3000d3b1b323cc082946ef62ab1c2b7a168ef2d6
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-24  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [ES6] Return JSInternalPromise as result of evaluateModule
4         https://bugs.webkit.org/show_bug.cgi?id=148173
5
6         Reviewed by Saam Barati.
7
8         Now evaluateModule returns JSInternalPromise* as its result value.
9         When an error occurs while loading or executing the modules,
10         this promise is rejected by that error. By leveraging this, we implemented
11         asynchronous error reporting when executing the modules in JSC shell.
12
13         And this patch also changes the evaluateModule signature to accept the entry
14         point by the moduleName. By using it, JSC shell can start executing the modules
15         with the entry point module name.
16
17         * builtins/ModuleLoaderObject.js:
18         (loadModule):
19         * jsc.cpp:
20         (dumpException):
21         (runWithScripts):
22         * runtime/Completion.cpp:
23         (JSC::evaluateModule):
24         * runtime/Completion.h:
25         * runtime/JSInternalPromise.cpp:
26         (JSC::JSInternalPromise::then):
27         * runtime/JSInternalPromise.h:
28         * runtime/ModuleLoaderObject.cpp:
29         (JSC::ModuleLoaderObject::requestInstantiateAll):
30         (JSC::ModuleLoaderObject::loadModule):
31         (JSC::ModuleLoaderObject::resolve):
32         (JSC::ModuleLoaderObject::fetch):
33         (JSC::ModuleLoaderObject::translate):
34         (JSC::ModuleLoaderObject::instantiate):
35         (JSC::moduleLoaderObjectParseModule):
36         * runtime/ModuleLoaderObject.h:
37
38 2015-08-24  Basile Clement  <basile_clement@apple.com>
39
40         REPTACH is not a word
41         https://bugs.webkit.org/show_bug.cgi?id=148401
42
43         Reviewed by Saam Barati.
44
45         * assembler/MacroAssemblerX86_64.h:
46         (JSC::MacroAssemblerX86_64::callWithSlowPathReturnType):
47         (JSC::MacroAssemblerX86_64::call):
48         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
49         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
50         (JSC::MacroAssemblerX86_64::readCallTarget):
51         (JSC::MacroAssemblerX86_64::linkCall):
52         (JSC::MacroAssemblerX86_64::repatchCall):
53
54 2015-08-24  Mark Lam  <mark.lam@apple.com>
55
56         Add support for setting JSC options from a file.
57         https://bugs.webkit.org/show_bug.cgi?id=148394
58
59         Reviewed by Saam Barati.
60
61         This is needed for environments where the JSC executable does not have access to
62         environmental variables.  This is only needed for debugging, and is currently
63         guarded under a #define USE_OPTIONS_FILE in Options.cpp, and is disabled by
64         default.
65
66         Also fixed Options::setOptions() to be allow for whitespace that is not a single
67         ' '.  This makes setOptions() much more flexible and friendlier to use for loading
68         options in general.
69
70         For example, this current use case of loading options from a file may have '\n's
71         in the character stream, and this feature is easier to implement if setOptions()
72         just support more than 1 whitespace char between options, and recognize whitespace
73         characters other than ' '.
74
75         * runtime/Options.cpp:
76         (JSC::parse):
77         (JSC::Options::initialize):
78         (JSC::Options::setOptions):
79
80 2015-08-24  Filip Pizlo  <fpizlo@apple.com>
81
82         DFG::FixupPhase should use the lambda form of m_graph.doToChildren() rather than the old macro
83         https://bugs.webkit.org/show_bug.cgi?id=148397
84
85         Reviewed by Geoffrey Garen.
86
87         We used to iterate the edges of a node by using the DFG_NODE_DO_TO_CHILDREN macro. We
88         don't need to do that anymore since we have the lambda-based m_graph.doToChildren(). This
89         allows us to get rid of a bunch of helper methods in DFG::FixupPhase.
90
91         I also took the opportunity to give the injectTypeConversionsInBlock() method a more
92         generic name, since after https://bugs.webkit.org/show_bug.cgi?id=145204 it will be used
93         for fix-up of checks more broadly.
94
95         * dfg/DFGFixupPhase.cpp:
96         (JSC::DFG::FixupPhase::run):
97         (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
98         (JSC::DFG::FixupPhase::fixupChecksInBlock):
99         (JSC::DFG::FixupPhase::injectTypeConversionsInBlock): Deleted.
100         (JSC::DFG::FixupPhase::tryToRelaxRepresentation): Deleted.
101         (JSC::DFG::FixupPhase::fixEdgeRepresentation): Deleted.
102         (JSC::DFG::FixupPhase::injectTypeConversionsForEdge): Deleted.
103
104 2015-08-24  Geoffrey Garen  <ggaren@apple.com>
105
106         Some renaming to clarify CodeBlock and UnlinkedCodeBlock
107         https://bugs.webkit.org/show_bug.cgi?id=148391
108
109         Reviewed by Saam Barati.
110
111         * bytecode/UnlinkedFunctionExecutable.cpp:
112         (JSC::generateUnlinkedFunctionCodeBlock):
113         (JSC::UnlinkedFunctionExecutable::visitChildren):
114         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
115         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
116         (JSC::generateFunctionCodeBlock): Deleted.
117         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
118         * bytecode/UnlinkedFunctionExecutable.h: Call our CodeBlocks "unlinked"
119         in the name for clarity, since we are unlinked. 
120
121         * heap/Heap.cpp:
122         (JSC::Heap::objectTypeCounts):
123         (JSC::Heap::deleteAllCodeBlocks):
124         (JSC::Heap::deleteAllUnlinkedCodeBlocks):
125         (JSC::Heap::clearUnmarkedExecutables):
126         (JSC::Heap::deleteOldCode):
127         (JSC::Heap::FinalizerOwner::finalize):
128         (JSC::Heap::addExecutable):
129         (JSC::Heap::collectAllGarbageIfNotDoneRecently):
130         (JSC::Heap::deleteAllCompiledCode): Deleted.
131         (JSC::Heap::deleteAllUnlinkedFunctionCode): Deleted.
132         (JSC::Heap::addCompiledCode): Deleted.
133         * heap/Heap.h:
134         (JSC::Heap::notifyIsSafeToCollect):
135         (JSC::Heap::isSafeToCollect):
136         (JSC::Heap::sizeBeforeLastFullCollection):
137         (JSC::Heap::sizeAfterLastFullCollection):
138         (JSC::Heap::compiledCode): Deleted.
139
140             deleteAllCompiledCode => deleteAllCodeBlocks because "compiled"
141             is a broad phrase these days.
142
143             m_compiledCode => m_executables for the same reason.
144
145             addCompiledCode => addExecutable for the same reason.
146
147             deleteAllUnlinkedFunctionCode => deleteAllUnlinkedCodeBlocks
148             for consistency.
149
150         * jsc.cpp:
151         (functionDeleteAllCompiledCode):
152
153         * runtime/Executable.cpp:
154         (JSC::ScriptExecutable::newCodeBlockFor): codeBlockFor => unlinkedCodeBlockFor
155
156         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation): Deleted.
157         It was strange to put this function on executable, since its name implied
158         that it only changed the executable, but it actually changed all cached
159         code. Now, a client that wants to change cached code must do so explicitly.
160
161         * runtime/Executable.h:
162         (JSC::ScriptExecutable::finishCreation):
163         * runtime/VM.cpp:
164         (JSC::VM::deleteAllCode):
165         * runtime/VMEntryScope.cpp:
166         (JSC::VMEntryScope::VMEntryScope): Updated for renames above.
167
168 2015-08-22  Filip Pizlo  <fpizlo@apple.com>
169
170         DFG::InsertionSet should be tolerant of occasional out-of-order insertions
171         https://bugs.webkit.org/show_bug.cgi?id=148367
172
173         Reviewed by Geoffrey Garen and Saam Barati.
174
175         Since forever, the DFG::InsertionSet has been the way we insert nodes into DFG IR, and it
176         requires that you walk a block in order and perform insertions in order: you can't insert
177         something at index J, then at index I where I < J, except if you do a second pass.
178
179         This restriction makes sense, because it enables a very fast algorithm. And it's very
180         rare that a phase would need to insert things out of order.
181
182         But sometimes - rarely - we need to insert things slightly out-of-order. For example we
183         may want to insert a node at index J, but to insert a check associated with that node, we
184         may need to use index I where I < J. This will come up from the work on
185         https://bugs.webkit.org/show_bug.cgi?id=145204. And it has already come up in the past.
186         It seems like it would be best to just lift this restriction.
187
188         * CMakeLists.txt:
189         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
190         * JavaScriptCore.xcodeproj/project.pbxproj:
191         * dfg/DFGInsertionSet.cpp: Added.
192         (JSC::DFG::InsertionSet::insertSlow):
193         * dfg/DFGInsertionSet.h:
194         (JSC::DFG::InsertionSet::InsertionSet):
195         (JSC::DFG::InsertionSet::graph):
196         (JSC::DFG::InsertionSet::insert):
197         (JSC::DFG::InsertionSet::execute):
198
199 2015-08-24  Yusuke Suzuki  <utatane.tea@gmail.com>
200
201         Create ById IC for ByVal operation only when the specific Id comes more than once
202         https://bugs.webkit.org/show_bug.cgi?id=148288
203
204         Reviewed by Geoffrey Garen.
205
206         After introducing byId ICs into byVal ops, byVal ops creates much ICs than before.
207         The failure fixed in r188767 figures out these ICs are created even if this op is executed only once.
208
209         The situation is the following;
210         In the current code, when byVal op is executed with the Id, we immediately set up the byId IC for that byVal op.
211         But setting up JITGetByIdGenerator generates the fast path IC code and consumes executable memory.
212         As a result, if we call eval("contains byVal ops") with the different strings repeatedly under no-llint environment, each eval call creates byId IC for byVal and consumes executable memory.
213
214         To solve it, we will add "seen" flag to ByValInfo.
215         And we will create the IC on the second byVal op call with the same Id.
216
217         * bytecode/ByValInfo.h:
218         (JSC::ByValInfo::ByValInfo):
219         * jit/JITOperations.cpp:
220         (JSC::tryGetByValOptimize):
221         * jit/JITPropertyAccess.cpp:
222         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
223         (JSC::JIT::privateCompilePutByValWithCachedId): Deleted.
224
225 2015-08-23  Benjamin Poulain  <bpoulain@apple.com>
226
227         [JSC] Get rid of NodePointerTraits
228         https://bugs.webkit.org/show_bug.cgi?id=148340
229
230         Reviewed by Anders Carlsson.
231
232         NodePointerTraits does exactly the same thing has the default trait.
233
234         * dfg/DFGBasicBlock.h:
235         * dfg/DFGCommon.h:
236         (JSC::DFG::NodePointerTraits::defaultValue): Deleted.
237         (JSC::DFG::NodePointerTraits::isEmptyForDump): Deleted.
238
239 2015-08-23  Benjamin Poulain  <bpoulain@apple.com>
240
241         [JSC] Reduce the memory usage of BytecodeLivenessAnalysis
242         https://bugs.webkit.org/show_bug.cgi?id=148353
243
244         Reviewed by Darin Adler.
245
246         BytecodeLivenessAnalysis easily takes kilobytes of memory for
247         non trivial blocks and that memory sticks around because
248         it stored on CodeBlock.
249
250         This patch reduces that memory use a bit.
251
252         Most of the memory is in the array of BytecodeBasicBlock.
253         BytecodeBasicBlock is shrunk by:
254         -Making it not ref-counted.
255         -Removing m_predecessors, it was only used for debugging and
256          is usually big.
257         -Added a shrinkToFit() phase to shrink the vectors once we are
258          done building the BytecodeBasicBlock.
259
260         There are more things we should do in the future:
261         -Store all the BytecodeBasicBlock direclty in the array.
262          We know the size ahead of time, this would be a pure win.
263          The only tricky part is changing m_successors to have the
264          index of the successor instead of a pointer.
265         -Stop putting duplicates in m_successors.
266
267         * bytecode/BytecodeBasicBlock.cpp:
268         (JSC::computeBytecodeBasicBlocks):
269         (JSC::BytecodeBasicBlock::shrinkToFit): Deleted.
270         (JSC::linkBlocks): Deleted.
271         * bytecode/BytecodeBasicBlock.h:
272         (JSC::BytecodeBasicBlock::addSuccessor):
273         (JSC::BytecodeBasicBlock::addPredecessor): Deleted.
274         (JSC::BytecodeBasicBlock::predecessors): Deleted.
275         * bytecode/BytecodeLivenessAnalysis.cpp:
276         (JSC::getLeaderOffsetForBasicBlock):
277         (JSC::findBasicBlockWithLeaderOffset):
278         (JSC::findBasicBlockForBytecodeOffset):
279         (JSC::stepOverInstruction):
280         (JSC::computeLocalLivenessForBytecodeOffset):
281         (JSC::computeLocalLivenessForBlock):
282         (JSC::BytecodeLivenessAnalysis::dumpResults): Deleted.
283         * bytecode/BytecodeLivenessAnalysis.h:
284
285 2015-08-23  Geoffrey Garen  <ggaren@apple.com>
286
287         Unreviewed, rolling back in r188792.
288         https://bugs.webkit.org/show_bug.cgi?id=148347
289
290         Previously reverted changesets:
291
292         "Unify code paths for manually deleting all code"
293         https://bugs.webkit.org/show_bug.cgi?id=148280
294         http://trac.webkit.org/changeset/188792
295
296         The previous patch caused some inspector tests to hang because it
297         introduced extra calls to sourceParsed, and sourceParsed is
298         pathologically slow in WK1 debug builds. This patch restores pre-existing
299         code to limit calls to sourceParsed, excluding code not being debugged
300         (i.e., inspector code).
301
302 2015-08-23  Geoffrey Garen  <ggaren@apple.com>
303
304         Unreviewed, rolling back in r188803.
305
306         Previously reverted changesets:
307
308         "Debugger's VM should never be null"
309         https://bugs.webkit.org/show_bug.cgi?id=148341
310         http://trac.webkit.org/changeset/188803
311
312         * debugger/Debugger.cpp:
313         (JSC::Debugger::Debugger):
314         (JSC::Debugger::attach):
315         (JSC::Debugger::detach):
316         (JSC::Debugger::isAttached):
317         (JSC::Debugger::setSteppingMode):
318         (JSC::Debugger::registerCodeBlock):
319         (JSC::Debugger::toggleBreakpoint):
320         (JSC::Debugger::recompileAllJSFunctions):
321         (JSC::Debugger::setBreakpoint):
322         (JSC::Debugger::clearBreakpoints):
323         (JSC::Debugger::clearDebuggerRequests):
324         (JSC::Debugger::setBreakpointsActivated):
325         (JSC::Debugger::breakProgram):
326         (JSC::Debugger::stepOutOfFunction):
327         (JSC::Debugger::returnEvent):
328         (JSC::Debugger::didExecuteProgram):
329         * debugger/Debugger.h:
330         * inspector/JSGlobalObjectScriptDebugServer.cpp:
331         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
332         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
333         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
334         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions): Deleted.
335         * inspector/JSGlobalObjectScriptDebugServer.h:
336         * inspector/ScriptDebugServer.cpp:
337         (Inspector::ScriptDebugServer::ScriptDebugServer):
338         * inspector/ScriptDebugServer.h:
339
340 2015-08-22  Filip Pizlo  <fpizlo@apple.com>
341
342         DFG string concatenation shouldn't be playing fast and loose with effects and OSR exit
343         https://bugs.webkit.org/show_bug.cgi?id=148338
344
345         Reviewed by Michael Saboff and Saam Barati.
346
347         Prior to this change, DFG string concatenation appeared to have various different ways of
348         creating an OSR exit right after a side effect. That's bad, because the exit will cause
349         us to reexecute the side effect. The code appears to have some hacks for avoiding this,
350         but some cases are basically unavoidable, like the OOM case of string concatenation: in
351         trunk that could cause two executions of the toString operation.
352
353         This changes the string concatenation code to either be speculative or effectful but
354         never both. It's already the case that when this code needs to be effectful, it also
355         needs to be slow (it does int->string conversions, calls JS functions, etc). So, this is
356         a small price to pay for sanity.
357
358         The biggest part of this change is the introduction of StrCat, which is like MakeRope but
359         does toString conversions on its own instead of relying on separate nodes. StrCat can
360         take either 2 or 3 children. It's the effectful but not speculative version of MakeRope.
361
362         * dfg/DFGAbstractInterpreterInlines.h:
363         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
364         * dfg/DFGBackwardsPropagationPhase.cpp:
365         (JSC::DFG::BackwardsPropagationPhase::propagate):
366         * dfg/DFGByteCodeParser.cpp:
367         (JSC::DFG::ByteCodeParser::parseBlock):
368         * dfg/DFGClobberize.h:
369         (JSC::DFG::clobberize):
370         * dfg/DFGDoesGC.cpp:
371         (JSC::DFG::doesGC):
372         * dfg/DFGFixupPhase.cpp:
373         (JSC::DFG::FixupPhase::fixupNode):
374         (JSC::DFG::FixupPhase::convertStringAddUse):
375         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
376         (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
377         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
378         * dfg/DFGNodeType.h:
379         * dfg/DFGOperations.cpp:
380         * dfg/DFGOperations.h:
381         * dfg/DFGPredictionPropagationPhase.cpp:
382         (JSC::DFG::PredictionPropagationPhase::propagate):
383         * dfg/DFGSafeToExecute.h:
384         (JSC::DFG::safeToExecute):
385         * dfg/DFGSpeculativeJIT.h:
386         (JSC::DFG::SpeculativeJIT::callOperation):
387         (JSC::DFG::JSValueOperand::JSValueOperand):
388         (JSC::DFG::JSValueOperand::~JSValueOperand):
389         * dfg/DFGSpeculativeJIT32_64.cpp:
390         (JSC::DFG::SpeculativeJIT::compile):
391         * dfg/DFGSpeculativeJIT64.cpp:
392         (JSC::DFG::SpeculativeJIT::compile):
393         * dfg/DFGValidate.cpp:
394         (JSC::DFG::Validate::validate):
395         * ftl/FTLCapabilities.cpp:
396         (JSC::FTL::canCompile):
397         * ftl/FTLIntrinsicRepository.h:
398         * ftl/FTLLowerDFGToLLVM.cpp:
399         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
400         (JSC::FTL::DFG::LowerDFGToLLVM::compileValueAdd):
401         (JSC::FTL::DFG::LowerDFGToLLVM::compileStrCat):
402         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
403         * jit/JITOperations.h:
404         * tests/stress/exception-effect-strcat.js: Added. This test previously failed.
405         * tests/stress/exception-in-strcat-string-overflow.js: Added. An earlier version of this patch made this fail.
406         * tests/stress/exception-in-strcat.js: Added.
407
408 2015-08-22  Andreas Kling  <akling@apple.com>
409
410         [JSC] Static hash tables should be 100% compile-time constant.
411         <https://webkit.org/b/148359>
412
413         Reviewed by Michael Saboff.
414
415         We were dirtying the memory pages containing static hash tables the
416         first time they were used, when a dynamically allocated index-to-key
417         table was built and cached in the HashTable struct.
418
419         It turns out that this "optimization" was completely useless, since
420         we've long since decoupled static hash tables from the JSC::VM and
421         we can get the key for an index via HashTable::values[index].m_key!
422
423         We also get rid of VM::keywords which was a little wrapper around
424         a VM-specific copy of JSC::mainTable. There was nothing VM-specific
425         about it at all, so clients now use JSC::mainTable directly.
426
427         After this change all fooHashTable structs end up in __DATA __const
428         and no runtime initialization/allocation takes place.
429
430         * create_hash_table:
431         * jsc.cpp:
432         * parser/Lexer.cpp:
433         (JSC::isLexerKeyword):
434         (JSC::Lexer<LChar>::parseIdentifier):
435         (JSC::Lexer<UChar>::parseIdentifier):
436         (JSC::Lexer<CharacterType>::parseIdentifierSlowCase):
437         (JSC::Keywords::Keywords): Deleted.
438         * parser/Lexer.h:
439         (JSC::Keywords::isKeyword): Deleted.
440         (JSC::Keywords::getKeyword): Deleted.
441         (JSC::Keywords::~Keywords): Deleted.
442         * runtime/LiteralParser.cpp:
443         (JSC::LiteralParser<CharType>::tryJSONPParse):
444         * runtime/Lookup.cpp:
445         (JSC::HashTable::createTable): Deleted.
446         (JSC::HashTable::deleteTable): Deleted.
447         * runtime/Lookup.h:
448         (JSC::HashTable::entry):
449         (JSC::HashTable::ConstIterator::key):
450         (JSC::HashTable::ConstIterator::skipInvalidKeys):
451         (JSC::HashTable::copy): Deleted.
452         (JSC::HashTable::initializeIfNeeded): Deleted.
453         (JSC::HashTable::begin): Deleted.
454         (JSC::HashTable::end): Deleted.
455         * runtime/VM.cpp:
456         (JSC::VM::VM): Deleted.
457         * runtime/VM.h:
458         * testRegExp.cpp:
459
460 2015-08-21  Commit Queue  <commit-queue@webkit.org>
461
462         Unreviewed, rolling out r188792 and r188803.
463         https://bugs.webkit.org/show_bug.cgi?id=148347
464
465         broke lots of tests, ggaren is going to investigate and reland
466         (Requested by thorton on #webkit).
467
468         Reverted changesets:
469
470         "Unify code paths for manually deleting all code"
471         https://bugs.webkit.org/show_bug.cgi?id=148280
472         http://trac.webkit.org/changeset/188792
473
474         "Debugger's VM should never be null"
475         https://bugs.webkit.org/show_bug.cgi?id=148341
476         http://trac.webkit.org/changeset/188803
477
478 2015-08-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
479
480         Parse control flow statements in WebAssembly
481         https://bugs.webkit.org/show_bug.cgi?id=148333
482
483         Reviewed by Geoffrey Garen.
484
485         Parse control flow statements in WebAssembly files generated by pack-asmjs
486         <https://github.com/WebAssembly/polyfill-prototype-1>.
487
488         * wasm/WASMConstants.h:
489         * wasm/WASMFunctionParser.cpp:
490         (JSC::WASMFunctionParser::parseStatement):
491         (JSC::WASMFunctionParser::parseIfStatement):
492         (JSC::WASMFunctionParser::parseIfElseStatement):
493         (JSC::WASMFunctionParser::parseWhileStatement):
494         (JSC::WASMFunctionParser::parseDoStatement):
495         (JSC::WASMFunctionParser::parseLabelStatement):
496         (JSC::WASMFunctionParser::parseBreakStatement):
497         (JSC::WASMFunctionParser::parseBreakLabelStatement):
498         (JSC::WASMFunctionParser::parseContinueStatement):
499         (JSC::WASMFunctionParser::parseContinueLabelStatement):
500         (JSC::WASMFunctionParser::parseSwitchStatement):
501         * wasm/WASMFunctionParser.h:
502         (JSC::WASMFunctionParser::WASMFunctionParser):
503         * wasm/WASMReader.cpp:
504         (JSC::WASMReader::readCompactInt32):
505         (JSC::WASMReader::readSwitchCase):
506         * wasm/WASMReader.h:
507
508 2015-08-21  Geoffrey Garen  <ggaren@apple.com>
509
510         Debugger's VM should never be null
511         https://bugs.webkit.org/show_bug.cgi?id=148341
512
513         Reviewed by Joseph Pecoraro.
514
515         It doesn't make sense for a Debugger's VM to be null, and code related
516         to maintaining that illusion just caused the Web Inspector to crash on
517         launch (https://bugs.webkit.org/show_bug.cgi?id=148312). So, let's stop
518         doing that.
519
520         Now, Debugger requires its subclass to provide a never-null VM&.
521
522         Also took the opportunity, based on review feedback, to remove some
523         confusion in the virtual recompileAllJSFunctions hierarchy, by eliminating
524         the pure virtual in ScriptDebugServer and the unnecessary override in
525         JSGlobalObjectScriptDebugServer.
526
527         * debugger/Debugger.cpp:
528         (JSC::Debugger::Debugger):
529         (JSC::Debugger::attach):
530         (JSC::Debugger::detach):
531         (JSC::Debugger::isAttached):
532         (JSC::Debugger::setSteppingMode):
533         (JSC::Debugger::registerCodeBlock):
534         (JSC::Debugger::toggleBreakpoint):
535         (JSC::Debugger::recompileAllJSFunctions):
536         (JSC::Debugger::setBreakpoint):
537         (JSC::Debugger::clearBreakpoints):
538         (JSC::Debugger::clearDebuggerRequests):
539         (JSC::Debugger::setBreakpointsActivated):
540         (JSC::Debugger::breakProgram):
541         (JSC::Debugger::stepOutOfFunction):
542         (JSC::Debugger::returnEvent):
543         (JSC::Debugger::didExecuteProgram):
544         * debugger/Debugger.h:
545         * inspector/JSGlobalObjectScriptDebugServer.cpp:
546         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
547         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
548         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
549         * inspector/ScriptDebugServer.cpp:
550         (Inspector::ScriptDebugServer::ScriptDebugServer):
551         * inspector/ScriptDebugServer.h:
552
553 2015-08-21  Basile Clement  <basile_clement@apple.com>
554
555         Remove unused code relative to allocation sinking
556         https://bugs.webkit.org/show_bug.cgi?id=148342
557
558         Reviewed by Mark Lam.
559
560         This removes two things:
561
562          - The DFGPromoteHeapAccess.h file which is a relic of the old sinking
563            phase and is no longer used (it has been subsumed by
564            ObjectAllocationSinking::promoteLocalHeap)
565
566          - Code in the allocation sinking phase for sinking
567            MaterializeCreateActivation and MaterializeNewObject. Handling those
568            is no longer necessary since the phase no longer runs in a fixpoint
569            and thus will never see those nodes, since no other phase creates
570            them.
571
572         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
573         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
574         * JavaScriptCore.xcodeproj/project.pbxproj:
575         * dfg/DFGObjectAllocationSinkingPhase.cpp:
576         * dfg/DFGPromoteHeapAccess.h: Removed.
577
578 2015-08-21  Geoffrey Garen  <ggaren@apple.com>
579
580         Unify code paths for manually deleting all code
581         https://bugs.webkit.org/show_bug.cgi?id=148280
582
583         Reviewed by Saam Barati.
584
585         We used to have three paths for manually deleting all code. Now we have
586         one shared path.
587
588         * debugger/Debugger.cpp:
589         (JSC::Debugger::attach): Notify the debugger of all previous code when
590         it attaches. We used to do this when recompiling, which was only correct
591         by accident.
592
593         (JSC::Debugger::recompileAllJSFunctions): Switch to the shared path.
594
595         * heap/Heap.h:
596         (JSC::Heap::compiledCode):
597
598         * inspector/agents/InspectorRuntimeAgent.cpp:
599         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
600         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
601         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
602         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
603         (Inspector::TypeRecompiler::visit): Deleted.
604         (Inspector::TypeRecompiler::operator()): Deleted.
605         (Inspector::recompileAllJSFunctionsForTypeProfiling): Deleted. Switch
606         to the shared path.
607
608         * runtime/VM.cpp:
609         (JSC::VM::afterVMExit): Added a helper for scheduling an activity after
610         VM exit. We can't delete code while it's on the stack, and we can't
611         delete auxiliary profiling data while profiling code is on the stack,
612         so in those cases, we schedule the deletion for the next time we exit.
613
614         (JSC::VM::deleteAllCode): Use afterVMExit because we might have code
615         on the stack when debugger, profiler, or watchdog state changes.
616
617         * runtime/VM.h:
618
619         * runtime/VMEntryScope.cpp:
620         (JSC::VMEntryScope::VMEntryScope):
621         (JSC::VMEntryScope::addDidPopListener):
622         (JSC::VMEntryScope::~VMEntryScope):
623         (JSC::VMEntryScope::setEntryScopeDidPopListener): Deleted.
624         * runtime/VMEntryScope.h:
625         (JSC::VMEntryScope::globalObject): Removed the uniquing feature from
626         the scope pop listener list because we don't have a client that wants
627         it, and it's not convenient to use correctly since you can't take
628         the address of a member function, a lambda, or an std::function. We can
629         add this feature back if we discover that we want it.
630
631 2015-08-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
632
633         Implement WebAssembly function parser
634         https://bugs.webkit.org/show_bug.cgi?id=147738
635
636         Reviewed by Filip Pizlo.
637
638         Implement WebAssembly function parser for WebAssembly files produced by pack-asmjs
639         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch parses only
640         some instructions on statements and int32 expressions. Parsing of the rest
641         will be implemented in subsequent patches. The instruction lists in WASMConstants.h
642         are slightly modified from
643         <https://github.com/WebAssembly/polyfill-prototype-1/blob/master/src/shared.h>.
644
645         * CMakeLists.txt:
646         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
647         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
648         * JavaScriptCore.xcodeproj/project.pbxproj:
649         * wasm/WASMConstants.h: Added.
650         * wasm/WASMFormat.h:
651         * wasm/WASMFunctionParser.cpp: Added.
652         (JSC::WASMFunctionParser::checkSyntax):
653         (JSC::WASMFunctionParser::parseFunction):
654         (JSC::WASMFunctionParser::parseLocalVariables):
655         (JSC::WASMFunctionParser::parseStatement):
656         (JSC::WASMFunctionParser::parseSetLocalStatement):
657         (JSC::WASMFunctionParser::parseReturnStatement):
658         (JSC::WASMFunctionParser::parseBlockStatement):
659         (JSC::WASMFunctionParser::parseExpression):
660         (JSC::WASMFunctionParser::parseExpressionI32):
661         (JSC::WASMFunctionParser::parseImmediateExpressionI32):
662         * wasm/WASMFunctionParser.h: Added.
663         (JSC::WASMFunctionParser::WASMFunctionParser):
664         * wasm/WASMFunctionSyntaxChecker.h: Renamed from Source/JavaScriptCore/wasm/WASMMagicNumber.h.
665         * wasm/WASMModuleParser.cpp:
666         (JSC::WASMModuleParser::WASMModuleParser):
667         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
668         (JSC::WASMModuleParser::parseFunctionDefinition):
669         * wasm/WASMModuleParser.h:
670         * wasm/WASMReader.cpp:
671         (JSC::WASMReader::readType):
672         (JSC::WASMReader::readExpressionType):
673         (JSC::WASMReader::readExportFormat):
674         (JSC::WASMReader::readOpStatement):
675         (JSC::WASMReader::readOpExpressionI32):
676         (JSC::WASMReader::readVariableTypes):
677         (JSC::WASMReader::readOp):
678         * wasm/WASMReader.h:
679         (JSC::WASMReader::offset):
680         (JSC::WASMReader::setOffset):
681
682 2015-08-21  Filip Pizlo  <fpizlo@apple.com>
683
684         DFG::PutStackSinkingPhase doesn't need to emit KillStack nodes
685         https://bugs.webkit.org/show_bug.cgi?id=148331
686
687         Reviewed by Geoffrey Garen.
688
689         PutStackSinkingPhase previously emitted a KillStack node when it sank a PutStack. This
690         isn't necessary because KillStack is only interesting for OSR exit, and PutStack nodes
691         that are relevant to OSR will already be preceded by a KillStack/MovHint pair.
692
693         * dfg/DFGPutStackSinkingPhase.cpp:
694
695 2015-08-21  Filip Pizlo  <fpizlo@apple.com>
696
697         DFG::NodeOrigin should have a flag determining if exiting is OK right now
698         https://bugs.webkit.org/show_bug.cgi?id=148323
699
700         Reviewed by Saam Barati.
701
702         * dfg/DFGByteCodeParser.cpp:
703         (JSC::DFG::ByteCodeParser::currentNodeOrigin):
704         (JSC::DFG::ByteCodeParser::branchData):
705         * dfg/DFGInsertionSet.h:
706         (JSC::DFG::InsertionSet::insertConstant):
707         (JSC::DFG::InsertionSet::insertConstantForUse):
708         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
709         * dfg/DFGIntegerCheckCombiningPhase.cpp:
710         (JSC::DFG::IntegerCheckCombiningPhase::handleBlock):
711         * dfg/DFGLICMPhase.cpp:
712         (JSC::DFG::LICMPhase::attemptHoist):
713         * dfg/DFGNodeOrigin.h:
714         (JSC::DFG::NodeOrigin::NodeOrigin):
715         (JSC::DFG::NodeOrigin::isSet):
716         (JSC::DFG::NodeOrigin::withSemantic):
717         * dfg/DFGObjectAllocationSinkingPhase.cpp:
718
719 2015-08-21  Saam barati  <sbarati@apple.com>
720
721         DFG callOperations should not implicitly emit an exception check. At callOperation call sites, we should explicitly emit exception checks
722         https://bugs.webkit.org/show_bug.cgi?id=147988
723
724         Reviewed by Geoffrey Garen.
725
726         This is in preparation for the DFG being able to handle exceptions. 
727         To do this, we need more control over when we emit exception checks.
728         Specifically, we want to be able to silentFill before emitting an exception check.
729         This patch does that. This patch also allows us to easily see which
730         operations do and do not emit exception checks. Finding this information
731         out before was a pain.
732
733         * assembler/AbortReason.h:
734         * dfg/DFGArrayifySlowPathGenerator.h:
735         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
736         * dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
737         * dfg/DFGJITCompiler.h:
738         (JSC::DFG::JITCompiler::appendCall):
739         (JSC::DFG::JITCompiler::exceptionCheck):
740         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
741         * dfg/DFGSlowPathGenerator.h:
742         (JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator):
743         (JSC::DFG::CallSlowPathGenerator::tearDown):
744         (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::CallResultAndNoArgumentsSlowPathGenerator):
745         (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::CallResultAndOneArgumentSlowPathGenerator):
746         (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::CallResultAndTwoArgumentsSlowPathGenerator):
747         (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::CallResultAndThreeArgumentsSlowPathGenerator):
748         (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::CallResultAndFourArgumentsSlowPathGenerator):
749         (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::CallResultAndFiveArgumentsSlowPathGenerator):
750         (JSC::DFG::slowPathCall):
751         * dfg/DFGSpeculativeJIT.cpp:
752         (JSC::DFG::SpeculativeJIT::compileIn):
753         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
754         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
755         (JSC::DFG::SpeculativeJIT::compileArithRound):
756         (JSC::DFG::SpeculativeJIT::compileNewFunction):
757         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
758         (JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
759         (JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
760         (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
761         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
762         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
763         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
764         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
765         (JSC::DFG::SpeculativeJIT::emitSwitchImm):
766         (JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
767         * dfg/DFGSpeculativeJIT.h:
768         (JSC::DFG::SpeculativeJIT::callOperation):
769         (JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
770         (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
771         (JSC::DFG::SpeculativeJIT::appendCall):
772         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
773         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnExceptionSetResult):
774         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
775         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): Deleted.
776         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): Deleted.
777         * dfg/DFGSpeculativeJIT32_64.cpp:
778         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
779         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
780         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
781         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
782         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
783         (JSC::DFG::SpeculativeJIT::emitCall):
784         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
785         (JSC::DFG::SpeculativeJIT::compile):
786         * dfg/DFGSpeculativeJIT64.cpp:
787         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
788         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
789         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
790         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
791         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
792         (JSC::DFG::SpeculativeJIT::emitCall):
793         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
794         (JSC::DFG::SpeculativeJIT::compile):
795         * ftl/FTLIntrinsicRepository.h:
796         * ftl/FTLLowerDFGToLLVM.cpp:
797         (JSC::FTL::DFG::LowerDFGToLLVM::callCheck):
798         * jit/AssemblyHelpers.cpp:
799         (JSC::AssemblyHelpers::jitAssertArgumentCountSane):
800         (JSC::AssemblyHelpers::jitAssertNoException):
801         (JSC::AssemblyHelpers::callExceptionFuzz):
802         (JSC::AssemblyHelpers::emitExceptionCheck):
803         * jit/AssemblyHelpers.h:
804         (JSC::AssemblyHelpers::jitAssertIsInt32):
805         (JSC::AssemblyHelpers::jitAssertIsJSInt32):
806         (JSC::AssemblyHelpers::jitAssertIsNull):
807         (JSC::AssemblyHelpers::jitAssertTagsInPlace):
808         (JSC::AssemblyHelpers::jitAssertArgumentCountSane):
809         (JSC::AssemblyHelpers::jitAssertNoException):
810         * jit/JITOperations.cpp:
811         * jit/JITOperations.h:
812         * runtime/VM.h:
813         (JSC::VM::scratchBufferForSize):
814         (JSC::VM::exceptionFuzzingBuffer):
815
816 2015-08-21  Geoffrey Garen  <ggaren@apple.com>
817
818         REGRESSION (r188714): RELEASE_ASSERT in JSC::Heap::incrementDeferralDepth() opening Web Inspector on daringfireball.net
819         https://bugs.webkit.org/show_bug.cgi?id=148312
820
821         Reviewed by Mark Lam.
822
823         * debugger/Debugger.cpp:
824         (JSC::Debugger::recompileAllJSFunctions): Use our vm argument instead of
825         m_vm because sometimes they are different and m_vm is null. (This behavior
826         is very strange, and we should probably eliminate it -- but we need a 
827         fix for this serious regression right now.)
828
829 2015-08-20  Yusuke Suzuki  <utatane.tea@gmail.com>
830
831         [ES6] prototyping module loader in JSC shell
832         https://bugs.webkit.org/show_bug.cgi?id=147876
833
834         Reviewed by Saam Barati.
835
836         This patch implements ES6 Module Loader part. The implementation is based on
837         the latest draft[1, 2]. The naive implementation poses several problems.
838         This patch attempts to solve the spec issues and proposes the fix[3, 4, 5].
839
840         We construct the JSC internal module loader based on the ES6 Promises.
841         The chain of the promises represents the dependency graph of the modules and
842         it automatically enables asynchronous module fetching.
843         To leverage the Promises internally, we use the InternalPromise landed in r188681.
844
845         The loader has several platform-dependent hooks. The platform can implement
846         these hooks to provide the functionality missing in the module loaders, like
847         "how to fetch the resources". The method table of the JSGlobalObject is extended
848         to accept these hooks from the platform.
849
850         This patch focus on the loading part. So we don't create the module environment
851         and don't link the modules yet.
852
853         To test the current module progress easily, we add the `-m` option to the JSC shell.
854         When this option is specified, we load the given script as the module. And to use
855         the module loading inside the JSC shell, we added the simple loader hook for fetching.
856         It fetches the module content from the file system.
857
858         And to use the ES6 Map in the Loader implementation, we added @get and @set methods to the Map.
859         But it conflicts with the existing `getPrivateName` method. Rename it to `lookUpPrivateName`.
860
861         [1]: https://whatwg.github.io/loader/
862         [2]: https://github.com/whatwg/loader/commit/214c7a6625b445bdf411c39984f36f01139a24be
863         [3]: https://github.com/whatwg/loader/pull/66
864         [4]: https://github.com/whatwg/loader/pull/67
865         [5]: https://github.com/whatwg/loader/issues/68
866         [6]: https://bugs.webkit.org/show_bug.cgi?id=148136
867
868         * CMakeLists.txt:
869         * DerivedSources.make:
870         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
871         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
872         * JavaScriptCore.xcodeproj/project.pbxproj:
873         * builtins/BuiltinNames.h:
874         (JSC::BuiltinNames::lookUpPrivateName):
875         (JSC::BuiltinNames::lookUpPublicName):
876         (JSC::BuiltinNames::getPrivateName): Deleted.
877         (JSC::BuiltinNames::getPublicName): Deleted.
878         * builtins/ModuleLoaderObject.js: Added.
879         (setStateToMax):
880         (newRegistryEntry):
881         (forceFulfillPromise):
882         (fulfillFetch):
883         (fulfillTranslate):
884         (fulfillInstantiate):
885         (instantiation):
886         (requestFetch):
887         (requestTranslate):
888         (requestInstantiate):
889         (requestResolveDependencies.resolveDependenciesPromise.this.requestInstantiate.then.):
890         (requestResolveDependencies.resolveDependenciesPromise.this.requestInstantiate.then):
891         (requestResolveDependencies):
892         (requestInstantiateAll):
893         (provide):
894         * jsc.cpp:
895         (stringFromUTF):
896         (jscSource):
897         (GlobalObject::moduleLoaderFetch):
898         (functionCheckModuleSyntax):
899         (dumpException):
900         (runWithScripts):
901         (printUsageStatement):
902         (CommandLine::parseArguments):
903         (jscmain):
904         (CommandLine::CommandLine): Deleted.
905         * parser/Lexer.cpp:
906         (JSC::Lexer<LChar>::parseIdentifier):
907         (JSC::Lexer<UChar>::parseIdentifier):
908         * parser/ModuleAnalyzer.cpp:
909         (JSC::ModuleAnalyzer::ModuleAnalyzer):
910         (JSC::ModuleAnalyzer::exportVariable):
911         (JSC::ModuleAnalyzer::analyze):
912         * parser/ModuleAnalyzer.h:
913         (JSC::ModuleAnalyzer::moduleRecord):
914         * parser/ModuleRecord.cpp:
915         (JSC::printableName): Deleted.
916         (JSC::ModuleRecord::dump): Deleted.
917         * parser/ModuleRecord.h:
918         (JSC::ModuleRecord::ImportEntry::isNamespace): Deleted.
919         (JSC::ModuleRecord::create): Deleted.
920         (JSC::ModuleRecord::appendRequestedModule): Deleted.
921         (JSC::ModuleRecord::addImportEntry): Deleted.
922         (JSC::ModuleRecord::addExportEntry): Deleted.
923         (JSC::ModuleRecord::addStarExportEntry): Deleted.
924         * parser/Nodes.h:
925         * parser/NodesAnalyzeModule.cpp:
926         (JSC::ImportDeclarationNode::analyzeModule):
927         (JSC::ExportAllDeclarationNode::analyzeModule):
928         (JSC::ExportNamedDeclarationNode::analyzeModule):
929         * runtime/CommonIdentifiers.cpp:
930         (JSC::CommonIdentifiers::lookUpPrivateName):
931         (JSC::CommonIdentifiers::lookUpPublicName):
932         (JSC::CommonIdentifiers::getPrivateName): Deleted.
933         (JSC::CommonIdentifiers::getPublicName): Deleted.
934         * runtime/CommonIdentifiers.h:
935         * runtime/Completion.cpp:
936         (JSC::checkModuleSyntax):
937         (JSC::evaluateModule):
938         * runtime/Completion.h:
939         * runtime/ExceptionHelpers.cpp:
940         (JSC::createUndefinedVariableError):
941         * runtime/Identifier.h:
942         * runtime/JSGlobalObject.cpp:
943         (JSC::JSGlobalObject::init):
944         (JSC::JSGlobalObject::visitChildren):
945         * runtime/JSGlobalObject.h:
946         (JSC::JSGlobalObject::moduleLoader):
947         (JSC::JSGlobalObject::moduleRecordStructure):
948         * runtime/JSModuleRecord.cpp: Renamed from Source/JavaScriptCore/parser/ModuleRecord.cpp.
949         (JSC::JSModuleRecord::destroy):
950         (JSC::JSModuleRecord::finishCreation):
951         (JSC::printableName):
952         (JSC::JSModuleRecord::dump):
953         * runtime/JSModuleRecord.h: Renamed from Source/JavaScriptCore/parser/ModuleRecord.h.
954         (JSC::JSModuleRecord::ImportEntry::isNamespace):
955         (JSC::JSModuleRecord::createStructure):
956         (JSC::JSModuleRecord::create):
957         (JSC::JSModuleRecord::requestedModules):
958         (JSC::JSModuleRecord::JSModuleRecord):
959         (JSC::JSModuleRecord::appendRequestedModule):
960         (JSC::JSModuleRecord::addImportEntry):
961         (JSC::JSModuleRecord::addExportEntry):
962         (JSC::JSModuleRecord::addStarExportEntry):
963         * runtime/MapPrototype.cpp:
964         (JSC::MapPrototype::finishCreation):
965         * runtime/ModuleLoaderObject.cpp: Added.
966         (JSC::ModuleLoaderObject::ModuleLoaderObject):
967         (JSC::ModuleLoaderObject::finishCreation):
968         (JSC::ModuleLoaderObject::getOwnPropertySlot):
969         (JSC::printableModuleKey):
970         (JSC::ModuleLoaderObject::provide):
971         (JSC::ModuleLoaderObject::requestInstantiateAll):
972         (JSC::ModuleLoaderObject::resolve):
973         (JSC::ModuleLoaderObject::fetch):
974         (JSC::ModuleLoaderObject::translate):
975         (JSC::ModuleLoaderObject::instantiate):
976         (JSC::moduleLoaderObjectParseModule):
977         (JSC::moduleLoaderObjectRequestedModules):
978         (JSC::moduleLoaderObjectResolve):
979         (JSC::moduleLoaderObjectFetch):
980         (JSC::moduleLoaderObjectTranslate):
981         (JSC::moduleLoaderObjectInstantiate):
982         * runtime/ModuleLoaderObject.h: Added.
983         (JSC::ModuleLoaderObject::create):
984         (JSC::ModuleLoaderObject::createStructure):
985         * runtime/Options.h:
986
987 2015-08-20  Filip Pizlo  <fpizlo@apple.com>
988
989         DFG should have a KnownBooleanUse for cases where we are required to know that the child is a boolean and it's not OK to speculate
990         https://bugs.webkit.org/show_bug.cgi?id=148286
991
992         Reviewed by Benjamin Poulain.
993
994         This enables us to ensure that the Branch or LogicalNot after an effectful CompareXYZ can
995         be marked as !mayExit(). I need that for https://bugs.webkit.org/show_bug.cgi?id=145204.
996
997         * dfg/DFGFixupPhase.cpp:
998         (JSC::DFG::FixupPhase::fixupNode):
999         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1000         * dfg/DFGSafeToExecute.h:
1001         (JSC::DFG::SafeToExecuteEdge::operator()):
1002         * dfg/DFGSpeculativeJIT.cpp:
1003         (JSC::DFG::SpeculativeJIT::speculate):
1004         * dfg/DFGSpeculativeJIT.h:
1005         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1006         * dfg/DFGSpeculativeJIT32_64.cpp:
1007         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1008         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1009         (JSC::DFG::SpeculativeJIT::emitBranch):
1010         * dfg/DFGSpeculativeJIT64.cpp:
1011         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1012         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1013         (JSC::DFG::SpeculativeJIT::emitBranch):
1014         * dfg/DFGUseKind.cpp:
1015         (WTF::printInternal):
1016         * dfg/DFGUseKind.h:
1017         (JSC::DFG::typeFilterFor):
1018         (JSC::DFG::shouldNotHaveTypeCheck):
1019         * ftl/FTLCapabilities.cpp:
1020         (JSC::FTL::canCompile):
1021         * ftl/FTLLowerDFGToLLVM.cpp:
1022         (JSC::FTL::DFG::LowerDFGToLLVM::boolify):
1023         (JSC::FTL::DFG::LowerDFGToLLVM::lowBoolean):
1024
1025 2015-08-20  Filip Pizlo  <fpizlo@apple.com>
1026
1027         Overflow check elimination fails for a simple test case
1028         https://bugs.webkit.org/show_bug.cgi?id=147387
1029
1030         Reviewed by Benjamin Poulain.
1031
1032         Overflow check elimination was having issues when things got constant-folded, because whereas an
1033         Add or LessThan operation teaches us about relationships between the things being added or
1034         compared, we don't do that when we see a JSConstant. We don't create a relationship between every
1035         JSConstant and every other JSConstant. So, if we constant-fold an Add, we forget the relationships
1036         that it would have had with its inputs.
1037
1038         One solution would be to have every JSConstant create a relationship with every other JSConstant.
1039         This is dangerous, since it would create O(n^2) explosion of relationships.
1040
1041         Instead, this patch teaches filtration and merging how to behave "as if" there were inter-constant
1042         relationships. Normally those operations only work on two relationships involving the same node
1043         pair. But now, if we have @x op @c and @x op @d, where @c and @d are different nodes but both are
1044         constants, we will do merging or filtering by grokking the constant values.
1045
1046         This speeds up lots of tests in JSRegress, because it enables overflow check elimination on things
1047         like:
1048
1049         for (var i = 0; i < 100; ++i)
1050
1051         Previously, the fact that this was all constants would throw off the analysis because the analysis
1052         wouldn't "know" that 0 < 100.
1053
1054         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1055
1056 2015-08-20  Geoffrey Garen  <ggaren@apple.com>
1057
1058         forEachCodeBlock should wait for all CodeBlocks automatically
1059         https://bugs.webkit.org/show_bug.cgi?id=148255
1060
1061         Add back a line of code I deleted by accident in my last patch due to
1062         incorrect merge.
1063
1064         Unreviewed.
1065
1066         * runtime/VM.cpp:
1067         (JSC::VM::deleteAllCode):
1068
1069 2015-08-20  Geoffrey Garen  <ggaren@apple.com>
1070
1071         forEachCodeBlock should wait for all CodeBlocks automatically
1072         https://bugs.webkit.org/show_bug.cgi?id=148255
1073
1074         Reviewed by Saam Barati.
1075
1076         Previously, all clients needed to wait manually before calling
1077         forEachCodeBlock. That's easy to get wrong, and at least one place
1078         got it wrong. Let's do this automatically instead.
1079
1080         * debugger/Debugger.cpp:
1081         (JSC::Debugger::Debugger):
1082         (JSC::Debugger::setSteppingMode):
1083         (JSC::Debugger::toggleBreakpoint): No need to wait manually;
1084         forEachCodeBlock will do it automatically now.
1085
1086         (JSC::Debugger::recompileAllJSFunctions): We still need to wait manually
1087         here because this is an iteration of the heap, which does not wait
1088         automatically. Use the new helper function for waiting.
1089
1090         (JSC::Debugger::clearBreakpoints):
1091         (JSC::Debugger::clearDebuggerRequests):
1092         (JSC::Debugger::setBreakpointsActivated):
1093         (JSC::Debugger::forEachCodeBlock): Deleted. No need to wait manually.
1094
1095         * debugger/Debugger.h:
1096
1097         * dfg/DFGWorklist.cpp:
1098         (JSC::DFG::completeAllPlansForVM):
1099         * dfg/DFGWorklist.h:
1100         (JSC::DFG::completeAllPlansForVM): Added a helper function that replaces
1101         vm.prepareToDeleteCode. This new function is clearer because we need
1102         to call it sometimes even if we are not going to delete code.
1103
1104         * heap/HeapInlines.h:
1105         (JSC::Heap::forEachCodeBlock): Moved.
1106
1107         * inspector/agents/InspectorRuntimeAgent.cpp:
1108         (Inspector::recompileAllJSFunctionsForTypeProfiling): Use the new helper
1109         function.
1110
1111         * runtime/JSCInlines.h:
1112         (JSC::Heap::forEachCodeBlock): Do the waiting automatically.
1113
1114         * runtime/VM.cpp:
1115         (JSC::VM::stopSampling):
1116         (JSC::VM::deleteAllCode):
1117         (JSC::VM::setEnabledProfiler):
1118         (JSC::VM::prepareToDeleteCode): Deleted.
1119         * runtime/VM.h: No need to wait manually.
1120
1121 2015-08-20  Commit Queue  <commit-queue@webkit.org>
1122
1123         Unreviewed, rolling out r188675.
1124         https://bugs.webkit.org/show_bug.cgi?id=148244
1125
1126         "caused a 17% Mac PLT regression" (Requested by ggaren on
1127         #webkit).
1128
1129         Reverted changeset:
1130
1131         "clearCode() should clear code"
1132         https://bugs.webkit.org/show_bug.cgi?id=148203
1133         http://trac.webkit.org/changeset/188675
1134
1135 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1136
1137         Introduce put_by_id like IC into put_by_val when the given name is String or Symbol
1138         https://bugs.webkit.org/show_bug.cgi?id=147760
1139
1140         Reviewed by Filip Pizlo.
1141
1142         This patch adds put_by_id IC to put_by_val by caching the one candidate id,
1143         it is the same thing to the get_by_val IC extension.
1144         It will encourage the use of ES6 Symbols and ES6 computed properties in the object literals.
1145
1146         In this patch, we leverage the existing CheckIdent and PutById / PutByVal in DFG,
1147         so this patch does not change FTL because the above operations are already supported in FTL.
1148
1149         And this patch also includes refactoring to leverage byValInfo->slowPathCount in the cached Id path.
1150
1151         Performance results report there's no regression in the existing tests. And in the synthetic
1152         benchmarks created by modifying put-by-id to put-by-val, we can see significant performance
1153         improvements up to 13.9x.
1154
1155         * bytecode/PutByIdStatus.cpp:
1156         (JSC::PutByIdStatus::computeForStubInfo):
1157         * bytecode/PutByIdStatus.h:
1158         * dfg/DFGByteCodeParser.cpp:
1159         (JSC::DFG::ByteCodeParser::parseBlock):
1160         * jit/JIT.h:
1161         (JSC::JIT::compilePutByValWithCachedId):
1162         * jit/JITOperations.cpp:
1163         (JSC::getByVal):
1164         (JSC::tryGetByValOptimize):
1165         * jit/JITOperations.h:
1166         * jit/JITPropertyAccess.cpp:
1167         (JSC::JIT::emitGetByValWithCachedId):
1168         (JSC::JIT::emit_op_put_by_val):
1169         (JSC::JIT::emitPutByValWithCachedId):
1170         (JSC::JIT::emitSlow_op_put_by_val):
1171         (JSC::JIT::emitIdentifierCheck):
1172         (JSC::JIT::privateCompilePutByValWithCachedId):
1173         * jit/JITPropertyAccess32_64.cpp:
1174         (JSC::JIT::emitGetByValWithCachedId):
1175         (JSC::JIT::emit_op_put_by_val):
1176         (JSC::JIT::emitPutByValWithCachedId):
1177         (JSC::JIT::emitSlow_op_put_by_val):
1178         * tests/stress/put-by-val-with-string-break.js: Added.
1179         (shouldBe):
1180         (assign):
1181         * tests/stress/put-by-val-with-string-generated.js: Added.
1182         (shouldBe):
1183         (gen1):
1184         (gen2):
1185         (assign):
1186         * tests/stress/put-by-val-with-string-generic.js: Added.
1187         (shouldBe):
1188         (assign):
1189         * tests/stress/put-by-val-with-symbol-break.js: Added.
1190         (shouldBe):
1191         (assign):
1192         * tests/stress/put-by-val-with-symbol-generic.js: Added.
1193         (shouldBe):
1194         (assign):
1195
1196 2015-08-20  Alex Christensen  <achristensen@webkit.org>
1197
1198         Clean up CMake build after r188673
1199         https://bugs.webkit.org/show_bug.cgi?id=148234
1200
1201         Reviewed by Tim Horton.
1202
1203         * shell/PlatformWin.cmake:
1204         Define WIN_CAIRO so the WinCairo jsc.exe can find the correct dlls.
1205
1206 2015-08-20  Mark Lam  <mark.lam@apple.com>
1207
1208         A watchdog tests is failing on Windows.
1209         https://bugs.webkit.org/show_bug.cgi?id=148228
1210
1211         Reviewed by Brent Fulgham.
1212
1213         The test just needed a little more time because Windows' timer resolution is low.
1214         After increasing the test deadlines, the test started passing.
1215
1216         * API/tests/ExecutionTimeLimitTest.cpp:
1217         (testExecutionTimeLimit):
1218
1219 2015-08-20  Mark Lam  <mark.lam@apple.com>
1220
1221         Fixed some warnings on Windows.
1222         https://bugs.webkit.org/show_bug.cgi?id=148224
1223
1224         Reviewed by Brent Fulgham.
1225
1226         The Windows build was complaining that function params were hiding a global variable.
1227         Since the function params were unused, I resolved this by removing the param names.
1228
1229         * API/tests/ExecutionTimeLimitTest.cpp:
1230         (currentCPUTimeAsJSFunctionCallback):
1231         (shouldTerminateCallback):
1232         (cancelTerminateCallback):
1233         (extendTerminateCallback):
1234
1235 2015-08-19  Yusuke Suzuki  <utatane.tea@gmail.com>
1236
1237         Add InternalPromise to use Promises safely in the internals
1238         https://bugs.webkit.org/show_bug.cgi?id=148136
1239
1240         Reviewed by Saam Barati.
1241
1242         This patch implements InternalPromise.
1243         It is completely different instance set (constructor, prototype, instance)
1244         but it has the same feature to the Promise.
1245
1246         In the Promise operations, when resolving the promise with the returned promise
1247         from the fulfill handler, we need to look up "then" method.
1248
1249         e.g.
1250             var p3 = p1.then(function handler(...) {
1251                 return p2;
1252             });
1253
1254         When handler is executed, we retrieve the returned `p2` promise. And to resolve
1255         the returned promise by "then" method (that is `p3`), we construct the chain by executing
1256         `p2.then(resolving function for p3)`. So if the user modify the Promise.prototype.then,
1257         we can observe the internal operations.
1258
1259         By using InternalPromise, we completely hide InternalPromise.prototype from the users.
1260         It allows JSC to use Promises internally; even if the user modify / override
1261         the Promise.prototype.then function, it does not effect on InternalPromise.
1262
1263         One limitation is that the implementation need to take care not to leak the InternalPromise instance
1264         to the user space.
1265
1266         * CMakeLists.txt:
1267         * DerivedSources.make:
1268         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1269         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1270         * JavaScriptCore.xcodeproj/project.pbxproj:
1271         * builtins/InternalPromiseConstructor.js: Added.
1272         (internalAll.newResolveElement):
1273         (internalAll):
1274         * builtins/Operations.Promise.js:
1275         (newPromiseDeferred): Deleted.
1276         * builtins/PromiseConstructor.js:
1277         (privateAll.newResolveElement): Deleted.
1278         (privateAll): Deleted.
1279         * runtime/CommonIdentifiers.h:
1280         * runtime/JSGlobalObject.cpp:
1281         (JSC::JSGlobalObject::init):
1282         (JSC::JSGlobalObject::visitChildren):
1283         * runtime/JSGlobalObject.h:
1284         (JSC::JSGlobalObject::promiseConstructor):
1285         (JSC::JSGlobalObject::internalPromiseConstructor):
1286         (JSC::JSGlobalObject::newPromiseCapabilityFunction):
1287         (JSC::JSGlobalObject::newPromiseDeferredFunction): Deleted.
1288         * runtime/JSInternalPromise.cpp: Copied from Source/JavaScriptCore/runtime/JSPromisePrototype.h.
1289         (JSC::JSInternalPromise::create):
1290         (JSC::JSInternalPromise::createStructure):
1291         (JSC::JSInternalPromise::JSInternalPromise):
1292         * runtime/JSInternalPromise.h: Copied from Source/JavaScriptCore/runtime/JSPromise.h.
1293         * runtime/JSInternalPromiseConstructor.cpp: Added.
1294         (JSC::JSInternalPromiseConstructor::create):
1295         (JSC::JSInternalPromiseConstructor::createStructure):
1296         (JSC::JSInternalPromiseConstructor::JSInternalPromiseConstructor):
1297         (JSC::constructPromise):
1298         (JSC::JSInternalPromiseConstructor::getConstructData):
1299         (JSC::JSInternalPromiseConstructor::getCallData):
1300         (JSC::JSInternalPromiseConstructor::getOwnPropertySlot):
1301         * runtime/JSInternalPromiseConstructor.h: Copied from Source/JavaScriptCore/runtime/JSPromiseConstructor.h.
1302         * runtime/JSInternalPromiseDeferred.cpp: Added.
1303         (JSC::JSInternalPromiseDeferred::create):
1304         (JSC::JSInternalPromiseDeferred::JSInternalPromiseDeferred):
1305         (JSC::JSInternalPromiseDeferred::promise):
1306         * runtime/JSInternalPromiseDeferred.h: Copied from Source/JavaScriptCore/runtime/JSPromisePrototype.h.
1307         * runtime/JSInternalPromisePrototype.cpp: Copied from Source/JavaScriptCore/runtime/JSPromisePrototype.cpp.
1308         (JSC::JSInternalPromisePrototype::create):
1309         (JSC::JSInternalPromisePrototype::createStructure):
1310         (JSC::JSInternalPromisePrototype::JSInternalPromisePrototype):
1311         * runtime/JSInternalPromisePrototype.h: Copied from Source/JavaScriptCore/runtime/JSPromise.h.
1312         * runtime/JSPromise.cpp:
1313         (JSC::JSPromise::create):
1314         (JSC::JSPromise::JSPromise):
1315         (JSC::JSPromise::initialize):
1316         * runtime/JSPromise.h:
1317         * runtime/JSPromiseConstructor.cpp:
1318         (JSC::JSPromiseConstructor::JSPromiseConstructor):
1319         (JSC::constructPromise):
1320         (JSC::JSPromiseConstructor::getOwnPropertySlot):
1321         (JSC::JSPromiseConstructor::finishCreation): Deleted.
1322         * runtime/JSPromiseConstructor.h:
1323         * runtime/JSPromiseDeferred.cpp:
1324         (JSC::newPromiseCapability):
1325         (JSC::JSPromiseDeferred::create):
1326         (JSC::JSPromiseDeferred::JSPromiseDeferred):
1327         * runtime/JSPromiseDeferred.h:
1328         * runtime/JSPromisePrototype.cpp:
1329         (JSC::JSPromisePrototype::getOwnPropertySlot):
1330         * runtime/JSPromisePrototype.h:
1331         * runtime/VM.cpp:
1332         (JSC::VM::VM):
1333         * runtime/VM.h:
1334
1335 2015-08-19  Filip Pizlo  <fpizlo@apple.com>
1336
1337         Remove WTF::SpinLock
1338         https://bugs.webkit.org/show_bug.cgi?id=148208
1339
1340         Reviewed by Geoffrey Garen.
1341
1342         Remove the one remaining use of SpinLock.
1343
1344         * API/JSValue.mm:
1345         (handerForStructTag):
1346
1347 2015-08-19  Geoffrey Garen  <ggaren@apple.com>
1348
1349         clearCode() should clear code
1350         https://bugs.webkit.org/show_bug.cgi?id=148203
1351
1352         Reviewed by Saam Barati.
1353
1354         Clearing code used to require two steps: clearCode() and
1355         clearUnlinkedCodeForRecompilation(). Unsurprisingly, clients sometimes
1356         did one or the other or both without much rhyme or reason.
1357
1358         This patch simplifies things by merging both functions into clearCode().
1359
1360         * bytecode/UnlinkedFunctionExecutable.h:
1361         * debugger/Debugger.cpp:
1362         * heap/Heap.cpp:
1363         (JSC::Heap::deleteAllCompiledCode):
1364         (JSC::Heap::clearUnmarkedExecutables):
1365         (JSC::Heap::deleteAllUnlinkedFunctionCode): Deleted. No need for this
1366         function anymore since it was only used by clients who already called
1367         clearCode() (and it would be terribly wrong to use without doing both.)
1368
1369         * heap/Heap.h:
1370         (JSC::Heap::sizeAfterLastFullCollection):
1371         * inspector/agents/InspectorRuntimeAgent.cpp:
1372         (Inspector::TypeRecompiler::visit):
1373         (Inspector::TypeRecompiler::operator()):
1374         * runtime/Executable.cpp:
1375         (JSC::FunctionExecutable::visitChildren):
1376         (JSC::FunctionExecutable::clearCode):
1377         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation): Deleted.
1378         * runtime/Executable.h:
1379         * runtime/VM.cpp:
1380         (JSC::VM::deleteAllCode):
1381
1382 2015-08-19  Alex Christensen  <achristensen@webkit.org>
1383
1384         CMake Windows build should not include files directly from other Source directories
1385         https://bugs.webkit.org/show_bug.cgi?id=148198
1386
1387         Reviewed by Brent Fulgham.
1388
1389         * CMakeLists.txt:
1390         JavaScriptCore_FORWARDING_HEADERS_FILES is no longer necessary because all the headers
1391         that used to be in it are now in JavaScriptCore_FORWARDING_HEADERS_DIRECTORIES
1392         * PlatformEfl.cmake:
1393         * PlatformGTK.cmake:
1394         * PlatformMac.cmake:
1395         * PlatformWin.cmake:
1396
1397 2015-08-19  Eric Carlson  <eric.carlson@apple.com>
1398
1399         Remove ENABLE_WEBVTT_REGIONS
1400         https://bugs.webkit.org/show_bug.cgi?id=148184
1401
1402         Reviewed by Jer Noble.
1403
1404         * Configurations/FeatureDefines.xcconfig: Remove ENABLE_WEBVTT_REGIONS.
1405
1406 2015-08-19  Joseph Pecoraro  <pecoraro@apple.com>
1407
1408         Web Inspector: Unexpected node preview format for an element with newlines in className attribute
1409         https://bugs.webkit.org/show_bug.cgi?id=148192
1410
1411         Reviewed by Brian Burg.
1412
1413         * inspector/InjectedScriptSource.js:
1414         (InjectedScript.prototype._nodePreview):
1415         Replace whitespace blocks with single spaces to produce a simpler class string for previews.
1416
1417 2015-08-19  Mark Lam  <mark.lam@apple.com>
1418
1419         Add support for CheckWatchdogTimer as slow path in DFG and FTL.
1420         https://bugs.webkit.org/show_bug.cgi?id=147968
1421
1422         Reviewed by Michael Saboff.
1423
1424         Re-implement the DFG's CheckWatchdogTimer as a slow path instead of a speculation
1425         check.  Since the watchdog timer can fire spuriously, this allows the code to
1426         stay optimized if all we have are spurious fires.
1427
1428         Implement the equivalent slow path for CheckWatchdogTimer in the FTL. 
1429
1430         The watchdog tests in ExecutionTimeLimitTest.cpp has already been updated in
1431         https://bugs.webkit.org/show_bug.cgi?id=148125 to test for the FTL's watchdog
1432         implementation.
1433
1434         * dfg/DFGSpeculativeJIT32_64.cpp:
1435         (JSC::DFG::SpeculativeJIT::compile):
1436         * dfg/DFGSpeculativeJIT64.cpp:
1437         (JSC::DFG::SpeculativeJIT::compile):
1438         * ftl/FTLCapabilities.cpp:
1439         (JSC::FTL::canCompile):
1440         * ftl/FTLLowerDFGToLLVM.cpp:
1441         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1442         (JSC::FTL::DFG::LowerDFGToLLVM::compileMaterializeCreateActivation):
1443         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckWatchdogTimer):
1444         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize):
1445
1446         * jit/JIT.h:
1447         * jit/JITInlines.h:
1448         (JSC::JIT::callOperation):
1449         * jit/JITOperations.cpp:
1450         * jit/JITOperations.h:
1451         - Changed operationHandleWatchdogTimer() to return an unused nullptr.  This
1452           allows me to reuse the existing DFG slow path generator mechanism.  I didn't
1453           think that operationHandleWatchdogTimer() was worth introducing a whole new set
1454           of machinery just so we can have a slow path that returns void.
1455
1456 2015-08-19  Mark Lam  <mark.lam@apple.com>
1457
1458         Add ability to save and restore JSC options.
1459         https://bugs.webkit.org/show_bug.cgi?id=148125
1460
1461         Reviewed by Saam Barati.
1462
1463         * API/tests/ExecutionTimeLimitTest.cpp:
1464         (testExecutionTimeLimit):
1465         - Employ the new options getter/setter to run watchdog tests for each of the
1466           execution engine tiers.
1467         - Also altered the test scripts to be in a function instead of global code.
1468           This is one of 2 changes needed to give them an opportunity to be FTL compiled.
1469           The other is to add support for compiling CheckWatchdogTimer in the FTL (which
1470           will be addressed in a separate patch).
1471
1472         * jsc.cpp:
1473         (CommandLine::parseArguments):
1474         * runtime/Options.cpp:
1475         (JSC::parse):
1476         - Add the ability to clear a string option with a nullptr value.
1477           This is needed to restore a default string option value which may be null.
1478
1479         (JSC::OptionRange::init):
1480         - Add the ability to clear a range option with a null value.
1481           This is needed to restore a default range option value which may be null.
1482
1483         (JSC::Options::initialize):
1484         (JSC::Options::dumpOptionsIfNeeded):
1485         - Factor code to dump options out to dumpOptionsIfNeeded() since we will need
1486           that logic elsewhere.
1487
1488         (JSC::Options::setOptions):
1489         - Parse an options string and set each of the specified options.
1490
1491         (JSC::Options::dumpAllOptions):
1492         (JSC::Options::dumpAllOptionsInALine):
1493         (JSC::Options::dumpOption):
1494         (JSC::Option::dump):
1495         - Refactored so that the underlying dumper dumps to a StringBuilder instead of
1496           stderr.  This lets us reuse this code to serialize all the options into a
1497           single string for dumpAllOptionsInALine().
1498
1499         * runtime/Options.h:
1500         (JSC::OptionRange::rangeString):
1501
1502 2015-08-18  Filip Pizlo  <fpizlo@apple.com>
1503
1504         Replace all uses of std::mutex/std::condition_variable with WTF::Lock/WTF::Condition
1505         https://bugs.webkit.org/show_bug.cgi?id=148140
1506
1507         Reviewed by Geoffrey Garen.
1508
1509         * inspector/remote/RemoteInspector.h:
1510         * inspector/remote/RemoteInspector.mm:
1511         (Inspector::RemoteInspector::registerDebuggable):
1512         (Inspector::RemoteInspector::unregisterDebuggable):
1513         (Inspector::RemoteInspector::updateDebuggable):
1514         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
1515         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
1516         (Inspector::RemoteInspector::setupFailed):
1517         (Inspector::RemoteInspector::setupCompleted):
1518         (Inspector::RemoteInspector::start):
1519         (Inspector::RemoteInspector::stop):
1520         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1521         (Inspector::RemoteInspector::setParentProcessInformation):
1522         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
1523         (Inspector::RemoteInspector::xpcConnectionFailed):
1524         (Inspector::RemoteInspector::pushListingSoon):
1525         (Inspector::RemoteInspector::receivedIndicateMessage):
1526         (Inspector::RemoteInspector::receivedProxyApplicationSetupMessage):
1527         * inspector/remote/RemoteInspectorXPCConnection.h:
1528         * inspector/remote/RemoteInspectorXPCConnection.mm:
1529         (Inspector::RemoteInspectorXPCConnection::close):
1530         (Inspector::RemoteInspectorXPCConnection::closeFromMessage):
1531         (Inspector::RemoteInspectorXPCConnection::deserializeMessage):
1532         (Inspector::RemoteInspectorXPCConnection::handleEvent):
1533
1534 2015-08-18  Joseph Pecoraro  <pecoraro@apple.com>
1535
1536         Web Inspector: Links for rules in <style> are incorrect, do not account for <style> offset in the document
1537         https://bugs.webkit.org/show_bug.cgi?id=148141
1538
1539         Reviewed by Brian Burg.
1540
1541         * inspector/protocol/CSS.json:
1542         Extend StyleSheetHeader to include start offset information and a bit
1543         for whether or not this was an inline style tag created by the parser.
1544         These match additions to Blink's protocol.
1545
1546 2015-08-18  Benjamin Poulain  <bpoulain@apple.com>
1547
1548         [JSC] Optimize more cases of something-compared-to-null/undefined
1549         https://bugs.webkit.org/show_bug.cgi?id=148157
1550
1551         Reviewed by Geoffrey Garen and Filip Pizlo.
1552
1553         CompareEq is fairly trivial if you assert one of the operands is either
1554         null or undefined. Under those conditions, the only way to have "true"
1555         is to have the other operand be null/undefined or have an object
1556         that masquerades to undefined.
1557
1558         JSC already had a fast path in CompareEqConstant.
1559         With this patch, I generalize this fast path to more cases and try
1560         to eliminate the checks whenever possible.
1561
1562         CompareEq now does the job of CompareEqConstant. If any operand can
1563         be proved to be undefined/other, its edge is set to OtherUse. Whenever
1564         any edge is OtherUse, we generate the fast code we had for CompareEqConstant.
1565
1566         The AbstractInterpreter has additional checks to reduce the node to a constant
1567         whenever possible.
1568
1569         There are two additional changes in this patch:
1570         -The Fixup Phase tries to set edges to OtherUse early. This is done correctly
1571          in ConstantFoldingPhase but setting it up early helps the phases relying
1572          on Clobberize.
1573         -The codegen for CompareEqConstant was improved. The reason is the comparison
1574          for ObjectOrOther could be faster just because the codegen was better.
1575
1576         * dfg/DFGAbstractInterpreterInlines.h:
1577         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1578         * dfg/DFGByteCodeParser.cpp:
1579         (JSC::DFG::ByteCodeParser::parseBlock):
1580         * dfg/DFGClobberize.h:
1581         (JSC::DFG::clobberize): Deleted.
1582         * dfg/DFGConstantFoldingPhase.cpp:
1583         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1584         * dfg/DFGDoesGC.cpp:
1585         (JSC::DFG::doesGC): Deleted.
1586         * dfg/DFGFixupPhase.cpp:
1587         (JSC::DFG::FixupPhase::fixupNode):
1588         * dfg/DFGNode.h:
1589         (JSC::DFG::Node::isUndefinedOrNullConstant):
1590         * dfg/DFGNodeType.h:
1591         * dfg/DFGPredictionPropagationPhase.cpp:
1592         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1593         * dfg/DFGSafeToExecute.h:
1594         (JSC::DFG::safeToExecute): Deleted.
1595         * dfg/DFGSpeculativeJIT.cpp:
1596         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1597         (JSC::DFG::SpeculativeJIT::compare):
1598         * dfg/DFGSpeculativeJIT.h:
1599         (JSC::DFG::SpeculativeJIT::isKnownNotOther):
1600         * dfg/DFGSpeculativeJIT32_64.cpp:
1601         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
1602         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
1603         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
1604         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
1605         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
1606         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1607         * dfg/DFGSpeculativeJIT64.cpp:
1608         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
1609         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
1610         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
1611         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
1612         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
1613         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1614         * dfg/DFGValidate.cpp:
1615         (JSC::DFG::Validate::validate): Deleted.
1616         * dfg/DFGWatchpointCollectionPhase.cpp:
1617         (JSC::DFG::WatchpointCollectionPhase::handle):
1618         * ftl/FTLCapabilities.cpp:
1619         (JSC::FTL::canCompile):
1620         * ftl/FTLLowerDFGToLLVM.cpp:
1621         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEq):
1622         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1623         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEqConstant): Deleted.
1624         * tests/stress/compare-eq-on-null-and-undefined-non-peephole.js: Added.
1625         (string_appeared_here.useForMath):
1626         (testUseForMath):
1627         * tests/stress/compare-eq-on-null-and-undefined-optimized-in-constant-folding.js: Added.
1628         (string_appeared_here.unreachableCodeTest):
1629         (inlinedCompareToNull):
1630         (inlinedComparedToUndefined):
1631         (warmupInlineFunctions):
1632         (testInlineFunctions):
1633         * tests/stress/compare-eq-on-null-and-undefined.js: Added.
1634         (string_appeared_here.compareConstants):
1635         (opaqueNull):
1636         (opaqueUndefined):
1637         (compareConstantsAndDynamicValues):
1638         (compareDynamicValues):
1639         (compareDynamicValueToItself):
1640         (arrayTesting):
1641         (opaqueCompare1):
1642         (testNullComparatorUpdate):
1643         (opaqueCompare2):
1644         (testUndefinedComparatorUpdate):
1645         (opaqueCompare3):
1646         (testNullAndUndefinedComparatorUpdate):
1647
1648 2015-08-18  Yusuke Suzuki  <utatane.tea@gmail.com>
1649
1650         Introduce non-user-observable Promise functions to use Promises internally
1651         https://bugs.webkit.org/show_bug.cgi?id=148118
1652
1653         Reviewed by Saam Barati.
1654
1655         To leverage the Promises internally (like ES6 Module Loaders), we add
1656         the several non-user-observable private methods, like @then, @all. And
1657         refactor the existing Promises implementation to make it easy to use
1658         internally.
1659
1660         But still the trappable part remains. When resolving the promise with
1661         the returned value, we look up the "then" function. So users can trap
1662         by replacing "then" function of the Promise's prototype.
1663         To avoid this situation, we'll introduce completely differnt promise
1664         instances called InternalPromise in the subsequent patch[1].
1665
1666         No behavior change.
1667
1668         [1]: https://bugs.webkit.org/show_bug.cgi?id=148136
1669
1670         * builtins/PromiseConstructor.js:
1671         (privateAll.newResolveElement):
1672         (privateAll):
1673         * runtime/JSGlobalObject.cpp:
1674         (JSC::JSGlobalObject::init):
1675         (JSC::JSGlobalObject::visitChildren): Deleted.
1676         * runtime/JSGlobalObject.h:
1677         (JSC::JSGlobalObject::promiseConstructor): Deleted.
1678         (JSC::JSGlobalObject::promisePrototype): Deleted.
1679         (JSC::JSGlobalObject::promiseStructure): Deleted.
1680         * runtime/JSPromiseConstructor.cpp:
1681         (JSC::JSPromiseConstructor::finishCreation):
1682         * runtime/JSPromiseDeferred.cpp:
1683         (JSC::callFunction):
1684         (JSC::JSPromiseDeferred::resolve):
1685         (JSC::JSPromiseDeferred::reject):
1686         * runtime/JSPromiseDeferred.h:
1687         * runtime/JSPromisePrototype.cpp:
1688         (JSC::JSPromisePrototype::create):
1689         (JSC::JSPromisePrototype::JSPromisePrototype):
1690         * runtime/JSPromisePrototype.h:
1691
1692 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
1693
1694         Try to fix the CLOOP build.
1695
1696         Unreviewed.
1697
1698         * bytecode/CodeBlock.cpp:
1699
1700 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
1701
1702         Split InlineCallFrame into its own file
1703         https://bugs.webkit.org/show_bug.cgi?id=148131
1704
1705         Reviewed by Saam Barati.
1706
1707         * CMakeLists.txt:
1708         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1709         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1710         * JavaScriptCore.xcodeproj/project.pbxproj:
1711         * bytecode/CallLinkStatus.cpp:
1712         * bytecode/CodeBlock.h:
1713         (JSC::ExecState::r):
1714         (JSC::baselineCodeBlockForInlineCallFrame): Deleted.
1715         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): Deleted.
1716         * bytecode/CodeOrigin.cpp:
1717         (JSC::CodeOrigin::inlineStack):
1718         (JSC::CodeOrigin::codeOriginOwner):
1719         (JSC::CodeOrigin::stackOffset):
1720         (JSC::CodeOrigin::dump):
1721         (JSC::CodeOrigin::dumpInContext):
1722         (JSC::InlineCallFrame::calleeConstant): Deleted.
1723         (JSC::InlineCallFrame::visitAggregate): Deleted.
1724         (JSC::InlineCallFrame::calleeForCallFrame): Deleted.
1725         (JSC::InlineCallFrame::hash): Deleted.
1726         (JSC::InlineCallFrame::hashAsStringIfPossible): Deleted.
1727         (JSC::InlineCallFrame::inferredName): Deleted.
1728         (JSC::InlineCallFrame::baselineCodeBlock): Deleted.
1729         (JSC::InlineCallFrame::dumpBriefFunctionInformation): Deleted.
1730         (JSC::InlineCallFrame::dumpInContext): Deleted.
1731         (JSC::InlineCallFrame::dump): Deleted.
1732         (WTF::printInternal): Deleted.
1733         * bytecode/CodeOrigin.h:
1734         (JSC::CodeOrigin::deletedMarker):
1735         (JSC::CodeOrigin::hash):
1736         (JSC::CodeOrigin::operator==):
1737         (JSC::CodeOriginHash::hash):
1738         (JSC::CodeOriginHash::equal):
1739         (JSC::InlineCallFrame::kindFor): Deleted.
1740         (JSC::InlineCallFrame::varargsKindFor): Deleted.
1741         (JSC::InlineCallFrame::specializationKindFor): Deleted.
1742         (JSC::InlineCallFrame::isVarargs): Deleted.
1743         (JSC::InlineCallFrame::InlineCallFrame): Deleted.
1744         (JSC::InlineCallFrame::specializationKind): Deleted.
1745         (JSC::InlineCallFrame::setStackOffset): Deleted.
1746         (JSC::InlineCallFrame::callerFrameOffset): Deleted.
1747         (JSC::InlineCallFrame::returnPCOffset): Deleted.
1748         (JSC::CodeOrigin::stackOffset): Deleted.
1749         (JSC::CodeOrigin::codeOriginOwner): Deleted.
1750         * bytecode/InlineCallFrame.cpp: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.cpp.
1751         (JSC::InlineCallFrame::calleeConstant):
1752         (JSC::CodeOrigin::inlineDepthForCallFrame): Deleted.
1753         (JSC::CodeOrigin::inlineDepth): Deleted.
1754         (JSC::CodeOrigin::isApproximatelyEqualTo): Deleted.
1755         (JSC::CodeOrigin::approximateHash): Deleted.
1756         (JSC::CodeOrigin::inlineStack): Deleted.
1757         (JSC::CodeOrigin::dump): Deleted.
1758         (JSC::CodeOrigin::dumpInContext): Deleted.
1759         * bytecode/InlineCallFrame.h: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.h.
1760         (JSC::InlineCallFrame::isVarargs):
1761         (JSC::InlineCallFrame::InlineCallFrame):
1762         (JSC::InlineCallFrame::specializationKind):
1763         (JSC::baselineCodeBlockForInlineCallFrame):
1764         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1765         (JSC::CodeOrigin::CodeOrigin): Deleted.
1766         (JSC::CodeOrigin::isSet): Deleted.
1767         (JSC::CodeOrigin::operator!): Deleted.
1768         (JSC::CodeOrigin::isHashTableDeletedValue): Deleted.
1769         (JSC::CodeOrigin::operator!=): Deleted.
1770         (JSC::CodeOrigin::deletedMarker): Deleted.
1771         (JSC::CodeOrigin::stackOffset): Deleted.
1772         (JSC::CodeOrigin::hash): Deleted.
1773         (JSC::CodeOrigin::operator==): Deleted.
1774         (JSC::CodeOrigin::codeOriginOwner): Deleted.
1775         (JSC::CodeOriginHash::hash): Deleted.
1776         (JSC::CodeOriginHash::equal): Deleted.
1777         (JSC::CodeOriginApproximateHash::hash): Deleted.
1778         (JSC::CodeOriginApproximateHash::equal): Deleted.
1779         * bytecode/InlineCallFrameSet.cpp:
1780         * dfg/DFGCommonData.cpp:
1781         * dfg/DFGOSRExitBase.cpp:
1782         * dfg/DFGVariableEventStream.cpp:
1783         * ftl/FTLOperations.cpp:
1784         * interpreter/CallFrame.cpp:
1785         * interpreter/StackVisitor.cpp:
1786         * jit/AssemblyHelpers.h:
1787         * profiler/ProfilerOriginStack.cpp:
1788         * runtime/ClonedArguments.cpp:
1789
1790 2015-08-18  Mark Lam  <mark.lam@apple.com>
1791
1792         Removed an unused param in Interpreter::initialize().
1793         https://bugs.webkit.org/show_bug.cgi?id=148129
1794
1795         Reviewed by Michael Saboff.
1796
1797         * interpreter/Interpreter.cpp:
1798         (JSC::Interpreter::~Interpreter):
1799         (JSC::Interpreter::initialize):
1800         * interpreter/Interpreter.h:
1801         (JSC::Interpreter::stack):
1802         * runtime/VM.cpp:
1803         (JSC::VM::VM):
1804
1805 2015-08-17  Alex Christensen  <achristensen@webkit.org>
1806
1807         Add const to content extension parser
1808         https://bugs.webkit.org/show_bug.cgi?id=148044
1809
1810         Reviewed by Benjamin Poulain.
1811
1812         * runtime/JSObject.h:
1813         (JSC::JSObject::getIndexQuickly):
1814         (JSC::JSObject::tryGetIndexQuickly):
1815         (JSC::JSObject::getDirectIndex):
1816         (JSC::JSObject::getIndex):
1817         Added a few const keywords.
1818
1819 2015-08-17  Alex Christensen  <achristensen@webkit.org>
1820
1821         Build Debug Suffix on Windows with CMake
1822         https://bugs.webkit.org/show_bug.cgi?id=148083
1823
1824         Reviewed by Brent Fulgham.
1825
1826         * CMakeLists.txt:
1827         * PlatformWin.cmake:
1828         * shell/CMakeLists.txt:
1829         * shell/PlatformWin.cmake:
1830         Add DEBUG_SUFFIX
1831
1832 2015-08-17  Saam barati  <sbarati@apple.com>
1833
1834         Web Inspector: Type profiler return types aren't showing up
1835         https://bugs.webkit.org/show_bug.cgi?id=147348
1836
1837         Reviewed by Brian Burg.
1838
1839         Bug #145995 changed the starting offset of a function to 
1840         be the open parenthesis of the function's parameter list.
1841         This broke JSC's type profiler protocol of communicating 
1842         return types of a function to the web inspector. This
1843         is now fixed. The text offset used in the protocol is now
1844         the first letter of the function/get/set/method name.
1845         So "f" in "function a() {}", "s" in "set foo(){}", etc.
1846
1847         * bytecode/CodeBlock.cpp:
1848         (JSC::CodeBlock::CodeBlock):
1849         * jsc.cpp:
1850         (functionReturnTypeFor):
1851
1852 2015-08-17 Aleksandr Skachkov   <gskachkov@gmail.com>
1853
1854         [ES6] Implement ES6 arrow function syntax. Arrow function specific features. Lexical bind of this
1855         https://bugs.webkit.org/show_bug.cgi?id=144956
1856
1857         Reviewed by Saam Barati.
1858
1859         Added support of ES6 arrow function specific feature, lexical bind of this and no constructor. http://wiki.ecmascript.org/doku.php?id=harmony:arrow_function_syntax
1860         In patch were implemented the following cases:
1861            this - variable |this| is point to the |this| of the function where arrow function is declared. Lexical bind of |this|
1862            constructor - the using of the command |new| for arrow function leads to runtime error
1863            call(), apply(), bind()  - methods can only pass in arguments, but has no effect on |this| 
1864
1865
1866         * CMakeLists.txt:
1867         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1868         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1869         * JavaScriptCore.xcodeproj/project.pbxproj:
1870         * bytecode/BytecodeList.json:
1871         * bytecode/BytecodeUseDef.h:
1872         (JSC::computeUsesForBytecodeOffset):
1873         (JSC::computeDefsForBytecodeOffset):
1874         * bytecode/CodeBlock.cpp:
1875         (JSC::CodeBlock::dumpBytecode):
1876         * bytecode/ExecutableInfo.h:
1877         (JSC::ExecutableInfo::ExecutableInfo):
1878         (JSC::ExecutableInfo::isArrowFunction):
1879         * bytecode/UnlinkedCodeBlock.cpp:
1880         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1881         * bytecode/UnlinkedCodeBlock.h:
1882         (JSC::UnlinkedCodeBlock::isArrowFunction):
1883         * bytecode/UnlinkedFunctionExecutable.cpp:
1884         (JSC::generateFunctionCodeBlock):
1885         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1886         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1887         * bytecode/UnlinkedFunctionExecutable.h:
1888         * bytecompiler/BytecodeGenerator.cpp:
1889         (JSC::BytecodeGenerator::BytecodeGenerator):
1890         (JSC::BytecodeGenerator::emitNewFunctionCommon):
1891         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1892         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
1893         (JSC::BytecodeGenerator::emitLoadArrowFunctionThis):
1894         * bytecompiler/BytecodeGenerator.h:
1895         * bytecompiler/NodesCodegen.cpp:
1896         (JSC::ArrowFuncExprNode::emitBytecode):
1897         * dfg/DFGAbstractInterpreterInlines.h:
1898         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1899         * dfg/DFGByteCodeParser.cpp:
1900         (JSC::DFG::ByteCodeParser::parseBlock):
1901         * dfg/DFGCapabilities.cpp:
1902         (JSC::DFG::capabilityLevel):
1903         * dfg/DFGClobberize.h:
1904         (JSC::DFG::clobberize):
1905         * dfg/DFGDoesGC.cpp:
1906         (JSC::DFG::doesGC):
1907         * dfg/DFGFixupPhase.cpp:
1908         (JSC::DFG::FixupPhase::fixupNode):
1909         * dfg/DFGNode.h:
1910         (JSC::DFG::Node::convertToPhantomNewFunction):
1911         (JSC::DFG::Node::hasCellOperand):
1912         (JSC::DFG::Node::isFunctionAllocation):
1913         * dfg/DFGNodeType.h:
1914         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1915         * dfg/DFGPredictionPropagationPhase.cpp:
1916         (JSC::DFG::PredictionPropagationPhase::propagate):
1917         * dfg/DFGPromotedHeapLocation.cpp:
1918         (WTF::printInternal):
1919         * dfg/DFGPromotedHeapLocation.h:
1920         * dfg/DFGSafeToExecute.h:
1921         (JSC::DFG::safeToExecute):
1922         * dfg/DFGSpeculativeJIT.cpp:
1923         (JSC::DFG::SpeculativeJIT::compileLoadArrowFunctionThis):
1924         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
1925         (JSC::DFG::SpeculativeJIT::compileNewFunction):
1926         * dfg/DFGSpeculativeJIT.h:
1927         (JSC::DFG::SpeculativeJIT::callOperation):
1928         * dfg/DFGSpeculativeJIT32_64.cpp:
1929         (JSC::DFG::SpeculativeJIT::compile):
1930         * dfg/DFGSpeculativeJIT64.cpp:
1931         (JSC::DFG::SpeculativeJIT::compile):
1932         * dfg/DFGStoreBarrierInsertionPhase.cpp:
1933         * dfg/DFGStructureRegistrationPhase.cpp:
1934         (JSC::DFG::StructureRegistrationPhase::run):
1935         * ftl/FTLAbstractHeapRepository.cpp:
1936         * ftl/FTLAbstractHeapRepository.h:
1937         * ftl/FTLCapabilities.cpp:
1938         (JSC::FTL::canCompile):
1939         * ftl/FTLIntrinsicRepository.h:
1940         * ftl/FTLLowerDFGToLLVM.cpp:
1941         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1942         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewFunction):
1943         (JSC::FTL::DFG::LowerDFGToLLVM::compileLoadArrowFunctionThis):
1944         * ftl/FTLOperations.cpp:
1945         (JSC::FTL::operationMaterializeObjectInOSR):
1946         * interpreter/Interpreter.cpp:
1947         * interpreter/Interpreter.h:
1948         * jit/CCallHelpers.h:
1949         (JSC::CCallHelpers::setupArgumentsWithExecState): Added 3 arguments version for windows build.
1950         * jit/JIT.cpp:
1951         (JSC::JIT::privateCompileMainPass):
1952         * jit/JIT.h:
1953         * jit/JITInlines.h:
1954         (JSC::JIT::callOperation):
1955         * jit/JITOpcodes.cpp:
1956         (JSC::JIT::emit_op_load_arrowfunction_this):
1957         (JSC::JIT::emit_op_new_func_exp):
1958         (JSC::JIT::emitNewFuncExprCommon):
1959         (JSC::JIT::emit_op_new_arrow_func_exp):
1960         * jit/JITOpcodes32_64.cpp:
1961         (JSC::JIT::emit_op_load_arrowfunction_this):
1962         * jit/JITOperations.cpp:
1963         * jit/JITOperations.h:
1964         * llint/LLIntOffsetsExtractor.cpp:
1965         * llint/LLIntSlowPaths.cpp:
1966         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1967         (JSC::LLInt::setUpCall):
1968         * llint/LLIntSlowPaths.h:
1969         * llint/LowLevelInterpreter.asm:
1970         * llint/LowLevelInterpreter32_64.asm:
1971         * llint/LowLevelInterpreter64.asm:
1972         * parser/ASTBuilder.h:
1973         (JSC::ASTBuilder::createFunctionMetadata):
1974         (JSC::ASTBuilder::createArrowFunctionExpr):
1975         * parser/NodeConstructors.h:
1976         (JSC::BaseFuncExprNode::BaseFuncExprNode):
1977         (JSC::FuncExprNode::FuncExprNode):
1978         (JSC::ArrowFuncExprNode::ArrowFuncExprNode):
1979         * parser/Nodes.cpp:
1980         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1981         * parser/Nodes.h:
1982         (JSC::ExpressionNode::isArrowFuncExprNode):
1983         * parser/Parser.cpp:
1984         (JSC::Parser<LexerType>::parseFunctionBody):
1985         (JSC::Parser<LexerType>::parseFunctionInfo):
1986         * parser/SyntaxChecker.h:
1987         (JSC::SyntaxChecker::createFunctionMetadata):
1988         * runtime/Executable.cpp:
1989         (JSC::ScriptExecutable::newCodeBlockFor):
1990         * runtime/Executable.h:
1991         * runtime/JSArrowFunction.cpp: Added.
1992         (JSC::JSArrowFunction::destroy):
1993         (JSC::JSArrowFunction::create):
1994         (JSC::JSArrowFunction::JSArrowFunction):
1995         (JSC::JSArrowFunction::createWithInvalidatedReallocationWatchpoint):
1996         (JSC::JSArrowFunction::visitChildren):
1997         (JSC::JSArrowFunction::getConstructData):
1998         * runtime/JSArrowFunction.h: Added.
1999         (JSC::JSArrowFunction::allocationSize):
2000         (JSC::JSArrowFunction::createImpl):
2001         (JSC::JSArrowFunction::boundThis):
2002         (JSC::JSArrowFunction::createStructure):
2003         (JSC::JSArrowFunction::offsetOfThisValue):
2004         * runtime/JSFunction.h:
2005         * runtime/JSFunctionInlines.h:
2006         (JSC::JSFunction::JSFunction):
2007         * runtime/JSGlobalObject.cpp:
2008         (JSC::JSGlobalObject::init):
2009         (JSC::JSGlobalObject::visitChildren):
2010         * runtime/JSGlobalObject.h:
2011         (JSC::JSGlobalObject::arrowFunctionStructure):
2012         * tests/stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js: Added.
2013         * tests/stress/arrowfunction-activation-sink-osrexit-default-value.js: Added.
2014         * tests/stress/arrowfunction-activation-sink-osrexit.js: Added.
2015         * tests/stress/arrowfunction-activation-sink.js: Added.
2016         * tests/stress/arrowfunction-bound.js: Added.
2017         * tests/stress/arrowfunction-call.js: Added.
2018         * tests/stress/arrowfunction-constructor.js: Added.
2019         * tests/stress/arrowfunction-lexical-bind-this-1.js: Added.
2020         * tests/stress/arrowfunction-lexical-bind-this-2.js: Added.
2021         * tests/stress/arrowfunction-lexical-bind-this-3.js: Added.
2022         * tests/stress/arrowfunction-lexical-bind-this-4.js: Added.
2023         * tests/stress/arrowfunction-lexical-bind-this-5.js: Added.
2024         * tests/stress/arrowfunction-lexical-bind-this-6.js: Added.
2025         * tests/stress/arrowfunction-lexical-this-activation-sink-osrexit.js: Added.
2026         * tests/stress/arrowfunction-lexical-this-activation-sink.js: Added.
2027         * tests/stress/arrowfunction-lexical-this-sinking-no-double-allocate.js: Added.
2028         * tests/stress/arrowfunction-lexical-this-sinking-osrexit.js: Added.
2029         * tests/stress/arrowfunction-lexical-this-sinking-put.js: Added.
2030         * tests/stress/arrowfunction-others.js: Added.
2031         * tests/stress/arrowfunction-run-10-1.js: Added.
2032         * tests/stress/arrowfunction-run-10-2.js: Added.
2033         * tests/stress/arrowfunction-run-10000-1.js: Added.
2034         * tests/stress/arrowfunction-run-10000-2.js: Added.
2035         * tests/stress/arrowfunction-sinking-no-double-allocate.js: Added.
2036         * tests/stress/arrowfunction-sinking-osrexit.js: Added.
2037         * tests/stress/arrowfunction-sinking-put.js: Added.
2038         * tests/stress/arrowfunction-tdz.js: Added.
2039         * tests/stress/arrowfunction-typeof.js: Added.
2040
2041 2015-07-28  Sam Weinig  <sam@webkit.org>
2042
2043         Cleanup the builtin JavaScript files
2044         https://bugs.webkit.org/show_bug.cgi?id=147382
2045
2046         Reviewed by Geoffrey Garen.
2047
2048         * builtins/Array.prototype.js:
2049         * builtins/ArrayConstructor.js:
2050         * builtins/ArrayIterator.prototype.js:
2051         * builtins/Function.prototype.js:
2052         * builtins/Iterator.prototype.js:
2053         * builtins/ObjectConstructor.js:
2054         * builtins/StringConstructor.js:
2055         * builtins/StringIterator.prototype.js:
2056         Unify the style of the built JavaScript files.
2057
2058 2015-08-17  Alex Christensen  <achristensen@webkit.org>
2059
2060         Move some commands from ./CMakeLists.txt to Source/cmake
2061         https://bugs.webkit.org/show_bug.cgi?id=148003
2062
2063         Reviewed by Brent Fulgham.
2064
2065         * CMakeLists.txt:
2066         Added commands needed to build JSC by itself.
2067
2068 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
2069
2070         [ES6] Implement Reflect.get
2071         https://bugs.webkit.org/show_bug.cgi?id=147925
2072
2073         Reviewed by Geoffrey Garen.
2074
2075         This patch implements Reflect.get API.
2076         It can take the receiver object as the third argument.
2077         When the receiver is specified and there's a getter for the given property name,
2078         we call the getter with the receiver as the |this| value.
2079
2080         * runtime/ReflectObject.cpp:
2081         (JSC::reflectObjectGet):
2082         * runtime/SparseArrayValueMap.cpp:
2083         (JSC::SparseArrayEntry::get): Deleted.
2084         * runtime/SparseArrayValueMap.h:
2085         * tests/stress/reflect-get.js: Added.
2086         (shouldBe):
2087         (shouldThrow):
2088         (.get shouldThrow):
2089         (.get var):
2090         (get var.object.get hello):
2091         (.get shouldBe):
2092         (get var.object.set hello):
2093
2094 2015-08-17  Simon Fraser  <simon.fraser@apple.com>
2095
2096         will-change should sometimes trigger compositing
2097         https://bugs.webkit.org/show_bug.cgi?id=148072
2098
2099         Reviewed by Tim Horton.
2100         
2101         Include will-change as a reason for compositing.
2102
2103         * inspector/protocol/LayerTree.json:
2104
2105 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
2106
2107         [ES6] Implement Reflect.getOwnPropertyDescriptor
2108         https://bugs.webkit.org/show_bug.cgi?id=147929
2109
2110         Reviewed by Geoffrey Garen.
2111
2112         Implement Reflect.getOwnPropertyDescriptor.
2113         The difference from the Object.getOwnPropertyDescriptor is
2114         Reflect.getOwnPropertyDescriptor does not perform ToObject onto
2115         the first argument. If the first argument is not an Object, it
2116         immediately raises the TypeError.
2117
2118         * runtime/ObjectConstructor.cpp:
2119         (JSC::objectConstructorGetOwnPropertyDescriptor):
2120         * runtime/ObjectConstructor.h:
2121         * runtime/ReflectObject.cpp:
2122         (JSC::reflectObjectGetOwnPropertyDescriptor):
2123         * tests/stress/reflect-get-own-property.js: Added.
2124         (shouldBe):
2125         (shouldThrow):
2126
2127 2015-08-16  Benjamin Poulain  <bpoulain@apple.com>
2128
2129         [JSC] Use (x + x) instead of (x * 2) when possible
2130         https://bugs.webkit.org/show_bug.cgi?id=148051
2131
2132         Reviewed by Michael Saboff.
2133
2134         When multiplying a number by 2, JSC was loading a constant "2"
2135         in register and multiplying it with the first number:
2136
2137             mov $0x4000000000000000, %rcx
2138             movd %rcx, %xmm0
2139             mulsd %xmm0, %xmm1
2140
2141         This is a problem for a few reasons.
2142         1) "movd %rcx, %xmm0" only set half of XMM0. This instruction
2143            has to wait for any preceding instruction on XMM0 to finish
2144            before executing.
2145         2) The load and transform itself is large and unecessary.
2146
2147         To fix that, I added a StrengthReductionPhase to transform
2148         multiplications by 2 into a addition.
2149
2150         Unfortunately, that turned the code into:
2151             movsd %xmm0 %xmm1
2152             mulsd %xmm1 %xmm0
2153
2154         The reason is GenerationInfo::canReuse() was not accounting
2155         for nodes using other nodes multiple times.
2156
2157         After fixing that too, we now have the multiplications by 2
2158         done as:
2159             addsd %xmm0 %xmm0
2160
2161         * dfg/DFGGenerationInfo.h:
2162         (JSC::DFG::GenerationInfo::useCount):
2163         (JSC::DFG::GenerationInfo::canReuse): Deleted.
2164         * dfg/DFGSpeculativeJIT.cpp:
2165         (JSC::DFG::FPRTemporary::FPRTemporary):
2166         * dfg/DFGSpeculativeJIT.h:
2167         (JSC::DFG::SpeculativeJIT::canReuse):
2168         (JSC::DFG::GPRTemporary::GPRTemporary):
2169         * dfg/DFGStrengthReductionPhase.cpp:
2170         (JSC::DFG::StrengthReductionPhase::handleNode):
2171
2172 2015-08-14  Basile Clement  <basile_clement@apple.com>
2173
2174         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
2175         https://bugs.webkit.org/show_bug.cgi?id=147165
2176
2177         Reviewed by Saam Barati.
2178
2179         The object allocation sinking phase was not properly checking that a
2180         MultiGetByOffset was safe to lower before lowering it.
2181         This makes it so that we only lower MultiGetByOffset if it only loads
2182         from direct properties of the object, and considers it as an escape in
2183         any other case (e.g. a load from the prototype).
2184
2185         It also ensure proper conversion of MultiGetByOffset into
2186         CheckStructureImmediate when needed.
2187
2188         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2189         * ftl/FTLLowerDFGToLLVM.cpp:
2190         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
2191             We were not compiling properly CheckStructure and
2192             CheckStructureImmediate nodes with an empty StructureSet.
2193         * tests/stress/sink-multigetbyoffset.js: Regression test.
2194
2195 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
2196
2197         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
2198         https://bugs.webkit.org/show_bug.cgi?id=147999
2199
2200         Reviewed by Geoffrey Garen.
2201
2202         * API/JSVirtualMachine.mm:
2203         (initWrapperCache):
2204         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
2205         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
2206         (wrapperCacheMutex): Deleted.
2207         * bytecode/SamplingTool.cpp:
2208         (JSC::SamplingTool::doRun):
2209         (JSC::SamplingTool::notifyOfScope):
2210         * bytecode/SamplingTool.h:
2211         * dfg/DFGThreadData.h:
2212         * dfg/DFGWorklist.cpp:
2213         (JSC::DFG::Worklist::~Worklist):
2214         (JSC::DFG::Worklist::isActiveForVM):
2215         (JSC::DFG::Worklist::enqueue):
2216         (JSC::DFG::Worklist::compilationState):
2217         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2218         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2219         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2220         (JSC::DFG::Worklist::visitWeakReferences):
2221         (JSC::DFG::Worklist::removeDeadPlans):
2222         (JSC::DFG::Worklist::queueLength):
2223         (JSC::DFG::Worklist::dump):
2224         (JSC::DFG::Worklist::runThread):
2225         * dfg/DFGWorklist.h:
2226         * disassembler/Disassembler.cpp:
2227         * heap/CopiedSpace.cpp:
2228         (JSC::CopiedSpace::doneFillingBlock):
2229         (JSC::CopiedSpace::doneCopying):
2230         * heap/CopiedSpace.h:
2231         * heap/CopiedSpaceInlines.h:
2232         (JSC::CopiedSpace::recycleBorrowedBlock):
2233         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2234         * heap/GCThread.cpp:
2235         (JSC::GCThread::waitForNextPhase):
2236         (JSC::GCThread::gcThreadMain):
2237         * heap/GCThreadSharedData.cpp:
2238         (JSC::GCThreadSharedData::GCThreadSharedData):
2239         (JSC::GCThreadSharedData::~GCThreadSharedData):
2240         (JSC::GCThreadSharedData::startNextPhase):
2241         (JSC::GCThreadSharedData::endCurrentPhase):
2242         (JSC::GCThreadSharedData::didStartMarking):
2243         (JSC::GCThreadSharedData::didFinishMarking):
2244         * heap/GCThreadSharedData.h:
2245         * heap/HeapTimer.h:
2246         * heap/MachineStackMarker.cpp:
2247         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2248         (JSC::ActiveMachineThreadsManager::add):
2249         (JSC::ActiveMachineThreadsManager::remove):
2250         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2251         (JSC::MachineThreads::~MachineThreads):
2252         (JSC::MachineThreads::addCurrentThread):
2253         (JSC::MachineThreads::removeThreadIfFound):
2254         (JSC::MachineThreads::tryCopyOtherThreadStack):
2255         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2256         (JSC::MachineThreads::gatherConservativeRoots):
2257         * heap/MachineStackMarker.h:
2258         * heap/SlotVisitor.cpp:
2259         (JSC::SlotVisitor::donateKnownParallel):
2260         (JSC::SlotVisitor::drain):
2261         (JSC::SlotVisitor::drainFromShared):
2262         (JSC::SlotVisitor::mergeOpaqueRoots):
2263         * heap/SlotVisitorInlines.h:
2264         (JSC::SlotVisitor::containsOpaqueRootTriState):
2265         * inspector/remote/RemoteInspectorDebuggableConnection.h:
2266         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
2267         (Inspector::RemoteInspectorHandleRunSourceGlobal):
2268         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
2269         (Inspector::RemoteInspectorInitializeGlobalQueue):
2270         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
2271         (Inspector::RemoteInspectorDebuggableConnection::setup):
2272         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
2273         (Inspector::RemoteInspectorDebuggableConnection::close):
2274         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
2275         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
2276         * interpreter/JSStack.cpp:
2277         (JSC::JSStack::JSStack):
2278         (JSC::JSStack::releaseExcessCapacity):
2279         (JSC::JSStack::addToCommittedByteCount):
2280         (JSC::JSStack::committedByteCount):
2281         (JSC::stackStatisticsMutex): Deleted.
2282         (JSC::JSStack::initializeThreading): Deleted.
2283         * interpreter/JSStack.h:
2284         (JSC::JSStack::gatherConservativeRoots):
2285         (JSC::JSStack::sanitizeStack):
2286         (JSC::JSStack::size):
2287         (JSC::JSStack::initializeThreading): Deleted.
2288         * jit/ExecutableAllocator.cpp:
2289         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2290         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2291         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2292         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2293         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2294         (JSC::DemandExecutableAllocator::allocators):
2295         (JSC::DemandExecutableAllocator::allocatorsMutex):
2296         * jit/JITThunks.cpp:
2297         (JSC::JITThunks::ctiStub):
2298         * jit/JITThunks.h:
2299         * profiler/ProfilerDatabase.cpp:
2300         (JSC::Profiler::Database::ensureBytecodesFor):
2301         (JSC::Profiler::Database::notifyDestruction):
2302         * profiler/ProfilerDatabase.h:
2303         * runtime/InitializeThreading.cpp:
2304         (JSC::initializeThreading):
2305         * runtime/JSLock.cpp:
2306         (JSC::GlobalJSLock::GlobalJSLock):
2307         (JSC::GlobalJSLock::~GlobalJSLock):
2308         (JSC::JSLockHolder::JSLockHolder):
2309         (JSC::GlobalJSLock::initialize): Deleted.
2310         * runtime/JSLock.h:
2311
2312 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
2313
2314         ES6 class syntax should allow computed name method
2315         https://bugs.webkit.org/show_bug.cgi?id=142690
2316
2317         Reviewed by Saam Barati.
2318
2319         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
2320         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
2321         getters and setters for classes. Without this, getters and setters could erroneously override methods.
2322
2323         * bytecode/BytecodeList.json:
2324         * bytecode/BytecodeUseDef.h:
2325         (JSC::computeUsesForBytecodeOffset):
2326         * bytecode/CodeBlock.cpp:
2327         (JSC::CodeBlock::dumpBytecode):
2328         * bytecompiler/BytecodeGenerator.cpp:
2329         (JSC::BytecodeGenerator::emitDirectPutById):
2330         (JSC::BytecodeGenerator::emitPutGetterById):
2331         (JSC::BytecodeGenerator::emitPutSetterById):
2332         (JSC::BytecodeGenerator::emitPutGetterSetter):
2333         * bytecompiler/BytecodeGenerator.h:
2334         * bytecompiler/NodesCodegen.cpp:
2335         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
2336         as done for object literals.
2337         (JSC::PropertyListNode::emitPutConstantProperty):
2338         (JSC::ClassExprNode::emitBytecode):
2339         * jit/CCallHelpers.h:
2340         (JSC::CCallHelpers::setupArgumentsWithExecState):
2341         * jit/JIT.h:
2342         * jit/JITInlines.h:
2343         (JSC::JIT::callOperation):
2344         * jit/JITOperations.cpp:
2345         * jit/JITOperations.h:
2346         * jit/JITPropertyAccess.cpp:
2347         (JSC::JIT::emit_op_put_getter_by_id):
2348         (JSC::JIT::emit_op_put_setter_by_id):
2349         (JSC::JIT::emit_op_put_getter_setter):
2350         (JSC::JIT::emit_op_del_by_id):
2351         * jit/JITPropertyAccess32_64.cpp:
2352         (JSC::JIT::emit_op_put_getter_by_id):
2353         (JSC::JIT::emit_op_put_setter_by_id):
2354         (JSC::JIT::emit_op_put_getter_setter):
2355         (JSC::JIT::emit_op_del_by_id):
2356         * llint/LLIntSlowPaths.cpp:
2357         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2358         * llint/LowLevelInterpreter.asm:
2359         * parser/ASTBuilder.h:
2360         (JSC::ASTBuilder::createProperty):
2361         (JSC::ASTBuilder::createPropertyList):
2362         * parser/NodeConstructors.h:
2363         (JSC::PropertyNode::PropertyNode):
2364         * parser/Nodes.h:
2365         (JSC::PropertyNode::expressionName):
2366         (JSC::PropertyNode::name):
2367         * parser/Parser.cpp:
2368         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
2369         for getters and setters.
2370         * parser/SyntaxChecker.h:
2371         (JSC::SyntaxChecker::createProperty):
2372         * runtime/JSObject.cpp:
2373         (JSC::JSObject::allowsAccessFrom):
2374         (JSC::JSObject::putGetter):
2375         (JSC::JSObject::putSetter):
2376         * runtime/JSObject.h:
2377         * runtime/PropertyDescriptor.h:
2378
2379 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2380
2381         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
2382         https://bugs.webkit.org/show_bug.cgi?id=147942
2383
2384         Reviewed by Geoffrey Garen.
2385
2386         This patch adds new private global object, @InspectorInstrumentation.
2387         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
2388         instrumentation system and it is used to instrument the builtin JS code, like Promises.
2389
2390         * CMakeLists.txt:
2391         * DerivedSources.make:
2392         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2393         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2394         * JavaScriptCore.xcodeproj/project.pbxproj:
2395         * builtins/InspectorInstrumentationObject.js: Added.
2396         (debug):
2397         (promiseFulfilled):
2398         (promiseRejected):
2399         * builtins/Operations.Promise.js:
2400         (rejectPromise):
2401         (fulfillPromise):
2402         * runtime/CommonIdentifiers.h:
2403         * runtime/InspectorInstrumentationObject.cpp: Added.
2404         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
2405         (JSC::InspectorInstrumentationObject::finishCreation):
2406         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
2407         (JSC::InspectorInstrumentationObject::isEnabled):
2408         (JSC::InspectorInstrumentationObject::enable):
2409         (JSC::InspectorInstrumentationObject::disable):
2410         (JSC::inspectorInstrumentationObjectDataLogImpl):
2411         * runtime/InspectorInstrumentationObject.h: Added.
2412         (JSC::InspectorInstrumentationObject::create):
2413         (JSC::InspectorInstrumentationObject::createStructure):
2414         * runtime/JSGlobalObject.cpp:
2415         (JSC::JSGlobalObject::init):
2416
2417 2015-08-14  Commit Queue  <commit-queue@webkit.org>
2418
2419         Unreviewed, rolling out r188444.
2420         https://bugs.webkit.org/show_bug.cgi?id=148029
2421
2422         Broke GTK and EFL (see bug #148027) (Requested by philn on
2423         #webkit).
2424
2425         Reverted changeset:
2426
2427         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
2428         WTF::ThreadCondition, std::mutex, and std::condition_variable"
2429         https://bugs.webkit.org/show_bug.cgi?id=147999
2430         http://trac.webkit.org/changeset/188444
2431
2432 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
2433
2434         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
2435         https://bugs.webkit.org/show_bug.cgi?id=147999
2436
2437         Reviewed by Geoffrey Garen.
2438
2439         * API/JSVirtualMachine.mm:
2440         (initWrapperCache):
2441         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
2442         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
2443         (wrapperCacheMutex): Deleted.
2444         * bytecode/SamplingTool.cpp:
2445         (JSC::SamplingTool::doRun):
2446         (JSC::SamplingTool::notifyOfScope):
2447         * bytecode/SamplingTool.h:
2448         * dfg/DFGThreadData.h:
2449         * dfg/DFGWorklist.cpp:
2450         (JSC::DFG::Worklist::~Worklist):
2451         (JSC::DFG::Worklist::isActiveForVM):
2452         (JSC::DFG::Worklist::enqueue):
2453         (JSC::DFG::Worklist::compilationState):
2454         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2455         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2456         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2457         (JSC::DFG::Worklist::visitWeakReferences):
2458         (JSC::DFG::Worklist::removeDeadPlans):
2459         (JSC::DFG::Worklist::queueLength):
2460         (JSC::DFG::Worklist::dump):
2461         (JSC::DFG::Worklist::runThread):
2462         * dfg/DFGWorklist.h:
2463         * disassembler/Disassembler.cpp:
2464         * heap/CopiedSpace.cpp:
2465         (JSC::CopiedSpace::doneFillingBlock):
2466         (JSC::CopiedSpace::doneCopying):
2467         * heap/CopiedSpace.h:
2468         * heap/CopiedSpaceInlines.h:
2469         (JSC::CopiedSpace::recycleBorrowedBlock):
2470         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2471         * heap/GCThread.cpp:
2472         (JSC::GCThread::waitForNextPhase):
2473         (JSC::GCThread::gcThreadMain):
2474         * heap/GCThreadSharedData.cpp:
2475         (JSC::GCThreadSharedData::GCThreadSharedData):
2476         (JSC::GCThreadSharedData::~GCThreadSharedData):
2477         (JSC::GCThreadSharedData::startNextPhase):
2478         (JSC::GCThreadSharedData::endCurrentPhase):
2479         (JSC::GCThreadSharedData::didStartMarking):
2480         (JSC::GCThreadSharedData::didFinishMarking):
2481         * heap/GCThreadSharedData.h:
2482         * heap/HeapTimer.h:
2483         * heap/MachineStackMarker.cpp:
2484         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2485         (JSC::ActiveMachineThreadsManager::add):
2486         (JSC::ActiveMachineThreadsManager::remove):
2487         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2488         (JSC::MachineThreads::~MachineThreads):
2489         (JSC::MachineThreads::addCurrentThread):
2490         (JSC::MachineThreads::removeThreadIfFound):
2491         (JSC::MachineThreads::tryCopyOtherThreadStack):
2492         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2493         (JSC::MachineThreads::gatherConservativeRoots):
2494         * heap/MachineStackMarker.h:
2495         * heap/SlotVisitor.cpp:
2496         (JSC::SlotVisitor::donateKnownParallel):
2497         (JSC::SlotVisitor::drain):
2498         (JSC::SlotVisitor::drainFromShared):
2499         (JSC::SlotVisitor::mergeOpaqueRoots):
2500         * heap/SlotVisitorInlines.h:
2501         (JSC::SlotVisitor::containsOpaqueRootTriState):
2502         * inspector/remote/RemoteInspectorDebuggableConnection.h:
2503         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
2504         (Inspector::RemoteInspectorHandleRunSourceGlobal):
2505         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
2506         (Inspector::RemoteInspectorInitializeGlobalQueue):
2507         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
2508         (Inspector::RemoteInspectorDebuggableConnection::setup):
2509         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
2510         (Inspector::RemoteInspectorDebuggableConnection::close):
2511         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
2512         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
2513         * interpreter/JSStack.cpp:
2514         (JSC::JSStack::JSStack):
2515         (JSC::JSStack::releaseExcessCapacity):
2516         (JSC::JSStack::addToCommittedByteCount):
2517         (JSC::JSStack::committedByteCount):
2518         (JSC::stackStatisticsMutex): Deleted.
2519         (JSC::JSStack::initializeThreading): Deleted.
2520         * interpreter/JSStack.h:
2521         (JSC::JSStack::gatherConservativeRoots):
2522         (JSC::JSStack::sanitizeStack):
2523         (JSC::JSStack::size):
2524         (JSC::JSStack::initializeThreading): Deleted.
2525         * jit/ExecutableAllocator.cpp:
2526         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2527         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2528         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2529         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2530         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2531         (JSC::DemandExecutableAllocator::allocators):
2532         (JSC::DemandExecutableAllocator::allocatorsMutex):
2533         * jit/JITThunks.cpp:
2534         (JSC::JITThunks::ctiStub):
2535         * jit/JITThunks.h:
2536         * profiler/ProfilerDatabase.cpp:
2537         (JSC::Profiler::Database::ensureBytecodesFor):
2538         (JSC::Profiler::Database::notifyDestruction):
2539         * profiler/ProfilerDatabase.h:
2540         * runtime/InitializeThreading.cpp:
2541         (JSC::initializeThreading):
2542         * runtime/JSLock.cpp:
2543         (JSC::GlobalJSLock::GlobalJSLock):
2544         (JSC::GlobalJSLock::~GlobalJSLock):
2545         (JSC::JSLockHolder::JSLockHolder):
2546         (JSC::GlobalJSLock::initialize): Deleted.
2547         * runtime/JSLock.h:
2548
2549 2015-08-13  Commit Queue  <commit-queue@webkit.org>
2550
2551         Unreviewed, rolling out r188428.
2552         https://bugs.webkit.org/show_bug.cgi?id=148015
2553
2554         broke cmake build (Requested by alexchristensen on #webkit).
2555
2556         Reverted changeset:
2557
2558         "Move some commands from ./CMakeLists.txt to Source/cmake"
2559         https://bugs.webkit.org/show_bug.cgi?id=148003
2560         http://trac.webkit.org/changeset/188428
2561
2562 2015-08-13  Commit Queue  <commit-queue@webkit.org>
2563
2564         Unreviewed, rolling out r188431.
2565         https://bugs.webkit.org/show_bug.cgi?id=148013
2566
2567         JSC headers are too hard to understand (Requested by smfr on
2568         #webkit).
2569
2570         Reverted changeset:
2571
2572         "Remove a few includes from JSGlobalObject.h"
2573         https://bugs.webkit.org/show_bug.cgi?id=148004
2574         http://trac.webkit.org/changeset/188431
2575
2576 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
2577
2578         [JSC] Add support for GetByVal on arrays of Undecided shape
2579         https://bugs.webkit.org/show_bug.cgi?id=147814
2580
2581         Reviewed by Filip Pizlo.
2582
2583         Previously, GetByVal on Array::Undecided would just take
2584         the generic path. The problem is the generic path is so
2585         slow that it could take a significant amount of time
2586         even for unfrequent accesses.
2587
2588         With this patch, if the following conditions are met,
2589         the GetByVal just returns a "undefined" constant:
2590         -The object is an OriginalArray.
2591         -The prototype chain is sane.
2592         -The index is an integer.
2593         -The integer is positive (runtime check).
2594
2595         Ideally, the 4th conditions should be removed
2596         deducing a compile-time constant gives us so much better
2597         opportunities at getting rid of this code.
2598
2599         There are two cases where this patch removes the runtime
2600         check:
2601         -If the index is constant (uncommon but easy)
2602         -If the index is within a range known to be positive.
2603          (common case and made possible with DFGIntegerRangeOptimizationPhase).
2604
2605         When we get into those cases, DFG just nukes everything
2606         and all we have left is a structure check :)
2607
2608         This patch is a 14% improvement on audio-beat-detection,
2609         a few percent faster here and there and no regression.
2610
2611         * dfg/DFGAbstractInterpreterInlines.h:
2612         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2613         If the index is a positive constant, we can get rid of the GetByVal
2614         entirely. :)
2615
2616         * dfg/DFGArrayMode.cpp:
2617         (JSC::DFG::ArrayMode::fromObserved):
2618         The returned type is now Array::Undecided + profiling information.
2619         The useful type is set in ArrayMode::refine().
2620
2621         (JSC::DFG::ArrayMode::refine):
2622         If we meet the particular set conditions, we speculate an Undecided
2623         array type with sane chain. Anything else comes back to Generic.
2624
2625         (JSC::DFG::ArrayMode::originalArrayStructure):
2626         To enable the structure check for Undecided array.
2627
2628         (JSC::DFG::ArrayMode::alreadyChecked):
2629         * dfg/DFGArrayMode.h:
2630         (JSC::DFG::ArrayMode::withProfile):
2631         (JSC::DFG::ArrayMode::canCSEStorage):
2632         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
2633         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
2634         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
2635
2636         * dfg/DFGByteCodeParser.cpp:
2637         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
2638         This is somewhat unrelated.
2639
2640         Having Array::Undecided on ArrayPush was impossible before
2641         since ArrayMode::fromObserved() used to return Array::Generic.
2642
2643         Now that Array::Undecided is possible, we must make sure not
2644         to provide it to ArrayPush since there is no code to handle it
2645         properly.
2646
2647         * dfg/DFGClobberize.h:
2648         (JSC::DFG::clobberize):
2649         The operation only depends on the index, it is pure.
2650
2651         * dfg/DFGFixupPhase.cpp:
2652         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2653         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2654         * dfg/DFGSpeculativeJIT.cpp:
2655         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2656         (JSC::DFG::SpeculativeJIT::checkArray):
2657         * dfg/DFGSpeculativeJIT32_64.cpp:
2658         (JSC::DFG::SpeculativeJIT::compile):
2659         * dfg/DFGSpeculativeJIT64.cpp:
2660         (JSC::DFG::SpeculativeJIT::compile):
2661         * ftl/FTLCapabilities.cpp:
2662         (JSC::FTL::canCompile):
2663         * ftl/FTLLowerDFGToLLVM.cpp:
2664         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
2665         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
2666         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
2667         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
2668         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
2669         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
2670         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
2671         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
2672
2673 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
2674
2675         Remove a few includes from JSGlobalObject.h
2676         https://bugs.webkit.org/show_bug.cgi?id=148004
2677
2678         Reviewed by Tim Horton.
2679         
2680         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
2681
2682         * parser/VariableEnvironment.cpp:
2683         * parser/VariableEnvironment.h:
2684         * runtime/JSGlobalObject.h:
2685         * runtime/Structure.h:
2686         * runtime/StructureInlines.h:
2687
2688 2015-08-13  Alex Christensen  <achristensen@webkit.org>
2689
2690         Move some commands from ./CMakeLists.txt to Source/cmake
2691         https://bugs.webkit.org/show_bug.cgi?id=148003
2692
2693         Reviewed by Brent Fulgham.
2694
2695         * CMakeLists.txt:
2696         Added commands needed to build JSC by itself.
2697
2698 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2699
2700         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
2701         https://bugs.webkit.org/show_bug.cgi?id=147353
2702
2703         Reviewed by Saam Barati.
2704
2705         This is the follow-up patch after r188355.
2706         It includes the following changes.
2707
2708         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
2709         - Make SourceParseMode to C++ strongly-typed enum.
2710         - Fix the comments.
2711         - Rename ModuleSpecifier to ModuleName.
2712         - Add the type name `ImportEntry` before the C++11 uniform initialization.
2713         - Fix the thrown message for duplicate 'default' names.
2714         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
2715
2716         * API/JSScriptRef.cpp:
2717         (parseScript):
2718         * builtins/BuiltinExecutables.cpp:
2719         (JSC::BuiltinExecutables::createExecutableInternal):
2720         * bytecode/UnlinkedFunctionExecutable.cpp:
2721         (JSC::generateFunctionCodeBlock):
2722         * bytecode/UnlinkedFunctionExecutable.h:
2723         * bytecompiler/BytecodeGenerator.h:
2724         (JSC::BytecodeGenerator::makeFunction):
2725         * parser/ASTBuilder.h:
2726         (JSC::ASTBuilder::createFunctionMetadata):
2727         (JSC::ASTBuilder::createModuleName):
2728         (JSC::ASTBuilder::createImportDeclaration):
2729         (JSC::ASTBuilder::createExportAllDeclaration):
2730         (JSC::ASTBuilder::createExportNamedDeclaration):
2731         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
2732         * parser/ModuleAnalyzer.cpp:
2733         (JSC::ModuleAnalyzer::analyze):
2734         * parser/NodeConstructors.h:
2735         (JSC::ModuleNameNode::ModuleNameNode):
2736         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2737         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2738         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2739         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
2740         * parser/Nodes.cpp:
2741         (JSC::FunctionMetadataNode::FunctionMetadataNode):
2742         * parser/Nodes.h:
2743         (JSC::StatementNode::isModuleDeclarationNode):
2744         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
2745         (JSC::ImportDeclarationNode::moduleName):
2746         (JSC::ExportAllDeclarationNode::moduleName):
2747         (JSC::ExportNamedDeclarationNode::moduleName):
2748         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
2749         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
2750         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
2751         * parser/NodesAnalyzeModule.cpp:
2752         (JSC::SourceElements::analyzeModule):
2753         (JSC::ImportDeclarationNode::analyzeModule):
2754         (JSC::ExportAllDeclarationNode::analyzeModule):
2755         (JSC::ExportNamedDeclarationNode::analyzeModule):
2756         * parser/Parser.cpp:
2757         (JSC::Parser<LexerType>::Parser):
2758         (JSC::Parser<LexerType>::parseInner):
2759         (JSC::Parser<LexerType>::parseModuleSourceElements):
2760         (JSC::Parser<LexerType>::parseFunctionBody):
2761         (JSC::stringForFunctionMode):
2762         (JSC::Parser<LexerType>::parseFunctionParameters):
2763         (JSC::Parser<LexerType>::parseFunctionInfo):
2764         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2765         (JSC::Parser<LexerType>::parseClass):
2766         (JSC::Parser<LexerType>::parseModuleName):
2767         (JSC::Parser<LexerType>::parseImportDeclaration):
2768         (JSC::Parser<LexerType>::parseExportDeclaration):
2769         (JSC::Parser<LexerType>::parsePropertyMethod):
2770         (JSC::Parser<LexerType>::parseGetterSetter):
2771         (JSC::Parser<LexerType>::parsePrimaryExpression):
2772         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
2773         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
2774         * parser/Parser.h:
2775         (JSC::Parser<LexerType>::parse):
2776         (JSC::parse):
2777         * parser/ParserModes.h:
2778         (JSC::isFunctionParseMode):
2779         (JSC::isModuleParseMode):
2780         (JSC::isProgramParseMode):
2781         * parser/SyntaxChecker.h:
2782         (JSC::SyntaxChecker::createFunctionMetadata):
2783         (JSC::SyntaxChecker::createModuleName):
2784         (JSC::SyntaxChecker::createImportDeclaration):
2785         (JSC::SyntaxChecker::createExportAllDeclaration):
2786         (JSC::SyntaxChecker::createExportNamedDeclaration):
2787         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
2788         * runtime/CodeCache.cpp:
2789         (JSC::CodeCache::getGlobalCodeBlock):
2790         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2791         * runtime/Completion.cpp:
2792         (JSC::checkSyntax):
2793         (JSC::checkModuleSyntax):
2794         * runtime/Executable.cpp:
2795         (JSC::ProgramExecutable::checkSyntax):
2796         * tests/stress/modules-syntax-error-with-names.js:
2797
2798 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
2799
2800         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
2801         https://bugs.webkit.org/show_bug.cgi?id=147966
2802
2803         Reviewed by Timothy Hatcher.
2804
2805         * inspector/InjectedScriptSource.js:
2806         (InjectedScript.prototype._initialPreview):
2807         Renamed to initial preview. This is not a complete preview for
2808         this object, and it needs some processing in order to be a
2809         complete accurate preview.
2810
2811         (InjectedScript.RemoteObject.prototype._emptyPreview):
2812         This attempts to be an accurate empty preview for the given object.
2813         For types with entries, it adds an empty entries list and updates
2814         the overflow and lossless properties.
2815
2816         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
2817         Take a generatePreview parameter to generate a full preview or empty preview.
2818
2819         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
2820         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
2821         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
2822         Take care to avoid cycles.
2823
2824 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
2825
2826         Periodic code deletion should delete RegExp code
2827         https://bugs.webkit.org/show_bug.cgi?id=147990
2828
2829         Reviewed by Filip Pizlo.
2830
2831         The RegExp code cache was created for the sake of simple loops that
2832         re-created the same RegExps. It's reasonable to delete it periodically.
2833
2834         * heap/Heap.cpp:
2835         (JSC::Heap::deleteOldCode):
2836
2837 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
2838
2839         RegExpCache::finalize should not delete code
2840         https://bugs.webkit.org/show_bug.cgi?id=147987
2841
2842         Reviewed by Mark Lam.
2843
2844         The RegExp object already knows how to delete its own code in its
2845         destructor. Our job is just to clear our stale pointer.
2846
2847         * runtime/RegExpCache.cpp:
2848         (JSC::RegExpCache::finalize):
2849         (JSC::RegExpCache::addToStrongCache):
2850
2851 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
2852
2853         Standardize on the phrase "delete code"
2854         https://bugs.webkit.org/show_bug.cgi?id=147984
2855
2856         Reviewed by Mark Lam.
2857
2858         Use "delete" when we talk about throwing away code, as opposed to
2859         "invalidate" or "discard".
2860
2861         * debugger/Debugger.cpp:
2862         (JSC::Debugger::forEachCodeBlock):
2863         (JSC::Debugger::setSteppingMode):
2864         (JSC::Debugger::recompileAllJSFunctions):
2865         * heap/Heap.cpp:
2866         (JSC::Heap::deleteAllCompiledCode):
2867         * inspector/agents/InspectorRuntimeAgent.cpp:
2868         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2869         * runtime/RegExp.cpp:
2870         (JSC::RegExp::match):
2871         (JSC::RegExp::deleteCode):
2872         (JSC::RegExp::invalidateCode): Deleted.
2873         * runtime/RegExp.h:
2874         * runtime/RegExpCache.cpp:
2875         (JSC::RegExpCache::finalize):
2876         (JSC::RegExpCache::addToStrongCache):
2877         (JSC::RegExpCache::deleteAllCode):
2878         (JSC::RegExpCache::invalidateCode): Deleted.
2879         * runtime/RegExpCache.h:
2880         * runtime/VM.cpp:
2881         (JSC::VM::stopSampling):
2882         (JSC::VM::prepareToDeleteCode):
2883         (JSC::VM::deleteAllCode):
2884         (JSC::VM::setEnabledProfiler):
2885         (JSC::VM::prepareToDiscardCode): Deleted.
2886         (JSC::VM::discardAllCode): Deleted.
2887         * runtime/VM.h:
2888         (JSC::VM::apiLock):
2889         (JSC::VM::codeCache):
2890         * runtime/Watchdog.cpp:
2891         (JSC::Watchdog::setTimeLimit):
2892
2893 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2894
2895         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
2896         https://bugs.webkit.org/show_bug.cgi?id=147930
2897
2898         Reviewed by Saam Barati.
2899
2900         When the passed prototype object to be set is the same to the existing
2901         prototype object, [[SetPrototypeOf]] just finishes its operation even
2902         if the extensibility of the target object is `false`.
2903
2904         * runtime/JSGlobalObjectFunctions.cpp:
2905         (JSC::globalFuncProtoSetter):
2906         * runtime/ObjectConstructor.cpp:
2907         (JSC::objectConstructorSetPrototypeOf):
2908         * runtime/ReflectObject.cpp:
2909         (JSC::reflectObjectSetPrototypeOf):
2910         * tests/stress/set-same-prototype.js: Added.
2911         (shouldBe):
2912         (shouldThrow):
2913
2914 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
2915
2916         Removed clearEvalCodeCache()
2917         https://bugs.webkit.org/show_bug.cgi?id=147957
2918
2919         Reviewed by Filip Pizlo.
2920
2921         It was unused.
2922
2923         * bytecode/CodeBlock.cpp:
2924         (JSC::CodeBlock::linkIncomingCall):
2925         (JSC::CodeBlock::install):
2926         (JSC::CodeBlock::clearEvalCache): Deleted.
2927         * bytecode/CodeBlock.h:
2928         (JSC::CodeBlock::numberOfJumpTargets):
2929         (JSC::CodeBlock::jumpTarget):
2930         (JSC::CodeBlock::numberOfArgumentValueProfiles):
2931
2932 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
2933
2934         [ES6] Implement Reflect.defineProperty
2935         https://bugs.webkit.org/show_bug.cgi?id=147943
2936
2937         Reviewed by Saam Barati.
2938
2939         This patch implements Reflect.defineProperty.
2940         The difference from the Object.defineProperty is,
2941
2942         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
2943         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
2944         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
2945
2946         And this patch comments the links to the ES6 spec.
2947
2948         * builtins/ReflectObject.js:
2949         * runtime/ObjectConstructor.cpp:
2950         (JSC::toPropertyDescriptor):
2951         * runtime/ObjectConstructor.h:
2952         * runtime/ReflectObject.cpp:
2953         (JSC::reflectObjectDefineProperty):
2954         * tests/stress/reflect-define-property.js: Added.
2955         (shouldBe):
2956         (shouldThrow):
2957         (.set getter):
2958         (setter):
2959         (.get testDescriptor):
2960         (.set get var):
2961         (.set testDescriptor):
2962         (.set get testDescriptor):
2963         (.set get shouldThrow):
2964         (.get var):
2965
2966 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
2967
2968         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
2969         https://bugs.webkit.org/show_bug.cgi?id=147950
2970
2971         Reviewed by Michael Saboff.
2972
2973         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
2974         responsible for memory corruption, since it would sometimes install watchpoints on structures that
2975         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
2976         entirely since later phases also do constant folding, and they do it without introducing the bug.
2977         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
2978         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
2979         be maximally aggressive in constant-folding whenever possible.
2980
2981         So, this change now brings back that constant folding rule - for loads from object constants that
2982         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
2983         tryGetConstantProperty() if we have registered the structure set.
2984
2985         * dfg/DFGByteCodeParser.cpp:
2986         (JSC::DFG::ByteCodeParser::load):
2987
2988 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
2989
2990         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
2991         https://bugs.webkit.org/show_bug.cgi?id=147353
2992
2993         Reviewed by Geoffrey Garen.
2994
2995         This patch implements ModuleRecord and ModuleAnalyzer.
2996         ModuleAnalyzer analyzes the produced AST from the parser.
2997         By collaborating with the parser, ModuleAnalyzer collects the information
2998         that is necessary to request the loading for the dependent modules and
2999         construct module's environment and namespace object before executing the actual
3000         module body.
3001
3002         In the parser, we annotate which variable is imported binding and which variable
3003         is exported from the current module. This information is leveraged in the ModuleAnalyzer
3004         to categorize the export entries.
3005
3006         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
3007         instead of introducing a new TreeContext type. This is because only 2 users use the
3008         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
3009         enough to switch the context to the SyntaxChecker when parsing the non-module related
3010         statement in the preparsing phase.
3011
3012         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
3013         into the JSC shell. By specifying this, the result of analysis is dumped when the module
3014         is parsed and analyzed.
3015
3016         * CMakeLists.txt:
3017         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3018         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3019         * JavaScriptCore.xcodeproj/project.pbxproj:
3020         * builtins/BuiltinNames.h:
3021         * parser/ASTBuilder.h:
3022         (JSC::ASTBuilder::createExportDefaultDeclaration):
3023         * parser/ModuleAnalyzer.cpp: Added.
3024         (JSC::ModuleAnalyzer::ModuleAnalyzer):
3025         (JSC::ModuleAnalyzer::exportedBinding):
3026         (JSC::ModuleAnalyzer::declareExportAlias):
3027         (JSC::ModuleAnalyzer::exportVariable):
3028         (JSC::ModuleAnalyzer::analyze):
3029         * parser/ModuleAnalyzer.h: Added.
3030         (JSC::ModuleAnalyzer::vm):
3031         (JSC::ModuleAnalyzer::moduleRecord):
3032         * parser/ModuleRecord.cpp: Added.
3033         (JSC::printableName):
3034         (JSC::ModuleRecord::dump):
3035         * parser/ModuleRecord.h: Added.
3036         (JSC::ModuleRecord::ImportEntry::isNamespace):
3037         (JSC::ModuleRecord::create):
3038         (JSC::ModuleRecord::appendRequestedModule):
3039         (JSC::ModuleRecord::addImportEntry):
3040         (JSC::ModuleRecord::addExportEntry):
3041         (JSC::ModuleRecord::addStarExportEntry):
3042         * parser/NodeConstructors.h:
3043         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
3044         (JSC::ImportDeclarationNode::ImportDeclarationNode):
3045         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
3046         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
3047         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
3048         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
3049         * parser/Nodes.h:
3050         (JSC::ExportDefaultDeclarationNode::localName):
3051         * parser/NodesAnalyzeModule.cpp: Added.
3052         (JSC::ScopeNode::analyzeModule):
3053         (JSC::SourceElements::analyzeModule):
3054         (JSC::ImportDeclarationNode::analyzeModule):
3055         (JSC::ExportAllDeclarationNode::analyzeModule):
3056         (JSC::ExportDefaultDeclarationNode::analyzeModule):
3057         (JSC::ExportLocalDeclarationNode::analyzeModule):
3058         (JSC::ExportNamedDeclarationNode::analyzeModule):
3059         * parser/Parser.cpp:
3060         (JSC::Parser<LexerType>::parseInner):
3061         (JSC::Parser<LexerType>::parseModuleSourceElements):
3062         (JSC::Parser<LexerType>::parseVariableDeclarationList):
3063         (JSC::Parser<LexerType>::createBindingPattern):
3064         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3065         (JSC::Parser<LexerType>::parseClassDeclaration):
3066         (JSC::Parser<LexerType>::parseImportClauseItem):
3067         (JSC::Parser<LexerType>::parseExportSpecifier):
3068         (JSC::Parser<LexerType>::parseExportDeclaration):
3069         * parser/Parser.h:
3070         (JSC::Scope::lexicalVariables):
3071         (JSC::Scope::declareLexicalVariable):
3072         (JSC::Parser::declareVariable):
3073         (JSC::Parser::exportName):
3074         (JSC::Parser<LexerType>::parse):
3075         (JSC::parse):
3076         * parser/ParserModes.h:
3077         * parser/SyntaxChecker.h:
3078         (JSC::SyntaxChecker::createExportDefaultDeclaration):
3079         * parser/VariableEnvironment.cpp:
3080         (JSC::VariableEnvironment::markVariableAsImported):
3081         (JSC::VariableEnvironment::markVariableAsExported):
3082         * parser/VariableEnvironment.h:
3083         (JSC::VariableEnvironmentEntry::isExported):
3084         (JSC::VariableEnvironmentEntry::isImported):
3085         (JSC::VariableEnvironmentEntry::setIsExported):
3086         (JSC::VariableEnvironmentEntry::setIsImported):
3087         * runtime/CommonIdentifiers.h:
3088         * runtime/Completion.cpp:
3089         (JSC::checkModuleSyntax):
3090         * runtime/Options.h:
3091
3092 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
3093
3094         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
3095
3096         * jit/ExecutableAllocator.h:
3097         * jsc.cpp:
3098         (GlobalObject::finishCreation):
3099         (functionAddressOf):
3100         (functionVersion):
3101         (functionReleaseExecutableMemory): Deleted.
3102         * runtime/VM.cpp:
3103         (JSC::StackPreservingRecompiler::operator()):
3104         (JSC::VM::throwException):
3105         (JSC::VM::updateFTLLargestStackSize):
3106         (JSC::VM::gatherConservativeRoots):
3107         (JSC::VM::releaseExecutableMemory): Deleted.
3108         (JSC::releaseExecutableMemory): Deleted.
3109         * runtime/VM.h:
3110         (JSC::VM::isCollectorBusy):
3111         * runtime/Watchdog.cpp:
3112         (JSC::Watchdog::setTimeLimit):
3113
3114 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
3115
3116         Roll out r188339, which broke the build.
3117
3118         Unreviewed.
3119
3120         * jit/ExecutableAllocator.h:
3121         * jsc.cpp:
3122         (GlobalObject::finishCreation):
3123         (functionReleaseExecutableMemory):
3124         * runtime/VM.cpp:
3125         (JSC::StackPreservingRecompiler::visit):
3126         (JSC::StackPreservingRecompiler::operator()):
3127         (JSC::VM::releaseExecutableMemory):
3128         (JSC::releaseExecutableMemory):
3129         * runtime/VM.h:
3130         * runtime/Watchdog.cpp:
3131         (JSC::Watchdog::setTimeLimit):
3132
3133 2015-08-12  Alex Christensen  <achristensen@webkit.org>
3134
3135         Fix Debug CMake builds on Windows
3136         https://bugs.webkit.org/show_bug.cgi?id=147940
3137
3138         Reviewed by Chris Dumez.
3139
3140         * PlatformWin.cmake:
3141         Copy the plist to the JavaScriptCore.resources directory.
3142
3143 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
3144
3145         Remove VM::releaseExecutableMemory
3146         https://bugs.webkit.org/show_bug.cgi?id=147915
3147
3148         Reviewed by Saam Barati.
3149
3150         releaseExecutableMemory() was only used in one place, where discardAllCode()
3151         would work just as well.
3152
3153         It's confusing to have two slightly different ways to discard code. Also,
3154         releaseExecutableMemory() is unused in any production code, and it seems
3155         to have bit-rotted.
3156
3157         * jit/ExecutableAllocator.h:
3158         * jsc.cpp:
3159         (GlobalObject::finishCreation):
3160         (functionAddressOf):
3161         (functionVersion):
3162         (functionReleaseExecutableMemory): Deleted.
3163         * runtime/VM.cpp:
3164         (JSC::StackPreservingRecompiler::operator()):
3165         (JSC::VM::throwException):
3166         (JSC::VM::updateFTLLargestStackSize):
3167         (JSC::VM::gatherConservativeRoots):
3168         (JSC::VM::releaseExecutableMemory): Deleted.
3169         (JSC::releaseExecutableMemory): Deleted.
3170         * runtime/VM.h:
3171         (JSC::VM::isCollectorBusy):
3172         * runtime/Watchdog.cpp:
3173         (JSC::Watchdog::setTimeLimit):
3174
3175 2015-08-12  Mark Lam  <mark.lam@apple.com>
3176
3177         Add a JSC option to enable the watchdog for testing.
3178         https://bugs.webkit.org/show_bug.cgi?id=147939
3179
3180         Reviewed by Michael Saboff.
3181
3182         * API/JSContextRef.cpp:
3183         (JSContextGroupSetExecutionTimeLimit):
3184         (createWatchdogIfNeeded): Deleted.
3185         * runtime/Options.h:
3186         * runtime/VM.cpp:
3187         (JSC::VM::VM):
3188         (JSC::VM::~VM):
3189         (JSC::VM::sharedInstanceInternal):
3190         (JSC::VM::ensureWatchdog):
3191         (JSC::thunkGeneratorForIntrinsic):
3192         * runtime/VM.h:
3193
3194 2015-08-11  Mark Lam  <mark.lam@apple.com>
3195
3196         Implementation JavaScript watchdog using WTF::WorkQueue.
3197         https://bugs.webkit.org/show_bug.cgi?id=147107
3198
3199         Reviewed by Geoffrey Garen.
3200
3201         How the Watchdog works?
3202         ======================
3203
3204         1. When do we start the Watchdog?
3205            =============================
3206            The watchdog should only be started if both the following conditions are true:
3207            1. A time limit has been set.
3208            2. We have entered the VM.
3209  
3210         2. CPU time vs Wall Clock time
3211            ===========================
3212            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
3213
3214            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
3215            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
3216            indicates the wall clock time point when the WorkQueue timer is expected to fire.
3217
3218            The time limit for which we allow JS code to run should be measured in CPU time, which can
3219            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
3220            should fire.
3221
3222            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
3223            we need to check if m_cpuDeadline has been reached.
3224
3225            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
3226
3227            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
3228            code to continue to run for.  Hence, we need to start a new timer to fire again after
3229            Tremainder microseconds.
3230     
3231            See Watchdog::didFireSlow().
3232
3233         3. Spurious wake ups
3234            =================
3235            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
3236            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
3237            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
3238            wake ups are considered to be spurious and will be ignored.
3239  
3240            See Watchdog::didFireSlow().
3241  
3242         4. Minimizing Timer creation cost
3243            ==============================
3244            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
3245            than this.
3246  
3247            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
3248            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
3249            time limit. Consider the following example:
3250  
3251                |---|-----|---|----------------|---------|
3252                t0  t1    t2  t3            t0 + L    t2 + L 
3253
3254                |<--- T1 --------------------->|
3255                          |<--- T2 --------------------->|
3256                |<-- Td ->|                    |<-- Td ->|
3257
3258            1. The user initializes the watchdog with time limit L.
3259            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
3260               The timer is set to expire at t0 + L.
3261            3. At t1, we exit the VM.
3262            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
3263          
3264               However, we can note that the expiration time for T2 would be after the expiration time
3265               of T1. Specifically, T2 would have expired at Td after T1 expires.
3266          
3267               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
3268               for a period or Td instead.
3269
3270            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
3271            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
3272            automatically take care of starting a new timer for the difference Td in the example above.
3273            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
3274            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
3275
3276            The benefit:
3277
3278            1. we minimize the number of timer instances we have queued in the workqueue at the same time
3279               (ideally only 1 or 0), and use less peak memory usage.
3280
3281            2. we minimize the frequency of instantiating timer instances. By waiting for the current
3282               active timer to expire first, on average, we get to start one timer per time limit
3283               (which is infrequent because time limits tend to be long) instead of one timer per
3284               VM entry (which tends to be frequent).
3285
3286            See Watchdog::startTimer().
3287
3288         * API/JSContextRef.cpp:
3289         (createWatchdogIfNeeded):
3290         (JSContextGroupClearExecutionTimeLimit):
3291         - No need to create the watchdog (if not already created) just to clear it.
3292           If the watchdog is not created yet, then it is effectively cleared.
3293
3294         * API/tests/ExecutionTimeLimitTest.cpp:
3295         (currentCPUTimeAsJSFunctionCallback):
3296         (testExecutionTimeLimit):
3297         (currentCPUTime): Deleted.
3298         * API/tests/testapi.c:
3299         (main):
3300         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
3301         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
3302         - Enable watchdog tests for all platforms.
3303
3304         * CMakeLists.txt:
3305         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3306         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3307         * JavaScriptCore.xcodeproj/project.pbxproj:
3308         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
3309
3310         * PlatformEfl.cmake:
3311
3312         * dfg/DFGByteCodeParser.cpp:
3313         (JSC::DFG::ByteCodeParser::parseBlock):
3314         * dfg/DFGSpeculativeJIT32_64.cpp:
3315         * dfg/DFGSpeculativeJIT64.cpp:
3316         * interpreter/Interpreter.cpp:
3317         (JSC::Interpreter::execute):
3318         (JSC::Interpreter::executeCall):
3319         (JSC::Interpreter::executeConstruct):
3320         * jit/JITOpcodes.cpp:
3321         (JSC::JIT::emit_op_loop_hint):
3322         (JSC::JIT::emitSlow_op_loop_hint):
3323         * jit/JITOperations.cpp:
3324         * llint/LLIntOffsetsExtractor.cpp:
3325         * llint/LLIntSlowPaths.cpp:
3326         * runtime/VM.cpp:
3327         - #include Watchdog.h in these files directly instead of doing it via VM.h.
3328           These saves us from having to recompile the world when we change Watchdog.h.
3329
3330         * runtime/VM.h:
3331         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
3332           thread-safe ref counted.
3333
3334         * runtime/VMEntryScope.cpp:
3335         (JSC::VMEntryScope::VMEntryScope):
3336         (JSC::VMEntryScope::~VMEntryScope):
3337         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
3338           Instead, the VMEntryScope will inform the watchdog of when we have entered and
3339           exited the VM.
3340
3341         * runtime/Watchdog.cpp:
3342         (JSC::currentWallClockTime):
3343         (JSC::Watchdog::Watchdog):
3344         (JSC::Watchdog::hasStartedTimer):
3345         (JSC::Watchdog::setTimeLimit):
3346         (JSC::Watchdog::didFireSlow):
3347         (JSC::Watchdog::hasTimeLimit):
3348         (JSC::Watchdog::fire):
3349         (JSC::Watchdog::enteredVM):
3350         (JSC::Watchdog::exitedVM):
3351
3352         (JSC::Watchdog::startTimer):
3353         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
3354           (from a different thread) even after the VM shuts down.  We need to keep it
3355           alive until the WorkQueue callback completes.
3356
3357           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
3358           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
3359           is done with it.  This ensures that the Watchdog is kept alive until all
3360           WorkQueue callbacks are done.
3361
3362         (JSC::Watchdog::stopTimer):
3363         (JSC::Watchdog::~Watchdog): Deleted.
3364         (JSC::Watchdog::didFire): Deleted.
3365         (JSC::Watchdog::isEnabled): Deleted.
3366         (JSC::Watchdog::arm): Deleted.
3367         (JSC::Watchdog::disarm): Deleted.
3368         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
3369         (JSC::Watchdog::startCountdown): Deleted.
3370         (JSC::Watchdog::stopCountdown): Deleted.
3371         * runtime/Watchdog.h:
3372         (JSC::Watchdog::didFire):
3373         (JSC::Watchdog::timerDidFireAddress):
3374         (JSC::Watchdog::isArmed): Deleted.
3375         (JSC::Watchdog::Scope::Scope): Deleted.
3376         (JSC::Watchdog::Scope::~Scope): Deleted.
3377         * runtime/WatchdogMac.cpp:
3378         (JSC::Watchdog::initTimer): Deleted.
3379         (JSC::Watchdog::destroyTimer): Deleted.
3380         (JSC::Watchdog::startTimer): Deleted.
3381         (JSC::Watchdog::stopTimer): Deleted.
3382         * runtime/WatchdogNone.cpp:
3383         (JSC::Watchdog::initTimer): Deleted.
3384         (JSC::Watchdog::destroyTimer): Deleted.
3385         (JSC::Watchdog::startTimer): Deleted.
3386         (JSC::Watchdog::stopTimer): Deleted.
3387
3388 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
3389
3390         Always use a byte-sized lock implementation
3391         https://bugs.webkit.org/show_bug.cgi?id=147908
3392
3393         Reviewed by Geoffrey Garen.
3394
3395         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
3396
3397 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
3398
3399         Make ASan build not depend on asan.xcconfig
3400         https://bugs.webkit.org/show_bug.cgi?id=147840
3401         rdar://problem/21093702
3402
3403         Reviewed by Daniel Bates.
3404
3405         * dfg/DFGOSREntry.cpp:
3406         (JSC::DFG::OSREntryData::dump):
3407         (JSC::DFG::prepareOSREntry):
3408         * ftl/FTLOSREntry.cpp:
3409         (JSC::FTL::prepareOSREntry):
3410         * heap/ConservativeRoots.cpp:
3411         (JSC::ConservativeRoots::genericAddPointer):
3412         (JSC::ConservativeRoots::genericAddSpan):
3413         * heap/MachineStackMarker.cpp:
3414         (JSC::MachineThreads::removeThreadIfFound):
3415         (JSC::MachineThreads::gatherFromCurrentThread):
3416         (JSC::MachineThreads::Thread::captureStack):
3417         (JSC::copyMemory):
3418         * interpreter/Register.h:
3419         (JSC::Register::operator=):
3420         (JSC::Register::asanUnsafeJSValue):
3421         (JSC::Register::jsValue):
3422
3423 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
3424
3425         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
3426         https://bugs.webkit.org/show_bug.cgi?id=147480
3427
3428         Reviewed by Filip Pizlo.
3429
3430         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
3431         The IC site only caches one id. After checking that the given id is the same to the
3432         cached one, we perform the get_by_id IC onto it.
3433         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
3434         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
3435         operations when the given get_by_val leverages the property load with the cached id.
3436
3437         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
3438         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
3439         This can be leveraged to optimize symbol operations in DFG.
3440
3441         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
3442         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
3443         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
3444         argument ArrayProfile* in the operations with ByValInfo*.
3445
3446         * bytecode/ByValInfo.h:
3447         (JSC::ByValInfo::ByValInfo):
3448         * bytecode/CodeBlock.cpp:
3449         (JSC::CodeBlock::getByValInfoMap):
3450         (JSC::CodeBlock::addByValInfo):
3451         * bytecode/CodeBlock.h:
3452         (JSC::CodeBlock::getByValInfo): Deleted.
3453         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
3454         (JSC::CodeBlock::numberOfByValInfos): Deleted.
3455         (JSC::CodeBlock::byValInfo): Deleted.
3456         * bytecode/ExitKind.cpp:
3457         (JSC::exitKindToString):
3458         * bytecode/ExitKind.h:
3459         * bytecode/GetByIdStatus.cpp:
3460         (JSC::GetByIdStatus::computeFor):
3461         (JSC::GetByIdStatus::computeForStubInfo):
3462         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
3463         * bytecode/GetByIdStatus.h:
3464         * dfg/DFGAbstractInterpreterInlines.h:
3465         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3466         * dfg/DFGByteCodeParser.cpp:
3467         (JSC::DFG::ByteCodeParser::parseBlock):
3468         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
3469         * dfg/DFGClobberize.h:
3470         (JSC::DFG::clobberize):
3471         * dfg/DFGConstantFoldingPhase.cpp:
3472         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3473         * dfg/DFGDoesGC.cpp:
3474         (JSC::DFG::doesGC):
3475         * dfg/DFGFixupPhase.cpp:
3476         (JSC::DFG::FixupPhase::fixupNode):
3477         (JSC::DFG::FixupPhase::observeUseKindOnNode):
3478         * dfg/DFGNode.h:
3479         (JSC::DFG::Node::hasUidOperand):
3480         (JSC::DFG::Node::uidOperand):
3481         * dfg/DFGNodeType.h:
3482         * dfg/DFGPredictionPropagationPhase.cpp:
3483         (JSC::DFG::PredictionPropagationPhase::propagate):
3484         * dfg/DFGSafeToExecute.h:
3485         (JSC::DFG::SafeToExecuteEdge::operator()):
3486         (JSC::DFG::safeToExecute):
3487         * dfg/DFGSpeculativeJIT.cpp:
3488         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
3489         (JSC::DFG::SpeculativeJIT::speculateSymbol):
3490         (JSC::DFG::SpeculativeJIT::speculate):
3491         * dfg/DFGSpeculativeJIT.h:
3492         * dfg/DFGSpeculativeJIT32_64.cpp:
3493         (JSC::DFG::SpeculativeJIT::compile):
3494         * dfg/DFGSpeculativeJIT64.cpp:
3495         (JSC::DFG::SpeculativeJIT::compile):
3496         * dfg/DFGUseKind.cpp:
3497         (WTF::printInternal):
3498         * dfg/DFGUseKind.h:
3499         (JSC::DFG::typeFilterFor):
3500         (JSC::DFG::isCell):
3501         * ftl/FTLAbstractHeapRepository.h:
3502         * ftl/FTLCapabilities.cpp:
3503         (JSC::FTL::canCompile):
3504         * ftl/FTLLowerDFGToLLVM.cpp:
3505         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
3506         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
3507         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
3508         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
3509         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
3510         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
3511         * jit/JIT.cpp:
3512         (JSC::JIT::privateCompile):
3513         * jit/JIT.h:
3514         (JSC::ByValCompilationInfo::ByValCompilationInfo):
3515         (JSC::JIT::compileGetByValWithCachedId):
3516         * jit/JITInlines.h:
3517         (JSC::JIT::callOperation):
3518         * jit/JITOpcodes.cpp:
3519         (JSC::JIT::emit_op_has_indexed_property):
3520         (JSC::JIT::emitSlow_op_has_indexed_property):
3521         * jit/JITOpcodes32_64.cpp:
3522         (JSC::JIT::emit_op_has_indexed_property):
3523         (JSC::JIT::emitSlow_op_has_indexed_property):
3524         * jit/JITOperations.cpp:
3525         (JSC::getByVal):
3526         * jit/JITOperations.h:
3527         * jit/JITPropertyAccess.cpp:
3528         (JSC::JIT::emit_op_get_by_val):
3529         (JSC::JIT::emitGetByValWithCachedId):
3530         (JSC::JIT::emitSlow_op_get_by_val):
3531         (JSC::JIT::emit_op_put_by_val):
3532         (JSC::JIT::emitSlow_op_put_by_val):
3533         (JSC::JIT::privateCompileGetByVal):
3534         (JSC::JIT::privateCompileGetByValWithCachedId):
3535         * jit/JITPropertyAccess32_64.cpp:
3536         (JSC::JIT::emit_op_get_by_val):
3537         (JSC::JIT::emitGetByValWithCachedId):
3538         (JSC::JIT::emitSlow_op_get_by_val):
3539         (JSC::JIT::emit_op_put_by_val):
3540         (JSC::JIT::emitSlow_op_put_by_val):
3541         * runtime/Symbol.h:
3542         * tests/stress/get-by-val-with-string-constructor.js: Added.
3543         (Hello):
3544         (get Hello.prototype.generate):
3545         (ok):
3546         * tests/stress/get-by-val-with-string-exit.js: Added.
3547         (shouldBe):
3548         (getByVal):
3549         (getStr1):
3550         (getStr2):
3551         * tests/stress/get-by-val-with-string-generated.js: Added.
3552         (shouldBe):
3553         (getByVal):
3554         (getStr1):
3555         (getStr2):
3556         * tests/stress/get-by-val-with-string-getter.js: Added.
3557         (object.get hello):
3558         (ok):
3559         * tests/stress/get-by-val-with-string.js: Added.
3560         (shouldBe):
3561         (getByVal):
3562         (getStr1):
3563         (getStr2):
3564         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
3565         (Hello):
3566         (get Hello.prototype.generate):
3567         (ok):
3568         * tests/stress/get-by-val-with-symbol-exit.js: Added.
3569         (shouldBe):
3570         (getByVal):
3571         (getSym1):
3572         (getSym2):
3573         * tests/stress/get-by-val-with-symbol-getter.js: Added.
3574         (object.get hello):
3575         (.get ok):
3576         * tests/stress/get-by-val-with-symbol.js: Added.
3577         (shouldBe):
3578         (getByVal):
3579         (getSym1):
3580         (getSym2):
3581
3582 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
3583
3584         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
3585         https://bugs.webkit.org/show_bug.cgi?id=147891
3586         rdar://problem/22129447
3587
3588         Reviewed by Mark Lam.
3589
3590         * dfg/DFGByteCodeParser.cpp:
3591         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
3592         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
3593         * dfg/DFGGraph.cpp:
3594         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
3595         * dfg/DFGStructureRegistrationPhase.cpp:
3596         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
3597
3598 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
3599
3600         [Win] Switch Windows build to Visual Studio 2015
3601         https://bugs.webkit.org/show_bug.cgi?id=147887
3602         <rdar://problem/22235098>
3603
3604         Reviewed by Alex Christensen.
3605
3606         Update Visual Studio project file settings to use the current Visual
3607         Studio and compiler. Continue targeting binaries to run on our minimum
3608         supported configuration of Windows 7.
3609
3610         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3611         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
3612         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
3613         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
3614         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
3615         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
3616         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
3617         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
3618         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
3619         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
3620         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
3621         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
3622
3623 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
3624
3625         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
3626         https://bugs.webkit.org/show_bug.cgi?id=147665
3627
3628         Reviewed by Mark Lam.
3629
3630         Replace ByteSpinLock with ByteLock.
3631
3632         * runtime/ConcurrentJITLock.h:
3633
3634 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
3635
3636         Numeric setter on prototype doesn't get called.
3637         https://bugs.webkit.org/show_bug.cgi?id=144252
3638
3639         Reviewed by Darin Adler.
3640
3641         When switching the blank indexing type to the other one in putByIndex,
3642         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
3643         it to the slow put indexing type and reloop the putByIndex since there may
3644         be some indexing accessor in the prototype chain. Previously, we just set
3645         the value into the allocated vector.
3646
3647         In the putDirectIndex case, we just store the value to the vector.
3648         This is because putDirectIndex is the operation to store the own property
3649         and it does not check the accessors in the prototype chain.
3650
3651         * runtime/JSObject.cpp:
3652         (JSC::JSObject::putByIndexBeyondVectorLength):
3653         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
3654         (shouldBe):
3655         (Trace):
3656         (Trace.prototype.trace):
3657         (Trace.prototype.get count):
3658         (.):
3659         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
3660         (shouldBe):
3661         (Trace):
3662         (Trace.prototype.trace):
3663         (Trace.prototype.get count):
3664         (.):
3665         * tests/stress/numeric-setter-on-prototype.js: Added.
3666         (shouldBe):
3667         (Trace):
3668         (Trace.prototype.trace):
3669         (Trace.prototype.get count):
3670         (.z.__proto__.set 3):
3671         * tests/stress/numeric-setter-on-self.js: Added.
3672         (shouldBe):
3673         (Trace):
3674         (Trace.prototype.trace):
3675         (Trace.prototype.get count):
3676         (.y.set 2):
3677
3678 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
3679
3680         [Win] Unreviewed gardening.
3681
3682         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
3683         file references so they appear in the proper IDE locations.
3684
3685 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
3686
3687         Unreviewed windows build fix for VS2015.
3688
3689         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
3690
3691 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
3692
3693         [ES6] Implement Reflect.has
3694         https://bugs.webkit.org/show_bug.cgi?id=147875
3695
3696         Reviewed by Sam Weinig.
3697
3698         This patch implements Reflect.has[1].
3699         Since the semantics is the same to the `in` operator in the JS[2],
3700         we can implement it in builtin JS code.
3701
3702         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
3703         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
3704
3705         * builtins/ReflectObject.js:
3706         (has):
3707         * runtime/ReflectObject.cpp:
3708         * tests/stress/reflect-has.js: Added.
3709         (shouldBe):
3710         (shouldThrow):
3711
3712 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
3713
3714         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
3715         https://bugs.webkit.org/show_bug.cgi?id=147874
3716
3717         Reviewed by Darin Adler.
3718
3719         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
3720         The difference from the Object.* one is
3721
3722         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
3723         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
3724
3725         * runtime/ObjectConstructor.cpp:
3726         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
3727         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
3728         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
3729         (JSC::objectConstructorGetPrototypeOf):
3730         * runtime/ObjectConstructor.h:
3731         * runtime/ReflectObject.cpp:
3732         (JSC::reflectObjectGetPrototypeOf):
3733         (JSC::reflectObjectSetPrototypeOf):
3734         * tests/stress/reflect-get-prototype-of.js: Added.
3735         (shouldBe):
3736         (shouldThrow):
3737         (Base):
3738         (Derived):
3739         * tests/stress/reflect-set-prototype-of.js: Added.
3740         (shouldBe):
3741         (shouldThrow):
3742
3743 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
3744
3745         Fix debug build when optimization is enabled
3746         https://bugs.webkit.org/show_bug.cgi?id=147816
3747
3748         Reviewed by Alexey Proskuryakov.
3749
3750         * llint/LLIntEntrypoint.cpp:
3751         * runtime/FunctionExecutableDump.cpp:
3752
3753 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
3754
3755         Ensure that Reflect.enumerate does not produce the deleted keys
3756         https://bugs.webkit.org/show_bug.cgi?id=147677
3757
3758         Reviewed by Darin Adler.
3759
3760         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
3761
3762         * tests/stress/reflect-enumerate.js:
3763
3764 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
3765
3766         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
3767         https://bugs.webkit.org/show_bug.cgi?id=147856
3768
3769         Reviewed by Saam Barati.
3770
3771         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
3772
3773         * CMakeLists.txt:
3774         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3775         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3776         * JavaScriptCore.xcodeproj/project.pbxproj:
3777         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
3778         (JSC::ExecutableInfo::ExecutableInfo):
3779         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
3780         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
3781         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
3782         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
3783         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
3784         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
3785         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
3786         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
3787         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
3788         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
3789         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
3790         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
3791         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
3792         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
3793         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
3794         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
3795         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
3796         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
3797         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
3798         (JSC::UnlinkedCodeBlock::regexp): Deleted.
3799         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
3800         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
3801         (JSC::UnlinkedCodeBlock::identifier): Deleted.
3802         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
3803         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
3804         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
3805         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
3806         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
3807         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
3808         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
3809         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
3810         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
3811         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
3812         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
3813         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
3814         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
3815         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
3816         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
3817         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
3818         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
3819         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
3820         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
3821         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
3822         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
3823         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
3824         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
3825         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
3826         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
3827         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
3828         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
3829         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
3830         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
3831         (JSC::UnlinkedCodeBlock::vm): Deleted.
3832         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
3833         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
3834         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
3835         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
3836         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
3837         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
3838         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
3839         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
3840         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
3841         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
3842         (JSC::UnlinkedCodeBlock::codeType): Deleted.
3843         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
3844         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
3845         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
3846         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
3847         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
3848         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
3849         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
3850         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
3851         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
3852         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
3853         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
3854         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
3855         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
3856         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
3857         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
3858         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
3859         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
3860         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
3861         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
3862         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
3863         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
3864         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
3865         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
3866         * bytecode/UnlinkedCodeBlock.cpp:
3867         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
3868         (JSC::generateFunctionCodeBlock): Deleted.
3869         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
3870         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
3871         (JSC::UnlinkedFunctionExecutable::link): Deleted.
3872         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
3873         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
3874         * bytecode/UnlinkedCodeBlock.h:
3875         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
3876         (JSC::ExecutableInfo::needsActivation): Deleted.
3877         (JSC::ExecutableInfo::usesEval): Deleted.
3878         (JSC::ExecutableInfo::isStrictMode): Deleted.
3879         (JSC::ExecutableInfo::isConstructor): Deleted.
3880         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
3881         (JSC::ExecutableInfo::constructorKind): Deleted.
3882         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
3883         (JSC::generateFunctionCodeBlock):
3884         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
3885         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
3886         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
3887         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
3888         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
3889         (JSC::dumpLineColumnEntry): Deleted.
3890         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
3891         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
3892         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
3893         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
3894         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
3895         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
3896         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
3897         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
3898         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
3899         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
3900         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
3901         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
3902         (JSC::UnlinkedCodeBlock::instructions): Deleted.
3903         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
3904         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
3905         (JSC::ExecutableInfo::needsActivation): Deleted.
3906         (JSC::ExecutableInfo::usesEval): Deleted.
3907         (JSC::ExecutableInfo::isStrictMode): Deleted.
3908         (JSC::ExecutableInfo::isConstructor): Deleted.
3909         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
3910         (JSC::ExecutableInfo::constructorKind): Deleted.
3911         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
3912         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
3913         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
3914         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
3915         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
3916         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
3917         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
3918         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
3919         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
3920