JSC Parser: Shrink BindingNode.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-01-19  Andreas Kling  <akling@apple.com>
2
3         JSC Parser: Shrink BindingNode.
4         <https://webkit.org/b/127253>
5
6         The "divot" and "end" source locations are always identical for
7         BindingNodes, so store only "start" and "end" instead.
8
9         1.19 MB progression on Membuster3.
10
11         Reviewed by Geoff Garen.
12
13         * bytecompiler/NodesCodegen.cpp:
14         (JSC::BindingNode::bindValue):
15         * parser/ASTBuilder.h:
16         (JSC::ASTBuilder::createBindingLocation):
17         * parser/NodeConstructors.h:
18         (JSC::BindingNode::create):
19         (JSC::BindingNode::BindingNode):
20         * parser/Nodes.h:
21         (JSC::BindingNode::divotStart):
22         (JSC::BindingNode::divotEnd):
23         * parser/Parser.cpp:
24         (JSC::Parser<LexerType>::createBindingPattern):
25         * parser/SyntaxChecker.h:
26         (JSC::SyntaxChecker::operatorStackPop):
27
28 2014-01-20  Filip Pizlo  <fpizlo@apple.com>
29
30         op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
31         https://bugs.webkit.org/show_bug.cgi?id=127311
32         <rdar://problem/15853958>
33
34         Reviewed by Andreas Kling.
35         
36         This makes UnlinkedCodeBlocks use 32-bit instruction streams again.
37
38         * bytecode/CodeBlock.cpp:
39         (JSC::CodeBlock::CodeBlock):
40         * bytecode/UnlinkedCodeBlock.h:
41         (JSC::UnlinkedInstruction::UnlinkedInstruction):
42         * bytecompiler/BytecodeGenerator.cpp:
43         (JSC::BytecodeGenerator::addVar):
44         (JSC::BytecodeGenerator::emitInitLazyRegister):
45         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
46         * bytecompiler/BytecodeGenerator.h:
47         (JSC::BytecodeGenerator::watchableVariable):
48         (JSC::BytecodeGenerator::hasWatchableVariable):
49
50 2014-01-20  Mark Lam  <mark.lam@apple.com>
51
52         Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
53         <https://webkit.org/b/127321>
54
55         Reviewed by Geoffrey Garen.
56
57         We're changing plans and will be going with CodeBlock level breakpoints
58         instead of bytecode level breakpoints. As a result, we no longer need
59         the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
60         friends). This patch will remove that unused code.
61
62         * GNUmakefile.list.am:
63         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
64         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
65         * JavaScriptCore.xcodeproj/project.pbxproj:
66         * bytecode/CodeBlock.cpp:
67         * bytecode/CodeBlock.h:
68         * bytecode/LineColumnInfo.h: Removed.
69         * bytecode/UnlinkedCodeBlock.cpp:
70         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
71         * bytecode/UnlinkedCodeBlock.h:
72
73 2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>
74
75         CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
76         https://bugs.webkit.org/show_bug.cgi?id=127301
77
78         Reviewed by Oliver Hunt.
79
80         We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
81         on the ownerExecutable, which is unnecessary. 
82
83         * heap/CodeBlockSet.cpp:
84         (JSC::CodeBlockSet::traceMarked):
85
86 2014-01-20  Anders Carlsson  <andersca@apple.com>
87
88         Fix build.
89
90         * heap/BlockAllocator.h:
91
92 2014-01-20  Anders Carlsson  <andersca@apple.com>
93
94         Stop using ThreadCondition in BlockAllocator
95         https://bugs.webkit.org/show_bug.cgi?id=126313
96
97         Reviewed by Sam Weinig.
98
99         * heap/BlockAllocator.cpp:
100         (JSC::BlockAllocator::~BlockAllocator):
101         (JSC::BlockAllocator::waitForDuration):
102         (JSC::BlockAllocator::blockFreeingThreadMain):
103         * heap/BlockAllocator.h:
104         (JSC::BlockAllocator::deallocate):
105
106 2014-01-19  Anders Carlsson  <andersca@apple.com>
107
108         Convert GCThreadSharedData over to STL threading primitives
109         https://bugs.webkit.org/show_bug.cgi?id=127256
110
111         Reviewed by Andreas Kling.
112
113         * heap/GCThread.cpp:
114         (JSC::GCThread::waitForNextPhase):
115         (JSC::GCThread::gcThreadMain):
116         * heap/GCThreadSharedData.cpp:
117         (JSC::GCThreadSharedData::GCThreadSharedData):
118         (JSC::GCThreadSharedData::~GCThreadSharedData):
119         (JSC::GCThreadSharedData::startNextPhase):
120         (JSC::GCThreadSharedData::endCurrentPhase):
121         (JSC::GCThreadSharedData::didStartMarking):
122         (JSC::GCThreadSharedData::didFinishMarking):
123         * heap/GCThreadSharedData.h:
124         * heap/SlotVisitor.cpp:
125         (JSC::SlotVisitor::donateKnownParallel):
126         (JSC::SlotVisitor::drainFromShared):
127
128 2014-01-18  Andreas Kling  <akling@apple.com>
129
130         CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
131         <https://webkit.org/b/127239>
132
133         Reviewed by Anders Carlsson.
134
135         * bytecode/CodeBlock.h:
136         (JSC::CodeBlock::setNumberOfByValInfos):
137         (JSC::CodeBlock::setNumberOfCallLinkInfos):
138
139             Use resizeToFit() instead of grow() for these vectors, since
140             we know the final size here.
141
142         * bytecode/CodeBlock.cpp:
143         (JSC::CodeBlock::shrinkToFit):
144
145             No need to shrink here anymore. We were not even shrinking
146             m_byValInfo before!
147
148 2014-01-18  Andreas Kling  <akling@apple.com>
149
150         CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
151         <https://webkit.org/b/127238>
152
153         Reviewed by Anders Carlsson.
154
155         * bytecode/CodeBlock.cpp:
156         (JSC::CodeBlock::CodeBlock):
157
158             Use resizeToFit() instead of grow() for m_functionExprs and
159             m_functionDecls since we know they will never change size.
160
161         (JSC::CodeBlock::shrinkToFit):
162
163             No need to shrink them here anymore.
164
165 2014-01-18  Andreas Kling  <akling@apple.com>
166
167         Remove unused CodeBlock::m_additionalIdentifiers member.
168         <https://webkit.org/b/127237>
169
170         Reviewed by Anders Carlsson.
171
172         * bytecode/CodeBlock.h:
173         * bytecode/CodeBlock.cpp:
174         (JSC::CodeBlock::CodeBlock):
175         (JSC::CodeBlock::shrinkToFit):
176
177             Remove m_additionalIdentifiers, nothing uses it.
178
179 2014-01-18  Andreas Kling  <akling@apple.com>
180
181         Remove two unused CodeBlock functions.
182         <https://webkit.org/b/127235>
183
184         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
185         since they are not used.
186
187         Reviewed by Anders Carlsson.
188
189         * bytecode/CodeBlock.cpp:
190         * bytecode/CodeBlock.h:
191
192 2014-01-18  Andreas Kling  <akling@apple.com>
193
194         CodeBlock: Size m_exceptionHandlers to fit from creation.
195         <https://webkit.org/b/127234>
196
197         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
198
199         Reviewed by Anders Carlsson.
200
201         * bytecode/CodeBlock.h:
202
203             Removed unused CodeBlock::allocateHandlers() function.
204
205         * bytecode/CodeBlock.cpp:
206         (JSC::CodeBlock::CodeBlock):
207
208             Use resizeToFit() instead of grow() for m_exceptionHandlers
209             since we know it's never going to change size.
210
211         (JSC::CodeBlock::shrinkToFit):
212
213             No need to shrink m_exceptionHandlers here since it's already
214             the perfect size.
215
216 2014-01-18  Mark Lam  <mark.lam@apple.com>
217
218         Add a hasBreakpointFlag arg to the op_debug bytecode.
219         https://bugs.webkit.org/show_bug.cgi?id=127230.
220
221         Reviewed by Geoffrey Garen.
222
223         This is in anticipation of upcoming changes to support bytecode level
224         breakpoints. This patch adds the flag to the op_debug bytecode and
225         initializes it, but does not use it yet.
226
227         * bytecode/Opcode.h:
228         (JSC::padOpcodeName):
229         * bytecompiler/BytecodeGenerator.cpp:
230         (JSC::BytecodeGenerator::emitDebugHook):
231         * llint/LowLevelInterpreter.asm:
232
233 2014-01-18  Alberto Garcia  <berto@igalia.com>
234
235         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
236         https://bugs.webkit.org/show_bug.cgi?id=99683
237
238         Reviewed by Anders Carlsson.
239
240         * jit/ThunkGenerators.cpp:
241         * tools/CodeProfile.cpp:
242         (JSC::symbolName):
243         (JSC::CodeProfile::sample):
244
245 2014-01-18  Anders Carlsson  <andersca@apple.com>
246
247         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
248         https://bugs.webkit.org/show_bug.cgi?id=127225
249
250         Reviewed by Andreas Kling.
251
252         This concludes the removal of over 8.8 million lines of threaded parser code.
253
254         * Configurations/FeatureDefines.xcconfig:
255
256 2014-01-18  Mark Lam  <mark.lam@apple.com>
257
258         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
259         https://bugs.webkit.org/show_bug.cgi?id=127127.
260
261         Reviewed by Geoffrey Garen.
262
263         In order to implement bytecode level breakpoints, we need a mechanism
264         for computing the best fit op_debug bytecode offset for any valid given
265         line and column value in the source. The "best fit" op_debug bytecode
266         in this case is defined below in the comment for
267         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
268
269         * GNUmakefile.list.am:
270         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
271         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
272         * JavaScriptCore.xcodeproj/project.pbxproj:
273         * bytecode/CodeBlock.cpp:
274         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
275         - Convert the line and column to unlinked line and column values and
276           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
277           to do the real work.
278
279         * bytecode/CodeBlock.h:
280         * bytecode/LineColumnInfo.h: Added.
281         (JSC::LineColumnInfo::operator <):
282         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
283         (JSC::LineColumnInfo::operator ==):
284         (JSC::LineColumnInfo::operator !=):
285         (JSC::LineColumnInfo::operator <=):
286         (JSC::LineColumnInfo::operator >):
287         (JSC::LineColumnInfo::operator >=):
288         * bytecode/LineInfo.h: Removed.
289
290         * bytecode/UnlinkedCodeBlock.cpp:
291         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
292         - Factored this out of expressionRangeForBytecodeOffset() so that it can
293           be called from multiple places.
294         (JSC::dumpLineColumnEntry):
295         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
296         (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
297         - Some dumpers for debugging use only.
298         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
299         (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
300         - Finds the earliest op_debug bytecode whose line and column matches the
301           specified line and column values. If an exact match is not found, then
302           finds the nearest op_debug bytecode that precedes the specified line
303           and column values. If there are more than one op_debug at that preceding
304           line and column value, then the earliest of those op_debug bytecodes will
305           be be selected. The offset of the selected bytecode will be returned.
306
307           We want the earliest one because when we have multiple op_debug bytecodes
308           that map to a given line and column, a debugger user would expect to break
309           on the first one and step through the rest thereafter if needed.
310
311         (JSC::compareLineColumnInfo):
312         (JSC::UnlinkedCodeBlock::opDebugLineColumnInfoList):
313         - Creates the sorted opDebugLineColumnInfoList on demand. This list is
314           stored in the UnlinkedCodeBlock's rareData.
315         * bytecode/UnlinkedCodeBlock.h:
316
317 2014-01-18  Zan Dobersek  <zdobersek@igalia.com>
318
319         Inspector scripts are not compatible with Python v3
320         https://bugs.webkit.org/show_bug.cgi?id=127128
321
322         Reviewed by Benjamin Poulain.
323
324         * inspector/scripts/generate-combined-inspector-json.py: Turn print statements into print function calls.
325         * inspector/scripts/jsmin.py: Try importing the StringIO class from the StringIO module (which will work for
326         Python v2) or, on import error, import the class from the io module (which will work for Python v3).
327
328 2014-01-17  Anders Carlsson  <andersca@apple.com>
329
330         String::is8Bit() crashes if m_impl is null, handle this.
331
332         * API/OpaqueJSString.h:
333         (OpaqueJSString::OpaqueJSString):
334
335 2014-01-17  Anders Carlsson  <andersca@apple.com>
336
337         Try to fix the Windows build.
338
339         * API/OpaqueJSString.cpp:
340         (OpaqueJSString::~OpaqueJSString):
341         (OpaqueJSString::characters):
342         * API/OpaqueJSString.h:
343         (OpaqueJSString::OpaqueJSString):
344
345 2014-01-17  Anders Carlsson  <andersca@apple.com>
346
347         Get rid of OpaqueJSString::deprecatedCharacters()
348         https://bugs.webkit.org/show_bug.cgi?id=127161
349
350         Reviewed by Sam Weinig.
351
352         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
353         code paths for the 8-bit cases.
354         
355         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
356         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
357         is called and the backing string is 8-bit.
358         
359         This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
360         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
361         causing an unsafe upconversion to a 16-bit string).
362
363         * API/JSStringRef.cpp:
364         (JSStringGetCharactersPtr):
365         Call OpaqueJSString::characters.
366
367         (JSStringGetUTF8CString):
368         Add a code path that handles 8-bit strings.
369
370         (JSStringIsEqual):
371         Call OpaqueJSString::equal.
372
373         * API/JSStringRefCF.cpp:
374         (JSStringCreateWithCFString):
375         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
376
377         (JSStringCopyCFString):
378         Create an 8-bit CFStringRef if possible.
379
380         * API/OpaqueJSString.cpp:
381         (OpaqueJSString::create):
382         Use nullptr.
383
384         (OpaqueJSString::~OpaqueJSString):
385         Free m_characters.
386
387         (OpaqueJSString::characters):
388         Do the up-conversion and store the result in m_characters.
389
390         (OpaqueJSString::equal):
391         New helper function.
392
393         * API/OpaqueJSString.h:
394         (OpaqueJSString::is8Bit):
395         New function that returns whether a string is 8-bit or not.
396
397         (OpaqueJSString::characters8):
398         (OpaqueJSString::characters16):
399         Add getters.
400
401 2014-01-17  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
402
403         Remove workaround for compilers not supporting deleted functions
404         https://bugs.webkit.org/show_bug.cgi?id=127166
405
406         Reviewed by Andreas Kling.
407
408         * inspector/InspectorAgentRegistry.h:
409
410 2014-01-17  Commit Queue  <commit-queue@webkit.org>
411
412         Unreviewed, rolling out r162185, r162186, and r162187.
413         http://trac.webkit.org/changeset/162185
414         http://trac.webkit.org/changeset/162186
415         http://trac.webkit.org/changeset/162187
416         https://bugs.webkit.org/show_bug.cgi?id=127164
417
418         Broke JSStringCreateWithCharactersNoCopy, as evidenced by a
419         JSC API test (Requested by ap on #webkit).
420
421         * API/JSStringRef.cpp:
422         (JSStringGetCharactersPtr):
423         (JSStringGetUTF8CString):
424         (JSStringIsEqual):
425         * API/JSStringRefCF.cpp:
426         (JSStringCreateWithCFString):
427         (JSStringCopyCFString):
428         * API/OpaqueJSString.cpp:
429         (OpaqueJSString::create):
430         (OpaqueJSString::identifier):
431         * API/OpaqueJSString.h:
432         (OpaqueJSString::create):
433         (OpaqueJSString::characters):
434         (OpaqueJSString::deprecatedCharacters):
435         (OpaqueJSString::OpaqueJSString):
436
437 2014-01-16  Anders Carlsson  <andersca@apple.com>
438
439         Export OpaqueJSString destructor.
440
441         * API/OpaqueJSString.h:
442
443 2014-01-16  Anders Carlsson  <andersca@apple.com>
444
445         Build fix.
446
447         * API/OpaqueJSString.h:
448
449 2014-01-16  Anders Carlsson  <andersca@apple.com>
450
451         Get rid of OpaqueJSString::deprecatedCharacters()
452         https://bugs.webkit.org/show_bug.cgi?id=127161
453
454         Reviewed by Sam Weinig.
455
456         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
457         code paths for the 8-bit cases.
458         
459         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
460         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
461         is called. This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
462         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
463         causing an unsafe upconversion to a 16-bit string).
464
465         * API/JSStringRef.cpp:
466         (JSStringGetCharactersPtr):
467         Call OpaqueJSString::characters.
468
469         (JSStringGetUTF8CString):
470         Add a code path that handles 8-bit strings.
471
472         (JSStringIsEqual):
473         Call OpaqueJSString::equal.
474
475         * API/JSStringRefCF.cpp:
476         (JSStringCreateWithCFString):
477         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
478
479         (JSStringCopyCFString):
480         Create an 8-bit CFStringRef if possible.
481
482         * API/OpaqueJSString.cpp:
483         (OpaqueJSString::create):
484         Use nullptr.
485
486         (OpaqueJSString::~OpaqueJSString):
487         Free m_characters.
488
489         (OpaqueJSString::characters):
490         Do the up-conversion and store the result in m_characters.
491
492         (OpaqueJSString::equal):
493         New helper function.
494
495         * API/OpaqueJSString.h:
496         (OpaqueJSString::is8Bit):
497         New function that returns whether a string is 8-bit or not.
498
499         (OpaqueJSString::characters8):
500         (OpaqueJSString::characters16):
501         Add getters.
502
503 2014-01-16  Anders Carlsson  <andersca@apple.com>
504
505         Change all uses of FINAL to final now that all our compilers support it
506         https://bugs.webkit.org/show_bug.cgi?id=127142
507
508         Reviewed by Benjamin Poulain.
509
510         * inspector/JSGlobalObjectInspectorController.h:
511         * inspector/agents/InspectorAgent.h:
512         * inspector/remote/RemoteInspector.h:
513         * inspector/remote/RemoteInspectorDebuggableConnection.h:
514         * inspector/scripts/CodeGeneratorInspector.py:
515         (Generator.go):
516         * runtime/JSGlobalObjectDebuggable.h:
517         * runtime/JSPromiseReaction.cpp:
518
519 2014-01-16  Oliver Hunt  <oliver@apple.com>
520
521         throwing an objc object (or general binding object) triggers an assertion
522         https://bugs.webkit.org/show_bug.cgi?id=127146
523
524         Reviewed by Alexey Proskuryakov.
525
526         This is simply a bogus assertion as we can't guarantee a bindings object
527         won't intercept assignment to .stack
528
529         * interpreter/Interpreter.cpp:
530         (JSC::Interpreter::unwind):
531
532 2014-01-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
533
534         Remove workaround for compilers not supporting explicit override control
535         https://bugs.webkit.org/show_bug.cgi?id=127111
536
537         Reviewed by Anders Carlsson.
538
539         Now all compilers support explicit override control, this workaround can be removed.
540
541         * API/JSAPIWrapperObject.mm:
542         * API/JSCallbackObject.h:
543         * API/JSManagedValue.mm:
544         * API/JSScriptRef.cpp:
545         * bytecode/CodeBlock.h:
546         * bytecode/CodeBlockJettisoningWatchpoint.h:
547         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
548         * bytecode/StructureStubClearingWatchpoint.h:
549         * dfg/DFGArrayifySlowPathGenerator.h:
550         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
551         * dfg/DFGFailedFinalizer.h:
552         * dfg/DFGJITCode.h:
553         * dfg/DFGJITFinalizer.h:
554         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
555         * dfg/DFGSlowPathGenerator.h:
556         * dfg/DFGSpeculativeJIT64.cpp:
557         * heap/Heap.h:
558         * heap/IncrementalSweeper.h:
559         * heap/SuperRegion.h:
560         * inspector/InspectorValues.h:
561         * inspector/JSGlobalObjectInspectorController.h:
562         * inspector/agents/InspectorAgent.h:
563         * inspector/remote/RemoteInspector.h:
564         * inspector/remote/RemoteInspectorDebuggableConnection.h:
565         * inspector/scripts/CodeGeneratorInspector.py:
566         (Generator.go):
567         * jit/ClosureCallStubRoutine.h:
568         * jit/ExecutableAllocatorFixedVMPool.cpp:
569         * jit/GCAwareJITStubRoutine.h:
570         * jit/JITCode.h:
571         * jit/JITToDFGDeferredCompilationCallback.h:
572         * parser/Nodes.h:
573         * parser/SourceProvider.h:
574         * runtime/DataView.h:
575         * runtime/GCActivityCallback.h:
576         * runtime/GenericTypedArrayView.h:
577         * runtime/JSGlobalObjectDebuggable.h:
578         * runtime/JSPromiseReaction.cpp:
579         * runtime/RegExpCache.h:
580         * runtime/SimpleTypedArrayController.h:
581         * runtime/SymbolTable.h:
582         * runtime/WeakMapData.h:
583
584 2014-01-15  Joseph Pecoraro  <pecoraro@apple.com>
585
586         [iOS] Clean up REMOTE_INSPECTOR code in OpenSource after the iOS merge
587         https://bugs.webkit.org/show_bug.cgi?id=127069
588
589         Reviewed by Timothy Hatcher.
590
591         * JavaScriptCore.xcodeproj/project.pbxproj:
592         Export XPCConnection because it is needed by RemoteInspector.h.
593
594         * inspector/remote/RemoteInspectorXPCConnection.h:
595         * inspector/remote/RemoteInspector.h:
596         * inspector/remote/RemoteInspector.mm:
597         (Inspector::RemoteInspector::startDisabled):
598         (Inspector::RemoteInspector::shared):
599         Allow RemoteInspector singleton to start disabled.
600
601 2014-01-15  Brian Burg  <bburg@apple.com>
602
603         Web Inspector: capture probe samples on the backend
604         https://bugs.webkit.org/show_bug.cgi?id=126668
605
606         Reviewed by Joseph Pecoraro.
607
608         Add the 'probe' breakpoint action to the protocol. Change the setBreakpoint
609         commands to return a list of assigned breakpoint action identifiers
610         Add a type for breakpoint action identifiers. Add an event for sending
611         captured probe samples to the inspector frontend.
612
613         * inspector/protocol/Debugger.json:
614
615 2014-01-10  Mark Hahnenberg  <mhahnenberg@apple.com>
616
617         Copying should be generational
618         https://bugs.webkit.org/show_bug.cgi?id=126555
619
620         Reviewed by Geoffrey Garen.
621
622         This patch adds support for copying to our generational collector. Eden collections 
623         always trigger copying. Full collections use our normal fragmentation-based heuristics.
624
625         The way this works is that the CopiedSpace now has the notion of an old generation set of CopiedBlocks
626         and a new generation of CopiedBlocks. During each mutator cycle new CopiedSpace allocations reside
627         in the new generation. When a collection occurs, those blocks are moved to the old generation.
628
629         One key thing to remember is that both new and old generation objects in the MarkedSpace can
630         refer to old or new generation allocations in CopiedSpace. This is why we must fire write barriers 
631         when assigning to an old (MarkedSpace) object's Butterfly.
632
633         * heap/CopiedAllocator.h:
634         (JSC::CopiedAllocator::tryAllocateDuringCopying):
635         * heap/CopiedBlock.h:
636         (JSC::CopiedBlock::CopiedBlock):
637         (JSC::CopiedBlock::didEvacuateBytes):
638         (JSC::CopiedBlock::isOld):
639         (JSC::CopiedBlock::didPromote):
640         * heap/CopiedBlockInlines.h:
641         (JSC::CopiedBlock::reportLiveBytes):
642         (JSC::CopiedBlock::reportLiveBytesDuringCopying):
643         * heap/CopiedSpace.cpp:
644         (JSC::CopiedSpace::CopiedSpace):
645         (JSC::CopiedSpace::~CopiedSpace):
646         (JSC::CopiedSpace::init):
647         (JSC::CopiedSpace::tryAllocateOversize):
648         (JSC::CopiedSpace::tryReallocateOversize):
649         (JSC::CopiedSpace::doneFillingBlock):
650         (JSC::CopiedSpace::didStartFullCollection):
651         (JSC::CopiedSpace::doneCopying):
652         (JSC::CopiedSpace::size):
653         (JSC::CopiedSpace::capacity):
654         (JSC::CopiedSpace::isPagedOut):
655         * heap/CopiedSpace.h:
656         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
657         * heap/CopiedSpaceInlines.h:
658         (JSC::CopiedSpace::contains):
659         (JSC::CopiedSpace::recycleEvacuatedBlock):
660         (JSC::CopiedSpace::allocateBlock):
661         (JSC::CopiedSpace::startedCopying):
662         * heap/CopyVisitor.cpp:
663         (JSC::CopyVisitor::copyFromShared):
664         * heap/CopyVisitorInlines.h:
665         (JSC::CopyVisitor::allocateNewSpace):
666         (JSC::CopyVisitor::allocateNewSpaceSlow):
667         * heap/GCThreadSharedData.cpp:
668         (JSC::GCThreadSharedData::didStartCopying):
669         * heap/Heap.cpp:
670         (JSC::Heap::copyBackingStores):
671         * heap/SlotVisitorInlines.h:
672         (JSC::SlotVisitor::copyLater):
673         * heap/TinyBloomFilter.h:
674         (JSC::TinyBloomFilter::add):
675
676 2014-01-14  Mark Lam  <mark.lam@apple.com>
677
678         ASSERTION FAILED: !hasError() in JSC::Parser<LexerType>::createSavePoint().
679         https://bugs.webkit.org/show_bug.cgi?id=126990.
680
681         Reviewed by Geoffrey Garen.
682
683         * parser/Parser.cpp:
684         (JSC::Parser<LexerType>::parseConstDeclarationList):
685         - We were missing an error check after attempting to parse an initializer
686           expression. This is now fixed.
687
688 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
689
690         Web Inspector: For Remote Inspection link WebProcess's to their parent UIProcess
691         https://bugs.webkit.org/show_bug.cgi?id=126995
692
693         Reviewed by Timothy Hatcher.
694
695         * inspector/remote/RemoteInspector.mm:
696         (Inspector::RemoteInspector::listingForDebuggable):
697         For each WebView, list the parent process. Listing the parent per WebView
698         is already supported back when we supported processes that could host WebViews
699         for multiple applications.
700
701         * inspector/remote/RemoteInspectorConstants.h:
702         Add a separate key for the bundle identifier, separate from application identifier.
703
704         * inspector/remote/RemoteInspectorDebuggable.cpp:
705         (Inspector::RemoteInspectorDebuggable::info):
706         * inspector/remote/RemoteInspectorDebuggable.h:
707         (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
708         (Inspector::RemoteInspectorDebuggableInfo::hasParentProcess):
709         If a RemoteInspectorDebuggable has a non-zero parent process identifier
710         it is a proxy for the parent process.
711
712 2014-01-14  Brian J. Burg  <burg@cs.washington.edu>
713
714         Add ENABLE(WEB_REPLAY) feature flag to the build system
715         https://bugs.webkit.org/show_bug.cgi?id=126949
716
717         Reviewed by Joseph Pecoraro.
718
719         * Configurations/FeatureDefines.xcconfig:
720
721 2014-01-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
722
723         [EFL] FTL buildfix, add missing includes
724         https://bugs.webkit.org/show_bug.cgi?id=126641
725
726         Reviewed by Csaba Osztrogonác.
727
728         * ftl/FTLOSREntry.cpp:
729         * ftl/FTLOSRExitCompiler.cpp:
730
731 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
732
733         Web Inspector: RemoteInspector::updateDebuggable may miss a push
734         https://bugs.webkit.org/show_bug.cgi?id=126965
735
736         Reviewed by Timothy Hatcher.
737
738         * inspector/remote/RemoteInspector.mm:
739         (Inspector::RemoteInspector::updateDebuggable):
740         Always push an update. If a debuggable went from allowed to
741         not allowed, we would have missed pushing an update.
742
743 2014-01-13  Mark Hahnenberg  <mhahnenberg@apple.com>
744
745         Performance regression on dromaeo due to generational marking
746         https://bugs.webkit.org/show_bug.cgi?id=126901
747
748         Reviewed by Oliver Hunt.
749
750         We were seeing some performance regression with ENABLE_GGC == 0, so this patch
751         ifdefs out more things to get rid of the additional overhead.
752
753         * heap/Heap.cpp:
754         (JSC::Heap::markRoots):
755         (JSC::Heap::writeBarrier):
756         * heap/MarkedBlock.cpp:
757         (JSC::MarkedBlock::clearMarks):
758         (JSC::MarkedBlock::clearMarksWithCollectionType):
759         * heap/MarkedSpace.cpp:
760         (JSC::MarkedSpace::resetAllocators):
761         * heap/MarkedSpace.h:
762         (JSC::MarkedSpace::didAllocateInBlock):
763         * heap/SlotVisitorInlines.h:
764         (JSC::SlotVisitor::internalAppend):
765         (JSC::SlotVisitor::reportExtraMemoryUsage):
766
767 2014-01-13  Brian Burg  <bburg@apple.com>
768
769         Web Inspector: protocol generator should support integer-typed declarations
770         https://bugs.webkit.org/show_bug.cgi?id=126828
771
772         Reviewed by Joseph Pecoraro.
773
774         Add new binding classes for parameter/ad-hoc and normal integer type declarations.
775
776         * inspector/scripts/CodeGeneratorInspector.py:
777         (TypeBindings.create_type_declaration_):
778         (TypeBindings.create_type_declaration_.PlainInteger):
779         (TypeBindings.create_type_declaration_.PlainInteger.resolve_inner):
780         (TypeBindings.create_type_declaration_.PlainInteger.request_user_runtime_cast):
781         (TypeBindings.create_type_declaration_.PlainInteger.request_internal_runtime_cast):
782         (TypeBindings.create_type_declaration_.PlainInteger.get_code_generator):
783         (TypeBindings.create_type_declaration_.PlainInteger.get_validator_call_text):
784         (TypeBindings.create_type_declaration_.PlainInteger.reduce_to_raw_type):
785         (TypeBindings.create_type_declaration_.PlainInteger.get_type_model):
786         (TypeBindings.create_type_declaration_.PlainInteger.get_setter_value_expression_pattern):
787         (TypeBindings.create_type_declaration_.PlainInteger.get_array_item_c_type_text):
788         (TypeBindings.create_type_declaration_.TypedefInteger):
789         (TypeBindings.create_type_declaration_.TypedefInteger.resolve_inner):
790         (TypeBindings.create_type_declaration_.TypedefInteger.request_user_runtime_cast):
791         (TypeBindings.create_type_declaration_.TypedefInteger.request_internal_runtime_cast):
792         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator):
793         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator):
794         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder):
795         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder.int):
796         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.register_use):
797         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.get_generate_pass_id):
798         (TypeBindings.create_type_declaration_.TypedefInteger.get_validator_call_text):
799         (TypeBindings.create_type_declaration_.TypedefInteger.reduce_to_raw_type):
800         (TypeBindings.create_type_declaration_.TypedefInteger.get_type_model):
801         (TypeBindings.create_type_declaration_.TypedefInteger.get_setter_value_expression_pattern):
802         (TypeBindings.create_type_declaration_.TypedefInteger.get_array_item_c_type_text):
803
804 2014-01-13  Zalan Bujtas  <zalan@apple.com>
805
806         Enable SUBPIXEL_LAYOUT on Mac
807         <https://webkit.org/b/126283>
808
809         Reviewed by Simon Fraser.
810
811         * Configurations/FeatureDefines.xcconfig:
812
813 2014-01-13  Zan Dobersek  <zdobersek@igalia.com>
814
815         Unreviewed. Changes in r161686 are exposing a bug in GCC where the global .cfi_startproc directive
816         is not inserted early enough into the generated assembler code when building in debug mode, causing
817         compilation failures on ports using the GCC compilers. To work around the problem, only utilize the
818         OFFLINE_ASM_* macros that use .cfi_ directives when compiling with Clang.
819
820         * llint/LowLevelInterpreter.cpp:
821
822 2014-01-12  Commit Queue  <commit-queue@webkit.org>
823
824         Unreviewed, rolling out r161840.
825         http://trac.webkit.org/changeset/161840
826         https://bugs.webkit.org/show_bug.cgi?id=126870
827
828         Caused jsscore and layout test failures (Requested by smfr on
829         #webkit).
830
831         * API/JSValueRef.cpp:
832         (JSValueMakeFromJSONString):
833         * bindings/ScriptValue.cpp:
834         (Deprecated::jsToInspectorValue):
835         * inspector/InspectorValues.cpp:
836         * runtime/DatePrototype.cpp:
837         (JSC::formatLocaleDate):
838         * runtime/Identifier.h:
839         (JSC::Identifier::characters):
840         * runtime/JSStringBuilder.h:
841         (JSC::JSStringBuilder::append):
842
843 2014-01-12  Darin Adler  <darin@apple.com>
844
845         Add deprecatedCharacters as a synonym for characters and convert most call sites
846         https://bugs.webkit.org/show_bug.cgi?id=126858
847
848         Reviewed by Anders Carlsson.
849
850         * API/JSStringRef.cpp:
851         (JSStringGetCharactersPtr):
852         (JSStringGetUTF8CString):
853         (JSStringIsEqual):
854         * API/JSStringRefCF.cpp:
855         (JSStringCopyCFString):
856         * API/OpaqueJSString.h:
857         (OpaqueJSString::characters):
858         (OpaqueJSString::deprecatedCharacters):
859         (OpaqueJSString::length):
860         (OpaqueJSString::OpaqueJSString):
861         * inspector/InspectorValues.cpp:
862         (Inspector::InspectorValue::parseJSON):
863         * runtime/JSGlobalObjectFunctions.cpp:
864         (JSC::parseInt):
865         * runtime/StringPrototype.cpp:
866         (JSC::localeCompare):
867         (JSC::stringProtoFuncFontsize):
868         (JSC::stringProtoFuncLink):
869         Use deprecatedCharacters instead of characters.
870
871 2014-01-12  Darin Adler  <darin@apple.com>
872
873         Reduce use of String::characters
874         https://bugs.webkit.org/show_bug.cgi?id=126854
875
876         Reviewed by Sam Weinig.
877
878         * API/JSValueRef.cpp:
879         (JSValueMakeFromJSONString): Use characters16 instead of characters for 16-bit case.
880         Had to remove length check because an empty string could be either 8 bit or 16 bit.
881         Don't need a null string check before calling is8Bit because JSStringRef can't hold
882         a null string.
883
884         * bindings/ScriptValue.cpp:
885         (Deprecated::jsToInspectorValue): Use the existing string here instead of creating
886         a new one by calling characters and length on the old string. I think this may be
887         left over from when string types were not the same in JavaScriptCore and WebCore.
888         Also rewrite the property names loop to use modern for syntax and fewer locals.
889
890         * inspector/InspectorValues.cpp:
891         (Inspector::escapeChar): Changed to use appendLiteral instead of hard-coding string
892         lengths. Moved handling of "<" and ">" in here instead of at the call site.
893         (Inspector::doubleQuoteString): Simplify the code so there is no use of characters
894         and length. This is still an inefficient way of doing this job and could use a rethink.
895
896         * runtime/DatePrototype.cpp:
897         (JSC::formatLocaleDate): Use RetainPtr, createCFString, and the conversion from
898         CFStringRef to WTF::String to remove a lot of unneeded code.
899
900         * runtime/Identifier.h: Removed unneeded Identifier::characters function.
901
902         * runtime/JSStringBuilder.h:
903         (JSC::JSStringBuilder::append): Use characters16 instead of characters function here,
904         since we have already checked is8Bit above.
905
906 2014-01-12  Andy Estes  <aestes@apple.com>
907
908         [iOS] Enable the JSC Objective-C API
909
910         Rubber-stamped by Simon Fraser.
911
912         * API/JSBase.h:
913
914 2014-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>
915
916         Unreviewed. Fix make distcheck.
917
918         * GNUmakefile.am: Add inline-and-minify-stylesheets-and-scripts.py
919         to EXTRA_DIST and fix InjectedScriptSource.h generation rule.
920         * GNUmakefile.list.am: Move InjectedScriptSource.h to
921         built_nosources to make sure it's not disted.
922
923 2014-01-11  Anders Carlsson  <andersca@apple.com>
924
925         Try again to fix the build.
926
927         * inspector/InspectorAgentRegistry.cpp:
928         * inspector/InspectorAgentRegistry.h:
929
930 2014-01-11  Anders Carlsson  <andersca@apple.com>
931
932         Try to prevent the Vector copy constructor from being instantiated.
933
934         * inspector/InspectorAgentRegistry.cpp:
935         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
936         * inspector/InspectorAgentRegistry.h:
937
938 2014-01-11  Anders Carlsson  <andersca@apple.com>
939
940         Try something else.
941
942         * inspector/InspectorAgentRegistry.cpp:
943         (Inspector::InspectorAgentRegistry::~InspectorAgentRegistry):
944         * inspector/InspectorAgentRegistry.h:
945
946 2014-01-11  Dean Jackson  <dino@apple.com>
947
948         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
949         https://bugs.webkit.org/show_bug.cgi?id=126754
950
951         Reviewed by Filip Pizlo.
952
953         The ECMAScript specification forbids calling the typed array
954         constructors without using "new". Change the call data to return
955         none so we throw and exception in these cases.
956
957         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
958         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
959
960 2014-01-11  Anders Carlsson  <andersca@apple.com>
961
962         Try to fix the build by introducing a constructor.
963
964         * inspector/InspectorAgentRegistry.cpp:
965         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
966         * inspector/InspectorAgentRegistry.h:
967
968 2014-01-11  Anders Carlsson  <andersca@apple.com>
969
970         * inspector/InspectorAgentRegistry.h:
971
972         Remove an unused function.
973
974 2014-01-11  Anders Carlsson  <andersca@apple.com>
975
976         InspectorAgentRegistry should use std::unique_ptr
977         https://bugs.webkit.org/show_bug.cgi?id=126826
978
979         Reviewed by Sam Weinig.
980
981         * inspector/InspectorAgentRegistry.cpp:
982         (Inspector::InspectorAgentRegistry::append):
983         * inspector/InspectorAgentRegistry.h:
984         * inspector/JSGlobalObjectInspectorController.cpp:
985         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
986         * inspector/agents/InspectorAgent.h:
987
988 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
989
990         Web Inspector: Push InspectorAgent down into JSC, give JSC an InspectorController
991         https://bugs.webkit.org/show_bug.cgi?id=126763
992
993         Reviewed by Timothy Hatcher.
994
995         Introduce JSGlobalObjectInspectorController. This is the InspectorController
996         for a JSContext. It is created by the JSGlobalObject Remote Inspector Debuggable
997         when a remote frontend connects, and is destroyed when the remote frontend
998         disconnects of the JSGlobalObject is destroyed.
999
1000         * inspector/JSGlobalObjectInspectorController.h: Added.
1001         * inspector/JSGlobalObjectInspectorController.cpp: Added.
1002         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1003         (Inspector::JSGlobalObjectInspectorController::~JSGlobalObjectInspectorController):
1004         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
1005         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
1006         (Inspector::JSGlobalObjectInspectorController::dispatchMessageFromFrontend):
1007         (Inspector::JSGlobalObjectInspectorController::functionCallHandler):
1008         (Inspector::JSGlobalObjectInspectorController::evaluateHandler):
1009         Create/destory agents, create/destroy dispatches, implement InspectorEnvironment.
1010
1011         * runtime/JSGlobalObjectDebuggable.h:
1012         * runtime/JSGlobalObjectDebuggable.cpp:
1013         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
1014         (JSC::JSGlobalObjectDebuggable::connect):
1015         (JSC::JSGlobalObjectDebuggable::disconnect):
1016         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
1017         Forward actions to the InspectorController object.
1018
1019         * inspector/agents/InspectorAgent.h: Renamed from Source/WebCore/inspector/InspectorAgent.h.
1020         * inspector/agents/InspectorAgent.cpp: Renamed from Source/WebCore/inspector/InspectorAgent.cpp.
1021         (Inspector::InspectorAgent::InspectorAgent):
1022         (Inspector::InspectorAgent::~InspectorAgent):
1023         (Inspector::InspectorAgent::didCreateFrontendAndBackend):
1024         (Inspector::InspectorAgent::inspect):
1025         (Inspector::InspectorAgent::evaluateForTestInFrontend):
1026         Implement InspectorAgent in JavaScriptCore in namespace Inspector.
1027
1028         * JavaScriptCore.xcodeproj/project.pbxproj:
1029         * CMakeLists.txt:
1030         * ChangeLog:
1031         * GNUmakefile.am:
1032         * GNUmakefile.list.am:
1033         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1034         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1035         * JavaScriptCore.vcxproj/copy-files.cmd:
1036         Add files and new inspector/agents subdirectory.
1037
1038 2014-01-10  Commit Queue  <commit-queue@webkit.org>
1039
1040         Unreviewed, rolling out r161702.
1041         http://trac.webkit.org/changeset/161702
1042         https://bugs.webkit.org/show_bug.cgi?id=126803
1043
1044         Broke multiple tests (Requested by ap on #webkit).
1045
1046         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1047         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
1048
1049 2014-01-10  David Kilzer  <ddkilzer@apple.com>
1050
1051         Clean up architectures in xcconfig files
1052         <http://webkit.org/b/126794>
1053
1054         Reviewed by Andy Estes.
1055
1056         * Configurations/Base.xcconfig:
1057         * Configurations/JavaScriptCore.xcconfig: Remove armv6, ppc.
1058         * Configurations/ToolExecutable.xcconfig: Sort.
1059         - Add new arch.
1060
1061 2014-01-10  Dean Jackson  <dino@apple.com>
1062
1063         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
1064         https://bugs.webkit.org/show_bug.cgi?id=126754
1065
1066         Reviewed by Filip Pizlo.
1067
1068         The ECMAScript specification forbids calling the typed array
1069         constructors without using "new". Change the call data to return
1070         none so we throw and exception in these cases.
1071
1072         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
1073         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
1074
1075 2014-01-10  Benjamin Poulain  <bpoulain@apple.com>
1076
1077         Remove the BlackBerry port from trunk
1078         https://bugs.webkit.org/show_bug.cgi?id=126715
1079
1080         Reviewed by Anders Carlsson.
1081
1082         * assembler/ARMAssembler.h:
1083         (JSC::ARMAssembler::cacheFlush):
1084         * assembler/ARMv7Assembler.h:
1085         (JSC::ARMv7Assembler::replaceWithJump):
1086         (JSC::ARMv7Assembler::maxJumpReplacementSize):
1087         (JSC::ARMv7Assembler::cacheFlush):
1088         * assembler/MacroAssemblerARMv7.h:
1089         (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
1090         * heap/MachineStackMarker.cpp:
1091         (JSC::getPlatformThreadRegisters):
1092         (JSC::otherThreadStackPointer):
1093         (JSC::freePlatformThreadRegisters):
1094         * jit/ExecutableAllocator.h:
1095
1096 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
1097
1098         Web Inspector: Remove unimplemented or static ScriptDebugServer features
1099         https://bugs.webkit.org/show_bug.cgi?id=126784
1100
1101         Reviewed by Timothy Hatcher.
1102
1103         * inspector/protocol/Debugger.json:
1104
1105 2014-01-10  Michael Saboff  <msaboff@apple.com>
1106
1107         REGRESSION(C stack work): stack traces no longer work in CrashTracer, lldb, and other tools
1108         https://bugs.webkit.org/show_bug.cgi?id=126764
1109
1110         Reviewed by Geoffrey Garen.
1111
1112         Updated callToJavaScript and cllToNativeFunction to properly replicate the caller's
1113         return PC and frame pointer in the sentinel frame.  For X86-64, added .cfi_
1114         directives to create eh_frame info for all LLInt symbols so that the various
1115         unwinding code understands that we are using a separate JS stack referenced
1116         by BP and at what offsets in that frame the prior PC (register 16) and prior
1117         BP (register 6) can be found.  These two changes are sufficient for stack tracing
1118         to work for Mac OSX.
1119
1120         * llint/LowLevelInterpreter.cpp:
1121         * llint/LowLevelInterpreter64.asm:
1122
1123 2014-01-10  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
1124
1125         [EFL][JSC] Enable udis86 disassembler on efl.
1126         https://bugs.webkit.org/show_bug.cgi?id=125502
1127
1128         Reviewed by Michael Saboff.
1129
1130         Enable udis86 disassembler on efl and fix build warnings.
1131
1132         * CMakeLists.txt:
1133           Add udis86 disassembler source files.
1134         * disassembler/udis86/udis86_decode.c:
1135         (decode_modrm_rm):
1136           Build warning fixes.
1137         * disassembler/udis86/udis86_syn-att.c:
1138         (gen_operand):
1139           Build warning fixes.
1140         * disassembler/udis86/udis86_syn-intel.c:
1141         (gen_operand):
1142           Build warning fixes.
1143         * disassembler/udis86/udis86_types.h:
1144           Correct FMT64 for uint64_t.
1145
1146 2014-01-09  Benjamin Poulain  <bpoulain@apple.com>
1147
1148         Remove the BlackBerry files outside WebCore
1149         https://bugs.webkit.org/show_bug.cgi?id=126715
1150
1151         Reviewed by Anders Carlsson.
1152
1153         * PlatformBlackBerry.cmake: Removed.
1154         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
1155         * shell/PlatformBlackBerry.cmake: Removed.
1156
1157 2014-01-10  Geoffrey Garen  <ggaren@apple.com>
1158
1159         Removed Blackberry #ifdefs and platform code from JavaScriptCore
1160         https://bugs.webkit.org/show_bug.cgi?id=126757
1161
1162         Reviewed by Sam Weinig.
1163
1164         * PlatformBlackBerry.cmake: Removed.
1165         * heap/HeapTimer.cpp:
1166         * heap/HeapTimer.h:
1167         * heap/IncrementalSweeper.cpp:
1168         * heap/IncrementalSweeper.h:
1169         * jsc.cpp:
1170         (main):
1171         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
1172         * runtime/MemoryStatistics.cpp:
1173         (JSC::globalMemoryStatistics):
1174
1175 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1176
1177         Marking should be generational
1178         https://bugs.webkit.org/show_bug.cgi?id=126552
1179
1180         Reviewed by Geoffrey Garen.
1181
1182         Re-marking the same objects over and over is a waste of effort. This patch implements 
1183         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
1184         overhead during garbage collection caused by rescanning objects.
1185
1186         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
1187         only visit new objects or objects that were added to the remembered set by a write barrier.
1188         FullCollections are normal collections that visit all objects regardless of their 
1189         generation.
1190
1191         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1192         https://bugs.webkit.org/show_bug.cgi?id=126555.
1193
1194         * bytecode/CodeBlock.cpp:
1195         (JSC::CodeBlock::visitAggregate):
1196         * bytecode/CodeBlock.h:
1197         (JSC::CodeBlockSet::mark):
1198         * dfg/DFGOperations.cpp:
1199         * heap/CodeBlockSet.cpp:
1200         (JSC::CodeBlockSet::add):
1201         (JSC::CodeBlockSet::traceMarked):
1202         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1203         * heap/CodeBlockSet.h:
1204         * heap/CopiedBlockInlines.h:
1205         (JSC::CopiedBlock::reportLiveBytes):
1206         * heap/CopiedSpace.cpp:
1207         (JSC::CopiedSpace::didStartFullCollection):
1208         * heap/CopiedSpace.h:
1209         (JSC::CopiedSpace::heap):
1210         * heap/Heap.cpp:
1211         (JSC::Heap::Heap):
1212         (JSC::Heap::didAbandon):
1213         (JSC::Heap::markRoots):
1214         (JSC::Heap::copyBackingStores):
1215         (JSC::Heap::addToRememberedSet):
1216         (JSC::Heap::collectAllGarbage):
1217         (JSC::Heap::collect):
1218         (JSC::Heap::didAllocate):
1219         (JSC::Heap::writeBarrier):
1220         * heap/Heap.h:
1221         (JSC::Heap::isInRememberedSet):
1222         (JSC::Heap::operationInProgress):
1223         (JSC::Heap::shouldCollect):
1224         (JSC::Heap::isCollecting):
1225         (JSC::Heap::isWriteBarrierEnabled):
1226         (JSC::Heap::writeBarrier):
1227         * heap/HeapOperation.h:
1228         * heap/MarkStack.cpp:
1229         (JSC::MarkStackArray::~MarkStackArray):
1230         (JSC::MarkStackArray::clear):
1231         (JSC::MarkStackArray::fillVector):
1232         * heap/MarkStack.h:
1233         * heap/MarkedAllocator.cpp:
1234         (JSC::isListPagedOut):
1235         (JSC::MarkedAllocator::isPagedOut):
1236         (JSC::MarkedAllocator::tryAllocateHelper):
1237         (JSC::MarkedAllocator::addBlock):
1238         (JSC::MarkedAllocator::removeBlock):
1239         (JSC::MarkedAllocator::reset):
1240         * heap/MarkedAllocator.h:
1241         (JSC::MarkedAllocator::MarkedAllocator):
1242         * heap/MarkedBlock.cpp:
1243         (JSC::MarkedBlock::clearMarks):
1244         (JSC::MarkedBlock::clearRememberedSet):
1245         (JSC::MarkedBlock::clearMarksWithCollectionType):
1246         (JSC::MarkedBlock::lastChanceToFinalize):
1247         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1248         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1249         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1250         (JSC::MarkedBlock::setRemembered):
1251         (JSC::MarkedBlock::clearRemembered):
1252         (JSC::MarkedBlock::atomicClearRemembered):
1253         (JSC::MarkedBlock::isRemembered):
1254         * heap/MarkedSpace.cpp:
1255         (JSC::MarkedSpace::~MarkedSpace):
1256         (JSC::MarkedSpace::resetAllocators):
1257         (JSC::MarkedSpace::visitWeakSets):
1258         (JSC::MarkedSpace::reapWeakSets):
1259         (JSC::VerifyMarked::operator()):
1260         (JSC::MarkedSpace::clearMarks):
1261         * heap/MarkedSpace.h:
1262         (JSC::ClearMarks::operator()):
1263         (JSC::ClearRememberedSet::operator()):
1264         (JSC::MarkedSpace::didAllocateInBlock):
1265         (JSC::MarkedSpace::clearRememberedSet):
1266         * heap/SlotVisitor.cpp:
1267         (JSC::SlotVisitor::~SlotVisitor):
1268         (JSC::SlotVisitor::clearMarkStack):
1269         * heap/SlotVisitor.h:
1270         (JSC::SlotVisitor::markStack):
1271         (JSC::SlotVisitor::sharedData):
1272         * heap/SlotVisitorInlines.h:
1273         (JSC::SlotVisitor::internalAppend):
1274         (JSC::SlotVisitor::unconditionallyAppend):
1275         (JSC::SlotVisitor::copyLater):
1276         (JSC::SlotVisitor::reportExtraMemoryUsage):
1277         (JSC::SlotVisitor::heap):
1278         * jit/Repatch.cpp:
1279         * runtime/JSGenericTypedArrayViewInlines.h:
1280         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1281         * runtime/JSPropertyNameIterator.h:
1282         (JSC::StructureRareData::setEnumerationCache):
1283         * runtime/JSString.cpp:
1284         (JSC::JSString::visitChildren):
1285         * runtime/StructureRareDataInlines.h:
1286         (JSC::StructureRareData::setPreviousID):
1287         (JSC::StructureRareData::setObjectToStringValue):
1288         * runtime/WeakMapData.cpp:
1289         (JSC::WeakMapData::visitChildren):
1290
1291 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1292
1293         Unreviewed Windows build fix for r161563.
1294
1295         Copy all scripts, some may not be .py.
1296
1297         * JavaScriptCore.vcxproj/copy-files.cmd:
1298
1299 2014-01-09  Filip Pizlo  <fpizlo@apple.com>
1300
1301         AI for CreateArguments should pass through non-SpecEmpty input values
1302         https://bugs.webkit.org/show_bug.cgi?id=126709
1303
1304         Reviewed by Mark Hahnenberg.
1305
1306         * dfg/DFGAbstractInterpreterInlines.h:
1307         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1308         * tests/stress/use-arguments-as-object-pointer.js: Added.
1309         (foo):
1310
1311 2014-01-09  Mark Hahnenberg  <mhahnenberg@apple.com>
1312
1313         Constructors for Objective-C classes do not work properly with instanceof
1314         https://bugs.webkit.org/show_bug.cgi?id=126670
1315
1316         Reviewed by Oliver Hunt.
1317
1318         This bug is due to the fact that the JS constructors created for Objective-C classes via the JSC 
1319         API inherit from JSCallbackObject, which overrides hasInstance with its own customHasInstance. 
1320         JSCallbackObject::customHasInstance only checks the JSClassRefs for hasInstance callbacks. 
1321         If it doesn't find any callbacks, it returns false.
1322
1323         This patch adds a hasInstance callback to constructors created for Objective-C wrapper classes.
1324
1325         * API/JSWrapperMap.mm:
1326         (constructorHasInstance):
1327         (constructorWithCustomBrand):
1328         (allocateConstructorForCustomClass):
1329         * API/tests/testapi.mm:
1330
1331 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1332
1333         Web Inspector: Move InjectedScript classes into JavaScriptCore
1334         https://bugs.webkit.org/show_bug.cgi?id=126598
1335
1336         Reviewed by Timothy Hatcher.
1337
1338         Part 5: Move InjectedScript classes into JavaScriptCore
1339
1340         There are pieces of logic that WebCore wants to hook into in the InjectedScript
1341         execution (e.g. for CommandLineAPIModule and InspectorInstrumentation). Create
1342         hooks for those in a base class called InspectorEnvironment. For now, the
1343         InspectorControllers (Page, JSGlobalObject, Worker) will be the InspectorEnvironments
1344         and provide answers to its hooks.
1345
1346         * inspector/InspectorEnvironment.h: Added.
1347         New hooks needed by WebCore in various places. Mostly stubbed in JavaScriptCore.
1348
1349         * inspector/InjectedScript.cpp: Renamed from Source/WebCore/inspector/InjectedScript.cpp.
1350         * inspector/InjectedScript.h: Added.
1351         * inspector/InjectedScriptBase.cpp: Renamed from Source/WebCore/inspector/InjectedScriptBase.cpp.
1352         * inspector/InjectedScriptBase.h: Renamed from Source/WebCore/inspector/InjectedScriptBase.h.
1353         * inspector/InjectedScriptModule.cpp: Renamed from Source/WebCore/inspector/InjectedScriptModule.cpp.
1354         * inspector/InjectedScriptModule.h: Renamed from Source/WebCore/inspector/InjectedScriptModule.h.
1355         Cleanup the style of these files (nullptr, formatting, whitespace, etc).
1356         Use the InspectorEnvironments call/evaluate function for ScriptFunctionCalls and checking access
1357
1358         * inspector/InjectedScriptManager.cpp: Renamed from Source/WebCore/inspector/InjectedScriptManager.cpp.
1359         * inspector/InjectedScriptManager.h: Renamed from Source/WebCore/inspector/InjectedScriptManager.h.
1360         Take an InspectorEnvironment with multiple hooks, instead of a single hook function.
1361
1362         * inspector/InjectedScriptHost.cpp: Added.
1363         * inspector/InjectedScriptHost.h: Added.
1364         * inspector/JSInjectedScriptHost.cpp: Renamed from Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp.
1365         * inspector/JSInjectedScriptHost.h: Added.
1366         * inspector/JSInjectedScriptHostPrototype.cpp: Added.
1367         * inspector/JSInjectedScriptHostPrototype.h: Added.
1368         Implementation of InjectedScriptHost which is passed into the script (InjectedScriptSource.js)
1369         that we inject into the page. This is mostly copied from the original autogenerated code,
1370         then simplified and cleaned up. InjectedScriptHost can be subclasses to provide specialized
1371         implementations of isHTMLAllCollection and type for Web/DOM types unknown to a pure JS context.
1372
1373
1374         Part 4: Move all inspector scripts into JavaScriptCore and update generators.
1375
1376         For OS X be sure to export the scripts as if they are private headers.
1377
1378         * GNUmakefile.am:
1379         * JavaScriptCore.xcodeproj/project.pbxproj:
1380         * inspector/scripts/cssmin.py: Renamed from Source/WebCore/inspector/Scripts/cssmin.py.
1381         * inspector/scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/WebCore/inspector/Scripts/inline-and-minify-stylesheets-and-scripts.py.
1382         * inspector/scripts/jsmin.py: Renamed from Source/WebCore/inspector/Scripts/jsmin.py.
1383         * inspector/scripts/xxd.pl: Renamed from Source/WebCore/inspector/xxd.pl.
1384
1385
1386         Part 3: Update CodeGeneratorInspector to avoid inlining virtual destructors.
1387
1388         This avoids build errors about duplicate exported virtual inlined methods
1389         are included from multiple places. Just put empty destructors in the
1390         implementation file instead of inlined.
1391
1392         * inspector/scripts/CodeGeneratorInspector.py:
1393         (Generator):
1394         (Generator.go):
1395         * inspector/scripts/CodeGeneratorInspectorStrings.py:
1396
1397
1398         Part 2: Move InjectedScriptSource and generation into JavaScriptCore.
1399
1400         Move InjectedScriptSource.js and derived sources generation.
1401
1402         * CMakeLists.txt:
1403         * DerivedSources.make:
1404         * GNUmakefile.am:
1405         * GNUmakefile.list.am:
1406         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1407         * JavaScriptCore.xcodeproj/project.pbxproj:
1408         * inspector/InjectedScriptSource.js: Renamed from Source/WebCore/inspector/InjectedScriptSource.js.
1409
1410 2014-01-09  Balazs Kilvady  <kilvadyb@homejinni.com>
1411
1412         Regression: failing RegExp tests on 32 bit architectures.
1413         https://bugs.webkit.org/show_bug.cgi?id=126699
1414
1415         Reviewed by Michael Saboff.
1416
1417         Fix setRegExpConstructor functions for 32 bit architectures.
1418
1419         * runtime/RegExpConstructor.cpp:
1420         (JSC::setRegExpConstructorInput):
1421         (JSC::setRegExpConstructorMultiline):
1422
1423 2014-01-09  Commit Queue  <commit-queue@webkit.org>
1424
1425         Unreviewed, rolling out r161540.
1426         http://trac.webkit.org/changeset/161540
1427         https://bugs.webkit.org/show_bug.cgi?id=126704
1428
1429         Caused assertion failures on multiple tests (Requested by ap
1430         on #webkit).
1431
1432         * bytecode/CodeBlock.cpp:
1433         (JSC::CodeBlock::visitAggregate):
1434         * bytecode/CodeBlock.h:
1435         (JSC::CodeBlockSet::mark):
1436         * dfg/DFGOperations.cpp:
1437         * heap/CodeBlockSet.cpp:
1438         (JSC::CodeBlockSet::add):
1439         (JSC::CodeBlockSet::traceMarked):
1440         * heap/CodeBlockSet.h:
1441         * heap/CopiedBlockInlines.h:
1442         (JSC::CopiedBlock::reportLiveBytes):
1443         * heap/CopiedSpace.cpp:
1444         * heap/CopiedSpace.h:
1445         * heap/Heap.cpp:
1446         (JSC::Heap::Heap):
1447         (JSC::Heap::didAbandon):
1448         (JSC::Heap::markRoots):
1449         (JSC::Heap::copyBackingStores):
1450         (JSC::Heap::collectAllGarbage):
1451         (JSC::Heap::collect):
1452         (JSC::Heap::didAllocate):
1453         * heap/Heap.h:
1454         (JSC::Heap::shouldCollect):
1455         (JSC::Heap::isCollecting):
1456         (JSC::Heap::isWriteBarrierEnabled):
1457         (JSC::Heap::writeBarrier):
1458         * heap/HeapOperation.h:
1459         * heap/MarkStack.cpp:
1460         (JSC::MarkStackArray::~MarkStackArray):
1461         * heap/MarkStack.h:
1462         * heap/MarkedAllocator.cpp:
1463         (JSC::MarkedAllocator::isPagedOut):
1464         (JSC::MarkedAllocator::tryAllocateHelper):
1465         (JSC::MarkedAllocator::addBlock):
1466         (JSC::MarkedAllocator::removeBlock):
1467         * heap/MarkedAllocator.h:
1468         (JSC::MarkedAllocator::MarkedAllocator):
1469         (JSC::MarkedAllocator::reset):
1470         * heap/MarkedBlock.cpp:
1471         * heap/MarkedBlock.h:
1472         (JSC::MarkedBlock::lastChanceToFinalize):
1473         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1474         (JSC::MarkedBlock::clearMarks):
1475         * heap/MarkedSpace.cpp:
1476         (JSC::MarkedSpace::~MarkedSpace):
1477         (JSC::MarkedSpace::resetAllocators):
1478         (JSC::MarkedSpace::visitWeakSets):
1479         (JSC::MarkedSpace::reapWeakSets):
1480         * heap/MarkedSpace.h:
1481         (JSC::ClearMarks::operator()):
1482         (JSC::MarkedSpace::clearMarks):
1483         * heap/SlotVisitor.cpp:
1484         (JSC::SlotVisitor::~SlotVisitor):
1485         * heap/SlotVisitor.h:
1486         (JSC::SlotVisitor::sharedData):
1487         * heap/SlotVisitorInlines.h:
1488         (JSC::SlotVisitor::internalAppend):
1489         (JSC::SlotVisitor::copyLater):
1490         (JSC::SlotVisitor::reportExtraMemoryUsage):
1491         * jit/Repatch.cpp:
1492         * runtime/JSGenericTypedArrayViewInlines.h:
1493         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1494         * runtime/JSPropertyNameIterator.h:
1495         (JSC::StructureRareData::setEnumerationCache):
1496         * runtime/JSString.cpp:
1497         (JSC::JSString::visitChildren):
1498         * runtime/StructureRareDataInlines.h:
1499         (JSC::StructureRareData::setPreviousID):
1500         (JSC::StructureRareData::setObjectToStringValue):
1501         * runtime/WeakMapData.cpp:
1502         (JSC::WeakMapData::visitChildren):
1503
1504 2014-01-09  Andreas Kling  <akling@apple.com>
1505
1506         Shrink WatchpointSet.
1507         <https://webkit.org/b/126694>
1508
1509         Reorder the members of WatchpointSet, shrinking it by 8 bytes.
1510         767 kB progression on Membuster3.
1511
1512         Reviewed by Antti Koivisto.
1513
1514         * bytecode/Watchpoint.h:
1515
1516 2014-01-08  Mark Hahnenberg  <mhahnenberg@apple.com>
1517
1518         Reverting accidental GC logging
1519
1520         * heap/Heap.cpp:
1521
1522 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1523
1524         Marking should be generational
1525         https://bugs.webkit.org/show_bug.cgi?id=126552
1526
1527         Reviewed by Geoffrey Garen.
1528
1529         Re-marking the same objects over and over is a waste of effort. This patch implements 
1530         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
1531         overhead during garbage collection caused by rescanning objects.
1532
1533         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
1534         only visit new objects or objects that were added to the remembered set by a write barrier.
1535         FullCollections are normal collections that visit all objects regardless of their 
1536         generation.
1537
1538         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1539         https://bugs.webkit.org/show_bug.cgi?id=126555.
1540
1541         * bytecode/CodeBlock.cpp:
1542         (JSC::CodeBlock::visitAggregate):
1543         * bytecode/CodeBlock.h:
1544         (JSC::CodeBlockSet::mark):
1545         * dfg/DFGOperations.cpp:
1546         * heap/CodeBlockSet.cpp:
1547         (JSC::CodeBlockSet::add):
1548         (JSC::CodeBlockSet::traceMarked):
1549         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1550         * heap/CodeBlockSet.h:
1551         * heap/CopiedBlockInlines.h:
1552         (JSC::CopiedBlock::reportLiveBytes):
1553         * heap/CopiedSpace.cpp:
1554         (JSC::CopiedSpace::didStartFullCollection):
1555         * heap/CopiedSpace.h:
1556         (JSC::CopiedSpace::heap):
1557         * heap/Heap.cpp:
1558         (JSC::Heap::Heap):
1559         (JSC::Heap::didAbandon):
1560         (JSC::Heap::markRoots):
1561         (JSC::Heap::copyBackingStores):
1562         (JSC::Heap::addToRememberedSet):
1563         (JSC::Heap::collectAllGarbage):
1564         (JSC::Heap::collect):
1565         (JSC::Heap::didAllocate):
1566         (JSC::Heap::writeBarrier):
1567         * heap/Heap.h:
1568         (JSC::Heap::isInRememberedSet):
1569         (JSC::Heap::operationInProgress):
1570         (JSC::Heap::shouldCollect):
1571         (JSC::Heap::isCollecting):
1572         (JSC::Heap::isWriteBarrierEnabled):
1573         (JSC::Heap::writeBarrier):
1574         * heap/HeapOperation.h:
1575         * heap/MarkStack.cpp:
1576         (JSC::MarkStackArray::~MarkStackArray):
1577         (JSC::MarkStackArray::clear):
1578         (JSC::MarkStackArray::fillVector):
1579         * heap/MarkStack.h:
1580         * heap/MarkedAllocator.cpp:
1581         (JSC::isListPagedOut):
1582         (JSC::MarkedAllocator::isPagedOut):
1583         (JSC::MarkedAllocator::tryAllocateHelper):
1584         (JSC::MarkedAllocator::addBlock):
1585         (JSC::MarkedAllocator::removeBlock):
1586         (JSC::MarkedAllocator::reset):
1587         * heap/MarkedAllocator.h:
1588         (JSC::MarkedAllocator::MarkedAllocator):
1589         * heap/MarkedBlock.cpp:
1590         (JSC::MarkedBlock::clearMarks):
1591         (JSC::MarkedBlock::clearRememberedSet):
1592         (JSC::MarkedBlock::clearMarksWithCollectionType):
1593         (JSC::MarkedBlock::lastChanceToFinalize):
1594         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1595         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1596         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1597         (JSC::MarkedBlock::setRemembered):
1598         (JSC::MarkedBlock::clearRemembered):
1599         (JSC::MarkedBlock::atomicClearRemembered):
1600         (JSC::MarkedBlock::isRemembered):
1601         * heap/MarkedSpace.cpp:
1602         (JSC::MarkedSpace::~MarkedSpace):
1603         (JSC::MarkedSpace::resetAllocators):
1604         (JSC::MarkedSpace::visitWeakSets):
1605         (JSC::MarkedSpace::reapWeakSets):
1606         (JSC::VerifyMarked::operator()):
1607         (JSC::MarkedSpace::clearMarks):
1608         * heap/MarkedSpace.h:
1609         (JSC::ClearMarks::operator()):
1610         (JSC::ClearRememberedSet::operator()):
1611         (JSC::MarkedSpace::didAllocateInBlock):
1612         (JSC::MarkedSpace::clearRememberedSet):
1613         * heap/SlotVisitor.cpp:
1614         (JSC::SlotVisitor::~SlotVisitor):
1615         (JSC::SlotVisitor::clearMarkStack):
1616         * heap/SlotVisitor.h:
1617         (JSC::SlotVisitor::markStack):
1618         (JSC::SlotVisitor::sharedData):
1619         * heap/SlotVisitorInlines.h:
1620         (JSC::SlotVisitor::internalAppend):
1621         (JSC::SlotVisitor::unconditionallyAppend):
1622         (JSC::SlotVisitor::copyLater):
1623         (JSC::SlotVisitor::reportExtraMemoryUsage):
1624         (JSC::SlotVisitor::heap):
1625         * jit/Repatch.cpp:
1626         * runtime/JSGenericTypedArrayViewInlines.h:
1627         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1628         * runtime/JSPropertyNameIterator.h:
1629         (JSC::StructureRareData::setEnumerationCache):
1630         * runtime/JSString.cpp:
1631         (JSC::JSString::visitChildren):
1632         * runtime/StructureRareDataInlines.h:
1633         (JSC::StructureRareData::setPreviousID):
1634         (JSC::StructureRareData::setObjectToStringValue):
1635         * runtime/WeakMapData.cpp:
1636         (JSC::WeakMapData::visitChildren):
1637
1638 2014-01-08  Sam Weinig  <sam@webkit.org>
1639
1640         [JS] Should be able to create a promise by calling the Promise constructor as a function
1641         https://bugs.webkit.org/show_bug.cgi?id=126561
1642
1643         Reviewed by Geoffrey Garen.
1644
1645         * runtime/JSPromiseConstructor.cpp:
1646         (JSC::JSPromiseConstructor::getCallData):
1647         Add support for calling the Promise constructor as a function (e.g. var p = Promise(...), note
1648         the missing "new").
1649
1650 2014-01-08  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
1651
1652         [EFL] Make FTL buildable
1653         https://bugs.webkit.org/show_bug.cgi?id=125777
1654
1655         Reviewed by Csaba Osztrogonác.
1656
1657         * CMakeLists.txt:
1658         * ftl/FTLOSREntry.cpp:
1659         * ftl/FTLOSRExitCompiler.cpp:
1660         * llvm/library/config_llvm.h:
1661
1662 2014-01-08  Zan Dobersek  <zdobersek@igalia.com>
1663
1664         [Automake] Scripts for generated build targets do not necessarily produce their output
1665         https://bugs.webkit.org/show_bug.cgi?id=126378
1666
1667         Reviewed by Carlos Garcia Campos.
1668
1669         * GNUmakefile.am: Touch the build targets that are generated through helper scripts that don't
1670         assure the output is generated every time the script is invoked, most commonly due to unchanged
1671         input. This assures the build targets are up-to-date and can't be older that their dependencies,
1672         which would result in constant regeneration at every build.
1673
1674 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1675
1676         DFG fixup phase should be responsible for inserting ValueToInt32's as needed and it should use Phantom to keep the original values alive in case of OSR exit
1677         https://bugs.webkit.org/show_bug.cgi?id=126600
1678
1679         Reviewed by Michael Saboff.
1680         
1681         This fixes an embarrassing OSR exit liveness bug. It also simplifies the code. We were
1682         already using FixupPhase as the place where conversion nodes get inserted. ValueToInt32
1683         was the only exception to that rule, and that was one of the reasons why we had this bug.
1684         
1685         Henceforth ValueToInt32 is only inserted by FixupPhase, and only when it is necessary:
1686         we have a BitOp that will want a ToInt32 conversion and the operand is not predicted to
1687         already be an int32. If FixupPhase inserts any ValueToInt32's then the BitOp will no
1688         longer appear to use the original operand, which will make OSR exit think that the
1689         original operand is dead. We work around this they way we always do: insert a Phantom on
1690         the original operands right after the BitOp. This ensures that any OSR exit in any of the
1691         ValueToInt32's or in the BitOp itself will have values for the original inputs.
1692
1693         * dfg/DFGBackwardsPropagationPhase.cpp:
1694         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1695         (JSC::DFG::BackwardsPropagationPhase::propagate):
1696         * dfg/DFGByteCodeParser.cpp:
1697         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1698         (JSC::DFG::ByteCodeParser::parseBlock):
1699         * dfg/DFGFixupPhase.cpp:
1700         (JSC::DFG::FixupPhase::fixupNode):
1701         (JSC::DFG::FixupPhase::fixIntEdge):
1702         (JSC::DFG::FixupPhase::fixBinaryIntEdges):
1703         * dfg/DFGPredictionPropagationPhase.cpp:
1704         (JSC::DFG::PredictionPropagationPhase::propagate):
1705         * tests/stress/bit-op-value-to-int32-input-liveness.js: Added.
1706         (foo):
1707
1708 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1709
1710         Repatch write barrier slow path call doesn't align the stack in the presence of saved registers
1711         https://bugs.webkit.org/show_bug.cgi?id=126093
1712
1713         Reviewed by Geoffrey Garen.
1714
1715         * jit/Repatch.cpp: Reworked the stack alignment code for calling out to C code on the write barrier slow path.
1716         We need to properly account for the number of reused registers that were saved to the stack, so we have to 
1717         pass the ScratchRegisterAllocator around.
1718         (JSC::storeToWriteBarrierBuffer):
1719         (JSC::writeBarrier):
1720         (JSC::emitPutReplaceStub):
1721         (JSC::emitPutTransitionStub):
1722         * jit/ScratchRegisterAllocator.h: Previously the ScratchRegisterAllocator only knew whether or not it had
1723         reused registers, but not how many. In order to correctly align the stack for calls to C slow paths for 
1724         the write barriers in inline caches we need to know how the stack is aligned. So now ScratchRegisterAllocator
1725         tracks how many registers it has reused.
1726         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
1727         (JSC::ScratchRegisterAllocator::allocateScratch):
1728         (JSC::ScratchRegisterAllocator::didReuseRegisters):
1729         (JSC::ScratchRegisterAllocator::numberOfReusedRegisters):
1730         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1731         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1732         * llint/LowLevelInterpreter64.asm: Random typo fix.
1733
1734 2014-01-07  Mark Lam  <mark.lam@apple.com>
1735
1736         r161364 caused JSC tests regression on non-DFG builds (e.g. C Loop and Windows).
1737         https://bugs.webkit.org/show_bug.cgi?id=126589.
1738
1739         Reviewed by Filip Pizlo.
1740
1741         After the removal of ENABLE(VALUE_PROFILER), the LLINT is now expecting the
1742         relevant opcode operands to point to ValueProfiler data structures and will
1743         write profiling data into them. Hence, we need to allocate these data
1744         structures even though the profiling data won't be used in non-DFG builds.
1745
1746         * bytecode/CodeBlock.cpp:
1747         (JSC::CodeBlock::CodeBlock):
1748
1749 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1750
1751         ASSERT in compileArithNegate on pdfjs
1752         https://bugs.webkit.org/show_bug.cgi?id=126584
1753
1754         Reviewed by Mark Hahnenberg.
1755         
1756         Check negative zero when we should check it, not when we shouldn't check it. :-/
1757
1758         * dfg/DFGSpeculativeJIT.cpp:
1759         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1760
1761 2014-01-07  Gabor Rapcsanyi  <rgabor@webkit.org>
1762
1763         pushFinallyContext saves wrong m_labelScopes size
1764         https://bugs.webkit.org/show_bug.cgi?id=124529
1765
1766         Remove free label scopes before saving finally context.
1767
1768         Reviewed by Geoffrey Garen.
1769
1770         * bytecompiler/BytecodeGenerator.cpp:
1771         (JSC::BytecodeGenerator::pushFinallyContext):
1772
1773 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1774
1775         Heap::collect shouldn't be responsible for sweeping
1776         https://bugs.webkit.org/show_bug.cgi?id=126556
1777
1778         Reviewed by Geoffrey Garen.
1779
1780         Sweeping happens at an awkward time during collection due to the fact that destructors can 
1781         cause arbitrary reentry into the VM. This patch separates collecting and sweeping, and delays 
1782         sweeping until after collection has completely finished.
1783
1784         * heap/Heap.cpp:
1785         (JSC::Heap::collectAllGarbage):
1786         (JSC::Heap::collect):
1787         (JSC::Heap::collectIfNecessaryOrDefer):
1788         * heap/Heap.h:
1789         * heap/MarkedSpace.cpp:
1790         (JSC::MarkedSpace::sweep):
1791         * runtime/GCActivityCallback.cpp:
1792         (JSC::DefaultGCActivityCallback::doWork):
1793
1794 2014-01-07  Mark Rowe  <mrowe@apple.com>
1795
1796         <https://webkit.org/b/126567> Remove the legacy WebKit availability macros
1797
1798         They're no longer used.
1799
1800         Reviewed by Ryosuke Niwa.
1801
1802         * API/WebKitAvailability.h:
1803
1804 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1805
1806         SetLocal for a FlushedArguments should not claim that the dataFormat is DataFormatJS
1807         https://bugs.webkit.org/show_bug.cgi?id=126563
1808
1809         Reviewed by Gavin Barraclough.
1810         
1811         This was a rookie arguments simplification mistake: the SetLocal needs to record the fact
1812         that although it set JSValue(), OSR should think it set Arguments. DataFormatArguments
1813         conveys this, and dataFormatFor(FlushFormat) will do the right thing.
1814
1815         * dfg/DFGSpeculativeJIT32_64.cpp:
1816         (JSC::DFG::SpeculativeJIT::compile):
1817         * dfg/DFGSpeculativeJIT64.cpp:
1818         (JSC::DFG::SpeculativeJIT::compile):
1819         * tests/stress/phantom-arguments-set-local-then-exit-in-same-block.js: Added.
1820         (foo):
1821
1822 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1823
1824         Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
1825         https://bugs.webkit.org/show_bug.cgi?id=125519
1826
1827         Reviewed by Geoffrey Garen.
1828         
1829         Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
1830         checks and overflows the node should do. Previously this would be deduced from
1831         backwards analysis results.
1832         
1833         This also makes "unchecked" variants really mean that you want the int32 wrapped
1834         result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
1835         constant folder needs to compute exactly the result implied by ArithMode, instead of
1836         just folding the double result.
1837
1838         * CMakeLists.txt:
1839         * GNUmakefile.list.am:
1840         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1841         * JavaScriptCore.xcodeproj/project.pbxproj:
1842         * dfg/DFGAbstractInterpreterInlines.h:
1843         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1844         * dfg/DFGArithMode.cpp: Added.
1845         (WTF::printInternal):
1846         * dfg/DFGArithMode.h: Added.
1847         (JSC::DFG::doesOverflow):
1848         (JSC::DFG::shouldCheckOverflow):
1849         (JSC::DFG::shouldCheckNegativeZero):
1850         * dfg/DFGCSEPhase.cpp:
1851         (JSC::DFG::CSEPhase::pureCSE):
1852         (JSC::DFG::CSEPhase::performNodeCSE):
1853         * dfg/DFGConstantFoldingPhase.cpp:
1854         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1855         * dfg/DFGFixupPhase.cpp:
1856         (JSC::DFG::FixupPhase::fixupNode):
1857         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
1858         * dfg/DFGGraph.cpp:
1859         (JSC::DFG::Graph::dump):
1860         * dfg/DFGNode.h:
1861         (JSC::DFG::Node::Node):
1862         (JSC::DFG::Node::hasArithMode):
1863         (JSC::DFG::Node::arithMode):
1864         (JSC::DFG::Node::setArithMode):
1865         * dfg/DFGSpeculativeJIT.cpp:
1866         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1867         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
1868         (JSC::DFG::SpeculativeJIT::compileAdd):
1869         (JSC::DFG::SpeculativeJIT::compileArithSub):
1870         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1871         (JSC::DFG::SpeculativeJIT::compileArithMul):
1872         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1873         (JSC::DFG::SpeculativeJIT::compileArithMod):
1874         * dfg/DFGSpeculativeJIT.h:
1875         * dfg/DFGSpeculativeJIT32_64.cpp:
1876         (JSC::DFG::SpeculativeJIT::compile):
1877         * dfg/DFGSpeculativeJIT64.cpp:
1878         (JSC::DFG::SpeculativeJIT::compile):
1879         * ftl/FTLLowerDFGToLLVM.cpp:
1880         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
1881         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
1882         (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
1883         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
1884         (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
1885
1886 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1887
1888         Add write barriers to the LLInt
1889         https://bugs.webkit.org/show_bug.cgi?id=126527
1890
1891         Reviewed by Filip Pizlo.
1892
1893         This patch takes a similar approach to how write barriers work in the baseline JIT.
1894         We execute the write barrier at the beginning of the opcode so we don't have to 
1895         worry about saving and restoring live registers across write barrier slow path calls 
1896         to C code.
1897
1898         * llint/LLIntOfflineAsmConfig.h:
1899         * llint/LLIntSlowPaths.cpp:
1900         (JSC::LLInt::llint_write_barrier_slow):
1901         * llint/LLIntSlowPaths.h:
1902         * llint/LowLevelInterpreter.asm:
1903         * llint/LowLevelInterpreter32_64.asm:
1904         * llint/LowLevelInterpreter64.asm:
1905         * offlineasm/arm64.rb:
1906         * offlineasm/instructions.rb:
1907         * offlineasm/x86.rb:
1908
1909 2014-01-05  Sam Weinig  <sam@webkit.org>
1910
1911         [JS] Implement Promise.all()
1912         https://bugs.webkit.org/show_bug.cgi?id=126510
1913
1914         Reviewed by Gavin Barraclough.
1915
1916         Add Promise.all() implementation and factor out performing resolves and rejects
1917         on deferreds to share a bit of code. Also moves the abruptRejection helper to
1918         JSPromiseDeferred so it can be used in JSPromiseFunctions.
1919
1920         * runtime/CommonIdentifiers.h:
1921         * runtime/JSPromiseConstructor.cpp:
1922         (JSC::JSPromiseConstructorFuncCast):
1923         (JSC::JSPromiseConstructorFuncResolve):
1924         (JSC::JSPromiseConstructorFuncReject):
1925         (JSC::JSPromiseConstructorFuncAll):
1926         * runtime/JSPromiseDeferred.cpp:
1927         (JSC::updateDeferredFromPotentialThenable):
1928         (JSC::performDeferredResolve):
1929         (JSC::performDeferredReject):
1930         (JSC::abruptRejection):
1931         * runtime/JSPromiseDeferred.h:
1932         * runtime/JSPromiseFunctions.cpp:
1933         (JSC::promiseAllCountdownFunction):
1934         (JSC::createPromiseAllCountdownFunction):
1935         * runtime/JSPromiseFunctions.h:
1936         * runtime/JSPromiseReaction.cpp:
1937         (JSC::ExecutePromiseReactionMicrotask::run):
1938
1939 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1940
1941         Get rid of ENABLE(VALUE_PROFILER). It's on all the time now.
1942
1943         Rubber stamped by Mark Hahnenberg.
1944
1945         * bytecode/CallLinkStatus.cpp:
1946         (JSC::CallLinkStatus::computeFor):
1947         * bytecode/CodeBlock.cpp:
1948         (JSC::CodeBlock::dumpValueProfiling):
1949         (JSC::CodeBlock::dumpArrayProfiling):
1950         (JSC::CodeBlock::dumpRareCaseProfile):
1951         (JSC::CodeBlock::dumpBytecode):
1952         (JSC::CodeBlock::CodeBlock):
1953         (JSC::CodeBlock::setNumParameters):
1954         (JSC::CodeBlock::shrinkToFit):
1955         (JSC::CodeBlock::shouldOptimizeNow):
1956         * bytecode/CodeBlock.h:
1957         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1958         * bytecode/GetByIdStatus.cpp:
1959         (JSC::GetByIdStatus::computeForChain):
1960         (JSC::GetByIdStatus::computeFor):
1961         * bytecode/LazyOperandValueProfile.cpp:
1962         * bytecode/LazyOperandValueProfile.h:
1963         * bytecode/PutByIdStatus.cpp:
1964         (JSC::PutByIdStatus::computeFor):
1965         * bytecode/ValueProfile.h:
1966         * bytecompiler/BytecodeGenerator.cpp:
1967         (JSC::BytecodeGenerator::newArrayProfile):
1968         (JSC::BytecodeGenerator::newArrayAllocationProfile):
1969         (JSC::BytecodeGenerator::emitProfiledOpcode):
1970         * jit/GPRInfo.h:
1971         * jit/JIT.cpp:
1972         (JSC::JIT::JIT):
1973         (JSC::JIT::privateCompileSlowCases):
1974         (JSC::JIT::privateCompile):
1975         * jit/JIT.h:
1976         * jit/JITArithmetic.cpp:
1977         (JSC::JIT::compileBinaryArithOp):
1978         (JSC::JIT::emit_op_mul):
1979         (JSC::JIT::emit_op_div):
1980         * jit/JITArithmetic32_64.cpp:
1981         (JSC::JIT::emitBinaryDoubleOp):
1982         (JSC::JIT::emit_op_mul):
1983         (JSC::JIT::emitSlow_op_mul):
1984         (JSC::JIT::emit_op_div):
1985         * jit/JITCall.cpp:
1986         (JSC::JIT::emitPutCallResult):
1987         * jit/JITCall32_64.cpp:
1988         (JSC::JIT::emitPutCallResult):
1989         * jit/JITInlines.h:
1990         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1991         (JSC::JIT::emitValueProfilingSite):
1992         (JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
1993         (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
1994         (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
1995         (JSC::arrayProfileSaw):
1996         (JSC::JIT::chooseArrayMode):
1997         * jit/JITOpcodes.cpp:
1998         (JSC::JIT::emit_op_get_argument_by_val):
1999         * jit/JITOpcodes32_64.cpp:
2000         (JSC::JIT::emit_op_get_argument_by_val):
2001         * jit/JITPropertyAccess.cpp:
2002         (JSC::JIT::emit_op_get_by_val):
2003         (JSC::JIT::emitSlow_op_get_by_val):
2004         (JSC::JIT::emit_op_get_by_id):
2005         (JSC::JIT::emit_op_get_from_scope):
2006         * jit/JITPropertyAccess32_64.cpp:
2007         (JSC::JIT::emit_op_get_by_val):
2008         (JSC::JIT::emitSlow_op_get_by_val):
2009         (JSC::JIT::emit_op_get_by_id):
2010         (JSC::JIT::emit_op_get_from_scope):
2011         * llint/LLIntOfflineAsmConfig.h:
2012         * llint/LLIntSlowPaths.cpp:
2013         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2014         * llint/LowLevelInterpreter.asm:
2015         * llint/LowLevelInterpreter32_64.asm:
2016         * llint/LowLevelInterpreter64.asm:
2017         * profiler/ProfilerBytecodeSequence.cpp:
2018         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
2019         * runtime/CommonSlowPaths.cpp:
2020
2021 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
2022
2023         LLInt shouldn't check for ENABLE(JIT).
2024
2025         Rubber stamped by Mark Hahnenberg.
2026
2027         * llint/LLIntCommon.h:
2028         * llint/LLIntOfflineAsmConfig.h:
2029         * llint/LLIntSlowPaths.cpp:
2030         (JSC::LLInt::entryOSR):
2031         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2032         * llint/LowLevelInterpreter.asm:
2033
2034 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
2035
2036         LLInt shouldnt check for ENABLE(JAVASCRIPT_DEBUGGER).
2037
2038         Rubber stamped by Mark Hahnenberg.
2039
2040         * debugger/Debugger.h:
2041         (JSC::Debugger::Debugger):
2042         * llint/LLIntOfflineAsmConfig.h:
2043         * llint/LowLevelInterpreter.asm:
2044
2045 2014-01-05  Sam Weinig  <sam@webkit.org>
2046
2047         [JS] Implement Promise.race()
2048         https://bugs.webkit.org/show_bug.cgi?id=126506
2049
2050         Reviewed by Oliver Hunt.
2051
2052         * runtime/CommonIdentifiers.h:
2053         Add identifier for "cast".
2054     
2055         * runtime/JSPromiseConstructor.cpp:
2056         (JSC::abruptRejection):
2057         Helper for the RejectIfAbrupt abstract operation.
2058   
2059         (JSC::JSPromiseConstructorFuncRace):
2060         Add implementation of Promise.race()
2061
2062 2014-01-05  Martin Robinson  <mrobinson@igalia.com>
2063
2064         [GTK] [CMake] Ensure that the autotools build and the CMake install the same files
2065         https://bugs.webkit.org/show_bug.cgi?id=116379
2066
2067         Reviewed by Gustavo Noronha Silva.
2068
2069         * PlatformGTK.cmake: Install API headers, gir files, and the pkg-config file.
2070
2071 2014-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2072
2073         Use Compiler macros instead of raw "final" and "override"
2074         https://bugs.webkit.org/show_bug.cgi?id=126490
2075
2076         Reviewed by Sam Weinig.
2077
2078         * runtime/JSPromiseReaction.cpp:
2079
2080 2014-01-04  Martin Robinson  <mrobinson@igalia.com>
2081
2082         [GTK] [CMake] Improve the way we locate gobject-introspection
2083         https://bugs.webkit.org/show_bug.cgi?id=126452
2084
2085         Reviewed by Philippe Normand.
2086
2087         * PlatformGTK.cmake: Use the new introspection variables.
2088
2089 2014-01-04  Zan Dobersek  <zdobersek@igalia.com>
2090
2091         Explicitly use the std:: nested name specifier when using std::pair, std::make_pair
2092         https://bugs.webkit.org/show_bug.cgi?id=126439
2093
2094         Reviewed by Andreas Kling.
2095
2096         Instead of relying on std::pair and std::make_pair symbols being present in the current scope
2097         through the pair and make_pair symbols, the std:: specifier should be used explicitly.
2098
2099         * bytecode/Opcode.cpp:
2100         (JSC::compareOpcodePairIndices):
2101         (JSC::OpcodeStats::~OpcodeStats):
2102         * bytecompiler/BytecodeGenerator.cpp:
2103         (JSC::BytecodeGenerator::BytecodeGenerator):
2104         * parser/ASTBuilder.h:
2105         (JSC::ASTBuilder::makeBinaryNode):
2106         * parser/Parser.cpp:
2107         (JSC::Parser<LexerType>::parseIfStatement):
2108         * runtime/Structure.cpp:
2109         (JSC::StructureTransitionTable::contains):
2110         (JSC::StructureTransitionTable::get):
2111         (JSC::StructureTransitionTable::add):
2112
2113 2014-01-03  David Farler  <dfarler@apple.com>
2114
2115         [super dealloc] missing in Source/JavaScriptCore/API/tests/testapi.mm, fails to build with -Werror,-Wobjc-missing-super-calls
2116         https://bugs.webkit.org/show_bug.cgi?id=126454
2117
2118         Reviewed by Geoffrey Garen.
2119
2120         * API/tests/testapi.mm:
2121         (-[TextXYZ dealloc]):
2122         add [super dealloc]
2123         (-[EvilAllocationObject dealloc]):
2124         add [super dealloc]
2125
2126 2014-01-02  Carlos Garcia Campos  <cgarcia@igalia.com>
2127
2128         REGRESSION(r160304): [GTK] Disable libtool fast install
2129         https://bugs.webkit.org/show_bug.cgi?id=126381
2130
2131         Reviewed by Martin Robinson.
2132
2133         Remove -no-fast-install ld flag since fast install is now disabled
2134         globally.
2135
2136         * GNUmakefile.am:
2137
2138 2014-01-02  Sam Weinig  <sam@webkit.org>
2139
2140         Update Promises to the https://github.com/domenic/promises-unwrapping spec
2141         https://bugs.webkit.org/show_bug.cgi?id=120954
2142
2143         Reviewed by Filip Pizlo.
2144
2145         Update Promises to the revised spec. Notable changes:
2146         - JSPromiseResolver is gone.
2147         - TaskContext has been renamed Microtask and now has a virtual run() function.
2148         - Instead of using custom InternalFunction subclasses, JSFunctions are used
2149           with PrivateName properties for internal slots.
2150
2151         * CMakeLists.txt:
2152         * DerivedSources.make:
2153         * GNUmakefile.list.am:
2154         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2155         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2156         * JavaScriptCore.xcodeproj/project.pbxproj:
2157         * interpreter/CallFrame.h:
2158         (JSC::ExecState::promiseConstructorTable):
2159         * runtime/CommonIdentifiers.cpp:
2160         (JSC::CommonIdentifiers::CommonIdentifiers):
2161         * runtime/CommonIdentifiers.h:
2162         * runtime/JSGlobalObject.cpp:
2163         (JSC::JSGlobalObject::reset):
2164         (JSC::JSGlobalObject::visitChildren):
2165         (JSC::JSGlobalObject::queueMicrotask):
2166         * runtime/JSGlobalObject.h:
2167         (JSC::JSGlobalObject::promiseConstructor):
2168         (JSC::JSGlobalObject::promisePrototype):
2169         (JSC::JSGlobalObject::promiseStructure):
2170         * runtime/JSPromise.cpp:
2171         (JSC::JSPromise::create):
2172         (JSC::JSPromise::JSPromise):
2173         (JSC::JSPromise::finishCreation):
2174         (JSC::JSPromise::visitChildren):
2175         (JSC::JSPromise::reject):
2176         (JSC::JSPromise::resolve):
2177         (JSC::JSPromise::appendResolveReaction):
2178         (JSC::JSPromise::appendRejectReaction):
2179         (JSC::triggerPromiseReactions):
2180         * runtime/JSPromise.h:
2181         (JSC::JSPromise::status):
2182         (JSC::JSPromise::result):
2183         (JSC::JSPromise::constructor):
2184         * runtime/JSPromiseCallback.cpp: Removed.
2185         * runtime/JSPromiseCallback.h: Removed.
2186         * runtime/JSPromiseConstructor.cpp:
2187         (JSC::constructPromise):
2188         (JSC::JSPromiseConstructor::getCallData):
2189         (JSC::JSPromiseConstructorFuncCast):
2190         (JSC::JSPromiseConstructorFuncResolve):
2191         (JSC::JSPromiseConstructorFuncReject):
2192         * runtime/JSPromiseConstructor.h:
2193         * runtime/JSPromiseDeferred.cpp: Added.
2194         (JSC::JSPromiseDeferred::create):
2195         (JSC::JSPromiseDeferred::JSPromiseDeferred):
2196         (JSC::JSPromiseDeferred::finishCreation):
2197         (JSC::JSPromiseDeferred::visitChildren):
2198         (JSC::createJSPromiseDeferredFromConstructor):
2199         (JSC::updateDeferredFromPotentialThenable):
2200         * runtime/JSPromiseDeferred.h: Added.
2201         (JSC::JSPromiseDeferred::createStructure):
2202         (JSC::JSPromiseDeferred::promise):
2203         (JSC::JSPromiseDeferred::resolve):
2204         (JSC::JSPromiseDeferred::reject):
2205         * runtime/JSPromiseFunctions.cpp: Added.
2206         (JSC::deferredConstructionFunction):
2207         (JSC::createDeferredConstructionFunction):
2208         (JSC::identifyFunction):
2209         (JSC::createIdentifyFunction):
2210         (JSC::promiseAllCountdownFunction):
2211         (JSC::createPromiseAllCountdownFunction):
2212         (JSC::promiseResolutionHandlerFunction):
2213         (JSC::createPromiseResolutionHandlerFunction):
2214         (JSC::rejectPromiseFunction):
2215         (JSC::createRejectPromiseFunction):
2216         (JSC::resolvePromiseFunction):
2217         (JSC::createResolvePromiseFunction):
2218         (JSC::throwerFunction):
2219         (JSC::createThrowerFunction):
2220         * runtime/JSPromiseFunctions.h: Added.
2221         * runtime/JSPromisePrototype.cpp:
2222         (JSC::JSPromisePrototypeFuncThen):
2223         (JSC::JSPromisePrototypeFuncCatch):
2224         * runtime/JSPromiseReaction.cpp: Added.
2225         (JSC::createExecutePromiseReactionMicroTask):
2226         (JSC::ExecutePromiseReactionMicroTask::run):
2227         (JSC::JSPromiseReaction::create):
2228         (JSC::JSPromiseReaction::JSPromiseReaction):
2229         (JSC::JSPromiseReaction::finishCreation):
2230         (JSC::JSPromiseReaction::visitChildren):
2231         * runtime/JSPromiseReaction.h: Added.
2232         (JSC::JSPromiseReaction::createStructure):
2233         (JSC::JSPromiseReaction::deferred):
2234         (JSC::JSPromiseReaction::handler):
2235         * runtime/JSPromiseResolver.cpp: Removed.
2236         * runtime/JSPromiseResolver.h: Removed.
2237         * runtime/JSPromiseResolverConstructor.cpp: Removed.
2238         * runtime/JSPromiseResolverConstructor.h: Removed.
2239         * runtime/JSPromiseResolverPrototype.cpp: Removed.
2240         * runtime/JSPromiseResolverPrototype.h: Removed.
2241         * runtime/Microtask.h: Added.
2242         * runtime/VM.cpp:
2243         (JSC::VM::VM):
2244         (JSC::VM::~VM):
2245         * runtime/VM.h:
2246
2247 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2248
2249         Add support for StoreBarrier and friends to the FTL
2250         https://bugs.webkit.org/show_bug.cgi?id=126040
2251
2252         Reviewed by Filip Pizlo.
2253
2254         * ftl/FTLAbstractHeapRepository.h:
2255         * ftl/FTLCapabilities.cpp:
2256         (JSC::FTL::canCompile):
2257         * ftl/FTLIntrinsicRepository.h:
2258         * ftl/FTLLowerDFGToLLVM.cpp:
2259         (JSC::FTL::LowerDFGToLLVM::compileNode):
2260         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrier):
2261         (JSC::FTL::LowerDFGToLLVM::compileConditionalStoreBarrier):
2262         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck):
2263         (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
2264         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
2265         * heap/Heap.cpp:
2266         (JSC::Heap::Heap):
2267         * heap/Heap.h:
2268         (JSC::Heap::writeBarrierBuffer):
2269
2270 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2271
2272         Storing new CopiedSpace memory into a JSObject should fire a write barrier
2273         https://bugs.webkit.org/show_bug.cgi?id=126025
2274
2275         Reviewed by Filip Pizlo.
2276
2277         Technically this is creating a pointer between a (potentially) old generation object and a young 
2278         generation chunk of memory, thus there needs to be a barrier.
2279
2280         * JavaScriptCore.xcodeproj/project.pbxproj:
2281         * dfg/DFGOperations.cpp:
2282         * heap/CopyWriteBarrier.h: Added. This class functions similarly to the WriteBarrier class. It 
2283         acts as a proxy for pointers to CopiedSpace. Assignments to the field cause a write barrier to 
2284         fire for the object that is the owner of the CopiedSpace memory. This is to ensure during nursery 
2285         collections that objects with new backing stores are visited, even if they are old generation objects. 
2286         (JSC::CopyWriteBarrier::CopyWriteBarrier):
2287         (JSC::CopyWriteBarrier::operator!):
2288         (JSC::CopyWriteBarrier::operator UnspecifiedBoolType*):
2289         (JSC::CopyWriteBarrier::get):
2290         (JSC::CopyWriteBarrier::operator*):
2291         (JSC::CopyWriteBarrier::operator->):
2292         (JSC::CopyWriteBarrier::set):
2293         (JSC::CopyWriteBarrier::setWithoutWriteBarrier):
2294         (JSC::CopyWriteBarrier::clear):
2295         * heap/Heap.h:
2296         * runtime/JSArray.cpp:
2297         (JSC::JSArray::unshiftCountSlowCase):
2298         (JSC::JSArray::shiftCountWithArrayStorage):
2299         (JSC::JSArray::unshiftCountWithArrayStorage):
2300         * runtime/JSCell.h:
2301         (JSC::JSCell::unvalidatedStructure):
2302         * runtime/JSGenericTypedArrayViewInlines.h:
2303         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
2304         * runtime/JSObject.cpp:
2305         (JSC::JSObject::copyButterfly):
2306         (JSC::JSObject::getOwnPropertySlotByIndex):
2307         (JSC::JSObject::putByIndex):
2308         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
2309         (JSC::JSObject::createInitialIndexedStorage):
2310         (JSC::JSObject::createArrayStorage):
2311         (JSC::JSObject::deletePropertyByIndex):
2312         (JSC::JSObject::getOwnPropertyNames):
2313         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
2314         (JSC::JSObject::countElements):
2315         (JSC::JSObject::increaseVectorLength):
2316         (JSC::JSObject::ensureLengthSlow):
2317         * runtime/JSObject.h:
2318         (JSC::JSObject::butterfly):
2319         (JSC::JSObject::setStructureAndButterfly):
2320         (JSC::JSObject::setButterflyWithoutChangingStructure):
2321         (JSC::JSObject::JSObject):
2322         (JSC::JSObject::putDirectInternal):
2323         (JSC::JSObject::putDirectWithoutTransition):
2324         * runtime/MapData.cpp:
2325         (JSC::MapData::ensureSpaceForAppend):
2326         * runtime/Structure.cpp:
2327         (JSC::Structure::materializePropertyMap):
2328
2329 2013-12-23  Oliver Hunt  <oliver@apple.com>
2330
2331         Refactor PutPropertySlot to be aware of custom properties
2332         https://bugs.webkit.org/show_bug.cgi?id=126187
2333
2334         Reviewed by Antti Koivisto.
2335
2336         Refactor PutPropertySlot, making the constructor take the thisValue
2337         used as a target.  This results in a wide range of boilerplate changes
2338         to pass the new parameter.
2339
2340         * API/JSObjectRef.cpp:
2341         (JSObjectSetProperty):
2342         * dfg/DFGOperations.cpp:
2343         (JSC::DFG::operationPutByValInternal):
2344         * interpreter/Interpreter.cpp:
2345         (JSC::Interpreter::execute):
2346         * jit/JITOperations.cpp:
2347         * llint/LLIntSlowPaths.cpp:
2348         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2349         * runtime/Arguments.cpp:
2350         (JSC::Arguments::putByIndex):
2351         * runtime/ArrayPrototype.cpp:
2352         (JSC::putProperty):
2353         (JSC::arrayProtoFuncPush):
2354         * runtime/JSCJSValue.cpp:
2355         (JSC::JSValue::putToPrimitiveByIndex):
2356         * runtime/JSCell.cpp:
2357         (JSC::JSCell::putByIndex):
2358         * runtime/JSFunction.cpp:
2359         (JSC::JSFunction::put):
2360         * runtime/JSGenericTypedArrayViewInlines.h:
2361         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2362         * runtime/JSONObject.cpp:
2363         (JSC::Walker::walk):
2364         * runtime/JSObject.cpp:
2365         (JSC::JSObject::putByIndex):
2366         (JSC::JSObject::putDirectNonIndexAccessor):
2367         (JSC::JSObject::deleteProperty):
2368         * runtime/JSObject.h:
2369         (JSC::JSObject::putDirect):
2370         * runtime/Lookup.h:
2371         (JSC::putEntry):
2372         (JSC::lookupPut):
2373         * runtime/PutPropertySlot.h:
2374         (JSC::PutPropertySlot::PutPropertySlot):
2375         (JSC::PutPropertySlot::setCustomProperty):
2376         (JSC::PutPropertySlot::thisValue):
2377         (JSC::PutPropertySlot::isCacheable):
2378
2379 2014-01-01  Filip Pizlo  <fpizlo@apple.com>
2380
2381         Rationalize DFG DCE
2382         https://bugs.webkit.org/show_bug.cgi?id=125523
2383
2384         Reviewed by Mark Hahnenberg.
2385         
2386         Adds the ability to DCE more things. It's now the case that if a node is completely
2387         pure, we clear NodeMustGenerate and the node becomes a DCE candidate.
2388
2389         * dfg/DFGAbstractInterpreterInlines.h:
2390         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2391         * dfg/DFGCSEPhase.cpp:
2392         (JSC::DFG::CSEPhase::performNodeCSE):
2393         * dfg/DFGClobberize.h:
2394         (JSC::DFG::clobberize):
2395         * dfg/DFGDCEPhase.cpp:
2396         (JSC::DFG::DCEPhase::cleanVariables):
2397         * dfg/DFGFixupPhase.cpp:
2398         (JSC::DFG::FixupPhase::fixupNode):
2399         * dfg/DFGGraph.h:
2400         (JSC::DFG::Graph::clobbersWorld):
2401         * dfg/DFGNodeType.h:
2402         * dfg/DFGSpeculativeJIT.cpp:
2403         (JSC::DFG::SpeculativeJIT::compileAdd):
2404         * dfg/DFGSpeculativeJIT.h:
2405         * dfg/DFGSpeculativeJIT32_64.cpp:
2406         (JSC::DFG::SpeculativeJIT::compile):
2407         * dfg/DFGSpeculativeJIT64.cpp:
2408         (JSC::DFG::SpeculativeJIT::compile):
2409         * ftl/FTLLowerDFGToLLVM.cpp:
2410         (JSC::FTL::LowerDFGToLLVM::compileNode):
2411         (JSC::FTL::LowerDFGToLLVM::compileValueAdd):
2412
2413 2014-01-02  Benjamin Poulain  <benjamin@webkit.org>
2414
2415         Attempt to fix the build of WebCore's code generator on CMake based system
2416         https://bugs.webkit.org/show_bug.cgi?id=126271
2417
2418         Reviewed by Sam Weinig.
2419
2420         * CMakeLists.txt:
2421
2422 2013-12-30  Commit Queue  <commit-queue@webkit.org>
2423
2424         Unreviewed, rolling out r161157, r161158, r161160, r161161,
2425         r161163, and r161165.
2426         http://trac.webkit.org/changeset/161157
2427         http://trac.webkit.org/changeset/161158
2428         http://trac.webkit.org/changeset/161160
2429         http://trac.webkit.org/changeset/161161
2430         http://trac.webkit.org/changeset/161163
2431         http://trac.webkit.org/changeset/161165
2432         https://bugs.webkit.org/show_bug.cgi?id=126332
2433
2434         Broke WebKit2 on Mountain Lion (Requested by ap on #webkit).
2435
2436         * heap/BlockAllocator.cpp:
2437         (JSC::BlockAllocator::~BlockAllocator):
2438         (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
2439         (JSC::BlockAllocator::waitForRelativeTime):
2440         (JSC::BlockAllocator::blockFreeingThreadMain):
2441         * heap/BlockAllocator.h:
2442         (JSC::BlockAllocator::deallocate):
2443
2444 2013-12-30  Anders Carlsson  <andersca@apple.com>
2445
2446         Fix build.
2447
2448         * heap/BlockAllocator.h:
2449
2450 2013-12-30  Anders Carlsson  <andersca@apple.com>
2451
2452         Stop using ThreadCondition in BlockAllocator
2453         https://bugs.webkit.org/show_bug.cgi?id=126313
2454
2455         Reviewed by Sam Weinig.
2456
2457         * heap/BlockAllocator.cpp:
2458         (JSC::BlockAllocator::~BlockAllocator):
2459         (JSC::BlockAllocator::waitForDuration):
2460         (JSC::BlockAllocator::blockFreeingThreadMain):
2461         * heap/BlockAllocator.h:
2462         (JSC::BlockAllocator::deallocate):
2463
2464 2013-12-30  Anders Carlsson  <andersca@apple.com>
2465
2466         Stop using ThreadCondition in jsc.cpp
2467         https://bugs.webkit.org/show_bug.cgi?id=126311
2468
2469         Reviewed by Sam Weinig.
2470
2471         * jsc.cpp:
2472         (timeoutThreadMain):
2473         (main):
2474
2475 2013-12-30  Anders Carlsson  <andersca@apple.com>
2476
2477         Replace WTF::ThreadingOnce with std::call_once
2478         https://bugs.webkit.org/show_bug.cgi?id=126215
2479
2480         Reviewed by Sam Weinig.
2481
2482         * dfg/DFGWorklist.cpp:
2483         (JSC::DFG::globalWorklist):
2484         * runtime/InitializeThreading.cpp:
2485         (JSC::initializeThreading):
2486
2487 2013-12-30  Martin Robinson  <mrobinson@igalia.com>
2488
2489         [CMake] [GTK] Add support for GObject introspection
2490         https://bugs.webkit.org/show_bug.cgi?id=126162
2491
2492         Reviewed by Daniel Bates.
2493
2494         * PlatformGTK.cmake: Add the GIR targets.
2495
2496 2013-12-28  Filip Pizlo  <fpizlo@apple.com>
2497
2498         Get rid of DFG forward exiting
2499         https://bugs.webkit.org/show_bug.cgi?id=125531
2500
2501         Reviewed by Oliver Hunt.
2502         
2503         This finally gets rid of forward exiting. Forward exiting was always a fragile concept
2504         since it involved the compiler trying to figure out how to "roll forward" the
2505         execution from some DFG node to the next bytecode index. It was always easy to find
2506         counterexamples where it broke, and it has always served as an obstacle to adding
2507         compiler improvements - the latest being http://webkit.org/b/125523, which tried to
2508         make DCE work for more things.
2509         
2510         This change finishes the work of removing forward exiting. A lot of forward exiting
2511         was already removed in some other bugs, but SetLocal still did forward exits. SetLocal
2512         is in many ways the hardest to remove, since the forward exiting of SetLocal also
2513         implied that any conversion nodes inserted before the SetLocal would then also be
2514         marked as forward-exiting. Hence SetLocal's forward-exiting made a bunch of other
2515         things also forward-exiting, and this was always a source of weirdo bugs.
2516         
2517         SetLocal must be able to exit in case it performs a hoisted type speculation. Nodes
2518         inserted just before SetLocal must also be able to exit - for example type check
2519         hoisting may insert a CheckStructure, or fixup phase may insert something like
2520         Int32ToDouble. But if any of those nodes tried to backward exit, then this could lead
2521         to the reexecution of a side-effecting operation, for example:
2522         
2523             a: Call(...)
2524             b: SetLocal(@a, r1)
2525         
2526         For a long time it seemed like SetLocal *had* to exit forward because of this. But
2527         this change side-steps the problem by changing the ByteCodeParser to always emit a
2528         kind of "two-phase commit" for stores to local variables. Now when the ByteCodeParser
2529         wishes to store to a local, it first emits a MovHint and then enqueues a SetLocal.
2530         The SetLocal isn't actually emitted until the beginning of the next bytecode
2531         instruction (which the exception of op_enter and op_ret, which emit theirs immediately
2532         since it's always safe to reexecute those bytecode instructions and since deferring
2533         SetLocals would be weird there - op_enter has many SetLocals and op_ret is a set
2534         followed by a jump in case of inlining, so we'd have to emit the SetLocal "after" the
2535         jump and that would be awkward). This means that the above IR snippet would look
2536         something like:
2537         
2538             a: Call(..., bc#42)
2539             b: MovHint(@a, r1, bc#42)
2540             c: SetLocal(@a, r1, bc#47)
2541         
2542         Where the SetLocal exits "backwards" but appears at the beginning of the next bytecode
2543         instruction. This means that by the time we get to that SetLocal, the OSR exit
2544         analysis already knows that r1 is associated with @a, and it means that the SetLocal
2545         or anything hoisted above it can exit backwards as normal.
2546         
2547         This change also means that the "forward rewiring" can be killed. Previously, we might
2548         have inserted a conversion node on SetLocal and then the SetLocal died (i.e. turned
2549         into a MovHint) and the conversion node either died completely or had its lifetime
2550         truncated to be less than the actual value's bytecode lifetime. This no longer happens
2551         since conversion nodes are only inserted at SetLocals.
2552         
2553         More precisely, this change introduces two laws that we were basically already
2554         following anyway:
2555         
2556         1) A MovHint's child should never be changed except if all other uses of that child
2557            are also replaced. Specifically, this prohibits insertion of conversion nodes at
2558            MovHints.
2559         
2560         2) Anytime any child is replaced with something else, and all other uses aren't also
2561            replaced, we must insert a Phantom use of the original child.
2562
2563         This is a slight compile-time regression but has no effect on code-gen. It unlocks a
2564         bunch of optimization opportunities so I think it's worth it.
2565
2566         * bytecode/CodeBlock.cpp:
2567         (JSC::CodeBlock::dumpAssumingJITType):
2568         * bytecode/CodeBlock.h:
2569         (JSC::CodeBlock::instructionCount):
2570         * dfg/DFGAbstractInterpreterInlines.h:
2571         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2572         * dfg/DFGArgumentsSimplificationPhase.cpp:
2573         (JSC::DFG::ArgumentsSimplificationPhase::run):
2574         * dfg/DFGArrayifySlowPathGenerator.h:
2575         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
2576         * dfg/DFGBackwardsPropagationPhase.cpp:
2577         (JSC::DFG::BackwardsPropagationPhase::propagate):
2578         * dfg/DFGByteCodeParser.cpp:
2579         (JSC::DFG::ByteCodeParser::setDirect):
2580         (JSC::DFG::ByteCodeParser::DelayedSetLocal::DelayedSetLocal):
2581         (JSC::DFG::ByteCodeParser::DelayedSetLocal::execute):
2582         (JSC::DFG::ByteCodeParser::handleInlining):
2583         (JSC::DFG::ByteCodeParser::parseBlock):
2584         * dfg/DFGCSEPhase.cpp:
2585         (JSC::DFG::CSEPhase::eliminate):
2586         * dfg/DFGClobberize.h:
2587         (JSC::DFG::clobberize):
2588         * dfg/DFGCommon.h:
2589         * dfg/DFGConstantFoldingPhase.cpp:
2590         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2591         * dfg/DFGDCEPhase.cpp:
2592         (JSC::DFG::DCEPhase::run):
2593         (JSC::DFG::DCEPhase::fixupBlock):
2594         (JSC::DFG::DCEPhase::cleanVariables):
2595         * dfg/DFGFixupPhase.cpp:
2596         (JSC::DFG::FixupPhase::fixupNode):
2597         (JSC::DFG::FixupPhase::fixEdge):
2598         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2599         * dfg/DFGLICMPhase.cpp:
2600         (JSC::DFG::LICMPhase::run):
2601         (JSC::DFG::LICMPhase::attemptHoist):
2602         * dfg/DFGMinifiedNode.cpp:
2603         (JSC::DFG::MinifiedNode::fromNode):
2604         * dfg/DFGMinifiedNode.h:
2605         (JSC::DFG::belongsInMinifiedGraph):
2606         (JSC::DFG::MinifiedNode::constantNumber):
2607         (JSC::DFG::MinifiedNode::weakConstant):
2608         * dfg/DFGNode.cpp:
2609         (JSC::DFG::Node::hasVariableAccessData):
2610         * dfg/DFGNode.h:
2611         (JSC::DFG::Node::convertToPhantom):
2612         (JSC::DFG::Node::convertToPhantomUnchecked):
2613         (JSC::DFG::Node::convertToIdentity):
2614         (JSC::DFG::Node::containsMovHint):
2615         (JSC::DFG::Node::hasUnlinkedLocal):
2616         (JSC::DFG::Node::willHaveCodeGenOrOSR):
2617         * dfg/DFGNodeFlags.cpp:
2618         (JSC::DFG::dumpNodeFlags):
2619         * dfg/DFGNodeFlags.h:
2620         * dfg/DFGNodeType.h:
2621         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2622         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
2623         * dfg/DFGOSREntrypointCreationPhase.cpp:
2624         (JSC::DFG::OSREntrypointCreationPhase::run):
2625         * dfg/DFGOSRExit.cpp:
2626         * dfg/DFGOSRExit.h:
2627         * dfg/DFGOSRExitBase.cpp:
2628         * dfg/DFGOSRExitBase.h:
2629         (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
2630         * dfg/DFGPredictionPropagationPhase.cpp:
2631         (JSC::DFG::PredictionPropagationPhase::propagate):
2632         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2633         * dfg/DFGSSAConversionPhase.cpp:
2634         (JSC::DFG::SSAConversionPhase::run):
2635         * dfg/DFGSafeToExecute.h:
2636         (JSC::DFG::safeToExecute):
2637         * dfg/DFGSpeculativeJIT.cpp:
2638         (JSC::DFG::SpeculativeJIT::speculationCheck):
2639         (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
2640         (JSC::DFG::SpeculativeJIT::typeCheck):
2641         (JSC::DFG::SpeculativeJIT::compileMovHint):
2642         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2643         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2644         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2645         * dfg/DFGSpeculativeJIT.h:
2646         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2647         (JSC::DFG::SpeculativeJIT::needsTypeCheck):
2648         * dfg/DFGSpeculativeJIT32_64.cpp:
2649         (JSC::DFG::SpeculativeJIT::compile):
2650         * dfg/DFGSpeculativeJIT64.cpp:
2651         (JSC::DFG::SpeculativeJIT::compile):
2652         * dfg/DFGTypeCheckHoistingPhase.cpp:
2653         (JSC::DFG::TypeCheckHoistingPhase::run):
2654         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
2655         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
2656         * dfg/DFGValidate.cpp:
2657         (JSC::DFG::Validate::validateCPS):
2658         * dfg/DFGVariableAccessData.h:
2659         (JSC::DFG::VariableAccessData::VariableAccessData):
2660         * dfg/DFGVariableEventStream.cpp:
2661         (JSC::DFG::VariableEventStream::reconstruct):
2662         * ftl/FTLCapabilities.cpp:
2663         (JSC::FTL::canCompile):
2664         * ftl/FTLLowerDFGToLLVM.cpp:
2665         (JSC::FTL::LowerDFGToLLVM::compileNode):
2666         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
2667         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
2668         (JSC::FTL::LowerDFGToLLVM::compileMovHint):
2669         (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
2670         (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
2671         (JSC::FTL::LowerDFGToLLVM::speculate):
2672         (JSC::FTL::LowerDFGToLLVM::typeCheck):
2673         (JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
2674         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
2675         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
2676         * ftl/FTLOSRExit.cpp:
2677         * ftl/FTLOSRExit.h:
2678         * tests/stress/dead-int32-to-double.js: Added.
2679         (foo):
2680         * tests/stress/dead-uint32-to-number.js: Added.
2681         (foo):
2682
2683 2013-12-25  Commit Queue  <commit-queue@webkit.org>
2684
2685         Unreviewed, rolling out r161033 and r161074.
2686         http://trac.webkit.org/changeset/161033
2687         http://trac.webkit.org/changeset/161074
2688         https://bugs.webkit.org/show_bug.cgi?id=126240
2689
2690         Oliver says that a rollout would be better (Requested by ap on
2691         #webkit).
2692
2693         * API/JSObjectRef.cpp:
2694         (JSObjectSetProperty):
2695         * dfg/DFGOperations.cpp:
2696         (JSC::DFG::operationPutByValInternal):
2697         * interpreter/Interpreter.cpp:
2698         (JSC::Interpreter::execute):
2699         * jit/JITOperations.cpp:
2700         * llint/LLIntSlowPaths.cpp:
2701         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2702         * runtime/Arguments.cpp:
2703         (JSC::Arguments::putByIndex):
2704         * runtime/ArrayPrototype.cpp:
2705         (JSC::putProperty):
2706         (JSC::arrayProtoFuncPush):
2707         * runtime/JSCJSValue.cpp:
2708         (JSC::JSValue::putToPrimitiveByIndex):
2709         * runtime/JSCell.cpp:
2710         (JSC::JSCell::putByIndex):
2711         * runtime/JSFunction.cpp:
2712         (JSC::JSFunction::put):
2713         * runtime/JSGenericTypedArrayViewInlines.h:
2714         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2715         * runtime/JSONObject.cpp:
2716         (JSC::Walker::walk):
2717         * runtime/JSObject.cpp:
2718         (JSC::JSObject::putByIndex):
2719         (JSC::JSObject::putDirectNonIndexAccessor):
2720         (JSC::JSObject::deleteProperty):
2721         * runtime/JSObject.h:
2722         (JSC::JSObject::putDirect):
2723         * runtime/Lookup.h:
2724         (JSC::putEntry):
2725         (JSC::lookupPut):
2726         * runtime/PutPropertySlot.h:
2727         (JSC::PutPropertySlot::PutPropertySlot):
2728         (JSC::PutPropertySlot::setNewProperty):
2729         (JSC::PutPropertySlot::isCacheable):
2730
2731 2013-12-25  Filip Pizlo  <fpizlo@apple.com>
2732
2733         DFG PhantomArguments shouldn't rely on a dead Phi graph
2734         https://bugs.webkit.org/show_bug.cgi?id=126218
2735
2736         Reviewed by Oliver Hunt.
2737         
2738         This change dramatically rationalizes our handling of PhantomArguments (i.e.
2739         speculative elision of arguments object allocation).
2740         
2741         It's now the case that if we decide that we can elide arguments allocation, we just
2742         turn the arguments-creating node into a PhantomArguments and mark all locals that
2743         it's stored to as being arguments aliases. Being an arguments alias and being a
2744         PhantomArguments means basically the same thing: in DFG execution you have the empty
2745         value, on OSR exit an arguments object is allocated in your place, and all operations
2746         that use the value now just refer directly to the actual arguments in the call frame
2747         header (or the arguments we know that we passed to the call, in case of inlining).
2748         
2749         This means that we no longer have arguments simplification creating a dead Phi graph
2750         that then has to be interpreted by the OSR exit logic. That sort of never made any
2751         sense.
2752         
2753         This means that PhantomArguments now has a clear story in SSA: basically SSA just
2754         gets rid of the "locals" but everything else is the same.
2755         
2756         Finally, this means that we can more easily get rid of forward exiting. As I was
2757         working on the code to get rid of forward exiting, I realized that I'd have to
2758         carefully preserve the special meanings of MovHint and SetLocal in the case of
2759         PhantomArguments. It was really bizarre: even the semantics of MovHint were tied to
2760         our specific treatment of PhantomArguments. After this change this is no longer the
2761         case.
2762         
2763         One of the really cool things about this change is that arguments reification now
2764         just becomes a special kind of FlushFormat. This further unifies things: it means
2765         that a MovHint(PhantomArguments) and a SetLocal(PhantomArguments) both have the same
2766         meaning, since both of them dictate that the way we recover the local on exit is by
2767         reifying arguments. Previously, the SetLocal(PhantomArguments) case needed some
2768         special handling to accomplish this.
2769         
2770         A downside of this approach is that we will now emit code to store the empty value
2771         into aliased arguments variables, and we will even emit code to load that empty value
2772         as well. As far as I can tell this doesn't cost anything, since PhantomArguments are
2773         most profitable in cases where it allows us to simplify control flow and kill the
2774         arguments locals entirely. Of course, this isn't an issue in SSA form since SSA form
2775         also eliminates the locals.
2776
2777         * dfg/DFGArgumentsSimplificationPhase.cpp:
2778         (JSC::DFG::ArgumentsSimplificationPhase::run):
2779         (JSC::DFG::ArgumentsSimplificationPhase::detypeArgumentsReferencingPhantomChild):
2780         * dfg/DFGFlushFormat.cpp:
2781         (WTF::printInternal):
2782         * dfg/DFGFlushFormat.h:
2783         (JSC::DFG::resultFor):
2784         (JSC::DFG::useKindFor):
2785         (JSC::DFG::dataFormatFor):
2786         * dfg/DFGSpeculativeJIT.cpp:
2787         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2788         * dfg/DFGSpeculativeJIT32_64.cpp:
2789         (JSC::DFG::SpeculativeJIT::compile):
2790         * dfg/DFGSpeculativeJIT64.cpp:
2791         (JSC::DFG::SpeculativeJIT::compile):
2792         * dfg/DFGValueSource.h:
2793         (JSC::DFG::ValueSource::ValueSource):
2794         (JSC::DFG::ValueSource::forFlushFormat):
2795         * dfg/DFGVariableAccessData.h:
2796         (JSC::DFG::VariableAccessData::flushFormat):
2797         * ftl/FTLLowerDFGToLLVM.cpp:
2798         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
2799
2800 2013-12-23  Oliver Hunt  <oliver@apple.com>
2801
2802         Refactor PutPropertySlot to be aware of custom properties
2803         https://bugs.webkit.org/show_bug.cgi?id=126187
2804
2805         Reviewed by msaboff.
2806
2807         Refactor PutPropertySlot, making the constructor take the thisValue
2808         used as a target.  This results in a wide range of boilerplate changes
2809         to pass the new parameter.
2810
2811         * API/JSObjectRef.cpp:
2812         (JSObjectSetProperty):
2813         * dfg/DFGOperations.cpp:
2814         (JSC::DFG::operationPutByValInternal):
2815         * interpreter/Interpreter.cpp:
2816         (JSC::Interpreter::execute):
2817         * jit/JITOperations.cpp:
2818         * llint/LLIntSlowPaths.cpp:
2819         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2820         * runtime/Arguments.cpp:
2821         (JSC::Arguments::putByIndex):
2822         * runtime/ArrayPrototype.cpp:
2823         (JSC::putProperty):
2824         (JSC::arrayProtoFuncPush):
2825         * runtime/JSCJSValue.cpp:
2826         (JSC::JSValue::putToPrimitiveByIndex):
2827         * runtime/JSCell.cpp:
2828         (JSC::JSCell::putByIndex):
2829         * runtime/JSFunction.cpp:
2830         (JSC::JSFunction::put):
2831         * runtime/JSGenericTypedArrayViewInlines.h:
2832         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2833         * runtime/JSONObject.cpp:
2834         (JSC::Walker::walk):
2835         * runtime/JSObject.cpp:
2836         (JSC::JSObject::putByIndex):
2837         (JSC::JSObject::putDirectNonIndexAccessor):
2838         (JSC::JSObject::deleteProperty):
2839         * runtime/JSObject.h:
2840         (JSC::JSObject::putDirect):
2841         * runtime/Lookup.h:
2842         (JSC::putEntry):
2843         (JSC::lookupPut):
2844         * runtime/PutPropertySlot.h:
2845         (JSC::PutPropertySlot::PutPropertySlot):
2846         (JSC::PutPropertySlot::setCustomProperty):
2847         (JSC::PutPropertySlot::thisValue):
2848         (JSC::PutPropertySlot::isCacheable):
2849
2850 2013-12-23  Benjamin Poulain  <benjamin@webkit.org>
2851
2852         Add class matching to the Selector Code Generator
2853         https://bugs.webkit.org/show_bug.cgi?id=126176
2854
2855         Reviewed by Antti Koivisto and Oliver Hunt.
2856
2857         Add test and branch based on BaseIndex addressing for x86_64.
2858         Fast loops are needed to compete with clang on tight loops.
2859
2860         * assembler/MacroAssembler.h:
2861         * assembler/MacroAssemblerX86_64.h:
2862         (JSC::MacroAssemblerX86_64::branch64):
2863         (JSC::MacroAssemblerX86_64::branchPtr):
2864         * assembler/X86Assembler.h:
2865         (JSC::X86Assembler::cmpq_rm):
2866
2867 2013-12-23  Oliver Hunt  <oliver@apple.com>
2868
2869         Update custom setter implementations to perform type checks
2870         https://bugs.webkit.org/show_bug.cgi?id=126171
2871
2872         Reviewed by Daniel Bates.
2873
2874         Modify the setter function signature to take encoded values
2875         as we're changing the setter usage everywhere anyway.
2876
2877         * runtime/Lookup.h:
2878         (JSC::putEntry):
2879
2880 2013-12-23  Lucas Forschler  <lforschler@apple.com>
2881
2882         <rdar://problem/15682948> Update copyright strings
2883         
2884         Reviewed by Dan Bernstein.
2885
2886         * Info.plist:
2887         * JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist:
2888
2889 2013-12-23  Zan Dobersek  <zdobersek@igalia.com>
2890
2891         [GTK] Clean up compiler optimizations flags for libWTF, libJSC
2892         https://bugs.webkit.org/show_bug.cgi?id=126157
2893
2894         Reviewed by Gustavo Noronha Silva.
2895
2896         * GNUmakefile.am: Remove the -fstrict-aliasing and -O3 compiler flags for libWTF.la. -O3 gets
2897         overridden by -O2 that's listed in CXXFLAGS (or -O0 in case of debug builds) and -fstrict-aliasing
2898         is enabled when -O2 is used (and shouldn't be enabled in debug builds anyway).
2899
2900 2013-12-22  Martin Robinson  <mrobinson@igalia.com>
2901
2902         [CMake] Fix typo from r160812
2903         https://bugs.webkit.org/show_bug.cgi?id=126145
2904
2905         Reviewed by Gustavo Noronha Silva.
2906
2907         * CMakeLists.txt: Fix typo when detecting the type of library.
2908
2909 2013-12-22  Martin Robinson  <mrobinson@igalia.com>
2910
2911         [GTK][CMake] libtool-compatible soversion calculation
2912         https://bugs.webkit.org/show_bug.cgi?id=125511
2913
2914         Reviewed by Gustavo Noronha Silva.
2915
2916         * CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
2917         library-specific version information.
2918
2919 2013-12-23  Gustavo Noronha Silva  <gns@gnome.org>
2920
2921         [GTK] [CMake] Generate pkg-config files
2922         https://bugs.webkit.org/show_bug.cgi?id=125685
2923
2924         Reviewed by Martin Robinson.
2925
2926         * PlatformGTK.cmake: Added. Generate javascriptcoregtk-3.0.pc.
2927
2928 2013-12-22  Benjamin Poulain  <benjamin@webkit.org>
2929
2930         Create a skeleton for CSS Selector code generation
2931         https://bugs.webkit.org/show_bug.cgi?id=126044
2932
2933         Reviewed by Antti Koivisto and Gavin Barraclough.
2934
2935         * assembler/LinkBuffer.h:
2936         Add a new owner UID for code compiled for CSS.
2937         Export the symbols needed to link code from WebCore.
2938
2939 2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2940
2941         Clean up DFG write barriers
2942         https://bugs.webkit.org/show_bug.cgi?id=126047
2943
2944         Reviewed by Filip Pizlo.
2945
2946         * dfg/DFGSpeculativeJIT.cpp:
2947         (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Use the register allocator to 
2948         determine which registers need saving instead of saving every single one of them.
2949         (JSC::DFG::SpeculativeJIT::osrWriteBarrier): We don't need to save live register state 
2950         because the write barriers during OSR execute when there are no live registers. Also we  
2951         don't need to use pushes to pad the stack pointer for pokes on x86; we can just use an add.
2952         (JSC::DFG::SpeculativeJIT::writeBarrier):
2953         * dfg/DFGSpeculativeJIT.h:
2954         * jit/Repatch.cpp:
2955         (JSC::emitPutReplaceStub):
2956         (JSC::emitPutTransitionStub):
2957         * runtime/VM.h: Get rid of writeBarrierRegisterBuffer since it's no longer used.
2958
2959 2013-12-20  Balazs Kilvady  <kilvadyb@homejinni.com>
2960
2961         [MIPS] Missing MacroAssemblerMIPS::branchTest8(ResultCondition, BaseIndex, TrustedImm32)
2962         https://bugs.webkit.org/show_bug.cgi?id=126062
2963
2964         Reviewed by Mark Hahnenberg.
2965
2966         * assembler/MacroAssemblerMIPS.h:
2967         (JSC::MacroAssemblerMIPS::branchTest8):
2968
2969 2013-12-20  Julien Brianceau  <jbriance@cisco.com>
2970
2971         [sh4] Add missing implementation in MacroAssembler to fix build.
2972         https://bugs.webkit.org/show_bug.cgi?id=126063
2973
2974         Reviewed by Mark Hahnenberg.
2975
2976         * assembler/MacroAssemblerSH4.h:
2977         (JSC::MacroAssemblerSH4::branchTest8):
2978
2979 2013-12-20  Julien Brianceau  <jbriance@cisco.com>
2980
2981         [arm] Add missing implementation in MacroAssembler to fix CPU(ARM_TRADITIONAL) build.
2982         https://bugs.webkit.org/show_bug.cgi?id=126064
2983
2984         Reviewed by Mark Hahnenberg.
2985
2986         * assembler/MacroAssemblerARM.h:
2987         (JSC::MacroAssemblerARM::branchTest8):
2988
2989 2013-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2990
2991         Web Inspector: Add InspectorFrontendHost.debuggableType to let the frontend know it's backend is JavaScript or Web
2992         https://bugs.webkit.org/show_bug.cgi?id=126016
2993
2994         Reviewed by Timothy Hatcher.
2995
2996         * inspector/remote/RemoteInspector.mm:
2997         (Inspector::RemoteInspector::listingForDebuggable):
2998         * inspector/remote/RemoteInspectorConstants.h:
2999         Include a debuggable type identifier in the debuggable listing,
3000         so the remote frontend can know if it is debugging a Web Page
3001         or JS Context.
3002
3003 2013-12-19  Benjamin Poulain  <benjamin@webkit.org>
3004
3005         Add an utility class to simplify generating function calls
3006         https://bugs.webkit.org/show_bug.cgi?id=125972
3007
3008         Reviewed by Geoffrey Garen.
3009
3010         Split branchTest32 in two functions: test32AndSetFlags and branchOnFlags.
3011         This is done to allow code where the flags are set, multiple operation that
3012         do not modify the flags occur, then the flags are used.
3013
3014         This is used for function calls to test the return value while discarding the
3015         return register.
3016
3017         * assembler/MacroAssemblerX86Common.h:
3018         (JSC::MacroAssemblerX86Common::test32AndSetFlags):
3019         (JSC::MacroAssemblerX86Common::branchOnFlags):
3020         (JSC::MacroAssemblerX86Common::branchTest32):
3021
3022 2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>
3023
3024         Put write barriers in the right places in the baseline JIT
3025         https://bugs.webkit.org/show_bug.cgi?id=125975
3026
3027         Reviewed by Filip Pizlo.
3028
3029         * jit/JIT.cpp:
3030         (JSC::JIT::privateCompileSlowCases):
3031         * jit/JIT.h:
3032         * jit/JITInlines.h:
3033         (JSC::JIT::callOperation):
3034         (JSC::JIT::emitArrayProfilingSite):
3035         * jit/JITOpcodes.cpp:
3036         (JSC::JIT::emit_op_enter):
3037         (JSC::JIT::emitSlow_op_enter):
3038         * jit/JITOpcodes32_64.cpp:
3039         (JSC::JIT::emit_op_enter):
3040         (JSC::JIT::emitSlow_op_enter):
3041         * jit/JITPropertyAccess.cpp:
3042         (JSC::JIT::emit_op_put_by_val):
3043         (JSC::JIT::emitGenericContiguousPutByVal):
3044         (JSC::JIT::emitArrayStoragePutByVal):
3045         (JSC::JIT::emit_op_put_by_id):
3046         (JSC::JIT::emitPutGlobalProperty):
3047         (JSC::JIT::emitPutGlobalVar):
3048         (JSC::JIT::emitPutClosureVar):
3049         (JSC::JIT::emit_op_init_global_const):
3050         (JSC::JIT::checkMarkWord):
3051         (JSC::JIT::emitWriteBarrier):
3052         (JSC::JIT::privateCompilePutByVal):
3053         * jit/JITPropertyAccess32_64.cpp:
3054         (JSC::JIT::emitGenericContiguousPutByVal):
3055         (JSC::JIT::emitArrayStoragePutByVal):
3056         (JSC::JIT::emit_op_put_by_id):
3057         (JSC::JIT::emitSlow_op_put_by_id):
3058         (JSC::JIT::emitPutGlobalProperty):
3059         (JSC::JIT::emitPutGlobalVar):
3060         (JSC::JIT::emitPutClosureVar):
3061         (JSC::JIT::emit_op_init_global_const):
3062         * jit/Repatch.cpp:
3063         (JSC::emitPutReplaceStub):
3064         (JSC::emitPutTransitionStub):
3065         (JSC::repatchPutByID):
3066         * runtime/CommonSlowPaths.cpp:
3067         (JSC::SLOW_PATH_DECL):
3068         * runtime/CommonSlowPaths.h:
3069
3070 2013-12-19  Brent Fulgham  <bfulgham@apple.com>
3071
3072         Implement ArrayBuffer.isView
3073         https://bugs.webkit.org/show_bug.cgi?id=126004
3074
3075         Reviewed by Filip Pizlo.
3076
3077         Test coverage in webgl/1.0.2/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html
3078
3079         * runtime/JSArrayBufferConstructor.cpp:
3080         (JSC::JSArrayBufferConstructor::finishCreation): Add 'isView' to object constructor.
3081         (JSC::arrayBufferFuncIsView): New method.
3082
3083 2013-12-19  Mark Lam  <mark.lam@apple.com>
3084
3085         Fix broken C loop LLINT build.
3086         https://bugs.webkit.org/show_bug.cgi?id=126024.
3087
3088         Reviewed by Oliver Hunt.
3089
3090         * runtime/VM.h:
3091
3092 2013-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
3093
3094         DelayedReleaseScope is in the wrong place
3095         https://bugs.webkit.org/show_bug.cgi?id=125876
3096
3097         Reviewed by Geoffrey Garen.
3098
3099         The DelayedReleaseScope needs to be around the free list sweeping in MarkedAllocator::tryAllocateHelper. 
3100         This location gives us a good safe point between getting ready to allocate  (i.e. identifying a non-empty 
3101         free list) and doing the actual allocation (popping the free list).
3102
3103         * heap/MarkedAllocator.cpp:
3104         (JSC::MarkedAllocator::tryAllocateHelper):
3105         (JSC::MarkedAllocator::allocateSlowCase):
3106         (JSC::MarkedAllocator::addBlock):
3107         * runtime/JSCellInlines.h:
3108         (JSC::allocateCell):
3109
3110 2013-12-18  Gustavo Noronha Silva  <gns@gnome.org>
3111
3112         [GTK][CMake] make libjavascriptcoregtk a public shared library again
3113         https://bugs.webkit.org/show_bug.cgi?id=125512
3114
3115         Reviewed by Martin Robinson.
3116
3117         * CMakeLists.txt: use target type instead of SHARED_CORE to decide whether
3118         JavaScriptCore is a shared library, since it's always shared for GTK+ regardless
3119         of SHARED_CORE.
3120
3121 2013-12-18  Benjamin Poulain  <benjamin@webkit.org>
3122
3123         Add a simple stack abstraction for x86_64
3124         https://bugs.webkit.org/show_bug.cgi?id=125908
3125
3126         Reviewed by Geoffrey Garen.
3127
3128         * assembler/MacroAssemblerX86_64.h:
3129         (JSC::MacroAssemblerX86_64::addPtrNoFlags):
3130         Add an explicit abstraction for the "lea" instruction. This is needed
3131         by the experimental JIT to have add and substract without changing the flags.
3132
3133         This is useful for function calls to test the return value, restore the registers,
3134         then branch on the flags from the return value.
3135
3136 2013-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
3137
3138         DFG should have a separate StoreBarrier node
3139         https://bugs.webkit.org/show_bug.cgi?id=125530
3140
3141         Reviewed by Filip Pizlo.
3142
3143         This is in preparation for GenGC. We use a separate StoreBarrier node instead of making them implicitly 
3144         part of other nodes so that it's easier to run analyses on them, e.g. for the StoreBarrierElisionPhase. 
3145         They are inserted during the fixup phase. Initially they do not generate any code.
3146
3147         * CMakeLists.txt:
3148         * GNUmakefile.list.am:
3149         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3150         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3151         * JavaScriptCore.xcodeproj/project.pbxproj:
3152         * dfg/DFGAbstractHeap.h:
3153         * dfg/DFGAbstractInterpreter.h:
3154         (JSC::DFG::AbstractInterpreter::isKnownNotCell):
3155         * dfg/DFGAbstractInterpreterInlines.h:
3156         (JSC::DFG::::executeEffects):
3157         * dfg/DFGClobberize.h:
3158         (JSC::DFG::clobberizeForAllocation):
3159         (JSC::DFG::clobberize):
3160         * dfg/DFGConstantFoldingPhase.cpp:
3161         (JSC::DFG::ConstantFoldingPhase::foldConstants): Whenever we insert new nodes that require StoreBarriers,
3162         we have to add those new StoreBarriers too. It's important to note that AllocatePropertyStorage and 
3163         ReallocatePropertyStorage nodes require their StoreBarriers to come after them since they allocate first,
3164         which could cause a GC, and then store the resulting buffer into their JSCell, which requires the barrier.
3165         If we ever require that write barriers occur before stores, we'll have to split these nodes into 
3166         AllocatePropertyStorage + StoreBarrier + PutPropertyStorage.
3167         * dfg/DFGFixupPhase.cpp:
3168         (JSC::DFG::FixupPhase::fixupNode):
3169         (JSC::DFG::FixupPhase::insertStoreBarrier):
3170         * dfg/DFGNode.h:
3171         (JSC::DFG::Node::isStoreBarrier):
3172         * dfg/DFGNodeType.h:
3173         * dfg/DFGOSRExitCompiler32_64.cpp:
3174         (JSC::DFG::OSRExitCompiler::compileExit):
3175         * dfg/DFGOSRExitCompiler64.cpp:
3176         (JSC::DFG::OSRExitCompiler::compileExit):
3177         * dfg/DFGPlan.cpp:
3178         (JSC::DFG::Plan::compileInThreadImpl):
3179         * dfg/DFGPredictionPropagationPhase.cpp:
3180         (JSC::DFG::PredictionPropagationPhase::propagate):
3181         * dfg/DFGSafeToExecute.h:
3182         (JSC::DFG::safeToExecute):
3183         * dfg/DFGSpeculativeJIT.cpp:
3184         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
3185         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
3186         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
3187         (JSC::DFG::SpeculativeJIT::genericWriteBarrier): The fast path write barrier check. It loads the 
3188         byte that contains the mark bit of the object. 
3189         (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): If the fast path check fails we try to store the 
3190         cell in the WriteBarrierBuffer so as to avoid frequently flushing all registers in order to make a C call.
3191         (JSC::DFG::SpeculativeJIT::writeBarrier):
3192         (JSC::DFG::SpeculativeJIT::osrWriteBarrier): More barebones version of the write barrier to be executed 
3193         during an OSR exit into baseline code. We must do this so that the baseline JIT object and array profiles 
3194         are properly cleared during GC.
3195         * dfg/DFGSpeculativeJIT.h:
3196         (JSC::DFG::SpeculativeJIT::callOperation):
3197         * dfg/DFGSpeculativeJIT32_64.cpp:
3198         (JSC::DFG::SpeculativeJIT::cachedPutById):
3199         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
3200         (JSC::DFG::SpeculativeJIT::compile):
3201         (JSC::DFG::SpeculativeJIT::writeBarrier):
3202         * dfg/DFGSpeculativeJIT64.cpp:
3203         (JSC::DFG::SpeculativeJIT::cachedPutById):
3204         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
3205         (JSC::DFG::SpeculativeJIT::compile):
3206         (JSC::DFG::SpeculativeJIT::writeBarrier):
3207         * dfg/DFGStoreBarrierElisionPhase.cpp: Added. New DFG phase that does block-local elision of redundant
3208         StoreBarriers. Every time a StoreBarrier on a particular object is executed, a bit is set indicating that 
3209         that object doesn't need any more StoreBarriers. 
3210         (JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
3211         (JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Nodes that could cause a GC reset the bits for all of the 
3212         objects known in the current block. 
3213         (JSC::DFG::StoreBarrierElisionPhase::allocatesFreshObject): A node that creates a new object automatically 
3214         sets the bit for that object since if a GC occurred as the result of that object's allocation then that 
3215         object would not need a barrier since it would be guaranteed to be a young generation object until the 
3216         next GC point.
3217         (JSC::DFG::StoreBarrierElisionPhase::noticeFreshObject):
3218         (JSC::DFG::StoreBarrierElisionPhase::getBaseOfStore):
3219         (JSC::DFG::StoreBarrierElisionPhase::shouldBeElided):
3220         (JSC::DFG::StoreBarrierElisionPhase::elideBarrier):
3221         (JSC::DFG::StoreBarrierElisionPhase::handleNode):
3222         (JSC::DFG::StoreBarrierElisionPhase::handleBlock):
3223         (JSC::DFG::StoreBarrierElisionPhase::run):
3224         (JSC::DFG::performStoreBarrierElision):
3225         * dfg/DFGStoreBarrierElisionPhase.h: Added.
3226         * heap/Heap.cpp:
3227         (JSC::Heap::Heap):
3228         (JSC::Heap::flushWriteBarrierBuffer):
3229         * heap/Heap.h:
3230         (JSC::Heap::writeBarrier):
3231         * heap/MarkedBlock.h:
3232         (JSC::MarkedBlock::offsetOfMarks):
3233         * heap/WriteBarrierBuffer.cpp: Added. The WriteBarrierBuffer buffers a set of JSCells that are awaiting 
3234         a pending WriteBarrier. This buffer is used by the DFG to avoid the overhead of calling out to C repeatedly
3235         to invoke a write barrier on a single JSCell. Instead the DFG has inline code to fill the WriteBarrier buffer
3236         until its full, and then to call out to C to flush it. The WriteBarrierBuffer will also be flushed prior to 
3237         each EdenCollection.
3238         (JSC::WriteBarrierBuffer::WriteBarrierBuffer):
3239         (JSC::WriteBarrierBuffer::~WriteBarrierBuffer):
3240         (JSC::WriteBarrierBuffer::flush):
3241         (JSC::WriteBarrierBuffer::reset):
3242         (JSC::WriteBarrierBuffer::add):
3243         * heap/WriteBarrierBuffer.h: Added.
3244         (JSC::WriteBarrierBuffer::currentIndexOffset):
3245         (JSC::WriteBarrierBuffer::capacityOffset):
3246         (JSC::WriteBarrierBuffer::bufferOffset):
3247         * jit/JITOperations.cpp:
3248         * jit/JITOperations.h:
3249         * runtime/VM.h:
3250
3251 2013-12-18  Carlos Garcia Campos  <cgarcia@igalia.com>
3252
3253         Unreviewed. Fix make distcheck.
3254
3255         * GNUmakefile.am:
3256
3257 2013-12-17  Julien Brianceau  <jbriance@cisco.com>
3258
3259         Fix armv7 and sh4 builds.
3260         https://bugs.webkit.org/show_bug.cgi?id=125848
3261
3262         Reviewed by Csaba Osztrogonác.
3263
3264         * assembler/ARMv7Assembler.h: Include limits.h for INT_MIN.
3265         * assembler/SH4Assembler.h: Include limits.h for INT_MIN.
3266
3267 2013-12-16  Oliver Hunt  <oliver@apple.com>
3268
3269         Avoid indirect function calls for custom getters
3270         https://bugs.webkit.org/show_bug.cgi?id=125821
3271
3272         Reviewed by Mark Hahnenberg.
3273
3274         Rather than invoking a helper function to perform an indirect call
3275         through a function pointer, just have the JIT call the function directly.
3276
3277         Unfortunately this only works in JSVALUE64 at the moment as there
3278         is not an obvious way to pass two EncodedJSValues uniformly over
3279         the various effected JITs.
3280
3281         * jit/CCallHelpers.h:
3282         (JSC::CCallHelpers::setupArguments):
3283         * jit/Repatch.cpp:
3284         (JSC::generateProtoChainAccessStub):
3285         (JSC::tryBuildGetByIDList):
3286
3287 2013-12-16  Joseph Pecoraro  <pecoraro@apple.com>
3288
3289         Fix some whitespace issues in inspector code
3290         https://bugs.webkit.org/show_bug.cgi?id=125814
3291
3292         Reviewed by Darin Adler.
3293
3294         * inspector/protocol/Debugger.json:
3295         * inspector/protocol/Runtime.json:
3296         * inspector/scripts/CodeGeneratorInspector.py:
3297         (Generator.process_command):
3298
3299 2013-12-16  Mark Hahnenberg  <mhahnenberg@apple.com>
3300
3301         Add some missing functions to MacroAssembler
3302         https://bugs.webkit.org/show_bug.cgi?id=125809
3303
3304         Reviewed by Oliver Hunt.
3305
3306         * assembler/AbstractMacroAssembler.h:
3307         * assembler/AssemblerBuffer.h:
3308         * assembler/LinkBuffer.cpp:
3309         * assembler/MacroAssembler.h:
3310         (JSC::MacroAssembler::storePtr):
3311         (JSC::MacroAssembler::andPtr):
3312         * assembler/MacroAssemblerARM64.h:
3313         (JSC::MacroAssemblerARM64::and64):
3314         (JSC::MacroAssemblerARM64::branchTest8):
3315         * assembler/MacroAssemblerARMv7.h:
3316         (JSC::MacroAssemblerARMv7::branchTest8):
3317         * assembler/X86Assembler.h:
3318
3319 2013-12-16  Brent Fulgham  <bfulgham@apple.com>
3320
3321         [Win] Remove dead code after conversion to VS2013
3322         https://bugs.webkit.org/show_bug.cgi?id=125795
3323
3324         Reviewed by Darin Adler.
3325
3326         * API/tests/testapi.c: Remove local nan implementation
3327
3328 2013-12-16  Oliver Hunt  <oliver@apple.com>
3329
3330         Cache getters and custom accessors on the prototype chain
3331         https://bugs.webkit.org/show_bug.cgi?id=125602
3332
3333         Reviewed by Michael Saboff.
3334
3335         Support caching of custom getters and accessors on the prototype chain.
3336         This is relatively trivial and just requires a little work compared to
3337         the direct access mode as we're under more register pressure.
3338
3339         * bytecode/StructureStubInfo.h:
3340           Removed the unsued initGetByIdProto as it was confusing to still have it present.
3341         * jit/Repatch.cpp:
3342         (JSC::generateProtoChainAccessStub):
3343         (JSC::tryCacheGetByID):
3344         (JSC::tryBuildGetByIDList):
3345
3346 2013-12-16  Mark Lam  <mark.lam@apple.com>
3347
3348         Change slow path result to take a void* instead of a ExecState*.
3349         https://bugs.webkit.org/show_bug.cgi?id=125802.
3350
3351         Reviewed by Filip Pizlo.
3352
3353         This is in preparation for C Stack OSR entry work that is coming soon.
3354         In the OSR entry case, we'll be returning a topOfFrame pointer value
3355         instead of the ExecState*.
3356
3357         * offlineasm/cloop.rb:
3358         * runtime/CommonSlowPaths.h:
3359         (JSC::encodeResult):
3360         (JSC::decodeResult):
3361
3362 2013-12-16  Alex Christensen  <achristensen@webkit.org>
3363
3364         Fixed Win64 build on VS2013.
3365         https://bugs.webkit.org/show_bug.cgi?id=125753
3366
3367         Reviewed by Brent Fulgham.
3368
3369         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3370         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
3371         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
3372         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
3373         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
3374         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
3375         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
3376         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
3377         Added correct PlatformToolset for 64-bit builds.
3378
3379 2013-12-16  Peter Szanka  <h868064@stud.u-szeged.hu>
3380
3381         Delete RVCT related code parts.
3382         https://bugs.webkit.org/show_bug.cgi?id=125626
3383
3384         Reviewed by Darin Adler.
3385
3386         * assembler/ARMAssembler.cpp:
3387         * assembler/ARMAssembler.h:
3388         (JSC::ARMAssembler::cacheFlush):
3389         * assembler/MacroAssemblerARM.cpp:
3390         (JSC::isVFPPresent):
3391         * jit/JITStubsARM.h:
3392         * jit/JITStubsARMv7.h:
3393
3394 2013-12-15  Ryosuke Niwa  <rniwa@webkit.org>
3395
3396         REGRESSION: 2x regression on Dromaeo DOM query tests
3397         https://bugs.webkit.org/show_bug.cgi?id=125377
3398
3399         Reviewed by Filip Pizlo.
3400
3401         The bug was caused by JSC not JIT'ing property access on "document" due to its type info having
3402         HasImpureGetOwnPropertySlot flag.
3403
3404         Fixed the bug by new type info flag NewImpurePropertyFiresWatchpoints, which allows the baseline
3405         JIT to generate byte code for access properties on an object with named properties (a.k.a.
3406         custom name getter) in DOM. When a new named property appears on the object, VM is notified via
3407         VM::addImpureProperty and fires StructureStubClearingWatchpoint added during the repatch.
3408
3409         * bytecode/GetByIdStatus.cpp:
3410         (JSC::GetByIdStatus::computeFromLLInt): Take the slow path if we have any object with impure
3411         properties in the prototype chain.
3412         (JSC::GetByIdStatus::computeForChain): Ditto.
3413
3414         * jit/Repatch.cpp:
3415         (JSC::repatchByIdSelfAccess): Throw away the byte code when a new impure property is added on any
3416         object in the prototype chain via StructureStubClearingWatchpoint.
3417         (JSC::generateProtoChainAccessStub): Ditto.
3418         (JSC::tryCacheGetByID):
3419         (JSC::tryBuildGetByIDList):
3420         (JSC::tryRepatchIn): Ditto.
3421
3422         * runtime/JSTypeInfo.h: Added NewImpurePropertyFiresWatchpoints.