126f48289cd2cf9bfa5d0ba6e98c600ea34bbee5
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2
3         -[JSManagedValue value] needs to be protected by the API lock
4         https://bugs.webkit.org/show_bug.cgi?id=128857
5
6         Reviewed by Mark Lam.
7
8         * API/APICast.h:
9         (toRef): Added an ASSERT so that we can detect these sorts of errors earlier. On 32-bit, toRef
10         can allocate objects so we need to be holding the lock.
11         * API/APIShims.h: Removed outdated comments.
12         * API/JSManagedValue.mm: Added RefPtr<JSLock> to JSManagedValue.
13         (-[JSManagedValue initWithValue:]): Initialize the m_lock field.
14         (-[JSManagedValue value]): Lock the JSLock, check the VM*, return nil if invalid, take the APIEntryShim otherwise.
15         * runtime/JSLock.cpp: Bug fix in JSLock. We were assuming that the VM was always non-null in JSLock::lock.
16         (JSC::JSLock::lock):
17
18 2014-02-14  Oliver Hunt  <oliver@apple.com>
19
20         Implement a few more Array prototype functions in JS
21         https://bugs.webkit.org/show_bug.cgi?id=128788
22
23         Reviewed by Gavin Barraclough.
24
25         Remove a pile of awful C++, and rewrite in simple JS.
26
27         Needed to make a few other changes to get fully builtins
28         behavior to more accurately match a host function's.
29
30         * builtins/Array.prototype.js:
31         (every):
32         (forEach):
33         (filter):
34         (map):
35         (some):
36         * builtins/BuiltinExecutables.cpp:
37         (JSC::BuiltinExecutables::BuiltinExecutables):
38         (JSC::BuiltinExecutables::createBuiltinExecutable):
39         * bytecompiler/BytecodeGenerator.cpp:
40         (JSC::BytecodeGenerator::BytecodeGenerator):
41         (JSC::BytecodeGenerator::emitPutByVal):
42         * bytecompiler/BytecodeGenerator.h:
43         (JSC::BytecodeGenerator::emitExpressionInfo):
44         * interpreter/Interpreter.cpp:
45         (JSC::GetStackTraceFunctor::operator()):
46         * parser/Nodes.h:
47         (JSC::FunctionBodyNode::overrideName):
48         * profiler/LegacyProfiler.cpp:
49         (JSC::createCallIdentifierFromFunctionImp):
50         * runtime/ArrayPrototype.cpp:
51         * runtime/JSFunction.cpp:
52         (JSC::JSFunction::deleteProperty):
53         * runtime/JSFunction.h:
54
55 2014-02-14  Mark Hahnenberg  <mhahnenberg@apple.com>
56
57         ASSERT(isValidAllocation(bytes)) when ObjC API creates custom errors
58         https://bugs.webkit.org/show_bug.cgi?id=128840
59
60         Reviewed by Joseph Pecoraro.
61
62         We need to add APIEntryShims around places where we allocate errors in JSC.
63         Also converted some of the createTypeError call sites to use ASCIILiteral.
64
65         * API/JSValue.mm:
66         (valueToArray):
67         (valueToDictionary):
68         * API/ObjCCallbackFunction.mm:
69         (JSC::objCCallbackFunctionCallAsConstructor):
70         (JSC::ObjCCallbackFunctionImpl::call):
71         * API/tests/testapi.mm:
72
73 2014-02-14  Mark Hahnenberg  <mhahnenberg@apple.com>
74
75         Baseline JIT should have a fast path to bypass the write barrier on op_enter
76         https://bugs.webkit.org/show_bug.cgi?id=128832
77
78         Reviewed by Filip Pizlo.
79
80         * jit/JIT.h: Removed some random commented out functions.h
81         * jit/JITOpcodes.cpp:
82         (JSC::JIT::emit_op_enter):
83         * jit/JITPropertyAccess.cpp:
84         (JSC::JIT::emitWriteBarrier):
85
86 2014-02-14  Filip Pizlo  <fpizlo@apple.com>
87
88         Don't optimize variadic closure calls
89         https://bugs.webkit.org/show_bug.cgi?id=128835
90
91         Reviewed by Gavin Barraclough.
92         
93         Read the check that had been in JITStubs.cpp, back in the day. This code came
94         from the DFG and the DFG didn't need these checks.
95
96         * jit/JITOperations.cpp:
97
98 2014-02-14  David Kilzer  <ddkilzer@apple.com>
99
100         [ASan] Disable JSStack::sanitizeStack() to avoid false-positive stack-buffer-overflow errors
101         <http://webkit.org/b/128819>
102
103         Reviewed by Filip Pizlo.
104
105         * interpreter/JSStack.cpp:
106         (JSC::JSStack::sanitizeStack): When building with the clang
107         address sanitizer, don't sanitize the stack since it will
108         trigger false-positive stack-buffer-overflow errors.  Disabling
109         this only results in a performance penalty, not a correctness
110         penalty.
111
112 2014-02-14  Andres Gomez  <agomez@igalia.com>
113
114         Cleaning the JSStaticScopeObject files left behind after renaming their objects to JSNameScope
115         https://bugs.webkit.org/show_bug.cgi?id=127595
116
117         Reviewed by Mario Sanchez Prada.
118
119         JSStaticScopeObject was renamed to JSNameScope and removed long
120         ago but the files were left behind empty and the CMake compilation
121         in need of its existance. Now, we are definitely getting rid of
122         them.
123
124         * CMakeLists.txt:
125         * runtime/JSStaticScopeObject.cpp: Removed.
126         * runtime/JSStaticScopeObject.h: Removed.
127
128 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
129
130         Kill some of the last vestiges of the C++ interpreter's PICs
131         https://bugs.webkit.org/show_bug.cgi?id=128796
132
133         Reviewed by Michael Saboff.
134
135         * bytecode/BytecodeUseDef.h:
136         (JSC::computeUsesForBytecodeOffset):
137         (JSC::computeDefsForBytecodeOffset):
138         * bytecode/CodeBlock.cpp:
139         (JSC::CodeBlock::printGetByIdOp):
140         (JSC::CodeBlock::printGetByIdCacheStatus):
141         (JSC::CodeBlock::dumpBytecode):
142         (JSC::CodeBlock::CodeBlock):
143         * bytecode/GetByIdStatus.cpp:
144         (JSC::GetByIdStatus::computeForStubInfo):
145         * bytecode/Opcode.h:
146         (JSC::padOpcodeName):
147         * bytecode/PolymorphicAccessStructureList.h:
148         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::PolymorphicStubInfo):
149         (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
150         (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
151         (JSC::PolymorphicAccessStructureList::visitWeak):
152         * bytecode/StructureStubInfo.cpp:
153         (JSC::StructureStubInfo::deref):
154         (JSC::StructureStubInfo::visitWeakReferences):
155         * bytecode/StructureStubInfo.h:
156         (JSC::isGetByIdAccess):
157         * jit/JIT.cpp:
158         (JSC::JIT::privateCompileMainPass):
159         * jit/Repatch.cpp:
160         (JSC::getPolymorphicStructureList):
161         (JSC::tryBuildGetByIDList):
162         * llint/LowLevelInterpreter.asm:
163
164 2014-02-13  Mark Lam  <mark.lam@apple.com>
165
166         The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs. Part 2.
167         <https://webkit.org/b/128764>
168
169         Reviewed by Mark Hahnenberg.
170
171         toJS() is the wrong cast function to use. We need to use toJSForGC() instead.
172         Also we need to acquire the JSLock to prevent concurrent accesses to the
173         Strong handle list.
174
175         * API/JSValue.mm:
176         (JSContainerConvertor::add):
177         (containerValueToObject):
178         (ObjcContainerConvertor::add):
179         (objectToValue):
180
181 2014-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
182
183         JSManagedValue::dealloc modifies NSMapTable while iterating it
184         https://bugs.webkit.org/show_bug.cgi?id=128713
185
186         Reviewed by Geoffrey Garen.
187
188         Having to write a test for this revealed a bug in how addManagedReference:withOwner:
189         actually notifies JSManagedValues of new owners.
190
191         * API/JSManagedValue.mm:
192         (-[JSManagedValue dealloc]):
193         * API/JSVirtualMachine.mm:
194         (-[JSVirtualMachine addManagedReference:withOwner:]):
195         (-[JSVirtualMachine removeManagedReference:withOwner:]):
196         * API/tests/testapi.mm:
197         (testObjectiveCAPI):
198
199 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
200
201         Unreviewed, fix build.
202
203         * ftl/FTLLowerDFGToLLVM.cpp:
204         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
205
206 2014-02-13  Ryosuke Niwa  <rniwa@webkit.org>
207
208         Speculative Release build fix after r164077.
209
210         * API/JSValue.mm:
211
212 2014-02-13  Mark Lam  <mark.lam@apple.com>
213
214         The JSContainerConvertor and ObjcContainerConvertor need to protect JSValueRefs.
215         <https://webkit.org/b/128764>
216
217         Reviewed by Mark Hahnenberg.
218
219         Added a vector of Strong<Unknown> references in the 2 containers, and append
220         the newly created JSValues to those vectors. This will keep all those JS objects
221         alive for the duration of the conversion.
222
223         * API/JSValue.mm:
224         (JSContainerConvertor::add):
225         (ObjcContainerConvertor::add):
226
227 2014-02-13  Matthew Mirman  <mmirman@apple.com>
228
229         Added GetMyArgumentsLength to FTL
230         https://bugs.webkit.org/show_bug.cgi?id=128758
231
232         Reviewed by Filip Pizlo.
233
234         * ftl/FTLCapabilities.cpp:
235         (JSC::FTL::canCompile):
236         * ftl/FTLLowerDFGToLLVM.cpp:
237         (JSC::FTL::LowerDFGToLLVM::compileNode):
238         (JSC::FTL::LowerDFGToLLVM::compileGetMyArgumentsLength):
239         * tests/stress/ftl-getmyargumentslength.js: Added.
240         (foo):
241
242 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
243
244         Unreviewed, roll out http://trac.webkit.org/changeset/164066.
245         
246         It broke tests and it was just plain wrong.
247
248         * bytecode/GetByIdStatus.cpp:
249         (JSC::GetByIdStatus::computeFromLLInt):
250         (JSC::GetByIdStatus::computeForStubInfo):
251         * runtime/Structure.h:
252         (JSC::Structure::takesSlowPathInDFGForImpureProperty):
253
254 2014-02-13  Ryuan Choi  <ryuan.choi@samsung.com>
255
256         Unreviewed build fix.
257
258         Fixed typo.
259
260         * dfg/DFGIntegerCheckCombiningPhase.cpp:
261         (JSC::DFG::IntegerCheckCombiningPhase::run):
262
263 2014-02-13  Michael Saboff  <msaboff@apple.com>
264
265         Change FTL stack check to use VM's stackLimit
266         https://bugs.webkit.org/show_bug.cgi?id=128561
267
268         Reviewed by Filip Pizlo.
269
270         Changes FTL function entry to check the call frame register against the FTL
271         specific stack limit (VM::m_ftlStackLimit) and throw an exception if the
272         stack limit has been exceeded.  Updated the exception handling code to have
273         a second entry that will unroll the current frame to the caller, since that
274         is where the exception should be processed.
275
276         * ftl/FTLCompile.cpp:
277         (JSC::FTL::fixFunctionBasedOnStackMaps):
278         * ftl/FTLIntrinsicRepository.h:
279         * ftl/FTLLowerDFGToLLVM.cpp:
280         (JSC::FTL::LowerDFGToLLVM::lower):
281         * ftl/FTLState.h:
282         * runtime/VM.h:
283         (JSC::VM::addressOfFTLStackLimit):
284
285 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
286
287         GetByIdStatus shouldn't call takesSlowPathInDFGForImpureProperty() for self accesses, and calling that method should never assert about anything
288         https://bugs.webkit.org/show_bug.cgi?id=128772
289
290         Reviewed by Mark Hahnenberg.
291
292         * bytecode/GetByIdStatus.cpp:
293         (JSC::GetByIdStatus::computeFromLLInt):
294         (JSC::GetByIdStatus::computeForStubInfo):
295         * runtime/Structure.h:
296         (JSC::Structure::takesSlowPathInDFGForImpureProperty):
297
298 2014-02-13  Mark Hahnenberg  <mhahnenberg@apple.com>
299
300         Add some RELEASE_ASSERTs to catch JSLock bugs earlier
301         https://bugs.webkit.org/show_bug.cgi?id=128762
302
303         Reviewed by Mark Lam.
304
305         * interpreter/Interpreter.cpp:
306         (JSC::Interpreter::execute):
307         * runtime/JSLock.cpp:
308         (JSC::JSLock::DropAllLocks::DropAllLocks):
309
310 2014-02-12  Filip Pizlo  <fpizlo@apple.com>
311
312         Hoist and combine array bounds checks
313         https://bugs.webkit.org/show_bug.cgi?id=125433
314
315         Reviewed by Mark Hahnenberg.
316         
317         This adds a phase for reasoning about overflow checks and array bounds checks. It's
318         block-local, and removes both overflow checks and bounds checks in one go.
319         
320         This also improves reasoning about commutative operations, and CSE between
321         CheckOverflow and Unchecked arithmetic.
322         
323         This strangely uncovered a DFG backend bug where we were trying to extract an int32
324         from a constant even when that constant was just simply a number. I fixed that bug.
325
326         * CMakeLists.txt:
327         * GNUmakefile.list.am:
328         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
329         * JavaScriptCore.xcodeproj/project.pbxproj:
330         * dfg/DFGAbstractInterpreterInlines.h:
331         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
332         * dfg/DFGAbstractValue.cpp:
333         (JSC::DFG::AbstractValue::set):
334         * dfg/DFGArgumentsSimplificationPhase.cpp:
335         (JSC::DFG::ArgumentsSimplificationPhase::run):
336         * dfg/DFGArithMode.h:
337         (JSC::DFG::subsumes):
338         * dfg/DFGByteCodeParser.cpp:
339         (JSC::DFG::ByteCodeParser::handleIntrinsic):
340         * dfg/DFGCSEPhase.cpp:
341         (JSC::DFG::CSEPhase::pureCSE):
342         (JSC::DFG::CSEPhase::int32ToDoubleCSE):
343         (JSC::DFG::CSEPhase::performNodeCSE):
344         * dfg/DFGClobberize.h:
345         (JSC::DFG::clobberize):
346         * dfg/DFGEdge.cpp:
347         (JSC::DFG::Edge::dump):
348         * dfg/DFGEdge.h:
349         (JSC::DFG::Edge::sanitized):
350         (JSC::DFG::Edge::hash):
351         * dfg/DFGFixupPhase.cpp:
352         (JSC::DFG::FixupPhase::fixupNode):
353         * dfg/DFGGraph.h:
354         (JSC::DFG::Graph::valueOfInt32Constant):
355         * dfg/DFGInsertionSet.h:
356         (JSC::DFG::InsertionSet::insertConstant):
357         * dfg/DFGIntegerCheckCombiningPhase.cpp: Added.
358         (JSC::DFG::IntegerCheckCombiningPhase::IntegerCheckCombiningPhase):
359         (JSC::DFG::IntegerCheckCombiningPhase::run):
360         (JSC::DFG::IntegerCheckCombiningPhase::handleBlock):
361         (JSC::DFG::IntegerCheckCombiningPhase::rangeKeyAndAddend):
362         (JSC::DFG::IntegerCheckCombiningPhase::isValid):
363         (JSC::DFG::IntegerCheckCombiningPhase::insertAdd):
364         (JSC::DFG::IntegerCheckCombiningPhase::insertMustAdd):
365         (JSC::DFG::performIntegerCheckCombining):
366         * dfg/DFGIntegerCheckCombiningPhase.h: Added.
367         * dfg/DFGNode.h:
368         (JSC::DFG::Node::willHaveCodeGenOrOSR):
369         * dfg/DFGNodeType.h:
370         * dfg/DFGPlan.cpp:
371         (JSC::DFG::Plan::compileInThreadImpl):
372         * dfg/DFGPredictionPropagationPhase.cpp:
373         (JSC::DFG::PredictionPropagationPhase::propagate):
374         * dfg/DFGSafeToExecute.h:
375         (JSC::DFG::safeToExecute):
376         * dfg/DFGSpeculativeJIT.cpp:
377         (JSC::DFG::SpeculativeJIT::compileAdd):
378         * dfg/DFGSpeculativeJIT32_64.cpp:
379         (JSC::DFG::SpeculativeJIT::compile):
380         * dfg/DFGSpeculativeJIT64.cpp:
381         (JSC::DFG::SpeculativeJIT::compile):
382         * dfg/DFGStrengthReductionPhase.cpp:
383         (JSC::DFG::StrengthReductionPhase::handleNode):
384         (JSC::DFG::StrengthReductionPhase::handleCommutativity):
385         * dfg/DFGTypeCheckHoistingPhase.cpp:
386         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
387         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
388         * ftl/FTLCapabilities.cpp:
389         (JSC::FTL::canCompile):
390         * ftl/FTLLowerDFGToLLVM.cpp:
391         (JSC::FTL::LowerDFGToLLVM::compileNode):
392         * jsc.cpp:
393         (GlobalObject::finishCreation):
394         (functionFalse):
395         * runtime/Identifier.h:
396         * runtime/Intrinsic.h:
397         * runtime/JSObject.h:
398         * tests/stress/get-by-id-untyped.js: Added.
399         (foo):
400         * tests/stress/inverted-additive-subsumption.js: Added.
401         (foo):
402         * tests/stress/redundant-add-overflow-checks.js: Added.
403         (foo):
404         * tests/stress/redundant-array-bounds-checks-addition-skip-first.js: Added.
405         (foo):
406         (arraycmp):
407         * tests/stress/redundant-array-bounds-checks-addition.js: Added.
408         (foo):
409         (arraycmp):
410         * tests/stress/redundant-array-bounds-checks-unchecked-addition.js: Added.
411         (foo):
412         (arraycmp):
413         * tests/stress/redundant-array-bounds-checks.js: Added.
414         (foo):
415         (arraycmp):
416         * tests/stress/tricky-array-bounds-checks.js: Added.
417         (foo):
418         (arraycmp):
419
420 2014-02-13  Filip Pizlo  <fpizlo@apple.com>
421
422         FTL should be OK with __compact_unwind in a data section
423         https://bugs.webkit.org/show_bug.cgi?id=128756
424
425         Reviewed by Mark Hahnenberg.
426
427         * ftl/FTLCompile.cpp:
428         (JSC::FTL::mmAllocateCodeSection):
429         (JSC::FTL::mmAllocateDataSection):
430
431 2014-02-13  Michael Saboff  <msaboff@apple.com>
432
433         CStack Branch: VM::currentReturnThunkPC appears to be unused and should be removed
434         https://bugs.webkit.org/show_bug.cgi?id=127205
435
436         Reviewed by Geoffrey Garen.
437
438         Removed ununsed references to VM::currentReturnThunkPC.
439
440         * jit/ThunkGenerators.cpp:
441         (JSC::arityFixup):
442         * runtime/VM.h:
443
444 2014-02-13  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
445
446         Code cleanup: remove gcc<4.7 guards.
447         https://bugs.webkit.org/show_bug.cgi?id=128729
448
449         Reviewed by Anders Carlsson.
450
451         Remove GCC_VERSION_AT_LEAST guards when it checks for pre-4.7 versions,
452         as WK does not compile with earlier gcc versions.
453
454         * assembler/MIPSAssembler.h:
455         (JSC::MIPSAssembler::cacheFlush):
456         * interpreter/StackVisitor.cpp:
457         (JSC::printif):
458
459 2014-02-12  Mark Lam  <mark.lam@apple.com>
460
461         No need to save reservedZoneSize when dropping the JSLock.
462         <https://webkit.org/b/128719>
463
464         Reviewed by Geoffrey Garen.
465
466         The reservedZoneSize does not change due to the VM being run on a different
467         thread. Hence, there is no need to save and restore its value. Instead of
468         calling updateReservedZoneSize() to update the stack limit, we now call
469         setStackPointerAtVMEntry() to do the job. setStackPointerAtVMEntry()
470         will update the stackPointerAtVMEntry and delegate to updateStackLimit() to
471         update the stack limit based on the new stackPointerAtVMEntry.
472
473         * runtime/ErrorHandlingScope.cpp:
474         (JSC::ErrorHandlingScope::ErrorHandlingScope):
475         (JSC::ErrorHandlingScope::~ErrorHandlingScope):
476         - Previously, we initialize stackPointerAtVMEntry in VMEntryScope. This
477           means that the stackPointerAtVMEntry may not be initialize when we
478           instantiate the ErrorHandlingScope. And so, we needed to initialize the
479           stackPointerAtVMEntry in the ErrorHandlingScope constructor if it's not
480           already initialized.
481
482           Now that we initialize the stackPointerAtVMEntry when we lock the VM JSLock,
483           we are guaranteed that it will be initialized by the time we instantiate
484           the ErrorHandlingScope. Hence, we can change the ErrorHandlingScope code
485           to just assert that the stackPointerAtVMEntry is initialized instead.
486
487         * runtime/InitializeThreading.cpp:
488         (JSC::initializeThreading):
489         - We no longer need to save the reservedZoneSize. Remove the related code.
490
491         * runtime/JSLock.cpp:
492         (JSC::JSLock::lock):
493         - When we grab the JSLock mutex for the first time, there is no reason why
494           the stackPointerAtVMEntry should be initialized. By definition, grabbing
495           the lock for the first time equates to entering the VM for the first time.
496           Hence, we can just assert that stackPointerAtVMEntry is uninitialized,
497           and initialize it unconditionally.
498
499           The only exception to this is if we're locking to regrab the JSLock in
500           grabAllLocks(), but grabAllLocks() will take care of restoring the
501           stackPointerAtVMEntry in that case after lock() returns. stackPointerAtVMEntry
502           should still be 0 when we've just locked the JSLock. So, the above assertion
503           always holds true.
504
505           Note: VM::setStackPointerAtVMEntry() will take care of calling
506           VM::updateStackLimit() based on the new stackPointerAtVMEntry.
507
508         - There is no need to save the reservedZoneSize. The reservedZoneSize is
509           set to Options::reservedZoneSize() when the VM is initialized. Thereafter,
510           the ErrorHandlingScope will change it to Options::errorModeReservedZoneSize()
511           when we're handling an error, and it will restore it afterwards. There is
512           no other reason we should be changing the reservedZoneSize. Hence, we can
513           remove the unnecessary code to save it here.
514
515         (JSC::JSLock::unlock):
516         - Similarly, when the lockCount reaches 0 in unlock(), it is synonymous with
517           exiting the VM. Hence, we should just clear the stackPointerAtVMEntry and
518           update the stackLimit. Exiting the VM should have no effect on the VM
519           reservedZoneSize. Hence, we can remove the unnecessary code to "restore" it.
520
521         (JSC::JSLock::dropAllLocks):
522         - When dropping locks, we do not need to save the reservedZoneSize because
523           the reservedZoneSize should remain the same regardless of which thread
524           we are executing JS on. Hence, we can remove the unnecessary code to save
525           the reservedZoneSize here.
526
527         (JSC::JSLock::grabAllLocks):
528         - When re-grabbing locks, restoring the stackPointerAtVMEntry via
529           VM::setStackPointerAtVMEntry() will take care of updating the stack limit.
530           As explained above, there's no need to save the reservedZoneSize. Hence,
531           there's no need to "restore" it here.
532
533         * runtime/VM.cpp:
534         (JSC::VM::VM):
535         (JSC::VM::setStackPointerAtVMEntry):
536         - Sets the stackPointerAtVMEntry and delegates to updateStackLimit() to update
537           the stack limit based on the new stackPointerAtVMEntry.
538         (JSC::VM::updateStackLimit):
539         * runtime/VM.h:
540         (JSC::VM::stackPointerAtVMEntry):
541         - Renamed stackPointerAtVMEntry to m_stackPointerAtVMEntry and made it private.
542           Added a stackPointerAtVMEntry() function to read the value.
543
544 2014-02-12  Mark Hahnenberg  <mhahnenberg@apple.com>
545
546         DelayedReleaseScope in MarkedAllocator::tryAllocateHelper is wrong
547         https://bugs.webkit.org/show_bug.cgi?id=128641
548
549         Reviewed by Michael Saboff.
550
551         We were improperly handling the case where the DelayedReleaseScope 
552         in tryAllocateHelper would cause us to drop the API lock, allowing 
553         another thread to sneak in and allocate a new block after we had already 
554         concluded that there were no more blocks to allocate out of.
555
556         The fix is to call tryAllocateHelper in a loop until we know for sure 
557         that this did not happen.
558
559         There was also a race condition with the DelayedReleaseScope in addBlock.
560         We would add the block to the MarkedBlock's list, sweep it, and then return,
561         causing us to drop the API lock momentarily. Another thread could then 
562         grab the lock, and allocate out of the new block to the point where the 
563         free list was empty. Then we would return to the original thread, who thinks 
564         it's impossible to not allocate successfully at this point. 
565         Instead we should just let tryAllocate do all the hard work with correctly 
566         sweeping and getting a valid result.
567
568         There was another race condition in didFinishIterating. We would call resumeAllocating,
569         which would create a DelayedReleaseScope. The DelayedReleaseScope would then release 
570         API lock before we set m_isIterating back to false, which would potentially confuse 
571         other threads.
572
573         * heap/MarkedAllocator.cpp:
574         (JSC::MarkedAllocator::tryAllocateHelper):
575         (JSC::MarkedAllocator::tryPopFreeList):
576         (JSC::MarkedAllocator::tryAllocate):
577         (JSC::MarkedAllocator::addBlock):
578         * heap/MarkedAllocator.h:
579
580 2014-02-12  Brian Burg  <bburg@apple.com>
581
582         Web Replay: capture and replay nondeterminism of Date.now() and Math.random()
583         https://bugs.webkit.org/show_bug.cgi?id=128633
584
585         Reviewed by Filip Pizlo.
586
587         Upstream the only two sources of script-visible nondeterminism in JavaScriptCore.
588
589         The random seed for WeakRandom is memoized when the owning JSGlobalObject is
590         constructed. It is deterministically initialized during replay before any
591         scripts execute with the global object.
592
593         The implementations of `Date.now()` and `new Date()` eventually obtain the
594         current time from jsCurrentTime(). When capturing, we save return values of
595         jsCurrentTime() into the recording. When replaying, we use memoized values from
596         the recording instead of obtaining values from the platform-specific currentTime()
597         implementation. No other code calls jsCurrentTime().
598
599         * DerivedSources.make: Add rules to make JSReplayInputs.h from JSInputs.json.
600         * JavaScriptCore.xcodeproj/project.pbxproj:
601         * replay/JSInputs.json: Added. Includes specifications for replay inputs
602         "GetCurrentTime" and "SetRandomSeed". Tests will be added for both input
603         cases once sufficient replay machinery has been added.
604
605         * replay/NondeterministicInput.h: NondeterministicInput should not have
606         been marked 'final'.
607
608         * runtime/DateConstructor.cpp:
609         (JSC::deterministicCurrentTime): Added. Load or store the current time depending
610         on what kind of InputCursor is attached to the JSGlobalObject.
611
612         (JSC::constructDate): Use deterministicCurrentTime().
613         (JSC::dateNow): Use deterministicCurrentTime().
614         * runtime/JSGlobalObject.cpp:
615         (JSC::JSGlobalObject::setInputCursor): When setting a non-empty input cursor,
616         immediately store or load the "SetRandomSeed" input and initialize WeakRandom's
617         random seed with it. The input cursor (and thus random seed) must be set before
618         any scripts are evaluated with this JSGlobalObject.
619
620         * runtime/WeakRandom.h:
621         (JSC::WeakRandom::WeakRandom): Add JSGlobalObject as a friend class.
622         (JSC::WeakRandom::initializeSeed): Extract the seed initialization into a
623         separate method so it can be called outside of the JSGlobalObject constructor.
624
625 2014-02-12  Joseph Pecoraro  <pecoraro@apple.com>
626
627         Web Inspector: Cleanup JavaScriptCore/inspector
628         https://bugs.webkit.org/show_bug.cgi?id=128662
629
630         Reviewed by Timothy Hatcher.
631
632         Now that the code has settled, do a cleanup pass.
633
634         * inspector/ContentSearchUtilities.cpp:
635         * inspector/InspectorValues.cpp:
636         (Inspector::InspectorValue::asObject):
637         (Inspector::InspectorValue::asArray):
638         (Inspector::InspectorValue::parseJSON):
639         (Inspector::InspectorObjectBase::getObject):
640         (Inspector::InspectorObjectBase::getArray):
641         (Inspector::InspectorObjectBase::get):
642         * inspector/ScriptCallStackFactory.cpp:
643         * inspector/ScriptDebugServer.cpp:
644         * inspector/agents/JSGlobalObjectConsoleAgent.h:
645
646 2014-02-12  Ryosuke Niwa  <rniwa@webkit.org>
647
648         Windows build fix attempt after r163960.
649
650         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
651         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
652
653 2014-02-12  Michael Saboff  <msaboff@apple.com>
654
655         Adjust VM::stackLimit based on the size of the largest FTL stack produced
656         https://bugs.webkit.org/show_bug.cgi?id=128562
657
658         Reviewed by Mark Lam.
659
660         Added VM::m_largestFTLStackSize to track the largest stack size of an FTL compiled
661         function. Added VM::m_ftlStackLimit for FTL functions stack limit.  Renamed
662         VM::updateStackLimitWithReservedZoneSize to VM::updateReservedZoneSize.  Renamed
663         VM::setStackLimit to VM::updateStackLimit and changed it to do the updating of the
664         stack limits, including taking into account m_largestFTLStackSize.
665
666         * ftl/FTLJITFinalizer.cpp:
667         (JSC::FTL::JITFinalizer::finalizeFunction):
668         * runtime/ErrorHandlingScope.cpp:
669         (JSC::ErrorHandlingScope::ErrorHandlingScope):
670         (JSC::ErrorHandlingScope::~ErrorHandlingScope):
671         * runtime/JSLock.cpp:
672         (JSC::JSLock::lock):
673         (JSC::JSLock::unlock):
674         (JSC::JSLock::grabAllLocks):
675         * runtime/VM.cpp:
676         (JSC::VM::VM):
677         (JSC::VM::updateReservedZoneSize):
678         (JSC::VM::updateStackLimit):
679         (JSC::VM::updateFTLLargestStackSize):
680         * runtime/VM.h:
681
682 2014-02-11  Oliver Hunt  <oliver@apple.com>
683
684         Make it possible to implement JS builtins in JS
685         https://bugs.webkit.org/show_bug.cgi?id=127887
686
687         Reviewed by Michael Saboff.
688
689         This patch makes it possible to write builtin functions in JS.
690         The bindings, generators, and definitions are all created automatically
691         based on js files in the builtins/ directory.  This patch includes one
692         such case: Array.prototype.js with an implementation of every().
693
694         There's a lot of refactoring to make it possible for CommonIdentifiers
695         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
696         without breaking the offset extractor. The result of this refactoring
697         is that CommonIdentifiers, and a few other miscellaneous headers now
698         need to be included directly as they were formerly captured through other
699         paths.
700
701         In addition this adds a flag to the Lookup table's hashentry to indicate
702         that a static function is actually backed by JS. There is then a lot of
703         logic to thread the special nature of the functon to where it matters.
704         This allows toString(), .caller, etc to mimic the behaviour of a host
705         function.
706
707         Notes on writing builtins:
708          - Each function is compiled independently of the others, and those
709            implementations cannot currently capture all global properties (as
710            that could be potentially unsafe). If a function does capture a
711            global we will deliberately crash.
712          - For those "global" properties that we do want access to, we use
713            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
714            are private names, and behave just like regular properties, only
715            without the risk of adulteration. Again, in the @Object case, we
716            explicitly duplicate the ObjectConstructor reference on the GlobalObject
717            so that we have guaranteed access to the original version of the
718            constructor.
719          - call, apply, eval, and Function are all rejected identifiers, again
720            to prevent anything from accidentally using an adulterated object.
721            Instead @call and @apply are available, and happily they completely
722            drop the neq_ptr instruction as they're defined as always being the
723            original call/apply functions.
724
725         These restrictions are just intended to make it harder to accidentally
726         make changes that are incorrect (for instance calling whatever has been
727         assigned to global.Object, instead of the original constructor function).
728         However, making a mistake like this should result in a purely semantic
729         error as fundamentally these functions are treated as though they were
730         regular JS code in the host global, and have no more privileges than
731         any other JS.
732
733         The initial proof of concept is Array.prototype.every, this shows a 65%
734         performance improvement, and that improvement is significantly hurt by
735         our poor optimisation of op_in.
736
737         As this is such a limited function, we have not yet exported all symbols
738         that we could possibly need, but as we implement more, the likelihood
739         of encountering missing features will reduce.
740
741
742         * API/JSCallbackObjectFunctions.h:
743         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
744         (JSC::JSCallbackObject<Parent>::put):
745         (JSC::JSCallbackObject<Parent>::deleteProperty):
746         (JSC::JSCallbackObject<Parent>::getStaticValue):
747         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
748         (JSC::JSCallbackObject<Parent>::callbackGetter):
749         * CMakeLists.txt:
750         * DerivedSources.make:
751         * GNUmakefile.am:
752         * GNUmakefile.list.am:
753         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
754         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
755         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
756         * JavaScriptCore.vcxproj/copy-files.cmd:
757         * JavaScriptCore.xcodeproj/project.pbxproj:
758         * builtins/Array.prototype.js:
759         (every):
760         * builtins/BuiltinExecutables.cpp: Added.
761         (JSC::BuiltinExecutables::BuiltinExecutables):
762         (JSC::BuiltinExecutables::createBuiltinExecutable):
763         * builtins/BuiltinExecutables.h:
764         (JSC::BuiltinExecutables::create):
765         * builtins/BuiltinNames.h: Added.
766         (JSC::BuiltinNames::BuiltinNames):
767         (JSC::BuiltinNames::getPrivateName):
768         (JSC::BuiltinNames::getPublicName):
769         * bytecode/CodeBlock.cpp:
770         (JSC::CodeBlock::CodeBlock):
771         * bytecode/UnlinkedCodeBlock.cpp:
772         (JSC::generateFunctionCodeBlock):
773         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
774         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
775         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
776         * bytecode/UnlinkedCodeBlock.h:
777         (JSC::ExecutableInfo::ExecutableInfo):
778         (JSC::UnlinkedFunctionExecutable::create):
779         (JSC::UnlinkedFunctionExecutable::toStrictness):
780         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
781         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
782         * bytecompiler/BytecodeGenerator.cpp:
783         (JSC::BytecodeGenerator::BytecodeGenerator):
784         * bytecompiler/BytecodeGenerator.h:
785         (JSC::BytecodeGenerator::isBuiltinFunction):
786         (JSC::BytecodeGenerator::makeFunction):
787         * bytecompiler/NodesCodegen.cpp:
788         (JSC::CallFunctionCallDotNode::emitBytecode):
789         (JSC::ApplyFunctionCallDotNode::emitBytecode):
790         * create_hash_table:
791         * generate-js-builtins: Added.
792         (getCopyright):
793         (getFunctions):
794         (generateCode):
795         (mangleName):
796         (FunctionExecutable):
797         (Identifier):
798         (JSGlobalObject):
799         (SourceCode):
800         (UnlinkedFunctionExecutable):
801         (VM):
802         * interpreter/CachedCall.h:
803         (JSC::CachedCall::CachedCall):
804         * parser/ASTBuilder.h:
805         (JSC::ASTBuilder::makeFunctionCallNode):
806         * parser/Lexer.cpp:
807         (JSC::Lexer<T>::Lexer):
808         (JSC::isSafeBuiltinIdentifier):
809         (JSC::Lexer<LChar>::parseIdentifier):
810         (JSC::Lexer<UChar>::parseIdentifier):
811         (JSC::Lexer<T>::lex):
812         * parser/Lexer.h:
813         (JSC::isSafeIdentifier):
814         (JSC::Lexer<T>::lexExpectIdentifier):
815         * parser/Nodes.cpp:
816         (JSC::ProgramNode::setClosedVariables):
817         * parser/Nodes.h:
818         (JSC::ScopeNode::capturedVariables):
819         (JSC::ScopeNode::setClosedVariables):
820         (JSC::ProgramNode::closedVariables):
821         * parser/Parser.cpp:
822         (JSC::Parser<LexerType>::Parser):
823         (JSC::Parser<LexerType>::parseInner):
824         (JSC::Parser<LexerType>::didFinishParsing):
825         (JSC::Parser<LexerType>::printUnexpectedTokenText):
826         * parser/Parser.h:
827         (JSC::Scope::getUsedVariables):
828         (JSC::Parser::closedVariables):
829         (JSC::parse):
830         * parser/ParserModes.h:
831         * parser/ParserTokens.h:
832         * runtime/ArrayPrototype.cpp:
833         * runtime/CodeCache.cpp:
834         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
835         * runtime/CommonIdentifiers.cpp:
836         (JSC::CommonIdentifiers::CommonIdentifiers):
837         (JSC::CommonIdentifiers::~CommonIdentifiers):
838         (JSC::CommonIdentifiers::getPrivateName):
839         (JSC::CommonIdentifiers::getPublicName):
840         * runtime/CommonIdentifiers.h:
841         (JSC::CommonIdentifiers::builtinNames):
842         * runtime/ExceptionHelpers.cpp:
843         (JSC::createUndefinedVariableError):
844         * runtime/Executable.h:
845         (JSC::EvalExecutable::executableInfo):
846         (JSC::ProgramExecutable::executableInfo):
847         (JSC::FunctionExecutable::isBuiltinFunction):
848         * runtime/FunctionPrototype.cpp:
849         (JSC::functionProtoFuncToString):
850         * runtime/JSActivation.cpp:
851         (JSC::JSActivation::symbolTableGet):
852         (JSC::JSActivation::symbolTablePut):
853         (JSC::JSActivation::symbolTablePutWithAttributes):
854         * runtime/JSFunction.cpp:
855         (JSC::JSFunction::createBuiltinFunction):
856         (JSC::JSFunction::calculatedDisplayName):
857         (JSC::JSFunction::sourceCode):
858         (JSC::JSFunction::isHostOrBuiltinFunction):
859         (JSC::JSFunction::isBuiltinFunction):
860         (JSC::JSFunction::callerGetter):
861         (JSC::JSFunction::getOwnPropertySlot):
862         (JSC::JSFunction::getOwnNonIndexPropertyNames):
863         (JSC::JSFunction::put):
864         (JSC::JSFunction::defineOwnProperty):
865         * runtime/JSFunction.h:
866         * runtime/JSFunctionInlines.h:
867         (JSC::JSFunction::nativeFunction):
868         (JSC::JSFunction::nativeConstructor):
869         (JSC::isHostFunction):
870         * runtime/JSGlobalObject.cpp:
871         (JSC::JSGlobalObject::reset):
872         (JSC::JSGlobalObject::visitChildren):
873         * runtime/JSGlobalObject.h:
874         (JSC::JSGlobalObject::objectConstructor):
875         (JSC::JSGlobalObject::symbolTableHasProperty):
876         * runtime/JSObject.cpp:
877         (JSC::getClassPropertyNames):
878         (JSC::JSObject::reifyStaticFunctionsForDelete):
879         (JSC::JSObject::putDirectBuiltinFunction):
880         * runtime/JSObject.h:
881         * runtime/JSSymbolTableObject.cpp:
882         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
883         * runtime/JSSymbolTableObject.h:
884         (JSC::symbolTableGet):
885         (JSC::symbolTablePut):
886         (JSC::symbolTablePutWithAttributes):
887         * runtime/Lookup.cpp:
888         (JSC::setUpStaticFunctionSlot):
889         * runtime/Lookup.h:
890         (JSC::HashEntry::builtinGenerator):
891         (JSC::HashEntry::propertyGetter):
892         (JSC::HashEntry::propertyPutter):
893         (JSC::HashTable::entry):
894         (JSC::getStaticPropertySlot):
895         (JSC::getStaticValueSlot):
896         (JSC::putEntry):
897         * runtime/NativeErrorConstructor.cpp:
898         (JSC::NativeErrorConstructor::finishCreation):
899         * runtime/NativeErrorConstructor.h:
900         * runtime/PropertySlot.h:
901         * runtime/VM.cpp:
902         (JSC::VM::VM):
903         * runtime/VM.h:
904         (JSC::VM::builtinExecutables):
905
906 2014-02-11  Brent Fulgham  <bfulgham@apple.com>
907
908         Remove some unintended copies in ranged for loops
909         https://bugs.webkit.org/show_bug.cgi?id=128644
910
911         Reviewed by Anders Carlsson.
912
913         * inspector/InjectedScriptHost.cpp:
914         (Inspector::InjectedScriptHost::clearAllWrappers): Avoid creating/destroying
915         a std::pair<> and pointer each loop iteration.
916         * parser/Parser.cpp:
917         (JSC::Parser<LexerType>::Parser): Avoid copying object containing a string
918         each loop iteration.
919
920 2014-02-11  Ryosuke Niwa  <rniwa@webkit.org>
921
922         Debug build fix after r163946.
923
924         * dfg/DFGByteCodeParser.cpp:
925         (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
926
927 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
928
929         Inserting a node with a codeOrigin "like" another node should copy both the codeOrigin and codeOriginForExitTarget
930         https://bugs.webkit.org/show_bug.cgi?id=128635
931
932         Reviewed by Michael Saboff.
933         
934         Originally nodes just had a codeOrigin. But then we started doing code motion, and we
935         needed to separate the codeOrigin that designated where to exit from the codeOrigin
936         that designated everything else. The "everything else" is actually pretty important:
937         it includes profiling, exception handling, and the actual semantics of the node. For
938         example some nodes use the origin's global object in some way.
939         
940         This all sort of worked except for one quirk: the facilities for creating nodes all
941         assumed that there really was only one origin. LICM would work around this by setting
942         the codeOriginForExitTarget manually. But, that means that:
943         
944         - If we did hoist a node twice, then the second time around, we would forget the node's
945           original exit target.
946         
947         - If we did an insertNode() to insert a node before a hoisted node, the inserted node
948           would have the wrong exit target.
949         
950         Most of the time, if we copy the code origin, we actually want to copy both origins.
951         So, this patch introduces the notion of a NodeOrigin which has two CodeOrigins: a
952         forExit code origin that says where to exit, and a semantic code origin for everything
953         else.
954         
955         This also (annoyingly?) means that we are always more explicit about which code origin
956         we refer to. That means that a lot of "node->codeOrigin" expressions had to change to
957         "node->origin.semantic". This was partly a ploy on my part to ensure that this
958         refactoring was complete: to get the code to compile I really had to audit all uses of
959         CodeOrigin. If, in the future, we find that "node->origin.semantic" is too cumbersome
960         then we can reintroduce the Node::codeOrigin field. For now I kinda like it though.
961
962         * GNUmakefile.list.am:
963         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
964         * JavaScriptCore.xcodeproj/project.pbxproj:
965         * dfg/DFGAbstractInterpreterInlines.h:
966         (JSC::DFG::AbstractInterpreter<AbstractStateType>::booleanResult):
967         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
968         * dfg/DFGArgumentsSimplificationPhase.cpp:
969         (JSC::DFG::ArgumentsSimplificationPhase::run):
970         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
971         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
972         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
973         * dfg/DFGArrayMode.cpp:
974         (JSC::DFG::ArrayMode::originalArrayStructure):
975         (JSC::DFG::ArrayMode::alreadyChecked):
976         * dfg/DFGByteCodeParser.cpp:
977         (JSC::DFG::ByteCodeParser::addToGraph):
978         * dfg/DFGCFGSimplificationPhase.cpp:
979         (JSC::DFG::CFGSimplificationPhase::run):
980         (JSC::DFG::CFGSimplificationPhase::convertToJump):
981         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
982         (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
983         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
984         * dfg/DFGCPSRethreadingPhase.cpp:
985         (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
986         (JSC::DFG::CPSRethreadingPhase::addPhi):
987         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
988         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
989         (JSC::DFG::CPSRethreadingPhase::propagatePhis):
990         * dfg/DFGCSEPhase.cpp:
991         (JSC::DFG::CSEPhase::setLocalStoreElimination):
992         * dfg/DFGClobberize.h:
993         (JSC::DFG::clobberize):
994         * dfg/DFGCommonData.cpp:
995         (JSC::DFG::CommonData::notifyCompilingStructureTransition):
996         * dfg/DFGConstantFoldingPhase.cpp:
997         (JSC::DFG::ConstantFoldingPhase::foldConstants):
998         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
999         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
1000         (JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
1001         * dfg/DFGDCEPhase.cpp:
1002         (JSC::DFG::DCEPhase::fixupBlock):
1003         * dfg/DFGDisassembler.cpp:
1004         (JSC::DFG::Disassembler::createDumpList):
1005         * dfg/DFGFixupPhase.cpp:
1006         (JSC::DFG::FixupPhase::fixupNode):
1007         (JSC::DFG::FixupPhase::createToString):
1008         (JSC::DFG::FixupPhase::attemptToForceStringArrayModeByToStringConversion):
1009         (JSC::DFG::FixupPhase::convertStringAddUse):
1010         (JSC::DFG::FixupPhase::fixupToPrimitive):
1011         (JSC::DFG::FixupPhase::fixupToString):
1012         (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
1013         (JSC::DFG::FixupPhase::checkArray):
1014         (JSC::DFG::FixupPhase::blessArrayOperation):
1015         (JSC::DFG::FixupPhase::fixEdge):
1016         (JSC::DFG::FixupPhase::insertStoreBarrier):
1017         (JSC::DFG::FixupPhase::fixIntEdge):
1018         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
1019         (JSC::DFG::FixupPhase::truncateConstantToInt32):
1020         (JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):
1021         (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength):
1022         (JSC::DFG::FixupPhase::convertToGetArrayLength):
1023         (JSC::DFG::FixupPhase::prependGetArrayLength):
1024         (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
1025         (JSC::DFG::FixupPhase::addPhantomsIfNecessary):
1026         * dfg/DFGGraph.cpp:
1027         (JSC::DFG::Graph::dumpCodeOrigin):
1028         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
1029         (JSC::DFG::Graph::dump):
1030         (JSC::DFG::Graph::dumpBlockHeader):
1031         * dfg/DFGGraph.h:
1032         (JSC::DFG::Graph::hasExitSite):
1033         (JSC::DFG::Graph::valueProfileFor):
1034         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1035         * dfg/DFGInvalidationPointInjectionPhase.cpp:
1036         (JSC::DFG::InvalidationPointInjectionPhase::handle):
1037         (JSC::DFG::InvalidationPointInjectionPhase::insertInvalidationCheck):
1038         * dfg/DFGLICMPhase.cpp:
1039         (JSC::DFG::LICMPhase::attemptHoist):
1040         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1041         (JSC::DFG::createPreHeader):
1042         * dfg/DFGNode.h:
1043         (JSC::DFG::Node::Node):
1044         (JSC::DFG::Node::isStronglyProvedConstantIn):
1045         * dfg/DFGNodeOrigin.h: Added.
1046         (JSC::DFG::NodeOrigin::NodeOrigin):
1047         (JSC::DFG::NodeOrigin::isSet):
1048         * dfg/DFGOSREntrypointCreationPhase.cpp:
1049         (JSC::DFG::OSREntrypointCreationPhase::run):
1050         * dfg/DFGResurrectionForValidationPhase.cpp:
1051         (JSC::DFG::ResurrectionForValidationPhase::run):
1052         * dfg/DFGSSAConversionPhase.cpp:
1053         (JSC::DFG::SSAConversionPhase::run):
1054         * dfg/DFGSSALoweringPhase.cpp:
1055         (JSC::DFG::SSALoweringPhase::handleNode):
1056         (JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
1057         * dfg/DFGSpeculativeJIT.cpp:
1058         (JSC::DFG::SpeculativeJIT::compileIn):
1059         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
1060         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1061         (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
1062         * dfg/DFGSpeculativeJIT.h:
1063         (JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
1064         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
1065         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
1066         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
1067         (JSC::DFG::SpeculativeJIT::appendCall):
1068         (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
1069         * dfg/DFGSpeculativeJIT32_64.cpp:
1070         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1071         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1072         (JSC::DFG::SpeculativeJIT::emitCall):
1073         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1074         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1075         (JSC::DFG::SpeculativeJIT::compile):
1076         * dfg/DFGSpeculativeJIT64.cpp:
1077         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1078         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1079         (JSC::DFG::SpeculativeJIT::emitCall):
1080         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1081         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1082         (JSC::DFG::SpeculativeJIT::compile):
1083         * dfg/DFGStrengthReductionPhase.cpp:
1084         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild):
1085         (JSC::DFG::StrengthReductionPhase::prepareToFoldTypedArray):
1086         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1087         (JSC::DFG::TierUpCheckInjectionPhase::run):
1088         * dfg/DFGTypeCheckHoistingPhase.cpp:
1089         (JSC::DFG::TypeCheckHoistingPhase::run):
1090         * dfg/DFGValidate.cpp:
1091         (JSC::DFG::Validate::validateSSA):
1092         * dfg/DFGWatchpointCollectionPhase.cpp:
1093         (JSC::DFG::WatchpointCollectionPhase::handle):
1094         (JSC::DFG::WatchpointCollectionPhase::handleEdge):
1095         (JSC::DFG::WatchpointCollectionPhase::handleMasqueradesAsUndefined):
1096         (JSC::DFG::WatchpointCollectionPhase::globalObject):
1097         * ftl/FTLJSCall.cpp:
1098         (JSC::FTL::JSCall::link):
1099         * ftl/FTLLink.cpp:
1100         (JSC::FTL::link):
1101         * ftl/FTLLowerDFGToLLVM.cpp:
1102         (JSC::FTL::LowerDFGToLLVM::compileNode):
1103         (JSC::FTL::LowerDFGToLLVM::compileToThis):
1104         (JSC::FTL::LowerDFGToLLVM::compilePutById):
1105         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
1106         (JSC::FTL::LowerDFGToLLVM::compileNewArray):
1107         (JSC::FTL::LowerDFGToLLVM::compileNewArrayBuffer):
1108         (JSC::FTL::LowerDFGToLLVM::compileNewArrayWithSize):
1109         (JSC::FTL::LowerDFGToLLVM::compileStringCharAt):
1110         (JSC::FTL::LowerDFGToLLVM::compileGetMyScope):
1111         (JSC::FTL::LowerDFGToLLVM::compileCheckArgumentsNotCreated):
1112         (JSC::FTL::LowerDFGToLLVM::getById):
1113         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1114         (JSC::FTL::LowerDFGToLLVM::speculateStringObjectForStructure):
1115         (JSC::FTL::LowerDFGToLLVM::masqueradesAsUndefinedWatchpointIsStillValid):
1116         (JSC::FTL::LowerDFGToLLVM::callPreflight):
1117
1118 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1119
1120         Fix assertions and incorrect codegen for CompareEq(ObjectOrOther:, Object:)
1121         https://bugs.webkit.org/show_bug.cgi?id=128648
1122
1123         Reviewed by Mark Lam.
1124         
1125         I did CompareEq(Object:, ObjectOrOther:) correctly but the flipped version wrong.
1126         That's what I get for running tests in release mode. It's hard to write a test for
1127         the incorrect codegen; that's kind of why the assertions are there.
1128
1129         * ftl/FTLLowerDFGToLLVM.cpp:
1130         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
1131
1132 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1133
1134         Unreviewed, trivial change to silence FTL assertions
1135
1136         Normally, lowJSValue() should only be used for UntypedUse only. Here we are using it
1137         on ObjectOrOtherUse because we execute the speculation ourselves. The way you're
1138         supposed to do this is by passing ManualOperandSpeculation to tell lowJSValue() not
1139         to assert.
1140
1141         * ftl/FTLLowerDFGToLLVM.cpp:
1142         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1143
1144 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1145
1146         Use LLVM's dead store elimination
1147         https://bugs.webkit.org/show_bug.cgi?id=128638
1148
1149         Reviewed by Mark Hahnenberg.
1150         
1151         DFG's store elimination was being run too soon for comfort on the FTL path. It's
1152         really only sound when run after all other optimizations. Remove it from the FTL
1153         path.
1154         
1155         Enable LLVM store elimination. It's both easier to reason about and more
1156         comprehensive.
1157
1158         * dfg/DFGPlan.cpp:
1159         (JSC::DFG::Plan::compileInThreadImpl):
1160         * ftl/FTLCompile.cpp:
1161         (JSC::FTL::compile):
1162
1163 2014-02-11  Brian Burg  <bburg@apple.com>
1164
1165         Web Replay: upstream replay input code generator and EncodedValue class
1166         https://bugs.webkit.org/show_bug.cgi?id=128215
1167
1168         Reviewed by Joseph Pecoraro.
1169
1170         Add the replay inputs code generator. Most features of the input generator are
1171         exercised by included generator regression tests, which produce useful but
1172         non-compilable test replay inputs.
1173
1174         Add EncodedValue, the main replay input serialization class that encodes and
1175         decodes inputs and their data between C++ types and the JSON-based replay recording
1176         format. EncodedValue uses EncodingTraits specializations for type-specific encoding.
1177         Relative to other WebKit marshalling mechanisms, EncodedValue is key/value based.
1178         EncodedValue uses InspectorValue subclasses as its backing data structure.
1179
1180         Add some missing numerical conversions to InspectorValue.
1181
1182         * JavaScriptCore.xcodeproj/project.pbxproj:
1183         * inspector/InspectorValues.cpp:
1184         (Inspector::InspectorValue::asNumber):
1185         (Inspector::InspectorBasicValue::asNumber):
1186         * inspector/InspectorValues.h:
1187         * replay/EncodedValue.cpp: Added.
1188         (JSC::EncodedValue::asObject):
1189         (JSC::EncodedValue::asArray):
1190         (JSC::ScalarEncodingTraits<bool>::encodeValue):
1191         (JSC::ScalarEncodingTraits<double>::encodeValue):
1192         (JSC::ScalarEncodingTraits<float>::encodeValue):
1193         (JSC::ScalarEncodingTraits<int32_t>::encodeValue):
1194         (JSC::ScalarEncodingTraits<int64_t>::encodeValue):
1195         (JSC::ScalarEncodingTraits<uint32_t>::encodeValue):
1196         (JSC::ScalarEncodingTraits<uint64_t>::encodeValue):
1197         (JSC::long>::encodeValue):
1198         (JSC::EncodedValue::convertTo<bool>):
1199         (JSC::EncodedValue::convertTo<double>):
1200         (JSC::EncodedValue::convertTo<float>):
1201         (JSC::EncodedValue::convertTo<int32_t>):
1202         (JSC::EncodedValue::convertTo<int64_t>):
1203         (JSC::EncodedValue::convertTo<uint32_t>):
1204         (JSC::EncodedValue::convertTo<uint64_t>):
1205         (JSC::long>):
1206         (JSC::EncodedValue::convertTo<String>):
1207         (JSC::EncodedValue::put<EncodedValue>):
1208         (JSC::EncodedValue::append<EncodedValue>):
1209         (JSC::EncodedValue::get<EncodedValue>):
1210         * replay/EncodedValue.h: Added.
1211         (JSC::EncodedValue::EncodedValue):
1212         (JSC::EncodedValue::createObject):
1213         (JSC::EncodedValue::createArray):
1214         (JSC::EncodedValue::createString):
1215         (JSC::EncodedValue::~EncodedValue):
1216         (JSC::ScalarEncodingTraits::decodeValue):
1217         (JSC::EncodingTraits<String>::encodeValue):
1218         (JSC::EncodedValue::put):
1219         (JSC::EncodedValue::append):
1220         (JSC::EncodedValue::get):
1221         * replay/scripts/CodeGeneratorReplayInputs.py: Added.
1222         (ParseException):
1223         (TypecheckException):
1224         (Framework):
1225         (Framework.__init__):
1226         (Framework.setting):
1227         (Framework.fromString):
1228         (Frameworks):
1229         (InputQueue):
1230         (InputQueue.__init__):
1231         (InputQueue.setting):
1232         (InputQueue.fromString):
1233         (InputQueues):
1234         (Input):
1235         (Input.__init__):
1236         (Input.setting):
1237         (InputMember):
1238         (InputMember.__init__):
1239         (InputMember.has_flag):
1240         (TypeMode):
1241         (TypeMode.__init__):
1242         (TypeMode.fromString):
1243         (TypeModes):
1244         (Type):
1245         (Type.__init__):
1246         (Type.__eq__):
1247         (Type.__hash__):
1248         (Type.has_flag):
1249         (Type.is_struct):
1250         (Type.is_enum):
1251         (Type.is_enum_class):
1252         (Type.declaration_kind):
1253         (Type.qualified_prefix):
1254         (Type.qualified_prefix.is):
1255         (Type.type_name):
1256         (Type.storage_type):
1257         (Type.borrow_type):
1258         (Type.argument_type):
1259         (check_properties):
1260         (VectorType):
1261         (VectorType.__init__):
1262         (VectorType.has_flag):
1263         (VectorType.is_struct):
1264         (VectorType.is_enum):
1265         (VectorType.is_enum_class):
1266         (VectorType.qualified_prefix):
1267         (VectorType.type_name):
1268         (VectorType.argument_type):
1269         (InputsModel):
1270         (InputsModel.__init__):
1271         (InputsModel.enum_types):
1272         (InputsModel.get_type_for_member):
1273         (InputsModel.parse_toplevel):
1274         (InputsModel.parse_type_with_framework_name):
1275         (InputsModel.parse_input):
1276         (InputsModel.typecheck):
1277         (InputsModel.typecheck_type):
1278         (InputsModel.typecheck_input):
1279         (InputsModel.typecheck_input_member):
1280         (IncrementalFileWriter):
1281         (IncrementalFileWriter.__init__):
1282         (IncrementalFileWriter.write):
1283         (IncrementalFileWriter.close):
1284         (lcfirst):
1285         (wrap_with_guard):
1286         (Generator):
1287         (Generator.__init__):
1288         (Generator.setting):
1289         (Generator.output_filename):
1290         (Generator.write_output_files):
1291         (Generator.generate_header):
1292         (Generator.generate_implementation):
1293         (Generator.generate_license):
1294         (Generator.generate_includes):
1295         (Generator.generate_includes.declaration):
1296         (Generator.generate_includes.declaration.is):
1297         (Generator.generate_type_forward_declarations):
1298         (Generator.generate_type_forward_declarations.is):
1299         (Generator.generate_class_declaration):
1300         (Generator.generate_input_constructor_declaration):
1301         (Generator.generate_input_destructor_declaration):
1302         (Generator.generate_input_member_getter):
1303         (Generator.generate_input_member_declaration):
1304         (Generator.generate_input_member_tuples):
1305         (Generator.qualified_input_name):
1306         (Generator.generate_input_trait_declaration):
1307         (Generator.generate_enum_trait_declaration):
1308         (Generator.generate_for_each_macro):
1309         (Generator.generate_class_implementation):
1310         (Generator.generate_enum_trait_implementation):
1311         (Generator.generate_enum_trait_implementation.is):
1312         (Generator.generate_input_trait_implementation):
1313         (Generator.generate_input_encode_implementation):
1314         (Generator.generate_input_decode_implementation):
1315         (Generator.generate_constructor_initializer_list):
1316         (Generator.generate_constructor_formals_list):
1317         (Generator.generate_member_borrow_expression):
1318         (Generator.generate_member_move_expression):
1319         (Generator.generate_constructor_arguments_list):
1320         (generate_from_specification):
1321         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Added.
1322         (Templates):
1323         * replay/scripts/tests/expected/JSInputs.json-TestReplayInputs.cpp: Added.
1324         * replay/scripts/tests/expected/JSInputs.json-TestReplayInputs.h: Added.
1325         * replay/scripts/tests/expected/fail-on-c-style-enum-no-storage.json-error: Added.
1326         * replay/scripts/tests/expected/fail-on-duplicate-input-names.json-error: Added.
1327         * replay/scripts/tests/expected/fail-on-duplicate-type-names.json-error: Added.
1328         * replay/scripts/tests/expected/fail-on-enum-type-missing-values.json-error: Added.
1329         * replay/scripts/tests/expected/fail-on-missing-input-member-name.json-error: Added.
1330         * replay/scripts/tests/expected/fail-on-missing-input-name.json-error: Added.
1331         * replay/scripts/tests/expected/fail-on-missing-input-queue.json-error: Added.
1332         * replay/scripts/tests/expected/fail-on-missing-type-mode.json-error: Added.
1333         * replay/scripts/tests/expected/fail-on-missing-type-name.json-error: Added.
1334         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Added.
1335         * replay/scripts/tests/expected/fail-on-no-types.json-error: Added.
1336         * replay/scripts/tests/expected/fail-on-unknown-input-queue.json-error: Added.
1337         * replay/scripts/tests/expected/fail-on-unknown-member-type.json-error: Added.
1338         * replay/scripts/tests/expected/fail-on-unknown-type-mode.json-error: Added.
1339         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp: Added.
1340         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h: Added.
1341         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp: Added.
1342         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h: Added.
1343         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-error: Added.
1344         * replay/scripts/tests/expected/generate-event-loop-shape-types.json-error: Added.
1345         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.cpp: Added.
1346         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h: Added.
1347         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.cpp: Added.
1348         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h: Added.
1349         * replay/scripts/tests/expected/generate-inputs-with-flags.json-error: Added.
1350         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.cpp: Added.
1351         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h: Added.
1352         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json: Added.
1353         * replay/scripts/tests/fail-on-duplicate-input-names.json: Added.
1354         * replay/scripts/tests/fail-on-duplicate-type-names.json: Added.
1355         * replay/scripts/tests/fail-on-enum-type-missing-values.json: Added.
1356         * replay/scripts/tests/fail-on-missing-input-member-name.json: Added.
1357         * replay/scripts/tests/fail-on-missing-input-name.json: Added.
1358         * replay/scripts/tests/fail-on-missing-input-queue.json: Added.
1359         * replay/scripts/tests/fail-on-missing-type-mode.json: Added.
1360         * replay/scripts/tests/fail-on-missing-type-name.json: Added.
1361         * replay/scripts/tests/fail-on-no-inputs.json: Added.
1362         * replay/scripts/tests/fail-on-no-types.json: Added.
1363         * replay/scripts/tests/fail-on-unknown-input-queue.json: Added.
1364         * replay/scripts/tests/fail-on-unknown-member-type.json: Added.
1365         * replay/scripts/tests/fail-on-unknown-type-mode.json: Added.
1366         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json: Added.
1367         * replay/scripts/tests/generate-enum-encoding-helpers.json: Added.
1368         * replay/scripts/tests/generate-event-loop-shape-types.json: Added.
1369         * replay/scripts/tests/generate-input-with-guard.json: Added.
1370         * replay/scripts/tests/generate-input-with-vector-members.json: Added.
1371         * replay/scripts/tests/generate-inputs-with-flags.json: Added.
1372         * replay/scripts/tests/generate-memoized-type-modes.json: Added.
1373
1374 2014-02-11  Joseph Pecoraro  <pecoraro@apple.com>
1375
1376         Add Availability Macros to new JSC APIs
1377         https://bugs.webkit.org/show_bug.cgi?id=128615
1378
1379         Reviewed by Mark Rowe.
1380
1381         * API/JSContext.h:
1382         * API/JSContextRef.h:
1383
1384 2014-02-11  Filip Pizlo  <fpizlo@apple.com>
1385
1386         FTL should support CompareEq(ObjectOrOther:, Object:)
1387         https://bugs.webkit.org/show_bug.cgi?id=127752
1388
1389         Reviewed by Oliver Hunt.
1390         
1391         Also introduce some helpers for reasoning about nullness and truthyness.
1392
1393         * ftl/FTLCapabilities.cpp:
1394         (JSC::FTL::canCompile):
1395         * ftl/FTLLowerDFGToLLVM.cpp:
1396         (JSC::FTL::LowerDFGToLLVM::compileCompareEq):
1397         (JSC::FTL::LowerDFGToLLVM::compareEqObjectOrOtherToObject):
1398         (JSC::FTL::LowerDFGToLLVM::speculateTruthyObject):
1399         (JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
1400         (JSC::FTL::LowerDFGToLLVM::isNotNully):
1401         (JSC::FTL::LowerDFGToLLVM::isNully):
1402         (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther):
1403         * tests/stress/compare-eq-object-or-other-to-object.js: Added.
1404         (foo):
1405         (test):
1406         * tests/stress/compare-eq-object-to-object-or-other.js: Added.
1407         (foo):
1408         (test):
1409
1410 2014-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1411
1412         32-bit LLInt writeBarrierOnGlobalObject is wrong
1413         https://bugs.webkit.org/show_bug.cgi?id=128556
1414
1415         Reviewed by Geoffrey Garen.
1416
1417         * llint/LowLevelInterpreter32_64.asm:
1418         * llint/LowLevelInterpreter64.asm: Also fixed the value check on 64-bit.
1419
1420 2014-02-11  Gabor Rapcsanyi  <rgabor@webkit.org>
1421
1422         LLInt typo error after r139004.
1423         https://bugs.webkit.org/show_bug.cgi?id=128592
1424
1425         Reviewed by Michael Saboff.
1426
1427         * offlineasm/arm.rb: change immediate to register in the condition
1428
1429 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
1430
1431         LICM should gracefully handle unprofiled code
1432         https://bugs.webkit.org/show_bug.cgi?id=127848
1433
1434         Reviewed by Mark Hahnenberg.
1435
1436         * dfg/DFGLICMPhase.cpp:
1437         (JSC::DFG::LICMPhase::run):
1438
1439 2014-02-11  Mark Hahnenberg  <mhahnenberg@apple.com>
1440
1441         Obj-C API: JSExport doesn't work for methods that contain protocols in their type signature
1442         https://bugs.webkit.org/show_bug.cgi?id=128540
1443
1444         Reviewed by Oliver Hunt.
1445
1446         The bug is in parseObjCType in ObjcRuntimeExtras.h. When we see an '@' in the 
1447         type signature of a method, we assume that what follows the '@' is a class name, 
1448         so we call objc_getClass, and if that returns nil then we give up on the method 
1449         and don't export it.
1450
1451         This assumption doesn't work in the case of id<Protocol> because it's the name 
1452         of the protocol that follows the '@', not the name of a class. We should have 
1453         another fallback case for protocol names.
1454
1455         There's another case that also doesn't work, and that's the case of a named class 
1456         with a specified prototype in a method signature (e.g. NSObject<MyProtocol>). 
1457         There the substring of the type signature that represents the class is "NSObject<MyProtocol>", 
1458         which will also cause objc_getClass to return nil.
1459
1460         * API/ObjcRuntimeExtras.h:
1461         (parseObjCType):
1462         * API/tests/DateTests.mm: Also fixed an issue I noticed where we don't use an autorelease pool
1463         for the DateTests.
1464         * API/tests/JSExportTests.h: Added.
1465         * API/tests/JSExportTests.mm: Added.
1466         (-[TruthTeller returnTrue]):
1467         (-[ExportMethodWithIdProtocol methodWithIdProtocol:]):
1468         (-[ExportMethodWithClassProtocol methodWithClassProtocol:]):
1469         (+[JSExportTests exportInstanceMethodWithIdProtocolTest]):
1470         (+[JSExportTests exportInstanceMethodWithClassProtocolTest]):
1471         (runJSExportTests):
1472         * API/tests/testapi.mm:
1473         * JavaScriptCore.xcodeproj/project.pbxproj:
1474
1475 2014-02-10  Michael Saboff  <msaboff@apple.com>
1476
1477         Re-enable ARM Thumb2 disassembler
1478         https://bugs.webkit.org/show_bug.cgi?id=128577
1479
1480         Reviewed by Filip Pizlo.
1481
1482         Changed signature of tryToDisassemble() to match updates.
1483         Fixed typo in disassembler.
1484
1485         * disassembler/ARMv7/ARMv7DOpcode.cpp:
1486         * disassembler/ARMv7Disassembler.cpp:
1487         (JSC::tryToDisassemble):
1488
1489 2014-02-10  Mark Lam  <mark.lam@apple.com>
1490
1491         Removing limitation on JSLock's lockDropDepth.
1492         <https://webkit.org/b/128570>
1493
1494         Reviewed by Geoffrey Garen.
1495
1496         Now that we've switched to using the C stack, we no longer need to limit
1497         the JSLock::lockDropDepth to 2.
1498
1499         For C loop builds which still use the separate JSStack, the JSLock will
1500         enforce ordering for re-grabbing the lock after dropping it. Re-grabbing
1501         must occur in the reverse order of the dropping of the locks.
1502
1503         Ordering is achieved by JSLock::dropAllLocks() stashing away the
1504         JSLock:: m_lockDropDepth in its DropAllLocks instance's m_dropDepth
1505         before unlocking the lock. Subsequently, JSLock::grabAllLocks() will
1506         ensure that JSLocks::m_lockDropDepth equals its DropAllLocks instance's
1507         m_dropDepth before allowing the lock to be re-grabbed. Otherwise, it
1508         will yield execution and retry again later.
1509
1510         Note: because JSLocks::m_lockDropDepth is protected by the JSLock's
1511         mutex, grabAllLocks() will optimistically lock the JSLock before doing
1512         the check on m_lockDropDepth. If the check fails, it will unlock the
1513         JSLock, yield, and then relock it again later before retrying the check.
1514         This ensures that m_lockDropDepth remains under the protection of the
1515         JSLock's mutex.
1516
1517         * runtime/JSLock.cpp:
1518         (JSC::JSLock::dropAllLocks):
1519         (JSC::JSLock::grabAllLocks):
1520         (JSC::JSLock::DropAllLocks::DropAllLocks):
1521         (JSC::JSLock::DropAllLocks::~DropAllLocks):
1522         * runtime/JSLock.h:
1523         (JSC::JSLock::DropAllLocks::setDropDepth):
1524         (JSC::JSLock::DropAllLocks::dropDepth):
1525
1526 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
1527
1528         FTL should support ToThis
1529         https://bugs.webkit.org/show_bug.cgi?id=127751
1530
1531         Reviewed by Oliver Hunt.
1532
1533         * ftl/FTLCapabilities.cpp:
1534         (JSC::FTL::canCompile):
1535         * ftl/FTLIntrinsicRepository.h:
1536         * ftl/FTLLowerDFGToLLVM.cpp:
1537         (JSC::FTL::LowerDFGToLLVM::compileNode):
1538         (JSC::FTL::LowerDFGToLLVM::compileToThis):
1539         * tests/stress/to-this-polymorphic.js: Added.
1540         (foo):
1541
1542 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
1543
1544         Rename Operations.h to JSCInlines.h
1545         https://bugs.webkit.org/show_bug.cgi?id=128543
1546
1547         Rubber stamped by Geoffrey Garen.
1548         
1549         Well, what this actually does is it splits Operations.h into a real Operations.h that
1550         actually contains "operations", and JSCInlines.h, which serves the role of being an
1551         inlines umbrella.
1552         
1553         * API/JSBase.cpp:
1554         * API/JSCTestRunnerUtils.cpp:
1555         * API/JSCallbackConstructor.cpp:
1556         * API/JSCallbackFunction.cpp:
1557         * API/JSCallbackObject.cpp:
1558         * API/JSClassRef.cpp:
1559         * API/JSContext.mm:
1560         * API/JSContextRef.cpp:
1561         * API/JSManagedValue.mm:
1562         * API/JSObjectRef.cpp:
1563         * API/JSScriptRef.cpp:
1564         * API/JSValue.mm:
1565         * API/JSValueRef.cpp:
1566         * API/JSWeakObjectMapRefPrivate.cpp:
1567         * API/JSWrapperMap.mm:
1568         * GNUmakefile.list.am:
1569         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1570         * JavaScriptCore.xcodeproj/project.pbxproj:
1571         * assembler/LinkBuffer.cpp:
1572         * bindings/ScriptFunctionCall.cpp:
1573         * bindings/ScriptObject.cpp:
1574         * bytecode/ArrayAllocationProfile.cpp:
1575         * bytecode/ArrayProfile.cpp:
1576         * bytecode/BytecodeBasicBlock.cpp:
1577         * bytecode/CallLinkInfo.cpp:
1578         * bytecode/CallLinkStatus.cpp:
1579         * bytecode/CodeBlock.cpp:
1580         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
1581         * bytecode/CodeOrigin.cpp:
1582         * bytecode/ExecutionCounter.cpp:
1583         * bytecode/GetByIdStatus.cpp:
1584         * bytecode/LazyOperandValueProfile.cpp:
1585         * bytecode/MethodOfGettingAValueProfile.cpp:
1586         * bytecode/PreciseJumpTargets.cpp:
1587         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1588         * bytecode/PutByIdStatus.cpp:
1589         * bytecode/SamplingTool.cpp:
1590         * bytecode/SpecialPointer.cpp:
1591         * bytecode/SpeculatedType.cpp:
1592         * bytecode/StructureStubClearingWatchpoint.cpp:
1593         * bytecode/UnlinkedCodeBlock.cpp:
1594         * bytecode/ValueRecovery.cpp:
1595         * bytecompiler/BytecodeGenerator.cpp:
1596         * bytecompiler/NodesCodegen.cpp:
1597         * debugger/Debugger.cpp:
1598         * debugger/DebuggerActivation.cpp:
1599         * debugger/DebuggerCallFrame.cpp:
1600         * dfg/DFGAbstractHeap.cpp:
1601         * dfg/DFGAbstractValue.cpp:
1602         * dfg/DFGArgumentsSimplificationPhase.cpp:
1603         * dfg/DFGArithMode.cpp:
1604         * dfg/DFGArrayMode.cpp:
1605         * dfg/DFGAtTailAbstractState.cpp:
1606         * dfg/DFGAvailability.cpp:
1607         * dfg/DFGBackwardsPropagationPhase.cpp:
1608         * dfg/DFGBasicBlock.cpp:
1609         * dfg/DFGBinarySwitch.cpp:
1610         * dfg/DFGBlockInsertionSet.cpp:
1611         * dfg/DFGByteCodeParser.cpp:
1612         * dfg/DFGCFAPhase.cpp:
1613         * dfg/DFGCFGSimplificationPhase.cpp:
1614         * dfg/DFGCPSRethreadingPhase.cpp:
1615         * dfg/DFGCSEPhase.cpp:
1616         * dfg/DFGCapabilities.cpp:
1617         * dfg/DFGClobberSet.cpp:
1618         * dfg/DFGClobberize.cpp:
1619         * dfg/DFGCommon.cpp:
1620         * dfg/DFGCommonData.cpp:
1621         * dfg/DFGCompilationKey.cpp:
1622         * dfg/DFGCompilationMode.cpp:
1623         * dfg/DFGConstantFoldingPhase.cpp:
1624         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
1625         * dfg/DFGDCEPhase.cpp:
1626         * dfg/DFGDesiredIdentifiers.cpp:
1627         * dfg/DFGDesiredStructureChains.cpp:
1628         * dfg/DFGDesiredTransitions.cpp:
1629         * dfg/DFGDesiredWatchpoints.cpp:
1630         * dfg/DFGDesiredWeakReferences.cpp:
1631         * dfg/DFGDesiredWriteBarriers.cpp:
1632         * dfg/DFGDisassembler.cpp:
1633         * dfg/DFGDominators.cpp:
1634         * dfg/DFGDriver.cpp:
1635         * dfg/DFGEdge.cpp:
1636         * dfg/DFGFailedFinalizer.cpp:
1637         * dfg/DFGFinalizer.cpp:
1638         * dfg/DFGFixupPhase.cpp:
1639         * dfg/DFGFlushFormat.cpp:
1640         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
1641         * dfg/DFGFlushedAt.cpp:
1642         * dfg/DFGGraph.cpp:
1643         * dfg/DFGGraphSafepoint.cpp:
1644         * dfg/DFGInPlaceAbstractState.cpp:
1645         * dfg/DFGInvalidationPointInjectionPhase.cpp:
1646         * dfg/DFGJITCode.cpp:
1647         * dfg/DFGJITCompiler.cpp:
1648         * dfg/DFGJITFinalizer.cpp:
1649         * dfg/DFGJumpReplacement.cpp:
1650         * dfg/DFGLICMPhase.cpp:
1651         * dfg/DFGLazyJSValue.cpp:
1652         * dfg/DFGLivenessAnalysisPhase.cpp:
1653         * dfg/DFGLongLivedState.cpp:
1654         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
1655         * dfg/DFGMinifiedNode.cpp:
1656         * dfg/DFGNaturalLoops.cpp:
1657         * dfg/DFGNode.cpp:
1658         * dfg/DFGNodeFlags.cpp:
1659         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
1660         * dfg/DFGOSREntry.cpp:
1661         * dfg/DFGOSREntrypointCreationPhase.cpp:
1662         * dfg/DFGOSRExit.cpp:
1663         * dfg/DFGOSRExitBase.cpp:
1664         * dfg/DFGOSRExitCompiler.cpp:
1665         * dfg/DFGOSRExitCompiler32_64.cpp:
1666         * dfg/DFGOSRExitCompiler64.cpp:
1667         * dfg/DFGOSRExitCompilerCommon.cpp:
1668         * dfg/DFGOSRExitJumpPlaceholder.cpp:
1669         * dfg/DFGOSRExitPreparation.cpp:
1670         * dfg/DFGOperations.cpp:
1671         * dfg/DFGPhase.cpp:
1672         * dfg/DFGPlan.cpp:
1673         * dfg/DFGPredictionInjectionPhase.cpp:
1674         * dfg/DFGPredictionPropagationPhase.cpp:
1675         * dfg/DFGResurrectionForValidationPhase.cpp:
1676         * dfg/DFGSSAConversionPhase.cpp:
1677         * dfg/DFGSSALoweringPhase.cpp:
1678         * dfg/DFGSafepoint.cpp:
1679         * dfg/DFGSpeculativeJIT.cpp:
1680         * dfg/DFGSpeculativeJIT32_64.cpp:
1681         * dfg/DFGSpeculativeJIT64.cpp:
1682         * dfg/DFGStackLayoutPhase.cpp:
1683         * dfg/DFGStoreBarrierElisionPhase.cpp:
1684         * dfg/DFGStrengthReductionPhase.cpp:
1685         * dfg/DFGThreadData.cpp:
1686         * dfg/DFGThunks.cpp:
1687         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1688         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
1689         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
1690         * dfg/DFGTypeCheckHoistingPhase.cpp:
1691         * dfg/DFGUnificationPhase.cpp:
1692         * dfg/DFGUseKind.cpp:
1693         * dfg/DFGValidate.cpp:
1694         * dfg/DFGValueSource.cpp:
1695         * dfg/DFGVariableAccessDataDump.cpp:
1696         * dfg/DFGVariableEvent.cpp:
1697         * dfg/DFGVariableEventStream.cpp:
1698         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
1699         * dfg/DFGWatchpointCollectionPhase.cpp:
1700         * dfg/DFGWorklist.cpp:
1701         * ftl/FTLAbstractHeap.cpp:
1702         * ftl/FTLAbstractHeapRepository.cpp:
1703         * ftl/FTLExitValue.cpp:
1704         * ftl/FTLLink.cpp:
1705         * ftl/FTLLowerDFGToLLVM.cpp:
1706         * ftl/FTLOSREntry.cpp:
1707         * ftl/FTLOSRExit.cpp:
1708         * ftl/FTLOSRExitCompiler.cpp:
1709         * ftl/FTLSlowPathCall.cpp:
1710         * heap/BlockAllocator.cpp:
1711         * heap/CodeBlockSet.cpp:
1712         * heap/ConservativeRoots.cpp:
1713         * heap/CopiedSpace.cpp:
1714         * heap/CopyVisitor.cpp:
1715         * heap/DeferGC.cpp:
1716         * heap/GCThread.cpp:
1717         * heap/GCThreadSharedData.cpp:
1718         * heap/HandleSet.cpp:
1719         * heap/HandleStack.cpp:
1720         * heap/Heap.cpp:
1721         * heap/HeapStatistics.cpp:
1722         * heap/HeapTimer.cpp:
1723         * heap/IncrementalSweeper.cpp:
1724         * heap/JITStubRoutineSet.cpp:
1725         * heap/MachineStackMarker.cpp:
1726         * heap/MarkStack.cpp:
1727         * heap/MarkedAllocator.cpp:
1728         * heap/MarkedBlock.cpp:
1729         * heap/MarkedSpace.cpp:
1730         * heap/SlotVisitor.cpp:
1731         * heap/SuperRegion.cpp:
1732         * heap/Weak.cpp:
1733         * heap/WeakBlock.cpp:
1734         * heap/WeakHandleOwner.cpp:
1735         * heap/WeakSet.cpp:
1736         * heap/WriteBarrierBuffer.cpp:
1737         * heap/WriteBarrierSupport.cpp:
1738         * inspector/InjectedScript.cpp:
1739         * inspector/InjectedScriptBase.cpp:
1740         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1741         * inspector/JSInjectedScriptHost.cpp:
1742         * inspector/ScriptArguments.cpp:
1743         * inspector/ScriptCallStackFactory.cpp:
1744         * interpreter/AbstractPC.cpp:
1745         * interpreter/CallFrame.cpp:
1746         * interpreter/Interpreter.cpp:
1747         * interpreter/JSStack.cpp:
1748         * interpreter/ProtoCallFrame.cpp:
1749         * interpreter/StackVisitor.cpp:
1750         * interpreter/VMInspector.cpp:
1751         * jit/ArityCheckFailReturnThunks.cpp:
1752         * jit/AssemblyHelpers.cpp:
1753         * jit/ClosureCallStubRoutine.cpp:
1754         * jit/ExecutableAllocator.cpp:
1755         * jit/ExecutableAllocatorFixedVMPool.cpp:
1756         * jit/GCAwareJITStubRoutine.cpp:
1757         * jit/HostCallReturnValue.cpp:
1758         * jit/JIT.cpp:
1759         * jit/JITArithmetic.cpp:
1760         * jit/JITArithmetic32_64.cpp:
1761         * jit/JITCall.cpp:
1762         * jit/JITCall32_64.cpp:
1763         * jit/JITCode.cpp:
1764         * jit/JITDisassembler.cpp:
1765         * jit/JITExceptions.cpp:
1766         * jit/JITInlineCacheGenerator.cpp:
1767         * jit/JITInlines.h:
1768         * jit/JITOperations.cpp:
1769         * jit/JITOperationsMSVC64.cpp:
1770         * jit/JITStubRoutine.cpp:
1771         * jit/JITStubs.cpp:
1772         * jit/JITThunks.cpp:
1773         * jit/JITToDFGDeferredCompilationCallback.cpp:
1774         * jit/RegisterPreservationWrapperGenerator.cpp:
1775         * jit/RegisterSet.cpp:
1776         * jit/Repatch.cpp:
1777         * jit/TempRegisterSet.cpp:
1778         * jit/ThunkGenerators.cpp:
1779         * jsc.cpp:
1780         * llint/LLIntExceptions.cpp:
1781         * llint/LLIntSlowPaths.cpp:
1782         * llint/LowLevelInterpreter.cpp:
1783         * parser/Lexer.cpp:
1784         * parser/Nodes.cpp:
1785         * parser/Parser.cpp:
1786         * parser/ParserArena.cpp:
1787         * parser/SourceCode.cpp:
1788         * parser/SourceProvider.cpp:
1789         * parser/SourceProviderCache.cpp:
1790         * profiler/LegacyProfiler.cpp:
1791         * profiler/ProfileGenerator.cpp:
1792         * profiler/ProfilerBytecode.cpp:
1793         * profiler/ProfilerBytecodeSequence.cpp:
1794         * profiler/ProfilerBytecodes.cpp:
1795         * profiler/ProfilerCompilation.cpp:
1796         * profiler/ProfilerCompiledBytecode.cpp:
1797         * profiler/ProfilerDatabase.cpp:
1798         * profiler/ProfilerOSRExit.cpp:
1799         * profiler/ProfilerOSRExitSite.cpp:
1800         * profiler/ProfilerOrigin.cpp:
1801         * profiler/ProfilerOriginStack.cpp:
1802         * profiler/ProfilerProfiledBytecodes.cpp:
1803         * runtime/ArgList.cpp:
1804         * runtime/Arguments.cpp:
1805         * runtime/ArgumentsIteratorPrototype.cpp:
1806         * runtime/ArrayBuffer.cpp:
1807         * runtime/ArrayBufferNeuteringWatchpoint.cpp:
1808         * runtime/ArrayConstructor.cpp:
1809         * runtime/ArrayPrototype.cpp:
1810         * runtime/BooleanConstructor.cpp:
1811         * runtime/BooleanObject.cpp:
1812         * runtime/BooleanPrototype.cpp:
1813         * runtime/CallData.cpp:
1814         * runtime/CodeCache.cpp:
1815         * runtime/CommonSlowPaths.cpp:
1816         * runtime/CommonSlowPathsExceptions.cpp:
1817         * runtime/Completion.cpp:
1818         * runtime/ConstructData.cpp:
1819         * runtime/DateConstructor.cpp:
1820         * runtime/DateInstance.cpp:
1821         * runtime/DatePrototype.cpp:
1822         * runtime/Error.cpp:
1823         * runtime/ErrorConstructor.cpp:
1824         * runtime/ErrorInstance.cpp:
1825         * runtime/ErrorPrototype.cpp:
1826         * runtime/ExceptionHelpers.cpp:
1827         * runtime/Executable.cpp:
1828         * runtime/FunctionConstructor.cpp:
1829         * runtime/FunctionPrototype.cpp:
1830         * runtime/GetterSetter.cpp:
1831         * runtime/Identifier.cpp:
1832         * runtime/IntendedStructureChain.cpp:
1833         * runtime/InternalFunction.cpp:
1834         * runtime/JSActivation.cpp:
1835         * runtime/JSArgumentsIterator.cpp:
1836         * runtime/JSArray.cpp:
1837         * runtime/JSArrayBuffer.cpp:
1838         * runtime/JSArrayBufferConstructor.cpp:
1839         * runtime/JSArrayBufferPrototype.cpp:
1840         * runtime/JSArrayBufferView.cpp:
1841         * runtime/JSBoundFunction.cpp:
1842         * runtime/JSCInlines.h: Copied from Source/JavaScriptCore/runtime/Operations.h.
1843         * runtime/JSCell.cpp:
1844         * runtime/JSDataView.cpp:
1845         * runtime/JSDataViewPrototype.cpp:
1846         * runtime/JSDateMath.cpp:
1847         * runtime/JSFunction.cpp:
1848         * runtime/JSGlobalObject.cpp:
1849         * runtime/JSGlobalObjectFunctions.cpp:
1850         * runtime/JSLock.cpp:
1851         * runtime/JSNameScope.cpp:
1852         * runtime/JSNotAnObject.cpp:
1853         * runtime/JSONObject.cpp:
1854         * runtime/JSObject.cpp:
1855         * runtime/JSPropertyNameIterator.cpp:
1856         * runtime/JSPropertyNameIterator.h:
1857         * runtime/JSProxy.cpp:
1858         * runtime/JSScope.cpp:
1859         * runtime/JSSegmentedVariableObject.cpp:
1860         * runtime/JSString.cpp:
1861         * runtime/JSStringJoiner.cpp:
1862         * runtime/JSSymbolTableObject.cpp:
1863         * runtime/JSTypedArrayConstructors.cpp:
1864         * runtime/JSTypedArrayPrototypes.cpp:
1865         * runtime/JSTypedArrays.cpp:
1866         * runtime/JSVariableObject.cpp:
1867         * runtime/JSWithScope.cpp:
1868         * runtime/JSWrapperObject.cpp:
1869         * runtime/LiteralParser.cpp:
1870         * runtime/Lookup.cpp:
1871         * runtime/MathObject.cpp:
1872         * runtime/NameConstructor.cpp:
1873         * runtime/NameInstance.cpp:
1874         * runtime/NamePrototype.cpp:
1875         * runtime/NativeErrorConstructor.cpp:
1876         * runtime/NativeErrorPrototype.cpp:
1877         * runtime/NumberConstructor.cpp:
1878         * runtime/NumberObject.cpp:
1879         * runtime/NumberPrototype.cpp:
1880         * runtime/ObjectConstructor.cpp:
1881         * runtime/ObjectPrototype.cpp:
1882         * runtime/Operations.cpp:
1883         * runtime/Operations.h:
1884         * runtime/PropertyDescriptor.cpp:
1885         * runtime/PrototypeMap.cpp:
1886         * runtime/RegExp.cpp:
1887         * runtime/RegExpCache.cpp:
1888         * runtime/RegExpCachedResult.cpp:
1889         * runtime/RegExpConstructor.cpp:
1890         * runtime/RegExpMatchesArray.cpp:
1891         * runtime/RegExpObject.cpp:
1892         * runtime/RegExpPrototype.cpp:
1893         * runtime/SimpleTypedArrayController.cpp:
1894         * runtime/SmallStrings.cpp:
1895         * runtime/SparseArrayValueMap.cpp:
1896         * runtime/StrictEvalActivation.cpp:
1897         * runtime/StringConstructor.cpp:
1898         * runtime/StringObject.cpp:
1899         * runtime/StringPrototype.cpp:
1900         * runtime/StringRecursionChecker.cpp:
1901         * runtime/Structure.cpp:
1902         * runtime/StructureChain.cpp:
1903         * runtime/StructureRareData.cpp:
1904         * runtime/SymbolTable.cpp:
1905         * runtime/TestRunnerUtils.cpp:
1906         * runtime/VM.cpp:
1907         * testRegExp.cpp:
1908
1909 2014-02-10  Matthew Mirman  <mmirman@apple.com>
1910
1911         Removes the inline assert from SpeculativeJIT's ReallocatePropertyStorage
1912         https://bugs.webkit.org/show_bug.cgi?id=128566
1913
1914         Reviewed by Filip Pizlo.
1915
1916         * dfg/DFGSpeculativeJIT.cpp:
1917         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
1918
1919 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
1920
1921         Rename getRecordMap to computeRecordMap.
1922
1923         Rubber stamped by Michael Saboff.
1924         
1925         "get" is such a weird prefix. It implies a getter. We don't prefix our getters with
1926         anything in WebKit. Also, this isn't a getter. It actually does work to transform
1927         the stackmaps into a hashmap. So, computeRecordMap is a much better name.
1928
1929         * ftl/FTLCompile.cpp:
1930         (JSC::FTL::compile):
1931         * ftl/FTLJITFinalizer.cpp:
1932         (JSC::FTL::JITFinalizer::finalizeFunction):
1933         * ftl/FTLStackMaps.cpp:
1934         (JSC::FTL::StackMaps::computeRecordMap):
1935         * ftl/FTLStackMaps.h:
1936
1937 2014-02-10  Matthew Mirman  <mmirman@apple.com>
1938
1939         ReallocatePropertyStorage in FTL
1940         https://bugs.webkit.org/show_bug.cgi?id=128352
1941
1942         Reviewed by Filip Pizlo.
1943
1944         * ftl/FTLCapabilities.cpp:
1945         (JSC::FTL::canCompile):
1946         * ftl/FTLIntrinsicRepository.h:
1947         * ftl/FTLLowerDFGToLLVM.cpp:
1948         (JSC::FTL::LowerDFGToLLVM::compileNode):
1949         (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
1950         * tests/stress/ftl-reallocatepropertystorage.js: Added.
1951         (foo):
1952
1953 2014-02-10  Michael Saboff  <msaboff@apple.com>
1954
1955         Fail FTL compilation if the required stack is too big
1956         https://bugs.webkit.org/show_bug.cgi?id=128560
1957
1958         Reviewed by Filip Pizlo.
1959
1960         Added StackSize struct to FTLStackMaps and populated it.  Added and updated
1961         related dump functions.  Use the stack size found at the end of the compilation
1962         to compare against the value of a new option, llvmMaxStackSize.  We fail the
1963         compile if the function's stack size is greater than llvmMaxStackSize.
1964
1965         * dfg/DFGPlan.cpp:
1966         (JSC::DFG::Plan::compileInThreadImpl):
1967         * ftl/FTLStackMaps.cpp:
1968         (JSC::FTL::StackMaps::StackSize::parse):
1969         (JSC::FTL::StackMaps::StackSize::dump):
1970         (JSC::FTL::StackMaps::parse):
1971         (JSC::FTL::StackMaps::dump):
1972         (JSC::FTL::StackMaps::dumpMultiline):
1973         (JSC::FTL::StackMaps::getStackSize):
1974         * ftl/FTLStackMaps.h:
1975         * runtime/Options.h:
1976
1977 2014-02-10  Mark Lam  <mark.lam@apple.com>
1978
1979         Change JSLock::dropAllLocks() and friends to use lock() and unlock().
1980         <https://webkit.org/b/128451>
1981
1982         Reviewed by Geoffrey Garen.
1983
1984         Currently, JSLock's dropAllLocks(), dropAllLocksUnconditionally(), and
1985         grabAllLocks() implement locking / unlocking by duplicating the code from
1986         lock() and unlock(). Instead, they should just call lock() and unlock().
1987
1988         * runtime/JSLock.cpp:
1989         (JSC::JSLock::lock):
1990         (JSC::JSLock::unlock):
1991         - Modified lock() and unlock() into a version that takes an entry count
1992           to lock / unlock. The previous lock() and unlock() now calls these
1993           new versions with an entry count of 1.
1994
1995         (JSC::JSLock::dropAllLocks):
1996         (JSC::JSLock::dropAllLocksUnconditionally):
1997         (JSC::JSLock::grabAllLocks):
1998         - Delegate to unlock() and lock() instead of duplicating the lock / unlock
1999           code.
2000         - There a some differences with calling lock() instead of duplicating its
2001           code in grabAllLock() i.e. lock() does the following additional work:
2002
2003           1. lock() does a re-entry check that is not needed by grabAllLocks().
2004              However, this is effectively a no-op since we never own the JSLock
2005              before calling grabAllLocks().
2006
2007           2. set VM stackPointerAtVMEntry.
2008           3. update VM stackLimit and reservedZoneSize.
2009           4. set VM lastStackTop.
2010              These 3 steps are just busy work which are also effective no-ops
2011              because immediately after lock() returns, grabAllLocks() will write
2012              over those values with their saved versions in the threadData.
2013
2014         * runtime/JSLock.h:
2015
2016 2014-02-10  Anders Carlsson  <andersca@apple.com>
2017
2018         Try to fix the Windows build.
2019
2020         * heap/UnconditionalFinalizer.h:
2021         * runtime/SymbolTable.h:
2022
2023 2014-02-10  Andreas Kling  <akling@apple.com>
2024
2025         Make the Identifier::add() family return PassRef<StringImpl>.
2026         <https://webkit.org/b/128542>
2027
2028         This knocks one branch off of creating an Identifier from another
2029         string source.
2030
2031         Reviewed by Oliver Hunt.
2032
2033         * runtime/Identifier.cpp:
2034         (JSC::Identifier::add):
2035         (JSC::Identifier::add8):
2036         (JSC::Identifier::addSlowCase):
2037         * runtime/Identifier.h:
2038         (JSC::Identifier::add):
2039         * runtime/Lookup.cpp:
2040         (JSC::HashTable::createTable):
2041
2042 2014-02-09  Mark Lam  <mark.lam@apple.com>
2043
2044         Remove unnecessary spinLock in JSLock.
2045         <https://webkit.org/b/128450>
2046
2047         Reviewed by Filip Pizlo.
2048
2049         The JSLock's mutex already provides protection for write access to
2050         JSLock's internal state. The only JSLock state that needs to be read
2051         from any thread including threads that don't own the JSLock is
2052         m_ownerThread, which is used in currentThreadIsHoldingLock() to do an
2053         ownership test on the lock.
2054
2055         It is safe for other threads to read from m_ownerThread because they
2056         only need to know whether its value matches their own thread id
2057         (provided by WTF::currentThread()).
2058
2059         Here are the scenarios for how the ownership test can go:
2060
2061         1. The JSLock has just been initialized and is not owned by any thread.
2062
2063            In this case, m_ownerThread will be 0 and will not match any thread's
2064            thread id. The checking thread will know that it needs to lock the
2065            JSLock before using the VM.
2066
2067         2. The JSLock was previously locked, but now is unlocked.
2068
2069            When we unlock it in JSLock::unlock(), the owner thread clears
2070            m_ownerThread to 0. Hence, this case is the same as (1) above.
2071
2072         3. The JSLock is locked by Thread A. Thread B is checking ownership.
2073
2074            In this case, m_ownerThread will contains the Thread A's thread id.
2075            Thread B will see that the thread id does not match its own and will
2076            proceed to block on the JSLock's mutex to wait for its turn to use
2077            the VM.
2078
2079            With Weak Memory Ordering architectures, Thread A's thread id may
2080            not get written out to memory before Thread B inspects m_ownerThread.
2081            However, though Thread B may not see Thread A's thread id in
2082            m_ownerThread, it will see 0 which is the last value written to it
2083            before the JSLock mutex was unlocked. The mutex unlock would have
2084            executed a memory fence which would have flushed the 0 to
2085            m_ownerThread in memory. Hence, Thread B will know that it does not
2086            own the lock.
2087
2088         Apart from removing the unneeded spin lock code, I also changed the
2089         JSLock code to use currentThreadIsHoldingLock() and setOwnerThread()
2090         instead of accessing m_ownerThread directly.
2091
2092         * runtime/JSLock.cpp:
2093         (JSC::JSLock::JSLock):
2094
2095         (JSC::JSLock::lock):
2096         - Removed spinLock but left the indentation as is to keep the diff to a
2097           minimum for better readability. Will unindent in a subsequent patch.
2098
2099         (JSC::JSLock::unlock):
2100         - Before unlocking the mutex, clear m_ownerThread to indicate that the
2101           lock is no longer owned.
2102
2103         (JSC::JSLock::currentThreadIsHoldingLock):
2104         - Removed the check of m_lockCount for determining ownership. Checking
2105           m_ownerThread is sufficient.
2106
2107         (JSC::JSLock::dropAllLocks):
2108         (JSC::JSLock::dropAllLocksUnconditionally):
2109         - Renamed local locksToDrop to the better name droppedLockCount.
2110         - Clear m_ownerThread since we're unlocking the JSLock.
2111
2112         (JSC::JSLock::grabAllLocks):
2113         - Removed unneeded lock ownership test for lock re-entry case because
2114           grabAllLocks() is never used to re-enter a locked JSLock.
2115
2116         (JSC::JSLock::DropAllLocks::DropAllLocks):
2117         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2118
2119         * runtime/JSLock.h:
2120         (JSC::JSLock::setOwnerThread):
2121
2122 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2123
2124         Unreviewed, roll out http://trac.webkit.org/changeset/163796
2125
2126         The change was not justified in any way and it has a net negative effect on the code.
2127
2128         * dfg/DFGAbstractInterpreter.h:
2129         * dfg/DFGAbstractValue.h:
2130         * dfg/DFGAdjacencyList.h:
2131         * dfg/DFGArgumentPosition.h:
2132         * dfg/DFGArgumentsSimplificationPhase.cpp:
2133         * dfg/DFGArrayMode.cpp:
2134         * dfg/DFGArrayifySlowPathGenerator.h:
2135         * dfg/DFGAtTailAbstractState.h:
2136         * dfg/DFGAvailability.h:
2137         * dfg/DFGBackwardsPropagationPhase.cpp:
2138         * dfg/DFGBasicBlock.h:
2139         * dfg/DFGBasicBlockInlines.h:
2140         * dfg/DFGByteCodeParser.cpp:
2141         * dfg/DFGCFAPhase.cpp:
2142         * dfg/DFGCFGSimplificationPhase.cpp:
2143         * dfg/DFGCPSRethreadingPhase.cpp:
2144         * dfg/DFGCSEPhase.cpp:
2145         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2146         * dfg/DFGCapabilities.cpp:
2147         * dfg/DFGCapabilities.h:
2148         * dfg/DFGClobberize.h:
2149         * dfg/DFGCommonData.cpp:
2150         * dfg/DFGConstantFoldingPhase.cpp:
2151         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2152         * dfg/DFGDCEPhase.cpp:
2153         * dfg/DFGDominators.h:
2154         * dfg/DFGDriver.cpp:
2155         * dfg/DFGDriver.h:
2156         * dfg/DFGFixupPhase.cpp:
2157         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2158         * dfg/DFGGenerationInfo.h:
2159         * dfg/DFGGraph.cpp:
2160         * dfg/DFGGraph.h:
2161         * dfg/DFGInPlaceAbstractState.cpp:
2162         * dfg/DFGInPlaceAbstractState.h:
2163         * dfg/DFGInlineCacheWrapperInlines.h:
2164         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2165         * dfg/DFGJITCode.h:
2166         * dfg/DFGJITCompiler.cpp:
2167         * dfg/DFGJITCompiler.h:
2168         * dfg/DFGJITFinalizer.cpp:
2169         * dfg/DFGJITFinalizer.h:
2170         * dfg/DFGLICMPhase.cpp:
2171         * dfg/DFGLivenessAnalysisPhase.cpp:
2172         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2173         * dfg/DFGMinifiedNode.h:
2174         * dfg/DFGNaturalLoops.h:
2175         * dfg/DFGNode.cpp:
2176         * dfg/DFGNode.h:
2177         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2178         * dfg/DFGOSREntry.cpp:
2179         * dfg/DFGOSREntrypointCreationPhase.cpp:
2180         * dfg/DFGOSRExit.cpp:
2181         * dfg/DFGOSRExit.h:
2182         * dfg/DFGOSRExitBase.cpp:
2183         * dfg/DFGOSRExitCompilationInfo.h:
2184         * dfg/DFGOSRExitCompiler.cpp:
2185         * dfg/DFGOSRExitCompiler32_64.cpp:
2186         * dfg/DFGOSRExitCompiler64.cpp:
2187         * dfg/DFGOSRExitJumpPlaceholder.cpp:
2188         * dfg/DFGOperations.cpp:
2189         * dfg/DFGPhase.h:
2190         * dfg/DFGPlan.h:
2191         * dfg/DFGPredictionInjectionPhase.cpp:
2192         * dfg/DFGPredictionPropagationPhase.cpp:
2193         * dfg/DFGResurrectionForValidationPhase.cpp:
2194         * dfg/DFGSSAConversionPhase.cpp:
2195         * dfg/DFGSSALoweringPhase.cpp:
2196         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
2197         * dfg/DFGSlowPathGenerator.h:
2198         * dfg/DFGSpeculativeJIT.cpp:
2199         * dfg/DFGSpeculativeJIT.h:
2200         * dfg/DFGSpeculativeJIT32_64.cpp:
2201         * dfg/DFGSpeculativeJIT64.cpp:
2202         * dfg/DFGStackLayoutPhase.cpp:
2203         * dfg/DFGStoreBarrierElisionPhase.cpp:
2204         * dfg/DFGStrengthReductionPhase.cpp:
2205         * dfg/DFGThunks.cpp:
2206         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2207         * dfg/DFGTypeCheckHoistingPhase.cpp:
2208         * dfg/DFGUnificationPhase.cpp:
2209         * dfg/DFGValidate.h:
2210         * dfg/DFGValueSource.h:
2211         * dfg/DFGVariableAccessData.h:
2212         * dfg/DFGVariableAccessDataDump.cpp:
2213         * dfg/DFGVariableEvent.h:
2214         * dfg/DFGVariableEventStream.h:
2215         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2216         * dfg/DFGWatchpointCollectionPhase.cpp:
2217         * dfg/DFGWorklist.cpp:
2218
2219 2014-02-10  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com> 
2220  
2221         Remove extra includes from DFG 
2222         https://bugs.webkit.org/show_bug.cgi?id=126983 
2223  
2224         Reviewed by Andreas Kling. 
2225
2226         * dfg/DFGAbstractInterpreter.h:
2227         * dfg/DFGAbstractValue.h:
2228         * dfg/DFGAdjacencyList.h:
2229         * dfg/DFGArgumentPosition.h:
2230         * dfg/DFGArgumentsSimplificationPhase.cpp:
2231         * dfg/DFGArrayMode.cpp:
2232         * dfg/DFGArrayifySlowPathGenerator.h:
2233         * dfg/DFGAtTailAbstractState.h:
2234         * dfg/DFGAvailability.h:
2235         * dfg/DFGBackwardsPropagationPhase.cpp:
2236         * dfg/DFGBasicBlock.h:
2237         * dfg/DFGBasicBlockInlines.h:
2238         * dfg/DFGByteCodeParser.cpp:
2239         * dfg/DFGCFAPhase.cpp:
2240         * dfg/DFGCFGSimplificationPhase.cpp:
2241         * dfg/DFGCPSRethreadingPhase.cpp:
2242         * dfg/DFGCSEPhase.cpp:
2243         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
2244         * dfg/DFGCapabilities.cpp:
2245         * dfg/DFGCapabilities.h:
2246         * dfg/DFGClobberize.h:
2247         * dfg/DFGCommonData.cpp:
2248         * dfg/DFGConstantFoldingPhase.cpp:
2249         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2250         * dfg/DFGDCEPhase.cpp:
2251         * dfg/DFGDominators.h:
2252         * dfg/DFGDriver.cpp:
2253         * dfg/DFGDriver.h:
2254         * dfg/DFGFixupPhase.cpp:
2255         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2256         * dfg/DFGGenerationInfo.h:
2257         * dfg/DFGGraph.cpp:
2258         * dfg/DFGGraph.h:
2259         * dfg/DFGInPlaceAbstractState.cpp:
2260         * dfg/DFGInPlaceAbstractState.h:
2261         * dfg/DFGInlineCacheWrapperInlines.h:
2262         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2263         * dfg/DFGJITCode.h:
2264         * dfg/DFGJITCompiler.cpp:
2265         * dfg/DFGJITCompiler.h:
2266         * dfg/DFGJITFinalizer.cpp:
2267         * dfg/DFGJITFinalizer.h:
2268         * dfg/DFGLICMPhase.cpp:
2269         * dfg/DFGLivenessAnalysisPhase.cpp:
2270         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2271         * dfg/DFGMinifiedNode.h:
2272         * dfg/DFGNaturalLoops.h:
2273         * dfg/DFGNode.cpp:
2274         * dfg/DFGNode.h:
2275         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2276         * dfg/DFGOSREntry.cpp:
2277         * dfg/DFGOSREntrypointCreationPhase.cpp:
2278         * dfg/DFGOSRExit.cpp:
2279         * dfg/DFGOSRExit.h:
2280         * dfg/DFGOSRExitBase.cpp:
2281         * dfg/DFGOSRExitCompilationInfo.h:
2282         * dfg/DFGOSRExitCompiler.cpp:
2283         * dfg/DFGOSRExitCompiler32_64.cpp:
2284         * dfg/DFGOSRExitCompiler64.cpp:
2285         * dfg/DFGOSRExitJumpPlaceholder.cpp:
2286         * dfg/DFGOperations.cpp:
2287         * dfg/DFGPhase.h:
2288         * dfg/DFGPlan.h:
2289         * dfg/DFGPredictionInjectionPhase.cpp:
2290         * dfg/DFGPredictionPropagationPhase.cpp:
2291         * dfg/DFGResurrectionForValidationPhase.cpp:
2292         * dfg/DFGSSAConversionPhase.cpp:
2293         * dfg/DFGSSALoweringPhase.cpp:
2294         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
2295         * dfg/DFGSlowPathGenerator.h:
2296         * dfg/DFGSpeculativeJIT.cpp:
2297         * dfg/DFGSpeculativeJIT.h:
2298         * dfg/DFGSpeculativeJIT32_64.cpp:
2299         * dfg/DFGSpeculativeJIT64.cpp:
2300         * dfg/DFGStackLayoutPhase.cpp:
2301         * dfg/DFGStoreBarrierElisionPhase.cpp:
2302         * dfg/DFGStrengthReductionPhase.cpp:
2303         * dfg/DFGThunks.cpp:
2304         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2305         * dfg/DFGTypeCheckHoistingPhase.cpp:
2306         * dfg/DFGUnificationPhase.cpp:
2307         * dfg/DFGValidate.h:
2308         * dfg/DFGValueSource.h:
2309         * dfg/DFGVariableAccessData.h:
2310         * dfg/DFGVariableAccessDataDump.cpp:
2311         * dfg/DFGVariableEvent.h:
2312         * dfg/DFGVariableEventStream.h:
2313         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2314         * dfg/DFGWatchpointCollectionPhase.cpp:
2315         * dfg/DFGWorklist.cpp:
2316
2317 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2318
2319         JSC environment variables should override other mechanisms for setting options
2320         https://bugs.webkit.org/show_bug.cgi?id=128511
2321
2322         Reviewed by Geoffrey Garen.
2323
2324         * runtime/Options.cpp:
2325         (JSC::Options::setOption):
2326         * runtime/Options.h:
2327
2328 2014-02-10  Darin Adler  <darin@apple.com>
2329
2330         Stop using String::deprecatedCharacters to call WTF::Collator
2331         https://bugs.webkit.org/show_bug.cgi?id=128517
2332
2333         Reviewed by Alexey Proskuryakov.
2334
2335         * runtime/StringPrototype.cpp:
2336         (JSC::stringProtoFuncLocaleCompare): Use the default constructor for Collator, which now
2337         gives the default locale collation rules. Use the new arguments for Collator::collate, which
2338         are now StringView. These two changes together eliminate the need for a separate helper function.
2339
2340 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2341
2342         <1/100 probability FTL failure: v8-v6/v8-deltablue.js.ftl-eager: Exception: TypeError: undefined is not an object (evaluating 'c.isInput')
2343         https://bugs.webkit.org/show_bug.cgi?id=128278
2344
2345         Reviewed by Mark Hahnenberg.
2346         
2347         Fix another FTL flake due to bytecode liveness corner cases. Hopefully it's the last
2348         one.
2349
2350         * dfg/DFGByteCodeParser.cpp:
2351         (JSC::DFG::ByteCodeParser::parseBlock): Make sure that inside a constructor, the 'this' result is always set. This makes it easier to unify the treatment of 'this' for OSR exit: we just say that it's always live.
2352         * dfg/DFGGraph.cpp:
2353         (JSC::DFG::Graph::isLiveInBytecode): Assume that 'this' is live. We were already sort of doing this for calls because the callsite would claim it to be live. But we didn't do it for constructors. It's true that *at the callsite* 'this' won't be live, but inside the inlined constructor, it almost certainly will be.
2354         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2355         (JSC::DFG::TierUpCheckInjectionPhase::run): I just noticed this benign bug. We should only return 'true' if we actually injected checks.
2356         * ftl/FTLOSRExitCompiler.cpp:
2357         (JSC::FTL::compileStub): Make it easier to just dump disassembly for FTL OSR exits.
2358         * runtime/Options.h: Ditto.
2359         * tests/stress/inlined-constructor-this-liveness.js: Added.
2360         (Foo):
2361         (foo):
2362         * tests/stress/inlined-function-this-liveness.js: Added.
2363         (bar):
2364         (foo):
2365
2366 2014-02-10  Filip Pizlo  <fpizlo@apple.com>
2367
2368         Actually register those DFG::Safepoints
2369         https://bugs.webkit.org/show_bug.cgi?id=128521
2370
2371         Reviewed by Mark Hahnenberg.
2372         
2373         No test because GC + thread + JIT = ???.
2374
2375         * dfg/DFGSafepoint.cpp:
2376         (JSC::DFG::Safepoint::~Safepoint):
2377         (JSC::DFG::Safepoint::begin):
2378
2379 2014-02-10  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
2380
2381         Fix EFL build with INSPECTOR disabled
2382         https://bugs.webkit.org/show_bug.cgi?id=125064
2383
2384         Reviewed by Csaba Osztrogon√°c.
2385
2386         * inspector/InjectedScriptManager.h:
2387         * inspector/ScriptDebugServer.cpp:
2388         * inspector/agents/InspectorAgent.h:
2389         * inspector/scripts/CodeGeneratorInspectorStrings.py:
2390         (Inspector):
2391
2392 2014-02-09  Filip Pizlo  <fpizlo@apple.com>
2393
2394         GC blocks on FTL and then badness
2395         https://bugs.webkit.org/show_bug.cgi?id=128291
2396
2397         Reviewed by Oliver Hunt.
2398         
2399         Introduce the notion of a DFG::Safepoint, which allows you to unlock the rightToRun
2400         mutex for your JIT thread, while supplying the GC with all of the information it would
2401         need to scan you at that moment in time. The default way of using this is
2402         DFG::GraphSafepoint, where you just supply the Graph. There's a lot of machinery in
2403         this patch just to make the Graph scannable.
2404         
2405         We then use DFG::GraphSafepoint in just two places for now: (1) while initializing LLVM
2406         and (2) while invoking LLVM' optimizer and backend.
2407         
2408         This is a 30% speed-up on Octane/typescript and a 10% speed-up on Octane/gbemu. 2-3%
2409         speed-up overall on Octane.
2410         
2411         * CMakeLists.txt:
2412         * GNUmakefile.list.am:
2413         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2414         * JavaScriptCore.xcodeproj/project.pbxproj:
2415         * dfg/DFGDriver.cpp:
2416         (JSC::DFG::compileImpl):
2417         * dfg/DFGGraph.cpp:
2418         (JSC::DFG::Graph::visitChildren):
2419         * dfg/DFGGraph.h:
2420         * dfg/DFGGraphSafepoint.cpp: Added.
2421         (JSC::DFG::GraphSafepoint::GraphSafepoint):
2422         (JSC::DFG::GraphSafepoint::~GraphSafepoint):
2423         * dfg/DFGGraphSafepoint.h: Added.
2424         * dfg/DFGOperations.h:
2425         * dfg/DFGPlan.cpp:
2426         (JSC::DFG::Plan::compileInThread):
2427         (JSC::DFG::Plan::compileInThreadImpl):
2428         * dfg/DFGPlan.h:
2429         * dfg/DFGSafepoint.cpp: Added.
2430         (JSC::DFG::Safepoint::Safepoint):
2431         (JSC::DFG::Safepoint::~Safepoint):
2432         (JSC::DFG::Safepoint::add):
2433         (JSC::DFG::Safepoint::begin):
2434         (JSC::DFG::Safepoint::visitChildren):
2435         * dfg/DFGSafepoint.h: Added.
2436         * dfg/DFGScannable.h: Added.
2437         (JSC::DFG::Scannable::Scannable):
2438         (JSC::DFG::Scannable::~Scannable):
2439         * dfg/DFGThreadData.cpp: Added.
2440         (JSC::DFG::ThreadData::ThreadData):
2441         (JSC::DFG::ThreadData::~ThreadData):
2442         * dfg/DFGThreadData.h: Added.
2443         * dfg/DFGWorklist.cpp:
2444         (JSC::DFG::Worklist::finishCreation):
2445         (JSC::DFG::Worklist::visitChildren):
2446         (JSC::DFG::Worklist::runThread):
2447         * dfg/DFGWorklist.h:
2448         * ftl/FTLCompile.cpp:
2449         (JSC::FTL::compile):
2450         * heap/SlotVisitor.h:
2451         * heap/SlotVisitorInlines.h:
2452         (JSC::SlotVisitor::appendUnbarrieredReadOnlyPointer):
2453         (JSC::SlotVisitor::appendUnbarrieredReadOnlyValue):
2454
2455 2014-02-09  Filip Pizlo  <fpizlo@apple.com>
2456
2457         Never include *Inlines.h files in interface headers, and never include *Inlines.h when you could include Operations.h instead
2458         https://bugs.webkit.org/show_bug.cgi?id=128505
2459
2460         Reviewed by Mark Hahnenberg and Oliver Hunt.
2461
2462         * API/JSContextRef.cpp:
2463         * assembler/LinkBuffer.cpp:
2464         * bytecode/ArrayProfile.cpp:
2465         * bytecode/BytecodeBasicBlock.cpp:
2466         * bytecode/BytecodeLivenessAnalysisInlines.h:
2467         * bytecode/CallLinkInfo.cpp:
2468         * bytecode/CodeBlock.cpp:
2469         * bytecode/CodeBlock.h:
2470         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2471         * bytecode/ExecutionCounter.cpp:
2472         * bytecode/MethodOfGettingAValueProfile.cpp:
2473         * bytecode/PreciseJumpTargets.cpp:
2474         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
2475         * bytecode/SamplingTool.cpp:
2476         * bytecode/SpecialPointer.cpp:
2477         * bytecode/StructureStubClearingWatchpoint.cpp:
2478         * debugger/DebuggerCallFrame.cpp:
2479         * dfg/DFGAbstractHeap.cpp:
2480         * dfg/DFGAbstractValue.cpp:
2481         * dfg/DFGArgumentsSimplificationPhase.cpp:
2482         * dfg/DFGArithMode.cpp:
2483         * dfg/DFGArrayMode.cpp:
2484         * dfg/DFGAtTailAbstractState.cpp:
2485         * dfg/DFGAvailability.cpp:
2486         * dfg/DFGBackwardsPropagationPhase.cpp:
2487         * dfg/DFGBasicBlock.cpp:
2488         * dfg/DFGBinarySwitch.cpp:
2489         * dfg/DFGBlockInsertionSet.cpp:
2490         * dfg/DFGByteCodeParser.cpp:
2491         * dfg/DFGCFAPhase.cpp:
2492         * dfg/DFGCFGSimplificationPhase.cpp:
2493         * dfg/DFGCPSRethreadingPhase.cpp:
2494         * dfg/DFGCSEPhase.cpp:
2495         * dfg/DFGCapabilities.cpp:
2496         * dfg/DFGClobberSet.cpp:
2497         * dfg/DFGClobberize.cpp:
2498         * dfg/DFGCommon.cpp:
2499         * dfg/DFGCommonData.cpp:
2500         * dfg/DFGCompilationKey.cpp:
2501         * dfg/DFGCompilationMode.cpp:
2502         * dfg/DFGConstantFoldingPhase.cpp:
2503         * dfg/DFGCriticalEdgeBreakingPhase.cpp:
2504         * dfg/DFGDCEPhase.cpp:
2505         * dfg/DFGDesiredIdentifiers.cpp:
2506         * dfg/DFGDesiredStructureChains.cpp:
2507         * dfg/DFGDesiredTransitions.cpp:
2508         * dfg/DFGDesiredWatchpoints.cpp:
2509         * dfg/DFGDisassembler.cpp:
2510         * dfg/DFGDisassembler.h:
2511         * dfg/DFGDominators.cpp:
2512         * dfg/DFGEdge.cpp:
2513         * dfg/DFGFailedFinalizer.cpp:
2514         * dfg/DFGFinalizer.cpp:
2515         * dfg/DFGFixupPhase.cpp:
2516         * dfg/DFGFlushFormat.cpp:
2517         * dfg/DFGFlushLivenessAnalysisPhase.cpp:
2518         * dfg/DFGFlushedAt.cpp:
2519         * dfg/DFGGraph.cpp:
2520         * dfg/DFGInPlaceAbstractState.cpp:
2521         * dfg/DFGInvalidationPointInjectionPhase.cpp:
2522         * dfg/DFGJITCode.cpp:
2523         * dfg/DFGJITCompiler.cpp:
2524         * dfg/DFGJITCompiler.h:
2525         * dfg/DFGJITFinalizer.cpp:
2526         * dfg/DFGJumpReplacement.cpp:
2527         * dfg/DFGLICMPhase.cpp:
2528         * dfg/DFGLazyJSValue.cpp:
2529         * dfg/DFGLivenessAnalysisPhase.cpp:
2530         * dfg/DFGLongLivedState.cpp:
2531         * dfg/DFGLoopPreHeaderCreationPhase.cpp:
2532         * dfg/DFGMinifiedNode.cpp:
2533         * dfg/DFGNaturalLoops.cpp:
2534         * dfg/DFGNode.cpp:
2535         * dfg/DFGNodeFlags.cpp:
2536         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2537         * dfg/DFGOSREntry.cpp:
2538         * dfg/DFGOSREntrypointCreationPhase.cpp:
2539         * dfg/DFGOSRExit.cpp:
2540         * dfg/DFGOSRExitBase.cpp:
2541         * dfg/DFGOSRExitCompiler.cpp:
2542         * dfg/DFGOSRExitCompiler32_64.cpp:
2543         * dfg/DFGOSRExitCompiler64.cpp:
2544         * dfg/DFGOSRExitCompilerCommon.cpp:
2545         * dfg/DFGOSRExitJumpPlaceholder.cpp:
2546         * dfg/DFGOSRExitPreparation.cpp:
2547         * dfg/DFGOperations.cpp:
2548         * dfg/DFGOperations.h:
2549         * dfg/DFGPhase.cpp:
2550         * dfg/DFGPlan.cpp:
2551         * dfg/DFGPredictionInjectionPhase.cpp:
2552         * dfg/DFGPredictionPropagationPhase.cpp:
2553         * dfg/DFGResurrectionForValidationPhase.cpp:
2554         * dfg/DFGSSAConversionPhase.cpp:
2555         * dfg/DFGSSALoweringPhase.cpp:
2556         * dfg/DFGSpeculativeJIT.cpp:
2557         * dfg/DFGSpeculativeJIT32_64.cpp:
2558         * dfg/DFGSpeculativeJIT64.cpp:
2559         * dfg/DFGStackLayoutPhase.cpp:
2560         * dfg/DFGStoreBarrierElisionPhase.cpp:
2561         * dfg/DFGStrengthReductionPhase.cpp:
2562         * dfg/DFGThunks.cpp:
2563         * dfg/DFGTierUpCheckInjectionPhase.cpp:
2564         * dfg/DFGToFTLDeferredCompilationCallback.cpp:
2565         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
2566         * dfg/DFGTypeCheckHoistingPhase.cpp:
2567         * dfg/DFGUnificationPhase.cpp:
2568         * dfg/DFGUseKind.cpp:
2569         * dfg/DFGValidate.cpp:
2570         * dfg/DFGValueSource.cpp:
2571         * dfg/DFGVariableAccessDataDump.cpp:
2572         * dfg/DFGVariableEvent.cpp:
2573         * dfg/DFGVariableEventStream.cpp:
2574         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2575         * dfg/DFGWatchpointCollectionPhase.cpp:
2576         * dfg/DFGWorklist.cpp:
2577         * disassembler/Disassembler.cpp:
2578         * ftl/FTLLink.cpp:
2579         * ftl/FTLOSRExitCompiler.cpp:
2580         * ftl/FTLSlowPathCall.cpp:
2581         * ftl/FTLThunks.cpp:
2582         (JSC::FTL::slowPathCallThunkGenerator):
2583         * heap/BlockAllocator.cpp:
2584         * heap/CodeBlockSet.cpp:
2585         * heap/ConservativeRoots.cpp:
2586         * heap/DeferGC.cpp:
2587         * heap/GCThread.cpp:
2588         * heap/GCThreadSharedData.cpp:
2589         * heap/HeapTimer.cpp:
2590         * heap/IncrementalSweeper.cpp:
2591         * heap/JITStubRoutineSet.cpp:
2592         * heap/MachineStackMarker.cpp:
2593         * heap/MarkStack.cpp:
2594         * heap/MarkedAllocator.cpp:
2595         * heap/MarkedSpace.cpp:
2596         * heap/SuperRegion.cpp:
2597         * heap/Weak.cpp:
2598         * heap/WeakHandleOwner.cpp:
2599         * heap/WeakSet.cpp:
2600         * heap/WriteBarrierBuffer.cpp:
2601         * heap/WriteBarrierSupport.cpp:
2602         * inspector/ScriptCallStackFactory.cpp:
2603         * interpreter/AbstractPC.cpp:
2604         * interpreter/JSStack.cpp:
2605         * interpreter/ProtoCallFrame.cpp:
2606         * interpreter/VMInspector.cpp:
2607         * jit/ArityCheckFailReturnThunks.cpp:
2608         * jit/AssemblyHelpers.cpp:
2609         * jit/ExecutableAllocator.cpp:
2610         * jit/ExecutableAllocatorFixedVMPool.cpp:
2611         * jit/GCAwareJITStubRoutine.cpp:
2612         * jit/HostCallReturnValue.cpp:
2613         * jit/JITDisassembler.cpp:
2614         * jit/JITDisassembler.h:
2615         * jit/JITExceptions.cpp:
2616         * jit/JITInlines.h:
2617         * jit/JITOperations.cpp:
2618         * jit/JITOperationsMSVC64.cpp:
2619         * jit/JITStubRoutine.cpp:
2620         * jit/JITStubs.cpp:
2621         * jit/JITToDFGDeferredCompilationCallback.cpp:
2622         * jit/RegisterPreservationWrapperGenerator.cpp:
2623         * jit/RegisterSet.cpp:
2624         * jit/Repatch.cpp:
2625         * jit/TempRegisterSet.cpp:
2626         * jsc.cpp:
2627         * parser/Lexer.cpp:
2628         * parser/Parser.cpp:
2629         * parser/ParserArena.cpp:
2630         * parser/SourceCode.cpp:
2631         * parser/SourceProvider.cpp:
2632         * parser/SourceProviderCache.cpp:
2633         * profiler/ProfileGenerator.cpp:
2634         * runtime/Arguments.cpp:
2635         * runtime/ArgumentsIteratorPrototype.cpp:
2636         * runtime/CommonSlowPathsExceptions.cpp:
2637         * runtime/JSArgumentsIterator.cpp:
2638         * runtime/JSFunction.cpp:
2639         * runtime/JSGlobalObjectFunctions.cpp:
2640         * runtime/ObjectConstructor.cpp:
2641         * runtime/Operations.h:
2642         * runtime/VM.cpp:
2643
2644 2014-02-09  Filip Pizlo  <fpizlo@apple.com>
2645
2646         Unreviewed, don't mark isHostFunction() inline in the header file because that really confuses EFL.
2647
2648         * runtime/JSFunction.h:
2649
2650 2014-02-09  Anders Carlsson  <andersca@apple.com>
2651
2652         Add WTF_MAKE_FAST_ALLOCATED to more classes
2653         https://bugs.webkit.org/show_bug.cgi?id=128506
2654
2655         Reviewed by Andreas Kling.
2656
2657         * bytecode/UnlinkedInstructionStream.h:
2658         * runtime/SymbolTable.h:
2659         * runtime/WriteBarrier.h:
2660
2661 2014-02-09  Mark Hahnenberg  <mhahnenberg@apple.com>
2662
2663         Objective-C API NSDate conversion is off by 1000x (ms vs s)
2664         https://bugs.webkit.org/show_bug.cgi?id=128386
2665
2666         Reviewed by Michael Saboff.
2667
2668         * API/JSValue.mm:
2669         (valueToObjectWithoutCopy):
2670         (valueToDate):
2671         (objectToValueWithoutCopy):
2672         * API/tests/DateTests.h: Added.
2673         * API/tests/DateTests.mm: Added.
2674         (+[DateTests NSDateToJSDateTest]):
2675         (+[DateTests JSDateToNSDateTest]):
2676         (+[DateTests roundTripThroughJSDateTest]):
2677         (+[DateTests roundTripThroughObjCDateTest]):
2678         * API/tests/testapi.mm:
2679         (checkResult):
2680         * JavaScriptCore.xcodeproj/project.pbxproj:
2681
2682 2014-02-09  Andreas Kling  <akling@apple.com>
2683
2684         Pass VM instead of ExecState to JSCell::fastGetOwnProperty().
2685         <https://webkit.org/b/128497>
2686
2687         Knocks off a couple of instructions.
2688
2689         Reviewed by Anders Carlsson.
2690
2691         * dfg/DFGOperations.cpp:
2692         * jit/JITOperations.cpp:
2693         (JSC::getByVal):
2694         * llint/LLIntSlowPaths.cpp:
2695         (JSC::LLInt::getByVal):
2696         * runtime/JSCell.h:
2697         * runtime/JSCellInlines.h:
2698         (JSC::JSCell::fastGetOwnProperty):
2699
2700 2014-02-09  Anders Carlsson  <andersca@apple.com>
2701
2702         Convert some JSC code over to std::mutex
2703         https://bugs.webkit.org/show_bug.cgi?id=128500
2704
2705         Reviewed by Dan Bernstein.
2706
2707         * API/JSVirtualMachine.mm:
2708         (wrapperCacheMutex):
2709         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
2710         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
2711         * heap/GCThreadSharedData.h:
2712         * heap/SlotVisitor.cpp:
2713         (JSC::SlotVisitor::mergeOpaqueRoots):
2714         * heap/SlotVisitorInlines.h:
2715         (JSC::SlotVisitor::containsOpaqueRootTriState):
2716         * inspector/remote/RemoteInspector.h:
2717         * inspector/remote/RemoteInspector.mm:
2718         (Inspector::RemoteInspector::registerDebuggable):
2719         (Inspector::RemoteInspector::unregisterDebuggable):
2720         (Inspector::RemoteInspector::updateDebuggable):
2721         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
2722         (Inspector::RemoteInspector::start):
2723         (Inspector::RemoteInspector::stop):
2724         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
2725         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
2726         (Inspector::RemoteInspector::xpcConnectionFailed):
2727         (Inspector::RemoteInspector::pushListingSoon):
2728         (Inspector::RemoteInspector::receivedIndicateMessage):
2729         * inspector/remote/RemoteInspectorDebuggableConnection.h:
2730         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
2731         (Inspector::RemoteInspectorDebuggableConnection::setup):
2732         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
2733         (Inspector::RemoteInspectorDebuggableConnection::close):
2734         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
2735         * jit/ExecutableAllocator.cpp:
2736         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2737         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2738         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2739         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2740         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2741         (JSC::DemandExecutableAllocator::allocatorsMutex):
2742
2743 2014-02-09  Commit Queue  <commit-queue@webkit.org>
2744
2745         Unreviewed, rolling out r163737.
2746         http://trac.webkit.org/changeset/163737
2747         https://bugs.webkit.org/show_bug.cgi?id=128491
2748
2749         Caused 8+ tests to fail on Mavericks and Mountain Lion bots
2750         (Requested by rniwa on #webkit).
2751
2752         * runtime/JSString.h:
2753         (JSC::jsSingleCharacterString):
2754         (JSC::jsSingleCharacterSubstring):
2755         (JSC::jsString):
2756         (JSC::jsSubstring8):
2757         * runtime/SmallStrings.cpp:
2758         (JSC::SmallStringsStorage::SmallStringsStorage):
2759         (JSC::SmallStrings::SmallStrings):
2760
2761 2014-02-08  Anders Carlsson  <andersca@apple.com>
2762
2763         Simplify single character substrings in JSC
2764         https://bugs.webkit.org/show_bug.cgi?id=128483
2765
2766         Reviewed by Andreas Kling.
2767
2768         With the recent work to make StringImpl occupy less space, it is actually more
2769         efficient to allocate a single character string that it is to use createSubstringSharingImpl!
2770         
2771         * runtime/JSString.h:
2772         (JSC::jsSingleCharacterString):
2773         (JSC::jsSingleCharacterSubstring):
2774         (JSC::jsString):
2775         (JSC::jsSubstring8):
2776         * runtime/SmallStrings.cpp:
2777         (JSC::SmallStringsStorage::SmallStringsStorage):
2778         (JSC::SmallStrings::SmallStrings):
2779
2780 2014-02-08  Mark Hahnenberg  <mhahnenberg@apple.com>
2781
2782         Baseline JIT uses the wrong version of checkMarkWord in emitWriteBarrier
2783         https://bugs.webkit.org/show_bug.cgi?id=128474
2784
2785         Reviewed by Michael Saboff.
2786
2787         * jit/JITPropertyAccess.cpp:
2788         (JSC::JIT::emitWriteBarrier):
2789
2790 2014-02-08  Mark Lam  <mark.lam@apple.com>
2791
2792         Rename a field and some variables in JSLock to better describe what they contain.
2793         <https://webkit.org/b/128475>
2794
2795         Reviewed by Oliver Hunt.
2796
2797         * runtime/JSLock.cpp:
2798         (JSC::JSLock::dropAllLocks):
2799         (JSC::JSLock::dropAllLocksUnconditionally):
2800         (JSC::JSLock::grabAllLocks):
2801         (JSC::JSLock::DropAllLocks::DropAllLocks):
2802         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2803         * runtime/JSLock.h:
2804
2805 2014-02-08  Anders Carlsson  <andersca@apple.com>
2806
2807         Stop using getCharactersWithUpconvert in JavaScriptCore
2808         https://bugs.webkit.org/show_bug.cgi?id=128457
2809
2810         Reviewed by Andreas Kling.
2811
2812         Change substituteBackreferencesSlow to take StringViews and use a StringBuilder instead of upconverting
2813         if the source or replacement strings area 16-bit.
2814
2815         * runtime/StringPrototype.cpp:
2816         (JSC::substituteBackreferencesSlow):
2817         (JSC::substituteBackreferences):
2818
2819 2014-02-08  Mark Rowe  <mrowe@apple.com>
2820
2821         <https://webkit.org/b/128452> Don't duplicate the list of input files for postprocess-headers.sh
2822
2823         Reviewed by Dan Bernstein.
2824
2825         * postprocess-headers.sh: Pull the list of headers to process out of the environment.
2826
2827 2014-02-08  Mark Rowe  <mrowe@apple.com>
2828
2829         Fix the iOS build.
2830
2831         * API/WebKitAvailability.h: Skip the workarounds specific to OS X when we're building for iOS.
2832
2833 2014-02-07  Mark Rowe  <mrowe@apple.com>
2834
2835         <https://webkit.org/b/128448> Fix use of availability macros on recently-added APIs
2836
2837         Reviewed by Dan Bernstein.
2838
2839         * API/JSContext.h: Remove some #ifs.
2840         * API/JSManagedValue.h: Ditto.
2841         * API/WebKitAvailability.h: #define the macros that availability macros mentioning
2842         newer OS X versions would expand to when building on older OS versions.
2843         * JavaScriptCore.xcodeproj/project.pbxproj: Call the new postprocess-headers.sh.
2844         * postprocess-headers.sh: Extracted from the Xcode project. Updated to remove content
2845         from headers based on the __MAC_OS_X_VERSION_MIN_REQUIRED macro, and to
2846         process WebKitAvailability.h.
2847
2848 2014-02-07  Mark Lam  <mark.lam@apple.com>
2849
2850         JSLock should not "restore" VM stack values if it did not re-grab locks.
2851         <https://webkit.org/b/128447>
2852
2853         Reviewed by Geoffrey Garen.
2854
2855         In the existing code, if DropAllLocks is instantiate with DontAlwaysDropLocks
2856         in a thread that does not own the JSLock, then a bug will manifest where:
2857
2858         1. The DropAllLocks constructor will save the VM's stackPointerAtEntry,
2859            lastStackTop, and reservedZoneSize even though it will not drop the JSLock.
2860         2. The DropAllLocks destructor will restore those 3 values to the VM even
2861            though the JSLock will not grab its internal lock.
2862
2863         The former only causes busy work but does not impact correctness. The latter
2864         however, will corrupt those 3 VM values which belong to the thread that
2865         actually owns the JSLock.
2866
2867         The fix is to only save the values when the JSLock will actually drop its
2868         internal lock, and only restore the values if it did re-grab the internal lock.
2869
2870         * runtime/JSLock.cpp:
2871         (JSC::JSLock::dropAllLocks):
2872         (JSC::JSLock::dropAllLocksUnconditionally):
2873         (JSC::JSLock::grabAllLocks):
2874         (JSC::JSLock::DropAllLocks::DropAllLocks):
2875         - Moved the saving of VM stack values to dropAllLocks() and
2876           dropAllLocksUnconditionally().
2877         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2878         - Moved the restoring of VM stack values to grabAllLocks().
2879
2880 2014-02-07  Filip Pizlo  <fpizlo@apple.com>
2881
2882         Don't throw away code if there is code on the worklists
2883         https://bugs.webkit.org/show_bug.cgi?id=128443
2884
2885         Reviewed by Joseph Pecoraro.
2886         
2887         If we throw away compiled code and there is code currently being JITed then the JIT
2888         will get confused after it resumes: it will see a code block that had claimed to belong
2889         to an executable except that it doesn't belong to any executables anymore.
2890
2891         * dfg/DFGWorklist.h:
2892         (JSC::DFG::Worklist::isActive):
2893         * heap/Heap.cpp:
2894         (JSC::Heap::deleteAllCompiledCode):
2895
2896 2014-02-07  Filip Pizlo  <fpizlo@apple.com>
2897
2898         GC should safepoint the DFG worklist in a smarter way rather than just waiting for everything to complete
2899         https://bugs.webkit.org/show_bug.cgi?id=128297
2900
2901         Reviewed by Oliver Hunt.
2902         
2903         This makes DFG worklist threads have a rightToRun lock that gives them the ability to
2904         be safepointed by the GC in much the same way as you'd expect from a fully
2905         multithreaded VM.
2906         
2907         The idea is that the worklist threads's roots are the DFG::Plan. They only touch those
2908         roots when holding the rightToRun lock. They currently grab that lock to run the
2909         compiler, but relinquish it when accessing - and waiting on - the worklist.
2910
2911         * bytecode/CodeBlock.h:
2912         (JSC::CodeBlockSet::mark):
2913         * dfg/DFGCompilationKey.cpp:
2914         (JSC::DFG::CompilationKey::visitChildren):
2915         * dfg/DFGCompilationKey.h:
2916         * dfg/DFGDesiredStructureChains.cpp:
2917         (JSC::DFG::DesiredStructureChains::visitChildren):
2918         * dfg/DFGDesiredStructureChains.h:
2919         * dfg/DFGDesiredTransitions.cpp:
2920         (JSC::DFG::DesiredTransition::visitChildren):
2921         (JSC::DFG::DesiredTransitions::visitChildren):
2922         * dfg/DFGDesiredTransitions.h:
2923         * dfg/DFGDesiredWeakReferences.cpp:
2924         (JSC::DFG::DesiredWeakReferences::visitChildren):
2925         * dfg/DFGDesiredWeakReferences.h:
2926         * dfg/DFGDesiredWriteBarriers.cpp:
2927         (JSC::DFG::DesiredWriteBarrier::visitChildren):
2928         (JSC::DFG::DesiredWriteBarriers::visitChildren):
2929         * dfg/DFGDesiredWriteBarriers.h:
2930         * dfg/DFGPlan.cpp:
2931         (JSC::DFG::Plan::visitChildren):
2932         * dfg/DFGPlan.h:
2933         * dfg/DFGWorklist.cpp:
2934         (JSC::DFG::Worklist::~Worklist):
2935         (JSC::DFG::Worklist::finishCreation):
2936         (JSC::DFG::Worklist::suspendAllThreads):
2937         (JSC::DFG::Worklist::resumeAllThreads):
2938         (JSC::DFG::Worklist::visitChildren):
2939         (JSC::DFG::Worklist::runThread):
2940         (JSC::DFG::Worklist::threadFunction):
2941         * dfg/DFGWorklist.h:
2942         (JSC::DFG::numberOfWorklists):
2943         (JSC::DFG::worklistForIndexOrNull):
2944         * heap/CodeBlockSet.h:
2945         * heap/Heap.cpp:
2946         (JSC::Heap::markRoots):
2947         (JSC::Heap::collect):
2948         * runtime/IntendedStructureChain.cpp:
2949         (JSC::IntendedStructureChain::visitChildren):
2950         * runtime/IntendedStructureChain.h:
2951         * runtime/VM.cpp:
2952         (JSC::VM::~VM):
2953         (JSC::VM::prepareToDiscardCode):
2954
2955 2014-02-07  Mark Lam  <mark.lam@apple.com>
2956
2957         Unify JSLock implementation for iOS and non-iOS ports.
2958         <https://webkit.org/b/128409>
2959
2960         Reviewed by Michael Saboff.
2961
2962         The iOS and non-iOS implementations of dropAllLocks(),
2963         dropAllLocksUnconditionally(), and grabAllLocks() effectively do the
2964         same work. The main difference is that the iOS implementation acquires
2965         the JSLock spin lock in the DropAllLocks class while the other ports
2966         acquire it when it calls JSLock::lock() and unlock().
2967
2968         The other difference is that the iOS implementation will only increment
2969         m_locksDropDepth if it actually drops locks, whereas other ports will
2970         increment it unconditionally. Analogously, iOS decrements the depth only
2971         when needed while other ports will decrement it unconditionally when
2972         re-grabbing locks.
2973
2974         We can unify the 2 implementations by having both use the iOS
2975         implementation for a start.
2976
2977         * runtime/JSLock.cpp:
2978         (JSC::JSLock::dropAllLocks):
2979         (JSC::JSLock::dropAllLocksUnconditionally):
2980         (JSC::JSLock::grabAllLocks):
2981         (JSC::JSLock::DropAllLocks::DropAllLocks):
2982         (JSC::JSLock::DropAllLocks::~DropAllLocks):
2983
2984 2014-02-06  Filip Pizlo  <fpizlo@apple.com>
2985
2986         More FTL build scaffolding
2987         https://bugs.webkit.org/show_bug.cgi?id=128330
2988
2989         Reviewed by Geoffrey Garen.
2990
2991         * Configurations/FeatureDefines.xcconfig:
2992         * llvm/library/LLVMAnchor.cpp:
2993
2994 2014-02-07  Mark Lam  <mark.lam@apple.com>
2995
2996         iOS port needs to clear VM::stackPointerAtVMEntry when it drops locks.
2997         <https://webkit.org/b/128424>
2998
2999         Reviewed by Geoffrey Garen.
3000
3001         The iOS code path for dropping locks differ from the non-iOS code path
3002         in that it (iOS) does not clear m_vm->stackPointerAtVMEntry nor reset the
3003         VM stack limit. This is now fixed by copying that snippit from
3004         JSLock::unlock().
3005
3006         * runtime/JSLock.cpp:
3007         (JSC::JSLock::dropAllLocks):
3008         (JSC::JSLock::dropAllLocksUnconditionally):
3009
3010 2014-02-07  Mark Lam  <mark.lam@apple.com>
3011
3012         Removed superflous JSLock::entryStackPointer field.
3013         <https://webkit.org/b/128413>
3014
3015         Reviewed by Geoffrey Garen.
3016
3017         * runtime/JSLock.cpp:
3018         (JSC::JSLock::lock):
3019         * runtime/JSLock.h:
3020
3021 2014-02-07  Mark Lam  <mark.lam@apple.com>
3022
3023         Revert workaround committed in http://trac.webkit.org/r163595.
3024         <https://webkit.org/b/128408>
3025
3026         Reviewed by Geoffrey Garen.
3027
3028         Now that we have fixed the bugs in JSLock's stack limit adjusments
3029         in https://bugs.webkit.org/show_bug.cgi?id=128406, we can revert the
3030         workaround in r163595.
3031
3032         * API/JSContextRef.cpp:
3033         (JSContextGroupCreate):
3034         (JSGlobalContextCreateInGroup):
3035         * API/tests/testapi.js:
3036         * runtime/VM.cpp:
3037         (JSC::VM::VM):
3038         (JSC::VM::updateStackLimitWithReservedZoneSize):
3039         * runtime/VM.h:
3040
3041 2014-02-07  Mark Lam  <mark.lam@apple.com>
3042
3043         Fix bug in stack limit adjustments in JSLock.
3044         <https://webkit.org/b/128406>
3045
3046         Reviewed by Geoffrey Garen.
3047
3048         1. JSLock::unlock() was only clearing the VM::stackPointerAtEntry when
3049            m_vm->stackPointerAtVMEntry == entryStackPointer. FYI,
3050            entryStackPointer is a field in JSLock.
3051
3052            When DropAllLocks::~DropAllLocks() will call JSLock::grabAllLocks()
3053            to relock the JSLock, JSLock::grabAllLocks() will set a new
3054            entryStackPointer value. Thereafter, DropAllLocks::~DropAllLocks() will
3055            restore the saved VM::stackPointerAtEntry, which will now defer from
3056            the JSLock's entryStackPointer value.
3057
3058            It turns out that when m_vm->stackPointerAtVMEntry was initialized,
3059            it was set to whatever value entryStackPointer is set to. At no time
3060            do we ever expect the 2 values to differ. The only time it differs is
3061            when this bug manifests.
3062
3063            The fix is to remove the entryStackPointer field in JSLock and its uses
3064            altogether.
3065
3066         2. DropAllLocks was unconditionally clearing VM::stackPointerAtEntry in
3067            its constructor instead of letting JSLock::unlock() do the clearing.
3068
3069            However, DropAllLocks will not actually drop locks if it isn't required
3070            to (e.g. when alwaysDropLocks is DontAlwaysDropLocks), and when we've
3071            already drop locks once (i.e. JSLock::m_lockDropDepth is not 0).
3072
3073            We should not have cleared VM::stackPointerAtEntry here if we don't
3074            actually drop the locks.
3075
3076         * runtime/JSLock.cpp:
3077         (JSC::JSLock::unlock):
3078         (JSC::JSLock::DropAllLocks::DropAllLocks):
3079
3080 2014-02-07  Joseph Pecoraro  <pecoraro@apple.com>
3081
3082         [iOS] Eliminate race between XPC connection queue and Notification queue
3083         https://bugs.webkit.org/show_bug.cgi?id=128384
3084
3085         Reviewed by Timothy Hatcher.
3086
3087         * inspector/remote/RemoteInspector.h:
3088         * inspector/remote/RemoteInspector.mm:
3089         (Inspector::RemoteInspector::RemoteInspector):
3090         (Inspector::RemoteInspector::start):
3091         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
3092         Create the queue to use for RemoteInspector xpc connection
3093         management and the connection itself.
3094
3095         * inspector/remote/RemoteInspectorXPCConnection.h:
3096         * inspector/remote/RemoteInspectorXPCConnection.mm:
3097         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
3098         Use the passed in queue instead of creating one for itself.
3099
3100 2014-02-07  Oliver Hunt  <oliver@apple.com>
3101
3102         REGRESSION (r160628): LLint does not appear to handle impure get own property properly
3103         https://bugs.webkit.org/show_bug.cgi?id=127943
3104
3105         Reviewed by Filip Pizlo.
3106
3107         Make sure the LLINT doesn't attempt to cache property
3108         access on structures with impureGetOwnPropertySlot set.
3109
3110         * llint/LLIntSlowPaths.cpp:
3111         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3112
3113 2014-02-06  Michael Saboff  <msaboff@apple.com>
3114
3115         Workaround REGRESSION(r163195-r163227): Crash beneath NSErrorUserInfoFromJSException when installing AppleInternal.mpkg
3116         https://bugs.webkit.org/show_bug.cgi?id=128347
3117
3118         Reviewed by Geoffrey Garen.
3119
3120         Added a flag to VM class called m_ignoreStackLimit that disables stack limit checks.
3121         We set this flag in JSContextGroupCreate() and JSGlobalContextCreateInGroup().
3122
3123         Disabled stack overflow tests in testapi.js since it uses these paths.
3124
3125         THis patch will be reverted as part of a comprehensive solution to the problem.
3126
3127         * API/JSContextRef.cpp:
3128         (JSContextGroupCreate):
3129         (JSGlobalContextCreateInGroup):
3130         * API/tests/testapi.js:
3131         * runtime/VM.cpp:
3132         (JSC::VM::VM):
3133         (JSC::VM::updateStackLimitWithReservedZoneSize):
3134         * runtime/VM.h:
3135         (JSC::VM::ignoreStackLimit):
3136
3137 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3138
3139         +[JSContext currentCallee] should return the currently executing JS function
3140         https://bugs.webkit.org/show_bug.cgi?id=122621
3141
3142         Reviewed by Geoffrey Garen.
3143
3144         It would be useful if there was a +[JSContext currentObject] API which was 
3145         callable from ObjC API callbacks. Its purpose would be to allow convenient 
3146         access to the JSValue wrapper for the currently-executing block callback.
3147
3148         * API/JSContext.h:
3149         * API/JSContext.mm:
3150         (+[JSContext currentCallee]):
3151         (-[JSContext beginCallbackWithData:calleeValue:thisValue:argumentCount:arguments:]):
3152         * API/JSContextInternal.h:
3153         * API/ObjCCallbackFunction.mm:
3154         (JSC::objCCallbackFunctionCallAsFunction):
3155         (JSC::objCCallbackFunctionCallAsConstructor):
3156         * API/tests/testapi.mm:
3157
3158 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3159
3160         Fix iOS builds after r163574
3161
3162         * API/JSManagedValue.h:
3163
3164 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3165
3166         Heap::writeBarrier shouldn't be static
3167         https://bugs.webkit.org/show_bug.cgi?id=127807
3168
3169         Reviewed by Geoffrey Garen.
3170
3171         Currently it looks up the Heap in which to fire the write barrier by using 
3172         the cell passed to it. Almost every call site already has a reference to the 
3173         VM or the Heap itself. It seems wasteful to look it up all over again.
3174
3175         * GNUmakefile.list.am:
3176         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3177         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3178         * JavaScriptCore.xcodeproj/project.pbxproj:
3179         * heap/CopyWriteBarrier.h:
3180         (JSC::CopyWriteBarrier::set):
3181         * heap/Heap.cpp:
3182         (JSC::Heap::writeBarrier):
3183         * heap/Heap.h:
3184         (JSC::Heap::writeBarrier):
3185         * jit/JITOperations.cpp:
3186         * jit/JITWriteBarrier.h:
3187         (JSC::JITWriteBarrierBase::set):
3188         * llint/LLIntSlowPaths.cpp:
3189         (JSC::LLInt::llint_write_barrier_slow):
3190         * runtime/Arguments.h:
3191         * runtime/JSWeakMap.cpp:
3192         * runtime/MapData.cpp:
3193         (JSC::MapData::ensureSpaceForAppend):
3194         * runtime/PropertyTable.cpp:
3195         (JSC::PropertyTable::PropertyTable):
3196         * runtime/Structure.h:
3197         * runtime/WriteBarrier.h:
3198         * runtime/WriteBarrierInlines.h: Added.
3199
3200 2014-02-06  Mark Hahnenberg  <mhahnenberg@apple.com>
3201
3202         JSManagedValue should automatically call removeManagedReference:withOwner: upon dealloc
3203         https://bugs.webkit.org/show_bug.cgi?id=124053
3204
3205         Reviewed by Geoffrey Garen.
3206
3207         * API/JSManagedValue.h:
3208         * API/JSManagedValue.mm:
3209         (+[JSManagedValue managedValueWithValue:andOwner:]):
3210         (-[JSManagedValue initWithValue:]):
3211         (-[JSManagedValue dealloc]):
3212         (-[JSManagedValue didAddOwner:]):
3213         (-[JSManagedValue didRemoveOwner:]):
3214         * API/JSManagedValueInternal.h: Added.
3215         * API/JSVirtualMachine.mm:
3216         (-[JSVirtualMachine addManagedReference:withOwner:]):
3217         (-[JSVirtualMachine removeManagedReference:withOwner:]):
3218         * API/WebKitAvailability.h:
3219         * API/tests/testapi.mm:
3220         (-[TextXYZ click]):
3221         * JavaScriptCore.xcodeproj/project.pbxproj:
3222
3223 2014-02-06  Joseph Pecoraro  <pecoraro@apple.com>
3224
3225         Web Inspector: Add Console support to JSContext Inspection
3226         https://bugs.webkit.org/show_bug.cgi?id=127941
3227
3228         Reviewed by Geoffrey Garen.
3229
3230         * CMakeLists.txt:
3231         * DerivedSources.make:
3232         * GNUmakefile.am:
3233         * GNUmakefile.list.am:
3234         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3235         * JavaScriptCore.xcodeproj/project.pbxproj:
3236         Add new files.
3237
3238         * inspector/agents/InspectorConsoleAgent.cpp: Renamed from Source/WebCore/inspector/InspectorConsoleAgent.cpp.
3239         * inspector/agents/InspectorConsoleAgent.h: Added.
3240         New agent moved from WebCore. Rename a method to work in JS only context.
3241
3242         * inspector/JSGlobalObjectInspectorController.cpp:
3243         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
3244         Instantiate ConsoleAgent.
3245
3246         * inspector/agents/JSGlobalObjectConsoleAgent.h: Copied from Source/WebCore/inspector/PageInjectedScriptHost.h.
3247         * inspector/agents/JSGlobalObjectConsoleAgent.cpp: Copied from Source/WebCore/inspector/PageInjectedScriptHost.h.
3248         (Inspector::JSGlobalObjectConsoleAgent::JSGlobalObjectConsoleAgent):
3249         (Inspector::JSGlobalObjectConsoleAgent::setMonitoringXHREnabled):
3250         (Inspector::JSGlobalObjectConsoleAgent::addInspectedNode):
3251         (Inspector::JSGlobalObjectConsoleAgent::addInspectedHeapObject):
3252         JSGlobalObject implementation.
3253
3254         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
3255         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
3256         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
3257         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
3258         Use ConsoleAgent to report logs.
3259
3260         * inspector/ConsoleMessage.cpp: Renamed from Source/WebCore/inspector/ConsoleMessage.cpp.
3261         * inspector/ConsoleMessage.h: Renamed from Source/WebCore/inspector/ConsoleMessage.h.
3262         * inspector/ConsoleTypes.h: Copied from Source/WebCore/inspector/ConsoleAPITypes.h.
3263         * inspector/IdentifiersFactory.cpp: Renamed from Source/WebCore/inspector/IdentifiersFactory.cpp.
3264         * inspector/IdentifiersFactory.h: Renamed from Source/WebCore/inspector/IdentifiersFactory.h.
3265         * inspector/ScriptArguments.cpp: Renamed from Source/WebCore/inspector/ScriptArguments.cpp.
3266         * inspector/ScriptArguments.h: Renamed from Source/WebCore/inspector/ScriptArguments.h.
3267         * inspector/ScriptCallFrame.cpp: Renamed from Source/WebCore/inspector/ScriptCallFrame.cpp.
3268         * inspector/ScriptCallFrame.h: Renamed from Source/WebCore/inspector/ScriptCallFrame.h.
3269         * inspector/ScriptCallStack.cpp: Renamed from Source/WebCore/inspector/ScriptCallStack.cpp.
3270         * inspector/ScriptCallStack.h: Renamed from Source/WebCore/inspector/ScriptCallStack.h.
3271         * inspector/ScriptCallStackFactory.cpp: Renamed from Source/WebCore/bindings/js/ScriptCallStackFactory.cpp.
3272         * inspector/ScriptCallStackFactory.h: Renamed from Source/WebCore/bindings/js/ScriptCallStackFactory.h.
3273         * inspector/protocol/Console.json: Renamed from Source/WebCore/inspector/protocol/Console.json.
3274         * inspector/scripts/generate-combined-inspector-json.py:
3275
3276 2014-02-06  Commit Queue  <commit-queue@webkit.org>
3277
3278         Unreviewed, rolling out r163542.
3279         http://trac.webkit.org/changeset/163542
3280         https://bugs.webkit.org/show_bug.cgi?id=128324
3281
3282         Caused many assertion failures (Requested by ap on #webkit).
3283
3284         * GNUmakefile.list.am:
3285         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3286         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3287         * JavaScriptCore.xcodeproj/project.pbxproj:
3288         * heap/CopyWriteBarrier.h:
3289         (JSC::CopyWriteBarrier::set):
3290         * heap/Heap.cpp:
3291         (JSC::Heap::writeBarrier):
3292         * heap/Heap.h:
3293         (JSC::Heap::writeBarrier):
3294         * jit/JITOperations.cpp:
3295         * jit/JITWriteBarrier.h:
3296         (JSC::JITWriteBarrierBase::set):
3297         * llint/LLIntSlowPaths.cpp:
3298         (JSC::LLInt::llint_write_barrier_slow):
3299         * runtime/Arguments.h:
3300         * runtime/JSWeakMap.cpp:
3301         * runtime/MapData.cpp:
3302         (JSC::MapData::ensureSpaceForAppend):
3303         * runtime/PropertyTable.cpp:
3304         (JSC::PropertyTable::PropertyTable):
3305         * runtime/Structure.h:
3306         * runtime/WriteBarrier.h:
3307         (JSC::WriteBarrierBase::set):
3308         (JSC::WriteBarrierBase::setMayBeNull):
3309         (JSC::WriteBarrierBase::setEarlyValue):
3310         (JSC::WriteBarrierBase<Unknown>::set):
3311         * runtime/WriteBarrierInlines.h: Removed.
3312
3313 2014-02-06  Oliver Hunt  <oliver@apple.com>
3314
3315         Make 32bit pass the correct this value to custom getters
3316         https://bugs.webkit.org/show_bug.cgi?id=128313
3317
3318         Reviewed by Mark Lam.
3319
3320         Now that the custom getter calling convetion uses a single register
3321         for the slot base we can easily pass the correct |thisValue| instead
3322         of simply relying on the thisValue not be relevant to existing
3323         custom getters. This also means that 32bit can call custom getters
3324         directly.
3325
3326         * jit/CCallHelpers.h:
3327         (JSC::CCallHelpers::setupArgumentsWithExecState):
3328         * jit/Repatch.cpp:
3329         (JSC::generateProtoChainAccessStub):
3330         (JSC::tryBuildGetByIDList):
3331
3332 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
3333
3334         Heap::writeBarrier shouldn't be static
3335         https://bugs.webkit.org/show_bug.cgi?id=127807
3336
3337         Reviewed by Geoffrey Garen.
3338
3339         Currently it looks up the Heap in which to fire the write barrier by using 
3340         the cell passed to it. Almost every call site already has a reference to the 
3341         VM or the Heap itself. It seems wasteful to look it up all over again.
3342
3343         * GNUmakefile.list.am:
3344         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3345         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3346         * JavaScriptCore.xcodeproj/project.pbxproj:
3347         * heap/CopyWriteBarrier.h:
3348         (JSC::CopyWriteBarrier::set):
3349         * heap/Heap.cpp:
3350         (JSC::Heap::writeBarrier):
3351         * heap/Heap.h:
3352         (JSC::Heap::writeBarrier):
3353         * jit/JITOperations.cpp:
3354         * jit/JITWriteBarrier.h:
3355         (JSC::JITWriteBarrierBase::set):
3356         * llint/LLIntSlowPaths.cpp:
3357         (JSC::LLInt::llint_write_barrier_slow):
3358         * runtime/Arguments.h:
3359         * runtime/JSWeakMap.cpp:
3360         * runtime/MapData.cpp:
3361         (JSC::MapData::ensureSpaceForAppend):
3362         * runtime/PropertyTable.cpp:
3363         (JSC::PropertyTable::PropertyTable):
3364         * runtime/Structure.h:
3365         * runtime/WriteBarrier.h:
3366         * runtime/WriteBarrierInlines.h: Added.
3367
3368 2014-02-04  Filip Pizlo  <fpizlo@apple.com>
3369
3370         Make FTL OSR entry something we only try after we've already compiled the function with the FTL and it still got stuck in a loop after that without ever returning like a sensible function oughta have
3371         https://bugs.webkit.org/show_bug.cgi?id=128234
3372
3373         Reviewed by Geoffrey Garen.
3374         
3375         Use DFG::JITCode::osrEntryRetry as a counter to decide when to invoke OSR entry. That
3376         comes into play only after we've done a replacement compile.
3377         
3378         This appears to still give us a speed-up on the kinds of things that OSR entry is good
3379         for, while also eliminating pointless OSR entry compilations on other things.
3380
3381         * dfg/DFGJITCode.cpp:
3382         (JSC::DFG::JITCode::JITCode):
3383         * dfg/DFGJITCode.h:
3384         * dfg/DFGOperations.cpp:
3385         * dfg/DFGToFTLForOSREntryDeferredCompilationCallback.cpp:
3386         (JSC::DFG::ToFTLForOSREntryDeferredCompilationCallback::compilationDidComplete):
3387         * runtime/Options.h:
3388
3389 2014-02-04  Filip Pizlo  <fpizlo@apple.com>
3390
3391         Don't speculate on ToThis if we already know that arg0 has a questionable record with structure checks
3392         https://bugs.webkit.org/show_bug.cgi?id=128229
3393
3394         Reviewed by Geoffrey Garen.
3395
3396         * dfg/DFGByteCodeParser.cpp:
3397         (JSC::DFG::ByteCodeParser::parseBlock):
3398
3399 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
3400
3401         Handling of opaque roots is wrong in EdenCollections
3402         https://bugs.webkit.org/show_bug.cgi?id=128210
3403
3404         Reviewed by Oliver Hunt.
3405
3406         The set of opaque roots is always cleared during each collection. We should instead persist 
3407         the set of opaque roots across EdenCollections and only clear it at the beginning of FullCollections.
3408
3409         Also added a couple of custom objects to the jsc shell that allow us to test this.
3410
3411         * heap/GCThreadSharedData.cpp:
3412         (JSC::GCThreadSharedData::reset):
3413         (JSC::GCThreadSharedData::didStartMarking):
3414         * heap/Heap.cpp:
3415         (JSC::Heap::markRoots):
3416         * heap/Heap.h:
3417         (JSC::Heap::setShouldDoFullCollection):
3418         * heap/SlotVisitor.cpp:
3419         (JSC::SlotVisitor::didStartMarking):
3420         (JSC::SlotVisitor::reset):
3421         * heap/SlotVisitor.h:
3422         * jsc.cpp:
3423         (WTF::Element::Element):
3424         (WTF::Element::root):
3425         (WTF::Element::setRoot):
3426         (WTF::Element::create):
3427         (WTF::Element::createStructure):
3428         (WTF::ElementHandleOwner::isReachableFromOpaqueRoots):
3429         (WTF::Root::Root):
3430         (WTF::Root::element):
3431         (WTF::Root::setElement):
3432         (WTF::Root::create):
3433         (WTF::Root::createStructure):
3434         (WTF::Root::visitChildren):
3435         (WTF::Element::handleOwner):
3436         (WTF::Element::finishCreation):
3437         (GlobalObject::finishCreation):
3438         (functionCreateRoot):
3439         (functionCreateElement):
3440         (functionGetElement):
3441         (functionSetElementRoot):
3442         (functionGCAndSweep):
3443         (functionFullGC):
3444         (functionEdenGC):
3445
3446 2014-02-05  Anders Carlsson  <andersca@apple.com>
3447
3448         Remove unused functions.
3449
3450         * runtime/RegExpConstructor.cpp:
3451         (JSC::RegExpConstructor::getOwnPropertySlot):
3452         * runtime/RegExpObject.cpp:
3453
3454 2014-02-05  Oliver Hunt  <oliver@apple.com>
3455
3456         Change custom getter signature to make the base reference an object pointer
3457         https://bugs.webkit.org/show_bug.cgi?id=128279
3458
3459         Reviewed by Geoffrey Garen.
3460
3461         Make custom getters take a JSObject* instead of EncodedJSValue as the base
3462         reference.  This allows us to drop one pointer from the JSVALUE32_64 calling
3463         convention.
3464
3465         * API/JSCallbackObject.h:
3466         * API/JSCallbackObjectFunctions.h:
3467         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
3468         (JSC::JSCallbackObject<Parent>::callbackGetter):
3469         * jit/JITOperations.cpp:
3470         * jit/Repatch.cpp:
3471         (JSC::generateProtoChainAccessStub):
3472         (JSC::tryBuildGetByIDList):
3473         * runtime/JSActivation.cpp:
3474         (JSC::JSActivation::argumentsGetter):
3475         * runtime/JSActivation.h:
3476         * runtime/JSFunction.cpp:
3477         (JSC::JSFunction::argumentsGetter):
3478         (JSC::JSFunction::callerGetter):
3479         (JSC::JSFunction::lengthGetter):
3480         (JSC::JSFunction::nameGetter):
3481         * runtime/JSFunction.h:
3482         * runtime/JSObject.h:
3483         (JSC::PropertySlot::getValue):
3484         * runtime/NumberConstructor.cpp:
3485         (JSC::numberConstructorNaNValue):
3486         (JSC::numberConstructorNegInfinity):
3487         (JSC::numberConstructorPosInfinity):
3488         (JSC::numberConstructorMaxValue):
3489         (JSC::numberConstructorMinValue):
3490         * runtime/PropertySlot.h:
3491         * runtime/RegExpConstructor.cpp:
3492         (JSC::regExpConstructorDollar1):
3493         (JSC::regExpConstructorDollar2):
3494         (JSC::regExpConstructorDollar3):
3495         (JSC::regExpConstructorDollar4):
3496         (JSC::regExpConstructorDollar5):
3497         (JSC::regExpConstructorDollar6):
3498         (JSC::regExpConstructorDollar7):
3499         (JSC::regExpConstructorDollar8):
3500         (JSC::regExpConstructorDollar9):
3501         (JSC::regExpConstructorInput):
3502         (JSC::regExpConstructorMultiline):
3503         (JSC::regExpConstructorLastMatch):
3504         (JSC::regExpConstructorLastParen):
3505         (JSC::regExpConstructorLeftContext):
3506         (JSC::regExpConstructorRightContext):
3507         * runtime/RegExpObject.cpp:
3508         (JSC::regExpObjectGlobal):
3509         (JSC::regExpObjectIgnoreCase):
3510         (JSC::regExpObjectMultiline):
3511         (JSC::regExpObjectSource):
3512
3513 2014-02-05  Andreas Kling  <akling@apple.com>
3514
3515         Remove ENABLE(DIRECTORY_UPLOAD).
3516         <https://webkit.org/b/128275>
3517
3518         Rubber-stamped by Ryosuke Niwa.
3519
3520         * Configurations/FeatureDefines.xcconfig:
3521
3522 2014-02-05  Filip Pizlo  <fpizlo@apple.com>
3523
3524         Rename useExperimentalFTL to useFTLJIT.
3525
3526         Rubber stamped by Mark Hahnenberg.
3527
3528         * dfg/DFGTierUpCheckInjectionPhase.cpp:
3529         (JSC::DFG::TierUpCheckInjectionPhase::run):
3530         * runtime/Options.h:
3531
3532 2014-02-05  Brian Burg  <bburg@apple.com>
3533
3534         Web Inspector: add probe manager and model objects to the frontend
3535         https://bugs.webkit.org/show_bug.cgi?id=127117
3536
3537         Reviewed by Timothy Hatcher.
3538
3539         The inspector frontend now assigns breakpoint action identifiers,
3540         rather than the backend. Remove return values containing breakpoint
3541         identifiers, and remove tracking and assignment of action identifiers.
3542
3543         * inspector/ScriptDebugListener.h:
3544         * inspector/ScriptDebugServer.cpp:
3545         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
3546         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
3547         Pass BreakpointAction by reference rather than just the action identifier.
3548
3549         * inspector/ScriptDebugServer.h:
3550         * inspector/agents/InspectorDebuggerAgent.cpp:
3551         (Inspector::objectGroupForBreakpointAction):
3552         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
3553         (Inspector::InspectorDebuggerAgent::breakpointActionsFromProtocol):
3554         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
3555         (Inspector::InspectorDebuggerAgent::setBreakpoint):
3556         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
3557         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3558         * inspector/agents/InspectorDebuggerAgent.h:
3559         * inspector/protocol/Debugger.json: Revert change to setBreakpoint return values. Add optional identifier to breakpoint actions.
3560
3561 2014-02-05  Filip Pizlo  <fpizlo@apple.com>
3562
3563         JSC on Mac should pull LLVM from prefix=/usr/local/LLVMForJavaScriptCore and not /usr/local
3564         https://bugs.webkit.org/show_bug.cgi?id=128269
3565
3566         Reviewed by Mark Hahnenberg.
3567
3568         * Configurations/Base.xcconfig:
3569         * Configurations/LLVMForJSC.xcconfig:
3570
3571 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
3572
3573         Fix 32-bit builds after r163471
3574
3575         * dfg/DFGOSRExitCompilerCommon.cpp:
3576
3577 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
3578
3579         Can no longer run OctaneV2 in browser, crashes in speculationFromCell
3580         https://bugs.webkit.org/show_bug.cgi?id=128266
3581
3582         Reviewed by Filip Pizlo.
3583
3584         Move the OSR exit write barriers into OSRExitCompilerCommon. Also reorganize some 
3585         of the code to be in more appropriate places.
3586
3587         * dfg/DFGOSRExitCompiler32_64.cpp:
3588         (JSC::DFG::OSRExitCompiler::compileExit):
3589         * dfg/DFGOSRExitCompiler64.cpp:
3590         (JSC::DFG::OSRExitCompiler::compileExit):
3591         * dfg/DFGOSRExitCompilerCommon.cpp:
3592         (JSC::DFG::osrWriteBarrier):
3593         (JSC::DFG::adjustAndJumpToTarget):
3594         * dfg/DFGSpeculativeJIT.cpp:
3595         * dfg/DFGSpeculativeJIT.h:
3596         * jit/AssemblyHelpers.h:
3597         (JSC::AssemblyHelpers::genericWriteBarrier):
3598
3599 2014-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
3600
3601         Malloc called beneath MachineThreads::gatherFromOtherThread(), while forbidden
3602         https://bugs.webkit.org/show_bug.cgi?id=128202
3603
3604         Reviewed by Geoffrey Garen.
3605
3606         This patch uses the new GCSegmentedArray to replace the Vector that was used 
3607         to record the set of currently executing CodeBlocks during the conservative 
3608         stack scan. This is primarily to avoid the possibility of the Vector resizing 
3609         while FastMalloc is forbidden.
3610
3611         * heap/BlockAllocator.h:
3612         * heap/CodeBlockSet.cpp:
3613         (JSC::CodeBlockSet::CodeBlockSet):
3614         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
3615         * heap/CodeBlockSet.h:
3616         * heap/GCSegmentedArray.h:
3617         (JSC::GCSegmentedArray::begin):
3618         (JSC::GCSegmentedArray::end):
3619         (JSC::GCSegmentedArrayIterator::GCSegmentedArrayIterator):
3620         (JSC::GCSegmentedArrayIterator::get):
3621         (JSC::GCSegmentedArrayIterator::operator*):
3622         (JSC::GCSegmentedArrayIterator::operator->):
3623         (JSC::GCSegmentedArrayIterator::operator==):
3624         (JSC::GCSegmentedArrayIterator::operator!=):
3625         (JSC::GCSegmentedArrayIterator::operator++):
3626         * heap/Heap.cpp:
3627         (JSC::Heap::Heap):
3628
3629 2014-02-05  Wojciech Bielawski  <w.bielawski@samsung.com>
3630
3631         XMLHttpRequest performs too many copies for ArrayBuffer results
3632         https://bugs.webkit.org/show_bug.cgi?id=117458
3633
3634         Reviewed by Alexey Proskuryakov.
3635
3636         Based on blink change: https://chromium.googlesource.com/chromium/blink/+/bed266aa5a43f7c080c87e527bd35e2b80ecc7b7
3637
3638         Add SharedBuffer::createArrayBuffer() and use it to create XMLHttpRequest's response in ArrayBuffer
3639         This cuts
3640             - two memsets (in ArrayBuffer::create and SharedBuffer::m_buffer::resize)
3641             - one copy (SharedBuffer::m_buffer to ArrayBufferContents::m_data)
3642             - one allocation (SharedBuffer::m_buffer)
3643
3644         * runtime/ArrayBuffer.h:
3645
3646 2014-02-05  Csaba Osztrogon√°c  <ossy@webkit.org>
3647
3648         Remove ENABLE(SVG) guards
3649         https://bugs.webkit.org/show_bug.cgi?id=127991
3650
3651         Reviewed by Sam Weinig.
3652
3653         * Configurations/FeatureDefines.xcconfig:
3654
3655 2014-02-05  Zan Dobersek  <zdobersek@igalia.com>
3656
3657         Remove CLASS_IF_GCC workarounds
3658         https://bugs.webkit.org/show_bug.cgi?id=128207
3659
3660         Reviewed by Anders Carlsson.
3661
3662         Remove the CLASS_IF_GCC macro that was defined to 'class' when using the GCC compiler.
3663         The macro was then used in class friendship declarations for templated classes to avoid
3664         corner-case compiler failures on both GCC pre-4.7 and MSVC pre-2013. The problematic
3665         versions of both compilers are no longer supported, so this macro is good to go.
3666
3667         * heap/HeapBlock.h:
3668         * heap/Region.h:
3669
3670 2014-02-04  Mark Lam  <mark.lam@apple.com>
3671
3672         The stack limit computation does not work for Windows.
3673         <https://webkit.org/b/128226>
3674
3675         Reviewed by Geoffrey Garen.
3676
3677         * llint/LowLevelInterpreter.cpp:
3678         (JSC::CLoopRegister::CLoopRegister):
3679         (JSC::CLoop::execute):
3680         - Suppressed some compiler warnings for the C loop build.
3681         * runtime/VM.cpp:
3682         (JSC::VM::updateStackLimitWithReservedZoneSize):
3683         - Use the new StackBounds::recursionLimit() to compute the stack limit
3684           the right way.
3685
3686 2014-02-04  Andreas Kling  <akling@apple.com>
3687
3688         Remove <iframe seamless> support.
3689         <https://webkit.org/b/128213>
3690
3691         Rubber-stamped by Antti Koivisto.
3692
3693         * Configurations/FeatureDefines.xcconfig:
3694
3695 2014-02-04  Mark Lam  <mark.lam@apple.com>
3696
3697         DFG::operationTypeOf() needs to set the VM::topCallFrame.
3698         <https://webkit.org/b/128228>
3699
3700         Reviewed by Mark Hahnenberg.
3701
3702         * dfg/DFGOperations.cpp:
3703         - operationTypeOf() can end up calling into WebCore which may in turn
3704           call back to JSC, and need a valid VM::topCallFrame. So, we need to
3705           set the value of VM::topCallFrame at the top of operationTypeOf().
3706
3707 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3708
3709         Fix !ENABLE(JIT) builds after r163418
3710
3711         * bytecode/CodeBlock.cpp:
3712         (JSC::CodeBlock::reoptimizationRetryCounter): Return 0 if there's no way for us to reoptimize.
3713
3714 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3715
3716         Reduce boilerplate in BlockAllocator.h
3717         https://bugs.webkit.org/show_bug.cgi?id=128222
3718
3719         Reviewed by Filip Pizlo.
3720
3721         There are a lot of template specializations for the various types of HeapBlocks 
3722         in BlockAllocator.h. We could reduce the spew by using a macro.
3723
3724         * heap/BlockAllocator.h:
3725
3726 2014-02-04  Filip Pizlo  <fpizlo@apple.com>
3727
3728         DFG PutByVal on typed arrays should detect OutOfBounds sooner
3729         https://bugs.webkit.org/show_bug.cgi?id=128162
3730
3731         Reviewed by Mark Hahnenberg.
3732         
3733         Just wire the m_outOfBounds flag in ArrayProfile into the OutOfBounds speculation in
3734         DFG::ArrayMode for typed arrays.
3735         
3736         Also make it possible to have tests for convergence.
3737         
3738         Also turn one of the LayoutTests/js/dfg- tests into a stress test because it
3739         was relying on a specific number of recompiles. Stress tests instead take
3740         the approach of just running for a while. That's more robust.
3741
3742         * bytecode/CodeBlock.h:
3743         * dfg/DFGArrayMode.cpp:
3744         (JSC::DFG::ArrayMode::fromObserved):
3745         (JSC::DFG::ArrayMode::refine):
3746         * dfg/DFGArrayMode.h:
3747         (JSC::DFG::ArrayMode::withSpeculationFromProfile):
3748         (JSC::DFG::ArrayMode::withProfile):
3749         * ftl/FTLLowerDFGToLLVM.cpp:
3750         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3751         * jit/JITPropertyAccess.cpp:
3752         (JSC::JIT::emitIntTypedArrayPutByVal):
3753         (JSC::JIT::emitFloatTypedArrayPutByVal):
3754         * jsc.cpp:
3755         (GlobalObject::finishCreation):
3756         (functionReoptimizationRetryCount):
3757         * runtime/TestRunnerUtils.cpp:
3758         (JSC::getExecutableForFunction):
3759         (JSC::getSomeBaselineCodeBlockForFunction):
3760         (JSC::numberOfDFGCompiles):
3761         (JSC::setNeverInline):
3762         * runtime/TestRunnerUtils.h:
3763         * tests/stress/float32-repeat-out-of-bounds.js: Added.
3764         (foo):
3765         * tests/stress/int8-repeat-out-of-bounds.js: Added.
3766         (foo):
3767         * tests/stress/string-out-of-bounds-negative-proto-value.js: Added.
3768         (foo):
3769
3770 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3771
3772         Refactor MarkStackArray to allow more than JSCells to be stored
3773         https://bugs.webkit.org/show_bug.cgi?id=128203
3774
3775         Reviewed by Geoffrey Garen.
3776
3777         This patch refactors MarkStackArray into a separate template class named GCSegmentedArray.
3778         This class allows subclassing to add functionality that only MarkStackArray wants.
3779         Since it uses the JSC BlockAllocator instead of FastMalloc, this class can be used during 
3780         conservative stack scanning, which disallows using FastMalloc.
3781
3782         * GNUmakefile.list.am:
3783         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3784         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3785         * JavaScriptCore.xcodeproj/project.pbxproj:
3786         * heap/BlockAllocator.h:
3787         * heap/GCSegmentedArray.h: Added.
3788         (JSC::GCArraySegment::GCArraySegment):
3789         (JSC::GCArraySegment::data):
3790         * heap/GCSegmentedArrayInlines.h: Added.
3791         (JSC::GCSegmentedArray<T>::GCSegmentedArray):
3792         (JSC::GCSegmentedArray<T>::~GCSegmentedArray):
3793         (JSC::GCSegmentedArray<T>::clear):
3794         (JSC::GCSegmentedArray<T>::expand):
3795         (JSC::GCSegmentedArray<T>::refill):
3796         (JSC::GCSegmentedArray<T>::fillVector):
3797         (JSC::GCArraySegment<T>::create):
3798         (JSC::GCSegmentedArray<T>::postIncTop):
3799         (JSC::GCSegmentedArray<T>::preDecTop):
3800         (JSC::GCSegmentedArray<T>::setTopForFullSegment):
3801         (JSC::GCSegmentedArray<T>::setTopForEmptySegment):
3802         (JSC::GCSegmentedArray<T>::top):
3803         (JSC::GCSegmentedArray<T>::validatePrevious):
3804         (JSC::GCSegmentedArray<T>::append):
3805         (JSC::GCSegmentedArray<T>::canRemoveLast):
3806         (JSC::GCSegmentedArray<T>::removeLast):
3807         (JSC::GCSegmentedArray<T>::isEmpty):
3808         (JSC::GCSegmentedArray<T>::size):
3809         * heap/MarkStack.cpp:
3810         (JSC::MarkStackArray::MarkStackArray):
3811         (JSC::MarkStackArray::~MarkStackArray):
3812         (JSC::MarkStackArray::donateSomeCellsTo):
3813         (JSC::MarkStackArray::stealSomeCellsFrom):
3814         * heap/MarkStack.h:
3815         * heap/MarkStackInlines.h:
3816
3817 2014-02-04  Anders Carlsson  <andersca@apple.com>
3818
3819         Rename the substring sharing StringImpl::create variants to better indicate what they do
3820         https://bugs.webkit.org/show_bug.cgi?id=128214
3821
3822         Reviewed by Geoffrey Garen.
3823
3824         * runtime/JSString.h:
3825         (JSC::jsSingleCharacterSubstring):
3826         (JSC::jsSubstring8):
3827         (JSC::jsSubstring):
3828         * runtime/SmallStrings.cpp:
3829         (JSC::SmallStringsStorage::SmallStringsStorage):
3830         * runtime/StringPrototype.cpp:
3831         (JSC::jsSpliceSubstrings):
3832         (JSC::jsSpliceSubstringsWithSeparators):
3833         (JSC::replaceUsingStringSearch):
3834
3835 2014-02-04  Anders Carlsson  <andersca@apple.com>
3836
3837         Rename StringImpl::getCharacters to StringImpl::characters
3838         https://bugs.webkit.org/show_bug.cgi?id=128205
3839
3840         Reviewed by Antti Koivisto.
3841
3842         Update for WTF changes.
3843
3844         * runtime/JSStringJoiner.cpp:
3845         (JSC::joinStrings):
3846         * runtime/StringPrototype.cpp:
3847         (JSC::splitStringByOneCharacterImpl):
3848
3849 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3850
3851         Fix a mismatch of uint64_t and size_t on 32-bit platforms.
3852
3853         * ftl/FTLDWARFDebugLineInfo.h:
3854
3855 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3856
3857         JSC needs to be able to parse DWARF debug_line info
3858         https://bugs.webkit.org/show_bug.cgi?id=127394
3859
3860         Reviewed by Geoffrey Garen.
3861
3862         If we want to encode IR maps in the DWARF debug line info metadata generated by LLVM, 
3863         we'll need to know how to decode the .debug_line DWARF section. This patch implements 
3864         an interpreter for the .debug_line DWARF section in accordance with the version 3 spec 
3865         published at http://www.dwarfstd.org.
3866
3867         * JavaScriptCore.xcodeproj/project.pbxproj:
3868         * ftl/FTLDWARFDebugLineInfo.cpp: Added.
3869         (JSC::FTL::DebugLineInterpreter::DebugLineInterpreter):
3870         (JSC::FTL::read):
3871         (JSC::FTL::DebugLineInterpreter::parseULEB128):
3872         (JSC::FTL::DebugLineInterpreter::parseSLEB128):
3873         (JSC::FTL::DebugLineInterpreter::run):
3874         (JSC::FTL::DebugLineInterpreter::parsePrologue):
3875         (JSC::FTL::DebugLineInterpreter::parseIncludeDirectories):
3876         (JSC::FTL::DebugLineInterpreter::parseFileEntries):
3877         (JSC::FTL::DebugLineInterpreter::parseFileEntry):
3878         (JSC::FTL::DebugLineInterpreter::interpretStatementProgram):
3879         (JSC::FTL::DebugLineInterpreter::interpretOpcode):
3880         (JSC::FTL::DebugLineInterpreter::printLineInfo):
3881         (JSC::FTL::DebugLineInterpreter::resetInterpreterState):
3882         * ftl/FTLDWARFDebugLineInfo.h: Added.
3883         (JSC::FTL::DebugLineInterpreter::Prologue::Prologue):
3884         * ftl/FTLValueRange.cpp: Random build fix for !ENABLE(FTL_JIT).
3885
3886 2014-02-04  Anders Carlsson  <andersca@apple.com>
3887
3888         Rename String::getCharacters to String::characters
3889         https://bugs.webkit.org/show_bug.cgi?id=128196
3890
3891         Reviewed by Andreas Kling.
3892
3893         Update for WTF::String changes.
3894
3895         * yarr/YarrParser.h:
3896         (JSC::Yarr::Parser::Parser):
3897
3898 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3899
3900         JSC needs to be able to parse DWARF debug_line info
3901         https://bugs.webkit.org/show_bug.cgi?id=127394
3902
3903         Reviewed by Geoffrey Garen.
3904
3905         If we want to encode IR maps in the DWARF debug line info metadata generated by LLVM, 
3906         we'll need to know how to decode the .debug_line DWARF section. This patch implements 
3907         an interpreter for the .debug_line DWARF section in accordance with the version 3 spec 
3908         published at http://www.dwarfstd.org.
3909
3910         * CMakeLists.txt:
3911         * GNUmakefile.list.am:
3912         * JavaScriptCore.xcodeproj/project.pbxproj:
3913         * ftl/FTLDWARFDebugLineInfo.cpp: Added.
3914         (JSC::FTL::DebugLineInterpreter::DebugLineInterpreter):
3915         (JSC::FTL::read):
3916         (JSC::FTL::DebugLineInterpreter::parseULEB128):
3917         (JSC::FTL::DebugLineInterpreter::parseSLEB128):
3918         (JSC::FTL::DebugLineInterpreter::run):
3919         (JSC::FTL::DebugLineInterpreter::parsePrologue):
3920         (JSC::FTL::DebugLineInterpreter::parseIncludeDirectories):
3921         (JSC::FTL::DebugLineInterpreter::parseFileEntries):
3922         (JSC::FTL::DebugLineInterpreter::parseFileEntry):
3923         (JSC::FTL::DebugLineInterpreter::interpretStatementProgram):
3924         (JSC::FTL::DebugLineInterpreter::interpretOpcode):
3925         (JSC::FTL::DebugLineInterpreter::printLineInfo):
3926         (JSC::FTL::DebugLineInterpreter::resetInterpreterState):
3927         * ftl/FTLDWARFDebugLineInfo.h: Added.
3928         (JSC::FTL::DebugLineInterpreter::Prologue::Prologue):
3929
3930 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3931
3932         ASSERT in speculateMachineInt on 32-bit platforms
3933         https://bugs.webkit.org/show_bug.cgi?id=128155
3934
3935         Reviewed by Filip Pizlo.
3936
3937         * dfg/DFGPredictionPropagationPhase.cpp:
3938         (JSC::DFG::PredictionPropagationPhase::propagate):
3939
3940 2014-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
3941
3942         GC timer should always do a FullCollection
3943         https://bugs.webkit.org/show_bug.cgi?id=128186
3944
3945         Reviewed by Michael Saboff.
3946
3947         Right now the GC timer does whatever type of collection the next collection 
3948         would have been, which is almost always an EdenCollection. It then thinks 
3949         that it has done all of the work it was supposed to do and never schedules 
3950         another GC. Ideally we'd like to have some heuristics for the timer that 
3951         would schedule both EdenCollections and FullCollections, but the easiest 
3952         fix for now is to always do FullCollections since that will at least be 
3953         a non-regression.
3954
3955         * heap/Heap.h:
3956         (JSC::Heap::gcTimerDidFire):
3957         * runtime/GCActivityCallback.cpp:
3958         (JSC::DefaultGCActivityCallback::doWork):
3959
3960 2014-02-03  Filip Pizlo  <fpizlo@apple.com>
3961
3962         Lift the FTL tier-up threshold from 25000 to 100000
3963         https://bugs.webkit.org/show_bug.cgi?id=128158
3964
3965         Rubber stamped by Michael Saboff.
3966
3967         * runtime/Options.h:
3968
3969 2014-02-03  Mark Hahnenberg