[Win] Convert some NMake files to MSBuild project files
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-01-24  Brent Fulgham  <bfulgham@apple.com>
2
3         [Win] Convert some NMake files to MSBuild project files
4         https://bugs.webkit.org/show_bug.cgi?id=127579
5
6         Reviewed by Tim Horton.
7
8         * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
9         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.
10
11 2014-01-24  Mark Lam  <mark.lam@apple.com>
12
13         Fixed a bad assertion in CodeBlock::removeBreakpoint().
14         <https://webkit.org/b/127581>
15
16         Reviewed by Joseph Pecoraro.
17
18         * bytecode/CodeBlock.h:
19         (JSC::CodeBlock::removeBreakpoint):
20
21 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
22
23         fast/profiler tests ASSERTing after moving recompileAllJSFunctions off a timer
24         https://bugs.webkit.org/show_bug.cgi?id=127566
25
26         Reviewed by Oliver Hunt.
27
28         Make the VM handle recompilation as soon as possible after it is requested.
29
30         * debugger/Debugger.cpp:
31         (JSC::Debugger::recompileAllJSFunctions):
32         When in a JavaScript stack, mark for recompilation when possible.
33
34         * runtime/VMEntryScope.h:
35         (JSC::VMEntryScope::setRecompilationNeeded):
36         * runtime/VMEntryScope.cpp:
37         (JSC::VMEntryScope::VMEntryScope):
38         (JSC::VMEntryScope::~VMEntryScope):
39         Handle recompilation when the top VMEntryScope is popped.
40         Pass the needs recompilation flag up the stack if needed.
41
42 2014-01-24  Oliver Hunt  <oliver@apple.com>
43
44         Generic JSObject::put should handle static properties in the classinfo hierarchy
45         https://bugs.webkit.org/show_bug.cgi?id=127523
46
47         Reviewed by Geoffrey Garen.
48
49         This patch makes JSObject::put correctly call static setters
50         defined by the ClassInfo.
51
52         To make this not clobber performance, the ClassInfo HashTable
53         now includes a flag to indicate that it contains setters. This
54         required updating the lut generator so that it tracked (and emitted)
55         this.
56
57         The rest of the change was making a number of the methods take
58         a VM rather than an ExecState*, so that Structure could set the
59         getter/setter flags during construction (if necessary).
60
61         This also means most objects do not need to perform a lookupPut
62         manually anymore, so most custom ::put's are no longer needed.
63         DOMWindow is the only exception as it has interesting security
64         related semantics.
65
66         * create_hash_table:
67         * interpreter/CallFrame.h:
68         (JSC::ExecState::arrayConstructorTable):
69         (JSC::ExecState::arrayPrototypeTable):
70         (JSC::ExecState::booleanPrototypeTable):
71         (JSC::ExecState::dataViewTable):
72         (JSC::ExecState::dateTable):
73         (JSC::ExecState::dateConstructorTable):
74         (JSC::ExecState::errorPrototypeTable):
75         (JSC::ExecState::globalObjectTable):
76         (JSC::ExecState::jsonTable):
77         (JSC::ExecState::numberConstructorTable):
78         (JSC::ExecState::numberPrototypeTable):
79         (JSC::ExecState::objectConstructorTable):
80         (JSC::ExecState::privateNamePrototypeTable):
81         (JSC::ExecState::regExpTable):
82         (JSC::ExecState::regExpConstructorTable):
83         (JSC::ExecState::regExpPrototypeTable):
84         (JSC::ExecState::stringConstructorTable):
85         (JSC::ExecState::promisePrototypeTable):
86         (JSC::ExecState::promiseConstructorTable):
87         * runtime/ArrayConstructor.cpp:
88         (JSC::ArrayConstructor::getOwnPropertySlot):
89         * runtime/ArrayPrototype.cpp:
90         (JSC::ArrayPrototype::getOwnPropertySlot):
91         * runtime/BooleanPrototype.cpp:
92         (JSC::BooleanPrototype::getOwnPropertySlot):
93         * runtime/ClassInfo.h:
94         (JSC::ClassInfo::propHashTable):
95         * runtime/DateConstructor.cpp:
96         (JSC::DateConstructor::getOwnPropertySlot):
97         * runtime/DatePrototype.cpp:
98         (JSC::DatePrototype::getOwnPropertySlot):
99         * runtime/ErrorPrototype.cpp:
100         (JSC::ErrorPrototype::getOwnPropertySlot):
101         * runtime/JSDataViewPrototype.cpp:
102         (JSC::JSDataViewPrototype::getOwnPropertySlot):
103         * runtime/JSGlobalObject.cpp:
104         (JSC::JSGlobalObject::getOwnPropertySlot):
105         * runtime/JSONObject.cpp:
106         (JSC::JSONObject::getOwnPropertySlot):
107         * runtime/JSObject.cpp:
108         (JSC::JSObject::put):
109         (JSC::JSObject::deleteProperty):
110         * runtime/JSPromiseConstructor.cpp:
111         (JSC::JSPromiseConstructor::getOwnPropertySlot):
112         * runtime/JSPromisePrototype.cpp:
113         (JSC::JSPromisePrototype::getOwnPropertySlot):
114         * runtime/Lookup.h:
115         (JSC::HashTable::copy):
116         (JSC::putEntry):
117         (JSC::lookupPut):
118         * runtime/NamePrototype.cpp:
119         (JSC::NamePrototype::getOwnPropertySlot):
120         * runtime/NumberConstructor.cpp:
121         (JSC::NumberConstructor::getOwnPropertySlot):
122         * runtime/NumberConstructor.h:
123         * runtime/NumberPrototype.cpp:
124         (JSC::NumberPrototype::getOwnPropertySlot):
125         * runtime/ObjectConstructor.cpp:
126         (JSC::ObjectConstructor::getOwnPropertySlot):
127         * runtime/RegExpConstructor.cpp:
128         (JSC::RegExpConstructor::getOwnPropertySlot):
129         * runtime/RegExpConstructor.h:
130         * runtime/RegExpObject.cpp:
131         (JSC::RegExpObject::getOwnPropertySlot):
132         (JSC::RegExpObject::put):
133         * runtime/RegExpPrototype.cpp:
134         (JSC::RegExpPrototype::getOwnPropertySlot):
135         * runtime/StringConstructor.cpp:
136         (JSC::StringConstructor::getOwnPropertySlot):
137         * runtime/Structure.cpp:
138         (JSC::Structure::Structure):
139         (JSC::Structure::freezeTransition):
140         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
141
142 2014-01-24  Mark Lam  <mark.lam@apple.com>
143
144         Skip op_profiler callbacks if !VM::m_enabledProfiler.
145         https://bugs.webkit.org/show_bug.cgi?id=127567.
146
147         Reviewed by Geoffrey Garen.
148
149         The profiler may not be always active (recording). When it's not active
150         (as in VM::m_enabledProfiler is null), then we might as well skip the
151         op_profiler callbacks. The callbacks themselves were already previously
152         gated by a VM::enabledProfiler() check. So, this change does not change
153         any profiler behavior.
154
155         For the DFG, we'll turn the op_profiler handling into speculation checks
156         and OSR exit to the baseline JIT if the profiler becomes active.
157
158         This brings the Octane score up to ~3000 from ~2840.
159
160         * dfg/DFGAbstractInterpreterInlines.h:
161         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
162         * dfg/DFGByteCodeParser.cpp:
163         (JSC::DFG::ByteCodeParser::parseBlock):
164         * dfg/DFGClobberize.h:
165         (JSC::DFG::clobberize):
166         * dfg/DFGNodeType.h:
167         * dfg/DFGSpeculativeJIT32_64.cpp:
168         (JSC::DFG::SpeculativeJIT::compile):
169         * dfg/DFGSpeculativeJIT64.cpp:
170         (JSC::DFG::SpeculativeJIT::compile):
171         * jit/JITOpcodes.cpp:
172         (JSC::JIT::emit_op_profile_will_call):
173         (JSC::JIT::emit_op_profile_did_call):
174         * jit/JITOpcodes32_64.cpp:
175         (JSC::JIT::emit_op_profile_will_call):
176         (JSC::JIT::emit_op_profile_did_call):
177         * llint/LowLevelInterpreter.asm:
178         * runtime/VM.h:
179         (JSC::VM::enabledProfilerAddress):
180
181 2014-01-24  Mark Lam  <mark.lam@apple.com>
182
183         Removing the need for Debugger* and m_shouldPause op_debug check.
184         <https://webkit.org/b/127532>
185
186         Reviewed by Geoffrey Garen.
187
188         This patch replaces the checking of the Debugger::m_shouldPause flag
189         with a procedure to set a SteppingMode flag on all CodeBlocks under
190         the management of the debugger. This simplifies the op_debug checking
191         logic in all the execution engines.
192
193         * bytecode/CodeBlock.cpp:
194         * bytecode/CodeBlock.h:
195         (JSC::CodeBlock::hasDebuggerRequests):
196         (JSC::CodeBlock::debuggerRequestsAddress):
197         (JSC::CodeBlock::setSteppingMode):
198         (JSC::CodeBlock::clearDebuggerRequests):
199         - CodeBlock::m_debuggerRequests is a union of m_numBreakpoints and the
200           new m_steppingMode. The debugger can add/remove breakpoints to the
201           CodeBlock as well as set the stepping mode. By having
202           m_debuggerRequests as a union of the 2 bit fields, the op_debug code
203           can now check if any of the 2 requests made on the CodeBlock is still
204           in effect just by testing a single int.
205
206         * debugger/Debugger.cpp:
207         (JSC::Debugger::Debugger):
208         (JSC::Debugger::detach):
209         - This was bug from before where I forgot to clear the CodeBlock
210           breakpoints before detaching. We now take care of it by clearing all
211           debugger requests made to the CodeBlock.
212
213         (JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
214         (JSC::Debugger::SetSteppingModeFunctor::operator()):
215         (JSC::Debugger::setSteppingMode):
216         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
217         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
218         (JSC::Debugger::clearBreakpoints):
219
220         (JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
221         (JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
222         (JSC::Debugger::clearDebuggerRequests):
223         - We need a distinct clearDebuggerRequests() from clearBreakpoints()
224           because:
225           1. When we detach a globalObject, we only want to clear the debugger
226              requests in CodeBlocks from that global.
227           2. Clearing the debugger requests in the CodeBlocks is not the same
228              as clearing the breakpoints. The breakpoints are still in effect
229              for the next time a globalObject is attached, or for other
230              globalObjects that are still attached.
231
232         (JSC::Debugger::setPauseOnNextStatement):
233         (JSC::Debugger::breakProgram):
234         (JSC::Debugger::stepIntoStatement):
235         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
236         (JSC::Debugger::pauseIfNeeded):
237         (JSC::Debugger::exception):
238         (JSC::Debugger::willExecuteProgram):
239         (JSC::Debugger::didReachBreakpoint):
240         * debugger/Debugger.h:
241         - We're always going to support the debugger. So, there's no longer
242           a need to check ENABLE(JAVASCRIPT_DEBUGGER). Removed the unneeded code.
243
244         * dfg/DFGSpeculativeJIT32_64.cpp:
245         (JSC::DFG::SpeculativeJIT::compile):
246         * dfg/DFGSpeculativeJIT64.cpp:
247         (JSC::DFG::SpeculativeJIT::compile):
248         * interpreter/Interpreter.cpp:
249         (JSC::Interpreter::debug):
250         * jit/JITOpcodes.cpp:
251         (JSC::JIT::emit_op_debug):
252         * jit/JITOpcodes32_64.cpp:
253         (JSC::JIT::emit_op_debug):
254         * llint/LowLevelInterpreter.asm:
255         * runtime/JSGlobalObject.h:
256         (JSC::JSGlobalObject::setDebugger):
257
258 2014-01-24  Michael Saboff  <msaboff@apple.com>
259
260         ARM Offline assembler temporary register allocator has duplicate register when building fat binaries
261         https://bugs.webkit.org/show_bug.cgi?id=127545
262
263         Reviewed by Mark Lam.
264
265         Eliminate the conditional addition of r11/r7 from getModifiedListARMCommon as the
266         .concat will add the new register to ARM_EXTRA_GPRS.  If getModifiedListARMCommon is
267         invoked a second time, there will be a second r11 or r7, which messes things up.
268         Instead, r6 was added to ARM_EXTRA_GPRS.  r6 is currently an unused register.
269
270         * offlineasm/arm.rb:
271
272 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
273
274         Move ContentSearchUtils, ScriptBreakpoint, and ScriptDebugListener into JavaScriptCore for inspector
275         https://bugs.webkit.org/show_bug.cgi?id=127537
276
277         Reviewed by Timothy Hatcher.
278
279         * CMakeLists.txt:
280         * GNUmakefile.list.am:
281         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
282         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
283         * JavaScriptCore.xcodeproj/project.pbxproj:
284         * inspector/ContentSearchUtilities.cpp: Renamed from Source/WebCore/inspector/ContentSearchUtils.cpp.
285         (Inspector::ContentSearchUtilities::createSearchRegexSource):
286         (Inspector::ContentSearchUtilities::sizetExtractor):
287         (Inspector::ContentSearchUtilities::textPositionFromOffset):
288         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
289         (Inspector::ContentSearchUtilities::lineEndings):
290         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
291         (Inspector::ContentSearchUtilities::createSearchRegex):
292         (Inspector::ContentSearchUtilities::countRegularExpressionMatches):
293         (Inspector::ContentSearchUtilities::searchInTextByLines):
294         (Inspector::ContentSearchUtilities::scriptCommentPattern):
295         (Inspector::ContentSearchUtilities::stylesheetCommentPattern):
296         (Inspector::ContentSearchUtilities::findMagicComment):
297         (Inspector::ContentSearchUtilities::findScriptSourceURL):
298         (Inspector::ContentSearchUtilities::findScriptSourceMapURL):
299         (Inspector::ContentSearchUtilities::findStylesheetSourceMapURL):
300         * inspector/ContentSearchUtilities.h: Renamed from Source/WebCore/inspector/ContentSearchUtils.h.
301         * inspector/ScriptBreakpoint.h: Renamed from Source/WebCore/inspector/ScriptBreakpoint.h.
302         (Inspector::ScriptBreakpointAction::ScriptBreakpointAction):
303         (Inspector::ScriptBreakpoint::ScriptBreakpoint):
304         * inspector/ScriptDebugListener.h: Renamed from Source/WebCore/inspector/ScriptDebugListener.h.
305         (Inspector::ScriptDebugListener::Script::Script):
306         (Inspector::ScriptDebugListener::~ScriptDebugListener):
307         * runtime/RegExp.cpp:
308         (JSC::RegExp::match):
309
310 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
311
312         Move RegularExpression into JavaScriptCore for inspector
313         https://bugs.webkit.org/show_bug.cgi?id=127526
314
315         Reviewed by Geoffrey Garen.
316
317         Move RegularExpression into JavaScriptCore/yarr so it can
318         be used later on by JavaScriptCore/inspector. Convert to
319         the JSC::Yarr namespace.
320
321         * CMakeLists.txt:
322         * GNUmakefile.list.am:
323         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
324         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
325         * JavaScriptCore.xcodeproj/project.pbxproj:
326         * yarr/RegularExpression.cpp: Renamed from Source/WebCore/platform/text/RegularExpression.cpp.
327         (JSC::Yarr::RegularExpression::Private::create):
328         (JSC::Yarr::RegularExpression::Private::Private):
329         (JSC::Yarr::RegularExpression::Private::compile):
330         (JSC::Yarr::RegularExpression::RegularExpression):
331         (JSC::Yarr::RegularExpression::~RegularExpression):
332         (JSC::Yarr::RegularExpression::operator=):
333         (JSC::Yarr::RegularExpression::match):
334         (JSC::Yarr::RegularExpression::searchRev):
335         (JSC::Yarr::RegularExpression::matchedLength):
336         (JSC::Yarr::replace):
337         (JSC::Yarr::RegularExpression::isValid):
338         * yarr/RegularExpression.h: Renamed from Source/WebCore/platform/text/RegularExpression.h.
339
340 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
341
342         Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
343         https://bugs.webkit.org/show_bug.cgi?id=127409
344
345         Reviewed by Geoffrey Garen.
346
347         * inspector/InspectorAgentBase.h:
348         When disconnecting agents, provide a InspectorDisconnectReason for
349         the disconnection. It could be that an inspector frontend is just
350         disconnecting or that the inspected object is going away entirely
351         and we can avoid doing some work.
352
353         * runtime/JSGlobalObjectDebuggable.h:
354         * runtime/JSGlobalObjectDebuggable.cpp:
355         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
356         (JSC::JSGlobalObjectDebuggable::disconnect):
357         (JSC::JSGlobalObjectDebuggable::disconnectInternal):
358         Pass different reasons for the different disconnects.
359
360         * inspector/InspectorAgentRegistry.cpp:
361         (Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend):
362         * inspector/InspectorAgentRegistry.h:
363         * inspector/JSGlobalObjectInspectorController.cpp:
364         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
365         * inspector/JSGlobalObjectInspectorController.h:
366         * inspector/agents/InspectorAgent.cpp:
367         (Inspector::InspectorAgent::willDestroyFrontendAndBackend):
368         * inspector/agents/InspectorAgent.h:
369         Pass InspectorDisconnectReason around where needed.
370
371 2014-01-23  Mark Lam  <mark.lam@apple.com>
372
373         Enable DFG for the Debugger and Profiler.
374         <https://webkit.org/b/122847>
375
376         Reviewed by Geoffrey Garen.
377
378         In this patch, we implement DFG op_debug as a series of 3 checks:
379         1. Check if the debugger pointer is non-null. This is needed in case
380            the debugger has been detached but the DFG code is still running
381            on the stack.
382         2. Check if Debugger::m_shouldPause is true.
383         3. Check if CodeBlock::m_numBreakpoints is non-zero.
384
385         These are the same 3 checks done in the LLINT and baselineJIT. But unlike
386         the LLINT and baselineJIT, these DFG checks are implemented as
387         speculationChecks. If the check fails, we OSR exit to the baselineJIT and
388         let it do the work of servicing the op_debug callback.
389
390         Stepping through code in the debugger would work the same way. The top
391         function being debugged has to be a LLINT or baselineJIT function because
392         we would have OSR exited if there is a breakpoint in that function. When
393         we step out of that function to its caller, we expect that the caller will
394         call back to the debugger at the next op_debug. If the caller function is
395         a DFG function, the op_debug site will fail its speculation check on
396         Debugger::m_shouldPause and deopt into a baselineJIT function. Execution
397         continues from there as usual, and the debugger gets its callback.
398
399         For the profile, op_profile_will_call and op_profile_did_call are
400         implemented as simple runtime calls to service the profiler.
401
402         With this patch, Octane performance with the WebInspector open jump from
403         ~2000 to ~2500 (25% progression).
404
405         * bytecode/CodeBlock.h:
406         (JSC::CodeBlock::numBreakpointsAddress):
407         * bytecode/ExitKind.cpp:
408         (JSC::exitKindToString):
409         * bytecode/ExitKind.h:
410         * debugger/Debugger.cpp:
411         (JSC::Debugger::toggleBreakpoint):
412         - removed an obsolete assertion. The debugger can now handle DFG
413           CodeBlocks too.
414         * debugger/Debugger.h:
415         * dfg/DFGAbstractInterpreterInlines.h:
416         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
417         * dfg/DFGByteCodeParser.cpp:
418         (JSC::DFG::ByteCodeParser::parseBlock):
419         * dfg/DFGCapabilities.cpp:
420         (JSC::DFG::capabilityLevel):
421         * dfg/DFGClobberize.h:
422         (JSC::DFG::clobberize):
423         * dfg/DFGFixupPhase.cpp:
424         (JSC::DFG::FixupPhase::fixupNode):
425         * dfg/DFGNodeType.h:
426         * dfg/DFGPredictionPropagationPhase.cpp:
427         (JSC::DFG::PredictionPropagationPhase::propagate):
428         * dfg/DFGSafeToExecute.h:
429         (JSC::DFG::safeToExecute):
430         * dfg/DFGSpeculativeJIT.h:
431         (JSC::DFG::SpeculativeJIT::callOperation):
432         * dfg/DFGSpeculativeJIT32_64.cpp:
433         (JSC::DFG::SpeculativeJIT::compile):
434         * dfg/DFGSpeculativeJIT64.cpp:
435         (JSC::DFG::SpeculativeJIT::compile):
436         * runtime/JSGlobalObject.h:
437         (JSC::JSGlobalObject::debuggerAddress):
438
439 2014-01-23  Max Vujovic  <mvujovic@adobe.com>
440
441         Remove CSS Custom Filters code and tests
442         https://bugs.webkit.org/show_bug.cgi?id=127382
443
444         Reviewed by Simon Fraser.
445
446         * Configurations/FeatureDefines.xcconfig:
447
448 2014-01-22  Brent Fulgham  <bfulgham@apple.com>
449
450         [Win] Update project and solution files for 64-bit builds.
451         https://bugs.webkit.org/show_bug.cgi?id=127457
452
453         Reviewed by Eric Carlson.
454
455         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
456         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
457         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
458         file from project view.
459         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Update for VS2013
460         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
461         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
462
463 2014-01-22  Mark Lam  <mark.lam@apple.com>
464
465         Poor man's fast breakpoints for a 2.3x debugger speedup.
466         <https://webkit.org/b/122836>
467
468         Reviewed by Geoffrey Garen.
469
470         Previously we gained back some performance (run at baseline JIT speeds)
471         when the WebInspector is opened provided no breakpoints are set. This
472         was achieved by simply skipping all op_debug callbacks to the debugger
473         if no breakpoints are set. If any breakpoints are set, the debugger will
474         set a m_needsOpDebugCallbacks flag which causes the callbacks to be
475         called, and we don't get the baseline JIT speeds anymore.
476
477         With this patch, we will now track the number of breakpoints set in the
478         CodeBlock that they are set in. The LLINT and baseline JIT code will
479         check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
480         need to be called. With this, we will only enable op_debug callbacks for
481         CodeBlocks that need it i.e. those with breakpoints set in them.
482
483         Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
484         JIT code still needs to check Debugger::m_shouldPause to determine if the
485         debugger is in stepping mode and hence, needs op_debug callbacks enabled
486         for everything until the debugger "continues" the run and exit stepping
487         mode.
488
489         Also in this patch, I fixed a regression in DOM breakpoints which relies
490         Debugger::breakProgram() to pause the debugger.
491
492         * bytecode/CodeBlock.cpp:
493         (JSC::CodeBlock::dumpBytecode):
494         - Missed accounting for op_debug's new hasBreakpointFlag operand here when
495           it was added.
496         (JSC::CodeBlock::CodeBlock):
497         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
498         - This is needed in Debugger::toggleBreakpoint() to determine if a
499           breakpoint falls within a CodeBlock or not. Simply checking the bounds
500           of the CodeBlock is insufficient. For example, let's say we have the
501           following JS code:
502
503               // begin global scope
504               function f1() {
505                   function f2() {
506                      ... // set breakpoint here.
507                   }
508               }
509               // end global scope
510
511           Using the CodeBlock bounds alone, the breakpoint above will to appear
512           to be in the global program CodeBlock, and the CodeBlocks for function
513           f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
514           rule out the global program CodeBlock and f1(), and only apply the
515           breakpoint to f2(0 where it belongs.
516
517           CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
518           the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
519           it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
520           seach to get the line and column info for that op_debug. This is a
521           N * log(N) algorithm. However, a quick hands on test using the
522           WebInspector (with this patch applied) to exercise setting, breaking
523           on, and clearing breakpoints, as well as stepping through some code
524           shows no noticeable degradation of the user experience compared to the
525           baseline without this patch.
526
527         * bytecode/CodeBlock.h:
528         (JSC::CodeBlock::numBreakpoints):
529         (JSC::CodeBlock::numBreakpointsOffset):
530         (JSC::CodeBlock::addBreakpoint):
531         (JSC::CodeBlock::removeBreakpoint):
532         (JSC::CodeBlock::clearAllBreakpoints):
533         * debugger/Breakpoint.h:
534         - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
535           when the WebInspector was setting a line breakpoint and did not provide
536           a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
537           information in order to loosen its matching criteria for op_debug
538           bytecodes for the specified breakpoint line and column values provided
539           by the debugger.
540
541           Previously, we just hijack a 0 value column as an unspecified column.
542           However, the WebInspector operates on 0-based ints for column values.
543           Hence, 0 should be a valid column value and should not be hijacked to
544           mean an unspecified column.
545
546         * debugger/Debugger.cpp:
547         (JSC::Debugger::Debugger):
548         - added tracking of the VM that the debugger is used with. This is
549           needed by Debugger::breakProgram().
550
551           The VM pointer is attained from the first JSGlobalObject that the debugger
552           attaches to. When the debugger detaches from the last JSGlobalObject, it
553           will nullify its VM pointer to allow a new one to be set on the next
554           attach.
555
556           We were always only using each debugger instance with one VM. This change
557           makes it explicit with an assert to ensure that all globalObjects that
558           the debugger attaches to beongs to the same VM.
559
560         (JSC::Debugger::attach):
561         (JSC::Debugger::detach):
562         (JSC::Debugger::setShouldPause):
563
564         (JSC::Debugger::registerCodeBlock):
565         (JSC::Debugger::unregisterCodeBlock):
566         - registerCodeBlock() is responsible for applying pre-existing breakpoints
567           to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
568           clears the breakpoints.
569
570         (JSC::Debugger::toggleBreakpoint):
571         - This is the workhorse function that checks if a breakpoint falls within
572           a CodeBlock or not. If it does, then it can either enable or disable
573           said breakpoint in the CodeBlock. In the current implementation,
574           enabling/disabling the breakpoint simply means incrementing/decrementing
575           the CodeBlock's m_numBreakpoints.
576
577         (JSC::Debugger::applyBreakpoints):
578
579         (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
580         (JSC::Debugger::ToggleBreakpointFunctor::operator()):
581         (JSC::Debugger::toggleBreakpoint):
582         - Iterates all relevant CodeBlocks and apply the specified breakpoint
583           if appropriate. This is called when a new breakpoint is being defined
584           by the WebInspector and needs to be applied to an already installed
585           CodeBlock.
586
587         (JSC::Debugger::setBreakpoint):
588         (JSC::Debugger::removeBreakpoint):
589         (JSC::Debugger::hasBreakpoint):
590         (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
591         (JSC::Debugger::ClearBreakpointsFunctor::operator()):
592         (JSC::Debugger::clearBreakpoints):
593
594         (JSC::Debugger::breakProgram):
595         - Fixed a regression that broke DOM breakpoints. The issue is that with
596           the skipping of op_debug callbacks, we don't always have an updated
597           m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
598           in the op_debug callback. In this case, we can get the CallFrame* from
599           m_vm->topCallFrame.
600
601         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
602         (JSC::Debugger::pauseIfNeeded):
603         (JSC::Debugger::willExecuteProgram):
604         * debugger/Debugger.h:
605         (JSC::Debugger::Debugger):
606         (JSC::Debugger::shouldPause):
607
608         * heap/CodeBlockSet.h:
609         (JSC::CodeBlockSet::iterate):
610         * heap/Heap.h:
611         (JSC::Heap::forEachCodeBlock):
612         - Added utility to iterate all CodeBlocks in the heap / VM.
613
614         * interpreter/Interpreter.cpp:
615         (JSC::Interpreter::debug):
616
617         * jit/JITOpcodes.cpp:
618         (JSC::JIT::emit_op_debug):
619         * jit/JITOpcodes32_64.cpp:
620         (JSC::JIT::emit_op_debug):
621         * llint/LowLevelInterpreter.asm:
622         - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
623           instead of Debugger::m_needsOpDebugCallbacks.
624
625         * runtime/Executable.cpp:
626         (JSC::ScriptExecutable::installCode):
627
628 2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
629
630         Remove CSS3_TEXT_DECORATION define
631         https://bugs.webkit.org/show_bug.cgi?id=127333
632
633         This is required for unprefixing the text-decoration-* CSS properties.
634
635         Reviewed by Simon Fraser.
636
637         * Configurations/FeatureDefines.xcconfig:
638
639 2014-01-22  Alexey Proskuryakov  <ap@apple.com>
640
641         Update JS whitespace definition for changes in Unicode 6.3
642         https://bugs.webkit.org/show_bug.cgi?id=127450
643         <rdar://15863457>
644
645         Reviewed by Oliver Hunt.
646
647         Covered by existing tests when running against a Unicode back-end that supports
648         Unicode 6.3 or higher.
649
650         * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
651         U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
652         that used to be whitespace.
653
654 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
655
656         Registers used in writeBarrierOnOperand can cause clobbering on some platforms
657         https://bugs.webkit.org/show_bug.cgi?id=127357
658
659         Reviewed by Filip Pizlo.
660
661         Some platforms use t0 and t1 for their first two arguments, so using those to load the 
662         cell for the write barrier is a bad idea because it will get clobbered.
663
664         * llint/LowLevelInterpreter32_64.asm:
665         * llint/LowLevelInterpreter64.asm:
666
667 2014-01-21  Mark Rowe  <mrowe@apple.com>
668
669         Mac production build fix.
670
671         Move the shell script build phase to copy jsc into JavaScriptCore.framework
672         out of the jsc target and in to the All target so that it's not run during
673         production builds. Xcode appears to the parent directories of paths referenced
674         in the Output Files of the build phase, which leads to problems when the
675         SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.
676
677         I've also fixed the path to the Resources folder in the script while I'm here.
678         On iOS the framework bundle is shallow so the correct destination is Resources/
679         rather than Versions/A/Resources. This is handled by tweaking the
680         JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
681         a complete path so we can reuse it in the script. The references in JSC.xcconfig
682         and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
683         to preserve their former values.
684
685         * Configurations/Base.xcconfig:
686         * Configurations/JSC.xcconfig:
687         * Configurations/ToolExecutable.xcconfig:
688         * JavaScriptCore.xcodeproj/project.pbxproj:
689
690 2014-01-19  Andreas Kling  <akling@apple.com>
691
692         JSC Parser: Shrink BindingNode.
693         <https://webkit.org/b/127253>
694
695         The "divot" and "end" source locations are always identical for
696         BindingNodes, so store only "start" and "end" instead.
697
698         1.19 MB progression on Membuster3.
699
700         Reviewed by Geoff Garen.
701
702         * bytecompiler/NodesCodegen.cpp:
703         (JSC::BindingNode::bindValue):
704         * parser/ASTBuilder.h:
705         (JSC::ASTBuilder::createBindingLocation):
706         * parser/NodeConstructors.h:
707         (JSC::BindingNode::create):
708         (JSC::BindingNode::BindingNode):
709         * parser/Nodes.h:
710         (JSC::BindingNode::divotStart):
711         (JSC::BindingNode::divotEnd):
712         * parser/Parser.cpp:
713         (JSC::Parser<LexerType>::createBindingPattern):
714         * parser/SyntaxChecker.h:
715         (JSC::SyntaxChecker::operatorStackPop):
716
717 2014-01-20  Filip Pizlo  <fpizlo@apple.com>
718
719         op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
720         https://bugs.webkit.org/show_bug.cgi?id=127311
721         <rdar://problem/15853958>
722
723         Reviewed by Andreas Kling.
724         
725         This makes UnlinkedCodeBlocks use 32-bit instruction streams again.
726
727         * bytecode/CodeBlock.cpp:
728         (JSC::CodeBlock::CodeBlock):
729         * bytecode/UnlinkedCodeBlock.h:
730         (JSC::UnlinkedInstruction::UnlinkedInstruction):
731         * bytecompiler/BytecodeGenerator.cpp:
732         (JSC::BytecodeGenerator::addVar):
733         (JSC::BytecodeGenerator::emitInitLazyRegister):
734         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
735         * bytecompiler/BytecodeGenerator.h:
736         (JSC::BytecodeGenerator::watchableVariable):
737         (JSC::BytecodeGenerator::hasWatchableVariable):
738
739 2014-01-20  Mark Lam  <mark.lam@apple.com>
740
741         Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
742         <https://webkit.org/b/127321>
743
744         Reviewed by Geoffrey Garen.
745
746         We're changing plans and will be going with CodeBlock level breakpoints
747         instead of bytecode level breakpoints. As a result, we no longer need
748         the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
749         friends). This patch will remove that unused code.
750
751         * GNUmakefile.list.am:
752         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
753         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
754         * JavaScriptCore.xcodeproj/project.pbxproj:
755         * bytecode/CodeBlock.cpp:
756         * bytecode/CodeBlock.h:
757         * bytecode/LineColumnInfo.h: Removed.
758         * bytecode/UnlinkedCodeBlock.cpp:
759         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
760         * bytecode/UnlinkedCodeBlock.h:
761
762 2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>
763
764         CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
765         https://bugs.webkit.org/show_bug.cgi?id=127301
766
767         Reviewed by Oliver Hunt.
768
769         We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
770         on the ownerExecutable, which is unnecessary. 
771
772         * heap/CodeBlockSet.cpp:
773         (JSC::CodeBlockSet::traceMarked):
774
775 2014-01-20  Anders Carlsson  <andersca@apple.com>
776
777         Fix build.
778
779         * heap/BlockAllocator.h:
780
781 2014-01-20  Anders Carlsson  <andersca@apple.com>
782
783         Stop using ThreadCondition in BlockAllocator
784         https://bugs.webkit.org/show_bug.cgi?id=126313
785
786         Reviewed by Sam Weinig.
787
788         * heap/BlockAllocator.cpp:
789         (JSC::BlockAllocator::~BlockAllocator):
790         (JSC::BlockAllocator::waitForDuration):
791         (JSC::BlockAllocator::blockFreeingThreadMain):
792         * heap/BlockAllocator.h:
793         (JSC::BlockAllocator::deallocate):
794
795 2014-01-19  Anders Carlsson  <andersca@apple.com>
796
797         Convert GCThreadSharedData over to STL threading primitives
798         https://bugs.webkit.org/show_bug.cgi?id=127256
799
800         Reviewed by Andreas Kling.
801
802         * heap/GCThread.cpp:
803         (JSC::GCThread::waitForNextPhase):
804         (JSC::GCThread::gcThreadMain):
805         * heap/GCThreadSharedData.cpp:
806         (JSC::GCThreadSharedData::GCThreadSharedData):
807         (JSC::GCThreadSharedData::~GCThreadSharedData):
808         (JSC::GCThreadSharedData::startNextPhase):
809         (JSC::GCThreadSharedData::endCurrentPhase):
810         (JSC::GCThreadSharedData::didStartMarking):
811         (JSC::GCThreadSharedData::didFinishMarking):
812         * heap/GCThreadSharedData.h:
813         * heap/SlotVisitor.cpp:
814         (JSC::SlotVisitor::donateKnownParallel):
815         (JSC::SlotVisitor::drainFromShared):
816
817 2014-01-18  Andreas Kling  <akling@apple.com>
818
819         CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
820         <https://webkit.org/b/127239>
821
822         Reviewed by Anders Carlsson.
823
824         * bytecode/CodeBlock.h:
825         (JSC::CodeBlock::setNumberOfByValInfos):
826         (JSC::CodeBlock::setNumberOfCallLinkInfos):
827
828             Use resizeToFit() instead of grow() for these vectors, since
829             we know the final size here.
830
831         * bytecode/CodeBlock.cpp:
832         (JSC::CodeBlock::shrinkToFit):
833
834             No need to shrink here anymore. We were not even shrinking
835             m_byValInfo before!
836
837 2014-01-18  Andreas Kling  <akling@apple.com>
838
839         CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
840         <https://webkit.org/b/127238>
841
842         Reviewed by Anders Carlsson.
843
844         * bytecode/CodeBlock.cpp:
845         (JSC::CodeBlock::CodeBlock):
846
847             Use resizeToFit() instead of grow() for m_functionExprs and
848             m_functionDecls since we know they will never change size.
849
850         (JSC::CodeBlock::shrinkToFit):
851
852             No need to shrink them here anymore.
853
854 2014-01-18  Andreas Kling  <akling@apple.com>
855
856         Remove unused CodeBlock::m_additionalIdentifiers member.
857         <https://webkit.org/b/127237>
858
859         Reviewed by Anders Carlsson.
860
861         * bytecode/CodeBlock.h:
862         * bytecode/CodeBlock.cpp:
863         (JSC::CodeBlock::CodeBlock):
864         (JSC::CodeBlock::shrinkToFit):
865
866             Remove m_additionalIdentifiers, nothing uses it.
867
868 2014-01-18  Andreas Kling  <akling@apple.com>
869
870         Remove two unused CodeBlock functions.
871         <https://webkit.org/b/127235>
872
873         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
874         since they are not used.
875
876         Reviewed by Anders Carlsson.
877
878         * bytecode/CodeBlock.cpp:
879         * bytecode/CodeBlock.h:
880
881 2014-01-18  Andreas Kling  <akling@apple.com>
882
883         CodeBlock: Size m_exceptionHandlers to fit from creation.
884         <https://webkit.org/b/127234>
885
886         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
887
888         Reviewed by Anders Carlsson.
889
890         * bytecode/CodeBlock.h:
891
892             Removed unused CodeBlock::allocateHandlers() function.
893
894         * bytecode/CodeBlock.cpp:
895         (JSC::CodeBlock::CodeBlock):
896
897             Use resizeToFit() instead of grow() for m_exceptionHandlers
898             since we know it's never going to change size.
899
900         (JSC::CodeBlock::shrinkToFit):
901
902             No need to shrink m_exceptionHandlers here since it's already
903             the perfect size.
904
905 2014-01-18  Mark Lam  <mark.lam@apple.com>
906
907         Add a hasBreakpointFlag arg to the op_debug bytecode.
908         https://bugs.webkit.org/show_bug.cgi?id=127230.
909
910         Reviewed by Geoffrey Garen.
911
912         This is in anticipation of upcoming changes to support bytecode level
913         breakpoints. This patch adds the flag to the op_debug bytecode and
914         initializes it, but does not use it yet.
915
916         * bytecode/Opcode.h:
917         (JSC::padOpcodeName):
918         * bytecompiler/BytecodeGenerator.cpp:
919         (JSC::BytecodeGenerator::emitDebugHook):
920         * llint/LowLevelInterpreter.asm:
921
922 2014-01-18  Alberto Garcia  <berto@igalia.com>
923
924         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
925         https://bugs.webkit.org/show_bug.cgi?id=99683
926
927         Reviewed by Anders Carlsson.
928
929         * jit/ThunkGenerators.cpp:
930         * tools/CodeProfile.cpp:
931         (JSC::symbolName):
932         (JSC::CodeProfile::sample):
933
934 2014-01-18  Anders Carlsson  <andersca@apple.com>
935
936         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
937         https://bugs.webkit.org/show_bug.cgi?id=127225
938
939         Reviewed by Andreas Kling.
940
941         This concludes the removal of over 8.8 million lines of threaded parser code.
942
943         * Configurations/FeatureDefines.xcconfig:
944
945 2014-01-18  Mark Lam  <mark.lam@apple.com>
946
947         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
948         https://bugs.webkit.org/show_bug.cgi?id=127127.
949
950         Reviewed by Geoffrey Garen.
951
952         In order to implement bytecode level breakpoints, we need a mechanism
953         for computing the best fit op_debug bytecode offset for any valid given
954         line and column value in the source. The "best fit" op_debug bytecode
955         in this case is defined below in the comment for
956         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
957
958         * GNUmakefile.list.am:
959         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
960         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
961         * JavaScriptCore.xcodeproj/project.pbxproj:
962         * bytecode/CodeBlock.cpp:
963         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
964         - Convert the line and column to unlinked line and column values and
965           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
966           to do the real work.
967
968         * bytecode/CodeBlock.h:
969         * bytecode/LineColumnInfo.h: Added.
970         (JSC::LineColumnInfo::operator <):
971         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
972         (JSC::LineColumnInfo::operator ==):
973         (JSC::LineColumnInfo::operator !=):
974         (JSC::LineColumnInfo::operator <=):
975         (JSC::LineColumnInfo::operator >):
976         (JSC::LineColumnInfo::operator >=):
977         * bytecode/LineInfo.h: Removed.
978
979         * bytecode/UnlinkedCodeBlock.cpp:
980         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
981         - Factored this out of expressionRangeForBytecodeOffset() so that it can
982           be called from multiple places.
983         (JSC::dumpLineColumnEntry):
984         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
985         (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
986         - Some dumpers for debugging use only.
987         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
988         (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
989         - Finds the earliest op_debug bytecode whose line and column matches the
990           specified line and column values. If an exact match is not found, then
991           finds the nearest op_debug bytecode that precedes the specified line
992           and column values. If there are more than one op_debug at that preceding
993           line and column value, then the earliest of those op_debug bytecodes will
994           be be selected. The offset of the selected bytecode will be returned.
995
996           We want the earliest one because when we have multiple op_debug bytecodes
997           that map to a given line and column, a debugger user would expect to break
998           on the first one and step through the rest thereafter if needed.
999
1000         (JSC::compareLineColumnInfo):
1001         (JSC::UnlinkedCodeBlock::opDebugLineColumnInfoList):
1002         - Creates the sorted opDebugLineColumnInfoList on demand. This list is
1003           stored in the UnlinkedCodeBlock's rareData.
1004         * bytecode/UnlinkedCodeBlock.h:
1005
1006 2014-01-18  Zan Dobersek  <zdobersek@igalia.com>
1007
1008         Inspector scripts are not compatible with Python v3
1009         https://bugs.webkit.org/show_bug.cgi?id=127128
1010
1011         Reviewed by Benjamin Poulain.
1012
1013         * inspector/scripts/generate-combined-inspector-json.py: Turn print statements into print function calls.
1014         * inspector/scripts/jsmin.py: Try importing the StringIO class from the StringIO module (which will work for
1015         Python v2) or, on import error, import the class from the io module (which will work for Python v3).
1016
1017 2014-01-17  Anders Carlsson  <andersca@apple.com>
1018
1019         String::is8Bit() crashes if m_impl is null, handle this.
1020
1021         * API/OpaqueJSString.h:
1022         (OpaqueJSString::OpaqueJSString):
1023
1024 2014-01-17  Anders Carlsson  <andersca@apple.com>
1025
1026         Try to fix the Windows build.
1027
1028         * API/OpaqueJSString.cpp:
1029         (OpaqueJSString::~OpaqueJSString):
1030         (OpaqueJSString::characters):
1031         * API/OpaqueJSString.h:
1032         (OpaqueJSString::OpaqueJSString):
1033
1034 2014-01-17  Anders Carlsson  <andersca@apple.com>
1035
1036         Get rid of OpaqueJSString::deprecatedCharacters()
1037         https://bugs.webkit.org/show_bug.cgi?id=127161
1038
1039         Reviewed by Sam Weinig.
1040
1041         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
1042         code paths for the 8-bit cases.
1043         
1044         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
1045         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
1046         is called and the backing string is 8-bit.
1047         
1048         This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
1049         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
1050         causing an unsafe upconversion to a 16-bit string).
1051
1052         * API/JSStringRef.cpp:
1053         (JSStringGetCharactersPtr):
1054         Call OpaqueJSString::characters.
1055
1056         (JSStringGetUTF8CString):
1057         Add a code path that handles 8-bit strings.
1058
1059         (JSStringIsEqual):
1060         Call OpaqueJSString::equal.
1061
1062         * API/JSStringRefCF.cpp:
1063         (JSStringCreateWithCFString):
1064         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
1065
1066         (JSStringCopyCFString):
1067         Create an 8-bit CFStringRef if possible.
1068
1069         * API/OpaqueJSString.cpp:
1070         (OpaqueJSString::create):
1071         Use nullptr.
1072
1073         (OpaqueJSString::~OpaqueJSString):
1074         Free m_characters.
1075
1076         (OpaqueJSString::characters):
1077         Do the up-conversion and store the result in m_characters.
1078
1079         (OpaqueJSString::equal):
1080         New helper function.
1081
1082         * API/OpaqueJSString.h:
1083         (OpaqueJSString::is8Bit):
1084         New function that returns whether a string is 8-bit or not.
1085
1086         (OpaqueJSString::characters8):
1087         (OpaqueJSString::characters16):
1088         Add getters.
1089
1090 2014-01-17  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
1091
1092         Remove workaround for compilers not supporting deleted functions
1093         https://bugs.webkit.org/show_bug.cgi?id=127166
1094
1095         Reviewed by Andreas Kling.
1096
1097         * inspector/InspectorAgentRegistry.h:
1098
1099 2014-01-17  Commit Queue  <commit-queue@webkit.org>
1100
1101         Unreviewed, rolling out r162185, r162186, and r162187.
1102         http://trac.webkit.org/changeset/162185
1103         http://trac.webkit.org/changeset/162186
1104         http://trac.webkit.org/changeset/162187
1105         https://bugs.webkit.org/show_bug.cgi?id=127164
1106
1107         Broke JSStringCreateWithCharactersNoCopy, as evidenced by a
1108         JSC API test (Requested by ap on #webkit).
1109
1110         * API/JSStringRef.cpp:
1111         (JSStringGetCharactersPtr):
1112         (JSStringGetUTF8CString):
1113         (JSStringIsEqual):
1114         * API/JSStringRefCF.cpp:
1115         (JSStringCreateWithCFString):
1116         (JSStringCopyCFString):
1117         * API/OpaqueJSString.cpp:
1118         (OpaqueJSString::create):
1119         (OpaqueJSString::identifier):
1120         * API/OpaqueJSString.h:
1121         (OpaqueJSString::create):
1122         (OpaqueJSString::characters):
1123         (OpaqueJSString::deprecatedCharacters):
1124         (OpaqueJSString::OpaqueJSString):
1125
1126 2014-01-16  Anders Carlsson  <andersca@apple.com>
1127
1128         Export OpaqueJSString destructor.
1129
1130         * API/OpaqueJSString.h:
1131
1132 2014-01-16  Anders Carlsson  <andersca@apple.com>
1133
1134         Build fix.
1135
1136         * API/OpaqueJSString.h:
1137
1138 2014-01-16  Anders Carlsson  <andersca@apple.com>
1139
1140         Get rid of OpaqueJSString::deprecatedCharacters()
1141         https://bugs.webkit.org/show_bug.cgi?id=127161
1142
1143         Reviewed by Sam Weinig.
1144
1145         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
1146         code paths for the 8-bit cases.
1147         
1148         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
1149         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
1150         is called. This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
1151         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
1152         causing an unsafe upconversion to a 16-bit string).
1153
1154         * API/JSStringRef.cpp:
1155         (JSStringGetCharactersPtr):
1156         Call OpaqueJSString::characters.
1157
1158         (JSStringGetUTF8CString):
1159         Add a code path that handles 8-bit strings.
1160
1161         (JSStringIsEqual):
1162         Call OpaqueJSString::equal.
1163
1164         * API/JSStringRefCF.cpp:
1165         (JSStringCreateWithCFString):
1166         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
1167
1168         (JSStringCopyCFString):
1169         Create an 8-bit CFStringRef if possible.
1170
1171         * API/OpaqueJSString.cpp:
1172         (OpaqueJSString::create):
1173         Use nullptr.
1174
1175         (OpaqueJSString::~OpaqueJSString):
1176         Free m_characters.
1177
1178         (OpaqueJSString::characters):
1179         Do the up-conversion and store the result in m_characters.
1180
1181         (OpaqueJSString::equal):
1182         New helper function.
1183
1184         * API/OpaqueJSString.h:
1185         (OpaqueJSString::is8Bit):
1186         New function that returns whether a string is 8-bit or not.
1187
1188         (OpaqueJSString::characters8):
1189         (OpaqueJSString::characters16):
1190         Add getters.
1191
1192 2014-01-16  Anders Carlsson  <andersca@apple.com>
1193
1194         Change all uses of FINAL to final now that all our compilers support it
1195         https://bugs.webkit.org/show_bug.cgi?id=127142
1196
1197         Reviewed by Benjamin Poulain.
1198
1199         * inspector/JSGlobalObjectInspectorController.h:
1200         * inspector/agents/InspectorAgent.h:
1201         * inspector/remote/RemoteInspector.h:
1202         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1203         * inspector/scripts/CodeGeneratorInspector.py:
1204         (Generator.go):
1205         * runtime/JSGlobalObjectDebuggable.h:
1206         * runtime/JSPromiseReaction.cpp:
1207
1208 2014-01-16  Oliver Hunt  <oliver@apple.com>
1209
1210         throwing an objc object (or general binding object) triggers an assertion
1211         https://bugs.webkit.org/show_bug.cgi?id=127146
1212
1213         Reviewed by Alexey Proskuryakov.
1214
1215         This is simply a bogus assertion as we can't guarantee a bindings object
1216         won't intercept assignment to .stack
1217
1218         * interpreter/Interpreter.cpp:
1219         (JSC::Interpreter::unwind):
1220
1221 2014-01-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
1222
1223         Remove workaround for compilers not supporting explicit override control
1224         https://bugs.webkit.org/show_bug.cgi?id=127111
1225
1226         Reviewed by Anders Carlsson.
1227
1228         Now all compilers support explicit override control, this workaround can be removed.
1229
1230         * API/JSAPIWrapperObject.mm:
1231         * API/JSCallbackObject.h:
1232         * API/JSManagedValue.mm:
1233         * API/JSScriptRef.cpp:
1234         * bytecode/CodeBlock.h:
1235         * bytecode/CodeBlockJettisoningWatchpoint.h:
1236         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
1237         * bytecode/StructureStubClearingWatchpoint.h:
1238         * dfg/DFGArrayifySlowPathGenerator.h:
1239         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
1240         * dfg/DFGFailedFinalizer.h:
1241         * dfg/DFGJITCode.h:
1242         * dfg/DFGJITFinalizer.h:
1243         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
1244         * dfg/DFGSlowPathGenerator.h:
1245         * dfg/DFGSpeculativeJIT64.cpp:
1246         * heap/Heap.h:
1247         * heap/IncrementalSweeper.h:
1248         * heap/SuperRegion.h:
1249         * inspector/InspectorValues.h:
1250         * inspector/JSGlobalObjectInspectorController.h:
1251         * inspector/agents/InspectorAgent.h:
1252         * inspector/remote/RemoteInspector.h:
1253         * inspector/remote/RemoteInspectorDebuggableConnection.h:
1254         * inspector/scripts/CodeGeneratorInspector.py:
1255         (Generator.go):
1256         * jit/ClosureCallStubRoutine.h:
1257         * jit/ExecutableAllocatorFixedVMPool.cpp:
1258         * jit/GCAwareJITStubRoutine.h:
1259         * jit/JITCode.h:
1260         * jit/JITToDFGDeferredCompilationCallback.h:
1261         * parser/Nodes.h:
1262         * parser/SourceProvider.h:
1263         * runtime/DataView.h:
1264         * runtime/GCActivityCallback.h:
1265         * runtime/GenericTypedArrayView.h:
1266         * runtime/JSGlobalObjectDebuggable.h:
1267         * runtime/JSPromiseReaction.cpp:
1268         * runtime/RegExpCache.h:
1269         * runtime/SimpleTypedArrayController.h:
1270         * runtime/SymbolTable.h:
1271         * runtime/WeakMapData.h:
1272
1273 2014-01-15  Joseph Pecoraro  <pecoraro@apple.com>
1274
1275         [iOS] Clean up REMOTE_INSPECTOR code in OpenSource after the iOS merge
1276         https://bugs.webkit.org/show_bug.cgi?id=127069
1277
1278         Reviewed by Timothy Hatcher.
1279
1280         * JavaScriptCore.xcodeproj/project.pbxproj:
1281         Export XPCConnection because it is needed by RemoteInspector.h.
1282
1283         * inspector/remote/RemoteInspectorXPCConnection.h:
1284         * inspector/remote/RemoteInspector.h:
1285         * inspector/remote/RemoteInspector.mm:
1286         (Inspector::RemoteInspector::startDisabled):
1287         (Inspector::RemoteInspector::shared):
1288         Allow RemoteInspector singleton to start disabled.
1289
1290 2014-01-15  Brian Burg  <bburg@apple.com>
1291
1292         Web Inspector: capture probe samples on the backend
1293         https://bugs.webkit.org/show_bug.cgi?id=126668
1294
1295         Reviewed by Joseph Pecoraro.
1296
1297         Add the 'probe' breakpoint action to the protocol. Change the setBreakpoint
1298         commands to return a list of assigned breakpoint action identifiers
1299         Add a type for breakpoint action identifiers. Add an event for sending
1300         captured probe samples to the inspector frontend.
1301
1302         * inspector/protocol/Debugger.json:
1303
1304 2014-01-10  Mark Hahnenberg  <mhahnenberg@apple.com>
1305
1306         Copying should be generational
1307         https://bugs.webkit.org/show_bug.cgi?id=126555
1308
1309         Reviewed by Geoffrey Garen.
1310
1311         This patch adds support for copying to our generational collector. Eden collections 
1312         always trigger copying. Full collections use our normal fragmentation-based heuristics.
1313
1314         The way this works is that the CopiedSpace now has the notion of an old generation set of CopiedBlocks
1315         and a new generation of CopiedBlocks. During each mutator cycle new CopiedSpace allocations reside
1316         in the new generation. When a collection occurs, those blocks are moved to the old generation.
1317
1318         One key thing to remember is that both new and old generation objects in the MarkedSpace can
1319         refer to old or new generation allocations in CopiedSpace. This is why we must fire write barriers 
1320         when assigning to an old (MarkedSpace) object's Butterfly.
1321
1322         * heap/CopiedAllocator.h:
1323         (JSC::CopiedAllocator::tryAllocateDuringCopying):
1324         * heap/CopiedBlock.h:
1325         (JSC::CopiedBlock::CopiedBlock):
1326         (JSC::CopiedBlock::didEvacuateBytes):
1327         (JSC::CopiedBlock::isOld):
1328         (JSC::CopiedBlock::didPromote):
1329         * heap/CopiedBlockInlines.h:
1330         (JSC::CopiedBlock::reportLiveBytes):
1331         (JSC::CopiedBlock::reportLiveBytesDuringCopying):
1332         * heap/CopiedSpace.cpp:
1333         (JSC::CopiedSpace::CopiedSpace):
1334         (JSC::CopiedSpace::~CopiedSpace):
1335         (JSC::CopiedSpace::init):
1336         (JSC::CopiedSpace::tryAllocateOversize):
1337         (JSC::CopiedSpace::tryReallocateOversize):
1338         (JSC::CopiedSpace::doneFillingBlock):
1339         (JSC::CopiedSpace::didStartFullCollection):
1340         (JSC::CopiedSpace::doneCopying):
1341         (JSC::CopiedSpace::size):
1342         (JSC::CopiedSpace::capacity):
1343         (JSC::CopiedSpace::isPagedOut):
1344         * heap/CopiedSpace.h:
1345         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1346         * heap/CopiedSpaceInlines.h:
1347         (JSC::CopiedSpace::contains):
1348         (JSC::CopiedSpace::recycleEvacuatedBlock):
1349         (JSC::CopiedSpace::allocateBlock):
1350         (JSC::CopiedSpace::startedCopying):
1351         * heap/CopyVisitor.cpp:
1352         (JSC::CopyVisitor::copyFromShared):
1353         * heap/CopyVisitorInlines.h:
1354         (JSC::CopyVisitor::allocateNewSpace):
1355         (JSC::CopyVisitor::allocateNewSpaceSlow):
1356         * heap/GCThreadSharedData.cpp:
1357         (JSC::GCThreadSharedData::didStartCopying):
1358         * heap/Heap.cpp:
1359         (JSC::Heap::copyBackingStores):
1360         * heap/SlotVisitorInlines.h:
1361         (JSC::SlotVisitor::copyLater):
1362         * heap/TinyBloomFilter.h:
1363         (JSC::TinyBloomFilter::add):
1364
1365 2014-01-14  Mark Lam  <mark.lam@apple.com>
1366
1367         ASSERTION FAILED: !hasError() in JSC::Parser<LexerType>::createSavePoint().
1368         https://bugs.webkit.org/show_bug.cgi?id=126990.
1369
1370         Reviewed by Geoffrey Garen.
1371
1372         * parser/Parser.cpp:
1373         (JSC::Parser<LexerType>::parseConstDeclarationList):
1374         - We were missing an error check after attempting to parse an initializer
1375           expression. This is now fixed.
1376
1377 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
1378
1379         Web Inspector: For Remote Inspection link WebProcess's to their parent UIProcess
1380         https://bugs.webkit.org/show_bug.cgi?id=126995
1381
1382         Reviewed by Timothy Hatcher.
1383
1384         * inspector/remote/RemoteInspector.mm:
1385         (Inspector::RemoteInspector::listingForDebuggable):
1386         For each WebView, list the parent process. Listing the parent per WebView
1387         is already supported back when we supported processes that could host WebViews
1388         for multiple applications.
1389
1390         * inspector/remote/RemoteInspectorConstants.h:
1391         Add a separate key for the bundle identifier, separate from application identifier.
1392
1393         * inspector/remote/RemoteInspectorDebuggable.cpp:
1394         (Inspector::RemoteInspectorDebuggable::info):
1395         * inspector/remote/RemoteInspectorDebuggable.h:
1396         (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
1397         (Inspector::RemoteInspectorDebuggableInfo::hasParentProcess):
1398         If a RemoteInspectorDebuggable has a non-zero parent process identifier
1399         it is a proxy for the parent process.
1400
1401 2014-01-14  Brian J. Burg  <burg@cs.washington.edu>
1402
1403         Add ENABLE(WEB_REPLAY) feature flag to the build system
1404         https://bugs.webkit.org/show_bug.cgi?id=126949
1405
1406         Reviewed by Joseph Pecoraro.
1407
1408         * Configurations/FeatureDefines.xcconfig:
1409
1410 2014-01-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
1411
1412         [EFL] FTL buildfix, add missing includes
1413         https://bugs.webkit.org/show_bug.cgi?id=126641
1414
1415         Reviewed by Csaba Osztrogonác.
1416
1417         * ftl/FTLOSREntry.cpp:
1418         * ftl/FTLOSRExitCompiler.cpp:
1419
1420 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
1421
1422         Web Inspector: RemoteInspector::updateDebuggable may miss a push
1423         https://bugs.webkit.org/show_bug.cgi?id=126965
1424
1425         Reviewed by Timothy Hatcher.
1426
1427         * inspector/remote/RemoteInspector.mm:
1428         (Inspector::RemoteInspector::updateDebuggable):
1429         Always push an update. If a debuggable went from allowed to
1430         not allowed, we would have missed pushing an update.
1431
1432 2014-01-13  Mark Hahnenberg  <mhahnenberg@apple.com>
1433
1434         Performance regression on dromaeo due to generational marking
1435         https://bugs.webkit.org/show_bug.cgi?id=126901
1436
1437         Reviewed by Oliver Hunt.
1438
1439         We were seeing some performance regression with ENABLE_GGC == 0, so this patch
1440         ifdefs out more things to get rid of the additional overhead.
1441
1442         * heap/Heap.cpp:
1443         (JSC::Heap::markRoots):
1444         (JSC::Heap::writeBarrier):
1445         * heap/MarkedBlock.cpp:
1446         (JSC::MarkedBlock::clearMarks):
1447         (JSC::MarkedBlock::clearMarksWithCollectionType):
1448         * heap/MarkedSpace.cpp:
1449         (JSC::MarkedSpace::resetAllocators):
1450         * heap/MarkedSpace.h:
1451         (JSC::MarkedSpace::didAllocateInBlock):
1452         * heap/SlotVisitorInlines.h:
1453         (JSC::SlotVisitor::internalAppend):
1454         (JSC::SlotVisitor::reportExtraMemoryUsage):
1455
1456 2014-01-13  Brian Burg  <bburg@apple.com>
1457
1458         Web Inspector: protocol generator should support integer-typed declarations
1459         https://bugs.webkit.org/show_bug.cgi?id=126828
1460
1461         Reviewed by Joseph Pecoraro.
1462
1463         Add new binding classes for parameter/ad-hoc and normal integer type declarations.
1464
1465         * inspector/scripts/CodeGeneratorInspector.py:
1466         (TypeBindings.create_type_declaration_):
1467         (TypeBindings.create_type_declaration_.PlainInteger):
1468         (TypeBindings.create_type_declaration_.PlainInteger.resolve_inner):
1469         (TypeBindings.create_type_declaration_.PlainInteger.request_user_runtime_cast):
1470         (TypeBindings.create_type_declaration_.PlainInteger.request_internal_runtime_cast):
1471         (TypeBindings.create_type_declaration_.PlainInteger.get_code_generator):
1472         (TypeBindings.create_type_declaration_.PlainInteger.get_validator_call_text):
1473         (TypeBindings.create_type_declaration_.PlainInteger.reduce_to_raw_type):
1474         (TypeBindings.create_type_declaration_.PlainInteger.get_type_model):
1475         (TypeBindings.create_type_declaration_.PlainInteger.get_setter_value_expression_pattern):
1476         (TypeBindings.create_type_declaration_.PlainInteger.get_array_item_c_type_text):
1477         (TypeBindings.create_type_declaration_.TypedefInteger):
1478         (TypeBindings.create_type_declaration_.TypedefInteger.resolve_inner):
1479         (TypeBindings.create_type_declaration_.TypedefInteger.request_user_runtime_cast):
1480         (TypeBindings.create_type_declaration_.TypedefInteger.request_internal_runtime_cast):
1481         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator):
1482         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator):
1483         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder):
1484         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder.int):
1485         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.register_use):
1486         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.get_generate_pass_id):
1487         (TypeBindings.create_type_declaration_.TypedefInteger.get_validator_call_text):
1488         (TypeBindings.create_type_declaration_.TypedefInteger.reduce_to_raw_type):
1489         (TypeBindings.create_type_declaration_.TypedefInteger.get_type_model):
1490         (TypeBindings.create_type_declaration_.TypedefInteger.get_setter_value_expression_pattern):
1491         (TypeBindings.create_type_declaration_.TypedefInteger.get_array_item_c_type_text):
1492
1493 2014-01-13  Zalan Bujtas  <zalan@apple.com>
1494
1495         Enable SUBPIXEL_LAYOUT on Mac
1496         <https://webkit.org/b/126283>
1497
1498         Reviewed by Simon Fraser.
1499
1500         * Configurations/FeatureDefines.xcconfig:
1501
1502 2014-01-13  Zan Dobersek  <zdobersek@igalia.com>
1503
1504         Unreviewed. Changes in r161686 are exposing a bug in GCC where the global .cfi_startproc directive
1505         is not inserted early enough into the generated assembler code when building in debug mode, causing
1506         compilation failures on ports using the GCC compilers. To work around the problem, only utilize the
1507         OFFLINE_ASM_* macros that use .cfi_ directives when compiling with Clang.
1508
1509         * llint/LowLevelInterpreter.cpp:
1510
1511 2014-01-12  Commit Queue  <commit-queue@webkit.org>
1512
1513         Unreviewed, rolling out r161840.
1514         http://trac.webkit.org/changeset/161840
1515         https://bugs.webkit.org/show_bug.cgi?id=126870
1516
1517         Caused jsscore and layout test failures (Requested by smfr on
1518         #webkit).
1519
1520         * API/JSValueRef.cpp:
1521         (JSValueMakeFromJSONString):
1522         * bindings/ScriptValue.cpp:
1523         (Deprecated::jsToInspectorValue):
1524         * inspector/InspectorValues.cpp:
1525         * runtime/DatePrototype.cpp:
1526         (JSC::formatLocaleDate):
1527         * runtime/Identifier.h:
1528         (JSC::Identifier::characters):
1529         * runtime/JSStringBuilder.h:
1530         (JSC::JSStringBuilder::append):
1531
1532 2014-01-12  Darin Adler  <darin@apple.com>
1533
1534         Add deprecatedCharacters as a synonym for characters and convert most call sites
1535         https://bugs.webkit.org/show_bug.cgi?id=126858
1536
1537         Reviewed by Anders Carlsson.
1538
1539         * API/JSStringRef.cpp:
1540         (JSStringGetCharactersPtr):
1541         (JSStringGetUTF8CString):
1542         (JSStringIsEqual):
1543         * API/JSStringRefCF.cpp:
1544         (JSStringCopyCFString):
1545         * API/OpaqueJSString.h:
1546         (OpaqueJSString::characters):
1547         (OpaqueJSString::deprecatedCharacters):
1548         (OpaqueJSString::length):
1549         (OpaqueJSString::OpaqueJSString):
1550         * inspector/InspectorValues.cpp:
1551         (Inspector::InspectorValue::parseJSON):
1552         * runtime/JSGlobalObjectFunctions.cpp:
1553         (JSC::parseInt):
1554         * runtime/StringPrototype.cpp:
1555         (JSC::localeCompare):
1556         (JSC::stringProtoFuncFontsize):
1557         (JSC::stringProtoFuncLink):
1558         Use deprecatedCharacters instead of characters.
1559
1560 2014-01-12  Darin Adler  <darin@apple.com>
1561
1562         Reduce use of String::characters
1563         https://bugs.webkit.org/show_bug.cgi?id=126854
1564
1565         Reviewed by Sam Weinig.
1566
1567         * API/JSValueRef.cpp:
1568         (JSValueMakeFromJSONString): Use characters16 instead of characters for 16-bit case.
1569         Had to remove length check because an empty string could be either 8 bit or 16 bit.
1570         Don't need a null string check before calling is8Bit because JSStringRef can't hold
1571         a null string.
1572
1573         * bindings/ScriptValue.cpp:
1574         (Deprecated::jsToInspectorValue): Use the existing string here instead of creating
1575         a new one by calling characters and length on the old string. I think this may be
1576         left over from when string types were not the same in JavaScriptCore and WebCore.
1577         Also rewrite the property names loop to use modern for syntax and fewer locals.
1578
1579         * inspector/InspectorValues.cpp:
1580         (Inspector::escapeChar): Changed to use appendLiteral instead of hard-coding string
1581         lengths. Moved handling of "<" and ">" in here instead of at the call site.
1582         (Inspector::doubleQuoteString): Simplify the code so there is no use of characters
1583         and length. This is still an inefficient way of doing this job and could use a rethink.
1584
1585         * runtime/DatePrototype.cpp:
1586         (JSC::formatLocaleDate): Use RetainPtr, createCFString, and the conversion from
1587         CFStringRef to WTF::String to remove a lot of unneeded code.
1588
1589         * runtime/Identifier.h: Removed unneeded Identifier::characters function.
1590
1591         * runtime/JSStringBuilder.h:
1592         (JSC::JSStringBuilder::append): Use characters16 instead of characters function here,
1593         since we have already checked is8Bit above.
1594
1595 2014-01-12  Andy Estes  <aestes@apple.com>
1596
1597         [iOS] Enable the JSC Objective-C API
1598
1599         Rubber-stamped by Simon Fraser.
1600
1601         * API/JSBase.h:
1602
1603 2014-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>
1604
1605         Unreviewed. Fix make distcheck.
1606
1607         * GNUmakefile.am: Add inline-and-minify-stylesheets-and-scripts.py
1608         to EXTRA_DIST and fix InjectedScriptSource.h generation rule.
1609         * GNUmakefile.list.am: Move InjectedScriptSource.h to
1610         built_nosources to make sure it's not disted.
1611
1612 2014-01-11  Anders Carlsson  <andersca@apple.com>
1613
1614         Try again to fix the build.
1615
1616         * inspector/InspectorAgentRegistry.cpp:
1617         * inspector/InspectorAgentRegistry.h:
1618
1619 2014-01-11  Anders Carlsson  <andersca@apple.com>
1620
1621         Try to prevent the Vector copy constructor from being instantiated.
1622
1623         * inspector/InspectorAgentRegistry.cpp:
1624         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
1625         * inspector/InspectorAgentRegistry.h:
1626
1627 2014-01-11  Anders Carlsson  <andersca@apple.com>
1628
1629         Try something else.
1630
1631         * inspector/InspectorAgentRegistry.cpp:
1632         (Inspector::InspectorAgentRegistry::~InspectorAgentRegistry):
1633         * inspector/InspectorAgentRegistry.h:
1634
1635 2014-01-11  Dean Jackson  <dino@apple.com>
1636
1637         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
1638         https://bugs.webkit.org/show_bug.cgi?id=126754
1639
1640         Reviewed by Filip Pizlo.
1641
1642         The ECMAScript specification forbids calling the typed array
1643         constructors without using "new". Change the call data to return
1644         none so we throw and exception in these cases.
1645
1646         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1647         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
1648
1649 2014-01-11  Anders Carlsson  <andersca@apple.com>
1650
1651         Try to fix the build by introducing a constructor.
1652
1653         * inspector/InspectorAgentRegistry.cpp:
1654         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
1655         * inspector/InspectorAgentRegistry.h:
1656
1657 2014-01-11  Anders Carlsson  <andersca@apple.com>
1658
1659         * inspector/InspectorAgentRegistry.h:
1660
1661         Remove an unused function.
1662
1663 2014-01-11  Anders Carlsson  <andersca@apple.com>
1664
1665         InspectorAgentRegistry should use std::unique_ptr
1666         https://bugs.webkit.org/show_bug.cgi?id=126826
1667
1668         Reviewed by Sam Weinig.
1669
1670         * inspector/InspectorAgentRegistry.cpp:
1671         (Inspector::InspectorAgentRegistry::append):
1672         * inspector/InspectorAgentRegistry.h:
1673         * inspector/JSGlobalObjectInspectorController.cpp:
1674         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1675         * inspector/agents/InspectorAgent.h:
1676
1677 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
1678
1679         Web Inspector: Push InspectorAgent down into JSC, give JSC an InspectorController
1680         https://bugs.webkit.org/show_bug.cgi?id=126763
1681
1682         Reviewed by Timothy Hatcher.
1683
1684         Introduce JSGlobalObjectInspectorController. This is the InspectorController
1685         for a JSContext. It is created by the JSGlobalObject Remote Inspector Debuggable
1686         when a remote frontend connects, and is destroyed when the remote frontend
1687         disconnects of the JSGlobalObject is destroyed.
1688
1689         * inspector/JSGlobalObjectInspectorController.h: Added.
1690         * inspector/JSGlobalObjectInspectorController.cpp: Added.
1691         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1692         (Inspector::JSGlobalObjectInspectorController::~JSGlobalObjectInspectorController):
1693         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1694         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
1695         (Inspector::JSGlobalObjectInspectorController::dispatchMessageFromFrontend):
1696         (Inspector::JSGlobalObjectInspectorController::functionCallHandler):
1697         (Inspector::JSGlobalObjectInspectorController::evaluateHandler):
1698         Create/destory agents, create/destroy dispatches, implement InspectorEnvironment.
1699
1700         * runtime/JSGlobalObjectDebuggable.h:
1701         * runtime/JSGlobalObjectDebuggable.cpp:
1702         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
1703         (JSC::JSGlobalObjectDebuggable::connect):
1704         (JSC::JSGlobalObjectDebuggable::disconnect):
1705         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
1706         Forward actions to the InspectorController object.
1707
1708         * inspector/agents/InspectorAgent.h: Renamed from Source/WebCore/inspector/InspectorAgent.h.
1709         * inspector/agents/InspectorAgent.cpp: Renamed from Source/WebCore/inspector/InspectorAgent.cpp.
1710         (Inspector::InspectorAgent::InspectorAgent):
1711         (Inspector::InspectorAgent::~InspectorAgent):
1712         (Inspector::InspectorAgent::didCreateFrontendAndBackend):
1713         (Inspector::InspectorAgent::inspect):
1714         (Inspector::InspectorAgent::evaluateForTestInFrontend):
1715         Implement InspectorAgent in JavaScriptCore in namespace Inspector.
1716
1717         * JavaScriptCore.xcodeproj/project.pbxproj:
1718         * CMakeLists.txt:
1719         * ChangeLog:
1720         * GNUmakefile.am:
1721         * GNUmakefile.list.am:
1722         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1723         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1724         * JavaScriptCore.vcxproj/copy-files.cmd:
1725         Add files and new inspector/agents subdirectory.
1726
1727 2014-01-10  Commit Queue  <commit-queue@webkit.org>
1728
1729         Unreviewed, rolling out r161702.
1730         http://trac.webkit.org/changeset/161702
1731         https://bugs.webkit.org/show_bug.cgi?id=126803
1732
1733         Broke multiple tests (Requested by ap on #webkit).
1734
1735         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1736         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
1737
1738 2014-01-10  David Kilzer  <ddkilzer@apple.com>
1739
1740         Clean up architectures in xcconfig files
1741         <http://webkit.org/b/126794>
1742
1743         Reviewed by Andy Estes.
1744
1745         * Configurations/Base.xcconfig:
1746         * Configurations/JavaScriptCore.xcconfig: Remove armv6, ppc.
1747         * Configurations/ToolExecutable.xcconfig: Sort.
1748         - Add new arch.
1749
1750 2014-01-10  Dean Jackson  <dino@apple.com>
1751
1752         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
1753         https://bugs.webkit.org/show_bug.cgi?id=126754
1754
1755         Reviewed by Filip Pizlo.
1756
1757         The ECMAScript specification forbids calling the typed array
1758         constructors without using "new". Change the call data to return
1759         none so we throw and exception in these cases.
1760
1761         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1762         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
1763
1764 2014-01-10  Benjamin Poulain  <bpoulain@apple.com>
1765
1766         Remove the BlackBerry port from trunk
1767         https://bugs.webkit.org/show_bug.cgi?id=126715
1768
1769         Reviewed by Anders Carlsson.
1770
1771         * assembler/ARMAssembler.h:
1772         (JSC::ARMAssembler::cacheFlush):
1773         * assembler/ARMv7Assembler.h:
1774         (JSC::ARMv7Assembler::replaceWithJump):
1775         (JSC::ARMv7Assembler::maxJumpReplacementSize):
1776         (JSC::ARMv7Assembler::cacheFlush):
1777         * assembler/MacroAssemblerARMv7.h:
1778         (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
1779         * heap/MachineStackMarker.cpp:
1780         (JSC::getPlatformThreadRegisters):
1781         (JSC::otherThreadStackPointer):
1782         (JSC::freePlatformThreadRegisters):
1783         * jit/ExecutableAllocator.h:
1784
1785 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
1786
1787         Web Inspector: Remove unimplemented or static ScriptDebugServer features
1788         https://bugs.webkit.org/show_bug.cgi?id=126784
1789
1790         Reviewed by Timothy Hatcher.
1791
1792         * inspector/protocol/Debugger.json:
1793
1794 2014-01-10  Michael Saboff  <msaboff@apple.com>
1795
1796         REGRESSION(C stack work): stack traces no longer work in CrashTracer, lldb, and other tools
1797         https://bugs.webkit.org/show_bug.cgi?id=126764
1798
1799         Reviewed by Geoffrey Garen.
1800
1801         Updated callToJavaScript and cllToNativeFunction to properly replicate the caller's
1802         return PC and frame pointer in the sentinel frame.  For X86-64, added .cfi_
1803         directives to create eh_frame info for all LLInt symbols so that the various
1804         unwinding code understands that we are using a separate JS stack referenced
1805         by BP and at what offsets in that frame the prior PC (register 16) and prior
1806         BP (register 6) can be found.  These two changes are sufficient for stack tracing
1807         to work for Mac OSX.
1808
1809         * llint/LowLevelInterpreter.cpp:
1810         * llint/LowLevelInterpreter64.asm:
1811
1812 2014-01-10  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
1813
1814         [EFL][JSC] Enable udis86 disassembler on efl.
1815         https://bugs.webkit.org/show_bug.cgi?id=125502
1816
1817         Reviewed by Michael Saboff.
1818
1819         Enable udis86 disassembler on efl and fix build warnings.
1820
1821         * CMakeLists.txt:
1822           Add udis86 disassembler source files.
1823         * disassembler/udis86/udis86_decode.c:
1824         (decode_modrm_rm):
1825           Build warning fixes.
1826         * disassembler/udis86/udis86_syn-att.c:
1827         (gen_operand):
1828           Build warning fixes.
1829         * disassembler/udis86/udis86_syn-intel.c:
1830         (gen_operand):
1831           Build warning fixes.
1832         * disassembler/udis86/udis86_types.h:
1833           Correct FMT64 for uint64_t.
1834
1835 2014-01-09  Benjamin Poulain  <bpoulain@apple.com>
1836
1837         Remove the BlackBerry files outside WebCore
1838         https://bugs.webkit.org/show_bug.cgi?id=126715
1839
1840         Reviewed by Anders Carlsson.
1841
1842         * PlatformBlackBerry.cmake: Removed.
1843         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
1844         * shell/PlatformBlackBerry.cmake: Removed.
1845
1846 2014-01-10  Geoffrey Garen  <ggaren@apple.com>
1847
1848         Removed Blackberry #ifdefs and platform code from JavaScriptCore
1849         https://bugs.webkit.org/show_bug.cgi?id=126757
1850
1851         Reviewed by Sam Weinig.
1852
1853         * PlatformBlackBerry.cmake: Removed.
1854         * heap/HeapTimer.cpp:
1855         * heap/HeapTimer.h:
1856         * heap/IncrementalSweeper.cpp:
1857         * heap/IncrementalSweeper.h:
1858         * jsc.cpp:
1859         (main):
1860         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
1861         * runtime/MemoryStatistics.cpp:
1862         (JSC::globalMemoryStatistics):
1863
1864 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1865
1866         Marking should be generational
1867         https://bugs.webkit.org/show_bug.cgi?id=126552
1868
1869         Reviewed by Geoffrey Garen.
1870
1871         Re-marking the same objects over and over is a waste of effort. This patch implements 
1872         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
1873         overhead during garbage collection caused by rescanning objects.
1874
1875         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
1876         only visit new objects or objects that were added to the remembered set by a write barrier.
1877         FullCollections are normal collections that visit all objects regardless of their 
1878         generation.
1879
1880         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1881         https://bugs.webkit.org/show_bug.cgi?id=126555.
1882
1883         * bytecode/CodeBlock.cpp:
1884         (JSC::CodeBlock::visitAggregate):
1885         * bytecode/CodeBlock.h:
1886         (JSC::CodeBlockSet::mark):
1887         * dfg/DFGOperations.cpp:
1888         * heap/CodeBlockSet.cpp:
1889         (JSC::CodeBlockSet::add):
1890         (JSC::CodeBlockSet::traceMarked):
1891         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1892         * heap/CodeBlockSet.h:
1893         * heap/CopiedBlockInlines.h:
1894         (JSC::CopiedBlock::reportLiveBytes):
1895         * heap/CopiedSpace.cpp:
1896         (JSC::CopiedSpace::didStartFullCollection):
1897         * heap/CopiedSpace.h:
1898         (JSC::CopiedSpace::heap):
1899         * heap/Heap.cpp:
1900         (JSC::Heap::Heap):
1901         (JSC::Heap::didAbandon):
1902         (JSC::Heap::markRoots):
1903         (JSC::Heap::copyBackingStores):
1904         (JSC::Heap::addToRememberedSet):
1905         (JSC::Heap::collectAllGarbage):
1906         (JSC::Heap::collect):
1907         (JSC::Heap::didAllocate):
1908         (JSC::Heap::writeBarrier):
1909         * heap/Heap.h:
1910         (JSC::Heap::isInRememberedSet):
1911         (JSC::Heap::operationInProgress):
1912         (JSC::Heap::shouldCollect):
1913         (JSC::Heap::isCollecting):
1914         (JSC::Heap::isWriteBarrierEnabled):
1915         (JSC::Heap::writeBarrier):
1916         * heap/HeapOperation.h:
1917         * heap/MarkStack.cpp:
1918         (JSC::MarkStackArray::~MarkStackArray):
1919         (JSC::MarkStackArray::clear):
1920         (JSC::MarkStackArray::fillVector):
1921         * heap/MarkStack.h:
1922         * heap/MarkedAllocator.cpp:
1923         (JSC::isListPagedOut):
1924         (JSC::MarkedAllocator::isPagedOut):
1925         (JSC::MarkedAllocator::tryAllocateHelper):
1926         (JSC::MarkedAllocator::addBlock):
1927         (JSC::MarkedAllocator::removeBlock):
1928         (JSC::MarkedAllocator::reset):
1929         * heap/MarkedAllocator.h:
1930         (JSC::MarkedAllocator::MarkedAllocator):
1931         * heap/MarkedBlock.cpp:
1932         (JSC::MarkedBlock::clearMarks):
1933         (JSC::MarkedBlock::clearRememberedSet):
1934         (JSC::MarkedBlock::clearMarksWithCollectionType):
1935         (JSC::MarkedBlock::lastChanceToFinalize):
1936         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1937         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1938         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1939         (JSC::MarkedBlock::setRemembered):
1940         (JSC::MarkedBlock::clearRemembered):
1941         (JSC::MarkedBlock::atomicClearRemembered):
1942         (JSC::MarkedBlock::isRemembered):
1943         * heap/MarkedSpace.cpp:
1944         (JSC::MarkedSpace::~MarkedSpace):
1945         (JSC::MarkedSpace::resetAllocators):
1946         (JSC::MarkedSpace::visitWeakSets):
1947         (JSC::MarkedSpace::reapWeakSets):
1948         (JSC::VerifyMarked::operator()):
1949         (JSC::MarkedSpace::clearMarks):
1950         * heap/MarkedSpace.h:
1951         (JSC::ClearMarks::operator()):
1952         (JSC::ClearRememberedSet::operator()):
1953         (JSC::MarkedSpace::didAllocateInBlock):
1954         (JSC::MarkedSpace::clearRememberedSet):
1955         * heap/SlotVisitor.cpp:
1956         (JSC::SlotVisitor::~SlotVisitor):
1957         (JSC::SlotVisitor::clearMarkStack):
1958         * heap/SlotVisitor.h:
1959         (JSC::SlotVisitor::markStack):
1960         (JSC::SlotVisitor::sharedData):
1961         * heap/SlotVisitorInlines.h:
1962         (JSC::SlotVisitor::internalAppend):
1963         (JSC::SlotVisitor::unconditionallyAppend):
1964         (JSC::SlotVisitor::copyLater):
1965         (JSC::SlotVisitor::reportExtraMemoryUsage):
1966         (JSC::SlotVisitor::heap):
1967         * jit/Repatch.cpp:
1968         * runtime/JSGenericTypedArrayViewInlines.h:
1969         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1970         * runtime/JSPropertyNameIterator.h:
1971         (JSC::StructureRareData::setEnumerationCache):
1972         * runtime/JSString.cpp:
1973         (JSC::JSString::visitChildren):
1974         * runtime/StructureRareDataInlines.h:
1975         (JSC::StructureRareData::setPreviousID):
1976         (JSC::StructureRareData::setObjectToStringValue):
1977         * runtime/WeakMapData.cpp:
1978         (JSC::WeakMapData::visitChildren):
1979
1980 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1981
1982         Unreviewed Windows build fix for r161563.
1983
1984         Copy all scripts, some may not be .py.
1985
1986         * JavaScriptCore.vcxproj/copy-files.cmd:
1987
1988 2014-01-09  Filip Pizlo  <fpizlo@apple.com>
1989
1990         AI for CreateArguments should pass through non-SpecEmpty input values
1991         https://bugs.webkit.org/show_bug.cgi?id=126709
1992
1993         Reviewed by Mark Hahnenberg.
1994
1995         * dfg/DFGAbstractInterpreterInlines.h:
1996         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1997         * tests/stress/use-arguments-as-object-pointer.js: Added.
1998         (foo):
1999
2000 2014-01-09  Mark Hahnenberg  <mhahnenberg@apple.com>
2001
2002         Constructors for Objective-C classes do not work properly with instanceof
2003         https://bugs.webkit.org/show_bug.cgi?id=126670
2004
2005         Reviewed by Oliver Hunt.
2006
2007         This bug is due to the fact that the JS constructors created for Objective-C classes via the JSC 
2008         API inherit from JSCallbackObject, which overrides hasInstance with its own customHasInstance. 
2009         JSCallbackObject::customHasInstance only checks the JSClassRefs for hasInstance callbacks. 
2010         If it doesn't find any callbacks, it returns false.
2011
2012         This patch adds a hasInstance callback to constructors created for Objective-C wrapper classes.
2013
2014         * API/JSWrapperMap.mm:
2015         (constructorHasInstance):
2016         (constructorWithCustomBrand):
2017         (allocateConstructorForCustomClass):
2018         * API/tests/testapi.mm:
2019
2020 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
2021
2022         Web Inspector: Move InjectedScript classes into JavaScriptCore
2023         https://bugs.webkit.org/show_bug.cgi?id=126598
2024
2025         Reviewed by Timothy Hatcher.
2026
2027         Part 5: Move InjectedScript classes into JavaScriptCore
2028
2029         There are pieces of logic that WebCore wants to hook into in the InjectedScript
2030         execution (e.g. for CommandLineAPIModule and InspectorInstrumentation). Create
2031         hooks for those in a base class called InspectorEnvironment. For now, the
2032         InspectorControllers (Page, JSGlobalObject, Worker) will be the InspectorEnvironments
2033         and provide answers to its hooks.
2034
2035         * inspector/InspectorEnvironment.h: Added.
2036         New hooks needed by WebCore in various places. Mostly stubbed in JavaScriptCore.
2037
2038         * inspector/InjectedScript.cpp: Renamed from Source/WebCore/inspector/InjectedScript.cpp.
2039         * inspector/InjectedScript.h: Added.
2040         * inspector/InjectedScriptBase.cpp: Renamed from Source/WebCore/inspector/InjectedScriptBase.cpp.
2041         * inspector/InjectedScriptBase.h: Renamed from Source/WebCore/inspector/InjectedScriptBase.h.
2042         * inspector/InjectedScriptModule.cpp: Renamed from Source/WebCore/inspector/InjectedScriptModule.cpp.
2043         * inspector/InjectedScriptModule.h: Renamed from Source/WebCore/inspector/InjectedScriptModule.h.
2044         Cleanup the style of these files (nullptr, formatting, whitespace, etc).
2045         Use the InspectorEnvironments call/evaluate function for ScriptFunctionCalls and checking access
2046
2047         * inspector/InjectedScriptManager.cpp: Renamed from Source/WebCore/inspector/InjectedScriptManager.cpp.
2048         * inspector/InjectedScriptManager.h: Renamed from Source/WebCore/inspector/InjectedScriptManager.h.
2049         Take an InspectorEnvironment with multiple hooks, instead of a single hook function.
2050
2051         * inspector/InjectedScriptHost.cpp: Added.
2052         * inspector/InjectedScriptHost.h: Added.
2053         * inspector/JSInjectedScriptHost.cpp: Renamed from Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp.
2054         * inspector/JSInjectedScriptHost.h: Added.
2055         * inspector/JSInjectedScriptHostPrototype.cpp: Added.
2056         * inspector/JSInjectedScriptHostPrototype.h: Added.
2057         Implementation of InjectedScriptHost which is passed into the script (InjectedScriptSource.js)
2058         that we inject into the page. This is mostly copied from the original autogenerated code,
2059         then simplified and cleaned up. InjectedScriptHost can be subclasses to provide specialized
2060         implementations of isHTMLAllCollection and type for Web/DOM types unknown to a pure JS context.
2061
2062
2063         Part 4: Move all inspector scripts into JavaScriptCore and update generators.
2064
2065         For OS X be sure to export the scripts as if they are private headers.
2066
2067         * GNUmakefile.am:
2068         * JavaScriptCore.xcodeproj/project.pbxproj:
2069         * inspector/scripts/cssmin.py: Renamed from Source/WebCore/inspector/Scripts/cssmin.py.
2070         * inspector/scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/WebCore/inspector/Scripts/inline-and-minify-stylesheets-and-scripts.py.
2071         * inspector/scripts/jsmin.py: Renamed from Source/WebCore/inspector/Scripts/jsmin.py.
2072         * inspector/scripts/xxd.pl: Renamed from Source/WebCore/inspector/xxd.pl.
2073
2074
2075         Part 3: Update CodeGeneratorInspector to avoid inlining virtual destructors.
2076
2077         This avoids build errors about duplicate exported virtual inlined methods
2078         are included from multiple places. Just put empty destructors in the
2079         implementation file instead of inlined.
2080
2081         * inspector/scripts/CodeGeneratorInspector.py:
2082         (Generator):
2083         (Generator.go):
2084         * inspector/scripts/CodeGeneratorInspectorStrings.py:
2085
2086
2087         Part 2: Move InjectedScriptSource and generation into JavaScriptCore.
2088
2089         Move InjectedScriptSource.js and derived sources generation.
2090
2091         * CMakeLists.txt:
2092         * DerivedSources.make:
2093         * GNUmakefile.am:
2094         * GNUmakefile.list.am:
2095         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2096         * JavaScriptCore.xcodeproj/project.pbxproj:
2097         * inspector/InjectedScriptSource.js: Renamed from Source/WebCore/inspector/InjectedScriptSource.js.
2098
2099 2014-01-09  Balazs Kilvady  <kilvadyb@homejinni.com>
2100
2101         Regression: failing RegExp tests on 32 bit architectures.
2102         https://bugs.webkit.org/show_bug.cgi?id=126699
2103
2104         Reviewed by Michael Saboff.
2105
2106         Fix setRegExpConstructor functions for 32 bit architectures.
2107
2108         * runtime/RegExpConstructor.cpp:
2109         (JSC::setRegExpConstructorInput):
2110         (JSC::setRegExpConstructorMultiline):
2111
2112 2014-01-09  Commit Queue  <commit-queue@webkit.org>
2113
2114         Unreviewed, rolling out r161540.
2115         http://trac.webkit.org/changeset/161540
2116         https://bugs.webkit.org/show_bug.cgi?id=126704
2117
2118         Caused assertion failures on multiple tests (Requested by ap
2119         on #webkit).
2120
2121         * bytecode/CodeBlock.cpp:
2122         (JSC::CodeBlock::visitAggregate):
2123         * bytecode/CodeBlock.h:
2124         (JSC::CodeBlockSet::mark):
2125         * dfg/DFGOperations.cpp:
2126         * heap/CodeBlockSet.cpp:
2127         (JSC::CodeBlockSet::add):
2128         (JSC::CodeBlockSet::traceMarked):
2129         * heap/CodeBlockSet.h:
2130         * heap/CopiedBlockInlines.h:
2131         (JSC::CopiedBlock::reportLiveBytes):
2132         * heap/CopiedSpace.cpp:
2133         * heap/CopiedSpace.h:
2134         * heap/Heap.cpp:
2135         (JSC::Heap::Heap):
2136         (JSC::Heap::didAbandon):
2137         (JSC::Heap::markRoots):
2138         (JSC::Heap::copyBackingStores):
2139         (JSC::Heap::collectAllGarbage):
2140         (JSC::Heap::collect):
2141         (JSC::Heap::didAllocate):
2142         * heap/Heap.h:
2143         (JSC::Heap::shouldCollect):
2144         (JSC::Heap::isCollecting):
2145         (JSC::Heap::isWriteBarrierEnabled):
2146         (JSC::Heap::writeBarrier):
2147         * heap/HeapOperation.h:
2148         * heap/MarkStack.cpp:
2149         (JSC::MarkStackArray::~MarkStackArray):
2150         * heap/MarkStack.h:
2151         * heap/MarkedAllocator.cpp:
2152         (JSC::MarkedAllocator::isPagedOut):
2153         (JSC::MarkedAllocator::tryAllocateHelper):
2154         (JSC::MarkedAllocator::addBlock):
2155         (JSC::MarkedAllocator::removeBlock):
2156         * heap/MarkedAllocator.h:
2157         (JSC::MarkedAllocator::MarkedAllocator):
2158         (JSC::MarkedAllocator::reset):
2159         * heap/MarkedBlock.cpp:
2160         * heap/MarkedBlock.h:
2161         (JSC::MarkedBlock::lastChanceToFinalize):
2162         (JSC::MarkedBlock::didConsumeEmptyFreeList):
2163         (JSC::MarkedBlock::clearMarks):
2164         * heap/MarkedSpace.cpp:
2165         (JSC::MarkedSpace::~MarkedSpace):
2166         (JSC::MarkedSpace::resetAllocators):
2167         (JSC::MarkedSpace::visitWeakSets):
2168         (JSC::MarkedSpace::reapWeakSets):
2169         * heap/MarkedSpace.h:
2170         (JSC::ClearMarks::operator()):
2171         (JSC::MarkedSpace::clearMarks):
2172         * heap/SlotVisitor.cpp:
2173         (JSC::SlotVisitor::~SlotVisitor):
2174         * heap/SlotVisitor.h:
2175         (JSC::SlotVisitor::sharedData):
2176         * heap/SlotVisitorInlines.h:
2177         (JSC::SlotVisitor::internalAppend):
2178         (JSC::SlotVisitor::copyLater):
2179         (JSC::SlotVisitor::reportExtraMemoryUsage):
2180         * jit/Repatch.cpp:
2181         * runtime/JSGenericTypedArrayViewInlines.h:
2182         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
2183         * runtime/JSPropertyNameIterator.h:
2184         (JSC::StructureRareData::setEnumerationCache):
2185         * runtime/JSString.cpp:
2186         (JSC::JSString::visitChildren):
2187         * runtime/StructureRareDataInlines.h:
2188         (JSC::StructureRareData::setPreviousID):
2189         (JSC::StructureRareData::setObjectToStringValue):
2190         * runtime/WeakMapData.cpp:
2191         (JSC::WeakMapData::visitChildren):
2192
2193 2014-01-09  Andreas Kling  <akling@apple.com>
2194
2195         Shrink WatchpointSet.
2196         <https://webkit.org/b/126694>
2197
2198         Reorder the members of WatchpointSet, shrinking it by 8 bytes.
2199         767 kB progression on Membuster3.
2200
2201         Reviewed by Antti Koivisto.
2202
2203         * bytecode/Watchpoint.h:
2204
2205 2014-01-08  Mark Hahnenberg  <mhahnenberg@apple.com>
2206
2207         Reverting accidental GC logging
2208
2209         * heap/Heap.cpp:
2210
2211 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2212
2213         Marking should be generational
2214         https://bugs.webkit.org/show_bug.cgi?id=126552
2215
2216         Reviewed by Geoffrey Garen.
2217
2218         Re-marking the same objects over and over is a waste of effort. This patch implements 
2219         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
2220         overhead during garbage collection caused by rescanning objects.
2221
2222         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
2223         only visit new objects or objects that were added to the remembered set by a write barrier.
2224         FullCollections are normal collections that visit all objects regardless of their 
2225         generation.
2226
2227         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
2228         https://bugs.webkit.org/show_bug.cgi?id=126555.
2229
2230         * bytecode/CodeBlock.cpp:
2231         (JSC::CodeBlock::visitAggregate):
2232         * bytecode/CodeBlock.h:
2233         (JSC::CodeBlockSet::mark):
2234         * dfg/DFGOperations.cpp:
2235         * heap/CodeBlockSet.cpp:
2236         (JSC::CodeBlockSet::add):
2237         (JSC::CodeBlockSet::traceMarked):
2238         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
2239         * heap/CodeBlockSet.h:
2240         * heap/CopiedBlockInlines.h:
2241         (JSC::CopiedBlock::reportLiveBytes):
2242         * heap/CopiedSpace.cpp:
2243         (JSC::CopiedSpace::didStartFullCollection):
2244         * heap/CopiedSpace.h:
2245         (JSC::CopiedSpace::heap):
2246         * heap/Heap.cpp:
2247         (JSC::Heap::Heap):
2248         (JSC::Heap::didAbandon):
2249         (JSC::Heap::markRoots):
2250         (JSC::Heap::copyBackingStores):
2251         (JSC::Heap::addToRememberedSet):
2252         (JSC::Heap::collectAllGarbage):
2253         (JSC::Heap::collect):
2254         (JSC::Heap::didAllocate):
2255         (JSC::Heap::writeBarrier):
2256         * heap/Heap.h:
2257         (JSC::Heap::isInRememberedSet):
2258         (JSC::Heap::operationInProgress):
2259         (JSC::Heap::shouldCollect):
2260         (JSC::Heap::isCollecting):
2261         (JSC::Heap::isWriteBarrierEnabled):
2262         (JSC::Heap::writeBarrier):
2263         * heap/HeapOperation.h:
2264         * heap/MarkStack.cpp:
2265         (JSC::MarkStackArray::~MarkStackArray):
2266         (JSC::MarkStackArray::clear):
2267         (JSC::MarkStackArray::fillVector):
2268         * heap/MarkStack.h:
2269         * heap/MarkedAllocator.cpp:
2270         (JSC::isListPagedOut):
2271         (JSC::MarkedAllocator::isPagedOut):
2272         (JSC::MarkedAllocator::tryAllocateHelper):
2273         (JSC::MarkedAllocator::addBlock):
2274         (JSC::MarkedAllocator::removeBlock):
2275         (JSC::MarkedAllocator::reset):
2276         * heap/MarkedAllocator.h:
2277         (JSC::MarkedAllocator::MarkedAllocator):
2278         * heap/MarkedBlock.cpp:
2279         (JSC::MarkedBlock::clearMarks):
2280         (JSC::MarkedBlock::clearRememberedSet):
2281         (JSC::MarkedBlock::clearMarksWithCollectionType):
2282         (JSC::MarkedBlock::lastChanceToFinalize):
2283         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
2284         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
2285         (JSC::MarkedBlock::didConsumeEmptyFreeList):
2286         (JSC::MarkedBlock::setRemembered):
2287         (JSC::MarkedBlock::clearRemembered):
2288         (JSC::MarkedBlock::atomicClearRemembered):
2289         (JSC::MarkedBlock::isRemembered):
2290         * heap/MarkedSpace.cpp:
2291         (JSC::MarkedSpace::~MarkedSpace):
2292         (JSC::MarkedSpace::resetAllocators):
2293         (JSC::MarkedSpace::visitWeakSets):
2294         (JSC::MarkedSpace::reapWeakSets):
2295         (JSC::VerifyMarked::operator()):
2296         (JSC::MarkedSpace::clearMarks):
2297         * heap/MarkedSpace.h:
2298         (JSC::ClearMarks::operator()):
2299         (JSC::ClearRememberedSet::operator()):
2300         (JSC::MarkedSpace::didAllocateInBlock):
2301         (JSC::MarkedSpace::clearRememberedSet):
2302         * heap/SlotVisitor.cpp:
2303         (JSC::SlotVisitor::~SlotVisitor):
2304         (JSC::SlotVisitor::clearMarkStack):
2305         * heap/SlotVisitor.h:
2306         (JSC::SlotVisitor::markStack):
2307         (JSC::SlotVisitor::sharedData):
2308         * heap/SlotVisitorInlines.h:
2309         (JSC::SlotVisitor::internalAppend):
2310         (JSC::SlotVisitor::unconditionallyAppend):
2311         (JSC::SlotVisitor::copyLater):
2312         (JSC::SlotVisitor::reportExtraMemoryUsage):
2313         (JSC::SlotVisitor::heap):
2314         * jit/Repatch.cpp:
2315         * runtime/JSGenericTypedArrayViewInlines.h:
2316         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
2317         * runtime/JSPropertyNameIterator.h:
2318         (JSC::StructureRareData::setEnumerationCache):
2319         * runtime/JSString.cpp:
2320         (JSC::JSString::visitChildren):
2321         * runtime/StructureRareDataInlines.h:
2322         (JSC::StructureRareData::setPreviousID):
2323         (JSC::StructureRareData::setObjectToStringValue):
2324         * runtime/WeakMapData.cpp:
2325         (JSC::WeakMapData::visitChildren):
2326
2327 2014-01-08  Sam Weinig  <sam@webkit.org>
2328
2329         [JS] Should be able to create a promise by calling the Promise constructor as a function
2330         https://bugs.webkit.org/show_bug.cgi?id=126561
2331
2332         Reviewed by Geoffrey Garen.
2333
2334         * runtime/JSPromiseConstructor.cpp:
2335         (JSC::JSPromiseConstructor::getCallData):
2336         Add support for calling the Promise constructor as a function (e.g. var p = Promise(...), note
2337         the missing "new").
2338
2339 2014-01-08  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2340
2341         [EFL] Make FTL buildable
2342         https://bugs.webkit.org/show_bug.cgi?id=125777
2343
2344         Reviewed by Csaba Osztrogonác.
2345
2346         * CMakeLists.txt:
2347         * ftl/FTLOSREntry.cpp:
2348         * ftl/FTLOSRExitCompiler.cpp:
2349         * llvm/library/config_llvm.h:
2350
2351 2014-01-08  Zan Dobersek  <zdobersek@igalia.com>
2352
2353         [Automake] Scripts for generated build targets do not necessarily produce their output
2354         https://bugs.webkit.org/show_bug.cgi?id=126378
2355
2356         Reviewed by Carlos Garcia Campos.
2357
2358         * GNUmakefile.am: Touch the build targets that are generated through helper scripts that don't
2359         assure the output is generated every time the script is invoked, most commonly due to unchanged
2360         input. This assures the build targets are up-to-date and can't be older that their dependencies,
2361         which would result in constant regeneration at every build.
2362
2363 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
2364
2365         DFG fixup phase should be responsible for inserting ValueToInt32's as needed and it should use Phantom to keep the original values alive in case of OSR exit
2366         https://bugs.webkit.org/show_bug.cgi?id=126600
2367
2368         Reviewed by Michael Saboff.
2369         
2370         This fixes an embarrassing OSR exit liveness bug. It also simplifies the code. We were
2371         already using FixupPhase as the place where conversion nodes get inserted. ValueToInt32
2372         was the only exception to that rule, and that was one of the reasons why we had this bug.
2373         
2374         Henceforth ValueToInt32 is only inserted by FixupPhase, and only when it is necessary:
2375         we have a BitOp that will want a ToInt32 conversion and the operand is not predicted to
2376         already be an int32. If FixupPhase inserts any ValueToInt32's then the BitOp will no
2377         longer appear to use the original operand, which will make OSR exit think that the
2378         original operand is dead. We work around this they way we always do: insert a Phantom on
2379         the original operands right after the BitOp. This ensures that any OSR exit in any of the
2380         ValueToInt32's or in the BitOp itself will have values for the original inputs.
2381
2382         * dfg/DFGBackwardsPropagationPhase.cpp:
2383         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
2384         (JSC::DFG::BackwardsPropagationPhase::propagate):
2385         * dfg/DFGByteCodeParser.cpp:
2386         (JSC::DFG::ByteCodeParser::handleIntrinsic):
2387         (JSC::DFG::ByteCodeParser::parseBlock):
2388         * dfg/DFGFixupPhase.cpp:
2389         (JSC::DFG::FixupPhase::fixupNode):
2390         (JSC::DFG::FixupPhase::fixIntEdge):
2391         (JSC::DFG::FixupPhase::fixBinaryIntEdges):
2392         * dfg/DFGPredictionPropagationPhase.cpp:
2393         (JSC::DFG::PredictionPropagationPhase::propagate):
2394         * tests/stress/bit-op-value-to-int32-input-liveness.js: Added.
2395         (foo):
2396
2397 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
2398
2399         Repatch write barrier slow path call doesn't align the stack in the presence of saved registers
2400         https://bugs.webkit.org/show_bug.cgi?id=126093
2401
2402         Reviewed by Geoffrey Garen.
2403
2404         * jit/Repatch.cpp: Reworked the stack alignment code for calling out to C code on the write barrier slow path.
2405         We need to properly account for the number of reused registers that were saved to the stack, so we have to 
2406         pass the ScratchRegisterAllocator around.
2407         (JSC::storeToWriteBarrierBuffer):
2408         (JSC::writeBarrier):
2409         (JSC::emitPutReplaceStub):
2410         (JSC::emitPutTransitionStub):
2411         * jit/ScratchRegisterAllocator.h: Previously the ScratchRegisterAllocator only knew whether or not it had
2412         reused registers, but not how many. In order to correctly align the stack for calls to C slow paths for 
2413         the write barriers in inline caches we need to know how the stack is aligned. So now ScratchRegisterAllocator
2414         tracks how many registers it has reused.
2415         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
2416         (JSC::ScratchRegisterAllocator::allocateScratch):
2417         (JSC::ScratchRegisterAllocator::didReuseRegisters):
2418         (JSC::ScratchRegisterAllocator::numberOfReusedRegisters):
2419         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
2420         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
2421         * llint/LowLevelInterpreter64.asm: Random typo fix.
2422
2423 2014-01-07  Mark Lam  <mark.lam@apple.com>
2424
2425         r161364 caused JSC tests regression on non-DFG builds (e.g. C Loop and Windows).
2426         https://bugs.webkit.org/show_bug.cgi?id=126589.
2427
2428         Reviewed by Filip Pizlo.
2429
2430         After the removal of ENABLE(VALUE_PROFILER), the LLINT is now expecting the
2431         relevant opcode operands to point to ValueProfiler data structures and will
2432         write profiling data into them. Hence, we need to allocate these data
2433         structures even though the profiling data won't be used in non-DFG builds.
2434
2435         * bytecode/CodeBlock.cpp:
2436         (JSC::CodeBlock::CodeBlock):
2437
2438 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
2439
2440         ASSERT in compileArithNegate on pdfjs
2441         https://bugs.webkit.org/show_bug.cgi?id=126584
2442
2443         Reviewed by Mark Hahnenberg.
2444         
2445         Check negative zero when we should check it, not when we shouldn't check it. :-/
2446
2447         * dfg/DFGSpeculativeJIT.cpp:
2448         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2449
2450 2014-01-07  Gabor Rapcsanyi  <rgabor@webkit.org>
2451
2452         pushFinallyContext saves wrong m_labelScopes size
2453         https://bugs.webkit.org/show_bug.cgi?id=124529
2454
2455         Remove free label scopes before saving finally context.
2456
2457         Reviewed by Geoffrey Garen.
2458
2459         * bytecompiler/BytecodeGenerator.cpp:
2460         (JSC::BytecodeGenerator::pushFinallyContext):
2461
2462 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2463
2464         Heap::collect shouldn't be responsible for sweeping
2465         https://bugs.webkit.org/show_bug.cgi?id=126556
2466
2467         Reviewed by Geoffrey Garen.
2468
2469         Sweeping happens at an awkward time during collection due to the fact that destructors can 
2470         cause arbitrary reentry into the VM. This patch separates collecting and sweeping, and delays 
2471         sweeping until after collection has completely finished.
2472
2473         * heap/Heap.cpp:
2474         (JSC::Heap::collectAllGarbage):
2475         (JSC::Heap::collect):
2476         (JSC::Heap::collectIfNecessaryOrDefer):
2477         * heap/Heap.h:
2478         * heap/MarkedSpace.cpp:
2479         (JSC::MarkedSpace::sweep):
2480         * runtime/GCActivityCallback.cpp:
2481         (JSC::DefaultGCActivityCallback::doWork):
2482
2483 2014-01-07  Mark Rowe  <mrowe@apple.com>
2484
2485         <https://webkit.org/b/126567> Remove the legacy WebKit availability macros
2486
2487         They're no longer used.
2488
2489         Reviewed by Ryosuke Niwa.
2490
2491         * API/WebKitAvailability.h:
2492
2493 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
2494
2495         SetLocal for a FlushedArguments should not claim that the dataFormat is DataFormatJS
2496         https://bugs.webkit.org/show_bug.cgi?id=126563
2497
2498         Reviewed by Gavin Barraclough.
2499         
2500         This was a rookie arguments simplification mistake: the SetLocal needs to record the fact
2501         that although it set JSValue(), OSR should think it set Arguments. DataFormatArguments
2502         conveys this, and dataFormatFor(FlushFormat) will do the right thing.
2503
2504         * dfg/DFGSpeculativeJIT32_64.cpp:
2505         (JSC::DFG::SpeculativeJIT::compile):
2506         * dfg/DFGSpeculativeJIT64.cpp:
2507         (JSC::DFG::SpeculativeJIT::compile):
2508         * tests/stress/phantom-arguments-set-local-then-exit-in-same-block.js: Added.
2509         (foo):
2510
2511 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
2512
2513         Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
2514         https://bugs.webkit.org/show_bug.cgi?id=125519
2515
2516         Reviewed by Geoffrey Garen.
2517         
2518         Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
2519         checks and overflows the node should do. Previously this would be deduced from
2520         backwards analysis results.
2521         
2522         This also makes "unchecked" variants really mean that you want the int32 wrapped
2523         result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
2524         constant folder needs to compute exactly the result implied by ArithMode, instead of
2525         just folding the double result.
2526
2527         * CMakeLists.txt:
2528         * GNUmakefile.list.am:
2529         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2530         * JavaScriptCore.xcodeproj/project.pbxproj:
2531         * dfg/DFGAbstractInterpreterInlines.h:
2532         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2533         * dfg/DFGArithMode.cpp: Added.
2534         (WTF::printInternal):
2535         * dfg/DFGArithMode.h: Added.
2536         (JSC::DFG::doesOverflow):
2537         (JSC::DFG::shouldCheckOverflow):
2538         (JSC::DFG::shouldCheckNegativeZero):
2539         * dfg/DFGCSEPhase.cpp:
2540         (JSC::DFG::CSEPhase::pureCSE):
2541         (JSC::DFG::CSEPhase::performNodeCSE):
2542         * dfg/DFGConstantFoldingPhase.cpp:
2543         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2544         * dfg/DFGFixupPhase.cpp:
2545         (JSC::DFG::FixupPhase::fixupNode):
2546         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
2547         * dfg/DFGGraph.cpp:
2548         (JSC::DFG::Graph::dump):
2549         * dfg/DFGNode.h:
2550         (JSC::DFG::Node::Node):
2551         (JSC::DFG::Node::hasArithMode):
2552         (JSC::DFG::Node::arithMode):
2553         (JSC::DFG::Node::setArithMode):
2554         * dfg/DFGSpeculativeJIT.cpp:
2555         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2556         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
2557         (JSC::DFG::SpeculativeJIT::compileAdd):
2558         (JSC::DFG::SpeculativeJIT::compileArithSub):
2559         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2560         (JSC::DFG::SpeculativeJIT::compileArithMul):
2561         (JSC::DFG::SpeculativeJIT::compileArithDiv):
2562         (JSC::DFG::SpeculativeJIT::compileArithMod):
2563         * dfg/DFGSpeculativeJIT.h:
2564         * dfg/DFGSpeculativeJIT32_64.cpp:
2565         (JSC::DFG::SpeculativeJIT::compile):
2566         * dfg/DFGSpeculativeJIT64.cpp:
2567         (JSC::DFG::SpeculativeJIT::compile):
2568         * ftl/FTLLowerDFGToLLVM.cpp:
2569         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
2570         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
2571         (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
2572         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
2573         (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
2574
2575 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
2576
2577         Add write barriers to the LLInt
2578         https://bugs.webkit.org/show_bug.cgi?id=126527
2579
2580         Reviewed by Filip Pizlo.
2581
2582         This patch takes a similar approach to how write barriers work in the baseline JIT.
2583         We execute the write barrier at the beginning of the opcode so we don't have to 
2584         worry about saving and restoring live registers across write barrier slow path calls 
2585         to C code.
2586
2587         * llint/LLIntOfflineAsmConfig.h:
2588         * llint/LLIntSlowPaths.cpp:
2589         (JSC::LLInt::llint_write_barrier_slow):
2590         * llint/LLIntSlowPaths.h:
2591         * llint/LowLevelInterpreter.asm:
2592         * llint/LowLevelInterpreter32_64.asm:
2593         * llint/LowLevelInterpreter64.asm:
2594         * offlineasm/arm64.rb:
2595         * offlineasm/instructions.rb:
2596         * offlineasm/x86.rb:
2597
2598 2014-01-05  Sam Weinig  <sam@webkit.org>
2599
2600         [JS] Implement Promise.all()
2601         https://bugs.webkit.org/show_bug.cgi?id=126510
2602
2603         Reviewed by Gavin Barraclough.
2604
2605         Add Promise.all() implementation and factor out performing resolves and rejects
2606         on deferreds to share a bit of code. Also moves the abruptRejection helper to
2607         JSPromiseDeferred so it can be used in JSPromiseFunctions.
2608
2609         * runtime/CommonIdentifiers.h:
2610         * runtime/JSPromiseConstructor.cpp:
2611         (JSC::JSPromiseConstructorFuncCast):
2612         (JSC::JSPromiseConstructorFuncResolve):
2613         (JSC::JSPromiseConstructorFuncReject):
2614         (JSC::JSPromiseConstructorFuncAll):
2615         * runtime/JSPromiseDeferred.cpp:
2616         (JSC::updateDeferredFromPotentialThenable):
2617         (JSC::performDeferredResolve):
2618         (JSC::performDeferredReject):
2619         (JSC::abruptRejection):
2620         * runtime/JSPromiseDeferred.h:
2621         * runtime/JSPromiseFunctions.cpp:
2622         (JSC::promiseAllCountdownFunction):
2623         (JSC::createPromiseAllCountdownFunction):
2624         * runtime/JSPromiseFunctions.h:
2625         * runtime/JSPromiseReaction.cpp:
2626         (JSC::ExecutePromiseReactionMicrotask::run):
2627
2628 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
2629
2630         Get rid of ENABLE(VALUE_PROFILER). It's on all the time now.
2631
2632         Rubber stamped by Mark Hahnenberg.
2633
2634         * bytecode/CallLinkStatus.cpp:
2635         (JSC::CallLinkStatus::computeFor):
2636         * bytecode/CodeBlock.cpp:
2637         (JSC::CodeBlock::dumpValueProfiling):
2638         (JSC::CodeBlock::dumpArrayProfiling):
2639         (JSC::CodeBlock::dumpRareCaseProfile):
2640         (JSC::CodeBlock::dumpBytecode):
2641         (JSC::CodeBlock::CodeBlock):
2642         (JSC::CodeBlock::setNumParameters):
2643         (JSC::CodeBlock::shrinkToFit):
2644         (JSC::CodeBlock::shouldOptimizeNow):
2645         * bytecode/CodeBlock.h:
2646         (JSC::CodeBlock::valueProfileForBytecodeOffset):
2647         * bytecode/GetByIdStatus.cpp:
2648         (JSC::GetByIdStatus::computeForChain):
2649         (JSC::GetByIdStatus::computeFor):
2650         * bytecode/LazyOperandValueProfile.cpp:
2651         * bytecode/LazyOperandValueProfile.h:
2652         * bytecode/PutByIdStatus.cpp:
2653         (JSC::PutByIdStatus::computeFor):
2654         * bytecode/ValueProfile.h:
2655         * bytecompiler/BytecodeGenerator.cpp:
2656         (JSC::BytecodeGenerator::newArrayProfile):
2657         (JSC::BytecodeGenerator::newArrayAllocationProfile):
2658         (JSC::BytecodeGenerator::emitProfiledOpcode):
2659         * jit/GPRInfo.h:
2660         * jit/JIT.cpp:
2661         (JSC::JIT::JIT):
2662         (JSC::JIT::privateCompileSlowCases):
2663         (JSC::JIT::privateCompile):
2664         * jit/JIT.h:
2665         * jit/JITArithmetic.cpp:
2666         (JSC::JIT::compileBinaryArithOp):
2667         (JSC::JIT::emit_op_mul):
2668         (JSC::JIT::emit_op_div):
2669         * jit/JITArithmetic32_64.cpp:
2670         (JSC::JIT::emitBinaryDoubleOp):
2671         (JSC::JIT::emit_op_mul):
2672         (JSC::JIT::emitSlow_op_mul):
2673         (JSC::JIT::emit_op_div):
2674         * jit/JITCall.cpp:
2675         (JSC::JIT::emitPutCallResult):
2676         * jit/JITCall32_64.cpp:
2677         (JSC::JIT::emitPutCallResult):
2678         * jit/JITInlines.h:
2679         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
2680         (JSC::JIT::emitValueProfilingSite):
2681         (JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
2682         (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
2683         (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
2684         (JSC::arrayProfileSaw):
2685         (JSC::JIT::chooseArrayMode):
2686         * jit/JITOpcodes.cpp:
2687         (JSC::JIT::emit_op_get_argument_by_val):
2688         * jit/JITOpcodes32_64.cpp:
2689         (JSC::JIT::emit_op_get_argument_by_val):
2690         * jit/JITPropertyAccess.cpp:
2691         (JSC::JIT::emit_op_get_by_val):
2692         (JSC::JIT::emitSlow_op_get_by_val):
2693         (JSC::JIT::emit_op_get_by_id):
2694         (JSC::JIT::emit_op_get_from_scope):
2695         * jit/JITPropertyAccess32_64.cpp:
2696         (JSC::JIT::emit_op_get_by_val):
2697         (JSC::JIT::emitSlow_op_get_by_val):
2698         (JSC::JIT::emit_op_get_by_id):
2699         (JSC::JIT::emit_op_get_from_scope):
2700         * llint/LLIntOfflineAsmConfig.h:
2701         * llint/LLIntSlowPaths.cpp:
2702         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2703         * llint/LowLevelInterpreter.asm:
2704         * llint/LowLevelInterpreter32_64.asm:
2705         * llint/LowLevelInterpreter64.asm:
2706         * profiler/ProfilerBytecodeSequence.cpp:
2707         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2708         * runtime/CommonSlowPaths.cpp:
2709
2710 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
2711
2712         LLInt shouldn't check for ENABLE(JIT).
2713
2714         Rubber stamped by Mark Hahnenberg.
2715
2716         * llint/LLIntCommon.h:
2717         * llint/LLIntOfflineAsmConfig.h:
2718         * llint/LLIntSlowPaths.cpp:
2719         (JSC::LLInt::entryOSR):
2720         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2721         * llint/LowLevelInterpreter.asm:
2722
2723 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
2724
2725         LLInt shouldnt check for ENABLE(JAVASCRIPT_DEBUGGER).
2726
2727         Rubber stamped by Mark Hahnenberg.
2728
2729         * debugger/Debugger.h:
2730         (JSC::Debugger::Debugger):
2731         * llint/LLIntOfflineAsmConfig.h:
2732         * llint/LowLevelInterpreter.asm:
2733
2734 2014-01-05  Sam Weinig  <sam@webkit.org>
2735
2736         [JS] Implement Promise.race()
2737         https://bugs.webkit.org/show_bug.cgi?id=126506
2738
2739         Reviewed by Oliver Hunt.
2740
2741         * runtime/CommonIdentifiers.h:
2742         Add identifier for "cast".
2743     
2744         * runtime/JSPromiseConstructor.cpp:
2745         (JSC::abruptRejection):
2746         Helper for the RejectIfAbrupt abstract operation.
2747   
2748         (JSC::JSPromiseConstructorFuncRace):
2749         Add implementation of Promise.race()
2750
2751 2014-01-05  Martin Robinson  <mrobinson@igalia.com>
2752
2753         [GTK] [CMake] Ensure that the autotools build and the CMake install the same files
2754         https://bugs.webkit.org/show_bug.cgi?id=116379
2755
2756         Reviewed by Gustavo Noronha Silva.
2757
2758         * PlatformGTK.cmake: Install API headers, gir files, and the pkg-config file.
2759
2760 2014-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2761
2762         Use Compiler macros instead of raw "final" and "override"
2763         https://bugs.webkit.org/show_bug.cgi?id=126490
2764
2765         Reviewed by Sam Weinig.
2766
2767         * runtime/JSPromiseReaction.cpp:
2768
2769 2014-01-04  Martin Robinson  <mrobinson@igalia.com>
2770
2771         [GTK] [CMake] Improve the way we locate gobject-introspection
2772         https://bugs.webkit.org/show_bug.cgi?id=126452
2773
2774         Reviewed by Philippe Normand.
2775
2776         * PlatformGTK.cmake: Use the new introspection variables.
2777
2778 2014-01-04  Zan Dobersek  <zdobersek@igalia.com>
2779
2780         Explicitly use the std:: nested name specifier when using std::pair, std::make_pair
2781         https://bugs.webkit.org/show_bug.cgi?id=126439
2782
2783         Reviewed by Andreas Kling.
2784
2785         Instead of relying on std::pair and std::make_pair symbols being present in the current scope
2786         through the pair and make_pair symbols, the std:: specifier should be used explicitly.
2787
2788         * bytecode/Opcode.cpp:
2789         (JSC::compareOpcodePairIndices):
2790         (JSC::OpcodeStats::~OpcodeStats):
2791         * bytecompiler/BytecodeGenerator.cpp:
2792         (JSC::BytecodeGenerator::BytecodeGenerator):
2793         * parser/ASTBuilder.h:
2794         (JSC::ASTBuilder::makeBinaryNode):
2795         * parser/Parser.cpp:
2796         (JSC::Parser<LexerType>::parseIfStatement):
2797         * runtime/Structure.cpp:
2798         (JSC::StructureTransitionTable::contains):
2799         (JSC::StructureTransitionTable::get):
2800         (JSC::StructureTransitionTable::add):
2801
2802 2014-01-03  David Farler  <dfarler@apple.com>
2803
2804         [super dealloc] missing in Source/JavaScriptCore/API/tests/testapi.mm, fails to build with -Werror,-Wobjc-missing-super-calls
2805         https://bugs.webkit.org/show_bug.cgi?id=126454
2806
2807         Reviewed by Geoffrey Garen.
2808
2809         * API/tests/testapi.mm:
2810         (-[TextXYZ dealloc]):
2811         add [super dealloc]
2812         (-[EvilAllocationObject dealloc]):
2813         add [super dealloc]
2814
2815 2014-01-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2816
2817         REGRESSION(r160304): [GTK] Disable libtool fast install
2818         https://bugs.webkit.org/show_bug.cgi?id=126381
2819
2820         Reviewed by Martin Robinson.
2821
2822         Remove -no-fast-install ld flag since fast install is now disabled
2823         globally.
2824
2825         * GNUmakefile.am:
2826
2827 2014-01-02  Sam Weinig  <sam@webkit.org>
2828
2829         Update Promises to the https://github.com/domenic/promises-unwrapping spec
2830         https://bugs.webkit.org/show_bug.cgi?id=120954
2831
2832         Reviewed by Filip Pizlo.
2833
2834         Update Promises to the revised spec. Notable changes:
2835         - JSPromiseResolver is gone.
2836         - TaskContext has been renamed Microtask and now has a virtual run() function.
2837         - Instead of using custom InternalFunction subclasses, JSFunctions are used
2838           with PrivateName properties for internal slots.
2839
2840         * CMakeLists.txt:
2841         * DerivedSources.make:
2842         * GNUmakefile.list.am:
2843         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2844         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2845         * JavaScriptCore.xcodeproj/project.pbxproj:
2846         * interpreter/CallFrame.h:
2847         (JSC::ExecState::promiseConstructorTable):
2848         * runtime/CommonIdentifiers.cpp:
2849         (JSC::CommonIdentifiers::CommonIdentifiers):
2850         * runtime/CommonIdentifiers.h:
2851         * runtime/JSGlobalObject.cpp:
2852         (JSC::JSGlobalObject::reset):
2853         (JSC::JSGlobalObject::visitChildren):
2854         (JSC::JSGlobalObject::queueMicrotask):
2855         * runtime/JSGlobalObject.h:
2856         (JSC::JSGlobalObject::promiseConstructor):
2857         (JSC::JSGlobalObject::promisePrototype):
2858         (JSC::JSGlobalObject::promiseStructure):
2859         * runtime/JSPromise.cpp:
2860         (JSC::JSPromise::create):
2861         (JSC::JSPromise::JSPromise):
2862         (JSC::JSPromise::finishCreation):
2863         (JSC::JSPromise::visitChildren):
2864         (JSC::JSPromise::reject):
2865         (JSC::JSPromise::resolve):
2866         (JSC::JSPromise::appendResolveReaction):
2867         (JSC::JSPromise::appendRejectReaction):
2868         (JSC::triggerPromiseReactions):
2869         * runtime/JSPromise.h:
2870         (JSC::JSPromise::status):
2871         (JSC::JSPromise::result):
2872         (JSC::JSPromise::constructor):
2873         * runtime/JSPromiseCallback.cpp: Removed.
2874         * runtime/JSPromiseCallback.h: Removed.
2875         * runtime/JSPromiseConstructor.cpp:
2876         (JSC::constructPromise):
2877         (JSC::JSPromiseConstructor::getCallData):
2878         (JSC::JSPromiseConstructorFuncCast):
2879         (JSC::JSPromiseConstructorFuncResolve):
2880         (JSC::JSPromiseConstructorFuncReject):
2881         * runtime/JSPromiseConstructor.h:
2882         * runtime/JSPromiseDeferred.cpp: Added.
2883         (JSC::JSPromiseDeferred::create):
2884         (JSC::JSPromiseDeferred::JSPromiseDeferred):
2885         (JSC::JSPromiseDeferred::finishCreation):
2886         (JSC::JSPromiseDeferred::visitChildren):
2887         (JSC::createJSPromiseDeferredFromConstructor):
2888         (JSC::updateDeferredFromPotentialThenable):
2889         * runtime/JSPromiseDeferred.h: Added.
2890         (JSC::JSPromiseDeferred::createStructure):
2891         (JSC::JSPromiseDeferred::promise):
2892         (JSC::JSPromiseDeferred::resolve):
2893         (JSC::JSPromiseDeferred::reject):
2894         * runtime/JSPromiseFunctions.cpp: Added.
2895         (JSC::deferredConstructionFunction):
2896         (JSC::createDeferredConstructionFunction):
2897         (JSC::identifyFunction):
2898         (JSC::createIdentifyFunction):
2899         (JSC::promiseAllCountdownFunction):
2900         (JSC::createPromiseAllCountdownFunction):
2901         (JSC::promiseResolutionHandlerFunction):
2902         (JSC::createPromiseResolutionHandlerFunction):
2903         (JSC::rejectPromiseFunction):
2904         (JSC::createRejectPromiseFunction):
2905         (JSC::resolvePromiseFunction):
2906         (JSC::createResolvePromiseFunction):
2907         (JSC::throwerFunction):
2908         (JSC::createThrowerFunction):
2909         * runtime/JSPromiseFunctions.h: Added.
2910         * runtime/JSPromisePrototype.cpp:
2911         (JSC::JSPromisePrototypeFuncThen):
2912         (JSC::JSPromisePrototypeFuncCatch):
2913         * runtime/JSPromiseReaction.cpp: Added.
2914         (JSC::createExecutePromiseReactionMicroTask):
2915         (JSC::ExecutePromiseReactionMicroTask::run):
2916         (JSC::JSPromiseReaction::create):
2917         (JSC::JSPromiseReaction::JSPromiseReaction):
2918         (JSC::JSPromiseReaction::finishCreation):
2919         (JSC::JSPromiseReaction::visitChildren):
2920         * runtime/JSPromiseReaction.h: Added.
2921         (JSC::JSPromiseReaction::createStructure):
2922         (JSC::JSPromiseReaction::deferred):
2923         (JSC::JSPromiseReaction::handler):
2924         * runtime/JSPromiseResolver.cpp: Removed.
2925         * runtime/JSPromiseResolver.h: Removed.
2926         * runtime/JSPromiseResolverConstructor.cpp: Removed.
2927         * runtime/JSPromiseResolverConstructor.h: Removed.
2928         * runtime/JSPromiseResolverPrototype.cpp: Removed.
2929         * runtime/JSPromiseResolverPrototype.h: Removed.
2930         * runtime/Microtask.h: Added.
2931         * runtime/VM.cpp:
2932         (JSC::VM::VM):
2933         (JSC::VM::~VM):
2934         * runtime/VM.h:
2935
2936 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2937
2938         Add support for StoreBarrier and friends to the FTL
2939         https://bugs.webkit.org/show_bug.cgi?id=126040
2940
2941         Reviewed by Filip Pizlo.
2942
2943         * ftl/FTLAbstractHeapRepository.h:
2944         * ftl/FTLCapabilities.cpp:
2945         (JSC::FTL::canCompile):
2946         * ftl/FTLIntrinsicRepository.h:
2947         * ftl/FTLLowerDFGToLLVM.cpp:
2948         (JSC::FTL::LowerDFGToLLVM::compileNode):
2949         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrier):
2950         (JSC::FTL::LowerDFGToLLVM::compileConditionalStoreBarrier):
2951         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck):
2952         (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
2953         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
2954         * heap/Heap.cpp:
2955         (JSC::Heap::Heap):
2956         * heap/Heap.h:
2957         (JSC::Heap::writeBarrierBuffer):
2958
2959 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2960
2961         Storing new CopiedSpace memory into a JSObject should fire a write barrier
2962         https://bugs.webkit.org/show_bug.cgi?id=126025
2963
2964         Reviewed by Filip Pizlo.
2965
2966         Technically this is creating a pointer between a (potentially) old generation object and a young 
2967         generation chunk of memory, thus there needs to be a barrier.
2968
2969         * JavaScriptCore.xcodeproj/project.pbxproj:
2970         * dfg/DFGOperations.cpp:
2971         * heap/CopyWriteBarrier.h: Added. This class functions similarly to the WriteBarrier class. It 
2972         acts as a proxy for pointers to CopiedSpace. Assignments to the field cause a write barrier to 
2973         fire for the object that is the owner of the CopiedSpace memory. This is to ensure during nursery 
2974         collections that objects with new backing stores are visited, even if they are old generation objects. 
2975         (JSC::CopyWriteBarrier::CopyWriteBarrier):
2976         (JSC::CopyWriteBarrier::operator!):
2977         (JSC::CopyWriteBarrier::operator UnspecifiedBoolType*):
2978         (JSC::CopyWriteBarrier::get):
2979         (JSC::CopyWriteBarrier::operator*):
2980         (JSC::CopyWriteBarrier::operator->):
2981         (JSC::CopyWriteBarrier::set):
2982         (JSC::CopyWriteBarrier::setWithoutWriteBarrier):
2983         (JSC::CopyWriteBarrier::clear):
2984         * heap/Heap.h:
2985         * runtime/JSArray.cpp:
2986         (JSC::JSArray::unshiftCountSlowCase):
2987         (JSC::JSArray::shiftCountWithArrayStorage):
2988         (JSC::JSArray::unshiftCountWithArrayStorage):
2989         * runtime/JSCell.h:
2990         (JSC::JSCell::unvalidatedStructure):
2991         * runtime/JSGenericTypedArrayViewInlines.h:
2992         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
2993         * runtime/JSObject.cpp:
2994         (JSC::JSObject::copyButterfly):
2995         (JSC::JSObject::getOwnPropertySlotByIndex):
2996         (JSC::JSObject::putByIndex):
2997         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
2998         (JSC::JSObject::createInitialIndexedStorage):
2999         (JSC::JSObject::createArrayStorage):
3000         (JSC::JSObject::deletePropertyByIndex):
3001         (JSC::JSObject::getOwnPropertyNames):
3002         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
3003         (JSC::JSObject::countElements):
3004         (JSC::JSObject::increaseVectorLength):
3005         (JSC::JSObject::ensureLengthSlow):
3006         * runtime/JSObject.h:
3007         (JSC::JSObject::butterfly):
3008         (JSC::JSObject::setStructureAndButterfly):
3009         (JSC::JSObject::setButterflyWithoutChangingStructure):
3010         (JSC::JSObject::JSObject):
3011         (JSC::JSObject::putDirectInternal):
3012         (JSC::JSObject::putDirectWithoutTransition):
3013         * runtime/MapData.cpp:
3014         (JSC::MapData::ensureSpaceForAppend):
3015         * runtime/Structure.cpp:
3016         (JSC::Structure::materializePropertyMap):
3017
3018 2013-12-23  Oliver Hunt  <oliver@apple.com>
3019
3020         Refactor PutPropertySlot to be aware of custom properties
3021         https://bugs.webkit.org/show_bug.cgi?id=126187
3022
3023         Reviewed by Antti Koivisto.
3024
3025         Refactor PutPropertySlot, making the constructor take the thisValue
3026         used as a target.  This results in a wide range of boilerplate changes
3027         to pass the new parameter.
3028
3029         * API/JSObjectRef.cpp:
3030         (JSObjectSetProperty):
3031         * dfg/DFGOperations.cpp:
3032         (JSC::DFG::operationPutByValInternal):
3033         * interpreter/Interpreter.cpp:
3034         (JSC::Interpreter::execute):
3035         * jit/JITOperations.cpp:
3036         * llint/LLIntSlowPaths.cpp:
3037         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3038         * runtime/Arguments.cpp:
3039         (JSC::Arguments::putByIndex):
3040         * runtime/ArrayPrototype.cpp:
3041         (JSC::putProperty):
3042         (JSC::arrayProtoFuncPush):
3043         * runtime/JSCJSValue.cpp:
3044         (JSC::JSValue::putToPrimitiveByIndex):
3045         * runtime/JSCell.cpp:
3046         (JSC::JSCell::putByIndex):
3047         * runtime/JSFunction.cpp:
3048         (JSC::JSFunction::put):
3049         * runtime/JSGenericTypedArrayViewInlines.h:
3050         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
3051         * runtime/JSONObject.cpp:
3052         (JSC::Walker::walk):
3053         * runtime/JSObject.cpp:
3054         (JSC::JSObject::putByIndex):
3055         (JSC::JSObject::putDirectNonIndexAccessor):
3056         (JSC::JSObject::deleteProperty):
3057         * runtime/JSObject.h:
3058         (JSC::JSObject::putDirect):
3059         * runtime/Lookup.h:
3060         (JSC::putEntry):
3061         (JSC::lookupPut):
3062         * runtime/PutPropertySlot.h:
3063         (JSC::PutPropertySlot::PutPropertySlot):
3064         (JSC::PutPropertySlot::setCustomProperty):
3065         (JSC::PutPropertySlot::thisValue):
3066         (JSC::PutPropertySlot::isCacheable):
3067
3068 2014-01-01  Filip Pizlo  <fpizlo@apple.com>
3069
3070         Rationalize DFG DCE
3071         https://bugs.webkit.org/show_bug.cgi?id=125523
3072
3073         Reviewed by Mark Hahnenberg.
3074         
3075         Adds the ability to DCE more things. It's now the case that if a node is completely
3076         pure, we clear NodeMustGenerate and the node becomes a DCE candidate.
3077
3078         * dfg/DFGAbstractInterpreterInlines.h:
3079         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3080         * dfg/DFGCSEPhase.cpp:
3081         (JSC::DFG::CSEPhase::performNodeCSE):
3082         * dfg/DFGClobberize.h:
3083         (JSC::DFG::clobberize):
3084         * dfg/DFGDCEPhase.cpp:
3085         (JSC::DFG::DCEPhase::cleanVariables):
3086         * dfg/DFGFixupPhase.cpp:
3087         (JSC::DFG::FixupPhase::fixupNode):
3088         * dfg/DFGGraph.h:
3089         (JSC::DFG::Graph::clobbersWorld):
3090         * dfg/DFGNodeType.h:
3091         * dfg/DFGSpeculativeJIT.cpp:
3092         (JSC::DFG::SpeculativeJIT::compileAdd):
3093         * dfg/DFGSpeculativeJIT.h:
3094         * dfg/DFGSpeculativeJIT32_64.cpp:
3095         (JSC::DFG::SpeculativeJIT::compile):
3096         * dfg/DFGSpeculativeJIT64.cpp:
3097         (JSC::DFG::SpeculativeJIT::compile):
3098         * ftl/FTLLowerDFGToLLVM.cpp:
3099         (JSC::FTL::LowerDFGToLLVM::compileNode):
3100         (JSC::FTL::LowerDFGToLLVM::compileValueAdd):
3101
3102 2014-01-02  Benjamin Poulain  <benjamin@webkit.org>
3103
3104         Attempt to fix the build of WebCore's code generator on CMake based system
3105         https://bugs.webkit.org/show_bug.cgi?id=126271
3106
3107         Reviewed by Sam Weinig.
3108
3109         * CMakeLists.txt:
3110
3111 2013-12-30  Commit Queue  <commit-queue@webkit.org>
3112
3113         Unreviewed, rolling out r161157, r161158, r161160, r161161,
3114         r161163, and r161165.
3115         http://trac.webkit.org/changeset/161157
3116         http://trac.webkit.org/changeset/161158
3117         http://trac.webkit.org/changeset/161160
3118         http://trac.webkit.org/changeset/161161
3119         http://trac.webkit.org/changeset/161163
3120         http://trac.webkit.org/changeset/161165
3121         https://bugs.webkit.org/show_bug.cgi?id=126332
3122
3123         Broke WebKit2 on Mountain Lion (Requested by ap on #webkit).
3124
3125         * heap/BlockAllocator.cpp:
3126         (JSC::BlockAllocator::~BlockAllocator):
3127         (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
3128         (JSC::BlockAllocator::waitForRelativeTime):
3129         (JSC::BlockAllocator::blockFreeingThreadMain):
3130         * heap/BlockAllocator.h:
3131         (JSC::BlockAllocator::deallocate):
3132
3133 2013-12-30  Anders Carlsson  <andersca@apple.com>
3134
3135         Fix build.
3136
3137         * heap/BlockAllocator.h:
3138
3139 2013-12-30  Anders Carlsson  <andersca@apple.com>
3140
3141         Stop using ThreadCondition in BlockAllocator
3142         https://bugs.webkit.org/show_bug.cgi?id=126313
3143
3144         Reviewed by Sam Weinig.
3145
3146         * heap/BlockAllocator.cpp:
3147         (JSC::BlockAllocator::~BlockAllocator):
3148         (JSC::BlockAllocator::waitForDuration):
3149         (JSC::BlockAllocator::blockFreeingThreadMain):
3150         * heap/BlockAllocator.h:
3151         (JSC::BlockAllocator::deallocate):
3152
3153 2013-12-30  Anders Carlsson  <andersca@apple.com>
3154
3155         Stop using ThreadCondition in jsc.cpp
3156         https://bugs.webkit.org/show_bug.cgi?id=126311
3157
3158         Reviewed by Sam Weinig.
3159
3160         * jsc.cpp:
3161         (timeoutThreadMain):
3162         (main):
3163
3164 2013-12-30  Anders Carlsson  <andersca@apple.com>
3165
3166         Replace WTF::ThreadingOnce with std::call_once
3167         https://bugs.webkit.org/show_bug.cgi?id=126215
3168
3169         Reviewed by Sam Weinig.
3170
3171         * dfg/DFGWorklist.cpp:
3172         (JSC::DFG::globalWorklist):
3173         * runtime/InitializeThreading.cpp:
3174         (JSC::initializeThreading):
3175
3176 2013-12-30  Martin Robinson  <mrobinson@igalia.com>
3177
3178         [CMake] [GTK] Add support for GObject introspection
3179         https://bugs.webkit.org/show_bug.cgi?id=126162
3180
3181         Reviewed by Daniel Bates.
3182
3183         * PlatformGTK.cmake: Add the GIR targets.
3184
3185 2013-12-28  Filip Pizlo  <fpizlo@apple.com>
3186
3187         Get rid of DFG forward exiting
3188         https://bugs.webkit.org/show_bug.cgi?id=125531
3189
3190         Reviewed by Oliver Hunt.
3191         
3192         This finally gets rid of forward exiting. Forward exiting was always a fragile concept
3193         since it involved the compiler trying to figure out how to "roll forward" the
3194         execution from some DFG node to the next bytecode index. It was always easy to find
3195         counterexamples where it broke, and it has always served as an obstacle to adding
3196         compiler improvements - the latest being http://webkit.org/b/125523, which tried to
3197         make DCE work for more things.
3198         
3199         This change finishes the work of removing forward exiting. A lot of forward exiting
3200         was already removed in some other bugs, but SetLocal still did forward exits. SetLocal
3201         is in many ways the hardest to remove, since the forward exiting of SetLocal also
3202         implied that any conversion nodes inserted before the SetLocal would then also be
3203         marked as forward-exiting. Hence SetLocal's forward-exiting made a bunch of other
3204         things also forward-exiting, and this was always a source of weirdo bugs.
3205         
3206         SetLocal must be able to exit in case it performs a hoisted type speculation. Nodes
3207         inserted just before SetLocal must also be able to exit - for example type check
3208         hoisting may insert a CheckStructure, or fixup phase may insert something like
3209         Int32ToDouble. But if any of those nodes tried to backward exit, then this could lead
3210         to the reexecution of a side-effecting operation, for example:
3211         
3212             a: Call(...)
3213             b: SetLocal(@a, r1)
3214         
3215         For a long time it seemed like SetLocal *had* to exit forward because of this. But
3216         this change side-steps the problem by changing the ByteCodeParser to always emit a
3217         kind of "two-phase commit" for stores to local variables. Now when the ByteCodeParser
3218         wishes to store to a local, it first emits a MovHint and then enqueues a SetLocal.
3219         The SetLocal isn't actually emitted until the beginning of the next bytecode
3220         instruction (which the exception of op_enter and op_ret, which emit theirs immediately
3221         since it's always safe to reexecute those bytecode instructions and since deferring
3222         SetLocals would be weird there - op_enter has many SetLocals and op_ret is a set
3223         followed by a jump in case of inlining, so we'd have to emit the SetLocal "after" the
3224         jump and that would be awkward). This means that the above IR snippet would look
3225         something like:
3226         
3227             a: Call(..., bc#42)
3228             b: MovHint(@a, r1, bc#42)
3229             c: SetLocal(@a, r1, bc#47)
3230         
3231         Where the SetLocal exits "backwards" but appears at the beginning of the next bytecode
3232         instruction. This means that by the time we get to that SetLocal, the OSR exit
3233         analysis already knows that r1 is associated with @a, and it means that the SetLocal
3234         or anything hoisted above it can exit backwards as normal.
3235         
3236         This change also means that the "forward rewiring" can be killed. Previously, we might
3237         have inserted a conversion node on SetLocal and then the SetLocal died (i.e. turned
3238         into a MovHint) and the conversion node either died completely or had its lifetime
3239         truncated to be less than the actual value's bytecode lifetime. This no longer happens
3240         since conversion nodes are only inserted at SetLocals.
3241         
3242         More precisely, this change introduces two laws that we were basically already
3243         following anyway:
3244         
3245         1) A MovHint's child should never be changed except if all other uses of that child
3246            are also replaced. Specifically, this prohibits insertion of conversion nodes at
3247            MovHints.
3248         
3249         2) Anytime any child is replaced with something else, and all other uses aren't also
3250            replaced, we must insert a Phantom use of the original child.
3251
3252         This is a slight compile-time regression but has no effect on code-gen. It unlocks a
3253         bunch of optimization opportunities so I think it's worth it.
3254
3255         * bytecode/CodeBlock.cpp:
3256         (JSC::CodeBlock::dumpAssumingJITType):
3257         * bytecode/CodeBlock.h:
3258         (JSC::CodeBlock::instructionCount):
3259         * dfg/DFGAbstractInterpreterInlines.h:
3260         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3261         * dfg/DFGArgumentsSimplificationPhase.cpp:
3262         (JSC::DFG::ArgumentsSimplificationPhase::run):
3263         * dfg/DFGArrayifySlowPathGenerator.h:
3264         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
3265         * dfg/DFGBackwardsPropagationPhase.cpp:
3266         (JSC::DFG::BackwardsPropagationPhase::propagate):
3267         * dfg/DFGByteCodeParser.cpp:
3268         (JSC::DFG::ByteCodeParser::setDirect):
3269         (JSC::DFG::ByteCodeParser::DelayedSetLocal::DelayedSetLocal):
3270         (JSC::DFG::ByteCodeParser::DelayedSetLocal::execute):
3271         (JSC::DFG::ByteCodeParser::handleInlining):
3272         (JSC::DFG::ByteCodeParser::parseBlock):
3273         * dfg/DFGCSEPhase.cpp:
3274         (JSC::DFG::CSEPhase::eliminate):
3275         * dfg/DFGClobberize.h:
3276         (JSC::DFG::clobberize):
3277         * dfg/DFGCommon.h:
3278         * dfg/DFGConstantFoldingPhase.cpp:
3279         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3280         * dfg/DFGDCEPhase.cpp:
3281         (JSC::DFG::DCEPhase::run):
3282         (JSC::DFG::DCEPhase::fixupBlock):
3283         (JSC::DFG::DCEPhase::cleanVariables):
3284         * dfg/DFGFixupPhase.cpp:
3285         (JSC::DFG::FixupPhase::fixupNode):
3286         (JSC::DFG::FixupPhase::fixEdge):
3287         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
3288         * dfg/DFGLICMPhase.cpp:
3289         (JSC::DFG::LICMPhase::run):
3290         (JSC::DFG::LICMPhase::attemptHoist):
3291         * dfg/DFGMinifiedNode.cpp:
3292         (JSC::DFG::MinifiedNode::fromNode):
3293         * dfg/DFGMinifiedNode.h:
3294         (JSC::DFG::belongsInMinifiedGraph):
3295         (JSC::DFG::MinifiedNode::constantNumber):
3296         (JSC::DFG::MinifiedNode::weakConstant):
3297         * dfg/DFGNode.cpp:
3298         (JSC::DFG::Node::hasVariableAccessData):
3299         * dfg/DFGNode.h:
3300         (JSC::DFG::Node::convertToPhantom):
3301         (JSC::DFG::Node::convertToPhantomUnchecked):
3302         (JSC::DFG::Node::convertToIdentity):
3303         (JSC::DFG::Node::containsMovHint):
3304         (JSC::DFG::Node::hasUnlinkedLocal):
3305         (JSC::DFG::Node::willHaveCodeGenOrOSR):
3306         * dfg/DFGNodeFlags.cpp:
3307         (JSC::DFG::dumpNodeFlags):
3308         * dfg/DFGNodeFlags.h:
3309         * dfg/DFGNodeType.h:
3310         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
3311         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
3312         * dfg/DFGOSREntrypointCreationPhase.cpp:
3313         (JSC::DFG::OSREntrypointCreationPhase::run):
3314         * dfg/DFGOSRExit.cpp:
3315         * dfg/DFGOSRExit.h:
3316         * dfg/DFGOSRExitBase.cpp:
3317         * dfg/DFGOSRExitBase.h:
3318         (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
3319         * dfg/DFGPredictionPropagationPhase.cpp:
3320         (JSC::DFG::PredictionPropagationPhase::propagate):
3321         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
3322         * dfg/DFGSSAConversionPhase.cpp:
3323         (JSC::DFG::SSAConversionPhase::run):
3324         * dfg/DFGSafeToExecute.h:
3325         (JSC::DFG::safeToExecute):
3326         * dfg/DFGSpeculativeJIT.cpp:
3327         (JSC::DFG::SpeculativeJIT::speculationCheck):
3328         (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
3329         (JSC::DFG::SpeculativeJIT::typeCheck):
3330         (JSC::DFG::SpeculativeJIT::compileMovHint):
3331         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
3332         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
3333         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
3334         * dfg/DFGSpeculativeJIT.h:
3335         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
3336         (JSC::DFG::SpeculativeJIT::needsTypeCheck):
3337         * dfg/DFGSpeculativeJIT32_64.cpp:
3338         (JSC::DFG::SpeculativeJIT::compile):
3339         * dfg/DFGSpeculativeJIT64.cpp:
3340         (JSC::DFG::SpeculativeJIT::compile):
3341         * dfg/DFGTypeCheckHoistingPhase.cpp:
3342         (JSC::DFG::TypeCheckHoistingPhase::run):
3343         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
3344         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
3345         * dfg/DFGValidate.cpp:
3346         (JSC::DFG::Validate::validateCPS):
3347         * dfg/DFGVariableAccessData.h:
3348         (JSC::DFG::VariableAccessData::VariableAccessData):
3349         * dfg/DFGVariableEventStream.cpp:
3350         (JSC::DFG::VariableEventStream::reconstruct):
3351         * ftl/FTLCapabilities.cpp:
3352         (JSC::FTL::canCompile):
3353         * ftl/FTLLowerDFGToLLVM.cpp:
3354         (JSC::FTL::LowerDFGToLLVM::compileNode):
3355         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
3356         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
3357         (JSC::FTL::LowerDFGToLLVM::compileMovHint):
3358         (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
3359         (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
3360         (JSC::FTL::LowerDFGToLLVM::speculate):
3361         (JSC::FTL::LowerDFGToLLVM::typeCheck):
3362         (JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
3363         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
3364         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
3365         * ftl/FTLOSRExit.cpp:
3366         * ftl/FTLOSRExit.h:
3367         * tests/stress/dead-int32-to-double.js: Added.
3368         (foo):
3369         * tests/stress/dead-uint32-to-number.js: Added.
3370         (foo):
3371
3372 2013-12-25  Commit Queue  <commit-queue@webkit.org>
3373
3374         Unreviewed, rolling out r161033 and r161074.
3375         http://trac.webkit.org/changeset/161033
3376         http://trac.webkit.org/changeset/161074
3377         https://bugs.webkit.org/show_bug.cgi?id=126240
3378
3379         Oliver says that a rollout would be better (Requested by ap on
3380         #webkit).
3381
3382         * API/JSObjectRef.cpp:
3383         (JSObjectSetProperty):
3384         * dfg/DFGOperations.cpp:
3385         (JSC::DFG::operationPutByValInternal):
3386         * interpreter/Interpreter.cpp:
3387         (JSC::Interpreter::execute):
3388         * jit/JITOperations.cpp:
3389         * llint/LLIntSlowPaths.cpp:
3390         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3391         * runtime/Arguments.cpp:
3392         (JSC::Arguments::putByIndex):
3393         * runtime/ArrayPrototype.cpp:
3394         (JSC::putProperty):
3395         (JSC::arrayProtoFuncPush):
3396         * runtime/JSCJSValue.cpp:
3397         (JSC::JSValue::putToPrimitiveByIndex):
3398         * runtime/JSCell.cpp:
3399         (JSC::JSCell::putByIndex):
3400         * runtime/JSFunction.cpp:
3401         (JSC::JSFunction::put):
3402         * runtime/JSGenericTypedArrayViewInlines.h:
3403         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
3404         * runtime/JSONObject.cpp:
3405         (JSC::Walker::walk):
3406         * runtime/JSObject.cpp: