort of tells us this explicitly.
2545
2546         But when working with llvm.webkit.stackmap, it doesn't work that way.  Consider we might
2547         emit LLVM IR like:
2548
2549             %2 = trunc i64 %1 to i32
2550             stuff %2
2551             call @llvm.webkit.stackmap(...., %2)
2552
2553         LLVM may never actually emit a truncation instruction of any kind.  And that's great - in
2554         many cases it won't be needed, like if 'stuff %2' is a 32-bit op that ignores the high
2555         bits anyway.  Hence LLVM may tell us that %2 is in the register that still had the value
2556         from before truncation, and that register may have garbage in the high bits.
2557
2558         This means that on our end, if we want a 32-bit value and we want that value to be
2559         zero-extended, we should zero-extend it ourselves.  This is pretty easy and should be
2560         cheap, so we should just do it and not make it a requirement that LLVM does it on its
2561         end.
2562         
2563         This makes all tests pass with JSC_ftlOSRExitUsesStackmap=true.
2564
2565         * ftl/FTLOSRExitCompiler.cpp:
2566         (JSC::FTL::compileStubWithOSRExitStackmap):
2567         * ftl/FTLValueFormat.cpp:
2568         (JSC::FTL::reboxAccordingToFormat):
2569
2570 == Rolled over to ChangeLog-2013-10-13 ==