PropertyListNode::emitNode duplicates the code to put a constant property
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-22  Ryosuke Niwa  <rniwa@webkit.org>
2
3         PropertyListNode::emitNode duplicates the code to put a constant property
4         https://bugs.webkit.org/show_bug.cgi?id=140761
5
6         Reviewed by Geoffrey Garen.
7
8         Extracted PropertyListNode::emitPutConstantProperty to share the code.
9
10         Also made PropertyListNode::emitBytecode private since nobody is calling this function directly.
11
12         * bytecompiler/NodesCodegen.cpp:
13         (JSC::PropertyListNode::emitBytecode):
14         (JSC::PropertyListNode::emitPutConstantProperty): Added.
15         * parser/Nodes.h:
16
17 2015-01-22  Yusuke Suzuki  <utatane.tea@gmail.com>
18
19         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
20         https://bugs.webkit.org/show_bug.cgi?id=140426
21
22         Reviewed by Geoffrey Garen.
23
24         In the put_by_val_direct operation, we use JSObject::putDirect.
25         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
26         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
27         It forces callers to check the value is index or not explicitly.
28         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
29
30         * bytecode/GetByIdStatus.cpp:
31         (JSC::GetByIdStatus::computeFor):
32         * bytecode/PutByIdStatus.cpp:
33         (JSC::PutByIdStatus::computeFor):
34         * bytecompiler/BytecodeGenerator.cpp:
35         (JSC::BytecodeGenerator::emitDirectPutById):
36         * dfg/DFGOperations.cpp:
37         (JSC::DFG::operationPutByValInternal):
38         * jit/JITOperations.cpp:
39         * jit/Repatch.cpp:
40         (JSC::emitPutTransitionStubAndGetOldStructure):
41         * jsc.cpp:
42         * llint/LLIntSlowPaths.cpp:
43         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
44         * runtime/Arguments.cpp:
45         (JSC::Arguments::getOwnPropertySlot):
46         (JSC::Arguments::put):
47         (JSC::Arguments::deleteProperty):
48         (JSC::Arguments::defineOwnProperty):
49         * runtime/ArrayPrototype.cpp:
50         (JSC::arrayProtoFuncSort):
51         * runtime/JSArray.cpp:
52         (JSC::JSArray::defineOwnProperty):
53         * runtime/JSCJSValue.cpp:
54         (JSC::JSValue::putToPrimitive):
55         * runtime/JSGenericTypedArrayViewInlines.h:
56         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
57         (JSC::JSGenericTypedArrayView<Adaptor>::put):
58         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
59         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
60         * runtime/JSObject.cpp:
61         (JSC::JSObject::put):
62         (JSC::JSObject::putDirectAccessor):
63         (JSC::JSObject::putDirectCustomAccessor):
64         (JSC::JSObject::deleteProperty):
65         (JSC::JSObject::putDirectMayBeIndex):
66         (JSC::JSObject::defineOwnProperty):
67         * runtime/JSObject.h:
68         (JSC::JSObject::getOwnPropertySlot):
69         (JSC::JSObject::getPropertySlot):
70         (JSC::JSObject::putDirectInternal):
71         * runtime/JSString.cpp:
72         (JSC::JSString::getStringPropertyDescriptor):
73         * runtime/JSString.h:
74         (JSC::JSString::getStringPropertySlot):
75         * runtime/LiteralParser.cpp:
76         (JSC::LiteralParser<CharType>::parse):
77         * runtime/PropertyName.h:
78         (JSC::toUInt32FromCharacters):
79         (JSC::toUInt32FromStringImpl):
80         (JSC::PropertyName::asIndex):
81         * runtime/PropertyNameArray.cpp:
82         (JSC::PropertyNameArray::add):
83         * runtime/StringObject.cpp:
84         (JSC::StringObject::deleteProperty):
85         * runtime/Structure.cpp:
86         (JSC::Structure::prototypeChainMayInterceptStoreTo):
87
88 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
89
90         Consolidate out arguments of parseFunctionInfo into a struct
91         https://bugs.webkit.org/show_bug.cgi?id=140754
92
93         Reviewed by Oliver Hunt.
94
95         Introduced ParserFunctionInfo for storing out arguments of parseFunctionInfo.
96
97         * JavaScriptCore.xcodeproj/project.pbxproj:
98         * parser/ASTBuilder.h:
99         (JSC::ASTBuilder::createFunctionExpr):
100         (JSC::ASTBuilder::createGetterOrSetterProperty): This one takes a property name in addition to
101         ParserFunctionInfo since the property name and the function name could differ.
102         (JSC::ASTBuilder::createFuncDeclStatement):
103         * parser/Parser.cpp:
104         (JSC::Parser<LexerType>::parseFunctionInfo):
105         (JSC::Parser<LexerType>::parseFunctionDeclaration):
106         (JSC::Parser<LexerType>::parseProperty):
107         (JSC::Parser<LexerType>::parseMemberExpression):
108         * parser/Parser.h:
109         * parser/ParserFunctionInfo.h: Added.
110         * parser/SyntaxChecker.h:
111         (JSC::SyntaxChecker::createFunctionExpr):
112         (JSC::SyntaxChecker::createFuncDeclStatement):
113         (JSC::SyntaxChecker::createClassDeclStatement):
114         (JSC::SyntaxChecker::createGetterOrSetterProperty):
115
116 2015-01-21  Mark Hahnenberg  <mhahnenb@gmail.com>
117
118         Change Heap::m_compiledCode to use a Vector
119         https://bugs.webkit.org/show_bug.cgi?id=140717
120
121         Reviewed by Andreas Kling.
122
123         Right now it's a DoublyLinkedList, which is iterated during each
124         collection. This contributes to some of the longish Eden pause times.
125         A Vector would be more appropriate and would also allow ExecutableBase
126         to be 2 pointers smaller.
127
128         * heap/Heap.cpp:
129         (JSC::Heap::deleteAllCompiledCode):
130         (JSC::Heap::deleteAllUnlinkedFunctionCode):
131         (JSC::Heap::clearUnmarkedExecutables):
132         * heap/Heap.h:
133         * runtime/Executable.h: No longer need to inherit from DoublyLinkedListNode.
134
135 2015-01-21  Ryosuke Niwa  <rniwa@webkit.org>
136
137         BytecodeGenerator shouldn't expose all of its member variables
138         https://bugs.webkit.org/show_bug.cgi?id=140752
139
140         Reviewed by Mark Lam.
141
142         Added "private:" and removed unused data members as detected by clang.
143
144         * bytecompiler/BytecodeGenerator.cpp:
145         (JSC::BytecodeGenerator::BytecodeGenerator):
146         * bytecompiler/BytecodeGenerator.h:
147         (JSC::BytecodeGenerator::lastOpcodeID): Added. Used in BinaryOpNode::emitBytecode.
148         * bytecompiler/NodesCodegen.cpp:
149         (JSC::BinaryOpNode::emitBytecode):
150
151 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
152
153         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
154         https://bugs.webkit.org/show_bug.cgi?id=140746
155
156         Reviewed by Timothy Hatcher.
157
158         * inspector/InjectedScriptSource.js:
159         Do not add impure properties to the descriptor object that will
160         eventually be sent to the frontend.
161
162 2015-01-21  Matthew Mirman  <mmirman@apple.com>
163
164         Updated split such that it does not include the empty end of input string match.
165         https://bugs.webkit.org/show_bug.cgi?id=138129
166         <rdar://problem/18807403>
167
168         Reviewed by Filip Pizlo.
169
170         * runtime/StringPrototype.cpp:
171         (JSC::stringProtoFuncSplit):
172         * tests/stress/empty_eos_regex_split.js: Added.
173
174 2015-01-21  Michael Saboff  <msaboff@apple.com>
175
176         Eliminate Scope slot from JavaScript CallFrame
177         https://bugs.webkit.org/show_bug.cgi?id=136724
178
179         Reviewed by Geoffrey Garen.
180
181         This finishes the removal of the scope chain slot from the call frame header.
182
183         * dfg/DFGOSRExitCompilerCommon.cpp:
184         (JSC::DFG::reifyInlinedCallFrames):
185         * dfg/DFGPreciseLocalClobberize.h:
186         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
187         * dfg/DFGSpeculativeJIT32_64.cpp:
188         (JSC::DFG::SpeculativeJIT::emitCall):
189         * dfg/DFGSpeculativeJIT64.cpp:
190         (JSC::DFG::SpeculativeJIT::emitCall):
191         * ftl/FTLJSCall.cpp:
192         (JSC::FTL::JSCall::emit):
193         * ftl/FTLLowerDFGToLLVM.cpp:
194         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
195         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
196         * interpreter/JSStack.h:
197         * interpreter/VMInspector.cpp:
198         (JSC::VMInspector::dumpFrame):
199         * jit/JITCall.cpp:
200         (JSC::JIT::compileOpCall):
201         * jit/JITCall32_64.cpp:
202         (JSC::JIT::compileOpCall):
203         * jit/JITOpcodes32_64.cpp:
204         (JSC::JIT::privateCompileCTINativeCall):
205         * jit/Repatch.cpp:
206         (JSC::generateByIdStub):
207         (JSC::linkClosureCall):
208         * jit/ThunkGenerators.cpp:
209         (JSC::virtualForThunkGenerator):
210         (JSC::nativeForGenerator):
211         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
212         read or set.  In most cases this was where we make JS calls.
213
214         * interpreter/CallFrameClosure.h:
215         (JSC::CallFrameClosure::setArgument):
216         (JSC::CallFrameClosure::resetCallFrame): Deleted.
217         * interpreter/Interpreter.cpp:
218         (JSC::Interpreter::execute):
219         (JSC::Interpreter::executeCall):
220         (JSC::Interpreter::executeConstruct):
221         (JSC::Interpreter::prepareForRepeatCall):
222         * interpreter/ProtoCallFrame.cpp:
223         (JSC::ProtoCallFrame::init):
224         * interpreter/ProtoCallFrame.h:
225         (JSC::ProtoCallFrame::scope): Deleted.
226         (JSC::ProtoCallFrame::setScope): Deleted.
227         * llint/LLIntData.cpp:
228         (JSC::LLInt::Data::performAssertions):
229         * llint/LowLevelInterpreter.asm:
230         * llint/LowLevelInterpreter64.asm:
231         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
232         registers that needed to be copied from the ProtoCallFrame to a callee's frame
233         from 5 to 4.
234
235         * llint/LowLevelInterpreter32_64.asm:
236         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
237
238 2015-01-21  Michael Saboff  <msaboff@apple.com>
239
240         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
241         https://bugs.webkit.org/show_bug.cgi?id=140708
242
243         Reviewed by Mark Lam.
244
245         Eliminated construct methods and change getConstructData() for both classes to return
246         ConstructTypeNone as they can never be called.
247
248         * runtime/NullGetterFunction.cpp:
249         (JSC::NullGetterFunction::getConstructData):
250         (JSC::constructReturnUndefined): Deleted.
251         * runtime/NullSetterFunction.cpp:
252         (JSC::NullSetterFunction::getConstructData):
253         (JSC::constructReturnUndefined): Deleted.
254
255 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
256
257         Remove ENABLE(INSPECTOR) ifdef guards
258         https://bugs.webkit.org/show_bug.cgi?id=140668
259
260         Reviewed by Darin Adler.
261
262         * Configurations/FeatureDefines.xcconfig:
263         * bindings/ScriptValue.cpp:
264         (Deprecated::ScriptValue::toInspectorValue):
265         * bindings/ScriptValue.h:
266         * inspector/ConsoleMessage.cpp:
267         * inspector/ConsoleMessage.h:
268         * inspector/ContentSearchUtilities.cpp:
269         * inspector/ContentSearchUtilities.h:
270         * inspector/IdentifiersFactory.cpp:
271         * inspector/IdentifiersFactory.h:
272         * inspector/InjectedScript.cpp:
273         * inspector/InjectedScript.h:
274         * inspector/InjectedScriptBase.cpp:
275         * inspector/InjectedScriptBase.h:
276         * inspector/InjectedScriptHost.cpp:
277         * inspector/InjectedScriptHost.h:
278         * inspector/InjectedScriptManager.cpp:
279         * inspector/InjectedScriptManager.h:
280         * inspector/InjectedScriptModule.cpp:
281         * inspector/InjectedScriptModule.h:
282         * inspector/InspectorAgentRegistry.cpp:
283         * inspector/InspectorBackendDispatcher.cpp:
284         * inspector/InspectorBackendDispatcher.h:
285         * inspector/InspectorProtocolTypes.h:
286         * inspector/JSGlobalObjectConsoleClient.cpp:
287         * inspector/JSGlobalObjectInspectorController.cpp:
288         * inspector/JSGlobalObjectInspectorController.h:
289         * inspector/JSGlobalObjectScriptDebugServer.cpp:
290         * inspector/JSGlobalObjectScriptDebugServer.h:
291         * inspector/JSInjectedScriptHost.cpp:
292         * inspector/JSInjectedScriptHost.h:
293         * inspector/JSInjectedScriptHostPrototype.cpp:
294         * inspector/JSInjectedScriptHostPrototype.h:
295         * inspector/JSJavaScriptCallFrame.cpp:
296         * inspector/JSJavaScriptCallFrame.h:
297         * inspector/JSJavaScriptCallFramePrototype.cpp:
298         * inspector/JSJavaScriptCallFramePrototype.h:
299         * inspector/JavaScriptCallFrame.cpp:
300         * inspector/JavaScriptCallFrame.h:
301         * inspector/ScriptCallFrame.cpp:
302         (Inspector::ScriptCallFrame::buildInspectorObject):
303         * inspector/ScriptCallFrame.h:
304         * inspector/ScriptCallStack.cpp:
305         (Inspector::ScriptCallStack::buildInspectorArray):
306         * inspector/ScriptCallStack.h:
307         * inspector/ScriptDebugServer.cpp:
308         * inspector/agents/InspectorAgent.cpp:
309         * inspector/agents/InspectorAgent.h:
310         * inspector/agents/InspectorConsoleAgent.cpp:
311         * inspector/agents/InspectorConsoleAgent.h:
312         * inspector/agents/InspectorDebuggerAgent.cpp:
313         * inspector/agents/InspectorDebuggerAgent.h:
314         * inspector/agents/InspectorRuntimeAgent.cpp:
315         * inspector/agents/InspectorRuntimeAgent.h:
316         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
317         * inspector/agents/JSGlobalObjectConsoleAgent.h:
318         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
319         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
320         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
321         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
322         * inspector/scripts/codegen/cpp_generator_templates.py:
323         (CppGeneratorTemplates):
324         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
325         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
326         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
327         * inspector/scripts/tests/expected/enum-values.json-result:
328         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
329         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
330         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
331         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
332         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
333         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
334         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
335         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
336         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
337         * runtime/TypeSet.cpp:
338         (JSC::TypeSet::inspectorTypeSet):
339         (JSC::StructureShape::inspectorRepresentation):
340
341 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
342
343         Web Inspector: Clean up InjectedScriptSource.js
344         https://bugs.webkit.org/show_bug.cgi?id=140709
345
346         Reviewed by Timothy Hatcher.
347
348         This patch includes some relevant Blink patches and small changes.
349         
350         Patch by <aandrey@chromium.org>
351         DevTools: Remove console last result $_ on console clear.
352         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
353
354         Patch by <eustas@chromium.org>
355         [Inspect DOM properties] incorrect CSS Selector Syntax
356         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
357
358         * inspector/InjectedScriptSource.js:
359
360 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
361
362         Web Inspector: Cleanup RuntimeAgent a bit
363         https://bugs.webkit.org/show_bug.cgi?id=140706
364
365         Reviewed by Timothy Hatcher.
366
367         * inspector/InjectedScript.h:
368         * inspector/InspectorBackendDispatcher.h:
369         * inspector/ScriptCallFrame.cpp:
370         * inspector/agents/InspectorRuntimeAgent.cpp:
371         (Inspector::InspectorRuntimeAgent::evaluate):
372         (Inspector::InspectorRuntimeAgent::getProperties):
373         (Inspector::InspectorRuntimeAgent::run):
374         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
375         (Inspector::recompileAllJSFunctionsForTypeProfiling):
376         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
377
378 2015-01-20  Matthew Mirman  <mmirman@apple.com>
379
380         Made Identity in the DFG allocate a new temp register and move 
381         the old data to it.
382         https://bugs.webkit.org/show_bug.cgi?id=140700
383         <rdar://problem/19339106>
384
385         Reviewed by Filip Pizlo.
386
387         * dfg/DFGSpeculativeJIT64.cpp:
388         (JSC::DFG::SpeculativeJIT::compile): 
389         Added scratch registers for Identity. 
390         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
391
392 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
393
394         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
395         https://bugs.webkit.org/show_bug.cgi?id=137306
396
397         Reviewed by Timothy Hatcher.
398
399         Provide another optional parameter to getProperties, to gather a list
400         of all own and getter properties.
401
402         * inspector/InjectedScript.cpp:
403         (Inspector::InjectedScript::getProperties):
404         * inspector/InjectedScript.h:
405         * inspector/InjectedScriptSource.js:
406         * inspector/agents/InspectorRuntimeAgent.cpp:
407         (Inspector::InspectorRuntimeAgent::getProperties):
408         * inspector/agents/InspectorRuntimeAgent.h:
409         * inspector/protocol/Runtime.json:
410
411 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
412
413         Web Inspector: Should show dynamic specificity values
414         https://bugs.webkit.org/show_bug.cgi?id=140647
415
416         Reviewed by Benjamin Poulain.
417
418         * inspector/protocol/CSS.json:
419         Clarify CSSSelector optional values and add "dynamic" property indicating
420         if the selector can be dynamic based on the element it is matched against.
421
422 2015-01-20  Commit Queue  <commit-queue@webkit.org>
423
424         Unreviewed, rolling out r178751.
425         https://bugs.webkit.org/show_bug.cgi?id=140694
426
427         Caused 32-bit JSC test failures (Requested by JoePeck on
428         #webkit).
429
430         Reverted changeset:
431
432         "put_by_val_direct need to check the property is index or not
433         for using putDirect / putDirectIndex"
434         https://bugs.webkit.org/show_bug.cgi?id=140426
435         http://trac.webkit.org/changeset/178751
436
437 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
438
439         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
440         https://bugs.webkit.org/show_bug.cgi?id=140426
441
442         Reviewed by Geoffrey Garen.
443
444         In the put_by_val_direct operation, we use JSObject::putDirect.
445         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
446         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
447         It forces callers to check the value is index or not explicitly.
448         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
449
450         * bytecode/GetByIdStatus.cpp:
451         (JSC::GetByIdStatus::computeFor):
452         * bytecode/PutByIdStatus.cpp:
453         (JSC::PutByIdStatus::computeFor):
454         * bytecompiler/BytecodeGenerator.cpp:
455         (JSC::BytecodeGenerator::emitDirectPutById):
456         * dfg/DFGOperations.cpp:
457         (JSC::DFG::operationPutByValInternal):
458         * jit/JITOperations.cpp:
459         * jit/Repatch.cpp:
460         (JSC::emitPutTransitionStubAndGetOldStructure):
461         * jsc.cpp:
462         * llint/LLIntSlowPaths.cpp:
463         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
464         * runtime/Arguments.cpp:
465         (JSC::Arguments::getOwnPropertySlot):
466         (JSC::Arguments::put):
467         (JSC::Arguments::deleteProperty):
468         (JSC::Arguments::defineOwnProperty):
469         * runtime/ArrayPrototype.cpp:
470         (JSC::arrayProtoFuncSort):
471         * runtime/JSArray.cpp:
472         (JSC::JSArray::defineOwnProperty):
473         * runtime/JSCJSValue.cpp:
474         (JSC::JSValue::putToPrimitive):
475         * runtime/JSGenericTypedArrayViewInlines.h:
476         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
477         (JSC::JSGenericTypedArrayView<Adaptor>::put):
478         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
479         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
480         * runtime/JSObject.cpp:
481         (JSC::JSObject::put):
482         (JSC::JSObject::putDirectAccessor):
483         (JSC::JSObject::putDirectCustomAccessor):
484         (JSC::JSObject::deleteProperty):
485         (JSC::JSObject::putDirectMayBeIndex):
486         (JSC::JSObject::defineOwnProperty):
487         * runtime/JSObject.h:
488         (JSC::JSObject::getOwnPropertySlot):
489         (JSC::JSObject::getPropertySlot):
490         (JSC::JSObject::putDirectInternal):
491         * runtime/JSString.cpp:
492         (JSC::JSString::getStringPropertyDescriptor):
493         * runtime/JSString.h:
494         (JSC::JSString::getStringPropertySlot):
495         * runtime/LiteralParser.cpp:
496         (JSC::LiteralParser<CharType>::parse):
497         * runtime/PropertyName.h:
498         (JSC::toUInt32FromCharacters):
499         (JSC::toUInt32FromStringImpl):
500         (JSC::PropertyName::asIndex):
501         * runtime/PropertyNameArray.cpp:
502         (JSC::PropertyNameArray::add):
503         * runtime/StringObject.cpp:
504         (JSC::StringObject::deleteProperty):
505         * runtime/Structure.cpp:
506         (JSC::Structure::prototypeChainMayInterceptStoreTo):
507
508 2015-01-20  Michael Saboff  <msaboff@apple.com>
509
510         REGRESSION(178696): Sporadic crashes while garbage collecting
511         https://bugs.webkit.org/show_bug.cgi?id=140688
512
513         Reviewed by Geoffrey Garen.
514
515         Added missing visitor.append(&thisObject->m_nullSetterFunction).
516
517         * runtime/JSGlobalObject.cpp:
518         (JSC::JSGlobalObject::visitChildren):
519
520 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
521
522         Web Replay: code generator should take supplemental specifications and allow cross-framework references
523         https://bugs.webkit.org/show_bug.cgi?id=136312
524
525         Reviewed by Joseph Pecoraro.
526
527         Some types are shared between replay inputs from different frameworks.
528         Previously, these type declarations were duplicated in every input
529         specification file in which they were used. This caused some type encoding
530         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
531
532         This patch teaches the replay inputs code generator to accept multiple
533         input specification files. Inputs can freely reference types from other
534         frameworks without duplicating declarations.
535
536         On the code generation side, the model could contain types and inputs from
537         frameworks that are not the target framework. Only generate code for the
538         target framework.
539
540         To properly generate cross-framework type encoding traits, use
541         Type.encoding_type_argument in more places, and add the export macro for WebCore
542         and the Test framework.
543
544         Adjust some tests so that enum coverage is preserved by moving the enum types
545         into "Test" (the target framework for tests).
546
547         * JavaScriptCore.vcxproj/copy-files.cmd:
548         For Windows, copy over JSInputs.json as if it were a private header.
549
550         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
551         * replay/JSInputs.json:
552         Put all primitive types and WTF types in this specification file.
553
554         * replay/scripts/CodeGeneratorReplayInputs.py:
555         (Input.__init__):
556         (InputsModel.__init__): Keep track of the input's framework.
557         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
558         and allow either types or inputs to be missing from a single file.
559
560         (InputsModel.parse_type_with_framework):
561         (InputsModel.parse_input_with_framework):
562         (Generator.should_generate_item): Added helper method.
563         (Generator.generate_header): Filter inputs to generate.
564         (Generator.generate_implementation): Filter inputs to generate.
565         (Generator.generate_enum_trait_declaration): Filter enums to generate.
566         Add WEBCORE_EXPORT macro to enum encoding traits.
567
568         (Generator.generate_for_each_macro): Filter inputs to generate.
569         (Generator.generate_enum_trait_implementation): Filter enums to generate.
570         (generate_from_specifications): Added.
571         (generate_from_specifications.parse_json_from_file):
572         (InputsModel.parse_toplevel): Deleted.
573         (InputsModel.parse_type_with_framework_name): Deleted.
574         (InputsModel.parse_input): Deleted.
575         (generate_from_specification): Deleted.
576         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
577         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
578         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
579         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
580         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
581         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
582         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
583         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
584         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
585         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
586         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
587         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
588         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
589         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
590         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
591         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
592         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
593         * replay/scripts/tests/fail-on-duplicate-input-names.json:
594         * replay/scripts/tests/fail-on-duplicate-type-names.json:
595         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
596         * replay/scripts/tests/fail-on-missing-input-member-name.json:
597         * replay/scripts/tests/fail-on-missing-input-name.json:
598         * replay/scripts/tests/fail-on-missing-input-queue.json:
599         * replay/scripts/tests/fail-on-missing-type-mode.json:
600         * replay/scripts/tests/fail-on-missing-type-name.json:
601         * replay/scripts/tests/fail-on-no-inputs.json:
602         Removed, no longer required to be in a single file.
603
604         * replay/scripts/tests/fail-on-no-types.json:
605         Removed, no longer required to be in a single file.
606
607         * replay/scripts/tests/fail-on-unknown-input-queue.json:
608         * replay/scripts/tests/fail-on-unknown-member-type.json:
609         * replay/scripts/tests/fail-on-unknown-type-mode.json:
610         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
611         * replay/scripts/tests/generate-enum-encoding-helpers.json:
612         * replay/scripts/tests/generate-enum-with-guard.json:
613         Include enums that are and are not generated.
614
615         * replay/scripts/tests/generate-enums-with-same-base-name.json:
616         * replay/scripts/tests/generate-event-loop-shape-types.json:
617         * replay/scripts/tests/generate-input-with-guard.json:
618         * replay/scripts/tests/generate-input-with-vector-members.json:
619         * replay/scripts/tests/generate-inputs-with-flags.json:
620         * replay/scripts/tests/generate-memoized-type-modes.json:
621
622 2015-01-20  Tomas Popela  <tpopela@redhat.com>
623
624         [GTK] Cannot compile 2.7.3 on PowerPC machines
625         https://bugs.webkit.org/show_bug.cgi?id=140616
626
627         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
628
629         Reviewed by Csaba Osztrogonác.
630
631         * runtime/BasicBlockLocation.cpp:
632
633 2015-01-19  Michael Saboff  <msaboff@apple.com>
634
635         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
636         https://bugs.webkit.org/show_bug.cgi?id=139418
637
638         Reviewed by Filip Pizlo.
639
640         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
641         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
642
643         * CMakeLists.txt:
644         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
645         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
646         * JavaScriptCore.xcodeproj/project.pbxproj:
647         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
648
649         * runtime/GetterSetter.h:
650         (JSC::GetterSetter::GetterSetter):
651         (JSC::GetterSetter::isSetterNull):
652         (JSC::GetterSetter::setSetter):
653         Change setter instances from using NullGetterFunction to using NullSetterFunction.
654
655         * runtime/JSGlobalObject.cpp:
656         (JSC::JSGlobalObject::init):
657         * runtime/JSGlobalObject.h:
658         (JSC::JSGlobalObject::nullSetterFunction):
659         Added m_nullSetterFunction and accessor.
660
661         * runtime/NullSetterFunction.cpp: Added.
662         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
663         (JSC::GetCallerStrictnessFunctor::operator()):
664         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
665         (JSC::callerIsStrict):
666         Method to determine if the caller is in strict mode.
667
668         (JSC::callReturnUndefined):
669         (JSC::constructReturnUndefined):
670         (JSC::NullSetterFunction::getCallData):
671         (JSC::NullSetterFunction::getConstructData):
672         * runtime/NullSetterFunction.h: Added.
673         (JSC::NullSetterFunction::create):
674         (JSC::NullSetterFunction::createStructure):
675         (JSC::NullSetterFunction::NullSetterFunction):
676         Class with handlers for a null setter.
677
678 2015-01-19  Saam Barati  <saambarati1@gmail.com>
679
680         Web Inspector: Provide a front end for JSC's Control Flow Profiler
681         https://bugs.webkit.org/show_bug.cgi?id=138454
682
683         Reviewed by Timothy Hatcher.
684
685         This patch puts the final touches on what JSC needs to provide
686         for the Web Inspector to show a UI for the control flow profiler.
687
688         * inspector/agents/InspectorRuntimeAgent.cpp:
689         (Inspector::recompileAllJSFunctionsForTypeProfiling):
690         * runtime/ControlFlowProfiler.cpp:
691         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
692         * runtime/FunctionHasExecutedCache.cpp:
693         (JSC::FunctionHasExecutedCache::getFunctionRanges):
694         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
695         * runtime/FunctionHasExecutedCache.h:
696
697 2015-01-19  David Kilzer  <ddkilzer@apple.com>
698
699         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
700         <http://webkit.org/b/140658>
701
702         Reviewed by Filip Pizlo.
703
704         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
705         only when building for 64-bit architectures.
706
707 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
708
709         ClosureCallStubRoutine no longer needs codeOrigin
710         https://bugs.webkit.org/show_bug.cgi?id=140659
711
712         Reviewed by Michael Saboff.
713         
714         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
715         would start with the CodeBlock according to the caller frame's call frame header. But if the
716         call was a closure call, the return PC would be inside some closure call stub. So if the
717         CodeBlock search failed, we would search *all* closure call stub routines to see which one
718         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
719         object. This was all a bunch of madness, and we actually got rid of it - we now determine
720         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
721         argument count.
722         
723         This patch removes the final vestiges of the madness:
724         
725         - Remove the totally unused method declaration for the thing that did the closure call stub
726           search.
727         
728         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
729           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
730           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
731           anymore.
732
733         * bytecode/CodeBlock.h:
734         * jit/ClosureCallStubRoutine.cpp:
735         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
736         * jit/ClosureCallStubRoutine.h:
737         (JSC::ClosureCallStubRoutine::executable):
738         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
739         * jit/Repatch.cpp:
740         (JSC::linkClosureCall):
741
742 2015-01-19  Saam Barati  <saambarati1@gmail.com>
743
744         Basic block start offsets should never be larger than end offsets in the control flow profiler
745         https://bugs.webkit.org/show_bug.cgi?id=140377
746
747         Reviewed by Filip Pizlo.
748
749         The bytecode generator will emit code more than once for some AST nodes. For instance, 
750         the finally block of TryNode will emit two code paths for its finally block: one for 
751         the normal path, and another for the path where an exception is thrown in the catch block. 
752         
753         This repeated code emission of the same AST node previously broke how the control 
754         flow profiler computed text ranges of basic blocks because when the same AST node 
755         is emitted multiple times, there is a good chance that there are ranges that span 
756         from the end offset of one of these duplicated nodes back to the start offset of 
757         the same duplicated node. This caused a basic block range to report a larger start 
758         offset than end offset. This was incorrect. Now, when this situation is encountered 
759         while linking a CodeBlock, the faulty range in question is ignored.
760
761         * bytecode/CodeBlock.cpp:
762         (JSC::CodeBlock::CodeBlock):
763         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
764         * bytecode/CodeBlock.h:
765         * bytecompiler/NodesCodegen.cpp:
766         (JSC::ForInNode::emitMultiLoopBytecode):
767         (JSC::ForOfNode::emitBytecode):
768         (JSC::TryNode::emitBytecode):
769         * parser/Parser.cpp:
770         (JSC::Parser<LexerType>::parseConditionalExpression):
771         * runtime/ControlFlowProfiler.cpp:
772         (JSC::ControlFlowProfiler::ControlFlowProfiler):
773         * runtime/ControlFlowProfiler.h:
774         (JSC::ControlFlowProfiler::dummyBasicBlock):
775
776 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
777
778         [SVG -> OTF Converter] Flip the switch on
779         https://bugs.webkit.org/show_bug.cgi?id=140592
780
781         Reviewed by Antti Koivisto.
782
783         * Configurations/FeatureDefines.xcconfig:
784
785 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
786
787         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
788         https://bugs.webkit.org/show_bug.cgi?id=140512
789
790         Reviewed by Chris Dumez.
791
792         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
793         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
794         input types, and the type traits macro is defined in namespace WTF.
795
796         * replay/NondeterministicInput.h: Make overridden methods public.
797         * replay/scripts/CodeGeneratorReplayInputs.py:
798         (Generator.generate_header):
799         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
800         (Generator.generate_input_type_trait_declaration): Added.
801         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
802         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
803         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
804         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
805         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
806         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
807         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
808         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
809         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
810
811 2015-01-19  Commit Queue  <commit-queue@webkit.org>
812
813         Unreviewed, rolling out r178653.
814         https://bugs.webkit.org/show_bug.cgi?id=140634
815
816         Broke multiple SVG tests on Mountain Lion (Requested by ap on
817         #webkit).
818
819         Reverted changeset:
820
821         "[SVG -> OTF Converter] Flip the switch on"
822         https://bugs.webkit.org/show_bug.cgi?id=140592
823         http://trac.webkit.org/changeset/178653
824
825 2015-01-18  Dean Jackson  <dino@apple.com>
826
827         ES6: Support Array.of construction
828         https://bugs.webkit.org/show_bug.cgi?id=140605
829         <rdar://problem/19513655>
830
831         Reviewed by Geoffrey Garen.
832
833         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
834         specification (15 Jan 2015). The Array.of() method creates a new Array
835         instance with a variable number of arguments, regardless of number or type
836         of the arguments.
837
838         * runtime/ArrayConstructor.cpp:
839         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
840         over the arguments, setting them to the appropriate index.
841
842 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
843
844         [SVG -> OTF Converter] Flip the switch on
845         https://bugs.webkit.org/show_bug.cgi?id=140592
846
847         Reviewed by Antti Koivisto.
848
849         * Configurations/FeatureDefines.xcconfig:
850
851 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
852
853         Web Inspector: highlight data for overlay should use protocol type builders
854         https://bugs.webkit.org/show_bug.cgi?id=129441
855
856         Reviewed by Timothy Hatcher.
857
858         Add a new domain for overlay types.
859
860         * CMakeLists.txt:
861         * DerivedSources.make:
862         * inspector/protocol/OverlayTypes.json: Added.
863
864 2015-01-17  Michael Saboff  <msaboff@apple.com>
865
866         Crash in JSScope::resolve() on tools.ups.com
867         https://bugs.webkit.org/show_bug.cgi?id=140579
868
869         Reviewed by Geoffrey Garen.
870
871         For op_resolve_scope of a global property or variable that needs to check for the var
872         injection check watchpoint, we need to keep the scope around with a Phantom.  The
873         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
874         fired.
875
876         * dfg/DFGByteCodeParser.cpp:
877         (JSC::DFG::ByteCodeParser::parseBlock):
878
879 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
880
881         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
882         https://bugs.webkit.org/show_bug.cgi?id=140557
883
884         Reviewed by Joseph Pecoraro.
885
886         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
887         This makes it longwinded and confusing to use the type in C++ code.
888
889         This patch adds a typedef for array type declarations, so types such as Console::CallStack
890         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
891
892         Some tests were updated to cover array type declarations used as parameters and type members.
893
894         * inspector/ScriptCallStack.cpp: Use the new typedef.
895         (Inspector::ScriptCallStack::buildInspectorArray):
896         * inspector/ScriptCallStack.h:
897         * inspector/scripts/codegen/cpp_generator.py:
898         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
899         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
900         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
901         (_generate_typedefs_for_domain.Inspector):
902         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
903         (ArrayType.__init__):
904         (Protocol.resolve_types):
905         (Protocol.lookup_type_reference):
906         * inspector/scripts/tests/commands-with-async-attribute.json:
907         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
908         * inspector/scripts/tests/events-with-optional-parameters.json:
909         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
910         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
911         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
912         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
913         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
914         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
915         * inspector/scripts/tests/type-declaration-object-type.json:
916
917 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
918
919         Web Replay: purge remaining PassRefPtr uses and minor cleanup
920         https://bugs.webkit.org/show_bug.cgi?id=140456
921
922         Reviewed by Andreas Kling.
923
924         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
925         Remove mistaken uses of AtomicString that were not removed as part of r174113.
926
927         * replay/EmptyInputCursor.h:
928         * replay/InputCursor.h:
929         (JSC::InputCursor::InputCursor):
930
931 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
932
933         Web Inspector: code generator should fail on duplicate parameter and member names
934         https://bugs.webkit.org/show_bug.cgi?id=140555
935
936         Reviewed by Timothy Hatcher.
937
938         * inspector/scripts/codegen/models.py:
939         (find_duplicates): Add a helper function to find duplicates in a list.
940         (Protocol.parse_type_declaration):
941         (Protocol.parse_command):
942         (Protocol.parse_event):
943         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
944         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
945         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
946         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
947         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
948         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
949         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
950         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
951
952 2015-01-16  Michael Saboff  <msaboff@apple.com>
953
954         REGRESSION (r174226): Header on huffingtonpost.com is too large
955         https://bugs.webkit.org/show_bug.cgi?id=140306
956
957         Reviewed by Filip Pizlo.
958
959         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
960         arguments register or whether we need to resolve "arguments".  If the arguments have
961         been captured, then they are stored in the lexical environment and the arguments
962         register is not used.
963
964         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
965         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
966         better indicate what we are checking.
967
968         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
969         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
970         incorrectly calculated the location of the reified callee frame.  This alignment resulted
971         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
972
973         * bytecompiler/BytecodeGenerator.cpp:
974         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
975         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
976         (JSC::BytecodeGenerator::emitCall):
977         (JSC::BytecodeGenerator::emitConstruct):
978         (JSC::BytecodeGenerator::emitEnumeration):
979         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
980         * bytecompiler/BytecodeGenerator.h:
981         * bytecompiler/NodesCodegen.cpp:
982         (JSC::BracketAccessorNode::emitBytecode):
983         (JSC::DotAccessorNode::emitBytecode):
984         (JSC::getArgumentByVal):
985         (JSC::ApplyFunctionCallDotNode::emitBytecode):
986         (JSC::ArrayPatternNode::emitDirectBinding):
987         * dfg/DFGOSRExitCompilerCommon.cpp:
988         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
989         * dfg/DFGOperations.cpp:
990         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
991         * dfg/DFGOperations.h:
992         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
993
994 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
995
996         Remove ENABLE(SQL_DATABASE) guards
997         https://bugs.webkit.org/show_bug.cgi?id=140434
998
999         Reviewed by Darin Adler.
1000
1001         * CMakeLists.txt:
1002         * Configurations/FeatureDefines.xcconfig:
1003         * DerivedSources.make:
1004         * inspector/protocol/Database.json:
1005
1006 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
1007
1008         Web Inspector and regular console use different source code locations for messages
1009         https://bugs.webkit.org/show_bug.cgi?id=140478
1010
1011         Reviewed by Brian Burg.
1012
1013         * inspector/ConsoleMessage.h: Expose computed source location.
1014
1015         * inspector/agents/InspectorConsoleAgent.cpp:
1016         (Inspector::InspectorConsoleAgent::addMessageToConsole):
1017         (Inspector::InspectorConsoleAgent::stopTiming):
1018         (Inspector::InspectorConsoleAgent::count):
1019         * inspector/agents/InspectorConsoleAgent.h:
1020         addMessageToConsole() now takes a pre-made ConsoleMessage object.
1021
1022         * inspector/JSGlobalObjectConsoleClient.cpp:
1023         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1024         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
1025         * inspector/JSGlobalObjectInspectorController.cpp:
1026         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
1027         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
1028         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
1029         Updated for the above changes.
1030
1031 2015-01-15  Mark Lam  <mark.lam@apple.com>
1032
1033         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
1034         <https://webkit.org/b/140093>
1035
1036         Reviewed by Geoffrey Garen.
1037
1038         * interpreter/StackVisitor.cpp:
1039         (JSC::StackVisitor::Frame::createArguments):
1040         - We should not fetching the lexicalEnvironment here.  The reason we've
1041           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
1042           may not be available to us at this point.  Instead, we'll just pass a nullptr.
1043
1044         * runtime/Arguments.cpp:
1045         (JSC::Arguments::tearOffForCloning):
1046         * runtime/Arguments.h:
1047         (JSC::Arguments::finishCreation):
1048         - Use the new tearOffForCloning() to tear off arguments right out of the values
1049           passed on the stack.  tearOff() is not appropriate for this purpose because
1050           it takes slowArgumentsData into account.
1051
1052 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1053
1054         Removed accidental commit of "invalid_array.js" 
1055         http://trac.webkit.org/changeset/178439
1056
1057         * tests/stress/invalid_array.js: Removed.
1058
1059 2015-01-14  Matthew Mirman  <mmirman@apple.com>
1060
1061         Fixes operationPutByIdOptimizes such that they check that the put didn't
1062         change the structure of the object who's property access is being
1063         cached.  Also removes uses of the new base value from the cache generation code.
1064         https://bugs.webkit.org/show_bug.cgi?id=139500
1065
1066         Reviewed by Filip Pizlo.
1067
1068         * jit/JITOperations.cpp:
1069         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
1070         (JSC::operationPutByIdNonStrictOptimize): ditto.
1071         (JSC::operationPutByIdDirectStrictOptimize): ditto.
1072         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
1073         * jit/Repatch.cpp:
1074         (JSC::generateByIdStub):
1075         (JSC::tryCacheGetByID):
1076         (JSC::tryBuildGetByIDList):
1077         (JSC::emitPutReplaceStub):
1078         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
1079         (JSC::tryCachePutByID):
1080         (JSC::repatchPutByID):
1081         (JSC::tryBuildPutByIdList):
1082         (JSC::tryRepatchIn):
1083         (JSC::emitPutTransitionStub): Deleted.
1084         * jit/Repatch.h:
1085         * llint/LLIntSlowPaths.cpp:
1086         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1087         * runtime/JSPropertyNameEnumerator.h:
1088         (JSC::genericPropertyNameEnumerator):
1089         * runtime/Operations.h:
1090         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
1091         (JSC::normalizePrototypeChain): restructured to not use the base value.
1092         * tests/mozilla/mozilla-tests.yaml:
1093         * tests/stress/proto-setter.js: Added.
1094         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
1095         Added test that fails without this patch.
1096
1097 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
1098
1099         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
1100         https://bugs.webkit.org/show_bug.cgi?id=140404
1101
1102         Reviewed by Timothy Hatcher.
1103
1104         * inspector/protocol/Timeline.json:
1105
1106 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
1107
1108         DFG can call PutByValDirect for generic arrays
1109         https://bugs.webkit.org/show_bug.cgi?id=140389
1110
1111         Reviewed by Geoffrey Garen.
1112
1113         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
1114         However, current DFG asserts that put_by_val_direct is not used for the generic array,
1115         the assertion failure is raised.
1116         This patch allow DFG to use put_by_val_direct to generic arrays.
1117
1118         And fix the DFG put_by_val_direct implementation for string properties.
1119         At first, put_by_val_direct is inteded to be used for spread elements.
1120         So the property keys were limited to numbers (indexes).
1121         But now, it's also used for computed properties in object initializers.
1122
1123         * dfg/DFGOperations.cpp:
1124         (JSC::DFG::operationPutByValInternal):
1125         * dfg/DFGSpeculativeJIT64.cpp:
1126         (JSC::DFG::SpeculativeJIT::compile):
1127
1128 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
1129
1130         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
1131         https://bugs.webkit.org/show_bug.cgi?id=140397
1132
1133         Reviewed by Geoffrey Garen.
1134
1135         Patch by Alexey Proskuryakov.
1136
1137         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
1138
1139         No performance change.
1140
1141         No test, since this is a small past-the-end read, which is very
1142         difficult to turn into a reproducible failing test -- and existing tests
1143         crash reliably using ASan.
1144
1145         * bytecompiler/NodesCodegen.cpp:
1146         (JSC::BracketAccessorNode::emitBytecode):
1147         (JSC::DotAccessorNode::emitBytecode):
1148         (JSC::FunctionCallBracketNode::emitBytecode):
1149         (JSC::PostfixNode::emitResolve):
1150         (JSC::DeleteBracketNode::emitBytecode):
1151         (JSC::DeleteDotNode::emitBytecode):
1152         (JSC::PrefixNode::emitResolve):
1153         (JSC::UnaryOpNode::emitBytecode):
1154         (JSC::BitwiseNotNode::emitBytecode):
1155         (JSC::BinaryOpNode::emitBytecode):
1156         (JSC::EqualNode::emitBytecode):
1157         (JSC::StrictEqualNode::emitBytecode):
1158         (JSC::ThrowableBinaryOpNode::emitBytecode):
1159         (JSC::AssignDotNode::emitBytecode):
1160         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1161         register used across a call to a function that might allocate a new
1162         temporary register must be held in a RefPtr.
1163
1164 2015-01-12  Michael Saboff  <msaboff@apple.com>
1165
1166         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1167         https://bugs.webkit.org/show_bug.cgi?id=140348
1168
1169         Reviewed by Mark Lam.
1170
1171         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1172         because those registers may have been spilled on the stack and replaced with other values by
1173         the time we call down to gatherFromCurrentThread().
1174
1175         Now we get the register contents at the same place that we demarcate the current top of
1176         stack using the address of a local variable, in Heap::markRoots().  The register contents
1177         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1178         in the call tree and no lower, as markRoots() calls various functions that visit object
1179         pointers that may be latter proven dead.  Any of those pointers that are left on the
1180         stack or in registers could be incorrectly marked as live if we scan the stack contents
1181         from a called function or one of its callees.  The stack demarcation pointer and register
1182         saving need to be done in the same function so that we have a consistent stack, active
1183         and spilled registers.
1184
1185         Because we don't want to make unnecessary calls to get the register contents, we use
1186         a macro to allocated, and possibly align, the register structure and get the actual
1187         register contents.
1188
1189
1190         * heap/Heap.cpp:
1191         (JSC::Heap::markRoots):
1192         (JSC::Heap::gatherStackRoots):
1193         * heap/Heap.h:
1194         * heap/MachineStackMarker.cpp:
1195         (JSC::MachineThreads::gatherFromCurrentThread):
1196         (JSC::MachineThreads::gatherConservativeRoots):
1197         * heap/MachineStackMarker.h:
1198
1199 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1200
1201         Add basic pattern matching support to the url filters
1202         https://bugs.webkit.org/show_bug.cgi?id=140283
1203
1204         Reviewed by Andreas Kling.
1205
1206         * JavaScriptCore.xcodeproj/project.pbxproj:
1207         Make YarrParser.h private in order to use it from WebCore.
1208
1209 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1210
1211         Out of bounds read in IdentifierArena::makeIdentifier
1212         https://bugs.webkit.org/show_bug.cgi?id=140376
1213
1214         Patch by Alexey Proskuryakov.
1215
1216         Reviewed and ChangeLogged by Geoffrey Garen.
1217
1218         No test, since this is a small past-the-end read, which is very
1219         difficult to turn into a reproducible failing test -- and existing tests
1220         crash reliably using ASan.
1221
1222         * parser/ParserArena.h:
1223         (JSC::IdentifierArena::makeIdentifier):
1224         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1225         zero-length string input, like we do in the literal parser, since it is
1226         not valid to dereference characters in a zero-length string.
1227
1228         A zero-length string is allowed in JavaScript -- for example, "".
1229
1230 2015-01-11  Sam Weinig  <sam@webkit.org>
1231
1232         Remove support for SharedWorkers
1233         https://bugs.webkit.org/show_bug.cgi?id=140344
1234
1235         Reviewed by Anders Carlsson.
1236
1237         * Configurations/FeatureDefines.xcconfig:
1238
1239 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1240
1241         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1242         https://bugs.webkit.org/show_bug.cgi?id=136769
1243
1244         Reviewed by Antti Koivisto.
1245
1246         * Configurations/FeatureDefines.xcconfig:
1247
1248 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1249
1250         Unreviewed, rolling out r178266.
1251         https://bugs.webkit.org/show_bug.cgi?id=140363
1252
1253         Broke a JSC test (Requested by ap on #webkit).
1254
1255         Reverted changeset:
1256
1257         "Local JSArray* "keys" in objectConstructorKeys() is not
1258         marked during garbage collection"
1259         https://bugs.webkit.org/show_bug.cgi?id=140348
1260         http://trac.webkit.org/changeset/178266
1261
1262 2015-01-12  Michael Saboff  <msaboff@apple.com>
1263
1264         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1265         https://bugs.webkit.org/show_bug.cgi?id=140348
1266
1267         Reviewed by Mark Lam.
1268
1269         Move the address of the local variable that is used to demarcate the top of the stack for 
1270         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1271         the register values using setjmp().  That way we don't lose any callee save register
1272         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1273         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1274         erroneously.
1275
1276         * heap/Heap.cpp:
1277         (JSC::Heap::markRoots):
1278         (JSC::Heap::gatherStackRoots):
1279         * heap/Heap.h:
1280         * heap/MachineStackMarker.cpp:
1281         (JSC::MachineThreads::gatherFromCurrentThread):
1282         (JSC::MachineThreads::gatherConservativeRoots):
1283         * heap/MachineStackMarker.h:
1284
1285 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1286
1287         Fix typo in testate.c error messages
1288         https://bugs.webkit.org/show_bug.cgi?id=140305
1289
1290         Reviewed by Geoffrey Garen.
1291
1292         * API/tests/testapi.c:
1293         (main): "... script did not timed out ..." -> "... script did not time out ..."
1294
1295 2015-01-09  Michael Saboff  <msaboff@apple.com>
1296
1297         Breakpoint doesn't fire in this HTML5 game
1298         https://bugs.webkit.org/show_bug.cgi?id=140269
1299
1300         Reviewed by Mark Lam.
1301
1302         When parsing a single line cached function, use the lineStartOffset of the
1303         location where we found the cached function instead of the cached lineStartOffset.
1304         The cache location's lineStartOffset has not been adjusted for any possible
1305         containing functions.
1306
1307         This change is not needed for multi-line cached functions.  Consider the
1308         single line source:
1309
1310         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1311
1312         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1313         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1314         character is at outer()'s outermost open brace.  That is what we should use for
1315         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1316         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1317         to use the value of lineStartOffset before we started parsing inner1().  That is
1318         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1319
1320         For a multi-line function, the close brace is guaranteed to be on a different line
1321         than the open brace.  Hence, its lineStartOffset will not change with the change of
1322         the SourceCode start character
1323
1324         * parser/Parser.cpp:
1325         (JSC::Parser<LexerType>::parseFunctionInfo):
1326
1327 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1328
1329         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1330         https://bugs.webkit.org/show_bug.cgi?id=140279
1331         rdar://problem/19422299
1332
1333         Reviewed by Oliver Hunt.
1334
1335         * runtime/MapData.cpp:
1336         (JSC::MapData::replaceAndPackBackingStore):
1337         The cell table also needs to have its values fixed.
1338
1339 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1340
1341         Web Inspector: Remove or use TimelineAgent Resource related event types
1342         https://bugs.webkit.org/show_bug.cgi?id=140155
1343
1344         Reviewed by Timothy Hatcher.
1345
1346         Remove unused / stale Timeline event types.
1347
1348         * inspector/protocol/Timeline.json:
1349
1350 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1351
1352         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1353         https://bugs.webkit.org/show_bug.cgi?id=140098
1354
1355         Reviewed by Brian Burg.
1356
1357         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1358
1359 2015-01-08  Mark Lam  <mark.lam@apple.com>
1360
1361         Argument object created by "Function dot arguments" should use a clone of the argument values.
1362         <https://webkit.org/b/140093>
1363
1364         Reviewed by Geoffrey Garen.
1365
1366         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1367         test will crash.  The relevant code which manifests the issue is as follows:
1368
1369             function bar() {
1370                 return foo.arguments;
1371             }
1372
1373             function foo(p) {
1374                 var x = 42;
1375                 if (p)
1376                     return (function() { return x; });
1377                 else
1378                     return bar();
1379             }
1380
1381         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1382         has dead code eliminated the SetLocal that stores it into its designated local.
1383         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1384         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1385         but instead, finds it to be uninitialized.  This results in a null pointer access
1386         which causes a crash.
1387
1388         This can be resolved by having bar() instantiate a clone of the Arguments object
1389         instead, and populate its elements with values fetched directly from foo's frame.
1390         There's no need to reference foo's LexicalEnvironment (whether present or not).
1391
1392         * interpreter/StackVisitor.cpp:
1393         (JSC::StackVisitor::Frame::createArguments):
1394         * runtime/Arguments.h:
1395         (JSC::Arguments::finishCreation):
1396
1397 2015-01-08  Mark Lam  <mark.lam@apple.com>
1398
1399         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1400         <https://webkit.org/b/140236>
1401
1402         Reviewed by Geoffrey Garen.
1403
1404         Will change the DFG to use the operand on a subsequent pass.  For now,
1405         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1406         retain the old behavior of getting the lexicalEnviroment from the
1407         ExecState.
1408
1409         * bytecompiler/BytecodeGenerator.cpp:
1410         (JSC::BytecodeGenerator::BytecodeGenerator):
1411         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1412         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1413         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1414           instead of an empty JSValue as the lexicalEnvironment operand.
1415
1416         * dfg/DFGOperations.cpp:
1417         - Use the lexicalEnvironment from the ExecState for now.
1418
1419         * dfg/DFGSpeculativeJIT32_64.cpp:
1420         (JSC::DFG::SpeculativeJIT::compile):
1421         * dfg/DFGSpeculativeJIT64.cpp:
1422         (JSC::DFG::SpeculativeJIT::compile):
1423         - Use the operationCreateArgumentsForDFG() thunk for now.
1424
1425         * interpreter/CallFrame.cpp:
1426         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1427         * interpreter/CallFrame.h:
1428         - Added this convenience function to return either the
1429           lexicalEnvironment or a nullptr so that we don't need to do a
1430           conditional check on codeBlock->needsActivation() at multiple sites.
1431
1432         * interpreter/StackVisitor.cpp:
1433         (JSC::StackVisitor::Frame::createArguments):
1434         * jit/JIT.h:
1435         * jit/JITInlines.h:
1436         (JSC::JIT::callOperation):
1437         * jit/JITOpcodes.cpp:
1438         (JSC::JIT::emit_op_create_arguments):
1439         (JSC::JIT::emitSlow_op_get_argument_by_val):
1440         * jit/JITOpcodes32_64.cpp:
1441         (JSC::JIT::emit_op_create_arguments):
1442         (JSC::JIT::emitSlow_op_get_argument_by_val):
1443         * jit/JITOperations.cpp:
1444         * jit/JITOperations.h:
1445         * llint/LLIntSlowPaths.cpp:
1446         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1447         * runtime/Arguments.h:
1448         (JSC::Arguments::create):
1449         (JSC::Arguments::finishCreation):
1450         * runtime/CommonSlowPaths.cpp:
1451         (JSC::SLOW_PATH_DECL):
1452         * runtime/JSLexicalEnvironment.cpp:
1453         (JSC::JSLexicalEnvironment::argumentsGetter):
1454
1455 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1456
1457         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1458         https://bugs.webkit.org/show_bug.cgi?id=138991
1459
1460         Reviewed by Timothy Hatcher.
1461
1462         * debugger/Debugger.cpp:
1463         (JSC::Debugger::Debugger):
1464         (JSC::Debugger::pauseIfNeeded):
1465         (JSC::Debugger::didReachBreakpoint):
1466         When actually pausing, if we hit a breakpoint ensure the reason
1467         is PausedForBreakpoint, otherwise use the current reason.
1468
1469         * debugger/Debugger.h:
1470         Make pause reason and pausing breakpoint ID public.
1471
1472         * inspector/agents/InspectorDebuggerAgent.h:
1473         * inspector/agents/InspectorDebuggerAgent.cpp:
1474         (Inspector::buildAssertPauseReason):
1475         (Inspector::buildCSPViolationPauseReason):
1476         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1477         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1478         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1479         (Inspector::buildObjectForBreakpointCookie):
1480         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1481         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1482         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1483         (Inspector::InspectorDebuggerAgent::pause):
1484         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1485         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1486         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1487         Clean up creation of pause reason objects and other cleanup
1488         of PassRefPtr use and InjectedScript use.
1489
1490         (Inspector::InspectorDebuggerAgent::didPause):
1491         Clean up so that we first check for an Exception, and then fall
1492         back to including a Pause Reason derived from the Debugger.
1493
1494         * inspector/protocol/Debugger.json:
1495         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1496
1497 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1498
1499         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1500         https://bugs.webkit.org/show_bug.cgi?id=140209
1501
1502         Reviewed by Timothy Hatcher.
1503
1504         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1505         when the user can set an array of objects. Previously we were only type checking
1506         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1507
1508         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1509         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1510         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1511         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1512         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1513         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1514         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1515         * inspector/scripts/codegen/objc_generator.py:
1516         (ObjCGenerator.objc_class_for_array_type):
1517         (ObjCGenerator):
1518
1519 2015-01-07  Mark Lam  <mark.lam@apple.com>
1520
1521         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1522         <https://webkit.org/b/140233>
1523
1524         Reviewed by Filip Pizlo.
1525
1526         This patch only adds the operand to the bytecode.  It is not in use yet.
1527
1528         * bytecode/BytecodeList.json:
1529         * bytecode/BytecodeUseDef.h:
1530         (JSC::computeUsesForBytecodeOffset):
1531         * bytecode/CodeBlock.cpp:
1532         (JSC::CodeBlock::dumpBytecode):
1533         * bytecompiler/BytecodeGenerator.cpp:
1534         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1535         * llint/LowLevelInterpreter32_64.asm:
1536         * llint/LowLevelInterpreter64.asm:
1537
1538 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1539
1540         Investigate the character type of repeated string instead of checking is8Bit flag
1541         https://bugs.webkit.org/show_bug.cgi?id=140139
1542
1543         Reviewed by Darin Adler.
1544
1545         Instead of checking is8Bit flag of the repeated string, investigate
1546         the actual value of the repeated character since i8Bit flag give a false negative case.
1547
1548         * runtime/StringPrototype.cpp:
1549         (JSC::repeatCharacter):
1550         (JSC::stringProtoFuncRepeat):
1551         (JSC::repeatSmallString): Deleted.
1552
1553 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1554
1555         Web Inspector: ObjC Generate types from the GenericTypes domain
1556         https://bugs.webkit.org/show_bug.cgi?id=140229
1557
1558         Reviewed by Timothy Hatcher.
1559
1560         Generate types from the GenericTypes domain, as they are expected
1561         by other domains (like Page domain). Also, don't include the @protocol
1562         forward declaration for a domain if it doesn't have any commands.
1563
1564         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1565         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1566         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1567         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1568         * inspector/scripts/codegen/objc_generator.py:
1569         (ObjCGenerator):
1570         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1571         * inspector/scripts/tests/expected/enum-values.json-result:
1572         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1573         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1574         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1575         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1576         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1577         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1578         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1579         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1580         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1581
1582 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1583
1584         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1585         https://bugs.webkit.org/show_bug.cgi?id=140228
1586
1587         Reviewed by Timothy Hatcher.
1588
1589         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1590         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1591         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1592         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1593         * inspector/scripts/tests/expected/enum-values.json-result:
1594         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1595
1596 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1597
1598         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1599         https://bugs.webkit.org/show_bug.cgi?id=140165
1600
1601         Reviewed by Michael Saboff.
1602
1603         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1604         into the LLInt speeds up type profiling.
1605
1606         * llint/LLIntOffsetsExtractor.cpp:
1607         * llint/LowLevelInterpreter.asm:
1608         * llint/LowLevelInterpreter32_64.asm:
1609         * llint/LowLevelInterpreter64.asm:
1610         * runtime/CommonSlowPaths.cpp:
1611         (JSC::SLOW_PATH_DECL):
1612         * runtime/CommonSlowPaths.h:
1613         * runtime/TypeProfilerLog.h:
1614         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1615
1616 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1617
1618         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1619         https://bugs.webkit.org/show_bug.cgi?id=140053
1620
1621         Reviewed by Andreas Kling.
1622
1623         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1624         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1625         references are always non-null. These two refactorings have been combined since
1626         they tend to require similar changes to the code.
1627
1628         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1629         have been updated to take a Ref instead of RefPtr.
1630
1631         Builders for typed protocol objects now return a Ref. Since there is no implicit
1632         call to operator&, callsites now must explicitly call .release() to convert a
1633         builder object into the corresponding protocol object once required fields are set.
1634         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1635
1636         Tests for inspector protocol and replay inputs have been rebaselined.
1637
1638         * bindings/ScriptValue.cpp:
1639         (Deprecated::jsToInspectorValue):
1640         (Deprecated::ScriptValue::toInspectorValue):
1641         * bindings/ScriptValue.h:
1642         * inspector/ConsoleMessage.cpp:
1643         (Inspector::ConsoleMessage::addToFrontend):
1644         * inspector/ContentSearchUtilities.cpp:
1645         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1646         (Inspector::ContentSearchUtilities::searchInTextByLines):
1647         * inspector/ContentSearchUtilities.h:
1648         * inspector/InjectedScript.cpp:
1649         (Inspector::InjectedScript::getFunctionDetails):
1650         (Inspector::InjectedScript::getProperties):
1651         (Inspector::InjectedScript::getInternalProperties):
1652         (Inspector::InjectedScript::wrapCallFrames):
1653         (Inspector::InjectedScript::wrapObject):
1654         (Inspector::InjectedScript::wrapTable):
1655         * inspector/InjectedScript.h:
1656         * inspector/InjectedScriptBase.cpp:
1657         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1658         * inspector/InspectorBackendDispatcher.cpp:
1659         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1660         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1661         (Inspector::InspectorBackendDispatcher::create):
1662         (Inspector::InspectorBackendDispatcher::dispatch):
1663         (Inspector::InspectorBackendDispatcher::sendResponse):
1664         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1665         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1666         (Inspector::InspectorBackendDispatcher::getInteger):
1667         (Inspector::InspectorBackendDispatcher::getDouble):
1668         (Inspector::InspectorBackendDispatcher::getString):
1669         (Inspector::InspectorBackendDispatcher::getBoolean):
1670         (Inspector::InspectorBackendDispatcher::getObject):
1671         (Inspector::InspectorBackendDispatcher::getArray):
1672         (Inspector::InspectorBackendDispatcher::getValue):
1673         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1674         protocol error strings.
1675         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1676         Convert the supplemental dispatcher's reference to Ref since it is never null.
1677         * inspector/InspectorEnvironment.h:
1678         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1679         StructItemTraits. Add more versions of addItem to handle pushing various types.
1680         (Inspector::Protocol::Array::openAccessors):
1681         (Inspector::Protocol::Array::addItem):
1682         (Inspector::Protocol::Array::create):
1683         (Inspector::Protocol::StructItemTraits::push):
1684         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1685         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1686         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1687         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1688         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1689         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1690         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1691         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1692         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1693         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1694         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1695         the same call signature as other getters. Use Ref where possible.
1696         (Inspector::InspectorObjectBase::getBoolean):
1697         (Inspector::InspectorObjectBase::getString):
1698         (Inspector::InspectorObjectBase::getObject):
1699         (Inspector::InspectorObjectBase::getArray):
1700         (Inspector::InspectorObjectBase::getValue):
1701         (Inspector::InspectorObjectBase::writeJSON):
1702         (Inspector::InspectorArrayBase::get):
1703         (Inspector::InspectorObject::create):
1704         (Inspector::InspectorArray::create):
1705         (Inspector::InspectorValue::null):
1706         (Inspector::InspectorString::create):
1707         (Inspector::InspectorBasicValue::create):
1708         (Inspector::InspectorObjectBase::get): Deleted.
1709         * inspector/InspectorValues.h:
1710         (Inspector::InspectorObjectBase::setValue):
1711         (Inspector::InspectorObjectBase::setObject):
1712         (Inspector::InspectorObjectBase::setArray):
1713         (Inspector::InspectorArrayBase::pushValue):
1714         (Inspector::InspectorArrayBase::pushObject):
1715         (Inspector::InspectorArrayBase::pushArray):
1716         * inspector/JSGlobalObjectConsoleClient.cpp:
1717         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1718         (Inspector::JSGlobalObjectConsoleClient::count):
1719         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1720         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1721         * inspector/JSGlobalObjectConsoleClient.h:
1722         * inspector/JSGlobalObjectInspectorController.cpp:
1723         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1724         * inspector/JSGlobalObjectInspectorController.h:
1725         * inspector/ScriptCallFrame.cpp:
1726         (Inspector::ScriptCallFrame::buildInspectorObject):
1727         * inspector/ScriptCallFrame.h:
1728         * inspector/ScriptCallStack.cpp:
1729         (Inspector::ScriptCallStack::create):
1730         (Inspector::ScriptCallStack::buildInspectorArray):
1731         * inspector/ScriptCallStack.h:
1732         * inspector/agents/InspectorAgent.cpp:
1733         (Inspector::InspectorAgent::enable):
1734         (Inspector::InspectorAgent::inspect):
1735         (Inspector::InspectorAgent::activateExtraDomain):
1736         * inspector/agents/InspectorAgent.h:
1737         * inspector/agents/InspectorDebuggerAgent.cpp:
1738         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1739         (Inspector::buildObjectForBreakpointCookie):
1740         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1741         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1742         (Inspector::InspectorDebuggerAgent::continueToLocation):
1743         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1744         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1745         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1746         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1747         (Inspector::InspectorDebuggerAgent::didParseSource):
1748         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1749         (Inspector::InspectorDebuggerAgent::breakProgram):
1750         * inspector/agents/InspectorDebuggerAgent.h:
1751         * inspector/agents/InspectorRuntimeAgent.cpp:
1752         (Inspector::buildErrorRangeObject):
1753         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1754         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1755         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1756         * inspector/agents/InspectorRuntimeAgent.h:
1757         * inspector/scripts/codegen/cpp_generator.py:
1758         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1759         (CppGenerator.cpp_type_for_type_with_name):
1760         (CppGenerator.cpp_type_for_formal_async_parameter):
1761         (CppGenerator.should_use_references_for_type):
1762         (CppGenerator):
1763         * inspector/scripts/codegen/cpp_generator_templates.py:
1764         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1765         (CppBackendDispatcherHeaderGenerator.generate_output):
1766         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1767         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1768         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1769         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1770         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1771         (CppFrontendDispatcherHeaderGenerator.generate_output):
1772         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1773         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1774         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1775         (CppProtocolTypesHeaderGenerator.generate_output):
1776         (_generate_class_for_object_declaration):
1777         (_generate_unchecked_setter_for_member):
1778         (_generate_forward_declarations_for_binding_traits):
1779         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1780         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1781         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1782         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1783         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1784         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1785         (ObjCProtocolTypesImplementationGenerator.generate_output):
1786         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1787         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1788         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1789         * inspector/scripts/tests/expected/enum-values.json-result:
1790         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1791         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1792         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1793         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1794         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1795         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1796         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1797         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1798         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1799         * replay/EncodedValue.cpp:
1800         (JSC::EncodedValue::asObject):
1801         (JSC::EncodedValue::asArray):
1802         (JSC::EncodedValue::put<EncodedValue>):
1803         (JSC::EncodedValue::append<EncodedValue>):
1804         (JSC::EncodedValue::get<EncodedValue>):
1805         * replay/EncodedValue.h:
1806         * replay/scripts/CodeGeneratorReplayInputs.py:
1807         (Type.borrow_type):
1808         (Type.argument_type):
1809         (Generator.generate_member_move_expression):
1810         * runtime/ConsoleClient.cpp:
1811         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1812         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1813         (JSC::ConsoleClient::logWithLevel):
1814         (JSC::ConsoleClient::clear):
1815         (JSC::ConsoleClient::dir):
1816         (JSC::ConsoleClient::dirXML):
1817         (JSC::ConsoleClient::table):
1818         (JSC::ConsoleClient::trace):
1819         (JSC::ConsoleClient::assertCondition):
1820         (JSC::ConsoleClient::group):
1821         (JSC::ConsoleClient::groupCollapsed):
1822         (JSC::ConsoleClient::groupEnd):
1823         * runtime/ConsoleClient.h:
1824         * runtime/TypeSet.cpp:
1825         (JSC::TypeSet::allStructureRepresentations):
1826         (JSC::TypeSet::inspectorTypeSet):
1827         (JSC::StructureShape::inspectorRepresentation):
1828         * runtime/TypeSet.h:
1829
1830 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1831
1832         Unreviewed, rolling out r178039.
1833         https://bugs.webkit.org/show_bug.cgi?id=140187
1834
1835         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1836         #webkit).
1837
1838         Reverted changeset:
1839
1840         "Web Inspector: purge PassRefPtr from Inspector code and use
1841         Ref for typed and untyped protocol objects"
1842         https://bugs.webkit.org/show_bug.cgi?id=140053
1843         http://trac.webkit.org/changeset/178039
1844
1845 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1846
1847         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1848         https://bugs.webkit.org/show_bug.cgi?id=140053
1849
1850         Reviewed by Andreas Kling.
1851
1852         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1853         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1854         references are always non-null. These two refactorings have been combined since
1855         they tend to require similar changes to the code.
1856
1857         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1858         have been updated to take a Ref instead of RefPtr.
1859
1860         Builders for typed protocol objects now return a Ref. Since there is no implicit
1861         call to operator&, callsites now must explicitly call .release() to convert a
1862         builder object into the corresponding protocol object once required fields are set.
1863         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1864
1865         Tests for inspector protocol and replay inputs have been rebaselined.
1866
1867         * bindings/ScriptValue.cpp:
1868         (Deprecated::jsToInspectorValue):
1869         (Deprecated::ScriptValue::toInspectorValue):
1870         * bindings/ScriptValue.h:
1871         * inspector/ConsoleMessage.cpp:
1872         (Inspector::ConsoleMessage::addToFrontend):
1873         * inspector/ContentSearchUtilities.cpp:
1874         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1875         (Inspector::ContentSearchUtilities::searchInTextByLines):
1876         * inspector/ContentSearchUtilities.h:
1877         * inspector/InjectedScript.cpp:
1878         (Inspector::InjectedScript::getFunctionDetails):
1879         (Inspector::InjectedScript::getProperties):
1880         (Inspector::InjectedScript::getInternalProperties):
1881         (Inspector::InjectedScript::wrapCallFrames):
1882         (Inspector::InjectedScript::wrapObject):
1883         (Inspector::InjectedScript::wrapTable):
1884         * inspector/InjectedScript.h:
1885         * inspector/InjectedScriptBase.cpp:
1886         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1887         * inspector/InspectorBackendDispatcher.cpp:
1888         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1889         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1890         (Inspector::InspectorBackendDispatcher::create):
1891         (Inspector::InspectorBackendDispatcher::dispatch):
1892         (Inspector::InspectorBackendDispatcher::sendResponse):
1893         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1894         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1895         (Inspector::InspectorBackendDispatcher::getInteger):
1896         (Inspector::InspectorBackendDispatcher::getDouble):
1897         (Inspector::InspectorBackendDispatcher::getString):
1898         (Inspector::InspectorBackendDispatcher::getBoolean):
1899         (Inspector::InspectorBackendDispatcher::getObject):
1900         (Inspector::InspectorBackendDispatcher::getArray):
1901         (Inspector::InspectorBackendDispatcher::getValue):
1902         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1903         protocol error strings.
1904         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1905         Convert the supplemental dispatcher's reference to Ref since it is never null.
1906         * inspector/InspectorEnvironment.h:
1907         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1908         StructItemTraits. Add more versions of addItem to handle pushing various types.
1909         (Inspector::Protocol::Array::openAccessors):
1910         (Inspector::Protocol::Array::addItem):
1911         (Inspector::Protocol::Array::create):
1912         (Inspector::Protocol::StructItemTraits::push):
1913         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1914         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1915         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1916         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1917         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1918         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1919         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1920         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1921         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1922         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1923         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1924         the same call signature as other getters. Use Ref where possible.
1925         (Inspector::InspectorObjectBase::getBoolean):
1926         (Inspector::InspectorObjectBase::getString):
1927         (Inspector::InspectorObjectBase::getObject):
1928         (Inspector::InspectorObjectBase::getArray):
1929         (Inspector::InspectorObjectBase::getValue):
1930         (Inspector::InspectorObjectBase::writeJSON):
1931         (Inspector::InspectorArrayBase::get):
1932         (Inspector::InspectorObject::create):
1933         (Inspector::InspectorArray::create):
1934         (Inspector::InspectorValue::null):
1935         (Inspector::InspectorString::create):
1936         (Inspector::InspectorBasicValue::create):
1937         (Inspector::InspectorObjectBase::get): Deleted.
1938         * inspector/InspectorValues.h:
1939         (Inspector::InspectorObjectBase::setValue):
1940         (Inspector::InspectorObjectBase::setObject):
1941         (Inspector::InspectorObjectBase::setArray):
1942         (Inspector::InspectorArrayBase::pushValue):
1943         (Inspector::InspectorArrayBase::pushObject):
1944         (Inspector::InspectorArrayBase::pushArray):
1945         * inspector/JSGlobalObjectConsoleClient.cpp:
1946         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1947         (Inspector::JSGlobalObjectConsoleClient::count):
1948         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1949         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1950         * inspector/JSGlobalObjectConsoleClient.h:
1951         * inspector/JSGlobalObjectInspectorController.cpp:
1952         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1953         * inspector/JSGlobalObjectInspectorController.h:
1954         * inspector/ScriptCallFrame.cpp:
1955         (Inspector::ScriptCallFrame::buildInspectorObject):
1956         * inspector/ScriptCallFrame.h:
1957         * inspector/ScriptCallStack.cpp:
1958         (Inspector::ScriptCallStack::create):
1959         (Inspector::ScriptCallStack::buildInspectorArray):
1960         * inspector/ScriptCallStack.h:
1961         * inspector/agents/InspectorAgent.cpp:
1962         (Inspector::InspectorAgent::enable):
1963         (Inspector::InspectorAgent::inspect):
1964         (Inspector::InspectorAgent::activateExtraDomain):
1965         * inspector/agents/InspectorAgent.h:
1966         * inspector/agents/InspectorDebuggerAgent.cpp:
1967         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1968         (Inspector::buildObjectForBreakpointCookie):
1969         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1970         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1971         (Inspector::InspectorDebuggerAgent::continueToLocation):
1972         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1973         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1974         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1975         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1976         (Inspector::InspectorDebuggerAgent::didParseSource):
1977         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1978         (Inspector::InspectorDebuggerAgent::breakProgram):
1979         * inspector/agents/InspectorDebuggerAgent.h:
1980         * inspector/agents/InspectorRuntimeAgent.cpp:
1981         (Inspector::buildErrorRangeObject):
1982         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1983         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1984         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1985         * inspector/agents/InspectorRuntimeAgent.h:
1986         * inspector/scripts/codegen/cpp_generator.py:
1987         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1988         (CppGenerator.cpp_type_for_type_with_name):
1989         (CppGenerator.cpp_type_for_formal_async_parameter):
1990         (CppGenerator.should_use_references_for_type):
1991         (CppGenerator):
1992         * inspector/scripts/codegen/cpp_generator_templates.py:
1993         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1994         (CppBackendDispatcherHeaderGenerator.generate_output):
1995         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1996         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1997         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1998         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1999         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
2000         (CppFrontendDispatcherHeaderGenerator.generate_output):
2001         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
2002         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2003         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
2004         (CppProtocolTypesHeaderGenerator.generate_output):
2005         (_generate_class_for_object_declaration):
2006         (_generate_unchecked_setter_for_member):
2007         (_generate_forward_declarations_for_binding_traits):
2008         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
2009         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
2010         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
2011         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
2012         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
2013         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
2014         (ObjCProtocolTypesImplementationGenerator.generate_output):
2015         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2016         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2017         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2018         * inspector/scripts/tests/expected/enum-values.json-result:
2019         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2020         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2021         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2022         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2023         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2024         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2025         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2026         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2027         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2028         * replay/EncodedValue.cpp:
2029         (JSC::EncodedValue::asObject):
2030         (JSC::EncodedValue::asArray):
2031         (JSC::EncodedValue::put<EncodedValue>):
2032         (JSC::EncodedValue::append<EncodedValue>):
2033         (JSC::EncodedValue::get<EncodedValue>):
2034         * replay/EncodedValue.h:
2035         * replay/scripts/CodeGeneratorReplayInputs.py:
2036         (Type.borrow_type):
2037         (Type.argument_type):
2038         (Generator.generate_member_move_expression):
2039         * runtime/ConsoleClient.cpp:
2040         (JSC::ConsoleClient::printConsoleMessageWithArguments):
2041         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
2042         (JSC::ConsoleClient::logWithLevel):
2043         (JSC::ConsoleClient::clear):
2044         (JSC::ConsoleClient::dir):
2045         (JSC::ConsoleClient::dirXML):
2046         (JSC::ConsoleClient::table):
2047         (JSC::ConsoleClient::trace):
2048         (JSC::ConsoleClient::assertCondition):
2049         (JSC::ConsoleClient::group):
2050         (JSC::ConsoleClient::groupCollapsed):
2051         (JSC::ConsoleClient::groupEnd):
2052         * runtime/ConsoleClient.h:
2053         * runtime/TypeSet.cpp:
2054         (JSC::TypeSet::allStructureRepresentations):
2055         (JSC::TypeSet::inspectorTypeSet):
2056         (JSC::StructureShape::inspectorRepresentation):
2057         * runtime/TypeSet.h:
2058
2059 2015-01-06  Chris Dumez  <cdumez@apple.com>
2060
2061         Drop ResourceResponseBase::connectionID and connectionReused members
2062         https://bugs.webkit.org/show_bug.cgi?id=140158
2063
2064         Reviewed by Sam Weinig.
2065
2066         Drop ResourceResponseBase::connectionID and connectionReused members.
2067         Those were needed by the Chromium port but are no longer used.
2068
2069         * inspector/protocol/Network.json:
2070
2071 2015-01-06  Mark Lam  <mark.lam@apple.com>
2072
2073         Add the lexicalEnvironment as an operand to op_create_arguments.
2074         <https://webkit.org/b/140148>
2075
2076         Reviewed by Geoffrey Garen.
2077
2078         This patch only adds the operand to the bytecode.  It is not in use yet.
2079
2080         * bytecode/BytecodeList.json:
2081         * bytecode/BytecodeUseDef.h:
2082         (JSC::computeUsesForBytecodeOffset):
2083         * bytecode/CodeBlock.cpp:
2084         (JSC::CodeBlock::dumpBytecode):
2085         * bytecompiler/BytecodeGenerator.cpp:
2086         (JSC::BytecodeGenerator::BytecodeGenerator):
2087         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
2088         - Adds the lexicalEnvironment register (if present) as an operand to
2089           op_create_arguments.  Else, adds a constant empty JSValue.
2090         * llint/LowLevelInterpreter32_64.asm:
2091         * llint/LowLevelInterpreter64.asm:
2092
2093 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
2094
2095         ADDRESS_SANITIZER macro is overloaded
2096         https://bugs.webkit.org/show_bug.cgi?id=140130
2097
2098         Reviewed by Anders Carlsson.
2099
2100         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
2101         This code is nearly unused (only compiled in when JIT is disabled at build time),
2102         however I've been told that it's best to keep it.
2103
2104 2015-01-06  Mark Lam  <mark.lam@apple.com>
2105
2106         Fix Use details for op_create_arguments.
2107         <https://webkit.org/b/140110>
2108
2109         Rubber stamped by Filip Pizlo.
2110
2111         The previous patch was wrong about op_create_arguments not using its 1st operand.
2112         It does read from it (hence, used) to check if the Arguments object has already
2113         been created or not.  This patch reverts the change for op_create_arguments.
2114
2115         * bytecode/BytecodeUseDef.h:
2116         (JSC::computeUsesForBytecodeOffset):
2117
2118 2015-01-06  Mark Lam  <mark.lam@apple.com>
2119
2120         Fix Use details for op_create_lexical_environment and op_create_arguments.
2121         <https://webkit.org/b/140110>
2122
2123         Reviewed by Filip Pizlo.
2124
2125         The current "Use" details for op_create_lexical_environment and
2126         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
2127         1st operand (the output local).  op_create_lexical_environment uses its 2nd
2128         operand (the scope chain) instead of the 1st (the output local).
2129         This patch fixes them to specify the proper uses.
2130
2131         * bytecode/BytecodeUseDef.h:
2132         (JSC::computeUsesForBytecodeOffset):
2133
2134 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
2135
2136         Implement ES6 String.prototype.repeat(count)
2137         https://bugs.webkit.org/show_bug.cgi?id=140047
2138
2139         Reviewed by Darin Adler.
2140
2141         Introducing ES6 String.prototype.repeat(count) function.
2142
2143         * runtime/JSString.h:
2144         * runtime/StringPrototype.cpp:
2145         (JSC::StringPrototype::finishCreation):
2146         (JSC::repeatSmallString):
2147         (JSC::stringProtoFuncRepeat):
2148
2149 2015-01-03  Michael Saboff  <msaboff@apple.com>
2150
2151         Crash in operationNewFunction when scrolling on Google+
2152         https://bugs.webkit.org/show_bug.cgi?id=140033
2153
2154         Reviewed by Oliver Hunt.
2155
2156         In DFG code, the scope register can be eliminated because all uses have been
2157         dead code eliminated.  In the case where one of the uses was creating a function
2158         that is never used, the baseline code will still create the function.  If we OSR
2159         exit to a path where that function gets created, check the scope register value
2160         and set the new, but dead, function to undefined instead of creating a new function.
2161
2162         * jit/JITOpcodes.cpp:
2163         (JSC::JIT::emit_op_new_func_exp):
2164
2165 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2166
2167         String includes methods perform toString on searchString before toInt32 on a offset
2168         https://bugs.webkit.org/show_bug.cgi?id=140031
2169
2170         Reviewed by Darin Adler.
2171
2172         * runtime/StringPrototype.cpp:
2173         (JSC::stringProtoFuncStartsWith):
2174         (JSC::stringProtoFuncEndsWith):
2175         (JSC::stringProtoFuncIncludes):
2176
2177 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2178
2179         Change to return std::unique_ptr<> in fooCreate()
2180         https://bugs.webkit.org/show_bug.cgi?id=139983
2181
2182         Reviewed by Darin Adler.
2183
2184         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2185
2186         * create_regex_tables:
2187         * yarr/YarrPattern.h:
2188         (JSC::Yarr::YarrPattern::reset):
2189         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2190         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2191         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2192         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2193         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2194         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2195         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2196
2197 2015-01-01  Jeff Miller  <jeffm@apple.com>
2198
2199         Update user-visible copyright strings to include 2015
2200         https://bugs.webkit.org/show_bug.cgi?id=139880
2201
2202         Reviewed by Darin Adler.
2203
2204         * Info.plist:
2205
2206 2015-01-01  Darin Adler  <darin@apple.com>
2207
2208         We often misspell identifier as "identifer"
2209         https://bugs.webkit.org/show_bug.cgi?id=140025
2210
2211         Reviewed by Michael Saboff.
2212
2213         * runtime/ArrayConventions.h: Fix it.
2214
2215 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2216
2217         Move JavaScriptCore/yarr to std::unique_ptr
2218         https://bugs.webkit.org/show_bug.cgi?id=139621
2219
2220         Reviewed by Anders Carlsson.
2221
2222         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2223
2224         * yarr/YarrInterpreter.cpp:
2225         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2226         * yarr/YarrInterpreter.h:
2227         (JSC::Yarr::BytecodePattern::BytecodePattern):
2228         * yarr/YarrJIT.cpp:
2229         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2230         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2231         (JSC::Yarr::YarrGenerator::opCompileBody):
2232         * yarr/YarrPattern.cpp:
2233         (JSC::Yarr::CharacterClassConstructor::charClass):
2234         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2235         (JSC::Yarr::YarrPatternConstructor::reset):
2236         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2237         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2238         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2239         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2240         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2241         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2242         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2243         * yarr/YarrPattern.h:
2244         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2245         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2246         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2247         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2248         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2249         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2250         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2251         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2252
2253 2014-12-26  Dan Bernstein  <mitz@apple.com>
2254
2255         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2256         https://bugs.webkit.org/show_bug.cgi?id=139950
2257
2258         Reviewed by David Kilzer.
2259
2260         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2261         in a manner that works with Xcode 5.1.1.
2262
2263 2014-12-22  Mark Lam  <mark.lam@apple.com>
2264
2265         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2266         <https://webkit.org/b/139892>
2267
2268         Reviewed by Michael Saboff.
2269
2270         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2271         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2272         This patch changes it to use the helper function consistently.
2273
2274         * jit/JITOperations.cpp:
2275
2276 2014-12-22  Mark Lam  <mark.lam@apple.com>
2277
2278         Fix some typos in a comment.
2279         <https://webkit.org/b/139882>
2280
2281         Reviewed by Michael Saboff.
2282
2283         * jit/JITPropertyAccess.cpp:
2284         (JSC::JIT::emit_op_get_by_val):
2285
2286 2014-12-22  Mark Lam  <mark.lam@apple.com>
2287
2288         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2289         <https://webkit.org/b/138118>
2290
2291         Reviewed by Michael Saboff.
2292
2293         * runtime/JSObject.cpp:
2294         (JSC::JSObject::convertInt32ToArrayStorage):
2295         (JSC::JSObject::convertDoubleToArrayStorage):
2296         (JSC::JSObject::convertContiguousToArrayStorage):
2297
2298 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2299
2300         [iOS] add optimized fullscreen API
2301         https://bugs.webkit.org/show_bug.cgi?id=139833
2302         <rdar://problem/18844486>
2303
2304         Reviewed by Simon Fraser.
2305
2306         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2307
2308 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2309
2310         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2311         <http://webkit.org/b/139463>
2312
2313         Reviewed by Mark Rowe.
2314
2315         * Configurations/JavaScriptCore.xcconfig:
2316         - Simplify SECTORDER_FLAGS.
2317
2318 2014-12-19  Andreas Kling  <akling@apple.com>
2319
2320         Plug leak below LLVMCopyStringRepOfTargetData().
2321         <https://webkit.org/b/139832>
2322
2323         Reviewed by Michael Saboff.
2324
2325         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2326         to free() it after we're done using it.
2327
2328         * ftl/FTLCompile.cpp:
2329         (JSC::FTL::mmAllocateDataSection):
2330
2331 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2332
2333         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2334         https://bugs.webkit.org/show_bug.cgi?id=139797
2335
2336         Reviewed by Mark Lam.
2337
2338         * debugger/Debugger.h:
2339         * debugger/Debugger.cpp:
2340         (JSC::Debugger::isAttached):
2341         Check if we are the debugger for a particular global object.
2342         (JSC::Debugger::pauseIfNeeded):
2343         Pass the global object on when hitting a brekapoint.
2344
2345         * inspector/ScriptDebugServer.h:
2346         * inspector/ScriptDebugServer.cpp:
2347         (Inspector::ScriptDebugServer::handleBreakpointHit):
2348         Stop evaluting breakpoint actions if a previous action caused the
2349         debugger to detach from this global object.
2350         (Inspector::ScriptDebugServer::handlePause):
2351         Standardize on passing JSGlobalObject parameter first.
2352
2353 2014-12-19  Mark Lam  <mark.lam@apple.com>
2354
2355         [Win] Endless compiler warnings created by DFGEdge.h.
2356         <https://webkit.org/b/139801>
2357
2358         Reviewed by Brent Fulgham.
2359
2360         Add a cast to fix the type just the way the 64-bit version does.
2361
2362         * dfg/DFGEdge.h:
2363         (JSC::DFG::Edge::makeWord):
2364
2365 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2366
2367         Unreviewed, rolling out r177574.
2368         https://bugs.webkit.org/show_bug.cgi?id=139821
2369
2370         "Broke Production builds by installing
2371         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2372         by ddkilzer on #webkit).
2373
2374         Reverted changeset:
2375
2376         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2377         WebInspectorUI, WebKit, WebKit2"
2378         https://bugs.webkit.org/show_bug.cgi?id=139463
2379         http://trac.webkit.org/changeset/177574
2380
2381 2014-12-19  Michael Saboff  <msaboff@apple.com>
2382
2383         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2384         https://bugs.webkit.org/show_bug.cgi?id=139808
2385
2386         Reviewed by Oliver Hunt.
2387
2388         There are three changes here.
2389         1) Create a VariableWatchpointSet for captured arguments variables.
2390         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2391         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2392
2393         * bytecompiler/BytecodeGenerator.cpp:
2394         (JSC::BytecodeGenerator::BytecodeGenerator):
2395         * llint/LowLevelInterpreter32_64.asm:
2396         * llint/LowLevelInterpreter64.asm:
2397
2398 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2399
2400         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2401         <http://webkit.org/b/139463>
2402
2403         Reviewed by Mark Rowe.
2404
2405         * Configurations/JavaScriptCore.xcconfig:
2406         - Simplify SECTORDER_FLAGS.
2407
2408 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2409
2410         Unreviewed build fix.
2411
2412         * jsc.cpp: Remove typo.
2413
2414 2014-12-17  Michael Saboff  <msaboff@apple.com>
2415
2416         Tests with infinite recursion frequently crash
2417         https://bugs.webkit.org/show_bug.cgi?id=139548
2418
2419         Reviewed by Geoffrey Garen.
2420
2421         While unwinding, if the call frame doesn't have a codeblock, then we
2422         are in native code, handle appropriately.
2423
2424         * interpreter/Interpreter.cpp:
2425         (JSC::unwindCallFrame):
2426         (JSC::UnwindFunctor::operator()):
2427         Added checks for null CodeBlock.
2428
2429         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2430
2431 2014-12-17  Chris Dumez  <cdumez@apple.com>
2432
2433         [iOS] Make it possible to toggle FeatureCounter support at runtime
2434         https://bugs.webkit.org/show_bug.cgi?id=139688
2435         <rdar://problem/19266254>
2436
2437         Reviewed by Andreas Kling.
2438
2439         Stop linking against AppSupport framework as the functionality is no
2440         longer in WTF (it was moved to WebCore).
2441
2442         * Configurations/JavaScriptCore.xcconfig:
2443
2444 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2445
2446         [Win] Correct DebugSuffix builds under MSBuild
2447         https://bugs.webkit.org/show_bug.cgi?id=139733
2448         <rdar://problem/19276880>
2449
2450         Reviewed by Simon Fraser.
2451
2452         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2453         '_debug' suffix when building the DebugSuffix target.
2454
2455 2014-12-16  Enrica Casucci  <enrica@apple.com>
2456
2457         Fix iOS builders for 8.0
2458         https://bugs.webkit.org/show_bug.cgi?id=139495
2459
2460         Reviewed by Michael Saboff.
2461
2462         * Configurations/LLVMForJSC.xcconfig:
2463         * llvm/library/LLVMExports.cpp:
2464         (initializeAndGetJSCLLVMAPI):
2465
2466 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2467
2468         Unreviewed, rolling out r177380.
2469         https://bugs.webkit.org/show_bug.cgi?id=139707
2470
2471         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2472         msaboff_ on #webkit).
2473
2474         Reverted changeset:
2475
2476         "Fixes operationPutByIdOptimizes such that they check that the
2477         put didn't"
2478         https://bugs.webkit.org/show_bug.cgi?id=139500
2479         http://trac.webkit.org/changeset/177380
2480
2481 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2482
2483         Fixes operationPutByIdOptimizes such that they check that the put didn't
2484         change the structure of the object who's property access is being
2485         cached.
2486         https://bugs.webkit.org/show_bug.cgi?id=139500
2487
2488         Reviewed by Geoffrey Garen.
2489
2490         * jit/JITOperations.cpp:
2491         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2492         (JSC::operationPutByIdNonStrictOptimize): ditto.
2493         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2494         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2495         * jit/Repatch.cpp:
2496         (JSC::tryCachePutByID): Added argument for the old structure
2497         (JSC::repatchPutByID): Added argument for the old structure
2498         * jit/Repatch.h:
2499         * tests/stress/put-by-id-build-list-order-recurse.js: 
2500         Added test that fails without this patch.
2501
2502 2014-12-15  Chris Dumez  <cdumez@apple.com>
2503
2504         [iOS] Add feature counting support
2505         https://bugs.webkit.org/show_bug.cgi?id=139652
2506         <rdar://problem/19255690>
2507
2508         Reviewed by Gavin Barraclough.
2509
2510         Link against AppSupport framework on iOS as we need it to implement
2511         the new FeatureCounter API in WTF.
2512
2513         * Configurations/JavaScriptCore.xcconfig:
2514
2515 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2516
2517         Unreviewed, rolling out r177284.
2518         https://bugs.webkit.org/show_bug.cgi?id=139658
2519
2520         "Breaks API tests and LayoutTests on Yosemite Debug"
2521         (Requested by msaboff on #webkit).
2522
2523         Reverted changeset:
2524
2525         "Make sure range based iteration of Vector<> still receives
2526         bounds checking"
2527         https://bugs.webkit.org/show_bug.cgi?id=138821
2528         http://trac.webkit.org/changeset/177284
2529
2530 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2531
2532         [EFL] FTL JIT not working on ARM64
2533         https://bugs.webkit.org/show_bug.cgi?id=139295
2534
2535         Reviewed by Michael Saboff.
2536
2537         Added the missing code for stack unwinding and some additional small fixes
2538         to get FTL working correctly.
2539
2540         * ftl/FTLCompile.cpp:
2541         (JSC::FTL::mmAllocateDataSection):
2542         * ftl/FTLUnwindInfo.cpp:
2543         (JSC::FTL::UnwindInfo::parse):
2544
2545 2014-12-15  Oliver Hunt  <oliver@apple.com>
2546
2547         Make sure range based iteration of Vector<> still receives bounds checking
2548         https://bugs.webkit.org/show_bug.cgi?id=138821
2549
2550         Reviewed by Mark Lam.
2551
2552         Update code to deal with slightly changed iterator semantics.
2553
2554         * bytecode/UnlinkedCodeBlock.cpp:
2555         (JSC::UnlinkedCodeBlock::visitChildren):
2556         * bytecompiler/BytecodeGenerator.cpp:
2557         (JSC::BytecodeGenerator::emitComplexPopScopes):
2558         * dfg/DFGSpeculativeJIT.cpp:
2559         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2560         * ftl/FTLAbbreviations.h:
2561         (JSC::FTL::mdNode):
2562         (JSC::FTL::buildCall):
2563         * llint/LLIntData.cpp:
2564         (JSC::LLInt::Data::performAssertions):
2565         * parser/Parser.h:
2566         (JSC::Scope::Scope):
2567         * runtime/JSArray.cpp:
2568         (JSC::JSArray::setLengthWithArrayStorage):
2569         (JSC::JSArray::sortCompactedVector):
2570         * tools/ProfileTreeNode.h:
2571         (JSC::ProfileTreeNode::dumpInternal):
2572         * yarr/YarrJIT.cpp:
2573         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2574
2575 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2576
2577         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2578         https://bugs.webkit.org/show_bug.cgi?id=139630
2579
2580         Reviewed by Oliver Hunt.
2581         
2582         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2583         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2584         deferral worked so I wrote my discoveries down.
2585
2586         * dfg/DFGInsertionSet.h:
2587         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2588         * dfg/DFGPutLocalSinkingPhase.cpp:
2589         * tests/stress/put-local-conservative.js: Added.
2590         (foo):
2591         (.result):
2592         (bar):
2593
2594 2014-12-14  Andreas Kling  <akling@apple.com>
2595
2596         Replace PassRef with Ref/Ref&& across the board.
2597         <https://webkit.org/b/139587>
2598
2599         Reviewed by Darin Adler.
2600
2601         * runtime/Identifier.cpp:
2602         (JSC::Identifier::add):
2603         (JSC::Identifier::add8):
2604         * runtime/Identifier.h:
2605         (JSC::Identifier::add):
2606         * runtime/IdentifierInlines.h:
2607         (JSC::Identifier::add):
2608
2609 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2610
2611         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2612         https://bugs.webkit.org/show_bug.cgi?id=139598
2613         <rdar://problem/18779367>
2614
2615         Reviewed by Filip Pizlo.
2616
2617         * runtime/JSArray.cpp:
2618         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2619         * tests/stress/sparse_splice.js: Added.
2620
2621 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2622
2623         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2624         https://bugs.webkit.org/show_bug.cgi?id=139532
2625
2626         Reviewed by Mark Lam.
2627
2628         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2629
2630         * builtins/BuiltinExecutables.h:
2631         * bytecode/CodeBlock.h:
2632         * bytecode/UnlinkedCodeBlock.cpp:
2633         (JSC::generateFunctionCodeBlock):
2634         * ftl/FTLAbstractHeap.cpp:
2635         (JSC::FTL::IndexedAbstractHeap::atSlow):
2636         * ftl/FTLAbstractHeap.h:
2637         * ftl/FTLCompile.cpp:
2638         (JSC::FTL::mmAllocateDataSection):
2639         * ftl/FTLJITFinalizer.h:
2640         * jsc.cpp:
2641         (jscmain):
2642         * parser/Lexer.h:
2643         * runtime/PropertyMapHashTable.h:
2644         (JSC::PropertyTable::clearDeletedOffsets):
2645         (JSC::PropertyTable::addDeletedOffset):
2646         * runtime/PropertyTable.cpp:
2647         (JSC::PropertyTable::PropertyTable):
2648         * runtime/RegExpObject.cpp:
2649         * runtime/SmallStrings.cpp:
2650         * runtime/Structure.cpp:
2651         * runtime/StructureIDTable.cpp:
2652         (JSC::StructureIDTable::StructureIDTable):
2653         (JSC::StructureIDTable::resize):
2654         * runtime/StructureIDTable.h:
2655         * runtime/StructureTransitionTable.h:
2656         * runtime/VM.cpp:
2657         (JSC::VM::VM):
2658         (JSC::VM::~VM):
2659         * runtime/VM.h:
2660         * tools/CodeProfile.h:
2661         (JSC::CodeProfile::CodeProfile):
2662         (JSC::CodeProfile::addChild):
2663
2664 2014-12-11  Dan Bernstein  <mitz@apple.com>
2665
2666         iOS Simulator production build fix.
2667
2668         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2669         Simulator, as we did prior to 177027.
2670
2671 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2672
2673         Explicitly export somre more RWIProtocol classes.
2674         rdar://problem/19220408
2675
2676         Unreviewed build fix.
2677
2678         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2679         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2680         * inspector/scripts/codegen/generate_objc_header.py:
2681         (ObjCHeaderGenerator._generate_event_interfaces):
2682         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2683         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2684         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2685         * inspector/scripts/tests/expected/enum-values.json-result:
2686         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2687         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2688         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2689         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2690         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2691         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2692         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2693         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2694         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2695
2696 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2697
2698         Explicitly export some RWIProtocol classes
2699         rdar://problem/19220408
2700
2701         * inspector/scripts/codegen/generate_objc_header.py:
2702         (ObjCHeaderGenerator._generate_type_interface):
2703         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2704         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2705         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2706         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2707         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2708         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2709         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2710
2711 2014-12-11  Mark Lam  <mark.lam@apple.com>
2712
2713         Fix broken build after r177146.
2714         https://bugs.webkit.org/show_bug.cgi?id=139533 
2715
2716         Not reviewed.
2717
2718         * interpreter/CallFrame.h:
2719         (JSC::ExecState::init):
2720         - Restored CallFrame::init() minus the unused JSScope* arg.
2721         * runtime/JSGlobalObject.cpp:
2722         (JSC::JSGlobalObject::init):
2723         - Remove JSScope* arg when calling CallFrame::init().
2724
2725 2014-12-11  Michael Saboff  <msaboff@apple.com>
2726
2727         REGRESSION: Use of undefined CallFrame::ScopeChain value
2728         https://bugs.webkit.org/show_bug.cgi?id=139533
2729
2730         Reviewed by Mark Lam.
2731
2732         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2733         all usages of these funcitons.  In some cases the scope is passed in or determined
2734         another way.  In some cases the scope is used to calculate other values.  Lastly
2735         were places where these functions where used that are no longer needed.  For
2736         example when making a call, the caller's ScopeChain was copied to the callee's
2737         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2738         That slot will be removed in a future patch.
2739
2740         * dfg/DFGByteCodeParser.cpp:
2741         (JSC::DFG::ByteCodeParser::parseBlock):
2742         * dfg/DFGSpeculativeJIT32_64.cpp:
2743         (JSC::DFG::SpeculativeJIT::compile):
2744         * dfg/DFGSpeculativeJIT64.cpp:
2745         (JSC::DFG::SpeculativeJIT::compile):
2746         * dfg/DFGSpeculativeJIT.h:
2747         (JSC::DFG::SpeculativeJIT::callOperation):
2748         * jit/JIT.h:
2749         * jit/JITInlines.h:
2750         (JSC::JIT::callOperation):
2751         * runtime/JSLexicalEnvironment.h:
2752         (JSC::JSLexicalEnvironment::create):
2753         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2754         * jit/JITOpcodes.cpp:
2755         (JSC::JIT::emit_op_create_lexical_environment):
2756         * jit/JITOpcodes32_64.cpp:
2757         (JSC::JIT::emit_op_create_lexical_environment):
2758         * jit/JITOperations.cpp:
2759         * jit/JITOperations.h:
2760         * llint/LLIntSlowPaths.cpp:
2761         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2762         (JSC::LLInt::handleHostCall):
2763         (JSC::LLInt::setUpCall):
2764         (JSC::LLInt::llint_throw_stack_overflow_error):
2765         Pass the current scope value to the helper operationCreateActivation() and
2766         the call to JSLexicalEnvironment::create() instead of using the stack frame
2767         scope chain value.
2768
2769         * dfg/DFGFixupPhase.cpp:
2770         (JSC::DFG::FixupPhase::fixupNode):
2771         CreateActivation now has a second child, the scope.
2772
2773         * interpreter/CallFrame.h:
2774         (JSC::ExecState::init): Deleted.  This is dead code.
2775         (JSC::ExecState::scope): Deleted.
2776         (JSC::ExecState::setScope): Deleted.
2777
2778         * interpreter/Interpreter.cpp:
2779         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2780         chain slot.  
2781         
2782         (JSC::Interpreter::execute):
2783         (JSC::Interpreter::executeCall):
2784         (JSC::Interpreter::executeConstruct):
2785         Changed process to find JSScope values on the stack or by some other means.
2786
2787         * runtime/JSWithScope.h:
2788         (JSC::JSWithScope::JSWithScope): Deleted.
2789         Eliminated unused constructor.
2790
2791         * runtime/StrictEvalActivation.cpp:
2792         (JSC::StrictEvalActivation::StrictEvalActivation):
2793         * runtime/StrictEvalActivation.h:
2794         (JSC::StrictEvalActivation::create):
2795         Changed to pass in the current scope.
2796
2797 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2798
2799         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2800         https://bugs.webkit.org/show_bug.cgi?id=139351
2801
2802         Reviewed by Filip Pizlo.
2803
2804         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2805
2806         * bytecode/SamplingTool.h:
2807         (JSC::SamplingTool::SamplingTool):
2808         * heap/CopiedBlock.h:
2809         (JSC::CopiedBlock::didSurviveGC):
2810         (JSC::CopiedBlock::pin):
2811         * heap/CopiedBlockInlines.h:
2812         (JSC::CopiedBlock::reportLiveBytes):
2813         * heap/GCActivityCallback.h:
2814         * heap/GCThread.cpp:
2815         * heap/Heap.h:
2816         * heap/HeapInlines.h:
2817         (JSC::Heap::markListSet):
2818         * jit/ExecutableAllocator.cpp:
2819         * jit/JIT.cpp:
2820         (JSC::JIT::privateCompile):
2821         * jit/JIT.h:
2822         * jit/JITThunks.cpp:
2823         (JSC::JITThunks::JITThunks):
2824         (JSC::JITThunks::clearHostFunctionStubs):
2825         * jit/JITThunks.h:
2826         * parser/Parser.cpp:
2827         (JSC::Parser<LexerType>::Parser):
2828         * parser/Parser.h:
2829         (JSC::Scope::Scope):
2830         (JSC::Scope::pushLabel):
2831         * parser/ParserArena.cpp:
2832         * parser/ParserArena.h:
2833         (JSC::ParserArena::identifierArena):
2834         * parser/SourceProviderCache.h:
2835         * runtime/CodeCache.h:
2836         * runtime/Executable.h:
2837         * runtime/JSArray.cpp:
2838         (JSC::JSArray::sortVector):
2839         * runtime/JSGlobalObject.h:
2840
2841 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2842
2843         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2844         https://bugs.webkit.org/show_bug.cgi?id=139501
2845
2846         Reviewed by Gavin Barraclough.
2847
2848         NSVersionOfLinkTimeLibrary only works if you link directly against
2849         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2850
2851         It's easy enough just to disable this check on Apple TV, since it has no
2852         backwards compatibility requirement.
2853
2854         * API/JSWrapperMap.mm:
2855         (supportsInitMethodConstructors):
2856
2857 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2858
2859         Fixes operationPutByIds such that they check that the put didn't
2860         change the structure of the object who's property access is being
2861         cached.
2862         https://bugs.webkit.org/show_bug.cgi?id=139196
2863
2864         Reviewed by Filip Pizlo.
2865
2866         * jit/JITOperations.cpp:
2867         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2868         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2869         (JSC::operationPutByIdNonStrictBuildList): ditto.
2870         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2871         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2872         * jit/Repatch.cpp:
2873         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2874         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2875         is the same as the new.
2876         (JSC::buildPutByIdList): Added an argument
2877         * jit/Repatch.h: 
2878         (JSC::buildPutByIdList): Added an argument
2879         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2880
2881 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2882
2883         URTBF after r177030.
2884
2885         Fix linking failure occured on ARM buildbots:
2886         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2887
2888         * runtime/NullGetterFunction.cpp:
2889
2890 2014-12-09  Michael Saboff  <msaboff@apple.com>
2891
2892         DFG Tries using an inner object's getter/setter when one hasn't been defined
2893         https://bugs.webkit.org/show_bug.cgi?id=139229
2894
2895         Reviewed by Filip Pizlo.
2896
2897         Added a new NullGetterFunction singleton class to use for getters and setters that
2898         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2899         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2900         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2901         helper methods.  
2902
2903         * CMakeLists.txt:
2904         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2905         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2906         * JavaScriptCore.xcodeproj/project.pbxproj:
2907         Added NullGetterFunction.cpp & .h to build files.
2908
2909         * dfg/DFGAbstractInterpreterInlines.h:
2910         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2911         * runtime/ObjectPrototype.cpp:
2912         (JSC::objectProtoFuncLookupGetter):
2913         (JSC::objectProtoFuncLookupSetter):
2914         * runtime/PropertyDescriptor.cpp:
2915         (JSC::PropertyDescriptor::setDescriptor):
2916         (JSC::PropertyDescriptor::setAccessorDescriptor):
2917         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
2918         helpers.
2919
2920         * inspector/JSInjectedScriptHostPrototype.cpp:
2921         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
2922         * inspector/JSJavaScriptCallFramePrototype.cpp:
2923         * jit/JITOperations.cpp:
2924         * llint/LLIntSlowPaths.cpp:
2925         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2926         * runtime/JSObject.cpp:
2927         (JSC::JSObject::putIndexedDescriptor):
2928         (JSC::putDescriptor):
2929         (JSC::JSObject::defineOwnNonIndexProperty):
2930         * runtime/MapPrototype.cpp:
2931         (JSC::MapPrototype::finishCreation):
2932         * runtime/SetPrototype.cpp:
2933         (JSC::SetPrototype::finishCreation):
2934         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
2935         and withSetter() to provide a global object.
2936
2937         * runtime/GetterSetter.cpp:
2938         (JSC::GetterSetter::withGetter):
2939         (JSC::GetterSetter::withSetter):
2940         (JSC::callGetter):
2941         (JSC::callSetter):
2942         * runtime/GetterSetter.h:
2943         (JSC::GetterSetter::GetterSetter):
2944         (JSC::GetterSetter::create):
2945         (JSC::GetterSetter::isGetterNull):
2946         (JSC::GetterSetter::isSetterNull):
2947         (JSC::GetterSetter::setGetter):
2948         (JSC::GetterSetter::setSetter):
2949         Changed to use NullGetterFunction for unspecified getters / setters.
2950
2951         * runtime/JSGlobalObject.cpp:
2952         (JSC::JSGlobalObject::init):
2953         (JSC::JSGlobalObject::createThrowTypeError):
2954         (JSC::JSGlobalObject::visitChildren):
2955         * runtime/JSGlobalObject.h:
2956         (JSC::JSGlobalObject::nullGetterFunction):
2957         (JSC::JSGlobalObject::evalFunction):
2958         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
2959         setGetter() and setSetter() to provide a global object.
2960
2961         * runtime/NullGetterFunction.cpp: Added.
2962         (JSC::callReturnUndefined):
2963         (JSC::constructReturnUndefined):
2964         (JSC::NullGetterFunction::getCallData):
2965         (JSC::NullGetterFunction::getConstructData):
2966         * runtime/NullGetterFunction.h: Added.
2967         (JSC::NullGetterFunction::create):
2968         (JSC::NullGetterFunction::createStructure):
2969         (JSC::NullGetterFunction::NullGetterFunction):
2970         New singleton class that returns undefined when called.
2971
2972 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
2973
2974         Re-enable function.arguments
2975         https://bugs.webkit.org/show_bug.cgi?id=139452
2976         <rdar://problem/18848149>
2977
2978         Reviewed by Sam Weinig.
2979
2980         Disabling function.arguments broke a few websites, and we don't have
2981         time right now to work through the details.
2982
2983         I'm re-enabling function.arguments but leaving in the infrastructure
2984         to re-disable it, so we can try this experiment again in the future.
2985
2986         * runtime/Options.h:
2987
2988 2014-12-09  David Kilzer  <ddkilzer@apple.com>
2989
2990         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
2991         <http://webkit.org/b/139212>
2992
2993         Reviewed by Joseph Pecoraro.
2994
2995         * Configurations/Base.xcconfig:
2996         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
2997           on OS X.
2998         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
2999           OS X.
3000         - Set JAVASCRIPTCORE_CONTENTS_DIR and
3001           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
3002
3003         * Configurations/DebugRelease.xcconfig:
3004         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
3005
3006         * Configurations/JSC.xcconfig:
3007         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
3008
3009         * Configurations/JavaScriptCore.xcconfig:
3010         - Set OTHER_LDFLAGS separately for iOS and OS X.
3011         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
3012           Production builds.
3013         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
3014
3015         * Configurations/LLVMForJSC.xcconfig:
3016         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
3017         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
3018           separately for iOS hardware and OS X.
3019         - Fix curly braces in LIBRARY_SEARCH_PATHS.
3020         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
3021           done before this patch.)
3022
3023         * Configurations/ToolExecutable.xcconfig:
3024         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
3025         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
3026         - Add missing newline.
3027
3028         * Configurations/Version.xcconfig:
3029         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
3030
3031 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3032
3033         Fix EFL build fix since r177001
3034         https://bugs.webkit.org/show_bug.cgi?id=139428
3035
3036         Unreviewed, EFL build fix.
3037
3038         Do not inherit duplicated class. ExpressionNode is already
3039         child of ParserArenaFreeable class.
3040
3041         * parser/Nodes.h:
3042
3043 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
3044
3045         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
3046         https://bugs.webkit.org/show_bug.cgi?id=139384
3047
3048         Reviewed by Mark Lam.
3049
3050         Fix Build Warning by using dataLog() function instead of dataLogF() function.
3051
3052         * runtime/ControlFlowProfiler.cpp:
3053         (JSC::ControlFlowProfiler::dumpData):
3054
3055 2014-12-08  Saam Barati  <saambarati1@gmail.com>
3056
3057         Web Inspector: Enable runtime API for JSC's control flow profiler
3058         https://bugs.webkit.org/show_bug.cgi?id=139346
3059
3060         Reviewed by Joseph Pecoraro.
3061
3062         This patch creates an API that the Web Inspector can use
3063         to get information about which basic blocks have exectued
3064         from JSC's control flow profiler.
3065
3066         * inspector/agents/InspectorRuntimeAgent.cpp:
3067         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
3068         * inspector/agents/InspectorRuntimeAgent.h:
3069         * inspector/protocol/Runtime.json:
3070
3071 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
3072
3073         Removed some allocation and cruft from the parser
3074         https://bugs.webkit.org/show_bug.cgi?id=139416
3075
3076         Reviewed by Mark Lam.
3077
3078         Now, the only AST nodes that require a destructor are the ones that
3079         relate to pickling a function's arguments -- which will required some
3080         deeper thinking to resolve.
3081
3082         This is a < 1% parser speedup.
3083
3084         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3085         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3086         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
3087         was unused.
3088
3089         * bytecompiler/NodesCodegen.cpp:
3090         (JSC::CommaNode::emitBytecode):
3091         (JSC::SourceElements::lastStatement):
3092         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
3093
3094         * parser/ASTBuilder.h:
3095         (JSC::ASTBuilder::ASTBuilder):
3096         (JSC::ASTBuilder::varDeclarations):
3097         (JSC::ASTBuilder::funcDeclarations):
3098         (JSC::ASTBuilder::createFuncDeclStatement):
3099         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
3100         it wasn't buying us anything. We can just use Vector directly.
3101
3102         (JSC::ASTBuilder::createCommaExpr):
3103         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
3104         of a vector, to avoid allocating a vector with inline capacity in the
3105         common case in which an expression is not followed by a vector.
3106
3107         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
3108         up a Vector*.
3109
3110         (JSC::ASTBuilder::appendToComma): Deleted.
3111         (JSC::ASTBuilder::combineCommaNodes): Deleted.
3112
3113         * parser/Lexer.cpp:
3114
3115         * parser/NodeConstructors.h:
3116         (JSC::StatementNode::StatementNode):
3117         (JSC::CommaNode::CommaNode):
3118         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
3119
3120         * parser/NodeInfo.h: Removed.
3121
3122         * parser/Nodes.cpp:
3123         (JSC::SourceElements::append):
3124         (JSC::SourceElements::singleStatement): Use a linked list instead of a
3125         vector to track the statements in a list. This removes some allocation
3126         and it means that we don't need a destructor anymore.
3127
3128         (JSC::ScopeNode::ScopeNode):
3129         (JSC::ProgramNode::ProgramNode):
3130         (JSC::EvalNode::EvalNode):
3131         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
3132         since these values are never null.
3133
3134         * parser/Nodes.h:
3135         (JSC::StatementNode::next):
3136         (JSC::StatementNode::setNext):
3137         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
3138
3139         * parser/Parser.cpp:
3140         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
3141
3142         (JSC::Parser<LexerType>::parseVarDeclarationList):
3143         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
3144         an explicit list of CommaNodes, removing a use of vector and a destructor.
3145
3146         * parser/Parser.h:
3147         (JSC::Parser<LexerType>::parse):
3148         * parser/SyntaxChecker.h:
3149         (JSC::SyntaxChecker::createCommaExpr):
3150         (JSC::SyntaxChecker::appendToCommaExpr):
3151         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
3152
3153 2014-12-08  Commit Queue  <commit-queue@webkit.org>
3154
3155         Unreviewed, rolling out r176979.
3156         https://bugs.webkit.org/show_bug.cgi?id=139424
3157
3158         "New JSC test in this patch is failing" (Requested by mlam on
3159         #webkit).
3160
3161         Reverted changeset:
3162
3163         "Fixes operationPutByIds such that they check that the put
3164         didn't"
3165         https://bugs.webkit.org/show_bug.cgi?id=139196
3166         http://trac.webkit.org/changeset/176979
3167
3168 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3169
3170         Fixes operationPutByIds such that they check that the put didn't
3171         change the structure of the object who's property access is being
3172         cached.
3173         https://bugs.webkit.org/show_bug.cgi?id=139196
3174
3175         Reviewed by Filip Pizlo.
3176
3177         * jit/JITOperations.cpp:
3178         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3179         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3180         (JSC::operationPutByIdNonStrictBuildList): ditto.
3181         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3182         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3183         * jit/Repatch.cpp:
3184         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3185         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3186         is the same as the new.
3187         (JSC::buildPutByIdList): Added an argument
3188         * jit/Repatch.h: 
3189         (JSC::buildPutByIdList): Added an argument
3190         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3191         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3192
3193  
3194 2014-12-08  Anders Carlsson  <andersca@apple.com>
3195
3196         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3197         https://bugs.webkit.org/show_bug.cgi?id=139410
3198
3199         Reviewed by Andreas Kling.
3200
3201         * API/JSContextRef.cpp:
3202         (JSContextGroupSetExecutionTimeLimit):
3203         (JSContextGroupClearExecutionTimeLimit):
3204         * runtime/Watchdog.cpp:
3205         (JSC::Watchdog::setTimeLimit):
3206         (JSC::Watchdog::didFire):
3207         (JSC::Watchdog::startCountdownIfNeeded):
3208         (JSC::Watchdog::startCountdown):
3209         * runtime/Watchdog.h:
3210         * runtime/WatchdogMac.cpp:
3211         (JSC::Watchdog::startTimer):
3212
3213 2014-12-08  Mark Lam  <mark.lam@apple.com>
3214
3215         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3216         <https://webkit.org/b/139327>
3217
3218         Reviewed by Michael Saboff.
3219
3220         The code generator and runtime slow paths expects otherwise.  This patch fixes
3221         CFA to match the code generator's expectation.
3222
3223         * dfg/DFGArrayMode.h:
3224         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3225         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3226
3227 2014-12-08  Chris Dumez  <cdumez@apple.com>
3228
3229         Revert r176293 & r176275
3230
3231         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3232         instead of size_t. There is some disagreement regarding the long-term direction
3233         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3234         while making a decision.
3235
3236         * bytecode/PreciseJumpTargets.cpp:
3237         * replay/EncodedValue.h:
3238
3239 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3240
3241         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3242         https://bugs.webkit.org/show_bug.cgi?id=139373
3243
3244         Reviewed by Sam Weinig.
3245
3246         * interpreter/Interpreter.cpp:
3247
3248 2014-12-06  Anders Carlsson  <andersca@apple.com>
3249
3250         Fix build with newer versions of clang.
3251         rdar://problem/18978716
3252
3253         * ftl/FTLJITCode.h:
3254         Add missing overrides.
3255
3256 2014-12-05  Roger Fong  <roger_fong@apple.com>
3257
3258         [Win] proj files copying over too many resources..
3259         https://bugs.webkit.org/show_bug.cgi?id=139315.
3260         <rdar://problem/19148278>
3261
3262         Reviewed by Brent Fulgham.
3263
3264         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3265
3266 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3267
3268         [JSC][FTL] Add the data layout to the module and fix the pass order.
3269         https://bugs.webkit.org/show_bug.cgi?id=138748
3270
3271         Reviewed by Oliver Hunt.
3272
3273         This adds the data layout to the module, so it can be used by all
3274         optimization passes in the LLVM optimizer pipeline. This also allows
3275         FastISel to select more instructions, because less non-legal types are
3276         generated.
3277         
3278         Also fix the order of the alias analysis passes in the optimization
3279         pipeline.
3280
3281         * ftl/FTLCompile.cpp:
3282         (JSC::FTL::mmAllocateDataSection):
3283
3284 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3285
3286         Removed an unused function.
3287
3288         Reviewed by Michael Saboff.
3289
3290         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3291
3292         * parser/ParserArena.h:
3293
3294 2014-12-05  David Kilzer  <ddkilzer@apple.com>
3295
3296         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
3297         <http://webkit.org/b/139286>
3298
3299         Reviewed by Daniel Bates.
3300
3301         * Configurations/FeatureDefines.xcconfig: Switch back to using
3302         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
3303
3304 2014-12-04  Mark Rowe  <mrowe@apple.com>
3305
3306         Build fix after r176836.
3307
3308         Reviewed by Mark Lam.
3309
3310         * runtime/VM.h:
3311         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
3312         Doing so results in a weak external symbol being generated.
3313
3314 2014-12-04  Saam Barati  <saambarati1@gmail.com>
3315
3316         JavaScript Control Flow Profiler
3317         https://bugs.webkit.org/show_bug.cgi?id=137785
3318
3319         Reviewed by Filip Pizlo.
3320
3321         This patch introduces a mechanism for JavaScriptCore to profile
3322         which basic blocks have executed. This mechanism will then be
3323         used by the Web Inspector to indicate which basic blocks
3324         have and have not executed.
3325         
3326         The profiling works by compiling in an op_profile_control_flow
3327         at the start of every basic block. Then, whenever this op code 
3328         executes, we know that a particular basic block has executed.
3329         
3330         When we tier up a CodeBlock that contains an op_profile_control_flow
3331         that corresponds to an already executed basic block, we don't
3332         have to emit code for that particular op_profile_control_flow
3333         because the internal data structures used to keep track of 
3334         basic block locations has already recorded that the corresponding
3335         op_profile_control_flow has executed.
3336
3337         * CMakeLists.txt:
3338         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3339         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3340         * JavaScriptCore.xcodeproj/project.pbxproj:
3341         * bytecode/BytecodeList.json:
3342         * bytecode/BytecodeUseDef.h:
3343         (JSC::computeUsesForBytecodeOffset):
3344         (JSC::computeDefsForBytecodeOffset):
3345         * bytecode/CodeBlock.cpp:
3346         (JSC::CodeBlock::dumpBytecode):
3347         (JSC::CodeBlock::CodeBlock):
3348         * bytecode/Instruction.h:
3349         * bytecode/UnlinkedCodeBlock.cpp:
3350         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3351         * bytecode/UnlinkedCodeBlock.h:
3352         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3353         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
3354         * bytecompiler/BytecodeGenerator.cpp:
3355         (JSC::BytecodeGenerator::emitProfileControlFlow):
3356         * bytecompiler/BytecodeGenerator.h:
3357         * bytecompiler/NodesCodegen.cpp:
3358         (JSC::ConditionalNode::emitBytecode):
3359         (JSC::IfElseNode::emitBytecode):
3360         (JSC::WhileNode::emitBytecode):
3361         (JSC::ForNode::emitBytecode):
3362         (JSC::ContinueNode::emitBytecode):
3363         (JSC::BreakNode::emitBytecode):
3364         (JSC::ReturnNode::emitBytecode):
3365         (JSC::CaseClauseNode::emitBytecode):
3366         (JSC::SwitchNode::emitBytecode):
3367         (JSC::ThrowNode::emitBytecode):
3368         (JSC::TryNode::emitBytecode):
3369         (JSC::ProgramNode::emitBytecode):
3370         (JSC::FunctionNode::emitBytecode):
3371         * dfg/DFGAbstractInterpreterInlines.h:
3372         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3373         * dfg/DFGByteCodeParser.cpp:
3374         (JSC::DFG::ByteCodeParser::parseBlock):
3375         * dfg/DFGCapabilities.cpp:
3376         (JSC::DFG::capabilityLevel):
3377         * dfg/DFGClobberize.h:
3378         (JSC::DFG::clobberize):
3379         * dfg/DFGDoesGC.cpp:
3380         (JSC::DFG::doesGC):
3381         * dfg/DFGFixupPhase.cpp:
3382         (JSC::DFG::FixupPhase::fixupNode):
3383         * dfg/DFGNode.h:
3384         (JSC::DFG::Node::basicBlockLocation):
3385         * dfg/DFGNodeType.h:
3386         * dfg/DFGPredictionPropagationPhase.cpp:
3387         (JSC::DFG::PredictionPropagationPhase::propagate):