7155c8cbaae5e1a19747b398cc43a9cb7c230edb
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-03  Andreas Kling  <akling@apple.com>
2
3         Keep only captured symbols in CodeBlock symbol tables.
4         <https://webkit.org/b/128050>
5
6         Discard all uncaptured symbols at the end of codegen since only
7         the captured ones will be used after that point.
8
9         ~2MB progression on Membuster OSUS.
10
11         Reviewed by Geoffrey Garen.
12
13         * bytecode/UnlinkedCodeBlock.h:
14         (JSC::UnlinkedCodeBlock::setSymbolTable):
15         * bytecompiler/BytecodeGenerator.cpp:
16         (JSC::BytecodeGenerator::generate):
17
18 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
19
20         Fix the LLInt C loop
21
22         Rubber stamped by Mark Lam.
23
24         * llint/LLIntSlowPaths.cpp:
25         (JSC::LLInt::llint_write_barrier_slow):
26         * llint/LLIntSlowPaths.h:
27
28 2014-02-03  Dean Jackson  <dino@apple.com>
29
30         Feature flag for shape-inside
31         https://bugs.webkit.org/show_bug.cgi?id=128001
32
33         Reviewed by Simon Fraser.
34
35         Add CSS_SHAPE_INSIDE flag.
36
37         * Configurations/FeatureDefines.xcconfig:
38
39 2014-02-03  Oliver Hunt  <oliver@apple.com>
40
41         Deconstructed parameters aren't being placed in the correct scope
42         https://bugs.webkit.org/show_bug.cgi?id=128126
43
44         Reviewed by Antti Koivisto.
45
46         Make sure we declare the bound parameter names as variables when
47         we reparse.  In the BytecodeGenerator we now also directly ensure
48         that bound parameters are placed in the symbol table of the function
49         we're currently compiling.  We then delay binding until just before
50         we start codegen for the body of the function so that we can ensure
51         the function has completely initialised all scope details.
52
53         * bytecompiler/BytecodeGenerator.cpp:
54         (JSC::BytecodeGenerator::generate):
55         (JSC::BytecodeGenerator::BytecodeGenerator):
56         * bytecompiler/BytecodeGenerator.h:
57         * parser/Parser.cpp:
58         (JSC::Parser<LexerType>::Parser):
59         (JSC::Parser<LexerType>::createBindingPattern):
60
61 2014-02-03  Alexey Proskuryakov  <ap@apple.com>
62
63         Update JS whitespace definition for changes in Unicode 6.3
64         https://bugs.webkit.org/show_bug.cgi?id=127450
65
66         Reviewed by Oliver Hunt.
67
68         * parser/Lexer.h: (JSC::Lexer<UChar>::isWhiteSpace): Part 2 of the fix, update lexer too.
69
70 2014-02-03  Matthew Mirman  <mmirman@apple.com>
71
72         Added GetTypedArrayByteOffset to FTL
73         https://bugs.webkit.org/show_bug.cgi?id=127589
74
75         Reviewed by Filip Pizlo.
76
77         * ftl/FTLAbstractHeapRepository.h:
78         * ftl/FTLCapabilities.cpp:
79         (JSC::FTL::canCompile):
80         * ftl/FTLLowerDFGToLLVM.cpp:
81         (JSC::FTL::LowerDFGToLLVM::compileNode):
82         (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
83         * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
84         (foo):
85         * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
86         (foo):
87
88 2014-02-03  Mark Lam  <mark.lam@apple.com>
89
90         Debugger created JSActivations should account for CodeBlock::framePointerOffsetToGetActivationRegisters().
91         <https://webkit.org/b/128112>
92
93         Reviewed by Geoffrey Garen.
94
95         Currently, when the DebuggerCallFrame creates the JSActivation object
96         for a frame, it does not account for the framePointerOffsetToGetActivationRegisters()
97         offset that needs to be added for DFG frames.
98
99         Instead of special casing the fix in DebuggerCallFrame::scope(), we fix
100         this by adding CodeBlock::framePointerOffsetToGetActivationRegisters() to
101         callFrame->registers() in the JSActivation::create() method that does not
102         explicitly take a Register*. This ensures that JSActivation::create() will
103         always do the right thing instead of only being a special case for the
104         LLINT and baselineJIT.
105
106         Apart from the DebuggerCallFrame, this create() function is only called by
107         slow paths in the LLINT and baselineJIT. Hence, it is not performance
108         critical.
109
110         * runtime/JSActivation.h:
111         (JSC::JSActivation::create):
112
113 2014-01-31  Geoffrey Garen  <ggaren@apple.com>
114
115         Simplified name scope creation for function expressions
116         https://bugs.webkit.org/show_bug.cgi?id=128031
117
118         Reviewed by Mark Lam.
119
120         3X speedup on js/regress/script-tests/function-with-eval.js.
121
122         We used to emit bytecode to push a name into local scope every
123         time a function that needed such a name executed. Now, we push the name
124         into scope once on the function object, and leave it there.
125
126         This is faster, and it also reduces the number of variable resolution
127         modes you have to worry about when thinking about bytecode and the
128         debugger.
129
130         This patch is slightly complicated by the fact that we don't know if
131         a function needs a name scope until we parse its body. So, there's some
132         glue code in here to delay filling in a function's scope until we parse
133         its body for the first time.
134
135         * bytecode/UnlinkedCodeBlock.cpp:
136         (JSC::generateFunctionCodeBlock):
137         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
138         * bytecode/UnlinkedCodeBlock.h:
139         (JSC::UnlinkedFunctionExecutable::functionMode): Renamed
140         functionNameIsInScopeToggle to functionMode.
141
142         * bytecompiler/BytecodeGenerator.cpp:
143         (JSC::BytecodeGenerator::BytecodeGenerator): No need to emit convert_this
144         when debugging. The debugger will perform the conversion as needed.
145
146         (JSC::BytecodeGenerator::resolveCallee):
147         (JSC::BytecodeGenerator::addCallee): Simplified this code by removing
148         the "my function needs a name scope, but didn't allocate one" mode.
149
150         * interpreter/Interpreter.cpp:
151         (JSC::Interpreter::execute):
152         (JSC::Interpreter::executeCall):
153         (JSC::Interpreter::executeConstruct):
154         (JSC::Interpreter::prepareForRepeatCall): Pass a scope slot through to
155         CodeBlock generation, so we can add a function name scope if the parsed
156         function body requires one.
157
158         * jit/JITOperations.cpp:
159         * llint/LLIntSlowPaths.cpp:
160         (JSC::LLInt::setUpCall): Ditto.
161
162         * parser/NodeConstructors.h:
163         (JSC::FuncExprNode::FuncExprNode):
164         (JSC::FuncDeclNode::FuncDeclNode):
165         * parser/Nodes.cpp:
166         (JSC::FunctionBodyNode::finishParsing):
167         * parser/Nodes.h:
168         (JSC::FunctionBodyNode::functionMode): Updated for rename.
169
170         * parser/ParserModes.h:
171         (JSC::functionNameIsInScope):
172         (JSC::functionNameScopeIsDynamic): Helper functions for reasoning about
173         how crazy JavaScript language semantics are.
174
175         * runtime/ArrayPrototype.cpp:
176         (JSC::isNumericCompareFunction):
177         (JSC::attemptFastSort): Updated for interface changes above.
178
179         * runtime/Executable.cpp:
180         (JSC::ScriptExecutable::newCodeBlockFor):
181         (JSC::ScriptExecutable::prepareForExecutionImpl):
182         (JSC::FunctionExecutable::FunctionExecutable):
183         * runtime/Executable.h:
184         (JSC::ScriptExecutable::prepareForExecution):
185         (JSC::FunctionExecutable::functionMode):
186         * runtime/JSFunction.cpp:
187         (JSC::JSFunction::addNameScopeIfNeeded):
188         * runtime/JSFunction.h:
189         * runtime/JSNameScope.h:
190         (JSC::JSNameScope::create):
191         (JSC::JSNameScope::JSNameScope): Added machinery for pushing a function
192         name scope onto a function when we first discover that it's needed.
193
194 2014-01-25  Darin Adler  <darin@apple.com>
195
196         Stop using Unicode.h
197         https://bugs.webkit.org/show_bug.cgi?id=127633
198
199         Reviewed by Anders Carlsson.
200
201         * parser/Lexer.h:
202         * runtime/JSGlobalObjectFunctions.h:
203         * yarr/YarrCanonicalizeUCS2.h:
204         * yarr/YarrInterpreter.h:
205         * yarr/YarrParser.h:
206         * yarr/YarrPattern.h:
207         Removed includes of <wtf/unicode/Unicode.h>, adding includes of
208         ICU headers and <wtf/text/LChar.h> as needed to replace it.
209
210 2014-02-03  Dan Bernstein  <mitz@apple.com>
211
212         Correctly address Darin’s review comment on the last change.
213
214         * runtime/Watchdog.h: Changed an OS(DARWIN) guard around formerly PLATFORM(MAC)-only member
215         variables to the equivalent OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
216
217 2014-02-03  Dan Bernstein  <mitz@apple.com>
218
219         Stop using PLATFORM(MAC) in JavaScriptCore except where it means “OS X but not iOS”
220         https://bugs.webkit.org/show_bug.cgi?id=128098
221
222         Reviewed by Darin Adler.
223
224         * API/JSValueRef.cpp:
225         (JSValueUnprotect): Added an explicit !PLATFORM(IOS) in guards for the Evernote workaround,
226         which is only needed on OS X.
227
228         * API/tests/testapi.c:
229         (main): Changed PLATFORM(MAC) || PLATFORM(IOS) guards to OS(DARWIN), because they were
230         surrounding tests for code that is itself guarded by OS(DARWIN).
231
232         * runtime/Watchdog.h: Changed PLATFORM(MAC) to OS(DARWIN).
233
234         * tools/CodeProfiling.cpp:
235         (JSC::CodeProfiling::begin): Changed PLATFORM(MAC) to
236         OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
237         (JSC::CodeProfiling::end): Ditto.
238
239 2014-02-02  Mark Lam  <mark.lam@apple.com>
240
241         Repatch code is passing the wrong args to lookupExceptionHandler.
242         <https://webkit.org/b/128085>
243
244         Reviewed by Oliver Hunt.
245
246         lookupExceptionHandler() is expecting 2 args: VM*, ExecState*.
247         The repatch code was only passing an ExecState*. A crash ensues.
248         This is now fixed.
249
250         * jit/JIT.cpp:
251         (JSC::JIT::privateCompileExceptionHandlers):
252         * jit/Repatch.cpp:
253         (JSC::generateProtoChainAccessStub):
254
255 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
256
257         JSC profiler's stub info profiling support should work again
258         https://bugs.webkit.org/show_bug.cgi?id=128057
259
260         Reviewed by Mark Lam.
261
262         * bytecode/CodeBlock.cpp:
263         (JSC::CodeBlock::printGetByIdCacheStatus): We want to know if the cache was ever reset by GC, since the DFG uses this information.
264         (JSC::CodeBlock::printLocationAndOp): This shouldn't have been inline.
265         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Ditto.
266         (JSC::CodeBlock::dumpBytecode): Dump the profiling field, and make sure that the caller can pass a StubInfoMap, which is necessary for dumping StructureStubInfo profiling.
267         * bytecode/CodeBlock.h: Out-of-line some methods and add the StubInfoMap parameter.
268         * profiler/ProfilerBytecodeSequence.cpp:
269         (JSC::Profiler::BytecodeSequence::BytecodeSequence): Create a StubInfoMap before dumping bytecodes.
270
271 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
272
273         JSC profiler should show reasons for jettison
274         https://bugs.webkit.org/show_bug.cgi?id=128047
275
276         Reviewed by Geoffrey Garen.
277         
278         Henceforth if you want to jettison a CodeBlock, you gotta tell the Profiler why you did
279         it. This makes figuring out convergence issues - where some code seems to take a long
280         time to get into the top tier compiler - a lot easier.
281
282         * CMakeLists.txt:
283         * GNUmakefile.list.am:
284         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
285         * JavaScriptCore.xcodeproj/project.pbxproj:
286         * bytecode/CodeBlock.cpp:
287         (JSC::CodeBlock::finalizeUnconditionally):
288         (JSC::CodeBlock::jettison):
289         (JSC::CodeBlock::addBreakpoint):
290         (JSC::CodeBlock::setSteppingMode):
291         * bytecode/CodeBlock.h:
292         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
293         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
294         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
295         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
296         * dfg/DFGOperations.cpp:
297         * jit/JITOperations.cpp:
298         * profiler/ProfilerCompilation.cpp:
299         (JSC::Profiler::Compilation::Compilation):
300         (JSC::Profiler::Compilation::toJS):
301         * profiler/ProfilerCompilation.h:
302         (JSC::Profiler::Compilation::setJettisonReason):
303         * profiler/ProfilerJettisonReason.cpp: Added.
304         (WTF::printInternal):
305         * profiler/ProfilerJettisonReason.h: Added.
306         * runtime/CommonIdentifiers.h:
307         * runtime/VM.cpp:
308         (JSC::SetEnabledProfilerFunctor::operator()):
309
310 2014-02-01  Mark Lam  <mark.lam@apple.com>
311
312         Saying "jitType() == JITCode::DFGJIT" is almost never correct.
313         <http://webkit.org/b/128045>
314
315         Reviewed by Filip Pizlo.
316
317         JITCode::isOptimizingJIT(jitType()) is the right way to say it.
318
319         * bytecode/CodeBlock.cpp:
320         (JSC::CodeBlock::addBreakpoint):
321         (JSC::CodeBlock::setSteppingMode):
322         * runtime/VM.cpp:
323         (JSC::SetEnabledProfilerFunctor::operator()):
324
325 2014-02-01  Michael Saboff  <msaboff@apple.com>
326
327         REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.JavaScriptCore: JSC::ArrayProfile::computeUpdatedPrediction + 4
328         https://bugs.webkit.org/show_bug.cgi?id=128037
329
330         Reviewed by Mark Lam.
331
332         op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
333         change set r162739.
334
335         * bytecode/CodeBlock.cpp:
336         (JSC::CodeBlock::CodeBlock):
337         * bytecompiler/BytecodeGenerator.cpp:
338         (JSC::BytecodeGenerator::emitCallVarargs):
339
340 2014-01-31  Mark Lam  <mark.lam@apple.com>
341
342         Gardening: fix build breakage.
343
344         Not reviewed.
345
346         * interpreter/CallFrame.h:
347
348 2014-01-31  Mark Lam  <mark.lam@apple.com>
349
350         Gardening: Fix a merge problem to unbreak bots.
351
352         Not reviewed.
353
354         * bytecompiler/BytecodeGenerator.cpp:
355         (JSC::BytecodeGenerator::BytecodeGenerator):
356
357 2014-01-31  Oliver Hunt  <oliver@apple.com>
358
359         Rollout r163195 and related patches
360
361         * API/JSCallbackObjectFunctions.h:
362         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
363         (JSC::JSCallbackObject<Parent>::put):
364         (JSC::JSCallbackObject<Parent>::deleteProperty):
365         (JSC::JSCallbackObject<Parent>::getStaticValue):
366         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
367         (JSC::JSCallbackObject<Parent>::callbackGetter):
368         * CMakeLists.txt:
369         * DerivedSources.make:
370         * GNUmakefile.am:
371         * GNUmakefile.list.am:
372         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
373         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
374         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
375         * JavaScriptCore.vcxproj/copy-files.cmd:
376         * JavaScriptCore.xcodeproj/project.pbxproj:
377         * builtins/Array.prototype.js: Removed.
378         * builtins/BuiltinExecutables.cpp: Removed.
379         * builtins/BuiltinExecutables.h: Removed.
380         * bytecode/CodeBlock.cpp:
381         (JSC::CodeBlock::CodeBlock):
382         * bytecode/CodeBlock.h:
383         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
384         * bytecode/UnlinkedCodeBlock.cpp:
385         (JSC::generateFunctionCodeBlock):
386         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
387         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
388         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
389         * bytecode/UnlinkedCodeBlock.h:
390         (JSC::ExecutableInfo::ExecutableInfo):
391         (JSC::UnlinkedFunctionExecutable::create):
392         * bytecompiler/BytecodeGenerator.cpp:
393         (JSC::BytecodeGenerator::BytecodeGenerator):
394         * bytecompiler/BytecodeGenerator.h:
395         (JSC::BytecodeGenerator::makeFunction):
396         * bytecompiler/NodesCodegen.cpp:
397         (JSC::CallFunctionCallDotNode::emitBytecode):
398         (JSC::ApplyFunctionCallDotNode::emitBytecode):
399         * create_hash_table:
400         * dfg/DFGDominators.cpp:
401         * dfg/DFGJITCode.cpp:
402         * dfg/DFGOperations.cpp:
403         * generate-js-builtins: Removed.
404         * interpreter/CachedCall.h:
405         (JSC::CachedCall::CachedCall):
406         * interpreter/Interpreter.cpp:
407         * interpreter/ProtoCallFrame.cpp:
408         * jit/JITOpcodes.cpp:
409         * jit/JITOpcodes32_64.cpp:
410         * jit/JITOperations.cpp:
411         * jit/JITPropertyAccess.cpp:
412         * jit/JITPropertyAccess32_64.cpp:
413         * jsc.cpp:
414         * llint/LLIntOffsetsExtractor.cpp:
415         * llint/LLIntSlowPaths.cpp:
416         * parser/ASTBuilder.h:
417         (JSC::ASTBuilder::makeFunctionCallNode):
418         * parser/Lexer.cpp:
419         (JSC::Lexer<T>::Lexer):
420         (JSC::Lexer<LChar>::parseIdentifier):
421         (JSC::Lexer<UChar>::parseIdentifier):
422         (JSC::Lexer<T>::lex):
423         * parser/Lexer.h:
424         (JSC::Lexer<T>::lexExpectIdentifier):
425         * parser/Nodes.cpp:
426         * parser/Nodes.h:
427         * parser/Parser.cpp:
428         (JSC::Parser<LexerType>::Parser):
429         (JSC::Parser<LexerType>::parseInner):
430         (JSC::Parser<LexerType>::didFinishParsing):
431         (JSC::Parser<LexerType>::printUnexpectedTokenText):
432         * parser/Parser.h:
433         (JSC::parse):
434         * parser/ParserModes.h:
435         * parser/ParserTokens.h:
436         * runtime/Arguments.h:
437         * runtime/ArgumentsIteratorPrototype.cpp:
438         * runtime/ArrayPrototype.cpp:
439         (JSC::arrayProtoFuncEvery):
440         * runtime/CodeCache.cpp:
441         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
442         * runtime/CommonIdentifiers.cpp:
443         (JSC::CommonIdentifiers::CommonIdentifiers):
444         * runtime/CommonIdentifiers.h:
445         * runtime/CommonSlowPaths.cpp:
446         * runtime/CommonSlowPathsExceptions.cpp:
447         * runtime/ExceptionHelpers.cpp:
448         (JSC::createUndefinedVariableError):
449         * runtime/Executable.h:
450         (JSC::EvalExecutable::executableInfo):
451         (JSC::ProgramExecutable::executableInfo):
452         (JSC::isHostFunction):
453         * runtime/FunctionPrototype.cpp:
454         (JSC::functionProtoFuncToString):
455         * runtime/JSActivation.cpp:
456         (JSC::JSActivation::symbolTableGet):
457         (JSC::JSActivation::symbolTablePut):
458         (JSC::JSActivation::symbolTablePutWithAttributes):
459         * runtime/JSArgumentsIterator.cpp:
460         * runtime/JSArray.cpp:
461         * runtime/JSArrayIterator.cpp:
462         * runtime/JSCJSValue.cpp:
463         * runtime/JSCellInlines.h:
464         * runtime/JSFunction.cpp:
465         (JSC::JSFunction::calculatedDisplayName):
466         (JSC::JSFunction::sourceCode):
467         (JSC::JSFunction::callerGetter):
468         (JSC::JSFunction::getOwnPropertySlot):
469         (JSC::JSFunction::getOwnNonIndexPropertyNames):
470         (JSC::JSFunction::put):
471         (JSC::JSFunction::defineOwnProperty):
472         * runtime/JSFunction.h:
473         * runtime/JSFunctionInlines.h:
474         (JSC::JSFunction::nativeFunction):
475         (JSC::JSFunction::nativeConstructor):
476         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
477         * runtime/JSGenericTypedArrayViewInlines.h:
478         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
479         * runtime/JSGlobalObject.cpp:
480         (JSC::JSGlobalObject::reset):
481         (JSC::JSGlobalObject::visitChildren):
482         * runtime/JSGlobalObject.h:
483         (JSC::JSGlobalObject::symbolTableHasProperty):
484         * runtime/JSObject.cpp:
485         (JSC::getClassPropertyNames):
486         (JSC::JSObject::reifyStaticFunctionsForDelete):
487         * runtime/JSObject.h:
488         * runtime/JSPromiseConstructor.cpp:
489         * runtime/JSPromiseDeferred.cpp:
490         * runtime/JSPromisePrototype.cpp:
491         * runtime/JSPromiseReaction.h:
492         * runtime/JSPropertyNameIterator.cpp:
493         * runtime/JSPropertyNameIterator.h:
494         * runtime/JSString.h:
495         (JSC::JSString::getStringPropertySlot):
496         (JSC::inlineJSValueNotStringtoString):
497         (JSC::JSValue::toWTFStringInline):
498         * runtime/JSStringInlines.h: Removed.
499         * runtime/JSSymbolTableObject.cpp:
500         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
501         * runtime/JSSymbolTableObject.h:
502         (JSC::symbolTableGet):
503         (JSC::symbolTablePut):
504         (JSC::symbolTablePutWithAttributes):
505         * runtime/Lookup.cpp:
506         (JSC::setUpStaticFunctionSlot):
507         * runtime/Lookup.h:
508         (JSC::HashEntry::propertyGetter):
509         (JSC::HashEntry::propertyPutter):
510         (JSC::HashTable::entry):
511         (JSC::getStaticPropertySlot):
512         (JSC::getStaticValueSlot):
513         (JSC::putEntry):
514         * runtime/NativeErrorConstructor.cpp:
515         * runtime/NativeErrorConstructor.h:
516         (JSC::NativeErrorConstructor::finishCreation):
517         * runtime/PropertySlot.h:
518         * runtime/RegExpConstructor.cpp:
519         * runtime/RegExpPrototype.cpp:
520         * runtime/SetConstructor.cpp:
521         * runtime/StringObject.cpp:
522         * runtime/Structure.cpp:
523         * runtime/VM.cpp:
524         (JSC::VM::VM):
525         * runtime/VM.h:
526
527 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
528
529         DFG->FTL tier-up shouldn't assume that LoopHints stay at the tops of loops
530         https://bugs.webkit.org/show_bug.cgi?id=128030
531
532         Reviewed by Oliver Hunt.
533         
534         Remove a bogus assertion. The only thing that matters is that the LoopHint had at one
535         point in time been at the top of a loop header, and that it is now at the top of a
536         basic block. But the basic block that it's at the top of now doesn't have to be the
537         same as the loop header that it once was the top of.
538
539         * dfg/DFGTierUpCheckInjectionPhase.cpp:
540         (JSC::DFG::TierUpCheckInjectionPhase::run):
541         * tests/stress/tier-up-in-loop-with-cfg-simplification.js: Added.
542         (foo):
543
544 2014-01-31  Mark Lam  <mark.lam@apple.com>
545
546         Avoid eagerly creating the JSActivation when the debugger is attached.
547         <https://webkit.org/b/127910>
548
549         Reviewed by Oliver Hunt.
550
551         Octane scores for this patch:
552             baseline w/o WebInspector: 11621
553             patched  w/o WebInspector: 11801
554             baseline w/ WebInspector:  3295
555             patched  w/ WebInspector:  7070   2.1x improvement
556
557         1. Because debugger can potentially create a closure from any call frame,
558            we need every function to allocate an activation register and check for
559            the need to tear off the activation (if needed) on return.
560
561            However, we do not need to eagerly create the activation object.
562            This patch implements the optimization to defer creation of the
563            activation object until we actually need it i.e. when:
564
565            1. We encounter a "eval", "with", or "catch" statement.
566            2. We've paused in the debugger, and called DebuggerCallFrame::scope().
567
568         2. The UnlinkedCodeBlock provides a needsFullScopeChain flag that is used
569            to indicate whether the linked CodeBlock will need an activation
570            object or not. Under normal circumstances, needsFullScopeChain and
571            needsActivation are synonymous. However, with a debugger attached, we
572            want the CodeBlock to always allocate an activationRegister even if
573            it does not need a "full scope chain".
574
575            Hence, we apply the following definitions to the "flags":
576
577            1. UnlinkedCodeBlock::needsFullScopeChain() - this flag indicates that
578               the parser discovered JS artifacts (e.g. use of "eval", "with", etc.)
579               that requires an activation.
580
581               BytecodeGenerator's destinationForAssignResult() and leftHandSideNeedsCopy()
582               checks needsFullScopeChain().
583
584            2. UnlinkedCodeBlock::hasActivationRegister() - this flag indicates that
585               an activation register was created for the UnlinkedCodeBlock either
586               because it needsFullScopeChain() or because the debugger is attached.
587
588            3. CodeBlock::needsActivation() reflects UnlinkedCodeBlock's
589               hasActivationRegister().
590
591         3. Introduced BytecodeGenerator::emitPushFunctionNameScope() and
592            BytecodeGenerator::emitPushCatchScope() because the JSNameScope
593            pushed for a function name cannot be popped unlike the JSNameScope
594            pushed for a "catch". Hence, we have 2 functions to handle the 2 cases
595            differently.
596
597         4. Removed DebuggerCallFrame::evaluateWithCallFrame() and require that all
598            debugger evaluations go through the DebuggerCallFrame::evaluate(). This
599            ensures that debugger evaluations require a DebuggerCallFrame.
600
601            DebuggerCallFrame::evaluateWithCallFrame() was used previously because
602            we didn't want to instantiate a DebuggerCallFrame on every debug hook
603            callback. However, we now only call the debug hooks when needed, and
604            this no longer poses a performance problem.
605
606            In addition, when the debug hook does an eval to test a breakpoint
607            condition, it is incorrect to evaluate it without a DebuggerCallFrame
608            anyway.
609
610         5. Added some utility functions to the CallFrame to make it easier to work
611            with the activation register in the frame (if present). These utility
612            functions should only be called if the CodeBlock::needsActivation() is
613            true (which indicates the presence of the activation register). The
614            utlity functions are:
615
616            1. CallFrame::hasActivation()
617               - checks if the frame's activation object has been created.
618
619            2. CallFrame::activation()
620               - returns the frame's activation object.
621
622            3. CallFrame::uncheckedActivation()
623               - returns the JSValue in the frame's activation register. May be null.
624
625            4. CallFrame::setActivation()
626               - sets the frame's activation object.
627
628         * bytecode/CodeBlock.cpp:
629         (JSC::CodeBlock::dumpBytecode):
630         - added symbollic dumping of ResolveMode and ResolveType values for some
631           bytecodes.
632         (JSC::CodeBlock::CodeBlock):
633         * bytecode/CodeBlock.h:
634         (JSC::CodeBlock::activationRegister):
635         (JSC::CodeBlock::uncheckedActivationRegister):
636         (JSC::CodeBlock::needsActivation):
637         * bytecode/UnlinkedCodeBlock.h:
638         (JSC::UnlinkedCodeBlock::needsFullScopeChain):
639         (JSC::UnlinkedCodeBlock::hasActivationRegister):
640         * bytecompiler/BytecodeGenerator.cpp:
641         (JSC::BytecodeGenerator::BytecodeGenerator):
642         (JSC::BytecodeGenerator::resolveCallee):
643         (JSC::BytecodeGenerator::createActivationIfNecessary):
644         (JSC::BytecodeGenerator::emitCallEval):
645         (JSC::BytecodeGenerator::emitReturn):
646         (JSC::BytecodeGenerator::emitPushWithScope):
647         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
648         (JSC::BytecodeGenerator::emitPushCatchScope):
649         * bytecompiler/BytecodeGenerator.h:
650         * bytecompiler/NodesCodegen.cpp:
651         (JSC::TryNode::emitBytecode):
652         * debugger/Debugger.cpp:
653         (JSC::Debugger::hasBreakpoint):
654         (JSC::Debugger::pauseIfNeeded):
655         * debugger/DebuggerCallFrame.cpp:
656         (JSC::DebuggerCallFrame::scope):
657         (JSC::DebuggerCallFrame::evaluate):
658         * debugger/DebuggerCallFrame.h:
659         * dfg/DFGByteCodeParser.cpp:
660         (JSC::DFG::ByteCodeParser::parseCodeBlock):
661         * dfg/DFGGraph.h:
662         - Removed an unused function DFGGraph::needsActivation().
663         * interpreter/CallFrame.cpp:
664         (JSC::CallFrame::activation):
665         (JSC::CallFrame::setActivation):
666         * interpreter/CallFrame.h:
667         (JSC::ExecState::hasActivation):
668         (JSC::ExecState::registers):
669         * interpreter/CallFrameInlines.h:
670         (JSC::CallFrame::uncheckedActivation):
671         * interpreter/Interpreter.cpp:
672         (JSC::unwindCallFrame):
673         (JSC::Interpreter::unwind):
674         * jit/JITOperations.cpp:
675         * llint/LLIntSlowPaths.cpp:
676         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
677         * runtime/CommonSlowPaths.cpp:
678         (JSC::SLOW_PATH_DECL):
679
680         * runtime/JSScope.cpp:
681         * runtime/JSScope.h:
682         (JSC::resolveModeName):
683         (JSC::resolveTypeName):
684         - utility functions for decoding names of the ResolveMode and ResolveType.
685           These are used in CodeBlock::dumpBytecode().
686
687 2014-01-31  Michael Saboff  <msaboff@apple.com>
688
689         REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
690         https://bugs.webkit.org/show_bug.cgi?id=128017
691
692         Reviewed by Filip Pizlo.
693
694         Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
695         to JSLock and JSLock::DropAllLocks.  The saved data is now stored in per-thread in
696         WTFThreadData.
697
698         * runtime/InitializeThreading.cpp:
699         (JSC::initializeThreading):
700         * runtime/JSLock.cpp:
701         (JSC::JSLock::lock):
702         (JSC::JSLock::unlock):
703         (JSC::JSLock::DropAllLocks::DropAllLocks):
704         (JSC::JSLock::DropAllLocks::~DropAllLocks):
705         * runtime/JSLock.h:
706         * runtime/VMEntryScope.cpp:
707         (JSC::VMEntryScope::VMEntryScope):
708         (JSC::VMEntryScope::~VMEntryScope):
709         * runtime/VMEntryScope.h:
710
711 2014-01-31  Mark Lam  <mark.lam@apple.com>
712
713         Don't need a JSNameScope for the callee name just for the debugger.
714         <https://webkit.org/b/128024>
715
716         Reviewed by Geoffrey Garen.
717
718         Currently, in the bytecode for a function, we push a JSNamedScope for
719         the name of the function when a debugger is attached. The name scope for
720         the function name is only needed for evals which can redefine the name
721         to resolve to something else, and can later delete the redefined name
722         which should revert the resolution of the name to the original function.
723         The debugger does not need this feature because it declares all new vars
724         in a temporary nested scope. Hence, we can remove the presence of the
725         debugger as a criteria for pushing the JSNameScope.
726
727         * bytecompiler/BytecodeGenerator.cpp:
728         (JSC::BytecodeGenerator::resolveCallee):
729         (JSC::BytecodeGenerator::addCallee):
730
731 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
732
733         Unreviewed, build fix.
734
735         * ftl/FTLOSREntry.cpp:
736
737 2014-01-31  Oliver Hunt  <oliver@apple.com>
738
739         Fix windows
740
741         * generate-js-builtins:
742
743 2014-01-31  Oliver Hunt  <oliver@apple.com>
744
745         Fix 32bit.
746
747         * jit/JITPropertyAccess32_64.cpp:
748
749 2014-01-31  Mark Lam  <mark.lam@apple.com>
750
751         Add options to force debugger / profiler bytecode generation.
752         <https://webkit.org/b/128014>
753
754         Reviewed by Oliver Hunt.
755
756         Add Options::forceDebuggerBytecodeGeneration() and
757         Options::forceProfilerBytecodeGeneration(). These options make it more
758         convenient to do correctness testing when debugger / profiler bytecodes
759         are generated.
760
761         These options are disabled by default.
762
763         * bytecompiler/BytecodeGenerator.cpp:
764         (JSC::BytecodeGenerator::BytecodeGenerator):
765         * runtime/Options.h:
766
767 2014-01-29  Oliver Hunt  <oliver@apple.com>
768
769         Make it possible to implement JS builtins in JS
770         https://bugs.webkit.org/show_bug.cgi?id=127887
771
772         Reviewed by Michael Saboff.
773
774         This patch makes it possible to write builtin functions in JS.
775         The bindings, generators, and definitions are all created automatically
776         based on js files in the builtins/ directory.  This patch includes one
777         such case: Array.prototype.js with an implementation of every().
778
779         There's a lot of refactoring to make it possible for CommonIdentifiers
780         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
781         without breaking the offset extractor. The result of this refactoring
782         is that CommonIdentifiers, and a few other miscellaneous headers now
783         need to be included directly as they were formerly captured through other
784         paths.
785
786         In addition this adds a flag to the Lookup table's hashentry to indicate
787         that a static function is actually backed by JS. There is then a lot of
788         logic to thread the special nature of the functon to where it matters.
789         This allows toString(), .caller, etc to mimic the behaviour of a host
790         function.
791
792         Notes on writing builtins:
793          - Each function is compiled independently of the others, and those
794            implementations cannot currently capture all global properties (as
795            that could be potentially unsafe). If a function does capture a
796            global we will deliberately crash.
797          - For those "global" properties that we do want access to, we use
798            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
799            are private names, and behave just like regular properties, only
800            without the risk of adulteration. Again, in the @Object case, we
801            explicitly duplicate the ObjectConstructor reference on the GlobalObject
802            so that we have guaranteed access to the original version of the
803            constructor.
804          - call, apply, eval, and Function are all rejected identifiers, again
805            to prevent anything from accidentally using an adulterated object.
806            Instead @call and @apply are available, and happily they completely
807            drop the neq_ptr instruction as they're defined as always being the
808            original call/apply functions.
809
810         These restrictions are just intended to make it harder to accidentally
811         make changes that are incorrect (for instance calling whatever has been
812         assigned to global.Object, instead of the original constructor function).
813         However, making a mistake like this should result in a purely semantic
814         error as fundamentally these functions are treated as though they were
815         regular JS code in the host global, and have no more privileges than
816         any other JS.
817
818         The initial proof of concept is Array.prototype.every, this shows a 65%
819         performance improvement, and that improvement is significantly hurt by
820         our poor optimisation of op_in.
821
822         As this is such a limited function, we have not yet exported all symbols
823         that we could possibly need, but as we implement more, the likelihood
824         of encountering missing features will reduce.
825
826         This did require breaking out a JSStringInlines header, and required
827         fixing a few objects that were trying to using PropertyName::publicName
828         rather than PropertyName::uid.
829
830         * API/JSCallbackObjectFunctions.h:
831         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
832         (JSC::JSCallbackObject<Parent>::put):
833         (JSC::JSCallbackObject<Parent>::deleteProperty):
834         (JSC::JSCallbackObject<Parent>::getStaticValue):
835         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
836         (JSC::JSCallbackObject<Parent>::callbackGetter):
837         * CMakeLists.txt:
838         * DerivedSources.make:
839         * GNUmakefile.list.am:
840         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
841         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
842         * JavaScriptCore.xcodeproj/project.pbxproj:
843         * builtins/Array.prototype.js:
844         (every):
845         * builtins/BuiltinExecutables.cpp: Added.
846         (JSC::BuiltinExecutables::BuiltinExecutables):
847         (JSC::BuiltinExecutables::createBuiltinExecutable):
848         * builtins/BuiltinExecutables.h:
849         (JSC::BuiltinExecutables::create):
850         * bytecode/CodeBlock.cpp:
851         (JSC::CodeBlock::CodeBlock):
852         * bytecode/CodeBlock.h:
853         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
854         * bytecode/UnlinkedCodeBlock.cpp:
855         (JSC::generateFunctionCodeBlock):
856         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
857         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
858         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
859         * bytecode/UnlinkedCodeBlock.h:
860         (JSC::ExecutableInfo::ExecutableInfo):
861         (JSC::UnlinkedFunctionExecutable::create):
862         (JSC::UnlinkedFunctionExecutable::toStrictness):
863         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
864         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
865         * bytecompiler/BytecodeGenerator.cpp:
866         (JSC::BytecodeGenerator::BytecodeGenerator):
867         * bytecompiler/BytecodeGenerator.h:
868         (JSC::BytecodeGenerator::isBuiltinFunction):
869         (JSC::BytecodeGenerator::makeFunction):
870         * bytecompiler/NodesCodegen.cpp:
871         (JSC::CallFunctionCallDotNode::emitBytecode):
872         (JSC::ApplyFunctionCallDotNode::emitBytecode):
873         * create_hash_table:
874         * dfg/DFGOperations.cpp:
875         * generate-js-builtins: Added.
876         (getCopyright):
877         (getFunctions):
878         (generateCode):
879         (mangleName):
880         (FunctionExecutable):
881         (Identifier):
882         (JSGlobalObject):
883         (SourceCode):
884         (UnlinkedFunctionExecutable):
885         (VM):
886         * interpreter/Interpreter.cpp:
887         * interpreter/ProtoCallFrame.cpp:
888         * jit/JITOpcodes.cpp:
889         * jit/JITOpcodes32_64.cpp:
890         * jit/JITOperations.cpp:
891         * jit/JITPropertyAccess.cpp:
892         * jit/JITPropertyAccess32_64.cpp:
893         * jsc.cpp:
894         * llint/LLIntSlowPaths.cpp:
895         * parser/ASTBuilder.h:
896         (JSC::ASTBuilder::makeFunctionCallNode):
897         * parser/Lexer.cpp:
898         (JSC::Lexer<T>::Lexer):
899         (JSC::isSafeIdentifier):
900         (JSC::Lexer<LChar>::parseIdentifier):
901         (JSC::Lexer<UChar>::parseIdentifier):
902         (JSC::Lexer<T>::lex):
903         * parser/Lexer.h:
904         (JSC::isSafeIdentifier):
905         (JSC::Lexer<T>::lexExpectIdentifier):
906         * parser/Nodes.cpp:
907         (JSC::ProgramNode::setClosedVariables):
908         * parser/Nodes.h:
909         (JSC::ScopeNode::capturedVariables):
910         (JSC::ScopeNode::setClosedVariables):
911         (JSC::ProgramNode::closedVariables):
912         * parser/Parser.cpp:
913         (JSC::Parser<LexerType>::Parser):
914         (JSC::Parser<LexerType>::parseInner):
915         (JSC::Parser<LexerType>::didFinishParsing):
916         (JSC::Parser<LexerType>::printUnexpectedTokenText):
917         * parser/Parser.h:
918         (JSC::Scope::getUsedVariables):
919         (JSC::Parser::closedVariables):
920         (JSC::parse):
921         * parser/ParserModes.h:
922         * parser/ParserTokens.h:
923         * runtime/ArgList.cpp:
924         * runtime/Arguments.cpp:
925         * runtime/Arguments.h:
926         * runtime/ArgumentsIteratorConstructor.cpp:
927         * runtime/ArgumentsIteratorPrototype.cpp:
928         * runtime/ArrayPrototype.cpp:
929         * runtime/CodeCache.cpp:
930         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
931         * runtime/CommonIdentifiers.cpp:
932         (JSC::CommonIdentifiers::CommonIdentifiers):
933         (JSC::CommonIdentifiers::getPrivateName):
934         (JSC::CommonIdentifiers::getPublicName):
935         * runtime/CommonIdentifiers.h:
936         * runtime/CommonSlowPaths.cpp:
937         * runtime/CommonSlowPathsExceptions.cpp:
938         * runtime/ExceptionHelpers.cpp:
939         (JSC::createUndefinedVariableError):
940         * runtime/Executable.h:
941         (JSC::EvalExecutable::executableInfo):
942         (JSC::ProgramExecutable::executableInfo):
943         (JSC::FunctionExecutable::isBuiltinFunction):
944         * runtime/FunctionPrototype.cpp:
945         (JSC::functionProtoFuncToString):
946         * runtime/JSActivation.cpp:
947         (JSC::JSActivation::symbolTableGet):
948         (JSC::JSActivation::symbolTablePut):
949         (JSC::JSActivation::symbolTablePutWithAttributes):
950         * runtime/JSArgumentsIterator.cpp:
951         * runtime/JSArray.cpp:
952         * runtime/JSArrayIterator.cpp:
953         * runtime/JSCJSValue.cpp:
954         * runtime/JSCellInlines.h:
955         * runtime/JSFunction.cpp:
956         (JSC::JSFunction::createBuiltinFunction):
957         (JSC::JSFunction::calculatedDisplayName):
958         (JSC::JSFunction::sourceCode):
959         (JSC::JSFunction::isHostOrBuiltinFunction):
960         (JSC::JSFunction::isBuiltinFunction):
961         (JSC::JSFunction::callerGetter):
962         (JSC::JSFunction::getOwnPropertySlot):
963         (JSC::JSFunction::getOwnNonIndexPropertyNames):
964         (JSC::JSFunction::put):
965         (JSC::JSFunction::defineOwnProperty):
966         * runtime/JSFunction.h:
967         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
968         * runtime/JSGenericTypedArrayViewInlines.h:
969         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
970         * runtime/JSGlobalObject.cpp:
971         (JSC::JSGlobalObject::reset):
972         (JSC::JSGlobalObject::visitChildren):
973         * runtime/JSGlobalObject.h:
974         (JSC::JSGlobalObject::objectConstructor):
975         (JSC::JSGlobalObject::symbolTableHasProperty):
976         * runtime/JSObject.cpp:
977         (JSC::getClassPropertyNames):
978         (JSC::JSObject::reifyStaticFunctionsForDelete):
979         (JSC::JSObject::putDirectBuiltinFunction):
980         * runtime/JSObject.h:
981         * runtime/JSPropertyNameIterator.cpp:
982         * runtime/JSPropertyNameIterator.h:
983         * runtime/JSString.h:
984         * runtime/JSStringInlines.h: Added.
985         (JSC::JSString::getStringPropertySlot):
986         (JSC::inlineJSValueNotStringtoString):
987         (JSC::JSValue::toWTFStringInline):
988         * runtime/JSSymbolTableObject.cpp:
989         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
990            Don't report private names.
991         * runtime/JSSymbolTableObject.h:
992         (JSC::symbolTableGet):
993         (JSC::symbolTablePut):
994         (JSC::symbolTablePutWithAttributes):
995         * runtime/Lookup.cpp:
996         (JSC::setUpStaticFunctionSlot):
997         * runtime/Lookup.h:
998         (JSC::HashEntry::builtinGenerator):
999         (JSC::HashEntry::propertyGetter):
1000         (JSC::HashEntry::propertyPutter):
1001         (JSC::HashTable::entry):
1002         (JSC::getStaticPropertySlot):
1003         (JSC::getStaticValueSlot):
1004         (JSC::putEntry):
1005         * runtime/NativeErrorConstructor.cpp:
1006         (JSC::NativeErrorConstructor::finishCreation):
1007         * runtime/NativeErrorConstructor.h:
1008         * runtime/PropertySlot.h:
1009         * runtime/RegExpPrototype.cpp:
1010         * runtime/SetConstructor.cpp:
1011         * runtime/StringObject.cpp:
1012         * runtime/Structure.cpp:
1013         * runtime/VM.cpp:
1014         (JSC::VM::VM):
1015         * runtime/VM.h:
1016         (JSC::VM::builtinExecutables):
1017
1018 2014-01-31  Gabor Rapcsanyi  <rgabor@webkit.org>
1019
1020         Fix the ARM Thumb2 build after jsCStack branch merge
1021         https://bugs.webkit.org/show_bug.cgi?id=127903
1022
1023         Reviewed by Michael Saboff.
1024
1025         SP register cannot be used as a destination register of SUB or ADD on Thumb mode.
1026
1027         * llint/LowLevelInterpreter.asm:
1028         * llint/LowLevelInterpreter32_64.asm:
1029
1030 2014-01-31  Julien Brianceau  <jbriance@cisco.com>
1031
1032         [arm] Add missing pushPair/popPair implementations in MacroAssemblerARM.h
1033         https://bugs.webkit.org/show_bug.cgi?id=127904
1034
1035         Reviewed by Zoltan Herczeg.
1036
1037         * assembler/MacroAssemblerARM.h:
1038         (JSC::MacroAssemblerARM::popPair):
1039         (JSC::MacroAssemblerARM::pushPair):
1040
1041 2014-01-30  Martin Robinson  <mrobinson@igalia.com>
1042
1043         [GTK] [CMake] Add support for building against GTK+ 2
1044         https://bugs.webkit.org/show_bug.cgi?id=127959
1045
1046         Reviewed by Anders Carlsson.
1047
1048         * PlatformGTK.cmake: Use the new API version variable and don't use GTK3 directly.
1049
1050 2014-01-30  Andreas Kling  <akling@apple.com>
1051
1052         CodeBlock's cloned SymbolTables only need the captured names.
1053         <https://webkit.org/b/127978>
1054
1055         Renamed SymbolTable::clone() to SymbolTable::cloneCapturedNames()
1056         and make it skip over any symbols that aren't captured, since those
1057         won't be needed after codegen.
1058
1059         This is a first step towards getting rid of redundant symbol tables.
1060
1061         Reviewed by Geoffrey Garen.
1062
1063         * bytecode/CodeBlock.cpp:
1064         (JSC::CodeBlock::CodeBlock):
1065         * runtime/SymbolTable.cpp:
1066         (JSC::SymbolTable::cloneCapturedNames):
1067         * runtime/SymbolTable.h:
1068
1069 2014-01-28  Timothy Hatcher  <timothy@apple.com>
1070
1071         Add column number and call timing support to LegacyProfiler.
1072
1073         https://bugs.webkit.org/show_bug.cgi?id=127764
1074
1075         Reviewed by Joseph Pecoraro.
1076
1077         * interpreter/Interpreter.cpp:
1078         (JSC::Interpreter::execute):
1079         * profiler/CallIdentifier.h:
1080         (JSC::CallIdentifier::CallIdentifier):
1081         (JSC::CallIdentifier::functionName):
1082         (JSC::CallIdentifier::url):
1083         (JSC::CallIdentifier::lineNumber):
1084         (JSC::CallIdentifier::columnNumber):
1085         (JSC::CallIdentifier::operator==):
1086         (JSC::CallIdentifier::operator!=):
1087         (JSC::CallIdentifier::Hash::hash):
1088         (WTF::HashTraits<JSC::CallIdentifier>::constructDeletedValue):
1089         (WTF::HashTraits<JSC::CallIdentifier>::isDeletedValue):
1090         * profiler/LegacyProfiler.cpp:
1091         (JSC::LegacyProfiler::willExecute):
1092         (JSC::LegacyProfiler::didExecute):
1093         (JSC::LegacyProfiler::exceptionUnwind):
1094         (JSC::LegacyProfiler::createCallIdentifier):
1095         (JSC::createCallIdentifierFromFunctionImp):
1096         * profiler/LegacyProfiler.h:
1097         * profiler/Profile.cpp:
1098         (JSC::Profile::Profile):
1099         * profiler/Profile.h:
1100         (JSC::Profile::uid):
1101         (JSC::Profile::idleTime):
1102         (JSC::Profile::setIdleTime):
1103         * profiler/ProfileGenerator.cpp:
1104         (JSC::AddParentForConsoleStartFunctor::operator()):
1105         (JSC::ProfileGenerator::addParentForConsoleStart):
1106         (JSC::ProfileGenerator::willExecute):
1107         (JSC::ProfileGenerator::didExecute):
1108         (JSC::ProfileGenerator::stopProfiling):
1109         (JSC::ProfileGenerator::removeProfileStart):
1110         (JSC::ProfileGenerator::removeProfileEnd):
1111         * profiler/ProfileNode.cpp:
1112         (JSC::ProfileNode::ProfileNode):
1113         (JSC::ProfileNode::stopProfiling):
1114         (JSC::ProfileNode::endAndRecordCall):
1115         (JSC::ProfileNode::startTimer):
1116         (JSC::ProfileNode::debugPrintData):
1117         * profiler/ProfileNode.h:
1118         (JSC::ProfileNode::Call::Call):
1119         (JSC::ProfileNode::Call::startTime):
1120         (JSC::ProfileNode::Call::setStartTime):
1121         (JSC::ProfileNode::Call::totalTime):
1122         (JSC::ProfileNode::Call::setTotalTime):
1123         (JSC::ProfileNode::id):
1124         (JSC::ProfileNode::functionName):
1125         (JSC::ProfileNode::url):
1126         (JSC::ProfileNode::lineNumber):
1127         (JSC::ProfileNode::columnNumber):
1128         (JSC::ProfileNode::calls):
1129         (JSC::ProfileNode::lastCall):
1130         (JSC::ProfileNode::numberOfCalls):
1131
1132 2014-01-26  Timothy Hatcher  <timothy@apple.com>
1133
1134         Include profile with FunctionCall and EvaluateScript Timeline records.
1135
1136         https://bugs.webkit.org/show_bug.cgi?id=127663
1137
1138         Reviewed by Joseph Pecoraro.
1139
1140         * inspector/InjectedScriptBase.cpp:
1141         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
1142         * inspector/InspectorEnvironment.h:
1143         * inspector/JSGlobalObjectInspectorController.h:
1144
1145 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1146
1147         FTL should support GetById(Untyped:)
1148         https://bugs.webkit.org/show_bug.cgi?id=127750
1149
1150         Reviewed by Oliver Hunt.
1151         
1152         This was supposed to be easy. Indeed, the actual GetById UntypedUse case was easy. But
1153         then it expanded coverage by a lot and I got to deal with three bugs. So, this has
1154         some additional changes:
1155         
1156         Also make it safe for LLVM to duplicate calls to patchpoints and stackmaps. Previously
1157         we incorrectly assumed that if we emitted a patchpoint, then there would only be one
1158         copy of that patchpoint (with that ID) in the resulting machine code and in the
1159         stackmaps section. That's obviously a bad assumption - LLVM is allowed to do anything
1160         it wants so long as the outcome of executing the code has a semantically equivalent
1161         meaning to the IR we gave it, and duplicating code is trivially OK under this rule. We
1162         should be OK with it, too. The solution is to add Vectors in a bunch of places that
1163         previously just thought they only had one value. For example, an InlineCacheDescriptor
1164         now has a Vector of generators - one generator for each copy that LLVM stamped out.
1165         Normally there will only be one copy, of course - since duplication is usually
1166         unprofitable. But, if LLVM decides that copying would be groovy then we will no longer
1167         barf.
1168         
1169         Also fix SSA conversion. It turns out that we mishandled the case where a block had
1170         multiple Phi functions for the same local. If any of those CPS Phis fail to trivialize
1171         in the Aycock-Horspool fixpoint, we need to insert an SSA Phi. Previously, it was
1172         assuming that so long as the head CPS Phi was trivial, we could forego SSA Phi
1173         insertion. That's wrong if the head CPS Phi trivialized but ended up pointing to a
1174         non-trivial CPS Phi in the same block. This madness with trees of Phis occurs because
1175         we try to save on compile times: no Phi ever has more than three children even if the
1176         block has more than three predecessors; we just build out a tree of Phis to satisfy
1177         all predecessors. So weird.
1178         
1179         And finally, fix DFG->FTL OSR entry's reconstruction of 'this' in a constructor. That
1180         reconstruction code, JITCode::reconstruct(), had a work-around for the case where we
1181         were entering into a constructor at the prologue. In that case, 'this' is definitely
1182         unavailable. But the OSR code does reconstructions at LoopHints, which aren't at the
1183         prologue, and so 'this' should totally be available.
1184
1185         * dfg/DFGGraph.cpp:
1186         (JSC::DFG::Graph::dump):
1187         * dfg/DFGJITCode.cpp:
1188         (JSC::DFG::JITCode::reconstruct):
1189         * dfg/DFGNode.h:
1190         (JSC::DFG::Node::tryGetVariableAccessData):
1191         * dfg/DFGSSAConversionPhase.cpp:
1192         (JSC::DFG::SSAConversionPhase::run):
1193         * ftl/FTLCapabilities.cpp:
1194         (JSC::FTL::canCompile):
1195         * ftl/FTLCompile.cpp:
1196         (JSC::FTL::generateICFastPath):
1197         (JSC::FTL::fixFunctionBasedOnStackMaps):
1198         * ftl/FTLInlineCacheDescriptor.h:
1199         * ftl/FTLJITFinalizer.cpp:
1200         (JSC::FTL::JITFinalizer::codeSize):
1201         * ftl/FTLJSCall.cpp:
1202         (JSC::FTL::JSCall::JSCall):
1203         * ftl/FTLJSCall.h:
1204         * ftl/FTLLowerDFGToLLVM.cpp:
1205         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1206         (JSC::FTL::LowerDFGToLLVM::getById):
1207         * ftl/FTLOSREntry.cpp:
1208         (JSC::FTL::prepareOSREntry):
1209         * ftl/FTLStackMaps.cpp:
1210         (JSC::FTL::StackMaps::getRecordMap):
1211         * ftl/FTLStackMaps.h:
1212         * tests/stress/get-by-id-untyped.js: Added.
1213         (foo):
1214
1215 2014-01-30  Geoffrey Garen  <ggaren@apple.com>
1216
1217         Part 2: REGRESSION: JavascriptCore crash during OS Installation (due to
1218         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1219         https://bugs.webkit.org/show_bug.cgi?id=127950
1220
1221         Reviewed by Mark Hahnenberg.
1222
1223         Scope the APICallbackShim to make sure that we re-acquire the lock
1224         before putting the heap back into the "unsafe to allocate" state.
1225         Otherwise, the heap will seem to be in the "unsafe to allocate" state
1226         during any GC that happens before we re-acquire the lock.
1227
1228         No regression test because threads.
1229
1230         * heap/DelayedReleaseScope.h:
1231         (JSC::DelayedReleaseScope::~DelayedReleaseScope):
1232
1233 2014-01-30  Filip Pizlo  <fpizlo@apple.com>
1234
1235         Update FTL StackMaps parser to stackSize change
1236         https://bugs.webkit.org/show_bug.cgi?id=127933
1237
1238         Reviewed by Oliver Hunt.
1239
1240         * ftl/FTLStackMaps.cpp:
1241         (JSC::FTL::StackMaps::parse):
1242
1243 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1244
1245         [GTK] Only disable -ftree-dce optimization when compiling with GCC
1246         https://bugs.webkit.org/show_bug.cgi?id=127911
1247
1248         Reviewed by Carlos Garcia Campos.
1249
1250         * GNUmakefile.am: Only disable the -ftree-dce optimization when using the GCC compiler.
1251         Some Clang versions/configurations don't support the flag.
1252
1253 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1254
1255         [GTK] Disable optimizations for JSC that turned out malignant after jsCStack branch merge
1256         https://bugs.webkit.org/show_bug.cgi?id=127909
1257
1258         Reviewed by Carlos Garcia Campos.
1259
1260         * GNUmakefile.am: Disable the -fomit-frame-pointer optimization to achieve proper register usage
1261         in operationCallEval. Disable the -ftree-dce optimization since it is causing additional failures
1262         when using GCC 4.8, possibly due to a bug in the compiler itself.
1263
1264 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1265
1266         Remove ENABLE(JAVASCRIPT_DEBUGGER) leftovers
1267         https://bugs.webkit.org/show_bug.cgi?id=127845
1268
1269         Reviewed by Joseph Pecoraro.
1270
1271         * Configurations/FeatureDefines.xcconfig:
1272
1273 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1274
1275         Web Inspector: Play Breakpoint Sound in Frontend
1276         https://bugs.webkit.org/show_bug.cgi?id=127885
1277
1278         Reviewed by Timothy Hatcher.
1279
1280         * inspector/ScriptDebugListener.h:
1281         * inspector/ScriptDebugServer.cpp:
1282         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
1283         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1284         * inspector/ScriptDebugServer.h:
1285         Pass the breakpoint action identifier through when the
1286         sound breakpoint action is triggered.
1287
1288         * inspector/protocol/Debugger.json:
1289         New "playBreakpointActionSound" event when a "sound" breakpoint action triggers.
1290
1291         * inspector/agents/InspectorDebuggerAgent.h:
1292         * inspector/agents/InspectorDebuggerAgent.cpp:
1293         (Inspector::InspectorDebuggerAgent::breakpointActionSound):
1294         Send the new event so the frontend can handle it.
1295
1296 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1297
1298         Merge final changesets from the jsCStack branch (r162969, r162975, r162992, r163004, r163069).
1299
1300     2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1301     
1302             DFG ArrayPop double array mishandles the NaN hole installation
1303             https://bugs.webkit.org/show_bug.cgi?id=127813
1304     
1305             Reviewed by Mark Rowe.
1306             
1307             Our object model for arrays inferred double dictates that we use quiet NaN (QNaN) to
1308             mark holes. Holes, in this context, are any entries in the allocated array buffer
1309             (i.e. from index 0 up to the vectorLength) that don't currently hold a value. Popping
1310             creates a hole, since it deletes the value at publicLength - 1.
1311             
1312             But, because of some sloppy copy-and-paste, we were storing (int64_t)0 when creating
1313             the hole, instead of storing QNaN. That's likely because for other kinds of arrays,
1314             64-bit zero is the hole marker, instead of QNaN.
1315             
1316             The attached test case illustrates the problem. In the LLInt and Baseline JIT, the
1317             result returned from foo() is "1.5,2.5,,4.5", since array.pop() removes 3.5 and
1318             replaces it with a hole and then the assignment "array[3] = 4.5" creates an element
1319             just beyond that hole. But, once we tier-up to the DFG, the result previously became
1320             "1.5,2.5,0,4.5", which is wrong. The 0 appeared because the IEEE double
1321             interpretation of 64-bit zero is simply zero.
1322             
1323             This patch fixes that problem. Now the DFG agrees with the other engines.
1324             
1325             This patch also fixes style. For some reason that copy-pasted code wasn't even
1326             indented correctly.
1327     
1328             * dfg/DFGSpeculativeJIT64.cpp:
1329             (JSC::DFG::SpeculativeJIT::compile):
1330             * tests/stress/array-pop-double-hole.js: Added.
1331             (foo):
1332     
1333     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1334     
1335             FTL should support ArrayPush
1336             https://bugs.webkit.org/show_bug.cgi?id=127748
1337     
1338             Not reviewed, remove some debug code.
1339     
1340             * ftl/FTLLowerDFGToLLVM.cpp:
1341             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1342     
1343     2014-01-27  Filip Pizlo  <fpizlo@apple.com>
1344     
1345             FTL should support ArrayPush
1346             https://bugs.webkit.org/show_bug.cgi?id=127748
1347     
1348             Reviewed by Oliver Hunt.
1349     
1350             * ftl/FTLAbstractHeapRepository.h:
1351             (JSC::FTL::AbstractHeapRepository::forArrayType):
1352             * ftl/FTLCapabilities.cpp:
1353             (JSC::FTL::canCompile):
1354             * ftl/FTLIntrinsicRepository.h:
1355             * ftl/FTLLowerDFGToLLVM.cpp:
1356             (JSC::FTL::LowerDFGToLLVM::compileNode):
1357             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1358             * tests/stress/array-push-contiguous.js: Added.
1359             (foo):
1360             * tests/stress/array-push-double.js: Added.
1361             (foo):
1362     
1363     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1364     
1365             FTL should support ArrayPop
1366             https://bugs.webkit.org/show_bug.cgi?id=127749
1367     
1368             Reviewed by Geoffrey Garen.
1369     
1370             * ftl/FTLCapabilities.cpp:
1371             (JSC::FTL::canCompile):
1372             * ftl/FTLIntrinsicRepository.h:
1373             * ftl/FTLLowerDFGToLLVM.cpp:
1374             (JSC::FTL::LowerDFGToLLVM::compileNode):
1375             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1376             (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
1377             * tests/stress/array-pop-contiguous.js: Added.
1378             (foo):
1379             * tests/stress/array-pop-double.js: Added.
1380             (foo):
1381             * tests/stress/array-pop-int32.js: Added.
1382             (foo):
1383     
1384 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1385
1386         DFG::ByteCodeParser::m_dfgCodeBlock is sometimes uninitialized
1387         <rdar://problem/15939032>
1388
1389         Reviewed by Dan Bernstein.
1390
1391         * dfg/DFGByteCodeParser.cpp:
1392         (JSC::DFG::ByteCodeParser::parse):
1393
1394 2014-01-29  Geoffrey Garen  <ggaren@apple.com>
1395
1396         50% time on Dromaeo Selector * benchmark spent allocating oversized backing stores (but not in Chrome)
1397         https://bugs.webkit.org/show_bug.cgi?id=127879
1398
1399         Reviewed by Gavin Barraclough.
1400
1401         Let's not dynamically resize an array whose size is statically known,
1402         mmmkay?
1403
1404         * runtime/ArrayPrototype.cpp:
1405         (JSC::arrayProtoFuncConcat): Use nullptr to disambiguate vs the numeric
1406         argument.
1407
1408         (JSC::arrayProtoFuncSlice): The fix.
1409
1410         (JSC::arrayProtoFuncSort):
1411         (JSC::arrayProtoFuncSplice):
1412         (JSC::arrayProtoFuncFilter):
1413         (JSC::arrayProtoFuncMap): Use nullptr.
1414
1415 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1416
1417         Web Inspector: Run JSC Inspector EventLoop in a custom run loop mode to prevent default observers from running
1418         https://bugs.webkit.org/show_bug.cgi?id=127865
1419
1420         Reviewed by Geoffrey Garen.
1421
1422         When hitting a breakpoint in a JSContext Inspector we want to entirely
1423         pause the process and all access to the JSContext and only move forward
1424         based on debugger commands. Having the nested run loop run in a default
1425         mode allowed NSTimers scheduled on the thread to regularly run and
1426         evaluate code in the JSContext. Using a custom run loop mode gets us
1427         a bit closer to locking down the context. This doesn't handle scenarios
1428         where background threads also access the JSContext, but it handles the
1429         most common scenario.
1430
1431         * inspector/EventLoop.cpp:
1432         (Inspector::EventLoop::cycle):
1433
1434 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1435
1436         Web Inspector: Deadlock hitting breakpoint while inspecting JSContext
1437         https://bugs.webkit.org/show_bug.cgi?id=127864
1438
1439         Reviewed by Geoffrey Garen.
1440
1441         Temporarily drop the lock while we run the nested runloop.
1442
1443         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1444         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1445
1446 2014-01-28  Oliver Hunt  <oliver@apple.com>
1447
1448         Make DOM attributes appear to be faux accessor properties
1449         https://bugs.webkit.org/show_bug.cgi?id=127797
1450
1451         Reviewed by Michael Saboff.
1452
1453         Add flag so we can identify which properties should have the old
1454         custom property semantics vs. the new faux accessors. Update the
1455         inspector protocol accordingly.
1456
1457         These faux accessors produce descriptors with "get" and "set"
1458         properties, but both values are undefined so can't be used
1459         directly. A few custom properties actually require their
1460         existing magical behaviour, so we now have a flag to 
1461         distinguish the expected output.
1462
1463         * inspector/InjectedScriptSource.js:
1464         (.):
1465         * runtime/JSObject.cpp:
1466         (JSC::JSObject::getOwnPropertyDescriptor):
1467         * runtime/PropertyDescriptor.cpp:
1468         (JSC::PropertyDescriptor::setCustomDescriptor):
1469         * runtime/PropertyDescriptor.h:
1470         * runtime/PropertySlot.h:
1471
1472 2014-01-29  Beth Dakin  <bdakin@apple.com>
1473
1474         Build fix.
1475
1476         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1477         * llint/LowLevelInterpreter.cpp:
1478
1479 2014-01-29  Dan Bernstein  <mitz@apple.com>
1480
1481         Build fix.
1482
1483         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added a newline at the end of the
1484         file.
1485
1486 2014-01-28  Michael Saboff  <msaboff@apple.com>
1487
1488         Merge the jsCStack branch
1489         https://bugs.webkit.org/show_bug.cgi?id=127763
1490
1491         Reviewed by Mark Hahnenberg.
1492
1493         Changes from http://svn.webkit.org/repository/webkit/branches/jsCStack
1494         up to changeset 162958.
1495
1496 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1497
1498         Remove ENABLE(JAVASCRIPT_DEBUGGER) guards
1499         https://bugs.webkit.org/show_bug.cgi?id=127840
1500
1501         Reviewed by Mark Lam.
1502
1503         * inspector/scripts/CodeGeneratorInspector.py:
1504
1505 2014-01-28  Commit Queue  <commit-queue@webkit.org>
1506
1507         Unreviewed, rolling out r162987.
1508         http://trac.webkit.org/changeset/162987
1509         https://bugs.webkit.org/show_bug.cgi?id=127825
1510
1511         Broke Mountain Lion build (Requested by andersca on #webkit).
1512
1513         * inspector/InjectedScriptSource.js:
1514         (.):
1515         * runtime/JSObject.cpp:
1516         (JSC::JSObject::getOwnPropertyDescriptor):
1517         * runtime/PropertyDescriptor.cpp:
1518         * runtime/PropertyDescriptor.h:
1519         * runtime/PropertySlot.h:
1520
1521 2014-01-28  Oliver Hunt  <oliver@apple.com>
1522
1523         Make DOM attributes appear to be faux accessor properties
1524         https://bugs.webkit.org/show_bug.cgi?id=127797
1525
1526         Reviewed by Michael Saboff.
1527
1528         Add flag so we can identify which properties should have the old
1529         custom property semantics vs. the new faux accessors. Update the
1530         inspector protocol accordingly.
1531
1532         These faux accessors produce descriptors with "get" and "set"
1533         properties, but both values are undefined so can't be used
1534         directly. A few custom properties actually require their
1535         existing magical behaviour, so we now have a flag to 
1536         distinguish the expected output.
1537
1538         * inspector/InjectedScriptSource.js:
1539         (.):
1540         * runtime/JSObject.cpp:
1541         (JSC::JSObject::getOwnPropertyDescriptor):
1542         * runtime/PropertyDescriptor.cpp:
1543         (JSC::PropertyDescriptor::setCustomDescriptor):
1544         * runtime/PropertyDescriptor.h:
1545         * runtime/PropertySlot.h:
1546
1547 2014-01-28  Mark Lam  <mark.lam@apple.com>
1548
1549         Remove some unneeded debugger code.
1550         https://bugs.webkit.org/show_bug.cgi?id=127805.
1551
1552         Reviewed by Oliver Hunt.
1553
1554         JSC will now always support the debugger. Hence, the #if ENABLE(JAVASCRIPT_DEBUGGER)
1555         checks can be removed.
1556
1557         DebuggerCallFrame::callFrame() is also unused and will be removed.
1558
1559         * debugger/Breakpoint.h:
1560         * debugger/Debugger.cpp:
1561         * debugger/DebuggerCallFrame.h:
1562         * inspector/InjectedScript.cpp:
1563         (Inspector::InjectedScript::wrapCallFrames):
1564         * inspector/InjectedScript.h:
1565         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1566         * inspector/JSGlobalObjectScriptDebugServer.h:
1567         * inspector/JSJavaScriptCallFrame.cpp:
1568         * inspector/JSJavaScriptCallFrame.h:
1569         * inspector/JSJavaScriptCallFramePrototype.cpp:
1570         * inspector/JSJavaScriptCallFramePrototype.h:
1571         * inspector/JavaScriptCallFrame.cpp:
1572         * inspector/JavaScriptCallFrame.h:
1573         * inspector/ScriptDebugListener.h:
1574         * inspector/ScriptDebugServer.cpp:
1575         * inspector/ScriptDebugServer.h:
1576         * inspector/agents/InspectorDebuggerAgent.cpp:
1577         * inspector/agents/InspectorDebuggerAgent.h:
1578         * inspector/agents/InspectorRuntimeAgent.cpp:
1579         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
1580         (Inspector::setPauseOnExceptionsState):
1581         (Inspector::InspectorRuntimeAgent::evaluate):
1582         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1583         (Inspector::InspectorRuntimeAgent::getProperties):
1584         * inspector/agents/InspectorRuntimeAgent.h:
1585
1586 2014-01-28  Geoffrey Garen  <ggaren@apple.com>
1587
1588         REGRESSION: JavascriptCore crash during OS Installation (due to
1589         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1590         https://bugs.webkit.org/show_bug.cgi?id=127793
1591
1592         Reviewed by Mark Hahnenberg.
1593
1594         This was a mistaken ASSERT.
1595
1596         * API/tests/testapi.mm:
1597         (-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
1598         that GC from a DelayedReleaseScope doesn't crash.
1599
1600         * heap/DelayedReleaseScope.h:
1601         (JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
1602         it is valid to do anything while running a DelayedReleaseScope -dealloc
1603         method, so the Heap must be ready for new allocations and collections.
1604
1605         Change the Heap's operationInProgress value to NoOperation while running
1606         -dealloc methods, so that it doesn't ASSERT in the face of new allocations
1607         and collections.
1608
1609         * heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
1610         for m_operationInProgress seemed like the worse of the two options for
1611         encapsulation: we don't really want arbitrary clients to set the Heap's
1612         m_operationInProgress.
1613
1614 2014-01-28  Mark Lam  <mark.lam@apple.com>
1615
1616         Jettison DFG code when neither breakpoints or the profiler are active.
1617         <https://webkit.org/b/127766>
1618
1619         Reviewed by Geoffrey Garen.
1620
1621         We need to jettison the DFG CodeBlocks under the following circumstances:
1622         1. When adding breakpoints to a CodeBlock, jettison it if it is a DFG CodeBlock.
1623         2. When enabling stepping mode in a CodeBlock, jettison it if it a DFG CodeBlock.
1624         3. When settign the enabled profiler in the VM, we need to jettison all DFG
1625            CodeBlocks.
1626
1627         Instead of emitting speculation checks, the DFG code will now treat Breakpoint,
1628         ProfileWillCall, and ProfileDidCall as no-ops similar to a Phantom node. We
1629         still need to track these nodes so that they match the corresponding opcodes
1630         in the baseline JIT when we jettison and OSR exit. Without them, we would OSR
1631         exit to the wrong location in the baseline JIT code.
1632
1633         In DFGDriver's compileImpl() and DFGPlan's finalizeWithoutNotifyingCallback()
1634         we fail the compilation effort with a CompilationInvalidated result. This allows
1635         the DFG compiler to re-attampt the compilation of the function after some time
1636         if it is hot. The CompilationInvalidated result is supposed to cause the DFG
1637         to exercise an exponential back off before re-attempting compilation again
1638         (see runtime/CompilationResult.h).
1639
1640         This patch improves the Octane score from ~2950 to ~3067.
1641
1642         * bytecode/CodeBlock.cpp:
1643         (JSC::CodeBlock::addBreakpoint):
1644         (JSC::CodeBlock::setSteppingMode):
1645         * bytecode/CodeBlock.h:
1646         * debugger/Debugger.h:
1647         * dfg/DFGAbstractInterpreterInlines.h:
1648         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1649         * dfg/DFGClobberize.h:
1650         (JSC::DFG::clobberize):
1651         * dfg/DFGDriver.cpp:
1652         (JSC::DFG::compileImpl):
1653         * dfg/DFGPlan.cpp:
1654         (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
1655         * dfg/DFGSpeculativeJIT32_64.cpp:
1656         (JSC::DFG::SpeculativeJIT::compile):
1657         * dfg/DFGSpeculativeJIT64.cpp:
1658         (JSC::DFG::SpeculativeJIT::compile):
1659         * profiler/LegacyProfiler.cpp:
1660         (JSC::LegacyProfiler::startProfiling):
1661         (JSC::LegacyProfiler::stopProfiling):
1662         * runtime/VM.cpp:
1663         (JSC::VM::VM):
1664         (JSC::SetEnabledProfilerFunctor::operator()):
1665         (JSC::VM::setEnabledProfiler):
1666         * runtime/VM.h:
1667         (JSC::VM::enabledProfiler):
1668
1669 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1670
1671         -[JSContext evaluteScript:] calls JSEvaluteScript with startingLineNumber 0, later interpreted as a oneBasedInt
1672         https://bugs.webkit.org/show_bug.cgi?id=127648
1673
1674         Reviewed by Geoffrey Garen.
1675
1676         The actual bug being fixed here is that the line number for
1677         scripts evaluated via the JSC APIs is now sane. However,
1678         there is no good infrastructure in place right now to test that.
1679
1680         * API/tests/testapi.c:
1681         (main):
1682         * API/tests/testapi.mm:
1683         (testObjectiveCAPI):
1684         Add tests for exception line numbers and handling of bad
1685         startingLineNumbers in public APIs. These tests were already
1686         passing, I just add them to make sure they are not regressed
1687         in the future.
1688
1689         * API/JSBase.cpp:
1690         (JSEvaluateScript):
1691         (JSCheckScriptSyntax):
1692         * API/JSBase.h:
1693         * API/JSObjectRef.cpp:
1694         (JSObjectMakeFunction):
1695         * API/JSObjectRef.h:
1696         * API/JSScriptRef.cpp:
1697         * API/JSScriptRefPrivate.h:
1698         * API/JSStringRef.h:
1699         - Clarify documentation that startingLineNumber is 1 based and clamped.
1700         - Add clamping in the implementation to put sane values into JSC::SourceProvider.
1701
1702         * inspector/agents/InspectorDebuggerAgent.cpp:
1703         (Inspector::InspectorDebuggerAgent::didParseSource):
1704         Remove the FIXME now that the SourceProvider is giving us expected values.
1705
1706 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1707
1708         Web Inspector: CRASH when debugger closes remote inspecting JSContext
1709         https://bugs.webkit.org/show_bug.cgi?id=127738
1710
1711         Reviewed by Timothy Hatcher.
1712
1713         RemoteInspectorXPCConnection could be accessed in a background dispatch
1714         queue, while being deallocated on the main thread when a connection
1715         was suddenly terminated.
1716
1717         Make RemoteInspectorXPCConnection a ThreadSafeRefCounted object. Always
1718         keep the connection object ref'd until the main thread calls close()
1719         and removes its reference. At that point we can close the connection,
1720         queue, and deref safely on the background queue.
1721
1722         * inspector/remote/RemoteInspector.h:
1723         * inspector/remote/RemoteInspector.mm:
1724         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1725         (Inspector::RemoteInspector::xpcConnectionFailed):
1726         For simplicity RemoteInspectorXPCConnections's don't have any threading
1727         primatives to prevent client callbacks after they are closed. RemoteInspector
1728         does, so it just ignores possible callbacks from connections it no longer
1729         cares about.
1730
1731         * inspector/remote/RemoteInspectorXPCConnection.h:
1732         * inspector/remote/RemoteInspectorXPCConnection.mm:
1733         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
1734         (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
1735         (Inspector::RemoteInspectorXPCConnection::close):
1736         Keep the connection alive as long as the queue it can be used on
1737         is alive. Clean up everything on the queue when close() is called.
1738
1739         (Inspector::RemoteInspectorXPCConnection::handleEvent):
1740         Checking if closed here is not thread safe so it is meaningless.
1741         Remove the check.
1742
1743         (Inspector::RemoteInspectorXPCConnection::sendMessage):
1744         Bail based on the m_closed state.
1745
1746 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1747
1748         JavaScriptCore: Enable -Wimplicit-fallthrough and add FALLTHROUGH annotation where needed
1749         https://bugs.webkit.org/show_bug.cgi?id=127647
1750
1751         Reviewed by Anders Carlsson.
1752
1753         Explicitly annotate switch case fallthroughs in JavaScriptCore and
1754         enable warnings for unannotated fallthroughs.
1755
1756         * dfg/DFGArithMode.h:
1757         (doesOverflow):
1758         Only insert FALLTHROUGH in release builds. In debug builds, the
1759         FALLTHROUGH would be unreachable (due to the ASSERT_NOT_REACHED)
1760         and would through a warning.
1761
1762         * dfg/DFGSpeculativeJIT64.cpp:
1763         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
1764         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
1765         Due to the templatized nature of this function, a fallthrough
1766         in one of the template expansions would be unreachable. Disable
1767         the warning for this function.
1768
1769         * Configurations/Base.xcconfig:
1770         * bytecode/CodeBlock.cpp:
1771         (JSC::CodeBlock::CodeBlock):
1772         * dfg/DFGCFGSimplificationPhase.cpp:
1773         (JSC::DFG::CFGSimplificationPhase::run):
1774         * dfg/DFGValidate.cpp:
1775         (JSC::DFG::Validate::validateCPS):
1776         * parser/Lexer.cpp:
1777         (JSC::Lexer<T>::lex):
1778         * parser/Parser.cpp:
1779         (JSC::Parser<LexerType>::parseStatement):
1780         (JSC::Parser<LexerType>::parseProperty):
1781         * runtime/JSArray.cpp:
1782         (JSC::JSArray::push):
1783         * runtime/JSONObject.cpp:
1784         (JSC::Walker::walk):
1785         * runtime/JSObject.cpp:
1786         (JSC::JSObject::putByIndex):
1787         (JSC::JSObject::putByIndexBeyondVectorLength):
1788         * runtime/JSObject.h:
1789         (JSC::JSObject::setIndexQuickly):
1790         (JSC::JSObject::initializeIndex):
1791         * runtime/LiteralParser.cpp:
1792         (JSC::LiteralParser<CharType>::parse):
1793         * yarr/YarrInterpreter.cpp:
1794         (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
1795         (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
1796         * yarr/YarrParser.h:
1797         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
1798         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
1799         (JSC::Yarr::Parser::parseEscape):
1800         (JSC::Yarr::Parser::parseTokens):
1801
1802 2014-01-27  Andy Estes  <aestes@apple.com>
1803
1804         Scrub WebKit API headers of WTF macros
1805         https://bugs.webkit.org/show_bug.cgi?id=127706
1806
1807         Reviewed by David Kilzer.
1808
1809         * Configurations/FeatureDefines.xcconfig: Added ENABLE_INSPECTOR.
1810
1811 2014-01-27  Mark Lam  <mark.lam@apple.com>
1812
1813         Remove unused CodeBlock::createActivation().
1814         <https://webkit.org/b/127686>
1815
1816         Reviewed by Filip Pizlo.
1817
1818         * bytecode/CodeBlock.cpp:
1819         * bytecode/CodeBlock.h:
1820
1821 2014-01-26  Andreas Kling  <akling@apple.com>
1822
1823         JSC: Pack unlinked instructions harder.
1824         <https://webkit.org/b/127660>
1825
1826         Store UnlinkedCodeBlock's instructions in a variable-length stream
1827         to reduce memory usage. Compression rate ends up around 60-61%.
1828
1829         The format is very simple. Every instruction starts with a 1 byte
1830         opcode. It's followed by an opcode-dependent number of argument
1831         values, each encoded separately for maximum packing. There are
1832         7 packed value formats:
1833
1834             5-bit positive integer
1835             5-bit negative integer
1836             13-bit positive integer
1837             13-bit positive integer
1838             5-bit constant register index
1839             13-bit constant register index
1840             32-bit value (fallback)
1841
1842         27.5 MB progression on Membuster3. (~2% of total memory.)
1843
1844         Reviewed by Filip Pizlo.
1845
1846         * JavaScriptCore.xcodeproj/project.pbxproj:
1847         * bytecode/UnlinkedInstructionStream.h: Added.
1848         (JSC::UnlinkedInstructionStream::count):
1849         (JSC::UnlinkedInstructionStream::Reader::atEnd):
1850         * bytecode/UnlinkedInstructionStream.cpp: Added.
1851         (JSC::UnlinkedInstructionStream::Reader::Reader):
1852         (JSC::UnlinkedInstructionStream::Reader::read8):
1853         (JSC::UnlinkedInstructionStream::Reader::read32):
1854         (JSC::UnlinkedInstructionStream::Reader::next):
1855         (JSC::append8):
1856         (JSC::append32):
1857         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
1858         (JSC::UnlinkedInstructionStream::unpackForDebugging):
1859         * bytecompiler/BytecodeGenerator.cpp:
1860         * bytecode/CodeBlock.cpp:
1861         (JSC::CodeBlock::CodeBlock):
1862         * bytecode/UnlinkedCodeBlock.cpp:
1863         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1864         (JSC::dumpLineColumnEntry):
1865         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1866         (JSC::UnlinkedCodeBlock::setInstructions):
1867         (JSC::UnlinkedCodeBlock::instructions):
1868         * bytecode/UnlinkedCodeBlock.h:
1869         (JSC::BytecodeGenerator::generate):
1870
1871 2014-01-26  Joseph Pecoraro  <pecoraro@apple.com>
1872
1873         Web Inspector: Move InspectorDebuggerAgent into JavaScriptCore
1874         https://bugs.webkit.org/show_bug.cgi?id=127629
1875
1876         Rubber-stamped by Sam Weinig.
1877
1878         * CMakeLists.txt:
1879         * GNUmakefile.list.am:
1880         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1881         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1882         * JavaScriptCore.xcodeproj/project.pbxproj:
1883         - Add new files to the build.
1884         - Also, since non REMOTE_INSPECTOR ports cannot yet connect to a
1885           JSGlobalObject for inspection remove those files as they don't
1886           need to be built.
1887
1888         * inspector/EventLoop.cpp: Added.
1889         (Inspector::EventLoop::cycle):
1890         * inspector/EventLoop.h: Added.
1891         (Inspector::EventLoop::EventLoop):
1892         (Inspector::EventLoop::ended):
1893         Add a JavaScriptCore version of EventLoop. This is currently only
1894         used by the Mac port for JSGlobalObject remote inspection. Keep
1895         the WebCore/platform version alive because for the Mac port it does
1896         slightly different things involving AppKit.
1897
1898         * inspector/JSGlobalObjectInspectorController.cpp:
1899         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1900         Create DebuggerAgent and hook up ScriptDebugServer where needed.
1901
1902         * inspector/JSGlobalObjectScriptDebugServer.cpp: Added.
1903         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
1904         (Inspector::JSGlobalObjectScriptDebugServer::addListener):
1905         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
1906         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
1907         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1908         * inspector/JSGlobalObjectScriptDebugServer.h: Added.
1909         Simple implementation of ScriptDebugServer with a JSGlobalObject.
1910
1911         * inspector/agents/InspectorDebuggerAgent.cpp: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.cpp.
1912         * inspector/agents/InspectorDebuggerAgent.h: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.h.
1913         Copied from WebCore. A few methods need to be made virtual so that Web implementations
1914         can override and extend the funcitonality. E.g. sourceMapURLForScript and enable/disable.
1915         
1916         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp: Added.
1917         * inspector/agents/JSGlobalObjectDebuggerAgent.h: Added.
1918         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
1919         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer):
1920         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer):
1921         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
1922         Simple implementation of DebuggerAGent with a JSGlobalObject.
1923
1924 2014-01-25  Mark Lam  <mark.lam@apple.com>
1925
1926         Gardening: fix build breakage from previous commit.
1927
1928         Not reviewed.
1929
1930         * profiler/ProfileNode.cpp:
1931         (JSC::ProfileNode::debugPrintData):
1932         - Removed obsolete references to "visible" timers.
1933
1934 2014-01-25  Timothy Hatcher  <timothy@apple.com>
1935
1936         Remove dead code from the JSC profiler.
1937
1938         https://bugs.webkit.org/show_bug.cgi?id=127643
1939
1940         Reviewed by Mark Lam.
1941
1942         * profiler/Profile.cpp:
1943         * profiler/Profile.h:
1944         * profiler/ProfileGenerator.cpp:
1945         (JSC::ProfileGenerator::stopProfiling):
1946         * profiler/ProfileNode.cpp:
1947         (JSC::ProfileNode::ProfileNode):
1948         (JSC::ProfileNode::stopProfiling):
1949         (JSC::ProfileNode::endAndRecordCall):
1950         (JSC::ProfileNode::debugPrintData):
1951         (JSC::ProfileNode::debugPrintDataSampleStyle):
1952         * profiler/ProfileNode.h:
1953         (JSC::ProfileNode::totalTime):
1954         (JSC::ProfileNode::setTotalTime):
1955         (JSC::ProfileNode::selfTime):
1956         (JSC::ProfileNode::setSelfTime):
1957         (JSC::ProfileNode::totalPercent):
1958         (JSC::ProfileNode::selfPercent):
1959         Remove support for things like focus and exclude. The Inspector does those in JS now.
1960
1961 2014-01-25  Sam Weinig  <sam@webkit.org>
1962
1963         Remove unused support for DRAGGABLE_REGION
1964         https://bugs.webkit.org/show_bug.cgi?id=127642
1965
1966         Reviewed by Simon Fraser.
1967
1968         * Configurations/FeatureDefines.xcconfig:
1969
1970 2014-01-25  Darin Adler  <darin@apple.com>
1971
1972         Try to fix Mac build.
1973
1974         * runtime/DatePrototype.cpp: Put the include of <unicode/udat.h> inside
1975         a conditional since we don't have that header in our Mac build configuration.
1976
1977 2014-01-25  Darin Adler  <darin@apple.com>
1978
1979         Call deprecatedCharacters instead of characters at more call sites
1980         https://bugs.webkit.org/show_bug.cgi?id=127631
1981
1982         Reviewed by Sam Weinig.
1983
1984         * API/JSValueRef.cpp:
1985         (JSValueMakeFromJSONString):
1986         * API/OpaqueJSString.cpp:
1987         (OpaqueJSString::~OpaqueJSString):
1988         * bindings/ScriptValue.cpp:
1989         (Deprecated::jsToInspectorValue):
1990         * inspector/ContentSearchUtilities.cpp:
1991         (Inspector::ContentSearchUtilities::createSearchRegexSource):
1992         * inspector/InspectorValues.cpp:
1993         * runtime/Identifier.h:
1994         (JSC::Identifier::deprecatedCharacters):
1995         * runtime/JSStringBuilder.h:
1996         (JSC::JSStringBuilder::append):
1997         Use the new name.
1998
1999 2014-01-25  Darin Adler  <darin@apple.com>
2000
2001         Get rid of ICU_UNICODE and WCHAR_UNICODE remnants
2002         https://bugs.webkit.org/show_bug.cgi?id=127623
2003
2004         Reviewed by Anders Carlsson.
2005
2006         * runtime/DatePrototype.cpp: Removed USE(ICU_UNICODE) checks, since that's always true now.
2007
2008 2014-01-25  Darin Adler  <darin@apple.com>
2009
2010         [Mac] Rewrite locale-specific date formatting code to remove strange string creation
2011         https://bugs.webkit.org/show_bug.cgi?id=127624
2012
2013         Reviewed by Anders Carlsson.
2014
2015         * runtime/DatePrototype.cpp:
2016         (JSC::formatLocaleDate): Use some smart pointers and conversion operators we already
2017         have to do the formatting in a more straightforward way.
2018
2019 2014-01-25  Anders Carlsson  <andersca@apple.com>
2020
2021         Remove atomicIncrement/atomicDecrement
2022         https://bugs.webkit.org/show_bug.cgi?id=127625
2023
2024         Reviewed by Andreas Kling.
2025
2026         Replace atomicIncrement/atomicDecrement with std::atomic.
2027
2028         * bytecode/Watchpoint.h:
2029         * ftl/FTLLowerDFGToLLVM.cpp:
2030         (JSC::FTL::LowerDFGToLLVM::lower):
2031         * profiler/ProfilerDatabase.cpp:
2032         (JSC::Profiler::Database::Database):
2033         (JSC::Profiler::Database::addDatabaseToAtExit):
2034
2035 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2036
2037         Web Inspector: Move InspectorRuntimeAgent into JavaScriptCore
2038         https://bugs.webkit.org/show_bug.cgi?id=127605
2039
2040         Reviewed by Timothy Hatcher.
2041
2042         * CMakeLists.txt:
2043         * GNUmakefile.list.am:
2044         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2045         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2046         * JavaScriptCore.xcodeproj/project.pbxproj:
2047         Add new files to the build.
2048
2049         * inspector/agents/InspectorRuntimeAgent.h: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.h.
2050         * inspector/agents/InspectorRuntimeAgent.cpp: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.cpp.
2051         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
2052         (Inspector::InspectorRuntimeAgent::parse):
2053         (Inspector::InspectorRuntimeAgent::evaluate):
2054         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2055         (Inspector::InspectorRuntimeAgent::getProperties):
2056         - Move the agent into JavaScriptCore.
2057         - Modernize and cleanup.
2058         - Make globalVM a pure virtual function for subclasses to implement.
2059
2060         * inspector/agents/JSGlobalObjectRuntimeAgent.h: Added.
2061         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp: Added.
2062         (Inspector::JSGlobalObjectRuntimeAgent::JSGlobalObjectRuntimeAgent):
2063         (Inspector::JSGlobalObjectRuntimeAgent::didCreateFrontendAndBackend):
2064         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
2065         (Inspector::JSGlobalObjectRuntimeAgent::globalVM):
2066         (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
2067         Straightforward JSGlobalObject implementation.
2068
2069         * inspector/JSGlobalObjectInspectorController.cpp:
2070         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2071         Add a runtime agent when inspecting a JSContext!
2072
2073 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2074
2075         Move JavaScriptCallFrame and ScriptDebugServer into JavaScriptCore for inspector
2076         https://bugs.webkit.org/show_bug.cgi?id=127543
2077
2078         Reviewed by Geoffrey Garen.
2079
2080         * CMakeLists.txt:
2081         * GNUmakefile.list.am:
2082         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2083         * JavaScriptCore.xcodeproj/project.pbxproj:
2084         Add new files.
2085
2086         * inspector/ScriptDebugListener.h:
2087         Extract WebCore knowledge from ScriptDebugServer. This will
2088         eventually be made to work outside of WebCore.
2089
2090         * inspector/ScriptDebugServer.h: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.h.
2091         * inspector/ScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.cpp.
2092         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
2093         (Inspector::ScriptDebugServer::dispatchDidPause):
2094         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
2095         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
2096         (Inspector::ScriptDebugServer::sourceParsed):
2097         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
2098         (Inspector::ScriptDebugServer::handlePause):
2099         Modernize code, and call the new ScriptDebugListener callbacks where appropriate.
2100
2101         * inspector/JSJavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp.
2102         (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
2103         (Inspector::JSJavaScriptCallFrame::finishCreation):
2104         (Inspector::JSJavaScriptCallFrame::createPrototype):
2105         (Inspector::JSJavaScriptCallFrame::destroy):
2106         (Inspector::JSJavaScriptCallFrame::releaseImpl):
2107         (Inspector::JSJavaScriptCallFrame::~JSJavaScriptCallFrame):
2108         (Inspector::JSJavaScriptCallFrame::evaluate):
2109         (Inspector::JSJavaScriptCallFrame::scopeType):
2110         (Inspector::JSJavaScriptCallFrame::caller):
2111         (Inspector::JSJavaScriptCallFrame::sourceID):
2112         (Inspector::JSJavaScriptCallFrame::line):
2113         (Inspector::JSJavaScriptCallFrame::column):
2114         (Inspector::JSJavaScriptCallFrame::functionName):
2115         (Inspector::JSJavaScriptCallFrame::scopeChain):
2116         (Inspector::JSJavaScriptCallFrame::thisObject):
2117         (Inspector::JSJavaScriptCallFrame::type):
2118         (Inspector::toJS):
2119         (Inspector::toJSJavaScriptCallFrame):
2120         * inspector/JSJavaScriptCallFrame.h: Added.
2121         (Inspector::JSJavaScriptCallFrame::createStructure):
2122         (Inspector::JSJavaScriptCallFrame::create):
2123         (Inspector::JSJavaScriptCallFrame::impl):
2124         * inspector/JSJavaScriptCallFramePrototype.cpp: Added.
2125         (Inspector::JSJavaScriptCallFramePrototype::finishCreation):
2126         (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
2127         (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeType):
2128         (Inspector::jsJavaScriptCallFrameAttributeCaller):
2129         (Inspector::jsJavaScriptCallFrameAttributeSourceID):
2130         (Inspector::jsJavaScriptCallFrameAttributeLine):
2131         (Inspector::jsJavaScriptCallFrameAttributeColumn):
2132         (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
2133         (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
2134         (Inspector::jsJavaScriptCallFrameAttributeThisObject):
2135         (Inspector::jsJavaScriptCallFrameAttributeType):
2136         (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE):
2137         (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE):
2138         (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE):
2139         (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE):
2140         (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE):
2141         * inspector/JSJavaScriptCallFramePrototype.h: Added.
2142         (Inspector::JSJavaScriptCallFramePrototype::create):
2143         (Inspector::JSJavaScriptCallFramePrototype::createStructure):
2144         (Inspector::JSJavaScriptCallFramePrototype::JSJavaScriptCallFramePrototype):
2145         * inspector/JavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.cpp.
2146         (Inspector::JavaScriptCallFrame::caller):
2147         * inspector/JavaScriptCallFrame.h: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.h.
2148         Port of JavaScriptCallFrame.idl to a set of native JS classes.
2149
2150 2014-01-24  Mark Lam  <mark.lam@apple.com>
2151
2152         DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
2153         <https://webkit.org/b/127600>
2154
2155         Reviewed by Oliver Hunt.
2156
2157         In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
2158         is passed in is bad, it will fail to create an Executable i.e.
2159         EvalExecutable::create() returns a null pointer. However,
2160         DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
2161         exception and proceeded to execute the null pointer as an Executable.
2162         A crash ensues.
2163
2164         Now, if an exception is detected while creating the Executable, we
2165         abort instead.
2166
2167         * debugger/DebuggerCallFrame.cpp:
2168         (JSC::DebuggerCallFrame::evaluateWithCallFrame):
2169
2170 2014-01-24  Oliver Hunt  <oliver@apple.com>
2171
2172         Put functions need to take a base object and a this value, and perform type checks on |this|
2173         https://bugs.webkit.org/show_bug.cgi?id=127594
2174
2175         Reviewed by Geoffrey Garen.
2176
2177         Change the signature for static setter functions, and update uses
2178
2179         * create_hash_table:
2180         * runtime/Lookup.h:
2181         (JSC::putEntry):
2182         * runtime/PutPropertySlot.h:
2183         * runtime/RegExpConstructor.cpp:
2184         (JSC::setRegExpConstructorInput):
2185         (JSC::setRegExpConstructorMultiline):
2186
2187 2014-01-24  Oliver Hunt  <oliver@apple.com>
2188
2189         Generic JSObject::put should handle static properties in the classinfo hierarchy
2190         https://bugs.webkit.org/show_bug.cgi?id=127523
2191
2192         Reviewed by Geoffrey Garen.
2193
2194         This patch makes JSObject::put correctly call static setters
2195         defined by the ClassInfo.
2196
2197         To make this not clobber performance, the ClassInfo HashTable
2198         now includes a flag to indicate that it contains setters. This
2199         required updating the lut generator so that it tracked (and emitted)
2200         this.
2201
2202         The rest of the change was making a number of the methods take
2203         a VM rather than an ExecState*, so that Structure could set the
2204         getter/setter flags during construction (if necessary).
2205
2206         This also means most objects do not need to perform a lookupPut
2207         manually anymore, so most custom ::put's are no longer needed.
2208         DOMWindow is the only exception as it has interesting security
2209         related semantics.
2210
2211         * create_hash_table:
2212         * interpreter/CallFrame.h:
2213         (JSC::ExecState::arrayConstructorTable):
2214         (JSC::ExecState::arrayPrototypeTable):
2215         (JSC::ExecState::booleanPrototypeTable):
2216         (JSC::ExecState::dataViewTable):
2217         (JSC::ExecState::dateTable):
2218         (JSC::ExecState::dateConstructorTable):
2219         (JSC::ExecState::errorPrototypeTable):
2220         (JSC::ExecState::globalObjectTable):
2221         (JSC::ExecState::jsonTable):
2222         (JSC::ExecState::numberConstructorTable):
2223         (JSC::ExecState::numberPrototypeTable):
2224         (JSC::ExecState::objectConstructorTable):
2225         (JSC::ExecState::privateNamePrototypeTable):
2226         (JSC::ExecState::regExpTable):
2227         (JSC::ExecState::regExpConstructorTable):
2228         (JSC::ExecState::regExpPrototypeTable):
2229         (JSC::ExecState::stringConstructorTable):
2230         (JSC::ExecState::promisePrototypeTable):
2231         (JSC::ExecState::promiseConstructorTable):
2232         * runtime/ArrayConstructor.cpp:
2233         (JSC::ArrayConstructor::getOwnPropertySlot):
2234         * runtime/ArrayPrototype.cpp:
2235         (JSC::ArrayPrototype::getOwnPropertySlot):
2236         * runtime/BooleanPrototype.cpp:
2237         (JSC::BooleanPrototype::getOwnPropertySlot):
2238         * runtime/ClassInfo.h:
2239         (JSC::ClassInfo::propHashTable):
2240         * runtime/DateConstructor.cpp:
2241         (JSC::DateConstructor::getOwnPropertySlot):
2242         * runtime/DatePrototype.cpp:
2243         (JSC::DatePrototype::getOwnPropertySlot):
2244         * runtime/ErrorPrototype.cpp:
2245         (JSC::ErrorPrototype::getOwnPropertySlot):
2246         * runtime/JSDataViewPrototype.cpp:
2247         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2248         * runtime/JSGlobalObject.cpp:
2249         (JSC::JSGlobalObject::getOwnPropertySlot):
2250         * runtime/JSONObject.cpp:
2251         (JSC::JSONObject::getOwnPropertySlot):
2252         * runtime/JSObject.cpp:
2253         (JSC::JSObject::put):
2254         (JSC::JSObject::deleteProperty):
2255         * runtime/JSPromiseConstructor.cpp:
2256         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2257         * runtime/JSPromisePrototype.cpp:
2258         (JSC::JSPromisePrototype::getOwnPropertySlot):
2259         * runtime/Lookup.h:
2260         (JSC::HashTable::copy):
2261         (JSC::putEntry):
2262         (JSC::lookupPut):
2263         * runtime/NamePrototype.cpp:
2264         (JSC::NamePrototype::getOwnPropertySlot):
2265         * runtime/NumberConstructor.cpp:
2266         (JSC::NumberConstructor::getOwnPropertySlot):
2267         * runtime/NumberConstructor.h:
2268         * runtime/NumberPrototype.cpp:
2269         (JSC::NumberPrototype::getOwnPropertySlot):
2270         * runtime/ObjectConstructor.cpp:
2271         (JSC::ObjectConstructor::getOwnPropertySlot):
2272         * runtime/RegExpConstructor.cpp:
2273         (JSC::RegExpConstructor::getOwnPropertySlot):
2274         * runtime/RegExpConstructor.h:
2275         * runtime/RegExpObject.cpp:
2276         (JSC::RegExpObject::getOwnPropertySlot):
2277         (JSC::RegExpObject::put):
2278         * runtime/RegExpPrototype.cpp:
2279         (JSC::RegExpPrototype::getOwnPropertySlot):
2280         * runtime/StringConstructor.cpp:
2281         (JSC::StringConstructor::getOwnPropertySlot):
2282         * runtime/Structure.cpp:
2283         (JSC::Structure::Structure):
2284         (JSC::Structure::freezeTransition):
2285         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2286
2287 2014-01-24  Commit Queue  <commit-queue@webkit.org>
2288
2289         Unreviewed, rolling out r162713.
2290         http://trac.webkit.org/changeset/162713
2291         https://bugs.webkit.org/show_bug.cgi?id=127593
2292
2293         broke media/network-no-source-const-shadow (Requested by
2294         thorton on #webkit).
2295
2296         * create_hash_table:
2297         * interpreter/CallFrame.h:
2298         (JSC::ExecState::arrayConstructorTable):
2299         (JSC::ExecState::arrayPrototypeTable):
2300         (JSC::ExecState::booleanPrototypeTable):
2301         (JSC::ExecState::dataViewTable):
2302         (JSC::ExecState::dateTable):
2303         (JSC::ExecState::dateConstructorTable):
2304         (JSC::ExecState::errorPrototypeTable):
2305         (JSC::ExecState::globalObjectTable):
2306         (JSC::ExecState::jsonTable):
2307         (JSC::ExecState::numberConstructorTable):
2308         (JSC::ExecState::numberPrototypeTable):
2309         (JSC::ExecState::objectConstructorTable):
2310         (JSC::ExecState::privateNamePrototypeTable):
2311         (JSC::ExecState::regExpTable):
2312         (JSC::ExecState::regExpConstructorTable):
2313         (JSC::ExecState::regExpPrototypeTable):
2314         (JSC::ExecState::stringConstructorTable):
2315         (JSC::ExecState::promisePrototypeTable):
2316         (JSC::ExecState::promiseConstructorTable):
2317         * runtime/ArrayConstructor.cpp:
2318         (JSC::ArrayConstructor::getOwnPropertySlot):
2319         * runtime/ArrayPrototype.cpp:
2320         (JSC::ArrayPrototype::getOwnPropertySlot):
2321         * runtime/BooleanPrototype.cpp:
2322         (JSC::BooleanPrototype::getOwnPropertySlot):
2323         * runtime/ClassInfo.h:
2324         (JSC::ClassInfo::propHashTable):
2325         * runtime/DateConstructor.cpp:
2326         (JSC::DateConstructor::getOwnPropertySlot):
2327         * runtime/DatePrototype.cpp:
2328         (JSC::DatePrototype::getOwnPropertySlot):
2329         * runtime/ErrorPrototype.cpp:
2330         (JSC::ErrorPrototype::getOwnPropertySlot):
2331         * runtime/JSDataViewPrototype.cpp:
2332         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2333         * runtime/JSGlobalObject.cpp:
2334         (JSC::JSGlobalObject::getOwnPropertySlot):
2335         * runtime/JSONObject.cpp:
2336         (JSC::JSONObject::getOwnPropertySlot):
2337         * runtime/JSObject.cpp:
2338         (JSC::JSObject::put):
2339         (JSC::JSObject::deleteProperty):
2340         * runtime/JSPromiseConstructor.cpp:
2341         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2342         * runtime/JSPromisePrototype.cpp:
2343         (JSC::JSPromisePrototype::getOwnPropertySlot):
2344         * runtime/Lookup.h:
2345         (JSC::HashTable::copy):
2346         (JSC::putEntry):
2347         (JSC::lookupPut):
2348         * runtime/NamePrototype.cpp:
2349         (JSC::NamePrototype::getOwnPropertySlot):
2350         * runtime/NumberConstructor.cpp:
2351         (JSC::NumberConstructor::getOwnPropertySlot):
2352         (JSC::NumberConstructor::put):
2353         * runtime/NumberConstructor.h:
2354         * runtime/NumberPrototype.cpp:
2355         (JSC::NumberPrototype::getOwnPropertySlot):
2356         * runtime/ObjectConstructor.cpp:
2357         (JSC::ObjectConstructor::getOwnPropertySlot):
2358         * runtime/RegExpConstructor.cpp:
2359         (JSC::RegExpConstructor::getOwnPropertySlot):
2360         (JSC::RegExpConstructor::put):
2361         * runtime/RegExpConstructor.h:
2362         * runtime/RegExpObject.cpp:
2363         (JSC::RegExpObject::getOwnPropertySlot):
2364         (JSC::RegExpObject::put):
2365         * runtime/RegExpPrototype.cpp:
2366         (JSC::RegExpPrototype::getOwnPropertySlot):
2367         * runtime/StringConstructor.cpp:
2368         (JSC::StringConstructor::getOwnPropertySlot):
2369         * runtime/Structure.cpp:
2370         (JSC::Structure::Structure):
2371         (JSC::Structure::freezeTransition):
2372
2373 2014-01-24  Mark Lam  <mark.lam@apple.com>
2374
2375         ASSERT(!m_markedSpace.m_currentDelayedReleaseScope) reloading page in inspector.
2376         <https://webkit.org/b/127582>
2377
2378         Reviewed by Mark Hahnenberg.
2379
2380         1. We should not enter a HeapIterationScope when we iterate the CodeBlocks.
2381            Apparently, iterating the CodeBlocks does not count as heap iteration.
2382
2383         2. If we're detaching the debugger due to the JSGlobalObject destructing,
2384            then we don't need to clear the debugger requests in the associated
2385            CodeBlocks. The JSGlobalObject destructing would mean that those
2386            CodeBlocks would be destructing too, and it may not be safe to access
2387            them anyway at this point.
2388
2389         The assertion failure is because we had entered a HeapIterationScope
2390         while the JSGlobalObject is destructing, which in turn means that GC
2391         sweeping is in progress. It's not legal to iterate the heap while the GC
2392         is sweeping. Once we fixed the above 2 issues, we will no longer have
2393         the conditions that manifests this assertion failure.
2394
2395         * debugger/Debugger.cpp:
2396         (JSC::Debugger::detach):
2397         (JSC::Debugger::setSteppingMode):
2398         (JSC::Debugger::toggleBreakpoint):
2399         (JSC::Debugger::clearBreakpoints):
2400         (JSC::Debugger::clearDebuggerRequests):
2401         * debugger/Debugger.h:
2402         * runtime/JSGlobalObject.cpp:
2403         (JSC::JSGlobalObject::~JSGlobalObject):
2404
2405 2014-01-24  Brent Fulgham  <bfulgham@apple.com>
2406
2407         [Win] Convert some NMake files to MSBuild project files
2408         https://bugs.webkit.org/show_bug.cgi?id=127579
2409
2410         Reviewed by Tim Horton.
2411
2412         * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
2413         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.
2414
2415 2014-01-24  Mark Lam  <mark.lam@apple.com>
2416
2417         Fixed a bad assertion in CodeBlock::removeBreakpoint().
2418         <https://webkit.org/b/127581>
2419
2420         Reviewed by Joseph Pecoraro.
2421
2422         * bytecode/CodeBlock.h:
2423         (JSC::CodeBlock::removeBreakpoint):
2424
2425 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2426
2427         fast/profiler tests ASSERTing after moving recompileAllJSFunctions off a timer
2428         https://bugs.webkit.org/show_bug.cgi?id=127566
2429
2430         Reviewed by Oliver Hunt.
2431
2432         Make the VM handle recompilation as soon as possible after it is requested.
2433
2434         * debugger/Debugger.cpp:
2435         (JSC::Debugger::recompileAllJSFunctions):
2436         When in a JavaScript stack, mark for recompilation when possible.
2437
2438         * runtime/VMEntryScope.h:
2439         (JSC::VMEntryScope::setRecompilationNeeded):
2440         * runtime/VMEntryScope.cpp:
2441         (JSC::VMEntryScope::VMEntryScope):
2442         (JSC::VMEntryScope::~VMEntryScope):
2443         Handle recompilation when the top VMEntryScope is popped.
2444         Pass the needs recompilation flag up the stack if needed.
2445
2446 2014-01-24  Oliver Hunt  <oliver@apple.com>
2447
2448         Generic JSObject::put should handle static properties in the classinfo hierarchy
2449         https://bugs.webkit.org/show_bug.cgi?id=127523
2450
2451         Reviewed by Geoffrey Garen.
2452
2453         This patch makes JSObject::put correctly call static setters
2454         defined by the ClassInfo.
2455
2456         To make this not clobber performance, the ClassInfo HashTable
2457         now includes a flag to indicate that it contains setters. This
2458         required updating the lut generator so that it tracked (and emitted)
2459         this.
2460
2461         The rest of the change was making a number of the methods take
2462         a VM rather than an ExecState*, so that Structure could set the
2463         getter/setter flags during construction (if necessary).
2464
2465         This also means most objects do not need to perform a lookupPut
2466         manually anymore, so most custom ::put's are no longer needed.
2467         DOMWindow is the only exception as it has interesting security
2468         related semantics.
2469
2470         * create_hash_table:
2471         * interpreter/CallFrame.h:
2472         (JSC::ExecState::arrayConstructorTable):
2473         (JSC::ExecState::arrayPrototypeTable):
2474         (JSC::ExecState::booleanPrototypeTable):
2475         (JSC::ExecState::dataViewTable):
2476         (JSC::ExecState::dateTable):
2477         (JSC::ExecState::dateConstructorTable):
2478         (JSC::ExecState::errorPrototypeTable):
2479         (JSC::ExecState::globalObjectTable):
2480         (JSC::ExecState::jsonTable):
2481         (JSC::ExecState::numberConstructorTable):
2482         (JSC::ExecState::numberPrototypeTable):
2483         (JSC::ExecState::objectConstructorTable):
2484         (JSC::ExecState::privateNamePrototypeTable):
2485         (JSC::ExecState::regExpTable):
2486         (JSC::ExecState::regExpConstructorTable):
2487         (JSC::ExecState::regExpPrototypeTable):
2488         (JSC::ExecState::stringConstructorTable):
2489         (JSC::ExecState::promisePrototypeTable):
2490         (JSC::ExecState::promiseConstructorTable):
2491         * runtime/ArrayConstructor.cpp:
2492         (JSC::ArrayConstructor::getOwnPropertySlot):
2493         * runtime/ArrayPrototype.cpp:
2494         (JSC::ArrayPrototype::getOwnPropertySlot):
2495         * runtime/BooleanPrototype.cpp:
2496         (JSC::BooleanPrototype::getOwnPropertySlot):
2497         * runtime/ClassInfo.h:
2498         (JSC::ClassInfo::propHashTable):
2499         * runtime/DateConstructor.cpp:
2500         (JSC::DateConstructor::getOwnPropertySlot):
2501         * runtime/DatePrototype.cpp:
2502         (JSC::DatePrototype::getOwnPropertySlot):
2503         * runtime/ErrorPrototype.cpp:
2504         (JSC::ErrorPrototype::getOwnPropertySlot):
2505         * runtime/JSDataViewPrototype.cpp:
2506         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2507         * runtime/JSGlobalObject.cpp:
2508         (JSC::JSGlobalObject::getOwnPropertySlot):
2509         * runtime/JSONObject.cpp:
2510         (JSC::JSONObject::getOwnPropertySlot):
2511         * runtime/JSObject.cpp:
2512         (JSC::JSObject::put):
2513         (JSC::JSObject::deleteProperty):
2514         * runtime/JSPromiseConstructor.cpp:
2515         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2516         * runtime/JSPromisePrototype.cpp:
2517         (JSC::JSPromisePrototype::getOwnPropertySlot):
2518         * runtime/Lookup.h:
2519         (JSC::HashTable::copy):
2520         (JSC::putEntry):
2521         (JSC::lookupPut):
2522         * runtime/NamePrototype.cpp:
2523         (JSC::NamePrototype::getOwnPropertySlot):
2524         * runtime/NumberConstructor.cpp:
2525         (JSC::NumberConstructor::getOwnPropertySlot):
2526         * runtime/NumberConstructor.h:
2527         * runtime/NumberPrototype.cpp:
2528         (JSC::NumberPrototype::getOwnPropertySlot):
2529         * runtime/ObjectConstructor.cpp:
2530         (JSC::ObjectConstructor::getOwnPropertySlot):
2531         * runtime/RegExpConstructor.cpp:
2532         (JSC::RegExpConstructor::getOwnPropertySlot):
2533         * runtime/RegExpConstructor.h:
2534         * runtime/RegExpObject.cpp:
2535         (JSC::RegExpObject::getOwnPropertySlot):
2536         (JSC::RegExpObject::put):
2537         * runtime/RegExpPrototype.cpp:
2538         (JSC::RegExpPrototype::getOwnPropertySlot):
2539         * runtime/StringConstructor.cpp:
2540         (JSC::StringConstructor::getOwnPropertySlot):
2541         * runtime/Structure.cpp:
2542         (JSC::Structure::Structure):
2543         (JSC::Structure::freezeTransition):
2544         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2545
2546 2014-01-24  Mark Lam  <mark.lam@apple.com>
2547
2548         Skip op_profiler callbacks if !VM::m_enabledProfiler.
2549         https://bugs.webkit.org/show_bug.cgi?id=127567.
2550
2551         Reviewed by Geoffrey Garen.
2552
2553         The profiler may not be always active (recording). When it's not active
2554         (as in VM::m_enabledProfiler is null), then we might as well skip the
2555         op_profiler callbacks. The callbacks themselves were already previously
2556         gated by a VM::enabledProfiler() check. So, this change does not change
2557         any profiler behavior.
2558
2559         For the DFG, we'll turn the op_profiler handling into speculation checks
2560         and OSR exit to the baseline JIT if the profiler becomes active.
2561
2562         This brings the Octane score up to ~3000 from ~2840.
2563
2564         * dfg/DFGAbstractInterpreterInlines.h:
2565         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2566         * dfg/DFGByteCodeParser.cpp:
2567         (JSC::DFG::ByteCodeParser::parseBlock):
2568         * dfg/DFGClobberize.h:
2569         (JSC::DFG::clobberize):
2570         * dfg/DFGNodeType.h:
2571         * dfg/DFGSpeculativeJIT32_64.cpp:
2572         (JSC::DFG::SpeculativeJIT::compile):
2573         * dfg/DFGSpeculativeJIT64.cpp:
2574         (JSC::DFG::SpeculativeJIT::compile):
2575         * jit/JITOpcodes.cpp:
2576         (JSC::JIT::emit_op_profile_will_call):
2577         (JSC::JIT::emit_op_profile_did_call):
2578         * jit/JITOpcodes32_64.cpp:
2579         (JSC::JIT::emit_op_profile_will_call):
2580         (JSC::JIT::emit_op_profile_did_call):
2581         * llint/LowLevelInterpreter.asm:
2582         * runtime/VM.h:
2583         (JSC::VM::enabledProfilerAddress):
2584
2585 2014-01-24  Mark Lam  <mark.lam@apple.com>
2586
2587         Removing the need for Debugger* and m_shouldPause op_debug check.
2588         <https://webkit.org/b/127532>
2589
2590         Reviewed by Geoffrey Garen.
2591
2592         This patch replaces the checking of the Debugger::m_shouldPause flag
2593         with a procedure to set a SteppingMode flag on all CodeBlocks under
2594         the management of the debugger. This simplifies the op_debug checking
2595         logic in all the execution engines.
2596
2597         * bytecode/CodeBlock.cpp:
2598         * bytecode/CodeBlock.h:
2599         (JSC::CodeBlock::hasDebuggerRequests):
2600         (JSC::CodeBlock::debuggerRequestsAddress):
2601         (JSC::CodeBlock::setSteppingMode):
2602         (JSC::CodeBlock::clearDebuggerRequests):
2603         - CodeBlock::m_debuggerRequests is a union of m_numBreakpoints and the
2604           new m_steppingMode. The debugger can add/remove breakpoints to the
2605           CodeBlock as well as set the stepping mode. By having
2606           m_debuggerRequests as a union of the 2 bit fields, the op_debug code
2607           can now check if any of the 2 requests made on the CodeBlock is still
2608           in effect just by testing a single int.
2609
2610         * debugger/Debugger.cpp:
2611         (JSC::Debugger::Debugger):
2612         (JSC::Debugger::detach):
2613         - This was bug from before where I forgot to clear the CodeBlock
2614           breakpoints before detaching. We now take care of it by clearing all
2615           debugger requests made to the CodeBlock.
2616
2617         (JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
2618         (JSC::Debugger::SetSteppingModeFunctor::operator()):
2619         (JSC::Debugger::setSteppingMode):
2620         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
2621         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
2622         (JSC::Debugger::clearBreakpoints):
2623
2624         (JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
2625         (JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
2626         (JSC::Debugger::clearDebuggerRequests):
2627         - We need a distinct clearDebuggerRequests() from clearBreakpoints()
2628           because:
2629           1. When we detach a globalObject, we only want to clear the debugger
2630              requests in CodeBlocks from that global.
2631           2. Clearing the debugger requests in the CodeBlocks is not the same
2632              as clearing the breakpoints. The breakpoints are still in effect
2633              for the next time a globalObject is attached, or for other
2634              globalObjects that are still attached.
2635
2636         (JSC::Debugger::setPauseOnNextStatement):
2637         (JSC::Debugger::breakProgram):
2638         (JSC::Debugger::stepIntoStatement):
2639         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
2640         (JSC::Debugger::pauseIfNeeded):
2641         (JSC::Debugger::exception):
2642         (JSC::Debugger::willExecuteProgram):
2643         (JSC::Debugger::didReachBreakpoint):
2644         * debugger/Debugger.h:
2645         - We're always going to support the debugger. So, there's no longer
2646           a need to check ENABLE(JAVASCRIPT_DEBUGGER). Removed the unneeded code.
2647
2648         * dfg/DFGSpeculativeJIT32_64.cpp:
2649         (JSC::DFG::SpeculativeJIT::compile):
2650         * dfg/DFGSpeculativeJIT64.cpp:
2651         (JSC::DFG::SpeculativeJIT::compile):
2652         * interpreter/Interpreter.cpp:
2653         (JSC::Interpreter::debug):
2654         * jit/JITOpcodes.cpp:
2655         (JSC::JIT::emit_op_debug):
2656         * jit/JITOpcodes32_64.cpp:
2657         (JSC::JIT::emit_op_debug):
2658         * llint/LowLevelInterpreter.asm:
2659         * runtime/JSGlobalObject.h:
2660         (JSC::JSGlobalObject::setDebugger):
2661
2662 2014-01-24  Michael Saboff  <msaboff@apple.com>
2663
2664         ARM Offline assembler temporary register allocator has duplicate register when building fat binaries
2665         https://bugs.webkit.org/show_bug.cgi?id=127545
2666
2667         Reviewed by Mark Lam.
2668
2669         Eliminate the conditional addition of r11/r7 from getModifiedListARMCommon as the
2670         .concat will add the new register to ARM_EXTRA_GPRS.  If getModifiedListARMCommon is
2671         invoked a second time, there will be a second r11 or r7, which messes things up.
2672         Instead, r6 was added to ARM_EXTRA_GPRS.  r6 is currently an unused register.
2673
2674         * offlineasm/arm.rb:
2675
2676 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2677
2678         Move ContentSearchUtils, ScriptBreakpoint, and ScriptDebugListener into JavaScriptCore for inspector
2679         https://bugs.webkit.org/show_bug.cgi?id=127537
2680
2681         Reviewed by Timothy Hatcher.
2682
2683         * CMakeLists.txt:
2684         * GNUmakefile.list.am:
2685         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2686         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2687         * JavaScriptCore.xcodeproj/project.pbxproj:
2688         * inspector/ContentSearchUtilities.cpp: Renamed from Source/WebCore/inspector/ContentSearchUtils.cpp.
2689         (Inspector::ContentSearchUtilities::createSearchRegexSource):
2690         (Inspector::ContentSearchUtilities::sizetExtractor):
2691         (Inspector::ContentSearchUtilities::textPositionFromOffset):
2692         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
2693         (Inspector::ContentSearchUtilities::lineEndings):
2694         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2695         (Inspector::ContentSearchUtilities::createSearchRegex):
2696         (Inspector::ContentSearchUtilities::countRegularExpressionMatches):
2697         (Inspector::ContentSearchUtilities::searchInTextByLines):
2698         (Inspector::ContentSearchUtilities::scriptCommentPattern):
2699         (Inspector::ContentSearchUtilities::stylesheetCommentPattern):
2700         (Inspector::ContentSearchUtilities::findMagicComment):
2701         (Inspector::ContentSearchUtilities::findScriptSourceURL):
2702         (Inspector::ContentSearchUtilities::findScriptSourceMapURL):
2703         (Inspector::ContentSearchUtilities::findStylesheetSourceMapURL):
2704         * inspector/ContentSearchUtilities.h: Renamed from Source/WebCore/inspector/ContentSearchUtils.h.
2705         * inspector/ScriptBreakpoint.h: Renamed from Source/WebCore/inspector/ScriptBreakpoint.h.
2706         (Inspector::ScriptBreakpointAction::ScriptBreakpointAction):
2707         (Inspector::ScriptBreakpoint::ScriptBreakpoint):
2708         * inspector/ScriptDebugListener.h: Renamed from Source/WebCore/inspector/ScriptDebugListener.h.
2709         (Inspector::ScriptDebugListener::Script::Script):
2710         (Inspector::ScriptDebugListener::~ScriptDebugListener):
2711         * runtime/RegExp.cpp:
2712         (JSC::RegExp::match):
2713
2714 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2715
2716         Move RegularExpression into JavaScriptCore for inspector
2717         https://bugs.webkit.org/show_bug.cgi?id=127526
2718
2719         Reviewed by Geoffrey Garen.
2720
2721         Move RegularExpression into JavaScriptCore/yarr so it can
2722         be used later on by JavaScriptCore/inspector. Convert to
2723         the JSC::Yarr namespace.
2724
2725         * CMakeLists.txt:
2726         * GNUmakefile.list.am:
2727         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2728         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2729         * JavaScriptCore.xcodeproj/project.pbxproj:
2730         * yarr/RegularExpression.cpp: Renamed from Source/WebCore/platform/text/RegularExpression.cpp.
2731         (JSC::Yarr::RegularExpression::Private::create):
2732         (JSC::Yarr::RegularExpression::Private::Private):
2733         (JSC::Yarr::RegularExpression::Private::compile):
2734         (JSC::Yarr::RegularExpression::RegularExpression):
2735         (JSC::Yarr::RegularExpression::~RegularExpression):
2736         (JSC::Yarr::RegularExpression::operator=):
2737         (JSC::Yarr::RegularExpression::match):
2738         (JSC::Yarr::RegularExpression::searchRev):
2739         (JSC::Yarr::RegularExpression::matchedLength):
2740         (JSC::Yarr::replace):
2741         (JSC::Yarr::RegularExpression::isValid):
2742         * yarr/RegularExpression.h: Renamed from Source/WebCore/platform/text/RegularExpression.h.
2743
2744 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2745
2746         Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
2747         https://bugs.webkit.org/show_bug.cgi?id=127409
2748
2749         Reviewed by Geoffrey Garen.
2750
2751         * inspector/InspectorAgentBase.h:
2752         When disconnecting agents, provide a InspectorDisconnectReason for
2753         the disconnection. It could be that an inspector frontend is just
2754         disconnecting or that the inspected object is going away entirely
2755         and we can avoid doing some work.
2756
2757         * runtime/JSGlobalObjectDebuggable.h:
2758         * runtime/JSGlobalObjectDebuggable.cpp:
2759         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
2760         (JSC::JSGlobalObjectDebuggable::disconnect):
2761         (JSC::JSGlobalObjectDebuggable::disconnectInternal):
2762         Pass different reasons for the different disconnects.
2763
2764         * inspector/InspectorAgentRegistry.cpp:
2765         (Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend):
2766         * inspector/InspectorAgentRegistry.h:
2767         * inspector/JSGlobalObjectInspectorController.cpp:
2768         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
2769         * inspector/JSGlobalObjectInspectorController.h:
2770         * inspector/agents/InspectorAgent.cpp:
2771         (Inspector::InspectorAgent::willDestroyFrontendAndBackend):
2772         * inspector/agents/InspectorAgent.h:
2773         Pass InspectorDisconnectReason around where needed.
2774
2775 2014-01-23  Mark Lam  <mark.lam@apple.com>
2776
2777         Enable DFG for the Debugger and Profiler.
2778         <https://webkit.org/b/122847>
2779
2780         Reviewed by Geoffrey Garen.
2781
2782         In this patch, we implement DFG op_debug as a series of 3 checks:
2783         1. Check if the debugger pointer is non-null. This is needed in case
2784            the debugger has been detached but the DFG code is still running
2785            on the stack.
2786         2. Check if Debugger::m_shouldPause is true.
2787         3. Check if CodeBlock::m_numBreakpoints is non-zero.
2788
2789         These are the same 3 checks done in the LLINT and baselineJIT. But unlike
2790         the LLINT and baselineJIT, these DFG checks are implemented as
2791         speculationChecks. If the check fails, we OSR exit to the baselineJIT and
2792         let it do the work of servicing the op_debug callback.
2793
2794         Stepping through code in the debugger would work the same way. The top
2795         function being debugged has to be a LLINT or baselineJIT function because
2796         we would have OSR exited if there is a breakpoint in that function. When
2797         we step out of that function to its caller, we expect that the caller will
2798         call back to the debugger at the next op_debug. If the caller function is
2799         a DFG function, the op_debug site will fail its speculation check on
2800         Debugger::m_shouldPause and deopt into a baselineJIT function. Execution
2801         continues from there as usual, and the debugger gets its callback.
2802
2803         For the profile, op_profile_will_call and op_profile_did_call are
2804         implemented as simple runtime calls to service the profiler.
2805
2806         With this patch, Octane performance with the WebInspector open jump from
2807         ~2000 to ~2500 (25% progression).
2808
2809         * bytecode/CodeBlock.h:
2810         (JSC::CodeBlock::numBreakpointsAddress):
2811         * bytecode/ExitKind.cpp:
2812         (JSC::exitKindToString):
2813         * bytecode/ExitKind.h:
2814         * debugger/Debugger.cpp:
2815         (JSC::Debugger::toggleBreakpoint):
2816         - removed an obsolete assertion. The debugger can now handle DFG
2817           CodeBlocks too.
2818         * debugger/Debugger.h:
2819         * dfg/DFGAbstractInterpreterInlines.h:
2820         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2821         * dfg/DFGByteCodeParser.cpp:
2822         (JSC::DFG::ByteCodeParser::parseBlock):
2823         * dfg/DFGCapabilities.cpp:
2824         (JSC::DFG::capabilityLevel):
2825         * dfg/DFGClobberize.h:
2826         (JSC::DFG::clobberize):
2827         * dfg/DFGFixupPhase.cpp:
2828         (JSC::DFG::FixupPhase::fixupNode):
2829         * dfg/DFGNodeType.h:
2830         * dfg/DFGPredictionPropagationPhase.cpp:
2831         (JSC::DFG::PredictionPropagationPhase::propagate):
2832         * dfg/DFGSafeToExecute.h:
2833         (JSC::DFG::safeToExecute):
2834         * dfg/DFGSpeculativeJIT.h:
2835         (JSC::DFG::SpeculativeJIT::callOperation):
2836         * dfg/DFGSpeculativeJIT32_64.cpp:
2837         (JSC::DFG::SpeculativeJIT::compile):
2838         * dfg/DFGSpeculativeJIT64.cpp:
2839         (JSC::DFG::SpeculativeJIT::compile):
2840         * runtime/JSGlobalObject.h:
2841         (JSC::JSGlobalObject::debuggerAddress):
2842
2843 2014-01-23  Max Vujovic  <mvujovic@adobe.com>
2844
2845         Remove CSS Custom Filters code and tests
2846         https://bugs.webkit.org/show_bug.cgi?id=127382
2847
2848         Reviewed by Simon Fraser.
2849
2850         * Configurations/FeatureDefines.xcconfig:
2851
2852 2014-01-22  Brent Fulgham  <bfulgham@apple.com>
2853
2854         [Win] Update project and solution files for 64-bit builds.
2855         https://bugs.webkit.org/show_bug.cgi?id=127457
2856
2857         Reviewed by Eric Carlson.
2858
2859         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
2860         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
2861         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
2862         file from project view.
2863         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Update for VS2013
2864         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
2865         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
2866
2867 2014-01-22  Mark Lam  <mark.lam@apple.com>
2868
2869         Poor man's fast breakpoints for a 2.3x debugger speedup.
2870         <https://webkit.org/b/122836>
2871
2872         Reviewed by Geoffrey Garen.
2873
2874         Previously we gained back some performance (run at baseline JIT speeds)
2875         when the WebInspector is opened provided no breakpoints are set. This
2876         was achieved by simply skipping all op_debug callbacks to the debugger
2877         if no breakpoints are set. If any breakpoints are set, the debugger will
2878         set a m_needsOpDebugCallbacks flag which causes the callbacks to be
2879         called, and we don't get the baseline JIT speeds anymore.
2880
2881         With this patch, we will now track the number of breakpoints set in the
2882         CodeBlock that they are set in. The LLINT and baseline JIT code will
2883         check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
2884         need to be called. With this, we will only enable op_debug callbacks for
2885         CodeBlocks that need it i.e. those with breakpoints set in them.
2886
2887         Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
2888         JIT code still needs to check Debugger::m_shouldPause to determine if the
2889         debugger is in stepping mode and hence, needs op_debug callbacks enabled
2890         for everything until the debugger "continues" the run and exit stepping
2891         mode.
2892
2893         Also in this patch, I fixed a regression in DOM breakpoints which relies
2894         Debugger::breakProgram() to pause the debugger.
2895
2896         * bytecode/CodeBlock.cpp:
2897         (JSC::CodeBlock::dumpBytecode):
2898         - Missed accounting for op_debug's new hasBreakpointFlag operand here when
2899           it was added.
2900         (JSC::CodeBlock::CodeBlock):
2901         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2902         - This is needed in Debugger::toggleBreakpoint() to determine if a
2903           breakpoint falls within a CodeBlock or not. Simply checking the bounds
2904           of the CodeBlock is insufficient. For example, let's say we have the
2905           following JS code:
2906
2907               // begin global scope
2908               function f1() {
2909                   function f2() {
2910                      ... // set breakpoint here.
2911                   }
2912               }
2913               // end global scope
2914
2915           Using the CodeBlock bounds alone, the breakpoint above will to appear
2916           to be in the global program CodeBlock, and the CodeBlocks for function
2917           f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
2918           rule out the global program CodeBlock and f1(), and only apply the
2919           breakpoint to f2(0 where it belongs.
2920
2921           CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
2922           the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
2923           it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
2924           seach to get the line and column info for that op_debug. This is a
2925           N * log(N) algorithm. However, a quick hands on test using the
2926           WebInspector (with this patch applied) to exercise setting, breaking
2927           on, and clearing breakpoints, as well as stepping through some code
2928           shows no noticeable degradation of the user experience compared to the
2929           baseline without this patch.
2930
2931         * bytecode/CodeBlock.h:
2932         (JSC::CodeBlock::numBreakpoints):
2933         (JSC::CodeBlock::numBreakpointsOffset):
2934         (JSC::CodeBlock::addBreakpoint):
2935         (JSC::CodeBlock::removeBreakpoint):
2936         (JSC::CodeBlock::clearAllBreakpoints):
2937         * debugger/Breakpoint.h:
2938         - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
2939           when the WebInspector was setting a line breakpoint and did not provide
2940           a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
2941           information in order to loosen its matching criteria for op_debug
2942           bytecodes for the specified breakpoint line and column values provided
2943           by the debugger.
2944
2945           Previously, we just hijack a 0 value column as an unspecified column.
2946           However, the WebInspector operates on 0-based ints for column values.
2947           Hence, 0 should be a valid column value and should not be hijacked to
2948           mean an unspecified column.
2949
2950         * debugger/Debugger.cpp:
2951         (JSC::Debugger::Debugger):
2952         - added tracking of the VM that the debugger is used with. This is
2953           needed by Debugger::breakProgram().
2954
2955           The VM pointer is attained from the first JSGlobalObject that the debugger
2956           attaches to. When the debugger detaches from the last JSGlobalObject, it
2957           will nullify its VM pointer to allow a new one to be set on the next
2958           attach.
2959
2960           We were always only using each debugger instance with one VM. This change
2961           makes it explicit with an assert to ensure that all globalObjects that
2962           the debugger attaches to beongs to the same VM.
2963
2964         (JSC::Debugger::attach):
2965         (JSC::Debugger::detach):
2966         (JSC::Debugger::setShouldPause):
2967
2968         (JSC::Debugger::registerCodeBlock):
2969         (JSC::Debugger::unregisterCodeBlock):
2970         - registerCodeBlock() is responsible for applying pre-existing breakpoints
2971           to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
2972           clears the breakpoints.
2973
2974         (JSC::Debugger::toggleBreakpoint):
2975         - This is the workhorse function that checks if a breakpoint falls within
2976           a CodeBlock or not. If it does, then it can either enable or disable
2977           said breakpoint in the CodeBlock. In the current implementation,
2978           enabling/disabling the breakpoint simply means incrementing/decrementing
2979           the CodeBlock's m_numBreakpoints.
2980
2981         (JSC::Debugger::applyBreakpoints):
2982
2983         (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
2984         (JSC::Debugger::ToggleBreakpointFunctor::operator()):
2985         (JSC::Debugger::toggleBreakpoint):
2986         - Iterates all relevant CodeBlocks and apply the specified breakpoint
2987           if appropriate. This is called when a new breakpoint is being defined
2988           by the WebInspector and needs to be applied to an already installed
2989           CodeBlock.
2990
2991         (JSC::Debugger::setBreakpoint):
2992         (JSC::Debugger::removeBreakpoint):
2993         (JSC::Debugger::hasBreakpoint):
2994         (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
2995         (JSC::Debugger::ClearBreakpointsFunctor::operator()):
2996         (JSC::Debugger::clearBreakpoints):
2997
2998         (JSC::Debugger::breakProgram):
2999         - Fixed a regression that broke DOM breakpoints. The issue is that with
3000           the skipping of op_debug callbacks, we don't always have an updated
3001           m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
3002           in the op_debug callback. In this case, we can get the CallFrame* from
3003           m_vm->topCallFrame.
3004
3005         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
3006         (JSC::Debugger::pauseIfNeeded):
3007         (JSC::Debugger::willExecuteProgram):
3008         * debugger/Debugger.h:
3009         (JSC::Debugger::Debugger):
3010         (JSC::Debugger::shouldPause):
3011
3012         * heap/CodeBlockSet.h:
3013         (JSC::CodeBlockSet::iterate):
3014         * heap/Heap.h:
3015         (JSC::Heap::forEachCodeBlock):
3016         - Added utility to iterate all CodeBlocks in the heap / VM.
3017
3018         * interpreter/Interpreter.cpp:
3019         (JSC::Interpreter::debug):
3020
3021         * jit/JITOpcodes.cpp:
3022         (JSC::JIT::emit_op_debug):
3023         * jit/JITOpcodes32_64.cpp:
3024         (JSC::JIT::emit_op_debug):
3025         * llint/LowLevelInterpreter.asm:
3026         - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
3027           instead of Debugger::m_needsOpDebugCallbacks.
3028
3029         * runtime/Executable.cpp:
3030         (JSC::ScriptExecutable::installCode):
3031
3032 2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
3033
3034         Remove CSS3_TEXT_DECORATION define
3035         https://bugs.webkit.org/show_bug.cgi?id=127333
3036
3037         This is required for unprefixing the text-decoration-* CSS properties.
3038
3039         Reviewed by Simon Fraser.
3040
3041         * Configurations/FeatureDefines.xcconfig:
3042
3043 2014-01-22  Alexey Proskuryakov  <ap@apple.com>
3044
3045         Update JS whitespace definition for changes in Unicode 6.3
3046         https://bugs.webkit.org/show_bug.cgi?id=127450
3047         <rdar://15863457>
3048
3049         Reviewed by Oliver Hunt.
3050
3051         Covered by existing tests when running against a Unicode back-end that supports
3052         Unicode 6.3 or higher.
3053
3054         * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
3055         U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
3056         that used to be whitespace.
3057
3058 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3059
3060         Registers used in writeBarrierOnOperand can cause clobbering on some platforms
3061         https://bugs.webkit.org/show_bug.cgi?id=127357
3062
3063         Reviewed by Filip Pizlo.
3064
3065         Some platforms use t0 and t1 for their first two arguments, so using those to load the 
3066         cell for the write barrier is a bad idea because it will get clobbered.
3067
3068         * llint/LowLevelInterpreter32_64.asm:
3069         * llint/LowLevelInterpreter64.asm:
3070
3071 2014-01-21  Mark Rowe  <mrowe@apple.com>
3072
3073         Mac production build fix.
3074
3075         Move the shell script build phase to copy jsc into JavaScriptCore.framework
3076         out of the jsc target and in to the All target so that it's not run during
3077         production builds. Xcode appears to the parent directories of paths referenced
3078         in the Output Files of the build phase, which leads to problems when the
3079         SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.
3080
3081         I've also fixed the path to the Resources folder in the script while I'm here.
3082         On iOS the framework bundle is shallow so the correct destination is Resources/
3083         rather than Versions/A/Resources. This is handled by tweaking the
3084         JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
3085         a complete path so we can reuse it in the script. The references in JSC.xcconfig
3086         and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
3087         to preserve their former values.
3088
3089         * Configurations/Base.xcconfig:
3090         * Configurations/JSC.xcconfig:
3091         * Configurations/ToolExecutable.xcconfig:
3092         * JavaScriptCore.xcodeproj/project.pbxproj:
3093
3094 2014-01-19  Andreas Kling  <akling@apple.com>
3095
3096         JSC Parser: Shrink BindingNode.
3097         <https://webkit.org/b/127253>
3098
3099         The "divot" and "end" source locations are always identical for
3100         BindingNodes, so store only "start" and "end" instead.
3101
3102         1.19 MB progression on Membuster3.
3103
3104         Reviewed by Geoff Garen.
3105
3106         * bytecompiler/NodesCodegen.cpp:
3107         (JSC::BindingNode::bindValue):
3108         * parser/ASTBuilder.h:
3109         (JSC::ASTBuilder::createBindingLocation):
3110         * parser/NodeConstructors.h:
3111         (JSC::BindingNode::create):
3112         (JSC::BindingNode::BindingNode):
3113         * parser/Nodes.h:
3114         (JSC::BindingNode::divotStart):
3115         (JSC::BindingNode::divotEnd):
3116         * parser/Parser.cpp:
3117         (JSC::Parser<LexerType>::createBindingPattern):
3118         * parser/SyntaxChecker.h:
3119         (JSC::SyntaxChecker::operatorStackPop):
3120
3121 2014-01-20  Filip Pizlo  <fpizlo@apple.com>
3122
3123         op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
3124         https://bugs.webkit.org/show_bug.cgi?id=127311
3125         <rdar://problem/15853958>
3126
3127         Reviewed by Andreas Kling.
3128         
3129         This makes UnlinkedCodeBlocks use 32-bit instruction streams again.
3130
3131         * bytecode/CodeBlock.cpp:
3132         (JSC::CodeBlock::CodeBlock):
3133         * bytecode/UnlinkedCodeBlock.h:
3134         (JSC::UnlinkedInstruction::UnlinkedInstruction):
3135         * bytecompiler/BytecodeGenerator.cpp:
3136         (JSC::BytecodeGenerator::addVar):
3137         (JSC::BytecodeGenerator::emitInitLazyRegister):
3138         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3139         * bytecompiler/BytecodeGenerator.h:
3140         (JSC::BytecodeGenerator::watchableVariable):
3141         (JSC::BytecodeGenerator::hasWatchableVariable):
3142
3143 2014-01-20  Mark Lam  <mark.lam@apple.com>
3144
3145         Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
3146         <https://webkit.org/b/127321>
3147
3148         Reviewed by Geoffrey Garen.
3149
3150         We're changing plans and will be going with CodeBlock level breakpoints
3151         instead of bytecode level breakpoints. As a result, we no longer need
3152         the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
3153         friends). This patch will remove that unused code.
3154
3155         * GNUmakefile.list.am:
3156         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3157         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3158         * JavaScriptCore.xcodeproj/project.pbxproj:
3159         * bytecode/CodeBlock.cpp:
3160         * bytecode/CodeBlock.h:
3161         * bytecode/LineColumnInfo.h: Removed.
3162         * bytecode/UnlinkedCodeBlock.cpp:
3163         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
3164         * bytecode/UnlinkedCodeBlock.h:
3165
3166 2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3167
3168         CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
3169         https://bugs.webkit.org/show_bug.cgi?id=127301
3170
3171         Reviewed by Oliver Hunt.
3172
3173         We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
3174         on the ownerExecutable, which is unnecessary. 
3175
3176         * heap/CodeBlockSet.cpp:
3177         (JSC::CodeBlockSet::traceMarked):
3178
3179 2014-01-20  Anders Carlsson  <andersca@apple.com>
3180
3181         Fix build.
3182
3183         * heap/BlockAllocator.h:
3184
3185 2014-01-20  Anders Carlsson  <andersca@apple.com>
3186
3187         Stop using ThreadCondition in BlockAllocator
3188         https://bugs.webkit.org/show_bug.cgi?id=126313
3189
3190         Reviewed by Sam Weinig.
3191
3192         * heap/BlockAllocator.cpp:
3193         (JSC::BlockAllocator::~BlockAllocator):
3194         (JSC::BlockAllocator::waitForDuration):
3195         (JSC::BlockAllocator::blockFreeingThreadMain):
3196         * heap/BlockAllocator.h:
3197         (JSC::BlockAllocator::deallocate):
3198
3199 2014-01-19  Anders Carlsson  <andersca@apple.com>
3200
3201         Convert GCThreadSharedData over to STL threading primitives
3202         https://bugs.webkit.org/show_bug.cgi?id=127256
3203
3204         Reviewed by Andreas Kling.
3205
3206         * heap/GCThread.cpp:
3207         (JSC::GCThread::waitForNextPhase):
3208         (JSC::GCThread::gcThreadMain):
3209         * heap/GCThreadSharedData.cpp:
3210         (JSC::GCThreadSharedData::GCThreadSharedData):
3211         (JSC::GCThreadSharedData::~GCThreadSharedData):
3212         (JSC::GCThreadSharedData::startNextPhase):
3213         (JSC::GCThreadSharedData::endCurrentPhase):
3214         (JSC::GCThreadSharedData::didStartMarking):
3215         (JSC::GCThreadSharedData::didFinishMarking):
3216         * heap/GCThreadSharedData.h:
3217         * heap/SlotVisitor.cpp:
3218         (JSC::SlotVisitor::donateKnownParallel):
3219         (JSC::SlotVisitor::drainFromShared):
3220
3221 2014-01-18  Andreas Kling  <akling@apple.com>
3222
3223         CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
3224         <https://webkit.org/b/127239>
3225
3226         Reviewed by Anders Carlsson.
3227
3228         * bytecode/CodeBlock.h:
3229         (JSC::CodeBlock::setNumberOfByValInfos):
3230         (JSC::CodeBlock::setNumberOfCallLinkInfos):
3231
3232             Use resizeToFit() instead of grow() for these vectors, since
3233             we know the final size here.
3234
3235         * bytecode/CodeBlock.cpp:
3236         (JSC::CodeBlock::shrinkToFit):
3237
3238             No need to shrink here anymore. We were not even shrinking
3239             m_byValInfo before!
3240
3241 2014-01-18  Andreas Kling  <akling@apple.com>
3242
3243         CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
3244         <https://webkit.org/b/127238>
3245
3246         Reviewed by Anders Carlsson.
3247
3248         * bytecode/CodeBlock.cpp:
3249         (JSC::CodeBlock::CodeBlock):
3250
3251             Use resizeToFit() instead of grow() for m_functionExprs and
3252             m_functionDecls since we know they will never change size.
3253
3254         (JSC::CodeBlock::shrinkToFit):
3255
3256             No need to shrink them here anymore.
3257
3258 2014-01-18  Andreas Kling  <akling@apple.com>
3259
3260         Remove unused CodeBlock::m_additionalIdentifiers member.
3261         <https://webkit.org/b/127237>
3262
3263         Reviewed by Anders Carlsson.
3264
3265         * bytecode/CodeBlock.h:
3266         * bytecode/CodeBlock.cpp:
3267         (JSC::CodeBlock::CodeBlock):
3268         (JSC::CodeBlock::shrinkToFit):
3269
3270             Remove m_additionalIdentifiers, nothing uses it.
3271
3272 2014-01-18  Andreas Kling  <akling@apple.com>
3273
3274         Remove two unused CodeBlock functions.
3275         <https://webkit.org/b/127235>
3276
3277         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
3278         since they are not used.
3279
3280         Reviewed by Anders Carlsson.
3281
3282         * bytecode/CodeBlock.cpp:
3283         * bytecode/CodeBlock.h:
3284
3285 2014-01-18  Andreas Kling  <akling@apple.com>
3286
3287         CodeBlock: Size m_exceptionHandlers to fit from creation.
3288         <https://webkit.org/b/127234>
3289
3290         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
3291
3292         Reviewed by Anders Carlsson.
3293
3294         * bytecode/CodeBlock.h:
3295
3296             Removed unused CodeBlock::allocateHandlers() function.
3297
3298         * bytecode/CodeBlock.cpp:
3299         (JSC::CodeBlock::CodeBlock):
3300
3301             Use resizeToFit() instead of grow() for m_exceptionHandlers
3302             since we know it's never going to change size.
3303
3304         (JSC::CodeBlock::shrinkToFit):
3305
3306             No need to shrink m_exceptionHandlers here since it's already
3307             the perfect size.
3308
3309 2014-01-18  Mark Lam  <mark.lam@apple.com>
3310
3311         Add a hasBreakpointFlag arg to the op_debug bytecode.
3312         https://bugs.webkit.org/show_bug.cgi?id=127230.
3313
3314         Reviewed by Geoffrey Garen.
3315
3316         This is in anticipation of upcoming changes to support bytecode level
3317         breakpoints. This patch adds the flag to the op_debug bytecode and
3318         initializes it, but does not use it yet.
3319
3320         * bytecode/Opcode.h:
3321         (JSC::padOpcodeName):
3322         * bytecompiler/BytecodeGenerator.cpp:
3323         (JSC::BytecodeGenerator::emitDebugHook):
3324         * llint/LowLevelInterpreter.asm:
3325
3326 2014-01-18  Alberto Garcia  <berto@igalia.com>
3327
3328         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
3329         https://bugs.webkit.org/show_bug.cgi?id=99683
3330
3331         Reviewed by Anders Carlsson.
3332
3333         * jit/ThunkGenerators.cpp:
3334         * tools/CodeProfile.cpp:
3335         (JSC::symbolName):
3336         (JSC::CodeProfile::sample):
3337
3338 2014-01-18  Anders Carlsson  <andersca@apple.com>
3339
3340         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
3341         https://bugs.webkit.org/show_bug.cgi?id=127225
3342
3343         Reviewed by Andreas Kling.
3344
3345         This concludes the removal of over 8.8 million lines of threaded parser code.
3346
3347         * Configurations/FeatureDefines.xcconfig:
3348
3349 2014-01-18  Mark Lam  <mark.lam@apple.com>
3350
3351         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
3352         https://bugs.webkit.org/show_bug.cgi?id=127127.
3353
3354         Reviewed by Geoffrey Garen.
3355
3356         In order to implement bytecode level breakpoints, we need a mechanism
3357         for computing the best fit op_debug bytecode offset for any valid given
3358         line and column value in the source. The "best fit" op_debug bytecode
3359         in this case is defined below in the comment for
3360         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
3361
3362         * GNUmakefile.list.am:
3363         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3364         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3365         * JavaScriptCore.xcodeproj/project.pbxproj:
3366         * bytecode/CodeBlock.cpp:
3367         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
3368         - Convert the line and column to unlinked line and column values and
3369           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
3370           to do the real work.
3371
3372         * bytecode/CodeBlock.h:
3373         * bytecode/LineColumnInfo.h: Added.
3374         (JSC::LineColumnInfo::operator <):
3375         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
3376         (JSC::LineColumnInfo::operator ==):
3377         (JSC::LineColumnInfo::operator !=):
3378         (JSC::LineColumnInfo::operator <=):
3379         (JSC::LineColumnInfo::operator >):
3380         (JSC::LineColumnInfo::operator >=):
3381         * bytecode/LineInfo.h: Removed.
3382
3383         * bytecode/UnlinkedCodeBlock.cpp:
3384         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
3385         - Factored this out of expressionRangeForBytecodeOffset() so that it can