0cad6c0ae9a0c9c9254b39f4cd134bfc28b675b6
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-01-18  Andreas Kling  <akling@apple.com>
2
3         Remove two unused CodeBlock functions.
4         <https://webkit.org/b/127235>
5
6         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
7         since they are not used.
8
9         Reviewed by Anders Carlsson.
10
11         * bytecode/CodeBlock.cpp:
12         * bytecode/CodeBlock.h:
13
14 2014-01-18  Andreas Kling  <akling@apple.com>
15
16         CodeBlock: Size m_exceptionHandlers to fit from creation.
17         <https://webkit.org/b/127234>
18
19         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
20
21         Reviewed by Anders Carlsson.
22
23         * bytecode/CodeBlock.h:
24
25             Removed unused CodeBlock::allocateHandlers() function.
26
27         * bytecode/CodeBlock.cpp:
28         (JSC::CodeBlock::CodeBlock):
29
30             Use resizeToFit() instead of grow() for m_exceptionHandlers
31             since we know it's never going to change size.
32
33         (JSC::CodeBlock::shrinkToFit):
34
35             No need to shrink m_exceptionHandlers here since it's already
36             the perfect size.
37
38 2014-01-18  Mark Lam  <mark.lam@apple.com>
39
40         Add a hasBreakpointFlag arg to the op_debug bytecode.
41         https://bugs.webkit.org/show_bug.cgi?id=127230.
42
43         Reviewed by Geoffrey Garen.
44
45         This is in anticipation of upcoming changes to support bytecode level
46         breakpoints. This patch adds the flag to the op_debug bytecode and
47         initializes it, but does not use it yet.
48
49         * bytecode/Opcode.h:
50         (JSC::padOpcodeName):
51         * bytecompiler/BytecodeGenerator.cpp:
52         (JSC::BytecodeGenerator::emitDebugHook):
53         * llint/LowLevelInterpreter.asm:
54
55 2014-01-18  Alberto Garcia  <berto@igalia.com>
56
57         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
58         https://bugs.webkit.org/show_bug.cgi?id=99683
59
60         Reviewed by Anders Carlsson.
61
62         * jit/ThunkGenerators.cpp:
63         * tools/CodeProfile.cpp:
64         (JSC::symbolName):
65         (JSC::CodeProfile::sample):
66
67 2014-01-18  Anders Carlsson  <andersca@apple.com>
68
69         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
70         https://bugs.webkit.org/show_bug.cgi?id=127225
71
72         Reviewed by Andreas Kling.
73
74         This concludes the removal of over 8.8 million lines of threaded parser code.
75
76         * Configurations/FeatureDefines.xcconfig:
77
78 2014-01-18  Mark Lam  <mark.lam@apple.com>
79
80         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
81         https://bugs.webkit.org/show_bug.cgi?id=127127.
82
83         Reviewed by Geoffrey Garen.
84
85         In order to implement bytecode level breakpoints, we need a mechanism
86         for computing the best fit op_debug bytecode offset for any valid given
87         line and column value in the source. The "best fit" op_debug bytecode
88         in this case is defined below in the comment for
89         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
90
91         * GNUmakefile.list.am:
92         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
93         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
94         * JavaScriptCore.xcodeproj/project.pbxproj:
95         * bytecode/CodeBlock.cpp:
96         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
97         - Convert the line and column to unlinked line and column values and
98           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
99           to do the real work.
100
101         * bytecode/CodeBlock.h:
102         * bytecode/LineColumnInfo.h: Added.
103         (JSC::LineColumnInfo::operator <):
104         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
105         (JSC::LineColumnInfo::operator ==):
106         (JSC::LineColumnInfo::operator !=):
107         (JSC::LineColumnInfo::operator <=):
108         (JSC::LineColumnInfo::operator >):
109         (JSC::LineColumnInfo::operator >=):
110         * bytecode/LineInfo.h: Removed.
111
112         * bytecode/UnlinkedCodeBlock.cpp:
113         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
114         - Factored this out of expressionRangeForBytecodeOffset() so that it can
115           be called from multiple places.
116         (JSC::dumpLineColumnEntry):
117         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
118         (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
119         - Some dumpers for debugging use only.
120         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
121         (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
122         - Finds the earliest op_debug bytecode whose line and column matches the
123           specified line and column values. If an exact match is not found, then
124           finds the nearest op_debug bytecode that precedes the specified line
125           and column values. If there are more than one op_debug at that preceding
126           line and column value, then the earliest of those op_debug bytecodes will
127           be be selected. The offset of the selected bytecode will be returned.
128
129           We want the earliest one because when we have multiple op_debug bytecodes
130           that map to a given line and column, a debugger user would expect to break
131           on the first one and step through the rest thereafter if needed.
132
133         (JSC::compareLineColumnInfo):
134         (JSC::UnlinkedCodeBlock::opDebugLineColumnInfoList):
135         - Creates the sorted opDebugLineColumnInfoList on demand. This list is
136           stored in the UnlinkedCodeBlock's rareData.
137         * bytecode/UnlinkedCodeBlock.h:
138
139 2014-01-18  Zan Dobersek  <zdobersek@igalia.com>
140
141         Inspector scripts are not compatible with Python v3
142         https://bugs.webkit.org/show_bug.cgi?id=127128
143
144         Reviewed by Benjamin Poulain.
145
146         * inspector/scripts/generate-combined-inspector-json.py: Turn print statements into print function calls.
147         * inspector/scripts/jsmin.py: Try importing the StringIO class from the StringIO module (which will work for
148         Python v2) or, on import error, import the class from the io module (which will work for Python v3).
149
150 2014-01-17  Anders Carlsson  <andersca@apple.com>
151
152         String::is8Bit() crashes if m_impl is null, handle this.
153
154         * API/OpaqueJSString.h:
155         (OpaqueJSString::OpaqueJSString):
156
157 2014-01-17  Anders Carlsson  <andersca@apple.com>
158
159         Try to fix the Windows build.
160
161         * API/OpaqueJSString.cpp:
162         (OpaqueJSString::~OpaqueJSString):
163         (OpaqueJSString::characters):
164         * API/OpaqueJSString.h:
165         (OpaqueJSString::OpaqueJSString):
166
167 2014-01-17  Anders Carlsson  <andersca@apple.com>
168
169         Get rid of OpaqueJSString::deprecatedCharacters()
170         https://bugs.webkit.org/show_bug.cgi?id=127161
171
172         Reviewed by Sam Weinig.
173
174         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
175         code paths for the 8-bit cases.
176         
177         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
178         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
179         is called and the backing string is 8-bit.
180         
181         This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
182         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
183         causing an unsafe upconversion to a 16-bit string).
184
185         * API/JSStringRef.cpp:
186         (JSStringGetCharactersPtr):
187         Call OpaqueJSString::characters.
188
189         (JSStringGetUTF8CString):
190         Add a code path that handles 8-bit strings.
191
192         (JSStringIsEqual):
193         Call OpaqueJSString::equal.
194
195         * API/JSStringRefCF.cpp:
196         (JSStringCreateWithCFString):
197         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
198
199         (JSStringCopyCFString):
200         Create an 8-bit CFStringRef if possible.
201
202         * API/OpaqueJSString.cpp:
203         (OpaqueJSString::create):
204         Use nullptr.
205
206         (OpaqueJSString::~OpaqueJSString):
207         Free m_characters.
208
209         (OpaqueJSString::characters):
210         Do the up-conversion and store the result in m_characters.
211
212         (OpaqueJSString::equal):
213         New helper function.
214
215         * API/OpaqueJSString.h:
216         (OpaqueJSString::is8Bit):
217         New function that returns whether a string is 8-bit or not.
218
219         (OpaqueJSString::characters8):
220         (OpaqueJSString::characters16):
221         Add getters.
222
223 2014-01-17  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
224
225         Remove workaround for compilers not supporting deleted functions
226         https://bugs.webkit.org/show_bug.cgi?id=127166
227
228         Reviewed by Andreas Kling.
229
230         * inspector/InspectorAgentRegistry.h:
231
232 2014-01-17  Commit Queue  <commit-queue@webkit.org>
233
234         Unreviewed, rolling out r162185, r162186, and r162187.
235         http://trac.webkit.org/changeset/162185
236         http://trac.webkit.org/changeset/162186
237         http://trac.webkit.org/changeset/162187
238         https://bugs.webkit.org/show_bug.cgi?id=127164
239
240         Broke JSStringCreateWithCharactersNoCopy, as evidenced by a
241         JSC API test (Requested by ap on #webkit).
242
243         * API/JSStringRef.cpp:
244         (JSStringGetCharactersPtr):
245         (JSStringGetUTF8CString):
246         (JSStringIsEqual):
247         * API/JSStringRefCF.cpp:
248         (JSStringCreateWithCFString):
249         (JSStringCopyCFString):
250         * API/OpaqueJSString.cpp:
251         (OpaqueJSString::create):
252         (OpaqueJSString::identifier):
253         * API/OpaqueJSString.h:
254         (OpaqueJSString::create):
255         (OpaqueJSString::characters):
256         (OpaqueJSString::deprecatedCharacters):
257         (OpaqueJSString::OpaqueJSString):
258
259 2014-01-16  Anders Carlsson  <andersca@apple.com>
260
261         Export OpaqueJSString destructor.
262
263         * API/OpaqueJSString.h:
264
265 2014-01-16  Anders Carlsson  <andersca@apple.com>
266
267         Build fix.
268
269         * API/OpaqueJSString.h:
270
271 2014-01-16  Anders Carlsson  <andersca@apple.com>
272
273         Get rid of OpaqueJSString::deprecatedCharacters()
274         https://bugs.webkit.org/show_bug.cgi?id=127161
275
276         Reviewed by Sam Weinig.
277
278         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
279         code paths for the 8-bit cases.
280         
281         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
282         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
283         is called. This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
284         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
285         causing an unsafe upconversion to a 16-bit string).
286
287         * API/JSStringRef.cpp:
288         (JSStringGetCharactersPtr):
289         Call OpaqueJSString::characters.
290
291         (JSStringGetUTF8CString):
292         Add a code path that handles 8-bit strings.
293
294         (JSStringIsEqual):
295         Call OpaqueJSString::equal.
296
297         * API/JSStringRefCF.cpp:
298         (JSStringCreateWithCFString):
299         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
300
301         (JSStringCopyCFString):
302         Create an 8-bit CFStringRef if possible.
303
304         * API/OpaqueJSString.cpp:
305         (OpaqueJSString::create):
306         Use nullptr.
307
308         (OpaqueJSString::~OpaqueJSString):
309         Free m_characters.
310
311         (OpaqueJSString::characters):
312         Do the up-conversion and store the result in m_characters.
313
314         (OpaqueJSString::equal):
315         New helper function.
316
317         * API/OpaqueJSString.h:
318         (OpaqueJSString::is8Bit):
319         New function that returns whether a string is 8-bit or not.
320
321         (OpaqueJSString::characters8):
322         (OpaqueJSString::characters16):
323         Add getters.
324
325 2014-01-16  Anders Carlsson  <andersca@apple.com>
326
327         Change all uses of FINAL to final now that all our compilers support it
328         https://bugs.webkit.org/show_bug.cgi?id=127142
329
330         Reviewed by Benjamin Poulain.
331
332         * inspector/JSGlobalObjectInspectorController.h:
333         * inspector/agents/InspectorAgent.h:
334         * inspector/remote/RemoteInspector.h:
335         * inspector/remote/RemoteInspectorDebuggableConnection.h:
336         * inspector/scripts/CodeGeneratorInspector.py:
337         (Generator.go):
338         * runtime/JSGlobalObjectDebuggable.h:
339         * runtime/JSPromiseReaction.cpp:
340
341 2014-01-16  Oliver Hunt  <oliver@apple.com>
342
343         throwing an objc object (or general binding object) triggers an assertion
344         https://bugs.webkit.org/show_bug.cgi?id=127146
345
346         Reviewed by Alexey Proskuryakov.
347
348         This is simply a bogus assertion as we can't guarantee a bindings object
349         won't intercept assignment to .stack
350
351         * interpreter/Interpreter.cpp:
352         (JSC::Interpreter::unwind):
353
354 2014-01-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
355
356         Remove workaround for compilers not supporting explicit override control
357         https://bugs.webkit.org/show_bug.cgi?id=127111
358
359         Reviewed by Anders Carlsson.
360
361         Now all compilers support explicit override control, this workaround can be removed.
362
363         * API/JSAPIWrapperObject.mm:
364         * API/JSCallbackObject.h:
365         * API/JSManagedValue.mm:
366         * API/JSScriptRef.cpp:
367         * bytecode/CodeBlock.h:
368         * bytecode/CodeBlockJettisoningWatchpoint.h:
369         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
370         * bytecode/StructureStubClearingWatchpoint.h:
371         * dfg/DFGArrayifySlowPathGenerator.h:
372         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
373         * dfg/DFGFailedFinalizer.h:
374         * dfg/DFGJITCode.h:
375         * dfg/DFGJITFinalizer.h:
376         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
377         * dfg/DFGSlowPathGenerator.h:
378         * dfg/DFGSpeculativeJIT64.cpp:
379         * heap/Heap.h:
380         * heap/IncrementalSweeper.h:
381         * heap/SuperRegion.h:
382         * inspector/InspectorValues.h:
383         * inspector/JSGlobalObjectInspectorController.h:
384         * inspector/agents/InspectorAgent.h:
385         * inspector/remote/RemoteInspector.h:
386         * inspector/remote/RemoteInspectorDebuggableConnection.h:
387         * inspector/scripts/CodeGeneratorInspector.py:
388         (Generator.go):
389         * jit/ClosureCallStubRoutine.h:
390         * jit/ExecutableAllocatorFixedVMPool.cpp:
391         * jit/GCAwareJITStubRoutine.h:
392         * jit/JITCode.h:
393         * jit/JITToDFGDeferredCompilationCallback.h:
394         * parser/Nodes.h:
395         * parser/SourceProvider.h:
396         * runtime/DataView.h:
397         * runtime/GCActivityCallback.h:
398         * runtime/GenericTypedArrayView.h:
399         * runtime/JSGlobalObjectDebuggable.h:
400         * runtime/JSPromiseReaction.cpp:
401         * runtime/RegExpCache.h:
402         * runtime/SimpleTypedArrayController.h:
403         * runtime/SymbolTable.h:
404         * runtime/WeakMapData.h:
405
406 2014-01-15  Joseph Pecoraro  <pecoraro@apple.com>
407
408         [iOS] Clean up REMOTE_INSPECTOR code in OpenSource after the iOS merge
409         https://bugs.webkit.org/show_bug.cgi?id=127069
410
411         Reviewed by Timothy Hatcher.
412
413         * JavaScriptCore.xcodeproj/project.pbxproj:
414         Export XPCConnection because it is needed by RemoteInspector.h.
415
416         * inspector/remote/RemoteInspectorXPCConnection.h:
417         * inspector/remote/RemoteInspector.h:
418         * inspector/remote/RemoteInspector.mm:
419         (Inspector::RemoteInspector::startDisabled):
420         (Inspector::RemoteInspector::shared):
421         Allow RemoteInspector singleton to start disabled.
422
423 2014-01-15  Brian Burg  <bburg@apple.com>
424
425         Web Inspector: capture probe samples on the backend
426         https://bugs.webkit.org/show_bug.cgi?id=126668
427
428         Reviewed by Joseph Pecoraro.
429
430         Add the 'probe' breakpoint action to the protocol. Change the setBreakpoint
431         commands to return a list of assigned breakpoint action identifiers
432         Add a type for breakpoint action identifiers. Add an event for sending
433         captured probe samples to the inspector frontend.
434
435         * inspector/protocol/Debugger.json:
436
437 2014-01-10  Mark Hahnenberg  <mhahnenberg@apple.com>
438
439         Copying should be generational
440         https://bugs.webkit.org/show_bug.cgi?id=126555
441
442         Reviewed by Geoffrey Garen.
443
444         This patch adds support for copying to our generational collector. Eden collections 
445         always trigger copying. Full collections use our normal fragmentation-based heuristics.
446
447         The way this works is that the CopiedSpace now has the notion of an old generation set of CopiedBlocks
448         and a new generation of CopiedBlocks. During each mutator cycle new CopiedSpace allocations reside
449         in the new generation. When a collection occurs, those blocks are moved to the old generation.
450
451         One key thing to remember is that both new and old generation objects in the MarkedSpace can
452         refer to old or new generation allocations in CopiedSpace. This is why we must fire write barriers 
453         when assigning to an old (MarkedSpace) object's Butterfly.
454
455         * heap/CopiedAllocator.h:
456         (JSC::CopiedAllocator::tryAllocateDuringCopying):
457         * heap/CopiedBlock.h:
458         (JSC::CopiedBlock::CopiedBlock):
459         (JSC::CopiedBlock::didEvacuateBytes):
460         (JSC::CopiedBlock::isOld):
461         (JSC::CopiedBlock::didPromote):
462         * heap/CopiedBlockInlines.h:
463         (JSC::CopiedBlock::reportLiveBytes):
464         (JSC::CopiedBlock::reportLiveBytesDuringCopying):
465         * heap/CopiedSpace.cpp:
466         (JSC::CopiedSpace::CopiedSpace):
467         (JSC::CopiedSpace::~CopiedSpace):
468         (JSC::CopiedSpace::init):
469         (JSC::CopiedSpace::tryAllocateOversize):
470         (JSC::CopiedSpace::tryReallocateOversize):
471         (JSC::CopiedSpace::doneFillingBlock):
472         (JSC::CopiedSpace::didStartFullCollection):
473         (JSC::CopiedSpace::doneCopying):
474         (JSC::CopiedSpace::size):
475         (JSC::CopiedSpace::capacity):
476         (JSC::CopiedSpace::isPagedOut):
477         * heap/CopiedSpace.h:
478         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
479         * heap/CopiedSpaceInlines.h:
480         (JSC::CopiedSpace::contains):
481         (JSC::CopiedSpace::recycleEvacuatedBlock):
482         (JSC::CopiedSpace::allocateBlock):
483         (JSC::CopiedSpace::startedCopying):
484         * heap/CopyVisitor.cpp:
485         (JSC::CopyVisitor::copyFromShared):
486         * heap/CopyVisitorInlines.h:
487         (JSC::CopyVisitor::allocateNewSpace):
488         (JSC::CopyVisitor::allocateNewSpaceSlow):
489         * heap/GCThreadSharedData.cpp:
490         (JSC::GCThreadSharedData::didStartCopying):
491         * heap/Heap.cpp:
492         (JSC::Heap::copyBackingStores):
493         * heap/SlotVisitorInlines.h:
494         (JSC::SlotVisitor::copyLater):
495         * heap/TinyBloomFilter.h:
496         (JSC::TinyBloomFilter::add):
497
498 2014-01-14  Mark Lam  <mark.lam@apple.com>
499
500         ASSERTION FAILED: !hasError() in JSC::Parser<LexerType>::createSavePoint().
501         https://bugs.webkit.org/show_bug.cgi?id=126990.
502
503         Reviewed by Geoffrey Garen.
504
505         * parser/Parser.cpp:
506         (JSC::Parser<LexerType>::parseConstDeclarationList):
507         - We were missing an error check after attempting to parse an initializer
508           expression. This is now fixed.
509
510 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
511
512         Web Inspector: For Remote Inspection link WebProcess's to their parent UIProcess
513         https://bugs.webkit.org/show_bug.cgi?id=126995
514
515         Reviewed by Timothy Hatcher.
516
517         * inspector/remote/RemoteInspector.mm:
518         (Inspector::RemoteInspector::listingForDebuggable):
519         For each WebView, list the parent process. Listing the parent per WebView
520         is already supported back when we supported processes that could host WebViews
521         for multiple applications.
522
523         * inspector/remote/RemoteInspectorConstants.h:
524         Add a separate key for the bundle identifier, separate from application identifier.
525
526         * inspector/remote/RemoteInspectorDebuggable.cpp:
527         (Inspector::RemoteInspectorDebuggable::info):
528         * inspector/remote/RemoteInspectorDebuggable.h:
529         (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
530         (Inspector::RemoteInspectorDebuggableInfo::hasParentProcess):
531         If a RemoteInspectorDebuggable has a non-zero parent process identifier
532         it is a proxy for the parent process.
533
534 2014-01-14  Brian J. Burg  <burg@cs.washington.edu>
535
536         Add ENABLE(WEB_REPLAY) feature flag to the build system
537         https://bugs.webkit.org/show_bug.cgi?id=126949
538
539         Reviewed by Joseph Pecoraro.
540
541         * Configurations/FeatureDefines.xcconfig:
542
543 2014-01-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
544
545         [EFL] FTL buildfix, add missing includes
546         https://bugs.webkit.org/show_bug.cgi?id=126641
547
548         Reviewed by Csaba Osztrogonác.
549
550         * ftl/FTLOSREntry.cpp:
551         * ftl/FTLOSRExitCompiler.cpp:
552
553 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
554
555         Web Inspector: RemoteInspector::updateDebuggable may miss a push
556         https://bugs.webkit.org/show_bug.cgi?id=126965
557
558         Reviewed by Timothy Hatcher.
559
560         * inspector/remote/RemoteInspector.mm:
561         (Inspector::RemoteInspector::updateDebuggable):
562         Always push an update. If a debuggable went from allowed to
563         not allowed, we would have missed pushing an update.
564
565 2014-01-13  Mark Hahnenberg  <mhahnenberg@apple.com>
566
567         Performance regression on dromaeo due to generational marking
568         https://bugs.webkit.org/show_bug.cgi?id=126901
569
570         Reviewed by Oliver Hunt.
571
572         We were seeing some performance regression with ENABLE_GGC == 0, so this patch
573         ifdefs out more things to get rid of the additional overhead.
574
575         * heap/Heap.cpp:
576         (JSC::Heap::markRoots):
577         (JSC::Heap::writeBarrier):
578         * heap/MarkedBlock.cpp:
579         (JSC::MarkedBlock::clearMarks):
580         (JSC::MarkedBlock::clearMarksWithCollectionType):
581         * heap/MarkedSpace.cpp:
582         (JSC::MarkedSpace::resetAllocators):
583         * heap/MarkedSpace.h:
584         (JSC::MarkedSpace::didAllocateInBlock):
585         * heap/SlotVisitorInlines.h:
586         (JSC::SlotVisitor::internalAppend):
587         (JSC::SlotVisitor::reportExtraMemoryUsage):
588
589 2014-01-13  Brian Burg  <bburg@apple.com>
590
591         Web Inspector: protocol generator should support integer-typed declarations
592         https://bugs.webkit.org/show_bug.cgi?id=126828
593
594         Reviewed by Joseph Pecoraro.
595
596         Add new binding classes for parameter/ad-hoc and normal integer type declarations.
597
598         * inspector/scripts/CodeGeneratorInspector.py:
599         (TypeBindings.create_type_declaration_):
600         (TypeBindings.create_type_declaration_.PlainInteger):
601         (TypeBindings.create_type_declaration_.PlainInteger.resolve_inner):
602         (TypeBindings.create_type_declaration_.PlainInteger.request_user_runtime_cast):
603         (TypeBindings.create_type_declaration_.PlainInteger.request_internal_runtime_cast):
604         (TypeBindings.create_type_declaration_.PlainInteger.get_code_generator):
605         (TypeBindings.create_type_declaration_.PlainInteger.get_validator_call_text):
606         (TypeBindings.create_type_declaration_.PlainInteger.reduce_to_raw_type):
607         (TypeBindings.create_type_declaration_.PlainInteger.get_type_model):
608         (TypeBindings.create_type_declaration_.PlainInteger.get_setter_value_expression_pattern):
609         (TypeBindings.create_type_declaration_.PlainInteger.get_array_item_c_type_text):
610         (TypeBindings.create_type_declaration_.TypedefInteger):
611         (TypeBindings.create_type_declaration_.TypedefInteger.resolve_inner):
612         (TypeBindings.create_type_declaration_.TypedefInteger.request_user_runtime_cast):
613         (TypeBindings.create_type_declaration_.TypedefInteger.request_internal_runtime_cast):
614         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator):
615         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator):
616         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder):
617         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder.int):
618         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.register_use):
619         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.get_generate_pass_id):
620         (TypeBindings.create_type_declaration_.TypedefInteger.get_validator_call_text):
621         (TypeBindings.create_type_declaration_.TypedefInteger.reduce_to_raw_type):
622         (TypeBindings.create_type_declaration_.TypedefInteger.get_type_model):
623         (TypeBindings.create_type_declaration_.TypedefInteger.get_setter_value_expression_pattern):
624         (TypeBindings.create_type_declaration_.TypedefInteger.get_array_item_c_type_text):
625
626 2014-01-13  Zalan Bujtas  <zalan@apple.com>
627
628         Enable SUBPIXEL_LAYOUT on Mac
629         <https://webkit.org/b/126283>
630
631         Reviewed by Simon Fraser.
632
633         * Configurations/FeatureDefines.xcconfig:
634
635 2014-01-13  Zan Dobersek  <zdobersek@igalia.com>
636
637         Unreviewed. Changes in r161686 are exposing a bug in GCC where the global .cfi_startproc directive
638         is not inserted early enough into the generated assembler code when building in debug mode, causing
639         compilation failures on ports using the GCC compilers. To work around the problem, only utilize the
640         OFFLINE_ASM_* macros that use .cfi_ directives when compiling with Clang.
641
642         * llint/LowLevelInterpreter.cpp:
643
644 2014-01-12  Commit Queue  <commit-queue@webkit.org>
645
646         Unreviewed, rolling out r161840.
647         http://trac.webkit.org/changeset/161840
648         https://bugs.webkit.org/show_bug.cgi?id=126870
649
650         Caused jsscore and layout test failures (Requested by smfr on
651         #webkit).
652
653         * API/JSValueRef.cpp:
654         (JSValueMakeFromJSONString):
655         * bindings/ScriptValue.cpp:
656         (Deprecated::jsToInspectorValue):
657         * inspector/InspectorValues.cpp:
658         * runtime/DatePrototype.cpp:
659         (JSC::formatLocaleDate):
660         * runtime/Identifier.h:
661         (JSC::Identifier::characters):
662         * runtime/JSStringBuilder.h:
663         (JSC::JSStringBuilder::append):
664
665 2014-01-12  Darin Adler  <darin@apple.com>
666
667         Add deprecatedCharacters as a synonym for characters and convert most call sites
668         https://bugs.webkit.org/show_bug.cgi?id=126858
669
670         Reviewed by Anders Carlsson.
671
672         * API/JSStringRef.cpp:
673         (JSStringGetCharactersPtr):
674         (JSStringGetUTF8CString):
675         (JSStringIsEqual):
676         * API/JSStringRefCF.cpp:
677         (JSStringCopyCFString):
678         * API/OpaqueJSString.h:
679         (OpaqueJSString::characters):
680         (OpaqueJSString::deprecatedCharacters):
681         (OpaqueJSString::length):
682         (OpaqueJSString::OpaqueJSString):
683         * inspector/InspectorValues.cpp:
684         (Inspector::InspectorValue::parseJSON):
685         * runtime/JSGlobalObjectFunctions.cpp:
686         (JSC::parseInt):
687         * runtime/StringPrototype.cpp:
688         (JSC::localeCompare):
689         (JSC::stringProtoFuncFontsize):
690         (JSC::stringProtoFuncLink):
691         Use deprecatedCharacters instead of characters.
692
693 2014-01-12  Darin Adler  <darin@apple.com>
694
695         Reduce use of String::characters
696         https://bugs.webkit.org/show_bug.cgi?id=126854
697
698         Reviewed by Sam Weinig.
699
700         * API/JSValueRef.cpp:
701         (JSValueMakeFromJSONString): Use characters16 instead of characters for 16-bit case.
702         Had to remove length check because an empty string could be either 8 bit or 16 bit.
703         Don't need a null string check before calling is8Bit because JSStringRef can't hold
704         a null string.
705
706         * bindings/ScriptValue.cpp:
707         (Deprecated::jsToInspectorValue): Use the existing string here instead of creating
708         a new one by calling characters and length on the old string. I think this may be
709         left over from when string types were not the same in JavaScriptCore and WebCore.
710         Also rewrite the property names loop to use modern for syntax and fewer locals.
711
712         * inspector/InspectorValues.cpp:
713         (Inspector::escapeChar): Changed to use appendLiteral instead of hard-coding string
714         lengths. Moved handling of "<" and ">" in here instead of at the call site.
715         (Inspector::doubleQuoteString): Simplify the code so there is no use of characters
716         and length. This is still an inefficient way of doing this job and could use a rethink.
717
718         * runtime/DatePrototype.cpp:
719         (JSC::formatLocaleDate): Use RetainPtr, createCFString, and the conversion from
720         CFStringRef to WTF::String to remove a lot of unneeded code.
721
722         * runtime/Identifier.h: Removed unneeded Identifier::characters function.
723
724         * runtime/JSStringBuilder.h:
725         (JSC::JSStringBuilder::append): Use characters16 instead of characters function here,
726         since we have already checked is8Bit above.
727
728 2014-01-12  Andy Estes  <aestes@apple.com>
729
730         [iOS] Enable the JSC Objective-C API
731
732         Rubber-stamped by Simon Fraser.
733
734         * API/JSBase.h:
735
736 2014-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>
737
738         Unreviewed. Fix make distcheck.
739
740         * GNUmakefile.am: Add inline-and-minify-stylesheets-and-scripts.py
741         to EXTRA_DIST and fix InjectedScriptSource.h generation rule.
742         * GNUmakefile.list.am: Move InjectedScriptSource.h to
743         built_nosources to make sure it's not disted.
744
745 2014-01-11  Anders Carlsson  <andersca@apple.com>
746
747         Try again to fix the build.
748
749         * inspector/InspectorAgentRegistry.cpp:
750         * inspector/InspectorAgentRegistry.h:
751
752 2014-01-11  Anders Carlsson  <andersca@apple.com>
753
754         Try to prevent the Vector copy constructor from being instantiated.
755
756         * inspector/InspectorAgentRegistry.cpp:
757         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
758         * inspector/InspectorAgentRegistry.h:
759
760 2014-01-11  Anders Carlsson  <andersca@apple.com>
761
762         Try something else.
763
764         * inspector/InspectorAgentRegistry.cpp:
765         (Inspector::InspectorAgentRegistry::~InspectorAgentRegistry):
766         * inspector/InspectorAgentRegistry.h:
767
768 2014-01-11  Dean Jackson  <dino@apple.com>
769
770         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
771         https://bugs.webkit.org/show_bug.cgi?id=126754
772
773         Reviewed by Filip Pizlo.
774
775         The ECMAScript specification forbids calling the typed array
776         constructors without using "new". Change the call data to return
777         none so we throw and exception in these cases.
778
779         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
780         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
781
782 2014-01-11  Anders Carlsson  <andersca@apple.com>
783
784         Try to fix the build by introducing a constructor.
785
786         * inspector/InspectorAgentRegistry.cpp:
787         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
788         * inspector/InspectorAgentRegistry.h:
789
790 2014-01-11  Anders Carlsson  <andersca@apple.com>
791
792         * inspector/InspectorAgentRegistry.h:
793
794         Remove an unused function.
795
796 2014-01-11  Anders Carlsson  <andersca@apple.com>
797
798         InspectorAgentRegistry should use std::unique_ptr
799         https://bugs.webkit.org/show_bug.cgi?id=126826
800
801         Reviewed by Sam Weinig.
802
803         * inspector/InspectorAgentRegistry.cpp:
804         (Inspector::InspectorAgentRegistry::append):
805         * inspector/InspectorAgentRegistry.h:
806         * inspector/JSGlobalObjectInspectorController.cpp:
807         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
808         * inspector/agents/InspectorAgent.h:
809
810 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
811
812         Web Inspector: Push InspectorAgent down into JSC, give JSC an InspectorController
813         https://bugs.webkit.org/show_bug.cgi?id=126763
814
815         Reviewed by Timothy Hatcher.
816
817         Introduce JSGlobalObjectInspectorController. This is the InspectorController
818         for a JSContext. It is created by the JSGlobalObject Remote Inspector Debuggable
819         when a remote frontend connects, and is destroyed when the remote frontend
820         disconnects of the JSGlobalObject is destroyed.
821
822         * inspector/JSGlobalObjectInspectorController.h: Added.
823         * inspector/JSGlobalObjectInspectorController.cpp: Added.
824         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
825         (Inspector::JSGlobalObjectInspectorController::~JSGlobalObjectInspectorController):
826         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
827         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
828         (Inspector::JSGlobalObjectInspectorController::dispatchMessageFromFrontend):
829         (Inspector::JSGlobalObjectInspectorController::functionCallHandler):
830         (Inspector::JSGlobalObjectInspectorController::evaluateHandler):
831         Create/destory agents, create/destroy dispatches, implement InspectorEnvironment.
832
833         * runtime/JSGlobalObjectDebuggable.h:
834         * runtime/JSGlobalObjectDebuggable.cpp:
835         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
836         (JSC::JSGlobalObjectDebuggable::connect):
837         (JSC::JSGlobalObjectDebuggable::disconnect):
838         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
839         Forward actions to the InspectorController object.
840
841         * inspector/agents/InspectorAgent.h: Renamed from Source/WebCore/inspector/InspectorAgent.h.
842         * inspector/agents/InspectorAgent.cpp: Renamed from Source/WebCore/inspector/InspectorAgent.cpp.
843         (Inspector::InspectorAgent::InspectorAgent):
844         (Inspector::InspectorAgent::~InspectorAgent):
845         (Inspector::InspectorAgent::didCreateFrontendAndBackend):
846         (Inspector::InspectorAgent::inspect):
847         (Inspector::InspectorAgent::evaluateForTestInFrontend):
848         Implement InspectorAgent in JavaScriptCore in namespace Inspector.
849
850         * JavaScriptCore.xcodeproj/project.pbxproj:
851         * CMakeLists.txt:
852         * ChangeLog:
853         * GNUmakefile.am:
854         * GNUmakefile.list.am:
855         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
856         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
857         * JavaScriptCore.vcxproj/copy-files.cmd:
858         Add files and new inspector/agents subdirectory.
859
860 2014-01-10  Commit Queue  <commit-queue@webkit.org>
861
862         Unreviewed, rolling out r161702.
863         http://trac.webkit.org/changeset/161702
864         https://bugs.webkit.org/show_bug.cgi?id=126803
865
866         Broke multiple tests (Requested by ap on #webkit).
867
868         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
869         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
870
871 2014-01-10  David Kilzer  <ddkilzer@apple.com>
872
873         Clean up architectures in xcconfig files
874         <http://webkit.org/b/126794>
875
876         Reviewed by Andy Estes.
877
878         * Configurations/Base.xcconfig:
879         * Configurations/JavaScriptCore.xcconfig: Remove armv6, ppc.
880         * Configurations/ToolExecutable.xcconfig: Sort.
881         - Add new arch.
882
883 2014-01-10  Dean Jackson  <dino@apple.com>
884
885         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
886         https://bugs.webkit.org/show_bug.cgi?id=126754
887
888         Reviewed by Filip Pizlo.
889
890         The ECMAScript specification forbids calling the typed array
891         constructors without using "new". Change the call data to return
892         none so we throw and exception in these cases.
893
894         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
895         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
896
897 2014-01-10  Benjamin Poulain  <bpoulain@apple.com>
898
899         Remove the BlackBerry port from trunk
900         https://bugs.webkit.org/show_bug.cgi?id=126715
901
902         Reviewed by Anders Carlsson.
903
904         * assembler/ARMAssembler.h:
905         (JSC::ARMAssembler::cacheFlush):
906         * assembler/ARMv7Assembler.h:
907         (JSC::ARMv7Assembler::replaceWithJump):
908         (JSC::ARMv7Assembler::maxJumpReplacementSize):
909         (JSC::ARMv7Assembler::cacheFlush):
910         * assembler/MacroAssemblerARMv7.h:
911         (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
912         * heap/MachineStackMarker.cpp:
913         (JSC::getPlatformThreadRegisters):
914         (JSC::otherThreadStackPointer):
915         (JSC::freePlatformThreadRegisters):
916         * jit/ExecutableAllocator.h:
917
918 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
919
920         Web Inspector: Remove unimplemented or static ScriptDebugServer features
921         https://bugs.webkit.org/show_bug.cgi?id=126784
922
923         Reviewed by Timothy Hatcher.
924
925         * inspector/protocol/Debugger.json:
926
927 2014-01-10  Michael Saboff  <msaboff@apple.com>
928
929         REGRESSION(C stack work): stack traces no longer work in CrashTracer, lldb, and other tools
930         https://bugs.webkit.org/show_bug.cgi?id=126764
931
932         Reviewed by Geoffrey Garen.
933
934         Updated callToJavaScript and cllToNativeFunction to properly replicate the caller's
935         return PC and frame pointer in the sentinel frame.  For X86-64, added .cfi_
936         directives to create eh_frame info for all LLInt symbols so that the various
937         unwinding code understands that we are using a separate JS stack referenced
938         by BP and at what offsets in that frame the prior PC (register 16) and prior
939         BP (register 6) can be found.  These two changes are sufficient for stack tracing
940         to work for Mac OSX.
941
942         * llint/LowLevelInterpreter.cpp:
943         * llint/LowLevelInterpreter64.asm:
944
945 2014-01-10  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
946
947         [EFL][JSC] Enable udis86 disassembler on efl.
948         https://bugs.webkit.org/show_bug.cgi?id=125502
949
950         Reviewed by Michael Saboff.
951
952         Enable udis86 disassembler on efl and fix build warnings.
953
954         * CMakeLists.txt:
955           Add udis86 disassembler source files.
956         * disassembler/udis86/udis86_decode.c:
957         (decode_modrm_rm):
958           Build warning fixes.
959         * disassembler/udis86/udis86_syn-att.c:
960         (gen_operand):
961           Build warning fixes.
962         * disassembler/udis86/udis86_syn-intel.c:
963         (gen_operand):
964           Build warning fixes.
965         * disassembler/udis86/udis86_types.h:
966           Correct FMT64 for uint64_t.
967
968 2014-01-09  Benjamin Poulain  <bpoulain@apple.com>
969
970         Remove the BlackBerry files outside WebCore
971         https://bugs.webkit.org/show_bug.cgi?id=126715
972
973         Reviewed by Anders Carlsson.
974
975         * PlatformBlackBerry.cmake: Removed.
976         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
977         * shell/PlatformBlackBerry.cmake: Removed.
978
979 2014-01-10  Geoffrey Garen  <ggaren@apple.com>
980
981         Removed Blackberry #ifdefs and platform code from JavaScriptCore
982         https://bugs.webkit.org/show_bug.cgi?id=126757
983
984         Reviewed by Sam Weinig.
985
986         * PlatformBlackBerry.cmake: Removed.
987         * heap/HeapTimer.cpp:
988         * heap/HeapTimer.h:
989         * heap/IncrementalSweeper.cpp:
990         * heap/IncrementalSweeper.h:
991         * jsc.cpp:
992         (main):
993         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
994         * runtime/MemoryStatistics.cpp:
995         (JSC::globalMemoryStatistics):
996
997 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
998
999         Marking should be generational
1000         https://bugs.webkit.org/show_bug.cgi?id=126552
1001
1002         Reviewed by Geoffrey Garen.
1003
1004         Re-marking the same objects over and over is a waste of effort. This patch implements 
1005         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
1006         overhead during garbage collection caused by rescanning objects.
1007
1008         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
1009         only visit new objects or objects that were added to the remembered set by a write barrier.
1010         FullCollections are normal collections that visit all objects regardless of their 
1011         generation.
1012
1013         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1014         https://bugs.webkit.org/show_bug.cgi?id=126555.
1015
1016         * bytecode/CodeBlock.cpp:
1017         (JSC::CodeBlock::visitAggregate):
1018         * bytecode/CodeBlock.h:
1019         (JSC::CodeBlockSet::mark):
1020         * dfg/DFGOperations.cpp:
1021         * heap/CodeBlockSet.cpp:
1022         (JSC::CodeBlockSet::add):
1023         (JSC::CodeBlockSet::traceMarked):
1024         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1025         * heap/CodeBlockSet.h:
1026         * heap/CopiedBlockInlines.h:
1027         (JSC::CopiedBlock::reportLiveBytes):
1028         * heap/CopiedSpace.cpp:
1029         (JSC::CopiedSpace::didStartFullCollection):
1030         * heap/CopiedSpace.h:
1031         (JSC::CopiedSpace::heap):
1032         * heap/Heap.cpp:
1033         (JSC::Heap::Heap):
1034         (JSC::Heap::didAbandon):
1035         (JSC::Heap::markRoots):
1036         (JSC::Heap::copyBackingStores):
1037         (JSC::Heap::addToRememberedSet):
1038         (JSC::Heap::collectAllGarbage):
1039         (JSC::Heap::collect):
1040         (JSC::Heap::didAllocate):
1041         (JSC::Heap::writeBarrier):
1042         * heap/Heap.h:
1043         (JSC::Heap::isInRememberedSet):
1044         (JSC::Heap::operationInProgress):
1045         (JSC::Heap::shouldCollect):
1046         (JSC::Heap::isCollecting):
1047         (JSC::Heap::isWriteBarrierEnabled):
1048         (JSC::Heap::writeBarrier):
1049         * heap/HeapOperation.h:
1050         * heap/MarkStack.cpp:
1051         (JSC::MarkStackArray::~MarkStackArray):
1052         (JSC::MarkStackArray::clear):
1053         (JSC::MarkStackArray::fillVector):
1054         * heap/MarkStack.h:
1055         * heap/MarkedAllocator.cpp:
1056         (JSC::isListPagedOut):
1057         (JSC::MarkedAllocator::isPagedOut):
1058         (JSC::MarkedAllocator::tryAllocateHelper):
1059         (JSC::MarkedAllocator::addBlock):
1060         (JSC::MarkedAllocator::removeBlock):
1061         (JSC::MarkedAllocator::reset):
1062         * heap/MarkedAllocator.h:
1063         (JSC::MarkedAllocator::MarkedAllocator):
1064         * heap/MarkedBlock.cpp:
1065         (JSC::MarkedBlock::clearMarks):
1066         (JSC::MarkedBlock::clearRememberedSet):
1067         (JSC::MarkedBlock::clearMarksWithCollectionType):
1068         (JSC::MarkedBlock::lastChanceToFinalize):
1069         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1070         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1071         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1072         (JSC::MarkedBlock::setRemembered):
1073         (JSC::MarkedBlock::clearRemembered):
1074         (JSC::MarkedBlock::atomicClearRemembered):
1075         (JSC::MarkedBlock::isRemembered):
1076         * heap/MarkedSpace.cpp:
1077         (JSC::MarkedSpace::~MarkedSpace):
1078         (JSC::MarkedSpace::resetAllocators):
1079         (JSC::MarkedSpace::visitWeakSets):
1080         (JSC::MarkedSpace::reapWeakSets):
1081         (JSC::VerifyMarked::operator()):
1082         (JSC::MarkedSpace::clearMarks):
1083         * heap/MarkedSpace.h:
1084         (JSC::ClearMarks::operator()):
1085         (JSC::ClearRememberedSet::operator()):
1086         (JSC::MarkedSpace::didAllocateInBlock):
1087         (JSC::MarkedSpace::clearRememberedSet):
1088         * heap/SlotVisitor.cpp:
1089         (JSC::SlotVisitor::~SlotVisitor):
1090         (JSC::SlotVisitor::clearMarkStack):
1091         * heap/SlotVisitor.h:
1092         (JSC::SlotVisitor::markStack):
1093         (JSC::SlotVisitor::sharedData):
1094         * heap/SlotVisitorInlines.h:
1095         (JSC::SlotVisitor::internalAppend):
1096         (JSC::SlotVisitor::unconditionallyAppend):
1097         (JSC::SlotVisitor::copyLater):
1098         (JSC::SlotVisitor::reportExtraMemoryUsage):
1099         (JSC::SlotVisitor::heap):
1100         * jit/Repatch.cpp:
1101         * runtime/JSGenericTypedArrayViewInlines.h:
1102         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1103         * runtime/JSPropertyNameIterator.h:
1104         (JSC::StructureRareData::setEnumerationCache):
1105         * runtime/JSString.cpp:
1106         (JSC::JSString::visitChildren):
1107         * runtime/StructureRareDataInlines.h:
1108         (JSC::StructureRareData::setPreviousID):
1109         (JSC::StructureRareData::setObjectToStringValue):
1110         * runtime/WeakMapData.cpp:
1111         (JSC::WeakMapData::visitChildren):
1112
1113 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1114
1115         Unreviewed Windows build fix for r161563.
1116
1117         Copy all scripts, some may not be .py.
1118
1119         * JavaScriptCore.vcxproj/copy-files.cmd:
1120
1121 2014-01-09  Filip Pizlo  <fpizlo@apple.com>
1122
1123         AI for CreateArguments should pass through non-SpecEmpty input values
1124         https://bugs.webkit.org/show_bug.cgi?id=126709
1125
1126         Reviewed by Mark Hahnenberg.
1127
1128         * dfg/DFGAbstractInterpreterInlines.h:
1129         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1130         * tests/stress/use-arguments-as-object-pointer.js: Added.
1131         (foo):
1132
1133 2014-01-09  Mark Hahnenberg  <mhahnenberg@apple.com>
1134
1135         Constructors for Objective-C classes do not work properly with instanceof
1136         https://bugs.webkit.org/show_bug.cgi?id=126670
1137
1138         Reviewed by Oliver Hunt.
1139
1140         This bug is due to the fact that the JS constructors created for Objective-C classes via the JSC 
1141         API inherit from JSCallbackObject, which overrides hasInstance with its own customHasInstance. 
1142         JSCallbackObject::customHasInstance only checks the JSClassRefs for hasInstance callbacks. 
1143         If it doesn't find any callbacks, it returns false.
1144
1145         This patch adds a hasInstance callback to constructors created for Objective-C wrapper classes.
1146
1147         * API/JSWrapperMap.mm:
1148         (constructorHasInstance):
1149         (constructorWithCustomBrand):
1150         (allocateConstructorForCustomClass):
1151         * API/tests/testapi.mm:
1152
1153 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1154
1155         Web Inspector: Move InjectedScript classes into JavaScriptCore
1156         https://bugs.webkit.org/show_bug.cgi?id=126598
1157
1158         Reviewed by Timothy Hatcher.
1159
1160         Part 5: Move InjectedScript classes into JavaScriptCore
1161
1162         There are pieces of logic that WebCore wants to hook into in the InjectedScript
1163         execution (e.g. for CommandLineAPIModule and InspectorInstrumentation). Create
1164         hooks for those in a base class called InspectorEnvironment. For now, the
1165         InspectorControllers (Page, JSGlobalObject, Worker) will be the InspectorEnvironments
1166         and provide answers to its hooks.
1167
1168         * inspector/InspectorEnvironment.h: Added.
1169         New hooks needed by WebCore in various places. Mostly stubbed in JavaScriptCore.
1170
1171         * inspector/InjectedScript.cpp: Renamed from Source/WebCore/inspector/InjectedScript.cpp.
1172         * inspector/InjectedScript.h: Added.
1173         * inspector/InjectedScriptBase.cpp: Renamed from Source/WebCore/inspector/InjectedScriptBase.cpp.
1174         * inspector/InjectedScriptBase.h: Renamed from Source/WebCore/inspector/InjectedScriptBase.h.
1175         * inspector/InjectedScriptModule.cpp: Renamed from Source/WebCore/inspector/InjectedScriptModule.cpp.
1176         * inspector/InjectedScriptModule.h: Renamed from Source/WebCore/inspector/InjectedScriptModule.h.
1177         Cleanup the style of these files (nullptr, formatting, whitespace, etc).
1178         Use the InspectorEnvironments call/evaluate function for ScriptFunctionCalls and checking access
1179
1180         * inspector/InjectedScriptManager.cpp: Renamed from Source/WebCore/inspector/InjectedScriptManager.cpp.
1181         * inspector/InjectedScriptManager.h: Renamed from Source/WebCore/inspector/InjectedScriptManager.h.
1182         Take an InspectorEnvironment with multiple hooks, instead of a single hook function.
1183
1184         * inspector/InjectedScriptHost.cpp: Added.
1185         * inspector/InjectedScriptHost.h: Added.
1186         * inspector/JSInjectedScriptHost.cpp: Renamed from Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp.
1187         * inspector/JSInjectedScriptHost.h: Added.
1188         * inspector/JSInjectedScriptHostPrototype.cpp: Added.
1189         * inspector/JSInjectedScriptHostPrototype.h: Added.
1190         Implementation of InjectedScriptHost which is passed into the script (InjectedScriptSource.js)
1191         that we inject into the page. This is mostly copied from the original autogenerated code,
1192         then simplified and cleaned up. InjectedScriptHost can be subclasses to provide specialized
1193         implementations of isHTMLAllCollection and type for Web/DOM types unknown to a pure JS context.
1194
1195
1196         Part 4: Move all inspector scripts into JavaScriptCore and update generators.
1197
1198         For OS X be sure to export the scripts as if they are private headers.
1199
1200         * GNUmakefile.am:
1201         * JavaScriptCore.xcodeproj/project.pbxproj:
1202         * inspector/scripts/cssmin.py: Renamed from Source/WebCore/inspector/Scripts/cssmin.py.
1203         * inspector/scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/WebCore/inspector/Scripts/inline-and-minify-stylesheets-and-scripts.py.
1204         * inspector/scripts/jsmin.py: Renamed from Source/WebCore/inspector/Scripts/jsmin.py.
1205         * inspector/scripts/xxd.pl: Renamed from Source/WebCore/inspector/xxd.pl.
1206
1207
1208         Part 3: Update CodeGeneratorInspector to avoid inlining virtual destructors.
1209
1210         This avoids build errors about duplicate exported virtual inlined methods
1211         are included from multiple places. Just put empty destructors in the
1212         implementation file instead of inlined.
1213
1214         * inspector/scripts/CodeGeneratorInspector.py:
1215         (Generator):
1216         (Generator.go):
1217         * inspector/scripts/CodeGeneratorInspectorStrings.py:
1218
1219
1220         Part 2: Move InjectedScriptSource and generation into JavaScriptCore.
1221
1222         Move InjectedScriptSource.js and derived sources generation.
1223
1224         * CMakeLists.txt:
1225         * DerivedSources.make:
1226         * GNUmakefile.am:
1227         * GNUmakefile.list.am:
1228         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1229         * JavaScriptCore.xcodeproj/project.pbxproj:
1230         * inspector/InjectedScriptSource.js: Renamed from Source/WebCore/inspector/InjectedScriptSource.js.
1231
1232 2014-01-09  Balazs Kilvady  <kilvadyb@homejinni.com>
1233
1234         Regression: failing RegExp tests on 32 bit architectures.
1235         https://bugs.webkit.org/show_bug.cgi?id=126699
1236
1237         Reviewed by Michael Saboff.
1238
1239         Fix setRegExpConstructor functions for 32 bit architectures.
1240
1241         * runtime/RegExpConstructor.cpp:
1242         (JSC::setRegExpConstructorInput):
1243         (JSC::setRegExpConstructorMultiline):
1244
1245 2014-01-09  Commit Queue  <commit-queue@webkit.org>
1246
1247         Unreviewed, rolling out r161540.
1248         http://trac.webkit.org/changeset/161540
1249         https://bugs.webkit.org/show_bug.cgi?id=126704
1250
1251         Caused assertion failures on multiple tests (Requested by ap
1252         on #webkit).
1253
1254         * bytecode/CodeBlock.cpp:
1255         (JSC::CodeBlock::visitAggregate):
1256         * bytecode/CodeBlock.h:
1257         (JSC::CodeBlockSet::mark):
1258         * dfg/DFGOperations.cpp:
1259         * heap/CodeBlockSet.cpp:
1260         (JSC::CodeBlockSet::add):
1261         (JSC::CodeBlockSet::traceMarked):
1262         * heap/CodeBlockSet.h:
1263         * heap/CopiedBlockInlines.h:
1264         (JSC::CopiedBlock::reportLiveBytes):
1265         * heap/CopiedSpace.cpp:
1266         * heap/CopiedSpace.h:
1267         * heap/Heap.cpp:
1268         (JSC::Heap::Heap):
1269         (JSC::Heap::didAbandon):
1270         (JSC::Heap::markRoots):
1271         (JSC::Heap::copyBackingStores):
1272         (JSC::Heap::collectAllGarbage):
1273         (JSC::Heap::collect):
1274         (JSC::Heap::didAllocate):
1275         * heap/Heap.h:
1276         (JSC::Heap::shouldCollect):
1277         (JSC::Heap::isCollecting):
1278         (JSC::Heap::isWriteBarrierEnabled):
1279         (JSC::Heap::writeBarrier):
1280         * heap/HeapOperation.h:
1281         * heap/MarkStack.cpp:
1282         (JSC::MarkStackArray::~MarkStackArray):
1283         * heap/MarkStack.h:
1284         * heap/MarkedAllocator.cpp:
1285         (JSC::MarkedAllocator::isPagedOut):
1286         (JSC::MarkedAllocator::tryAllocateHelper):
1287         (JSC::MarkedAllocator::addBlock):
1288         (JSC::MarkedAllocator::removeBlock):
1289         * heap/MarkedAllocator.h:
1290         (JSC::MarkedAllocator::MarkedAllocator):
1291         (JSC::MarkedAllocator::reset):
1292         * heap/MarkedBlock.cpp:
1293         * heap/MarkedBlock.h:
1294         (JSC::MarkedBlock::lastChanceToFinalize):
1295         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1296         (JSC::MarkedBlock::clearMarks):
1297         * heap/MarkedSpace.cpp:
1298         (JSC::MarkedSpace::~MarkedSpace):
1299         (JSC::MarkedSpace::resetAllocators):
1300         (JSC::MarkedSpace::visitWeakSets):
1301         (JSC::MarkedSpace::reapWeakSets):
1302         * heap/MarkedSpace.h:
1303         (JSC::ClearMarks::operator()):
1304         (JSC::MarkedSpace::clearMarks):
1305         * heap/SlotVisitor.cpp:
1306         (JSC::SlotVisitor::~SlotVisitor):
1307         * heap/SlotVisitor.h:
1308         (JSC::SlotVisitor::sharedData):
1309         * heap/SlotVisitorInlines.h:
1310         (JSC::SlotVisitor::internalAppend):
1311         (JSC::SlotVisitor::copyLater):
1312         (JSC::SlotVisitor::reportExtraMemoryUsage):
1313         * jit/Repatch.cpp:
1314         * runtime/JSGenericTypedArrayViewInlines.h:
1315         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1316         * runtime/JSPropertyNameIterator.h:
1317         (JSC::StructureRareData::setEnumerationCache):
1318         * runtime/JSString.cpp:
1319         (JSC::JSString::visitChildren):
1320         * runtime/StructureRareDataInlines.h:
1321         (JSC::StructureRareData::setPreviousID):
1322         (JSC::StructureRareData::setObjectToStringValue):
1323         * runtime/WeakMapData.cpp:
1324         (JSC::WeakMapData::visitChildren):
1325
1326 2014-01-09  Andreas Kling  <akling@apple.com>
1327
1328         Shrink WatchpointSet.
1329         <https://webkit.org/b/126694>
1330
1331         Reorder the members of WatchpointSet, shrinking it by 8 bytes.
1332         767 kB progression on Membuster3.
1333
1334         Reviewed by Antti Koivisto.
1335
1336         * bytecode/Watchpoint.h:
1337
1338 2014-01-08  Mark Hahnenberg  <mhahnenberg@apple.com>
1339
1340         Reverting accidental GC logging
1341
1342         * heap/Heap.cpp:
1343
1344 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1345
1346         Marking should be generational
1347         https://bugs.webkit.org/show_bug.cgi?id=126552
1348
1349         Reviewed by Geoffrey Garen.
1350
1351         Re-marking the same objects over and over is a waste of effort. This patch implements 
1352         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
1353         overhead during garbage collection caused by rescanning objects.
1354
1355         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
1356         only visit new objects or objects that were added to the remembered set by a write barrier.
1357         FullCollections are normal collections that visit all objects regardless of their 
1358         generation.
1359
1360         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1361         https://bugs.webkit.org/show_bug.cgi?id=126555.
1362
1363         * bytecode/CodeBlock.cpp:
1364         (JSC::CodeBlock::visitAggregate):
1365         * bytecode/CodeBlock.h:
1366         (JSC::CodeBlockSet::mark):
1367         * dfg/DFGOperations.cpp:
1368         * heap/CodeBlockSet.cpp:
1369         (JSC::CodeBlockSet::add):
1370         (JSC::CodeBlockSet::traceMarked):
1371         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1372         * heap/CodeBlockSet.h:
1373         * heap/CopiedBlockInlines.h:
1374         (JSC::CopiedBlock::reportLiveBytes):
1375         * heap/CopiedSpace.cpp:
1376         (JSC::CopiedSpace::didStartFullCollection):
1377         * heap/CopiedSpace.h:
1378         (JSC::CopiedSpace::heap):
1379         * heap/Heap.cpp:
1380         (JSC::Heap::Heap):
1381         (JSC::Heap::didAbandon):
1382         (JSC::Heap::markRoots):
1383         (JSC::Heap::copyBackingStores):
1384         (JSC::Heap::addToRememberedSet):
1385         (JSC::Heap::collectAllGarbage):
1386         (JSC::Heap::collect):
1387         (JSC::Heap::didAllocate):
1388         (JSC::Heap::writeBarrier):
1389         * heap/Heap.h:
1390         (JSC::Heap::isInRememberedSet):
1391         (JSC::Heap::operationInProgress):
1392         (JSC::Heap::shouldCollect):
1393         (JSC::Heap::isCollecting):
1394         (JSC::Heap::isWriteBarrierEnabled):
1395         (JSC::Heap::writeBarrier):
1396         * heap/HeapOperation.h:
1397         * heap/MarkStack.cpp:
1398         (JSC::MarkStackArray::~MarkStackArray):
1399         (JSC::MarkStackArray::clear):
1400         (JSC::MarkStackArray::fillVector):
1401         * heap/MarkStack.h:
1402         * heap/MarkedAllocator.cpp:
1403         (JSC::isListPagedOut):
1404         (JSC::MarkedAllocator::isPagedOut):
1405         (JSC::MarkedAllocator::tryAllocateHelper):
1406         (JSC::MarkedAllocator::addBlock):
1407         (JSC::MarkedAllocator::removeBlock):
1408         (JSC::MarkedAllocator::reset):
1409         * heap/MarkedAllocator.h:
1410         (JSC::MarkedAllocator::MarkedAllocator):
1411         * heap/MarkedBlock.cpp:
1412         (JSC::MarkedBlock::clearMarks):
1413         (JSC::MarkedBlock::clearRememberedSet):
1414         (JSC::MarkedBlock::clearMarksWithCollectionType):
1415         (JSC::MarkedBlock::lastChanceToFinalize):
1416         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1417         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1418         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1419         (JSC::MarkedBlock::setRemembered):
1420         (JSC::MarkedBlock::clearRemembered):
1421         (JSC::MarkedBlock::atomicClearRemembered):
1422         (JSC::MarkedBlock::isRemembered):
1423         * heap/MarkedSpace.cpp:
1424         (JSC::MarkedSpace::~MarkedSpace):
1425         (JSC::MarkedSpace::resetAllocators):
1426         (JSC::MarkedSpace::visitWeakSets):
1427         (JSC::MarkedSpace::reapWeakSets):
1428         (JSC::VerifyMarked::operator()):
1429         (JSC::MarkedSpace::clearMarks):
1430         * heap/MarkedSpace.h:
1431         (JSC::ClearMarks::operator()):
1432         (JSC::ClearRememberedSet::operator()):
1433         (JSC::MarkedSpace::didAllocateInBlock):
1434         (JSC::MarkedSpace::clearRememberedSet):
1435         * heap/SlotVisitor.cpp:
1436         (JSC::SlotVisitor::~SlotVisitor):
1437         (JSC::SlotVisitor::clearMarkStack):
1438         * heap/SlotVisitor.h:
1439         (JSC::SlotVisitor::markStack):
1440         (JSC::SlotVisitor::sharedData):
1441         * heap/SlotVisitorInlines.h:
1442         (JSC::SlotVisitor::internalAppend):
1443         (JSC::SlotVisitor::unconditionallyAppend):
1444         (JSC::SlotVisitor::copyLater):
1445         (JSC::SlotVisitor::reportExtraMemoryUsage):
1446         (JSC::SlotVisitor::heap):
1447         * jit/Repatch.cpp:
1448         * runtime/JSGenericTypedArrayViewInlines.h:
1449         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1450         * runtime/JSPropertyNameIterator.h:
1451         (JSC::StructureRareData::setEnumerationCache):
1452         * runtime/JSString.cpp:
1453         (JSC::JSString::visitChildren):
1454         * runtime/StructureRareDataInlines.h:
1455         (JSC::StructureRareData::setPreviousID):
1456         (JSC::StructureRareData::setObjectToStringValue):
1457         * runtime/WeakMapData.cpp:
1458         (JSC::WeakMapData::visitChildren):
1459
1460 2014-01-08  Sam Weinig  <sam@webkit.org>
1461
1462         [JS] Should be able to create a promise by calling the Promise constructor as a function
1463         https://bugs.webkit.org/show_bug.cgi?id=126561
1464
1465         Reviewed by Geoffrey Garen.
1466
1467         * runtime/JSPromiseConstructor.cpp:
1468         (JSC::JSPromiseConstructor::getCallData):
1469         Add support for calling the Promise constructor as a function (e.g. var p = Promise(...), note
1470         the missing "new").
1471
1472 2014-01-08  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
1473
1474         [EFL] Make FTL buildable
1475         https://bugs.webkit.org/show_bug.cgi?id=125777
1476
1477         Reviewed by Csaba Osztrogonác.
1478
1479         * CMakeLists.txt:
1480         * ftl/FTLOSREntry.cpp:
1481         * ftl/FTLOSRExitCompiler.cpp:
1482         * llvm/library/config_llvm.h:
1483
1484 2014-01-08  Zan Dobersek  <zdobersek@igalia.com>
1485
1486         [Automake] Scripts for generated build targets do not necessarily produce their output
1487         https://bugs.webkit.org/show_bug.cgi?id=126378
1488
1489         Reviewed by Carlos Garcia Campos.
1490
1491         * GNUmakefile.am: Touch the build targets that are generated through helper scripts that don't
1492         assure the output is generated every time the script is invoked, most commonly due to unchanged
1493         input. This assures the build targets are up-to-date and can't be older that their dependencies,
1494         which would result in constant regeneration at every build.
1495
1496 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1497
1498         DFG fixup phase should be responsible for inserting ValueToInt32's as needed and it should use Phantom to keep the original values alive in case of OSR exit
1499         https://bugs.webkit.org/show_bug.cgi?id=126600
1500
1501         Reviewed by Michael Saboff.
1502         
1503         This fixes an embarrassing OSR exit liveness bug. It also simplifies the code. We were
1504         already using FixupPhase as the place where conversion nodes get inserted. ValueToInt32
1505         was the only exception to that rule, and that was one of the reasons why we had this bug.
1506         
1507         Henceforth ValueToInt32 is only inserted by FixupPhase, and only when it is necessary:
1508         we have a BitOp that will want a ToInt32 conversion and the operand is not predicted to
1509         already be an int32. If FixupPhase inserts any ValueToInt32's then the BitOp will no
1510         longer appear to use the original operand, which will make OSR exit think that the
1511         original operand is dead. We work around this they way we always do: insert a Phantom on
1512         the original operands right after the BitOp. This ensures that any OSR exit in any of the
1513         ValueToInt32's or in the BitOp itself will have values for the original inputs.
1514
1515         * dfg/DFGBackwardsPropagationPhase.cpp:
1516         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1517         (JSC::DFG::BackwardsPropagationPhase::propagate):
1518         * dfg/DFGByteCodeParser.cpp:
1519         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1520         (JSC::DFG::ByteCodeParser::parseBlock):
1521         * dfg/DFGFixupPhase.cpp:
1522         (JSC::DFG::FixupPhase::fixupNode):
1523         (JSC::DFG::FixupPhase::fixIntEdge):
1524         (JSC::DFG::FixupPhase::fixBinaryIntEdges):
1525         * dfg/DFGPredictionPropagationPhase.cpp:
1526         (JSC::DFG::PredictionPropagationPhase::propagate):
1527         * tests/stress/bit-op-value-to-int32-input-liveness.js: Added.
1528         (foo):
1529
1530 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1531
1532         Repatch write barrier slow path call doesn't align the stack in the presence of saved registers
1533         https://bugs.webkit.org/show_bug.cgi?id=126093
1534
1535         Reviewed by Geoffrey Garen.
1536
1537         * jit/Repatch.cpp: Reworked the stack alignment code for calling out to C code on the write barrier slow path.
1538         We need to properly account for the number of reused registers that were saved to the stack, so we have to 
1539         pass the ScratchRegisterAllocator around.
1540         (JSC::storeToWriteBarrierBuffer):
1541         (JSC::writeBarrier):
1542         (JSC::emitPutReplaceStub):
1543         (JSC::emitPutTransitionStub):
1544         * jit/ScratchRegisterAllocator.h: Previously the ScratchRegisterAllocator only knew whether or not it had
1545         reused registers, but not how many. In order to correctly align the stack for calls to C slow paths for 
1546         the write barriers in inline caches we need to know how the stack is aligned. So now ScratchRegisterAllocator
1547         tracks how many registers it has reused.
1548         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
1549         (JSC::ScratchRegisterAllocator::allocateScratch):
1550         (JSC::ScratchRegisterAllocator::didReuseRegisters):
1551         (JSC::ScratchRegisterAllocator::numberOfReusedRegisters):
1552         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1553         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1554         * llint/LowLevelInterpreter64.asm: Random typo fix.
1555
1556 2014-01-07  Mark Lam  <mark.lam@apple.com>
1557
1558         r161364 caused JSC tests regression on non-DFG builds (e.g. C Loop and Windows).
1559         https://bugs.webkit.org/show_bug.cgi?id=126589.
1560
1561         Reviewed by Filip Pizlo.
1562
1563         After the removal of ENABLE(VALUE_PROFILER), the LLINT is now expecting the
1564         relevant opcode operands to point to ValueProfiler data structures and will
1565         write profiling data into them. Hence, we need to allocate these data
1566         structures even though the profiling data won't be used in non-DFG builds.
1567
1568         * bytecode/CodeBlock.cpp:
1569         (JSC::CodeBlock::CodeBlock):
1570
1571 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1572
1573         ASSERT in compileArithNegate on pdfjs
1574         https://bugs.webkit.org/show_bug.cgi?id=126584
1575
1576         Reviewed by Mark Hahnenberg.
1577         
1578         Check negative zero when we should check it, not when we shouldn't check it. :-/
1579
1580         * dfg/DFGSpeculativeJIT.cpp:
1581         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1582
1583 2014-01-07  Gabor Rapcsanyi  <rgabor@webkit.org>
1584
1585         pushFinallyContext saves wrong m_labelScopes size
1586         https://bugs.webkit.org/show_bug.cgi?id=124529
1587
1588         Remove free label scopes before saving finally context.
1589
1590         Reviewed by Geoffrey Garen.
1591
1592         * bytecompiler/BytecodeGenerator.cpp:
1593         (JSC::BytecodeGenerator::pushFinallyContext):
1594
1595 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1596
1597         Heap::collect shouldn't be responsible for sweeping
1598         https://bugs.webkit.org/show_bug.cgi?id=126556
1599
1600         Reviewed by Geoffrey Garen.
1601
1602         Sweeping happens at an awkward time during collection due to the fact that destructors can 
1603         cause arbitrary reentry into the VM. This patch separates collecting and sweeping, and delays 
1604         sweeping until after collection has completely finished.
1605
1606         * heap/Heap.cpp:
1607         (JSC::Heap::collectAllGarbage):
1608         (JSC::Heap::collect):
1609         (JSC::Heap::collectIfNecessaryOrDefer):
1610         * heap/Heap.h:
1611         * heap/MarkedSpace.cpp:
1612         (JSC::MarkedSpace::sweep):
1613         * runtime/GCActivityCallback.cpp:
1614         (JSC::DefaultGCActivityCallback::doWork):
1615
1616 2014-01-07  Mark Rowe  <mrowe@apple.com>
1617
1618         <https://webkit.org/b/126567> Remove the legacy WebKit availability macros
1619
1620         They're no longer used.
1621
1622         Reviewed by Ryosuke Niwa.
1623
1624         * API/WebKitAvailability.h:
1625
1626 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1627
1628         SetLocal for a FlushedArguments should not claim that the dataFormat is DataFormatJS
1629         https://bugs.webkit.org/show_bug.cgi?id=126563
1630
1631         Reviewed by Gavin Barraclough.
1632         
1633         This was a rookie arguments simplification mistake: the SetLocal needs to record the fact
1634         that although it set JSValue(), OSR should think it set Arguments. DataFormatArguments
1635         conveys this, and dataFormatFor(FlushFormat) will do the right thing.
1636
1637         * dfg/DFGSpeculativeJIT32_64.cpp:
1638         (JSC::DFG::SpeculativeJIT::compile):
1639         * dfg/DFGSpeculativeJIT64.cpp:
1640         (JSC::DFG::SpeculativeJIT::compile):
1641         * tests/stress/phantom-arguments-set-local-then-exit-in-same-block.js: Added.
1642         (foo):
1643
1644 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1645
1646         Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
1647         https://bugs.webkit.org/show_bug.cgi?id=125519
1648
1649         Reviewed by Geoffrey Garen.
1650         
1651         Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
1652         checks and overflows the node should do. Previously this would be deduced from
1653         backwards analysis results.
1654         
1655         This also makes "unchecked" variants really mean that you want the int32 wrapped
1656         result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
1657         constant folder needs to compute exactly the result implied by ArithMode, instead of
1658         just folding the double result.
1659
1660         * CMakeLists.txt:
1661         * GNUmakefile.list.am:
1662         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1663         * JavaScriptCore.xcodeproj/project.pbxproj:
1664         * dfg/DFGAbstractInterpreterInlines.h:
1665         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1666         * dfg/DFGArithMode.cpp: Added.
1667         (WTF::printInternal):
1668         * dfg/DFGArithMode.h: Added.
1669         (JSC::DFG::doesOverflow):
1670         (JSC::DFG::shouldCheckOverflow):
1671         (JSC::DFG::shouldCheckNegativeZero):
1672         * dfg/DFGCSEPhase.cpp:
1673         (JSC::DFG::CSEPhase::pureCSE):
1674         (JSC::DFG::CSEPhase::performNodeCSE):
1675         * dfg/DFGConstantFoldingPhase.cpp:
1676         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1677         * dfg/DFGFixupPhase.cpp:
1678         (JSC::DFG::FixupPhase::fixupNode):
1679         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
1680         * dfg/DFGGraph.cpp:
1681         (JSC::DFG::Graph::dump):
1682         * dfg/DFGNode.h:
1683         (JSC::DFG::Node::Node):
1684         (JSC::DFG::Node::hasArithMode):
1685         (JSC::DFG::Node::arithMode):
1686         (JSC::DFG::Node::setArithMode):
1687         * dfg/DFGSpeculativeJIT.cpp:
1688         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1689         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
1690         (JSC::DFG::SpeculativeJIT::compileAdd):
1691         (JSC::DFG::SpeculativeJIT::compileArithSub):
1692         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1693         (JSC::DFG::SpeculativeJIT::compileArithMul):
1694         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1695         (JSC::DFG::SpeculativeJIT::compileArithMod):
1696         * dfg/DFGSpeculativeJIT.h:
1697         * dfg/DFGSpeculativeJIT32_64.cpp:
1698         (JSC::DFG::SpeculativeJIT::compile):
1699         * dfg/DFGSpeculativeJIT64.cpp:
1700         (JSC::DFG::SpeculativeJIT::compile):
1701         * ftl/FTLLowerDFGToLLVM.cpp:
1702         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
1703         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
1704         (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
1705         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
1706         (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
1707
1708 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1709
1710         Add write barriers to the LLInt
1711         https://bugs.webkit.org/show_bug.cgi?id=126527
1712
1713         Reviewed by Filip Pizlo.
1714
1715         This patch takes a similar approach to how write barriers work in the baseline JIT.
1716         We execute the write barrier at the beginning of the opcode so we don't have to 
1717         worry about saving and restoring live registers across write barrier slow path calls 
1718         to C code.
1719
1720         * llint/LLIntOfflineAsmConfig.h:
1721         * llint/LLIntSlowPaths.cpp:
1722         (JSC::LLInt::llint_write_barrier_slow):
1723         * llint/LLIntSlowPaths.h:
1724         * llint/LowLevelInterpreter.asm:
1725         * llint/LowLevelInterpreter32_64.asm:
1726         * llint/LowLevelInterpreter64.asm:
1727         * offlineasm/arm64.rb:
1728         * offlineasm/instructions.rb:
1729         * offlineasm/x86.rb:
1730
1731 2014-01-05  Sam Weinig  <sam@webkit.org>
1732
1733         [JS] Implement Promise.all()
1734         https://bugs.webkit.org/show_bug.cgi?id=126510
1735
1736         Reviewed by Gavin Barraclough.
1737
1738         Add Promise.all() implementation and factor out performing resolves and rejects
1739         on deferreds to share a bit of code. Also moves the abruptRejection helper to
1740         JSPromiseDeferred so it can be used in JSPromiseFunctions.
1741
1742         * runtime/CommonIdentifiers.h:
1743         * runtime/JSPromiseConstructor.cpp:
1744         (JSC::JSPromiseConstructorFuncCast):
1745         (JSC::JSPromiseConstructorFuncResolve):
1746         (JSC::JSPromiseConstructorFuncReject):
1747         (JSC::JSPromiseConstructorFuncAll):
1748         * runtime/JSPromiseDeferred.cpp:
1749         (JSC::updateDeferredFromPotentialThenable):
1750         (JSC::performDeferredResolve):
1751         (JSC::performDeferredReject):
1752         (JSC::abruptRejection):
1753         * runtime/JSPromiseDeferred.h:
1754         * runtime/JSPromiseFunctions.cpp:
1755         (JSC::promiseAllCountdownFunction):
1756         (JSC::createPromiseAllCountdownFunction):
1757         * runtime/JSPromiseFunctions.h:
1758         * runtime/JSPromiseReaction.cpp:
1759         (JSC::ExecutePromiseReactionMicrotask::run):
1760
1761 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1762
1763         Get rid of ENABLE(VALUE_PROFILER). It's on all the time now.
1764
1765         Rubber stamped by Mark Hahnenberg.
1766
1767         * bytecode/CallLinkStatus.cpp:
1768         (JSC::CallLinkStatus::computeFor):
1769         * bytecode/CodeBlock.cpp:
1770         (JSC::CodeBlock::dumpValueProfiling):
1771         (JSC::CodeBlock::dumpArrayProfiling):
1772         (JSC::CodeBlock::dumpRareCaseProfile):
1773         (JSC::CodeBlock::dumpBytecode):
1774         (JSC::CodeBlock::CodeBlock):
1775         (JSC::CodeBlock::setNumParameters):
1776         (JSC::CodeBlock::shrinkToFit):
1777         (JSC::CodeBlock::shouldOptimizeNow):
1778         * bytecode/CodeBlock.h:
1779         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1780         * bytecode/GetByIdStatus.cpp:
1781         (JSC::GetByIdStatus::computeForChain):
1782         (JSC::GetByIdStatus::computeFor):
1783         * bytecode/LazyOperandValueProfile.cpp:
1784         * bytecode/LazyOperandValueProfile.h:
1785         * bytecode/PutByIdStatus.cpp:
1786         (JSC::PutByIdStatus::computeFor):
1787         * bytecode/ValueProfile.h:
1788         * bytecompiler/BytecodeGenerator.cpp:
1789         (JSC::BytecodeGenerator::newArrayProfile):
1790         (JSC::BytecodeGenerator::newArrayAllocationProfile):
1791         (JSC::BytecodeGenerator::emitProfiledOpcode):
1792         * jit/GPRInfo.h:
1793         * jit/JIT.cpp:
1794         (JSC::JIT::JIT):
1795         (JSC::JIT::privateCompileSlowCases):
1796         (JSC::JIT::privateCompile):
1797         * jit/JIT.h:
1798         * jit/JITArithmetic.cpp:
1799         (JSC::JIT::compileBinaryArithOp):
1800         (JSC::JIT::emit_op_mul):
1801         (JSC::JIT::emit_op_div):
1802         * jit/JITArithmetic32_64.cpp:
1803         (JSC::JIT::emitBinaryDoubleOp):
1804         (JSC::JIT::emit_op_mul):
1805         (JSC::JIT::emitSlow_op_mul):
1806         (JSC::JIT::emit_op_div):
1807         * jit/JITCall.cpp:
1808         (JSC::JIT::emitPutCallResult):
1809         * jit/JITCall32_64.cpp:
1810         (JSC::JIT::emitPutCallResult):
1811         * jit/JITInlines.h:
1812         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1813         (JSC::JIT::emitValueProfilingSite):
1814         (JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
1815         (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
1816         (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
1817         (JSC::arrayProfileSaw):
1818         (JSC::JIT::chooseArrayMode):
1819         * jit/JITOpcodes.cpp:
1820         (JSC::JIT::emit_op_get_argument_by_val):
1821         * jit/JITOpcodes32_64.cpp:
1822         (JSC::JIT::emit_op_get_argument_by_val):
1823         * jit/JITPropertyAccess.cpp:
1824         (JSC::JIT::emit_op_get_by_val):
1825         (JSC::JIT::emitSlow_op_get_by_val):
1826         (JSC::JIT::emit_op_get_by_id):
1827         (JSC::JIT::emit_op_get_from_scope):
1828         * jit/JITPropertyAccess32_64.cpp:
1829         (JSC::JIT::emit_op_get_by_val):
1830         (JSC::JIT::emitSlow_op_get_by_val):
1831         (JSC::JIT::emit_op_get_by_id):
1832         (JSC::JIT::emit_op_get_from_scope):
1833         * llint/LLIntOfflineAsmConfig.h:
1834         * llint/LLIntSlowPaths.cpp:
1835         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1836         * llint/LowLevelInterpreter.asm:
1837         * llint/LowLevelInterpreter32_64.asm:
1838         * llint/LowLevelInterpreter64.asm:
1839         * profiler/ProfilerBytecodeSequence.cpp:
1840         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1841         * runtime/CommonSlowPaths.cpp:
1842
1843 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1844
1845         LLInt shouldn't check for ENABLE(JIT).
1846
1847         Rubber stamped by Mark Hahnenberg.
1848
1849         * llint/LLIntCommon.h:
1850         * llint/LLIntOfflineAsmConfig.h:
1851         * llint/LLIntSlowPaths.cpp:
1852         (JSC::LLInt::entryOSR):
1853         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1854         * llint/LowLevelInterpreter.asm:
1855
1856 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1857
1858         LLInt shouldnt check for ENABLE(JAVASCRIPT_DEBUGGER).
1859
1860         Rubber stamped by Mark Hahnenberg.
1861
1862         * debugger/Debugger.h:
1863         (JSC::Debugger::Debugger):
1864         * llint/LLIntOfflineAsmConfig.h:
1865         * llint/LowLevelInterpreter.asm:
1866
1867 2014-01-05  Sam Weinig  <sam@webkit.org>
1868
1869         [JS] Implement Promise.race()
1870         https://bugs.webkit.org/show_bug.cgi?id=126506
1871
1872         Reviewed by Oliver Hunt.
1873
1874         * runtime/CommonIdentifiers.h:
1875         Add identifier for "cast".
1876     
1877         * runtime/JSPromiseConstructor.cpp:
1878         (JSC::abruptRejection):
1879         Helper for the RejectIfAbrupt abstract operation.
1880   
1881         (JSC::JSPromiseConstructorFuncRace):
1882         Add implementation of Promise.race()
1883
1884 2014-01-05  Martin Robinson  <mrobinson@igalia.com>
1885
1886         [GTK] [CMake] Ensure that the autotools build and the CMake install the same files
1887         https://bugs.webkit.org/show_bug.cgi?id=116379
1888
1889         Reviewed by Gustavo Noronha Silva.
1890
1891         * PlatformGTK.cmake: Install API headers, gir files, and the pkg-config file.
1892
1893 2014-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1894
1895         Use Compiler macros instead of raw "final" and "override"
1896         https://bugs.webkit.org/show_bug.cgi?id=126490
1897
1898         Reviewed by Sam Weinig.
1899
1900         * runtime/JSPromiseReaction.cpp:
1901
1902 2014-01-04  Martin Robinson  <mrobinson@igalia.com>
1903
1904         [GTK] [CMake] Improve the way we locate gobject-introspection
1905         https://bugs.webkit.org/show_bug.cgi?id=126452
1906
1907         Reviewed by Philippe Normand.
1908
1909         * PlatformGTK.cmake: Use the new introspection variables.
1910
1911 2014-01-04  Zan Dobersek  <zdobersek@igalia.com>
1912
1913         Explicitly use the std:: nested name specifier when using std::pair, std::make_pair
1914         https://bugs.webkit.org/show_bug.cgi?id=126439
1915
1916         Reviewed by Andreas Kling.
1917
1918         Instead of relying on std::pair and std::make_pair symbols being present in the current scope
1919         through the pair and make_pair symbols, the std:: specifier should be used explicitly.
1920
1921         * bytecode/Opcode.cpp:
1922         (JSC::compareOpcodePairIndices):
1923         (JSC::OpcodeStats::~OpcodeStats):
1924         * bytecompiler/BytecodeGenerator.cpp:
1925         (JSC::BytecodeGenerator::BytecodeGenerator):
1926         * parser/ASTBuilder.h:
1927         (JSC::ASTBuilder::makeBinaryNode):
1928         * parser/Parser.cpp:
1929         (JSC::Parser<LexerType>::parseIfStatement):
1930         * runtime/Structure.cpp:
1931         (JSC::StructureTransitionTable::contains):
1932         (JSC::StructureTransitionTable::get):
1933         (JSC::StructureTransitionTable::add):
1934
1935 2014-01-03  David Farler  <dfarler@apple.com>
1936
1937         [super dealloc] missing in Source/JavaScriptCore/API/tests/testapi.mm, fails to build with -Werror,-Wobjc-missing-super-calls
1938         https://bugs.webkit.org/show_bug.cgi?id=126454
1939
1940         Reviewed by Geoffrey Garen.
1941
1942         * API/tests/testapi.mm:
1943         (-[TextXYZ dealloc]):
1944         add [super dealloc]
1945         (-[EvilAllocationObject dealloc]):
1946         add [super dealloc]
1947
1948 2014-01-02  Carlos Garcia Campos  <cgarcia@igalia.com>
1949
1950         REGRESSION(r160304): [GTK] Disable libtool fast install
1951         https://bugs.webkit.org/show_bug.cgi?id=126381
1952
1953         Reviewed by Martin Robinson.
1954
1955         Remove -no-fast-install ld flag since fast install is now disabled
1956         globally.
1957
1958         * GNUmakefile.am:
1959
1960 2014-01-02  Sam Weinig  <sam@webkit.org>
1961
1962         Update Promises to the https://github.com/domenic/promises-unwrapping spec
1963         https://bugs.webkit.org/show_bug.cgi?id=120954
1964
1965         Reviewed by Filip Pizlo.
1966
1967         Update Promises to the revised spec. Notable changes:
1968         - JSPromiseResolver is gone.
1969         - TaskContext has been renamed Microtask and now has a virtual run() function.
1970         - Instead of using custom InternalFunction subclasses, JSFunctions are used
1971           with PrivateName properties for internal slots.
1972
1973         * CMakeLists.txt:
1974         * DerivedSources.make:
1975         * GNUmakefile.list.am:
1976         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1977         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1978         * JavaScriptCore.xcodeproj/project.pbxproj:
1979         * interpreter/CallFrame.h:
1980         (JSC::ExecState::promiseConstructorTable):
1981         * runtime/CommonIdentifiers.cpp:
1982         (JSC::CommonIdentifiers::CommonIdentifiers):
1983         * runtime/CommonIdentifiers.h:
1984         * runtime/JSGlobalObject.cpp:
1985         (JSC::JSGlobalObject::reset):
1986         (JSC::JSGlobalObject::visitChildren):
1987         (JSC::JSGlobalObject::queueMicrotask):
1988         * runtime/JSGlobalObject.h:
1989         (JSC::JSGlobalObject::promiseConstructor):
1990         (JSC::JSGlobalObject::promisePrototype):
1991         (JSC::JSGlobalObject::promiseStructure):
1992         * runtime/JSPromise.cpp:
1993         (JSC::JSPromise::create):
1994         (JSC::JSPromise::JSPromise):
1995         (JSC::JSPromise::finishCreation):
1996         (JSC::JSPromise::visitChildren):
1997         (JSC::JSPromise::reject):
1998         (JSC::JSPromise::resolve):
1999         (JSC::JSPromise::appendResolveReaction):
2000         (JSC::JSPromise::appendRejectReaction):
2001         (JSC::triggerPromiseReactions):
2002         * runtime/JSPromise.h:
2003         (JSC::JSPromise::status):
2004         (JSC::JSPromise::result):
2005         (JSC::JSPromise::constructor):
2006         * runtime/JSPromiseCallback.cpp: Removed.
2007         * runtime/JSPromiseCallback.h: Removed.
2008         * runtime/JSPromiseConstructor.cpp:
2009         (JSC::constructPromise):
2010         (JSC::JSPromiseConstructor::getCallData):
2011         (JSC::JSPromiseConstructorFuncCast):
2012         (JSC::JSPromiseConstructorFuncResolve):
2013         (JSC::JSPromiseConstructorFuncReject):
2014         * runtime/JSPromiseConstructor.h:
2015         * runtime/JSPromiseDeferred.cpp: Added.
2016         (JSC::JSPromiseDeferred::create):
2017         (JSC::JSPromiseDeferred::JSPromiseDeferred):
2018         (JSC::JSPromiseDeferred::finishCreation):
2019         (JSC::JSPromiseDeferred::visitChildren):
2020         (JSC::createJSPromiseDeferredFromConstructor):
2021         (JSC::updateDeferredFromPotentialThenable):
2022         * runtime/JSPromiseDeferred.h: Added.
2023         (JSC::JSPromiseDeferred::createStructure):
2024         (JSC::JSPromiseDeferred::promise):
2025         (JSC::JSPromiseDeferred::resolve):
2026         (JSC::JSPromiseDeferred::reject):
2027         * runtime/JSPromiseFunctions.cpp: Added.
2028         (JSC::deferredConstructionFunction):
2029         (JSC::createDeferredConstructionFunction):
2030         (JSC::identifyFunction):
2031         (JSC::createIdentifyFunction):
2032         (JSC::promiseAllCountdownFunction):
2033         (JSC::createPromiseAllCountdownFunction):
2034         (JSC::promiseResolutionHandlerFunction):
2035         (JSC::createPromiseResolutionHandlerFunction):
2036         (JSC::rejectPromiseFunction):
2037         (JSC::createRejectPromiseFunction):
2038         (JSC::resolvePromiseFunction):
2039         (JSC::createResolvePromiseFunction):
2040         (JSC::throwerFunction):
2041         (JSC::createThrowerFunction):
2042         * runtime/JSPromiseFunctions.h: Added.
2043         * runtime/JSPromisePrototype.cpp:
2044         (JSC::JSPromisePrototypeFuncThen):
2045         (JSC::JSPromisePrototypeFuncCatch):
2046         * runtime/JSPromiseReaction.cpp: Added.
2047         (JSC::createExecutePromiseReactionMicroTask):
2048         (JSC::ExecutePromiseReactionMicroTask::run):
2049         (JSC::JSPromiseReaction::create):
2050         (JSC::JSPromiseReaction::JSPromiseReaction):
2051         (JSC::JSPromiseReaction::finishCreation):
2052         (JSC::JSPromiseReaction::visitChildren):
2053         * runtime/JSPromiseReaction.h: Added.
2054         (JSC::JSPromiseReaction::createStructure):
2055         (JSC::JSPromiseReaction::deferred):
2056         (JSC::JSPromiseReaction::handler):
2057         * runtime/JSPromiseResolver.cpp: Removed.
2058         * runtime/JSPromiseResolver.h: Removed.
2059         * runtime/JSPromiseResolverConstructor.cpp: Removed.
2060         * runtime/JSPromiseResolverConstructor.h: Removed.
2061         * runtime/JSPromiseResolverPrototype.cpp: Removed.
2062         * runtime/JSPromiseResolverPrototype.h: Removed.
2063         * runtime/Microtask.h: Added.
2064         * runtime/VM.cpp:
2065         (JSC::VM::VM):
2066         (JSC::VM::~VM):
2067         * runtime/VM.h:
2068
2069 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2070
2071         Add support for StoreBarrier and friends to the FTL
2072         https://bugs.webkit.org/show_bug.cgi?id=126040
2073
2074         Reviewed by Filip Pizlo.
2075
2076         * ftl/FTLAbstractHeapRepository.h:
2077         * ftl/FTLCapabilities.cpp:
2078         (JSC::FTL::canCompile):
2079         * ftl/FTLIntrinsicRepository.h:
2080         * ftl/FTLLowerDFGToLLVM.cpp:
2081         (JSC::FTL::LowerDFGToLLVM::compileNode):
2082         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrier):
2083         (JSC::FTL::LowerDFGToLLVM::compileConditionalStoreBarrier):
2084         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck):
2085         (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
2086         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
2087         * heap/Heap.cpp:
2088         (JSC::Heap::Heap):
2089         * heap/Heap.h:
2090         (JSC::Heap::writeBarrierBuffer):
2091
2092 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2093
2094         Storing new CopiedSpace memory into a JSObject should fire a write barrier
2095         https://bugs.webkit.org/show_bug.cgi?id=126025
2096
2097         Reviewed by Filip Pizlo.
2098
2099         Technically this is creating a pointer between a (potentially) old generation object and a young 
2100         generation chunk of memory, thus there needs to be a barrier.
2101
2102         * JavaScriptCore.xcodeproj/project.pbxproj:
2103         * dfg/DFGOperations.cpp:
2104         * heap/CopyWriteBarrier.h: Added. This class functions similarly to the WriteBarrier class. It 
2105         acts as a proxy for pointers to CopiedSpace. Assignments to the field cause a write barrier to 
2106         fire for the object that is the owner of the CopiedSpace memory. This is to ensure during nursery 
2107         collections that objects with new backing stores are visited, even if they are old generation objects. 
2108         (JSC::CopyWriteBarrier::CopyWriteBarrier):
2109         (JSC::CopyWriteBarrier::operator!):
2110         (JSC::CopyWriteBarrier::operator UnspecifiedBoolType*):
2111         (JSC::CopyWriteBarrier::get):
2112         (JSC::CopyWriteBarrier::operator*):
2113         (JSC::CopyWriteBarrier::operator->):
2114         (JSC::CopyWriteBarrier::set):
2115         (JSC::CopyWriteBarrier::setWithoutWriteBarrier):
2116         (JSC::CopyWriteBarrier::clear):
2117         * heap/Heap.h:
2118         * runtime/JSArray.cpp:
2119         (JSC::JSArray::unshiftCountSlowCase):
2120         (JSC::JSArray::shiftCountWithArrayStorage):
2121         (JSC::JSArray::unshiftCountWithArrayStorage):
2122         * runtime/JSCell.h:
2123         (JSC::JSCell::unvalidatedStructure):
2124         * runtime/JSGenericTypedArrayViewInlines.h:
2125         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
2126         * runtime/JSObject.cpp:
2127         (JSC::JSObject::copyButterfly):
2128         (JSC::JSObject::getOwnPropertySlotByIndex):
2129         (JSC::JSObject::putByIndex):
2130         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
2131         (JSC::JSObject::createInitialIndexedStorage):
2132         (JSC::JSObject::createArrayStorage):
2133         (JSC::JSObject::deletePropertyByIndex):
2134         (JSC::JSObject::getOwnPropertyNames):
2135         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
2136         (JSC::JSObject::countElements):
2137         (JSC::JSObject::increaseVectorLength):
2138         (JSC::JSObject::ensureLengthSlow):
2139         * runtime/JSObject.h:
2140         (JSC::JSObject::butterfly):
2141         (JSC::JSObject::setStructureAndButterfly):
2142         (JSC::JSObject::setButterflyWithoutChangingStructure):
2143         (JSC::JSObject::JSObject):
2144         (JSC::JSObject::putDirectInternal):
2145         (JSC::JSObject::putDirectWithoutTransition):
2146         * runtime/MapData.cpp:
2147         (JSC::MapData::ensureSpaceForAppend):
2148         * runtime/Structure.cpp:
2149         (JSC::Structure::materializePropertyMap):
2150
2151 2013-12-23  Oliver Hunt  <oliver@apple.com>
2152
2153         Refactor PutPropertySlot to be aware of custom properties
2154         https://bugs.webkit.org/show_bug.cgi?id=126187
2155
2156         Reviewed by Antti Koivisto.
2157
2158         Refactor PutPropertySlot, making the constructor take the thisValue
2159         used as a target.  This results in a wide range of boilerplate changes
2160         to pass the new parameter.
2161
2162         * API/JSObjectRef.cpp:
2163         (JSObjectSetProperty):
2164         * dfg/DFGOperations.cpp:
2165         (JSC::DFG::operationPutByValInternal):
2166         * interpreter/Interpreter.cpp:
2167         (JSC::Interpreter::execute):
2168         * jit/JITOperations.cpp:
2169         * llint/LLIntSlowPaths.cpp:
2170         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2171         * runtime/Arguments.cpp:
2172         (JSC::Arguments::putByIndex):
2173         * runtime/ArrayPrototype.cpp:
2174         (JSC::putProperty):
2175         (JSC::arrayProtoFuncPush):
2176         * runtime/JSCJSValue.cpp:
2177         (JSC::JSValue::putToPrimitiveByIndex):
2178         * runtime/JSCell.cpp:
2179         (JSC::JSCell::putByIndex):
2180         * runtime/JSFunction.cpp:
2181         (JSC::JSFunction::put):
2182         * runtime/JSGenericTypedArrayViewInlines.h:
2183         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2184         * runtime/JSONObject.cpp:
2185         (JSC::Walker::walk):
2186         * runtime/JSObject.cpp:
2187         (JSC::JSObject::putByIndex):
2188         (JSC::JSObject::putDirectNonIndexAccessor):
2189         (JSC::JSObject::deleteProperty):
2190         * runtime/JSObject.h:
2191         (JSC::JSObject::putDirect):
2192         * runtime/Lookup.h:
2193         (JSC::putEntry):
2194         (JSC::lookupPut):
2195         * runtime/PutPropertySlot.h:
2196         (JSC::PutPropertySlot::PutPropertySlot):
2197         (JSC::PutPropertySlot::setCustomProperty):
2198         (JSC::PutPropertySlot::thisValue):
2199         (JSC::PutPropertySlot::isCacheable):
2200
2201 2014-01-01  Filip Pizlo  <fpizlo@apple.com>
2202
2203         Rationalize DFG DCE
2204         https://bugs.webkit.org/show_bug.cgi?id=125523
2205
2206         Reviewed by Mark Hahnenberg.
2207         
2208         Adds the ability to DCE more things. It's now the case that if a node is completely
2209         pure, we clear NodeMustGenerate and the node becomes a DCE candidate.
2210
2211         * dfg/DFGAbstractInterpreterInlines.h:
2212         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2213         * dfg/DFGCSEPhase.cpp:
2214         (JSC::DFG::CSEPhase::performNodeCSE):
2215         * dfg/DFGClobberize.h:
2216         (JSC::DFG::clobberize):
2217         * dfg/DFGDCEPhase.cpp:
2218         (JSC::DFG::DCEPhase::cleanVariables):
2219         * dfg/DFGFixupPhase.cpp:
2220         (JSC::DFG::FixupPhase::fixupNode):
2221         * dfg/DFGGraph.h:
2222         (JSC::DFG::Graph::clobbersWorld):
2223         * dfg/DFGNodeType.h:
2224         * dfg/DFGSpeculativeJIT.cpp:
2225         (JSC::DFG::SpeculativeJIT::compileAdd):
2226         * dfg/DFGSpeculativeJIT.h:
2227         * dfg/DFGSpeculativeJIT32_64.cpp:
2228         (JSC::DFG::SpeculativeJIT::compile):
2229         * dfg/DFGSpeculativeJIT64.cpp:
2230         (JSC::DFG::SpeculativeJIT::compile):
2231         * ftl/FTLLowerDFGToLLVM.cpp:
2232         (JSC::FTL::LowerDFGToLLVM::compileNode):
2233         (JSC::FTL::LowerDFGToLLVM::compileValueAdd):
2234
2235 2014-01-02  Benjamin Poulain  <benjamin@webkit.org>
2236
2237         Attempt to fix the build of WebCore's code generator on CMake based system
2238         https://bugs.webkit.org/show_bug.cgi?id=126271
2239
2240         Reviewed by Sam Weinig.
2241
2242         * CMakeLists.txt:
2243
2244 2013-12-30  Commit Queue  <commit-queue@webkit.org>
2245
2246         Unreviewed, rolling out r161157, r161158, r161160, r161161,
2247         r161163, and r161165.
2248         http://trac.webkit.org/changeset/161157
2249         http://trac.webkit.org/changeset/161158
2250         http://trac.webkit.org/changeset/161160
2251         http://trac.webkit.org/changeset/161161
2252         http://trac.webkit.org/changeset/161163
2253         http://trac.webkit.org/changeset/161165
2254         https://bugs.webkit.org/show_bug.cgi?id=126332
2255
2256         Broke WebKit2 on Mountain Lion (Requested by ap on #webkit).
2257
2258         * heap/BlockAllocator.cpp:
2259         (JSC::BlockAllocator::~BlockAllocator):
2260         (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
2261         (JSC::BlockAllocator::waitForRelativeTime):
2262         (JSC::BlockAllocator::blockFreeingThreadMain):
2263         * heap/BlockAllocator.h:
2264         (JSC::BlockAllocator::deallocate):
2265
2266 2013-12-30  Anders Carlsson  <andersca@apple.com>
2267
2268         Fix build.
2269
2270         * heap/BlockAllocator.h:
2271
2272 2013-12-30  Anders Carlsson  <andersca@apple.com>
2273
2274         Stop using ThreadCondition in BlockAllocator
2275         https://bugs.webkit.org/show_bug.cgi?id=126313
2276
2277         Reviewed by Sam Weinig.
2278
2279         * heap/BlockAllocator.cpp:
2280         (JSC::BlockAllocator::~BlockAllocator):
2281         (JSC::BlockAllocator::waitForDuration):
2282         (JSC::BlockAllocator::blockFreeingThreadMain):
2283         * heap/BlockAllocator.h:
2284         (JSC::BlockAllocator::deallocate):
2285
2286 2013-12-30  Anders Carlsson  <andersca@apple.com>
2287
2288         Stop using ThreadCondition in jsc.cpp
2289         https://bugs.webkit.org/show_bug.cgi?id=126311
2290
2291         Reviewed by Sam Weinig.
2292
2293         * jsc.cpp:
2294         (timeoutThreadMain):
2295         (main):
2296
2297 2013-12-30  Anders Carlsson  <andersca@apple.com>
2298
2299         Replace WTF::ThreadingOnce with std::call_once
2300         https://bugs.webkit.org/show_bug.cgi?id=126215
2301
2302         Reviewed by Sam Weinig.
2303
2304         * dfg/DFGWorklist.cpp:
2305         (JSC::DFG::globalWorklist):
2306         * runtime/InitializeThreading.cpp:
2307         (JSC::initializeThreading):
2308
2309 2013-12-30  Martin Robinson  <mrobinson@igalia.com>
2310
2311         [CMake] [GTK] Add support for GObject introspection
2312         https://bugs.webkit.org/show_bug.cgi?id=126162
2313
2314         Reviewed by Daniel Bates.
2315
2316         * PlatformGTK.cmake: Add the GIR targets.
2317
2318 2013-12-28  Filip Pizlo  <fpizlo@apple.com>
2319
2320         Get rid of DFG forward exiting
2321         https://bugs.webkit.org/show_bug.cgi?id=125531
2322
2323         Reviewed by Oliver Hunt.
2324         
2325         This finally gets rid of forward exiting. Forward exiting was always a fragile concept
2326         since it involved the compiler trying to figure out how to "roll forward" the
2327         execution from some DFG node to the next bytecode index. It was always easy to find
2328         counterexamples where it broke, and it has always served as an obstacle to adding
2329         compiler improvements - the latest being http://webkit.org/b/125523, which tried to
2330         make DCE work for more things.
2331         
2332         This change finishes the work of removing forward exiting. A lot of forward exiting
2333         was already removed in some other bugs, but SetLocal still did forward exits. SetLocal
2334         is in many ways the hardest to remove, since the forward exiting of SetLocal also
2335         implied that any conversion nodes inserted before the SetLocal would then also be
2336         marked as forward-exiting. Hence SetLocal's forward-exiting made a bunch of other
2337         things also forward-exiting, and this was always a source of weirdo bugs.
2338         
2339         SetLocal must be able to exit in case it performs a hoisted type speculation. Nodes
2340         inserted just before SetLocal must also be able to exit - for example type check
2341         hoisting may insert a CheckStructure, or fixup phase may insert something like
2342         Int32ToDouble. But if any of those nodes tried to backward exit, then this could lead
2343         to the reexecution of a side-effecting operation, for example:
2344         
2345             a: Call(...)
2346             b: SetLocal(@a, r1)
2347         
2348         For a long time it seemed like SetLocal *had* to exit forward because of this. But
2349         this change side-steps the problem by changing the ByteCodeParser to always emit a
2350         kind of "two-phase commit" for stores to local variables. Now when the ByteCodeParser
2351         wishes to store to a local, it first emits a MovHint and then enqueues a SetLocal.
2352         The SetLocal isn't actually emitted until the beginning of the next bytecode
2353         instruction (which the exception of op_enter and op_ret, which emit theirs immediately
2354         since it's always safe to reexecute those bytecode instructions and since deferring
2355         SetLocals would be weird there - op_enter has many SetLocals and op_ret is a set
2356         followed by a jump in case of inlining, so we'd have to emit the SetLocal "after" the
2357         jump and that would be awkward). This means that the above IR snippet would look
2358         something like:
2359         
2360             a: Call(..., bc#42)
2361             b: MovHint(@a, r1, bc#42)
2362             c: SetLocal(@a, r1, bc#47)
2363         
2364         Where the SetLocal exits "backwards" but appears at the beginning of the next bytecode
2365         instruction. This means that by the time we get to that SetLocal, the OSR exit
2366         analysis already knows that r1 is associated with @a, and it means that the SetLocal
2367         or anything hoisted above it can exit backwards as normal.
2368         
2369         This change also means that the "forward rewiring" can be killed. Previously, we might
2370         have inserted a conversion node on SetLocal and then the SetLocal died (i.e. turned
2371         into a MovHint) and the conversion node either died completely or had its lifetime
2372         truncated to be less than the actual value's bytecode lifetime. This no longer happens
2373         since conversion nodes are only inserted at SetLocals.
2374         
2375         More precisely, this change introduces two laws that we were basically already
2376         following anyway:
2377         
2378         1) A MovHint's child should never be changed except if all other uses of that child
2379            are also replaced. Specifically, this prohibits insertion of conversion nodes at
2380            MovHints.
2381         
2382         2) Anytime any child is replaced with something else, and all other uses aren't also
2383            replaced, we must insert a Phantom use of the original child.
2384
2385         This is a slight compile-time regression but has no effect on code-gen. It unlocks a
2386         bunch of optimization opportunities so I think it's worth it.
2387
2388         * bytecode/CodeBlock.cpp:
2389         (JSC::CodeBlock::dumpAssumingJITType):
2390         * bytecode/CodeBlock.h:
2391         (JSC::CodeBlock::instructionCount):
2392         * dfg/DFGAbstractInterpreterInlines.h:
2393         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2394         * dfg/DFGArgumentsSimplificationPhase.cpp:
2395         (JSC::DFG::ArgumentsSimplificationPhase::run):
2396         * dfg/DFGArrayifySlowPathGenerator.h:
2397         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
2398         * dfg/DFGBackwardsPropagationPhase.cpp:
2399         (JSC::DFG::BackwardsPropagationPhase::propagate):
2400         * dfg/DFGByteCodeParser.cpp:
2401         (JSC::DFG::ByteCodeParser::setDirect):
2402         (JSC::DFG::ByteCodeParser::DelayedSetLocal::DelayedSetLocal):
2403         (JSC::DFG::ByteCodeParser::DelayedSetLocal::execute):
2404         (JSC::DFG::ByteCodeParser::handleInlining):
2405         (JSC::DFG::ByteCodeParser::parseBlock):
2406         * dfg/DFGCSEPhase.cpp:
2407         (JSC::DFG::CSEPhase::eliminate):
2408         * dfg/DFGClobberize.h:
2409         (JSC::DFG::clobberize):
2410         * dfg/DFGCommon.h:
2411         * dfg/DFGConstantFoldingPhase.cpp:
2412         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2413         * dfg/DFGDCEPhase.cpp:
2414         (JSC::DFG::DCEPhase::run):
2415         (JSC::DFG::DCEPhase::fixupBlock):
2416         (JSC::DFG::DCEPhase::cleanVariables):
2417         * dfg/DFGFixupPhase.cpp:
2418         (JSC::DFG::FixupPhase::fixupNode):
2419         (JSC::DFG::FixupPhase::fixEdge):
2420         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2421         * dfg/DFGLICMPhase.cpp:
2422         (JSC::DFG::LICMPhase::run):
2423         (JSC::DFG::LICMPhase::attemptHoist):
2424         * dfg/DFGMinifiedNode.cpp:
2425         (JSC::DFG::MinifiedNode::fromNode):
2426         * dfg/DFGMinifiedNode.h:
2427         (JSC::DFG::belongsInMinifiedGraph):
2428         (JSC::DFG::MinifiedNode::constantNumber):
2429         (JSC::DFG::MinifiedNode::weakConstant):
2430         * dfg/DFGNode.cpp:
2431         (JSC::DFG::Node::hasVariableAccessData):
2432         * dfg/DFGNode.h:
2433         (JSC::DFG::Node::convertToPhantom):
2434         (JSC::DFG::Node::convertToPhantomUnchecked):
2435         (JSC::DFG::Node::convertToIdentity):
2436         (JSC::DFG::Node::containsMovHint):
2437         (JSC::DFG::Node::hasUnlinkedLocal):
2438         (JSC::DFG::Node::willHaveCodeGenOrOSR):
2439         * dfg/DFGNodeFlags.cpp:
2440         (JSC::DFG::dumpNodeFlags):
2441         * dfg/DFGNodeFlags.h:
2442         * dfg/DFGNodeType.h:
2443         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2444         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
2445         * dfg/DFGOSREntrypointCreationPhase.cpp:
2446         (JSC::DFG::OSREntrypointCreationPhase::run):
2447         * dfg/DFGOSRExit.cpp:
2448         * dfg/DFGOSRExit.h:
2449         * dfg/DFGOSRExitBase.cpp:
2450         * dfg/DFGOSRExitBase.h:
2451         (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
2452         * dfg/DFGPredictionPropagationPhase.cpp:
2453         (JSC::DFG::PredictionPropagationPhase::propagate):
2454         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2455         * dfg/DFGSSAConversionPhase.cpp:
2456         (JSC::DFG::SSAConversionPhase::run):
2457         * dfg/DFGSafeToExecute.h:
2458         (JSC::DFG::safeToExecute):
2459         * dfg/DFGSpeculativeJIT.cpp:
2460         (JSC::DFG::SpeculativeJIT::speculationCheck):
2461         (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
2462         (JSC::DFG::SpeculativeJIT::typeCheck):
2463         (JSC::DFG::SpeculativeJIT::compileMovHint):
2464         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2465         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2466         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2467         * dfg/DFGSpeculativeJIT.h:
2468         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2469         (JSC::DFG::SpeculativeJIT::needsTypeCheck):
2470         * dfg/DFGSpeculativeJIT32_64.cpp:
2471         (JSC::DFG::SpeculativeJIT::compile):
2472         * dfg/DFGSpeculativeJIT64.cpp:
2473         (JSC::DFG::SpeculativeJIT::compile):
2474         * dfg/DFGTypeCheckHoistingPhase.cpp:
2475         (JSC::DFG::TypeCheckHoistingPhase::run):
2476         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
2477         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
2478         * dfg/DFGValidate.cpp:
2479         (JSC::DFG::Validate::validateCPS):
2480         * dfg/DFGVariableAccessData.h:
2481         (JSC::DFG::VariableAccessData::VariableAccessData):
2482         * dfg/DFGVariableEventStream.cpp:
2483         (JSC::DFG::VariableEventStream::reconstruct):
2484         * ftl/FTLCapabilities.cpp:
2485         (JSC::FTL::canCompile):
2486         * ftl/FTLLowerDFGToLLVM.cpp:
2487         (JSC::FTL::LowerDFGToLLVM::compileNode):
2488         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
2489         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
2490         (JSC::FTL::LowerDFGToLLVM::compileMovHint):
2491         (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
2492         (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
2493         (JSC::FTL::LowerDFGToLLVM::speculate):
2494         (JSC::FTL::LowerDFGToLLVM::typeCheck):
2495         (JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
2496         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
2497         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
2498         * ftl/FTLOSRExit.cpp:
2499         * ftl/FTLOSRExit.h:
2500         * tests/stress/dead-int32-to-double.js: Added.
2501         (foo):
2502         * tests/stress/dead-uint32-to-number.js: Added.
2503         (foo):
2504
2505 2013-12-25  Commit Queue  <commit-queue@webkit.org>
2506
2507         Unreviewed, rolling out r161033 and r161074.
2508         http://trac.webkit.org/changeset/161033
2509         http://trac.webkit.org/changeset/161074
2510         https://bugs.webkit.org/show_bug.cgi?id=126240
2511
2512         Oliver says that a rollout would be better (Requested by ap on
2513         #webkit).
2514
2515         * API/JSObjectRef.cpp:
2516         (JSObjectSetProperty):
2517         * dfg/DFGOperations.cpp:
2518         (JSC::DFG::operationPutByValInternal):
2519         * interpreter/Interpreter.cpp:
2520         (JSC::Interpreter::execute):
2521         * jit/JITOperations.cpp:
2522         * llint/LLIntSlowPaths.cpp:
2523         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2524         * runtime/Arguments.cpp:
2525         (JSC::Arguments::putByIndex):
2526         * runtime/ArrayPrototype.cpp:
2527         (JSC::putProperty):
2528         (JSC::arrayProtoFuncPush):
2529         * runtime/JSCJSValue.cpp:
2530         (JSC::JSValue::putToPrimitiveByIndex):
2531         * runtime/JSCell.cpp:
2532         (JSC::JSCell::putByIndex):
2533         * runtime/JSFunction.cpp:
2534         (JSC::JSFunction::put):
2535         * runtime/JSGenericTypedArrayViewInlines.h:
2536         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2537         * runtime/JSONObject.cpp:
2538         (JSC::Walker::walk):
2539         * runtime/JSObject.cpp:
2540         (JSC::JSObject::putByIndex):
2541         (JSC::JSObject::putDirectNonIndexAccessor):
2542         (JSC::JSObject::deleteProperty):
2543         * runtime/JSObject.h:
2544         (JSC::JSObject::putDirect):
2545         * runtime/Lookup.h:
2546         (JSC::putEntry):
2547         (JSC::lookupPut):
2548         * runtime/PutPropertySlot.h:
2549         (JSC::PutPropertySlot::PutPropertySlot):
2550         (JSC::PutPropertySlot::setNewProperty):
2551         (JSC::PutPropertySlot::isCacheable):
2552
2553 2013-12-25  Filip Pizlo  <fpizlo@apple.com>
2554
2555         DFG PhantomArguments shouldn't rely on a dead Phi graph
2556         https://bugs.webkit.org/show_bug.cgi?id=126218
2557
2558         Reviewed by Oliver Hunt.
2559         
2560         This change dramatically rationalizes our handling of PhantomArguments (i.e.
2561         speculative elision of arguments object allocation).
2562         
2563         It's now the case that if we decide that we can elide arguments allocation, we just
2564         turn the arguments-creating node into a PhantomArguments and mark all locals that
2565         it's stored to as being arguments aliases. Being an arguments alias and being a
2566         PhantomArguments means basically the same thing: in DFG execution you have the empty
2567         value, on OSR exit an arguments object is allocated in your place, and all operations
2568         that use the value now just refer directly to the actual arguments in the call frame
2569         header (or the arguments we know that we passed to the call, in case of inlining).
2570         
2571         This means that we no longer have arguments simplification creating a dead Phi graph
2572         that then has to be interpreted by the OSR exit logic. That sort of never made any
2573         sense.
2574         
2575         This means that PhantomArguments now has a clear story in SSA: basically SSA just
2576         gets rid of the "locals" but everything else is the same.
2577         
2578         Finally, this means that we can more easily get rid of forward exiting. As I was
2579         working on the code to get rid of forward exiting, I realized that I'd have to
2580         carefully preserve the special meanings of MovHint and SetLocal in the case of
2581         PhantomArguments. It was really bizarre: even the semantics of MovHint were tied to
2582         our specific treatment of PhantomArguments. After this change this is no longer the
2583         case.
2584         
2585         One of the really cool things about this change is that arguments reification now
2586         just becomes a special kind of FlushFormat. This further unifies things: it means
2587         that a MovHint(PhantomArguments) and a SetLocal(PhantomArguments) both have the same
2588         meaning, since both of them dictate that the way we recover the local on exit is by
2589         reifying arguments. Previously, the SetLocal(PhantomArguments) case needed some
2590         special handling to accomplish this.
2591         
2592         A downside of this approach is that we will now emit code to store the empty value
2593         into aliased arguments variables, and we will even emit code to load that empty value
2594         as well. As far as I can tell this doesn't cost anything, since PhantomArguments are
2595         most profitable in cases where it allows us to simplify control flow and kill the
2596         arguments locals entirely. Of course, this isn't an issue in SSA form since SSA form
2597         also eliminates the locals.
2598
2599         * dfg/DFGArgumentsSimplificationPhase.cpp:
2600         (JSC::DFG::ArgumentsSimplificationPhase::run):
2601         (JSC::DFG::ArgumentsSimplificationPhase::detypeArgumentsReferencingPhantomChild):
2602         * dfg/DFGFlushFormat.cpp:
2603         (WTF::printInternal):
2604         * dfg/DFGFlushFormat.h:
2605         (JSC::DFG::resultFor):
2606         (JSC::DFG::useKindFor):
2607         (JSC::DFG::dataFormatFor):
2608         * dfg/DFGSpeculativeJIT.cpp:
2609         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2610         * dfg/DFGSpeculativeJIT32_64.cpp:
2611         (JSC::DFG::SpeculativeJIT::compile):
2612         * dfg/DFGSpeculativeJIT64.cpp:
2613         (JSC::DFG::SpeculativeJIT::compile):
2614         * dfg/DFGValueSource.h:
2615         (JSC::DFG::ValueSource::ValueSource):
2616         (JSC::DFG::ValueSource::forFlushFormat):
2617         * dfg/DFGVariableAccessData.h:
2618         (JSC::DFG::VariableAccessData::flushFormat):
2619         * ftl/FTLLowerDFGToLLVM.cpp:
2620         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
2621
2622 2013-12-23  Oliver Hunt  <oliver@apple.com>
2623
2624         Refactor PutPropertySlot to be aware of custom properties
2625         https://bugs.webkit.org/show_bug.cgi?id=126187
2626
2627         Reviewed by msaboff.
2628
2629         Refactor PutPropertySlot, making the constructor take the thisValue
2630         used as a target.  This results in a wide range of boilerplate changes
2631         to pass the new parameter.
2632
2633         * API/JSObjectRef.cpp:
2634         (JSObjectSetProperty):
2635         * dfg/DFGOperations.cpp:
2636         (JSC::DFG::operationPutByValInternal):
2637         * interpreter/Interpreter.cpp:
2638         (JSC::Interpreter::execute):
2639         * jit/JITOperations.cpp:
2640         * llint/LLIntSlowPaths.cpp:
2641         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2642         * runtime/Arguments.cpp:
2643         (JSC::Arguments::putByIndex):
2644         * runtime/ArrayPrototype.cpp:
2645         (JSC::putProperty):
2646         (JSC::arrayProtoFuncPush):
2647         * runtime/JSCJSValue.cpp:
2648         (JSC::JSValue::putToPrimitiveByIndex):
2649         * runtime/JSCell.cpp:
2650         (JSC::JSCell::putByIndex):
2651         * runtime/JSFunction.cpp:
2652         (JSC::JSFunction::put):
2653         * runtime/JSGenericTypedArrayViewInlines.h:
2654         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2655         * runtime/JSONObject.cpp:
2656         (JSC::Walker::walk):
2657         * runtime/JSObject.cpp:
2658         (JSC::JSObject::putByIndex):
2659         (JSC::JSObject::putDirectNonIndexAccessor):
2660         (JSC::JSObject::deleteProperty):
2661         * runtime/JSObject.h:
2662         (JSC::JSObject::putDirect):
2663         * runtime/Lookup.h:
2664         (JSC::putEntry):
2665         (JSC::lookupPut):
2666         * runtime/PutPropertySlot.h:
2667         (JSC::PutPropertySlot::PutPropertySlot):
2668         (JSC::PutPropertySlot::setCustomProperty):
2669         (JSC::PutPropertySlot::thisValue):
2670         (JSC::PutPropertySlot::isCacheable):
2671
2672 2013-12-23  Benjamin Poulain  <benjamin@webkit.org>
2673
2674         Add class matching to the Selector Code Generator
2675         https://bugs.webkit.org/show_bug.cgi?id=126176
2676
2677         Reviewed by Antti Koivisto and Oliver Hunt.
2678
2679         Add test and branch based on BaseIndex addressing for x86_64.
2680         Fast loops are needed to compete with clang on tight loops.
2681
2682         * assembler/MacroAssembler.h:
2683         * assembler/MacroAssemblerX86_64.h:
2684         (JSC::MacroAssemblerX86_64::branch64):
2685         (JSC::MacroAssemblerX86_64::branchPtr):
2686         * assembler/X86Assembler.h:
2687         (JSC::X86Assembler::cmpq_rm):
2688
2689 2013-12-23  Oliver Hunt  <oliver@apple.com>
2690
2691         Update custom setter implementations to perform type checks
2692         https://bugs.webkit.org/show_bug.cgi?id=126171
2693
2694         Reviewed by Daniel Bates.
2695
2696         Modify the setter function signature to take encoded values
2697         as we're changing the setter usage everywhere anyway.
2698
2699         * runtime/Lookup.h:
2700         (JSC::putEntry):
2701
2702 2013-12-23  Lucas Forschler  <lforschler@apple.com>
2703
2704         <rdar://problem/15682948> Update copyright strings
2705         
2706         Reviewed by Dan Bernstein.
2707
2708         * Info.plist:
2709         * JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist:
2710
2711 2013-12-23  Zan Dobersek  <zdobersek@igalia.com>
2712
2713         [GTK] Clean up compiler optimizations flags for libWTF, libJSC
2714         https://bugs.webkit.org/show_bug.cgi?id=126157
2715
2716         Reviewed by Gustavo Noronha Silva.
2717
2718         * GNUmakefile.am: Remove the -fstrict-aliasing and -O3 compiler flags for libWTF.la. -O3 gets
2719         overridden by -O2 that's listed in CXXFLAGS (or -O0 in case of debug builds) and -fstrict-aliasing
2720         is enabled when -O2 is used (and shouldn't be enabled in debug builds anyway).
2721
2722 2013-12-22  Martin Robinson  <mrobinson@igalia.com>
2723
2724         [CMake] Fix typo from r160812
2725         https://bugs.webkit.org/show_bug.cgi?id=126145
2726
2727         Reviewed by Gustavo Noronha Silva.
2728
2729         * CMakeLists.txt: Fix typo when detecting the type of library.
2730
2731 2013-12-22  Martin Robinson  <mrobinson@igalia.com>
2732
2733         [GTK][CMake] libtool-compatible soversion calculation
2734         https://bugs.webkit.org/show_bug.cgi?id=125511
2735
2736         Reviewed by Gustavo Noronha Silva.
2737
2738         * CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
2739         library-specific version information.
2740
2741 2013-12-23  Gustavo Noronha Silva  <gns@gnome.org>
2742
2743         [GTK] [CMake] Generate pkg-config files
2744         https://bugs.webkit.org/show_bug.cgi?id=125685
2745
2746         Reviewed by Martin Robinson.
2747
2748         * PlatformGTK.cmake: Added. Generate javascriptcoregtk-3.0.pc.
2749
2750 2013-12-22  Benjamin Poulain  <benjamin@webkit.org>
2751
2752         Create a skeleton for CSS Selector code generation
2753         https://bugs.webkit.org/show_bug.cgi?id=126044
2754
2755         Reviewed by Antti Koivisto and Gavin Barraclough.
2756
2757         * assembler/LinkBuffer.h:
2758         Add a new owner UID for code compiled for CSS.
2759         Export the symbols needed to link code from WebCore.
2760
2761 2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2762
2763         Clean up DFG write barriers
2764         https://bugs.webkit.org/show_bug.cgi?id=126047
2765
2766         Reviewed by Filip Pizlo.
2767
2768         * dfg/DFGSpeculativeJIT.cpp:
2769         (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Use the register allocator to 
2770         determine which registers need saving instead of saving every single one of them.
2771         (JSC::DFG::SpeculativeJIT::osrWriteBarrier): We don't need to save live register state 
2772         because the write barriers during OSR execute when there are no live registers. Also we  
2773         don't need to use pushes to pad the stack pointer for pokes on x86; we can just use an add.
2774         (JSC::DFG::SpeculativeJIT::writeBarrier):
2775         * dfg/DFGSpeculativeJIT.h:
2776         * jit/Repatch.cpp:
2777         (JSC::emitPutReplaceStub):
2778         (JSC::emitPutTransitionStub):
2779         * runtime/VM.h: Get rid of writeBarrierRegisterBuffer since it's no longer used.
2780
2781 2013-12-20  Balazs Kilvady  <kilvadyb@homejinni.com>
2782
2783         [MIPS] Missing MacroAssemblerMIPS::branchTest8(ResultCondition, BaseIndex, TrustedImm32)
2784         https://bugs.webkit.org/show_bug.cgi?id=126062
2785
2786         Reviewed by Mark Hahnenberg.
2787
2788         * assembler/MacroAssemblerMIPS.h:
2789         (JSC::MacroAssemblerMIPS::branchTest8):
2790
2791 2013-12-20  Julien Brianceau  <jbriance@cisco.com>
2792
2793         [sh4] Add missing implementation in MacroAssembler to fix build.
2794         https://bugs.webkit.org/show_bug.cgi?id=126063
2795
2796         Reviewed by Mark Hahnenberg.
2797
2798         * assembler/MacroAssemblerSH4.h:
2799         (JSC::MacroAssemblerSH4::branchTest8):
2800
2801 2013-12-20  Julien Brianceau  <jbriance@cisco.com>
2802
2803         [arm] Add missing implementation in MacroAssembler to fix CPU(ARM_TRADITIONAL) build.
2804         https://bugs.webkit.org/show_bug.cgi?id=126064
2805
2806         Reviewed by Mark Hahnenberg.
2807
2808         * assembler/MacroAssemblerARM.h:
2809         (JSC::MacroAssemblerARM::branchTest8):
2810
2811 2013-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2812
2813         Web Inspector: Add InspectorFrontendHost.debuggableType to let the frontend know it's backend is JavaScript or Web
2814         https://bugs.webkit.org/show_bug.cgi?id=126016
2815
2816         Reviewed by Timothy Hatcher.
2817
2818         * inspector/remote/RemoteInspector.mm:
2819         (Inspector::RemoteInspector::listingForDebuggable):
2820         * inspector/remote/RemoteInspectorConstants.h:
2821         Include a debuggable type identifier in the debuggable listing,
2822         so the remote frontend can know if it is debugging a Web Page
2823         or JS Context.
2824
2825 2013-12-19  Benjamin Poulain  <benjamin@webkit.org>
2826
2827         Add an utility class to simplify generating function calls
2828         https://bugs.webkit.org/show_bug.cgi?id=125972
2829
2830         Reviewed by Geoffrey Garen.
2831
2832         Split branchTest32 in two functions: test32AndSetFlags and branchOnFlags.
2833         This is done to allow code where the flags are set, multiple operation that
2834         do not modify the flags occur, then the flags are used.
2835
2836         This is used for function calls to test the return value while discarding the
2837         return register.
2838
2839         * assembler/MacroAssemblerX86Common.h:
2840         (JSC::MacroAssemblerX86Common::test32AndSetFlags):
2841         (JSC::MacroAssemblerX86Common::branchOnFlags):
2842         (JSC::MacroAssemblerX86Common::branchTest32):
2843
2844 2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2845
2846         Put write barriers in the right places in the baseline JIT
2847         https://bugs.webkit.org/show_bug.cgi?id=125975
2848
2849         Reviewed by Filip Pizlo.
2850
2851         * jit/JIT.cpp:
2852         (JSC::JIT::privateCompileSlowCases):
2853         * jit/JIT.h:
2854         * jit/JITInlines.h:
2855         (JSC::JIT::callOperation):
2856         (JSC::JIT::emitArrayProfilingSite):
2857         * jit/JITOpcodes.cpp:
2858         (JSC::JIT::emit_op_enter):
2859         (JSC::JIT::emitSlow_op_enter):
2860         * jit/JITOpcodes32_64.cpp:
2861         (JSC::JIT::emit_op_enter):
2862         (JSC::JIT::emitSlow_op_enter):
2863         * jit/JITPropertyAccess.cpp:
2864         (JSC::JIT::emit_op_put_by_val):
2865         (JSC::JIT::emitGenericContiguousPutByVal):
2866         (JSC::JIT::emitArrayStoragePutByVal):
2867         (JSC::JIT::emit_op_put_by_id):
2868         (JSC::JIT::emitPutGlobalProperty):
2869         (JSC::JIT::emitPutGlobalVar):
2870         (JSC::JIT::emitPutClosureVar):
2871         (JSC::JIT::emit_op_init_global_const):
2872         (JSC::JIT::checkMarkWord):
2873         (JSC::JIT::emitWriteBarrier):
2874         (JSC::JIT::privateCompilePutByVal):
2875         * jit/JITPropertyAccess32_64.cpp:
2876         (JSC::JIT::emitGenericContiguousPutByVal):
2877         (JSC::JIT::emitArrayStoragePutByVal):
2878         (JSC::JIT::emit_op_put_by_id):
2879         (JSC::JIT::emitSlow_op_put_by_id):
2880         (JSC::JIT::emitPutGlobalProperty):
2881         (JSC::JIT::emitPutGlobalVar):
2882         (JSC::JIT::emitPutClosureVar):
2883         (JSC::JIT::emit_op_init_global_const):
2884         * jit/Repatch.cpp:
2885         (JSC::emitPutReplaceStub):
2886         (JSC::emitPutTransitionStub):
2887         (JSC::repatchPutByID):
2888         * runtime/CommonSlowPaths.cpp:
2889         (JSC::SLOW_PATH_DECL):
2890         * runtime/CommonSlowPaths.h:
2891
2892 2013-12-19  Brent Fulgham  <bfulgham@apple.com>
2893
2894         Implement ArrayBuffer.isView
2895         https://bugs.webkit.org/show_bug.cgi?id=126004
2896
2897         Reviewed by Filip Pizlo.
2898
2899         Test coverage in webgl/1.0.2/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html
2900
2901         * runtime/JSArrayBufferConstructor.cpp:
2902         (JSC::JSArrayBufferConstructor::finishCreation): Add 'isView' to object constructor.
2903         (JSC::arrayBufferFuncIsView): New method.
2904
2905 2013-12-19  Mark Lam  <mark.lam@apple.com>
2906
2907         Fix broken C loop LLINT build.
2908         https://bugs.webkit.org/show_bug.cgi?id=126024.
2909
2910         Reviewed by Oliver Hunt.
2911
2912         * runtime/VM.h:
2913
2914 2013-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
2915
2916         DelayedReleaseScope is in the wrong place
2917         https://bugs.webkit.org/show_bug.cgi?id=125876
2918
2919         Reviewed by Geoffrey Garen.
2920
2921         The DelayedReleaseScope needs to be around the free list sweeping in MarkedAllocator::tryAllocateHelper. 
2922         This location gives us a good safe point between getting ready to allocate  (i.e. identifying a non-empty 
2923         free list) and doing the actual allocation (popping the free list).
2924
2925         * heap/MarkedAllocator.cpp:
2926         (JSC::MarkedAllocator::tryAllocateHelper):
2927         (JSC::MarkedAllocator::allocateSlowCase):
2928         (JSC::MarkedAllocator::addBlock):
2929         * runtime/JSCellInlines.h:
2930         (JSC::allocateCell):
2931
2932 2013-12-18  Gustavo Noronha Silva  <gns@gnome.org>
2933
2934         [GTK][CMake] make libjavascriptcoregtk a public shared library again
2935         https://bugs.webkit.org/show_bug.cgi?id=125512
2936
2937         Reviewed by Martin Robinson.
2938
2939         * CMakeLists.txt: use target type instead of SHARED_CORE to decide whether
2940         JavaScriptCore is a shared library, since it's always shared for GTK+ regardless
2941         of SHARED_CORE.
2942
2943 2013-12-18  Benjamin Poulain  <benjamin@webkit.org>
2944
2945         Add a simple stack abstraction for x86_64
2946         https://bugs.webkit.org/show_bug.cgi?id=125908
2947
2948         Reviewed by Geoffrey Garen.
2949
2950         * assembler/MacroAssemblerX86_64.h:
2951         (JSC::MacroAssemblerX86_64::addPtrNoFlags):
2952         Add an explicit abstraction for the "lea" instruction. This is needed
2953         by the experimental JIT to have add and substract without changing the flags.
2954
2955         This is useful for function calls to test the return value, restore the registers,
2956         then branch on the flags from the return value.
2957
2958 2013-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
2959
2960         DFG should have a separate StoreBarrier node
2961         https://bugs.webkit.org/show_bug.cgi?id=125530
2962
2963         Reviewed by Filip Pizlo.
2964
2965         This is in preparation for GenGC. We use a separate StoreBarrier node instead of making them implicitly 
2966         part of other nodes so that it's easier to run analyses on them, e.g. for the StoreBarrierElisionPhase. 
2967         They are inserted during the fixup phase. Initially they do not generate any code.
2968
2969         * CMakeLists.txt:
2970         * GNUmakefile.list.am:
2971         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2972         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2973         * JavaScriptCore.xcodeproj/project.pbxproj:
2974         * dfg/DFGAbstractHeap.h:
2975         * dfg/DFGAbstractInterpreter.h:
2976         (JSC::DFG::AbstractInterpreter::isKnownNotCell):
2977         * dfg/DFGAbstractInterpreterInlines.h:
2978         (JSC::DFG::::executeEffects):
2979         * dfg/DFGClobberize.h:
2980         (JSC::DFG::clobberizeForAllocation):
2981         (JSC::DFG::clobberize):
2982         * dfg/DFGConstantFoldingPhase.cpp:
2983         (JSC::DFG::ConstantFoldingPhase::foldConstants): Whenever we insert new nodes that require StoreBarriers,
2984         we have to add those new StoreBarriers too. It's important to note that AllocatePropertyStorage and 
2985         ReallocatePropertyStorage nodes require their StoreBarriers to come after them since they allocate first,
2986         which could cause a GC, and then store the resulting buffer into their JSCell, which requires the barrier.
2987         If we ever require that write barriers occur before stores, we'll have to split these nodes into 
2988         AllocatePropertyStorage + StoreBarrier + PutPropertyStorage.
2989         * dfg/DFGFixupPhase.cpp:
2990         (JSC::DFG::FixupPhase::fixupNode):
2991         (JSC::DFG::FixupPhase::insertStoreBarrier):
2992         * dfg/DFGNode.h:
2993         (JSC::DFG::Node::isStoreBarrier):
2994         * dfg/DFGNodeType.h:
2995         * dfg/DFGOSRExitCompiler32_64.cpp:
2996         (JSC::DFG::OSRExitCompiler::compileExit):
2997         * dfg/DFGOSRExitCompiler64.cpp:
2998         (JSC::DFG::OSRExitCompiler::compileExit):
2999         * dfg/DFGPlan.cpp:
3000         (JSC::DFG::Plan::compileInThreadImpl):
3001         * dfg/DFGPredictionPropagationPhase.cpp:
3002         (JSC::DFG::PredictionPropagationPhase::propagate):
3003         * dfg/DFGSafeToExecute.h:
3004         (JSC::DFG::safeToExecute):
3005         * dfg/DFGSpeculativeJIT.cpp:
3006         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
3007         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3008         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
3009         (JSC::DFG::SpeculativeJIT::genericWriteBarrier): The fast path write barrier check. It loads the 
3010         byte that contains the mark bit of the object. 
3011         (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): If the fast path check fails we try to store the 
3012         cell in the WriteBarrierBuffer so as to avoid frequently flushing all registers in order to make a C call.
3013         (JSC::DFG::SpeculativeJIT::writeBarrier):
3014         (JSC::DFG::SpeculativeJIT::osrWriteBarrier): More barebones version of the write barrier to be executed 
3015         during an OSR exit into baseline code. We must do this so that the baseline JIT object and array profiles 
3016         are properly cleared during GC.
3017         * dfg/DFGSpeculativeJIT.h:
3018         (JSC::DFG::SpeculativeJIT::callOperation):
3019         * dfg/DFGSpeculativeJIT32_64.cpp:
3020         (JSC::DFG::SpeculativeJIT::cachedPutById):
3021         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
3022         (JSC::DFG::SpeculativeJIT::compile):
3023         (JSC::DFG::SpeculativeJIT::writeBarrier):
3024         * dfg/DFGSpeculativeJIT64.cpp:
3025         (JSC::DFG::SpeculativeJIT::cachedPutById):
3026         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
3027         (JSC::DFG::SpeculativeJIT::compile):
3028         (JSC::DFG::SpeculativeJIT::writeBarrier):
3029         * dfg/DFGStoreBarrierElisionPhase.cpp: Added. New DFG phase that does block-local elision of redundant
3030         StoreBarriers. Every time a StoreBarrier on a particular object is executed, a bit is set indicating that 
3031         that object doesn't need any more StoreBarriers. 
3032         (JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
3033         (JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Nodes that could cause a GC reset the bits for all of the 
3034         objects known in the current block. 
3035         (JSC::DFG::StoreBarrierElisionPhase::allocatesFreshObject): A node that creates a new object automatically 
3036         sets the bit for that object since if a GC occurred as the result of that object's allocation then that 
3037         object would not need a barrier since it would be guaranteed to be a young generation object until the 
3038         next GC point.
3039         (JSC::DFG::StoreBarrierElisionPhase::noticeFreshObject):
3040         (JSC::DFG::StoreBarrierElisionPhase::getBaseOfStore):
3041         (JSC::DFG::StoreBarrierElisionPhase::shouldBeElided):
3042         (JSC::DFG::StoreBarrierElisionPhase::elideBarrier):
3043         (JSC::DFG::StoreBarrierElisionPhase::handleNode):
3044         (JSC::DFG::StoreBarrierElisionPhase::handleBlock):
3045         (JSC::DFG::StoreBarrierElisionPhase::run):
3046         (JSC::DFG::performStoreBarrierElision):
3047         * dfg/DFGStoreBarrierElisionPhase.h: Added.
3048         * heap/Heap.cpp:
3049         (JSC::Heap::Heap):
3050         (JSC::Heap::flushWriteBarrierBuffer):
3051         * heap/Heap.h:
3052         (JSC::Heap::writeBarrier):
3053         * heap/MarkedBlock.h:
3054         (JSC::MarkedBlock::offsetOfMarks):
3055         * heap/WriteBarrierBuffer.cpp: Added. The WriteBarrierBuffer buffers a set of JSCells that are awaiting 
3056         a pending WriteBarrier. This buffer is used by the DFG to avoid the overhead of calling out to C repeatedly
3057         to invoke a write barrier on a single JSCell. Instead the DFG has inline code to fill the WriteBarrier buffer
3058         until its full, and then to call out to C to flush it. The WriteBarrierBuffer will also be flushed prior to 
3059         each EdenCollection.
3060         (JSC::WriteBarrierBuffer::WriteBarrierBuffer):
3061         (JSC::WriteBarrierBuffer::~WriteBarrierBuffer):
3062         (JSC::WriteBarrierBuffer::flush):
3063         (JSC::WriteBarrierBuffer::reset):
3064         (JSC::WriteBarrierBuffer::add):
3065         * heap/WriteBarrierBuffer.h: Added.
3066         (JSC::WriteBarrierBuffer::currentIndexOffset):
3067         (JSC::WriteBarrierBuffer::capacityOffset):
3068         (JSC::WriteBarrierBuffer::bufferOffset):
3069         * jit/JITOperations.cpp:
3070         * jit/JITOperations.h:
3071         * runtime/VM.h:
3072
3073 2013-12-18  Carlos Garcia Campos  <cgarcia@igalia.com>
3074
3075         Unreviewed. Fix make distcheck.
3076
3077         * GNUmakefile.am:
3078
3079 2013-12-17  Julien Brianceau  <jbriance@cisco.com>
3080
3081         Fix armv7 and sh4 builds.
3082         https://bugs.webkit.org/show_bug.cgi?id=125848
3083
3084         Reviewed by Csaba Osztrogonác.
3085
3086         * assembler/ARMv7Assembler.h: Include limits.h for INT_MIN.
3087         * assembler/SH4Assembler.h: Include limits.h for INT_MIN.
3088
3089 2013-12-16  Oliver Hunt  <oliver@apple.com>
3090
3091         Avoid indirect function calls for custom getters
3092         https://bugs.webkit.org/show_bug.cgi?id=125821
3093
3094         Reviewed by Mark Hahnenberg.
3095
3096         Rather than invoking a helper function to perform an indirect call
3097         through a function pointer, just have the JIT call the function directly.
3098
3099         Unfortunately this only works in JSVALUE64 at the moment as there
3100         is not an obvious way to pass two EncodedJSValues uniformly over
3101         the various effected JITs.
3102
3103         * jit/CCallHelpers.h:
3104         (JSC::CCallHelpers::setupArguments):
3105         * jit/Repatch.cpp:
3106         (JSC::generateProtoChainAccessStub):
3107         (JSC::tryBuildGetByIDList):
3108
3109 2013-12-16  Joseph Pecoraro  <pecoraro@apple.com>
3110
3111         Fix some whitespace issues in inspector code
3112         https://bugs.webkit.org/show_bug.cgi?id=125814
3113
3114         Reviewed by Darin Adler.
3115
3116         * inspector/protocol/Debugger.json:
3117         * inspector/protocol/Runtime.json:
3118         * inspector/scripts/CodeGeneratorInspector.py:
3119         (Generator.process_command):
3120
3121 2013-12-16  Mark Hahnenberg  <mhahnenberg@apple.com>
3122
3123         Add some missing functions to MacroAssembler
3124         https://bugs.webkit.org/show_bug.cgi?id=125809
3125
3126         Reviewed by Oliver Hunt.
3127
3128         * assembler/AbstractMacroAssembler.h:
3129         * assembler/AssemblerBuffer.h:
3130         * assembler/LinkBuffer.cpp:
3131         * assembler/MacroAssembler.h:
3132         (JSC::MacroAssembler::storePtr):
3133         (JSC::MacroAssembler::andPtr):
3134         * assembler/MacroAssemblerARM64.h:
3135         (JSC::MacroAssemblerARM64::and64):
3136         (JSC::MacroAssemblerARM64::branchTest8):
3137         * assembler/MacroAssemblerARMv7.h:
3138         (JSC::MacroAssemblerARMv7::branchTest8):
3139         * assembler/X86Assembler.h:
3140
3141 2013-12-16  Brent Fulgham  <bfulgham@apple.com>
3142
3143         [Win] Remove dead code after conversion to VS2013
3144         https://bugs.webkit.org/show_bug.cgi?id=125795
3145
3146         Reviewed by Darin Adler.
3147
3148         * API/tests/testapi.c: Remove local nan implementation
3149
3150 2013-12-16  Oliver Hunt  <oliver@apple.com>
3151
3152         Cache getters and custom accessors on the prototype chain
3153         https://bugs.webkit.org/show_bug.cgi?id=125602
3154
3155         Reviewed by Michael Saboff.
3156
3157         Support caching of custom getters and accessors on the prototype chain.
3158         This is relatively trivial and just requires a little work compared to
3159         the direct access mode as we're under more register pressure.
3160
3161         * bytecode/StructureStubInfo.h:
3162           Removed the unsued initGetByIdProto as it was confusing to still have it present.
3163         * jit/Repatch.cpp:
3164         (JSC::generateProtoChainAccessStub):
3165         (JSC::tryCacheGetByID):
3166         (JSC::tryBuildGetByIDList):
3167
3168 2013-12-16  Mark Lam  <mark.lam@apple.com>
3169
3170         Change slow path result to take a void* instead of a ExecState*.
3171         https://bugs.webkit.org/show_bug.cgi?id=125802.
3172
3173         Reviewed by Filip Pizlo.
3174
3175         This is in preparation for C Stack OSR entry work that is coming soon.
3176         In the OSR entry case, we'll be returning a topOfFrame pointer value
3177         instead of the ExecState*.
3178
3179         * offlineasm/cloop.rb:
3180         * runtime/CommonSlowPaths.h:
3181         (JSC::encodeResult):
3182         (JSC::decodeResult):
3183
3184 2013-12-16  Alex Christensen  <achristensen@webkit.org>
3185
3186         Fixed Win64 build on VS2013.
3187         https://bugs.webkit.org/show_bug.cgi?id=125753
3188
3189         Reviewed by Brent Fulgham.
3190
3191         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3192         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
3193         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
3194         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
3195         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
3196         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
3197         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
3198         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
3199         Added correct PlatformToolset for 64-bit builds.
3200
3201 2013-12-16  Peter Szanka  <h868064@stud.u-szeged.hu>
3202
3203         Delete RVCT related code parts.
3204         https://bugs.webkit.org/show_bug.cgi?id=125626
3205
3206         Reviewed by Darin Adler.
3207
3208         * assembler/ARMAssembler.cpp:
3209         * assembler/ARMAssembler.h:
3210         (JSC::ARMAssembler::cacheFlush):
3211         * assembler/MacroAssemblerARM.cpp:
3212         (JSC::isVFPPresent):
3213         * jit/JITStubsARM.h:
3214         * jit/JITStubsARMv7.h:
3215
3216 2013-12-15  Ryosuke Niwa  <rniwa@webkit.org>
3217
3218         REGRESSION: 2x regression on Dromaeo DOM query tests
3219         https://bugs.webkit.org/show_bug.cgi?id=125377
3220
3221         Reviewed by Filip Pizlo.
3222
3223         The bug was caused by JSC not JIT'ing property access on "document" due to its type info having
3224         HasImpureGetOwnPropertySlot flag.
3225
3226         Fixed the bug by new type info flag NewImpurePropertyFiresWatchpoints, which allows the baseline
3227         JIT to generate byte code for access properties on an object with named properties (a.k.a.
3228         custom name getter) in DOM. When a new named property appears on the object, VM is notified via
3229         VM::addImpureProperty and fires StructureStubClearingWatchpoint added during the repatch.
3230
3231         * bytecode/GetByIdStatus.cpp:
3232         (JSC::GetByIdStatus::computeFromLLInt): Take the slow path if we have any object with impure
3233         properties in the prototype chain.
3234         (JSC::GetByIdStatus::computeForChain): Ditto.
3235
3236         * jit/Repatch.cpp:
3237         (JSC::repatchByIdSelfAccess): Throw away the byte code when a new impure property is added on any
3238         object in the prototype chain via StructureStubClearingWatchpoint.
3239         (JSC::generateProtoChainAccessStub): Ditto.
3240         (JSC::tryCacheGetByID):
3241         (JSC::tryBuildGetByIDList):
3242         (JSC::tryRepatchIn): Ditto.
3243
3244         * runtime/JSTypeInfo.h: Added NewImpurePropertyFiresWatchpoints.
3245         (JSC::TypeInfo::newImpurePropertyFiresWatchpoints): Added.
3246
3247         * runtime/Operations.h:
3248         (JSC::normalizePrototypeChainForChainAccess): Don't exit early if VM will be notified of new
3249         impure property even if the object had impure properties.
3250
3251         * runtime/Structure.h:
3252         (JSC::Structure::takesSlowPathInDFGForImpureProperty): Added. Wraps hasImpureGetOwnPropertySlot and
3253         asserts that newImpurePropertyFiresWatchpoints is true whenever hasImpureGetOwnPropertySlot is true.
3254
3255         * runtime/VM.cpp:
3256         (JSC::VM::registerWatchpointForImpureProperty): Added.
3257         (JSC::VM::addImpureProperty): Added. HTMLDocument calls it to notify JSC of a new impure property.
3258
3259         * runtime/VM.h:
3260
3261 2013-12-15  Andy Estes  <aestes@apple.com>
3262
3263         [iOS] Upstream changes to FeatureDefines.xcconfig
3264         https://bugs.webkit.org/show_bug.cgi?id=125742
3265
3266         Reviewed by Dan Bernstein.
3267
3268         * Configurations/FeatureDefines.xcconfig:
3269
3270 2013-12-14  Filip Pizlo  <fpizlo@apple.com>
3271
3272         FTL should *really* know when things are flushed
3273         https://bugs.webkit.org/show_bug.cgi?id=125747
3274
3275         Reviewed by Sam Weinig.
3276         
3277         Fix more codegen badness. This makes V8v7's crypto am3() function run faster in the FTL
3278         than in DFG. This means that even if we just compile those functions in V8v7 that don't
3279         make calls, the FTL gives us a 2% speed-up over the DFG. That's pretty good considering
3280         that we have still more optimizations to fix and we can make calls work.
3281
3282         * dfg/DFGSSAConversionPhase.cpp:
3283         (JSC::DFG::SSAConversionPhase::run):
3284         * ftl/FTLCompile.cpp:
3285         (JSC::FTL::fixFunctionBasedOnStackMaps):
3286
3287 2013-12-14  Andy Estes  <aestes@apple.com>
3288
3289         Unify FeatureDefines.xcconfig
3290         https://bugs.webkit.org/show_bug.cgi?id=125741
3291
3292         Rubber-stamped by Dan Bernstein.
3293
3294         * Configurations/FeatureDefines.xcconfig: Enable ENABLE_MEDIA_SOURCE.
3295
3296 2013-12-14  Mark Rowe  <mrowe@apple.com>
3297
3298         Build fix after r160557.
3299
3300         r160557 added the first generated header to JavaScriptCore that needs to be installed in to
3301         the framework wrapper. Sadly JavaScriptCore's Derived Sources target was not set to generate
3302         headers when invoked as part of the installhdrs action. This resulted in the build failing
3303         due to Xcode being unable to find the header file to install. The fix for this is to configure
3304         the Derived Sources target to use JavaScriptCore.xcconfig, which sets INSTALLHDRS_SCRIPT_PHASE
3305         to YES and allows Xcode to generate derived sources during the installhdrs action.
3306
3307         Enabling INSTALLHDRS_SCRIPT_PHASE required tweaking the Generate Derived Sources script build
3308         phase to skip running code related to offlineasm that depends on JSCLLIntOffsetExtractor
3309         having been compiled, which isn't the case at installhdrs time.
3310
3311         * JavaScriptCore.xcodeproj/project.pbxproj:
3312
3313 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3314
3315         Some Set and Map prototype functions have incorrect function lengths
3316         https://bugs.webkit.org/show_bug.cgi?id=125732
3317
3318         Reviewed by Oliver Hunt.
3319
3320         * runtime/MapPrototype.cpp:
3321         (JSC::MapPrototype::finishCreation):
3322         * runtime/SetPrototype.cpp:
3323         (JSC::SetPrototype::finishCreation):
3324
3325 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3326
3327         Web Inspector: Move Inspector and Debugger protocol domains into JavaScriptCore
3328         https://bugs.webkit.org/show_bug.cgi?id=125707
3329
3330         Reviewed by Timothy Hatcher.
3331
3332         * CMakeLists.txt:
3333         * DerivedSources.make:
3334         * GNUmakefile.am:
3335         * inspector/protocol/Debugger.json: Renamed from Source/WebCore/inspector/protocol/Debugger.json.
3336         * inspector/protocol/GenericTypes.json: Added.
3337         * inspector/protocol/InspectorDomain.json: Renamed from Source/WebCore/inspector/protocol/InspectorDomain.json.
3338         Add new files to inspector generation.
3339
3340         * inspector/scripts/CodeGeneratorInspector.py:
3341         (Generator.go):
3342         Only build TypeBuilder output if the domain only has types. Avoid
3343         backend/frontend dispatchers and backend commands.
3344
3345         (TypeBindings.create_type_declaration_.EnumBinding.get_setter_value_expression_pattern):
3346         (format_setter_value_expression):
3347         (Generator.process_command):
3348         (Generator.generate_send_method):
3349         * inspector/scripts/CodeGeneratorInspectorStrings.py:
3350         Export and name the get{JS,Web}EnumConstant function.
3351
3352 2013-12-11  Filip Pizlo  <fpizlo@apple.com>
3353
3354         Get rid of forward exit on UInt32ToNumber by adding an op_unsigned bytecode instruction
3355         https://bugs.webkit.org/show_bug.cgi?id=125553
3356
3357         Reviewed by Oliver Hunt.
3358         
3359         UInt32ToNumber was a super complicated node because it had to do a speculation, but it
3360         would do it after we already had computed the urshift. It couldn't just back to the
3361         beginning of the urshift because the inputs to the urshift weren't necessarily live
3362         anymore. We couldn't jump forward to the beginning of the next instruction because the
3363         result of the urshift was not yet unsigned-converted.
3364         
3365         For a while we solved this by forward-exiting in UInt32ToNumber. But that's really
3366         gross and I want to get rid of all forward exits. They cause a lot of bugs.
3367         
3368         We could also have turned UInt32ToNumber to a backwards exit by forcing the inputs to
3369         the urshift to be live. I figure that this might be a bit too extreme.
3370         
3371         So, I just created a new place that we can exit to: I split op_urshift into op_urshift
3372         followed by op_unsigned. op_unsigned is an "unsigned cast" along the lines of what
3373         UInt32ToNumber does. This allows me to get rid of all of the nastyness in the DFG for
3374         forward exiting in UInt32ToNumber.
3375         
3376         This patch enables massive code carnage in the DFG and FTL, and brings us closer to
3377         eliminating one of the DFG's most confusing concepts. On the flipside, it does make the
3378         bytecode slightly more complex (one new instruction). This is a profitable trade. We
3379         want the DFG and FTL to trend towards simplicity, since they are both currently too
3380         complicated.
3381
3382         * bytecode/BytecodeUseDef.h:
3383         (JSC::computeUsesForBytecodeOffset):
3384         (JSC::computeDefsForBytecodeOffset):
3385         * bytecode/CodeBlock.cpp:
3386         (JSC::CodeBlock::dumpBytecode):
3387         * bytecode/Opcode.h:
3388         (JSC::padOpcodeName):
3389         * bytecode/ValueRecovery.cpp:
3390         (JSC::ValueRecovery::dumpInContext):
3391         * bytecode/ValueRecovery.h:
3392         (JSC::ValueRecovery::gpr):
3393         * bytecompiler/NodesCodegen.cpp:
3394         (JSC::BinaryOpNode::emitBytecode):
3395         (JSC::emitReadModifyAssignment):
3396         * dfg/DFGByteCodeParser.cpp:
3397         (JSC::DFG::ByteCodeParser::toInt32):
3398         (JSC::DFG::ByteCodeParser::parseBlock):
3399         * dfg/DFGClobberize.h:
3400         (JSC::DFG::clobberize):
3401         * dfg/DFGNodeType.h:
3402         * dfg/DFGOSRExitCompiler32_64.cpp:
3403         (JSC::DFG::OSRExitCompiler::compileExit):
3404         * dfg/DFGOSRExitCompiler64.cpp:
3405         (JSC::DFG::OSRExitCompiler::compileExit):
3406         * dfg/DFGSpeculativeJIT.cpp:
3407         (JSC::DFG::SpeculativeJIT::compileMovHint):
3408         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
3409         * dfg/DFGSpeculativeJIT.h:
3410         * dfg/DFGSpeculativeJIT32_64.cpp:
3411         * dfg/DFGSpeculativeJIT64.cpp:
3412         * dfg/DFGStrengthReductionPhase.cpp:
3413         (JSC::DFG::StrengthReductionPhase::handleNode):
3414         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild):
3415         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild1):
3416         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild2):
3417         * ftl/FTLFormattedValue.h:
3418         (JSC::FTL::int32Value):
3419         * ftl/FTLLowerDFGToLLVM.cpp:
3420         (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
3421         * ftl/FTLValueFormat.cpp:
3422         (JSC::FTL::reboxAccordingToFormat):
3423         (WTF::printInternal):
3424         * ftl/FTLValueFormat.h:
3425         * jit/JIT.cpp:
3426         (JSC::JIT::privateCompileMainPass):
3427         (JSC::JIT::privateCompileSlowCases):
3428         * jit/JIT.h:
3429         * jit/JITArithmetic.cpp:
3430         (JSC::JIT::emit_op_urshift):
3431         (JSC::JIT::emitSlow_op_urshift):
3432         (JSC::JIT::emit_op_unsigned):
3433         (JSC::JIT::emitSlow_op_unsigned):
3434         * jit/JITArithmetic32_64.cpp:
3435         (JSC::JIT::emitRightShift):
3436         (JSC::JIT::emitRightShiftSlowCase):
3437         (JSC::JIT::emit_op_unsigned):
3438         (JSC::JIT::emitSlow_op_unsigned):
3439         * llint/LowLevelInterpreter32_64.asm:
3440         * llint/LowLevelInterpreter64.asm:
3441         * runtime/CommonSlowPaths.cpp:
3442         (JSC::SLOW_PATH_DECL):
3443         * runtime/CommonSlowPaths.h:
3444
3445 2013-12-13  Mark Hahnenberg  <mhahnenberg@apple.com>
3446
3447         LLInt should not conditionally branch to to labels outside of its function
3448         https://bugs.webkit.org/show_bug.cgi?id=125713
3449
3450         Reviewed by Geoffrey Garen.
3451
3452         Conditional branches are insufficient for jumping to out-of-function labels.
3453         The fix is to use an unconditional jmp to the label combined with a conditional branch around the jmp.
3454
3455         * llint/LowLevelInterpreter32_64.asm:
3456         * llint/LowLevelInterpreter64.asm:
3457
3458 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3459
3460         [GTK] Remove Warnings in building about duplicate INSPECTOR variables
3461         https://bugs.webkit.org/show_bug.cgi?id=125710
3462
3463         Reviewed by Tim Horton.
3464
3465         * GNUmakefile.am:
3466
3467 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3468
3469         Cleanup CodeGeneratorInspectorStrings a bit
3470         https://bugs.webkit.org/show_bug.cgi?id=125705
3471
3472         Reviewed by Timothy Hatcher.
3473
3474         * inspector/scripts/CodeGeneratorInspectorStrings.py:
3475         Use ${foo} variable syntax and add an ASCIILiteral.
3476
3477 2013-12-13  Brent Fulgham  <bfulgham@apple.com>
3478
3479         [Win] Unreviewed build fix after r160563
3480
3481         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Missed the Debug
3482         target in my last patch.
3483
3484 2013-12-13  Brent Fulgham  <bfulgham@apple.com>
3485
3486         [Win] Unreviewed build fix after r160548
3487
3488         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Specify
3489         that we are using the vs12_xp target for Makefile-based projects.
3490         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: Ditto
3491         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: Ditto.
3492
3493 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3494
3495         Make inspector folder groups smarter in JavaScriptCore.xcodeproj
3496         https://bugs.webkit.org/show_bug.cgi?id=125663
3497
3498         Reviewed by Darin Adler.
3499
3500         * JavaScriptCore.xcodeproj/project.pbxproj:
3501
3502 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3503
3504         Web Inspector: Add Inspector Code Generation to JavaScriptCore for Runtime Domain
3505         https://bugs.webkit.org/show_bug.cgi?id=125595
3506
3507         Reviewed by Timothy Hatcher.
3508
3509           - Move CodeGeneration scripts from WebCore into JavaScriptCore/inspector/scripts
3510           - For ports that build WebKit frameworks separately, export the scripts as PrivateHeaders
3511           - Update CodeGeneratorInspector.py in a few ways:
3512             - output dynamic filenames, so JavaScriptCore generates InspectorJSFoo.* and WebCore generates InspectorWebFoo.*
3513             - take in more then one protocol JSON file. The first contains domains to generate, the others are dependencies
3514               that are generated elsewhere that we can depend on for Types.
3515           - Add DerivedSources build step to generate the Inspector Interfaces
3516
3517         * CMakeLists.txt:
3518         * DerivedSources.make:
3519         * GNUmakefile.am:
3520         * GNUmakefile.list.am:
3521         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3522         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3523         * JavaScriptCore.vcxproj/copy-files.cmd:
3524         * JavaScriptCore.xcodeproj/project.pbxproj:
3525         Add scripts and code generation.
3526
3527         * inspector/protocol/Runtime.json: Renamed from Source/WebCore/inspector/protocol/Runtime.json.
3528         Move protocol file into JavaScriptCore so its types will be generated in JavaScriptCore.
3529
3530         * inspector/scripts/CodeGeneratorInspector.py: Renamed from Source/WebCore/inspector/CodeGeneratorInspector.py.
3531         Updates to the script as listed above.
3532
3533         * inspector/scripts/CodeGeneratorInspectorStrings.py: Renamed from Source/WebCore/inspector/CodeGeneratorInspectorStrings.py.
3534         * inspector/scripts/generate-combined-inspector-json.py: Renamed from Source/WebCore/inspector/Scripts/generate-combined-inspector-json.py.
3535         Moved from WebCore into JavaScriptCore for code generation.
3536
3537 2013-12-13  Peter Szanka  <h868064@stud.u-szeged.hu>
3538
3539         Delete INTEL C compiler related code parts.
3540         https://bugs.webkit.org/show_bug.cgi?id=125625
3541
3542         Reviewed by Darin Adler.
3543
3544         * jsc.cpp:
3545         * testRegExp.cpp:
3546
3547 2013-12-13  Brent Fulgham  <bfulgham@apple.com>
3548
3549         [Win] Switch WebKit solution to Visual Studio 2013
3550         https://bugs.webkit.org/show_bug.cgi?id=125192
3551
3552         Reviewed by Anders Carlsson.
3553
3554         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
3555         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
3556         Ditto
3557         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Ditto
3558         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
3559         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
3560
3561 2013-12-12  Joseph Pecoraro  <pecoraro@apple.com>
3562
3563         Add a few more ASCIILiterals
3564         https://bugs.webkit.org/show_bug.cgi?id=125662
3565
3566         Reviewed by Darin Adler.
3567
3568         * inspector/InspectorBackendDispatcher.cpp:
3569         (Inspector::InspectorBackendDispatcher::dispatch):
3570
3571 2013-12-12  Joseph Pecoraro  <pecoraro@apple.com>
3572
3573         Test new JSContext name APIs
3574         https://bugs.webkit.org/show_bug.cgi?id=125607
3575
3576         Reviewed by Darin Adler.
3577
3578         * API/JSContext.h:
3579         * API/JSContextRef.h:
3580         Fix whitespace issues.
3581
3582         * API/tests/testapi.c:
3583         (globalContextNameTest):
3584         (main):
3585         * API/tests/testapi.mm:
3586         Add tests for JSContext set/get name APIs.
3587
3588 2013-12-11  Filip Pizlo  <fpizlo@apple.com>
3589
3590         ARM64: Hang running pdfjs test, suspect DFG generated code for "in"
3591         https://bugs.webkit.org/show_bug.cgi?id=124727
3592         <rdar://problem/15566923>
3593
3594         Reviewed by Michael Saboff.
3595         
3596         Get rid of In's hackish use of StructureStubInfo. Previously it was using hotPathBegin,
3597         and it was the only IC that used that field, which was wasteful. Moreover, it used it
3598         to store two separate locations: the label for patching the jump and the label right
3599         after the jump. The code was relying on those two being the same label, which is true
3600         on X86 and some other platforms, but it isn't true on ARM64.
3601         
3602         This gets rid of hotPathBegin and makes In express those two locations as offsets from
3603         the callReturnLocation, which is analogous to what the other IC's do.
3604         
3605         This fixes a bug where any successful In patching would result in a trivially infinite
3606         loop - and hence a hang - on ARM64.
3607
3608         * bytecode/StructureStubInfo.h:
3609         * dfg/DFGJITCompiler.cpp:
3610         (JSC::DFG::JITCompiler::link):
3611         * dfg/DFGJITCompiler.h:
3612         (JSC::DFG::InRecord::InRecord):
3613         * dfg/DFGSpeculativeJIT.cpp:
3614         (JSC::DFG::SpeculativeJIT::compileIn):
3615         * jit/JITInlineCacheGenerator.cpp:
3616         (JSC::JITByIdGenerator::finalize):
3617         * jit/Repatch.cpp:
3618         (JSC::replaceWithJump):
3619         (JSC::patchJumpToGetByIdStub):
3620         (JSC::tryCachePutByID):
3621         (JSC::tryBuildPutByIdList):
3622         (JSC::tryRepatchIn):
3623         (JSC::resetGetByID):
3624         (JSC::resetPutByID):
3625         (JSC::resetIn):
3626
3627 2013-12-11  Joseph Pecoraro  <pecoraro@apple.com>
3628
3629         Web Inspector: Push More Inspector Required Classes Down into JavaScriptCore
3630         https://bugs.webkit.org/show_bug.cgi?id=125324
3631
3632         Reviewed by Timothy Hatcher.
3633
3634         * CMakeLists.txt:
3635         * GNUmakefile.am:
3636         * GNUmakefile.list.am:
3637         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3638         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3639         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3640         * JavaScriptCore.vcxproj/copy-files.cmd:
3641         * JavaScriptCore.xcodeproj/project.pbxproj:
3642         * bindings/ScriptFunctionCall.cpp: Renamed from Source/WebCore/bindings/js/ScriptFunctionCall.cpp.
3643         * bindings/ScriptFunctionCall.h: Renamed from Source/WebCore/bindings/js/ScriptFunctionCall.h.
3644         * bindings/ScriptObject.cpp: Copied from Source/WebCore/inspector/WorkerConsoleAgent.cpp.
3645         * bindings/ScriptObject.h: Renamed from Source/WebCore/inspector/InspectorBaseAgent.h.
3646         * bindings/ScriptValue.cpp: Renamed from Source/WebCore/bindings/js/ScriptValue.cpp.
3647         * bindings/ScriptValue.h: Renamed from Source/WebCore/bindings/js/ScriptValue.h.
3648         * inspector/InspectorAgentBase.h: Copied from Source/WebCore/inspector/InspectorAgentRegistry.h.
3649         * inspector/InspectorAgentRegistry.cpp: Renamed from Source/WebCore/inspector/InspectorAgentRegistry.cpp.
3650         * inspector/InspectorBackendDispatcher.h: Renamed from Source/WebCore/inspector/InspectorBackendDispatcher.h.
3651         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
3652         (Inspector::InspectorSupplementalBackendDispatcher::~InspectorSupplementalBackendDispatcher):
3653         * inspector/InspectorValues.cpp: Renamed from Source/WebCore/inspector/InspectorValues.cpp.
3654         * inspector/InspectorValues.h: Renamed from Source/WebCore/inspector/InspectorValues.h.
3655
3656 2013-12-11  Laszlo Vidacs  <lac@inf.u-szeged.hu>
3657
3658         Store SHA1 hash in std::array
3659         https://bugs.webkit.org/show_bug.cgi?id=125446
3660
3661         Reviewed by Darin Adler.
3662
3663         Change Vector to std::array and use typedef.
3664
3665         * bytecode/CodeBlockHash.cpp:
3666         (JSC::CodeBlockHash::CodeBlockHash):
3667
3668 2013-12-11  Mark Rowe  <mrowe@apple.com>
3669
3670         <https://webkit.org/b/125141> Modernize the JavaScriptCore API headers
3671         <rdar://problem/15540121>
3672
3673         This consists of three main changes:
3674         1) Converting the return type of initializer methods to instancetype.
3675         2) Declaring properties rather than getters and setters.
3676         3) Tagging C API methods with information about their memory management semantics.
3677
3678         Changing the declarations from getters and setters to properties also required
3679         updating the headerdoc in a number of places.
3680
3681         Reviewed by Anders Carlsson.
3682
3683         * API/JSContext.h:
3684         * API/JSContext.mm:
3685         * API/JSManagedValue.h:
3686         * API/JSManagedValue.mm:
3687         * API/JSStringRefCF.h:
3688         * API/JSValue.h:
3689         * API/JSVirtualMachine.h:
3690         * API/JSVirtualMachine.mm:
3691
3692 2013-12-11  Mark Rowe  <mrowe@apple.com>
3693
3694         <https://webkit.org/b/125559> Move JavaScriptCore off the legacy WebKit availability macros
3695
3696         The legacy WebKit availability macros are verbose, confusing, and provide no benefit over
3697         using the system availability macros directly. The original vision was that they'd serve
3698         a cross-platform purpose but that never came to be.
3699
3700         Map from WebKit version to OS X version based on the mapping in WebKitAvailability.h.
3701         All iOS versions are specified as 7.0 as that is when the JavaScriptCore C API was made
3702         public.
3703
3704         Part of <rdar://problem/15512304>.
3705
3706         Reviewed by Anders Carlsson.
3707
3708         * API/JSBasePrivate.h:
3709         * API/JSContextRef.h:
3710         * API/JSContextRefPrivate.h:
3711         * API/JSObjectRef.h:
3712         * API/JSValueRef.h:
3713
3714 2013-12-10  Filip Pizlo  <fpizlo@apple.com>
3715
3716         Get rid of forward exit on DoubleAsInt32
3717         https://bugs.webkit.org/show_bug.cgi?id=125552
3718
3719         Reviewed by Oliver Hunt.
3720         
3721         The forward exit was just there so that we wouldn't have to keep the inputs alive up to
3722         the DoubleAsInt32. That's dumb. Forward exits are a complicated piece of machinery and
3723         we shouldn't have it just for a bit of liveness micro-optimization.
3724         
3725         Also add a bunch of machinery to test this case on X86.
3726
3727         * assembler/AbstractMacroAssembler.h:
3728         (JSC::optimizeForARMv7s):
3729         (JSC::optimizeForARM64):
3730         (JSC::optimizeForX86):
3731         * dfg/DFGFixupPhase.cpp:
3732         (JSC::DFG::FixupPhase::fixupNode):
3733         * dfg/DFGNodeType.h:
3734         * dfg/DFGSpeculativeJIT.cpp:
3735         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
3736         * runtime/Options.h:
3737         * tests/stress/double-as-int32.js: Added.
3738         (foo):
3739         (test):
3740
3741 2013-12-10  Filip Pizlo  <fpizlo@apple.com>
3742
3743         Simplify CSE's treatment of NodeRelevantToOSR
3744         https://bugs.webkit.org/show_bug.cgi?id=125538
3745
3746         Reviewed by Oliver Hunt.
3747         
3748         Make the NodeRelevantToOSR thing obvious: if there is any MovHint on a node then the
3749         node is relevant to OSR.
3750
3751         * dfg/DFGCSEPhase.cpp:
3752         (JSC::DFG::CSEPhase::run):
3753         (JSC::DFG::CSEPhase::performNodeCSE):
3754         (JSC::DFG::CSEPhase::performBlockCSE):
3755
3756 2013-12-10  Filip Pizlo  <fpizlo@apple.com>
3757
3758         Get rid of forward exit in GetByVal on Uint32Array
3759         https://bugs.webkit.org/show_bug.cgi?id=125543
3760
3761         Reviewed by Oliver Hunt.
3762
3763         * dfg/DFGSpeculativeJIT.cpp:
3764         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3765         * ftl/FTLLowerDFGToLLVM.cpp:
3766         (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
3767
3768 2013-12-10  Balazs Kilvady  <kilvadyb@homejinni.com>
3769
3770         [MIPS] Redundant instructions in code generated from offlineasm.
3771         https://bugs.webkit.org/show_bug.cgi?id=125528
3772
3773         Reviewed by Michael Saboff.
3774
3775         Optimize lowering of offlineasm BaseIndex Addresses.
3776
3777         * offlineasm/mips.rb:
3778
3779 2013-12-10  Oliver Hunt  <oliver@apple.com>
3780
3781         Reduce the mass templatizing of the JS parser
3782         https://bugs.webkit.org/show_bug.cgi?id=125535
3783
3784         Reviewed by Michael Saboff.
3785
3786         The various caches we have now have removed the need for many of
3787         the template vs. regular parameters.  This patch converts those
3788         template parameters to regular parameters and updates the call
3789         sites.  This reduces the code size of the parser by around 15%.
3790
3791         * parser/ASTBuilder.h:
3792         (JSC::ASTBuilder::createGetterOrSetterProperty):
3793         (JSC::ASTBuilder::createProperty):
3794         * parser/Parser.cpp:
3795         (JSC::::parseInner):
3796         (JSC::::parseSourceElements):
3797         (JSC::::parseVarDeclarationList):
3798         (JSC::::createBindingPattern):
3799         (JSC::::tryParseDeconstructionPatternExpression):
3800         (JSC::::parseDeconstructionPattern):
3801         (JSC::::parseSwitchClauses):
3802         (JSC::::parseSwitchDefaultClause):
3803         (JSC::::parseBlockStatement):
3804         (JSC::::parseFormalParameters):
3805         (JSC::::parseFunctionInfo):
3806         (JSC::::parseFunctionDeclaration):
3807         (JSC::::parseProperty):
3808         (JSC::::parseObjectLiteral):
3809         (JSC::::parseStrictObjectLiteral):
3810         (JSC::::parseMemberExpression):
3811         * parser/Parser.h:
3812         * parser/SyntaxChecker.h:
3813         (JSC::SyntaxChecker::createProperty):
3814         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3815
3816 2013-12-10  Mark Hahnenberg  <mhahnenberg@apple.com>
3817
3818         ASSERT !heap.vm()->isInitializingObject() when finishing DFG compilation at beginning of GC
3819         https://bugs.webkit.org/show_bug.cgi?id=125472
3820
3821         Reviewed by Geoff Garen.
3822
3823         This patch makes it look like it's okay to allocate so that the DFG plan finalization stuff 
3824         can do what it needs to do. We already expected that we might do allocation during plan 
3825         finalization and we increased the deferral depth to handle this, but we need to fix this other 
3826         ASSERT stuff too.
3827
3828         * GNUmakefile.list.am:
3829         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3830         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3831         * JavaScriptCore.xcodeproj/project.pbxproj:
3832         * heap/Heap.cpp:
3833         (JSC::Heap::collect):
3834         * heap/Heap.h:
3835         * heap/RecursiveAllocationScope.h: Added.
3836         (JSC::RecursiveAllocationScope::RecursiveAllocationScope):
3837         (JSC::RecursiveAllocationScope::~RecursiveAllocationScope):
3838         * runtime/VM.h:
3839
3840 2013-12-09  Filip Pizlo  <fpizlo@apple.com>
3841
3842         Impose and enforce some basic rules of sanity for where Phi functions are allowed to occur and where their (optional) corresponding MovHints can be
3843         https://bugs.webkit.org/show_bug.cgi?id=125480
3844
3845         Reviewed by Geoffrey Garen.
3846         
3847         Previously, if you wanted to insert some speculation right after where a value was
3848         produced, you'd get super confused if that value was produced by a Phi node.  You can't
3849         necessarily insert speculations after a Phi node because Phi nodes appear in this
3850         special sequence of Phis and MovHints that establish the OSR exit state for a block.
3851         So, you'd probably want to search for the next place where it's safe to insert things.
3852         We already do this "search for beginning of next bytecode instruction" search by
3853         looking at the next node that has a different CodeOrigin.  But this would be hard for a
3854         Phi because those Phis and MovHints have basically random CodeOrigins and they can all
3855         have different CodeOrigins.
3856
3857         This change imposes some sanity for this situation:
3858
3859         - Phis must have unset CodeOrigins.
3860
3861         - In each basic block, all nodes that have unset CodeOrigins must come before all nodes
3862           that have set CodeOrigins.
3863
3864         This all ends up working out just great because prior to this change we didn't have a 
3865         use for unset CodeOrigins.  I think it's appropriate to make "unset CodeOrigin" mean
3866         that we're in the prologue of a basic block.
3867
3868         It's interesting what this means for block merging, which we don't yet do in SSA.
3869         Consider merging the edge A->B.  One possibility is that the block merger is now
3870         required to clean up Phi/Upsilons, and reascribe the MovHints to have the CodeOrigin of
3871         the A's block terminal.  But an answer that might be better is that the originless
3872         nodes at the top of the B are just given the origin of the terminal and we keep the
3873         Phis.  That would require changing the above rules.  We'll see how it goes, and what we
3874         end up picking...
3875
3876         Overall, this special-things-at-the-top rule is analogous to what other SSA-based
3877         compilers do.  For example, LLVM has rules mandating that Phis appear at the top of a
3878         block.
3879
3880         * bytecode/CodeOrigin.cpp:
3881         (JSC::CodeOrigin::dump):
3882         * dfg/DFGOSRExitBase.h:
3883         (JSC::DFG::OSRExitBase::OSRExitBase):
3884         * dfg/DFGSSAConversionPhase.cpp:
3885         (JSC::DFG::SSAConversionPhase::run):
3886         * dfg/DFGValidate.cpp:
3887         (JSC::DFG::Validate::validate):
3888         (JSC::DFG::Validate::validateSSA):
3889
3890 2013-12-08  Filip Pizlo  <fpizlo@apple.com>
3891
3892         Reveal array bounds checks in DFG IR
3893         https://bugs.webkit.org/show_bug.cgi?id=125253
3894
3895         Reviewed by Oliver Hunt and Mark Hahnenberg.
3896         
3897         In SSA mode, this reveals array bounds checks and the load of array length in DFG IR,
3898         making this a candidate for LICM.
3899
3900         This also fixes a long-standing performance bug where the JSObject slow paths would
3901         always create contiguous storage, rather than type-specialized storage, when doing a
3902         "storage creating" storage, like:
3903         
3904             var o = {};
3905             o[0] = 42;
3906
3907         * CMakeLists.txt:
3908         * GNUmakefile.list.am:
3909         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3910         * JavaScriptCore.xcodeproj/project.pbxproj:
3911         * bytecode/ExitKind.cpp:
3912         (JSC::exitKindToString):
3913         (JSC::exitKindIsCountable):
3914         * bytecode/ExitKind.h:
3915         * dfg/DFGAbstractInterpreterInlines.h:
3916         (JSC::DFG::::executeEffects):
3917         * dfg/DFGArrayMode.cpp:
3918         (JSC::DFG::permitsBoundsCheckLowering):
3919         (JSC::DFG::ArrayMode::permitsBoundsCheckLowering):
3920         * dfg/DFGArrayMode.h:
3921         (JSC::DFG::ArrayMode::lengthNeedsStorage):
3922         * dfg/DFGClobberize.h:
3923         (JSC::DFG::clobberize):
3924         * dfg/DFGConstantFoldingPhase.cpp:
3925         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3926         * dfg/DFGFixupPhase.cpp:
3927         (JSC::DFG::FixupPhase::fixupNode):
3928         * dfg/DFGNodeType.h:
3929         * dfg/DFGPlan.cpp:
3930         (JSC::DFG::Plan::compileInThreadImpl):
3931         * dfg/DFGPredictionPropagationPhase.cpp:
3932         (JSC::DFG::PredictionPropagationPhase::propagate):
3933         * dfg/DFGSSALoweringPhase.cpp: Added.
3934         (JSC::DFG::SSALoweringPhase::SSALoweringPhase):
3935         (JSC::DFG::SSALoweringPhase::run):
3936         (JSC::DFG::SSALoweringPhase::handleNode):
3937         (JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
3938         (JSC::DFG::performSSALowering):
3939         * dfg/DFGSSALoweringPhase.h: Added.
3940         * dfg/DFGSafeToExecute.h:
3941         (JSC::DFG::safeToExecute):
3942         * dfg/DFGSpeculativeJIT.cpp:
3943         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3944         * dfg/DFGSpeculativeJIT32_64.cpp:
3945         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
3946         (JSC::DFG::SpeculativeJIT::compile):
3947         * dfg/DFGSpeculativeJIT64.cpp:
3948         (JSC::DFG::SpeculativeJIT::compile):
3949         * ftl/FTLCapabilities.cpp:
3950         (JSC::FTL::canCompile):
3951         * ftl/FTLLowerDFGToLLVM.cpp:
3952         (JSC::FTL::LowerDFGToLLVM::compileNode):
3953         (JSC::FTL::LowerDFGToLLVM::compileCheckInBounds):
3954         (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
3955         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3956         (JSC::FTL::LowerDFGToLLVM::contiguousPutByValOutOfBounds):
3957         * runtime/JSObject.cpp:
3958         (JSC::JSObject::convertUndecidedForValue):
3959         (JSC::JSObject::createInitialForValueAndSet):
3960         (JSC::JSObject::putByIndexBeyondVectorLength):
3961         (JSC::JSObject::putDirectIndexBeyondVectorLength):
3962         * runtime/JSObject.h:
3963         * tests/stress/float32array-out-of-bounds.js: Added.
3964         (make):
3965         (foo):
3966         (test):
3967         * tests/stress/int32-object-out-of-bounds.js: Added.
3968         (make):
3969         (foo):
3970         (test):
3971         * tests/stress/int32-out-of-bounds.js: Added.
3972         (foo):
3973         (test):
3974
3975 2013-12-09  Sam Weinig  <sam@webkit.org>
3976
3977         Replace use of WTF::FixedArray with std::array
3978         https://bugs.webkit.org/show_bug.cgi?id=125475
3979
3980         Reviewed by Anders Carlsson.
3981
3982         * bytecode/CodeBlockHash.cpp:
3983         (JSC::CodeBlockHash::dump):