4443d4d79f5a168520b5f808d5f1d5085f7a13bd
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
4         https://bugs.webkit.org/show_bug.cgi?id=147874
5
6         Reviewed by Darin Adler.
7
8         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
9         The difference from the Object.* one is
10
11         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
12         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
13
14         * runtime/ObjectConstructor.cpp:
15         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
16         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
17         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
18         (JSC::objectConstructorGetPrototypeOf):
19         * runtime/ObjectConstructor.h:
20         * runtime/ReflectObject.cpp:
21         (JSC::reflectObjectGetPrototypeOf):
22         (JSC::reflectObjectSetPrototypeOf):
23         * tests/stress/reflect-get-prototype-of.js: Added.
24         (shouldBe):
25         (shouldThrow):
26         (Base):
27         (Derived):
28         * tests/stress/reflect-set-prototype-of.js: Added.
29         (shouldBe):
30         (shouldThrow):
31
32 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
33
34         Fix debug build when optimization is enabled
35         https://bugs.webkit.org/show_bug.cgi?id=147816
36
37         Reviewed by Alexey Proskuryakov.
38
39         * llint/LLIntEntrypoint.cpp:
40         * runtime/FunctionExecutableDump.cpp:
41
42 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
43
44         Ensure that Reflect.enumerate does not produce the deleted keys
45         https://bugs.webkit.org/show_bug.cgi?id=147677
46
47         Reviewed by Darin Adler.
48
49         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
50
51         * tests/stress/reflect-enumerate.js:
52
53 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
54
55         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
56         https://bugs.webkit.org/show_bug.cgi?id=147856
57
58         Reviewed by Saam Barati.
59
60         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
61
62         * CMakeLists.txt:
63         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
64         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
65         * JavaScriptCore.xcodeproj/project.pbxproj:
66         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
67         (JSC::ExecutableInfo::ExecutableInfo):
68         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
69         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
70         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
71         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
72         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
73         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
74         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
75         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
76         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
77         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
78         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
79         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
80         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
81         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
82         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
83         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
84         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
85         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
86         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
87         (JSC::UnlinkedCodeBlock::regexp): Deleted.
88         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
89         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
90         (JSC::UnlinkedCodeBlock::identifier): Deleted.
91         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
92         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
93         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
94         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
95         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
96         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
97         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
98         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
99         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
100         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
101         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
102         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
103         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
104         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
105         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
106         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
107         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
108         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
109         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
110         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
111         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
112         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
113         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
114         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
115         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
116         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
117         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
118         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
119         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
120         (JSC::UnlinkedCodeBlock::vm): Deleted.
121         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
122         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
123         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
124         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
125         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
126         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
127         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
128         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
129         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
130         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
131         (JSC::UnlinkedCodeBlock::codeType): Deleted.
132         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
133         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
134         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
135         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
136         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
137         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
138         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
139         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
140         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
141         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
142         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
143         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
144         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
145         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
146         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
147         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
148         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
149         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
150         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
151         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
152         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
153         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
154         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
155         * bytecode/UnlinkedCodeBlock.cpp:
156         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
157         (JSC::generateFunctionCodeBlock): Deleted.
158         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
159         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
160         (JSC::UnlinkedFunctionExecutable::link): Deleted.
161         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
162         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
163         * bytecode/UnlinkedCodeBlock.h:
164         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
165         (JSC::ExecutableInfo::needsActivation): Deleted.
166         (JSC::ExecutableInfo::usesEval): Deleted.
167         (JSC::ExecutableInfo::isStrictMode): Deleted.
168         (JSC::ExecutableInfo::isConstructor): Deleted.
169         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
170         (JSC::ExecutableInfo::constructorKind): Deleted.
171         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
172         (JSC::generateFunctionCodeBlock):
173         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
174         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
175         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
176         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
177         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
178         (JSC::dumpLineColumnEntry): Deleted.
179         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
180         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
181         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
182         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
183         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
184         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
185         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
186         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
187         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
188         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
189         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
190         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
191         (JSC::UnlinkedCodeBlock::instructions): Deleted.
192         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
193         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
194         (JSC::ExecutableInfo::needsActivation): Deleted.
195         (JSC::ExecutableInfo::usesEval): Deleted.
196         (JSC::ExecutableInfo::isStrictMode): Deleted.
197         (JSC::ExecutableInfo::isConstructor): Deleted.
198         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
199         (JSC::ExecutableInfo::constructorKind): Deleted.
200         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
201         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
202         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
203         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
204         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
205         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
206         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
207         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
208         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
209         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
210         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
211         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
212         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
213         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
214         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
215         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
216         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
217         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
218         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
219         (JSC::UnlinkedCodeBlock::regexp): Deleted.
220         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
221         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
222         (JSC::UnlinkedCodeBlock::identifier): Deleted.
223         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
224         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
225         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
226         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
227         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
228         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
229         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
230         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
231         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
232         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
233         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
234         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
235         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
236         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
237         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
238         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
239         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
240         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
241         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
242         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
243         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
244         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
245         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
246         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
247         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
248         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
249         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
250         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
251         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
252         (JSC::UnlinkedCodeBlock::vm): Deleted.
253         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
254         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
255         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
256         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
257         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
258         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
259         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
260         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
261         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
262         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
263         (JSC::UnlinkedCodeBlock::codeType): Deleted.
264         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
265         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
266         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
267         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
268         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
269         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
270         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
271         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
272         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
273         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
274         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
275         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
276         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
277         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
278         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
279         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
280         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
281         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
282         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
283         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
284         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
285         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
286         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
287         * runtime/Executable.h:
288
289 2015-08-10  Mark Lam  <mark.lam@apple.com>
290
291         Refactor LiveObjectList and LiveObjectData into their own files.
292         https://bugs.webkit.org/show_bug.cgi?id=147843
293
294         Reviewed by Saam Barati.
295
296         There is no behavior change in this patch.
297
298         * CMakeLists.txt:
299         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
300         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
301         * JavaScriptCore.xcodeproj/project.pbxproj:
302         * heap/HeapVerifier.cpp:
303         (JSC::HeapVerifier::HeapVerifier):
304         (JSC::LiveObjectList::findObject): Deleted.
305         * heap/HeapVerifier.h:
306         (JSC::LiveObjectData::LiveObjectData): Deleted.
307         (JSC::LiveObjectList::LiveObjectList): Deleted.
308         (JSC::LiveObjectList::reset): Deleted.
309         * heap/LiveObjectData.h: Added.
310         (JSC::LiveObjectData::LiveObjectData):
311         * heap/LiveObjectList.cpp: Added.
312         (JSC::LiveObjectList::findObject):
313         * heap/LiveObjectList.h: Added.
314         (JSC::LiveObjectList::LiveObjectList):
315         (JSC::LiveObjectList::reset):
316
317 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
318
319         Let's rename FunctionBodyNode
320         https://bugs.webkit.org/show_bug.cgi?id=147292
321
322         Reviewed by Mark Lam & Saam Barati.
323
324         FunctionBodyNode => FunctionMetadataNode
325
326         Make FunctionMetadataNode inherit from Node instead of StatementNode
327         because a FunctionMetadataNode can appear in expression context and does
328         not have a next statement.
329
330         (I decided to continue allocating FunctionMetadataNode in the AST arena,
331         and to retain "Node" in its name, because it really is a parsing
332         construct, and we transform its data before consuming it elsewhere.
333
334         There is still room for a future patch to distill and simplify the
335         metadata we track about functions between FunDeclNode/FuncExprNode,
336         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
337
338         * builtins/BuiltinExecutables.cpp:
339         (JSC::BuiltinExecutables::createExecutableInternal):
340         * bytecode/UnlinkedCodeBlock.cpp:
341         (JSC::generateFunctionCodeBlock):
342         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
343         * bytecode/UnlinkedCodeBlock.h:
344         * bytecompiler/BytecodeGenerator.cpp:
345         (JSC::BytecodeGenerator::generate):
346         (JSC::BytecodeGenerator::BytecodeGenerator):
347         (JSC::BytecodeGenerator::emitNewArray):
348         (JSC::BytecodeGenerator::emitNewFunction):
349         (JSC::BytecodeGenerator::emitNewFunctionExpression):
350         * bytecompiler/BytecodeGenerator.h:
351         (JSC::BytecodeGenerator::makeFunction):
352         * bytecompiler/NodesCodegen.cpp:
353         (JSC::EvalNode::emitBytecode):
354         (JSC::FunctionNode::emitBytecode):
355         (JSC::FunctionBodyNode::emitBytecode): Deleted.
356         * parser/ASTBuilder.h:
357         (JSC::ASTBuilder::createFunctionExpr):
358         (JSC::ASTBuilder::createFunctionBody):
359         * parser/NodeConstructors.h:
360         (JSC::FunctionParameters::FunctionParameters):
361         (JSC::FuncExprNode::FuncExprNode):
362         (JSC::FuncDeclNode::FuncDeclNode):
363         * parser/Nodes.cpp:
364         (JSC::EvalNode::EvalNode):
365         (JSC::FunctionMetadataNode::FunctionMetadataNode):
366         (JSC::FunctionMetadataNode::finishParsing):
367         (JSC::FunctionMetadataNode::setEndPosition):
368         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
369         (JSC::FunctionBodyNode::finishParsing): Deleted.
370         (JSC::FunctionBodyNode::setEndPosition): Deleted.
371         * parser/Nodes.h:
372         (JSC::FuncExprNode::body):
373         (JSC::FuncDeclNode::body):
374         * parser/Parser.h:
375         (JSC::Parser::isFunctionMetadataNode):
376         (JSC::Parser::next):
377         (JSC::Parser<LexerType>::parse):
378         (JSC::Parser::isFunctionBodyNode): Deleted.
379         * runtime/CodeCache.cpp:
380         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
381         * runtime/CodeCache.h:
382
383 2015-08-09  Chris Dumez  <cdumez@apple.com>
384
385         Regression(r188105): Seems to have caused crashes during PLT on some iPads
386         https://bugs.webkit.org/show_bug.cgi?id=147818
387
388         Unreviewed, roll out r188105.
389
390         * bytecode/ByValInfo.h:
391         (JSC::ByValInfo::ByValInfo):
392         * bytecode/CodeBlock.cpp:
393         (JSC::CodeBlock::getByValInfoMap): Deleted.
394         (JSC::CodeBlock::addByValInfo): Deleted.
395         * bytecode/CodeBlock.h:
396         (JSC::CodeBlock::getByValInfo):
397         (JSC::CodeBlock::setNumberOfByValInfos):
398         (JSC::CodeBlock::numberOfByValInfos):
399         (JSC::CodeBlock::byValInfo):
400         * bytecode/ExitKind.cpp:
401         (JSC::exitKindToString): Deleted.
402         * bytecode/ExitKind.h:
403         * bytecode/GetByIdStatus.cpp:
404         (JSC::GetByIdStatus::computeFor):
405         (JSC::GetByIdStatus::computeForStubInfo):
406         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
407         * bytecode/GetByIdStatus.h:
408         * dfg/DFGAbstractInterpreterInlines.h:
409         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
410         * dfg/DFGByteCodeParser.cpp:
411         (JSC::DFG::ByteCodeParser::parseBlock):
412         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
413         * dfg/DFGClobberize.h:
414         (JSC::DFG::clobberize): Deleted.
415         * dfg/DFGConstantFoldingPhase.cpp:
416         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
417         * dfg/DFGDoesGC.cpp:
418         (JSC::DFG::doesGC): Deleted.
419         * dfg/DFGFixupPhase.cpp:
420         (JSC::DFG::FixupPhase::fixupNode): Deleted.
421         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
422         * dfg/DFGNode.h:
423         (JSC::DFG::Node::hasUidOperand): Deleted.
424         (JSC::DFG::Node::uidOperand): Deleted.
425         * dfg/DFGNodeType.h:
426         * dfg/DFGPredictionPropagationPhase.cpp:
427         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
428         * dfg/DFGSafeToExecute.h:
429         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
430         (JSC::DFG::safeToExecute): Deleted.
431         * dfg/DFGSpeculativeJIT.cpp:
432         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
433         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
434         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
435         * dfg/DFGSpeculativeJIT.h:
436         * dfg/DFGSpeculativeJIT32_64.cpp:
437         (JSC::DFG::SpeculativeJIT::compile): Deleted.
438         * dfg/DFGSpeculativeJIT64.cpp:
439         (JSC::DFG::SpeculativeJIT::compile): Deleted.
440         * dfg/DFGUseKind.cpp:
441         (WTF::printInternal): Deleted.
442         * dfg/DFGUseKind.h:
443         (JSC::DFG::typeFilterFor): Deleted.
444         (JSC::DFG::isCell): Deleted.
445         * ftl/FTLAbstractHeapRepository.h:
446         * ftl/FTLCapabilities.cpp:
447         (JSC::FTL::canCompile): Deleted.
448         * ftl/FTLLowerDFGToLLVM.cpp:
449         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
450         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
451         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
452         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
453         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
454         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
455         * jit/JIT.cpp:
456         (JSC::JIT::privateCompile):
457         * jit/JIT.h:
458         (JSC::ByValCompilationInfo::ByValCompilationInfo):
459         (JSC::JIT::compileGetByValWithCachedId): Deleted.
460         * jit/JITInlines.h:
461         (JSC::JIT::callOperation): Deleted.
462         * jit/JITOpcodes.cpp:
463         (JSC::JIT::emit_op_has_indexed_property):
464         (JSC::JIT::emitSlow_op_has_indexed_property):
465         * jit/JITOpcodes32_64.cpp:
466         (JSC::JIT::emit_op_has_indexed_property):
467         (JSC::JIT::emitSlow_op_has_indexed_property):
468         * jit/JITOperations.cpp:
469         (JSC::getByVal):
470         * jit/JITOperations.h:
471         * jit/JITPropertyAccess.cpp:
472         (JSC::JIT::emit_op_get_by_val):
473         (JSC::JIT::emitSlow_op_get_by_val):
474         (JSC::JIT::emit_op_put_by_val):
475         (JSC::JIT::emitSlow_op_put_by_val):
476         (JSC::JIT::emitGetByValWithCachedId): Deleted.
477         (JSC::JIT::privateCompileGetByVal): Deleted.
478         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
479         * jit/JITPropertyAccess32_64.cpp:
480         (JSC::JIT::emit_op_get_by_val):
481         (JSC::JIT::emitSlow_op_get_by_val):
482         (JSC::JIT::emit_op_put_by_val):
483         (JSC::JIT::emitSlow_op_put_by_val):
484         (JSC::JIT::emitGetByValWithCachedId): Deleted.
485         * runtime/Symbol.h:
486         * tests/stress/get-by-val-with-string-constructor.js: Removed.
487         * tests/stress/get-by-val-with-string-exit.js: Removed.
488         * tests/stress/get-by-val-with-string-generated.js: Removed.
489         * tests/stress/get-by-val-with-string-getter.js: Removed.
490         * tests/stress/get-by-val-with-string.js: Removed.
491         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
492         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
493         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
494         * tests/stress/get-by-val-with-symbol.js: Removed.
495
496 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
497
498         Reduce uses of PassRefPtr in bindings
499         https://bugs.webkit.org/show_bug.cgi?id=147781
500
501         Reviewed by Chris Dumez.
502
503         Use RefPtr when function can return null or an instance. If not, Ref is used.
504
505         * runtime/JSGenericTypedArrayView.h:
506         (JSC::toNativeTypedView):
507
508 2015-08-07  Alex Christensen  <achristensen@webkit.org>
509
510         Build more testing binaries with CMake on Windows
511         https://bugs.webkit.org/show_bug.cgi?id=147799
512
513         Reviewed by Brent Fulgham.
514
515         * shell/PlatformWin.cmake: Added.
516         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
517
518 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
519
520         Lightweight locks should be adaptive
521         https://bugs.webkit.org/show_bug.cgi?id=147545
522
523         Reviewed by Geoffrey Garen.
524
525         * dfg/DFGCommon.cpp:
526         (JSC::DFG::startCrashing):
527         * heap/CopiedBlock.h:
528         (JSC::CopiedBlock::workListLock):
529         * heap/CopiedBlockInlines.h:
530         (JSC::CopiedBlock::shouldReportLiveBytes):
531         (JSC::CopiedBlock::reportLiveBytes):
532         * heap/CopiedSpace.cpp:
533         (JSC::CopiedSpace::doneFillingBlock):
534         * heap/CopiedSpace.h:
535         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
536         * heap/CopiedSpaceInlines.h:
537         (JSC::CopiedSpace::recycleEvacuatedBlock):
538         * heap/GCThreadSharedData.cpp:
539         (JSC::GCThreadSharedData::didStartCopying):
540         * heap/GCThreadSharedData.h:
541         (JSC::GCThreadSharedData::getNextBlocksToCopy):
542         * heap/ListableHandler.h:
543         (JSC::ListableHandler::List::addThreadSafe):
544         (JSC::ListableHandler::List::addNotThreadSafe):
545         * heap/MachineStackMarker.cpp:
546         (JSC::MachineThreads::tryCopyOtherThreadStacks):
547         * heap/SlotVisitorInlines.h:
548         (JSC::SlotVisitor::copyLater):
549         * parser/SourceProvider.cpp:
550         (JSC::SourceProvider::~SourceProvider):
551         (JSC::SourceProvider::getID):
552         * profiler/ProfilerDatabase.cpp:
553         (JSC::Profiler::Database::addDatabaseToAtExit):
554         (JSC::Profiler::Database::removeDatabaseFromAtExit):
555         (JSC::Profiler::Database::removeFirstAtExitDatabase):
556         * runtime/TypeProfilerLog.h:
557
558 2015-08-07  Mark Lam  <mark.lam@apple.com>
559
560         Rename some variables in the JSC watchdog implementation.
561         https://bugs.webkit.org/show_bug.cgi?id=147790
562
563         Rubber stamped by Benjamin Poulain.
564
565         This is just a refactoring patch to give the variable better names that describe their
566         intended use.  There is no behavior change.
567
568         * runtime/Watchdog.cpp:
569         (JSC::Watchdog::Watchdog):
570         (JSC::Watchdog::setTimeLimit):
571         (JSC::Watchdog::didFire):
572         (JSC::Watchdog::isEnabled):
573         (JSC::Watchdog::fire):
574         (JSC::Watchdog::startCountdownIfNeeded):
575         * runtime/Watchdog.h:
576
577 2015-08-07  Saam barati  <saambarati1@gmail.com>
578
579         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
580         https://bugs.webkit.org/show_bug.cgi?id=147666
581
582         Reviewed by Geoffrey Garen.
583
584         If we make the bytecode generator know about every local scope it 
585         creates, and if we give each local scope a unique register, the
586         bytecode generator has all the information it needs to assign
587         the correct scope to a catch handler. Because the bytecode generator
588         knows this information, it's a better separation of responsibilties
589         for it to set up the proper scope instead of relying on the exception
590         handling runtime to find the scope.
591
592         * bytecode/BytecodeList.json:
593         * bytecode/BytecodeUseDef.h:
594         (JSC::computeUsesForBytecodeOffset):
595         * bytecode/CodeBlock.cpp:
596         (JSC::CodeBlock::dumpBytecode):
597         (JSC::CodeBlock::CodeBlock):
598         * bytecode/HandlerInfo.h:
599         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
600         (JSC::HandlerInfo::initialize):
601         * bytecompiler/BytecodeGenerator.cpp:
602         (JSC::BytecodeGenerator::generate):
603         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
604         (JSC::BytecodeGenerator::emitGetScope):
605         (JSC::BytecodeGenerator::emitPushWithScope):
606         (JSC::BytecodeGenerator::emitGetParentScope):
607         (JSC::BytecodeGenerator::emitPopScope):
608         (JSC::BytecodeGenerator::emitPopWithScope):
609         (JSC::BytecodeGenerator::allocateAndEmitScope):
610         (JSC::BytecodeGenerator::emitComplexPopScopes):
611         (JSC::BytecodeGenerator::pushTry):
612         (JSC::BytecodeGenerator::popTryAndEmitCatch):
613         (JSC::BytecodeGenerator::localScopeDepth):
614         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
615         * bytecompiler/BytecodeGenerator.h:
616         * bytecompiler/NodesCodegen.cpp:
617         (JSC::WithNode::emitBytecode):
618         * interpreter/Interpreter.cpp:
619         (JSC::Interpreter::unwind):
620         * jit/JITOpcodes.cpp:
621         (JSC::JIT::emit_op_push_with_scope):
622         (JSC::JIT::compileOpStrictEq):
623         * jit/JITOpcodes32_64.cpp:
624         (JSC::JIT::emit_op_push_with_scope):
625         (JSC::JIT::emit_op_to_number):
626         * jit/JITOperations.cpp:
627         * jit/JITOperations.h:
628         * llint/LLIntSlowPaths.cpp:
629         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
630         * llint/LLIntSlowPaths.h:
631         * llint/LowLevelInterpreter.asm:
632         * runtime/CommonSlowPaths.cpp:
633         (JSC::SLOW_PATH_DECL):
634         * runtime/CommonSlowPaths.h:
635         * runtime/JSScope.cpp:
636         (JSC::JSScope::objectAtScope):
637         (JSC::isUnscopable):
638         (JSC::JSScope::depth): Deleted.
639         * runtime/JSScope.h:
640
641 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
642
643         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
644         https://bugs.webkit.org/show_bug.cgi?id=147761
645
646         Reviewed by Mark Lam.
647
648         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
649         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
650         it truncates the immediate pointer into the 32bit immediate.
651         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
652
653         * assembler/MacroAssemblerARM64.h:
654         (JSC::MacroAssemblerARM64::patchableBranchPtr):
655         (JSC::MacroAssemblerARM64::patchableBranch64):
656         * assembler/MacroAssemblerX86_64.h:
657         (JSC::MacroAssemblerX86_64::patchableBranch64):
658         * jit/JIT.h:
659         * jit/JITInlines.h:
660         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
661         * jit/JITPropertyAccess.cpp:
662         (JSC::JIT::emit_op_get_by_val):
663
664 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
665
666         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
667         https://bugs.webkit.org/show_bug.cgi?id=147480
668
669         Reviewed by Filip Pizlo.
670
671         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
672         The IC site only caches one id. After checking that the given id is the same to the
673         cached one, we perform the get_by_id IC onto it.
674         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
675         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
676         operations when the given get_by_val leverages the property load with the cached id.
677
678         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
679         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
680         This can be leveraged to optimize symbol operations in DFG.
681
682         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
683         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
684         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
685         argument ArrayProfile* in the operations with ByValInfo*.
686
687         * bytecode/ByValInfo.h:
688         (JSC::ByValInfo::ByValInfo):
689         * bytecode/CodeBlock.cpp:
690         (JSC::CodeBlock::getByValInfoMap):
691         (JSC::CodeBlock::addByValInfo):
692         * bytecode/CodeBlock.h:
693         (JSC::CodeBlock::getByValInfo): Deleted.
694         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
695         (JSC::CodeBlock::numberOfByValInfos): Deleted.
696         (JSC::CodeBlock::byValInfo): Deleted.
697         * bytecode/ExitKind.cpp:
698         (JSC::exitKindToString):
699         * bytecode/ExitKind.h:
700         * bytecode/GetByIdStatus.cpp:
701         (JSC::GetByIdStatus::computeFor):
702         (JSC::GetByIdStatus::computeForStubInfo):
703         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
704         * bytecode/GetByIdStatus.h:
705         * dfg/DFGAbstractInterpreterInlines.h:
706         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
707         * dfg/DFGByteCodeParser.cpp:
708         (JSC::DFG::ByteCodeParser::parseBlock):
709         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
710         * dfg/DFGClobberize.h:
711         (JSC::DFG::clobberize):
712         * dfg/DFGConstantFoldingPhase.cpp:
713         (JSC::DFG::ConstantFoldingPhase::foldConstants):
714         * dfg/DFGDoesGC.cpp:
715         (JSC::DFG::doesGC):
716         * dfg/DFGFixupPhase.cpp:
717         (JSC::DFG::FixupPhase::fixupNode):
718         (JSC::DFG::FixupPhase::observeUseKindOnNode):
719         * dfg/DFGNode.h:
720         (JSC::DFG::Node::hasUidOperand):
721         (JSC::DFG::Node::uidOperand):
722         * dfg/DFGNodeType.h:
723         * dfg/DFGPredictionPropagationPhase.cpp:
724         (JSC::DFG::PredictionPropagationPhase::propagate):
725         * dfg/DFGSafeToExecute.h:
726         (JSC::DFG::SafeToExecuteEdge::operator()):
727         (JSC::DFG::safeToExecute):
728         * dfg/DFGSpeculativeJIT.cpp:
729         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
730         (JSC::DFG::SpeculativeJIT::speculateSymbol):
731         (JSC::DFG::SpeculativeJIT::speculate):
732         * dfg/DFGSpeculativeJIT.h:
733         * dfg/DFGSpeculativeJIT32_64.cpp:
734         (JSC::DFG::SpeculativeJIT::compile):
735         * dfg/DFGSpeculativeJIT64.cpp:
736         (JSC::DFG::SpeculativeJIT::compile):
737         * dfg/DFGUseKind.cpp:
738         (WTF::printInternal):
739         * dfg/DFGUseKind.h:
740         (JSC::DFG::typeFilterFor):
741         (JSC::DFG::isCell):
742         * ftl/FTLAbstractHeapRepository.h:
743         * ftl/FTLCapabilities.cpp:
744         (JSC::FTL::canCompile):
745         * ftl/FTLLowerDFGToLLVM.cpp:
746         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
747         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
748         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
749         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
750         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
751         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
752         * jit/JIT.cpp:
753         (JSC::JIT::privateCompile):
754         * jit/JIT.h:
755         (JSC::ByValCompilationInfo::ByValCompilationInfo):
756         (JSC::JIT::compileGetByValWithCachedId):
757         * jit/JITInlines.h:
758         (JSC::JIT::callOperation):
759         * jit/JITOpcodes.cpp:
760         (JSC::JIT::emit_op_has_indexed_property):
761         (JSC::JIT::emitSlow_op_has_indexed_property):
762         * jit/JITOpcodes32_64.cpp:
763         (JSC::JIT::emit_op_has_indexed_property):
764         (JSC::JIT::emitSlow_op_has_indexed_property):
765         * jit/JITOperations.cpp:
766         (JSC::getByVal):
767         * jit/JITOperations.h:
768         * jit/JITPropertyAccess.cpp:
769         (JSC::JIT::emit_op_get_by_val):
770         (JSC::JIT::emitGetByValWithCachedId):
771         (JSC::JIT::emitSlow_op_get_by_val):
772         (JSC::JIT::emit_op_put_by_val):
773         (JSC::JIT::emitSlow_op_put_by_val):
774         (JSC::JIT::privateCompileGetByVal):
775         (JSC::JIT::privateCompileGetByValWithCachedId):
776         * jit/JITPropertyAccess32_64.cpp:
777         (JSC::JIT::emit_op_get_by_val):
778         (JSC::JIT::emitGetByValWithCachedId):
779         (JSC::JIT::emitSlow_op_get_by_val):
780         (JSC::JIT::emit_op_put_by_val):
781         (JSC::JIT::emitSlow_op_put_by_val):
782         * runtime/Symbol.h:
783         * tests/stress/get-by-val-with-string-constructor.js: Added.
784         (Hello):
785         (get Hello.prototype.generate):
786         (ok):
787         * tests/stress/get-by-val-with-string-exit.js: Added.
788         (shouldBe):
789         (getByVal):
790         (getStr1):
791         (getStr2):
792         * tests/stress/get-by-val-with-string-generated.js: Added.
793         (shouldBe):
794         (getByVal):
795         (getStr1):
796         (getStr2):
797         * tests/stress/get-by-val-with-string-getter.js: Added.
798         (object.get hello):
799         (ok):
800         * tests/stress/get-by-val-with-string.js: Added.
801         (shouldBe):
802         (getByVal):
803         (getStr1):
804         (getStr2):
805         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
806         (Hello):
807         (get Hello.prototype.generate):
808         (ok):
809         * tests/stress/get-by-val-with-symbol-exit.js: Added.
810         (shouldBe):
811         (getByVal):
812         (getSym1):
813         (getSym2):
814         * tests/stress/get-by-val-with-symbol-getter.js: Added.
815         (object.get hello):
816         (.get ok):
817         * tests/stress/get-by-val-with-symbol.js: Added.
818         (shouldBe):
819         (getByVal):
820         (getSym1):
821         (getSym2):
822
823 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
824
825         Parse the entire WebAssembly modules
826         https://bugs.webkit.org/show_bug.cgi?id=147393
827
828         Reviewed by Geoffrey Garen.
829
830         Parse the entire WebAssembly modules from files produced by pack-asmjs
831         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
832         parse modules whose function definition section contains only functions that
833         have "return 0;" as their only statement. Parsing of any functions will be
834         implemented in a subsequent patch.
835
836         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
837         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
838         * JavaScriptCore.xcodeproj/project.pbxproj:
839         * wasm/JSWASMModule.cpp:
840         (JSC::JSWASMModule::destroy):
841         * wasm/JSWASMModule.h:
842         (JSC::JSWASMModule::i32Constants):
843         (JSC::JSWASMModule::f32Constants):
844         (JSC::JSWASMModule::f64Constants):
845         (JSC::JSWASMModule::signatures):
846         (JSC::JSWASMModule::functionImports):
847         (JSC::JSWASMModule::functionImportSignatures):
848         (JSC::JSWASMModule::globalVariableTypes):
849         (JSC::JSWASMModule::functionDeclarations):
850         (JSC::JSWASMModule::functionPointerTables):
851         * wasm/WASMFormat.h: Added.
852         * wasm/WASMModuleParser.cpp:
853         (JSC::WASMModuleParser::parse):
854         (JSC::WASMModuleParser::parseModule):
855         (JSC::WASMModuleParser::parseConstantPoolSection):
856         (JSC::WASMModuleParser::parseSignatureSection):
857         (JSC::WASMModuleParser::parseFunctionImportSection):
858         (JSC::WASMModuleParser::parseGlobalSection):
859         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
860         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
861         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
862         (JSC::WASMModuleParser::parseFunctionDefinition):
863         (JSC::WASMModuleParser::parseExportSection):
864         * wasm/WASMModuleParser.h:
865         * wasm/WASMReader.cpp:
866         (JSC::WASMReader::readUInt32):
867         (JSC::WASMReader::readCompactUInt32):
868         (JSC::WASMReader::readString):
869         (JSC::WASMReader::readType):
870         (JSC::WASMReader::readExpressionType):
871         (JSC::WASMReader::readExportFormat):
872         (JSC::WASMReader::readByte):
873         (JSC::WASMReader::readUnsignedInt32): Deleted.
874         * wasm/WASMReader.h:
875
876 2015-08-06  Keith Miller  <keith_miller@apple.com>
877
878         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
879         https://bugs.webkit.org/show_bug.cgi?id=147749
880
881         Reviewed by Filip Pizlo.
882
883         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
884         thus no one calls this code.
885
886         * ftl/FTLLowerDFGToLLVM.cpp:
887         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
888
889 2015-08-06  Keith Miller  <keith_miller@apple.com>
890
891         The JSONP parser incorrectly parsers -0 as +0.
892         https://bugs.webkit.org/show_bug.cgi?id=147590
893
894         Reviewed by Michael Saboff.
895
896         In the LiteralParser we should use a double to store the accumulator for numerical tokens
897         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
898
899         * runtime/LiteralParser.cpp:
900         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
901
902 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
903
904         Structures used for tryGetConstantProperty() should be registered first
905         https://bugs.webkit.org/show_bug.cgi?id=147750
906
907         Reviewed by Saam Barati and Michael Saboff.
908
909         * dfg/DFGGraph.cpp:
910         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
911         * dfg/DFGGraph.h:
912         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
913         * dfg/DFGStructureRegistrationPhase.cpp:
914         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
915         (JSC::DFG::StructureRegistrationPhase::registerStructures):
916         (JSC::DFG::StructureRegistrationPhase::registerStructure):
917         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
918         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
919         (JSC::DFG::performStructureRegistration):
920
921 2015-08-06  Keith Miller  <keith_miller@apple.com>
922
923         Remove UnspecifiedBoolType from JSC
924         https://bugs.webkit.org/show_bug.cgi?id=147597
925
926         Reviewed by Mark Lam.
927
928         We were using the safe bool pattern in the code base for implicit casting to booleans.
929         With C++11 this is no longer necessary and we can instead create an operator bool.
930
931         * API/JSRetainPtr.h:
932         (JSRetainPtr::operator bool):
933         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
934         * dfg/DFGEdge.h:
935         (JSC::DFG::Edge::operator bool):
936         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
937         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
938         * heap/Weak.h:
939         * heap/WeakInlines.h:
940         (JSC::bool):
941         (JSC::UnspecifiedBoolType): Deleted.
942
943 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
944
945         [ES6] Class parser does not allow methods named set and get.
946         https://bugs.webkit.org/show_bug.cgi?id=147150
947
948         Reviewed by Oliver Hunt.
949
950         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
951         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
952         so that we only treat them as such when it's followed by another token that could be a method name.
953
954         * parser/Parser.cpp:
955         (JSC::Parser<LexerType>::parseClass):
956
957 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
958
959         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
960
961         * bytecode/SamplingTool.cpp:
962         (JSC::SamplingTool::doRun):
963         (JSC::SamplingTool::notifyOfScope):
964         * bytecode/SamplingTool.h:
965         * dfg/DFGThreadData.h:
966         * dfg/DFGWorklist.cpp:
967         (JSC::DFG::Worklist::~Worklist):
968         (JSC::DFG::Worklist::isActiveForVM):
969         (JSC::DFG::Worklist::enqueue):
970         (JSC::DFG::Worklist::compilationState):
971         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
972         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
973         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
974         (JSC::DFG::Worklist::visitWeakReferences):
975         (JSC::DFG::Worklist::removeDeadPlans):
976         (JSC::DFG::Worklist::queueLength):
977         (JSC::DFG::Worklist::dump):
978         (JSC::DFG::Worklist::runThread):
979         * dfg/DFGWorklist.h:
980         * disassembler/Disassembler.cpp:
981         * heap/CopiedSpace.cpp:
982         (JSC::CopiedSpace::doneFillingBlock):
983         (JSC::CopiedSpace::doneCopying):
984         * heap/CopiedSpace.h:
985         * heap/CopiedSpaceInlines.h:
986         (JSC::CopiedSpace::recycleBorrowedBlock):
987         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
988         * heap/HeapTimer.h:
989         * heap/MachineStackMarker.cpp:
990         (JSC::ActiveMachineThreadsManager::Locker::Locker):
991         (JSC::ActiveMachineThreadsManager::add):
992         (JSC::ActiveMachineThreadsManager::remove):
993         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
994         (JSC::MachineThreads::~MachineThreads):
995         (JSC::MachineThreads::addCurrentThread):
996         (JSC::MachineThreads::removeThreadIfFound):
997         (JSC::MachineThreads::tryCopyOtherThreadStack):
998         (JSC::MachineThreads::tryCopyOtherThreadStacks):
999         (JSC::MachineThreads::gatherConservativeRoots):
1000         * heap/MachineStackMarker.h:
1001         * interpreter/JSStack.cpp:
1002         (JSC::stackStatisticsMutex):
1003         (JSC::JSStack::addToCommittedByteCount):
1004         (JSC::JSStack::committedByteCount):
1005         * jit/JITThunks.h:
1006         * profiler/ProfilerDatabase.h:
1007
1008 2015-08-05  Saam barati  <saambarati1@gmail.com>
1009
1010         Bytecodegenerator emits crappy code for returns in a lexical scope.
1011         https://bugs.webkit.org/show_bug.cgi?id=147688
1012
1013         Reviewed by Mark Lam.
1014
1015         When returning, we only need to emit complex pop scopes if we're in 
1016         a finally block. Otherwise, we can just return like normal. This saves
1017         us from inefficiently emitting unnecessary pop scopes.
1018
1019         * bytecompiler/BytecodeGenerator.h:
1020         (JSC::BytecodeGenerator::isInFinallyBlock):
1021         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
1022         * bytecompiler/NodesCodegen.cpp:
1023         (JSC::ReturnNode::emitBytecode):
1024
1025 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
1026
1027         Add the Intl API to the status page
1028
1029         * features.json:
1030         Andy VanWagoner landed the skeleton of the API and it is
1031         enabled by default.
1032
1033 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
1034
1035         Rename Mutex to DeprecatedMutex
1036         https://bugs.webkit.org/show_bug.cgi?id=147675
1037
1038         Reviewed by Geoffrey Garen.
1039
1040         * bytecode/SamplingTool.cpp:
1041         (JSC::SamplingTool::doRun):
1042         (JSC::SamplingTool::notifyOfScope):
1043         * bytecode/SamplingTool.h:
1044         * dfg/DFGThreadData.h:
1045         * dfg/DFGWorklist.cpp:
1046         (JSC::DFG::Worklist::~Worklist):
1047         (JSC::DFG::Worklist::isActiveForVM):
1048         (JSC::DFG::Worklist::enqueue):
1049         (JSC::DFG::Worklist::compilationState):
1050         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1051         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1052         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1053         (JSC::DFG::Worklist::visitWeakReferences):
1054         (JSC::DFG::Worklist::removeDeadPlans):
1055         (JSC::DFG::Worklist::queueLength):
1056         (JSC::DFG::Worklist::dump):
1057         (JSC::DFG::Worklist::runThread):
1058         * dfg/DFGWorklist.h:
1059         * disassembler/Disassembler.cpp:
1060         * heap/CopiedSpace.cpp:
1061         (JSC::CopiedSpace::doneFillingBlock):
1062         (JSC::CopiedSpace::doneCopying):
1063         * heap/CopiedSpace.h:
1064         * heap/CopiedSpaceInlines.h:
1065         (JSC::CopiedSpace::recycleBorrowedBlock):
1066         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1067         * heap/HeapTimer.h:
1068         * heap/MachineStackMarker.cpp:
1069         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1070         (JSC::ActiveMachineThreadsManager::add):
1071         (JSC::ActiveMachineThreadsManager::remove):
1072         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1073         (JSC::MachineThreads::~MachineThreads):
1074         (JSC::MachineThreads::addCurrentThread):
1075         (JSC::MachineThreads::removeThreadIfFound):
1076         (JSC::MachineThreads::tryCopyOtherThreadStack):
1077         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1078         (JSC::MachineThreads::gatherConservativeRoots):
1079         * heap/MachineStackMarker.h:
1080         * interpreter/JSStack.cpp:
1081         (JSC::stackStatisticsMutex):
1082         (JSC::JSStack::addToCommittedByteCount):
1083         (JSC::JSStack::committedByteCount):
1084         * jit/JITThunks.h:
1085         * profiler/ProfilerDatabase.h:
1086
1087 2015-08-05  Saam barati  <saambarati1@gmail.com>
1088
1089         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
1090         https://bugs.webkit.org/show_bug.cgi?id=147657
1091
1092         Reviewed by Mark Lam.
1093
1094         This kills the last of the name scope objects. Function name scopes are
1095         now built on top of the scoping mechanisms introduced with ES6 block scoping.
1096         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
1097         function name scoped variable carefully depending on if the function is in
1098         strict mode. If we're in strict mode, then we treat the variable exactly
1099         like a "const" variable. If we're not in strict mode, we can't treat
1100         this variable like like ES6 "const" because that would cause the bytecode
1101         generator to throw an exception when it shouldn't.
1102
1103         * CMakeLists.txt:
1104         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1105         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1106         * JavaScriptCore.xcodeproj/project.pbxproj:
1107         * bytecode/BytecodeList.json:
1108         * bytecode/BytecodeUseDef.h:
1109         (JSC::computeUsesForBytecodeOffset):
1110         (JSC::computeDefsForBytecodeOffset):
1111         * bytecode/CodeBlock.cpp:
1112         (JSC::CodeBlock::dumpBytecode):
1113         * bytecompiler/BytecodeGenerator.cpp:
1114         (JSC::BytecodeGenerator::BytecodeGenerator):
1115         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1116         (JSC::BytecodeGenerator::pushLexicalScope):
1117         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1118         (JSC::BytecodeGenerator::variable):
1119         (JSC::BytecodeGenerator::resolveType):
1120         (JSC::BytecodeGenerator::emitThrowTypeError):
1121         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1122         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
1123         (JSC::BytecodeGenerator::emitPushCatchScope):
1124         * bytecompiler/BytecodeGenerator.h:
1125         * bytecompiler/NodesCodegen.cpp:
1126         * debugger/DebuggerScope.cpp:
1127         * dfg/DFGOperations.cpp:
1128         * interpreter/Interpreter.cpp:
1129         * jit/JIT.cpp:
1130         (JSC::JIT::privateCompileMainPass):
1131         * jit/JIT.h:
1132         * jit/JITOpcodes.cpp:
1133         (JSC::JIT::emit_op_to_string):
1134         (JSC::JIT::emit_op_catch):
1135         (JSC::JIT::emit_op_push_name_scope): Deleted.
1136         * jit/JITOpcodes32_64.cpp:
1137         (JSC::JIT::emitSlow_op_to_string):
1138         (JSC::JIT::emit_op_catch):
1139         (JSC::JIT::emit_op_push_name_scope): Deleted.
1140         * jit/JITOperations.cpp:
1141         (JSC::pushNameScope): Deleted.
1142         * llint/LLIntSlowPaths.cpp:
1143         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1144         * llint/LLIntSlowPaths.h:
1145         * llint/LowLevelInterpreter.asm:
1146         * parser/Nodes.cpp:
1147         * runtime/CommonSlowPaths.cpp:
1148         * runtime/Executable.cpp:
1149         (JSC::ScriptExecutable::newCodeBlockFor):
1150         * runtime/JSFunctionNameScope.cpp: Removed.
1151         * runtime/JSFunctionNameScope.h: Removed.
1152         * runtime/JSGlobalObject.cpp:
1153         (JSC::JSGlobalObject::init):
1154         (JSC::JSGlobalObject::visitChildren):
1155         * runtime/JSGlobalObject.h:
1156         (JSC::JSGlobalObject::withScopeStructure):
1157         (JSC::JSGlobalObject::strictEvalActivationStructure):
1158         (JSC::JSGlobalObject::activationStructure):
1159         (JSC::JSGlobalObject::directArgumentsStructure):
1160         (JSC::JSGlobalObject::scopedArgumentsStructure):
1161         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
1162         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
1163         * runtime/JSNameScope.cpp: Removed.
1164         * runtime/JSNameScope.h: Removed.
1165         * runtime/JSObject.cpp:
1166         (JSC::JSObject::toThis):
1167         (JSC::JSObject::seal):
1168         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
1169         * runtime/JSObject.h:
1170         * runtime/JSScope.cpp:
1171         (JSC::JSScope::isCatchScope):
1172         (JSC::JSScope::isFunctionNameScopeObject):
1173         (JSC::resolveModeName):
1174         * runtime/JSScope.h:
1175         * runtime/JSSymbolTableObject.cpp:
1176         * runtime/SymbolTable.h:
1177         * runtime/VM.cpp:
1178
1179 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
1180
1181         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
1182         https://bugs.webkit.org/show_bug.cgi?id=147679
1183
1184         Reviewed by Timothy Hatcher.
1185
1186         Improve native iterator support for the PropertyName Iterator by
1187         allowing inspection of the internal object within the iterator
1188         and peeking of the next upcoming values of the iterator.
1189
1190         * inspector/JSInjectedScriptHost.cpp:
1191         (Inspector::JSInjectedScriptHost::subtype):
1192         (Inspector::JSInjectedScriptHost::getInternalProperties):
1193         (Inspector::JSInjectedScriptHost::iteratorEntries):
1194         * runtime/JSPropertyNameIterator.h:
1195         (JSC::JSPropertyNameIterator::iteratedValue):
1196
1197 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
1198
1199         [Win] Update Apple Windows build for VS2015
1200         https://bugs.webkit.org/show_bug.cgi?id=147653
1201
1202         Reviewed by Dean Jackson.
1203
1204         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
1205         Show JSC files in proper project locations in IDE.
1206
1207 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
1208
1209         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
1210         https://bugs.webkit.org/show_bug.cgi?id=147328
1211
1212         Reviewed by Timothy Hatcher.
1213
1214         * inspector/InjectedScriptSource.js:
1215         Use classList and classList.toString instead of className.
1216
1217 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1218
1219         [ES6] Support Module Syntax
1220         https://bugs.webkit.org/show_bug.cgi?id=147422
1221
1222         Reviewed by Saam Barati.
1223
1224         This patch introduces ES6 Modules syntax parsing part.
1225         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
1226         and this patch does not include the code generator part.
1227
1228         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
1229         and do not execute the body or construct the AST. And after analyzing all the dependent
1230         modules, we will parse the dependent modules next.
1231         After all analyzing part is done, we will start the second pass. In the second pass, we
1232         will parse the module, produce the AST, and execute the body.
1233         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
1234         because the given module can be executed after the all dependent modules are executed. It
1235         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
1236         the dependent modules' information.
1237
1238         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
1239         This patch aims at just implementing the syntax parsing functionality correctly.
1240         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
1241         to collect the dependent modules fast[1].
1242
1243         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
1244         By using this, we can parse the given string as the module.
1245
1246         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
1247
1248         * bytecompiler/NodesCodegen.cpp:
1249         (JSC::ModuleProgramNode::emitBytecode):
1250         (JSC::ImportDeclarationNode::emitBytecode):
1251         (JSC::ExportAllDeclarationNode::emitBytecode):
1252         (JSC::ExportDefaultDeclarationNode::emitBytecode):
1253         (JSC::ExportLocalDeclarationNode::emitBytecode):
1254         (JSC::ExportNamedDeclarationNode::emitBytecode):
1255         * jsc.cpp:
1256         (GlobalObject::finishCreation):
1257         (functionCheckModuleSyntax):
1258         * parser/ASTBuilder.h:
1259         (JSC::ASTBuilder::createModuleSpecifier):
1260         (JSC::ASTBuilder::createImportSpecifier):
1261         (JSC::ASTBuilder::createImportSpecifierList):
1262         (JSC::ASTBuilder::appendImportSpecifier):
1263         (JSC::ASTBuilder::createImportDeclaration):
1264         (JSC::ASTBuilder::createExportAllDeclaration):
1265         (JSC::ASTBuilder::createExportDefaultDeclaration):
1266         (JSC::ASTBuilder::createExportLocalDeclaration):
1267         (JSC::ASTBuilder::createExportNamedDeclaration):
1268         (JSC::ASTBuilder::createExportSpecifier):
1269         (JSC::ASTBuilder::createExportSpecifierList):
1270         (JSC::ASTBuilder::appendExportSpecifier):
1271         * parser/Keywords.table:
1272         * parser/NodeConstructors.h:
1273         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
1274         (JSC::ImportSpecifierNode::ImportSpecifierNode):
1275         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1276         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1277         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
1278         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
1279         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1280         (JSC::ExportSpecifierNode::ExportSpecifierNode):
1281         * parser/Nodes.cpp:
1282         (JSC::ModuleProgramNode::ModuleProgramNode):
1283         * parser/Nodes.h:
1284         (JSC::ModuleProgramNode::startColumn):
1285         (JSC::ModuleProgramNode::endColumn):
1286         (JSC::ModuleSpecifierNode::moduleName):
1287         (JSC::ImportSpecifierNode::importedName):
1288         (JSC::ImportSpecifierNode::localName):
1289         (JSC::ImportSpecifierListNode::specifiers):
1290         (JSC::ImportSpecifierListNode::append):
1291         (JSC::ImportDeclarationNode::specifierList):
1292         (JSC::ImportDeclarationNode::moduleSpecifier):
1293         (JSC::ExportAllDeclarationNode::moduleSpecifier):
1294         (JSC::ExportDefaultDeclarationNode::declaration):
1295         (JSC::ExportLocalDeclarationNode::declaration):
1296         (JSC::ExportSpecifierNode::exportedName):
1297         (JSC::ExportSpecifierNode::localName):
1298         (JSC::ExportSpecifierListNode::specifiers):
1299         (JSC::ExportSpecifierListNode::append):
1300         (JSC::ExportNamedDeclarationNode::specifierList):
1301         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
1302         * parser/Parser.cpp:
1303         (JSC::Parser<LexerType>::Parser):
1304         (JSC::Parser<LexerType>::parseInner):
1305         (JSC::Parser<LexerType>::parseModuleSourceElements):
1306         (JSC::Parser<LexerType>::parseVariableDeclaration):
1307         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1308         (JSC::Parser<LexerType>::createBindingPattern):
1309         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
1310         (JSC::Parser<LexerType>::parseDestructuringPattern):
1311         (JSC::Parser<LexerType>::parseForStatement):
1312         (JSC::Parser<LexerType>::parseFormalParameters):
1313         (JSC::Parser<LexerType>::parseFunctionParameters):
1314         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1315         (JSC::Parser<LexerType>::parseClassDeclaration):
1316         (JSC::Parser<LexerType>::parseModuleSpecifier):
1317         (JSC::Parser<LexerType>::parseImportClauseItem):
1318         (JSC::Parser<LexerType>::parseImportDeclaration):
1319         (JSC::Parser<LexerType>::parseExportSpecifier):
1320         (JSC::Parser<LexerType>::parseExportDeclaration):
1321         (JSC::Parser<LexerType>::parseMemberExpression):
1322         * parser/Parser.h:
1323         (JSC::isIdentifierOrKeyword):
1324         (JSC::ModuleScopeData::create):
1325         (JSC::ModuleScopeData::exportedBindings):
1326         (JSC::ModuleScopeData::exportName):
1327         (JSC::ModuleScopeData::exportBinding):
1328         (JSC::Scope::Scope):
1329         (JSC::Scope::setIsModule):
1330         (JSC::Scope::moduleScopeData):
1331         (JSC::Parser::matchContextualKeyword):
1332         (JSC::Parser::matchIdentifierOrKeyword):
1333         (JSC::Parser::isofToken): Deleted.
1334         * parser/ParserModes.h:
1335         * parser/ParserTokens.h:
1336         * parser/SyntaxChecker.h:
1337         (JSC::SyntaxChecker::createModuleSpecifier):
1338         (JSC::SyntaxChecker::createImportSpecifier):
1339         (JSC::SyntaxChecker::createImportSpecifierList):
1340         (JSC::SyntaxChecker::appendImportSpecifier):
1341         (JSC::SyntaxChecker::createImportDeclaration):
1342         (JSC::SyntaxChecker::createExportAllDeclaration):
1343         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1344         (JSC::SyntaxChecker::createExportLocalDeclaration):
1345         (JSC::SyntaxChecker::createExportNamedDeclaration):
1346         (JSC::SyntaxChecker::createExportSpecifier):
1347         (JSC::SyntaxChecker::createExportSpecifierList):
1348         (JSC::SyntaxChecker::appendExportSpecifier):
1349         * runtime/CommonIdentifiers.cpp:
1350         (JSC::CommonIdentifiers::CommonIdentifiers):
1351         * runtime/CommonIdentifiers.h:
1352         * runtime/Completion.cpp:
1353         (JSC::checkModuleSyntax):
1354         * runtime/Completion.h:
1355         * tests/stress/modules-syntax-error-with-names.js: Added.
1356         (shouldThrow):
1357         * tests/stress/modules-syntax-error.js: Added.
1358         (shouldThrow):
1359         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
1360         * tests/stress/modules-syntax.js: Added.
1361         (prototype.checkModuleSyntax):
1362         (checkModuleSyntax):
1363         * tests/stress/tagged-templates-syntax.js:
1364
1365 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
1366
1367         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
1368         https://bugs.webkit.org/show_bug.cgi?id=146833
1369
1370         Reviewed by Alexey Proskuryakov.
1371
1372         * assembler/ARM64Assembler.h:
1373         * assembler/ARMAssembler.h:
1374         (JSC::ARMAssembler::cacheFlush):
1375         * assembler/MacroAssemblerARM.cpp:
1376         (JSC::isVFPPresent):
1377         * assembler/MacroAssemblerX86Common.h:
1378         (JSC::MacroAssemblerX86Common::isSSE2Present):
1379         * heap/MachineStackMarker.h:
1380         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
1381         (JSC::logF):
1382         * jit/HostCallReturnValue.h:
1383         * jit/JIT.h:
1384         * jit/JITOperations.cpp:
1385         * jit/JITStubsARM.h:
1386         * jit/JITStubsARMv7.h:
1387         * jit/JITStubsX86.h:
1388         * jit/JITStubsX86Common.h:
1389         * jit/JITStubsX86_64.h:
1390         * jit/ThunkGenerators.cpp:
1391         * runtime/JSExportMacros.h:
1392         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
1393         (JSC::clz32):
1394
1395 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1396
1397         Unreviewed, fix uninitialized property leading to an assert.
1398
1399         * runtime/PutPropertySlot.h:
1400         (JSC::PutPropertySlot::PutPropertySlot):
1401
1402 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1403
1404         Unreviewed, fix Windows.
1405
1406         * bytecode/ObjectPropertyConditionSet.h:
1407         (JSC::ObjectPropertyConditionSet::fromRawPointer):
1408
1409 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
1410
1411         DFG should have adaptive structure watchpoints
1412         https://bugs.webkit.org/show_bug.cgi?id=146929
1413
1414         Reviewed by Geoffrey Garen.
1415
1416         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
1417         property, you'd check that the object still has the structure that you first saw the object have. We
1418         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
1419         elide the structure check.
1420
1421         But this approach fails when that object frequently has new properties added to it. This would
1422         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
1423         we'd have to recompile either the IC or an entire code block.
1424
1425         This change introduces a new concept: an object property condition. This value describes some
1426         condition involving a property on some object. There are four kinds: presence, absence,
1427         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
1428         object has some property at some offset with some attributes. This allows us to implement a new kind
1429         of watchpoint, which knows about the object property condition that it's being used to enforce. If
1430         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
1431         on the new structure.
1432
1433         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
1434         and prototype accesses. They are also used for any DFG accesses to object constants, including
1435         global property accesses.
1436
1437         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
1438         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
1439         chain situation. It's also a small speed-up on getter-richards.
1440
1441         * CMakeLists.txt:
1442         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1443         * JavaScriptCore.xcodeproj/project.pbxproj:
1444         * bytecode/CodeBlock.cpp:
1445         (JSC::CodeBlock::printGetByIdCacheStatus):
1446         (JSC::CodeBlock::printPutByIdCacheStatus):
1447         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
1448         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
1449         * bytecode/ComplexGetStatus.cpp:
1450         (JSC::ComplexGetStatus::computeFor):
1451         * bytecode/ComplexGetStatus.h:
1452         (JSC::ComplexGetStatus::ComplexGetStatus):
1453         (JSC::ComplexGetStatus::takesSlowPath):
1454         (JSC::ComplexGetStatus::kind):
1455         (JSC::ComplexGetStatus::offset):
1456         (JSC::ComplexGetStatus::conditionSet):
1457         (JSC::ComplexGetStatus::attributes): Deleted.
1458         (JSC::ComplexGetStatus::specificValue): Deleted.
1459         (JSC::ComplexGetStatus::chain): Deleted.
1460         * bytecode/ConstantStructureCheck.cpp: Removed.
1461         * bytecode/ConstantStructureCheck.h: Removed.
1462         * bytecode/GetByIdStatus.cpp:
1463         (JSC::GetByIdStatus::computeForStubInfo):
1464         * bytecode/GetByIdVariant.cpp:
1465         (JSC::GetByIdVariant::GetByIdVariant):
1466         (JSC::GetByIdVariant::~GetByIdVariant):
1467         (JSC::GetByIdVariant::operator=):
1468         (JSC::GetByIdVariant::attemptToMerge):
1469         (JSC::GetByIdVariant::dumpInContext):
1470         (JSC::GetByIdVariant::baseStructure): Deleted.
1471         * bytecode/GetByIdVariant.h:
1472         (JSC::GetByIdVariant::operator!):
1473         (JSC::GetByIdVariant::structureSet):
1474         (JSC::GetByIdVariant::conditionSet):
1475         (JSC::GetByIdVariant::offset):
1476         (JSC::GetByIdVariant::callLinkStatus):
1477         (JSC::GetByIdVariant::constantChecks): Deleted.
1478         (JSC::GetByIdVariant::alternateBase): Deleted.
1479         * bytecode/ObjectPropertyCondition.cpp: Added.
1480         (JSC::ObjectPropertyCondition::dumpInContext):
1481         (JSC::ObjectPropertyCondition::dump):
1482         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
1483         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
1484         (JSC::ObjectPropertyCondition::isStillValid):
1485         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
1486         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
1487         (JSC::ObjectPropertyCondition::isWatchable):
1488         (JSC::ObjectPropertyCondition::isStillLive):
1489         (JSC::ObjectPropertyCondition::validateReferences):
1490         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
1491         * bytecode/ObjectPropertyCondition.h: Added.
1492         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
1493         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
1494         (JSC::ObjectPropertyCondition::presence):
1495         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
1496         (JSC::ObjectPropertyCondition::absence):
1497         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
1498         (JSC::ObjectPropertyCondition::absenceOfSetter):
1499         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
1500         (JSC::ObjectPropertyCondition::equivalence):
1501         (JSC::ObjectPropertyCondition::operator!):
1502         (JSC::ObjectPropertyCondition::object):
1503         (JSC::ObjectPropertyCondition::condition):
1504         (JSC::ObjectPropertyCondition::kind):
1505         (JSC::ObjectPropertyCondition::uid):
1506         (JSC::ObjectPropertyCondition::hasOffset):
1507         (JSC::ObjectPropertyCondition::offset):
1508         (JSC::ObjectPropertyCondition::hasAttributes):
1509         (JSC::ObjectPropertyCondition::attributes):
1510         (JSC::ObjectPropertyCondition::hasPrototype):
1511         (JSC::ObjectPropertyCondition::prototype):
1512         (JSC::ObjectPropertyCondition::hasRequiredValue):
1513         (JSC::ObjectPropertyCondition::requiredValue):
1514         (JSC::ObjectPropertyCondition::hash):
1515         (JSC::ObjectPropertyCondition::operator==):
1516         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
1517         (JSC::ObjectPropertyCondition::isCompatibleWith):
1518         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
1519         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
1520         (JSC::ObjectPropertyCondition::isValidValueForPresence):
1521         (JSC::ObjectPropertyConditionHash::hash):
1522         (JSC::ObjectPropertyConditionHash::equal):
1523         * bytecode/ObjectPropertyConditionSet.cpp: Added.
1524         (JSC::ObjectPropertyConditionSet::forObject):
1525         (JSC::ObjectPropertyConditionSet::forConditionKind):
1526         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
1527         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
1528         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
1529         (JSC::ObjectPropertyConditionSet::mergedWith):
1530         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
1531         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
1532         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
1533         (JSC::ObjectPropertyConditionSet::areStillLive):
1534         (JSC::ObjectPropertyConditionSet::dumpInContext):
1535         (JSC::ObjectPropertyConditionSet::dump):
1536         (JSC::generateConditionsForPropertyMiss):
1537         (JSC::generateConditionsForPropertySetterMiss):
1538         (JSC::generateConditionsForPrototypePropertyHit):
1539         (JSC::generateConditionsForPrototypePropertyHitCustom):
1540         (JSC::generateConditionsForPropertySetterMissConcurrently):
1541         * bytecode/ObjectPropertyConditionSet.h: Added.
1542         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
1543         (JSC::ObjectPropertyConditionSet::invalid):
1544         (JSC::ObjectPropertyConditionSet::nonEmpty):
1545         (JSC::ObjectPropertyConditionSet::isValid):
1546         (JSC::ObjectPropertyConditionSet::isEmpty):
1547         (JSC::ObjectPropertyConditionSet::begin):
1548         (JSC::ObjectPropertyConditionSet::end):
1549         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
1550         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
1551         (JSC::ObjectPropertyConditionSet::fromRawPointer):
1552         (JSC::ObjectPropertyConditionSet::Data::Data):
1553         * bytecode/PolymorphicGetByIdList.cpp:
1554         (JSC::GetByIdAccess::GetByIdAccess):
1555         (JSC::GetByIdAccess::~GetByIdAccess):
1556         (JSC::GetByIdAccess::visitWeak):
1557         * bytecode/PolymorphicGetByIdList.h:
1558         (JSC::GetByIdAccess::GetByIdAccess):
1559         (JSC::GetByIdAccess::structure):
1560         (JSC::GetByIdAccess::conditionSet):
1561         (JSC::GetByIdAccess::stubRoutine):
1562         (JSC::GetByIdAccess::chain): Deleted.
1563         (JSC::GetByIdAccess::chainCount): Deleted.
1564         * bytecode/PolymorphicPutByIdList.cpp:
1565         (JSC::PutByIdAccess::fromStructureStubInfo):
1566         (JSC::PutByIdAccess::visitWeak):
1567         * bytecode/PolymorphicPutByIdList.h:
1568         (JSC::PutByIdAccess::PutByIdAccess):
1569         (JSC::PutByIdAccess::transition):
1570         (JSC::PutByIdAccess::setter):
1571         (JSC::PutByIdAccess::newStructure):
1572         (JSC::PutByIdAccess::conditionSet):
1573         (JSC::PutByIdAccess::stubRoutine):
1574         (JSC::PutByIdAccess::chain): Deleted.
1575         (JSC::PutByIdAccess::chainCount): Deleted.
1576         * bytecode/PropertyCondition.cpp: Added.
1577         (JSC::PropertyCondition::dumpInContext):
1578         (JSC::PropertyCondition::dump):
1579         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
1580         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
1581         (JSC::PropertyCondition::isStillValid):
1582         (JSC::PropertyCondition::isWatchableWhenValid):
1583         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
1584         (JSC::PropertyCondition::isWatchable):
1585         (JSC::PropertyCondition::isStillLive):
1586         (JSC::PropertyCondition::validateReferences):
1587         (JSC::PropertyCondition::isValidValueForAttributes):
1588         (JSC::PropertyCondition::isValidValueForPresence):
1589         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
1590         (WTF::printInternal):
1591         * bytecode/PropertyCondition.h: Added.
1592         (JSC::PropertyCondition::PropertyCondition):
1593         (JSC::PropertyCondition::presenceWithoutBarrier):
1594         (JSC::PropertyCondition::presence):
1595         (JSC::PropertyCondition::absenceWithoutBarrier):
1596         (JSC::PropertyCondition::absence):
1597         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
1598         (JSC::PropertyCondition::absenceOfSetter):
1599         (JSC::PropertyCondition::equivalenceWithoutBarrier):
1600         (JSC::PropertyCondition::equivalence):
1601         (JSC::PropertyCondition::operator!):
1602         (JSC::PropertyCondition::kind):
1603         (JSC::PropertyCondition::uid):
1604         (JSC::PropertyCondition::hasOffset):
1605         (JSC::PropertyCondition::offset):
1606         (JSC::PropertyCondition::hasAttributes):
1607         (JSC::PropertyCondition::attributes):
1608         (JSC::PropertyCondition::hasPrototype):
1609         (JSC::PropertyCondition::prototype):
1610         (JSC::PropertyCondition::hasRequiredValue):
1611         (JSC::PropertyCondition::requiredValue):
1612         (JSC::PropertyCondition::hash):
1613         (JSC::PropertyCondition::operator==):
1614         (JSC::PropertyCondition::isHashTableDeletedValue):
1615         (JSC::PropertyCondition::isCompatibleWith):
1616         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
1617         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
1618         (JSC::PropertyConditionHash::hash):
1619         (JSC::PropertyConditionHash::equal):
1620         * bytecode/PutByIdStatus.cpp:
1621         (JSC::PutByIdStatus::computeFromLLInt):
1622         (JSC::PutByIdStatus::computeFor):
1623         (JSC::PutByIdStatus::computeForStubInfo):
1624         * bytecode/PutByIdVariant.cpp:
1625         (JSC::PutByIdVariant::operator=):
1626         (JSC::PutByIdVariant::transition):
1627         (JSC::PutByIdVariant::setter):
1628         (JSC::PutByIdVariant::makesCalls):
1629         (JSC::PutByIdVariant::attemptToMerge):
1630         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
1631         (JSC::PutByIdVariant::dumpInContext):
1632         (JSC::PutByIdVariant::baseStructure): Deleted.
1633         * bytecode/PutByIdVariant.h:
1634         (JSC::PutByIdVariant::PutByIdVariant):
1635         (JSC::PutByIdVariant::kind):
1636         (JSC::PutByIdVariant::structure):
1637         (JSC::PutByIdVariant::structureSet):
1638         (JSC::PutByIdVariant::oldStructure):
1639         (JSC::PutByIdVariant::conditionSet):
1640         (JSC::PutByIdVariant::offset):
1641         (JSC::PutByIdVariant::callLinkStatus):
1642         (JSC::PutByIdVariant::constantChecks): Deleted.
1643         (JSC::PutByIdVariant::alternateBase): Deleted.
1644         * bytecode/StructureStubClearingWatchpoint.cpp:
1645         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
1646         (JSC::StructureStubClearingWatchpoint::push):
1647         (JSC::StructureStubClearingWatchpoint::fireInternal):
1648         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
1649         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
1650         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
1651         * bytecode/StructureStubClearingWatchpoint.h:
1652         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
1653         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
1654         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
1655         * bytecode/StructureStubInfo.cpp:
1656         (JSC::StructureStubInfo::deref):
1657         (JSC::StructureStubInfo::visitWeakReferences):
1658         * bytecode/StructureStubInfo.h:
1659         (JSC::StructureStubInfo::initPutByIdTransition):
1660         (JSC::StructureStubInfo::initPutByIdReplace):
1661         (JSC::StructureStubInfo::setSeen):
1662         (JSC::StructureStubInfo::addWatchpoint):
1663         * dfg/DFGAbstractInterpreterInlines.h:
1664         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1665         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
1666         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
1667         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
1668         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
1669         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
1670         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
1671         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
1672         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
1673         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
1674         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
1675         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
1676         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
1677         (JSC::DFG::AdaptiveStructureWatchpoint::install):
1678         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
1679         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
1680         (JSC::DFG::AdaptiveStructureWatchpoint::key):
1681         * dfg/DFGByteCodeParser.cpp:
1682         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
1683         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1684         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1685         (JSC::DFG::ByteCodeParser::handlePutByOffset):
1686         (JSC::DFG::ByteCodeParser::check):
1687         (JSC::DFG::ByteCodeParser::promoteToConstant):
1688         (JSC::DFG::ByteCodeParser::planLoad):
1689         (JSC::DFG::ByteCodeParser::load):
1690         (JSC::DFG::ByteCodeParser::presenceLike):
1691         (JSC::DFG::ByteCodeParser::checkPresenceLike):
1692         (JSC::DFG::ByteCodeParser::store):
1693         (JSC::DFG::ByteCodeParser::handleGetById):
1694         (JSC::DFG::ByteCodeParser::handlePutById):
1695         (JSC::DFG::ByteCodeParser::parseBlock):
1696         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
1697         * dfg/DFGCommonData.cpp:
1698         (JSC::DFG::CommonData::validateReferences):
1699         * dfg/DFGCommonData.h:
1700         * dfg/DFGConstantFoldingPhase.cpp:
1701         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1702         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
1703         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
1704         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
1705         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
1706         * dfg/DFGDesiredWatchpoints.cpp:
1707         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
1708         (JSC::DFG::InferredValueAdaptor::add):
1709         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
1710         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
1711         (JSC::DFG::DesiredWatchpoints::addLazily):
1712         (JSC::DFG::DesiredWatchpoints::consider):
1713         (JSC::DFG::DesiredWatchpoints::reallyAdd):
1714         (JSC::DFG::DesiredWatchpoints::areStillValid):
1715         (JSC::DFG::DesiredWatchpoints::dumpInContext):
1716         * dfg/DFGDesiredWatchpoints.h:
1717         (JSC::DFG::SetPointerAdaptor::add):
1718         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
1719         (JSC::DFG::SetPointerAdaptor::dumpInContext):
1720         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
1721         (JSC::DFG::InferredValueAdaptor::dumpInContext):
1722         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
1723         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
1724         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
1725         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
1726         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
1727         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
1728         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
1729         (JSC::DFG::DesiredWatchpoints::isWatched):
1730         (JSC::DFG::GenericSetAdaptor::add): Deleted.
1731         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
1732         * dfg/DFGDesiredWeakReferences.cpp:
1733         (JSC::DFG::DesiredWeakReferences::addLazily):
1734         (JSC::DFG::DesiredWeakReferences::contains):
1735         * dfg/DFGDesiredWeakReferences.h:
1736         * dfg/DFGGraph.cpp:
1737         (JSC::DFG::Graph::dump):
1738         (JSC::DFG::Graph::clearFlagsOnAllNodes):
1739         (JSC::DFG::Graph::watchCondition):
1740         (JSC::DFG::Graph::isSafeToLoad):
1741         (JSC::DFG::Graph::livenessFor):
1742         (JSC::DFG::Graph::tryGetConstantProperty):
1743         (JSC::DFG::Graph::visitChildren):
1744         * dfg/DFGGraph.h:
1745         (JSC::DFG::Graph::identifiers):
1746         (JSC::DFG::Graph::watchpoints):
1747         * dfg/DFGMultiGetByOffsetData.cpp: Added.
1748         (JSC::DFG::GetByOffsetMethod::dumpInContext):
1749         (JSC::DFG::GetByOffsetMethod::dump):
1750         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
1751         (JSC::DFG::MultiGetByOffsetCase::dump):
1752         (WTF::printInternal):
1753         * dfg/DFGMultiGetByOffsetData.h: Added.
1754         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
1755         (JSC::DFG::GetByOffsetMethod::constant):
1756         (JSC::DFG::GetByOffsetMethod::load):
1757         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
1758         (JSC::DFG::GetByOffsetMethod::operator!):
1759         (JSC::DFG::GetByOffsetMethod::kind):
1760         (JSC::DFG::GetByOffsetMethod::prototype):
1761         (JSC::DFG::GetByOffsetMethod::offset):
1762         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
1763         (JSC::DFG::MultiGetByOffsetCase::set):
1764         (JSC::DFG::MultiGetByOffsetCase::method):
1765         * dfg/DFGNode.h:
1766         * dfg/DFGSafeToExecute.h:
1767         (JSC::DFG::safeToExecute):
1768         * dfg/DFGStructureRegistrationPhase.cpp:
1769         (JSC::DFG::StructureRegistrationPhase::run):
1770         * ftl/FTLLowerDFGToLLVM.cpp:
1771         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
1772         * jit/Repatch.cpp:
1773         (JSC::repatchByIdSelfAccess):
1774         (JSC::checkObjectPropertyCondition):
1775         (JSC::checkObjectPropertyConditions):
1776         (JSC::replaceWithJump):
1777         (JSC::generateByIdStub):
1778         (JSC::actionForCell):
1779         (JSC::tryBuildGetByIDList):
1780         (JSC::emitPutReplaceStub):
1781         (JSC::emitPutTransitionStub):
1782         (JSC::tryCachePutByID):
1783         (JSC::tryBuildPutByIdList):
1784         (JSC::tryRepatchIn):
1785         (JSC::addStructureTransitionCheck): Deleted.
1786         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
1787         * runtime/IntendedStructureChain.cpp: Removed.
1788         * runtime/IntendedStructureChain.h: Removed.
1789         * runtime/JSCJSValue.h:
1790         * runtime/JSObject.cpp:
1791         (JSC::throwTypeError):
1792         (JSC::JSObject::convertToDictionary):
1793         (JSC::JSObject::shiftButterflyAfterFlattening):
1794         * runtime/JSObject.h:
1795         (JSC::JSObject::flattenDictionaryObject):
1796         (JSC::JSObject::convertToDictionary): Deleted.
1797         * runtime/Operations.h:
1798         (JSC::normalizePrototypeChain):
1799         (JSC::normalizePrototypeChainForChainAccess): Deleted.
1800         (JSC::isPrototypeChainNormalized): Deleted.
1801         * runtime/PropertySlot.h:
1802         (JSC::PropertySlot::PropertySlot):
1803         (JSC::PropertySlot::slotBase):
1804         * runtime/Structure.cpp:
1805         (JSC::Structure::addPropertyTransition):
1806         (JSC::Structure::attributeChangeTransition):
1807         (JSC::Structure::toDictionaryTransition):
1808         (JSC::Structure::toCacheableDictionaryTransition):
1809         (JSC::Structure::toUncacheableDictionaryTransition):
1810         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
1811         (JSC::Structure::startWatchingPropertyForReplacements):
1812         (JSC::Structure::didCachePropertyReplacement):
1813         (JSC::Structure::dump):
1814         * runtime/Structure.h:
1815         * runtime/VM.h:
1816         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
1817         (foo):
1818         (bar):
1819         (baz):
1820         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
1821         (foo):
1822         * tests/stress/replacement-watchpoint-dictionary.js: Added.
1823         (foo):
1824         * tests/stress/replacement-watchpoint.js: Added.
1825         (foo):
1826         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
1827         (foo):
1828         * tests/stress/undefined-access-then-proto-change.js: Added.
1829         (foo):
1830
1831 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1832
1833         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
1834         https://bugs.webkit.org/show_bug.cgi?id=147538
1835
1836         Reviewed by Geoffrey Garen.
1837
1838         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
1839         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
1840         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
1841
1842         * parser/ParserTokens.h:
1843         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
1844         (testSyntaxError):
1845
1846 2015-08-03  Keith Miller  <keith_miller@apple.com>
1847
1848         Clean up the naming for AST expression generation.
1849         https://bugs.webkit.org/show_bug.cgi?id=147581
1850
1851         Reviewed by Yusuke Suzuki.
1852
1853         * parser/ASTBuilder.h:
1854         (JSC::ASTBuilder::createThisExpr):
1855         (JSC::ASTBuilder::createSuperExpr):
1856         (JSC::ASTBuilder::createNewTargetExpr):
1857         (JSC::ASTBuilder::thisExpr): Deleted.
1858         (JSC::ASTBuilder::superExpr): Deleted.
1859         (JSC::ASTBuilder::newTargetExpr): Deleted.
1860         * parser/Parser.cpp:
1861         (JSC::Parser<LexerType>::parsePrimaryExpression):
1862         (JSC::Parser<LexerType>::parseMemberExpression):
1863         * parser/SyntaxChecker.h:
1864         (JSC::SyntaxChecker::createThisExpr):
1865         (JSC::SyntaxChecker::createSuperExpr):
1866         (JSC::SyntaxChecker::createNewTargetExpr):
1867         (JSC::SyntaxChecker::thisExpr): Deleted.
1868         (JSC::SyntaxChecker::superExpr): Deleted.
1869         (JSC::SyntaxChecker::newTargetExpr): Deleted.
1870
1871 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1872
1873         Don't set up the callsite to operationGetByValDefault when the optimization is already done
1874         https://bugs.webkit.org/show_bug.cgi?id=147577
1875
1876         Reviewed by Filip Pizlo.
1877
1878         operationGetByValDefault should be called only when the IC is not set.
1879         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
1880         operationGetByValDefault raises the assertion failure.
1881         In this patch, we change the callsite setting up code in operationGetByValString when
1882         the IC is already set. And to make the operation's meaning explicitly, we changed the
1883         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
1884         GetById case.
1885
1886         * jit/JITOperations.cpp:
1887         * jit/JITOperations.h:
1888         * jit/JITPropertyAccess.cpp:
1889         (JSC::JIT::emitSlow_op_get_by_val):
1890         * jit/JITPropertyAccess32_64.cpp:
1891         (JSC::JIT::emitSlow_op_get_by_val):
1892         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
1893         (hello):
1894
1895 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
1896
1897         [FTL] Remove unused scripts related to native call inlining
1898         https://bugs.webkit.org/show_bug.cgi?id=147448
1899
1900         Reviewed by Filip Pizlo.
1901
1902         * build-symbol-table-index.py: Removed.
1903         * copy-llvm-ir-to-derived-sources.sh: Removed.
1904         * create-llvm-ir-from-source-file.py: Removed.
1905         * create-symbol-table-index.py: Removed.
1906
1907 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
1908
1909         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
1910         https://bugs.webkit.org/show_bug.cgi?id=118455
1911
1912         Reviewed by Filip Pizlo.
1913
1914         LivenessAnalysisPhase lights up like a christmas tree in profiles.
1915
1916         This patch cuts its cost by 4.
1917         About half of the gains come from removing many rehash() when copying
1918         the HashSet.
1919         The last quarter is achieved by having a special add() function for initializing
1920         a HashSet.
1921
1922         This makes benchmarks progress by 1-2% here and there. Nothing massive.
1923
1924         * dfg/DFGLivenessAnalysisPhase.cpp:
1925         (JSC::DFG::LivenessAnalysisPhase::process):
1926         The m_live HashSet is only useful per block. When we are done with it,
1927         we can transfer it to liveAtHead to avoid a copy.
1928
1929 2015-08-01  Saam barati  <saambarati1@gmail.com>
1930
1931         Unreviewed. Remove unintentional "print" statement in test case.
1932         https://bugs.webkit.org/show_bug.cgi?id=142567
1933
1934         * tests/stress/class-syntax-definition-semantics.js:
1935         (shouldBeSyntaxError):
1936
1937 2015-07-31  Alex Christensen  <achristensen@webkit.org>
1938
1939         Prepare for VS2015
1940         https://bugs.webkit.org/show_bug.cgi?id=146579
1941
1942         Reviewed by Jon Honeycutt.
1943
1944         * heap/Heap.h:
1945         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
1946
1947 2015-07-31  Saam barati  <saambarati1@gmail.com>
1948
1949         ES6 class syntax should use block scoping
1950         https://bugs.webkit.org/show_bug.cgi?id=142567
1951
1952         Reviewed by Geoffrey Garen.
1953
1954         We treat class declarations like we do "let" declarations.
1955         The class name is under TDZ until the class declaration
1956         statement is evaluated. Class declarations also follow
1957         the same rules as "let": No duplicate definitions inside
1958         a lexical environment.
1959
1960         * parser/ASTBuilder.h:
1961         (JSC::ASTBuilder::createClassDeclStatement):
1962         * parser/Parser.cpp:
1963         (JSC::Parser<LexerType>::parseClassDeclaration):
1964         * tests/stress/class-syntax-block-scoping.js: Added.
1965         (assert):
1966         (truth):
1967         (.):
1968         * tests/stress/class-syntax-definition-semantics.js: Added.
1969         (shouldBeSyntaxError):
1970         (shouldNotBeSyntaxError):
1971         (truth):
1972         * tests/stress/class-syntax-tdz.js:
1973         (assert):
1974         (shouldThrowTDZ):
1975         (truth):
1976         (.):
1977
1978 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1979
1980         Implement WebAssembly module parser
1981         https://bugs.webkit.org/show_bug.cgi?id=147293
1982
1983         Reviewed by Mark Lam.
1984
1985         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
1986         include file: 'JSWASMModule.h'" issue on Windows.
1987
1988         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
1989         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
1990         the magic number at the beginning of the files. Parsing of the rest will be
1991         implemented in a subsequent patch.
1992
1993         * CMakeLists.txt:
1994         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1995         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1996         * JavaScriptCore.xcodeproj/project.pbxproj:
1997         * jsc.cpp:
1998         (GlobalObject::finishCreation):
1999         (functionLoadWebAssembly):
2000         * parser/SourceProvider.h:
2001         (JSC::WebAssemblySourceProvider::create):
2002         (JSC::WebAssemblySourceProvider::data):
2003         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2004         * runtime/JSGlobalObject.cpp:
2005         (JSC::JSGlobalObject::init):
2006         (JSC::JSGlobalObject::visitChildren):
2007         * runtime/JSGlobalObject.h:
2008         (JSC::JSGlobalObject::wasmModuleStructure):
2009         * wasm/WASMMagicNumber.h: Added.
2010         * wasm/WASMModuleParser.cpp: Added.
2011         (JSC::WASMModuleParser::WASMModuleParser):
2012         (JSC::WASMModuleParser::parse):
2013         (JSC::WASMModuleParser::parseModule):
2014         (JSC::parseWebAssembly):
2015         * wasm/WASMModuleParser.h: Added.
2016         * wasm/WASMReader.cpp: Added.
2017         (JSC::WASMReader::readUnsignedInt32):
2018         (JSC::WASMReader::readFloat):
2019         (JSC::WASMReader::readDouble):
2020         * wasm/WASMReader.h: Added.
2021         (JSC::WASMReader::WASMReader):
2022
2023 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2024
2025         Add the "wasm" directory to the Additional Include Directories for jsc.exe
2026         https://bugs.webkit.org/show_bug.cgi?id=147443
2027
2028         Reviewed by Mark Lam.
2029
2030         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
2031         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
2032
2033         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2034
2035 2015-07-30  Chris Dumez  <cdumez@apple.com>
2036
2037         Mark more classes as fast allocated
2038         https://bugs.webkit.org/show_bug.cgi?id=147440
2039
2040         Reviewed by Sam Weinig.
2041
2042         Mark more classes as fast allocated for performance. We heap-allocate
2043         objects of those types throughout the code base.
2044
2045         * API/JSCallbackObject.h:
2046         * API/ObjCCallbackFunction.mm:
2047         * bytecode/BytecodeKills.h:
2048         * bytecode/BytecodeLivenessAnalysis.h:
2049         * bytecode/CallLinkStatus.h:
2050         * bytecode/FullBytecodeLiveness.h:
2051         * bytecode/SamplingTool.h:
2052         * bytecompiler/BytecodeGenerator.h:
2053         * dfg/DFGBasicBlock.h:
2054         * dfg/DFGBlockMap.h:
2055         * dfg/DFGInPlaceAbstractState.h:
2056         * dfg/DFGThreadData.h:
2057         * heap/HeapVerifier.h:
2058         * heap/SlotVisitor.h:
2059         * parser/Lexer.h:
2060         * runtime/ControlFlowProfiler.h:
2061         * runtime/TypeProfiler.h:
2062         * runtime/TypeProfilerLog.h:
2063         * runtime/Watchdog.h:
2064
2065 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
2066
2067         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
2068         https://bugs.webkit.org/show_bug.cgi?id=147433
2069         rdar://problem/21668986
2070
2071         Reviewed by Mark Lam.
2072
2073         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
2074         currently that's not what it does - it emits a SetArgument for every argument that a varargs
2075         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
2076         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
2077         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
2078         have a PutStack.
2079
2080         This fixes the bug by removing the code to optimize away PutStacks in
2081         ArgumentsEliminationPhase.
2082
2083         * dfg/DFGArgumentsEliminationPhase.cpp:
2084         * tests/stress/varargs-inlining-underflow.js: Added.
2085         (baz):
2086         (bar):
2087         (foo):
2088
2089 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
2090
2091         Implement basic types for ECMAScript Internationalization API
2092         https://bugs.webkit.org/show_bug.cgi?id=146926
2093
2094         Reviewed by Benjamin Poulain.
2095
2096         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
2097         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
2098
2099         * CMakeLists.txt: Added new Intl files.
2100         * Configurations/FeatureDefines.xcconfig: Enable INTL.
2101         * DerivedSources.make: Added Intl files.
2102         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
2103         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
2104         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
2105         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
2106         * runtime/DateConstructor.cpp: Made Date.now public.
2107         * runtime/DateConstructor.h: Made Date.now public.
2108         * runtime/IntlCollator.cpp: Added.
2109         (JSC::IntlCollator::create):
2110         (JSC::IntlCollator::createStructure):
2111         (JSC::IntlCollator::IntlCollator):
2112         (JSC::IntlCollator::finishCreation):
2113         (JSC::IntlCollator::destroy):
2114         (JSC::IntlCollator::visitChildren):
2115         (JSC::IntlCollator::setBoundCompare):
2116         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
2117         * runtime/IntlCollator.h: Added.
2118         (JSC::IntlCollator::constructor):
2119         (JSC::IntlCollator::boundCompare):
2120         * runtime/IntlCollatorConstructor.cpp: Added.
2121         (JSC::IntlCollatorConstructor::create):
2122         (JSC::IntlCollatorConstructor::createStructure):
2123         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
2124         (JSC::IntlCollatorConstructor::finishCreation):
2125         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
2126         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
2127         (JSC::IntlCollatorConstructor::getConstructData):
2128         (JSC::IntlCollatorConstructor::getCallData):
2129         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2130         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2131         (JSC::IntlCollatorConstructor::visitChildren):
2132         * runtime/IntlCollatorConstructor.h: Added.
2133         (JSC::IntlCollatorConstructor::collatorStructure):
2134         * runtime/IntlCollatorPrototype.cpp: Added.
2135         (JSC::IntlCollatorPrototype::create):
2136         (JSC::IntlCollatorPrototype::createStructure):
2137         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
2138         (JSC::IntlCollatorPrototype::finishCreation):
2139         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
2140         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
2141         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2142         * runtime/IntlCollatorPrototype.h: Added.
2143         * runtime/IntlDateTimeFormat.cpp: Added.
2144         (JSC::IntlDateTimeFormat::create):
2145         (JSC::IntlDateTimeFormat::createStructure):
2146         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
2147         (JSC::IntlDateTimeFormat::finishCreation):
2148         (JSC::IntlDateTimeFormat::destroy):
2149         (JSC::IntlDateTimeFormat::visitChildren):
2150         (JSC::IntlDateTimeFormat::setBoundFormat):
2151         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
2152         * runtime/IntlDateTimeFormat.h: Added.
2153         (JSC::IntlDateTimeFormat::constructor):
2154         (JSC::IntlDateTimeFormat::boundFormat):
2155         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
2156         (JSC::IntlDateTimeFormatConstructor::create):
2157         (JSC::IntlDateTimeFormatConstructor::createStructure):
2158         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
2159         (JSC::IntlDateTimeFormatConstructor::finishCreation):
2160         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2161         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2162         (JSC::IntlDateTimeFormatConstructor::getConstructData):
2163         (JSC::IntlDateTimeFormatConstructor::getCallData):
2164         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2165         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2166         (JSC::IntlDateTimeFormatConstructor::visitChildren):
2167         * runtime/IntlDateTimeFormatConstructor.h: Added.
2168         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
2169         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
2170         (JSC::IntlDateTimeFormatPrototype::create):
2171         (JSC::IntlDateTimeFormatPrototype::createStructure):
2172         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
2173         (JSC::IntlDateTimeFormatPrototype::finishCreation):
2174         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2175         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
2176         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2177         * runtime/IntlDateTimeFormatPrototype.h: Added.
2178         * runtime/IntlNumberFormat.cpp: Added.
2179         (JSC::IntlNumberFormat::create):
2180         (JSC::IntlNumberFormat::createStructure):
2181         (JSC::IntlNumberFormat::IntlNumberFormat):
2182         (JSC::IntlNumberFormat::finishCreation):
2183         (JSC::IntlNumberFormat::destroy):
2184         (JSC::IntlNumberFormat::visitChildren):
2185         (JSC::IntlNumberFormat::setBoundFormat):
2186         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
2187         * runtime/IntlNumberFormat.h: Added.
2188         (JSC::IntlNumberFormat::constructor):
2189         (JSC::IntlNumberFormat::boundFormat):
2190         * runtime/IntlNumberFormatConstructor.cpp: Added.
2191         (JSC::IntlNumberFormatConstructor::create):
2192         (JSC::IntlNumberFormatConstructor::createStructure):
2193         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
2194         (JSC::IntlNumberFormatConstructor::finishCreation):
2195         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2196         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2197         (JSC::IntlNumberFormatConstructor::getConstructData):
2198         (JSC::IntlNumberFormatConstructor::getCallData):
2199         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2200         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2201         (JSC::IntlNumberFormatConstructor::visitChildren):
2202         * runtime/IntlNumberFormatConstructor.h: Added.
2203         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
2204         * runtime/IntlNumberFormatPrototype.cpp: Added.
2205         (JSC::IntlNumberFormatPrototype::create):
2206         (JSC::IntlNumberFormatPrototype::createStructure):
2207         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
2208         (JSC::IntlNumberFormatPrototype::finishCreation):
2209         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2210         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
2211         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2212         * runtime/IntlNumberFormatPrototype.h: Added.
2213         * runtime/IntlObject.cpp:
2214         (JSC::IntlObject::create):
2215         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
2216         (JSC::IntlObject::visitChildren):
2217         * runtime/IntlObject.h:
2218         (JSC::IntlObject::collatorConstructor):
2219         (JSC::IntlObject::collatorPrototype):
2220         (JSC::IntlObject::collatorStructure):
2221         (JSC::IntlObject::numberFormatConstructor):
2222         (JSC::IntlObject::numberFormatPrototype):
2223         (JSC::IntlObject::numberFormatStructure):
2224         (JSC::IntlObject::dateTimeFormatConstructor):
2225         (JSC::IntlObject::dateTimeFormatPrototype):
2226         (JSC::IntlObject::dateTimeFormatStructure):
2227         * runtime/JSGlobalObject.cpp:
2228         (JSC::JSGlobalObject::init):
2229
2230 2015-07-29  Commit Queue  <commit-queue@webkit.org>
2231
2232         Unreviewed, rolling out r187550.
2233         https://bugs.webkit.org/show_bug.cgi?id=147420
2234
2235         Broke Windows build (again) (Requested by smfr on #webkit).
2236
2237         Reverted changeset:
2238
2239         "Implement WebAssembly module parser"
2240         https://bugs.webkit.org/show_bug.cgi?id=147293
2241         http://trac.webkit.org/changeset/187550
2242
2243 2015-07-29  Basile Clement  <basile_clement@apple.com>
2244
2245         Remove native call inlining
2246         https://bugs.webkit.org/show_bug.cgi?id=147417
2247
2248         Rubber Stamped by Filip Pizlo.
2249
2250         * CMakeLists.txt:
2251         * dfg/DFGAbstractInterpreterInlines.h:
2252         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2253         * dfg/DFGByteCodeParser.cpp:
2254         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
2255         * dfg/DFGClobberize.h:
2256         (JSC::DFG::clobberize): Deleted.
2257         * dfg/DFGDoesGC.cpp:
2258         (JSC::DFG::doesGC): Deleted.
2259         * dfg/DFGFixupPhase.cpp:
2260         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2261         * dfg/DFGNode.h:
2262         (JSC::DFG::Node::hasHeapPrediction): Deleted.
2263         (JSC::DFG::Node::hasCellOperand): Deleted.
2264         * dfg/DFGNodeType.h:
2265         * dfg/DFGPredictionPropagationPhase.cpp:
2266         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2267         * dfg/DFGSafeToExecute.h:
2268         (JSC::DFG::safeToExecute): Deleted.
2269         * dfg/DFGSpeculativeJIT32_64.cpp:
2270         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2271         * dfg/DFGSpeculativeJIT64.cpp:
2272         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2273         * ftl/FTLCapabilities.cpp:
2274         (JSC::FTL::canCompile): Deleted.
2275         * ftl/FTLLowerDFGToLLVM.cpp:
2276         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
2277         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2278         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
2279         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
2280         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
2281         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
2282         * ftl/FTLState.cpp:
2283         (JSC::FTL::State::State): Deleted.
2284         * ftl/FTLState.h:
2285         * runtime/BundlePath.cpp: Removed.
2286         (JSC::bundlePath): Deleted.
2287         * runtime/JSDataViewPrototype.cpp:
2288         (JSC::getData):
2289         (JSC::setData):
2290         * runtime/Options.h:
2291
2292 2015-07-29  Basile Clement  <basile_clement@apple.com>
2293
2294         Unreviewed, skipping a test that is too complex for its own good
2295         https://bugs.webkit.org/show_bug.cgi?id=147167
2296
2297         * tests/stress/math-pow-coherency.js:
2298
2299 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2300
2301         Implement WebAssembly module parser
2302         https://bugs.webkit.org/show_bug.cgi?id=147293
2303
2304         Reviewed by Mark Lam.
2305
2306         Reupload the patch, since r187539 should fix the "Cannot open include file:
2307         'JSWASMModule.h'" issue in the Windows build.
2308
2309         * CMakeLists.txt:
2310         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2311         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2312         * JavaScriptCore.xcodeproj/project.pbxproj:
2313         * jsc.cpp:
2314         (GlobalObject::finishCreation):
2315         (functionLoadWebAssembly):
2316         * parser/SourceProvider.h:
2317         (JSC::WebAssemblySourceProvider::create):
2318         (JSC::WebAssemblySourceProvider::data):
2319         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2320         * runtime/JSGlobalObject.cpp:
2321         (JSC::JSGlobalObject::init):
2322         (JSC::JSGlobalObject::visitChildren):
2323         * runtime/JSGlobalObject.h:
2324         (JSC::JSGlobalObject::wasmModuleStructure):
2325         * wasm/WASMMagicNumber.h: Added.
2326         * wasm/WASMModuleParser.cpp: Added.
2327         (JSC::WASMModuleParser::WASMModuleParser):
2328         (JSC::WASMModuleParser::parse):
2329         (JSC::WASMModuleParser::parseModule):
2330         (JSC::parseWebAssembly):
2331         * wasm/WASMModuleParser.h: Added.
2332         * wasm/WASMReader.cpp: Added.
2333         (JSC::WASMReader::readUnsignedInt32):
2334         (JSC::WASMReader::readFloat):
2335         (JSC::WASMReader::readDouble):
2336         * wasm/WASMReader.h: Added.
2337         (JSC::WASMReader::WASMReader):
2338
2339 2015-07-29  Basile Clement  <basile_clement@apple.com>
2340
2341         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
2342         https://bugs.webkit.org/show_bug.cgi?id=147167
2343
2344         * tests/stress/math-pow-coherency.js:
2345
2346 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2347
2348         Add the "wasm" directory to Visual Studio project files
2349         https://bugs.webkit.org/show_bug.cgi?id=147400
2350
2351         Reviewed by Simon Fraser.
2352
2353         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
2354         in the Windows build.
2355
2356         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
2357         * JavaScriptCore.vcxproj/copy-files.cmd:
2358
2359 2015-07-28  Commit Queue  <commit-queue@webkit.org>
2360
2361         Unreviewed, rolling out r187531.
2362         https://bugs.webkit.org/show_bug.cgi?id=147397
2363
2364         Broke Windows bild (Requested by smfr on #webkit).
2365
2366         Reverted changeset:
2367
2368         "Implement WebAssembly module parser"
2369         https://bugs.webkit.org/show_bug.cgi?id=147293
2370         http://trac.webkit.org/changeset/187531
2371
2372 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
2373
2374         Speed up the Stringifier::toJSON() fast case
2375         https://bugs.webkit.org/show_bug.cgi?id=147383
2376
2377         Reviewed by Andreas Kling.
2378
2379         * runtime/JSONObject.cpp:
2380         (JSC::Stringifier::toJSON):
2381         (JSC::Stringifier::toJSONImpl):
2382
2383 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2384
2385         Implement WebAssembly module parser
2386         https://bugs.webkit.org/show_bug.cgi?id=147293
2387
2388         Reviewed by Geoffrey Garen.
2389
2390         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2391         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2392         the magic number at the beginning of the files. Parsing of the rest will be
2393         implemented in a subsequent patch.
2394
2395         * CMakeLists.txt:
2396         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2397         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2398         * JavaScriptCore.xcodeproj/project.pbxproj:
2399         * jsc.cpp:
2400         (GlobalObject::finishCreation):
2401         (functionLoadWebAssembly):
2402         * parser/SourceProvider.h:
2403         (JSC::WebAssemblySourceProvider::create):
2404         (JSC::WebAssemblySourceProvider::data):
2405         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2406         * runtime/JSGlobalObject.cpp:
2407         (JSC::JSGlobalObject::init):
2408         (JSC::JSGlobalObject::visitChildren):
2409         * runtime/JSGlobalObject.h:
2410         (JSC::JSGlobalObject::wasmModuleStructure):
2411         * wasm/WASMMagicNumber.h: Added.
2412         * wasm/WASMModuleParser.cpp: Added.
2413         (JSC::WASMModuleParser::WASMModuleParser):
2414         (JSC::WASMModuleParser::parse):
2415         (JSC::WASMModuleParser::parseModule):
2416         (JSC::parseWebAssembly):
2417         * wasm/WASMModuleParser.h: Added.
2418         * wasm/WASMReader.cpp: Added.
2419         (JSC::WASMReader::readUnsignedInt32):
2420         (JSC::WASMReader::readFloat):
2421         (JSC::WASMReader::readDouble):
2422         * wasm/WASMReader.h: Added.
2423         (JSC::WASMReader::WASMReader):
2424
2425 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
2426
2427         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
2428         https://bugs.webkit.org/show_bug.cgi?id=147350
2429
2430         Reviewed by Sam Weinig.
2431
2432         * Configurations/FeatureDefines.xcconfig:
2433
2434 2015-07-28  Saam barati  <saambarati1@gmail.com>
2435
2436         Make the type profiler work with lexical scoping and add tests
2437         https://bugs.webkit.org/show_bug.cgi?id=145438
2438
2439         Reviewed by Geoffrey Garen.
2440
2441         op_profile_type now knows how to resolve variables allocated within
2442         the local scope stack. This means it knows how to resolve "let"
2443         and "const" variables. Also, some refactoring was done inside
2444         the BytecodeGenerator to make writing code to support the type
2445         profiler much simpler and clearer.
2446
2447         * bytecode/CodeBlock.cpp:
2448         (JSC::CodeBlock::CodeBlock):
2449         * bytecode/CodeBlock.h:
2450         (JSC::CodeBlock::symbolTable): Deleted.
2451         * bytecode/UnlinkedCodeBlock.h:
2452         (JSC::UnlinkedCodeBlock::addExceptionHandler):
2453         (JSC::UnlinkedCodeBlock::exceptionHandler):
2454         (JSC::UnlinkedCodeBlock::vm):
2455         (JSC::UnlinkedCodeBlock::addArrayProfile):
2456         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
2457         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
2458         * bytecompiler/BytecodeGenerator.cpp:
2459         (JSC::BytecodeGenerator::BytecodeGenerator):
2460         (JSC::BytecodeGenerator::emitMove):
2461         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
2462         (JSC::BytecodeGenerator::emitProfileType):
2463         (JSC::BytecodeGenerator::emitProfileControlFlow):
2464         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2465         * bytecompiler/BytecodeGenerator.h:
2466         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
2467         * bytecompiler/NodesCodegen.cpp:
2468         (JSC::ThisNode::emitBytecode):
2469         (JSC::ResolveNode::emitBytecode):
2470         (JSC::BracketAccessorNode::emitBytecode):
2471         (JSC::DotAccessorNode::emitBytecode):
2472         (JSC::FunctionCallValueNode::emitBytecode):
2473         (JSC::FunctionCallResolveNode::emitBytecode):
2474         (JSC::FunctionCallBracketNode::emitBytecode):
2475         (JSC::FunctionCallDotNode::emitBytecode):
2476         (JSC::CallFunctionCallDotNode::emitBytecode):
2477         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2478         (JSC::PostfixNode::emitResolve):
2479         (JSC::PostfixNode::emitBracket):
2480         (JSC::PostfixNode::emitDot):
2481         (JSC::PrefixNode::emitResolve):
2482         (JSC::PrefixNode::emitBracket):
2483         (JSC::PrefixNode::emitDot):
2484         (JSC::ReadModifyResolveNode::emitBytecode):
2485         (JSC::AssignResolveNode::emitBytecode):
2486         (JSC::AssignDotNode::emitBytecode):
2487         (JSC::ReadModifyDotNode::emitBytecode):
2488         (JSC::AssignBracketNode::emitBytecode):
2489         (JSC::ReadModifyBracketNode::emitBytecode):
2490         (JSC::EmptyVarExpression::emitBytecode):
2491         (JSC::EmptyLetExpression::emitBytecode):
2492         (JSC::ForInNode::emitLoopHeader):
2493         (JSC::ForOfNode::emitBytecode):
2494         (JSC::ReturnNode::emitBytecode):
2495         (JSC::FunctionNode::emitBytecode):
2496         (JSC::BindingNode::bindValue):
2497         * dfg/DFGSpeculativeJIT32_64.cpp:
2498         (JSC::DFG::SpeculativeJIT::compile):
2499         * dfg/DFGSpeculativeJIT64.cpp:
2500         (JSC::DFG::SpeculativeJIT::compile):
2501         * jit/JITOpcodes.cpp:
2502         (JSC::JIT::emit_op_profile_type):
2503         * jit/JITOpcodes32_64.cpp:
2504         (JSC::JIT::emit_op_profile_type):
2505         * llint/LowLevelInterpreter32_64.asm:
2506         * llint/LowLevelInterpreter64.asm:
2507         * tests/typeProfiler/es6-block-scoping.js: Added.
2508         (noop):
2509         (arr):
2510         (wrapper.changeFoo):
2511         (wrapper.scoping):
2512         (wrapper.scoping2):
2513         (wrapper):
2514         * tests/typeProfiler/es6-classes.js: Added.
2515         (noop):
2516         (wrapper.Animal):
2517         (wrapper.Animal.prototype.methodA):
2518         (wrapper.Dog):
2519         (wrapper.Dog.prototype.methodB):
2520         (wrapper):
2521
2522 2015-07-28  Saam barati  <saambarati1@gmail.com>
2523
2524         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
2525         https://bugs.webkit.org/show_bug.cgi?id=146979
2526
2527         Reviewed by Geoffrey Garen.
2528
2529         Now that BytecodeGenerator has a notion of local scope depth,
2530         we can easily implement a catch scope that doesn't claim that
2531         all variables are dynamically scoped. This means that functions
2532         that use try/catch can have local variable resolution. This also
2533         means that all functions that use try/catch don't have all
2534         their variables marked as being captured.
2535
2536         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
2537         single variable. Catch scopes are now just JSLexicalEnvironments and the 
2538         symbol table backing the catch scope knows that it corresponds to a catch scope.
2539
2540         * CMakeLists.txt:
2541         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2542         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2543         * JavaScriptCore.xcodeproj/project.pbxproj:
2544         * bytecode/CodeBlock.cpp:
2545         (JSC::CodeBlock::dumpBytecode):
2546         * bytecode/EvalCodeCache.h:
2547         (JSC::EvalCodeCache::isCacheable):
2548         * bytecompiler/BytecodeGenerator.cpp:
2549         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2550         (JSC::BytecodeGenerator::emitLoadGlobalObject):
2551         (JSC::BytecodeGenerator::pushLexicalScope):
2552         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2553         (JSC::BytecodeGenerator::popLexicalScope):
2554         (JSC::BytecodeGenerator::popLexicalScopeInternal):
2555         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2556         (JSC::BytecodeGenerator::variable):
2557         (JSC::BytecodeGenerator::resolveType):
2558         (JSC::BytecodeGenerator::emitResolveScope):
2559         (JSC::BytecodeGenerator::emitPopScope):
2560         (JSC::BytecodeGenerator::emitPopWithScope):
2561         (JSC::BytecodeGenerator::emitDebugHook):
2562         (JSC::BytecodeGenerator::popScopedControlFlowContext):
2563         (JSC::BytecodeGenerator::emitPushCatchScope):
2564         (JSC::BytecodeGenerator::emitPopCatchScope):
2565         (JSC::BytecodeGenerator::beginSwitch):
2566         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
2567         * bytecompiler/BytecodeGenerator.h:
2568         (JSC::BytecodeGenerator::lastOpcodeID):
2569         * bytecompiler/NodesCodegen.cpp:
2570         (JSC::AssignResolveNode::emitBytecode):
2571         (JSC::WithNode::emitBytecode):
2572         (JSC::TryNode::emitBytecode):
2573         * debugger/DebuggerScope.cpp:
2574         (JSC::DebuggerScope::isCatchScope):
2575         (JSC::DebuggerScope::isFunctionNameScope):
2576         (JSC::DebuggerScope::isFunctionOrEvalScope):
2577         (JSC::DebuggerScope::caughtValue):
2578         * debugger/DebuggerScope.h:
2579         * inspector/ScriptDebugServer.cpp:
2580         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
2581         * interpreter/Interpreter.cpp:
2582         (JSC::Interpreter::execute):
2583         * jit/JITOpcodes.cpp:
2584         (JSC::JIT::emit_op_push_name_scope):
2585         * jit/JITOpcodes32_64.cpp:
2586         (JSC::JIT::emit_op_push_name_scope):
2587         * jit/JITOperations.cpp:
2588         * jit/JITOperations.h:
2589         * parser/ASTBuilder.h:
2590         (JSC::ASTBuilder::createContinueStatement):
2591         (JSC::ASTBuilder::createTryStatement):
2592         * parser/NodeConstructors.h:
2593         (JSC::ThrowNode::ThrowNode):
2594         (JSC::TryNode::TryNode):
2595         (JSC::FunctionParameters::FunctionParameters):
2596         * parser/Nodes.h:
2597         * parser/Parser.cpp:
2598         (JSC::Parser<LexerType>::parseTryStatement):
2599         * parser/SyntaxChecker.h:
2600         (JSC::SyntaxChecker::createBreakStatement):
2601         (JSC::SyntaxChecker::createContinueStatement):
2602         (JSC::SyntaxChecker::createTryStatement):
2603         (JSC::SyntaxChecker::createSwitchStatement):
2604         (JSC::SyntaxChecker::createWhileStatement):
2605         (JSC::SyntaxChecker::createWithStatement):
2606         * runtime/JSCatchScope.cpp:
2607         * runtime/JSCatchScope.h:
2608         (JSC::JSCatchScope::JSCatchScope): Deleted.
2609         (JSC::JSCatchScope::create): Deleted.
2610         (JSC::JSCatchScope::createStructure): Deleted.
2611         * runtime/JSFunctionNameScope.h:
2612         (JSC::JSFunctionNameScope::JSFunctionNameScope):
2613         * runtime/JSGlobalObject.cpp:
2614         (JSC::JSGlobalObject::init):
2615         (JSC::JSGlobalObject::visitChildren):
2616         * runtime/JSGlobalObject.h:
2617         (JSC::JSGlobalObject::withScopeStructure):
2618         (JSC::JSGlobalObject::strictEvalActivationStructure):
2619         (JSC::JSGlobalObject::activationStructure):
2620         (JSC::JSGlobalObject::functionNameScopeStructure):
2621         (JSC::JSGlobalObject::directArgumentsStructure):
2622         (JSC::JSGlobalObject::scopedArgumentsStructure):
2623         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
2624         * runtime/JSNameScope.cpp:
2625         (JSC::JSNameScope::create):
2626         (JSC::JSNameScope::toThis):
2627         * runtime/JSNameScope.h:
2628         * runtime/JSObject.cpp:
2629         (JSC::JSObject::toThis):
2630         (JSC::JSObject::isFunctionNameScopeObject):
2631         (JSC::JSObject::isCatchScopeObject): Deleted.
2632         * runtime/JSObject.h:
2633         * runtime/JSScope.cpp:
2634         (JSC::JSScope::collectVariablesUnderTDZ):
2635         (JSC::JSScope::isLexicalScope):
2636         (JSC::JSScope::isCatchScope):
2637         (JSC::resolveModeName):
2638         * runtime/JSScope.h:
2639         * runtime/SymbolTable.cpp:
2640         (JSC::SymbolTable::SymbolTable):
2641         (JSC::SymbolTable::cloneScopePart):
2642         * runtime/SymbolTable.h:
2643         * tests/stress/const-semantics.js:
2644         (.):
2645
2646 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
2647
2648         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
2649         https://bugs.webkit.org/show_bug.cgi?id=147373
2650
2651         Reviewed by Mark Lam.
2652
2653         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
2654         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
2655         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
2656
2657         When converting a GetByVal to GetStack, there are three possibilities:
2658
2659         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
2660            know to have stored to the stack. For example, if we inline a function that does
2661            "arguments[42]" at a call that passes no arguments.
2662
2663         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
2664            can happen for "arguments[42]" with no inline call frame (since we don't know statically
2665            how many arguments we will be passed) or in a varargs call frame.
2666
2667         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
2668            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
2669            frame, and we know that the caller passed 42 or more arguments.
2670
2671         The way the phase handles this is it first determines that we're not in case (1). This is
2672         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
2673         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
2674         is in-bounds (i.e. case (3)).
2675
2676         But the phase was again doing a check for whether the index is in-bounds for non-varargs
2677         inline call frames even when safeToGetStack was true. That check is redundant and should be
2678         eliminated, since it makes the code confusing.
2679
2680         * dfg/DFGArgumentsEliminationPhase.cpp:
2681
2682 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
2683
2684         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
2685         https://bugs.webkit.org/show_bug.cgi?id=147371
2686
2687         Reviewed by Mark Lam.
2688
2689         Two fixes:
2690
2691         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
2692           using ConflictingFlush for arguments.
2693
2694         - Assert that a GetStack never sees ConflictingFlush.
2695
2696         * dfg/DFGPutStackSinkingPhase.cpp:
2697
2698 2015-07-28  Basile Clement  <basile_clement@apple.com>
2699
2700         Misleading error message: "At least one digit must occur after a decimal point"
2701         https://bugs.webkit.org/show_bug.cgi?id=146238
2702
2703         Reviewed by Geoffrey Garen.
2704
2705         Interestingly, we had a comment explaining what this error message was
2706         about that is much clearer than the error message itself. This patch
2707         simply replaces the error message with the explanation from the
2708         comment.
2709
2710         * parser/Lexer.cpp:
2711         (JSC::Lexer<T>::lex):
2712
2713 2015-07-28  Basile Clement  <basile_clement@apple.com>
2714
2715         Simplify call linking
2716         https://bugs.webkit.org/show_bug.cgi?id=147363
2717
2718         Reviewed by Filip Pizlo.
2719
2720         Previously, we were passing both the CallLinkInfo and a
2721         (CodeSpecializationKind, RegisterPreservationMode) pair to the
2722         different call linking slow paths. However, the CallLinkInfo already
2723         has all of that information, and we don't gain anything by having them
2724         in additional static parameters - except possibly a very small
2725         performance gain in presence of inlining. However since those are
2726         already slow paths, this performance loss (if it exists) will not be
2727         visible in practice.
2728
2729         This patch removes the various specialized thunks and JIT operations
2730         for regular and polymorphic call linking with a single thunk and
2731         operation for each case. Moreover, it removes the four specialized
2732         virtual call thunks and operations with one virtual call thunk for each
2733         call link info, allowing for better branch prediction by the CPU and
2734         fixing a pre-existing FIXME.
2735
2736         * bytecode/CallLinkInfo.cpp:
2737         (JSC::CallLinkInfo::unlink):
2738         (JSC::CallLinkInfo::dummy): Deleted.
2739         * bytecode/CallLinkInfo.h:
2740         (JSC::CallLinkInfo::CallLinkInfo):
2741         (JSC::CallLinkInfo::registerPreservationMode):
2742         (JSC::CallLinkInfo::setUpCallFromFTL):
2743         (JSC::CallLinkInfo::setSlowStub):
2744         (JSC::CallLinkInfo::clearSlowStub):
2745         (JSC::CallLinkInfo::slowStub):
2746         * dfg/DFGDriver.cpp:
2747         (JSC::DFG::compileImpl):
2748         * dfg/DFGJITCompiler.cpp:
2749         (JSC::DFG::JITCompiler::link):
2750         * ftl/FTLJSCallBase.cpp:
2751         (JSC::FTL::JSCallBase::link):
2752         * jit/JITCall.cpp:
2753         (JSC::JIT::compileCallEvalSlowCase):
2754         (JSC::JIT::compileOpCall):
2755         (JSC::JIT::compileOpCallSlowCase):
2756         * jit/JITCall32_64.cpp:
2757         (JSC::JIT::compileCallEvalSlowCase):
2758         (JSC::JIT::compileOpCall):
2759         (JSC::JIT::compileOpCallSlowCase):
2760         * jit/JITOperations.cpp:
2761         * jit/JITOperations.h:
2762         (JSC::operationLinkFor): Deleted.
2763         (JSC::operationVirtualFor): Deleted.
2764         (JSC::operationLinkPolymorphicCallFor): Deleted.
2765         * jit/Repatch.cpp:
2766         (JSC::generateByIdStub):
2767         (JSC::linkSlowFor):
2768         (JSC::linkFor):
2769         (JSC::revertCall):
2770         (JSC::unlinkFor):
2771         (JSC::linkVirtualFor):
2772         (JSC::linkPolymorphicCall):
2773         * jit/Repatch.h:
2774         * jit/ThunkGenerators.cpp:
2775         (JSC::linkCallThunkGenerator):
2776         (JSC::linkPolymorphicCallThunkGenerator):
2777         (JSC::virtualThunkFor):
2778         (JSC::linkForThunkGenerator): Deleted.
2779         (JSC::linkConstructThunkGenerator): Deleted.
2780         (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
2781         (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
2782         (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
2783         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
2784         (JSC::virtualForThunkGenerator): Deleted.
2785         (JSC::virtualCallThunkGenerator): Deleted.
2786         (JSC::virtualConstructThunkGenerator): Deleted.
2787         (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
2788         (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
2789         * jit/ThunkGenerators.h:
2790         (JSC::linkThunkGeneratorFor): Deleted.
2791         (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
2792         (JSC::virtualThunkGeneratorFor): Deleted.
2793
2794 2015-07-28  Basile Clement  <basile_clement@apple.com>
2795
2796         stress/math-pow-with-constants.js fails in cloop
2797         https://bugs.webkit.org/show_bug.cgi?id=147167
2798
2799         Reviewed by Geoffrey Garen.
2800
2801         Baseline JIT, DFG and FTL are using a fast exponentiation fast path
2802         when computing Math.pow() with an integer exponent that is not taken in
2803         the LLInt (or the DFG abstract interpreter). This leads to the result
2804         of pow changing depending on the compilation tier or the fact that
2805         constant propagation kicks in, which is undesirable.
2806
2807         This patch adds the fast path to the slow operationMathPow in order to
2808         maintain an illusion of consistency.
2809
2810         * runtime/MathCommon.cpp:
2811         (JSC::operationMathPow):
2812         * tests/stress/math-pow-coherency.js: Added.
2813         (pow42):
2814         (build42AsDouble.opaqueAdd):
2815         (build42AsDouble):
2816         (powDouble42):
2817         (clobber):
2818         (pow42NoConstantFolding):
2819         (powDouble42NoConstantFolding):
2820
2821 2015-07-28  Joseph Pecoraro  <pecoraro@apple.com>
2822
2823         Web Inspector: Show Pseudo Elements in DOM Tree
2824         https://bugs.webkit.org/show_bug.cgi?id=139612
2825
2826         Reviewed by Timothy Hatcher.
2827
2828         * inspector/protocol/DOM.json:
2829         Add new properties to DOMNode if it is a pseudo element or if it has
2830         pseudo element children. Add new events for if a pseudo element is
2831         added or removed dynamically to an existing DOMNode.
2832
2833 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
2834
2835         Add logging when executable code gets deallocated
2836         https://bugs.webkit.org/show_bug.cgi?id=147355
2837
2838         Reviewed by Mark Lam.
2839
2840         * ftl/FTLJITCode.cpp:
2841         (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
2842         * jit/JITCode.cpp:
2843         (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
2844
2845 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
2846
2847         DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
2848         https://bugs.webkit.org/show_bug.cgi?id=147354
2849
2850         Reviewed by Michael Saboff.
2851
2852         If m_structure.isClobbered(), it means that we had a side effect that clobbered
2853         the abstract value but it may recover back to its original value at the next
2854         invalidation point. Since the invalidation point hasn't been reached yet, we need
2855         to conservatively treat the clobbered state as if it was top. At the invalidation
2856         point, the clobbered set will return back to being unclobbered.
2857
2858         In addition to fixing the bug, this introduces isInfinite(), which should be used
2859         in places where it's tempting to just use isTop().
2860
2861         * dfg/DFGSafeToExecute.h:
2862         (JSC::DFG::safeToExecute): Fix the bug.
2863         * dfg/DFGStructureAbstractValue.cpp:
2864         (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
2865         (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
2866         (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
2867         (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
2868         * dfg/DFGStructureAbstractValue.h:
2869         (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
2870         (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
2871         (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
2872
2873 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2874
2875         [ES6] Implement Reflect.enumerate
2876         https://bugs.webkit.org/show_bug.cgi?id=147347
2877
2878         Reviewed by Sam Weinig.
2879
2880         This patch implements Reflect.enumerate.
2881         It returns the iterator that iterates the enumerable keys of the given object.
2882         It follows the for-in's enumeration order.
2883
2884         To implement it, we write down the same logic to the for-in's enumeration code in C++.
2885
2886         * CMakeLists.txt:
2887         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2888         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2889         * JavaScriptCore.xcodeproj/project.pbxproj:
2890         * runtime/JSGlobalObject.cpp:
2891         (JSC::JSGlobalObject::init):
2892         (JSC::JSGlobalObject::visitChildren):
2893         * runtime/JSGlobalObject.h:
2894         (JSC::JSGlobalObject::propertyNameIteratorStructure):
2895         * runtime/JSPropertyNameIterator.cpp: Added.
2896         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2897         (JSC::JSPropertyNameIterator::clone):
2898         (JSC::JSPropertyNameIterator::create):
2899         (JSC::JSPropertyNameIterator::finishCreation):
2900         (JSC::JSPropertyNameIterator::visitChildren):
2901         (JSC::JSPropertyNameIterator::next):
2902         (JSC::propertyNameIteratorFuncNext):
2903         * runtime/JSPropertyNameIterator.h: Added.
2904         (JSC::JSPropertyNameIterator::createStructure):
2905         * runtime/ReflectObject.cpp:
2906         (JSC::reflectObjectEnumerate):
2907         * tests/stress/reflect-enumerate.js: Added.
2908         (shouldBe):
2909         (shouldThrow):
2910
2911 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2912
2913         [ES6] Implement Reflect.preventExtensions
2914         https://bugs.webkit.org/show_bug.cgi?id=147331
2915
2916         Reviewed by Sam Weinig.
2917
2918         Implement Reflect.preventExtensions.
2919         This is different from Object.preventExensions.
2920
2921         1. When preventExtensions is called onto the non-object, it raises the TypeError.
2922         2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
2923
2924         For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
2925
2926         * runtime/ReflectObject.cpp:
2927         (JSC::reflectObjectPreventExtensions):
2928         * tests/stress/reflect-prevent-extensions.js: Added.
2929         (shouldBe):
2930         (shouldThrow):
2931
2932 2015-07-27  Alex Christensen  <achristensen@webkit.org>
2933
2934         Use Ninja on Windows.
2935         https://bugs.webkit.org/show_bug.cgi?id=147228
2936
2937         Reviewed by Martin Robinson.
2938
2939         * CMakeLists.txt:
2940         Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
2941
2942 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2943
2944         SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
2945         https://bugs.webkit.org/show_bug.cgi?id=147265
2946
2947         Reviewed by Geoffrey Garen.
2948
2949         JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
2950         By checking that the given index is in-bound of the vector's length, we can look up the property fast.
2951         And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
2952         And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
2953
2954         The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
2955         from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
2956         even the index is less than MIN_SPARSE_ARRAY_INDEX.
2957
2958         As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
2959         we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
2960         if the loaded value is an array hole, we decide the given object does not have the value for the given index.
2961
2962         This patch fixes the problem.
2963         When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
2964         and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
2965         practice, we expect this does not hurt the performance while keeping the fast property access system without
2966         checking the sparse map.
2967
2968         * runtime/JSObject.cpp:
2969         (JSC::JSObject::putDirectIndexBeyondVectorLength):
2970         * tests/stress/sparse-map-non-overlapping.js: Added.
2971         (shouldBe):
2972         (testing):
2973         (object.get 1000):
2974         * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
2975         (shouldBe):
2976         (obj.get 1):
2977         (testing):
2978         * tests/stress/sparse-map-non-skip.js: Added.
2979         (shouldBe):
2980         (testing):
2981         (testing2):
2982         (.get for):
2983
2984 2015-07-27  Saam barati  <saambarati1@gmail.com>
2985
2986         Reduce execution time for "let" and "const" tests
2987         https://bugs.webkit.org/show_bug.cgi?id=147291
2988
2989         Reviewed by Geoffrey Garen.
2990
2991         We don't need to loop so many times for things that will not make it 
2992         into the DFG.  Also, we can loop a lot less for almost all the tests 
2993         because they're mostly testing the bytecode generator.
2994
2995         * tests/stress/const-and-with-statement.js:
2996         * tests/stress/const-exception-handling.js:
2997         * tests/stress/const-loop-semantics.js:
2998         * tests/stress/const-not-strict-mode.js:
2999         * tests/stress/const-semantics.js:
3000         * tests/stress/const-tdz.js:
3001         * tests/stress/lexical-let-and-with-statement.js:
3002         * tests/stress/lexical-let-exception-handling.js:
3003         (assert):
3004         * tests/stress/lexical-let-loop-semantics.js:
3005         (assert):
3006         (shouldThrowTDZ):
3007         (.):
3008         * tests/stress/lexical-let-not-strict-mode.js:
3009         * tests/stress/lexical-let-semantics.js:
3010         (.):
3011         * tests/stress/lexical-let-tdz.js:
3012         (shouldThrowTDZ):
3013         (.):
3014
3015 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3016
3017         Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
3018         https://bugs.webkit.org/show_bug.cgi?id=147311
3019
3020         Reviewed by Sam Weinig.
3021
3022         To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
3023         this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
3024
3025         * bytecode/ObjectAllocationProfile.h:
3026         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3027         * runtime/EnumerationMode.h:
3028         * runtime/ObjectConstructor.cpp:
3029         (JSC::ownEnumerablePropertyKeys):
3030         (JSC::defineProperties):
3031         (JSC::objectConstructorSeal):
3032         (JSC::objectConstructorFreeze):
3033         (JSC::objectConstructorIsSealed):
3034         (JSC::objectConstructorIsFrozen):
3035         (JSC::ownPropertyKeys):
3036         * runtime/ReflectObject.cpp:
3037         (JSC::reflectObjectOwnKeys):
3038
3039 2015-07-27  Saam barati  <saambarati1@gmail.com>
3040
3041         Added a comment explaining that all "addVar()"s should happen before
3042         emitting bytecode for a function's default parameter expressions
3043
3044         Rubber Stamped by Mark Lam.
3045
3046         * bytecompiler/BytecodeGenerator.cpp:
3047         (JSC::BytecodeGenerator::BytecodeGenerator):
3048
3049 2015-07-26  Sam Weinig  <sam@webkit.org>
3050
3051         Add missing builtin files to the JavaScriptCore Xcode project
3052         https://bugs.webkit.org/show_bug.cgi?id=147312
3053
3054         Reviewed by Darin Adler.
3055
3056         * JavaScriptCore.xcodeproj/project.pbxproj:
3057         Add missing files.
3058
3059 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3060
3061         [ES6] Implement Reflect.isExtensible
3062         https://bugs.webkit.org/show_bug.cgi?id=147308
3063
3064         Reviewed by Sam Weinig.
3065
3066         This patch implements Reflect.isExtensible.
3067         It is similar to Object.isExtensible.
3068         The difference is that it raises an error if the first argument is not an object.
3069
3070         * runtime/ReflectObject.cpp:
3071         (JSC::reflectObjectIsExtensible):
3072         * tests/stress/reflect-is-extensible.js: Added.
3073         (shouldBe):
3074         (shouldThrow):
3075
3076 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3077
3078         Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
3079         https://bugs.webkit.org/show_bug.cgi?id=147307
3080
3081         * runtime/ObjectConstructor.cpp:
3082         (JSC::ownPropertyKeys):
3083
3084 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3085
3086         [ES6] Implement Reflect.ownKeys
3087         https://bugs.webkit.org/show_bug.cgi?id=147307
3088
3089         Reviewed by Sam Weinig.
3090
3091         This patch implements Reflect.ownKeys.
3092         In this patch, we refactor the existing code to list up own keys in the object.
3093         Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
3094         We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
3095
3096         * runtime/ObjectConstructor.cpp:
3097         (JSC::objectConstructorGetOwnPropertyNames):
3098         (JSC::objectConstructorGetOwnPropertySymbols):
3099         (JSC::objectConstructorKeys):
3100         (JSC::ownEnumerablePropertyKeys):
3101         (JSC::ownPropertyKeys):
3102         * runtime/ObjectConstructor.h:
3103         * runtime/ReflectObject.cpp:
3104         (JSC::reflectObjectOwnKeys):
3105         * tests/stress/reflect-own-keys.js: Added.
3106         (shouldBe):
3107         (shouldThrow):
3108         (shouldBeArray):
3109
3110 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3111
3112         [ES6] Implement Reflect.apply
3113         https://bugs.webkit.org/show_bug.cgi?id=147306
3114
3115         Reviewed by Sam Weinig.
3116
3117         Implement Reflect.apply.
3118         The large part of this can be implemented by the @apply builtin annotation.
3119         The only thing which is different from the Funciton.prototype.apply is the third parameter,
3120         "argumentsList" is needed to be an object.
3121
3122         * builtins/ReflectObject.js:
3123         (apply):
3124         (deleteProperty):
3125         * runtime/ReflectObject.cpp:
3126         * tests/stress/reflect-apply.js: Added.
3127         (shouldBe):
3128         (shouldThrow):
3129         (get shouldThrow):
3130         (.get shouldThrow):
3131         (get var.array.get length):
3132         (get var.array.get 0):
3133         (.get var):
3134         * tests/stress/reflect-delete-property.js:
3135
3136 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3137
3138         [ES6] Add Reflect namespace and add Reflect.deleteProperty
3139         https://bugs.webkit.org/show_bug.cgi?id=147287
3140
3141         Reviewed by Sam Weinig.
3142
3143         This patch just creates the namespace for ES6 Reflect APIs.
3144         And add template files to implement the actual code.
3145
3146         Not to keep the JS generated properties C array empty,
3147         we added one small method, Reflect.deleteProperty in this patch.
3148
3149         * CMakeLists.txt:
3150         * DerivedSources.make:
3151         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3152         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3153         * JavaScriptCore.xcodeproj/project.pbxproj:
3154         * builtins/ReflectObject.js: Added.
3155         (deleteProperty):
3156         * runtime/CommonIdentifiers.h:
3157         * runtime/JSGlobalObject.cpp:
3158         (JSC::JSGlobalObject::init):
3159         * runtime/ReflectObject.cpp: Added.
3160         (JSC::ReflectObject::ReflectObject):
3161         (JSC::ReflectObject::finishCreation):
3162         (JSC::ReflectObject::getOwnPropertySlot):
3163         * runtime/ReflectObject.h: Added.
3164         (JSC::ReflectObject::create):
3165         (JSC::ReflectObject::createStructure):
3166         * tests/stress/reflect-delete-property.js: Added.
3167         (shouldBe):
3168         (shouldThrow):
3169
3170 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3171
3172         Avoid 2 times name iteration in Object.assign
3173         https://bugs.webkit.org/show_bug.cgi?id=147268
3174
3175         Reviewed by Geoffrey Garen.
3176
3177         Object.assign calls Object.getOwnPropertyNames & Object.getOwnPropertySymbols to collect all the names.
3178         But exposing the private API that collects both at the same time makes the API efficient when the given Object has so many non-indexed properties.
3179         Since Object.assign is so generic API (some form of utility API), the form of the given Object is not expected.
3180         So the taken object may have so many non-indexed properties.
3181
3182         In this patch, we introduce `ownEnumerablePropertyKeys` private function.
3183         It is minor changed version of `[[OwnPropertyKeys]]` in the ES6 spec;
3184         It only includes enumerable properties.
3185
3186         By filtering out the non-enumerable properties in the exposed private function,
3187         we avoid calling @objectGetOwnPropertyDescriptor for each property at the same time.
3188
3189         * builtins/ObjectConstructor.js:
3190         (assign):
3191         * runtime/CommonIdentifiers.h:
3192         * runtime/EnumerationMode.h:
3193         * runtime/JSGlobalObject.cpp:
3194         (JSC::JSGlobalObject::init):
3195         * runtime/ObjectConstructor.cpp:
3196         (JSC::ownEnumerablePropertyKeys):
3197         * runtime/ObjectConstructor.h:
3198         * tests/stress/object-assign-enumerable.js: Added.
3199         (shouldBe):
3200         * tests/stress/object-assign-order.js: Added.
3201         (shouldBe):
3202
3203 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3204
3205         Remove runtime flags for symbols
3206         https://bugs.webkit.org/show_bug.cgi?id=147246
3207
3208         Reviewed by Alex Christensen.
3209
3210         * runtime/ArrayPrototype.cpp:
3211         (JSC::ArrayPrototype::finishCreation):
3212         * runtime/JSGlobalObject.cpp:
3213         (JSC::JSGlobalObject::init): Deleted.
3214         * runtime/JSGlobalObject.h:
3215         * runtime/ObjectConstructor.cpp:
3216         (JSC::ObjectConstructor::finishCreation):
3217         * runtime/RuntimeFlags.h:
3218
3219 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3220
3221         Object.getOwnPropertySymbols on large list takes very long
3222         https://bugs.webkit.org/show_bug.cgi?id=146137
3223
3224         Reviewed by Mark Lam.
3225
3226         Before this patch, Object.getOwnPropertySymbols collects all the names including strings.
3227         And after it's done, filter the names to only retrieve the symbols.
3228         But it's so time consuming if the given object is a large non-holed array since it has
3229         many indexed properties and all the indexes have to be converted to uniqued_strings and
3230         added to the collection of property names (though they may not be of the requested type
3231         and will be filtered out later)
3232
3233         This patch introduces PropertyNameMode.
3234         We leverage this mode in 2 places.
3235
3236         1. PropertyNameArray side
3237         It is set in PropertyNameArray and it filters the incoming added identifiers based on the mode.
3238         It ensures that PropertyNameArray doesn't become so large in the pathological case.
3239         And it ensures that non-expected typed keys by the filter (Symbols or Strings) are never added
3240         to the property name array collections.
3241         However it does not solve the whole problem because the huge array still incurs the many
3242         "indexed property to uniqued string" conversion and the large iteration before adding the keys
3243         to the property name array.
3244
3245         2. getOwnPropertyNames side
3246         So we can use the PropertyNameMode in the caller side (getOwnPropertyNames) as a **hint**.
3247         When the large iteration may occur, the caller side can use the PropertyNameMode as a hint to
3248         avoid the iteration.
3249         But we cannot exclusively rely on these caller side checks because it would require that we
3250         exhaustively add the checks to all custom implementations of getOwnPropertyNames as well.
3251         This process requires manual inspection of many pieces of code, and is error prone. Instead,
3252         we only apply the caller side check in a few strategic places where it is known to yield
3253         performance benefits; and we rely on the filter in PropertyNameArray::add() to reject the wrong
3254         types of properties for all other calls to PropertyNameArray::add().
3255
3256         In this patch, there's a concept in use that is not clear just from reading the code, and hence
3257         should be documented here. When selecting the PropertyNameMode for the PropertyNameArray to be
3258         instantiated, we apply the following logic:
3259
3260         1. Only JavaScriptCore code is aware of ES6 Symbols.
3261         We can assume that pre-existing external code that interfaces JSC are only looking for string named properties. This includes:
3262             a. WebCore bindings
3263             b. Serializer bindings
3264             c. NPAPI bindings
3265             d. Objective C bindings
3266         2. In JSC, code that compute object storage space needs to iterate both Symbol and String named properties. Hence, use PropertyNameMode::Both.
3267         3. In JSC, ES6 APIs that work with Symbols should use PropertyNameMode::Symbols.
3268         4. In JSC, ES6 APIs that work with String named properties should use PropertyNameMode::Strings.
3269
3270         * API/JSObjectRef.cpp:
3271         (JSObjectCopyPropertyNames):
3272         * bindings/ScriptValue.cpp:
3273         (Deprecated::jsToInspectorValue):
3274         * bytecode/ObjectAllocationProfile.h:
3275         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3276         * runtime/EnumerationMode.h:
3277         (JSC::EnumerationMode::EnumerationMode):
3278         (JSC::EnumerationMode::includeSymbolProperties): Deleted.
3279         * runtime/GenericArgumentsInlines.h:
3280         (JSC::GenericArguments<Type>::getOwnPropertyNames):
3281         * runtime/JSGenericTypedArrayViewInlines.h:
3282         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertyNames):
3283         * runtime/JSLexicalEnvironment.cpp:
3284         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
3285         * runtime/JSONObject.cpp:
3286         (JSC::Stringifier::Stringifier):
3287         (JSC::Stringifier::Holder::appendNextProperty):
3288         (JSC::Walker::walk):
3289         * runtime/JSObject.cpp:
3290         (JSC::JSObject::getOwnPropertyNames):
3291         * runtime/JSPropertyNameEnumerator.cpp:
3292         (JSC::JSPropertyNameEnumerator::create):
3293         * runtime/JSPropertyNameEnumerator.h:
3294         (JSC::propertyNameEnumerator):
3295         * runtime/JSSymbolTableObject.cpp:
3296         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
3297         * runtime/ObjectConstructor.cpp:
3298         (JSC::objectConstructorGetOwnPropertyNames):
3299         (JSC::objectConstructorGetOwnPropertySymbols):
3300         (JSC::objectConstructorKeys):
3301         (JSC::defineProperties):
3302         (JSC::objectConstructorSeal):
3303         (JSC::objectConstructorFreeze):
3304         (JSC::objectConstructorIsSealed):
3305         (JSC::objectConstructorIsFrozen):
3306         * runtime/PropertyNameArray.h:
3307         (JSC::PropertyNameArray::PropertyNameArray):
3308         (JSC::PropertyNameArray::mode):
3309         (JSC::PropertyNameArray::addKnownUnique):
3310         (JSC::PropertyNameArray::add):
3311         (JSC::PropertyNameArray::isUidMatchedToTypeMode):
3312         (JSC::PropertyNameArray::includeSymbolProperties):
3313         (JSC::PropertyNameArray::includeStringProperties):
3314         * runtime/StringObject.cpp:
3315         (JSC::StringObject::getOwnPropertyNames):
3316         * runtime/Structure.cpp:
3317         (JSC::Structure::getPropertyNamesFromStructure):
3318
3319 2015-07-24  Saam barati  <saambarati1@gmail.com>
3320
3321         [ES6] Add support for default parameters
3322         https://bugs.webkit.org/show_bug.cgi?id=38409
3323
3324         Reviewed by Filip Pizlo.
3325
3326         This patch implements ES6 default parameters according to the ES6
3327         specification. This patch builds off the components introduced with 
3328         "let" scoping and parsing function parameters in the same parser
3329         arena as the function itself. "let" scoping allows functions with default 
3330         parameter values to place their parameters under the TDZ. Parsing function
3331         parameters in the same parser arena allows the FunctionParameters AST node
3332         refer to ExpressionNodes.
3333
3334         The most subtle part of this patch is how we allocate lexical environments
3335         when functions have default parameter values. If a function has default
3336         parameter values then there must be a separate lexical environment for
3337         its parameters. Then, the function's "var" lexical environment must have
3338         the parameter lexical environment as its parent. The BytecodeGenerator
3339         takes great care to not allocate the "var" lexical environment before its
3340         really needed.
3341
3342         The "arguments" object for a function with default parameters will never be 
3343         a mapped arugments object. It will always be a cloned arugments object.
3344
3345         * bytecompiler/BytecodeGenerator.cpp:
3346         (JSC::BytecodeGenerator::generate):
3347         (JSC::BytecodeGenerator::BytecodeGenerator):
3348         (JSC::BytecodeGenerator::~BytecodeGenerator):
3349         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3350         (JSC::BytecodeGenerator::initializeNextParameter):
3351         (JSC::BytecodeGenerator::initializeVarLexicalEnvironment):
3352         (JSC::BytecodeGenerator::visibleNameForParameter):
3353        &nb