6f59c0fd4b3818b6cd5cee51b4d30f1906791cfa
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [ES6] Implement Reflect.defineProperty
4         https://bugs.webkit.org/show_bug.cgi?id=147943
5
6         Reviewed by Saam Barati.
7
8         This patch implements Reflect.defineProperty.
9         The difference from the Object.defineProperty is,
10
11         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
12         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
13         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
14
15         And this patch comments the links to the ES6 spec.
16
17         * builtins/ReflectObject.js:
18         * runtime/ObjectConstructor.cpp:
19         (JSC::toPropertyDescriptor):
20         * runtime/ObjectConstructor.h:
21         * runtime/ReflectObject.cpp:
22         (JSC::reflectObjectDefineProperty):
23         * tests/stress/reflect-define-property.js: Added.
24         (shouldBe):
25         (shouldThrow):
26         (.set getter):
27         (setter):
28         (.get testDescriptor):
29         (.set get var):
30         (.set testDescriptor):
31         (.set get testDescriptor):
32         (.set get shouldThrow):
33         (.get var):
34
35 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
36
37         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
38         https://bugs.webkit.org/show_bug.cgi?id=147950
39
40         Reviewed by Michael Saboff.
41
42         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
43         responsible for memory corruption, since it would sometimes install watchpoints on structures that
44         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
45         entirely since later phases also do constant folding, and they do it without introducing the bug.
46         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
47         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
48         be maximally aggressive in constant-folding whenever possible.
49
50         So, this change now brings back that constant folding rule - for loads from object constants that
51         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
52         tryGetConstantProperty() if we have registered the structure set.
53
54         * dfg/DFGByteCodeParser.cpp:
55         (JSC::DFG::ByteCodeParser::load):
56
57 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
58
59         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
60         https://bugs.webkit.org/show_bug.cgi?id=147353
61
62         Reviewed by Geoffrey Garen.
63
64         This patch implements ModuleRecord and ModuleAnalyzer.
65         ModuleAnalyzer analyzes the produced AST from the parser.
66         By collaborating with the parser, ModuleAnalyzer collects the information
67         that is necessary to request the loading for the dependent modules and
68         construct module's environment and namespace object before executing the actual
69         module body.
70
71         In the parser, we annotate which variable is imported binding and which variable
72         is exported from the current module. This information is leveraged in the ModuleAnalyzer
73         to categorize the export entries.
74
75         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
76         instead of introducing a new TreeContext type. This is because only 2 users use the
77         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
78         enough to switch the context to the SyntaxChecker when parsing the non-module related
79         statement in the preparsing phase.
80
81         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
82         into the JSC shell. By specifying this, the result of analysis is dumped when the module
83         is parsed and analyzed.
84
85         * CMakeLists.txt:
86         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
87         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
88         * JavaScriptCore.xcodeproj/project.pbxproj:
89         * builtins/BuiltinNames.h:
90         * parser/ASTBuilder.h:
91         (JSC::ASTBuilder::createExportDefaultDeclaration):
92         * parser/ModuleAnalyzer.cpp: Added.
93         (JSC::ModuleAnalyzer::ModuleAnalyzer):
94         (JSC::ModuleAnalyzer::exportedBinding):
95         (JSC::ModuleAnalyzer::declareExportAlias):
96         (JSC::ModuleAnalyzer::exportVariable):
97         (JSC::ModuleAnalyzer::analyze):
98         * parser/ModuleAnalyzer.h: Added.
99         (JSC::ModuleAnalyzer::vm):
100         (JSC::ModuleAnalyzer::moduleRecord):
101         * parser/ModuleRecord.cpp: Added.
102         (JSC::printableName):
103         (JSC::ModuleRecord::dump):
104         * parser/ModuleRecord.h: Added.
105         (JSC::ModuleRecord::ImportEntry::isNamespace):
106         (JSC::ModuleRecord::create):
107         (JSC::ModuleRecord::appendRequestedModule):
108         (JSC::ModuleRecord::addImportEntry):
109         (JSC::ModuleRecord::addExportEntry):
110         (JSC::ModuleRecord::addStarExportEntry):
111         * parser/NodeConstructors.h:
112         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
113         (JSC::ImportDeclarationNode::ImportDeclarationNode):
114         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
115         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
116         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
117         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
118         * parser/Nodes.h:
119         (JSC::ExportDefaultDeclarationNode::localName):
120         * parser/NodesAnalyzeModule.cpp: Added.
121         (JSC::ScopeNode::analyzeModule):
122         (JSC::SourceElements::analyzeModule):
123         (JSC::ImportDeclarationNode::analyzeModule):
124         (JSC::ExportAllDeclarationNode::analyzeModule):
125         (JSC::ExportDefaultDeclarationNode::analyzeModule):
126         (JSC::ExportLocalDeclarationNode::analyzeModule):
127         (JSC::ExportNamedDeclarationNode::analyzeModule):
128         * parser/Parser.cpp:
129         (JSC::Parser<LexerType>::parseInner):
130         (JSC::Parser<LexerType>::parseModuleSourceElements):
131         (JSC::Parser<LexerType>::parseVariableDeclarationList):
132         (JSC::Parser<LexerType>::createBindingPattern):
133         (JSC::Parser<LexerType>::parseFunctionDeclaration):
134         (JSC::Parser<LexerType>::parseClassDeclaration):
135         (JSC::Parser<LexerType>::parseImportClauseItem):
136         (JSC::Parser<LexerType>::parseExportSpecifier):
137         (JSC::Parser<LexerType>::parseExportDeclaration):
138         * parser/Parser.h:
139         (JSC::Scope::lexicalVariables):
140         (JSC::Scope::declareLexicalVariable):
141         (JSC::Parser::declareVariable):
142         (JSC::Parser::exportName):
143         (JSC::Parser<LexerType>::parse):
144         (JSC::parse):
145         * parser/ParserModes.h:
146         * parser/SyntaxChecker.h:
147         (JSC::SyntaxChecker::createExportDefaultDeclaration):
148         * parser/VariableEnvironment.cpp:
149         (JSC::VariableEnvironment::markVariableAsImported):
150         (JSC::VariableEnvironment::markVariableAsExported):
151         * parser/VariableEnvironment.h:
152         (JSC::VariableEnvironmentEntry::isExported):
153         (JSC::VariableEnvironmentEntry::isImported):
154         (JSC::VariableEnvironmentEntry::setIsExported):
155         (JSC::VariableEnvironmentEntry::setIsImported):
156         * runtime/CommonIdentifiers.h:
157         * runtime/Completion.cpp:
158         (JSC::checkModuleSyntax):
159         * runtime/Options.h:
160
161 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
162
163         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
164
165         * jit/ExecutableAllocator.h:
166         * jsc.cpp:
167         (GlobalObject::finishCreation):
168         (functionAddressOf):
169         (functionVersion):
170         (functionReleaseExecutableMemory): Deleted.
171         * runtime/VM.cpp:
172         (JSC::StackPreservingRecompiler::operator()):
173         (JSC::VM::throwException):
174         (JSC::VM::updateFTLLargestStackSize):
175         (JSC::VM::gatherConservativeRoots):
176         (JSC::VM::releaseExecutableMemory): Deleted.
177         (JSC::releaseExecutableMemory): Deleted.
178         * runtime/VM.h:
179         (JSC::VM::isCollectorBusy):
180         * runtime/Watchdog.cpp:
181         (JSC::Watchdog::setTimeLimit):
182
183 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
184
185         Roll out r188339, which broke the build.
186
187         Unreviewed.
188
189         * jit/ExecutableAllocator.h:
190         * jsc.cpp:
191         (GlobalObject::finishCreation):
192         (functionReleaseExecutableMemory):
193         * runtime/VM.cpp:
194         (JSC::StackPreservingRecompiler::visit):
195         (JSC::StackPreservingRecompiler::operator()):
196         (JSC::VM::releaseExecutableMemory):
197         (JSC::releaseExecutableMemory):
198         * runtime/VM.h:
199         * runtime/Watchdog.cpp:
200         (JSC::Watchdog::setTimeLimit):
201
202 2015-08-12  Alex Christensen  <achristensen@webkit.org>
203
204         Fix Debug CMake builds on Windows
205         https://bugs.webkit.org/show_bug.cgi?id=147940
206
207         Reviewed by Chris Dumez.
208
209         * PlatformWin.cmake:
210         Copy the plist to the JavaScriptCore.resources directory.
211
212 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
213
214         Remove VM::releaseExecutableMemory
215         https://bugs.webkit.org/show_bug.cgi?id=147915
216
217         Reviewed by Saam Barati.
218
219         releaseExecutableMemory() was only used in one place, where discardAllCode()
220         would work just as well.
221
222         It's confusing to have two slightly different ways to discard code. Also,
223         releaseExecutableMemory() is unused in any production code, and it seems
224         to have bit-rotted.
225
226         * jit/ExecutableAllocator.h:
227         * jsc.cpp:
228         (GlobalObject::finishCreation):
229         (functionAddressOf):
230         (functionVersion):
231         (functionReleaseExecutableMemory): Deleted.
232         * runtime/VM.cpp:
233         (JSC::StackPreservingRecompiler::operator()):
234         (JSC::VM::throwException):
235         (JSC::VM::updateFTLLargestStackSize):
236         (JSC::VM::gatherConservativeRoots):
237         (JSC::VM::releaseExecutableMemory): Deleted.
238         (JSC::releaseExecutableMemory): Deleted.
239         * runtime/VM.h:
240         (JSC::VM::isCollectorBusy):
241         * runtime/Watchdog.cpp:
242         (JSC::Watchdog::setTimeLimit):
243
244 2015-08-12  Mark Lam  <mark.lam@apple.com>
245
246         Add a JSC option to enable the watchdog for testing.
247         https://bugs.webkit.org/show_bug.cgi?id=147939
248
249         Reviewed by Michael Saboff.
250
251         * API/JSContextRef.cpp:
252         (JSContextGroupSetExecutionTimeLimit):
253         (createWatchdogIfNeeded): Deleted.
254         * runtime/Options.h:
255         * runtime/VM.cpp:
256         (JSC::VM::VM):
257         (JSC::VM::~VM):
258         (JSC::VM::sharedInstanceInternal):
259         (JSC::VM::ensureWatchdog):
260         (JSC::thunkGeneratorForIntrinsic):
261         * runtime/VM.h:
262
263 2015-08-11  Mark Lam  <mark.lam@apple.com>
264
265         Implementation JavaScript watchdog using WTF::WorkQueue.
266         https://bugs.webkit.org/show_bug.cgi?id=147107
267
268         Reviewed by Geoffrey Garen.
269
270         How the Watchdog works?
271         ======================
272
273         1. When do we start the Watchdog?
274            =============================
275            The watchdog should only be started if both the following conditions are true:
276            1. A time limit has been set.
277            2. We have entered the VM.
278  
279         2. CPU time vs Wall Clock time
280            ===========================
281            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
282
283            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
284            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
285            indicates the wall clock time point when the WorkQueue timer is expected to fire.
286
287            The time limit for which we allow JS code to run should be measured in CPU time, which can
288            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
289            should fire.
290
291            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
292            we need to check if m_cpuDeadline has been reached.
293
294            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
295
296            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
297            code to continue to run for.  Hence, we need to start a new timer to fire again after
298            Tremainder microseconds.
299     
300            See Watchdog::didFireSlow().
301
302         3. Spurious wake ups
303            =================
304            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
305            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
306            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
307            wake ups are considered to be spurious and will be ignored.
308  
309            See Watchdog::didFireSlow().
310  
311         4. Minimizing Timer creation cost
312            ==============================
313            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
314            than this.
315  
316            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
317            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
318            time limit. Consider the following example:
319  
320                |---|-----|---|----------------|---------|
321                t0  t1    t2  t3            t0 + L    t2 + L 
322
323                |<--- T1 --------------------->|
324                          |<--- T2 --------------------->|
325                |<-- Td ->|                    |<-- Td ->|
326
327            1. The user initializes the watchdog with time limit L.
328            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
329               The timer is set to expire at t0 + L.
330            3. At t1, we exit the VM.
331            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
332          
333               However, we can note that the expiration time for T2 would be after the expiration time
334               of T1. Specifically, T2 would have expired at Td after T1 expires.
335          
336               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
337               for a period or Td instead.
338
339            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
340            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
341            automatically take care of starting a new timer for the difference Td in the example above.
342            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
343            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
344
345            The benefit:
346
347            1. we minimize the number of timer instances we have queued in the workqueue at the same time
348               (ideally only 1 or 0), and use less peak memory usage.
349
350            2. we minimize the frequency of instantiating timer instances. By waiting for the current
351               active timer to expire first, on average, we get to start one timer per time limit
352               (which is infrequent because time limits tend to be long) instead of one timer per
353               VM entry (which tends to be frequent).
354
355            See Watchdog::startTimer().
356
357         * API/JSContextRef.cpp:
358         (createWatchdogIfNeeded):
359         (JSContextGroupClearExecutionTimeLimit):
360         - No need to create the watchdog (if not already created) just to clear it.
361           If the watchdog is not created yet, then it is effectively cleared.
362
363         * API/tests/ExecutionTimeLimitTest.cpp:
364         (currentCPUTimeAsJSFunctionCallback):
365         (testExecutionTimeLimit):
366         (currentCPUTime): Deleted.
367         * API/tests/testapi.c:
368         (main):
369         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
370         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
371         - Enable watchdog tests for all platforms.
372
373         * CMakeLists.txt:
374         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
375         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
376         * JavaScriptCore.xcodeproj/project.pbxproj:
377         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
378
379         * PlatformEfl.cmake:
380
381         * dfg/DFGByteCodeParser.cpp:
382         (JSC::DFG::ByteCodeParser::parseBlock):
383         * dfg/DFGSpeculativeJIT32_64.cpp:
384         * dfg/DFGSpeculativeJIT64.cpp:
385         * interpreter/Interpreter.cpp:
386         (JSC::Interpreter::execute):
387         (JSC::Interpreter::executeCall):
388         (JSC::Interpreter::executeConstruct):
389         * jit/JITOpcodes.cpp:
390         (JSC::JIT::emit_op_loop_hint):
391         (JSC::JIT::emitSlow_op_loop_hint):
392         * jit/JITOperations.cpp:
393         * llint/LLIntOffsetsExtractor.cpp:
394         * llint/LLIntSlowPaths.cpp:
395         * runtime/VM.cpp:
396         - #include Watchdog.h in these files directly instead of doing it via VM.h.
397           These saves us from having to recompile the world when we change Watchdog.h.
398
399         * runtime/VM.h:
400         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
401           thread-safe ref counted.
402
403         * runtime/VMEntryScope.cpp:
404         (JSC::VMEntryScope::VMEntryScope):
405         (JSC::VMEntryScope::~VMEntryScope):
406         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
407           Instead, the VMEntryScope will inform the watchdog of when we have entered and
408           exited the VM.
409
410         * runtime/Watchdog.cpp:
411         (JSC::currentWallClockTime):
412         (JSC::Watchdog::Watchdog):
413         (JSC::Watchdog::hasStartedTimer):
414         (JSC::Watchdog::setTimeLimit):
415         (JSC::Watchdog::didFireSlow):
416         (JSC::Watchdog::hasTimeLimit):
417         (JSC::Watchdog::fire):
418         (JSC::Watchdog::enteredVM):
419         (JSC::Watchdog::exitedVM):
420
421         (JSC::Watchdog::startTimer):
422         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
423           (from a different thread) even after the VM shuts down.  We need to keep it
424           alive until the WorkQueue callback completes.
425
426           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
427           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
428           is done with it.  This ensures that the Watchdog is kept alive until all
429           WorkQueue callbacks are done.
430
431         (JSC::Watchdog::stopTimer):
432         (JSC::Watchdog::~Watchdog): Deleted.
433         (JSC::Watchdog::didFire): Deleted.
434         (JSC::Watchdog::isEnabled): Deleted.
435         (JSC::Watchdog::arm): Deleted.
436         (JSC::Watchdog::disarm): Deleted.
437         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
438         (JSC::Watchdog::startCountdown): Deleted.
439         (JSC::Watchdog::stopCountdown): Deleted.
440         * runtime/Watchdog.h:
441         (JSC::Watchdog::didFire):
442         (JSC::Watchdog::timerDidFireAddress):
443         (JSC::Watchdog::isArmed): Deleted.
444         (JSC::Watchdog::Scope::Scope): Deleted.
445         (JSC::Watchdog::Scope::~Scope): Deleted.
446         * runtime/WatchdogMac.cpp:
447         (JSC::Watchdog::initTimer): Deleted.
448         (JSC::Watchdog::destroyTimer): Deleted.
449         (JSC::Watchdog::startTimer): Deleted.
450         (JSC::Watchdog::stopTimer): Deleted.
451         * runtime/WatchdogNone.cpp:
452         (JSC::Watchdog::initTimer): Deleted.
453         (JSC::Watchdog::destroyTimer): Deleted.
454         (JSC::Watchdog::startTimer): Deleted.
455         (JSC::Watchdog::stopTimer): Deleted.
456
457 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
458
459         Always use a byte-sized lock implementation
460         https://bugs.webkit.org/show_bug.cgi?id=147908
461
462         Reviewed by Geoffrey Garen.
463
464         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
465
466 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
467
468         Make ASan build not depend on asan.xcconfig
469         https://bugs.webkit.org/show_bug.cgi?id=147840
470         rdar://problem/21093702
471
472         Reviewed by Daniel Bates.
473
474         * dfg/DFGOSREntry.cpp:
475         (JSC::DFG::OSREntryData::dump):
476         (JSC::DFG::prepareOSREntry):
477         * ftl/FTLOSREntry.cpp:
478         (JSC::FTL::prepareOSREntry):
479         * heap/ConservativeRoots.cpp:
480         (JSC::ConservativeRoots::genericAddPointer):
481         (JSC::ConservativeRoots::genericAddSpan):
482         * heap/MachineStackMarker.cpp:
483         (JSC::MachineThreads::removeThreadIfFound):
484         (JSC::MachineThreads::gatherFromCurrentThread):
485         (JSC::MachineThreads::Thread::captureStack):
486         (JSC::copyMemory):
487         * interpreter/Register.h:
488         (JSC::Register::operator=):
489         (JSC::Register::asanUnsafeJSValue):
490         (JSC::Register::jsValue):
491
492 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
493
494         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
495         https://bugs.webkit.org/show_bug.cgi?id=147480
496
497         Reviewed by Filip Pizlo.
498
499         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
500         The IC site only caches one id. After checking that the given id is the same to the
501         cached one, we perform the get_by_id IC onto it.
502         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
503         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
504         operations when the given get_by_val leverages the property load with the cached id.
505
506         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
507         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
508         This can be leveraged to optimize symbol operations in DFG.
509
510         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
511         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
512         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
513         argument ArrayProfile* in the operations with ByValInfo*.
514
515         * bytecode/ByValInfo.h:
516         (JSC::ByValInfo::ByValInfo):
517         * bytecode/CodeBlock.cpp:
518         (JSC::CodeBlock::getByValInfoMap):
519         (JSC::CodeBlock::addByValInfo):
520         * bytecode/CodeBlock.h:
521         (JSC::CodeBlock::getByValInfo): Deleted.
522         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
523         (JSC::CodeBlock::numberOfByValInfos): Deleted.
524         (JSC::CodeBlock::byValInfo): Deleted.
525         * bytecode/ExitKind.cpp:
526         (JSC::exitKindToString):
527         * bytecode/ExitKind.h:
528         * bytecode/GetByIdStatus.cpp:
529         (JSC::GetByIdStatus::computeFor):
530         (JSC::GetByIdStatus::computeForStubInfo):
531         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
532         * bytecode/GetByIdStatus.h:
533         * dfg/DFGAbstractInterpreterInlines.h:
534         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
535         * dfg/DFGByteCodeParser.cpp:
536         (JSC::DFG::ByteCodeParser::parseBlock):
537         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
538         * dfg/DFGClobberize.h:
539         (JSC::DFG::clobberize):
540         * dfg/DFGConstantFoldingPhase.cpp:
541         (JSC::DFG::ConstantFoldingPhase::foldConstants):
542         * dfg/DFGDoesGC.cpp:
543         (JSC::DFG::doesGC):
544         * dfg/DFGFixupPhase.cpp:
545         (JSC::DFG::FixupPhase::fixupNode):
546         (JSC::DFG::FixupPhase::observeUseKindOnNode):
547         * dfg/DFGNode.h:
548         (JSC::DFG::Node::hasUidOperand):
549         (JSC::DFG::Node::uidOperand):
550         * dfg/DFGNodeType.h:
551         * dfg/DFGPredictionPropagationPhase.cpp:
552         (JSC::DFG::PredictionPropagationPhase::propagate):
553         * dfg/DFGSafeToExecute.h:
554         (JSC::DFG::SafeToExecuteEdge::operator()):
555         (JSC::DFG::safeToExecute):
556         * dfg/DFGSpeculativeJIT.cpp:
557         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
558         (JSC::DFG::SpeculativeJIT::speculateSymbol):
559         (JSC::DFG::SpeculativeJIT::speculate):
560         * dfg/DFGSpeculativeJIT.h:
561         * dfg/DFGSpeculativeJIT32_64.cpp:
562         (JSC::DFG::SpeculativeJIT::compile):
563         * dfg/DFGSpeculativeJIT64.cpp:
564         (JSC::DFG::SpeculativeJIT::compile):
565         * dfg/DFGUseKind.cpp:
566         (WTF::printInternal):
567         * dfg/DFGUseKind.h:
568         (JSC::DFG::typeFilterFor):
569         (JSC::DFG::isCell):
570         * ftl/FTLAbstractHeapRepository.h:
571         * ftl/FTLCapabilities.cpp:
572         (JSC::FTL::canCompile):
573         * ftl/FTLLowerDFGToLLVM.cpp:
574         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
575         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
576         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
577         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
578         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
579         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
580         * jit/JIT.cpp:
581         (JSC::JIT::privateCompile):
582         * jit/JIT.h:
583         (JSC::ByValCompilationInfo::ByValCompilationInfo):
584         (JSC::JIT::compileGetByValWithCachedId):
585         * jit/JITInlines.h:
586         (JSC::JIT::callOperation):
587         * jit/JITOpcodes.cpp:
588         (JSC::JIT::emit_op_has_indexed_property):
589         (JSC::JIT::emitSlow_op_has_indexed_property):
590         * jit/JITOpcodes32_64.cpp:
591         (JSC::JIT::emit_op_has_indexed_property):
592         (JSC::JIT::emitSlow_op_has_indexed_property):
593         * jit/JITOperations.cpp:
594         (JSC::getByVal):
595         * jit/JITOperations.h:
596         * jit/JITPropertyAccess.cpp:
597         (JSC::JIT::emit_op_get_by_val):
598         (JSC::JIT::emitGetByValWithCachedId):
599         (JSC::JIT::emitSlow_op_get_by_val):
600         (JSC::JIT::emit_op_put_by_val):
601         (JSC::JIT::emitSlow_op_put_by_val):
602         (JSC::JIT::privateCompileGetByVal):
603         (JSC::JIT::privateCompileGetByValWithCachedId):
604         * jit/JITPropertyAccess32_64.cpp:
605         (JSC::JIT::emit_op_get_by_val):
606         (JSC::JIT::emitGetByValWithCachedId):
607         (JSC::JIT::emitSlow_op_get_by_val):
608         (JSC::JIT::emit_op_put_by_val):
609         (JSC::JIT::emitSlow_op_put_by_val):
610         * runtime/Symbol.h:
611         * tests/stress/get-by-val-with-string-constructor.js: Added.
612         (Hello):
613         (get Hello.prototype.generate):
614         (ok):
615         * tests/stress/get-by-val-with-string-exit.js: Added.
616         (shouldBe):
617         (getByVal):
618         (getStr1):
619         (getStr2):
620         * tests/stress/get-by-val-with-string-generated.js: Added.
621         (shouldBe):
622         (getByVal):
623         (getStr1):
624         (getStr2):
625         * tests/stress/get-by-val-with-string-getter.js: Added.
626         (object.get hello):
627         (ok):
628         * tests/stress/get-by-val-with-string.js: Added.
629         (shouldBe):
630         (getByVal):
631         (getStr1):
632         (getStr2):
633         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
634         (Hello):
635         (get Hello.prototype.generate):
636         (ok):
637         * tests/stress/get-by-val-with-symbol-exit.js: Added.
638         (shouldBe):
639         (getByVal):
640         (getSym1):
641         (getSym2):
642         * tests/stress/get-by-val-with-symbol-getter.js: Added.
643         (object.get hello):
644         (.get ok):
645         * tests/stress/get-by-val-with-symbol.js: Added.
646         (shouldBe):
647         (getByVal):
648         (getSym1):
649         (getSym2):
650
651 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
652
653         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
654         https://bugs.webkit.org/show_bug.cgi?id=147891
655         rdar://problem/22129447
656
657         Reviewed by Mark Lam.
658
659         * dfg/DFGByteCodeParser.cpp:
660         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
661         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
662         * dfg/DFGGraph.cpp:
663         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
664         * dfg/DFGStructureRegistrationPhase.cpp:
665         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
666
667 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
668
669         [Win] Switch Windows build to Visual Studio 2015
670         https://bugs.webkit.org/show_bug.cgi?id=147887
671         <rdar://problem/22235098>
672
673         Reviewed by Alex Christensen.
674
675         Update Visual Studio project file settings to use the current Visual
676         Studio and compiler. Continue targeting binaries to run on our minimum
677         supported configuration of Windows 7.
678
679         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
680         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
681         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
682         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
683         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
684         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
685         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
686         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
687         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
688         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
689         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
690         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
691
692 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
693
694         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
695         https://bugs.webkit.org/show_bug.cgi?id=147665
696
697         Reviewed by Mark Lam.
698
699         Replace ByteSpinLock with ByteLock.
700
701         * runtime/ConcurrentJITLock.h:
702
703 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
704
705         Numeric setter on prototype doesn't get called.
706         https://bugs.webkit.org/show_bug.cgi?id=144252
707
708         Reviewed by Darin Adler.
709
710         When switching the blank indexing type to the other one in putByIndex,
711         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
712         it to the slow put indexing type and reloop the putByIndex since there may
713         be some indexing accessor in the prototype chain. Previously, we just set
714         the value into the allocated vector.
715
716         In the putDirectIndex case, we just store the value to the vector.
717         This is because putDirectIndex is the operation to store the own property
718         and it does not check the accessors in the prototype chain.
719
720         * runtime/JSObject.cpp:
721         (JSC::JSObject::putByIndexBeyondVectorLength):
722         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
723         (shouldBe):
724         (Trace):
725         (Trace.prototype.trace):
726         (Trace.prototype.get count):
727         (.):
728         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
729         (shouldBe):
730         (Trace):
731         (Trace.prototype.trace):
732         (Trace.prototype.get count):
733         (.):
734         * tests/stress/numeric-setter-on-prototype.js: Added.
735         (shouldBe):
736         (Trace):
737         (Trace.prototype.trace):
738         (Trace.prototype.get count):
739         (.z.__proto__.set 3):
740         * tests/stress/numeric-setter-on-self.js: Added.
741         (shouldBe):
742         (Trace):
743         (Trace.prototype.trace):
744         (Trace.prototype.get count):
745         (.y.set 2):
746
747 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
748
749         [Win] Unreviewed gardening.
750
751         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
752         file references so they appear in the proper IDE locations.
753
754 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
755
756         Unreviewed windows build fix for VS2015.
757
758         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
759
760 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
761
762         [ES6] Implement Reflect.has
763         https://bugs.webkit.org/show_bug.cgi?id=147875
764
765         Reviewed by Sam Weinig.
766
767         This patch implements Reflect.has[1].
768         Since the semantics is the same to the `in` operator in the JS[2],
769         we can implement it in builtin JS code.
770
771         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
772         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
773
774         * builtins/ReflectObject.js:
775         (has):
776         * runtime/ReflectObject.cpp:
777         * tests/stress/reflect-has.js: Added.
778         (shouldBe):
779         (shouldThrow):
780
781 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
782
783         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
784         https://bugs.webkit.org/show_bug.cgi?id=147874
785
786         Reviewed by Darin Adler.
787
788         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
789         The difference from the Object.* one is
790
791         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
792         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
793
794         * runtime/ObjectConstructor.cpp:
795         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
796         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
797         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
798         (JSC::objectConstructorGetPrototypeOf):
799         * runtime/ObjectConstructor.h:
800         * runtime/ReflectObject.cpp:
801         (JSC::reflectObjectGetPrototypeOf):
802         (JSC::reflectObjectSetPrototypeOf):
803         * tests/stress/reflect-get-prototype-of.js: Added.
804         (shouldBe):
805         (shouldThrow):
806         (Base):
807         (Derived):
808         * tests/stress/reflect-set-prototype-of.js: Added.
809         (shouldBe):
810         (shouldThrow):
811
812 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
813
814         Fix debug build when optimization is enabled
815         https://bugs.webkit.org/show_bug.cgi?id=147816
816
817         Reviewed by Alexey Proskuryakov.
818
819         * llint/LLIntEntrypoint.cpp:
820         * runtime/FunctionExecutableDump.cpp:
821
822 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
823
824         Ensure that Reflect.enumerate does not produce the deleted keys
825         https://bugs.webkit.org/show_bug.cgi?id=147677
826
827         Reviewed by Darin Adler.
828
829         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
830
831         * tests/stress/reflect-enumerate.js:
832
833 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
834
835         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
836         https://bugs.webkit.org/show_bug.cgi?id=147856
837
838         Reviewed by Saam Barati.
839
840         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
841
842         * CMakeLists.txt:
843         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
844         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
845         * JavaScriptCore.xcodeproj/project.pbxproj:
846         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
847         (JSC::ExecutableInfo::ExecutableInfo):
848         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
849         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
850         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
851         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
852         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
853         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
854         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
855         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
856         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
857         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
858         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
859         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
860         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
861         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
862         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
863         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
864         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
865         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
866         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
867         (JSC::UnlinkedCodeBlock::regexp): Deleted.
868         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
869         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
870         (JSC::UnlinkedCodeBlock::identifier): Deleted.
871         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
872         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
873         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
874         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
875         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
876         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
877         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
878         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
879         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
880         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
881         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
882         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
883         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
884         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
885         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
886         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
887         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
888         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
889         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
890         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
891         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
892         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
893         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
894         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
895         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
896         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
897         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
898         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
899         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
900         (JSC::UnlinkedCodeBlock::vm): Deleted.
901         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
902         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
903         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
904         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
905         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
906         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
907         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
908         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
909         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
910         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
911         (JSC::UnlinkedCodeBlock::codeType): Deleted.
912         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
913         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
914         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
915         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
916         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
917         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
918         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
919         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
920         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
921         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
922         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
923         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
924         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
925         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
926         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
927         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
928         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
929         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
930         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
931         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
932         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
933         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
934         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
935         * bytecode/UnlinkedCodeBlock.cpp:
936         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
937         (JSC::generateFunctionCodeBlock): Deleted.
938         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
939         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
940         (JSC::UnlinkedFunctionExecutable::link): Deleted.
941         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
942         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
943         * bytecode/UnlinkedCodeBlock.h:
944         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
945         (JSC::ExecutableInfo::needsActivation): Deleted.
946         (JSC::ExecutableInfo::usesEval): Deleted.
947         (JSC::ExecutableInfo::isStrictMode): Deleted.
948         (JSC::ExecutableInfo::isConstructor): Deleted.
949         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
950         (JSC::ExecutableInfo::constructorKind): Deleted.
951         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
952         (JSC::generateFunctionCodeBlock):
953         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
954         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
955         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
956         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
957         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
958         (JSC::dumpLineColumnEntry): Deleted.
959         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
960         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
961         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
962         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
963         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
964         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
965         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
966         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
967         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
968         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
969         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
970         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
971         (JSC::UnlinkedCodeBlock::instructions): Deleted.
972         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
973         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
974         (JSC::ExecutableInfo::needsActivation): Deleted.
975         (JSC::ExecutableInfo::usesEval): Deleted.
976         (JSC::ExecutableInfo::isStrictMode): Deleted.
977         (JSC::ExecutableInfo::isConstructor): Deleted.
978         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
979         (JSC::ExecutableInfo::constructorKind): Deleted.
980         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
981         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
982         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
983         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
984         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
985         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
986         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
987         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
988         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
989         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
990         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
991         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
992         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
993         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
994         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
995         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
996         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
997         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
998         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
999         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1000         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1001         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1002         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1003         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1004         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1005         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1006         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1007         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1008         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1009         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1010         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1011         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1012         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1013         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1014         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1015         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1016         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1017         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1018         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1019         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1020         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1021         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1022         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1023         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1024         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1025         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1026         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1027         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1028         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1029         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1030         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1031         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1032         (JSC::UnlinkedCodeBlock::vm): Deleted.
1033         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1034         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1035         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1036         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1037         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1038         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1039         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1040         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1041         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1042         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1043         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1044         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1045         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1046         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1047         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1048         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1049         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1050         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1051         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1052         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1053         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1054         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1055         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1056         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1057         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1058         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1059         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1060         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1061         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1062         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1063         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1064         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1065         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1066         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1067         * runtime/Executable.h:
1068
1069 2015-08-10  Mark Lam  <mark.lam@apple.com>
1070
1071         Refactor LiveObjectList and LiveObjectData into their own files.
1072         https://bugs.webkit.org/show_bug.cgi?id=147843
1073
1074         Reviewed by Saam Barati.
1075
1076         There is no behavior change in this patch.
1077
1078         * CMakeLists.txt:
1079         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1080         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1081         * JavaScriptCore.xcodeproj/project.pbxproj:
1082         * heap/HeapVerifier.cpp:
1083         (JSC::HeapVerifier::HeapVerifier):
1084         (JSC::LiveObjectList::findObject): Deleted.
1085         * heap/HeapVerifier.h:
1086         (JSC::LiveObjectData::LiveObjectData): Deleted.
1087         (JSC::LiveObjectList::LiveObjectList): Deleted.
1088         (JSC::LiveObjectList::reset): Deleted.
1089         * heap/LiveObjectData.h: Added.
1090         (JSC::LiveObjectData::LiveObjectData):
1091         * heap/LiveObjectList.cpp: Added.
1092         (JSC::LiveObjectList::findObject):
1093         * heap/LiveObjectList.h: Added.
1094         (JSC::LiveObjectList::LiveObjectList):
1095         (JSC::LiveObjectList::reset):
1096
1097 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1098
1099         Let's rename FunctionBodyNode
1100         https://bugs.webkit.org/show_bug.cgi?id=147292
1101
1102         Reviewed by Mark Lam & Saam Barati.
1103
1104         FunctionBodyNode => FunctionMetadataNode
1105
1106         Make FunctionMetadataNode inherit from Node instead of StatementNode
1107         because a FunctionMetadataNode can appear in expression context and does
1108         not have a next statement.
1109
1110         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1111         and to retain "Node" in its name, because it really is a parsing
1112         construct, and we transform its data before consuming it elsewhere.
1113
1114         There is still room for a future patch to distill and simplify the
1115         metadata we track about functions between FunDeclNode/FuncExprNode,
1116         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1117
1118         * builtins/BuiltinExecutables.cpp:
1119         (JSC::BuiltinExecutables::createExecutableInternal):
1120         * bytecode/UnlinkedCodeBlock.cpp:
1121         (JSC::generateFunctionCodeBlock):
1122         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1123         * bytecode/UnlinkedCodeBlock.h:
1124         * bytecompiler/BytecodeGenerator.cpp:
1125         (JSC::BytecodeGenerator::generate):
1126         (JSC::BytecodeGenerator::BytecodeGenerator):
1127         (JSC::BytecodeGenerator::emitNewArray):
1128         (JSC::BytecodeGenerator::emitNewFunction):
1129         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1130         * bytecompiler/BytecodeGenerator.h:
1131         (JSC::BytecodeGenerator::makeFunction):
1132         * bytecompiler/NodesCodegen.cpp:
1133         (JSC::EvalNode::emitBytecode):
1134         (JSC::FunctionNode::emitBytecode):
1135         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1136         * parser/ASTBuilder.h:
1137         (JSC::ASTBuilder::createFunctionExpr):
1138         (JSC::ASTBuilder::createFunctionBody):
1139         * parser/NodeConstructors.h:
1140         (JSC::FunctionParameters::FunctionParameters):
1141         (JSC::FuncExprNode::FuncExprNode):
1142         (JSC::FuncDeclNode::FuncDeclNode):
1143         * parser/Nodes.cpp:
1144         (JSC::EvalNode::EvalNode):
1145         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1146         (JSC::FunctionMetadataNode::finishParsing):
1147         (JSC::FunctionMetadataNode::setEndPosition):
1148         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1149         (JSC::FunctionBodyNode::finishParsing): Deleted.
1150         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1151         * parser/Nodes.h:
1152         (JSC::FuncExprNode::body):
1153         (JSC::FuncDeclNode::body):
1154         * parser/Parser.h:
1155         (JSC::Parser::isFunctionMetadataNode):
1156         (JSC::Parser::next):
1157         (JSC::Parser<LexerType>::parse):
1158         (JSC::Parser::isFunctionBodyNode): Deleted.
1159         * runtime/CodeCache.cpp:
1160         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1161         * runtime/CodeCache.h:
1162
1163 2015-08-09  Chris Dumez  <cdumez@apple.com>
1164
1165         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1166         https://bugs.webkit.org/show_bug.cgi?id=147818
1167
1168         Unreviewed, roll out r188105.
1169
1170         * bytecode/ByValInfo.h:
1171         (JSC::ByValInfo::ByValInfo):
1172         * bytecode/CodeBlock.cpp:
1173         (JSC::CodeBlock::getByValInfoMap): Deleted.
1174         (JSC::CodeBlock::addByValInfo): Deleted.
1175         * bytecode/CodeBlock.h:
1176         (JSC::CodeBlock::getByValInfo):
1177         (JSC::CodeBlock::setNumberOfByValInfos):
1178         (JSC::CodeBlock::numberOfByValInfos):
1179         (JSC::CodeBlock::byValInfo):
1180         * bytecode/ExitKind.cpp:
1181         (JSC::exitKindToString): Deleted.
1182         * bytecode/ExitKind.h:
1183         * bytecode/GetByIdStatus.cpp:
1184         (JSC::GetByIdStatus::computeFor):
1185         (JSC::GetByIdStatus::computeForStubInfo):
1186         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1187         * bytecode/GetByIdStatus.h:
1188         * dfg/DFGAbstractInterpreterInlines.h:
1189         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1190         * dfg/DFGByteCodeParser.cpp:
1191         (JSC::DFG::ByteCodeParser::parseBlock):
1192         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1193         * dfg/DFGClobberize.h:
1194         (JSC::DFG::clobberize): Deleted.
1195         * dfg/DFGConstantFoldingPhase.cpp:
1196         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1197         * dfg/DFGDoesGC.cpp:
1198         (JSC::DFG::doesGC): Deleted.
1199         * dfg/DFGFixupPhase.cpp:
1200         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1201         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1202         * dfg/DFGNode.h:
1203         (JSC::DFG::Node::hasUidOperand): Deleted.
1204         (JSC::DFG::Node::uidOperand): Deleted.
1205         * dfg/DFGNodeType.h:
1206         * dfg/DFGPredictionPropagationPhase.cpp:
1207         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1208         * dfg/DFGSafeToExecute.h:
1209         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1210         (JSC::DFG::safeToExecute): Deleted.
1211         * dfg/DFGSpeculativeJIT.cpp:
1212         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1213         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1214         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1215         * dfg/DFGSpeculativeJIT.h:
1216         * dfg/DFGSpeculativeJIT32_64.cpp:
1217         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1218         * dfg/DFGSpeculativeJIT64.cpp:
1219         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1220         * dfg/DFGUseKind.cpp:
1221         (WTF::printInternal): Deleted.
1222         * dfg/DFGUseKind.h:
1223         (JSC::DFG::typeFilterFor): Deleted.
1224         (JSC::DFG::isCell): Deleted.
1225         * ftl/FTLAbstractHeapRepository.h:
1226         * ftl/FTLCapabilities.cpp:
1227         (JSC::FTL::canCompile): Deleted.
1228         * ftl/FTLLowerDFGToLLVM.cpp:
1229         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1230         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1231         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1232         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1233         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1234         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1235         * jit/JIT.cpp:
1236         (JSC::JIT::privateCompile):
1237         * jit/JIT.h:
1238         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1239         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1240         * jit/JITInlines.h:
1241         (JSC::JIT::callOperation): Deleted.
1242         * jit/JITOpcodes.cpp:
1243         (JSC::JIT::emit_op_has_indexed_property):
1244         (JSC::JIT::emitSlow_op_has_indexed_property):
1245         * jit/JITOpcodes32_64.cpp:
1246         (JSC::JIT::emit_op_has_indexed_property):
1247         (JSC::JIT::emitSlow_op_has_indexed_property):
1248         * jit/JITOperations.cpp:
1249         (JSC::getByVal):
1250         * jit/JITOperations.h:
1251         * jit/JITPropertyAccess.cpp:
1252         (JSC::JIT::emit_op_get_by_val):
1253         (JSC::JIT::emitSlow_op_get_by_val):
1254         (JSC::JIT::emit_op_put_by_val):
1255         (JSC::JIT::emitSlow_op_put_by_val):
1256         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1257         (JSC::JIT::privateCompileGetByVal): Deleted.
1258         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1259         * jit/JITPropertyAccess32_64.cpp:
1260         (JSC::JIT::emit_op_get_by_val):
1261         (JSC::JIT::emitSlow_op_get_by_val):
1262         (JSC::JIT::emit_op_put_by_val):
1263         (JSC::JIT::emitSlow_op_put_by_val):
1264         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1265         * runtime/Symbol.h:
1266         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1267         * tests/stress/get-by-val-with-string-exit.js: Removed.
1268         * tests/stress/get-by-val-with-string-generated.js: Removed.
1269         * tests/stress/get-by-val-with-string-getter.js: Removed.
1270         * tests/stress/get-by-val-with-string.js: Removed.
1271         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1272         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1273         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1274         * tests/stress/get-by-val-with-symbol.js: Removed.
1275
1276 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1277
1278         Reduce uses of PassRefPtr in bindings
1279         https://bugs.webkit.org/show_bug.cgi?id=147781
1280
1281         Reviewed by Chris Dumez.
1282
1283         Use RefPtr when function can return null or an instance. If not, Ref is used.
1284
1285         * runtime/JSGenericTypedArrayView.h:
1286         (JSC::toNativeTypedView):
1287
1288 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1289
1290         Build more testing binaries with CMake on Windows
1291         https://bugs.webkit.org/show_bug.cgi?id=147799
1292
1293         Reviewed by Brent Fulgham.
1294
1295         * shell/PlatformWin.cmake: Added.
1296         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1297
1298 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1299
1300         Lightweight locks should be adaptive
1301         https://bugs.webkit.org/show_bug.cgi?id=147545
1302
1303         Reviewed by Geoffrey Garen.
1304
1305         * dfg/DFGCommon.cpp:
1306         (JSC::DFG::startCrashing):
1307         * heap/CopiedBlock.h:
1308         (JSC::CopiedBlock::workListLock):
1309         * heap/CopiedBlockInlines.h:
1310         (JSC::CopiedBlock::shouldReportLiveBytes):
1311         (JSC::CopiedBlock::reportLiveBytes):
1312         * heap/CopiedSpace.cpp:
1313         (JSC::CopiedSpace::doneFillingBlock):
1314         * heap/CopiedSpace.h:
1315         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1316         * heap/CopiedSpaceInlines.h:
1317         (JSC::CopiedSpace::recycleEvacuatedBlock):
1318         * heap/GCThreadSharedData.cpp:
1319         (JSC::GCThreadSharedData::didStartCopying):
1320         * heap/GCThreadSharedData.h:
1321         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1322         * heap/ListableHandler.h:
1323         (JSC::ListableHandler::List::addThreadSafe):
1324         (JSC::ListableHandler::List::addNotThreadSafe):
1325         * heap/MachineStackMarker.cpp:
1326         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1327         * heap/SlotVisitorInlines.h:
1328         (JSC::SlotVisitor::copyLater):
1329         * parser/SourceProvider.cpp:
1330         (JSC::SourceProvider::~SourceProvider):
1331         (JSC::SourceProvider::getID):
1332         * profiler/ProfilerDatabase.cpp:
1333         (JSC::Profiler::Database::addDatabaseToAtExit):
1334         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1335         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1336         * runtime/TypeProfilerLog.h:
1337
1338 2015-08-07  Mark Lam  <mark.lam@apple.com>
1339
1340         Rename some variables in the JSC watchdog implementation.
1341         https://bugs.webkit.org/show_bug.cgi?id=147790
1342
1343         Rubber stamped by Benjamin Poulain.
1344
1345         This is just a refactoring patch to give the variable better names that describe their
1346         intended use.  There is no behavior change.
1347
1348         * runtime/Watchdog.cpp:
1349         (JSC::Watchdog::Watchdog):
1350         (JSC::Watchdog::setTimeLimit):
1351         (JSC::Watchdog::didFire):
1352         (JSC::Watchdog::isEnabled):
1353         (JSC::Watchdog::fire):
1354         (JSC::Watchdog::startCountdownIfNeeded):
1355         * runtime/Watchdog.h:
1356
1357 2015-08-07  Saam barati  <saambarati1@gmail.com>
1358
1359         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1360         https://bugs.webkit.org/show_bug.cgi?id=147666
1361
1362         Reviewed by Geoffrey Garen.
1363
1364         If we make the bytecode generator know about every local scope it 
1365         creates, and if we give each local scope a unique register, the
1366         bytecode generator has all the information it needs to assign
1367         the correct scope to a catch handler. Because the bytecode generator
1368         knows this information, it's a better separation of responsibilties
1369         for it to set up the proper scope instead of relying on the exception
1370         handling runtime to find the scope.
1371
1372         * bytecode/BytecodeList.json:
1373         * bytecode/BytecodeUseDef.h:
1374         (JSC::computeUsesForBytecodeOffset):
1375         * bytecode/CodeBlock.cpp:
1376         (JSC::CodeBlock::dumpBytecode):
1377         (JSC::CodeBlock::CodeBlock):
1378         * bytecode/HandlerInfo.h:
1379         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1380         (JSC::HandlerInfo::initialize):
1381         * bytecompiler/BytecodeGenerator.cpp:
1382         (JSC::BytecodeGenerator::generate):
1383         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1384         (JSC::BytecodeGenerator::emitGetScope):
1385         (JSC::BytecodeGenerator::emitPushWithScope):
1386         (JSC::BytecodeGenerator::emitGetParentScope):
1387         (JSC::BytecodeGenerator::emitPopScope):
1388         (JSC::BytecodeGenerator::emitPopWithScope):
1389         (JSC::BytecodeGenerator::allocateAndEmitScope):
1390         (JSC::BytecodeGenerator::emitComplexPopScopes):
1391         (JSC::BytecodeGenerator::pushTry):
1392         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1393         (JSC::BytecodeGenerator::localScopeDepth):
1394         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1395         * bytecompiler/BytecodeGenerator.h:
1396         * bytecompiler/NodesCodegen.cpp:
1397         (JSC::WithNode::emitBytecode):
1398         * interpreter/Interpreter.cpp:
1399         (JSC::Interpreter::unwind):
1400         * jit/JITOpcodes.cpp:
1401         (JSC::JIT::emit_op_push_with_scope):
1402         (JSC::JIT::compileOpStrictEq):
1403         * jit/JITOpcodes32_64.cpp:
1404         (JSC::JIT::emit_op_push_with_scope):
1405         (JSC::JIT::emit_op_to_number):
1406         * jit/JITOperations.cpp:
1407         * jit/JITOperations.h:
1408         * llint/LLIntSlowPaths.cpp:
1409         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1410         * llint/LLIntSlowPaths.h:
1411         * llint/LowLevelInterpreter.asm:
1412         * runtime/CommonSlowPaths.cpp:
1413         (JSC::SLOW_PATH_DECL):
1414         * runtime/CommonSlowPaths.h:
1415         * runtime/JSScope.cpp:
1416         (JSC::JSScope::objectAtScope):
1417         (JSC::isUnscopable):
1418         (JSC::JSScope::depth): Deleted.
1419         * runtime/JSScope.h:
1420
1421 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1422
1423         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1424         https://bugs.webkit.org/show_bug.cgi?id=147761
1425
1426         Reviewed by Mark Lam.
1427
1428         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1429         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1430         it truncates the immediate pointer into the 32bit immediate.
1431         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1432
1433         * assembler/MacroAssemblerARM64.h:
1434         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1435         (JSC::MacroAssemblerARM64::patchableBranch64):
1436         * assembler/MacroAssemblerX86_64.h:
1437         (JSC::MacroAssemblerX86_64::patchableBranch64):
1438         * jit/JIT.h:
1439         * jit/JITInlines.h:
1440         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1441         * jit/JITPropertyAccess.cpp:
1442         (JSC::JIT::emit_op_get_by_val):
1443
1444 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1445
1446         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1447         https://bugs.webkit.org/show_bug.cgi?id=147480
1448
1449         Reviewed by Filip Pizlo.
1450
1451         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1452         The IC site only caches one id. After checking that the given id is the same to the
1453         cached one, we perform the get_by_id IC onto it.
1454         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1455         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1456         operations when the given get_by_val leverages the property load with the cached id.
1457
1458         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1459         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1460         This can be leveraged to optimize symbol operations in DFG.
1461
1462         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1463         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1464         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1465         argument ArrayProfile* in the operations with ByValInfo*.
1466
1467         * bytecode/ByValInfo.h:
1468         (JSC::ByValInfo::ByValInfo):
1469         * bytecode/CodeBlock.cpp:
1470         (JSC::CodeBlock::getByValInfoMap):
1471         (JSC::CodeBlock::addByValInfo):
1472         * bytecode/CodeBlock.h:
1473         (JSC::CodeBlock::getByValInfo): Deleted.
1474         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1475         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1476         (JSC::CodeBlock::byValInfo): Deleted.
1477         * bytecode/ExitKind.cpp:
1478         (JSC::exitKindToString):
1479         * bytecode/ExitKind.h:
1480         * bytecode/GetByIdStatus.cpp:
1481         (JSC::GetByIdStatus::computeFor):
1482         (JSC::GetByIdStatus::computeForStubInfo):
1483         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1484         * bytecode/GetByIdStatus.h:
1485         * dfg/DFGAbstractInterpreterInlines.h:
1486         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1487         * dfg/DFGByteCodeParser.cpp:
1488         (JSC::DFG::ByteCodeParser::parseBlock):
1489         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1490         * dfg/DFGClobberize.h:
1491         (JSC::DFG::clobberize):
1492         * dfg/DFGConstantFoldingPhase.cpp:
1493         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1494         * dfg/DFGDoesGC.cpp:
1495         (JSC::DFG::doesGC):
1496         * dfg/DFGFixupPhase.cpp:
1497         (JSC::DFG::FixupPhase::fixupNode):
1498         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1499         * dfg/DFGNode.h:
1500         (JSC::DFG::Node::hasUidOperand):
1501         (JSC::DFG::Node::uidOperand):
1502         * dfg/DFGNodeType.h:
1503         * dfg/DFGPredictionPropagationPhase.cpp:
1504         (JSC::DFG::PredictionPropagationPhase::propagate):
1505         * dfg/DFGSafeToExecute.h:
1506         (JSC::DFG::SafeToExecuteEdge::operator()):
1507         (JSC::DFG::safeToExecute):
1508         * dfg/DFGSpeculativeJIT.cpp:
1509         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1510         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1511         (JSC::DFG::SpeculativeJIT::speculate):
1512         * dfg/DFGSpeculativeJIT.h:
1513         * dfg/DFGSpeculativeJIT32_64.cpp:
1514         (JSC::DFG::SpeculativeJIT::compile):
1515         * dfg/DFGSpeculativeJIT64.cpp:
1516         (JSC::DFG::SpeculativeJIT::compile):
1517         * dfg/DFGUseKind.cpp:
1518         (WTF::printInternal):
1519         * dfg/DFGUseKind.h:
1520         (JSC::DFG::typeFilterFor):
1521         (JSC::DFG::isCell):
1522         * ftl/FTLAbstractHeapRepository.h:
1523         * ftl/FTLCapabilities.cpp:
1524         (JSC::FTL::canCompile):
1525         * ftl/FTLLowerDFGToLLVM.cpp:
1526         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1527         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1528         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1529         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1530         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1531         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1532         * jit/JIT.cpp:
1533         (JSC::JIT::privateCompile):
1534         * jit/JIT.h:
1535         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1536         (JSC::JIT::compileGetByValWithCachedId):
1537         * jit/JITInlines.h:
1538         (JSC::JIT::callOperation):
1539         * jit/JITOpcodes.cpp:
1540         (JSC::JIT::emit_op_has_indexed_property):
1541         (JSC::JIT::emitSlow_op_has_indexed_property):
1542         * jit/JITOpcodes32_64.cpp:
1543         (JSC::JIT::emit_op_has_indexed_property):
1544         (JSC::JIT::emitSlow_op_has_indexed_property):
1545         * jit/JITOperations.cpp:
1546         (JSC::getByVal):
1547         * jit/JITOperations.h:
1548         * jit/JITPropertyAccess.cpp:
1549         (JSC::JIT::emit_op_get_by_val):
1550         (JSC::JIT::emitGetByValWithCachedId):
1551         (JSC::JIT::emitSlow_op_get_by_val):
1552         (JSC::JIT::emit_op_put_by_val):
1553         (JSC::JIT::emitSlow_op_put_by_val):
1554         (JSC::JIT::privateCompileGetByVal):
1555         (JSC::JIT::privateCompileGetByValWithCachedId):
1556         * jit/JITPropertyAccess32_64.cpp:
1557         (JSC::JIT::emit_op_get_by_val):
1558         (JSC::JIT::emitGetByValWithCachedId):
1559         (JSC::JIT::emitSlow_op_get_by_val):
1560         (JSC::JIT::emit_op_put_by_val):
1561         (JSC::JIT::emitSlow_op_put_by_val):
1562         * runtime/Symbol.h:
1563         * tests/stress/get-by-val-with-string-constructor.js: Added.
1564         (Hello):
1565         (get Hello.prototype.generate):
1566         (ok):
1567         * tests/stress/get-by-val-with-string-exit.js: Added.
1568         (shouldBe):
1569         (getByVal):
1570         (getStr1):
1571         (getStr2):
1572         * tests/stress/get-by-val-with-string-generated.js: Added.
1573         (shouldBe):
1574         (getByVal):
1575         (getStr1):
1576         (getStr2):
1577         * tests/stress/get-by-val-with-string-getter.js: Added.
1578         (object.get hello):
1579         (ok):
1580         * tests/stress/get-by-val-with-string.js: Added.
1581         (shouldBe):
1582         (getByVal):
1583         (getStr1):
1584         (getStr2):
1585         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1586         (Hello):
1587         (get Hello.prototype.generate):
1588         (ok):
1589         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1590         (shouldBe):
1591         (getByVal):
1592         (getSym1):
1593         (getSym2):
1594         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1595         (object.get hello):
1596         (.get ok):
1597         * tests/stress/get-by-val-with-symbol.js: Added.
1598         (shouldBe):
1599         (getByVal):
1600         (getSym1):
1601         (getSym2):
1602
1603 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1604
1605         Parse the entire WebAssembly modules
1606         https://bugs.webkit.org/show_bug.cgi?id=147393
1607
1608         Reviewed by Geoffrey Garen.
1609
1610         Parse the entire WebAssembly modules from files produced by pack-asmjs
1611         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1612         parse modules whose function definition section contains only functions that
1613         have "return 0;" as their only statement. Parsing of any functions will be
1614         implemented in a subsequent patch.
1615
1616         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1617         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1618         * JavaScriptCore.xcodeproj/project.pbxproj:
1619         * wasm/JSWASMModule.cpp:
1620         (JSC::JSWASMModule::destroy):
1621         * wasm/JSWASMModule.h:
1622         (JSC::JSWASMModule::i32Constants):
1623         (JSC::JSWASMModule::f32Constants):
1624         (JSC::JSWASMModule::f64Constants):
1625         (JSC::JSWASMModule::signatures):
1626         (JSC::JSWASMModule::functionImports):
1627         (JSC::JSWASMModule::functionImportSignatures):
1628         (JSC::JSWASMModule::globalVariableTypes):
1629         (JSC::JSWASMModule::functionDeclarations):
1630         (JSC::JSWASMModule::functionPointerTables):
1631         * wasm/WASMFormat.h: Added.
1632         * wasm/WASMModuleParser.cpp:
1633         (JSC::WASMModuleParser::parse):
1634         (JSC::WASMModuleParser::parseModule):
1635         (JSC::WASMModuleParser::parseConstantPoolSection):
1636         (JSC::WASMModuleParser::parseSignatureSection):
1637         (JSC::WASMModuleParser::parseFunctionImportSection):
1638         (JSC::WASMModuleParser::parseGlobalSection):
1639         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
1640         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
1641         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
1642         (JSC::WASMModuleParser::parseFunctionDefinition):
1643         (JSC::WASMModuleParser::parseExportSection):
1644         * wasm/WASMModuleParser.h:
1645         * wasm/WASMReader.cpp:
1646         (JSC::WASMReader::readUInt32):
1647         (JSC::WASMReader::readCompactUInt32):
1648         (JSC::WASMReader::readString):
1649         (JSC::WASMReader::readType):
1650         (JSC::WASMReader::readExpressionType):
1651         (JSC::WASMReader::readExportFormat):
1652         (JSC::WASMReader::readByte):
1653         (JSC::WASMReader::readUnsignedInt32): Deleted.
1654         * wasm/WASMReader.h:
1655
1656 2015-08-06  Keith Miller  <keith_miller@apple.com>
1657
1658         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
1659         https://bugs.webkit.org/show_bug.cgi?id=147749
1660
1661         Reviewed by Filip Pizlo.
1662
1663         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
1664         thus no one calls this code.
1665
1666         * ftl/FTLLowerDFGToLLVM.cpp:
1667         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
1668
1669 2015-08-06  Keith Miller  <keith_miller@apple.com>
1670
1671         The JSONP parser incorrectly parsers -0 as +0.
1672         https://bugs.webkit.org/show_bug.cgi?id=147590
1673
1674         Reviewed by Michael Saboff.
1675
1676         In the LiteralParser we should use a double to store the accumulator for numerical tokens
1677         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
1678
1679         * runtime/LiteralParser.cpp:
1680         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
1681
1682 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
1683
1684         Structures used for tryGetConstantProperty() should be registered first
1685         https://bugs.webkit.org/show_bug.cgi?id=147750
1686
1687         Reviewed by Saam Barati and Michael Saboff.
1688
1689         * dfg/DFGGraph.cpp:
1690         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
1691         * dfg/DFGGraph.h:
1692         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
1693         * dfg/DFGStructureRegistrationPhase.cpp:
1694         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
1695         (JSC::DFG::StructureRegistrationPhase::registerStructures):
1696         (JSC::DFG::StructureRegistrationPhase::registerStructure):
1697         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
1698         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
1699         (JSC::DFG::performStructureRegistration):
1700
1701 2015-08-06  Keith Miller  <keith_miller@apple.com>
1702
1703         Remove UnspecifiedBoolType from JSC
1704         https://bugs.webkit.org/show_bug.cgi?id=147597
1705
1706         Reviewed by Mark Lam.
1707
1708         We were using the safe bool pattern in the code base for implicit casting to booleans.
1709         With C++11 this is no longer necessary and we can instead create an operator bool.
1710
1711         * API/JSRetainPtr.h:
1712         (JSRetainPtr::operator bool):
1713         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
1714         * dfg/DFGEdge.h:
1715         (JSC::DFG::Edge::operator bool):
1716         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
1717         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1718         * heap/Weak.h:
1719         * heap/WeakInlines.h:
1720         (JSC::bool):
1721         (JSC::UnspecifiedBoolType): Deleted.
1722
1723 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
1724
1725         [ES6] Class parser does not allow methods named set and get.
1726         https://bugs.webkit.org/show_bug.cgi?id=147150
1727
1728         Reviewed by Oliver Hunt.
1729
1730         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
1731         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
1732         so that we only treat them as such when it's followed by another token that could be a method name.
1733
1734         * parser/Parser.cpp:
1735         (JSC::Parser<LexerType>::parseClass):
1736
1737 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
1738
1739         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
1740
1741         * bytecode/SamplingTool.cpp:
1742         (JSC::SamplingTool::doRun):
1743         (JSC::SamplingTool::notifyOfScope):
1744         * bytecode/SamplingTool.h:
1745         * dfg/DFGThreadData.h:
1746         * dfg/DFGWorklist.cpp:
1747         (JSC::DFG::Worklist::~Worklist):
1748         (JSC::DFG::Worklist::isActiveForVM):
1749         (JSC::DFG::Worklist::enqueue):
1750         (JSC::DFG::Worklist::compilationState):
1751         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1752         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1753         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1754         (JSC::DFG::Worklist::visitWeakReferences):
1755         (JSC::DFG::Worklist::removeDeadPlans):
1756         (JSC::DFG::Worklist::queueLength):
1757         (JSC::DFG::Worklist::dump):
1758         (JSC::DFG::Worklist::runThread):
1759         * dfg/DFGWorklist.h:
1760         * disassembler/Disassembler.cpp:
1761         * heap/CopiedSpace.cpp:
1762         (JSC::CopiedSpace::doneFillingBlock):
1763         (JSC::CopiedSpace::doneCopying):
1764         * heap/CopiedSpace.h:
1765         * heap/CopiedSpaceInlines.h:
1766         (JSC::CopiedSpace::recycleBorrowedBlock):
1767         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1768         * heap/HeapTimer.h:
1769         * heap/MachineStackMarker.cpp:
1770         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1771         (JSC::ActiveMachineThreadsManager::add):
1772         (JSC::ActiveMachineThreadsManager::remove):
1773         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1774         (JSC::MachineThreads::~MachineThreads):
1775         (JSC::MachineThreads::addCurrentThread):
1776         (JSC::MachineThreads::removeThreadIfFound):
1777         (JSC::MachineThreads::tryCopyOtherThreadStack):
1778         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1779         (JSC::MachineThreads::gatherConservativeRoots):
1780         * heap/MachineStackMarker.h:
1781         * interpreter/JSStack.cpp:
1782         (JSC::stackStatisticsMutex):
1783         (JSC::JSStack::addToCommittedByteCount):
1784         (JSC::JSStack::committedByteCount):
1785         * jit/JITThunks.h:
1786         * profiler/ProfilerDatabase.h:
1787
1788 2015-08-05  Saam barati  <saambarati1@gmail.com>
1789
1790         Bytecodegenerator emits crappy code for returns in a lexical scope.
1791         https://bugs.webkit.org/show_bug.cgi?id=147688
1792
1793         Reviewed by Mark Lam.
1794
1795         When returning, we only need to emit complex pop scopes if we're in 
1796         a finally block. Otherwise, we can just return like normal. This saves
1797         us from inefficiently emitting unnecessary pop scopes.
1798
1799         * bytecompiler/BytecodeGenerator.h:
1800         (JSC::BytecodeGenerator::isInFinallyBlock):
1801         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
1802         * bytecompiler/NodesCodegen.cpp:
1803         (JSC::ReturnNode::emitBytecode):
1804
1805 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
1806
1807         Add the Intl API to the status page
1808
1809         * features.json:
1810         Andy VanWagoner landed the skeleton of the API and it is
1811         enabled by default.
1812
1813 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
1814
1815         Rename Mutex to DeprecatedMutex
1816         https://bugs.webkit.org/show_bug.cgi?id=147675
1817
1818         Reviewed by Geoffrey Garen.
1819
1820         * bytecode/SamplingTool.cpp:
1821         (JSC::SamplingTool::doRun):
1822         (JSC::SamplingTool::notifyOfScope):
1823         * bytecode/SamplingTool.h:
1824         * dfg/DFGThreadData.h:
1825         * dfg/DFGWorklist.cpp:
1826         (JSC::DFG::Worklist::~Worklist):
1827         (JSC::DFG::Worklist::isActiveForVM):
1828         (JSC::DFG::Worklist::enqueue):
1829         (JSC::DFG::Worklist::compilationState):
1830         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1831         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1832         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1833         (JSC::DFG::Worklist::visitWeakReferences):
1834         (JSC::DFG::Worklist::removeDeadPlans):
1835         (JSC::DFG::Worklist::queueLength):
1836         (JSC::DFG::Worklist::dump):
1837         (JSC::DFG::Worklist::runThread):
1838         * dfg/DFGWorklist.h:
1839         * disassembler/Disassembler.cpp:
1840         * heap/CopiedSpace.cpp:
1841         (JSC::CopiedSpace::doneFillingBlock):
1842         (JSC::CopiedSpace::doneCopying):
1843         * heap/CopiedSpace.h:
1844         * heap/CopiedSpaceInlines.h:
1845         (JSC::CopiedSpace::recycleBorrowedBlock):
1846         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1847         * heap/HeapTimer.h:
1848         * heap/MachineStackMarker.cpp:
1849         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1850         (JSC::ActiveMachineThreadsManager::add):
1851         (JSC::ActiveMachineThreadsManager::remove):
1852         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1853         (JSC::MachineThreads::~MachineThreads):
1854         (JSC::MachineThreads::addCurrentThread):
1855         (JSC::MachineThreads::removeThreadIfFound):
1856         (JSC::MachineThreads::tryCopyOtherThreadStack):
1857         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1858         (JSC::MachineThreads::gatherConservativeRoots):
1859         * heap/MachineStackMarker.h:
1860         * interpreter/JSStack.cpp:
1861         (JSC::stackStatisticsMutex):
1862         (JSC::JSStack::addToCommittedByteCount):
1863         (JSC::JSStack::committedByteCount):
1864         * jit/JITThunks.h:
1865         * profiler/ProfilerDatabase.h:
1866
1867 2015-08-05  Saam barati  <saambarati1@gmail.com>
1868
1869         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
1870         https://bugs.webkit.org/show_bug.cgi?id=147657
1871
1872         Reviewed by Mark Lam.
1873
1874         This kills the last of the name scope objects. Function name scopes are
1875         now built on top of the scoping mechanisms introduced with ES6 block scoping.
1876         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
1877         function name scoped variable carefully depending on if the function is in
1878         strict mode. If we're in strict mode, then we treat the variable exactly
1879         like a "const" variable. If we're not in strict mode, we can't treat
1880         this variable like like ES6 "const" because that would cause the bytecode
1881         generator to throw an exception when it shouldn't.
1882
1883         * CMakeLists.txt:
1884         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1885         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1886         * JavaScriptCore.xcodeproj/project.pbxproj:
1887         * bytecode/BytecodeList.json:
1888         * bytecode/BytecodeUseDef.h:
1889         (JSC::computeUsesForBytecodeOffset):
1890         (JSC::computeDefsForBytecodeOffset):
1891         * bytecode/CodeBlock.cpp:
1892         (JSC::CodeBlock::dumpBytecode):
1893         * bytecompiler/BytecodeGenerator.cpp:
1894         (JSC::BytecodeGenerator::BytecodeGenerator):
1895         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1896         (JSC::BytecodeGenerator::pushLexicalScope):
1897         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1898         (JSC::BytecodeGenerator::variable):
1899         (JSC::BytecodeGenerator::resolveType):
1900         (JSC::BytecodeGenerator::emitThrowTypeError):
1901         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1902         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
1903         (JSC::BytecodeGenerator::emitPushCatchScope):
1904         * bytecompiler/BytecodeGenerator.h:
1905         * bytecompiler/NodesCodegen.cpp:
1906         * debugger/DebuggerScope.cpp:
1907         * dfg/DFGOperations.cpp:
1908         * interpreter/Interpreter.cpp:
1909         * jit/JIT.cpp:
1910         (JSC::JIT::privateCompileMainPass):
1911         * jit/JIT.h:
1912         * jit/JITOpcodes.cpp:
1913         (JSC::JIT::emit_op_to_string):
1914         (JSC::JIT::emit_op_catch):
1915         (JSC::JIT::emit_op_push_name_scope): Deleted.
1916         * jit/JITOpcodes32_64.cpp:
1917         (JSC::JIT::emitSlow_op_to_string):
1918         (JSC::JIT::emit_op_catch):
1919         (JSC::JIT::emit_op_push_name_scope): Deleted.
1920         * jit/JITOperations.cpp:
1921         (JSC::pushNameScope): Deleted.
1922         * llint/LLIntSlowPaths.cpp:
1923         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1924         * llint/LLIntSlowPaths.h:
1925         * llint/LowLevelInterpreter.asm:
1926         * parser/Nodes.cpp:
1927         * runtime/CommonSlowPaths.cpp:
1928         * runtime/Executable.cpp:
1929         (JSC::ScriptExecutable::newCodeBlockFor):
1930         * runtime/JSFunctionNameScope.cpp: Removed.
1931         * runtime/JSFunctionNameScope.h: Removed.
1932         * runtime/JSGlobalObject.cpp:
1933         (JSC::JSGlobalObject::init):
1934         (JSC::JSGlobalObject::visitChildren):
1935         * runtime/JSGlobalObject.h:
1936         (JSC::JSGlobalObject::withScopeStructure):
1937         (JSC::JSGlobalObject::strictEvalActivationStructure):
1938         (JSC::JSGlobalObject::activationStructure):
1939         (JSC::JSGlobalObject::directArgumentsStructure):
1940         (JSC::JSGlobalObject::scopedArgumentsStructure):
1941         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
1942         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
1943         * runtime/JSNameScope.cpp: Removed.
1944         * runtime/JSNameScope.h: Removed.
1945         * runtime/JSObject.cpp:
1946         (JSC::JSObject::toThis):
1947         (JSC::JSObject::seal):
1948         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
1949         * runtime/JSObject.h:
1950         * runtime/JSScope.cpp:
1951         (JSC::JSScope::isCatchScope):
1952         (JSC::JSScope::isFunctionNameScopeObject):
1953         (JSC::resolveModeName):
1954         * runtime/JSScope.h:
1955         * runtime/JSSymbolTableObject.cpp:
1956         * runtime/SymbolTable.h:
1957         * runtime/VM.cpp:
1958
1959 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
1960
1961         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
1962         https://bugs.webkit.org/show_bug.cgi?id=147679
1963
1964         Reviewed by Timothy Hatcher.
1965
1966         Improve native iterator support for the PropertyName Iterator by
1967         allowing inspection of the internal object within the iterator
1968         and peeking of the next upcoming values of the iterator.
1969
1970         * inspector/JSInjectedScriptHost.cpp:
1971         (Inspector::JSInjectedScriptHost::subtype):
1972         (Inspector::JSInjectedScriptHost::getInternalProperties):
1973         (Inspector::JSInjectedScriptHost::iteratorEntries):
1974         * runtime/JSPropertyNameIterator.h:
1975         (JSC::JSPropertyNameIterator::iteratedValue):
1976
1977 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
1978
1979         [Win] Update Apple Windows build for VS2015
1980         https://bugs.webkit.org/show_bug.cgi?id=147653
1981
1982         Reviewed by Dean Jackson.
1983
1984         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
1985         Show JSC files in proper project locations in IDE.
1986
1987 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
1988
1989         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
1990         https://bugs.webkit.org/show_bug.cgi?id=147328
1991
1992         Reviewed by Timothy Hatcher.
1993
1994         * inspector/InjectedScriptSource.js:
1995         Use classList and classList.toString instead of className.
1996
1997 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1998
1999         [ES6] Support Module Syntax
2000         https://bugs.webkit.org/show_bug.cgi?id=147422
2001
2002         Reviewed by Saam Barati.
2003
2004         This patch introduces ES6 Modules syntax parsing part.
2005         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2006         and this patch does not include the code generator part.
2007
2008         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2009         and do not execute the body or construct the AST. And after analyzing all the dependent
2010         modules, we will parse the dependent modules next.
2011         After all analyzing part is done, we will start the second pass. In the second pass, we
2012         will parse the module, produce the AST, and execute the body.
2013         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2014         because the given module can be executed after the all dependent modules are executed. It
2015         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2016         the dependent modules' information.
2017
2018         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2019         This patch aims at just implementing the syntax parsing functionality correctly.
2020         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2021         to collect the dependent modules fast[1].
2022
2023         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2024         By using this, we can parse the given string as the module.
2025
2026         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2027
2028         * bytecompiler/NodesCodegen.cpp:
2029         (JSC::ModuleProgramNode::emitBytecode):
2030         (JSC::ImportDeclarationNode::emitBytecode):
2031         (JSC::ExportAllDeclarationNode::emitBytecode):
2032         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2033         (JSC::ExportLocalDeclarationNode::emitBytecode):
2034         (JSC::ExportNamedDeclarationNode::emitBytecode):
2035         * jsc.cpp:
2036         (GlobalObject::finishCreation):
2037         (functionCheckModuleSyntax):
2038         * parser/ASTBuilder.h:
2039         (JSC::ASTBuilder::createModuleSpecifier):
2040         (JSC::ASTBuilder::createImportSpecifier):
2041         (JSC::ASTBuilder::createImportSpecifierList):
2042         (JSC::ASTBuilder::appendImportSpecifier):
2043         (JSC::ASTBuilder::createImportDeclaration):
2044         (JSC::ASTBuilder::createExportAllDeclaration):
2045         (JSC::ASTBuilder::createExportDefaultDeclaration):
2046         (JSC::ASTBuilder::createExportLocalDeclaration):
2047         (JSC::ASTBuilder::createExportNamedDeclaration):
2048         (JSC::ASTBuilder::createExportSpecifier):
2049         (JSC::ASTBuilder::createExportSpecifierList):
2050         (JSC::ASTBuilder::appendExportSpecifier):
2051         * parser/Keywords.table:
2052         * parser/NodeConstructors.h:
2053         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2054         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2055         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2056         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2057         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2058         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2059         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2060         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2061         * parser/Nodes.cpp:
2062         (JSC::ModuleProgramNode::ModuleProgramNode):
2063         * parser/Nodes.h:
2064         (JSC::ModuleProgramNode::startColumn):
2065         (JSC::ModuleProgramNode::endColumn):
2066         (JSC::ModuleSpecifierNode::moduleName):
2067         (JSC::ImportSpecifierNode::importedName):
2068         (JSC::ImportSpecifierNode::localName):
2069         (JSC::ImportSpecifierListNode::specifiers):
2070         (JSC::ImportSpecifierListNode::append):
2071         (JSC::ImportDeclarationNode::specifierList):
2072         (JSC::ImportDeclarationNode::moduleSpecifier):
2073         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2074         (JSC::ExportDefaultDeclarationNode::declaration):
2075         (JSC::ExportLocalDeclarationNode::declaration):
2076         (JSC::ExportSpecifierNode::exportedName):
2077         (JSC::ExportSpecifierNode::localName):
2078         (JSC::ExportSpecifierListNode::specifiers):
2079         (JSC::ExportSpecifierListNode::append):
2080         (JSC::ExportNamedDeclarationNode::specifierList):
2081         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2082         * parser/Parser.cpp:
2083         (JSC::Parser<LexerType>::Parser):
2084         (JSC::Parser<LexerType>::parseInner):
2085         (JSC::Parser<LexerType>::parseModuleSourceElements):
2086         (JSC::Parser<LexerType>::parseVariableDeclaration):
2087         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2088         (JSC::Parser<LexerType>::createBindingPattern):
2089         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2090         (JSC::Parser<LexerType>::parseDestructuringPattern):
2091         (JSC::Parser<LexerType>::parseForStatement):
2092         (JSC::Parser<LexerType>::parseFormalParameters):
2093         (JSC::Parser<LexerType>::parseFunctionParameters):
2094         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2095         (JSC::Parser<LexerType>::parseClassDeclaration):
2096         (JSC::Parser<LexerType>::parseModuleSpecifier):
2097         (JSC::Parser<LexerType>::parseImportClauseItem):
2098         (JSC::Parser<LexerType>::parseImportDeclaration):
2099         (JSC::Parser<LexerType>::parseExportSpecifier):
2100         (JSC::Parser<LexerType>::parseExportDeclaration):
2101         (JSC::Parser<LexerType>::parseMemberExpression):
2102         * parser/Parser.h:
2103         (JSC::isIdentifierOrKeyword):
2104         (JSC::ModuleScopeData::create):
2105         (JSC::ModuleScopeData::exportedBindings):
2106         (JSC::ModuleScopeData::exportName):
2107         (JSC::ModuleScopeData::exportBinding):
2108         (JSC::Scope::Scope):
2109         (JSC::Scope::setIsModule):
2110         (JSC::Scope::moduleScopeData):
2111         (JSC::Parser::matchContextualKeyword):
2112         (JSC::Parser::matchIdentifierOrKeyword):
2113         (JSC::Parser::isofToken): Deleted.
2114         * parser/ParserModes.h:
2115         * parser/ParserTokens.h:
2116         * parser/SyntaxChecker.h:
2117         (JSC::SyntaxChecker::createModuleSpecifier):
2118         (JSC::SyntaxChecker::createImportSpecifier):
2119         (JSC::SyntaxChecker::createImportSpecifierList):
2120         (JSC::SyntaxChecker::appendImportSpecifier):
2121         (JSC::SyntaxChecker::createImportDeclaration):
2122         (JSC::SyntaxChecker::createExportAllDeclaration):
2123         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2124         (JSC::SyntaxChecker::createExportLocalDeclaration):
2125         (JSC::SyntaxChecker::createExportNamedDeclaration):
2126         (JSC::SyntaxChecker::createExportSpecifier):
2127         (JSC::SyntaxChecker::createExportSpecifierList):
2128         (JSC::SyntaxChecker::appendExportSpecifier):
2129         * runtime/CommonIdentifiers.cpp:
2130         (JSC::CommonIdentifiers::CommonIdentifiers):
2131         * runtime/CommonIdentifiers.h:
2132         * runtime/Completion.cpp:
2133         (JSC::checkModuleSyntax):
2134         * runtime/Completion.h:
2135         * tests/stress/modules-syntax-error-with-names.js: Added.
2136         (shouldThrow):
2137         * tests/stress/modules-syntax-error.js: Added.
2138         (shouldThrow):
2139         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2140         * tests/stress/modules-syntax.js: Added.
2141         (prototype.checkModuleSyntax):
2142         (checkModuleSyntax):
2143         * tests/stress/tagged-templates-syntax.js:
2144
2145 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2146
2147         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2148         https://bugs.webkit.org/show_bug.cgi?id=146833
2149
2150         Reviewed by Alexey Proskuryakov.
2151
2152         * assembler/ARM64Assembler.h:
2153         * assembler/ARMAssembler.h:
2154         (JSC::ARMAssembler::cacheFlush):
2155         * assembler/MacroAssemblerARM.cpp:
2156         (JSC::isVFPPresent):
2157         * assembler/MacroAssemblerX86Common.h:
2158         (JSC::MacroAssemblerX86Common::isSSE2Present):
2159         * heap/MachineStackMarker.h:
2160         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2161         (JSC::logF):
2162         * jit/HostCallReturnValue.h:
2163         * jit/JIT.h:
2164         * jit/JITOperations.cpp:
2165         * jit/JITStubsARM.h:
2166         * jit/JITStubsARMv7.h:
2167         * jit/JITStubsX86.h:
2168         * jit/JITStubsX86Common.h:
2169         * jit/JITStubsX86_64.h:
2170         * jit/ThunkGenerators.cpp:
2171         * runtime/JSExportMacros.h:
2172         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2173         (JSC::clz32):
2174
2175 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2176
2177         Unreviewed, fix uninitialized property leading to an assert.
2178
2179         * runtime/PutPropertySlot.h:
2180         (JSC::PutPropertySlot::PutPropertySlot):
2181
2182 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2183
2184         Unreviewed, fix Windows.
2185
2186         * bytecode/ObjectPropertyConditionSet.h:
2187         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2188
2189 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2190
2191         DFG should have adaptive structure watchpoints
2192         https://bugs.webkit.org/show_bug.cgi?id=146929
2193
2194         Reviewed by Geoffrey Garen.
2195
2196         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2197         property, you'd check that the object still has the structure that you first saw the object have. We
2198         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2199         elide the structure check.
2200
2201         But this approach fails when that object frequently has new properties added to it. This would
2202         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2203         we'd have to recompile either the IC or an entire code block.
2204
2205         This change introduces a new concept: an object property condition. This value describes some
2206         condition involving a property on some object. There are four kinds: presence, absence,
2207         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2208         object has some property at some offset with some attributes. This allows us to implement a new kind
2209         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2210         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2211         on the new structure.
2212
2213         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2214         and prototype accesses. They are also used for any DFG accesses to object constants, including
2215         global property accesses.
2216
2217         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2218         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2219         chain situation. It's also a small speed-up on getter-richards.
2220
2221         * CMakeLists.txt:
2222         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2223         * JavaScriptCore.xcodeproj/project.pbxproj:
2224         * bytecode/CodeBlock.cpp:
2225         (JSC::CodeBlock::printGetByIdCacheStatus):
2226         (JSC::CodeBlock::printPutByIdCacheStatus):
2227         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2228         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2229         * bytecode/ComplexGetStatus.cpp:
2230         (JSC::ComplexGetStatus::computeFor):
2231         * bytecode/ComplexGetStatus.h:
2232         (JSC::ComplexGetStatus::ComplexGetStatus):
2233         (JSC::ComplexGetStatus::takesSlowPath):
2234         (JSC::ComplexGetStatus::kind):
2235         (JSC::ComplexGetStatus::offset):
2236         (JSC::ComplexGetStatus::conditionSet):
2237         (JSC::ComplexGetStatus::attributes): Deleted.
2238         (JSC::ComplexGetStatus::specificValue): Deleted.
2239         (JSC::ComplexGetStatus::chain): Deleted.
2240         * bytecode/ConstantStructureCheck.cpp: Removed.
2241         * bytecode/ConstantStructureCheck.h: Removed.
2242         * bytecode/GetByIdStatus.cpp:
2243         (JSC::GetByIdStatus::computeForStubInfo):
2244         * bytecode/GetByIdVariant.cpp:
2245         (JSC::GetByIdVariant::GetByIdVariant):
2246         (JSC::GetByIdVariant::~GetByIdVariant):
2247         (JSC::GetByIdVariant::operator=):
2248         (JSC::GetByIdVariant::attemptToMerge):
2249         (JSC::GetByIdVariant::dumpInContext):
2250         (JSC::GetByIdVariant::baseStructure): Deleted.
2251         * bytecode/GetByIdVariant.h:
2252         (JSC::GetByIdVariant::operator!):
2253         (JSC::GetByIdVariant::structureSet):
2254         (JSC::GetByIdVariant::conditionSet):
2255         (JSC::GetByIdVariant::offset):
2256         (JSC::GetByIdVariant::callLinkStatus):
2257         (JSC::GetByIdVariant::constantChecks): Deleted.
2258         (JSC::GetByIdVariant::alternateBase): Deleted.
2259         * bytecode/ObjectPropertyCondition.cpp: Added.
2260         (JSC::ObjectPropertyCondition::dumpInContext):
2261         (JSC::ObjectPropertyCondition::dump):
2262         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2263         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2264         (JSC::ObjectPropertyCondition::isStillValid):
2265         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2266         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2267         (JSC::ObjectPropertyCondition::isWatchable):
2268         (JSC::ObjectPropertyCondition::isStillLive):
2269         (JSC::ObjectPropertyCondition::validateReferences):
2270         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2271         * bytecode/ObjectPropertyCondition.h: Added.
2272         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2273         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2274         (JSC::ObjectPropertyCondition::presence):
2275         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2276         (JSC::ObjectPropertyCondition::absence):
2277         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2278         (JSC::ObjectPropertyCondition::absenceOfSetter):
2279         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2280         (JSC::ObjectPropertyCondition::equivalence):
2281         (JSC::ObjectPropertyCondition::operator!):
2282         (JSC::ObjectPropertyCondition::object):
2283         (JSC::ObjectPropertyCondition::condition):
2284         (JSC::ObjectPropertyCondition::kind):
2285         (JSC::ObjectPropertyCondition::uid):
2286         (JSC::ObjectPropertyCondition::hasOffset):
2287         (JSC::ObjectPropertyCondition::offset):
2288         (JSC::ObjectPropertyCondition::hasAttributes):
2289         (JSC::ObjectPropertyCondition::attributes):
2290         (JSC::ObjectPropertyCondition::hasPrototype):
2291         (JSC::ObjectPropertyCondition::prototype):
2292         (JSC::ObjectPropertyCondition::hasRequiredValue):
2293         (JSC::ObjectPropertyCondition::requiredValue):
2294         (JSC::ObjectPropertyCondition::hash):
2295         (JSC::ObjectPropertyCondition::operator==):
2296         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2297         (JSC::ObjectPropertyCondition::isCompatibleWith):
2298         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2299         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2300         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2301         (JSC::ObjectPropertyConditionHash::hash):
2302         (JSC::ObjectPropertyConditionHash::equal):
2303         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2304         (JSC::ObjectPropertyConditionSet::forObject):
2305         (JSC::ObjectPropertyConditionSet::forConditionKind):
2306         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2307         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2308         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2309         (JSC::ObjectPropertyConditionSet::mergedWith):
2310         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2311         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2312         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2313         (JSC::ObjectPropertyConditionSet::areStillLive):
2314         (JSC::ObjectPropertyConditionSet::dumpInContext):
2315         (JSC::ObjectPropertyConditionSet::dump):
2316         (JSC::generateConditionsForPropertyMiss):
2317         (JSC::generateConditionsForPropertySetterMiss):
2318         (JSC::generateConditionsForPrototypePropertyHit):
2319         (JSC::generateConditionsForPrototypePropertyHitCustom):
2320         (JSC::generateConditionsForPropertySetterMissConcurrently):
2321         * bytecode/ObjectPropertyConditionSet.h: Added.
2322         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2323         (JSC::ObjectPropertyConditionSet::invalid):
2324         (JSC::ObjectPropertyConditionSet::nonEmpty):
2325         (JSC::ObjectPropertyConditionSet::isValid):
2326         (JSC::ObjectPropertyConditionSet::isEmpty):
2327         (JSC::ObjectPropertyConditionSet::begin):
2328         (JSC::ObjectPropertyConditionSet::end):
2329         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2330         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2331         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2332         (JSC::ObjectPropertyConditionSet::Data::Data):
2333         * bytecode/PolymorphicGetByIdList.cpp:
2334         (JSC::GetByIdAccess::GetByIdAccess):
2335         (JSC::GetByIdAccess::~GetByIdAccess):
2336         (JSC::GetByIdAccess::visitWeak):
2337         * bytecode/PolymorphicGetByIdList.h:
2338         (JSC::GetByIdAccess::GetByIdAccess):
2339         (JSC::GetByIdAccess::structure):
2340         (JSC::GetByIdAccess::conditionSet):
2341         (JSC::GetByIdAccess::stubRoutine):
2342         (JSC::GetByIdAccess::chain): Deleted.
2343         (JSC::GetByIdAccess::chainCount): Deleted.
2344         * bytecode/PolymorphicPutByIdList.cpp:
2345         (JSC::PutByIdAccess::fromStructureStubInfo):
2346         (JSC::PutByIdAccess::visitWeak):
2347         * bytecode/PolymorphicPutByIdList.h:
2348         (JSC::PutByIdAccess::PutByIdAccess):
2349         (JSC::PutByIdAccess::transition):
2350         (JSC::PutByIdAccess::setter):
2351         (JSC::PutByIdAccess::newStructure):
2352         (JSC::PutByIdAccess::conditionSet):
2353         (JSC::PutByIdAccess::stubRoutine):
2354         (JSC::PutByIdAccess::chain): Deleted.
2355         (JSC::PutByIdAccess::chainCount): Deleted.
2356         * bytecode/PropertyCondition.cpp: Added.
2357         (JSC::PropertyCondition::dumpInContext):
2358         (JSC::PropertyCondition::dump):
2359         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2360         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2361         (JSC::PropertyCondition::isStillValid):
2362         (JSC::PropertyCondition::isWatchableWhenValid):
2363         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2364         (JSC::PropertyCondition::isWatchable):
2365         (JSC::PropertyCondition::isStillLive):
2366         (JSC::PropertyCondition::validateReferences):
2367         (JSC::PropertyCondition::isValidValueForAttributes):
2368         (JSC::PropertyCondition::isValidValueForPresence):
2369         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2370         (WTF::printInternal):
2371         * bytecode/PropertyCondition.h: Added.
2372         (JSC::PropertyCondition::PropertyCondition):
2373         (JSC::PropertyCondition::presenceWithoutBarrier):
2374         (JSC::PropertyCondition::presence):
2375         (JSC::PropertyCondition::absenceWithoutBarrier):
2376         (JSC::PropertyCondition::absence):
2377         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2378         (JSC::PropertyCondition::absenceOfSetter):
2379         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2380         (JSC::PropertyCondition::equivalence):
2381         (JSC::PropertyCondition::operator!):
2382         (JSC::PropertyCondition::kind):
2383         (JSC::PropertyCondition::uid):
2384         (JSC::PropertyCondition::hasOffset):
2385         (JSC::PropertyCondition::offset):
2386         (JSC::PropertyCondition::hasAttributes):
2387         (JSC::PropertyCondition::attributes):
2388         (JSC::PropertyCondition::hasPrototype):
2389         (JSC::PropertyCondition::prototype):
2390         (JSC::PropertyCondition::hasRequiredValue):
2391         (JSC::PropertyCondition::requiredValue):
2392         (JSC::PropertyCondition::hash):
2393         (JSC::PropertyCondition::operator==):
2394         (JSC::PropertyCondition::isHashTableDeletedValue):
2395         (JSC::PropertyCondition::isCompatibleWith):
2396         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2397         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2398         (JSC::PropertyConditionHash::hash):
2399         (JSC::PropertyConditionHash::equal):
2400         * bytecode/PutByIdStatus.cpp:
2401         (JSC::PutByIdStatus::computeFromLLInt):
2402         (JSC::PutByIdStatus::computeFor):
2403         (JSC::PutByIdStatus::computeForStubInfo):
2404         * bytecode/PutByIdVariant.cpp:
2405         (JSC::PutByIdVariant::operator=):
2406         (JSC::PutByIdVariant::transition):
2407         (JSC::PutByIdVariant::setter):
2408         (JSC::PutByIdVariant::makesCalls):
2409         (JSC::PutByIdVariant::attemptToMerge):
2410         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2411         (JSC::PutByIdVariant::dumpInContext):
2412         (JSC::PutByIdVariant::baseStructure): Deleted.
2413         * bytecode/PutByIdVariant.h:
2414         (JSC::PutByIdVariant::PutByIdVariant):
2415         (JSC::PutByIdVariant::kind):
2416         (JSC::PutByIdVariant::structure):
2417         (JSC::PutByIdVariant::structureSet):
2418         (JSC::PutByIdVariant::oldStructure):
2419         (JSC::PutByIdVariant::conditionSet):
2420         (JSC::PutByIdVariant::offset):
2421         (JSC::PutByIdVariant::callLinkStatus):
2422         (JSC::PutByIdVariant::constantChecks): Deleted.
2423         (JSC::PutByIdVariant::alternateBase): Deleted.
2424         * bytecode/StructureStubClearingWatchpoint.cpp:
2425         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2426         (JSC::StructureStubClearingWatchpoint::push):
2427         (JSC::StructureStubClearingWatchpoint::fireInternal):
2428         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2429         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2430         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2431         * bytecode/StructureStubClearingWatchpoint.h:
2432         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2433         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2434         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2435         * bytecode/StructureStubInfo.cpp:
2436         (JSC::StructureStubInfo::deref):
2437         (JSC::StructureStubInfo::visitWeakReferences):
2438         * bytecode/StructureStubInfo.h:
2439         (JSC::StructureStubInfo::initPutByIdTransition):
2440         (JSC::StructureStubInfo::initPutByIdReplace):
2441         (JSC::StructureStubInfo::setSeen):
2442         (JSC::StructureStubInfo::addWatchpoint):
2443         * dfg/DFGAbstractInterpreterInlines.h:
2444         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2445         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2446         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2447         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2448         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2449         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2450         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2451         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2452         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2453         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2454         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2455         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2456         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2457         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2458         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2459         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2460         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2461         * dfg/DFGByteCodeParser.cpp:
2462         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2463         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2464         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2465         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2466         (JSC::DFG::ByteCodeParser::check):
2467         (JSC::DFG::ByteCodeParser::promoteToConstant):
2468         (JSC::DFG::ByteCodeParser::planLoad):
2469         (JSC::DFG::ByteCodeParser::load):
2470         (JSC::DFG::ByteCodeParser::presenceLike):
2471         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2472         (JSC::DFG::ByteCodeParser::store):
2473         (JSC::DFG::ByteCodeParser::handleGetById):
2474         (JSC::DFG::ByteCodeParser::handlePutById):
2475         (JSC::DFG::ByteCodeParser::parseBlock):
2476         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2477         * dfg/DFGCommonData.cpp:
2478         (JSC::DFG::CommonData::validateReferences):
2479         * dfg/DFGCommonData.h:
2480         * dfg/DFGConstantFoldingPhase.cpp:
2481         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2482         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2483         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2484         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2485         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2486         * dfg/DFGDesiredWatchpoints.cpp:
2487         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2488         (JSC::DFG::InferredValueAdaptor::add):
2489         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2490         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2491         (JSC::DFG::DesiredWatchpoints::addLazily):
2492         (JSC::DFG::DesiredWatchpoints::consider):
2493         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2494         (JSC::DFG::DesiredWatchpoints::areStillValid):
2495         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2496         * dfg/DFGDesiredWatchpoints.h:
2497         (JSC::DFG::SetPointerAdaptor::add):
2498         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2499         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2500         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2501         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2502         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2503         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2504         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2505         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2506         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2507         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2508         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2509         (JSC::DFG::DesiredWatchpoints::isWatched):
2510         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2511         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2512         * dfg/DFGDesiredWeakReferences.cpp:
2513         (JSC::DFG::DesiredWeakReferences::addLazily):
2514         (JSC::DFG::DesiredWeakReferences::contains):
2515         * dfg/DFGDesiredWeakReferences.h:
2516         * dfg/DFGGraph.cpp:
2517         (JSC::DFG::Graph::dump):
2518         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2519         (JSC::DFG::Graph::watchCondition):
2520         (JSC::DFG::Graph::isSafeToLoad):
2521         (JSC::DFG::Graph::livenessFor):
2522         (JSC::DFG::Graph::tryGetConstantProperty):
2523         (JSC::DFG::Graph::visitChildren):
2524         * dfg/DFGGraph.h:
2525         (JSC::DFG::Graph::identifiers):
2526         (JSC::DFG::Graph::watchpoints):
2527         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2528         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2529         (JSC::DFG::GetByOffsetMethod::dump):
2530         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2531         (JSC::DFG::MultiGetByOffsetCase::dump):
2532         (WTF::printInternal):
2533         * dfg/DFGMultiGetByOffsetData.h: Added.
2534         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2535         (JSC::DFG::GetByOffsetMethod::constant):
2536         (JSC::DFG::GetByOffsetMethod::load):
2537         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2538         (JSC::DFG::GetByOffsetMethod::operator!):
2539         (JSC::DFG::GetByOffsetMethod::kind):
2540         (JSC::DFG::GetByOffsetMethod::prototype):
2541         (JSC::DFG::GetByOffsetMethod::offset):
2542         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2543         (JSC::DFG::MultiGetByOffsetCase::set):
2544         (JSC::DFG::MultiGetByOffsetCase::method):
2545         * dfg/DFGNode.h:
2546         * dfg/DFGSafeToExecute.h:
2547         (JSC::DFG::safeToExecute):
2548         * dfg/DFGStructureRegistrationPhase.cpp:
2549         (JSC::DFG::StructureRegistrationPhase::run):
2550         * ftl/FTLLowerDFGToLLVM.cpp:
2551         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2552         * jit/Repatch.cpp:
2553         (JSC::repatchByIdSelfAccess):
2554         (JSC::checkObjectPropertyCondition):
2555         (JSC::checkObjectPropertyConditions):
2556         (JSC::replaceWithJump):
2557         (JSC::generateByIdStub):
2558         (JSC::actionForCell):
2559         (JSC::tryBuildGetByIDList):
2560         (JSC::emitPutReplaceStub):
2561         (JSC::emitPutTransitionStub):
2562         (JSC::tryCachePutByID):
2563         (JSC::tryBuildPutByIdList):
2564         (JSC::tryRepatchIn):
2565         (JSC::addStructureTransitionCheck): Deleted.
2566         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2567         * runtime/IntendedStructureChain.cpp: Removed.
2568         * runtime/IntendedStructureChain.h: Removed.
2569         * runtime/JSCJSValue.h:
2570         * runtime/JSObject.cpp:
2571         (JSC::throwTypeError):
2572         (JSC::JSObject::convertToDictionary):
2573         (JSC::JSObject::shiftButterflyAfterFlattening):
2574         * runtime/JSObject.h:
2575         (JSC::JSObject::flattenDictionaryObject):
2576         (JSC::JSObject::convertToDictionary): Deleted.
2577         * runtime/Operations.h:
2578         (JSC::normalizePrototypeChain):
2579         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2580         (JSC::isPrototypeChainNormalized): Deleted.
2581         * runtime/PropertySlot.h:
2582         (JSC::PropertySlot::PropertySlot):
2583         (JSC::PropertySlot::slotBase):
2584         * runtime/Structure.cpp:
2585         (JSC::Structure::addPropertyTransition):
2586         (JSC::Structure::attributeChangeTransition):
2587         (JSC::Structure::toDictionaryTransition):
2588         (JSC::Structure::toCacheableDictionaryTransition):
2589         (JSC::Structure::toUncacheableDictionaryTransition):
2590         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2591         (JSC::Structure::startWatchingPropertyForReplacements):
2592         (JSC::Structure::didCachePropertyReplacement):
2593         (JSC::Structure::dump):
2594         * runtime/Structure.h:
2595         * runtime/VM.h:
2596         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2597         (foo):
2598         (bar):
2599         (baz):
2600         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2601         (foo):
2602         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2603         (foo):
2604         * tests/stress/replacement-watchpoint.js: Added.
2605         (foo):
2606         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2607         (foo):
2608         * tests/stress/undefined-access-then-proto-change.js: Added.
2609         (foo):
2610
2611 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2612
2613         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2614         https://bugs.webkit.org/show_bug.cgi?id=147538
2615
2616         Reviewed by Geoffrey Garen.
2617
2618         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
2619         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
2620         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
2621
2622         * parser/ParserTokens.h:
2623         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
2624         (testSyntaxError):
2625
2626 2015-08-03  Keith Miller  <keith_miller@apple.com>
2627
2628         Clean up the naming for AST expression generation.
2629         https://bugs.webkit.org/show_bug.cgi?id=147581
2630
2631         Reviewed by Yusuke Suzuki.
2632
2633         * parser/ASTBuilder.h:
2634         (JSC::ASTBuilder::createThisExpr):
2635         (JSC::ASTBuilder::createSuperExpr):
2636         (JSC::ASTBuilder::createNewTargetExpr):
2637         (JSC::ASTBuilder::thisExpr): Deleted.
2638         (JSC::ASTBuilder::superExpr): Deleted.
2639         (JSC::ASTBuilder::newTargetExpr): Deleted.
2640         * parser/Parser.cpp:
2641         (JSC::Parser<LexerType>::parsePrimaryExpression):
2642         (JSC::Parser<LexerType>::parseMemberExpression):
2643         * parser/SyntaxChecker.h:
2644         (JSC::SyntaxChecker::createThisExpr):
2645         (JSC::SyntaxChecker::createSuperExpr):
2646         (JSC::SyntaxChecker::createNewTargetExpr):
2647         (JSC::SyntaxChecker::thisExpr): Deleted.
2648         (JSC::SyntaxChecker::superExpr): Deleted.
2649         (JSC::SyntaxChecker::newTargetExpr): Deleted.
2650
2651 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2652
2653         Don't set up the callsite to operationGetByValDefault when the optimization is already done
2654         https://bugs.webkit.org/show_bug.cgi?id=147577
2655
2656         Reviewed by Filip Pizlo.
2657
2658         operationGetByValDefault should be called only when the IC is not set.
2659         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
2660         operationGetByValDefault raises the assertion failure.
2661         In this patch, we change the callsite setting up code in operationGetByValString when
2662         the IC is already set. And to make the operation's meaning explicitly, we changed the
2663         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
2664         GetById case.
2665
2666         * jit/JITOperations.cpp:
2667         * jit/JITOperations.h:
2668         * jit/JITPropertyAccess.cpp:
2669         (JSC::JIT::emitSlow_op_get_by_val):
2670         * jit/JITPropertyAccess32_64.cpp:
2671         (JSC::JIT::emitSlow_op_get_by_val):
2672         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
2673         (hello):
2674
2675 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2676
2677         [FTL] Remove unused scripts related to native call inlining
2678         https://bugs.webkit.org/show_bug.cgi?id=147448
2679
2680         Reviewed by Filip Pizlo.
2681
2682         * build-symbol-table-index.py: Removed.
2683         * copy-llvm-ir-to-derived-sources.sh: Removed.
2684         * create-llvm-ir-from-source-file.py: Removed.
2685         * create-symbol-table-index.py: Removed.
2686
2687 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
2688
2689         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
2690         https://bugs.webkit.org/show_bug.cgi?id=118455
2691
2692         Reviewed by Filip Pizlo.
2693
2694         LivenessAnalysisPhase lights up like a christmas tree in profiles.
2695
2696         This patch cuts its cost by 4.
2697         About half of the gains come from removing many rehash() when copying
2698         the HashSet.
2699         The last quarter is achieved by having a special add() function for initializing
2700         a HashSet.
2701
2702         This makes benchmarks progress by 1-2% here and there. Nothing massive.
2703
2704         * dfg/DFGLivenessAnalysisPhase.cpp:
2705         (JSC::DFG::LivenessAnalysisPhase::process):
2706         The m_live HashSet is only useful per block. When we are done with it,
2707         we can transfer it to liveAtHead to avoid a copy.
2708
2709 2015-08-01  Saam barati  <saambarati1@gmail.com>
2710
2711         Unreviewed. Remove unintentional "print" statement in test case.
2712         https://bugs.webkit.org/show_bug.cgi?id=142567
2713
2714         * tests/stress/class-syntax-definition-semantics.js:
2715         (shouldBeSyntaxError):
2716
2717 2015-07-31  Alex Christensen  <achristensen@webkit.org>
2718
2719         Prepare for VS2015
2720         https://bugs.webkit.org/show_bug.cgi?id=146579
2721
2722         Reviewed by Jon Honeycutt.
2723
2724         * heap/Heap.h:
2725         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
2726
2727 2015-07-31  Saam barati  <saambarati1@gmail.com>
2728
2729         ES6 class syntax should use block scoping
2730         https://bugs.webkit.org/show_bug.cgi?id=142567
2731
2732         Reviewed by Geoffrey Garen.
2733
2734         We treat class declarations like we do "let" declarations.
2735         The class name is under TDZ until the class declaration
2736         statement is evaluated. Class declarations also follow
2737         the same rules as "let": No duplicate definitions inside
2738         a lexical environment.
2739
2740         * parser/ASTBuilder.h:
2741         (JSC::ASTBuilder::createClassDeclStatement):
2742         * parser/Parser.cpp:
2743         (JSC::Parser<LexerType>::parseClassDeclaration):
2744         * tests/stress/class-syntax-block-scoping.js: Added.
2745         (assert):
2746         (truth):
2747         (.):
2748         * tests/stress/class-syntax-definition-semantics.js: Added.
2749         (shouldBeSyntaxError):
2750         (shouldNotBeSyntaxError):
2751         (truth):
2752         * tests/stress/class-syntax-tdz.js:
2753         (assert):
2754         (shouldThrowTDZ):
2755         (truth):
2756         (.):
2757
2758 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2759
2760         Implement WebAssembly module parser
2761         https://bugs.webkit.org/show_bug.cgi?id=147293
2762
2763         Reviewed by Mark Lam.
2764
2765         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
2766         include file: 'JSWASMModule.h'" issue on Windows.
2767
2768         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2769         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2770         the magic number at the beginning of the files. Parsing of the rest will be
2771         implemented in a subsequent patch.
2772
2773         * CMakeLists.txt:
2774         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2775         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2776         * JavaScriptCore.xcodeproj/project.pbxproj:
2777         * jsc.cpp:
2778         (GlobalObject::finishCreation):
2779         (functionLoadWebAssembly):
2780         * parser/SourceProvider.h:
2781         (JSC::WebAssemblySourceProvider::create):
2782         (JSC::WebAssemblySourceProvider::data):
2783         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2784         * runtime/JSGlobalObject.cpp:
2785         (JSC::JSGlobalObject::init):
2786         (JSC::JSGlobalObject::visitChildren):
2787         * runtime/JSGlobalObject.h:
2788         (JSC::JSGlobalObject::wasmModuleStructure):
2789         * wasm/WASMMagicNumber.h: Added.
2790         * wasm/WASMModuleParser.cpp: Added.
2791         (JSC::WASMModuleParser::WASMModuleParser):
2792         (JSC::WASMModuleParser::parse):
2793         (JSC::WASMModuleParser::parseModule):
2794         (JSC::parseWebAssembly):
2795         * wasm/WASMModuleParser.h: Added.
2796         * wasm/WASMReader.cpp: Added.
2797         (JSC::WASMReader::readUnsignedInt32):
2798         (JSC::WASMReader::readFloat):
2799         (JSC::WASMReader::readDouble):
2800         * wasm/WASMReader.h: Added.
2801         (JSC::WASMReader::WASMReader):
2802
2803 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2804
2805         Add the "wasm" directory to the Additional Include Directories for jsc.exe
2806         https://bugs.webkit.org/show_bug.cgi?id=147443
2807
2808         Reviewed by Mark Lam.
2809
2810         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
2811         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
2812
2813         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2814
2815 2015-07-30  Chris Dumez  <cdumez@apple.com>
2816
2817         Mark more classes as fast allocated
2818         https://bugs.webkit.org/show_bug.cgi?id=147440
2819
2820         Reviewed by Sam Weinig.
2821
2822         Mark more classes as fast allocated for performance. We heap-allocate
2823         objects of those types throughout the code base.
2824
2825         * API/JSCallbackObject.h:
2826         * API/ObjCCallbackFunction.mm:
2827         * bytecode/BytecodeKills.h:
2828         * bytecode/BytecodeLivenessAnalysis.h:
2829         * bytecode/CallLinkStatus.h:
2830         * bytecode/FullBytecodeLiveness.h:
2831         * bytecode/SamplingTool.h:
2832         * bytecompiler/BytecodeGenerator.h:
2833         * dfg/DFGBasicBlock.h:
2834         * dfg/DFGBlockMap.h:
2835         * dfg/DFGInPlaceAbstractState.h:
2836         * dfg/DFGThreadData.h:
2837         * heap/HeapVerifier.h:
2838         * heap/SlotVisitor.h:
2839         * parser/Lexer.h:
2840         * runtime/ControlFlowProfiler.h:
2841         * runtime/TypeProfiler.h:
2842         * runtime/TypeProfilerLog.h:
2843         * runtime/Watchdog.h:
2844
2845 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
2846
2847         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
2848         https://bugs.webkit.org/show_bug.cgi?id=147433
2849         rdar://problem/21668986
2850
2851         Reviewed by Mark Lam.
2852
2853         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
2854         currently that's not what it does - it emits a SetArgument for every argument that a varargs
2855         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
2856         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
2857         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
2858         have a PutStack.
2859
2860         This fixes the bug by removing the code to optimize away PutStacks in
2861         ArgumentsEliminationPhase.
2862
2863         * dfg/DFGArgumentsEliminationPhase.cpp:
2864         * tests/stress/varargs-inlining-underflow.js: Added.
2865         (baz):
2866         (bar):
2867         (foo):
2868
2869 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
2870
2871         Implement basic types for ECMAScript Internationalization API
2872         https://bugs.webkit.org/show_bug.cgi?id=146926
2873
2874         Reviewed by Benjamin Poulain.
2875
2876         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
2877         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
2878
2879         * CMakeLists.txt: Added new Intl files.
2880         * Configurations/FeatureDefines.xcconfig: Enable INTL.
2881         * DerivedSources.make: Added Intl files.
2882         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
2883         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
2884         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
2885         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
2886         * runtime/DateConstructor.cpp: Made Date.now public.
2887         * runtime/DateConstructor.h: Made Date.now public.
2888         * runtime/IntlCollator.cpp: Added.
2889         (JSC::IntlCollator::create):
2890         (JSC::IntlCollator::createStructure):
2891         (JSC::IntlCollator::IntlCollator):
2892         (JSC::IntlCollator::finishCreation):
2893         (JSC::IntlCollator::destroy):
2894         (JSC::IntlCollator::visitChildren):
2895         (JSC::IntlCollator::setBoundCompare):
2896         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
2897         * runtime/IntlCollator.h: Added.
2898         (JSC::IntlCollator::constructor):
2899         (JSC::IntlCollator::boundCompare):
2900         * runtime/IntlCollatorConstructor.cpp: Added.
2901         (JSC::IntlCollatorConstructor::create):
2902         (JSC::IntlCollatorConstructor::createStructure):
2903         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
2904         (JSC::IntlCollatorConstructor::finishCreation):
2905         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
2906         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
2907         (JSC::IntlCollatorConstructor::getConstructData):
2908         (JSC::IntlCollatorConstructor::getCallData):
2909         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2910         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2911         (JSC::IntlCollatorConstructor::visitChildren):
2912         * runtime/IntlCollatorConstructor.h: Added.
2913         (JSC::IntlCollatorConstructor::collatorStructure):
2914         * runtime/IntlCollatorPrototype.cpp: Added.
2915         (JSC::IntlCollatorPrototype::create):
2916         (JSC::IntlCollatorPrototype::createStructure):
2917         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
2918         (JSC::IntlCollatorPrototype::finishCreation):
2919         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
2920         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
2921         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2922         * runtime/IntlCollatorPrototype.h: Added.
2923         * runtime/IntlDateTimeFormat.cpp: Added.
2924         (JSC::IntlDateTimeFormat::create):
2925         (JSC::IntlDateTimeFormat::createStructure):
2926         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
2927         (JSC::IntlDateTimeFormat::finishCreation):
2928         (JSC::IntlDateTimeFormat::destroy):
2929         (JSC::IntlDateTimeFormat::visitChildren):
2930         (JSC::IntlDateTimeFormat::setBoundFormat):
2931         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
2932         * runtime/IntlDateTimeFormat.h: Added.
2933         (JSC::IntlDateTimeFormat::constructor):
2934         (JSC::IntlDateTimeFormat::boundFormat):
2935         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
2936         (JSC::IntlDateTimeFormatConstructor::create):
2937         (JSC::IntlDateTimeFormatConstructor::createStructure):
2938         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
2939         (JSC::IntlDateTimeFormatConstructor::finishCreation):
2940         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2941         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2942         (JSC::IntlDateTimeFormatConstructor::getConstructData):
2943         (JSC::IntlDateTimeFormatConstructor::getCallData):
2944         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2945         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2946         (JSC::IntlDateTimeFormatConstructor::visitChildren):
2947         * runtime/IntlDateTimeFormatConstructor.h: Added.
2948         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
2949         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
2950         (JSC::IntlDateTimeFormatPrototype::create):
2951         (JSC::IntlDateTimeFormatPrototype::createStructure):
2952         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
2953         (JSC::IntlDateTimeFormatPrototype::finishCreation):
2954         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2955         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
2956         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2957         * runtime/IntlDateTimeFormatPrototype.h: Added.
2958         * runtime/IntlNumberFormat.cpp: Added.
2959         (JSC::IntlNumberFormat::create):
2960         (JSC::IntlNumberFormat::createStructure):
2961         (JSC::IntlNumberFormat::IntlNumberFormat):
2962         (JSC::IntlNumberFormat::finishCreation):
2963         (JSC::IntlNumberFormat::destroy):
2964         (JSC::IntlNumberFormat::visitChildren):
2965         (JSC::IntlNumberFormat::setBoundFormat):
2966         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
2967         * runtime/IntlNumberFormat.h: Added.
2968         (JSC::IntlNumberFormat::constructor):
2969         (JSC::IntlNumberFormat::boundFormat):
2970         * runtime/IntlNumberFormatConstructor.cpp: Added.
2971         (JSC::IntlNumberFormatConstructor::create):
2972         (JSC::IntlNumberFormatConstructor::createStructure):
2973         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
2974         (JSC::IntlNumberFormatConstructor::finishCreation):
2975         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2976         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2977         (JSC::IntlNumberFormatConstructor::getConstructData):
2978         (JSC::IntlNumberFormatConstructor::getCallData):
2979         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2980         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2981         (JSC::IntlNumberFormatConstructor::visitChildren):
2982         * runtime/IntlNumberFormatConstructor.h: Added.
2983         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
2984         * runtime/IntlNumberFormatPrototype.cpp: Added.
2985         (JSC::IntlNumberFormatPrototype::create):
2986         (JSC::IntlNumberFormatPrototype::createStructure):
2987         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
2988         (JSC::IntlNumberFormatPrototype::finishCreation):
2989         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2990         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
2991         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2992         * runtime/IntlNumberFormatPrototype.h: Added.
2993         * runtime/IntlObject.cpp:
2994         (JSC::IntlObject::create):
2995         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
2996         (JSC::IntlObject::visitChildren):
2997         * runtime/IntlObject.h:
2998         (JSC::IntlObject::collatorConstructor):
2999         (JSC::IntlObject::collatorPrototype):
3000         (JSC::IntlObject::collatorStructure):
3001         (JSC::IntlObject::numberFormatConstructor):
3002         (JSC::IntlObject::numberFormatPrototype):
3003         (JSC::IntlObject::numberFormatStructure):
3004         (JSC::IntlObject::dateTimeFormatConstructor):
3005         (JSC::IntlObject::dateTimeFormatPrototype):
3006         (JSC::IntlObject::dateTimeFormatStructure):
3007         * runtime/JSGlobalObject.cpp:
3008         (JSC::JSGlobalObject::init):
3009
3010 2015-07-29  Commit Queue  <commit-queue@webkit.org>
3011
3012         Unreviewed, rolling out r187550.
3013         https://bugs.webkit.org/show_bug.cgi?id=147420
3014
3015         Broke Windows build (again) (Requested by smfr on #webkit).
3016
3017         Reverted changeset:
3018
3019         "Implement WebAssembly module parser"
3020         https://bugs.webkit.org/show_bug.cgi?id=147293
3021         http://trac.webkit.org/changeset/187550
3022
3023 2015-07-29  Basile Clement  <basile_clement@apple.com>
3024
3025         Remove native call inlining
3026         https://bugs.webkit.org/show_bug.cgi?id=147417
3027
3028         Rubber Stamped by Filip Pizlo.
3029
3030         * CMakeLists.txt:
3031         * dfg/DFGAbstractInterpreterInlines.h:
3032         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
3033         * dfg/DFGByteCodeParser.cpp:
3034         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
3035         * dfg/DFGClobberize.h:
3036         (JSC::DFG::clobberize): Deleted.
3037         * dfg/DFGDoesGC.cpp:
3038         (JSC::DFG::doesGC): Deleted.
3039         * dfg/DFGFixupPhase.cpp:
3040         (JSC::DFG::FixupPhase::fixupNode): Deleted.
3041         * dfg/DFGNode.h:
3042         (JSC::DFG::Node::hasHeapPrediction): Deleted.
3043         (JSC::DFG::Node::hasCellOperand): Deleted.
3044         * dfg/DFGNodeType.h:
3045         * dfg/DFGPredictionPropagationPhase.cpp:
3046         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
3047         * dfg/DFGSafeToExecute.h:
3048         (JSC::DFG::safeToExecute): Deleted.
3049         * dfg/DFGSpeculativeJIT32_64.cpp:
3050         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3051         * dfg/DFGSpeculativeJIT64.cpp:
3052         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3053         * ftl/FTLCapabilities.cpp:
3054         (JSC::FTL::canCompile): Deleted.
3055         * ftl/FTLLowerDFGToLLVM.cpp:
3056         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
3057         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
3058         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
3059         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
3060         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
3061         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
3062         * ftl/FTLState.cpp:
3063         (JSC::FTL::State::State): Deleted.
3064         * ftl/FTLState.h:
3065         * runtime/BundlePath.cpp: Removed.
3066         (JSC::bundlePath): Deleted.
3067         * runtime/JSDataViewPrototype.cpp:
3068         (JSC::getData):
3069         (JSC::setData):
3070         * runtime/Options.h:
3071
3072 2015-07-29  Basile Clement  <basile_clement@apple.com>
3073
3074         Unreviewed, skipping a test that is too complex for its own good
3075         https://bugs.webkit.org/show_bug.cgi?id=147167
3076
3077         * tests/stress/math-pow-coherency.js:
3078
3079 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3080
3081         Implement WebAssembly module parser
3082         https://bugs.webkit.org/show_bug.cgi?id=147293
3083
3084         Reviewed by Mark Lam.
3085
3086         Reupload the patch, since r187539 should fix the "Cannot open include file:
3087         'JSWASMModule.h'" issue in the Windows build.
3088
3089         * CMakeLists.txt:
3090         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3091         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3092         * JavaScriptCore.xcodeproj/project.pbxproj:
3093         * jsc.cpp:
3094         (GlobalObject::finishCreation):
3095         (functionLoadWebAssembly):
3096         * parser/SourceProvider.h:
3097         (JSC::WebAssemblySourceProvider::create):
3098         (JSC::WebAssemblySourceProvider::data):
3099         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3100         * runtime/JSGlobalObject.cpp:
3101         (JSC::JSGlobalObject::init):
3102         (JSC::JSGlobalObject::visitChildren):
3103         * runtime/JSGlobalObject.h:
3104         (JSC::JSGlobalObject::wasmModuleStructure):
3105         * wasm/WASMMagicNumber.h: Added.
3106         * wasm/WASMModuleParser.cpp: Added.
3107         (JSC::WASMModuleParser::WASMModuleParser):
3108         (JSC::WASMModuleParser::parse):
3109         (JSC::WASMModuleParser::parseModule):
3110         (JSC::parseWebAssembly):
3111         * wasm/WASMModuleParser.h: Added.
3112         * wasm/WASMReader.cpp: Added.
3113         (JSC::WASMReader::readUnsignedInt32):
3114         (JSC::WASMReader::readFloat):
3115         (JSC::WASMReader::readDouble):
3116         * wasm/WASMReader.h: Added.
3117         (JSC::WASMReader::WASMReader):
3118
3119 2015-07-29  Basile Clement  <basile_clement@apple.com>
3120
3121         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
3122         https://bugs.webkit.org/show_bug.cgi?id=147167
3123
3124         * tests/stress/math-pow-coherency.js:
3125
3126 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3127
3128         Add the "wasm" directory to Visual Studio project files
3129         https://bugs.webkit.org/show_bug.cgi?id=147400
3130
3131         Reviewed by Simon Fraser.
3132
3133         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
3134         in the Windows build.
3135
3136         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3137         * JavaScriptCore.vcxproj/copy-files.cmd:
3138
3139 2015-07-28  Commit Queue  <commit-queue@webkit.org>
3140
3141         Unreviewed, rolling out r187531.
3142         https://bugs.webkit.org/show_bug.cgi?id=147397
3143
3144         Broke Windows bild (Requested by smfr on #webkit).
3145
3146         Reverted changeset:
3147
3148         "Implement WebAssembly module parser"
3149         https://bugs.webkit.org/show_bug.cgi?id=147293
3150         http://trac.webkit.org/changeset/187531
3151
3152 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
3153
3154         Speed up the Stringifier::toJSON() fast case
3155         https://bugs.webkit.org/show_bug.cgi?id=147383
3156
3157         Reviewed by Andreas Kling.
3158
3159         * runtime/JSONObject.cpp:
3160         (JSC::Stringifier::toJSON):
3161         (JSC::Stringifier::toJSONImpl):
3162
3163 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3164
3165         Implement WebAssembly module parser
3166         https://bugs.webkit.org/show_bug.cgi?id=147293
3167
3168         Reviewed by Geoffrey Garen.
3169
3170         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3171         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3172         the magic number at the beginning of the files. Parsing of the rest will be
3173         implemented in a subsequent patch.
3174
3175         * CMakeLists.txt:
3176         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3177         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3178         * JavaScriptCore.xcodeproj/project.pbxproj:
3179         * jsc.cpp:
3180         (GlobalObject::finishCreation):
3181         (functionLoadWebAssembly):
3182         * parser/SourceProvider.h:
3183         (JSC::WebAssemblySourceProvider::create):
3184         (JSC::WebAssemblySourceProvider::data):
3185         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3186         * runtime/JSGlobalObject.cpp:
3187         (JSC::JSGlobalObject::init):
3188         (JSC::JSGlobalObject::visitChildren):
3189         * runtime/JSGlobalObject.h:
3190         (JSC::JSGlobalObject::wasmModuleStructure):
3191         * wasm/WASMMagicNumber.h: Added.
3192         * wasm/WASMModuleParser.cpp: Added.
3193         (JSC::WASMModuleParser::WASMModuleParser):
3194         (JSC::WASMModuleParser::parse):
3195         (JSC::WASMModuleParser::parseModule):
3196         (JSC::parseWebAssembly):
3197         * wasm/WASMModuleParser.h: Added.
3198         * wasm/WASMReader.cpp: Added.
3199         (JSC::WASMReader::readUnsignedInt32):
3200         (JSC::WASMReader::readFloat):
3201         (JSC::WASMReader::readDouble):
3202         * wasm/WASMReader.h: Added.
3203         (JSC::WASMReader::WASMReader):
3204
3205 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
3206
3207         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
3208         https://bugs.webkit.org/show_bug.cgi?id=147350
3209
3210         Reviewed by Sam Weinig.
3211
3212         * Configurations/FeatureDefines.xcconfig:
3213
3214 2015-07-28  Saam barati  <saambarati1@gmail.com>
3215
3216         Make the type profiler work with lexical scoping and add tests
3217         https://bugs.webkit.org/show_bug.cgi?id=145438
3218
3219         Reviewed by Geoffrey Garen.
3220
3221         op_profile_type now knows how to resolve variables allocated within
3222         the local scope stack. This means it knows how to resolve "let"
3223         and "const" variables. Also, some refactoring was done inside
3224         the BytecodeGenerator to make writing code to support the type
3225         profiler much simpler and clearer.
3226
3227         * bytecode/CodeBlock.cpp:
3228         (JSC::CodeBlock::CodeBlock):
3229         * bytecode/CodeBlock.h:
3230         (JSC::CodeBlock::symbolTable): Deleted.
3231         * bytecode/UnlinkedCodeBlock.h:
3232         (JSC::UnlinkedCodeBlock::addExceptionHandler):
3233         (JSC::UnlinkedCodeBlock::exceptionHandler):
3234         (JSC::UnlinkedCodeBlock::vm):
3235         (JSC::UnlinkedCodeBlock::addArrayProfile):
3236         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
3237         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
3238         * bytecompiler/BytecodeGenerator.cpp:
3239         (JSC::BytecodeGenerator::BytecodeGenerator):
3240         (JSC::BytecodeGenerator::emitMove):
3241         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
3242         (JSC::BytecodeGenerator::emitProfileType):
3243         (JSC::BytecodeGenerator::emitProfileControlFlow):
3244         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3245         * bytecompiler/BytecodeGenerator.h:
3246         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3247         * bytecompiler/NodesCodegen.cpp:
3248         (JSC::ThisNode::emitBytecode):
3249         (JSC::ResolveNode::emitBytecode):
3250         (JSC::BracketAccessorNode::emitBytecode):
3251         (JSC::DotAccessorNode::emitBytecode):
3252         (JSC::FunctionCallValueNode::emitBytecode):
3253         (JSC::FunctionCallResolveNode::emitBytecode):
3254         (JSC::FunctionCallBracketNode::emitBytecode):
3255         (JSC::FunctionCallDotNode::emitBytecode):
3256         (JSC::CallFunctionCallDotNode::emitBytecode):
3257         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3258         (JSC::PostfixNode::emitResolve):
3259         (JSC::PostfixNode::emitBracket):
3260         (JSC::PostfixNode::emitDot):
3261         (JSC::PrefixNode::emitResolve):
3262         (JSC::PrefixNode::emitBracket):
3263         (JSC::PrefixNode::emitDot):
3264         (JSC::ReadModifyResolveNode::emitBytecode):
3265         (JSC::AssignResolveNode::emitBytecode):
3266         (JSC::AssignDotNode::emitBytecode):
3267         (JSC::ReadModifyDotNode::emitBytecode):
3268         (JSC::AssignBracketNode::emitBytecode):
3269         (JSC::ReadModifyBracketNode::emitBytecode):
3270         (JSC::EmptyVarExpression::emitBytecode):
3271         (JSC::EmptyLetExpression::emitBytecode):
3272         (JSC::ForInNode::emitLoopHeader):
3273         (JSC::ForOfNode::emitBytecode):
3274         (JSC::ReturnNode::emitBytecode):
3275         (JSC::FunctionNode::emitBytecode):
3276         (JSC::BindingNode::bindValue):
3277         * dfg/DFGSpeculativeJIT32_64.cpp:
3278         (JSC::DFG::SpeculativeJIT::compile):
3279         * dfg/DFGSpeculativeJIT64.cpp:
3280         (JSC::DFG::SpeculativeJIT::compile):
3281         * jit/JITOpcodes.cpp:
3282         (JSC::JIT::emit_op_profile_type):
3283         * jit/JITOpcodes32_64.cpp:
3284         (JSC::JIT::emit_op_profile_type):
3285         * llint/LowLevelInterpreter32_64.asm:
3286         * llint/LowLevelInterpreter64.asm:
3287         * tests/typeProfiler/es6-block-scoping.js: Added.
3288         (noop):
3289         (arr):
3290         (wrapper.changeFoo):
3291         (wrapper.scoping):
3292         (wrapper.scoping2):
3293         (wrapper):
3294         * tests/typeProfiler/es6-classes.js: Added.
3295         (noop):
3296         (wrapper.Animal):
3297         (wrapper.Animal.prototype.methodA):
3298         (wrapper.Dog):
3299         (wrapper.Dog.prototype.methodB):
3300         (wrapper):
3301
3302 2015-07-28  Saam barati  <saambarati1@gmail.com>
3303
3304         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
3305         https://bugs.webkit.org/show_bug.cgi?id=146979
3306
3307         Reviewed by Geoffrey Garen.
3308
3309         Now that BytecodeGenerator has a notion of local scope depth,
3310         we can easily implement a catch scope that doesn't claim that
3311         all variables are dynamically scoped. This means that functions
3312         that use try/catch can have local variable resolution. This also
3313         means that all functions that use try/catch don't have all
3314         their variables marked as being captured.
3315
3316         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
3317         single variable. Catch scopes are now just JSLexicalEnvironments and the 
3318         symbol table backing the catch scope knows that it corresponds to a catch scope.
3319
3320         * CMakeLists.txt:
3321         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3322         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3323         * JavaScriptCore.xcodeproj/project.pbxproj:
3324         * bytecode/CodeBlock.cpp:
3325         (JSC::CodeBlock::dumpBytecode):
3326         * bytecode/EvalCodeCache.h:
3327         (JSC::EvalCodeCache::isCacheable):
3328         * bytecompiler/BytecodeGenerator.cpp:
3329         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3330         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3331         (JSC::BytecodeGenerator::pushLexicalScope):
3332         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3333         (JSC::BytecodeGenerator::popLexicalScope):
3334         (JSC::BytecodeGenerator::popLexicalScopeInternal):
3335         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
3336         (JSC::BytecodeGenerator::variable):
3337         (JSC::BytecodeGenerator::resolveType):
3338         (JSC::BytecodeGenerator::emitResolveScope):
3339         (JSC::BytecodeGenerator::emitPopScope):
3340         (JSC::BytecodeGenerator::emitPopWithScope):
3341         (JSC::BytecodeGenerator::emitDebugHook):
3342         (JSC::BytecodeGenerator::popScopedControlFlowContext):
3343         (JSC::BytecodeGenerator::emitPushCatchScope):
3344         (JSC::BytecodeGenerator::emitPopCatchScope):
3345         (JSC::BytecodeGenerator::beginSwitch):
3346         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
3347         * bytecompiler/BytecodeGenerator.h:
3348         (JSC::BytecodeGenerator::lastOpcodeID):
3349         * bytecompiler/NodesCodegen.cpp:
3350         (JSC::AssignResolveNode::emitBytecode):
3351         (JSC::WithNode::emitBytecode):
3352         (JSC::TryNode::emitBytecode):
3353         * debugger/DebuggerScope.cpp:
3354         (JSC::DebuggerScope::isCatchScope):
3355         (JSC::DebuggerScope::isFunctionNameScope):
3356         (JSC::DebuggerScope::isFunctionOrEvalScope):
3357         (JSC::DebuggerScope::caughtValue):
3358         * debugger/DebuggerScope.h:
3359         * inspector/ScriptDebugServer.cpp:
3360         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
3361         * interpreter/Interpreter.cpp:
3362         (JSC::Interpreter::execute):
3363         * jit/JITOpcodes.cpp:
3364         (JSC::JIT::emit_op_push_name_scope):
3365         * jit/JITOpcodes32_64.cpp:
3366         (JSC::JIT::emit_op_push_name_scope):
3367         * jit/JITOperations.cpp:
3368         * jit/JITOperations.h:
3369         * parser/ASTBuilder.h:
3370         (JSC::ASTBuilder::createContinueStatement):
3371         (JSC::ASTBuilder::createTryStatement):
3372         * parser/NodeConstructors.h:
3373         (JSC::ThrowNode::ThrowNode):
3374         (JSC::TryNode::TryNode):
3375         (JSC::FunctionParameters::FunctionParameters):
3376         * parser/Nodes.h:
3377         * parser/Parser.cpp:
3378         (JSC::Parser<LexerType>::parseTryStatement):
3379         * parser/SyntaxChecker.h:
3380         (JSC::SyntaxChecker::createBreakStatement):
3381         (JSC::SyntaxChecker::createContinueStatement):
3382         (JSC::SyntaxChecker::createTryStatement):
3383         (JSC::SyntaxChecker::createSwitchStatement):
3384         (JSC::SyntaxChecker::createWhileStatement):
3385         (JSC::SyntaxChecker::createWithStatement):
3386         * runtime/JSCatchScope.cpp:
3387         * runtime/JSCatchScope.h:
3388         (JSC::JSCatchScope::JSCatchScope): Deleted.
3389         (JSC::JSCatchScope::create): Deleted.
3390         (JSC::JSCatchScope::createStructure): Deleted.
3391         * runtime/JSFunctionNameScope.h:
3392         (JSC::JSFunctionNameScope::JSFunctionNameScope):
3393         * runtime/JSGlobalObject.cpp:
3394         (JSC::JSGlobalObject::init):
3395         (JSC::JSGlobalObject::visitChildren):
3396         * runtime/JSGlobalObject.h:
3397         (JSC::JSGlobalObject::withScopeStructure):
3398         (JSC::JSGlobalObject::strictEvalActivationStructure):
3399         (JSC::JSGlobalObject::activationStructure):
3400         (JSC::JSGlobalObject::functionNameScopeStructure):
3401         (JSC::JSGlobalObject::directArgumentsStructure):
3402         (JSC::JSGlobalObject::scopedArgumentsStructure):
3403         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
3404         * runtime/JSNameScope.cpp:
3405         (JSC::JSNameScope::create):
3406         (JSC::JSNameScope::toThis):
3407         * runtime/JSNameScope.h:
3408         * runtime/JSObject.cpp:
3409         (JSC::JSObject::toThis):
3410         (JSC::JSObject::isFunctionNameScopeObject):
3411         (JSC::JSObject::isCatchScopeObject): Deleted.
3412         * runtime/JSObject.h:
3413         * runtime/JSScope.cpp:
3414         (JSC::JSScope::collectVariablesUnderTDZ):
3415         (JSC::JSScope::isLexicalScope):
3416         (JSC::JSScope::isCatchScope):
3417         (JSC::resolveModeName):
3418         * runtime/JSScope.h:
3419         * runtime/SymbolTable.cpp:
3420         (JSC::SymbolTable::SymbolTable):
3421         (JSC::SymbolTable::cloneScopePart):
3422         * runtime/SymbolTable.h:
3423         * tests/stress/const-semantics.js:
3424         (.):
3425
3426 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3427
3428         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
3429         https://bugs.webkit.org/show_bug.cgi?id=147373
3430
3431         Reviewed by Mark Lam.
3432
3433         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
3434         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
3435         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
3436
3437         When converting a GetByVal to GetStack, there are three possibilities:
3438
3439         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
3440            know to have stored to the stack. For example, if we inline a function that does
3441            "arguments[42]" at a call that passes no arguments.
3442
3443         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
3444            can happen for "arguments[42]" with no inline call frame (since we don't know statically
3445            how many arguments we will be passed) or in a varargs call frame.
3446
3447         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
3448            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
3449            frame, and we know that the caller passed 42 or more arguments.
3450
3451         The way the phase handles this is it first determines that we're not in case (1). This is
3452         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
3453         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
3454         is in-bounds (i.e. case (3)).
3455
3456         But the phase was again doing a check for whether the index is in-bounds for non-varargs
3457         inline call frames even when safeToGetStack was true. That check is redundant and should be
3458         eliminated, since it makes the code confusing.
3459
3460         * dfg/DFGArgumentsEliminationPhase.cpp:
3461
3462 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
3463
3464         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
3465         https://bugs.webkit.org/show_bug.cgi?id=147371
3466
3467         Reviewed by Mark Lam.
3468
3469         Two fixes:
3470
3471         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
3472           using ConflictingFlush for arguments.
3473
3474         - Assert that a GetStack never sees ConflictingFlush.
3475
3476         * dfg/DFGPutStackSinkingPhase.cpp:
3477
3478 2015-07-28  Basile Clement  <basile_clement@apple.com>
3479
3480         Misleading error message: "At least one digit must occur after a decimal point"
3481         https://bugs.webkit.org/show_bug.cgi?id=146238
3482
3483         Reviewed by Geoffrey Garen.
3484
3485         Interestingly, we had a comment explaining what this error message was
3486         about that is much clearer than the error message itself. This patch
3487         simply replaces the error message with the explanation from the
3488         comment.
3489
3490         * parser/Lexer.cpp:
3491         (JSC::Lexer<T>::lex):
3492
3493 2015-07-28  Basile Clement  <basile_clement@apple.com>
3494
3495         Simplify call linking
3496         https://bugs.webkit.org/show_bug.cgi?id=147363
3497
3498         Reviewed by Filip Pizlo.
3499
3500         Previously, we were passing both the CallLinkInfo and a
3501         (CodeSpecializationKind, RegisterPreservationMode) pair to the
3502         different call linking slow paths. However, the CallLinkInfo already
3503         has all of that information, and we don't gain anything by having them
3504         in additional static parameters - except possibly a very small
3505         performance gain in presence of inlining. However since those are
3506         already slow paths, this performance loss (if it exists) will not be
3507         visible in practice.
3508
3509         This patch removes the various specialized thunks and JIT operations
3510         for regular and polymorphic call linking with a single thunk and
3511         operation for each case. Moreover, it removes the four specialized
3512         virtual call thunks and operations with one virtual call thunk for each
3513         call link info, allowing for better branch prediction by the CPU and
3514         fixing a pre-existing FIXME.
3515
3516         * bytecode/CallLinkInfo.cpp:
3517         (JSC::CallLinkInfo::unlink):
3518         (JSC::CallLinkInfo::dummy): Deleted.
3519         * bytecode/CallLinkInfo.h:
3520         (JSC::CallLinkInfo::CallLinkInfo):
3521         (JSC::CallLinkInfo::registerPreservationMode):
3522         (JSC::CallLinkInfo::setUpCallFromFTL):
3523         (JSC::CallLinkInfo::setSlowStub):
3524         (JSC::CallLinkInfo::clearSlowStub):
3525         (JSC::CallLinkInfo::slowStub):
3526         * dfg/DFGDriver.cpp:
3527         (JSC::DFG::compileImpl):
3528         * dfg/DFGJITCompiler.cpp:
3529         (JSC::DFG::JITCompiler::link):
3530         * ftl/FTLJSCallBase.cpp:
3531         (JSC::FTL::JSCallBase::link):
3532         * jit/JITCall.cpp:
3533         (JSC::JIT::compileCallEvalSlowCase):
3534         (JSC::JIT::compileOpCall):
3535         (JSC::JIT::compileOpCallSlowCase):
3536         * jit/JITCall32_64.cpp:
3537         (JSC::JIT::compileCallEvalSlowCase):
3538         (JSC::JIT::compileOpCall):
3539         (JSC::JIT::compileOpCallSlowCase):
3540         * jit/JITOperations.cpp:
3541         * jit/JITOperations.h:
3542         (JSC::operationLinkFor): Deleted.
3543         (JSC::operationVirtualFor): Deleted.
3544         (JSC::operationLinkPolymorphicCallFor): Deleted.
3545         * jit/Repatch.cpp:
3546         (JSC::generateByIdStub):
3547         (JSC::linkSlowFor):
3548         (JSC::linkFor):
3549         (JSC::revertCall):
3550         (JSC::unlinkFor):
3551         (JSC::linkVirtualFor):
3552         (JSC::linkPolymorphicCall):
3553         * jit/Repatch.h:
3554         * jit/ThunkGenerators.cpp:
3555         (JSC::linkCallThunkGenerator):
3556         (JSC::linkPolymorphicCallThunkGenerator):
3557         (JSC::virtualThunkFor):
3558         (JSC::linkForThunkGenerator): Deleted.
3559         (JSC::linkConstructThunkGenerator): Deleted.
3560         (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
3561         (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
3562         (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
3563         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
3564         (JSC::virtualForThunkGenerator): Deleted.
3565         (JSC::virtualCallThunkGenerator): Deleted.
3566         (JSC::virtualConstructThunkGenerator): Deleted.
3567         (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
3568         (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
3569         * jit/ThunkGenerators.h:
3570         (JSC::linkThunkGeneratorFor): Deleted.
3571         (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
3572         (JSC::virtualThunkGeneratorFor): Deleted.
3573
3574 2015-07-28  Basile Clement  <basile_clement@apple.com>
3575
3576         stress/math-pow-with-constants.js fails in cloop
3577         https://bugs.webkit.org/show_bug.cgi?id=147167
3578
3579         Reviewed by Geoffrey Garen.
3580
3581         Baseline JIT, DFG and FTL are using a fast exponentiation fast path
3582         when computing Math.pow() with an integer exponent that is not taken in
3583         the LLInt (or the DFG abstract interpreter). This leads to the result
3584         of pow changing depending on the compilation tier or the fact that
3585         constant propagation kicks in, which is undesirable.
3586
3587         This patch adds the fast path to the slow operationMathPow in order to
3588         maintain an illusion of consistency.
3589
3590         * runtime/MathCommon.cpp:
3591         (JSC::operationMathPow):
3592         * tests/stress/math-pow-coherency.js: Added.
3593         (pow42):
3594         (build42AsDouble.opaqueAdd):
3595         (build42AsDouble):
3596         (powDouble42):
3597         (clobber):
3598         (pow42NoConstantFolding):
3599         (powDouble42NoConstantFolding):
3600
3601 2015-07-28  Joseph Pecoraro  <pecoraro@apple.com>
3602
3603         Web Inspector: Show Pseudo Elements in DOM Tree
3604         https://bugs.webkit.org/show_bug.cgi?id=139612
3605
3606         Reviewed by Timothy Hatcher.
3607
3608         * inspector/protocol/DOM.json:
3609         Add new properties to DOMNode if it is a pseudo element or if it has
3610         pseudo element children. Add new events for if a pseudo element is
3611         added or removed dynamically to an existing DOMNode.
3612
3613 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
3614
3615         Add logging when executable code gets deallocated
3616         https://bugs.webkit.org/show_bug.cgi?id=147355
3617
3618         Reviewed by Mark Lam.
3619
3620         * ftl/FTLJITCode.cpp:
3621         (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
3622         * jit/JITCode.cpp:
3623         (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
3624
3625 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
3626
3627         DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
3628         https://bugs.webkit.org/show_bug.cgi?id=147354
3629
3630         Reviewed by Michael Saboff.
3631
3632         If m_structure.isClobbered(), it means that we had a side effect that clobbered
3633         the abstract value but it may recover back to its original value at the next
3634         invalidation point. Since the invalidation point hasn't been reached yet, we need
3635         to conservatively treat the clobbered state as if it was top. At the invalidation
3636         point, the clobbered set will return back to being unclobbered.
3637
3638         In addition to fixing the bug, this introduces isInfinite(), which should be used
3639         in places where it's tempting to just use isTop().
3640
3641         * dfg/DFGSafeToExecute.h:
3642         (JSC::DFG::safeToExecute): Fix the bug.
3643         * dfg/DFGStructureAbstractValue.cpp:
3644         (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
3645         (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
3646         (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
3647         (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
3648         * dfg/DFGStructureAbstractValue.h:
3649         (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
3650         (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
3651         (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
3652
3653 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3654
3655         [ES6] Implement Reflect.enumerate
3656         https://bugs.webkit.org/show_bug.cgi?id=147347
3657
3658         Reviewed by Sam Weinig.
3659
3660         This patch implements Reflect.enumerate.
3661         It returns the iterator that iterates the enumerable keys of the given object.
3662         It follows the for-in's enumeration order.
3663
3664         To implement it, we write down the same logic to the for-in's enumeration code in C++.
3665
3666         * CMakeLists.txt:
3667         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3668         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3669         * JavaScriptCore.xcodeproj/project.pbxproj:
3670         * runtime/JSGlobalObject.cpp:
3671         (JSC::JSGlobalObject::init):
3672         (JSC::JSGlobalObject::visitChildren):
3673         * runtime/JSGlobalObject.h:
3674         (JSC::JSGlobalObject::propertyNameIteratorStructure):
3675         * runtime/JSPropertyNameIterator.cpp: Added.
3676         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
3677         (JSC::JSPropertyNameIterator::clone):
3678         (JSC::JSPropertyNameIterator::create):
3679         (JSC::JSPropertyNameIterator::finishCreation):
3680         (JSC::JSPropertyNameIterator::visitChildren):
3681         (JSC::JSPropertyNameIterator::next):
3682         (JSC::propertyNameIteratorFuncNext):
3683         * runtime/JSPropertyNameIterator.h: Added.
3684         (JSC::JSPropertyNameIterator::createStructure):
3685         * runtime/ReflectObject.cpp:
3686         (JSC::reflectObjectEnumerate):
3687         * tests/stress/reflect-enumerate.js: Added.
3688         (shouldBe):
3689         (shouldThrow):
3690
3691 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3692
3693         [ES6] Implement Reflect.preventExtensions
3694         https://bugs.webkit.org/show_bug.cgi?id=147331
3695
3696         Reviewed by Sam Weinig.
3697
3698         Implement Reflect.preventExtensions.
3699         This is different from Object.preventExensions.
3700
3701         1. When preventExtensions is called onto the non-object, it raises the TypeError.
3702         2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
3703
3704         For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
3705
3706         * runtime/ReflectObject.cpp:
3707         (JSC::reflectObjectPreventExtensions):
3708         * tests/stress/reflect-prevent-extensions.js: Added.
3709         (shouldBe):
3710         (shouldThrow):
3711
3712 2015-07-27  Alex Christensen  <achristensen@webkit.org>
3713
3714         Use Ninja on Windows.
3715         https://bugs.webkit.org/show_bug.cgi?id=147228
3716
3717         Reviewed by Martin Robinson.
3718
3719         * CMakeLists.txt:
3720         Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
3721
3722 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
3723
3724         SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
3725         https://bugs.webkit.org/show_bug.cgi?id=147265
3726
3727         Reviewed by Geoffrey Garen.
3728
3729         JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
3730         By checking that the given index is in-bound of the vector's length, we can look up the property fast.
3731         And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
3732         And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
3733
3734         The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
3735         from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
3736         even the index is less than MIN_SPARSE_ARRAY_INDEX.
3737
3738         As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
3739         we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
3740         if the loaded value is an array hole, we decide the given object does not have the value for the given index.
3741
3742         This patch fixes the problem.
3743         When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
3744         and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
3745         practice, we expect this does not hurt the performance while keeping the fast property access system without
3746         checking the sparse map.
3747
3748         * runtime/JSObject.cpp:
3749         (JSC::JSObject::putDirectIndexBeyondVectorLength):
3750         * tests/stress/sparse-map-non-overlapping.js: Added.
3751         (shouldBe):
3752         (testing):
3753         (object.get 1000):
3754         * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
3755         (shouldBe):
3756         (obj.get 1):
3757         (testing):
3758         * tests/stress/sparse-map-non-skip.js: Added.
3759         (shouldBe):
3760         (testing):
3761         (testing2):
3762         (.get for):
3763
3764 2015-07-27  Saam barati  <saambarati1@gmail.com>
3765
3766         Reduce execution time for "let" and "const" tests
3767         https://bugs.webkit.org/show_bug.cgi?id=147291
3768
3769         Reviewed by Geoffrey Garen.
3770
3771         We don't need to loop so many times for things that will not make it 
3772         into the DFG.  Also, we can loop a lot less for almost all the tests 
3773         because they're mostly testing the bytecode generator.
3774
3775         * tests/stress/const-and-with-statement.js:
3776         * tests/stress/const-exception-handling.js:
3777         * tests/stress/const-loop-semantics.js:
3778         * tests/stress/const-not-strict-mode.js:
3779         * tests/stress/const-semantics.js:
3780         * tests/stress/const-tdz.js:
3781         * tests/stress/lexical-let-and-with-statement.js:
3782         * tests/stress/lexical-let-exception-handling.js:
3783         (assert):
3784         * tests/stress/lexical-let-loop-semantics.js:
3785         (assert):
3786         (shouldThrowTDZ):
3787         (.):
3788         * tests/stress/lexical-let-not-strict-mode.js:
3789         * tests/stress/lexical-let-semantics.js:
3790         (.):
3791         * tests/stress/lexical-let-tdz.js:
3792         (shouldThrowTDZ):
3793         (.):
3794
3795 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3796
3797         Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
3798         https://bugs.webkit.org/show_bug.cgi?id=147311
3799
3800         Reviewed by Sam Weinig.
3801
3802         To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
3803         this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
3804
3805         * bytecode/ObjectAllocationProfile.h:
3806         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3807         * runtime/EnumerationMode.h:
3808         * runtime/ObjectConstructor.cpp:
3809         (JSC::ownEnumerablePropertyKeys):
3810         (JSC::defineProperties):
3811         (JSC::objectConstructorSeal):
3812         (JSC::objectConstructorFreeze):
3813         (JSC::objectConstructorIsSealed):
3814         (JSC::objectConstructorIsFrozen):
3815         (JSC::ownPropertyKeys):
3816         * runtime/ReflectObject.cpp:
3817         (JSC::reflectObjectOwnKeys):
3818
3819 2015-07-27  Saam barati  <saambarati1@gmail.com>
3820
3821         Added a comment explaining that all "addVar()"s should happen before
3822         emitting bytecode for a function's default parameter expressions
3823
3824         Rubber Stamped by Mark Lam.
3825
3826         * bytecompiler/BytecodeGenerator.cpp:
3827         (JSC::BytecodeGenerator::BytecodeGenerator):
3828
3829 2015-07-26  Sam Weinig  <sam@webkit.org>
3830
3831         Add missing builtin files to the JavaScriptCore Xcode project
3832         https://bugs.webkit.org/show_bug.cgi?id=147312
3833
3834         Reviewed by Darin Adler.
3835
3836         * JavaScriptCore.xcodeproj/project.pbxproj:
3837         Add missing files.
3838
3839 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3840
3841         [ES6] Implement Reflect.isExtensible
3842         https://bugs.webkit.org/show_bug.cgi?id=147308
3843
3844         Reviewed by Sam Weinig.
3845
3846         This patch implements Reflect.isExtensible.
3847         It is similar to Object.isExtensible.
3848         The difference is that it raises an error if the first argument is not an object.
3849
3850         * runtime/ReflectObject.cpp:
3851         (JSC::reflectObjectIsExtensible):
3852         * tests/stress/reflect-is-extensible.js: Added.
3853         (shouldBe):
3854         (shouldThrow):
3855
3856 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3857
3858         Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
3859         https://bugs.webkit.org/show_bug.cgi?id=147307
3860
3861         * runtime/ObjectConstructor.cpp:
3862         (JSC::ownPropertyKeys):
3863
3864 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3865
3866         [ES6] Implement Reflect.ownKeys
3867         https://bugs.webkit.org/show_bug.cgi?id=147307
3868
3869         Reviewed by Sam Weinig.
3870
3871         This patch implements Reflect.ownKeys.
3872         In this patch, we refactor the existing code to list up own keys in the object.
3873         Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
3874         We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
3875
3876         * runtime/ObjectConstructor.cpp:
3877         (JSC::objectConstructorGetOwnPropertyNames):
3878         (JSC::objectConstructorGetOwnPropertySymbols):
3879         (JSC::objectConstructorKeys):
3880         (JSC::ownEnumerablePropertyKeys):
3881         (JSC::ownPropertyKeys):
3882         * runtime/ObjectConstructor.h:
3883         * runtime/ReflectObject.cpp:
3884         (JSC::reflectObjectOwnKeys):
3885         * tests/stress/reflect-own-keys.js: Added.
3886         (shouldBe):
3887         (shouldThrow):
3888         (shouldBeArray):
3889
3890 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3891
3892         [ES6] Implement Reflect.apply
3893         https://bugs.webkit.org/show_bug.cgi?id=147306
3894
3895         Reviewed by Sam Weinig.
3896
3897         Implement Reflect.apply.
3898         The large part of this can be implemented by the @apply builtin annotation.
3899         The only thing which is different from the Funciton.prototype.apply is the third parameter,
3900         "argumentsList" is needed to be an object.
3901
3902         * builtins/ReflectObject.js:
3903         (apply):
3904         (deleteProperty):
3905         * runtime/ReflectObject.cpp:
3906         * tests/stress/reflect-apply.js: Added.
3907         (shouldBe):
3908         (shouldThrow):
3909         (get shouldThrow):