JSObject::findPropertyHashEntry() should take VM instead of ExecState.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-28  Andreas Kling  <akling@apple.com>
2
3         JSObject::findPropertyHashEntry() should take VM instead of ExecState.
4         <https://webkit.org/b/129529>
5
6         Callers already have VM in a local, and findPropertyHashEntry() only
7         uses the VM, no need to go all the way through ExecState.
8
9         Reviewed by Geoffrey Garen.
10
11         * runtime/JSObject.cpp:
12         (JSC::JSObject::put):
13         (JSC::JSObject::deleteProperty):
14         (JSC::JSObject::findPropertyHashEntry):
15         * runtime/JSObject.h:
16
17 2014-02-28  Joseph Pecoraro  <pecoraro@apple.com>
18
19         Deadlock remotely inspecting iOS Simulator
20         https://bugs.webkit.org/show_bug.cgi?id=129511
21
22         Reviewed by Timothy Hatcher.
23
24         Avoid synchronous setup. Do it asynchronously, and let
25         the RemoteInspector singleton know later if it failed.
26
27         * inspector/remote/RemoteInspector.h:
28         * inspector/remote/RemoteInspector.mm:
29         (Inspector::RemoteInspector::setupFailed):
30         * inspector/remote/RemoteInspectorDebuggableConnection.h:
31         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
32         (Inspector::RemoteInspectorDebuggableConnection::setup):
33
34 2014-02-28  Oliver Hunt  <oliver@apple.com>
35
36         REGRESSION(r164835): It broke 10 JSC stress test on 32 bit platforms
37         https://bugs.webkit.org/show_bug.cgi?id=129488
38
39         Reviewed by Mark Lam.
40
41         Whoops, modify the right register.
42
43         * jit/JITCall32_64.cpp:
44         (JSC::JIT::compileLoadVarargs):
45
46 2014-02-28  Filip Pizlo  <fpizlo@apple.com>
47
48         FTL should be able to call sin/cos directly on platforms where the intrinsic is busted
49         https://bugs.webkit.org/show_bug.cgi?id=129503
50
51         Reviewed by Mark Lam.
52
53         * ftl/FTLIntrinsicRepository.h:
54         * ftl/FTLOutput.h:
55         (JSC::FTL::Output::doubleSin):
56         (JSC::FTL::Output::doubleCos):
57         (JSC::FTL::Output::intrinsicOrOperation):
58
59 2014-02-28  Mark Hahnenberg  <mhahnenberg@apple.com>
60
61         Fix !ENABLE(GGC) builds
62
63         * heap/Heap.cpp:
64         (JSC::Heap::markRoots):
65         (JSC::Heap::gatherJSStackRoots): Also fix one of the names of the GC phases.
66
67 2014-02-27  Mark Hahnenberg  <mhahnenberg@apple.com>
68
69         Clean up Heap::collect and Heap::markRoots
70         https://bugs.webkit.org/show_bug.cgi?id=129464
71
72         Reviewed by Geoffrey Garen.
73
74         These functions have built up a lot of cruft recently. 
75         We should do a bit of cleanup to make them easier to grok.
76
77         * heap/Heap.cpp:
78         (JSC::Heap::finalizeUnconditionalFinalizers):
79         (JSC::Heap::gatherStackRoots):
80         (JSC::Heap::gatherJSStackRoots):
81         (JSC::Heap::gatherScratchBufferRoots):
82         (JSC::Heap::clearLivenessData):
83         (JSC::Heap::visitSmallStrings):
84         (JSC::Heap::visitConservativeRoots):
85         (JSC::Heap::visitCompilerWorklists):
86         (JSC::Heap::markProtectedObjects):
87         (JSC::Heap::markTempSortVectors):
88         (JSC::Heap::markArgumentBuffers):
89         (JSC::Heap::visitException):
90         (JSC::Heap::visitStrongHandles):
91         (JSC::Heap::visitHandleStack):
92         (JSC::Heap::traceCodeBlocksAndJITStubRoutines):
93         (JSC::Heap::converge):
94         (JSC::Heap::visitWeakHandles):
95         (JSC::Heap::clearRememberedSet):
96         (JSC::Heap::updateObjectCounts):
97         (JSC::Heap::resetVisitors):
98         (JSC::Heap::markRoots):
99         (JSC::Heap::copyBackingStores):
100         (JSC::Heap::deleteUnmarkedCompiledCode):
101         (JSC::Heap::collect):
102         (JSC::Heap::collectIfNecessaryOrDefer):
103         (JSC::Heap::suspendCompilerThreads):
104         (JSC::Heap::willStartCollection):
105         (JSC::Heap::deleteOldCode):
106         (JSC::Heap::flushOldStructureIDTables):
107         (JSC::Heap::flushWriteBarrierBuffer):
108         (JSC::Heap::stopAllocation):
109         (JSC::Heap::reapWeakHandles):
110         (JSC::Heap::sweepArrayBuffers):
111         (JSC::Heap::snapshotMarkedSpace):
112         (JSC::Heap::deleteSourceProviderCaches):
113         (JSC::Heap::notifyIncrementalSweeper):
114         (JSC::Heap::rememberCurrentlyExecutingCodeBlocks):
115         (JSC::Heap::resetAllocators):
116         (JSC::Heap::updateAllocationLimits):
117         (JSC::Heap::didFinishCollection):
118         (JSC::Heap::resumeCompilerThreads):
119         * heap/Heap.h:
120
121 2014-02-27  Ryosuke Niwa  <rniwa@webkit.org>
122
123         indexOf and lastIndexOf shouldn't resolve ropes when needle is longer than haystack
124         https://bugs.webkit.org/show_bug.cgi?id=129466
125
126         Reviewed by Michael Saboff.
127
128         Refactored the code to avoid calling JSString::value when needle is longer than haystack.
129
130         * runtime/StringPrototype.cpp:
131         (JSC::stringProtoFuncIndexOf):
132         (JSC::stringProtoFuncLastIndexOf):
133
134 2014-02-27  Timothy Hatcher  <timothy@apple.com>
135
136         Improve how ContentSearchUtilities::lineEndings works by supporting the three common line endings.
137
138         https://bugs.webkit.org/show_bug.cgi?id=129458
139
140         Reviewed by Joseph Pecoraro.
141
142         * inspector/ContentSearchUtilities.cpp:
143         (Inspector::ContentSearchUtilities::textPositionFromOffset): Remove assumption about line ending length.
144         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines): Remove assumption about
145         line ending type and don't try to strip the line ending. Use size_t
146         (Inspector::ContentSearchUtilities::lineEndings): Use findNextLineStart to find the lines.
147         This will include the line ending in the lines, but that is okay.
148         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch): Use size_t.
149         (Inspector::ContentSearchUtilities::searchInTextByLines): Modernize.
150
151 2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>
152
153         [Mac] Warning: Multiple build commands for output file GCSegmentedArray and InspectorAgent
154         https://bugs.webkit.org/show_bug.cgi?id=129446
155
156         Reviewed by Timothy Hatcher.
157
158         Remove duplicate header entries in Copy Header build phase.
159
160         * JavaScriptCore.xcodeproj/project.pbxproj:
161
162 2014-02-27  Oliver Hunt  <oliver@apple.com>
163
164         Whoops, include all of last patch.
165
166         * jit/JITCall32_64.cpp:
167         (JSC::JIT::compileLoadVarargs):
168
169 2014-02-27  Oliver Hunt  <oliver@apple.com>
170
171         Slow cases for function.apply and function.call should not require vm re-entry
172         https://bugs.webkit.org/show_bug.cgi?id=129454
173
174         Reviewed by Geoffrey Garen.
175
176         Implement call and apply using builtins. Happily the use
177         of @call and @apply don't perform function equality checks
178         and just plant direct var_args calls. This did expose a few
179         codegen issues, but they're all covered by existing tests
180         once call and apply are implemented in JS.
181
182         * JavaScriptCore.xcodeproj/project.pbxproj:
183         * builtins/Function.prototype.js: Added.
184         (call):
185         (apply):
186         * bytecompiler/NodesCodegen.cpp:
187         (JSC::CallFunctionCallDotNode::emitBytecode):
188         (JSC::ApplyFunctionCallDotNode::emitBytecode):
189         * dfg/DFGCapabilities.cpp:
190         (JSC::DFG::capabilityLevel):
191         * interpreter/Interpreter.cpp:
192         (JSC::sizeFrameForVarargs):
193         (JSC::loadVarargs):
194         * interpreter/Interpreter.h:
195         * jit/JITCall.cpp:
196         (JSC::JIT::compileLoadVarargs):
197         * parser/ASTBuilder.h:
198         (JSC::ASTBuilder::makeFunctionCallNode):
199         * parser/Lexer.cpp:
200         (JSC::isSafeBuiltinIdentifier):
201         * runtime/CommonIdentifiers.h:
202         * runtime/FunctionPrototype.cpp:
203         (JSC::FunctionPrototype::addFunctionProperties):
204         * runtime/JSObject.cpp:
205         (JSC::JSObject::putDirectBuiltinFunction):
206         (JSC::JSObject::putDirectBuiltinFunctionWithoutTransition):
207         * runtime/JSObject.h:
208
209 2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>
210
211         Web Inspector: Better name for RemoteInspectorDebuggableConnection dispatch queue
212         https://bugs.webkit.org/show_bug.cgi?id=129443
213
214         Reviewed by Timothy Hatcher.
215
216         This queue is specific to the JSContext debuggable connections,
217         there is no XPC involved. Give it a better name.
218
219         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
220         (Inspector::RemoteInspectorDebuggableConnection::RemoteInspectorDebuggableConnection):
221
222 2014-02-27  David Kilzer  <ddkilzer@apple.com>
223
224         Remove jsc symlink if it already exists
225
226         This is a follow-up fix for:
227
228         Create symlink to /usr/local/bin/jsc during installation
229         <http://webkit.org/b/129399>
230         <rdar://problem/16168734>
231
232         * JavaScriptCore.xcodeproj/project.pbxproj:
233         (Create /usr/local/bin/jsc symlink): If a jsc symlink already
234         exists where we're about to create the symlink, remove the old
235         one first.
236
237 2014-02-27  Michael Saboff  <msaboff@apple.com>
238
239         Unreviewed build fix for Mac tools after r164814
240
241         * Configurations/ToolExecutable.xcconfig:
242         - Added JavaScriptCore.framework/PrivateHeaders to ToolExecutable include path.
243         * JavaScriptCore.xcodeproj/project.pbxproj:
244         - Changed productName to testRegExp for testRegExp target.
245
246 2014-02-27  Joseph Pecoraro  <pecoraro@apple.com>
247
248         Web Inspector: JSContext inspection should report exceptions in the console
249         https://bugs.webkit.org/show_bug.cgi?id=128776
250
251         Reviewed by Timothy Hatcher.
252
253         When JavaScript API functions have an exception, let the inspector
254         know so it can log the JavaScript and Native backtrace that caused
255         the exception.
256
257         Include some clean up of ConsoleMessage and ScriptCallStack construction.
258
259         * API/JSBase.cpp:
260         (JSEvaluateScript):
261         (JSCheckScriptSyntax):
262         * API/JSObjectRef.cpp:
263         (JSObjectMakeFunction):
264         (JSObjectMakeArray):
265         (JSObjectMakeDate):
266         (JSObjectMakeError):
267         (JSObjectMakeRegExp):
268         (JSObjectGetProperty):
269         (JSObjectSetProperty):
270         (JSObjectGetPropertyAtIndex):
271         (JSObjectSetPropertyAtIndex):
272         (JSObjectDeleteProperty):
273         (JSObjectCallAsFunction):
274         (JSObjectCallAsConstructor):
275         * API/JSValue.mm:
276         (reportExceptionToInspector):
277         (valueToArray):
278         (valueToDictionary):
279         * API/JSValueRef.cpp:
280         (JSValueIsEqual):
281         (JSValueIsInstanceOfConstructor):
282         (JSValueCreateJSONString):
283         (JSValueToNumber):
284         (JSValueToStringCopy):
285         (JSValueToObject):
286         When seeing an exception, let the inspector know there was an exception.
287
288         * inspector/JSGlobalObjectInspectorController.h:
289         * inspector/JSGlobalObjectInspectorController.cpp:
290         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
291         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
292         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
293         Log API exceptions by also grabbing the native backtrace.
294
295         * inspector/ScriptCallStack.h:
296         * inspector/ScriptCallStack.cpp:
297         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
298         (Inspector::ScriptCallStack::append):
299         Minor extensions to ScriptCallStack to make it easier to work with.
300
301         * inspector/ConsoleMessage.cpp:
302         (Inspector::ConsoleMessage::ConsoleMessage):
303         (Inspector::ConsoleMessage::autogenerateMetadata):
304         Provide better default information if the first call frame was native.
305
306         * inspector/ScriptCallStackFactory.cpp:
307         (Inspector::createScriptCallStack):
308         (Inspector::extractSourceInformationFromException):
309         (Inspector::createScriptCallStackFromException):
310         Perform the handling here of inserting a fake call frame for exceptions
311         if there was no call stack (e.g. a SyntaxError) or if the first call
312         frame had no information.
313
314         * inspector/ConsoleMessage.cpp:
315         (Inspector::ConsoleMessage::ConsoleMessage):
316         (Inspector::ConsoleMessage::autogenerateMetadata):
317         * inspector/ConsoleMessage.h:
318         * inspector/ScriptCallStackFactory.cpp:
319         (Inspector::createScriptCallStack):
320         (Inspector::createScriptCallStackForConsole):
321         * inspector/ScriptCallStackFactory.h:
322         * inspector/agents/InspectorConsoleAgent.cpp:
323         (Inspector::InspectorConsoleAgent::enable):
324         (Inspector::InspectorConsoleAgent::addMessageToConsole):
325         (Inspector::InspectorConsoleAgent::count):
326         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
327         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
328         ConsoleMessage cleanup.
329
330 2014-02-27  David Kilzer  <ddkilzer@apple.com>
331
332         Create symlink to /usr/local/bin/jsc during installation
333         <http://webkit.org/b/129399>
334         <rdar://problem/16168734>
335
336         Reviewed by Dan Bernstein.
337
338         * JavaScriptCore.xcodeproj/project.pbxproj:
339         - Add "Create /usr/local/bin/jsc symlink" build phase script to
340           create the symlink during installation.
341
342 2014-02-27  Tibor Meszaros  <tmeszaros.u-szeged@partner.samsung.com>
343
344         Math.{max, min}() must not return after first NaN value
345         https://bugs.webkit.org/show_bug.cgi?id=104147
346
347         Reviewed by Oliver Hunt.
348
349         According to the spec, ToNumber going to be called on each argument
350         even if a `NaN` value was already found
351
352         * runtime/MathObject.cpp:
353         (JSC::mathProtoFuncMax):
354         (JSC::mathProtoFuncMin):
355
356 2014-02-27  Gergo Balogh  <gbalogh.u-szeged@partner.samsung.com>
357
358         JSType upper limit (0xff) assertion can be removed.
359         https://bugs.webkit.org/show_bug.cgi?id=129424
360
361         Reviewed by Geoffrey Garen.
362
363         * runtime/JSTypeInfo.h:
364         (JSC::TypeInfo::TypeInfo):
365
366 2014-02-26  Michael Saboff  <msaboff@apple.com>
367
368         Auto generate bytecode information for bytecode parser and LLInt
369         https://bugs.webkit.org/show_bug.cgi?id=129181
370
371         Reviewed by Mark Lam.
372
373         Added new bytecode/BytecodeList.json that contains a list of bytecodes and related
374         helpers.  It also includes bytecode length and other information used to generate files.
375         Added a new generator, generate-bytecode-files that generates Bytecodes.h and InitBytecodes.asm
376         in DerivedSources/JavaScriptCore/.
377
378         Added the generation of these files to the "DerivedSource" build step.
379         Slighty changed the build order, since the Bytecodes.h file is needed by
380         JSCLLIntOffsetsExtractor.  Moved the offline assembly to a separate step since it needs
381         to be run after JSCLLIntOffsetsExtractor.
382
383         Made related changes to OPCODE macros and their use.
384
385         Added JavaScriptCore.framework/PrivateHeaders to header file search path for building
386         jsc to resolve Mac build issue.
387
388         * CMakeLists.txt:
389         * Configurations/JSC.xcconfig:
390         * DerivedSources.make:
391         * GNUmakefile.am:
392         * GNUmakefile.list.am:
393         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
394         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
395         * JavaScriptCore.vcxproj/copy-files.cmd:
396         * JavaScriptCore.xcodeproj/project.pbxproj:
397         * bytecode/Opcode.h:
398         (JSC::padOpcodeName):
399         * llint/LLIntCLoop.cpp:
400         (JSC::LLInt::CLoop::initialize):
401         * llint/LLIntCLoop.h:
402         * llint/LLIntData.cpp:
403         (JSC::LLInt::initialize):
404         * llint/LLIntOpcode.h:
405         * llint/LowLevelInterpreter.asm:
406
407 2014-02-27  Julien Brianceau   <jbriance@cisco.com>
408
409         Fix 32-bit V_JITOperation_EJ callOperation introduced in r162652.
410         https://bugs.webkit.org/show_bug.cgi?id=129420
411
412         Reviewed by Geoffrey Garen.
413
414         * dfg/DFGSpeculativeJIT.h:
415         (JSC::DFG::SpeculativeJIT::callOperation): Payload and tag are swapped.
416         Also, EABI_32BIT_DUMMY_ARG is missing for arm EABI and mips.
417
418 2014-02-27  Filip Pizlo  <fpizlo@apple.com>
419
420         Octane/closure thrashes between flattening dictionaries during global object initialization in a global eval
421         https://bugs.webkit.org/show_bug.cgi?id=129435
422
423         Reviewed by Oliver Hunt.
424         
425         This is a 5-10% speed-up on Octane/closure.
426
427         * interpreter/Interpreter.cpp:
428         (JSC::Interpreter::execute):
429         * jsc.cpp:
430         (GlobalObject::finishCreation):
431         (functionClearCodeCache):
432         * runtime/BatchedTransitionOptimizer.h:
433         (JSC::BatchedTransitionOptimizer::BatchedTransitionOptimizer):
434         (JSC::BatchedTransitionOptimizer::~BatchedTransitionOptimizer):
435
436 2014-02-27  Alexey Proskuryakov  <ap@apple.com>
437
438         Added svn:ignore to two directories, so that .pyc files don't show up as unversioned.
439
440         * inspector/scripts: Added property svn:ignore.
441         * replay/scripts: Added property svn:ignore.
442
443 2014-02-27  Gabor Rapcsanyi  <rgabor@webkit.org>
444
445         r164764 broke the ARM build
446         https://bugs.webkit.org/show_bug.cgi?id=129415
447
448         Reviewed by Zoltan Herczeg.
449
450         * assembler/MacroAssemblerARM.h:
451         (JSC::MacroAssemblerARM::moveWithPatch): Change reinterpret_cast to static_cast.
452         (JSC::MacroAssemblerARM::canJumpReplacePatchableBranch32WithPatch): Add missing function.
453         (JSC::MacroAssemblerARM::startOfPatchableBranch32WithPatchOnAddress): Add missing function.
454         (JSC::MacroAssemblerARM::revertJumpReplacementToPatchableBranch32WithPatch): Add missing function.
455
456 2014-02-27  Mark Hahnenberg  <mhahnenberg@apple.com>
457
458         r164764 broke the ARM build
459         https://bugs.webkit.org/show_bug.cgi?id=129415
460
461         Reviewed by Geoffrey Garen.
462
463         * assembler/MacroAssemblerARM.h:
464         (JSC::MacroAssemblerARM::moveWithPatch):
465
466 2014-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
467
468         r164764 broke the ARM build
469         https://bugs.webkit.org/show_bug.cgi?id=129415
470
471         Reviewed by Geoffrey Garen.
472
473         * assembler/MacroAssemblerARM.h:
474         (JSC::MacroAssemblerARM::branch32WithPatch): Missing this function.
475
476 2014-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
477
478         EFL build fix
479
480         * dfg/DFGSpeculativeJIT32_64.cpp: Remove unused variables.
481         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
482         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
483
484 2014-02-25  Mark Hahnenberg  <mhahnenberg@apple.com>
485
486         Make JSCells have 32-bit Structure pointers
487         https://bugs.webkit.org/show_bug.cgi?id=123195
488
489         Reviewed by Filip Pizlo.
490
491         This patch changes JSCells such that they no longer have a full 64-bit Structure
492         pointer in their header. Instead they now have a 32-bit index into
493         a per-VM table of Structure pointers. 32-bit platforms still use normal Structure
494         pointers.
495
496         This change frees up an additional 32 bits of information in our object headers.
497         We then use this extra space to store the indexing type of the object, the JSType
498         of the object, some various type flags, and garbage collection data (e.g. mark bit).
499         Because this inline type information is now faster to read, it pays for the slowdown 
500         incurred by having to perform an extra indirection through the StructureIDTable.
501
502         This patch also threads a reference to the current VM through more of the C++ runtime
503         to offset the cost of having to look up the VM to get the actual Structure pointer.
504
505         * API/JSContext.mm:
506         (-[JSContext setException:]):
507         (-[JSContext wrapperForObjCObject:]):
508         (-[JSContext wrapperForJSObject:]):
509         * API/JSContextRef.cpp:
510         (JSContextGroupRelease):
511         (JSGlobalContextRelease):
512         * API/JSObjectRef.cpp:
513         (JSObjectIsFunction):
514         (JSObjectCopyPropertyNames):
515         * API/JSValue.mm:
516         (containerValueToObject):
517         * API/JSWrapperMap.mm:
518         (tryUnwrapObjcObject):
519         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
520         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
521         * JavaScriptCore.xcodeproj/project.pbxproj:
522         * assembler/AbstractMacroAssembler.h:
523         * assembler/MacroAssembler.h:
524         (JSC::MacroAssembler::patchableBranch32WithPatch):
525         (JSC::MacroAssembler::patchableBranch32):
526         * assembler/MacroAssemblerARM64.h:
527         (JSC::MacroAssemblerARM64::branchPtrWithPatch):
528         (JSC::MacroAssemblerARM64::patchableBranch32WithPatch):
529         (JSC::MacroAssemblerARM64::canJumpReplacePatchableBranch32WithPatch):
530         (JSC::MacroAssemblerARM64::startOfPatchableBranch32WithPatchOnAddress):
531         (JSC::MacroAssemblerARM64::revertJumpReplacementToPatchableBranch32WithPatch):
532         * assembler/MacroAssemblerARMv7.h:
533         (JSC::MacroAssemblerARMv7::store8):
534         (JSC::MacroAssemblerARMv7::branch32WithPatch):
535         (JSC::MacroAssemblerARMv7::patchableBranch32WithPatch):
536         (JSC::MacroAssemblerARMv7::canJumpReplacePatchableBranch32WithPatch):
537         (JSC::MacroAssemblerARMv7::startOfPatchableBranch32WithPatchOnAddress):
538         (JSC::MacroAssemblerARMv7::revertJumpReplacementToPatchableBranch32WithPatch):
539         * assembler/MacroAssemblerX86.h:
540         (JSC::MacroAssemblerX86::branch32WithPatch):
541         (JSC::MacroAssemblerX86::canJumpReplacePatchableBranch32WithPatch):
542         (JSC::MacroAssemblerX86::startOfPatchableBranch32WithPatchOnAddress):
543         (JSC::MacroAssemblerX86::revertJumpReplacementToPatchableBranch32WithPatch):
544         * assembler/MacroAssemblerX86_64.h:
545         (JSC::MacroAssemblerX86_64::store32):
546         (JSC::MacroAssemblerX86_64::moveWithPatch):
547         (JSC::MacroAssemblerX86_64::branch32WithPatch):
548         (JSC::MacroAssemblerX86_64::canJumpReplacePatchableBranch32WithPatch):
549         (JSC::MacroAssemblerX86_64::startOfBranch32WithPatchOnRegister):
550         (JSC::MacroAssemblerX86_64::startOfPatchableBranch32WithPatchOnAddress):
551         (JSC::MacroAssemblerX86_64::revertJumpReplacementToPatchableBranch32WithPatch):
552         * assembler/RepatchBuffer.h:
553         (JSC::RepatchBuffer::startOfPatchableBranch32WithPatchOnAddress):
554         (JSC::RepatchBuffer::revertJumpReplacementToPatchableBranch32WithPatch):
555         * assembler/X86Assembler.h:
556         (JSC::X86Assembler::revertJumpTo_movq_i64r):
557         (JSC::X86Assembler::revertJumpTo_movl_i32r):
558         * bytecode/ArrayProfile.cpp:
559         (JSC::ArrayProfile::computeUpdatedPrediction):
560         * bytecode/ArrayProfile.h:
561         (JSC::ArrayProfile::ArrayProfile):
562         (JSC::ArrayProfile::addressOfLastSeenStructureID):
563         (JSC::ArrayProfile::observeStructure):
564         * bytecode/CodeBlock.h:
565         (JSC::CodeBlock::heap):
566         * bytecode/UnlinkedCodeBlock.h:
567         * debugger/Debugger.h:
568         * dfg/DFGAbstractHeap.h:
569         * dfg/DFGArrayifySlowPathGenerator.h:
570         * dfg/DFGClobberize.h:
571         (JSC::DFG::clobberize):
572         * dfg/DFGJITCompiler.h:
573         (JSC::DFG::JITCompiler::branchWeakStructure):
574         (JSC::DFG::JITCompiler::branchStructurePtr):
575         * dfg/DFGOSRExitCompiler32_64.cpp:
576         (JSC::DFG::OSRExitCompiler::compileExit):
577         * dfg/DFGOSRExitCompiler64.cpp:
578         (JSC::DFG::OSRExitCompiler::compileExit):
579         * dfg/DFGOSRExitCompilerCommon.cpp:
580         (JSC::DFG::osrWriteBarrier):
581         (JSC::DFG::adjustAndJumpToTarget):
582         * dfg/DFGOperations.cpp:
583         (JSC::DFG::putByVal):
584         * dfg/DFGSpeculativeJIT.cpp:
585         (JSC::DFG::SpeculativeJIT::checkArray):
586         (JSC::DFG::SpeculativeJIT::arrayify):
587         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
588         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
589         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
590         (JSC::DFG::SpeculativeJIT::compileToStringOnCell):
591         (JSC::DFG::SpeculativeJIT::speculateObject):
592         (JSC::DFG::SpeculativeJIT::speculateFinalObject):
593         (JSC::DFG::SpeculativeJIT::speculateObjectOrOther):
594         (JSC::DFG::SpeculativeJIT::speculateString):
595         (JSC::DFG::SpeculativeJIT::speculateStringObject):
596         (JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
597         (JSC::DFG::SpeculativeJIT::emitSwitchChar):
598         (JSC::DFG::SpeculativeJIT::emitSwitchString):
599         (JSC::DFG::SpeculativeJIT::genericWriteBarrier):
600         (JSC::DFG::SpeculativeJIT::writeBarrier):
601         * dfg/DFGSpeculativeJIT.h:
602         (JSC::DFG::SpeculativeJIT::emitAllocateJSCell):
603         (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
604         * dfg/DFGSpeculativeJIT32_64.cpp:
605         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
606         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
607         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
608         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
609         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
610         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
611         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
612         (JSC::DFG::SpeculativeJIT::compile):
613         (JSC::DFG::SpeculativeJIT::writeBarrier):
614         * dfg/DFGSpeculativeJIT64.cpp:
615         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
616         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
617         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
618         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
619         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
620         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
621         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
622         (JSC::DFG::SpeculativeJIT::compile):
623         (JSC::DFG::SpeculativeJIT::writeBarrier):
624         * dfg/DFGWorklist.cpp:
625         * ftl/FTLAbstractHeapRepository.cpp:
626         (JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
627         * ftl/FTLAbstractHeapRepository.h:
628         * ftl/FTLLowerDFGToLLVM.cpp:
629         (JSC::FTL::LowerDFGToLLVM::compileCheckStructure):
630         (JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
631         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
632         (JSC::FTL::LowerDFGToLLVM::compileToString):
633         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
634         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
635         (JSC::FTL::LowerDFGToLLVM::speculateTruthyObject):
636         (JSC::FTL::LowerDFGToLLVM::allocateCell):
637         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
638         (JSC::FTL::LowerDFGToLLVM::isObject):
639         (JSC::FTL::LowerDFGToLLVM::isString):
640         (JSC::FTL::LowerDFGToLLVM::isArrayType):
641         (JSC::FTL::LowerDFGToLLVM::hasClassInfo):
642         (JSC::FTL::LowerDFGToLLVM::isType):
643         (JSC::FTL::LowerDFGToLLVM::speculateStringOrStringObject):
644         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForCell):
645         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructureID):
646         (JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
647         (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
648         (JSC::FTL::LowerDFGToLLVM::loadStructure):
649         (JSC::FTL::LowerDFGToLLVM::weakStructure):
650         * ftl/FTLOSRExitCompiler.cpp:
651         (JSC::FTL::compileStub):
652         * ftl/FTLOutput.h:
653         (JSC::FTL::Output::store8):
654         * heap/GCAssertions.h:
655         * heap/Heap.cpp:
656         (JSC::Heap::getConservativeRegisterRoots):
657         (JSC::Heap::collect):
658         (JSC::Heap::writeBarrier):
659         * heap/Heap.h:
660         (JSC::Heap::structureIDTable):
661         * heap/MarkedSpace.h:
662         (JSC::MarkedSpace::forEachBlock):
663         * heap/SlotVisitorInlines.h:
664         (JSC::SlotVisitor::internalAppend):
665         * jit/AssemblyHelpers.h:
666         (JSC::AssemblyHelpers::branchIfCellNotObject):
667         (JSC::AssemblyHelpers::genericWriteBarrier):
668         (JSC::AssemblyHelpers::emitLoadStructure):
669         (JSC::AssemblyHelpers::emitStoreStructureWithTypeInfo):
670         * jit/JIT.h:
671         * jit/JITCall.cpp:
672         (JSC::JIT::compileOpCall):
673         (JSC::JIT::privateCompileClosureCall):
674         * jit/JITCall32_64.cpp:
675         (JSC::JIT::emit_op_ret_object_or_this):
676         (JSC::JIT::compileOpCall):
677         (JSC::JIT::privateCompileClosureCall):
678         * jit/JITInlineCacheGenerator.cpp:
679         (JSC::JITByIdGenerator::generateFastPathChecks):
680         * jit/JITInlineCacheGenerator.h:
681         * jit/JITInlines.h:
682         (JSC::JIT::emitLoadCharacterString):
683         (JSC::JIT::checkStructure):
684         (JSC::JIT::emitJumpIfCellNotObject):
685         (JSC::JIT::emitAllocateJSObject):
686         (JSC::JIT::emitArrayProfilingSiteWithCell):
687         (JSC::JIT::emitArrayProfilingSiteForBytecodeIndexWithCell):
688         (JSC::JIT::branchStructure):
689         (JSC::branchStructure):
690         * jit/JITOpcodes.cpp:
691         (JSC::JIT::emit_op_check_has_instance):
692         (JSC::JIT::emit_op_instanceof):
693         (JSC::JIT::emit_op_is_undefined):
694         (JSC::JIT::emit_op_is_string):
695         (JSC::JIT::emit_op_ret_object_or_this):
696         (JSC::JIT::emit_op_to_primitive):
697         (JSC::JIT::emit_op_jeq_null):
698         (JSC::JIT::emit_op_jneq_null):
699         (JSC::JIT::emit_op_get_pnames):
700         (JSC::JIT::emit_op_next_pname):
701         (JSC::JIT::emit_op_eq_null):
702         (JSC::JIT::emit_op_neq_null):
703         (JSC::JIT::emit_op_to_this):
704         (JSC::JIT::emitSlow_op_to_this):
705         * jit/JITOpcodes32_64.cpp:
706         (JSC::JIT::emit_op_check_has_instance):
707         (JSC::JIT::emit_op_instanceof):
708         (JSC::JIT::emit_op_is_undefined):
709         (JSC::JIT::emit_op_is_string):
710         (JSC::JIT::emit_op_to_primitive):
711         (JSC::JIT::emit_op_jeq_null):
712         (JSC::JIT::emit_op_jneq_null):
713         (JSC::JIT::emitSlow_op_eq):
714         (JSC::JIT::emitSlow_op_neq):
715         (JSC::JIT::compileOpStrictEq):
716         (JSC::JIT::emit_op_eq_null):
717         (JSC::JIT::emit_op_neq_null):
718         (JSC::JIT::emit_op_get_pnames):
719         (JSC::JIT::emit_op_next_pname):
720         (JSC::JIT::emit_op_to_this):
721         * jit/JITOperations.cpp:
722         * jit/JITPropertyAccess.cpp:
723         (JSC::JIT::stringGetByValStubGenerator):
724         (JSC::JIT::emit_op_get_by_val):
725         (JSC::JIT::emitSlow_op_get_by_val):
726         (JSC::JIT::emit_op_get_by_pname):
727         (JSC::JIT::emit_op_put_by_val):
728         (JSC::JIT::emit_op_get_by_id):
729         (JSC::JIT::emitLoadWithStructureCheck):
730         (JSC::JIT::emitSlow_op_get_from_scope):
731         (JSC::JIT::emitSlow_op_put_to_scope):
732         (JSC::JIT::checkMarkWord):
733         (JSC::JIT::emitWriteBarrier):
734         (JSC::JIT::addStructureTransitionCheck):
735         (JSC::JIT::emitIntTypedArrayGetByVal):
736         (JSC::JIT::emitFloatTypedArrayGetByVal):
737         (JSC::JIT::emitIntTypedArrayPutByVal):
738         (JSC::JIT::emitFloatTypedArrayPutByVal):
739         * jit/JITPropertyAccess32_64.cpp:
740         (JSC::JIT::stringGetByValStubGenerator):
741         (JSC::JIT::emit_op_get_by_val):
742         (JSC::JIT::emitSlow_op_get_by_val):
743         (JSC::JIT::emit_op_put_by_val):
744         (JSC::JIT::emit_op_get_by_id):
745         (JSC::JIT::emit_op_get_by_pname):
746         (JSC::JIT::emitLoadWithStructureCheck):
747         * jit/JSInterfaceJIT.h:
748         (JSC::JSInterfaceJIT::emitJumpIfNotType):
749         * jit/Repatch.cpp:
750         (JSC::repatchByIdSelfAccess):
751         (JSC::addStructureTransitionCheck):
752         (JSC::replaceWithJump):
753         (JSC::generateProtoChainAccessStub):
754         (JSC::tryCacheGetByID):
755         (JSC::tryBuildGetByIDList):
756         (JSC::writeBarrier):
757         (JSC::emitPutReplaceStub):
758         (JSC::emitPutTransitionStub):
759         (JSC::tryBuildPutByIdList):
760         (JSC::tryRepatchIn):
761         (JSC::linkClosureCall):
762         (JSC::resetGetByID):
763         (JSC::resetPutByID):
764         * jit/SpecializedThunkJIT.h:
765         (JSC::SpecializedThunkJIT::loadJSStringArgument):
766         (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
767         * jit/ThunkGenerators.cpp:
768         (JSC::virtualForThunkGenerator):
769         (JSC::arrayIteratorNextThunkGenerator):
770         * jit/UnusedPointer.h:
771         * llint/LowLevelInterpreter.asm:
772         * llint/LowLevelInterpreter32_64.asm:
773         * llint/LowLevelInterpreter64.asm:
774         * runtime/Arguments.cpp:
775         (JSC::Arguments::createStrictModeCallerIfNecessary):
776         (JSC::Arguments::createStrictModeCalleeIfNecessary):
777         * runtime/Arguments.h:
778         (JSC::Arguments::createStructure):
779         * runtime/ArrayPrototype.cpp:
780         (JSC::shift):
781         (JSC::unshift):
782         (JSC::arrayProtoFuncToString):
783         (JSC::arrayProtoFuncPop):
784         (JSC::arrayProtoFuncReverse):
785         (JSC::performSlowSort):
786         (JSC::arrayProtoFuncSort):
787         (JSC::arrayProtoFuncSplice):
788         (JSC::arrayProtoFuncUnShift):
789         * runtime/CommonSlowPaths.cpp:
790         (JSC::SLOW_PATH_DECL):
791         * runtime/Executable.h:
792         (JSC::ExecutableBase::isFunctionExecutable):
793         (JSC::ExecutableBase::clearCodeVirtual):
794         (JSC::ScriptExecutable::unlinkCalls):
795         * runtime/GetterSetter.cpp:
796         (JSC::callGetter):
797         (JSC::callSetter):
798         * runtime/InitializeThreading.cpp:
799         * runtime/JSArray.cpp:
800         (JSC::JSArray::unshiftCountSlowCase):
801         (JSC::JSArray::setLength):
802         (JSC::JSArray::pop):
803         (JSC::JSArray::push):
804         (JSC::JSArray::shiftCountWithArrayStorage):
805         (JSC::JSArray::shiftCountWithAnyIndexingType):
806         (JSC::JSArray::unshiftCountWithArrayStorage):
807         (JSC::JSArray::unshiftCountWithAnyIndexingType):
808         (JSC::JSArray::sortNumericVector):
809         (JSC::JSArray::sortNumeric):
810         (JSC::JSArray::sortCompactedVector):
811         (JSC::JSArray::sort):
812         (JSC::JSArray::sortVector):
813         (JSC::JSArray::fillArgList):
814         (JSC::JSArray::copyToArguments):
815         (JSC::JSArray::compactForSorting):
816         * runtime/JSCJSValueInlines.h:
817         (JSC::JSValue::toThis):
818         (JSC::JSValue::put):
819         (JSC::JSValue::putByIndex):
820         (JSC::JSValue::equalSlowCaseInline):
821         * runtime/JSCell.cpp:
822         (JSC::JSCell::put):
823         (JSC::JSCell::putByIndex):
824         (JSC::JSCell::deleteProperty):
825         (JSC::JSCell::deletePropertyByIndex):
826         * runtime/JSCell.h:
827         (JSC::JSCell::clearStructure):
828         (JSC::JSCell::mark):
829         (JSC::JSCell::isMarked):
830         (JSC::JSCell::structureIDOffset):
831         (JSC::JSCell::typeInfoFlagsOffset):
832         (JSC::JSCell::typeInfoTypeOffset):
833         (JSC::JSCell::indexingTypeOffset):
834         (JSC::JSCell::gcDataOffset):
835         * runtime/JSCellInlines.h:
836         (JSC::JSCell::JSCell):
837         (JSC::JSCell::finishCreation):
838         (JSC::JSCell::type):
839         (JSC::JSCell::indexingType):
840         (JSC::JSCell::structure):
841         (JSC::JSCell::visitChildren):
842         (JSC::JSCell::isObject):
843         (JSC::JSCell::isString):
844         (JSC::JSCell::isGetterSetter):
845         (JSC::JSCell::isProxy):
846         (JSC::JSCell::isAPIValueWrapper):
847         (JSC::JSCell::setStructure):
848         (JSC::JSCell::methodTable):
849         (JSC::Heap::writeBarrier):
850         * runtime/JSDataView.cpp:
851         (JSC::JSDataView::createStructure):
852         * runtime/JSDestructibleObject.h:
853         (JSC::JSCell::classInfo):
854         * runtime/JSFunction.cpp:
855         (JSC::JSFunction::getOwnNonIndexPropertyNames):
856         (JSC::JSFunction::put):
857         (JSC::JSFunction::defineOwnProperty):
858         * runtime/JSGenericTypedArrayView.h:
859         (JSC::JSGenericTypedArrayView::createStructure):
860         * runtime/JSObject.cpp:
861         (JSC::getCallableObjectSlow):
862         (JSC::JSObject::copyButterfly):
863         (JSC::JSObject::visitButterfly):
864         (JSC::JSFinalObject::visitChildren):
865         (JSC::JSObject::getOwnPropertySlotByIndex):
866         (JSC::JSObject::put):
867         (JSC::JSObject::putByIndex):
868         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
869         (JSC::JSObject::enterDictionaryIndexingMode):
870         (JSC::JSObject::notifyPresenceOfIndexedAccessors):
871         (JSC::JSObject::createInitialIndexedStorage):
872         (JSC::JSObject::createInitialUndecided):
873         (JSC::JSObject::createInitialInt32):
874         (JSC::JSObject::createInitialDouble):
875         (JSC::JSObject::createInitialContiguous):
876         (JSC::JSObject::createArrayStorage):
877         (JSC::JSObject::convertUndecidedToInt32):
878         (JSC::JSObject::convertUndecidedToDouble):
879         (JSC::JSObject::convertUndecidedToContiguous):
880         (JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
881         (JSC::JSObject::convertUndecidedToArrayStorage):
882         (JSC::JSObject::convertInt32ToDouble):
883         (JSC::JSObject::convertInt32ToContiguous):
884         (JSC::JSObject::convertInt32ToArrayStorage):
885         (JSC::JSObject::genericConvertDoubleToContiguous):
886         (JSC::JSObject::convertDoubleToArrayStorage):
887         (JSC::JSObject::convertContiguousToArrayStorage):
888         (JSC::JSObject::ensureInt32Slow):
889         (JSC::JSObject::ensureDoubleSlow):
890         (JSC::JSObject::ensureContiguousSlow):
891         (JSC::JSObject::ensureArrayStorageSlow):
892         (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
893         (JSC::JSObject::switchToSlowPutArrayStorage):
894         (JSC::JSObject::setPrototype):
895         (JSC::JSObject::setPrototypeWithCycleCheck):
896         (JSC::JSObject::putDirectNonIndexAccessor):
897         (JSC::JSObject::deleteProperty):
898         (JSC::JSObject::hasOwnProperty):
899         (JSC::JSObject::deletePropertyByIndex):
900         (JSC::JSObject::getPrimitiveNumber):
901         (JSC::JSObject::hasInstance):
902         (JSC::JSObject::getPropertySpecificValue):
903         (JSC::JSObject::getPropertyNames):
904         (JSC::JSObject::getOwnPropertyNames):
905         (JSC::JSObject::getOwnNonIndexPropertyNames):
906         (JSC::JSObject::seal):
907         (JSC::JSObject::freeze):
908         (JSC::JSObject::preventExtensions):
909         (JSC::JSObject::reifyStaticFunctionsForDelete):
910         (JSC::JSObject::removeDirect):
911         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
912         (JSC::JSObject::putByIndexBeyondVectorLength):
913         (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
914         (JSC::JSObject::putDirectIndexBeyondVectorLength):
915         (JSC::JSObject::getNewVectorLength):
916         (JSC::JSObject::countElements):
917         (JSC::JSObject::increaseVectorLength):
918         (JSC::JSObject::ensureLengthSlow):
919         (JSC::JSObject::growOutOfLineStorage):
920         (JSC::JSObject::getOwnPropertyDescriptor):
921         (JSC::putDescriptor):
922         (JSC::JSObject::defineOwnNonIndexProperty):
923         * runtime/JSObject.h:
924         (JSC::getJSFunction):
925         (JSC::JSObject::getArrayLength):
926         (JSC::JSObject::getVectorLength):
927         (JSC::JSObject::putByIndexInline):
928         (JSC::JSObject::canGetIndexQuickly):
929         (JSC::JSObject::getIndexQuickly):
930         (JSC::JSObject::tryGetIndexQuickly):
931         (JSC::JSObject::getDirectIndex):
932         (JSC::JSObject::canSetIndexQuickly):
933         (JSC::JSObject::canSetIndexQuicklyForPutDirect):
934         (JSC::JSObject::setIndexQuickly):
935         (JSC::JSObject::initializeIndex):
936         (JSC::JSObject::hasSparseMap):
937         (JSC::JSObject::inSparseIndexingMode):
938         (JSC::JSObject::getDirect):
939         (JSC::JSObject::getDirectOffset):
940         (JSC::JSObject::isSealed):
941         (JSC::JSObject::isFrozen):
942         (JSC::JSObject::flattenDictionaryObject):
943         (JSC::JSObject::ensureInt32):
944         (JSC::JSObject::ensureDouble):
945         (JSC::JSObject::ensureContiguous):
946         (JSC::JSObject::rageEnsureContiguous):
947         (JSC::JSObject::ensureArrayStorage):
948         (JSC::JSObject::arrayStorage):
949         (JSC::JSObject::arrayStorageOrNull):
950         (JSC::JSObject::ensureLength):
951         (JSC::JSObject::currentIndexingData):
952         (JSC::JSObject::getHolyIndexQuickly):
953         (JSC::JSObject::currentRelevantLength):
954         (JSC::JSObject::isGlobalObject):
955         (JSC::JSObject::isVariableObject):
956         (JSC::JSObject::isStaticScopeObject):
957         (JSC::JSObject::isNameScopeObject):
958         (JSC::JSObject::isActivationObject):
959         (JSC::JSObject::isErrorInstance):
960         (JSC::JSObject::inlineGetOwnPropertySlot):
961         (JSC::JSObject::fastGetOwnPropertySlot):
962         (JSC::JSObject::getPropertySlot):
963         (JSC::JSObject::putDirectInternal):
964         (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
965         * runtime/JSPropertyNameIterator.h:
966         (JSC::JSPropertyNameIterator::createStructure):
967         * runtime/JSProxy.cpp:
968         (JSC::JSProxy::getOwnPropertySlot):
969         (JSC::JSProxy::getOwnPropertySlotByIndex):
970         (JSC::JSProxy::put):
971         (JSC::JSProxy::putByIndex):
972         (JSC::JSProxy::defineOwnProperty):
973         (JSC::JSProxy::deleteProperty):
974         (JSC::JSProxy::deletePropertyByIndex):
975         (JSC::JSProxy::getPropertyNames):
976         (JSC::JSProxy::getOwnPropertyNames):
977         * runtime/JSScope.cpp:
978         (JSC::JSScope::objectAtScope):
979         * runtime/JSString.h:
980         (JSC::JSString::createStructure):
981         (JSC::isJSString):
982         * runtime/JSType.h:
983         * runtime/JSTypeInfo.h:
984         (JSC::TypeInfo::TypeInfo):
985         (JSC::TypeInfo::isObject):
986         (JSC::TypeInfo::structureIsImmortal):
987         (JSC::TypeInfo::zeroedGCDataOffset):
988         (JSC::TypeInfo::inlineTypeFlags):
989         * runtime/MapData.h:
990         * runtime/ObjectConstructor.cpp:
991         (JSC::objectConstructorGetOwnPropertyNames):
992         (JSC::objectConstructorKeys):
993         (JSC::objectConstructorDefineProperty):
994         (JSC::defineProperties):
995         (JSC::objectConstructorSeal):
996         (JSC::objectConstructorFreeze):
997         (JSC::objectConstructorIsSealed):
998         (JSC::objectConstructorIsFrozen):
999         * runtime/ObjectPrototype.cpp:
1000         (JSC::objectProtoFuncDefineGetter):
1001         (JSC::objectProtoFuncDefineSetter):
1002         (JSC::objectProtoFuncToString):
1003         * runtime/Operations.cpp:
1004         (JSC::jsTypeStringForValue):
1005         (JSC::jsIsObjectType):
1006         * runtime/Operations.h:
1007         (JSC::normalizePrototypeChainForChainAccess):
1008         (JSC::normalizePrototypeChain):
1009         * runtime/PropertyMapHashTable.h:
1010         (JSC::PropertyTable::createStructure):
1011         * runtime/RegExp.h:
1012         (JSC::RegExp::createStructure):
1013         * runtime/SparseArrayValueMap.h:
1014         * runtime/Structure.cpp:
1015         (JSC::Structure::Structure):
1016         (JSC::Structure::~Structure):
1017         (JSC::Structure::prototypeChainMayInterceptStoreTo):
1018         * runtime/Structure.h:
1019         (JSC::Structure::id):
1020         (JSC::Structure::idBlob):
1021         (JSC::Structure::objectInitializationFields):
1022         (JSC::Structure::structureIDOffset):
1023         * runtime/StructureChain.h:
1024         (JSC::StructureChain::createStructure):
1025         * runtime/StructureIDTable.cpp: Added.
1026         (JSC::StructureIDTable::StructureIDTable):
1027         (JSC::StructureIDTable::~StructureIDTable):
1028         (JSC::StructureIDTable::resize):
1029         (JSC::StructureIDTable::flushOldTables):
1030         (JSC::StructureIDTable::allocateID):
1031         (JSC::StructureIDTable::deallocateID):
1032         * runtime/StructureIDTable.h: Added.
1033         (JSC::StructureIDTable::base):
1034         (JSC::StructureIDTable::get):
1035         * runtime/SymbolTable.h:
1036         * runtime/TypedArrayType.cpp:
1037         (JSC::typeForTypedArrayType):
1038         * runtime/TypedArrayType.h:
1039         * runtime/WeakMapData.h:
1040
1041 2014-02-26  Mark Hahnenberg  <mhahnenberg@apple.com>
1042
1043         Unconditional logging in compileFTLOSRExit
1044         https://bugs.webkit.org/show_bug.cgi?id=129407
1045
1046         Reviewed by Michael Saboff.
1047
1048         This was causing tests to fail with the FTL enabled.
1049
1050         * ftl/FTLOSRExitCompiler.cpp:
1051         (JSC::FTL::compileFTLOSRExit):
1052
1053 2014-02-26  Oliver Hunt  <oliver@apple.com>
1054
1055         Remove unused access types
1056         https://bugs.webkit.org/show_bug.cgi?id=129385
1057
1058         Reviewed by Filip Pizlo.
1059
1060         Remove unused cruft.
1061
1062         * bytecode/CodeBlock.cpp:
1063         (JSC::CodeBlock::printGetByIdCacheStatus):
1064         * bytecode/StructureStubInfo.cpp:
1065         (JSC::StructureStubInfo::deref):
1066         * bytecode/StructureStubInfo.h:
1067         (JSC::isGetByIdAccess):
1068         (JSC::isPutByIdAccess):
1069
1070 2014-02-26  Oliver Hunt  <oliver@apple.com>
1071
1072         Function.prototype.apply has a bad time with the spread operator
1073         https://bugs.webkit.org/show_bug.cgi?id=129381
1074
1075         Reviewed by Mark Hahnenberg.
1076
1077         Make sure our apply logic handle the spread operator correctly.
1078         To do this we simply emit the enumeration logic that we'd normally
1079         use for other enumerations, but only store the first two results
1080         to registers.  Then perform a varargs call.
1081
1082         * bytecompiler/NodesCodegen.cpp:
1083         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1084
1085 2014-02-26  Mark Lam  <mark.lam@apple.com>
1086
1087         Compilation policy management belongs in operationOptimize(), not the DFG Driver.
1088         <https://webkit.org/b/129355>
1089
1090         Reviewed by Filip Pizlo.
1091
1092         By compilation policy, I mean the rules for determining whether to
1093         compile, when to compile, when to attempt compilation again, etc.  The
1094         few of these policy decisions that were previously being made in the
1095         DFG driver are now moved to operationOptimize() where we keep the rest
1096         of the policy logic.  Decisions that are based on the capabilities
1097         supported by the DFG are moved to DFG capabiliityLevel().
1098
1099         I've run the following benchmarks:
1100         1. the collection of jsc benchmarks on the jsc executable vs. its
1101            baseline.
1102         2. Octane 2.0 in browser without the WebInspector.
1103         3. Octane 2.0 in browser with the WebInspector open and a breakpoint
1104            set somewhere where it won't break.
1105
1106         In all of these, the results came out to be a wash as expected.
1107
1108         * dfg/DFGCapabilities.cpp:
1109         (JSC::DFG::isSupported):
1110         (JSC::DFG::mightCompileEval):
1111         (JSC::DFG::mightCompileProgram):
1112         (JSC::DFG::mightCompileFunctionForCall):
1113         (JSC::DFG::mightCompileFunctionForConstruct):
1114         (JSC::DFG::mightInlineFunctionForCall):
1115         (JSC::DFG::mightInlineFunctionForClosureCall):
1116         (JSC::DFG::mightInlineFunctionForConstruct):
1117         * dfg/DFGCapabilities.h:
1118         * dfg/DFGDriver.cpp:
1119         (JSC::DFG::compileImpl):
1120         * jit/JITOperations.cpp:
1121
1122 2014-02-26  Mark Lam  <mark.lam@apple.com>
1123
1124         ASSERTION FAILED: m_heap->vm()->currentThreadIsHoldingAPILock() in inspector-protocol/*.
1125         <https://webkit.org/b/129364>
1126
1127         Reviewed by Alexey Proskuryakov.
1128
1129         InjectedScriptModule::ensureInjected() needs an APIEntryShim.
1130
1131         * inspector/InjectedScriptModule.cpp:
1132         (Inspector::InjectedScriptModule::ensureInjected):
1133         - Added the needed but missing APIEntryShim. 
1134
1135 2014-02-25  Mark Lam  <mark.lam@apple.com>
1136
1137         Web Inspector: CRASH when evaluating in console of JSContext RWI with disabled breakpoints.
1138         <https://webkit.org/b/128766>
1139
1140         Reviewed by Geoffrey Garen.
1141
1142         Make the JSLock::grabAllLocks() work the same way as for the C loop LLINT.
1143         The reasoning is that we don't know of any clients that need unordered
1144         re-entry into the VM from different threads. So, we're enforcing ordered
1145         re-entry i.e. we must re-grab locks in the reverse order of dropping locks.
1146
1147         The crash in this bug happened because we were allowing unordered re-entry,
1148         and the following type of scenario occurred:
1149
1150         1. Thread T1 locks the VM, and enters the VM to execute some JS code.
1151         2. On entry, T1 detects that VM::m_entryScope is null i.e. this is the
1152            first time it entered the VM.
1153            T1 sets VM::m_entryScope to T1's entryScope.
1154         3. T1 drops all locks.
1155
1156         4. Thread T2 locks the VM, and enters the VM to execute some JS code.
1157            On entry, T2 sees that VM::m_entryScope is NOT null, and therefore
1158            does not set the entryScope.
1159         5. T2 drops all locks.
1160
1161         6. T1 re-grabs locks.
1162         7. T1 returns all the way out of JS code. On exit from the outer most
1163            JS function, T1 clears VM::m_entryScope (because T1 was the one who
1164            set it).
1165         8. T1 unlocks the VM.
1166
1167         9. T2 re-grabs locks.
1168         10. T2 proceeds to execute some code and expects VM::m_entryScope to be
1169             NOT null, but it turns out to be null. Assertion failures and
1170             crashes ensue.
1171
1172         With ordered re-entry, at step 6, T1 will loop and yield until T2 exits
1173         the VM. Hence, the issue will no longer manifest.
1174
1175         * runtime/JSLock.cpp:
1176         (JSC::JSLock::dropAllLocks):
1177         (JSC::JSLock::grabAllLocks):
1178         * runtime/JSLock.h:
1179         (JSC::JSLock::DropAllLocks::dropDepth):
1180
1181 2014-02-25  Mark Lam  <mark.lam@apple.com>
1182
1183         Need to initialize VM stack data even when the VM is on an exclusive thread.
1184         <https://webkit.org/b/129265>
1185
1186         Not reviewed.
1187
1188         Relanding r164627 now that <https://webkit.org/b/129341> is fixed.
1189
1190         * API/APIShims.h:
1191         (JSC::APIEntryShim::APIEntryShim):
1192         (JSC::APICallbackShim::shouldDropAllLocks):
1193         * heap/MachineStackMarker.cpp:
1194         (JSC::MachineThreads::addCurrentThread):
1195         * runtime/JSLock.cpp:
1196         (JSC::JSLockHolder::JSLockHolder):
1197         (JSC::JSLockHolder::init):
1198         (JSC::JSLockHolder::~JSLockHolder):
1199         (JSC::JSLock::JSLock):
1200         (JSC::JSLock::setExclusiveThread):
1201         (JSC::JSLock::lock):
1202         (JSC::JSLock::unlock):
1203         (JSC::JSLock::currentThreadIsHoldingLock):
1204         (JSC::JSLock::dropAllLocks):
1205         (JSC::JSLock::grabAllLocks):
1206         * runtime/JSLock.h:
1207         (JSC::JSLock::hasExclusiveThread):
1208         (JSC::JSLock::exclusiveThread):
1209         * runtime/VM.cpp:
1210         (JSC::VM::VM):
1211         * runtime/VM.h:
1212         (JSC::VM::hasExclusiveThread):
1213         (JSC::VM::exclusiveThread):
1214         (JSC::VM::setExclusiveThread):
1215         (JSC::VM::currentThreadIsHoldingAPILock):
1216
1217 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
1218
1219         Inline caching in the FTL on ARM64 should "work"
1220         https://bugs.webkit.org/show_bug.cgi?id=129334
1221
1222         Reviewed by Mark Hahnenberg.
1223         
1224         Gets us to the point where simple tests that use inline caching are passing.
1225
1226         * assembler/LinkBuffer.cpp:
1227         (JSC::LinkBuffer::copyCompactAndLinkCode):
1228         (JSC::LinkBuffer::shrink):
1229         * ftl/FTLInlineCacheSize.cpp:
1230         (JSC::FTL::sizeOfGetById):
1231         (JSC::FTL::sizeOfPutById):
1232         (JSC::FTL::sizeOfCall):
1233         * ftl/FTLOSRExitCompiler.cpp:
1234         (JSC::FTL::compileFTLOSRExit):
1235         * ftl/FTLThunks.cpp:
1236         (JSC::FTL::osrExitGenerationThunkGenerator):
1237         * jit/GPRInfo.h:
1238         * offlineasm/arm64.rb:
1239
1240 2014-02-25  Commit Queue  <commit-queue@webkit.org>
1241
1242         Unreviewed, rolling out r164627.
1243         http://trac.webkit.org/changeset/164627
1244         https://bugs.webkit.org/show_bug.cgi?id=129325
1245
1246         Broke SubtleCrypto tests (Requested by ap on #webkit).
1247
1248         * API/APIShims.h:
1249         (JSC::APIEntryShim::APIEntryShim):
1250         (JSC::APICallbackShim::shouldDropAllLocks):
1251         * heap/MachineStackMarker.cpp:
1252         (JSC::MachineThreads::addCurrentThread):
1253         * runtime/JSLock.cpp:
1254         (JSC::JSLockHolder::JSLockHolder):
1255         (JSC::JSLockHolder::init):
1256         (JSC::JSLockHolder::~JSLockHolder):
1257         (JSC::JSLock::JSLock):
1258         (JSC::JSLock::lock):
1259         (JSC::JSLock::unlock):
1260         (JSC::JSLock::currentThreadIsHoldingLock):
1261         (JSC::JSLock::dropAllLocks):
1262         (JSC::JSLock::grabAllLocks):
1263         * runtime/JSLock.h:
1264         * runtime/VM.cpp:
1265         (JSC::VM::VM):
1266         * runtime/VM.h:
1267         (JSC::VM::currentThreadIsHoldingAPILock):
1268
1269 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
1270
1271         ARM64 rshift64 should be an arithmetic shift
1272         https://bugs.webkit.org/show_bug.cgi?id=129323
1273
1274         Reviewed by Mark Hahnenberg.
1275
1276         * assembler/MacroAssemblerARM64.h:
1277         (JSC::MacroAssemblerARM64::rshift64):
1278
1279 2014-02-25  Sergio Villar Senin  <svillar@igalia.com>
1280
1281         [CSS Grid Layout] Add ENABLE flag
1282         https://bugs.webkit.org/show_bug.cgi?id=129153
1283
1284         Reviewed by Simon Fraser.
1285
1286         * Configurations/FeatureDefines.xcconfig: added ENABLE_CSS_GRID_LAYOUT feature flag.
1287
1288 2014-02-25  Michael Saboff  <msaboff@apple.com>
1289
1290         JIT Engines use the wrong stack limit for stack checks
1291         https://bugs.webkit.org/show_bug.cgi?id=129314
1292
1293         Reviewed by Filip Pizlo.
1294
1295         Change the Baseline and DFG code to use VM::m_stackLimit for stack limit checks.
1296
1297         * dfg/DFGJITCompiler.cpp:
1298         (JSC::DFG::JITCompiler::compileFunction):
1299         * jit/JIT.cpp:
1300         (JSC::JIT::privateCompile):
1301         * jit/JITCall.cpp:
1302         (JSC::JIT::compileLoadVarargs):
1303         * jit/JITCall32_64.cpp:
1304         (JSC::JIT::compileLoadVarargs):
1305         * runtime/VM.h:
1306         (JSC::VM::addressOfStackLimit):
1307
1308 2014-02-25  Filip Pizlo  <fpizlo@apple.com>
1309
1310         Unreviewed, roll out http://trac.webkit.org/changeset/164493.
1311         
1312         It causes crashes, apparently because it's removing too many barriers. I will investigate
1313         later.
1314
1315         * bytecode/SpeculatedType.cpp:
1316         (JSC::speculationToAbbreviatedString):
1317         * bytecode/SpeculatedType.h:
1318         * dfg/DFGFixupPhase.cpp:
1319         (JSC::DFG::FixupPhase::fixupNode):
1320         (JSC::DFG::FixupPhase::insertStoreBarrier):
1321         * dfg/DFGNode.h:
1322         * ftl/FTLCapabilities.cpp:
1323         (JSC::FTL::canCompile):
1324         * ftl/FTLLowerDFGToLLVM.cpp:
1325         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1326         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1327         (JSC::FTL::LowerDFGToLLVM::isNotNully):
1328         (JSC::FTL::LowerDFGToLLVM::isNully):
1329         (JSC::FTL::LowerDFGToLLVM::speculate):
1330         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
1331         (JSC::FTL::LowerDFGToLLVM::speculateNotCell):
1332
1333 2014-02-24  Oliver Hunt  <oliver@apple.com>
1334
1335         Fix build.
1336
1337         * jit/CCallHelpers.h:
1338         (JSC::CCallHelpers::setupArgumentsWithExecState):
1339
1340 2014-02-24  Oliver Hunt  <oliver@apple.com>
1341
1342         Spread operator has a bad time when applied to call function
1343         https://bugs.webkit.org/show_bug.cgi?id=128853
1344
1345         Reviewed by Geoffrey Garen.
1346
1347         Follow on from the previous patch the added an extra slot to
1348         op_call_varargs (and _call, _call_eval, _construct).  We now
1349         use the slot as an offset to in effect act as a 'slice' on
1350         the spread subject.  This allows us to automatically retain
1351         all our existing argument and array optimisatons.  Most of
1352         this patch is simply threading the offset around.
1353
1354         * bytecode/CodeBlock.cpp:
1355         (JSC::CodeBlock::dumpBytecode):
1356         * bytecompiler/BytecodeGenerator.cpp:
1357         (JSC::BytecodeGenerator::emitCall):
1358         (JSC::BytecodeGenerator::emitCallVarargs):
1359         * bytecompiler/BytecodeGenerator.h:
1360         * bytecompiler/NodesCodegen.cpp:
1361         (JSC::getArgumentByVal):
1362         (JSC::CallFunctionCallDotNode::emitBytecode):
1363         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1364         * interpreter/Interpreter.cpp:
1365         (JSC::sizeFrameForVarargs):
1366         (JSC::loadVarargs):
1367         * interpreter/Interpreter.h:
1368         * jit/CCallHelpers.h:
1369         (JSC::CCallHelpers::setupArgumentsWithExecState):
1370         * jit/JIT.h:
1371         * jit/JITCall.cpp:
1372         (JSC::JIT::compileLoadVarargs):
1373         * jit/JITInlines.h:
1374         (JSC::JIT::callOperation):
1375         * jit/JITOperations.cpp:
1376         * jit/JITOperations.h:
1377         * llint/LLIntSlowPaths.cpp:
1378         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1379         * runtime/Arguments.cpp:
1380         (JSC::Arguments::copyToArguments):
1381         * runtime/Arguments.h:
1382         * runtime/JSArray.cpp:
1383         (JSC::JSArray::copyToArguments):
1384         * runtime/JSArray.h:
1385
1386 2014-02-24  Mark Lam  <mark.lam@apple.com>
1387
1388         Need to initialize VM stack data even when the VM is on an exclusive thread.
1389         <https://webkit.org/b/129265>
1390
1391         Reviewed by Geoffrey Garen.
1392
1393         We check VM::exclusiveThread as an optimization to forego the need to do
1394         JSLock locking. However, we recently started piggy backing on JSLock's
1395         lock() and unlock() to initialize VM stack data (stackPointerAtVMEntry
1396         and lastStackTop) to appropriate values for the current thread. This is
1397         needed because we may be acquiring the lock to enter the VM on a different
1398         thread.
1399
1400         As a result, we ended up not initializing the VM stack data when
1401         VM::exclusiveThread causes us to bypass the locking activity. Even though
1402         the VM::exclusiveThread will not have to deal with the VM being entered
1403         on a different thread, it still needs to initialize the VM stack data.
1404         The VM relies on that data being initialized properly once it has been
1405         entered.
1406
1407         With this fix, we push the check for exclusiveThread down into the JSLock,
1408         and handle the bypassing of unneeded locking activity there while still
1409         executing the necessary the VM stack data initialization.
1410
1411         * API/APIShims.h:
1412         (JSC::APIEntryShim::APIEntryShim):
1413         (JSC::APICallbackShim::shouldDropAllLocks):
1414         * heap/MachineStackMarker.cpp:
1415         (JSC::MachineThreads::addCurrentThread):
1416         * runtime/JSLock.cpp:
1417         (JSC::JSLockHolder::JSLockHolder):
1418         (JSC::JSLockHolder::init):
1419         (JSC::JSLockHolder::~JSLockHolder):
1420         (JSC::JSLock::JSLock):
1421         (JSC::JSLock::setExclusiveThread):
1422         (JSC::JSLock::lock):
1423         (JSLock::unlock):
1424         (JSLock::currentThreadIsHoldingLock):
1425         (JSLock::dropAllLocks):
1426         (JSLock::grabAllLocks):
1427         * runtime/JSLock.h:
1428         (JSC::JSLock::exclusiveThread):
1429         * runtime/VM.cpp:
1430         (JSC::VM::VM):
1431         * runtime/VM.h:
1432         (JSC::VM::exclusiveThread):
1433         (JSC::VM::setExclusiveThread):
1434         (JSC::VM::currentThreadIsHoldingAPILock):
1435
1436 2014-02-24  Filip Pizlo  <fpizlo@apple.com>
1437
1438         FTL should do polymorphic PutById inlining
1439         https://bugs.webkit.org/show_bug.cgi?id=129210
1440
1441         Reviewed by Mark Hahnenberg and Oliver Hunt.
1442         
1443         This makes PutByIdStatus inform us about polymorphic cases by returning an array of
1444         PutByIdVariants. The DFG now has a node called MultiPutByOffset that indicates a
1445         selection of multiple inlined PutByIdVariants.
1446         
1447         MultiPutByOffset is almost identical to MultiGetByOffset, which we added in
1448         http://trac.webkit.org/changeset/164207.
1449         
1450         This also does some FTL refactoring to make MultiPutByOffset share code with some nodes
1451         that generate similar code.
1452         
1453         1% speed-up on V8v7 due to splay improving by 6.8%. Splay does the thing where it
1454         sometimes swaps field insertion order, creating fake polymorphism.
1455
1456         * CMakeLists.txt:
1457         * GNUmakefile.list.am:
1458         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1459         * JavaScriptCore.xcodeproj/project.pbxproj:
1460         * bytecode/PutByIdStatus.cpp:
1461         (JSC::PutByIdStatus::computeFromLLInt):
1462         (JSC::PutByIdStatus::computeFor):
1463         (JSC::PutByIdStatus::computeForStubInfo):
1464         (JSC::PutByIdStatus::dump):
1465         * bytecode/PutByIdStatus.h:
1466         (JSC::PutByIdStatus::PutByIdStatus):
1467         (JSC::PutByIdStatus::isSimple):
1468         (JSC::PutByIdStatus::numVariants):
1469         (JSC::PutByIdStatus::variants):
1470         (JSC::PutByIdStatus::at):
1471         (JSC::PutByIdStatus::operator[]):
1472         * bytecode/PutByIdVariant.cpp: Added.
1473         (JSC::PutByIdVariant::dump):
1474         (JSC::PutByIdVariant::dumpInContext):
1475         * bytecode/PutByIdVariant.h: Added.
1476         (JSC::PutByIdVariant::PutByIdVariant):
1477         (JSC::PutByIdVariant::replace):
1478         (JSC::PutByIdVariant::transition):
1479         (JSC::PutByIdVariant::kind):
1480         (JSC::PutByIdVariant::isSet):
1481         (JSC::PutByIdVariant::operator!):
1482         (JSC::PutByIdVariant::structure):
1483         (JSC::PutByIdVariant::oldStructure):
1484         (JSC::PutByIdVariant::newStructure):
1485         (JSC::PutByIdVariant::structureChain):
1486         (JSC::PutByIdVariant::offset):
1487         * dfg/DFGAbstractInterpreterInlines.h:
1488         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1489         * dfg/DFGByteCodeParser.cpp:
1490         (JSC::DFG::ByteCodeParser::emitPrototypeChecks):
1491         (JSC::DFG::ByteCodeParser::handleGetById):
1492         (JSC::DFG::ByteCodeParser::emitPutById):
1493         (JSC::DFG::ByteCodeParser::handlePutById):
1494         (JSC::DFG::ByteCodeParser::parseBlock):
1495         * dfg/DFGCSEPhase.cpp:
1496         (JSC::DFG::CSEPhase::checkStructureElimination):
1497         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
1498         (JSC::DFG::CSEPhase::putStructureStoreElimination):
1499         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1500         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
1501         * dfg/DFGClobberize.h:
1502         (JSC::DFG::clobberize):
1503         * dfg/DFGConstantFoldingPhase.cpp:
1504         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1505         (JSC::DFG::ConstantFoldingPhase::emitPutByOffset):
1506         * dfg/DFGFixupPhase.cpp:
1507         (JSC::DFG::FixupPhase::fixupNode):
1508         * dfg/DFGGraph.cpp:
1509         (JSC::DFG::Graph::dump):
1510         * dfg/DFGGraph.h:
1511         * dfg/DFGNode.cpp:
1512         (JSC::DFG::MultiPutByOffsetData::writesStructures):
1513         (JSC::DFG::MultiPutByOffsetData::reallocatesStorage):
1514         * dfg/DFGNode.h:
1515         (JSC::DFG::Node::convertToPutByOffset):
1516         (JSC::DFG::Node::hasMultiPutByOffsetData):
1517         (JSC::DFG::Node::multiPutByOffsetData):
1518         * dfg/DFGNodeType.h:
1519         * dfg/DFGPredictionPropagationPhase.cpp:
1520         (JSC::DFG::PredictionPropagationPhase::propagate):
1521         * dfg/DFGSafeToExecute.h:
1522         (JSC::DFG::safeToExecute):
1523         * dfg/DFGSpeculativeJIT32_64.cpp:
1524         (JSC::DFG::SpeculativeJIT::compile):
1525         * dfg/DFGSpeculativeJIT64.cpp:
1526         (JSC::DFG::SpeculativeJIT::compile):
1527         * dfg/DFGTypeCheckHoistingPhase.cpp:
1528         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
1529         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
1530         * ftl/FTLCapabilities.cpp:
1531         (JSC::FTL::canCompile):
1532         * ftl/FTLLowerDFGToLLVM.cpp:
1533         (JSC::FTL::LowerDFGToLLVM::compileNode):
1534         (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
1535         (JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage):
1536         (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
1537         (JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
1538         (JSC::FTL::LowerDFGToLLVM::compileMultiGetByOffset):
1539         (JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
1540         (JSC::FTL::LowerDFGToLLVM::compileMultiPutByOffset):
1541         (JSC::FTL::LowerDFGToLLVM::loadProperty):
1542         (JSC::FTL::LowerDFGToLLVM::storeProperty):
1543         (JSC::FTL::LowerDFGToLLVM::addressOfProperty):
1544         (JSC::FTL::LowerDFGToLLVM::storageForTransition):
1545         (JSC::FTL::LowerDFGToLLVM::allocatePropertyStorage):
1546         (JSC::FTL::LowerDFGToLLVM::reallocatePropertyStorage):
1547         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
1548         * tests/stress/fold-multi-put-by-offset-to-put-by-offset.js: Added.
1549         * tests/stress/multi-put-by-offset-reallocation-butterfly-cse.js: Added.
1550         * tests/stress/multi-put-by-offset-reallocation-cases.js: Added.
1551
1552 2014-02-24  peavo@outlook.com  <peavo@outlook.com>
1553
1554         JSC regressions after r164494
1555         https://bugs.webkit.org/show_bug.cgi?id=129272
1556
1557         Reviewed by Mark Lam.
1558
1559         * offlineasm/x86.rb: Only avoid reverse opcode (fdivr) for Windows.
1560
1561 2014-02-24  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
1562
1563         Code cleanup: remove leftover ENABLE(WORKERS) macros and support.
1564         https://bugs.webkit.org/show_bug.cgi?id=129255
1565
1566         Reviewed by Csaba Osztrogon√°c.
1567
1568         ENABLE_WORKERS macro was removed in r159679.
1569         Support is now also removed from xcconfig files.
1570
1571         * Configurations/FeatureDefines.xcconfig:
1572
1573 2014-02-24  David Kilzer  <ddkilzer@apple.com>
1574
1575         Remove redundant setting in FeatureDefines.xcconfig
1576
1577         * Configurations/FeatureDefines.xcconfig:
1578
1579 2014-02-23  Sam Weinig  <sam@webkit.org>
1580
1581         Update FeatureDefines.xcconfig
1582
1583         Rubber-stamped by Anders Carlsson.
1584
1585         * Configurations/FeatureDefines.xcconfig:
1586
1587 2014-02-23  Dean Jackson  <dino@apple.com>
1588
1589         Sort the project file with sort-Xcode-project-file.
1590
1591         Rubber-stamped by Sam Weinig.
1592
1593         * JavaScriptCore.xcodeproj/project.pbxproj:
1594
1595 2014-02-23  Sam Weinig  <sam@webkit.org>
1596
1597         Move telephone number detection behind its own ENABLE macro
1598         https://bugs.webkit.org/show_bug.cgi?id=129236
1599
1600         Reviewed by Dean Jackson.
1601
1602         * Configurations/FeatureDefines.xcconfig:
1603         Add ENABLE_TELEPHONE_NUMBER_DETECTION.
1604
1605 2014-02-22  Filip Pizlo  <fpizlo@apple.com>
1606
1607         Refine DFG+FTL inlining and compilation limits
1608         https://bugs.webkit.org/show_bug.cgi?id=129212
1609
1610         Reviewed by Mark Hahnenberg.
1611         
1612         Allow larger functions to be DFG-compiled. Institute a limit on FTL compilation,
1613         and set that limit quite high. Institute a limit on inlining-into. The idea here is
1614         that large functions tend to be autogenerated, and code generators like emscripten
1615         appear to leave few inlining opportunities anyway. Also, we don't want the code
1616         size explosion that we would risk if we allowed compilation of a large function and
1617         then inlined a ton of stuff into it.
1618         
1619         This is a 0.5% speed-up on Octane v2 and almost eliminates the typescript
1620         regression. This is a 9% speed-up on AsmBench.
1621
1622         * bytecode/CodeBlock.cpp:
1623         (JSC::CodeBlock::noticeIncomingCall):
1624         * dfg/DFGByteCodeParser.cpp:
1625         (JSC::DFG::ByteCodeParser::handleInlining):
1626         * dfg/DFGCapabilities.h:
1627         (JSC::DFG::isSmallEnoughToInlineCodeInto):
1628         * ftl/FTLCapabilities.cpp:
1629         (JSC::FTL::canCompile):
1630         * ftl/FTLState.h:
1631         (JSC::FTL::shouldShowDisassembly):
1632         * runtime/Options.h:
1633
1634 2014-02-22  Dan Bernstein  <mitz@apple.com>
1635
1636         REGRESSION (r164507): Crash beneath JSGlobalObjectInspectorController::reportAPIException at facebook.com, twitter.com, youtube.com
1637         https://bugs.webkit.org/show_bug.cgi?id=129227
1638
1639         Reviewed by Eric Carlson.
1640
1641         Reverted r164507.
1642
1643         * API/JSBase.cpp:
1644         (JSEvaluateScript):
1645         (JSCheckScriptSyntax):
1646         * API/JSObjectRef.cpp:
1647         (JSObjectMakeFunction):
1648         (JSObjectMakeArray):
1649         (JSObjectMakeDate):
1650         (JSObjectMakeError):
1651         (JSObjectMakeRegExp):
1652         (JSObjectGetProperty):
1653         (JSObjectSetProperty):
1654         (JSObjectGetPropertyAtIndex):
1655         (JSObjectSetPropertyAtIndex):
1656         (JSObjectDeleteProperty):
1657         (JSObjectCallAsFunction):
1658         (JSObjectCallAsConstructor):
1659         * API/JSValue.mm:
1660         (valueToArray):
1661         (valueToDictionary):
1662         * API/JSValueRef.cpp:
1663         (JSValueIsEqual):
1664         (JSValueIsInstanceOfConstructor):
1665         (JSValueCreateJSONString):
1666         (JSValueToNumber):
1667         (JSValueToStringCopy):
1668         (JSValueToObject):
1669         * inspector/ConsoleMessage.cpp:
1670         (Inspector::ConsoleMessage::ConsoleMessage):
1671         (Inspector::ConsoleMessage::autogenerateMetadata):
1672         * inspector/ConsoleMessage.h:
1673         * inspector/JSGlobalObjectInspectorController.cpp:
1674         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1675         * inspector/JSGlobalObjectInspectorController.h:
1676         * inspector/ScriptCallStack.cpp:
1677         * inspector/ScriptCallStack.h:
1678         * inspector/ScriptCallStackFactory.cpp:
1679         (Inspector::createScriptCallStack):
1680         (Inspector::createScriptCallStackForConsole):
1681         (Inspector::createScriptCallStackFromException):
1682         * inspector/ScriptCallStackFactory.h:
1683         * inspector/agents/InspectorConsoleAgent.cpp:
1684         (Inspector::InspectorConsoleAgent::enable):
1685         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1686         (Inspector::InspectorConsoleAgent::count):
1687         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1688         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1689
1690 2014-02-22  Joseph Pecoraro  <pecoraro@apple.com>
1691
1692         Remove some unreachable code (-Wunreachable-code)
1693         https://bugs.webkit.org/show_bug.cgi?id=129220
1694
1695         Reviewed by Eric Carlson.
1696
1697         * API/tests/testapi.c:
1698         (EvilExceptionObject_convertToType):
1699         * disassembler/udis86/udis86_decode.c:
1700         (decode_operand):
1701
1702 2014-02-22  Filip Pizlo  <fpizlo@apple.com>
1703
1704         Unreviewed, ARMv7 build fix.
1705
1706         * assembler/ARMv7Assembler.h:
1707
1708 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
1709
1710         It should be possible for a LinkBuffer to outlive the MacroAssembler and still be useful
1711         https://bugs.webkit.org/show_bug.cgi?id=124733
1712
1713         Reviewed by Oliver Hunt.
1714         
1715         This also takes the opportunity to de-duplicate some branch compaction code.
1716
1717         * assembler/ARM64Assembler.h:
1718         * assembler/ARMv7Assembler.h:
1719         (JSC::ARMv7Assembler::buffer):
1720         * assembler/AssemblerBuffer.h:
1721         (JSC::AssemblerData::AssemblerData):
1722         (JSC::AssemblerBuffer::AssemblerBuffer):
1723         (JSC::AssemblerBuffer::storage):
1724         (JSC::AssemblerBuffer::grow):
1725         * assembler/LinkBuffer.h:
1726         (JSC::LinkBuffer::LinkBuffer):
1727         (JSC::LinkBuffer::executableOffsetFor):
1728         (JSC::LinkBuffer::applyOffset):
1729         * assembler/MacroAssemblerARM64.h:
1730         (JSC::MacroAssemblerARM64::link):
1731         * assembler/MacroAssemblerARMv7.h:
1732
1733 2014-02-21  Brent Fulgham  <bfulgham@apple.com>
1734
1735         Extend media support for WebVTT sources
1736         https://bugs.webkit.org/show_bug.cgi?id=129156
1737
1738         Reviewed by Eric Carlson.
1739
1740         * Configurations/FeatureDefines.xcconfig: Add new feature define for AVF_CAPTIONS
1741
1742 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
1743
1744         Web Inspector: JSContext inspection should report exceptions in the console
1745         https://bugs.webkit.org/show_bug.cgi?id=128776
1746
1747         Reviewed by Timothy Hatcher.
1748
1749         When JavaScript API functions have an exception, let the inspector
1750         know so it can log the JavaScript and Native backtrace that caused
1751         the exception.
1752
1753         Include some clean up of ConsoleMessage and ScriptCallStack construction.
1754
1755         * API/JSBase.cpp:
1756         (JSEvaluateScript):
1757         (JSCheckScriptSyntax):
1758         * API/JSObjectRef.cpp:
1759         (JSObjectMakeFunction):
1760         (JSObjectMakeArray):
1761         (JSObjectMakeDate):
1762         (JSObjectMakeError):
1763         (JSObjectMakeRegExp):
1764         (JSObjectGetProperty):
1765         (JSObjectSetProperty):
1766         (JSObjectGetPropertyAtIndex):
1767         (JSObjectSetPropertyAtIndex):
1768         (JSObjectDeleteProperty):
1769         (JSObjectCallAsFunction):
1770         (JSObjectCallAsConstructor):
1771         * API/JSValue.mm:
1772         (reportExceptionToInspector):
1773         (valueToArray):
1774         (valueToDictionary):
1775         * API/JSValueRef.cpp:
1776         (JSValueIsEqual):
1777         (JSValueIsInstanceOfConstructor):
1778         (JSValueCreateJSONString):
1779         (JSValueToNumber):
1780         (JSValueToStringCopy):
1781         (JSValueToObject):
1782         When seeing an exception, let the inspector know there was an exception.
1783
1784         * inspector/JSGlobalObjectInspectorController.h:
1785         * inspector/JSGlobalObjectInspectorController.cpp:
1786         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1787         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
1788         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1789         Log API exceptions by also grabbing the native backtrace.
1790
1791         * inspector/ScriptCallStack.h:
1792         * inspector/ScriptCallStack.cpp:
1793         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
1794         (Inspector::ScriptCallStack::append):
1795         Minor extensions to ScriptCallStack to make it easier to work with.
1796
1797         * inspector/ConsoleMessage.cpp:
1798         (Inspector::ConsoleMessage::ConsoleMessage):
1799         (Inspector::ConsoleMessage::autogenerateMetadata):
1800         Provide better default information if the first call frame was native.
1801
1802         * inspector/ScriptCallStackFactory.cpp:
1803         (Inspector::createScriptCallStack):
1804         (Inspector::extractSourceInformationFromException):
1805         (Inspector::createScriptCallStackFromException):
1806         Perform the handling here of inserting a fake call frame for exceptions
1807         if there was no call stack (e.g. a SyntaxError) or if the first call
1808         frame had no information.
1809
1810         * inspector/ConsoleMessage.cpp:
1811         (Inspector::ConsoleMessage::ConsoleMessage):
1812         (Inspector::ConsoleMessage::autogenerateMetadata):
1813         * inspector/ConsoleMessage.h:
1814         * inspector/ScriptCallStackFactory.cpp:
1815         (Inspector::createScriptCallStack):
1816         (Inspector::createScriptCallStackForConsole):
1817         * inspector/ScriptCallStackFactory.h:
1818         * inspector/agents/InspectorConsoleAgent.cpp:
1819         (Inspector::InspectorConsoleAgent::enable):
1820         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1821         (Inspector::InspectorConsoleAgent::count):
1822         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1823         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1824         ConsoleMessage cleanup.
1825
1826 2014-02-21  Oliver Hunt  <oliver@apple.com>
1827
1828         Add extra space to op_call and related opcodes
1829         https://bugs.webkit.org/show_bug.cgi?id=129170
1830
1831         Reviewed by Mark Lam.
1832
1833         No change in behaviour, just some refactoring to add an extra
1834         slot to the op_call instructions, and refactoring to make similar
1835         changes easier in future.
1836
1837         * bytecode/CodeBlock.cpp:
1838         (JSC::CodeBlock::printCallOp):
1839         * bytecode/Opcode.h:
1840         (JSC::padOpcodeName):
1841         * bytecompiler/BytecodeGenerator.cpp:
1842         (JSC::BytecodeGenerator::emitCall):
1843         (JSC::BytecodeGenerator::emitCallVarargs):
1844         (JSC::BytecodeGenerator::emitConstruct):
1845         * dfg/DFGByteCodeParser.cpp:
1846         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1847         * jit/JITCall.cpp:
1848         (JSC::JIT::compileOpCall):
1849         * jit/JITCall32_64.cpp:
1850         (JSC::JIT::compileOpCall):
1851         * llint/LowLevelInterpreter.asm:
1852         * llint/LowLevelInterpreter32_64.asm:
1853         * llint/LowLevelInterpreter64.asm:
1854
1855 2014-02-21  Mark Lam  <mark.lam@apple.com>
1856
1857         gatherFromOtherThread() needs to align the sp before gathering roots.
1858         <https://webkit.org/b/129169>
1859
1860         Reviewed by Geoffrey Garen.
1861
1862         The GC scans the stacks of other threads using MachineThreads::gatherFromOtherThread().
1863         gatherFromOtherThread() defines the range of the other thread's stack as
1864         being bounded by the other thread's stack pointer and stack base. While
1865         the stack base will always be aligned to sizeof(void*), the stack pointer
1866         may not be. This is because the other thread may have just pushed a 32-bit
1867         value on its stack before we suspended it for scanning.
1868
1869         The fix is to round the stack pointer up to the next aligned address of
1870         sizeof(void*) and start scanning from there. On 64-bit systems, we will
1871         effectively ignore the 32-bit word at the bottom of the stack (top of the
1872         stack for stacks growing up) because it cannot be a 64-bit pointer anyway.
1873         64-bit pointers should always be stored on 64-bit aligned boundaries (our
1874         conservative scan algorithm already depends on this assumption).
1875
1876         On 32-bit systems, the rounding is effectively a no-op.
1877
1878         * heap/ConservativeRoots.cpp:
1879         (JSC::ConservativeRoots::genericAddSpan):
1880         - Hardened somne assertions so that we can catch misalignment issues on
1881           release builds as well.
1882         * heap/MachineStackMarker.cpp:
1883         (JSC::MachineThreads::gatherFromOtherThread):
1884
1885 2014-02-21  Matthew Mirman  <mmirman@apple.com>
1886
1887         Added a GetMyArgumentsLengthSafe and added a speculation check.
1888         https://bugs.webkit.org/show_bug.cgi?id=129051
1889
1890         Reviewed by Filip Pizlo.
1891
1892         * ftl/FTLLowerDFGToLLVM.cpp:
1893         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
1894
1895 2014-02-21  peavo@outlook.com  <peavo@outlook.com>
1896
1897         [Win][LLINT] Many JSC stress test failures.
1898         https://bugs.webkit.org/show_bug.cgi?id=129155
1899
1900         Reviewed by Michael Saboff.
1901
1902         Intel syntax has reversed operand order compared to AT&T syntax, so we need to swap the operand order, in this case on floating point operations.
1903         Also avoid using the reverse opcode (e.g. fdivr), as this puts the result at the wrong position in the floating point stack.
1904         E.g. "divd ft0, ft1" would translate to fdivr st, st(1) (Intel syntax) on Windows, but this puts the result in st, when it should be in st(1).
1905
1906         * offlineasm/x86.rb: Swap operand order on Windows.
1907
1908 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
1909
1910         DFG write barriers should do more speculations
1911         https://bugs.webkit.org/show_bug.cgi?id=129160
1912
1913         Reviewed by Mark Hahnenberg.
1914         
1915         Replace ConditionalStoreBarrier with the cheapest speculation that you could do
1916         instead.
1917         
1918         Miniscule speed-up on some things. It's a decent difference in code size, though.
1919
1920         * bytecode/SpeculatedType.cpp:
1921         (JSC::speculationToAbbreviatedString):
1922         * bytecode/SpeculatedType.h:
1923         (JSC::isNotCellSpeculation):
1924         * dfg/DFGFixupPhase.cpp:
1925         (JSC::DFG::FixupPhase::fixupNode):
1926         (JSC::DFG::FixupPhase::insertStoreBarrier):
1927         (JSC::DFG::FixupPhase::insertPhantomCheck):
1928         * dfg/DFGNode.h:
1929         (JSC::DFG::Node::shouldSpeculateOther):
1930         (JSC::DFG::Node::shouldSpeculateNotCell):
1931         * ftl/FTLCapabilities.cpp:
1932         (JSC::FTL::canCompile):
1933         * ftl/FTLLowerDFGToLLVM.cpp:
1934         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1935         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1936         (JSC::FTL::LowerDFGToLLVM::isNotOther):
1937         (JSC::FTL::LowerDFGToLLVM::isOther):
1938         (JSC::FTL::LowerDFGToLLVM::speculate):
1939         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
1940         (JSC::FTL::LowerDFGToLLVM::speculateOther):
1941         (JSC::FTL::LowerDFGToLLVM::speculateNotCell):
1942
1943 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
1944
1945         Revert r164486, causing a number of test failures.
1946
1947         Unreviewed rollout.
1948
1949 2014-02-21  Filip Pizlo  <fpizlo@apple.com>
1950
1951         Revive SABI (aka shouldAlwaysBeInlined)
1952         https://bugs.webkit.org/show_bug.cgi?id=129159
1953
1954         Reviewed by Mark Hahnenberg.
1955         
1956         This is a small Octane speed-up.
1957
1958         * jit/Repatch.cpp:
1959         (JSC::linkFor): This code was assuming that if it's invoked then the caller is a DFG code block. That's wrong, since it's now used by all of the JITs.
1960
1961 2014-02-21  Joseph Pecoraro  <pecoraro@apple.com>
1962
1963         Web Inspector: JSContext inspection should report exceptions in the console
1964         https://bugs.webkit.org/show_bug.cgi?id=128776
1965
1966         Reviewed by Timothy Hatcher.
1967
1968         When JavaScript API functions have an exception, let the inspector
1969         know so it can log the JavaScript and Native backtrace that caused
1970         the exception.
1971
1972         Include some clean up of ConsoleMessage and ScriptCallStack construction.
1973
1974         * API/JSBase.cpp:
1975         (JSEvaluateScript):
1976         (JSCheckScriptSyntax):
1977         * API/JSObjectRef.cpp:
1978         (JSObjectMakeFunction):
1979         (JSObjectMakeArray):
1980         (JSObjectMakeDate):
1981         (JSObjectMakeError):
1982         (JSObjectMakeRegExp):
1983         (JSObjectGetProperty):
1984         (JSObjectSetProperty):
1985         (JSObjectGetPropertyAtIndex):
1986         (JSObjectSetPropertyAtIndex):
1987         (JSObjectDeleteProperty):
1988         (JSObjectCallAsFunction):
1989         (JSObjectCallAsConstructor):
1990         * API/JSValue.mm:
1991         (reportExceptionToInspector):
1992         (valueToArray):
1993         (valueToDictionary):
1994         * API/JSValueRef.cpp:
1995         (JSValueIsEqual):
1996         (JSValueIsInstanceOfConstructor):
1997         (JSValueCreateJSONString):
1998         (JSValueToNumber):
1999         (JSValueToStringCopy):
2000         (JSValueToObject):
2001         When seeing an exception, let the inspector know there was an exception.
2002
2003         * inspector/JSGlobalObjectInspectorController.h:
2004         * inspector/JSGlobalObjectInspectorController.cpp:
2005         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2006         (Inspector::JSGlobalObjectInspectorController::appendAPIBacktrace):
2007         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
2008         Log API exceptions by also grabbing the native backtrace.
2009
2010         * inspector/ScriptCallStack.h:
2011         * inspector/ScriptCallStack.cpp:
2012         (Inspector::ScriptCallStack::firstNonNativeCallFrame):
2013         (Inspector::ScriptCallStack::append):
2014         Minor extensions to ScriptCallStack to make it easier to work with.
2015
2016         * inspector/ConsoleMessage.cpp:
2017         (Inspector::ConsoleMessage::ConsoleMessage):
2018         (Inspector::ConsoleMessage::autogenerateMetadata):
2019         Provide better default information if the first call frame was native.
2020
2021         * inspector/ScriptCallStackFactory.cpp:
2022         (Inspector::createScriptCallStack):
2023         (Inspector::extractSourceInformationFromException):
2024         (Inspector::createScriptCallStackFromException):
2025         Perform the handling here of inserting a fake call frame for exceptions
2026         if there was no call stack (e.g. a SyntaxError) or if the first call
2027         frame had no information.
2028
2029         * inspector/ConsoleMessage.cpp:
2030         (Inspector::ConsoleMessage::ConsoleMessage):
2031         (Inspector::ConsoleMessage::autogenerateMetadata):
2032         * inspector/ConsoleMessage.h:
2033         * inspector/ScriptCallStackFactory.cpp:
2034         (Inspector::createScriptCallStack):
2035         (Inspector::createScriptCallStackForConsole):
2036         * inspector/ScriptCallStackFactory.h:
2037         * inspector/agents/InspectorConsoleAgent.cpp:
2038         (Inspector::InspectorConsoleAgent::enable):
2039         (Inspector::InspectorConsoleAgent::addMessageToConsole):
2040         (Inspector::InspectorConsoleAgent::count):
2041         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
2042         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
2043         ConsoleMessage cleanup.
2044
2045 2014-02-20  Anders Carlsson  <andersca@apple.com>
2046
2047         Modernize JSGlobalLock and JSLockHolder
2048         https://bugs.webkit.org/show_bug.cgi?id=129105
2049
2050         Reviewed by Michael Saboff.
2051
2052         Use std::mutex and std::thread::id where possible.
2053
2054         * runtime/JSLock.cpp:
2055         (JSC::GlobalJSLock::GlobalJSLock):
2056         (JSC::GlobalJSLock::~GlobalJSLock):
2057         (JSC::GlobalJSLock::initialize):
2058         (JSC::JSLock::JSLock):
2059         (JSC::JSLock::lock):
2060         (JSC::JSLock::unlock):
2061         (JSC::JSLock::currentThreadIsHoldingLock):
2062         * runtime/JSLock.h:
2063
2064 2014-02-20  Mark Lam  <mark.lam@apple.com>
2065
2066         virtualForWithFunction() should not throw an exception with a partially initialized frame.
2067         <https://webkit.org/b/129134>
2068
2069         Reviewed by Michael Saboff.
2070
2071         Currently, when JITOperations.cpp's virtualForWithFunction() fails to
2072         prepare the callee function for execution, it proceeds to throw the
2073         exception using the callee frame which is only partially initialized
2074         thus far. Instead, it should be throwing the exception using the caller
2075         frame because:
2076         1. the error happened "in" the caller while preparing the callee for
2077            execution i.e. the caller frame is the top fully initialized frame
2078            on the stack.
2079         2. the callee frame is not fully initialized yet, and the unwind
2080            mechanism cannot depend on the data in it.
2081
2082         * jit/JITOperations.cpp:
2083
2084 2014-02-20  Mark Lam  <mark.lam@apple.com>
2085
2086         DefaultGCActivityCallback::doWork() should reschedule if GC is deferred.
2087         <https://webkit.org/b/129131>
2088
2089         Reviewed by Mark Hahnenberg.
2090
2091         Currently, DefaultGCActivityCallback::doWork() does not check if the GC
2092         needs to be deferred before commencing. As a result, the GC may crash
2093         and/or corrupt data because the VM is not in the consistent state needed
2094         for the GC to run. With this fix, doWork() now checks if the GC is
2095         supposed to be deferred and re-schedules if needed. It only commences
2096         with GC'ing when it's safe to do so.
2097
2098         * runtime/GCActivityCallback.cpp:
2099         (JSC::DefaultGCActivityCallback::doWork):
2100
2101 2014-02-20  Geoffrey Garen  <ggaren@apple.com>
2102
2103         Math.imul gives wrong results
2104         https://bugs.webkit.org/show_bug.cgi?id=126345
2105
2106         Reviewed by Mark Hahnenberg.
2107
2108         Don't truncate non-int doubles to 0 -- that's just not how ToInt32 works.
2109         Instead, take a slow path that will do the right thing.
2110
2111         * jit/ThunkGenerators.cpp:
2112         (JSC::imulThunkGenerator):
2113
2114 2014-02-20  Filip Pizlo  <fpizlo@apple.com>
2115
2116         DFG should do its own static estimates of execution frequency before it starts creating OSR entrypoints
2117         https://bugs.webkit.org/show_bug.cgi?id=129129
2118
2119         Reviewed by Geoffrey Garen.
2120         
2121         We estimate execution counts based on loop depth, and then use those to estimate branch
2122         weights. These weights then get carried all the way down to LLVM prof branch_weights
2123         meta-data.
2124         
2125         This is better than letting LLVM do its own static estimates, since by the time we
2126         generate LLVM IR, we may have messed up the CFG due to OSR entrypoint creation. Of
2127         course, it would be even better if we just slurped in some kind of execution counts
2128         from profiling, but we don't do that, yet.
2129
2130         * CMakeLists.txt:
2131         * GNUmakefile.list.am:
2132         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2133         * JavaScriptCore.xcodeproj/project.pbxproj:
2134         * dfg/DFGBasicBlock.cpp:
2135         (JSC::DFG::BasicBlock::BasicBlock):
2136         * dfg/DFGBasicBlock.h:
2137         * dfg/DFGBlockInsertionSet.cpp:
2138         (JSC::DFG::BlockInsertionSet::insert):
2139         (JSC::DFG::BlockInsertionSet::insertBefore):
2140         * dfg/DFGBlockInsertionSet.h:
2141         * dfg/DFGByteCodeParser.cpp:
2142         (JSC::DFG::ByteCodeParser::handleInlining):
2143         (JSC::DFG::ByteCodeParser::parseCodeBlock):
2144         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2145         (JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
2146         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2147         (JSC::DFG::createPreHeader):
2148         * dfg/DFGNaturalLoops.h:
2149         (JSC::DFG::NaturalLoops::loopDepth):
2150         * dfg/DFGOSREntrypointCreationPhase.cpp:
2151         (JSC::DFG::OSREntrypointCreationPhase::run):
2152         * dfg/DFGPlan.cpp:
2153         (JSC::DFG::Plan::compileInThreadImpl):
2154         * dfg/DFGStaticExecutionCountEstimationPhase.cpp: Added.
2155         (JSC::DFG::StaticExecutionCountEstimationPhase::StaticExecutionCountEstimationPhase):
2156         (JSC::DFG::StaticExecutionCountEstimationPhase::run):
2157         (JSC::DFG::StaticExecutionCountEstimationPhase::applyCounts):
2158         (JSC::DFG::performStaticExecutionCountEstimation):
2159         * dfg/DFGStaticExecutionCountEstimationPhase.h: Added.
2160
2161 2014-02-20  Filip Pizlo  <fpizlo@apple.com>
2162
2163         FTL may not see a compact_unwind section if there weren't any stackmaps
2164         https://bugs.webkit.org/show_bug.cgi?id=129125
2165
2166         Reviewed by Geoffrey Garen.
2167         
2168         It's OK to not have an unwind section, so long as the function also doesn't have any
2169         OSR exits.
2170
2171         * ftl/FTLCompile.cpp:
2172         (JSC::FTL::fixFunctionBasedOnStackMaps):
2173         (JSC::FTL::compile):
2174         * ftl/FTLUnwindInfo.cpp:
2175         (JSC::FTL::UnwindInfo::parse):
2176         * ftl/FTLUnwindInfo.h:
2177
2178 == Rolled over to ChangeLog-2014-02-20 ==