[WebKit-https.git] / Source / JavaScriptCore / ChangeLog

2014-02-03  Andreas Kling  <akling@apple.com>

        Keep only captured symbols in CodeBlock symbol tables.
        <https://webkit.org/b/128050>

        Discard all uncaptured symbols at the end of codegen since only
        the captured ones will be used after that point.

        ~2MB progression on Membuster OSUS.

        Reviewed by Geoffrey Garen.

        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedCodeBlock::setSymbolTable):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate):

2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>

        Fix the LLInt C loop

        Rubber stamped by Mark Lam.

        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::llint_write_barrier_slow):
        * llint/LLIntSlowPaths.h:

2014-02-03  Dean Jackson  <dino@apple.com>

        Feature flag for shape-inside
        https://bugs.webkit.org/show_bug.cgi?id=128001

        Reviewed by Simon Fraser.

        Add CSS_SHAPE_INSIDE flag.

        * Configurations/FeatureDefines.xcconfig:

2014-02-03  Oliver Hunt  <oliver@apple.com>

        Deconstructed parameters aren't being placed in the correct scope
        https://bugs.webkit.org/show_bug.cgi?id=128126

        Reviewed by Antti Koivisto.

        Make sure we declare the bound parameter names as variables when
        we reparse.  In the BytecodeGenerator we now also directly ensure
        that bound parameters are placed in the symbol table of the function
        we're currently compiling.  We then delay binding until just before
        we start codegen for the body of the function so that we can ensure
        the function has completely initialised all scope details.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::generate):
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * bytecompiler/BytecodeGenerator.h:
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::Parser):
        (JSC::Parser<LexerType>::createBindingPattern):

2014-02-03  Alexey Proskuryakov  <ap@apple.com>

        Update JS whitespace definition for changes in Unicode 6.3
        https://bugs.webkit.org/show_bug.cgi?id=127450

        Reviewed by Oliver Hunt.

        * parser/Lexer.h: (JSC::Lexer<UChar>::isWhiteSpace): Part 2 of the fix, update lexer too.

2014-02-03  Matthew Mirman  <mmirman@apple.com>

        Added GetTypedArrayByteOffset to FTL
        https://bugs.webkit.org/show_bug.cgi?id=127589

        Reviewed by Filip Pizlo.

        * ftl/FTLAbstractHeapRepository.h:
        * ftl/FTLCapabilities.cpp:
        (JSC::FTL::canCompile):
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::compileNode):
        (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
        * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
        (foo):
        * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
        (foo):

2014-02-03  Mark Lam  <mark.lam@apple.com>

        Debugger created JSActivations should account for CodeBlock::framePointerOffsetToGetActivationRegisters().
        <https://webkit.org/b/128112>

        Reviewed by Geoffrey Garen.

        Currently, when the DebuggerCallFrame creates the JSActivation object
        for a frame, it does not account for the framePointerOffsetToGetActivationRegisters()
        offset that needs to be added for DFG frames.

        Instead of special casing the fix in DebuggerCallFrame::scope(), we fix
        this by adding CodeBlock::framePointerOffsetToGetActivationRegisters() to
        callFrame->registers() in the JSActivation::create() method that does not
        explicitly take a Register*. This ensures that JSActivation::create() will
        always do the right thing instead of only being a special case for the
        LLINT and baselineJIT.

        Apart from the DebuggerCallFrame, this create() function is only called by
        slow paths in the LLINT and baselineJIT. Hence, it is not performance
        critical.

        * runtime/JSActivation.h:
        (JSC::JSActivation::create):

2014-01-31  Geoffrey Garen  <ggaren@apple.com>

        Simplified name scope creation for function expressions
        https://bugs.webkit.org/show_bug.cgi?id=128031

        Reviewed by Mark Lam.

        3X speedup on js/regress/script-tests/function-with-eval.js.

        We used to emit bytecode to push a name into local scope every
        time a function that needed such a name executed. Now, we push the name
        into scope once on the function object, and leave it there.

        This is faster, and it also reduces the number of variable resolution
        modes you have to worry about when thinking about bytecode and the
        debugger.

        This patch is slightly complicated by the fact that we don't know if
        a function needs a name scope until we parse its body. So, there's some
        glue code in here to delay filling in a function's scope until we parse
        its body for the first time.

        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::generateFunctionCodeBlock):
        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedFunctionExecutable::functionMode): Renamed
        functionNameIsInScopeToggle to functionMode.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator): No need to emit convert_this
        when debugging. The debugger will perform the conversion as needed.

        (JSC::BytecodeGenerator::resolveCallee):
        (JSC::BytecodeGenerator::addCallee): Simplified this code by removing
        the "my function needs a name scope, but didn't allocate one" mode.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        (JSC::Interpreter::executeCall):
        (JSC::Interpreter::executeConstruct):
        (JSC::Interpreter::prepareForRepeatCall): Pass a scope slot through to
        CodeBlock generation, so we can add a function name scope if the parsed
        function body requires one.

        * jit/JITOperations.cpp:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::setUpCall): Ditto.

        * parser/NodeConstructors.h:
        (JSC::FuncExprNode::FuncExprNode):
        (JSC::FuncDeclNode::FuncDeclNode):
        * parser/Nodes.cpp:
        (JSC::FunctionBodyNode::finishParsing):
        * parser/Nodes.h:
        (JSC::FunctionBodyNode::functionMode): Updated for rename.

        * parser/ParserModes.h:
        (JSC::functionNameIsInScope):
        (JSC::functionNameScopeIsDynamic): Helper functions for reasoning about
        how crazy JavaScript language semantics are.

        * runtime/ArrayPrototype.cpp:
        (JSC::isNumericCompareFunction):
        (JSC::attemptFastSort): Updated for interface changes above.

        * runtime/Executable.cpp:
        (JSC::ScriptExecutable::newCodeBlockFor):
        (JSC::ScriptExecutable::prepareForExecutionImpl):
        (JSC::FunctionExecutable::FunctionExecutable):
        * runtime/Executable.h:
        (JSC::ScriptExecutable::prepareForExecution):
        (JSC::FunctionExecutable::functionMode):
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::addNameScopeIfNeeded):
        * runtime/JSFunction.h:
        * runtime/JSNameScope.h:
        (JSC::JSNameScope::create):
        (JSC::JSNameScope::JSNameScope): Added machinery for pushing a function
        name scope onto a function when we first discover that it's needed.

2014-01-25  Darin Adler  <darin@apple.com>

        Stop using Unicode.h
        https://bugs.webkit.org/show_bug.cgi?id=127633

        Reviewed by Anders Carlsson.

        * parser/Lexer.h:
        * runtime/JSGlobalObjectFunctions.h:
        * yarr/YarrCanonicalizeUCS2.h:
        * yarr/YarrInterpreter.h:
        * yarr/YarrParser.h:
        * yarr/YarrPattern.h:
        Removed includes of <wtf/unicode/Unicode.h>, adding includes of
        ICU headers and <wtf/text/LChar.h> as needed to replace it.

2014-02-03  Dan Bernstein  <mitz@apple.com>

        Correctly address Darin’s review comment on the last change.

        * runtime/Watchdog.h: Changed an OS(DARWIN) guard around formerly PLATFORM(MAC)-only member
        variables to the equivalent OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).

2014-02-03  Dan Bernstein  <mitz@apple.com>

        Stop using PLATFORM(MAC) in JavaScriptCore except where it means “OS X but not iOS”
        https://bugs.webkit.org/show_bug.cgi?id=128098

        Reviewed by Darin Adler.

        * API/JSValueRef.cpp:
        (JSValueUnprotect): Added an explicit !PLATFORM(IOS) in guards for the Evernote workaround,
        which is only needed on OS X.

        * API/tests/testapi.c:
        (main): Changed PLATFORM(MAC) || PLATFORM(IOS) guards to OS(DARWIN), because they were
        surrounding tests for code that is itself guarded by OS(DARWIN).

        * runtime/Watchdog.h: Changed PLATFORM(MAC) to OS(DARWIN).

        * tools/CodeProfiling.cpp:
        (JSC::CodeProfiling::begin): Changed PLATFORM(MAC) to
        OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
        (JSC::CodeProfiling::end): Ditto.

2014-02-02  Mark Lam  <mark.lam@apple.com>

        Repatch code is passing the wrong args to lookupExceptionHandler.
        <https://webkit.org/b/128085>

        Reviewed by Oliver Hunt.

        lookupExceptionHandler() is expecting 2 args: VM*, ExecState*.
        The repatch code was only passing an ExecState*. A crash ensues.
        This is now fixed.

        * jit/JIT.cpp:
        (JSC::JIT::privateCompileExceptionHandlers):
        * jit/Repatch.cpp:
        (JSC::generateProtoChainAccessStub):

2014-02-01  Filip Pizlo  <fpizlo@apple.com>

        JSC profiler's stub info profiling support should work again
        https://bugs.webkit.org/show_bug.cgi?id=128057

        Reviewed by Mark Lam.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::printGetByIdCacheStatus): We want to know if the cache was ever reset by GC, since the DFG uses this information.
        (JSC::CodeBlock::printLocationAndOp): This shouldn't have been inline.
        (JSC::CodeBlock::printLocationOpAndRegisterOperand): Ditto.
        (JSC::CodeBlock::dumpBytecode): Dump the profiling field, and make sure that the caller can pass a StubInfoMap, which is necessary for dumping StructureStubInfo profiling.
        * bytecode/CodeBlock.h: Out-of-line some methods and add the StubInfoMap parameter.
        * profiler/ProfilerBytecodeSequence.cpp:
        (JSC::Profiler::BytecodeSequence::BytecodeSequence): Create a StubInfoMap before dumping bytecodes.

2014-02-01  Filip Pizlo  <fpizlo@apple.com>

        JSC profiler should show reasons for jettison
        https://bugs.webkit.org/show_bug.cgi?id=128047

        Reviewed by Geoffrey Garen.
        
        Henceforth if you want to jettison a CodeBlock, you gotta tell the Profiler why you did
        it. This makes figuring out convergence issues - where some code seems to take a long
        time to get into the top tier compiler - a lot easier.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::finalizeUnconditionally):
        (JSC::CodeBlock::jettison):
        (JSC::CodeBlock::addBreakpoint):
        (JSC::CodeBlock::setSteppingMode):
        * bytecode/CodeBlock.h:
        * bytecode/CodeBlockJettisoningWatchpoint.cpp:
        (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
        * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
        (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
        * dfg/DFGOperations.cpp:
        * jit/JITOperations.cpp:
        * profiler/ProfilerCompilation.cpp:
        (JSC::Profiler::Compilation::Compilation):
        (JSC::Profiler::Compilation::toJS):
        * profiler/ProfilerCompilation.h:
        (JSC::Profiler::Compilation::setJettisonReason):
        * profiler/ProfilerJettisonReason.cpp: Added.
        (WTF::printInternal):
        * profiler/ProfilerJettisonReason.h: Added.
        * runtime/CommonIdentifiers.h:
        * runtime/VM.cpp:
        (JSC::SetEnabledProfilerFunctor::operator()):

2014-02-01  Mark Lam  <mark.lam@apple.com>

        Saying "jitType() == JITCode::DFGJIT" is almost never correct.
        <http://webkit.org/b/128045>

        Reviewed by Filip Pizlo.

        JITCode::isOptimizingJIT(jitType()) is the right way to say it.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::addBreakpoint):
        (JSC::CodeBlock::setSteppingMode):
        * runtime/VM.cpp:
        (JSC::SetEnabledProfilerFunctor::operator()):

2014-02-01  Michael Saboff  <msaboff@apple.com>

        REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.JavaScriptCore: JSC::ArrayProfile::computeUpdatedPrediction + 4
        https://bugs.webkit.org/show_bug.cgi?id=128037

        Reviewed by Mark Lam.

        op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
        change set r162739.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitCallVarargs):

2014-01-31  Mark Lam  <mark.lam@apple.com>

        Gardening: fix build breakage.

        Not reviewed.

        * interpreter/CallFrame.h:

2014-01-31  Mark Lam  <mark.lam@apple.com>

        Gardening: Fix a merge problem to unbreak bots.

        Not reviewed.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):

2014-01-31  Oliver Hunt  <oliver@apple.com>

        Rollout r163195 and related patches

        * API/JSCallbackObjectFunctions.h:
        (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
        (JSC::JSCallbackObject<Parent>::put):
        (JSC::JSCallbackObject<Parent>::deleteProperty):
        (JSC::JSCallbackObject<Parent>::getStaticValue):
        (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
        (JSC::JSCallbackObject<Parent>::callbackGetter):
        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.am:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
        * JavaScriptCore.vcxproj/copy-files.cmd:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * builtins/Array.prototype.js: Removed.
        * builtins/BuiltinExecutables.cpp: Removed.
        * builtins/BuiltinExecutables.h: Removed.
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/CodeBlock.h:
        * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::generateFunctionCodeBlock):
        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
        (JSC::UnlinkedFunctionExecutable::codeBlockFor):
        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::ExecutableInfo::ExecutableInfo):
        (JSC::UnlinkedFunctionExecutable::create):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::makeFunction):
        * bytecompiler/NodesCodegen.cpp:
        (JSC::CallFunctionCallDotNode::emitBytecode):
        (JSC::ApplyFunctionCallDotNode::emitBytecode):
        * create_hash_table:
        * dfg/DFGDominators.cpp:
        * dfg/DFGJITCode.cpp:
        * dfg/DFGOperations.cpp:
        * generate-js-builtins: Removed.
        * interpreter/CachedCall.h:
        (JSC::CachedCall::CachedCall):
        * interpreter/Interpreter.cpp:
        * interpreter/ProtoCallFrame.cpp:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * jit/JITOperations.cpp:
        * jit/JITPropertyAccess.cpp:
        * jit/JITPropertyAccess32_64.cpp:
        * jsc.cpp:
        * llint/LLIntOffsetsExtractor.cpp:
        * llint/LLIntSlowPaths.cpp:
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::makeFunctionCallNode):
        * parser/Lexer.cpp:
        (JSC::Lexer<T>::Lexer):
        (JSC::Lexer<LChar>::parseIdentifier):
        (JSC::Lexer<UChar>::parseIdentifier):
        (JSC::Lexer<T>::lex):
        * parser/Lexer.h:
        (JSC::Lexer<T>::lexExpectIdentifier):
        * parser/Nodes.cpp:
        * parser/Nodes.h:
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::Parser):
        (JSC::Parser<LexerType>::parseInner):
        (JSC::Parser<LexerType>::didFinishParsing):
        (JSC::Parser<LexerType>::printUnexpectedTokenText):
        * parser/Parser.h:
        (JSC::parse):
        * parser/ParserModes.h:
        * parser/ParserTokens.h:
        * runtime/Arguments.h:
        * runtime/ArgumentsIteratorPrototype.cpp:
        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncEvery):
        * runtime/CodeCache.cpp:
        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
        * runtime/CommonIdentifiers.cpp:
        (JSC::CommonIdentifiers::CommonIdentifiers):
        * runtime/CommonIdentifiers.h:
        * runtime/CommonSlowPaths.cpp:
        * runtime/CommonSlowPathsExceptions.cpp:
        * runtime/ExceptionHelpers.cpp:
        (JSC::createUndefinedVariableError):
        * runtime/Executable.h:
        (JSC::EvalExecutable::executableInfo):
        (JSC::ProgramExecutable::executableInfo):
        (JSC::isHostFunction):
        * runtime/FunctionPrototype.cpp:
        (JSC::functionProtoFuncToString):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::symbolTableGet):
        (JSC::JSActivation::symbolTablePut):
        (JSC::JSActivation::symbolTablePutWithAttributes):
        * runtime/JSArgumentsIterator.cpp:
        * runtime/JSArray.cpp:
        * runtime/JSArrayIterator.cpp:
        * runtime/JSCJSValue.cpp:
        * runtime/JSCellInlines.h:
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::calculatedDisplayName):
        (JSC::JSFunction::sourceCode):
        (JSC::JSFunction::callerGetter):
        (JSC::JSFunction::getOwnPropertySlot):
        (JSC::JSFunction::getOwnNonIndexPropertyNames):
        (JSC::JSFunction::put):
        (JSC::JSFunction::defineOwnProperty):
        * runtime/JSFunction.h:
        * runtime/JSFunctionInlines.h:
        (JSC::JSFunction::nativeFunction):
        (JSC::JSFunction::nativeConstructor):
        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
        * runtime/JSGenericTypedArrayViewInlines.h:
        * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::visitChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::symbolTableHasProperty):
        * runtime/JSObject.cpp:
        (JSC::getClassPropertyNames):
        (JSC::JSObject::reifyStaticFunctionsForDelete):
        * runtime/JSObject.h:
        * runtime/JSPromiseConstructor.cpp:
        * runtime/JSPromiseDeferred.cpp:
        * runtime/JSPromisePrototype.cpp:
        * runtime/JSPromiseReaction.h:
        * runtime/JSPropertyNameIterator.cpp:
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSString.h:
        (JSC::JSString::getStringPropertySlot):
        (JSC::inlineJSValueNotStringtoString):
        (JSC::JSValue::toWTFStringInline):
        * runtime/JSStringInlines.h: Removed.
        * runtime/JSSymbolTableObject.cpp:
        (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
        * runtime/JSSymbolTableObject.h:
        (JSC::symbolTableGet):
        (JSC::symbolTablePut):
        (JSC::symbolTablePutWithAttributes):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::HashEntry::propertyGetter):
        (JSC::HashEntry::propertyPutter):
        (JSC::HashTable::entry):
        (JSC::getStaticPropertySlot):
        (JSC::getStaticValueSlot):
        (JSC::putEntry):
        * runtime/NativeErrorConstructor.cpp:
        * runtime/NativeErrorConstructor.h:
        (JSC::NativeErrorConstructor::finishCreation):
        * runtime/PropertySlot.h:
        * runtime/RegExpConstructor.cpp:
        * runtime/RegExpPrototype.cpp:
        * runtime/SetConstructor.cpp:
        * runtime/StringObject.cpp:
        * runtime/Structure.cpp:
        * runtime/VM.cpp:
        (JSC::VM::VM):
        * runtime/VM.h:

2014-01-31  Filip Pizlo  <fpizlo@apple.com>

        DFG->FTL tier-up shouldn't assume that LoopHints stay at the tops of loops
        https://bugs.webkit.org/show_bug.cgi?id=128030

        Reviewed by Oliver Hunt.
        
        Remove a bogus assertion. The only thing that matters is that the LoopHint had at one
        point in time been at the top of a loop header, and that it is now at the top of a
        basic block. But the basic block that it's at the top of now doesn't have to be the
        same as the loop header that it once was the top of.

        * dfg/DFGTierUpCheckInjectionPhase.cpp:
        (JSC::DFG::TierUpCheckInjectionPhase::run):
        * tests/stress/tier-up-in-loop-with-cfg-simplification.js: Added.
        (foo):

2014-01-31  Mark Lam  <mark.lam@apple.com>

        Avoid eagerly creating the JSActivation when the debugger is attached.
        <https://webkit.org/b/127910>

        Reviewed by Oliver Hunt.

        Octane scores for this patch:
            baseline w/o WebInspector: 11621
            patched  w/o WebInspector: 11801
            baseline w/ WebInspector:  3295
            patched  w/ WebInspector:  7070   2.1x improvement

        1. Because debugger can potentially create a closure from any call frame,
           we need every function to allocate an activation register and check for
           the need to tear off the activation (if needed) on return.

           However, we do not need to eagerly create the activation object.
           This patch implements the optimization to defer creation of the
           activation object until we actually need it i.e. when:

           1. We encounter a "eval", "with", or "catch" statement.
           2. We've paused in the debugger, and called DebuggerCallFrame::scope().

        2. The UnlinkedCodeBlock provides a needsFullScopeChain flag that is used
           to indicate whether the linked CodeBlock will need an activation
           object or not. Under normal circumstances, needsFullScopeChain and
           needsActivation are synonymous. However, with a debugger attached, we
           want the CodeBlock to always allocate an activationRegister even if
           it does not need a "full scope chain".

           Hence, we apply the following definitions to the "flags":

           1. UnlinkedCodeBlock::needsFullScopeChain() - this flag indicates that
              the parser discovered JS artifacts (e.g. use of "eval", "with", etc.)
              that requires an activation.

              BytecodeGenerator's destinationForAssignResult() and leftHandSideNeedsCopy()
              checks needsFullScopeChain().

           2. UnlinkedCodeBlock::hasActivationRegister() - this flag indicates that
              an activation register was created for the UnlinkedCodeBlock either
              because it needsFullScopeChain() or because the debugger is attached.

           3. CodeBlock::needsActivation() reflects UnlinkedCodeBlock's
              hasActivationRegister().

        3. Introduced BytecodeGenerator::emitPushFunctionNameScope() and
           BytecodeGenerator::emitPushCatchScope() because the JSNameScope
           pushed for a function name cannot be popped unlike the JSNameScope
           pushed for a "catch". Hence, we have 2 functions to handle the 2 cases
           differently.

        4. Removed DebuggerCallFrame::evaluateWithCallFrame() and require that all
           debugger evaluations go through the DebuggerCallFrame::evaluate(). This
           ensures that debugger evaluations require a DebuggerCallFrame.

           DebuggerCallFrame::evaluateWithCallFrame() was used previously because
           we didn't want to instantiate a DebuggerCallFrame on every debug hook
           callback. However, we now only call the debug hooks when needed, and
           this no longer poses a performance problem.

           In addition, when the debug hook does an eval to test a breakpoint
           condition, it is incorrect to evaluate it without a DebuggerCallFrame
           anyway.

        5. Added some utility functions to the CallFrame to make it easier to work
           with the activation register in the frame (if present). These utility
           functions should only be called if the CodeBlock::needsActivation() is
           true (which indicates the presence of the activation register). The
           utlity functions are:

           1. CallFrame::hasActivation()
              - checks if the frame's activation object has been created.

           2. CallFrame::activation()
              - returns the frame's activation object.

           3. CallFrame::uncheckedActivation()
              - returns the JSValue in the frame's activation register. May be null.

           4. CallFrame::setActivation()
              - sets the frame's activation object.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        - added symbollic dumping of ResolveMode and ResolveType values for some
          bytecodes.
        (JSC::CodeBlock::CodeBlock):
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::activationRegister):
        (JSC::CodeBlock::uncheckedActivationRegister):
        (JSC::CodeBlock::needsActivation):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedCodeBlock::needsFullScopeChain):
        (JSC::UnlinkedCodeBlock::hasActivationRegister):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        (JSC::BytecodeGenerator::resolveCallee):
        (JSC::BytecodeGenerator::createActivationIfNecessary):
        (JSC::BytecodeGenerator::emitCallEval):
        (JSC::BytecodeGenerator::emitReturn):
        (JSC::BytecodeGenerator::emitPushWithScope):
        (JSC::BytecodeGenerator::emitPushFunctionNameScope):
        (JSC::BytecodeGenerator::emitPushCatchScope):
        * bytecompiler/BytecodeGenerator.h:
        * bytecompiler/NodesCodegen.cpp:
        (JSC::TryNode::emitBytecode):
        * debugger/Debugger.cpp:
        (JSC::Debugger::hasBreakpoint):
        (JSC::Debugger::pauseIfNeeded):
        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::scope):
        (JSC::DebuggerCallFrame::evaluate):
        * debugger/DebuggerCallFrame.h:
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseCodeBlock):
        * dfg/DFGGraph.h:
        - Removed an unused function DFGGraph::needsActivation().
        * interpreter/CallFrame.cpp:
        (JSC::CallFrame::activation):
        (JSC::CallFrame::setActivation):
        * interpreter/CallFrame.h:
        (JSC::ExecState::hasActivation):
        (JSC::ExecState::registers):
        * interpreter/CallFrameInlines.h:
        (JSC::CallFrame::uncheckedActivation):
        * interpreter/Interpreter.cpp:
        (JSC::unwindCallFrame):
        (JSC::Interpreter::unwind):
        * jit/JITOperations.cpp:
        * llint/LLIntSlowPaths.cpp:
        (JSC::LLInt::LLINT_SLOW_PATH_DECL):
        * runtime/CommonSlowPaths.cpp:
        (JSC::SLOW_PATH_DECL):

        * runtime/JSScope.cpp:
        * runtime/JSScope.h:
        (JSC::resolveModeName):
        (JSC::resolveTypeName):
        - utility functions for decoding names of the ResolveMode and ResolveType.
          These are used in CodeBlock::dumpBytecode().

2014-01-31  Michael Saboff  <msaboff@apple.com>

        REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
        https://bugs.webkit.org/show_bug.cgi?id=128017

        Reviewed by Filip Pizlo.

        Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
        to JSLock and JSLock::DropAllLocks.  The saved data is now stored in per-thread in
        WTFThreadData.

        * runtime/InitializeThreading.cpp:
        (JSC::initializeThreading):
        * runtime/JSLock.cpp:
        (JSC::JSLock::lock):
        (JSC::JSLock::unlock):
        (JSC::JSLock::DropAllLocks::DropAllLocks):
        (JSC::JSLock::DropAllLocks::~DropAllLocks):
        * runtime/JSLock.h:
        * runtime/VMEntryScope.cpp:
        (JSC::VMEntryScope::VMEntryScope):
        (JSC::VMEntryScope::~VMEntryScope):
        * runtime/VMEntryScope.h:

2014-01-31  Mark Lam  <mark.lam@apple.com>

        Don't need a JSNameScope for the callee name just for the debugger.
        <https://webkit.org/b/128024>

        Reviewed by Geoffrey Garen.

        Currently, in the bytecode for a function, we push a JSNamedScope for
        the name of the function when a debugger is attached. The name scope for
        the function name is only needed for evals which can redefine the name
        to resolve to something else, and can later delete the redefined name
        which should revert the resolution of the name to the original function.
        The debugger does not need this feature because it declares all new vars
        in a temporary nested scope. Hence, we can remove the presence of the
        debugger as a criteria for pushing the JSNameScope.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::resolveCallee):
        (JSC::BytecodeGenerator::addCallee):

2014-01-31  Filip Pizlo  <fpizlo@apple.com>

        Unreviewed, build fix.

        * ftl/FTLOSREntry.cpp:

2014-01-31  Oliver Hunt  <oliver@apple.com>

        Fix windows

        * generate-js-builtins:

2014-01-31  Oliver Hunt  <oliver@apple.com>

        Fix 32bit.

        * jit/JITPropertyAccess32_64.cpp:

2014-01-31  Mark Lam  <mark.lam@apple.com>

        Add options to force debugger / profiler bytecode generation.
        <https://webkit.org/b/128014>

        Reviewed by Oliver Hunt.

        Add Options::forceDebuggerBytecodeGeneration() and
        Options::forceProfilerBytecodeGeneration(). These options make it more
        convenient to do correctness testing when debugger / profiler bytecodes
        are generated.

        These options are disabled by default.

        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * runtime/Options.h:

2014-01-29  Oliver Hunt  <oliver@apple.com>

        Make it possible to implement JS builtins in JS
        https://bugs.webkit.org/show_bug.cgi?id=127887

        Reviewed by Michael Saboff.

        This patch makes it possible to write builtin functions in JS.
        The bindings, generators, and definitions are all created automatically
        based on js files in the builtins/ directory.  This patch includes one
        such case: Array.prototype.js with an implementation of every().

        There's a lot of refactoring to make it possible for CommonIdentifiers
        to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
        without breaking the offset extractor. The result of this refactoring
        is that CommonIdentifiers, and a few other miscellaneous headers now
        need to be included directly as they were formerly captured through other
        paths.

        In addition this adds a flag to the Lookup table's hashentry to indicate
        that a static function is actually backed by JS. There is then a lot of
        logic to thread the special nature of the functon to where it matters.
        This allows toString(), .caller, etc to mimic the behaviour of a host
        function.

        Notes on writing builtins:
         - Each function is compiled independently of the others, and those
           implementations cannot currently capture all global properties (as
           that could be potentially unsafe). If a function does capture a
           global we will deliberately crash.
         - For those "global" properties that we do want access to, we use
           the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
           are private names, and behave just like regular properties, only
           without the risk of adulteration. Again, in the @Object case, we
           explicitly duplicate the ObjectConstructor reference on the GlobalObject
           so that we have guaranteed access to the original version of the
           constructor.
         - call, apply, eval, and Function are all rejected identifiers, again
           to prevent anything from accidentally using an adulterated object.
           Instead @call and @apply are available, and happily they completely
           drop the neq_ptr instruction as they're defined as always being the
           original call/apply functions.

        These restrictions are just intended to make it harder to accidentally
        make changes that are incorrect (for instance calling whatever has been
        assigned to global.Object, instead of the original constructor function).
        However, making a mistake like this should result in a purely semantic
        error as fundamentally these functions are treated as though they were
        regular JS code in the host global, and have no more privileges than
        any other JS.

        The initial proof of concept is Array.prototype.every, this shows a 65%
        performance improvement, and that improvement is significantly hurt by
        our poor optimisation of op_in.

        As this is such a limited function, we have not yet exported all symbols
        that we could possibly need, but as we implement more, the likelihood
        of encountering missing features will reduce.

        This did require breaking out a JSStringInlines header, and required
        fixing a few objects that were trying to using PropertyName::publicName
        rather than PropertyName::uid.

        * API/JSCallbackObjectFunctions.h:
        (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
        (JSC::JSCallbackObject<Parent>::put):
        (JSC::JSCallbackObject<Parent>::deleteProperty):
        (JSC::JSCallbackObject<Parent>::getStaticValue):
        (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
        (JSC::JSCallbackObject<Parent>::callbackGetter):
        * CMakeLists.txt:
        * DerivedSources.make:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * builtins/Array.prototype.js:
        (every):
        * builtins/BuiltinExecutables.cpp: Added.
        (JSC::BuiltinExecutables::BuiltinExecutables):
        (JSC::BuiltinExecutables::createBuiltinExecutable):
        * builtins/BuiltinExecutables.h:
        (JSC::BuiltinExecutables::create):
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/CodeBlock.h:
        * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::generateFunctionCodeBlock):
        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
        (JSC::UnlinkedFunctionExecutable::codeBlockFor):
        (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::ExecutableInfo::ExecutableInfo):
        (JSC::UnlinkedFunctionExecutable::create):
        (JSC::UnlinkedFunctionExecutable::toStrictness):
        (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
        (JSC::UnlinkedCodeBlock::isBuiltinFunction):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::BytecodeGenerator):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::isBuiltinFunction):
        (JSC::BytecodeGenerator::makeFunction):
        * bytecompiler/NodesCodegen.cpp:
        (JSC::CallFunctionCallDotNode::emitBytecode):
        (JSC::ApplyFunctionCallDotNode::emitBytecode):
        * create_hash_table:
        * dfg/DFGOperations.cpp:
        * generate-js-builtins: Added.
        (getCopyright):
        (getFunctions):
        (generateCode):
        (mangleName):
        (FunctionExecutable):
        (Identifier):
        (JSGlobalObject):
        (SourceCode):
        (UnlinkedFunctionExecutable):
        (VM):
        * interpreter/Interpreter.cpp:
        * interpreter/ProtoCallFrame.cpp:
        * jit/JITOpcodes.cpp:
        * jit/JITOpcodes32_64.cpp:
        * jit/JITOperations.cpp:
        * jit/JITPropertyAccess.cpp:
        * jit/JITPropertyAccess32_64.cpp:
        * jsc.cpp:
        * llint/LLIntSlowPaths.cpp:
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::makeFunctionCallNode):
        * parser/Lexer.cpp:
        (JSC::Lexer<T>::Lexer):
        (JSC::isSafeIdentifier):
        (JSC::Lexer<LChar>::parseIdentifier):
        (JSC::Lexer<UChar>::parseIdentifier):
        (JSC::Lexer<T>::lex):
        * parser/Lexer.h:
        (JSC::isSafeIdentifier):
        (JSC::Lexer<T>::lexExpectIdentifier):
        * parser/Nodes.cpp:
        (JSC::ProgramNode::setClosedVariables):
        * parser/Nodes.h:
        (JSC::ScopeNode::capturedVariables):
        (JSC::ScopeNode::setClosedVariables):
        (JSC::ProgramNode::closedVariables):
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::Parser):
        (JSC::Parser<LexerType>::parseInner):
        (JSC::Parser<LexerType>::didFinishParsing):
        (JSC::Parser<LexerType>::printUnexpectedTokenText):
        * parser/Parser.h:
        (JSC::Scope::getUsedVariables):
        (JSC::Parser::closedVariables):
        (JSC::parse):
        * parser/ParserModes.h:
        * parser/ParserTokens.h:
        * runtime/ArgList.cpp:
        * runtime/Arguments.cpp:
        * runtime/Arguments.h:
        * runtime/ArgumentsIteratorConstructor.cpp:
        * runtime/ArgumentsIteratorPrototype.cpp:
        * runtime/ArrayPrototype.cpp:
        * runtime/CodeCache.cpp:
        (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
        * runtime/CommonIdentifiers.cpp:
        (JSC::CommonIdentifiers::CommonIdentifiers):
        (JSC::CommonIdentifiers::getPrivateName):
        (JSC::CommonIdentifiers::getPublicName):
        * runtime/CommonIdentifiers.h:
        * runtime/CommonSlowPaths.cpp:
        * runtime/CommonSlowPathsExceptions.cpp:
        * runtime/ExceptionHelpers.cpp:
        (JSC::createUndefinedVariableError):
        * runtime/Executable.h:
        (JSC::EvalExecutable::executableInfo):
        (JSC::ProgramExecutable::executableInfo):
        (JSC::FunctionExecutable::isBuiltinFunction):
        * runtime/FunctionPrototype.cpp:
        (JSC::functionProtoFuncToString):
        * runtime/JSActivation.cpp:
        (JSC::JSActivation::symbolTableGet):
        (JSC::JSActivation::symbolTablePut):
        (JSC::JSActivation::symbolTablePutWithAttributes):
        * runtime/JSArgumentsIterator.cpp:
        * runtime/JSArray.cpp:
        * runtime/JSArrayIterator.cpp:
        * runtime/JSCJSValue.cpp:
        * runtime/JSCellInlines.h:
        * runtime/JSFunction.cpp:
        (JSC::JSFunction::createBuiltinFunction):
        (JSC::JSFunction::calculatedDisplayName):
        (JSC::JSFunction::sourceCode):
        (JSC::JSFunction::isHostOrBuiltinFunction):
        (JSC::JSFunction::isBuiltinFunction):
        (JSC::JSFunction::callerGetter):
        (JSC::JSFunction::getOwnPropertySlot):
        (JSC::JSFunction::getOwnNonIndexPropertyNames):
        (JSC::JSFunction::put):
        (JSC::JSFunction::defineOwnProperty):
        * runtime/JSFunction.h:
        * runtime/JSGenericTypedArrayViewConstructorInlines.h:
        * runtime/JSGenericTypedArrayViewInlines.h:
        * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::reset):
        (JSC::JSGlobalObject::visitChildren):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::objectConstructor):
        (JSC::JSGlobalObject::symbolTableHasProperty):
        * runtime/JSObject.cpp:
        (JSC::getClassPropertyNames):
        (JSC::JSObject::reifyStaticFunctionsForDelete):
        (JSC::JSObject::putDirectBuiltinFunction):
        * runtime/JSObject.h:
        * runtime/JSPropertyNameIterator.cpp:
        * runtime/JSPropertyNameIterator.h:
        * runtime/JSString.h:
        * runtime/JSStringInlines.h: Added.
        (JSC::JSString::getStringPropertySlot):
        (JSC::inlineJSValueNotStringtoString):
        (JSC::JSValue::toWTFStringInline):
        * runtime/JSSymbolTableObject.cpp:
        (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
           Don't report private names.
        * runtime/JSSymbolTableObject.h:
        (JSC::symbolTableGet):
        (JSC::symbolTablePut):
        (JSC::symbolTablePutWithAttributes):
        * runtime/Lookup.cpp:
        (JSC::setUpStaticFunctionSlot):
        * runtime/Lookup.h:
        (JSC::HashEntry::builtinGenerator):
        (JSC::HashEntry::propertyGetter):
        (JSC::HashEntry::propertyPutter):
        (JSC::HashTable::entry):
        (JSC::getStaticPropertySlot):
        (JSC::getStaticValueSlot):
        (JSC::putEntry):
        * runtime/NativeErrorConstructor.cpp:
        (JSC::NativeErrorConstructor::finishCreation):
        * runtime/NativeErrorConstructor.h:
        * runtime/PropertySlot.h:
        * runtime/RegExpPrototype.cpp:
        * runtime/SetConstructor.cpp:
        * runtime/StringObject.cpp:
        * runtime/Structure.cpp:
        * runtime/VM.cpp:
        (JSC::VM::VM):
        * runtime/VM.h:
        (JSC::VM::builtinExecutables):

2014-01-31  Gabor Rapcsanyi  <rgabor@webkit.org>

        Fix the ARM Thumb2 build after jsCStack branch merge
        https://bugs.webkit.org/show_bug.cgi?id=127903

        Reviewed by Michael Saboff.

        SP register cannot be used as a destination register of SUB or ADD on Thumb mode.

        * llint/LowLevelInterpreter.asm:
        * llint/LowLevelInterpreter32_64.asm:

2014-01-31  Julien Brianceau  <jbriance@cisco.com>

        [arm] Add missing pushPair/popPair implementations in MacroAssemblerARM.h
        https://bugs.webkit.org/show_bug.cgi?id=127904

        Reviewed by Zoltan Herczeg.

        * assembler/MacroAssemblerARM.h:
        (JSC::MacroAssemblerARM::popPair):
        (JSC::MacroAssemblerARM::pushPair):

2014-01-30  Martin Robinson  <mrobinson@igalia.com>

        [GTK] [CMake] Add support for building against GTK+ 2
        https://bugs.webkit.org/show_bug.cgi?id=127959

        Reviewed by Anders Carlsson.

        * PlatformGTK.cmake: Use the new API version variable and don't use GTK3 directly.

2014-01-30  Andreas Kling  <akling@apple.com>

        CodeBlock's cloned SymbolTables only need the captured names.
        <https://webkit.org/b/127978>

        Renamed SymbolTable::clone() to SymbolTable::cloneCapturedNames()
        and make it skip over any symbols that aren't captured, since those
        won't be needed after codegen.

        This is a first step towards getting rid of redundant symbol tables.

        Reviewed by Geoffrey Garen.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * runtime/SymbolTable.cpp:
        (JSC::SymbolTable::cloneCapturedNames):
        * runtime/SymbolTable.h:

2014-01-28  Timothy Hatcher  <timothy@apple.com>

        Add column number and call timing support to LegacyProfiler.

        https://bugs.webkit.org/show_bug.cgi?id=127764

        Reviewed by Joseph Pecoraro.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::execute):
        * profiler/CallIdentifier.h:
        (JSC::CallIdentifier::CallIdentifier):
        (JSC::CallIdentifier::functionName):
        (JSC::CallIdentifier::url):
        (JSC::CallIdentifier::lineNumber):
        (JSC::CallIdentifier::columnNumber):
        (JSC::CallIdentifier::operator==):
        (JSC::CallIdentifier::operator!=):
        (JSC::CallIdentifier::Hash::hash):
        (WTF::HashTraits<JSC::CallIdentifier>::constructDeletedValue):
        (WTF::HashTraits<JSC::CallIdentifier>::isDeletedValue):
        * profiler/LegacyProfiler.cpp:
        (JSC::LegacyProfiler::willExecute):
        (JSC::LegacyProfiler::didExecute):
        (JSC::LegacyProfiler::exceptionUnwind):
        (JSC::LegacyProfiler::createCallIdentifier):
        (JSC::createCallIdentifierFromFunctionImp):
        * profiler/LegacyProfiler.h:
        * profiler/Profile.cpp:
        (JSC::Profile::Profile):
        * profiler/Profile.h:
        (JSC::Profile::uid):
        (JSC::Profile::idleTime):
        (JSC::Profile::setIdleTime):
        * profiler/ProfileGenerator.cpp:
        (JSC::AddParentForConsoleStartFunctor::operator()):
        (JSC::ProfileGenerator::addParentForConsoleStart):
        (JSC::ProfileGenerator::willExecute):
        (JSC::ProfileGenerator::didExecute):
        (JSC::ProfileGenerator::stopProfiling):
        (JSC::ProfileGenerator::removeProfileStart):
        (JSC::ProfileGenerator::removeProfileEnd):
        * profiler/ProfileNode.cpp:
        (JSC::ProfileNode::ProfileNode):
        (JSC::ProfileNode::stopProfiling):
        (JSC::ProfileNode::endAndRecordCall):
        (JSC::ProfileNode::startTimer):
        (JSC::ProfileNode::debugPrintData):
        * profiler/ProfileNode.h:
        (JSC::ProfileNode::Call::Call):
        (JSC::ProfileNode::Call::startTime):
        (JSC::ProfileNode::Call::setStartTime):
        (JSC::ProfileNode::Call::totalTime):
        (JSC::ProfileNode::Call::setTotalTime):
        (JSC::ProfileNode::id):
        (JSC::ProfileNode::functionName):
        (JSC::ProfileNode::url):
        (JSC::ProfileNode::lineNumber):
        (JSC::ProfileNode::columnNumber):
        (JSC::ProfileNode::calls):
        (JSC::ProfileNode::lastCall):
        (JSC::ProfileNode::numberOfCalls):

2014-01-26  Timothy Hatcher  <timothy@apple.com>

        Include profile with FunctionCall and EvaluateScript Timeline records.

        https://bugs.webkit.org/show_bug.cgi?id=127663

        Reviewed by Joseph Pecoraro.

        * inspector/InjectedScriptBase.cpp:
        (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
        * inspector/InspectorEnvironment.h:
        * inspector/JSGlobalObjectInspectorController.h:

2014-01-29  Filip Pizlo  <fpizlo@apple.com>

        FTL should support GetById(Untyped:)
        https://bugs.webkit.org/show_bug.cgi?id=127750

        Reviewed by Oliver Hunt.
        
        This was supposed to be easy. Indeed, the actual GetById UntypedUse case was easy. But
        then it expanded coverage by a lot and I got to deal with three bugs. So, this has
        some additional changes:
        
        Also make it safe for LLVM to duplicate calls to patchpoints and stackmaps. Previously
        we incorrectly assumed that if we emitted a patchpoint, then there would only be one
        copy of that patchpoint (with that ID) in the resulting machine code and in the
        stackmaps section. That's obviously a bad assumption - LLVM is allowed to do anything
        it wants so long as the outcome of executing the code has a semantically equivalent
        meaning to the IR we gave it, and duplicating code is trivially OK under this rule. We
        should be OK with it, too. The solution is to add Vectors in a bunch of places that
        previously just thought they only had one value. For example, an InlineCacheDescriptor
        now has a Vector of generators - one generator for each copy that LLVM stamped out.
        Normally there will only be one copy, of course - since duplication is usually
        unprofitable. But, if LLVM decides that copying would be groovy then we will no longer
        barf.
        
        Also fix SSA conversion. It turns out that we mishandled the case where a block had
        multiple Phi functions for the same local. If any of those CPS Phis fail to trivialize
        in the Aycock-Horspool fixpoint, we need to insert an SSA Phi. Previously, it was
        assuming that so long as the head CPS Phi was trivial, we could forego SSA Phi
        insertion. That's wrong if the head CPS Phi trivialized but ended up pointing to a
        non-trivial CPS Phi in the same block. This madness with trees of Phis occurs because
        we try to save on compile times: no Phi ever has more than three children even if the
        block has more than three predecessors; we just build out a tree of Phis to satisfy
        all predecessors. So weird.
        
        And finally, fix DFG->FTL OSR entry's reconstruction of 'this' in a constructor. That
        reconstruction code, JITCode::reconstruct(), had a work-around for the case where we
        were entering into a constructor at the prologue. In that case, 'this' is definitely
        unavailable. But the OSR code does reconstructions at LoopHints, which aren't at the
        prologue, and so 'this' should totally be available.

        * dfg/DFGGraph.cpp:
        (JSC::DFG::Graph::dump):
        * dfg/DFGJITCode.cpp:
        (JSC::DFG::JITCode::reconstruct):
        * dfg/DFGNode.h:
        (JSC::DFG::Node::tryGetVariableAccessData):
        * dfg/DFGSSAConversionPhase.cpp:
        (JSC::DFG::SSAConversionPhase::run):
        * ftl/FTLCapabilities.cpp:
        (JSC::FTL::canCompile):
        * ftl/FTLCompile.cpp:
        (JSC::FTL::generateICFastPath):
        (JSC::FTL::fixFunctionBasedOnStackMaps):
        * ftl/FTLInlineCacheDescriptor.h:
        * ftl/FTLJITFinalizer.cpp:
        (JSC::FTL::JITFinalizer::codeSize):
        * ftl/FTLJSCall.cpp:
        (JSC::FTL::JSCall::JSCall):
        * ftl/FTLJSCall.h:
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::compileGetById):
        (JSC::FTL::LowerDFGToLLVM::getById):
        * ftl/FTLOSREntry.cpp:
        (JSC::FTL::prepareOSREntry):
        * ftl/FTLStackMaps.cpp:
        (JSC::FTL::StackMaps::getRecordMap):
        * ftl/FTLStackMaps.h:
        * tests/stress/get-by-id-untyped.js: Added.
        (foo):

2014-01-30  Geoffrey Garen  <ggaren@apple.com>

        Part 2: REGRESSION: JavascriptCore crash during OS Installation (due to
        Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
        https://bugs.webkit.org/show_bug.cgi?id=127950

        Reviewed by Mark Hahnenberg.

        Scope the APICallbackShim to make sure that we re-acquire the lock
        before putting the heap back into the "unsafe to allocate" state.
        Otherwise, the heap will seem to be in the "unsafe to allocate" state
        during any GC that happens before we re-acquire the lock.

        No regression test because threads.

        * heap/DelayedReleaseScope.h:
        (JSC::DelayedReleaseScope::~DelayedReleaseScope):

2014-01-30  Filip Pizlo  <fpizlo@apple.com>

        Update FTL StackMaps parser to stackSize change
        https://bugs.webkit.org/show_bug.cgi?id=127933

        Reviewed by Oliver Hunt.

        * ftl/FTLStackMaps.cpp:
        (JSC::FTL::StackMaps::parse):

2014-01-30  Zan Dobersek  <zdobersek@igalia.com>

        [GTK] Only disable -ftree-dce optimization when compiling with GCC
        https://bugs.webkit.org/show_bug.cgi?id=127911

        Reviewed by Carlos Garcia Campos.

        * GNUmakefile.am: Only disable the -ftree-dce optimization when using the GCC compiler.
        Some Clang versions/configurations don't support the flag.

2014-01-30  Zan Dobersek  <zdobersek@igalia.com>

        [GTK] Disable optimizations for JSC that turned out malignant after jsCStack branch merge
        https://bugs.webkit.org/show_bug.cgi?id=127909

        Reviewed by Carlos Garcia Campos.

        * GNUmakefile.am: Disable the -fomit-frame-pointer optimization to achieve proper register usage
        in operationCallEval. Disable the -ftree-dce optimization since it is causing additional failures
        when using GCC 4.8, possibly due to a bug in the compiler itself.

2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>

        Remove ENABLE(JAVASCRIPT_DEBUGGER) leftovers
        https://bugs.webkit.org/show_bug.cgi?id=127845

        Reviewed by Joseph Pecoraro.

        * Configurations/FeatureDefines.xcconfig:

2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Play Breakpoint Sound in Frontend
        https://bugs.webkit.org/show_bug.cgi?id=127885

        Reviewed by Timothy Hatcher.

        * inspector/ScriptDebugListener.h:
        * inspector/ScriptDebugServer.cpp:
        (Inspector::ScriptDebugServer::evaluateBreakpointAction):
        (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
        * inspector/ScriptDebugServer.h:
        Pass the breakpoint action identifier through when the
        sound breakpoint action is triggered.

        * inspector/protocol/Debugger.json:
        New "playBreakpointActionSound" event when a "sound" breakpoint action triggers.

        * inspector/agents/InspectorDebuggerAgent.h:
        * inspector/agents/InspectorDebuggerAgent.cpp:
        (Inspector::InspectorDebuggerAgent::breakpointActionSound):
        Send the new event so the frontend can handle it.

2014-01-29  Filip Pizlo  <fpizlo@apple.com>

        Merge final changesets from the jsCStack branch (r162969, r162975, r162992, r163004, r163069).

    2014-01-29  Filip Pizlo  <fpizlo@apple.com>
    
            DFG ArrayPop double array mishandles the NaN hole installation
            https://bugs.webkit.org/show_bug.cgi?id=127813
    
            Reviewed by Mark Rowe.
            
            Our object model for arrays inferred double dictates that we use quiet NaN (QNaN) to
            mark holes. Holes, in this context, are any entries in the allocated array buffer
            (i.e. from index 0 up to the vectorLength) that don't currently hold a value. Popping
            creates a hole, since it deletes the value at publicLength - 1.
            
            But, because of some sloppy copy-and-paste, we were storing (int64_t)0 when creating
            the hole, instead of storing QNaN. That's likely because for other kinds of arrays,
            64-bit zero is the hole marker, instead of QNaN.
            
            The attached test case illustrates the problem. In the LLInt and Baseline JIT, the
            result returned from foo() is "1.5,2.5,,4.5", since array.pop() removes 3.5 and
            replaces it with a hole and then the assignment "array[3] = 4.5" creates an element
            just beyond that hole. But, once we tier-up to the DFG, the result previously became
            "1.5,2.5,0,4.5", which is wrong. The 0 appeared because the IEEE double
            interpretation of 64-bit zero is simply zero.
            
            This patch fixes that problem. Now the DFG agrees with the other engines.
            
            This patch also fixes style. For some reason that copy-pasted code wasn't even
            indented correctly.
    
            * dfg/DFGSpeculativeJIT64.cpp:
            (JSC::DFG::SpeculativeJIT::compile):
            * tests/stress/array-pop-double-hole.js: Added.
            (foo):
    
    2014-01-28  Filip Pizlo  <fpizlo@apple.com>
    
            FTL should support ArrayPush
            https://bugs.webkit.org/show_bug.cgi?id=127748
    
            Not reviewed, remove some debug code.
    
            * ftl/FTLLowerDFGToLLVM.cpp:
            (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
    
    2014-01-27  Filip Pizlo  <fpizlo@apple.com>
    
            FTL should support ArrayPush
            https://bugs.webkit.org/show_bug.cgi?id=127748
    
            Reviewed by Oliver Hunt.
    
            * ftl/FTLAbstractHeapRepository.h:
            (JSC::FTL::AbstractHeapRepository::forArrayType):
            * ftl/FTLCapabilities.cpp:
            (JSC::FTL::canCompile):
            * ftl/FTLIntrinsicRepository.h:
            * ftl/FTLLowerDFGToLLVM.cpp:
            (JSC::FTL::LowerDFGToLLVM::compileNode):
            (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
            * tests/stress/array-push-contiguous.js: Added.
            (foo):
            * tests/stress/array-push-double.js: Added.
            (foo):
    
    2014-01-28  Filip Pizlo  <fpizlo@apple.com>
    
            FTL should support ArrayPop
            https://bugs.webkit.org/show_bug.cgi?id=127749
    
            Reviewed by Geoffrey Garen.
    
            * ftl/FTLCapabilities.cpp:
            (JSC::FTL::canCompile):
            * ftl/FTLIntrinsicRepository.h:
            * ftl/FTLLowerDFGToLLVM.cpp:
            (JSC::FTL::LowerDFGToLLVM::compileNode):
            (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
            (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
            * tests/stress/array-pop-contiguous.js: Added.
            (foo):
            * tests/stress/array-pop-double.js: Added.
            (foo):
            * tests/stress/array-pop-int32.js: Added.
            (foo):
    
2014-01-29  Filip Pizlo  <fpizlo@apple.com>

        DFG::ByteCodeParser::m_dfgCodeBlock is sometimes uninitialized
        <rdar://problem/15939032>

        Reviewed by Dan Bernstein.

        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parse):

2014-01-29  Geoffrey Garen  <ggaren@apple.com>

        50% time on Dromaeo Selector * benchmark spent allocating oversized backing stores (but not in Chrome)
        https://bugs.webkit.org/show_bug.cgi?id=127879

        Reviewed by Gavin Barraclough.

        Let's not dynamically resize an array whose size is statically known,
        mmmkay?

        * runtime/ArrayPrototype.cpp:
        (JSC::arrayProtoFuncConcat): Use nullptr to disambiguate vs the numeric
        argument.

        (JSC::arrayProtoFuncSlice): The fix.

        (JSC::arrayProtoFuncSort):
        (JSC::arrayProtoFuncSplice):
        (JSC::arrayProtoFuncFilter):
        (JSC::arrayProtoFuncMap): Use nullptr.

2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Run JSC Inspector EventLoop in a custom run loop mode to prevent default observers from running
        https://bugs.webkit.org/show_bug.cgi?id=127865

        Reviewed by Geoffrey Garen.

        When hitting a breakpoint in a JSContext Inspector we want to entirely
        pause the process and all access to the JSContext and only move forward
        based on debugger commands. Having the nested run loop run in a default
        mode allowed NSTimers scheduled on the thread to regularly run and
        evaluate code in the JSContext. Using a custom run loop mode gets us
        a bit closer to locking down the context. This doesn't handle scenarios
        where background threads also access the JSContext, but it handles the
        most common scenario.

        * inspector/EventLoop.cpp:
        (Inspector::EventLoop::cycle):

2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Deadlock hitting breakpoint while inspecting JSContext
        https://bugs.webkit.org/show_bug.cgi?id=127864

        Reviewed by Geoffrey Garen.

        Temporarily drop the lock while we run the nested runloop.

        * inspector/JSGlobalObjectScriptDebugServer.cpp:
        (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):

2014-01-28  Oliver Hunt  <oliver@apple.com>

        Make DOM attributes appear to be faux accessor properties
        https://bugs.webkit.org/show_bug.cgi?id=127797

        Reviewed by Michael Saboff.

        Add flag so we can identify which properties should have the old
        custom property semantics vs. the new faux accessors. Update the
        inspector protocol accordingly.

        These faux accessors produce descriptors with "get" and "set"
        properties, but both values are undefined so can't be used
        directly. A few custom properties actually require their
        existing magical behaviour, so we now have a flag to 
        distinguish the expected output.

        * inspector/InjectedScriptSource.js:
        (.):
        * runtime/JSObject.cpp:
        (JSC::JSObject::getOwnPropertyDescriptor):
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::setCustomDescriptor):
        * runtime/PropertyDescriptor.h:
        * runtime/PropertySlot.h:

2014-01-29  Beth Dakin  <bdakin@apple.com>

        Build fix.

        * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
        * llint/LowLevelInterpreter.cpp:

2014-01-29  Dan Bernstein  <mitz@apple.com>

        Build fix.

        * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added a newline at the end of the
        file.

2014-01-28  Michael Saboff  <msaboff@apple.com>

        Merge the jsCStack branch
        https://bugs.webkit.org/show_bug.cgi?id=127763

        Reviewed by Mark Hahnenberg.

        Changes from http://svn.webkit.org/repository/webkit/branches/jsCStack
        up to changeset 162958.

2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>

        Remove ENABLE(JAVASCRIPT_DEBUGGER) guards
        https://bugs.webkit.org/show_bug.cgi?id=127840

        Reviewed by Mark Lam.

        * inspector/scripts/CodeGeneratorInspector.py:

2014-01-28  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r162987.
        http://trac.webkit.org/changeset/162987
        https://bugs.webkit.org/show_bug.cgi?id=127825

        Broke Mountain Lion build (Requested by andersca on #webkit).

        * inspector/InjectedScriptSource.js:
        (.):
        * runtime/JSObject.cpp:
        (JSC::JSObject::getOwnPropertyDescriptor):
        * runtime/PropertyDescriptor.cpp:
        * runtime/PropertyDescriptor.h:
        * runtime/PropertySlot.h:

2014-01-28  Oliver Hunt  <oliver@apple.com>

        Make DOM attributes appear to be faux accessor properties
        https://bugs.webkit.org/show_bug.cgi?id=127797

        Reviewed by Michael Saboff.

        Add flag so we can identify which properties should have the old
        custom property semantics vs. the new faux accessors. Update the
        inspector protocol accordingly.

        These faux accessors produce descriptors with "get" and "set"
        properties, but both values are undefined so can't be used
        directly. A few custom properties actually require their
        existing magical behaviour, so we now have a flag to 
        distinguish the expected output.

        * inspector/InjectedScriptSource.js:
        (.):
        * runtime/JSObject.cpp:
        (JSC::JSObject::getOwnPropertyDescriptor):
        * runtime/PropertyDescriptor.cpp:
        (JSC::PropertyDescriptor::setCustomDescriptor):
        * runtime/PropertyDescriptor.h:
        * runtime/PropertySlot.h:

2014-01-28  Mark Lam  <mark.lam@apple.com>

        Remove some unneeded debugger code.
        https://bugs.webkit.org/show_bug.cgi?id=127805.

        Reviewed by Oliver Hunt.

        JSC will now always support the debugger. Hence, the #if ENABLE(JAVASCRIPT_DEBUGGER)
        checks can be removed.

        DebuggerCallFrame::callFrame() is also unused and will be removed.

        * debugger/Breakpoint.h:
        * debugger/Debugger.cpp:
        * debugger/DebuggerCallFrame.h:
        * inspector/InjectedScript.cpp:
        (Inspector::InjectedScript::wrapCallFrames):
        * inspector/InjectedScript.h:
        * inspector/JSGlobalObjectScriptDebugServer.cpp:
        * inspector/JSGlobalObjectScriptDebugServer.h:
        * inspector/JSJavaScriptCallFrame.cpp:
        * inspector/JSJavaScriptCallFrame.h:
        * inspector/JSJavaScriptCallFramePrototype.cpp:
        * inspector/JSJavaScriptCallFramePrototype.h:
        * inspector/JavaScriptCallFrame.cpp:
        * inspector/JavaScriptCallFrame.h:
        * inspector/ScriptDebugListener.h:
        * inspector/ScriptDebugServer.cpp:
        * inspector/ScriptDebugServer.h:
        * inspector/agents/InspectorDebuggerAgent.cpp:
        * inspector/agents/InspectorDebuggerAgent.h:
        * inspector/agents/InspectorRuntimeAgent.cpp:
        (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
        (Inspector::setPauseOnExceptionsState):
        (Inspector::InspectorRuntimeAgent::evaluate):
        (Inspector::InspectorRuntimeAgent::callFunctionOn):
        (Inspector::InspectorRuntimeAgent::getProperties):
        * inspector/agents/InspectorRuntimeAgent.h:

2014-01-28  Geoffrey Garen  <ggaren@apple.com>

        REGRESSION: JavascriptCore crash during OS Installation (due to
        Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
        https://bugs.webkit.org/show_bug.cgi?id=127793

        Reviewed by Mark Hahnenberg.

        This was a mistaken ASSERT.

        * API/tests/testapi.mm:
        (-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
        that GC from a DelayedReleaseScope doesn't crash.

        * heap/DelayedReleaseScope.h:
        (JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
        it is valid to do anything while running a DelayedReleaseScope -dealloc
        method, so the Heap must be ready for new allocations and collections.

        Change the Heap's operationInProgress value to NoOperation while running
        -dealloc methods, so that it doesn't ASSERT in the face of new allocations
        and collections.

        * heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
        for m_operationInProgress seemed like the worse of the two options for
        encapsulation: we don't really want arbitrary clients to set the Heap's
        m_operationInProgress.

2014-01-28  Mark Lam  <mark.lam@apple.com>

        Jettison DFG code when neither breakpoints or the profiler are active.
        <https://webkit.org/b/127766>

        Reviewed by Geoffrey Garen.

        We need to jettison the DFG CodeBlocks under the following circumstances:
        1. When adding breakpoints to a CodeBlock, jettison it if it is a DFG CodeBlock.
        2. When enabling stepping mode in a CodeBlock, jettison it if it a DFG CodeBlock.
        3. When settign the enabled profiler in the VM, we need to jettison all DFG
           CodeBlocks.

        Instead of emitting speculation checks, the DFG code will now treat Breakpoint,
        ProfileWillCall, and ProfileDidCall as no-ops similar to a Phantom node. We
        still need to track these nodes so that they match the corresponding opcodes
        in the baseline JIT when we jettison and OSR exit. Without them, we would OSR
        exit to the wrong location in the baseline JIT code.

        In DFGDriver's compileImpl() and DFGPlan's finalizeWithoutNotifyingCallback()
        we fail the compilation effort with a CompilationInvalidated result. This allows
        the DFG compiler to re-attampt the compilation of the function after some time
        if it is hot. The CompilationInvalidated result is supposed to cause the DFG
        to exercise an exponential back off before re-attempting compilation again
        (see runtime/CompilationResult.h).

        This patch improves the Octane score from ~2950 to ~3067.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::addBreakpoint):
        (JSC::CodeBlock::setSteppingMode):
        * bytecode/CodeBlock.h:
        * debugger/Debugger.h:
        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGClobberize.h:
        (JSC::DFG::clobberize):
        * dfg/DFGDriver.cpp:
        (JSC::DFG::compileImpl):
        * dfg/DFGPlan.cpp:
        (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * profiler/LegacyProfiler.cpp:
        (JSC::LegacyProfiler::startProfiling):
        (JSC::LegacyProfiler::stopProfiling):
        * runtime/VM.cpp:
        (JSC::VM::VM):
        (JSC::SetEnabledProfilerFunctor::operator()):
        (JSC::VM::setEnabledProfiler):
        * runtime/VM.h:
        (JSC::VM::enabledProfiler):

2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>

        -[JSContext evaluteScript:] calls JSEvaluteScript with startingLineNumber 0, later interpreted as a oneBasedInt
        https://bugs.webkit.org/show_bug.cgi?id=127648

        Reviewed by Geoffrey Garen.

        The actual bug being fixed here is that the line number for
        scripts evaluated via the JSC APIs is now sane. However,
        there is no good infrastructure in place right now to test that.

        * API/tests/testapi.c:
        (main):
        * API/tests/testapi.mm:
        (testObjectiveCAPI):
        Add tests for exception line numbers and handling of bad
        startingLineNumbers in public APIs. These tests were already
        passing, I just add them to make sure they are not regressed
        in the future.

        * API/JSBase.cpp:
        (JSEvaluateScript):
        (JSCheckScriptSyntax):
        * API/JSBase.h:
        * API/JSObjectRef.cpp:
        (JSObjectMakeFunction):
        * API/JSObjectRef.h:
        * API/JSScriptRef.cpp:
        * API/JSScriptRefPrivate.h:
        * API/JSStringRef.h:
        - Clarify documentation that startingLineNumber is 1 based and clamped.
        - Add clamping in the implementation to put sane values into JSC::SourceProvider.

        * inspector/agents/InspectorDebuggerAgent.cpp:
        (Inspector::InspectorDebuggerAgent::didParseSource):
        Remove the FIXME now that the SourceProvider is giving us expected values.

2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: CRASH when debugger closes remote inspecting JSContext
        https://bugs.webkit.org/show_bug.cgi?id=127738

        Reviewed by Timothy Hatcher.

        RemoteInspectorXPCConnection could be accessed in a background dispatch
        queue, while being deallocated on the main thread when a connection
        was suddenly terminated.

        Make RemoteInspectorXPCConnection a ThreadSafeRefCounted object. Always
        keep the connection object ref'd until the main thread calls close()
        and removes its reference. At that point we can close the connection,
        queue, and deref safely on the background queue.

        * inspector/remote/RemoteInspector.h:
        * inspector/remote/RemoteInspector.mm:
        (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
        (Inspector::RemoteInspector::xpcConnectionFailed):
        For simplicity RemoteInspectorXPCConnections's don't have any threading
        primatives to prevent client callbacks after they are closed. RemoteInspector
        does, so it just ignores possible callbacks from connections it no longer
        cares about.

        * inspector/remote/RemoteInspectorXPCConnection.h:
        * inspector/remote/RemoteInspectorXPCConnection.mm:
        (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
        (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
        (Inspector::RemoteInspectorXPCConnection::close):
        Keep the connection alive as long as the queue it can be used on
        is alive. Clean up everything on the queue when close() is called.

        (Inspector::RemoteInspectorXPCConnection::handleEvent):
        Checking if closed here is not thread safe so it is meaningless.
        Remove the check.

        (Inspector::RemoteInspectorXPCConnection::sendMessage):
        Bail based on the m_closed state.

2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>

        JavaScriptCore: Enable -Wimplicit-fallthrough and add FALLTHROUGH annotation where needed
        https://bugs.webkit.org/show_bug.cgi?id=127647

        Reviewed by Anders Carlsson.

        Explicitly annotate switch case fallthroughs in JavaScriptCore and
        enable warnings for unannotated fallthroughs.

        * dfg/DFGArithMode.h:
        (doesOverflow):
        Only insert FALLTHROUGH in release builds. In debug builds, the
        FALLTHROUGH would be unreachable (due to the ASSERT_NOT_REACHED)
        and would through a warning.

        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
        (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
        Due to the templatized nature of this function, a fallthrough
        in one of the template expansions would be unreachable. Disable
        the warning for this function.

        * Configurations/Base.xcconfig:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * dfg/DFGCFGSimplificationPhase.cpp:
        (JSC::DFG::CFGSimplificationPhase::run):
        * dfg/DFGValidate.cpp:
        (JSC::DFG::Validate::validateCPS):
        * parser/Lexer.cpp:
        (JSC::Lexer<T>::lex):
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::parseStatement):
        (JSC::Parser<LexerType>::parseProperty):
        * runtime/JSArray.cpp:
        (JSC::JSArray::push):
        * runtime/JSONObject.cpp:
        (JSC::Walker::walk):
        * runtime/JSObject.cpp:
        (JSC::JSObject::putByIndex):
        (JSC::JSObject::putByIndexBeyondVectorLength):
        * runtime/JSObject.h:
        (JSC::JSObject::setIndexQuickly):
        (JSC::JSObject::initializeIndex):
        * runtime/LiteralParser.cpp:
        (JSC::LiteralParser<CharType>::parse):
        * yarr/YarrInterpreter.cpp:
        (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
        (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
        * yarr/YarrParser.h:
        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
        (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
        (JSC::Yarr::Parser::parseEscape):
        (JSC::Yarr::Parser::parseTokens):

2014-01-27  Andy Estes  <aestes@apple.com>

        Scrub WebKit API headers of WTF macros
        https://bugs.webkit.org/show_bug.cgi?id=127706

        Reviewed by David Kilzer.

        * Configurations/FeatureDefines.xcconfig: Added ENABLE_INSPECTOR.

2014-01-27  Mark Lam  <mark.lam@apple.com>

        Remove unused CodeBlock::createActivation().
        <https://webkit.org/b/127686>

        Reviewed by Filip Pizlo.

        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:

2014-01-26  Andreas Kling  <akling@apple.com>

        JSC: Pack unlinked instructions harder.
        <https://webkit.org/b/127660>

        Store UnlinkedCodeBlock's instructions in a variable-length stream
        to reduce memory usage. Compression rate ends up around 60-61%.

        The format is very simple. Every instruction starts with a 1 byte
        opcode. It's followed by an opcode-dependent number of argument
        values, each encoded separately for maximum packing. There are
        7 packed value formats:

            5-bit positive integer
            5-bit negative integer
            13-bit positive integer
            13-bit positive integer
            5-bit constant register index
            13-bit constant register index
            32-bit value (fallback)

        27.5 MB progression on Membuster3. (~2% of total memory.)

        Reviewed by Filip Pizlo.

        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/UnlinkedInstructionStream.h: Added.
        (JSC::UnlinkedInstructionStream::count):
        (JSC::UnlinkedInstructionStream::Reader::atEnd):
        * bytecode/UnlinkedInstructionStream.cpp: Added.
        (JSC::UnlinkedInstructionStream::Reader::Reader):
        (JSC::UnlinkedInstructionStream::Reader::read8):
        (JSC::UnlinkedInstructionStream::Reader::read32):
        (JSC::UnlinkedInstructionStream::Reader::next):
        (JSC::append8):
        (JSC::append32):
        (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
        (JSC::UnlinkedInstructionStream::unpackForDebugging):
        * bytecompiler/BytecodeGenerator.cpp:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
        (JSC::dumpLineColumnEntry):
        (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
        (JSC::UnlinkedCodeBlock::setInstructions):
        (JSC::UnlinkedCodeBlock::instructions):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::BytecodeGenerator::generate):

2014-01-26  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Move InspectorDebuggerAgent into JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=127629

        Rubber-stamped by Sam Weinig.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        - Add new files to the build.
        - Also, since non REMOTE_INSPECTOR ports cannot yet connect to a
          JSGlobalObject for inspection remove those files as they don't
          need to be built.

        * inspector/EventLoop.cpp: Added.
        (Inspector::EventLoop::cycle):
        * inspector/EventLoop.h: Added.
        (Inspector::EventLoop::EventLoop):
        (Inspector::EventLoop::ended):
        Add a JavaScriptCore version of EventLoop. This is currently only
        used by the Mac port for JSGlobalObject remote inspection. Keep
        the WebCore/platform version alive because for the Mac port it does
        slightly different things involving AppKit.

        * inspector/JSGlobalObjectInspectorController.cpp:
        (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
        Create DebuggerAgent and hook up ScriptDebugServer where needed.

        * inspector/JSGlobalObjectScriptDebugServer.cpp: Added.
        (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
        (Inspector::JSGlobalObjectScriptDebugServer::addListener):
        (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
        (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
        (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
        * inspector/JSGlobalObjectScriptDebugServer.h: Added.
        Simple implementation of ScriptDebugServer with a JSGlobalObject.

        * inspector/agents/InspectorDebuggerAgent.cpp: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.cpp.
        * inspector/agents/InspectorDebuggerAgent.h: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.h.
        Copied from WebCore. A few methods need to be made virtual so that Web implementations
        can override and extend the funcitonality. E.g. sourceMapURLForScript and enable/disable.
        
        * inspector/agents/JSGlobalObjectDebuggerAgent.cpp: Added.
        * inspector/agents/JSGlobalObjectDebuggerAgent.h: Added.
        (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
        (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer):
        (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer):
        (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
        Simple implementation of DebuggerAGent with a JSGlobalObject.

2014-01-25  Mark Lam  <mark.lam@apple.com>

        Gardening: fix build breakage from previous commit.

        Not reviewed.

        * profiler/ProfileNode.cpp:
        (JSC::ProfileNode::debugPrintData):
        - Removed obsolete references to "visible" timers.

2014-01-25  Timothy Hatcher  <timothy@apple.com>

        Remove dead code from the JSC profiler.

        https://bugs.webkit.org/show_bug.cgi?id=127643

        Reviewed by Mark Lam.

        * profiler/Profile.cpp:
        * profiler/Profile.h:
        * profiler/ProfileGenerator.cpp:
        (JSC::ProfileGenerator::stopProfiling):
        * profiler/ProfileNode.cpp:
        (JSC::ProfileNode::ProfileNode):
        (JSC::ProfileNode::stopProfiling):
        (JSC::ProfileNode::endAndRecordCall):
        (JSC::ProfileNode::debugPrintData):
        (JSC::ProfileNode::debugPrintDataSampleStyle):
        * profiler/ProfileNode.h:
        (JSC::ProfileNode::totalTime):
        (JSC::ProfileNode::setTotalTime):
        (JSC::ProfileNode::selfTime):
        (JSC::ProfileNode::setSelfTime):
        (JSC::ProfileNode::totalPercent):
        (JSC::ProfileNode::selfPercent):
        Remove support for things like focus and exclude. The Inspector does those in JS now.

2014-01-25  Sam Weinig  <sam@webkit.org>

        Remove unused support for DRAGGABLE_REGION
        https://bugs.webkit.org/show_bug.cgi?id=127642

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2014-01-25  Darin Adler  <darin@apple.com>

        Try to fix Mac build.

        * runtime/DatePrototype.cpp: Put the include of <unicode/udat.h> inside
        a conditional since we don't have that header in our Mac build configuration.

2014-01-25  Darin Adler  <darin@apple.com>

        Call deprecatedCharacters instead of characters at more call sites
        https://bugs.webkit.org/show_bug.cgi?id=127631

        Reviewed by Sam Weinig.

        * API/JSValueRef.cpp:
        (JSValueMakeFromJSONString):
        * API/OpaqueJSString.cpp:
        (OpaqueJSString::~OpaqueJSString):
        * bindings/ScriptValue.cpp:
        (Deprecated::jsToInspectorValue):
        * inspector/ContentSearchUtilities.cpp:
        (Inspector::ContentSearchUtilities::createSearchRegexSource):
        * inspector/InspectorValues.cpp:
        * runtime/Identifier.h:
        (JSC::Identifier::deprecatedCharacters):
        * runtime/JSStringBuilder.h:
        (JSC::JSStringBuilder::append):
        Use the new name.

2014-01-25  Darin Adler  <darin@apple.com>

        Get rid of ICU_UNICODE and WCHAR_UNICODE remnants
        https://bugs.webkit.org/show_bug.cgi?id=127623

        Reviewed by Anders Carlsson.

        * runtime/DatePrototype.cpp: Removed USE(ICU_UNICODE) checks, since that's always true now.

2014-01-25  Darin Adler  <darin@apple.com>

        [Mac] Rewrite locale-specific date formatting code to remove strange string creation
        https://bugs.webkit.org/show_bug.cgi?id=127624

        Reviewed by Anders Carlsson.

        * runtime/DatePrototype.cpp:
        (JSC::formatLocaleDate): Use some smart pointers and conversion operators we already
        have to do the formatting in a more straightforward way.

2014-01-25  Anders Carlsson  <andersca@apple.com>

        Remove atomicIncrement/atomicDecrement
        https://bugs.webkit.org/show_bug.cgi?id=127625

        Reviewed by Andreas Kling.

        Replace atomicIncrement/atomicDecrement with std::atomic.

        * bytecode/Watchpoint.h:
        * ftl/FTLLowerDFGToLLVM.cpp:
        (JSC::FTL::LowerDFGToLLVM::lower):
        * profiler/ProfilerDatabase.cpp:
        (JSC::Profiler::Database::Database):
        (JSC::Profiler::Database::addDatabaseToAtExit):

2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Move InspectorRuntimeAgent into JavaScriptCore
        https://bugs.webkit.org/show_bug.cgi?id=127605

        Reviewed by Timothy Hatcher.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        Add new files to the build.

        * inspector/agents/InspectorRuntimeAgent.h: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.h.
        * inspector/agents/InspectorRuntimeAgent.cpp: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.cpp.
        (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
        (Inspector::InspectorRuntimeAgent::parse):
        (Inspector::InspectorRuntimeAgent::evaluate):
        (Inspector::InspectorRuntimeAgent::callFunctionOn):
        (Inspector::InspectorRuntimeAgent::getProperties):
        - Move the agent into JavaScriptCore.
        - Modernize and cleanup.
        - Make globalVM a pure virtual function for subclasses to implement.

        * inspector/agents/JSGlobalObjectRuntimeAgent.h: Added.
        * inspector/agents/JSGlobalObjectRuntimeAgent.cpp: Added.
        (Inspector::JSGlobalObjectRuntimeAgent::JSGlobalObjectRuntimeAgent):
        (Inspector::JSGlobalObjectRuntimeAgent::didCreateFrontendAndBackend):
        (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
        (Inspector::JSGlobalObjectRuntimeAgent::globalVM):
        (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
        Straightforward JSGlobalObject implementation.

        * inspector/JSGlobalObjectInspectorController.cpp:
        (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
        Add a runtime agent when inspecting a JSContext!

2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>

        Move JavaScriptCallFrame and ScriptDebugServer into JavaScriptCore for inspector
        https://bugs.webkit.org/show_bug.cgi?id=127543

        Reviewed by Geoffrey Garen.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        Add new files.

        * inspector/ScriptDebugListener.h:
        Extract WebCore knowledge from ScriptDebugServer. This will
        eventually be made to work outside of WebCore.

        * inspector/ScriptDebugServer.h: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.h.
        * inspector/ScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.cpp.
        (Inspector::ScriptDebugServer::evaluateBreakpointAction):
        (Inspector::ScriptDebugServer::dispatchDidPause):
        (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
        (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
        (Inspector::ScriptDebugServer::sourceParsed):
        (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
        (Inspector::ScriptDebugServer::handlePause):
        Modernize code, and call the new ScriptDebugListener callbacks where appropriate.

        * inspector/JSJavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp.
        (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
        (Inspector::JSJavaScriptCallFrame::finishCreation):
        (Inspector::JSJavaScriptCallFrame::createPrototype):
        (Inspector::JSJavaScriptCallFrame::destroy):
        (Inspector::JSJavaScriptCallFrame::releaseImpl):
        (Inspector::JSJavaScriptCallFrame::~JSJavaScriptCallFrame):
        (Inspector::JSJavaScriptCallFrame::evaluate):
        (Inspector::JSJavaScriptCallFrame::scopeType):
        (Inspector::JSJavaScriptCallFrame::caller):
        (Inspector::JSJavaScriptCallFrame::sourceID):
        (Inspector::JSJavaScriptCallFrame::line):
        (Inspector::JSJavaScriptCallFrame::column):
        (Inspector::JSJavaScriptCallFrame::functionName):
        (Inspector::JSJavaScriptCallFrame::scopeChain):
        (Inspector::JSJavaScriptCallFrame::thisObject):
        (Inspector::JSJavaScriptCallFrame::type):
        (Inspector::toJS):
        (Inspector::toJSJavaScriptCallFrame):
        * inspector/JSJavaScriptCallFrame.h: Added.
        (Inspector::JSJavaScriptCallFrame::createStructure):
        (Inspector::JSJavaScriptCallFrame::create):
        (Inspector::JSJavaScriptCallFrame::impl):
        * inspector/JSJavaScriptCallFramePrototype.cpp: Added.
        (Inspector::JSJavaScriptCallFramePrototype::finishCreation):
        (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
        (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeType):
        (Inspector::jsJavaScriptCallFrameAttributeCaller):
        (Inspector::jsJavaScriptCallFrameAttributeSourceID):
        (Inspector::jsJavaScriptCallFrameAttributeLine):
        (Inspector::jsJavaScriptCallFrameAttributeColumn):
        (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
        (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
        (Inspector::jsJavaScriptCallFrameAttributeThisObject):
        (Inspector::jsJavaScriptCallFrameAttributeType):
        (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE):
        (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE):
        (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE):
        (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE):
        (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE):
        * inspector/JSJavaScriptCallFramePrototype.h: Added.
        (Inspector::JSJavaScriptCallFramePrototype::create):
        (Inspector::JSJavaScriptCallFramePrototype::createStructure):
        (Inspector::JSJavaScriptCallFramePrototype::JSJavaScriptCallFramePrototype):
        * inspector/JavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.cpp.
        (Inspector::JavaScriptCallFrame::caller):
        * inspector/JavaScriptCallFrame.h: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.h.
        Port of JavaScriptCallFrame.idl to a set of native JS classes.

2014-01-24  Mark Lam  <mark.lam@apple.com>

        DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
        <https://webkit.org/b/127600>

        Reviewed by Oliver Hunt.

        In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
        is passed in is bad, it will fail to create an Executable i.e.
        EvalExecutable::create() returns a null pointer. However,
        DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
        exception and proceeded to execute the null pointer as an Executable.
        A crash ensues.

        Now, if an exception is detected while creating the Executable, we
        abort instead.

        * debugger/DebuggerCallFrame.cpp:
        (JSC::DebuggerCallFrame::evaluateWithCallFrame):

2014-01-24  Oliver Hunt  <oliver@apple.com>

        Put functions need to take a base object and a this value, and perform type checks on |this|
        https://bugs.webkit.org/show_bug.cgi?id=127594

        Reviewed by Geoffrey Garen.

        Change the signature for static setter functions, and update uses

        * create_hash_table:
        * runtime/Lookup.h:
        (JSC::putEntry):
        * runtime/PutPropertySlot.h:
        * runtime/RegExpConstructor.cpp:
        (JSC::setRegExpConstructorInput):
        (JSC::setRegExpConstructorMultiline):

2014-01-24  Oliver Hunt  <oliver@apple.com>

        Generic JSObject::put should handle static properties in the classinfo hierarchy
        https://bugs.webkit.org/show_bug.cgi?id=127523

        Reviewed by Geoffrey Garen.

        This patch makes JSObject::put correctly call static setters
        defined by the ClassInfo.

        To make this not clobber performance, the ClassInfo HashTable
        now includes a flag to indicate that it contains setters. This
        required updating the lut generator so that it tracked (and emitted)
        this.

        The rest of the change was making a number of the methods take
        a VM rather than an ExecState*, so that Structure could set the
        getter/setter flags during construction (if necessary).

        This also means most objects do not need to perform a lookupPut
        manually anymore, so most custom ::put's are no longer needed.
        DOMWindow is the only exception as it has interesting security
        related semantics.

        * create_hash_table:
        * interpreter/CallFrame.h:
        (JSC::ExecState::arrayConstructorTable):
        (JSC::ExecState::arrayPrototypeTable):
        (JSC::ExecState::booleanPrototypeTable):
        (JSC::ExecState::dataViewTable):
        (JSC::ExecState::dateTable):
        (JSC::ExecState::dateConstructorTable):
        (JSC::ExecState::errorPrototypeTable):
        (JSC::ExecState::globalObjectTable):
        (JSC::ExecState::jsonTable):
        (JSC::ExecState::numberConstructorTable):
        (JSC::ExecState::numberPrototypeTable):
        (JSC::ExecState::objectConstructorTable):
        (JSC::ExecState::privateNamePrototypeTable):
        (JSC::ExecState::regExpTable):
        (JSC::ExecState::regExpConstructorTable):
        (JSC::ExecState::regExpPrototypeTable):
        (JSC::ExecState::stringConstructorTable):
        (JSC::ExecState::promisePrototypeTable):
        (JSC::ExecState::promiseConstructorTable):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::getOwnPropertySlot):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::getOwnPropertySlot):
        * runtime/ClassInfo.h:
        (JSC::ClassInfo::propHashTable):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::getOwnPropertySlot):
        * runtime/DatePrototype.cpp:
        (JSC::DatePrototype::getOwnPropertySlot):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::getOwnPropertySlot):
        * runtime/JSDataViewPrototype.cpp:
        (JSC::JSDataViewPrototype::getOwnPropertySlot):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::getOwnPropertySlot):
        * runtime/JSONObject.cpp:
        (JSC::JSONObject::getOwnPropertySlot):
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::deleteProperty):
        * runtime/JSPromiseConstructor.cpp:
        (JSC::JSPromiseConstructor::getOwnPropertySlot):
        * runtime/JSPromisePrototype.cpp:
        (JSC::JSPromisePrototype::getOwnPropertySlot):
        * runtime/Lookup.h:
        (JSC::HashTable::copy):
        (JSC::putEntry):
        (JSC::lookupPut):
        * runtime/NamePrototype.cpp:
        (JSC::NamePrototype::getOwnPropertySlot):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        * runtime/NumberConstructor.h:
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::getOwnPropertySlot):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::getOwnPropertySlot):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::getOwnPropertySlot):
        * runtime/RegExpConstructor.h:
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::getOwnPropertySlot):
        (JSC::RegExpObject::put):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::getOwnPropertySlot):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::getOwnPropertySlot):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::freezeTransition):
        (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):

2014-01-24  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r162713.
        http://trac.webkit.org/changeset/162713
        https://bugs.webkit.org/show_bug.cgi?id=127593

        broke media/network-no-source-const-shadow (Requested by
        thorton on #webkit).

        * create_hash_table:
        * interpreter/CallFrame.h:
        (JSC::ExecState::arrayConstructorTable):
        (JSC::ExecState::arrayPrototypeTable):
        (JSC::ExecState::booleanPrototypeTable):
        (JSC::ExecState::dataViewTable):
        (JSC::ExecState::dateTable):
        (JSC::ExecState::dateConstructorTable):
        (JSC::ExecState::errorPrototypeTable):
        (JSC::ExecState::globalObjectTable):
        (JSC::ExecState::jsonTable):
        (JSC::ExecState::numberConstructorTable):
        (JSC::ExecState::numberPrototypeTable):
        (JSC::ExecState::objectConstructorTable):
        (JSC::ExecState::privateNamePrototypeTable):
        (JSC::ExecState::regExpTable):
        (JSC::ExecState::regExpConstructorTable):
        (JSC::ExecState::regExpPrototypeTable):
        (JSC::ExecState::stringConstructorTable):
        (JSC::ExecState::promisePrototypeTable):
        (JSC::ExecState::promiseConstructorTable):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::getOwnPropertySlot):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::getOwnPropertySlot):
        * runtime/ClassInfo.h:
        (JSC::ClassInfo::propHashTable):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::getOwnPropertySlot):
        * runtime/DatePrototype.cpp:
        (JSC::DatePrototype::getOwnPropertySlot):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::getOwnPropertySlot):
        * runtime/JSDataViewPrototype.cpp:
        (JSC::JSDataViewPrototype::getOwnPropertySlot):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::getOwnPropertySlot):
        * runtime/JSONObject.cpp:
        (JSC::JSONObject::getOwnPropertySlot):
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::deleteProperty):
        * runtime/JSPromiseConstructor.cpp:
        (JSC::JSPromiseConstructor::getOwnPropertySlot):
        * runtime/JSPromisePrototype.cpp:
        (JSC::JSPromisePrototype::getOwnPropertySlot):
        * runtime/Lookup.h:
        (JSC::HashTable::copy):
        (JSC::putEntry):
        (JSC::lookupPut):
        * runtime/NamePrototype.cpp:
        (JSC::NamePrototype::getOwnPropertySlot):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        (JSC::NumberConstructor::put):
        * runtime/NumberConstructor.h:
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::getOwnPropertySlot):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::getOwnPropertySlot):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::getOwnPropertySlot):
        (JSC::RegExpConstructor::put):
        * runtime/RegExpConstructor.h:
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::getOwnPropertySlot):
        (JSC::RegExpObject::put):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::getOwnPropertySlot):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::getOwnPropertySlot):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::freezeTransition):

2014-01-24  Mark Lam  <mark.lam@apple.com>

        ASSERT(!m_markedSpace.m_currentDelayedReleaseScope) reloading page in inspector.
        <https://webkit.org/b/127582>

        Reviewed by Mark Hahnenberg.

        1. We should not enter a HeapIterationScope when we iterate the CodeBlocks.
           Apparently, iterating the CodeBlocks does not count as heap iteration.

        2. If we're detaching the debugger due to the JSGlobalObject destructing,
           then we don't need to clear the debugger requests in the associated
           CodeBlocks. The JSGlobalObject destructing would mean that those
           CodeBlocks would be destructing too, and it may not be safe to access
           them anyway at this point.

        The assertion failure is because we had entered a HeapIterationScope
        while the JSGlobalObject is destructing, which in turn means that GC
        sweeping is in progress. It's not legal to iterate the heap while the GC
        is sweeping. Once we fixed the above 2 issues, we will no longer have
        the conditions that manifests this assertion failure.

        * debugger/Debugger.cpp:
        (JSC::Debugger::detach):
        (JSC::Debugger::setSteppingMode):
        (JSC::Debugger::toggleBreakpoint):
        (JSC::Debugger::clearBreakpoints):
        (JSC::Debugger::clearDebuggerRequests):
        * debugger/Debugger.h:
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::~JSGlobalObject):

2014-01-24  Brent Fulgham  <bfulgham@apple.com>

        [Win] Convert some NMake files to MSBuild project files
        https://bugs.webkit.org/show_bug.cgi?id=127579

        Reviewed by Tim Horton.

        * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
        * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.

2014-01-24  Mark Lam  <mark.lam@apple.com>

        Fixed a bad assertion in CodeBlock::removeBreakpoint().
        <https://webkit.org/b/127581>

        Reviewed by Joseph Pecoraro.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::removeBreakpoint):

2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>

        fast/profiler tests ASSERTing after moving recompileAllJSFunctions off a timer
        https://bugs.webkit.org/show_bug.cgi?id=127566

        Reviewed by Oliver Hunt.

        Make the VM handle recompilation as soon as possible after it is requested.

        * debugger/Debugger.cpp:
        (JSC::Debugger::recompileAllJSFunctions):
        When in a JavaScript stack, mark for recompilation when possible.

        * runtime/VMEntryScope.h:
        (JSC::VMEntryScope::setRecompilationNeeded):
        * runtime/VMEntryScope.cpp:
        (JSC::VMEntryScope::VMEntryScope):
        (JSC::VMEntryScope::~VMEntryScope):
        Handle recompilation when the top VMEntryScope is popped.
        Pass the needs recompilation flag up the stack if needed.

2014-01-24  Oliver Hunt  <oliver@apple.com>

        Generic JSObject::put should handle static properties in the classinfo hierarchy
        https://bugs.webkit.org/show_bug.cgi?id=127523

        Reviewed by Geoffrey Garen.

        This patch makes JSObject::put correctly call static setters
        defined by the ClassInfo.

        To make this not clobber performance, the ClassInfo HashTable
        now includes a flag to indicate that it contains setters. This
        required updating the lut generator so that it tracked (and emitted)
        this.

        The rest of the change was making a number of the methods take
        a VM rather than an ExecState*, so that Structure could set the
        getter/setter flags during construction (if necessary).

        This also means most objects do not need to perform a lookupPut
        manually anymore, so most custom ::put's are no longer needed.
        DOMWindow is the only exception as it has interesting security
        related semantics.

        * create_hash_table:
        * interpreter/CallFrame.h:
        (JSC::ExecState::arrayConstructorTable):
        (JSC::ExecState::arrayPrototypeTable):
        (JSC::ExecState::booleanPrototypeTable):
        (JSC::ExecState::dataViewTable):
        (JSC::ExecState::dateTable):
        (JSC::ExecState::dateConstructorTable):
        (JSC::ExecState::errorPrototypeTable):
        (JSC::ExecState::globalObjectTable):
        (JSC::ExecState::jsonTable):
        (JSC::ExecState::numberConstructorTable):
        (JSC::ExecState::numberPrototypeTable):
        (JSC::ExecState::objectConstructorTable):
        (JSC::ExecState::privateNamePrototypeTable):
        (JSC::ExecState::regExpTable):
        (JSC::ExecState::regExpConstructorTable):
        (JSC::ExecState::regExpPrototypeTable):
        (JSC::ExecState::stringConstructorTable):
        (JSC::ExecState::promisePrototypeTable):
        (JSC::ExecState::promiseConstructorTable):
        * runtime/ArrayConstructor.cpp:
        (JSC::ArrayConstructor::getOwnPropertySlot):
        * runtime/ArrayPrototype.cpp:
        (JSC::ArrayPrototype::getOwnPropertySlot):
        * runtime/BooleanPrototype.cpp:
        (JSC::BooleanPrototype::getOwnPropertySlot):
        * runtime/ClassInfo.h:
        (JSC::ClassInfo::propHashTable):
        * runtime/DateConstructor.cpp:
        (JSC::DateConstructor::getOwnPropertySlot):
        * runtime/DatePrototype.cpp:
        (JSC::DatePrototype::getOwnPropertySlot):
        * runtime/ErrorPrototype.cpp:
        (JSC::ErrorPrototype::getOwnPropertySlot):
        * runtime/JSDataViewPrototype.cpp:
        (JSC::JSDataViewPrototype::getOwnPropertySlot):
        * runtime/JSGlobalObject.cpp:
        (JSC::JSGlobalObject::getOwnPropertySlot):
        * runtime/JSONObject.cpp:
        (JSC::JSONObject::getOwnPropertySlot):
        * runtime/JSObject.cpp:
        (JSC::JSObject::put):
        (JSC::JSObject::deleteProperty):
        * runtime/JSPromiseConstructor.cpp:
        (JSC::JSPromiseConstructor::getOwnPropertySlot):
        * runtime/JSPromisePrototype.cpp:
        (JSC::JSPromisePrototype::getOwnPropertySlot):
        * runtime/Lookup.h:
        (JSC::HashTable::copy):
        (JSC::putEntry):
        (JSC::lookupPut):
        * runtime/NamePrototype.cpp:
        (JSC::NamePrototype::getOwnPropertySlot):
        * runtime/NumberConstructor.cpp:
        (JSC::NumberConstructor::getOwnPropertySlot):
        * runtime/NumberConstructor.h:
        * runtime/NumberPrototype.cpp:
        (JSC::NumberPrototype::getOwnPropertySlot):
        * runtime/ObjectConstructor.cpp:
        (JSC::ObjectConstructor::getOwnPropertySlot):
        * runtime/RegExpConstructor.cpp:
        (JSC::RegExpConstructor::getOwnPropertySlot):
        * runtime/RegExpConstructor.h:
        * runtime/RegExpObject.cpp:
        (JSC::RegExpObject::getOwnPropertySlot):
        (JSC::RegExpObject::put):
        * runtime/RegExpPrototype.cpp:
        (JSC::RegExpPrototype::getOwnPropertySlot):
        * runtime/StringConstructor.cpp:
        (JSC::StringConstructor::getOwnPropertySlot):
        * runtime/Structure.cpp:
        (JSC::Structure::Structure):
        (JSC::Structure::freezeTransition):
        (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):

2014-01-24  Mark Lam  <mark.lam@apple.com>

        Skip op_profiler callbacks if !VM::m_enabledProfiler.
        https://bugs.webkit.org/show_bug.cgi?id=127567.

        Reviewed by Geoffrey Garen.

        The profiler may not be always active (recording). When it's not active
        (as in VM::m_enabledProfiler is null), then we might as well skip the
        op_profiler callbacks. The callbacks themselves were already previously
        gated by a VM::enabledProfiler() check. So, this change does not change
        any profiler behavior.

        For the DFG, we'll turn the op_profiler handling into speculation checks
        and OSR exit to the baseline JIT if the profiler becomes active.

        This brings the Octane score up to ~3000 from ~2840.

        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGClobberize.h:
        (JSC::DFG::clobberize):
        * dfg/DFGNodeType.h:
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_profile_will_call):
        (JSC::JIT::emit_op_profile_did_call):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_profile_will_call):
        (JSC::JIT::emit_op_profile_did_call):
        * llint/LowLevelInterpreter.asm:
        * runtime/VM.h:
        (JSC::VM::enabledProfilerAddress):

2014-01-24  Mark Lam  <mark.lam@apple.com>

        Removing the need for Debugger* and m_shouldPause op_debug check.
        <https://webkit.org/b/127532>

        Reviewed by Geoffrey Garen.

        This patch replaces the checking of the Debugger::m_shouldPause flag
        with a procedure to set a SteppingMode flag on all CodeBlocks under
        the management of the debugger. This simplifies the op_debug checking
        logic in all the execution engines.

        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::hasDebuggerRequests):
        (JSC::CodeBlock::debuggerRequestsAddress):
        (JSC::CodeBlock::setSteppingMode):
        (JSC::CodeBlock::clearDebuggerRequests):
        - CodeBlock::m_debuggerRequests is a union of m_numBreakpoints and the
          new m_steppingMode. The debugger can add/remove breakpoints to the
          CodeBlock as well as set the stepping mode. By having
          m_debuggerRequests as a union of the 2 bit fields, the op_debug code
          can now check if any of the 2 requests made on the CodeBlock is still
          in effect just by testing a single int.

        * debugger/Debugger.cpp:
        (JSC::Debugger::Debugger):
        (JSC::Debugger::detach):
        - This was bug from before where I forgot to clear the CodeBlock
          breakpoints before detaching. We now take care of it by clearing all
          debugger requests made to the CodeBlock.

        (JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
        (JSC::Debugger::SetSteppingModeFunctor::operator()):
        (JSC::Debugger::setSteppingMode):
        (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
        (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
        (JSC::Debugger::clearBreakpoints):

        (JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
        (JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
        (JSC::Debugger::clearDebuggerRequests):
        - We need a distinct clearDebuggerRequests() from clearBreakpoints()
          because:
          1. When we detach a globalObject, we only want to clear the debugger
             requests in CodeBlocks from that global.
          2. Clearing the debugger requests in the CodeBlocks is not the same
             as clearing the breakpoints. The breakpoints are still in effect
             for the next time a globalObject is attached, or for other
             globalObjects that are still attached.

        (JSC::Debugger::setPauseOnNextStatement):
        (JSC::Debugger::breakProgram):
        (JSC::Debugger::stepIntoStatement):
        (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
        (JSC::Debugger::pauseIfNeeded):
        (JSC::Debugger::exception):
        (JSC::Debugger::willExecuteProgram):
        (JSC::Debugger::didReachBreakpoint):
        * debugger/Debugger.h:
        - We're always going to support the debugger. So, there's no longer
          a need to check ENABLE(JAVASCRIPT_DEBUGGER). Removed the unneeded code.

        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::debug):
        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_debug):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_debug):
        * llint/LowLevelInterpreter.asm:
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::setDebugger):

2014-01-24  Michael Saboff  <msaboff@apple.com>

        ARM Offline assembler temporary register allocator has duplicate register when building fat binaries
        https://bugs.webkit.org/show_bug.cgi?id=127545

        Reviewed by Mark Lam.

        Eliminate the conditional addition of r11/r7 from getModifiedListARMCommon as the
        .concat will add the new register to ARM_EXTRA_GPRS.  If getModifiedListARMCommon is
        invoked a second time, there will be a second r11 or r7, which messes things up.
        Instead, r6 was added to ARM_EXTRA_GPRS.  r6 is currently an unused register.

        * offlineasm/arm.rb:

2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>

        Move ContentSearchUtils, ScriptBreakpoint, and ScriptDebugListener into JavaScriptCore for inspector
        https://bugs.webkit.org/show_bug.cgi?id=127537

        Reviewed by Timothy Hatcher.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * inspector/ContentSearchUtilities.cpp: Renamed from Source/WebCore/inspector/ContentSearchUtils.cpp.
        (Inspector::ContentSearchUtilities::createSearchRegexSource):
        (Inspector::ContentSearchUtilities::sizetExtractor):
        (Inspector::ContentSearchUtilities::textPositionFromOffset):
        (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
        (Inspector::ContentSearchUtilities::lineEndings):
        (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
        (Inspector::ContentSearchUtilities::createSearchRegex):
        (Inspector::ContentSearchUtilities::countRegularExpressionMatches):
        (Inspector::ContentSearchUtilities::searchInTextByLines):
        (Inspector::ContentSearchUtilities::scriptCommentPattern):
        (Inspector::ContentSearchUtilities::stylesheetCommentPattern):
        (Inspector::ContentSearchUtilities::findMagicComment):
        (Inspector::ContentSearchUtilities::findScriptSourceURL):
        (Inspector::ContentSearchUtilities::findScriptSourceMapURL):
        (Inspector::ContentSearchUtilities::findStylesheetSourceMapURL):
        * inspector/ContentSearchUtilities.h: Renamed from Source/WebCore/inspector/ContentSearchUtils.h.
        * inspector/ScriptBreakpoint.h: Renamed from Source/WebCore/inspector/ScriptBreakpoint.h.
        (Inspector::ScriptBreakpointAction::ScriptBreakpointAction):
        (Inspector::ScriptBreakpoint::ScriptBreakpoint):
        * inspector/ScriptDebugListener.h: Renamed from Source/WebCore/inspector/ScriptDebugListener.h.
        (Inspector::ScriptDebugListener::Script::Script):
        (Inspector::ScriptDebugListener::~ScriptDebugListener):
        * runtime/RegExp.cpp:
        (JSC::RegExp::match):

2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>

        Move RegularExpression into JavaScriptCore for inspector
        https://bugs.webkit.org/show_bug.cgi?id=127526

        Reviewed by Geoffrey Garen.

        Move RegularExpression into JavaScriptCore/yarr so it can
        be used later on by JavaScriptCore/inspector. Convert to
        the JSC::Yarr namespace.

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * yarr/RegularExpression.cpp: Renamed from Source/WebCore/platform/text/RegularExpression.cpp.
        (JSC::Yarr::RegularExpression::Private::create):
        (JSC::Yarr::RegularExpression::Private::Private):
        (JSC::Yarr::RegularExpression::Private::compile):
        (JSC::Yarr::RegularExpression::RegularExpression):
        (JSC::Yarr::RegularExpression::~RegularExpression):
        (JSC::Yarr::RegularExpression::operator=):
        (JSC::Yarr::RegularExpression::match):
        (JSC::Yarr::RegularExpression::searchRev):
        (JSC::Yarr::RegularExpression::matchedLength):
        (JSC::Yarr::replace):
        (JSC::Yarr::RegularExpression::isValid):
        * yarr/RegularExpression.h: Renamed from Source/WebCore/platform/text/RegularExpression.h.

2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
        https://bugs.webkit.org/show_bug.cgi?id=127409

        Reviewed by Geoffrey Garen.

        * inspector/InspectorAgentBase.h:
        When disconnecting agents, provide a InspectorDisconnectReason for
        the disconnection. It could be that an inspector frontend is just
        disconnecting or that the inspected object is going away entirely
        and we can avoid doing some work.

        * runtime/JSGlobalObjectDebuggable.h:
        * runtime/JSGlobalObjectDebuggable.cpp:
        (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
        (JSC::JSGlobalObjectDebuggable::disconnect):
        (JSC::JSGlobalObjectDebuggable::disconnectInternal):
        Pass different reasons for the different disconnects.

        * inspector/InspectorAgentRegistry.cpp:
        (Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend):
        * inspector/InspectorAgentRegistry.h:
        * inspector/JSGlobalObjectInspectorController.cpp:
        (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
        * inspector/JSGlobalObjectInspectorController.h:
        * inspector/agents/InspectorAgent.cpp:
        (Inspector::InspectorAgent::willDestroyFrontendAndBackend):
        * inspector/agents/InspectorAgent.h:
        Pass InspectorDisconnectReason around where needed.

2014-01-23  Mark Lam  <mark.lam@apple.com>

        Enable DFG for the Debugger and Profiler.
        <https://webkit.org/b/122847>

        Reviewed by Geoffrey Garen.

        In this patch, we implement DFG op_debug as a series of 3 checks:
        1. Check if the debugger pointer is non-null. This is needed in case
           the debugger has been detached but the DFG code is still running
           on the stack.
        2. Check if Debugger::m_shouldPause is true.
        3. Check if CodeBlock::m_numBreakpoints is non-zero.

        These are the same 3 checks done in the LLINT and baselineJIT. But unlike
        the LLINT and baselineJIT, these DFG checks are implemented as
        speculationChecks. If the check fails, we OSR exit to the baselineJIT and
        let it do the work of servicing the op_debug callback.

        Stepping through code in the debugger would work the same way. The top
        function being debugged has to be a LLINT or baselineJIT function because
        we would have OSR exited if there is a breakpoint in that function. When
        we step out of that function to its caller, we expect that the caller will
        call back to the debugger at the next op_debug. If the caller function is
        a DFG function, the op_debug site will fail its speculation check on
        Debugger::m_shouldPause and deopt into a baselineJIT function. Execution
        continues from there as usual, and the debugger gets its callback.

        For the profile, op_profile_will_call and op_profile_did_call are
        implemented as simple runtime calls to service the profiler.

        With this patch, Octane performance with the WebInspector open jump from
        ~2000 to ~2500 (25% progression).

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::numBreakpointsAddress):
        * bytecode/ExitKind.cpp:
        (JSC::exitKindToString):
        * bytecode/ExitKind.h:
        * debugger/Debugger.cpp:
        (JSC::Debugger::toggleBreakpoint):
        - removed an obsolete assertion. The debugger can now handle DFG
          CodeBlocks too.
        * debugger/Debugger.h:
        * dfg/DFGAbstractInterpreterInlines.h:
        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
        * dfg/DFGByteCodeParser.cpp:
        (JSC::DFG::ByteCodeParser::parseBlock):
        * dfg/DFGCapabilities.cpp:
        (JSC::DFG::capabilityLevel):
        * dfg/DFGClobberize.h:
        (JSC::DFG::clobberize):
        * dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupNode):
        * dfg/DFGNodeType.h:
        * dfg/DFGPredictionPropagationPhase.cpp:
        (JSC::DFG::PredictionPropagationPhase::propagate):
        * dfg/DFGSafeToExecute.h:
        (JSC::DFG::safeToExecute):
        * dfg/DFGSpeculativeJIT.h:
        (JSC::DFG::SpeculativeJIT::callOperation):
        * dfg/DFGSpeculativeJIT32_64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * runtime/JSGlobalObject.h:
        (JSC::JSGlobalObject::debuggerAddress):

2014-01-23  Max Vujovic  <mvujovic@adobe.com>

        Remove CSS Custom Filters code and tests
        https://bugs.webkit.org/show_bug.cgi?id=127382

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2014-01-22  Brent Fulgham  <bfulgham@apple.com>

        [Win] Update project and solution files for 64-bit builds.
        https://bugs.webkit.org/show_bug.cgi?id=127457

        Reviewed by Eric Carlson.

        * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
        file from project view.
        * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Update for VS2013
        * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
        * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto

2014-01-22  Mark Lam  <mark.lam@apple.com>

        Poor man's fast breakpoints for a 2.3x debugger speedup.
        <https://webkit.org/b/122836>

        Reviewed by Geoffrey Garen.

        Previously we gained back some performance (run at baseline JIT speeds)
        when the WebInspector is opened provided no breakpoints are set. This
        was achieved by simply skipping all op_debug callbacks to the debugger
        if no breakpoints are set. If any breakpoints are set, the debugger will
        set a m_needsOpDebugCallbacks flag which causes the callbacks to be
        called, and we don't get the baseline JIT speeds anymore.

        With this patch, we will now track the number of breakpoints set in the
        CodeBlock that they are set in. The LLINT and baseline JIT code will
        check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
        need to be called. With this, we will only enable op_debug callbacks for
        CodeBlocks that need it i.e. those with breakpoints set in them.

        Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
        JIT code still needs to check Debugger::m_shouldPause to determine if the
        debugger is in stepping mode and hence, needs op_debug callbacks enabled
        for everything until the debugger "continues" the run and exit stepping
        mode.

        Also in this patch, I fixed a regression in DOM breakpoints which relies
        Debugger::breakProgram() to pause the debugger.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::dumpBytecode):
        - Missed accounting for op_debug's new hasBreakpointFlag operand here when
          it was added.
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::hasOpDebugForLineAndColumn):
        - This is needed in Debugger::toggleBreakpoint() to determine if a
          breakpoint falls within a CodeBlock or not. Simply checking the bounds
          of the CodeBlock is insufficient. For example, let's say we have the
          following JS code:

              // begin global scope
              function f1() {
                  function f2() {
                     ... // set breakpoint here.
                  }
              }
              // end global scope

          Using the CodeBlock bounds alone, the breakpoint above will to appear
          to be in the global program CodeBlock, and the CodeBlocks for function
          f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
          rule out the global program CodeBlock and f1(), and only apply the
          breakpoint to f2(0 where it belongs.

          CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
          the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
          it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
          seach to get the line and column info for that op_debug. This is a
          N * log(N) algorithm. However, a quick hands on test using the
          WebInspector (with this patch applied) to exercise setting, breaking
          on, and clearing breakpoints, as well as stepping through some code
          shows no noticeable degradation of the user experience compared to the
          baseline without this patch.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::numBreakpoints):
        (JSC::CodeBlock::numBreakpointsOffset):
        (JSC::CodeBlock::addBreakpoint):
        (JSC::CodeBlock::removeBreakpoint):
        (JSC::CodeBlock::clearAllBreakpoints):
        * debugger/Breakpoint.h:
        - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
          when the WebInspector was setting a line breakpoint and did not provide
          a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
          information in order to loosen its matching criteria for op_debug
          bytecodes for the specified breakpoint line and column values provided
          by the debugger.

          Previously, we just hijack a 0 value column as an unspecified column.
          However, the WebInspector operates on 0-based ints for column values.
          Hence, 0 should be a valid column value and should not be hijacked to
          mean an unspecified column.

        * debugger/Debugger.cpp:
        (JSC::Debugger::Debugger):
        - added tracking of the VM that the debugger is used with. This is
          needed by Debugger::breakProgram().

          The VM pointer is attained from the first JSGlobalObject that the debugger
          attaches to. When the debugger detaches from the last JSGlobalObject, it
          will nullify its VM pointer to allow a new one to be set on the next
          attach.

          We were always only using each debugger instance with one VM. This change
          makes it explicit with an assert to ensure that all globalObjects that
          the debugger attaches to beongs to the same VM.

        (JSC::Debugger::attach):
        (JSC::Debugger::detach):
        (JSC::Debugger::setShouldPause):

        (JSC::Debugger::registerCodeBlock):
        (JSC::Debugger::unregisterCodeBlock):
        - registerCodeBlock() is responsible for applying pre-existing breakpoints
          to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
          clears the breakpoints.

        (JSC::Debugger::toggleBreakpoint):
        - This is the workhorse function that checks if a breakpoint falls within
          a CodeBlock or not. If it does, then it can either enable or disable
          said breakpoint in the CodeBlock. In the current implementation,
          enabling/disabling the breakpoint simply means incrementing/decrementing
          the CodeBlock's m_numBreakpoints.

        (JSC::Debugger::applyBreakpoints):

        (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
        (JSC::Debugger::ToggleBreakpointFunctor::operator()):
        (JSC::Debugger::toggleBreakpoint):
        - Iterates all relevant CodeBlocks and apply the specified breakpoint
          if appropriate. This is called when a new breakpoint is being defined
          by the WebInspector and needs to be applied to an already installed
          CodeBlock.

        (JSC::Debugger::setBreakpoint):
        (JSC::Debugger::removeBreakpoint):
        (JSC::Debugger::hasBreakpoint):
        (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
        (JSC::Debugger::ClearBreakpointsFunctor::operator()):
        (JSC::Debugger::clearBreakpoints):

        (JSC::Debugger::breakProgram):
        - Fixed a regression that broke DOM breakpoints. The issue is that with
          the skipping of op_debug callbacks, we don't always have an updated
          m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
          in the op_debug callback. In this case, we can get the CallFrame* from
          m_vm->topCallFrame.

        (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
        (JSC::Debugger::pauseIfNeeded):
        (JSC::Debugger::willExecuteProgram):
        * debugger/Debugger.h:
        (JSC::Debugger::Debugger):
        (JSC::Debugger::shouldPause):

        * heap/CodeBlockSet.h:
        (JSC::CodeBlockSet::iterate):
        * heap/Heap.h:
        (JSC::Heap::forEachCodeBlock):
        - Added utility to iterate all CodeBlocks in the heap / VM.

        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::debug):

        * jit/JITOpcodes.cpp:
        (JSC::JIT::emit_op_debug):
        * jit/JITOpcodes32_64.cpp:
        (JSC::JIT::emit_op_debug):
        * llint/LowLevelInterpreter.asm:
        - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
          instead of Debugger::m_needsOpDebugCallbacks.

        * runtime/Executable.cpp:
        (JSC::ScriptExecutable::installCode):

2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>

        Remove CSS3_TEXT_DECORATION define
        https://bugs.webkit.org/show_bug.cgi?id=127333

        This is required for unprefixing the text-decoration-* CSS properties.

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2014-01-22  Alexey Proskuryakov  <ap@apple.com>

        Update JS whitespace definition for changes in Unicode 6.3
        https://bugs.webkit.org/show_bug.cgi?id=127450
        <rdar://15863457>

        Reviewed by Oliver Hunt.

        Covered by existing tests when running against a Unicode back-end that supports
        Unicode 6.3 or higher.

        * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
        U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
        that used to be whitespace.

2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>

        Registers used in writeBarrierOnOperand can cause clobbering on some platforms
        https://bugs.webkit.org/show_bug.cgi?id=127357

        Reviewed by Filip Pizlo.

        Some platforms use t0 and t1 for their first two arguments, so using those to load the 
        cell for the write barrier is a bad idea because it will get clobbered.

        * llint/LowLevelInterpreter32_64.asm:
        * llint/LowLevelInterpreter64.asm:

2014-01-21  Mark Rowe  <mrowe@apple.com>

        Mac production build fix.

        Move the shell script build phase to copy jsc into JavaScriptCore.framework
        out of the jsc target and in to the All target so that it's not run during
        production builds. Xcode appears to the parent directories of paths referenced
        in the Output Files of the build phase, which leads to problems when the
        SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.

        I've also fixed the path to the Resources folder in the script while I'm here.
        On iOS the framework bundle is shallow so the correct destination is Resources/
        rather than Versions/A/Resources. This is handled by tweaking the
        JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
        a complete path so we can reuse it in the script. The references in JSC.xcconfig
        and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
        to preserve their former values.

        * Configurations/Base.xcconfig:
        * Configurations/JSC.xcconfig:
        * Configurations/ToolExecutable.xcconfig:
        * JavaScriptCore.xcodeproj/project.pbxproj:

2014-01-19  Andreas Kling  <akling@apple.com>

        JSC Parser: Shrink BindingNode.
        <https://webkit.org/b/127253>

        The "divot" and "end" source locations are always identical for
        BindingNodes, so store only "start" and "end" instead.

        1.19 MB progression on Membuster3.

        Reviewed by Geoff Garen.

        * bytecompiler/NodesCodegen.cpp:
        (JSC::BindingNode::bindValue):
        * parser/ASTBuilder.h:
        (JSC::ASTBuilder::createBindingLocation):
        * parser/NodeConstructors.h:
        (JSC::BindingNode::create):
        (JSC::BindingNode::BindingNode):
        * parser/Nodes.h:
        (JSC::BindingNode::divotStart):
        (JSC::BindingNode::divotEnd):
        * parser/Parser.cpp:
        (JSC::Parser<LexerType>::createBindingPattern):
        * parser/SyntaxChecker.h:
        (JSC::SyntaxChecker::operatorStackPop):

2014-01-20  Filip Pizlo  <fpizlo@apple.com>

        op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
        https://bugs.webkit.org/show_bug.cgi?id=127311
        <rdar://problem/15853958>

        Reviewed by Andreas Kling.
        
        This makes UnlinkedCodeBlocks use 32-bit instruction streams again.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        * bytecode/UnlinkedCodeBlock.h:
        (JSC::UnlinkedInstruction::UnlinkedInstruction):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::addVar):
        (JSC::BytecodeGenerator::emitInitLazyRegister):
        (JSC::BytecodeGenerator::createArgumentsIfNecessary):
        * bytecompiler/BytecodeGenerator.h:
        (JSC::BytecodeGenerator::watchableVariable):
        (JSC::BytecodeGenerator::hasWatchableVariable):

2014-01-20  Mark Lam  <mark.lam@apple.com>

        Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
        <https://webkit.org/b/127321>

        Reviewed by Geoffrey Garen.

        We're changing plans and will be going with CodeBlock level breakpoints
        instead of bytecode level breakpoints. As a result, we no longer need
        the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
        friends). This patch will remove that unused code.

        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:
        * bytecode/LineColumnInfo.h: Removed.
        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
        * bytecode/UnlinkedCodeBlock.h:

2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>

        CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
        https://bugs.webkit.org/show_bug.cgi?id=127301

        Reviewed by Oliver Hunt.

        We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
        on the ownerExecutable, which is unnecessary. 

        * heap/CodeBlockSet.cpp:
        (JSC::CodeBlockSet::traceMarked):

2014-01-20  Anders Carlsson  <andersca@apple.com>

        Fix build.

        * heap/BlockAllocator.h:

2014-01-20  Anders Carlsson  <andersca@apple.com>

        Stop using ThreadCondition in BlockAllocator
        https://bugs.webkit.org/show_bug.cgi?id=126313

        Reviewed by Sam Weinig.

        * heap/BlockAllocator.cpp:
        (JSC::BlockAllocator::~BlockAllocator):
        (JSC::BlockAllocator::waitForDuration):
        (JSC::BlockAllocator::blockFreeingThreadMain):
        * heap/BlockAllocator.h:
        (JSC::BlockAllocator::deallocate):

2014-01-19  Anders Carlsson  <andersca@apple.com>

        Convert GCThreadSharedData over to STL threading primitives
        https://bugs.webkit.org/show_bug.cgi?id=127256

        Reviewed by Andreas Kling.

        * heap/GCThread.cpp:
        (JSC::GCThread::waitForNextPhase):
        (JSC::GCThread::gcThreadMain):
        * heap/GCThreadSharedData.cpp:
        (JSC::GCThreadSharedData::GCThreadSharedData):
        (JSC::GCThreadSharedData::~GCThreadSharedData):
        (JSC::GCThreadSharedData::startNextPhase):
        (JSC::GCThreadSharedData::endCurrentPhase):
        (JSC::GCThreadSharedData::didStartMarking):
        (JSC::GCThreadSharedData::didFinishMarking):
        * heap/GCThreadSharedData.h:
        * heap/SlotVisitor.cpp:
        (JSC::SlotVisitor::donateKnownParallel):
        (JSC::SlotVisitor::drainFromShared):

2014-01-18  Andreas Kling  <akling@apple.com>

        CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
        <https://webkit.org/b/127239>

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.h:
        (JSC::CodeBlock::setNumberOfByValInfos):
        (JSC::CodeBlock::setNumberOfCallLinkInfos):

            Use resizeToFit() instead of grow() for these vectors, since
            we know the final size here.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::shrinkToFit):

            No need to shrink here anymore. We were not even shrinking
            m_byValInfo before!

2014-01-18  Andreas Kling  <akling@apple.com>

        CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
        <https://webkit.org/b/127238>

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):

            Use resizeToFit() instead of grow() for m_functionExprs and
            m_functionDecls since we know they will never change size.

        (JSC::CodeBlock::shrinkToFit):

            No need to shrink them here anymore.

2014-01-18  Andreas Kling  <akling@apple.com>

        Remove unused CodeBlock::m_additionalIdentifiers member.
        <https://webkit.org/b/127237>

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.h:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):
        (JSC::CodeBlock::shrinkToFit):

            Remove m_additionalIdentifiers, nothing uses it.

2014-01-18  Andreas Kling  <akling@apple.com>

        Remove two unused CodeBlock functions.
        <https://webkit.org/b/127235>

        Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
        since they are not used.

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.cpp:
        * bytecode/CodeBlock.h:

2014-01-18  Andreas Kling  <akling@apple.com>

        CodeBlock: Size m_exceptionHandlers to fit from creation.
        <https://webkit.org/b/127234>

        Avoid allocation churn for CodeBlock::m_exceptionHandlers.

        Reviewed by Anders Carlsson.

        * bytecode/CodeBlock.h:

            Removed unused CodeBlock::allocateHandlers() function.

        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::CodeBlock):

            Use resizeToFit() instead of grow() for m_exceptionHandlers
            since we know it's never going to change size.

        (JSC::CodeBlock::shrinkToFit):

            No need to shrink m_exceptionHandlers here since it's already
            the perfect size.

2014-01-18  Mark Lam  <mark.lam@apple.com>

        Add a hasBreakpointFlag arg to the op_debug bytecode.
        https://bugs.webkit.org/show_bug.cgi?id=127230.

        Reviewed by Geoffrey Garen.

        This is in anticipation of upcoming changes to support bytecode level
        breakpoints. This patch adds the flag to the op_debug bytecode and
        initializes it, but does not use it yet.

        * bytecode/Opcode.h:
        (JSC::padOpcodeName):
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitDebugHook):
        * llint/LowLevelInterpreter.asm:

2014-01-18  Alberto Garcia  <berto@igalia.com>

        JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
        https://bugs.webkit.org/show_bug.cgi?id=99683

        Reviewed by Anders Carlsson.

        * jit/ThunkGenerators.cpp:
        * tools/CodeProfile.cpp:
        (JSC::symbolName):
        (JSC::CodeProfile::sample):

2014-01-18  Anders Carlsson  <andersca@apple.com>

        Remove ENABLE_THREADED_HTML_PARSER defines everywhere
        https://bugs.webkit.org/show_bug.cgi?id=127225

        Reviewed by Andreas Kling.

        This concludes the removal of over 8.8 million lines of threaded parser code.

        * Configurations/FeatureDefines.xcconfig:

2014-01-18  Mark Lam  <mark.lam@apple.com>

        Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
        https://bugs.webkit.org/show_bug.cgi?id=127127.

        Reviewed by Geoffrey Garen.

        In order to implement bytecode level breakpoints, we need a mechanism
        for computing the best fit op_debug bytecode offset for any valid given
        line and column value in the source. The "best fit" op_debug bytecode
        in this case is defined below in the comment for
        UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().

        * GNUmakefile.list.am:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
        * JavaScriptCore.xcodeproj/project.pbxproj:
        * bytecode/CodeBlock.cpp:
        (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
        - Convert the line and column to unlinked line and column values and
          pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
          to do the real work.

        * bytecode/CodeBlock.h:
        * bytecode/LineColumnInfo.h: Added.
        (JSC::LineColumnInfo::operator <):
        (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
        (JSC::LineColumnInfo::operator ==):
        (JSC::LineColumnInfo::operator !=):
        (JSC::LineColumnInfo::operator <=):
        (JSC::LineColumnInfo::operator >):
        (JSC::LineColumnInfo::operator >=):
        * bytecode/LineInfo.h: Removed.

        * bytecode/UnlinkedCodeBlock.cpp:
        (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
        - Factored this out of expressionRangeForBytecodeOffset() so that it can