31cca6e57a5e4a3d6a1bab0852654cae805e66ee
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-10-20  Mark Lam  <mark.lam@apple.com>
2
3         [Follow up] Web Process crash when starting the web inspector after r174025.
4         <https://webkit.org/b/137340>
5
6         Reviewed by Geoffrey Garen.
7
8         Applied Geoff's feedback to clean up some code for better clarity after
9         r174856.
10
11         * dfg/DFGFixupPhase.cpp:
12         (JSC::DFG::FixupPhase::insertCheck):
13         * dfg/DFGInsertionSet.h:
14         (JSC::DFG::InsertionSet::insertOutOfOrder):
15
16 2014-10-20  Mark Lam  <mark.lam@apple.com>
17
18         Factor out JITCode::typeName() for debugging use.
19         <https://webkit.org/b/137888>
20
21         Reviewed by Geoffrey Garen.
22
23         JITCode's printInternal() currently decodes the JITType into a string and
24         prints it.  This change factors out the part that decodes the JITType into
25         JITCode::typeName() so that we can call it from lldb while debugging to
26         quickly decode a JITType value.
27
28         * jit/JITCode.cpp:
29         (JSC::JITCode::typeName):
30         (WTF::printInternal):
31         * jit/JITCode.h:
32
33 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
34
35         Unreviewed Windows Build Fix #2 after r174892.
36
37         * JavaScriptCore.vcxproj/build-generated-files.pl:
38         Define FEATURE_DEFINES for JavaScriptCore's DerivedSources.make.
39         This uses the same technique as WebCore.
40
41 2014-10-20  Mark Lam  <mark.lam@apple.com>
42
43         Fix placement of a few items in vcxproj ItemGroups.
44         <https://webkit.org/b/137886>
45
46         Reviewed by Geoffrey Garen.
47
48         https://webkit.org/b/137873 is likely a cut-and-paste error that manifested
49         because we had ClCompile and ClInclude entries mixed up in the wrong ItemGroups.
50         We should fix these so that ClCompile entries are in the ClCompile ItemGroup,
51         and ClInclude entries in the ClInclude ItemGroup.  This will help reduce the
52         chance of future cut-and-paste errors of this nature.
53
54         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
55         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
56
57 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
58
59         Unreviewed Windows Build Fix after r174892.
60
61         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
62         Update file name to the new generated file name.
63
64 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
65
66         Web Inspector: Rename generated Inspector.json to CombinedDomains.json to prevent name collisions
67         https://bugs.webkit.org/show_bug.cgi?id=137825
68
69         Reviewed by Timothy Hatcher.
70
71         * CMakeLists.txt:
72         * DerivedSources.make:
73         * JavaScriptCore.vcxproj/copy-files.cmd:
74         * JavaScriptCore.xcodeproj/project.pbxproj:
75         * inspector/protocol/Inspector.json: Renamed from Source/JavaScriptCore/inspector/protocol/InspectorDomain.json.
76
77 2014-10-20  Joseph Pecoraro  <pecoraro@apple.com>
78
79         Web Inspector: Generate all Inspector domains together in JavaScriptCore
80         https://bugs.webkit.org/show_bug.cgi?id=137748
81
82         Reviewed by Brian Burg.
83
84         * inspector/protocol/ApplicationCache.json: Renamed from Source/WebCore/inspector/protocol/ApplicationCache.json.
85         * inspector/protocol/CSS.json: Renamed from Source/WebCore/inspector/protocol/CSS.json.
86         * inspector/protocol/DOM.json: Renamed from Source/WebCore/inspector/protocol/DOM.json.
87         * inspector/protocol/DOMDebugger.json: Renamed from Source/WebCore/inspector/protocol/DOMDebugger.json.
88         * inspector/protocol/DOMStorage.json: Renamed from Source/WebCore/inspector/protocol/DOMStorage.json.
89         * inspector/protocol/Database.json: Renamed from Source/WebCore/inspector/protocol/Database.json.
90         * inspector/protocol/IndexedDB.json: Renamed from Source/WebCore/inspector/protocol/IndexedDB.json.
91         * inspector/protocol/LayerTree.json: Renamed from Source/WebCore/inspector/protocol/LayerTree.json.
92         * inspector/protocol/Network.json: Renamed from Source/WebCore/inspector/protocol/Network.json.
93         * inspector/protocol/Page.json: Renamed from Source/WebCore/inspector/protocol/Page.json.
94         * inspector/protocol/Replay.json: Renamed from Source/WebCore/inspector/protocol/Replay.json.
95         * inspector/protocol/Timeline.json: Renamed from Source/WebCore/inspector/protocol/Timeline.json.
96         * inspector/protocol/Worker.json: Renamed from Source/WebCore/inspector/protocol/Worker.json.
97         Move all protocol files into this directory.
98
99         * inspector/InspectorProtocolTypesBase.h: Renamed from Source/JavaScriptCore/inspector/InspectorProtocolTypes.h.
100         Renamed the base types file to not clash with the generated types file.
101
102         * CMakeLists.txt:
103         * DerivedSources.make:
104         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
105         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
106         * JavaScriptCore.vcxproj/copy-files.cmd:
107         * JavaScriptCore.xcodeproj/project.pbxproj:
108         Update build phases for new JSON files and new filenames.
109
110         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
111         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
112         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
113         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
114         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
115         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
116         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
117         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
118         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
119         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
120         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
121         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
122         Updated names of things now that prefixes are no longer needed.
123
124         * inspector/ConsoleMessage.h:
125         * inspector/ContentSearchUtilities.cpp:
126         * inspector/ContentSearchUtilities.h:
127         * inspector/InjectedScript.h:
128         * inspector/InjectedScriptBase.h:
129         * inspector/ScriptCallFrame.h:
130         * inspector/ScriptCallStack.h:
131         * inspector/agents/InspectorAgent.h:
132         * inspector/agents/InspectorConsoleAgent.h:
133         * inspector/agents/InspectorDebuggerAgent.cpp:
134         (Inspector::breakpointActionTypeForString):
135         * inspector/agents/InspectorDebuggerAgent.h:
136         * inspector/agents/InspectorRuntimeAgent.h:
137         * runtime/TypeProfiler.cpp:
138         * runtime/TypeSet.cpp:
139         Update includes and update a few function names that are generated.
140
141         * inspector/scripts/codegen/generate_protocol_types_header.py:
142         (ProtocolTypesHeaderGenerator.output_filename):
143         (ProtocolTypesHeaderGenerator.generate_output):
144         Include an export macro for type string constants defined in the implementation file.
145
146         * inspector/scripts/codegen/generate_backend_commands.py:
147         (BackendCommandsGenerator.output_filename):
148         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
149         (BackendDispatcherHeaderGenerator.output_filename):
150         (BackendDispatcherHeaderGenerator.generate_output):
151         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
152         (BackendDispatcherImplementationGenerator.output_filename):
153         (BackendDispatcherImplementationGenerator.generate_output):
154         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
155         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
156         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
157         (FrontendDispatcherHeaderGenerator.output_filename):
158         (FrontendDispatcherHeaderGenerator.generate_output):
159         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
160         (FrontendDispatcherImplementationGenerator.output_filename):
161         (FrontendDispatcherImplementationGenerator.generate_output):
162         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
163         (_generate_class_for_object_declaration):
164         (_generate_builder_setter_for_member):
165         (_generate_unchecked_setter_for_member):
166         * inspector/scripts/codegen/generate_protocol_types_implementation.py:
167         (ProtocolTypesImplementationGenerator.output_filename):
168         (ProtocolTypesImplementationGenerator.generate_output):
169         (ProtocolTypesImplementationGenerator._generate_enum_mapping):
170         * inspector/scripts/codegen/models.py:
171         (Framework.fromString):
172         (Frameworks):
173         * inspector/scripts/generate-inspector-protocol-bindings.py:
174         Simplify generator now that prefixes are no longer needed. This updates
175         filenames, includes, and the list of supported directories.
176
177 2014-10-20  Csaba Osztrogonác  <ossy@webkit.org>
178
179         Remove obsolete comments after r99798
180         https://bugs.webkit.org/show_bug.cgi?id=137871
181
182         Reviewed by Darin Adler.
183
184         r99798 removed the comment in MacroAssemblerARMv7::supportsFloatingPointTruncate(),
185         so we should remove the stale references to this removed comment.
186
187         * assembler/MacroAssemblerX86.h:
188         * assembler/MacroAssemblerX86_64.h:
189
190 2014-10-20  Csaba Osztrogonác  <ossy@webkit.org>
191
192         MacroAssemblerX86Common.cpp should be built on Windows too
193         https://bugs.webkit.org/show_bug.cgi?id=137873
194
195         Reviewed by Brent Fulgham.
196
197         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
198         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
199
200 2014-10-20  Csaba Osztrogonác  <ossy@webkit.org>
201
202         [cmake] Remove duplicated source files
203         https://bugs.webkit.org/show_bug.cgi?id=137875
204
205         Reviewed by Gyuyoung Kim.
206
207         * CMakeLists.txt:
208
209 2014-10-18  Brian J. Burg  <burg@cs.washington.edu>
210
211         Web Replay: code generator shouldn't complain about enums without a storage type if they are in an enclosing scope
212         https://bugs.webkit.org/show_bug.cgi?id=137084
213
214         Reviewed by Joseph Pecoraro.
215
216         In order to generate encode/decode method declarations without pulling in lots of headers,
217         the generator must forward declare enums (for enum classes or enums with explicit sizes).
218
219         Change the generator to not require an explicit size if an enum is declared inside a struct
220         or class definition. In that case, it must pull in headers since scoped enums can't be
221         forward declared.
222
223         This patch also fixes some chained if-statements that should be if-else statements.
224
225         Test: updated replay/scripts/tests/generate-enum-encoding-helpers.json to cover the new case.
226
227         * replay/scripts/CodeGeneratorReplayInputs.py:
228         (InputsModel.parse_type_with_framework_name.is):
229         (InputsModel.parse_type_with_framework_name.is.must):
230         (Generator.generate_enum_trait_implementation):
231         (InputsModel.parse_type_with_framework_name): Deleted.
232         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
233         * replay/scripts/tests/expected/fail-on-c-style-enum-no-storage.json-error:
234         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
235         (JSC::EncodingTraits<WebCore::MouseButton>::decodeValue):
236         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
237         (JSC::EncodingTraits<WebCore::MouseButton>::decodeValue):
238         (JSC::EncodingTraits<WebCore::PlatformEvent::Type>::encodeValue):
239         (JSC::EncodingTraits<WebCore::PlatformEvent::Type>::decodeValue):
240         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
241         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
242         (JSC::EncodingTraits<WebCore::FormData1::Type>::decodeValue):
243         (JSC::EncodingTraits<PlatformEvent1::Type>::decodeValue):
244         * replay/scripts/tests/generate-enum-encoding-helpers.json: Added a new input to cover this case.
245
246 2014-10-17  Mark Lam  <mark.lam@apple.com>
247
248         Web Process crash when starting the web inspector after r174025.
249         <https://webkit.org/b/137340>
250
251         Reviewed by Filip Pizlo.
252
253         After r174025, we can generate a bad graph in the DFG fixup phase like so:
254
255             102:<!0:-> StoreBarrier(Check:KnownCell:@19, ..., bc#44)
256             60:<!0:->  PutStructure(Check:KnownCell:@19, ..., bc#44)
257             103:<!0:-> Check(Check:NotCell:@54, ..., bc#44)
258                     // ^-- PutByOffset's StoreBarrier has been elided and replaced
259                     //     with a speculation check which can OSR exit.
260             61:<!0:->  PutByOffset(Check:KnownCell:@19, ..., bc#44)
261
262         As a result, the structure change will get executed even if we end up OSR
263         exiting before the PutByOffset.  In the baseline JIT code, the structure now
264         erroneously tells the put operation that there is a value in that property
265         slot when it is actually uninitialized (hence, the crash).
266
267         The fix is to insert the Check at the earliest point possible:
268
269         1. If the checked node is in the same bytecode as the PutByOffset, then
270            the earliest point where we can insert the Check is right after the
271            checked node.
272
273         2. If the checked node is from a preceding bytecode (before the PutByOffset),
274            then the earliest point where we can insert the Check is at the start
275            of the current bytecode.
276
277         Also reverted the workaround from r174749: https://webkit.org/b/137758.
278
279         Benchmark results appear to be a wash on aggregate.
280
281         * dfg/DFGFixupPhase.cpp:
282         (JSC::DFG::FixupPhase::indexOfNode):
283         (JSC::DFG::FixupPhase::indexOfFirstNodeOfExitOrigin):
284         (JSC::DFG::FixupPhase::fixupNode):
285         (JSC::DFG::FixupPhase::insertCheck):
286         * dfg/DFGInsertionSet.h:
287         (JSC::DFG::InsertionSet::insertOutOfOrder):
288         (JSC::DFG::InsertionSet::insertOutOfOrderNode):
289
290 2014-10-10  Oliver Hunt  <oliver@apple.com>
291
292         Various arguments optimisations in codegen fail to account for arguments being in lexical record
293         https://bugs.webkit.org/show_bug.cgi?id=137617
294
295         Reviewed by Michael Saboff.
296
297         Rework the way we track |arguments| references so that we don't try
298         to use the |arguments| reference on the stack if it's not safe.
299
300         To do this without nuking performance it was necessary to update
301         the parser to track modification of the |arguments| reference
302         itself.
303
304         * bytecode/CodeBlock.cpp:
305         * bytecompiler/BytecodeGenerator.cpp:
306         (JSC::BytecodeGenerator::BytecodeGenerator):
307         (JSC::BytecodeGenerator::willResolveToArguments):
308         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
309         (JSC::BytecodeGenerator::emitCall):
310         (JSC::BytecodeGenerator::emitConstruct):
311         (JSC::BytecodeGenerator::emitEnumeration):
312         (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted.
313         * bytecompiler/BytecodeGenerator.h:
314         (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister):
315         * bytecompiler/NodesCodegen.cpp:
316         (JSC::BracketAccessorNode::emitBytecode):
317         (JSC::DotAccessorNode::emitBytecode):
318         (JSC::getArgumentByVal):
319         (JSC::CallFunctionCallDotNode::emitBytecode):
320         (JSC::ApplyFunctionCallDotNode::emitBytecode):
321         (JSC::ArrayPatternNode::emitDirectBinding):
322         * interpreter/StackVisitor.cpp:
323         (JSC::StackVisitor::Frame::existingArguments):
324         * parser/Nodes.h:
325         (JSC::ScopeNode::modifiesArguments):
326         * parser/Parser.cpp:
327         (JSC::Parser<LexerType>::parseInner):
328         * parser/Parser.h:
329         (JSC::Scope::getCapturedVariables):
330         * parser/ParserModes.h:
331
332 2014-10-17  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
333
334         Use WTF::move() instead of std::move() to help ensure move semantics in JavaScriptCore
335         https://bugs.webkit.org/show_bug.cgi?id=137809
336
337         Reviewed by Csaba Osztrogonác.
338
339         Substitution of WTF::move() for std::move(). Clean up std::move() in JavaScriptCore.
340
341         * bytecode/GetByIdStatus.cpp:
342         (JSC::GetByIdStatus::computeForStubInfo):
343         * bytecode/PutByIdStatus.cpp:
344         (JSC::PutByIdStatus::computeForStubInfo):
345         * bytecode/PutByIdVariant.cpp:
346         (JSC::PutByIdVariant::setter):
347
348 2014-10-15  Oliver Hunt  <oliver@apple.com>
349
350         Use a single allocation for the Arguments object
351         https://bugs.webkit.org/show_bug.cgi?id=137751
352
353         Reviewed by Filip Pizlo.
354
355         This patch removes the secondary allocation for parameters in the Arguments
356         object.  This is faily simple, but we needed to make it possible for the JIT
357         to allocate a variable GC object.  To do this i've added a new 
358         emitAllocateVariableSizedJSObject function to the JIT that does the work to
359         find the correct heap for a variable sized allocation and then bump that
360         allocator.
361
362         * dfg/DFGSpeculativeJIT.cpp:
363         (JSC::DFG::SpeculativeJIT::emitAllocateArguments):
364         * dfg/DFGSpeculativeJIT.h:
365         (JSC::DFG::SpeculativeJIT::emitAllocateVariableSizedJSObject):
366         * heap/CopyToken.h:
367         * heap/Heap.h:
368         (JSC::Heap::subspaceForObjectWithoutDestructor):
369         (JSC::Heap::subspaceForObjectNormalDestructor):
370         (JSC::Heap::subspaceForObjectsWithImmortalStructure):
371         * heap/MarkedSpace.h:
372         (JSC::MarkedSpace::subspaceForObjectsWithNormalDestructor):
373         (JSC::MarkedSpace::subspaceForObjectsWithImmortalStructure):
374         (JSC::MarkedSpace::subspaceForObjectsWithoutDestructor):
375         * interpreter/StackVisitor.cpp:
376         (JSC::StackVisitor::Frame::createArguments):
377         * runtime/Arguments.cpp:
378         (JSC::Arguments::visitChildren):
379         (JSC::Arguments::copyBackingStore):
380         (JSC::Arguments::tearOff):
381         (JSC::Arguments::allocateRegisterArray): Deleted.
382         * runtime/Arguments.h:
383         (JSC::Arguments::create):
384         (JSC::Arguments::isTornOff):
385         (JSC::Arguments::offsetOfRegisterArray):
386         (JSC::Arguments::registerArraySizeInBytes):
387         (JSC::Arguments::registerArray):
388         (JSC::Arguments::allocationSize): Deleted.
389
390 2014-10-15  Filip Pizlo  <fpizlo@apple.com>
391
392         Apparently we've had a hole in arguments capture all along
393         https://bugs.webkit.org/show_bug.cgi?id=137767
394
395         Reviewed by Oliver Hunt.
396
397         * dfg/DFGByteCodeParser.cpp:
398         (JSC::DFG::ByteCodeParser::getArgument):
399         * tests/stress/arguments-captured.js: Added.
400         (foo):
401         (bar):
402
403 2014-10-16  Saam Barati  <saambarati1@gmail.com>
404
405         Have the ProfileType node in the DFG convert to a structure check where it can
406         https://bugs.webkit.org/show_bug.cgi?id=137596
407
408         Reviewed by Filip Pizlo.
409
410         TypeSet now keeps track of the live set of Structures it has seen.
411         It no longer nukes everything during GC. It now only removes unmarked
412         structures during GC. This modification allows the ProfileType node 
413         to convert into a CheckStructure node safely in the DFG. 
414
415         This change brings up the conversion rate from ProfileType to Check 
416         or CheckStructrue from ~45% to ~65%. This change also speeds the 
417         type profiler up significantly: consistently between 2x-20x faster. 
418
419         This patch also does some slight refactoring: a few type profiler
420         related fields are moved from VM to TypeProfiler.
421
422         * bytecode/CodeBlock.cpp:
423         (JSC::CodeBlock::CodeBlock):
424         * dfg/DFGFixupPhase.cpp:
425         (JSC::DFG::FixupPhase::fixupNode):
426         * dfg/DFGNode.h:
427         (JSC::DFG::Node::convertToCheckStructure):
428         * heap/Heap.cpp:
429         (JSC::Heap::collect):
430         * runtime/SymbolTable.cpp:
431         (JSC::SymbolTable::uniqueIDForVariable):
432         * runtime/SymbolTable.h:
433         * runtime/TypeLocationCache.cpp:
434         (JSC::TypeLocationCache::getTypeLocation):
435         * runtime/TypeProfiler.cpp:
436         (JSC::TypeProfiler::TypeProfiler):
437         (JSC::TypeProfiler::nextTypeLocation):
438         (JSC::TypeProfiler::invalidateTypeSetCache):
439         (JSC::TypeProfiler::dumpTypeProfilerData):
440         * runtime/TypeProfiler.h:
441         (JSC::TypeProfiler::getNextUniqueVariableID):
442         * runtime/TypeProfilerLog.cpp:
443         (JSC::TypeProfilerLog::processLogEntries):
444         * runtime/TypeSet.cpp:
445         (JSC::TypeSet::addTypeInformation):
446         (JSC::TypeSet::invalidateCache):
447         * runtime/TypeSet.h:
448         (JSC::TypeSet::structureSet):
449         * runtime/VM.cpp:
450         (JSC::VM::VM):
451         (JSC::VM::enableTypeProfiler):
452         (JSC::VM::disableTypeProfiler):
453         (JSC::VM::dumpTypeProfilerData):
454         (JSC::VM::nextTypeLocation): Deleted.
455         (JSC::VM::invalidateTypeSetCache): Deleted.
456         * runtime/VM.h:
457         (JSC::VM::typeProfiler):
458         (JSC::VM::getNextUniqueVariableID): Deleted.
459         * tests/typeProfiler/dfg-jit-optimizations.js:
460
461 2014-10-16  Adrien Destugues  <pulkomandy@gmail.com>
462
463         Use isnan from std namespace in ProfileGenerator.cpp
464         https://bugs.webkit.org/show_bug.cgi?id=137653
465
466         Reviewed by Darin Adler.
467
468         The C++ isnan() function is in the std namespace. The unprefixed isnan
469         may be available because of C99 headers leakage in C++, but should not
470         be used.
471
472         No new tests: no functional change, build fix on platforms which don't
473         export C99 functions in C++.
474
475         * profiler/ProfileGenerator.cpp:
476         (JSC::ProfileGenerator::beginCallEntry):
477         (JSC::ProfileGenerator::endCallEntry):
478         (JSC::ProfileGenerator::didPause):
479         (JSC::ProfileGenerator::didContinue):
480
481 2014-10-15  Michael Saboff  <msaboff@apple.com>
482
483         REGRESSION(r174025): remote inspector crashes frequently when executing inspector frontend's JavaScript
484         https://bugs.webkit.org/show_bug.cgi?id=137758
485
486         Rubber stamped by Filip Pizlo.
487
488         Reverted r174025 for just PutByOffset Nodes.
489
490         * dfg/DFGFixupPhase.cpp:
491         (JSC::DFG::FixupPhase::fixupNode):
492
493 2014-10-14  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
494
495         Clean up unnecessary PassOwnPtr.h inclusion
496         https://bugs.webkit.org/show_bug.cgi?id=137726
497
498         Reviewed by Chris Dumez.
499
500         * API/JSCallbackObject.h: Remove PassOwnPtr.h inclusion.
501         * bytecode/DFGExitProfile.cpp: ditto.
502
503 2014-10-14  Brent Fulgham  <bfulgham@apple.com>
504
505         [Win] Unreviewed gardening. Ignore Visual Studio *.sdf files.
506
507         * JavaScriptCore.vcxproj: Modified properties svn:ignore and svn:ignore.
508         * JavaScriptCore.vcxproj/jsc: Modified property svn:ignore.
509
510 2014-10-14  Matthew Mirman  <mmirman@apple.com>
511
512         Removes references to LLVMJIT which is no longer part of LLVM
513         https://bugs.webkit.org/show_bug.cgi?id=137708
514
515         Reviewed by Filip Pizlo.
516
517         * Configurations/LLVMForJSC.xcconfig: removed -lLLVMJIT
518         * llvm/LLVMAPIFunctions.h: removed LinkInJIT
519
520 2014-10-14  peavo@outlook.com  <peavo@outlook.com>
521
522         [Win32] Thunk is not implemented.
523         https://bugs.webkit.org/show_bug.cgi?id=137691
524
525         Reviewed by Mark Lam.
526
527         Thunks for functions with double operands (floor, etc.) are not implemented on Win32.
528
529         * jit/ThunkGenerators.cpp:
530
531 2014-10-12  Alexey Proskuryakov  <ap@apple.com>
532
533         Adding svn:ignore so that .pyc files don't show up as new.
534
535         * inspector/scripts/codegen: Added property svn:ignore.
536
537 2014-10-10  Commit Queue  <commit-queue@webkit.org>
538
539         Unreviewed, rolling out r174606.
540         https://bugs.webkit.org/show_bug.cgi?id=137621
541
542         broke a JSC test (Requested by estes on #webkit).
543
544         Reverted changeset:
545
546         "Various arguments optimisations in codegen fail to account
547         for arguments being in lexical record"
548         https://bugs.webkit.org/show_bug.cgi?id=137617
549         http://trac.webkit.org/changeset/174606
550
551 2014-10-10  Oliver Hunt  <oliver@apple.com>
552
553         Various arguments optimisations in codegen fail to account for arguments being in lexical record
554         https://bugs.webkit.org/show_bug.cgi?id=137617
555
556         Reviewed by Michael Saboff.
557
558         Rework the way we track |arguments| references so that we don't try
559         to use the |arguments| reference on the stack if it's not safe.
560
561         To do this without nuking performance it was necessary to update
562         the parser to track modification of the |arguments| reference
563         itself.
564
565         * bytecode/CodeBlock.cpp:
566         * bytecompiler/BytecodeGenerator.cpp:
567         (JSC::BytecodeGenerator::BytecodeGenerator):
568         (JSC::BytecodeGenerator::willResolveToArguments):
569         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
570         (JSC::BytecodeGenerator::emitCall):
571         (JSC::BytecodeGenerator::emitConstruct):
572         (JSC::BytecodeGenerator::emitEnumeration):
573         (JSC::BytecodeGenerator::uncheckedRegisterForArguments): Deleted.
574         * bytecompiler/BytecodeGenerator.h:
575         (JSC::BytecodeGenerator::hasSafeLocalArgumentsRegister):
576         * bytecompiler/NodesCodegen.cpp:
577         (JSC::BracketAccessorNode::emitBytecode):
578         (JSC::DotAccessorNode::emitBytecode):
579         (JSC::getArgumentByVal):
580         (JSC::CallFunctionCallDotNode::emitBytecode):
581         (JSC::ApplyFunctionCallDotNode::emitBytecode):
582         (JSC::ArrayPatternNode::emitDirectBinding):
583         * interpreter/StackVisitor.cpp:
584         (JSC::StackVisitor::Frame::existingArguments):
585         * parser/Nodes.h:
586         (JSC::ScopeNode::modifiesArguments):
587         * parser/Parser.cpp:
588         (JSC::Parser<LexerType>::parseInner):
589         * parser/Parser.h:
590         (JSC::Scope::getCapturedVariables):
591         * parser/ParserModes.h:
592
593 2014-10-09  Joseph Pecoraro  <pecoraro@apple.com>
594
595         Web Inspector: Remove unused generator code
596         https://bugs.webkit.org/show_bug.cgi?id=137564
597
598         Reviewed by Brian Burg.
599
600         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
601         (BackendDispatcherHeaderGenerator.generate_output): Deleted.
602         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
603         (BackendDispatcherImplementationGenerator.generate_output):
604         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
605         (FrontendDispatcherHeaderGenerator.generate_output):
606         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
607         (FrontendDispatcherImplementationGenerator.generate_output):
608         * inspector/scripts/codegen/generate_protocol_types_header.py:
609         (ProtocolTypesHeaderGenerator.generate_output):
610         * inspector/scripts/codegen/generate_protocol_types_implementation.py:
611         (ProtocolTypesImplementationGenerator.generate_output):
612         inputFilename is now handled by the generic generator base class.
613
614         * inspector/scripts/codegen/models.py:
615         (Framework.fromString):
616         (Frameworks):
617         * inspector/scripts/generate-inspector-protocol-bindings.py:
618         The WTF framework is unused. Remove unexpected frameworks.
619
620 2014-10-09  Dean Jackson  <dino@apple.com>
621
622         Remove ENABLE_CSS3_CONDITIONAL_RULES
623         https://bugs.webkit.org/show_bug.cgi?id=137571
624
625         Reviewed by Simon Fraser.
626
627         * Configurations/FeatureDefines.xcconfig:
628
629 2014-10-09  Adrien Destugues  <pulkomandy@gmail.com>
630
631         Fix compiler warning on noreturn function
632         https://bugs.webkit.org/show_bug.cgi?id=137558
633
634         Reviewed by Darin Adler.
635
636         The function is marked "noreturn", but the stub implementation does
637         return. No new tests: function is never called. Only fixes a warning.
638
639         * heap/HeapStatistics.cpp:
640         (JSC::HeapStatistics::exitWithFailure):
641
642 2014-10-09  Akos Kiss  <akiss@inf.u-szeged.hu>
643
644         Ensure that inline assembly Thunk functions don't conflict with the section designations of the compiler
645         https://bugs.webkit.org/show_bug.cgi?id=137434
646
647         Reviewed by Michael Saboff.
648
649         The ARM64 version of the defineUnaryDoubleOpWrapper macro in
650         ThunkGenerators.cpp contains inline assembly with .text assembler
651         directive followed by a static variable declaration. This macro gets
652         expanded several times afterwards, however, only during the compilation
653         of the first expansion does gcc insert a .data assembler directive
654         before the assembled version of the static variable. Thus, only the
655         first variable gets allocated in the .data section, all the others
656         remain in .text. If JavaScriptCore is built as a shared library then
657         this causes a segmentation fault during dynamic linking.
658
659         This patch puts a .previous directive at the end of the inline assembly
660         to ensure that the assumptions of the compiler about the sections are
661         not broken and the following variable goes to the right place.
662
663         * jit/ThunkGenerators.cpp:
664
665 2014-10-08  Oliver Hunt  <oliver@apple.com>
666
667         Make sure arguments tearoff is performed through the environment record if necessary
668         https://bugs.webkit.org/show_bug.cgi?id=137538
669
670         Reviewed by Michael Saboff.
671
672         Fairly simple change.  If we have a lexical record we need to pull the unmodified
673         arguments object from the record and then use the standard op_tear_off_arguments
674         instruction on the temporary.
675
676         * bytecompiler/BytecodeGenerator.cpp:
677         (JSC::BytecodeGenerator::emitGetOwnScope):
678         (JSC::BytecodeGenerator::emitReturn):
679         * bytecompiler/BytecodeGenerator.h:
680
681 2014-10-08  peavo@outlook.com  <peavo@outlook.com>
682
683         [WinCairo] Enable JIT on 32-bit.
684         https://bugs.webkit.org/show_bug.cgi?id=137521
685
686         Reviewed by Mark Lam.
687
688         Enable JIT on Windows 32-bit, but disable it at runtime if SSE2 is not present.
689
690         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.pl:
691         * runtime/Options.cpp:
692         (JSC::recomputeDependentOptions):
693
694 2014-10-08  Brent Fulgham  <bfulgham@apple.com>
695
696         [Win] Resolve some static analysis warnings in JavaScriptCore
697         https://bugs.webkit.org/show_bug.cgi?id=137508
698
699         Reviewed by Geoffrey Garen.
700
701         * API/tests/testapi.c:
702         (assertEqualsAsCharactersPtr): MSVC insists on using %Iu as its format specifier
703         for size_t. Make the format string conditional on Windows.
704         * bytecode/Watchpoint.h:
705         (JSC::InlineWatchpointSet::encodeState): Silence warning about left-shifting 'state'
706         as a 32-bit value before OR-ing it with a 64-bit value.
707         * dfg/DFGFixupPhase.cpp:
708         (JSC::DFG::FixupPhase::fixupNode): Silence warning about operator prescedence
709         causing the || operation to take place before the >= test.
710         * dfg/DFGInPlaceAbstractState.cpp:
711         (JSC::DFG::InPlaceAbstractState::endBasicBlock): Ditto (|| before !=)
712         * testRegExp.cpp:
713         (testOneRegExp): Ditto %Iu format specifier.
714         * yarr/YarrInterpreter.cpp:
715         (JSC::Yarr::Interpreter::allocParenthesesDisjunctionContext): Silence warning about
716         using a 32-bit value as part of a 64-bit calculation.
717
718 2014-10-07  Simon Fraser  <simon.fraser@apple.com>
719
720         Roll-over Changelogs.
721
722         * ChangeLog-2014-10-07: Copied from Source/JavaScriptCore/ChangeLog.
723
724 == Rolled over to ChangeLog-2014-10-07 ==