Removed clearEvalCodeCache()
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
2
3         Removed clearEvalCodeCache()
4         https://bugs.webkit.org/show_bug.cgi?id=147957
5
6         Reviewed by Filip Pizlo.
7
8         It was unused.
9
10         * bytecode/CodeBlock.cpp:
11         (JSC::CodeBlock::linkIncomingCall):
12         (JSC::CodeBlock::install):
13         (JSC::CodeBlock::clearEvalCache): Deleted.
14         * bytecode/CodeBlock.h:
15         (JSC::CodeBlock::numberOfJumpTargets):
16         (JSC::CodeBlock::jumpTarget):
17         (JSC::CodeBlock::numberOfArgumentValueProfiles):
18
19 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
20
21         [ES6] Implement Reflect.defineProperty
22         https://bugs.webkit.org/show_bug.cgi?id=147943
23
24         Reviewed by Saam Barati.
25
26         This patch implements Reflect.defineProperty.
27         The difference from the Object.defineProperty is,
28
29         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
30         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
31         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
32
33         And this patch comments the links to the ES6 spec.
34
35         * builtins/ReflectObject.js:
36         * runtime/ObjectConstructor.cpp:
37         (JSC::toPropertyDescriptor):
38         * runtime/ObjectConstructor.h:
39         * runtime/ReflectObject.cpp:
40         (JSC::reflectObjectDefineProperty):
41         * tests/stress/reflect-define-property.js: Added.
42         (shouldBe):
43         (shouldThrow):
44         (.set getter):
45         (setter):
46         (.get testDescriptor):
47         (.set get var):
48         (.set testDescriptor):
49         (.set get testDescriptor):
50         (.set get shouldThrow):
51         (.get var):
52
53 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
54
55         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
56         https://bugs.webkit.org/show_bug.cgi?id=147950
57
58         Reviewed by Michael Saboff.
59
60         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
61         responsible for memory corruption, since it would sometimes install watchpoints on structures that
62         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
63         entirely since later phases also do constant folding, and they do it without introducing the bug.
64         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
65         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
66         be maximally aggressive in constant-folding whenever possible.
67
68         So, this change now brings back that constant folding rule - for loads from object constants that
69         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
70         tryGetConstantProperty() if we have registered the structure set.
71
72         * dfg/DFGByteCodeParser.cpp:
73         (JSC::DFG::ByteCodeParser::load):
74
75 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
76
77         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
78         https://bugs.webkit.org/show_bug.cgi?id=147353
79
80         Reviewed by Geoffrey Garen.
81
82         This patch implements ModuleRecord and ModuleAnalyzer.
83         ModuleAnalyzer analyzes the produced AST from the parser.
84         By collaborating with the parser, ModuleAnalyzer collects the information
85         that is necessary to request the loading for the dependent modules and
86         construct module's environment and namespace object before executing the actual
87         module body.
88
89         In the parser, we annotate which variable is imported binding and which variable
90         is exported from the current module. This information is leveraged in the ModuleAnalyzer
91         to categorize the export entries.
92
93         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
94         instead of introducing a new TreeContext type. This is because only 2 users use the
95         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
96         enough to switch the context to the SyntaxChecker when parsing the non-module related
97         statement in the preparsing phase.
98
99         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
100         into the JSC shell. By specifying this, the result of analysis is dumped when the module
101         is parsed and analyzed.
102
103         * CMakeLists.txt:
104         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
105         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
106         * JavaScriptCore.xcodeproj/project.pbxproj:
107         * builtins/BuiltinNames.h:
108         * parser/ASTBuilder.h:
109         (JSC::ASTBuilder::createExportDefaultDeclaration):
110         * parser/ModuleAnalyzer.cpp: Added.
111         (JSC::ModuleAnalyzer::ModuleAnalyzer):
112         (JSC::ModuleAnalyzer::exportedBinding):
113         (JSC::ModuleAnalyzer::declareExportAlias):
114         (JSC::ModuleAnalyzer::exportVariable):
115         (JSC::ModuleAnalyzer::analyze):
116         * parser/ModuleAnalyzer.h: Added.
117         (JSC::ModuleAnalyzer::vm):
118         (JSC::ModuleAnalyzer::moduleRecord):
119         * parser/ModuleRecord.cpp: Added.
120         (JSC::printableName):
121         (JSC::ModuleRecord::dump):
122         * parser/ModuleRecord.h: Added.
123         (JSC::ModuleRecord::ImportEntry::isNamespace):
124         (JSC::ModuleRecord::create):
125         (JSC::ModuleRecord::appendRequestedModule):
126         (JSC::ModuleRecord::addImportEntry):
127         (JSC::ModuleRecord::addExportEntry):
128         (JSC::ModuleRecord::addStarExportEntry):
129         * parser/NodeConstructors.h:
130         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
131         (JSC::ImportDeclarationNode::ImportDeclarationNode):
132         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
133         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
134         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
135         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
136         * parser/Nodes.h:
137         (JSC::ExportDefaultDeclarationNode::localName):
138         * parser/NodesAnalyzeModule.cpp: Added.
139         (JSC::ScopeNode::analyzeModule):
140         (JSC::SourceElements::analyzeModule):
141         (JSC::ImportDeclarationNode::analyzeModule):
142         (JSC::ExportAllDeclarationNode::analyzeModule):
143         (JSC::ExportDefaultDeclarationNode::analyzeModule):
144         (JSC::ExportLocalDeclarationNode::analyzeModule):
145         (JSC::ExportNamedDeclarationNode::analyzeModule):
146         * parser/Parser.cpp:
147         (JSC::Parser<LexerType>::parseInner):
148         (JSC::Parser<LexerType>::parseModuleSourceElements):
149         (JSC::Parser<LexerType>::parseVariableDeclarationList):
150         (JSC::Parser<LexerType>::createBindingPattern):
151         (JSC::Parser<LexerType>::parseFunctionDeclaration):
152         (JSC::Parser<LexerType>::parseClassDeclaration):
153         (JSC::Parser<LexerType>::parseImportClauseItem):
154         (JSC::Parser<LexerType>::parseExportSpecifier):
155         (JSC::Parser<LexerType>::parseExportDeclaration):
156         * parser/Parser.h:
157         (JSC::Scope::lexicalVariables):
158         (JSC::Scope::declareLexicalVariable):
159         (JSC::Parser::declareVariable):
160         (JSC::Parser::exportName):
161         (JSC::Parser<LexerType>::parse):
162         (JSC::parse):
163         * parser/ParserModes.h:
164         * parser/SyntaxChecker.h:
165         (JSC::SyntaxChecker::createExportDefaultDeclaration):
166         * parser/VariableEnvironment.cpp:
167         (JSC::VariableEnvironment::markVariableAsImported):
168         (JSC::VariableEnvironment::markVariableAsExported):
169         * parser/VariableEnvironment.h:
170         (JSC::VariableEnvironmentEntry::isExported):
171         (JSC::VariableEnvironmentEntry::isImported):
172         (JSC::VariableEnvironmentEntry::setIsExported):
173         (JSC::VariableEnvironmentEntry::setIsImported):
174         * runtime/CommonIdentifiers.h:
175         * runtime/Completion.cpp:
176         (JSC::checkModuleSyntax):
177         * runtime/Options.h:
178
179 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
180
181         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
182
183         * jit/ExecutableAllocator.h:
184         * jsc.cpp:
185         (GlobalObject::finishCreation):
186         (functionAddressOf):
187         (functionVersion):
188         (functionReleaseExecutableMemory): Deleted.
189         * runtime/VM.cpp:
190         (JSC::StackPreservingRecompiler::operator()):
191         (JSC::VM::throwException):
192         (JSC::VM::updateFTLLargestStackSize):
193         (JSC::VM::gatherConservativeRoots):
194         (JSC::VM::releaseExecutableMemory): Deleted.
195         (JSC::releaseExecutableMemory): Deleted.
196         * runtime/VM.h:
197         (JSC::VM::isCollectorBusy):
198         * runtime/Watchdog.cpp:
199         (JSC::Watchdog::setTimeLimit):
200
201 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
202
203         Roll out r188339, which broke the build.
204
205         Unreviewed.
206
207         * jit/ExecutableAllocator.h:
208         * jsc.cpp:
209         (GlobalObject::finishCreation):
210         (functionReleaseExecutableMemory):
211         * runtime/VM.cpp:
212         (JSC::StackPreservingRecompiler::visit):
213         (JSC::StackPreservingRecompiler::operator()):
214         (JSC::VM::releaseExecutableMemory):
215         (JSC::releaseExecutableMemory):
216         * runtime/VM.h:
217         * runtime/Watchdog.cpp:
218         (JSC::Watchdog::setTimeLimit):
219
220 2015-08-12  Alex Christensen  <achristensen@webkit.org>
221
222         Fix Debug CMake builds on Windows
223         https://bugs.webkit.org/show_bug.cgi?id=147940
224
225         Reviewed by Chris Dumez.
226
227         * PlatformWin.cmake:
228         Copy the plist to the JavaScriptCore.resources directory.
229
230 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
231
232         Remove VM::releaseExecutableMemory
233         https://bugs.webkit.org/show_bug.cgi?id=147915
234
235         Reviewed by Saam Barati.
236
237         releaseExecutableMemory() was only used in one place, where discardAllCode()
238         would work just as well.
239
240         It's confusing to have two slightly different ways to discard code. Also,
241         releaseExecutableMemory() is unused in any production code, and it seems
242         to have bit-rotted.
243
244         * jit/ExecutableAllocator.h:
245         * jsc.cpp:
246         (GlobalObject::finishCreation):
247         (functionAddressOf):
248         (functionVersion):
249         (functionReleaseExecutableMemory): Deleted.
250         * runtime/VM.cpp:
251         (JSC::StackPreservingRecompiler::operator()):
252         (JSC::VM::throwException):
253         (JSC::VM::updateFTLLargestStackSize):
254         (JSC::VM::gatherConservativeRoots):
255         (JSC::VM::releaseExecutableMemory): Deleted.
256         (JSC::releaseExecutableMemory): Deleted.
257         * runtime/VM.h:
258         (JSC::VM::isCollectorBusy):
259         * runtime/Watchdog.cpp:
260         (JSC::Watchdog::setTimeLimit):
261
262 2015-08-12  Mark Lam  <mark.lam@apple.com>
263
264         Add a JSC option to enable the watchdog for testing.
265         https://bugs.webkit.org/show_bug.cgi?id=147939
266
267         Reviewed by Michael Saboff.
268
269         * API/JSContextRef.cpp:
270         (JSContextGroupSetExecutionTimeLimit):
271         (createWatchdogIfNeeded): Deleted.
272         * runtime/Options.h:
273         * runtime/VM.cpp:
274         (JSC::VM::VM):
275         (JSC::VM::~VM):
276         (JSC::VM::sharedInstanceInternal):
277         (JSC::VM::ensureWatchdog):
278         (JSC::thunkGeneratorForIntrinsic):
279         * runtime/VM.h:
280
281 2015-08-11  Mark Lam  <mark.lam@apple.com>
282
283         Implementation JavaScript watchdog using WTF::WorkQueue.
284         https://bugs.webkit.org/show_bug.cgi?id=147107
285
286         Reviewed by Geoffrey Garen.
287
288         How the Watchdog works?
289         ======================
290
291         1. When do we start the Watchdog?
292            =============================
293            The watchdog should only be started if both the following conditions are true:
294            1. A time limit has been set.
295            2. We have entered the VM.
296  
297         2. CPU time vs Wall Clock time
298            ===========================
299            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
300
301            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
302            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
303            indicates the wall clock time point when the WorkQueue timer is expected to fire.
304
305            The time limit for which we allow JS code to run should be measured in CPU time, which can
306            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
307            should fire.
308
309            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
310            we need to check if m_cpuDeadline has been reached.
311
312            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
313
314            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
315            code to continue to run for.  Hence, we need to start a new timer to fire again after
316            Tremainder microseconds.
317     
318            See Watchdog::didFireSlow().
319
320         3. Spurious wake ups
321            =================
322            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
323            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
324            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
325            wake ups are considered to be spurious and will be ignored.
326  
327            See Watchdog::didFireSlow().
328  
329         4. Minimizing Timer creation cost
330            ==============================
331            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
332            than this.
333  
334            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
335            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
336            time limit. Consider the following example:
337  
338                |---|-----|---|----------------|---------|
339                t0  t1    t2  t3            t0 + L    t2 + L 
340
341                |<--- T1 --------------------->|
342                          |<--- T2 --------------------->|
343                |<-- Td ->|                    |<-- Td ->|
344
345            1. The user initializes the watchdog with time limit L.
346            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
347               The timer is set to expire at t0 + L.
348            3. At t1, we exit the VM.
349            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
350          
351               However, we can note that the expiration time for T2 would be after the expiration time
352               of T1. Specifically, T2 would have expired at Td after T1 expires.
353          
354               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
355               for a period or Td instead.
356
357            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
358            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
359            automatically take care of starting a new timer for the difference Td in the example above.
360            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
361            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
362
363            The benefit:
364
365            1. we minimize the number of timer instances we have queued in the workqueue at the same time
366               (ideally only 1 or 0), and use less peak memory usage.
367
368            2. we minimize the frequency of instantiating timer instances. By waiting for the current
369               active timer to expire first, on average, we get to start one timer per time limit
370               (which is infrequent because time limits tend to be long) instead of one timer per
371               VM entry (which tends to be frequent).
372
373            See Watchdog::startTimer().
374
375         * API/JSContextRef.cpp:
376         (createWatchdogIfNeeded):
377         (JSContextGroupClearExecutionTimeLimit):
378         - No need to create the watchdog (if not already created) just to clear it.
379           If the watchdog is not created yet, then it is effectively cleared.
380
381         * API/tests/ExecutionTimeLimitTest.cpp:
382         (currentCPUTimeAsJSFunctionCallback):
383         (testExecutionTimeLimit):
384         (currentCPUTime): Deleted.
385         * API/tests/testapi.c:
386         (main):
387         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
388         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
389         - Enable watchdog tests for all platforms.
390
391         * CMakeLists.txt:
392         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
393         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
394         * JavaScriptCore.xcodeproj/project.pbxproj:
395         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
396
397         * PlatformEfl.cmake:
398
399         * dfg/DFGByteCodeParser.cpp:
400         (JSC::DFG::ByteCodeParser::parseBlock):
401         * dfg/DFGSpeculativeJIT32_64.cpp:
402         * dfg/DFGSpeculativeJIT64.cpp:
403         * interpreter/Interpreter.cpp:
404         (JSC::Interpreter::execute):
405         (JSC::Interpreter::executeCall):
406         (JSC::Interpreter::executeConstruct):
407         * jit/JITOpcodes.cpp:
408         (JSC::JIT::emit_op_loop_hint):
409         (JSC::JIT::emitSlow_op_loop_hint):
410         * jit/JITOperations.cpp:
411         * llint/LLIntOffsetsExtractor.cpp:
412         * llint/LLIntSlowPaths.cpp:
413         * runtime/VM.cpp:
414         - #include Watchdog.h in these files directly instead of doing it via VM.h.
415           These saves us from having to recompile the world when we change Watchdog.h.
416
417         * runtime/VM.h:
418         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
419           thread-safe ref counted.
420
421         * runtime/VMEntryScope.cpp:
422         (JSC::VMEntryScope::VMEntryScope):
423         (JSC::VMEntryScope::~VMEntryScope):
424         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
425           Instead, the VMEntryScope will inform the watchdog of when we have entered and
426           exited the VM.
427
428         * runtime/Watchdog.cpp:
429         (JSC::currentWallClockTime):
430         (JSC::Watchdog::Watchdog):
431         (JSC::Watchdog::hasStartedTimer):
432         (JSC::Watchdog::setTimeLimit):
433         (JSC::Watchdog::didFireSlow):
434         (JSC::Watchdog::hasTimeLimit):
435         (JSC::Watchdog::fire):
436         (JSC::Watchdog::enteredVM):
437         (JSC::Watchdog::exitedVM):
438
439         (JSC::Watchdog::startTimer):
440         - The Watchdog is now thread-safe ref counted because the WorkQueue may access it
441           (from a different thread) even after the VM shuts down.  We need to keep it
442           alive until the WorkQueue callback completes.
443
444           In Watchdog::startTimer(), we'll ref the Watchdog to keep it alive for each
445           WorkQueue callback we dispatch.  The callback will deref the Watchdog after it
446           is done with it.  This ensures that the Watchdog is kept alive until all
447           WorkQueue callbacks are done.
448
449         (JSC::Watchdog::stopTimer):
450         (JSC::Watchdog::~Watchdog): Deleted.
451         (JSC::Watchdog::didFire): Deleted.
452         (JSC::Watchdog::isEnabled): Deleted.
453         (JSC::Watchdog::arm): Deleted.
454         (JSC::Watchdog::disarm): Deleted.
455         (JSC::Watchdog::startCountdownIfNeeded): Deleted.
456         (JSC::Watchdog::startCountdown): Deleted.
457         (JSC::Watchdog::stopCountdown): Deleted.
458         * runtime/Watchdog.h:
459         (JSC::Watchdog::didFire):
460         (JSC::Watchdog::timerDidFireAddress):
461         (JSC::Watchdog::isArmed): Deleted.
462         (JSC::Watchdog::Scope::Scope): Deleted.
463         (JSC::Watchdog::Scope::~Scope): Deleted.
464         * runtime/WatchdogMac.cpp:
465         (JSC::Watchdog::initTimer): Deleted.
466         (JSC::Watchdog::destroyTimer): Deleted.
467         (JSC::Watchdog::startTimer): Deleted.
468         (JSC::Watchdog::stopTimer): Deleted.
469         * runtime/WatchdogNone.cpp:
470         (JSC::Watchdog::initTimer): Deleted.
471         (JSC::Watchdog::destroyTimer): Deleted.
472         (JSC::Watchdog::startTimer): Deleted.
473         (JSC::Watchdog::stopTimer): Deleted.
474
475 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
476
477         Always use a byte-sized lock implementation
478         https://bugs.webkit.org/show_bug.cgi?id=147908
479
480         Reviewed by Geoffrey Garen.
481
482         * runtime/ConcurrentJITLock.h: Lock is now byte-sized and ByteLock is gone, so use Lock.
483
484 2015-08-11  Alexey Proskuryakov  <ap@apple.com>
485
486         Make ASan build not depend on asan.xcconfig
487         https://bugs.webkit.org/show_bug.cgi?id=147840
488         rdar://problem/21093702
489
490         Reviewed by Daniel Bates.
491
492         * dfg/DFGOSREntry.cpp:
493         (JSC::DFG::OSREntryData::dump):
494         (JSC::DFG::prepareOSREntry):
495         * ftl/FTLOSREntry.cpp:
496         (JSC::FTL::prepareOSREntry):
497         * heap/ConservativeRoots.cpp:
498         (JSC::ConservativeRoots::genericAddPointer):
499         (JSC::ConservativeRoots::genericAddSpan):
500         * heap/MachineStackMarker.cpp:
501         (JSC::MachineThreads::removeThreadIfFound):
502         (JSC::MachineThreads::gatherFromCurrentThread):
503         (JSC::MachineThreads::Thread::captureStack):
504         (JSC::copyMemory):
505         * interpreter/Register.h:
506         (JSC::Register::operator=):
507         (JSC::Register::asanUnsafeJSValue):
508         (JSC::Register::jsValue):
509
510 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
511
512         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
513         https://bugs.webkit.org/show_bug.cgi?id=147480
514
515         Reviewed by Filip Pizlo.
516
517         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
518         The IC site only caches one id. After checking that the given id is the same to the
519         cached one, we perform the get_by_id IC onto it.
520         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
521         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
522         operations when the given get_by_val leverages the property load with the cached id.
523
524         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
525         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
526         This can be leveraged to optimize symbol operations in DFG.
527
528         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
529         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
530         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
531         argument ArrayProfile* in the operations with ByValInfo*.
532
533         * bytecode/ByValInfo.h:
534         (JSC::ByValInfo::ByValInfo):
535         * bytecode/CodeBlock.cpp:
536         (JSC::CodeBlock::getByValInfoMap):
537         (JSC::CodeBlock::addByValInfo):
538         * bytecode/CodeBlock.h:
539         (JSC::CodeBlock::getByValInfo): Deleted.
540         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
541         (JSC::CodeBlock::numberOfByValInfos): Deleted.
542         (JSC::CodeBlock::byValInfo): Deleted.
543         * bytecode/ExitKind.cpp:
544         (JSC::exitKindToString):
545         * bytecode/ExitKind.h:
546         * bytecode/GetByIdStatus.cpp:
547         (JSC::GetByIdStatus::computeFor):
548         (JSC::GetByIdStatus::computeForStubInfo):
549         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
550         * bytecode/GetByIdStatus.h:
551         * dfg/DFGAbstractInterpreterInlines.h:
552         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
553         * dfg/DFGByteCodeParser.cpp:
554         (JSC::DFG::ByteCodeParser::parseBlock):
555         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
556         * dfg/DFGClobberize.h:
557         (JSC::DFG::clobberize):
558         * dfg/DFGConstantFoldingPhase.cpp:
559         (JSC::DFG::ConstantFoldingPhase::foldConstants):
560         * dfg/DFGDoesGC.cpp:
561         (JSC::DFG::doesGC):
562         * dfg/DFGFixupPhase.cpp:
563         (JSC::DFG::FixupPhase::fixupNode):
564         (JSC::DFG::FixupPhase::observeUseKindOnNode):
565         * dfg/DFGNode.h:
566         (JSC::DFG::Node::hasUidOperand):
567         (JSC::DFG::Node::uidOperand):
568         * dfg/DFGNodeType.h:
569         * dfg/DFGPredictionPropagationPhase.cpp:
570         (JSC::DFG::PredictionPropagationPhase::propagate):
571         * dfg/DFGSafeToExecute.h:
572         (JSC::DFG::SafeToExecuteEdge::operator()):
573         (JSC::DFG::safeToExecute):
574         * dfg/DFGSpeculativeJIT.cpp:
575         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
576         (JSC::DFG::SpeculativeJIT::speculateSymbol):
577         (JSC::DFG::SpeculativeJIT::speculate):
578         * dfg/DFGSpeculativeJIT.h:
579         * dfg/DFGSpeculativeJIT32_64.cpp:
580         (JSC::DFG::SpeculativeJIT::compile):
581         * dfg/DFGSpeculativeJIT64.cpp:
582         (JSC::DFG::SpeculativeJIT::compile):
583         * dfg/DFGUseKind.cpp:
584         (WTF::printInternal):
585         * dfg/DFGUseKind.h:
586         (JSC::DFG::typeFilterFor):
587         (JSC::DFG::isCell):
588         * ftl/FTLAbstractHeapRepository.h:
589         * ftl/FTLCapabilities.cpp:
590         (JSC::FTL::canCompile):
591         * ftl/FTLLowerDFGToLLVM.cpp:
592         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
593         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
594         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
595         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
596         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
597         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
598         * jit/JIT.cpp:
599         (JSC::JIT::privateCompile):
600         * jit/JIT.h:
601         (JSC::ByValCompilationInfo::ByValCompilationInfo):
602         (JSC::JIT::compileGetByValWithCachedId):
603         * jit/JITInlines.h:
604         (JSC::JIT::callOperation):
605         * jit/JITOpcodes.cpp:
606         (JSC::JIT::emit_op_has_indexed_property):
607         (JSC::JIT::emitSlow_op_has_indexed_property):
608         * jit/JITOpcodes32_64.cpp:
609         (JSC::JIT::emit_op_has_indexed_property):
610         (JSC::JIT::emitSlow_op_has_indexed_property):
611         * jit/JITOperations.cpp:
612         (JSC::getByVal):
613         * jit/JITOperations.h:
614         * jit/JITPropertyAccess.cpp:
615         (JSC::JIT::emit_op_get_by_val):
616         (JSC::JIT::emitGetByValWithCachedId):
617         (JSC::JIT::emitSlow_op_get_by_val):
618         (JSC::JIT::emit_op_put_by_val):
619         (JSC::JIT::emitSlow_op_put_by_val):
620         (JSC::JIT::privateCompileGetByVal):
621         (JSC::JIT::privateCompileGetByValWithCachedId):
622         * jit/JITPropertyAccess32_64.cpp:
623         (JSC::JIT::emit_op_get_by_val):
624         (JSC::JIT::emitGetByValWithCachedId):
625         (JSC::JIT::emitSlow_op_get_by_val):
626         (JSC::JIT::emit_op_put_by_val):
627         (JSC::JIT::emitSlow_op_put_by_val):
628         * runtime/Symbol.h:
629         * tests/stress/get-by-val-with-string-constructor.js: Added.
630         (Hello):
631         (get Hello.prototype.generate):
632         (ok):
633         * tests/stress/get-by-val-with-string-exit.js: Added.
634         (shouldBe):
635         (getByVal):
636         (getStr1):
637         (getStr2):
638         * tests/stress/get-by-val-with-string-generated.js: Added.
639         (shouldBe):
640         (getByVal):
641         (getStr1):
642         (getStr2):
643         * tests/stress/get-by-val-with-string-getter.js: Added.
644         (object.get hello):
645         (ok):
646         * tests/stress/get-by-val-with-string.js: Added.
647         (shouldBe):
648         (getByVal):
649         (getStr1):
650         (getStr2):
651         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
652         (Hello):
653         (get Hello.prototype.generate):
654         (ok):
655         * tests/stress/get-by-val-with-symbol-exit.js: Added.
656         (shouldBe):
657         (getByVal):
658         (getSym1):
659         (getSym2):
660         * tests/stress/get-by-val-with-symbol-getter.js: Added.
661         (object.get hello):
662         (.get ok):
663         * tests/stress/get-by-val-with-symbol.js: Added.
664         (shouldBe):
665         (getByVal):
666         (getSym1):
667         (getSym2):
668
669 2015-08-11  Filip Pizlo  <fpizlo@apple.com>
670
671         DFG::ByteCodeParser shouldn't call tryGetConstantProperty() with some StructureSet if it isn't checking that the base has a structure in that StructureSet
672         https://bugs.webkit.org/show_bug.cgi?id=147891
673         rdar://problem/22129447
674
675         Reviewed by Mark Lam.
676
677         * dfg/DFGByteCodeParser.cpp:
678         (JSC::DFG::ByteCodeParser::handleGetByOffset): Get rid of this.
679         (JSC::DFG::ByteCodeParser::load): Don't call the version of handleGetByOffset() that assumes that we had CheckStructure'd some StructureSet, since we may not have CheckStructure'd anything.
680         * dfg/DFGGraph.cpp:
681         (JSC::DFG::Graph::assertIsRegistered): Make this always assert even before the StructureRegistrationPhase.
682         * dfg/DFGStructureRegistrationPhase.cpp:
683         (JSC::DFG::StructureRegistrationPhase::run): Add a FIXME that notes that we no longer believe that structures should be registered only at this phase. They should be registered before this phase and this phase should be removed.
684
685 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
686
687         [Win] Switch Windows build to Visual Studio 2015
688         https://bugs.webkit.org/show_bug.cgi?id=147887
689         <rdar://problem/22235098>
690
691         Reviewed by Alex Christensen.
692
693         Update Visual Studio project file settings to use the current Visual
694         Studio and compiler. Continue targeting binaries to run on our minimum
695         supported configuration of Windows 7.
696
697         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
698         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
699         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
700         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
701         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
702         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
703         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj:
704         * JavaScriptCore.vcxproj/libllvmForJSC/libllvmForJSC.vcxproj:
705         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
706         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj:
707         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
708         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj:
709
710 2015-08-10  Filip Pizlo  <fpizlo@apple.com>
711
712         WTF should have a ParkingLot for parking sleeping threads, so that locks can fit in 1.6 bits
713         https://bugs.webkit.org/show_bug.cgi?id=147665
714
715         Reviewed by Mark Lam.
716
717         Replace ByteSpinLock with ByteLock.
718
719         * runtime/ConcurrentJITLock.h:
720
721 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
722
723         Numeric setter on prototype doesn't get called.
724         https://bugs.webkit.org/show_bug.cgi?id=144252
725
726         Reviewed by Darin Adler.
727
728         When switching the blank indexing type to the other one in putByIndex,
729         if the `structure(vm)->needsSlowPutIndexing()` is true, we need to switch
730         it to the slow put indexing type and reloop the putByIndex since there may
731         be some indexing accessor in the prototype chain. Previously, we just set
732         the value into the allocated vector.
733
734         In the putDirectIndex case, we just store the value to the vector.
735         This is because putDirectIndex is the operation to store the own property
736         and it does not check the accessors in the prototype chain.
737
738         * runtime/JSObject.cpp:
739         (JSC::JSObject::putByIndexBeyondVectorLength):
740         * tests/stress/injected-numeric-setter-on-prototype.js: Added.
741         (shouldBe):
742         (Trace):
743         (Trace.prototype.trace):
744         (Trace.prototype.get count):
745         (.):
746         * tests/stress/numeric-setter-on-prototype-non-blank-array.js: Added.
747         (shouldBe):
748         (Trace):
749         (Trace.prototype.trace):
750         (Trace.prototype.get count):
751         (.):
752         * tests/stress/numeric-setter-on-prototype.js: Added.
753         (shouldBe):
754         (Trace):
755         (Trace.prototype.trace):
756         (Trace.prototype.get count):
757         (.z.__proto__.set 3):
758         * tests/stress/numeric-setter-on-self.js: Added.
759         (shouldBe):
760         (Trace):
761         (Trace.prototype.trace):
762         (Trace.prototype.get count):
763         (.y.set 2):
764
765 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
766
767         [Win] Unreviewed gardening.
768
769         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
770         file references so they appear in the proper IDE locations.
771
772 2015-08-11  Brent Fulgham  <bfulgham@apple.com>
773
774         Unreviewed windows build fix for VS2015.
775
776         * bindings/ScriptValue.h: Add missing JSCJSValueInlines.h include.
777
778 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
779
780         [ES6] Implement Reflect.has
781         https://bugs.webkit.org/show_bug.cgi?id=147875
782
783         Reviewed by Sam Weinig.
784
785         This patch implements Reflect.has[1].
786         Since the semantics is the same to the `in` operator in the JS[2],
787         we can implement it in builtin JS code.
788
789         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
790         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
791
792         * builtins/ReflectObject.js:
793         (has):
794         * runtime/ReflectObject.cpp:
795         * tests/stress/reflect-has.js: Added.
796         (shouldBe):
797         (shouldThrow):
798
799 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
800
801         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
802         https://bugs.webkit.org/show_bug.cgi?id=147874
803
804         Reviewed by Darin Adler.
805
806         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
807         The difference from the Object.* one is
808
809         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
810         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
811
812         * runtime/ObjectConstructor.cpp:
813         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
814         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
815         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
816         (JSC::objectConstructorGetPrototypeOf):
817         * runtime/ObjectConstructor.h:
818         * runtime/ReflectObject.cpp:
819         (JSC::reflectObjectGetPrototypeOf):
820         (JSC::reflectObjectSetPrototypeOf):
821         * tests/stress/reflect-get-prototype-of.js: Added.
822         (shouldBe):
823         (shouldThrow):
824         (Base):
825         (Derived):
826         * tests/stress/reflect-set-prototype-of.js: Added.
827         (shouldBe):
828         (shouldThrow):
829
830 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
831
832         Fix debug build when optimization is enabled
833         https://bugs.webkit.org/show_bug.cgi?id=147816
834
835         Reviewed by Alexey Proskuryakov.
836
837         * llint/LLIntEntrypoint.cpp:
838         * runtime/FunctionExecutableDump.cpp:
839
840 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
841
842         Ensure that Reflect.enumerate does not produce the deleted keys
843         https://bugs.webkit.org/show_bug.cgi?id=147677
844
845         Reviewed by Darin Adler.
846
847         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
848
849         * tests/stress/reflect-enumerate.js:
850
851 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
852
853         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
854         https://bugs.webkit.org/show_bug.cgi?id=147856
855
856         Reviewed by Saam Barati.
857
858         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
859
860         * CMakeLists.txt:
861         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
862         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
863         * JavaScriptCore.xcodeproj/project.pbxproj:
864         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
865         (JSC::ExecutableInfo::ExecutableInfo):
866         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
867         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
868         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
869         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
870         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
871         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
872         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
873         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
874         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
875         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
876         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
877         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
878         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
879         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
880         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
881         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
882         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
883         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
884         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
885         (JSC::UnlinkedCodeBlock::regexp): Deleted.
886         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
887         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
888         (JSC::UnlinkedCodeBlock::identifier): Deleted.
889         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
890         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
891         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
892         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
893         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
894         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
895         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
896         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
897         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
898         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
899         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
900         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
901         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
902         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
903         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
904         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
905         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
906         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
907         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
908         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
909         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
910         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
911         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
912         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
913         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
914         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
915         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
916         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
917         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
918         (JSC::UnlinkedCodeBlock::vm): Deleted.
919         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
920         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
921         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
922         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
923         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
924         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
925         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
926         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
927         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
928         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
929         (JSC::UnlinkedCodeBlock::codeType): Deleted.
930         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
931         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
932         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
933         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
934         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
935         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
936         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
937         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
938         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
939         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
940         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
941         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
942         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
943         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
944         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
945         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
946         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
947         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
948         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
949         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
950         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
951         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
952         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
953         * bytecode/UnlinkedCodeBlock.cpp:
954         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
955         (JSC::generateFunctionCodeBlock): Deleted.
956         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
957         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
958         (JSC::UnlinkedFunctionExecutable::link): Deleted.
959         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
960         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
961         * bytecode/UnlinkedCodeBlock.h:
962         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
963         (JSC::ExecutableInfo::needsActivation): Deleted.
964         (JSC::ExecutableInfo::usesEval): Deleted.
965         (JSC::ExecutableInfo::isStrictMode): Deleted.
966         (JSC::ExecutableInfo::isConstructor): Deleted.
967         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
968         (JSC::ExecutableInfo::constructorKind): Deleted.
969         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
970         (JSC::generateFunctionCodeBlock):
971         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
972         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
973         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
974         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
975         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
976         (JSC::dumpLineColumnEntry): Deleted.
977         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
978         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
979         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
980         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
981         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
982         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
983         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
984         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
985         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
986         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
987         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
988         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
989         (JSC::UnlinkedCodeBlock::instructions): Deleted.
990         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
991         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
992         (JSC::ExecutableInfo::needsActivation): Deleted.
993         (JSC::ExecutableInfo::usesEval): Deleted.
994         (JSC::ExecutableInfo::isStrictMode): Deleted.
995         (JSC::ExecutableInfo::isConstructor): Deleted.
996         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
997         (JSC::ExecutableInfo::constructorKind): Deleted.
998         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
999         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
1000         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
1001         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
1002         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
1003         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
1004         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
1005         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
1006         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
1007         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
1008         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
1009         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
1010         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
1011         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
1012         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
1013         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
1014         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
1015         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
1016         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
1017         (JSC::UnlinkedCodeBlock::regexp): Deleted.
1018         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
1019         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
1020         (JSC::UnlinkedCodeBlock::identifier): Deleted.
1021         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
1022         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
1023         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
1024         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
1025         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
1026         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
1027         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
1028         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
1029         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
1030         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
1031         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
1032         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
1033         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
1034         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
1035         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
1036         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
1037         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
1038         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
1039         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
1040         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
1041         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
1042         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
1043         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
1044         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
1045         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
1046         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
1047         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
1048         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
1049         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
1050         (JSC::UnlinkedCodeBlock::vm): Deleted.
1051         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
1052         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
1053         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
1054         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
1055         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
1056         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
1057         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
1058         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
1059         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
1060         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
1061         (JSC::UnlinkedCodeBlock::codeType): Deleted.
1062         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
1063         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
1064         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
1065         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
1066         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
1067         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
1068         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
1069         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
1070         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
1071         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
1072         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
1073         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
1074         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
1075         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
1076         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
1077         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
1078         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
1079         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
1080         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
1081         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
1082         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
1083         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
1084         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
1085         * runtime/Executable.h:
1086
1087 2015-08-10  Mark Lam  <mark.lam@apple.com>
1088
1089         Refactor LiveObjectList and LiveObjectData into their own files.
1090         https://bugs.webkit.org/show_bug.cgi?id=147843
1091
1092         Reviewed by Saam Barati.
1093
1094         There is no behavior change in this patch.
1095
1096         * CMakeLists.txt:
1097         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1098         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1099         * JavaScriptCore.xcodeproj/project.pbxproj:
1100         * heap/HeapVerifier.cpp:
1101         (JSC::HeapVerifier::HeapVerifier):
1102         (JSC::LiveObjectList::findObject): Deleted.
1103         * heap/HeapVerifier.h:
1104         (JSC::LiveObjectData::LiveObjectData): Deleted.
1105         (JSC::LiveObjectList::LiveObjectList): Deleted.
1106         (JSC::LiveObjectList::reset): Deleted.
1107         * heap/LiveObjectData.h: Added.
1108         (JSC::LiveObjectData::LiveObjectData):
1109         * heap/LiveObjectList.cpp: Added.
1110         (JSC::LiveObjectList::findObject):
1111         * heap/LiveObjectList.h: Added.
1112         (JSC::LiveObjectList::LiveObjectList):
1113         (JSC::LiveObjectList::reset):
1114
1115 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
1116
1117         Let's rename FunctionBodyNode
1118         https://bugs.webkit.org/show_bug.cgi?id=147292
1119
1120         Reviewed by Mark Lam & Saam Barati.
1121
1122         FunctionBodyNode => FunctionMetadataNode
1123
1124         Make FunctionMetadataNode inherit from Node instead of StatementNode
1125         because a FunctionMetadataNode can appear in expression context and does
1126         not have a next statement.
1127
1128         (I decided to continue allocating FunctionMetadataNode in the AST arena,
1129         and to retain "Node" in its name, because it really is a parsing
1130         construct, and we transform its data before consuming it elsewhere.
1131
1132         There is still room for a future patch to distill and simplify the
1133         metadata we track about functions between FunDeclNode/FuncExprNode,
1134         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
1135
1136         * builtins/BuiltinExecutables.cpp:
1137         (JSC::BuiltinExecutables::createExecutableInternal):
1138         * bytecode/UnlinkedCodeBlock.cpp:
1139         (JSC::generateFunctionCodeBlock):
1140         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1141         * bytecode/UnlinkedCodeBlock.h:
1142         * bytecompiler/BytecodeGenerator.cpp:
1143         (JSC::BytecodeGenerator::generate):
1144         (JSC::BytecodeGenerator::BytecodeGenerator):
1145         (JSC::BytecodeGenerator::emitNewArray):
1146         (JSC::BytecodeGenerator::emitNewFunction):
1147         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1148         * bytecompiler/BytecodeGenerator.h:
1149         (JSC::BytecodeGenerator::makeFunction):
1150         * bytecompiler/NodesCodegen.cpp:
1151         (JSC::EvalNode::emitBytecode):
1152         (JSC::FunctionNode::emitBytecode):
1153         (JSC::FunctionBodyNode::emitBytecode): Deleted.
1154         * parser/ASTBuilder.h:
1155         (JSC::ASTBuilder::createFunctionExpr):
1156         (JSC::ASTBuilder::createFunctionBody):
1157         * parser/NodeConstructors.h:
1158         (JSC::FunctionParameters::FunctionParameters):
1159         (JSC::FuncExprNode::FuncExprNode):
1160         (JSC::FuncDeclNode::FuncDeclNode):
1161         * parser/Nodes.cpp:
1162         (JSC::EvalNode::EvalNode):
1163         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1164         (JSC::FunctionMetadataNode::finishParsing):
1165         (JSC::FunctionMetadataNode::setEndPosition):
1166         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
1167         (JSC::FunctionBodyNode::finishParsing): Deleted.
1168         (JSC::FunctionBodyNode::setEndPosition): Deleted.
1169         * parser/Nodes.h:
1170         (JSC::FuncExprNode::body):
1171         (JSC::FuncDeclNode::body):
1172         * parser/Parser.h:
1173         (JSC::Parser::isFunctionMetadataNode):
1174         (JSC::Parser::next):
1175         (JSC::Parser<LexerType>::parse):
1176         (JSC::Parser::isFunctionBodyNode): Deleted.
1177         * runtime/CodeCache.cpp:
1178         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
1179         * runtime/CodeCache.h:
1180
1181 2015-08-09  Chris Dumez  <cdumez@apple.com>
1182
1183         Regression(r188105): Seems to have caused crashes during PLT on some iPads
1184         https://bugs.webkit.org/show_bug.cgi?id=147818
1185
1186         Unreviewed, roll out r188105.
1187
1188         * bytecode/ByValInfo.h:
1189         (JSC::ByValInfo::ByValInfo):
1190         * bytecode/CodeBlock.cpp:
1191         (JSC::CodeBlock::getByValInfoMap): Deleted.
1192         (JSC::CodeBlock::addByValInfo): Deleted.
1193         * bytecode/CodeBlock.h:
1194         (JSC::CodeBlock::getByValInfo):
1195         (JSC::CodeBlock::setNumberOfByValInfos):
1196         (JSC::CodeBlock::numberOfByValInfos):
1197         (JSC::CodeBlock::byValInfo):
1198         * bytecode/ExitKind.cpp:
1199         (JSC::exitKindToString): Deleted.
1200         * bytecode/ExitKind.h:
1201         * bytecode/GetByIdStatus.cpp:
1202         (JSC::GetByIdStatus::computeFor):
1203         (JSC::GetByIdStatus::computeForStubInfo):
1204         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
1205         * bytecode/GetByIdStatus.h:
1206         * dfg/DFGAbstractInterpreterInlines.h:
1207         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
1208         * dfg/DFGByteCodeParser.cpp:
1209         (JSC::DFG::ByteCodeParser::parseBlock):
1210         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
1211         * dfg/DFGClobberize.h:
1212         (JSC::DFG::clobberize): Deleted.
1213         * dfg/DFGConstantFoldingPhase.cpp:
1214         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
1215         * dfg/DFGDoesGC.cpp:
1216         (JSC::DFG::doesGC): Deleted.
1217         * dfg/DFGFixupPhase.cpp:
1218         (JSC::DFG::FixupPhase::fixupNode): Deleted.
1219         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
1220         * dfg/DFGNode.h:
1221         (JSC::DFG::Node::hasUidOperand): Deleted.
1222         (JSC::DFG::Node::uidOperand): Deleted.
1223         * dfg/DFGNodeType.h:
1224         * dfg/DFGPredictionPropagationPhase.cpp:
1225         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1226         * dfg/DFGSafeToExecute.h:
1227         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
1228         (JSC::DFG::safeToExecute): Deleted.
1229         * dfg/DFGSpeculativeJIT.cpp:
1230         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
1231         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
1232         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
1233         * dfg/DFGSpeculativeJIT.h:
1234         * dfg/DFGSpeculativeJIT32_64.cpp:
1235         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1236         * dfg/DFGSpeculativeJIT64.cpp:
1237         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1238         * dfg/DFGUseKind.cpp:
1239         (WTF::printInternal): Deleted.
1240         * dfg/DFGUseKind.h:
1241         (JSC::DFG::typeFilterFor): Deleted.
1242         (JSC::DFG::isCell): Deleted.
1243         * ftl/FTLAbstractHeapRepository.h:
1244         * ftl/FTLCapabilities.cpp:
1245         (JSC::FTL::canCompile): Deleted.
1246         * ftl/FTLLowerDFGToLLVM.cpp:
1247         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1248         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
1249         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
1250         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
1251         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
1252         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
1253         * jit/JIT.cpp:
1254         (JSC::JIT::privateCompile):
1255         * jit/JIT.h:
1256         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1257         (JSC::JIT::compileGetByValWithCachedId): Deleted.
1258         * jit/JITInlines.h:
1259         (JSC::JIT::callOperation): Deleted.
1260         * jit/JITOpcodes.cpp:
1261         (JSC::JIT::emit_op_has_indexed_property):
1262         (JSC::JIT::emitSlow_op_has_indexed_property):
1263         * jit/JITOpcodes32_64.cpp:
1264         (JSC::JIT::emit_op_has_indexed_property):
1265         (JSC::JIT::emitSlow_op_has_indexed_property):
1266         * jit/JITOperations.cpp:
1267         (JSC::getByVal):
1268         * jit/JITOperations.h:
1269         * jit/JITPropertyAccess.cpp:
1270         (JSC::JIT::emit_op_get_by_val):
1271         (JSC::JIT::emitSlow_op_get_by_val):
1272         (JSC::JIT::emit_op_put_by_val):
1273         (JSC::JIT::emitSlow_op_put_by_val):
1274         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1275         (JSC::JIT::privateCompileGetByVal): Deleted.
1276         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
1277         * jit/JITPropertyAccess32_64.cpp:
1278         (JSC::JIT::emit_op_get_by_val):
1279         (JSC::JIT::emitSlow_op_get_by_val):
1280         (JSC::JIT::emit_op_put_by_val):
1281         (JSC::JIT::emitSlow_op_put_by_val):
1282         (JSC::JIT::emitGetByValWithCachedId): Deleted.
1283         * runtime/Symbol.h:
1284         * tests/stress/get-by-val-with-string-constructor.js: Removed.
1285         * tests/stress/get-by-val-with-string-exit.js: Removed.
1286         * tests/stress/get-by-val-with-string-generated.js: Removed.
1287         * tests/stress/get-by-val-with-string-getter.js: Removed.
1288         * tests/stress/get-by-val-with-string.js: Removed.
1289         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
1290         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
1291         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
1292         * tests/stress/get-by-val-with-symbol.js: Removed.
1293
1294 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1295
1296         Reduce uses of PassRefPtr in bindings
1297         https://bugs.webkit.org/show_bug.cgi?id=147781
1298
1299         Reviewed by Chris Dumez.
1300
1301         Use RefPtr when function can return null or an instance. If not, Ref is used.
1302
1303         * runtime/JSGenericTypedArrayView.h:
1304         (JSC::toNativeTypedView):
1305
1306 2015-08-07  Alex Christensen  <achristensen@webkit.org>
1307
1308         Build more testing binaries with CMake on Windows
1309         https://bugs.webkit.org/show_bug.cgi?id=147799
1310
1311         Reviewed by Brent Fulgham.
1312
1313         * shell/PlatformWin.cmake: Added.
1314         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
1315
1316 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
1317
1318         Lightweight locks should be adaptive
1319         https://bugs.webkit.org/show_bug.cgi?id=147545
1320
1321         Reviewed by Geoffrey Garen.
1322
1323         * dfg/DFGCommon.cpp:
1324         (JSC::DFG::startCrashing):
1325         * heap/CopiedBlock.h:
1326         (JSC::CopiedBlock::workListLock):
1327         * heap/CopiedBlockInlines.h:
1328         (JSC::CopiedBlock::shouldReportLiveBytes):
1329         (JSC::CopiedBlock::reportLiveBytes):
1330         * heap/CopiedSpace.cpp:
1331         (JSC::CopiedSpace::doneFillingBlock):
1332         * heap/CopiedSpace.h:
1333         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
1334         * heap/CopiedSpaceInlines.h:
1335         (JSC::CopiedSpace::recycleEvacuatedBlock):
1336         * heap/GCThreadSharedData.cpp:
1337         (JSC::GCThreadSharedData::didStartCopying):
1338         * heap/GCThreadSharedData.h:
1339         (JSC::GCThreadSharedData::getNextBlocksToCopy):
1340         * heap/ListableHandler.h:
1341         (JSC::ListableHandler::List::addThreadSafe):
1342         (JSC::ListableHandler::List::addNotThreadSafe):
1343         * heap/MachineStackMarker.cpp:
1344         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1345         * heap/SlotVisitorInlines.h:
1346         (JSC::SlotVisitor::copyLater):
1347         * parser/SourceProvider.cpp:
1348         (JSC::SourceProvider::~SourceProvider):
1349         (JSC::SourceProvider::getID):
1350         * profiler/ProfilerDatabase.cpp:
1351         (JSC::Profiler::Database::addDatabaseToAtExit):
1352         (JSC::Profiler::Database::removeDatabaseFromAtExit):
1353         (JSC::Profiler::Database::removeFirstAtExitDatabase):
1354         * runtime/TypeProfilerLog.h:
1355
1356 2015-08-07  Mark Lam  <mark.lam@apple.com>
1357
1358         Rename some variables in the JSC watchdog implementation.
1359         https://bugs.webkit.org/show_bug.cgi?id=147790
1360
1361         Rubber stamped by Benjamin Poulain.
1362
1363         This is just a refactoring patch to give the variable better names that describe their
1364         intended use.  There is no behavior change.
1365
1366         * runtime/Watchdog.cpp:
1367         (JSC::Watchdog::Watchdog):
1368         (JSC::Watchdog::setTimeLimit):
1369         (JSC::Watchdog::didFire):
1370         (JSC::Watchdog::isEnabled):
1371         (JSC::Watchdog::fire):
1372         (JSC::Watchdog::startCountdownIfNeeded):
1373         * runtime/Watchdog.h:
1374
1375 2015-08-07  Saam barati  <saambarati1@gmail.com>
1376
1377         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
1378         https://bugs.webkit.org/show_bug.cgi?id=147666
1379
1380         Reviewed by Geoffrey Garen.
1381
1382         If we make the bytecode generator know about every local scope it 
1383         creates, and if we give each local scope a unique register, the
1384         bytecode generator has all the information it needs to assign
1385         the correct scope to a catch handler. Because the bytecode generator
1386         knows this information, it's a better separation of responsibilties
1387         for it to set up the proper scope instead of relying on the exception
1388         handling runtime to find the scope.
1389
1390         * bytecode/BytecodeList.json:
1391         * bytecode/BytecodeUseDef.h:
1392         (JSC::computeUsesForBytecodeOffset):
1393         * bytecode/CodeBlock.cpp:
1394         (JSC::CodeBlock::dumpBytecode):
1395         (JSC::CodeBlock::CodeBlock):
1396         * bytecode/HandlerInfo.h:
1397         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
1398         (JSC::HandlerInfo::initialize):
1399         * bytecompiler/BytecodeGenerator.cpp:
1400         (JSC::BytecodeGenerator::generate):
1401         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1402         (JSC::BytecodeGenerator::emitGetScope):
1403         (JSC::BytecodeGenerator::emitPushWithScope):
1404         (JSC::BytecodeGenerator::emitGetParentScope):
1405         (JSC::BytecodeGenerator::emitPopScope):
1406         (JSC::BytecodeGenerator::emitPopWithScope):
1407         (JSC::BytecodeGenerator::allocateAndEmitScope):
1408         (JSC::BytecodeGenerator::emitComplexPopScopes):
1409         (JSC::BytecodeGenerator::pushTry):
1410         (JSC::BytecodeGenerator::popTryAndEmitCatch):
1411         (JSC::BytecodeGenerator::localScopeDepth):
1412         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
1413         * bytecompiler/BytecodeGenerator.h:
1414         * bytecompiler/NodesCodegen.cpp:
1415         (JSC::WithNode::emitBytecode):
1416         * interpreter/Interpreter.cpp:
1417         (JSC::Interpreter::unwind):
1418         * jit/JITOpcodes.cpp:
1419         (JSC::JIT::emit_op_push_with_scope):
1420         (JSC::JIT::compileOpStrictEq):
1421         * jit/JITOpcodes32_64.cpp:
1422         (JSC::JIT::emit_op_push_with_scope):
1423         (JSC::JIT::emit_op_to_number):
1424         * jit/JITOperations.cpp:
1425         * jit/JITOperations.h:
1426         * llint/LLIntSlowPaths.cpp:
1427         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1428         * llint/LLIntSlowPaths.h:
1429         * llint/LowLevelInterpreter.asm:
1430         * runtime/CommonSlowPaths.cpp:
1431         (JSC::SLOW_PATH_DECL):
1432         * runtime/CommonSlowPaths.h:
1433         * runtime/JSScope.cpp:
1434         (JSC::JSScope::objectAtScope):
1435         (JSC::isUnscopable):
1436         (JSC::JSScope::depth): Deleted.
1437         * runtime/JSScope.h:
1438
1439 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1440
1441         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
1442         https://bugs.webkit.org/show_bug.cgi?id=147761
1443
1444         Reviewed by Mark Lam.
1445
1446         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
1447         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
1448         it truncates the immediate pointer into the 32bit immediate.
1449         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
1450
1451         * assembler/MacroAssemblerARM64.h:
1452         (JSC::MacroAssemblerARM64::patchableBranchPtr):
1453         (JSC::MacroAssemblerARM64::patchableBranch64):
1454         * assembler/MacroAssemblerX86_64.h:
1455         (JSC::MacroAssemblerX86_64::patchableBranch64):
1456         * jit/JIT.h:
1457         * jit/JITInlines.h:
1458         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
1459         * jit/JITPropertyAccess.cpp:
1460         (JSC::JIT::emit_op_get_by_val):
1461
1462 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1463
1464         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
1465         https://bugs.webkit.org/show_bug.cgi?id=147480
1466
1467         Reviewed by Filip Pizlo.
1468
1469         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
1470         The IC site only caches one id. After checking that the given id is the same to the
1471         cached one, we perform the get_by_id IC onto it.
1472         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
1473         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
1474         operations when the given get_by_val leverages the property load with the cached id.
1475
1476         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
1477         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
1478         This can be leveraged to optimize symbol operations in DFG.
1479
1480         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
1481         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
1482         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
1483         argument ArrayProfile* in the operations with ByValInfo*.
1484
1485         * bytecode/ByValInfo.h:
1486         (JSC::ByValInfo::ByValInfo):
1487         * bytecode/CodeBlock.cpp:
1488         (JSC::CodeBlock::getByValInfoMap):
1489         (JSC::CodeBlock::addByValInfo):
1490         * bytecode/CodeBlock.h:
1491         (JSC::CodeBlock::getByValInfo): Deleted.
1492         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
1493         (JSC::CodeBlock::numberOfByValInfos): Deleted.
1494         (JSC::CodeBlock::byValInfo): Deleted.
1495         * bytecode/ExitKind.cpp:
1496         (JSC::exitKindToString):
1497         * bytecode/ExitKind.h:
1498         * bytecode/GetByIdStatus.cpp:
1499         (JSC::GetByIdStatus::computeFor):
1500         (JSC::GetByIdStatus::computeForStubInfo):
1501         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
1502         * bytecode/GetByIdStatus.h:
1503         * dfg/DFGAbstractInterpreterInlines.h:
1504         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1505         * dfg/DFGByteCodeParser.cpp:
1506         (JSC::DFG::ByteCodeParser::parseBlock):
1507         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1508         * dfg/DFGClobberize.h:
1509         (JSC::DFG::clobberize):
1510         * dfg/DFGConstantFoldingPhase.cpp:
1511         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1512         * dfg/DFGDoesGC.cpp:
1513         (JSC::DFG::doesGC):
1514         * dfg/DFGFixupPhase.cpp:
1515         (JSC::DFG::FixupPhase::fixupNode):
1516         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1517         * dfg/DFGNode.h:
1518         (JSC::DFG::Node::hasUidOperand):
1519         (JSC::DFG::Node::uidOperand):
1520         * dfg/DFGNodeType.h:
1521         * dfg/DFGPredictionPropagationPhase.cpp:
1522         (JSC::DFG::PredictionPropagationPhase::propagate):
1523         * dfg/DFGSafeToExecute.h:
1524         (JSC::DFG::SafeToExecuteEdge::operator()):
1525         (JSC::DFG::safeToExecute):
1526         * dfg/DFGSpeculativeJIT.cpp:
1527         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
1528         (JSC::DFG::SpeculativeJIT::speculateSymbol):
1529         (JSC::DFG::SpeculativeJIT::speculate):
1530         * dfg/DFGSpeculativeJIT.h:
1531         * dfg/DFGSpeculativeJIT32_64.cpp:
1532         (JSC::DFG::SpeculativeJIT::compile):
1533         * dfg/DFGSpeculativeJIT64.cpp:
1534         (JSC::DFG::SpeculativeJIT::compile):
1535         * dfg/DFGUseKind.cpp:
1536         (WTF::printInternal):
1537         * dfg/DFGUseKind.h:
1538         (JSC::DFG::typeFilterFor):
1539         (JSC::DFG::isCell):
1540         * ftl/FTLAbstractHeapRepository.h:
1541         * ftl/FTLCapabilities.cpp:
1542         (JSC::FTL::canCompile):
1543         * ftl/FTLLowerDFGToLLVM.cpp:
1544         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1545         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
1546         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
1547         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
1548         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
1549         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
1550         * jit/JIT.cpp:
1551         (JSC::JIT::privateCompile):
1552         * jit/JIT.h:
1553         (JSC::ByValCompilationInfo::ByValCompilationInfo):
1554         (JSC::JIT::compileGetByValWithCachedId):
1555         * jit/JITInlines.h:
1556         (JSC::JIT::callOperation):
1557         * jit/JITOpcodes.cpp:
1558         (JSC::JIT::emit_op_has_indexed_property):
1559         (JSC::JIT::emitSlow_op_has_indexed_property):
1560         * jit/JITOpcodes32_64.cpp:
1561         (JSC::JIT::emit_op_has_indexed_property):
1562         (JSC::JIT::emitSlow_op_has_indexed_property):
1563         * jit/JITOperations.cpp:
1564         (JSC::getByVal):
1565         * jit/JITOperations.h:
1566         * jit/JITPropertyAccess.cpp:
1567         (JSC::JIT::emit_op_get_by_val):
1568         (JSC::JIT::emitGetByValWithCachedId):
1569         (JSC::JIT::emitSlow_op_get_by_val):
1570         (JSC::JIT::emit_op_put_by_val):
1571         (JSC::JIT::emitSlow_op_put_by_val):
1572         (JSC::JIT::privateCompileGetByVal):
1573         (JSC::JIT::privateCompileGetByValWithCachedId):
1574         * jit/JITPropertyAccess32_64.cpp:
1575         (JSC::JIT::emit_op_get_by_val):
1576         (JSC::JIT::emitGetByValWithCachedId):
1577         (JSC::JIT::emitSlow_op_get_by_val):
1578         (JSC::JIT::emit_op_put_by_val):
1579         (JSC::JIT::emitSlow_op_put_by_val):
1580         * runtime/Symbol.h:
1581         * tests/stress/get-by-val-with-string-constructor.js: Added.
1582         (Hello):
1583         (get Hello.prototype.generate):
1584         (ok):
1585         * tests/stress/get-by-val-with-string-exit.js: Added.
1586         (shouldBe):
1587         (getByVal):
1588         (getStr1):
1589         (getStr2):
1590         * tests/stress/get-by-val-with-string-generated.js: Added.
1591         (shouldBe):
1592         (getByVal):
1593         (getStr1):
1594         (getStr2):
1595         * tests/stress/get-by-val-with-string-getter.js: Added.
1596         (object.get hello):
1597         (ok):
1598         * tests/stress/get-by-val-with-string.js: Added.
1599         (shouldBe):
1600         (getByVal):
1601         (getStr1):
1602         (getStr2):
1603         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
1604         (Hello):
1605         (get Hello.prototype.generate):
1606         (ok):
1607         * tests/stress/get-by-val-with-symbol-exit.js: Added.
1608         (shouldBe):
1609         (getByVal):
1610         (getSym1):
1611         (getSym2):
1612         * tests/stress/get-by-val-with-symbol-getter.js: Added.
1613         (object.get hello):
1614         (.get ok):
1615         * tests/stress/get-by-val-with-symbol.js: Added.
1616         (shouldBe):
1617         (getByVal):
1618         (getSym1):
1619         (getSym2):
1620
1621 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1622
1623         Parse the entire WebAssembly modules
1624         https://bugs.webkit.org/show_bug.cgi?id=147393
1625
1626         Reviewed by Geoffrey Garen.
1627
1628         Parse the entire WebAssembly modules from files produced by pack-asmjs
1629         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
1630         parse modules whose function definition section contains only functions that
1631         have "return 0;" as their only statement. Parsing of any functions will be
1632         implemented in a subsequent patch.
1633
1634         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1635         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1636         * JavaScriptCore.xcodeproj/project.pbxproj:
1637         * wasm/JSWASMModule.cpp:
1638         (JSC::JSWASMModule::destroy):
1639         * wasm/JSWASMModule.h:
1640         (JSC::JSWASMModule::i32Constants):
1641         (JSC::JSWASMModule::f32Constants):
1642         (JSC::JSWASMModule::f64Constants):
1643         (JSC::JSWASMModule::signatures):
1644         (JSC::JSWASMModule::functionImports):
1645         (JSC::JSWASMModule::functionImportSignatures):
1646         (JSC::JSWASMModule::globalVariableTypes):
1647         (JSC::JSWASMModule::functionDeclarations):
1648         (JSC::JSWASMModule::functionPointerTables):
1649         * wasm/WASMFormat.h: Added.
1650         * wasm/WASMModuleParser.cpp:
1651         (JSC::WASMModuleParser::parse):
1652         (JSC::WASMModuleParser::parseModule):
1653         (JSC::WASMModuleParser::parseConstantPoolSection):
1654         (JSC::WASMModuleParser::parseSignatureSection):
1655         (JSC::WASMModuleParser::parseFunctionImportSection):
1656         (JSC::WASMModuleParser::parseGlobalSection):
1657         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
1658         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
1659         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
1660         (JSC::WASMModuleParser::parseFunctionDefinition):
1661         (JSC::WASMModuleParser::parseExportSection):
1662         * wasm/WASMModuleParser.h:
1663         * wasm/WASMReader.cpp:
1664         (JSC::WASMReader::readUInt32):
1665         (JSC::WASMReader::readCompactUInt32):
1666         (JSC::WASMReader::readString):
1667         (JSC::WASMReader::readType):
1668         (JSC::WASMReader::readExpressionType):
1669         (JSC::WASMReader::readExportFormat):
1670         (JSC::WASMReader::readByte):
1671         (JSC::WASMReader::readUnsignedInt32): Deleted.
1672         * wasm/WASMReader.h:
1673
1674 2015-08-06  Keith Miller  <keith_miller@apple.com>
1675
1676         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
1677         https://bugs.webkit.org/show_bug.cgi?id=147749
1678
1679         Reviewed by Filip Pizlo.
1680
1681         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
1682         thus no one calls this code.
1683
1684         * ftl/FTLLowerDFGToLLVM.cpp:
1685         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
1686
1687 2015-08-06  Keith Miller  <keith_miller@apple.com>
1688
1689         The JSONP parser incorrectly parsers -0 as +0.
1690         https://bugs.webkit.org/show_bug.cgi?id=147590
1691
1692         Reviewed by Michael Saboff.
1693
1694         In the LiteralParser we should use a double to store the accumulator for numerical tokens
1695         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
1696
1697         * runtime/LiteralParser.cpp:
1698         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
1699
1700 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
1701
1702         Structures used for tryGetConstantProperty() should be registered first
1703         https://bugs.webkit.org/show_bug.cgi?id=147750
1704
1705         Reviewed by Saam Barati and Michael Saboff.
1706
1707         * dfg/DFGGraph.cpp:
1708         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
1709         * dfg/DFGGraph.h:
1710         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
1711         * dfg/DFGStructureRegistrationPhase.cpp:
1712         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
1713         (JSC::DFG::StructureRegistrationPhase::registerStructures):
1714         (JSC::DFG::StructureRegistrationPhase::registerStructure):
1715         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
1716         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
1717         (JSC::DFG::performStructureRegistration):
1718
1719 2015-08-06  Keith Miller  <keith_miller@apple.com>
1720
1721         Remove UnspecifiedBoolType from JSC
1722         https://bugs.webkit.org/show_bug.cgi?id=147597
1723
1724         Reviewed by Mark Lam.
1725
1726         We were using the safe bool pattern in the code base for implicit casting to booleans.
1727         With C++11 this is no longer necessary and we can instead create an operator bool.
1728
1729         * API/JSRetainPtr.h:
1730         (JSRetainPtr::operator bool):
1731         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
1732         * dfg/DFGEdge.h:
1733         (JSC::DFG::Edge::operator bool):
1734         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
1735         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1736         * heap/Weak.h:
1737         * heap/WeakInlines.h:
1738         (JSC::bool):
1739         (JSC::UnspecifiedBoolType): Deleted.
1740
1741 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
1742
1743         [ES6] Class parser does not allow methods named set and get.
1744         https://bugs.webkit.org/show_bug.cgi?id=147150
1745
1746         Reviewed by Oliver Hunt.
1747
1748         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
1749         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
1750         so that we only treat them as such when it's followed by another token that could be a method name.
1751
1752         * parser/Parser.cpp:
1753         (JSC::Parser<LexerType>::parseClass):
1754
1755 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
1756
1757         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
1758
1759         * bytecode/SamplingTool.cpp:
1760         (JSC::SamplingTool::doRun):
1761         (JSC::SamplingTool::notifyOfScope):
1762         * bytecode/SamplingTool.h:
1763         * dfg/DFGThreadData.h:
1764         * dfg/DFGWorklist.cpp:
1765         (JSC::DFG::Worklist::~Worklist):
1766         (JSC::DFG::Worklist::isActiveForVM):
1767         (JSC::DFG::Worklist::enqueue):
1768         (JSC::DFG::Worklist::compilationState):
1769         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1770         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1771         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1772         (JSC::DFG::Worklist::visitWeakReferences):
1773         (JSC::DFG::Worklist::removeDeadPlans):
1774         (JSC::DFG::Worklist::queueLength):
1775         (JSC::DFG::Worklist::dump):
1776         (JSC::DFG::Worklist::runThread):
1777         * dfg/DFGWorklist.h:
1778         * disassembler/Disassembler.cpp:
1779         * heap/CopiedSpace.cpp:
1780         (JSC::CopiedSpace::doneFillingBlock):
1781         (JSC::CopiedSpace::doneCopying):
1782         * heap/CopiedSpace.h:
1783         * heap/CopiedSpaceInlines.h:
1784         (JSC::CopiedSpace::recycleBorrowedBlock):
1785         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1786         * heap/HeapTimer.h:
1787         * heap/MachineStackMarker.cpp:
1788         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1789         (JSC::ActiveMachineThreadsManager::add):
1790         (JSC::ActiveMachineThreadsManager::remove):
1791         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1792         (JSC::MachineThreads::~MachineThreads):
1793         (JSC::MachineThreads::addCurrentThread):
1794         (JSC::MachineThreads::removeThreadIfFound):
1795         (JSC::MachineThreads::tryCopyOtherThreadStack):
1796         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1797         (JSC::MachineThreads::gatherConservativeRoots):
1798         * heap/MachineStackMarker.h:
1799         * interpreter/JSStack.cpp:
1800         (JSC::stackStatisticsMutex):
1801         (JSC::JSStack::addToCommittedByteCount):
1802         (JSC::JSStack::committedByteCount):
1803         * jit/JITThunks.h:
1804         * profiler/ProfilerDatabase.h:
1805
1806 2015-08-05  Saam barati  <saambarati1@gmail.com>
1807
1808         Bytecodegenerator emits crappy code for returns in a lexical scope.
1809         https://bugs.webkit.org/show_bug.cgi?id=147688
1810
1811         Reviewed by Mark Lam.
1812
1813         When returning, we only need to emit complex pop scopes if we're in 
1814         a finally block. Otherwise, we can just return like normal. This saves
1815         us from inefficiently emitting unnecessary pop scopes.
1816
1817         * bytecompiler/BytecodeGenerator.h:
1818         (JSC::BytecodeGenerator::isInFinallyBlock):
1819         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
1820         * bytecompiler/NodesCodegen.cpp:
1821         (JSC::ReturnNode::emitBytecode):
1822
1823 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
1824
1825         Add the Intl API to the status page
1826
1827         * features.json:
1828         Andy VanWagoner landed the skeleton of the API and it is
1829         enabled by default.
1830
1831 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
1832
1833         Rename Mutex to DeprecatedMutex
1834         https://bugs.webkit.org/show_bug.cgi?id=147675
1835
1836         Reviewed by Geoffrey Garen.
1837
1838         * bytecode/SamplingTool.cpp:
1839         (JSC::SamplingTool::doRun):
1840         (JSC::SamplingTool::notifyOfScope):
1841         * bytecode/SamplingTool.h:
1842         * dfg/DFGThreadData.h:
1843         * dfg/DFGWorklist.cpp:
1844         (JSC::DFG::Worklist::~Worklist):
1845         (JSC::DFG::Worklist::isActiveForVM):
1846         (JSC::DFG::Worklist::enqueue):
1847         (JSC::DFG::Worklist::compilationState):
1848         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1849         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1850         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1851         (JSC::DFG::Worklist::visitWeakReferences):
1852         (JSC::DFG::Worklist::removeDeadPlans):
1853         (JSC::DFG::Worklist::queueLength):
1854         (JSC::DFG::Worklist::dump):
1855         (JSC::DFG::Worklist::runThread):
1856         * dfg/DFGWorklist.h:
1857         * disassembler/Disassembler.cpp:
1858         * heap/CopiedSpace.cpp:
1859         (JSC::CopiedSpace::doneFillingBlock):
1860         (JSC::CopiedSpace::doneCopying):
1861         * heap/CopiedSpace.h:
1862         * heap/CopiedSpaceInlines.h:
1863         (JSC::CopiedSpace::recycleBorrowedBlock):
1864         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1865         * heap/HeapTimer.h:
1866         * heap/MachineStackMarker.cpp:
1867         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1868         (JSC::ActiveMachineThreadsManager::add):
1869         (JSC::ActiveMachineThreadsManager::remove):
1870         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1871         (JSC::MachineThreads::~MachineThreads):
1872         (JSC::MachineThreads::addCurrentThread):
1873         (JSC::MachineThreads::removeThreadIfFound):
1874         (JSC::MachineThreads::tryCopyOtherThreadStack):
1875         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1876         (JSC::MachineThreads::gatherConservativeRoots):
1877         * heap/MachineStackMarker.h:
1878         * interpreter/JSStack.cpp:
1879         (JSC::stackStatisticsMutex):
1880         (JSC::JSStack::addToCommittedByteCount):
1881         (JSC::JSStack::committedByteCount):
1882         * jit/JITThunks.h:
1883         * profiler/ProfilerDatabase.h:
1884
1885 2015-08-05  Saam barati  <saambarati1@gmail.com>
1886
1887         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
1888         https://bugs.webkit.org/show_bug.cgi?id=147657
1889
1890         Reviewed by Mark Lam.
1891
1892         This kills the last of the name scope objects. Function name scopes are
1893         now built on top of the scoping mechanisms introduced with ES6 block scoping.
1894         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
1895         function name scoped variable carefully depending on if the function is in
1896         strict mode. If we're in strict mode, then we treat the variable exactly
1897         like a "const" variable. If we're not in strict mode, we can't treat
1898         this variable like like ES6 "const" because that would cause the bytecode
1899         generator to throw an exception when it shouldn't.
1900
1901         * CMakeLists.txt:
1902         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1903         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1904         * JavaScriptCore.xcodeproj/project.pbxproj:
1905         * bytecode/BytecodeList.json:
1906         * bytecode/BytecodeUseDef.h:
1907         (JSC::computeUsesForBytecodeOffset):
1908         (JSC::computeDefsForBytecodeOffset):
1909         * bytecode/CodeBlock.cpp:
1910         (JSC::CodeBlock::dumpBytecode):
1911         * bytecompiler/BytecodeGenerator.cpp:
1912         (JSC::BytecodeGenerator::BytecodeGenerator):
1913         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1914         (JSC::BytecodeGenerator::pushLexicalScope):
1915         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1916         (JSC::BytecodeGenerator::variable):
1917         (JSC::BytecodeGenerator::resolveType):
1918         (JSC::BytecodeGenerator::emitThrowTypeError):
1919         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1920         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
1921         (JSC::BytecodeGenerator::emitPushCatchScope):
1922         * bytecompiler/BytecodeGenerator.h:
1923         * bytecompiler/NodesCodegen.cpp:
1924         * debugger/DebuggerScope.cpp:
1925         * dfg/DFGOperations.cpp:
1926         * interpreter/Interpreter.cpp:
1927         * jit/JIT.cpp:
1928         (JSC::JIT::privateCompileMainPass):
1929         * jit/JIT.h:
1930         * jit/JITOpcodes.cpp:
1931         (JSC::JIT::emit_op_to_string):
1932         (JSC::JIT::emit_op_catch):
1933         (JSC::JIT::emit_op_push_name_scope): Deleted.
1934         * jit/JITOpcodes32_64.cpp:
1935         (JSC::JIT::emitSlow_op_to_string):
1936         (JSC::JIT::emit_op_catch):
1937         (JSC::JIT::emit_op_push_name_scope): Deleted.
1938         * jit/JITOperations.cpp:
1939         (JSC::pushNameScope): Deleted.
1940         * llint/LLIntSlowPaths.cpp:
1941         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1942         * llint/LLIntSlowPaths.h:
1943         * llint/LowLevelInterpreter.asm:
1944         * parser/Nodes.cpp:
1945         * runtime/CommonSlowPaths.cpp:
1946         * runtime/Executable.cpp:
1947         (JSC::ScriptExecutable::newCodeBlockFor):
1948         * runtime/JSFunctionNameScope.cpp: Removed.
1949         * runtime/JSFunctionNameScope.h: Removed.
1950         * runtime/JSGlobalObject.cpp:
1951         (JSC::JSGlobalObject::init):
1952         (JSC::JSGlobalObject::visitChildren):
1953         * runtime/JSGlobalObject.h:
1954         (JSC::JSGlobalObject::withScopeStructure):
1955         (JSC::JSGlobalObject::strictEvalActivationStructure):
1956         (JSC::JSGlobalObject::activationStructure):
1957         (JSC::JSGlobalObject::directArgumentsStructure):
1958         (JSC::JSGlobalObject::scopedArgumentsStructure):
1959         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
1960         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
1961         * runtime/JSNameScope.cpp: Removed.
1962         * runtime/JSNameScope.h: Removed.
1963         * runtime/JSObject.cpp:
1964         (JSC::JSObject::toThis):
1965         (JSC::JSObject::seal):
1966         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
1967         * runtime/JSObject.h:
1968         * runtime/JSScope.cpp:
1969         (JSC::JSScope::isCatchScope):
1970         (JSC::JSScope::isFunctionNameScopeObject):
1971         (JSC::resolveModeName):
1972         * runtime/JSScope.h:
1973         * runtime/JSSymbolTableObject.cpp:
1974         * runtime/SymbolTable.h:
1975         * runtime/VM.cpp:
1976
1977 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
1978
1979         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
1980         https://bugs.webkit.org/show_bug.cgi?id=147679
1981
1982         Reviewed by Timothy Hatcher.
1983
1984         Improve native iterator support for the PropertyName Iterator by
1985         allowing inspection of the internal object within the iterator
1986         and peeking of the next upcoming values of the iterator.
1987
1988         * inspector/JSInjectedScriptHost.cpp:
1989         (Inspector::JSInjectedScriptHost::subtype):
1990         (Inspector::JSInjectedScriptHost::getInternalProperties):
1991         (Inspector::JSInjectedScriptHost::iteratorEntries):
1992         * runtime/JSPropertyNameIterator.h:
1993         (JSC::JSPropertyNameIterator::iteratedValue):
1994
1995 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
1996
1997         [Win] Update Apple Windows build for VS2015
1998         https://bugs.webkit.org/show_bug.cgi?id=147653
1999
2000         Reviewed by Dean Jackson.
2001
2002         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
2003         Show JSC files in proper project locations in IDE.
2004
2005 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
2006
2007         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
2008         https://bugs.webkit.org/show_bug.cgi?id=147328
2009
2010         Reviewed by Timothy Hatcher.
2011
2012         * inspector/InjectedScriptSource.js:
2013         Use classList and classList.toString instead of className.
2014
2015 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
2016
2017         [ES6] Support Module Syntax
2018         https://bugs.webkit.org/show_bug.cgi?id=147422
2019
2020         Reviewed by Saam Barati.
2021
2022         This patch introduces ES6 Modules syntax parsing part.
2023         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
2024         and this patch does not include the code generator part.
2025
2026         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
2027         and do not execute the body or construct the AST. And after analyzing all the dependent
2028         modules, we will parse the dependent modules next.
2029         After all analyzing part is done, we will start the second pass. In the second pass, we
2030         will parse the module, produce the AST, and execute the body.
2031         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
2032         because the given module can be executed after the all dependent modules are executed. It
2033         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
2034         the dependent modules' information.
2035
2036         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
2037         This patch aims at just implementing the syntax parsing functionality correctly.
2038         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
2039         to collect the dependent modules fast[1].
2040
2041         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
2042         By using this, we can parse the given string as the module.
2043
2044         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
2045
2046         * bytecompiler/NodesCodegen.cpp:
2047         (JSC::ModuleProgramNode::emitBytecode):
2048         (JSC::ImportDeclarationNode::emitBytecode):
2049         (JSC::ExportAllDeclarationNode::emitBytecode):
2050         (JSC::ExportDefaultDeclarationNode::emitBytecode):
2051         (JSC::ExportLocalDeclarationNode::emitBytecode):
2052         (JSC::ExportNamedDeclarationNode::emitBytecode):
2053         * jsc.cpp:
2054         (GlobalObject::finishCreation):
2055         (functionCheckModuleSyntax):
2056         * parser/ASTBuilder.h:
2057         (JSC::ASTBuilder::createModuleSpecifier):
2058         (JSC::ASTBuilder::createImportSpecifier):
2059         (JSC::ASTBuilder::createImportSpecifierList):
2060         (JSC::ASTBuilder::appendImportSpecifier):
2061         (JSC::ASTBuilder::createImportDeclaration):
2062         (JSC::ASTBuilder::createExportAllDeclaration):
2063         (JSC::ASTBuilder::createExportDefaultDeclaration):
2064         (JSC::ASTBuilder::createExportLocalDeclaration):
2065         (JSC::ASTBuilder::createExportNamedDeclaration):
2066         (JSC::ASTBuilder::createExportSpecifier):
2067         (JSC::ASTBuilder::createExportSpecifierList):
2068         (JSC::ASTBuilder::appendExportSpecifier):
2069         * parser/Keywords.table:
2070         * parser/NodeConstructors.h:
2071         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
2072         (JSC::ImportSpecifierNode::ImportSpecifierNode):
2073         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2074         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2075         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
2076         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
2077         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2078         (JSC::ExportSpecifierNode::ExportSpecifierNode):
2079         * parser/Nodes.cpp:
2080         (JSC::ModuleProgramNode::ModuleProgramNode):
2081         * parser/Nodes.h:
2082         (JSC::ModuleProgramNode::startColumn):
2083         (JSC::ModuleProgramNode::endColumn):
2084         (JSC::ModuleSpecifierNode::moduleName):
2085         (JSC::ImportSpecifierNode::importedName):
2086         (JSC::ImportSpecifierNode::localName):
2087         (JSC::ImportSpecifierListNode::specifiers):
2088         (JSC::ImportSpecifierListNode::append):
2089         (JSC::ImportDeclarationNode::specifierList):
2090         (JSC::ImportDeclarationNode::moduleSpecifier):
2091         (JSC::ExportAllDeclarationNode::moduleSpecifier):
2092         (JSC::ExportDefaultDeclarationNode::declaration):
2093         (JSC::ExportLocalDeclarationNode::declaration):
2094         (JSC::ExportSpecifierNode::exportedName):
2095         (JSC::ExportSpecifierNode::localName):
2096         (JSC::ExportSpecifierListNode::specifiers):
2097         (JSC::ExportSpecifierListNode::append):
2098         (JSC::ExportNamedDeclarationNode::specifierList):
2099         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
2100         * parser/Parser.cpp:
2101         (JSC::Parser<LexerType>::Parser):
2102         (JSC::Parser<LexerType>::parseInner):
2103         (JSC::Parser<LexerType>::parseModuleSourceElements):
2104         (JSC::Parser<LexerType>::parseVariableDeclaration):
2105         (JSC::Parser<LexerType>::parseVariableDeclarationList):
2106         (JSC::Parser<LexerType>::createBindingPattern):
2107         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
2108         (JSC::Parser<LexerType>::parseDestructuringPattern):
2109         (JSC::Parser<LexerType>::parseForStatement):
2110         (JSC::Parser<LexerType>::parseFormalParameters):
2111         (JSC::Parser<LexerType>::parseFunctionParameters):
2112         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2113         (JSC::Parser<LexerType>::parseClassDeclaration):
2114         (JSC::Parser<LexerType>::parseModuleSpecifier):
2115         (JSC::Parser<LexerType>::parseImportClauseItem):
2116         (JSC::Parser<LexerType>::parseImportDeclaration):
2117         (JSC::Parser<LexerType>::parseExportSpecifier):
2118         (JSC::Parser<LexerType>::parseExportDeclaration):
2119         (JSC::Parser<LexerType>::parseMemberExpression):
2120         * parser/Parser.h:
2121         (JSC::isIdentifierOrKeyword):
2122         (JSC::ModuleScopeData::create):
2123         (JSC::ModuleScopeData::exportedBindings):
2124         (JSC::ModuleScopeData::exportName):
2125         (JSC::ModuleScopeData::exportBinding):
2126         (JSC::Scope::Scope):
2127         (JSC::Scope::setIsModule):
2128         (JSC::Scope::moduleScopeData):
2129         (JSC::Parser::matchContextualKeyword):
2130         (JSC::Parser::matchIdentifierOrKeyword):
2131         (JSC::Parser::isofToken): Deleted.
2132         * parser/ParserModes.h:
2133         * parser/ParserTokens.h:
2134         * parser/SyntaxChecker.h:
2135         (JSC::SyntaxChecker::createModuleSpecifier):
2136         (JSC::SyntaxChecker::createImportSpecifier):
2137         (JSC::SyntaxChecker::createImportSpecifierList):
2138         (JSC::SyntaxChecker::appendImportSpecifier):
2139         (JSC::SyntaxChecker::createImportDeclaration):
2140         (JSC::SyntaxChecker::createExportAllDeclaration):
2141         (JSC::SyntaxChecker::createExportDefaultDeclaration):
2142         (JSC::SyntaxChecker::createExportLocalDeclaration):
2143         (JSC::SyntaxChecker::createExportNamedDeclaration):
2144         (JSC::SyntaxChecker::createExportSpecifier):
2145         (JSC::SyntaxChecker::createExportSpecifierList):
2146         (JSC::SyntaxChecker::appendExportSpecifier):
2147         * runtime/CommonIdentifiers.cpp:
2148         (JSC::CommonIdentifiers::CommonIdentifiers):
2149         * runtime/CommonIdentifiers.h:
2150         * runtime/Completion.cpp:
2151         (JSC::checkModuleSyntax):
2152         * runtime/Completion.h:
2153         * tests/stress/modules-syntax-error-with-names.js: Added.
2154         (shouldThrow):
2155         * tests/stress/modules-syntax-error.js: Added.
2156         (shouldThrow):
2157         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
2158         * tests/stress/modules-syntax.js: Added.
2159         (prototype.checkModuleSyntax):
2160         (checkModuleSyntax):
2161         * tests/stress/tagged-templates-syntax.js:
2162
2163 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2164
2165         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
2166         https://bugs.webkit.org/show_bug.cgi?id=146833
2167
2168         Reviewed by Alexey Proskuryakov.
2169
2170         * assembler/ARM64Assembler.h:
2171         * assembler/ARMAssembler.h:
2172         (JSC::ARMAssembler::cacheFlush):
2173         * assembler/MacroAssemblerARM.cpp:
2174         (JSC::isVFPPresent):
2175         * assembler/MacroAssemblerX86Common.h:
2176         (JSC::MacroAssemblerX86Common::isSSE2Present):
2177         * heap/MachineStackMarker.h:
2178         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
2179         (JSC::logF):
2180         * jit/HostCallReturnValue.h:
2181         * jit/JIT.h:
2182         * jit/JITOperations.cpp:
2183         * jit/JITStubsARM.h:
2184         * jit/JITStubsARMv7.h:
2185         * jit/JITStubsX86.h:
2186         * jit/JITStubsX86Common.h:
2187         * jit/JITStubsX86_64.h:
2188         * jit/ThunkGenerators.cpp:
2189         * runtime/JSExportMacros.h:
2190         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
2191         (JSC::clz32):
2192
2193 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2194
2195         Unreviewed, fix uninitialized property leading to an assert.
2196
2197         * runtime/PutPropertySlot.h:
2198         (JSC::PutPropertySlot::PutPropertySlot):
2199
2200 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
2201
2202         Unreviewed, fix Windows.
2203
2204         * bytecode/ObjectPropertyConditionSet.h:
2205         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2206
2207 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
2208
2209         DFG should have adaptive structure watchpoints
2210         https://bugs.webkit.org/show_bug.cgi?id=146929
2211
2212         Reviewed by Geoffrey Garen.
2213
2214         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
2215         property, you'd check that the object still has the structure that you first saw the object have. We
2216         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
2217         elide the structure check.
2218
2219         But this approach fails when that object frequently has new properties added to it. This would
2220         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
2221         we'd have to recompile either the IC or an entire code block.
2222
2223         This change introduces a new concept: an object property condition. This value describes some
2224         condition involving a property on some object. There are four kinds: presence, absence,
2225         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
2226         object has some property at some offset with some attributes. This allows us to implement a new kind
2227         of watchpoint, which knows about the object property condition that it's being used to enforce. If
2228         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
2229         on the new structure.
2230
2231         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
2232         and prototype accesses. They are also used for any DFG accesses to object constants, including
2233         global property accesses.
2234
2235         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
2236         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
2237         chain situation. It's also a small speed-up on getter-richards.
2238
2239         * CMakeLists.txt:
2240         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2241         * JavaScriptCore.xcodeproj/project.pbxproj:
2242         * bytecode/CodeBlock.cpp:
2243         (JSC::CodeBlock::printGetByIdCacheStatus):
2244         (JSC::CodeBlock::printPutByIdCacheStatus):
2245         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
2246         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
2247         * bytecode/ComplexGetStatus.cpp:
2248         (JSC::ComplexGetStatus::computeFor):
2249         * bytecode/ComplexGetStatus.h:
2250         (JSC::ComplexGetStatus::ComplexGetStatus):
2251         (JSC::ComplexGetStatus::takesSlowPath):
2252         (JSC::ComplexGetStatus::kind):
2253         (JSC::ComplexGetStatus::offset):
2254         (JSC::ComplexGetStatus::conditionSet):
2255         (JSC::ComplexGetStatus::attributes): Deleted.
2256         (JSC::ComplexGetStatus::specificValue): Deleted.
2257         (JSC::ComplexGetStatus::chain): Deleted.
2258         * bytecode/ConstantStructureCheck.cpp: Removed.
2259         * bytecode/ConstantStructureCheck.h: Removed.
2260         * bytecode/GetByIdStatus.cpp:
2261         (JSC::GetByIdStatus::computeForStubInfo):
2262         * bytecode/GetByIdVariant.cpp:
2263         (JSC::GetByIdVariant::GetByIdVariant):
2264         (JSC::GetByIdVariant::~GetByIdVariant):
2265         (JSC::GetByIdVariant::operator=):
2266         (JSC::GetByIdVariant::attemptToMerge):
2267         (JSC::GetByIdVariant::dumpInContext):
2268         (JSC::GetByIdVariant::baseStructure): Deleted.
2269         * bytecode/GetByIdVariant.h:
2270         (JSC::GetByIdVariant::operator!):
2271         (JSC::GetByIdVariant::structureSet):
2272         (JSC::GetByIdVariant::conditionSet):
2273         (JSC::GetByIdVariant::offset):
2274         (JSC::GetByIdVariant::callLinkStatus):
2275         (JSC::GetByIdVariant::constantChecks): Deleted.
2276         (JSC::GetByIdVariant::alternateBase): Deleted.
2277         * bytecode/ObjectPropertyCondition.cpp: Added.
2278         (JSC::ObjectPropertyCondition::dumpInContext):
2279         (JSC::ObjectPropertyCondition::dump):
2280         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
2281         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
2282         (JSC::ObjectPropertyCondition::isStillValid):
2283         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
2284         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2285         (JSC::ObjectPropertyCondition::isWatchable):
2286         (JSC::ObjectPropertyCondition::isStillLive):
2287         (JSC::ObjectPropertyCondition::validateReferences):
2288         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2289         * bytecode/ObjectPropertyCondition.h: Added.
2290         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
2291         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
2292         (JSC::ObjectPropertyCondition::presence):
2293         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
2294         (JSC::ObjectPropertyCondition::absence):
2295         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
2296         (JSC::ObjectPropertyCondition::absenceOfSetter):
2297         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
2298         (JSC::ObjectPropertyCondition::equivalence):
2299         (JSC::ObjectPropertyCondition::operator!):
2300         (JSC::ObjectPropertyCondition::object):
2301         (JSC::ObjectPropertyCondition::condition):
2302         (JSC::ObjectPropertyCondition::kind):
2303         (JSC::ObjectPropertyCondition::uid):
2304         (JSC::ObjectPropertyCondition::hasOffset):
2305         (JSC::ObjectPropertyCondition::offset):
2306         (JSC::ObjectPropertyCondition::hasAttributes):
2307         (JSC::ObjectPropertyCondition::attributes):
2308         (JSC::ObjectPropertyCondition::hasPrototype):
2309         (JSC::ObjectPropertyCondition::prototype):
2310         (JSC::ObjectPropertyCondition::hasRequiredValue):
2311         (JSC::ObjectPropertyCondition::requiredValue):
2312         (JSC::ObjectPropertyCondition::hash):
2313         (JSC::ObjectPropertyCondition::operator==):
2314         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
2315         (JSC::ObjectPropertyCondition::isCompatibleWith):
2316         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2317         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
2318         (JSC::ObjectPropertyCondition::isValidValueForPresence):
2319         (JSC::ObjectPropertyConditionHash::hash):
2320         (JSC::ObjectPropertyConditionHash::equal):
2321         * bytecode/ObjectPropertyConditionSet.cpp: Added.
2322         (JSC::ObjectPropertyConditionSet::forObject):
2323         (JSC::ObjectPropertyConditionSet::forConditionKind):
2324         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
2325         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
2326         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
2327         (JSC::ObjectPropertyConditionSet::mergedWith):
2328         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
2329         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
2330         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
2331         (JSC::ObjectPropertyConditionSet::areStillLive):
2332         (JSC::ObjectPropertyConditionSet::dumpInContext):
2333         (JSC::ObjectPropertyConditionSet::dump):
2334         (JSC::generateConditionsForPropertyMiss):
2335         (JSC::generateConditionsForPropertySetterMiss):
2336         (JSC::generateConditionsForPrototypePropertyHit):
2337         (JSC::generateConditionsForPrototypePropertyHitCustom):
2338         (JSC::generateConditionsForPropertySetterMissConcurrently):
2339         * bytecode/ObjectPropertyConditionSet.h: Added.
2340         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
2341         (JSC::ObjectPropertyConditionSet::invalid):
2342         (JSC::ObjectPropertyConditionSet::nonEmpty):
2343         (JSC::ObjectPropertyConditionSet::isValid):
2344         (JSC::ObjectPropertyConditionSet::isEmpty):
2345         (JSC::ObjectPropertyConditionSet::begin):
2346         (JSC::ObjectPropertyConditionSet::end):
2347         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
2348         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
2349         (JSC::ObjectPropertyConditionSet::fromRawPointer):
2350         (JSC::ObjectPropertyConditionSet::Data::Data):
2351         * bytecode/PolymorphicGetByIdList.cpp:
2352         (JSC::GetByIdAccess::GetByIdAccess):
2353         (JSC::GetByIdAccess::~GetByIdAccess):
2354         (JSC::GetByIdAccess::visitWeak):
2355         * bytecode/PolymorphicGetByIdList.h:
2356         (JSC::GetByIdAccess::GetByIdAccess):
2357         (JSC::GetByIdAccess::structure):
2358         (JSC::GetByIdAccess::conditionSet):
2359         (JSC::GetByIdAccess::stubRoutine):
2360         (JSC::GetByIdAccess::chain): Deleted.
2361         (JSC::GetByIdAccess::chainCount): Deleted.
2362         * bytecode/PolymorphicPutByIdList.cpp:
2363         (JSC::PutByIdAccess::fromStructureStubInfo):
2364         (JSC::PutByIdAccess::visitWeak):
2365         * bytecode/PolymorphicPutByIdList.h:
2366         (JSC::PutByIdAccess::PutByIdAccess):
2367         (JSC::PutByIdAccess::transition):
2368         (JSC::PutByIdAccess::setter):
2369         (JSC::PutByIdAccess::newStructure):
2370         (JSC::PutByIdAccess::conditionSet):
2371         (JSC::PutByIdAccess::stubRoutine):
2372         (JSC::PutByIdAccess::chain): Deleted.
2373         (JSC::PutByIdAccess::chainCount): Deleted.
2374         * bytecode/PropertyCondition.cpp: Added.
2375         (JSC::PropertyCondition::dumpInContext):
2376         (JSC::PropertyCondition::dump):
2377         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
2378         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
2379         (JSC::PropertyCondition::isStillValid):
2380         (JSC::PropertyCondition::isWatchableWhenValid):
2381         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
2382         (JSC::PropertyCondition::isWatchable):
2383         (JSC::PropertyCondition::isStillLive):
2384         (JSC::PropertyCondition::validateReferences):
2385         (JSC::PropertyCondition::isValidValueForAttributes):
2386         (JSC::PropertyCondition::isValidValueForPresence):
2387         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
2388         (WTF::printInternal):
2389         * bytecode/PropertyCondition.h: Added.
2390         (JSC::PropertyCondition::PropertyCondition):
2391         (JSC::PropertyCondition::presenceWithoutBarrier):
2392         (JSC::PropertyCondition::presence):
2393         (JSC::PropertyCondition::absenceWithoutBarrier):
2394         (JSC::PropertyCondition::absence):
2395         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
2396         (JSC::PropertyCondition::absenceOfSetter):
2397         (JSC::PropertyCondition::equivalenceWithoutBarrier):
2398         (JSC::PropertyCondition::equivalence):
2399         (JSC::PropertyCondition::operator!):
2400         (JSC::PropertyCondition::kind):
2401         (JSC::PropertyCondition::uid):
2402         (JSC::PropertyCondition::hasOffset):
2403         (JSC::PropertyCondition::offset):
2404         (JSC::PropertyCondition::hasAttributes):
2405         (JSC::PropertyCondition::attributes):
2406         (JSC::PropertyCondition::hasPrototype):
2407         (JSC::PropertyCondition::prototype):
2408         (JSC::PropertyCondition::hasRequiredValue):
2409         (JSC::PropertyCondition::requiredValue):
2410         (JSC::PropertyCondition::hash):
2411         (JSC::PropertyCondition::operator==):
2412         (JSC::PropertyCondition::isHashTableDeletedValue):
2413         (JSC::PropertyCondition::isCompatibleWith):
2414         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
2415         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
2416         (JSC::PropertyConditionHash::hash):
2417         (JSC::PropertyConditionHash::equal):
2418         * bytecode/PutByIdStatus.cpp:
2419         (JSC::PutByIdStatus::computeFromLLInt):
2420         (JSC::PutByIdStatus::computeFor):
2421         (JSC::PutByIdStatus::computeForStubInfo):
2422         * bytecode/PutByIdVariant.cpp:
2423         (JSC::PutByIdVariant::operator=):
2424         (JSC::PutByIdVariant::transition):
2425         (JSC::PutByIdVariant::setter):
2426         (JSC::PutByIdVariant::makesCalls):
2427         (JSC::PutByIdVariant::attemptToMerge):
2428         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
2429         (JSC::PutByIdVariant::dumpInContext):
2430         (JSC::PutByIdVariant::baseStructure): Deleted.
2431         * bytecode/PutByIdVariant.h:
2432         (JSC::PutByIdVariant::PutByIdVariant):
2433         (JSC::PutByIdVariant::kind):
2434         (JSC::PutByIdVariant::structure):
2435         (JSC::PutByIdVariant::structureSet):
2436         (JSC::PutByIdVariant::oldStructure):
2437         (JSC::PutByIdVariant::conditionSet):
2438         (JSC::PutByIdVariant::offset):
2439         (JSC::PutByIdVariant::callLinkStatus):
2440         (JSC::PutByIdVariant::constantChecks): Deleted.
2441         (JSC::PutByIdVariant::alternateBase): Deleted.
2442         * bytecode/StructureStubClearingWatchpoint.cpp:
2443         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
2444         (JSC::StructureStubClearingWatchpoint::push):
2445         (JSC::StructureStubClearingWatchpoint::fireInternal):
2446         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
2447         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
2448         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
2449         * bytecode/StructureStubClearingWatchpoint.h:
2450         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
2451         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
2452         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
2453         * bytecode/StructureStubInfo.cpp:
2454         (JSC::StructureStubInfo::deref):
2455         (JSC::StructureStubInfo::visitWeakReferences):
2456         * bytecode/StructureStubInfo.h:
2457         (JSC::StructureStubInfo::initPutByIdTransition):
2458         (JSC::StructureStubInfo::initPutByIdReplace):
2459         (JSC::StructureStubInfo::setSeen):
2460         (JSC::StructureStubInfo::addWatchpoint):
2461         * dfg/DFGAbstractInterpreterInlines.h:
2462         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2463         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
2464         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
2465         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
2466         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
2467         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
2468         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
2469         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
2470         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
2471         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
2472         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
2473         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
2474         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
2475         (JSC::DFG::AdaptiveStructureWatchpoint::install):
2476         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
2477         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
2478         (JSC::DFG::AdaptiveStructureWatchpoint::key):
2479         * dfg/DFGByteCodeParser.cpp:
2480         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
2481         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
2482         (JSC::DFG::ByteCodeParser::handleGetByOffset):
2483         (JSC::DFG::ByteCodeParser::handlePutByOffset):
2484         (JSC::DFG::ByteCodeParser::check):
2485         (JSC::DFG::ByteCodeParser::promoteToConstant):
2486         (JSC::DFG::ByteCodeParser::planLoad):
2487         (JSC::DFG::ByteCodeParser::load):
2488         (JSC::DFG::ByteCodeParser::presenceLike):
2489         (JSC::DFG::ByteCodeParser::checkPresenceLike):
2490         (JSC::DFG::ByteCodeParser::store):
2491         (JSC::DFG::ByteCodeParser::handleGetById):
2492         (JSC::DFG::ByteCodeParser::handlePutById):
2493         (JSC::DFG::ByteCodeParser::parseBlock):
2494         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
2495         * dfg/DFGCommonData.cpp:
2496         (JSC::DFG::CommonData::validateReferences):
2497         * dfg/DFGCommonData.h:
2498         * dfg/DFGConstantFoldingPhase.cpp:
2499         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2500         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
2501         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
2502         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2503         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
2504         * dfg/DFGDesiredWatchpoints.cpp:
2505         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
2506         (JSC::DFG::InferredValueAdaptor::add):
2507         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
2508         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
2509         (JSC::DFG::DesiredWatchpoints::addLazily):
2510         (JSC::DFG::DesiredWatchpoints::consider):
2511         (JSC::DFG::DesiredWatchpoints::reallyAdd):
2512         (JSC::DFG::DesiredWatchpoints::areStillValid):
2513         (JSC::DFG::DesiredWatchpoints::dumpInContext):
2514         * dfg/DFGDesiredWatchpoints.h:
2515         (JSC::DFG::SetPointerAdaptor::add):
2516         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
2517         (JSC::DFG::SetPointerAdaptor::dumpInContext):
2518         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
2519         (JSC::DFG::InferredValueAdaptor::dumpInContext):
2520         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
2521         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
2522         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
2523         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
2524         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
2525         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
2526         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
2527         (JSC::DFG::DesiredWatchpoints::isWatched):
2528         (JSC::DFG::GenericSetAdaptor::add): Deleted.
2529         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
2530         * dfg/DFGDesiredWeakReferences.cpp:
2531         (JSC::DFG::DesiredWeakReferences::addLazily):
2532         (JSC::DFG::DesiredWeakReferences::contains):
2533         * dfg/DFGDesiredWeakReferences.h:
2534         * dfg/DFGGraph.cpp:
2535         (JSC::DFG::Graph::dump):
2536         (JSC::DFG::Graph::clearFlagsOnAllNodes):
2537         (JSC::DFG::Graph::watchCondition):
2538         (JSC::DFG::Graph::isSafeToLoad):
2539         (JSC::DFG::Graph::livenessFor):
2540         (JSC::DFG::Graph::tryGetConstantProperty):
2541         (JSC::DFG::Graph::visitChildren):
2542         * dfg/DFGGraph.h:
2543         (JSC::DFG::Graph::identifiers):
2544         (JSC::DFG::Graph::watchpoints):
2545         * dfg/DFGMultiGetByOffsetData.cpp: Added.
2546         (JSC::DFG::GetByOffsetMethod::dumpInContext):
2547         (JSC::DFG::GetByOffsetMethod::dump):
2548         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
2549         (JSC::DFG::MultiGetByOffsetCase::dump):
2550         (WTF::printInternal):
2551         * dfg/DFGMultiGetByOffsetData.h: Added.
2552         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
2553         (JSC::DFG::GetByOffsetMethod::constant):
2554         (JSC::DFG::GetByOffsetMethod::load):
2555         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
2556         (JSC::DFG::GetByOffsetMethod::operator!):
2557         (JSC::DFG::GetByOffsetMethod::kind):
2558         (JSC::DFG::GetByOffsetMethod::prototype):
2559         (JSC::DFG::GetByOffsetMethod::offset):
2560         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
2561         (JSC::DFG::MultiGetByOffsetCase::set):
2562         (JSC::DFG::MultiGetByOffsetCase::method):
2563         * dfg/DFGNode.h:
2564         * dfg/DFGSafeToExecute.h:
2565         (JSC::DFG::safeToExecute):
2566         * dfg/DFGStructureRegistrationPhase.cpp:
2567         (JSC::DFG::StructureRegistrationPhase::run):
2568         * ftl/FTLLowerDFGToLLVM.cpp:
2569         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
2570         * jit/Repatch.cpp:
2571         (JSC::repatchByIdSelfAccess):
2572         (JSC::checkObjectPropertyCondition):
2573         (JSC::checkObjectPropertyConditions):
2574         (JSC::replaceWithJump):
2575         (JSC::generateByIdStub):
2576         (JSC::actionForCell):
2577         (JSC::tryBuildGetByIDList):
2578         (JSC::emitPutReplaceStub):
2579         (JSC::emitPutTransitionStub):
2580         (JSC::tryCachePutByID):
2581         (JSC::tryBuildPutByIdList):
2582         (JSC::tryRepatchIn):
2583         (JSC::addStructureTransitionCheck): Deleted.
2584         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
2585         * runtime/IntendedStructureChain.cpp: Removed.
2586         * runtime/IntendedStructureChain.h: Removed.
2587         * runtime/JSCJSValue.h:
2588         * runtime/JSObject.cpp:
2589         (JSC::throwTypeError):
2590         (JSC::JSObject::convertToDictionary):
2591         (JSC::JSObject::shiftButterflyAfterFlattening):
2592         * runtime/JSObject.h:
2593         (JSC::JSObject::flattenDictionaryObject):
2594         (JSC::JSObject::convertToDictionary): Deleted.
2595         * runtime/Operations.h:
2596         (JSC::normalizePrototypeChain):
2597         (JSC::normalizePrototypeChainForChainAccess): Deleted.
2598         (JSC::isPrototypeChainNormalized): Deleted.
2599         * runtime/PropertySlot.h:
2600         (JSC::PropertySlot::PropertySlot):
2601         (JSC::PropertySlot::slotBase):
2602         * runtime/Structure.cpp:
2603         (JSC::Structure::addPropertyTransition):
2604         (JSC::Structure::attributeChangeTransition):
2605         (JSC::Structure::toDictionaryTransition):
2606         (JSC::Structure::toCacheableDictionaryTransition):
2607         (JSC::Structure::toUncacheableDictionaryTransition):
2608         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
2609         (JSC::Structure::startWatchingPropertyForReplacements):
2610         (JSC::Structure::didCachePropertyReplacement):
2611         (JSC::Structure::dump):
2612         * runtime/Structure.h:
2613         * runtime/VM.h:
2614         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
2615         (foo):
2616         (bar):
2617         (baz):
2618         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
2619         (foo):
2620         * tests/stress/replacement-watchpoint-dictionary.js: Added.
2621         (foo):
2622         * tests/stress/replacement-watchpoint.js: Added.
2623         (foo):
2624         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
2625         (foo):
2626         * tests/stress/undefined-access-then-proto-change.js: Added.
2627         (foo):
2628
2629 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2630
2631         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
2632         https://bugs.webkit.org/show_bug.cgi?id=147538
2633
2634         Reviewed by Geoffrey Garen.
2635
2636         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
2637         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
2638         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
2639
2640         * parser/ParserTokens.h:
2641         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
2642         (testSyntaxError):
2643
2644 2015-08-03  Keith Miller  <keith_miller@apple.com>
2645
2646         Clean up the naming for AST expression generation.
2647         https://bugs.webkit.org/show_bug.cgi?id=147581
2648
2649         Reviewed by Yusuke Suzuki.
2650
2651         * parser/ASTBuilder.h:
2652         (JSC::ASTBuilder::createThisExpr):
2653         (JSC::ASTBuilder::createSuperExpr):
2654         (JSC::ASTBuilder::createNewTargetExpr):
2655         (JSC::ASTBuilder::thisExpr): Deleted.
2656         (JSC::ASTBuilder::superExpr): Deleted.
2657         (JSC::ASTBuilder::newTargetExpr): Deleted.
2658         * parser/Parser.cpp:
2659         (JSC::Parser<LexerType>::parsePrimaryExpression):
2660         (JSC::Parser<LexerType>::parseMemberExpression):
2661         * parser/SyntaxChecker.h:
2662         (JSC::SyntaxChecker::createThisExpr):
2663         (JSC::SyntaxChecker::createSuperExpr):
2664         (JSC::SyntaxChecker::createNewTargetExpr):
2665         (JSC::SyntaxChecker::thisExpr): Deleted.
2666         (JSC::SyntaxChecker::superExpr): Deleted.
2667         (JSC::SyntaxChecker::newTargetExpr): Deleted.
2668
2669 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2670
2671         Don't set up the callsite to operationGetByValDefault when the optimization is already done
2672         https://bugs.webkit.org/show_bug.cgi?id=147577
2673
2674         Reviewed by Filip Pizlo.
2675
2676         operationGetByValDefault should be called only when the IC is not set.
2677         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
2678         operationGetByValDefault raises the assertion failure.
2679         In this patch, we change the callsite setting up code in operationGetByValString when
2680         the IC is already set. And to make the operation's meaning explicitly, we changed the
2681         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
2682         GetById case.
2683
2684         * jit/JITOperations.cpp:
2685         * jit/JITOperations.h:
2686         * jit/JITPropertyAccess.cpp:
2687         (JSC::JIT::emitSlow_op_get_by_val):
2688         * jit/JITPropertyAccess32_64.cpp:
2689         (JSC::JIT::emitSlow_op_get_by_val):
2690         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
2691         (hello):
2692
2693 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
2694
2695         [FTL] Remove unused scripts related to native call inlining
2696         https://bugs.webkit.org/show_bug.cgi?id=147448
2697
2698         Reviewed by Filip Pizlo.
2699
2700         * build-symbol-table-index.py: Removed.
2701         * copy-llvm-ir-to-derived-sources.sh: Removed.
2702         * create-llvm-ir-from-source-file.py: Removed.
2703         * create-symbol-table-index.py: Removed.
2704
2705 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
2706
2707         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
2708         https://bugs.webkit.org/show_bug.cgi?id=118455
2709
2710         Reviewed by Filip Pizlo.
2711
2712         LivenessAnalysisPhase lights up like a christmas tree in profiles.
2713
2714         This patch cuts its cost by 4.
2715         About half of the gains come from removing many rehash() when copying
2716         the HashSet.
2717         The last quarter is achieved by having a special add() function for initializing
2718         a HashSet.
2719
2720         This makes benchmarks progress by 1-2% here and there. Nothing massive.
2721
2722         * dfg/DFGLivenessAnalysisPhase.cpp:
2723         (JSC::DFG::LivenessAnalysisPhase::process):
2724         The m_live HashSet is only useful per block. When we are done with it,
2725         we can transfer it to liveAtHead to avoid a copy.
2726
2727 2015-08-01  Saam barati  <saambarati1@gmail.com>
2728
2729         Unreviewed. Remove unintentional "print" statement in test case.
2730         https://bugs.webkit.org/show_bug.cgi?id=142567
2731
2732         * tests/stress/class-syntax-definition-semantics.js:
2733         (shouldBeSyntaxError):
2734
2735 2015-07-31  Alex Christensen  <achristensen@webkit.org>
2736
2737         Prepare for VS2015
2738         https://bugs.webkit.org/show_bug.cgi?id=146579
2739
2740         Reviewed by Jon Honeycutt.
2741
2742         * heap/Heap.h:
2743         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
2744
2745 2015-07-31  Saam barati  <saambarati1@gmail.com>
2746
2747         ES6 class syntax should use block scoping
2748         https://bugs.webkit.org/show_bug.cgi?id=142567
2749
2750         Reviewed by Geoffrey Garen.
2751
2752         We treat class declarations like we do "let" declarations.
2753         The class name is under TDZ until the class declaration
2754         statement is evaluated. Class declarations also follow
2755         the same rules as "let": No duplicate definitions inside
2756         a lexical environment.
2757
2758         * parser/ASTBuilder.h:
2759         (JSC::ASTBuilder::createClassDeclStatement):
2760         * parser/Parser.cpp:
2761         (JSC::Parser<LexerType>::parseClassDeclaration):
2762         * tests/stress/class-syntax-block-scoping.js: Added.
2763         (assert):
2764         (truth):
2765         (.):
2766         * tests/stress/class-syntax-definition-semantics.js: Added.
2767         (shouldBeSyntaxError):
2768         (shouldNotBeSyntaxError):
2769         (truth):
2770         * tests/stress/class-syntax-tdz.js:
2771         (assert):
2772         (shouldThrowTDZ):
2773         (truth):
2774         (.):
2775
2776 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2777
2778         Implement WebAssembly module parser
2779         https://bugs.webkit.org/show_bug.cgi?id=147293
2780
2781         Reviewed by Mark Lam.
2782
2783         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
2784         include file: 'JSWASMModule.h'" issue on Windows.
2785
2786         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2787         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2788         the magic number at the beginning of the files. Parsing of the rest will be
2789         implemented in a subsequent patch.
2790
2791         * CMakeLists.txt:
2792         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2793         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2794         * JavaScriptCore.xcodeproj/project.pbxproj:
2795         * jsc.cpp:
2796         (GlobalObject::finishCreation):
2797         (functionLoadWebAssembly):
2798         * parser/SourceProvider.h:
2799         (JSC::WebAssemblySourceProvider::create):
2800         (JSC::WebAssemblySourceProvider::data):
2801         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2802         * runtime/JSGlobalObject.cpp:
2803         (JSC::JSGlobalObject::init):
2804         (JSC::JSGlobalObject::visitChildren):
2805         * runtime/JSGlobalObject.h:
2806         (JSC::JSGlobalObject::wasmModuleStructure):
2807         * wasm/WASMMagicNumber.h: Added.
2808         * wasm/WASMModuleParser.cpp: Added.
2809         (JSC::WASMModuleParser::WASMModuleParser):
2810         (JSC::WASMModuleParser::parse):
2811         (JSC::WASMModuleParser::parseModule):
2812         (JSC::parseWebAssembly):
2813         * wasm/WASMModuleParser.h: Added.
2814         * wasm/WASMReader.cpp: Added.
2815         (JSC::WASMReader::readUnsignedInt32):
2816         (JSC::WASMReader::readFloat):
2817         (JSC::WASMReader::readDouble):
2818         * wasm/WASMReader.h: Added.
2819         (JSC::WASMReader::WASMReader):
2820
2821 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2822
2823         Add the "wasm" directory to the Additional Include Directories for jsc.exe
2824         https://bugs.webkit.org/show_bug.cgi?id=147443
2825
2826         Reviewed by Mark Lam.
2827
2828         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
2829         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
2830
2831         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2832
2833 2015-07-30  Chris Dumez  <cdumez@apple.com>
2834
2835         Mark more classes as fast allocated
2836         https://bugs.webkit.org/show_bug.cgi?id=147440
2837
2838         Reviewed by Sam Weinig.
2839
2840         Mark more classes as fast allocated for performance. We heap-allocate
2841         objects of those types throughout the code base.
2842
2843         * API/JSCallbackObject.h:
2844         * API/ObjCCallbackFunction.mm:
2845         * bytecode/BytecodeKills.h:
2846         * bytecode/BytecodeLivenessAnalysis.h:
2847         * bytecode/CallLinkStatus.h:
2848         * bytecode/FullBytecodeLiveness.h:
2849         * bytecode/SamplingTool.h:
2850         * bytecompiler/BytecodeGenerator.h:
2851         * dfg/DFGBasicBlock.h:
2852         * dfg/DFGBlockMap.h:
2853         * dfg/DFGInPlaceAbstractState.h:
2854         * dfg/DFGThreadData.h:
2855         * heap/HeapVerifier.h:
2856         * heap/SlotVisitor.h:
2857         * parser/Lexer.h:
2858         * runtime/ControlFlowProfiler.h:
2859         * runtime/TypeProfiler.h:
2860         * runtime/TypeProfilerLog.h:
2861         * runtime/Watchdog.h:
2862
2863 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
2864
2865         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
2866         https://bugs.webkit.org/show_bug.cgi?id=147433
2867         rdar://problem/21668986
2868
2869         Reviewed by Mark Lam.
2870
2871         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
2872         currently that's not what it does - it emits a SetArgument for every argument that a varargs
2873         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
2874         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
2875         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
2876         have a PutStack.
2877
2878         This fixes the bug by removing the code to optimize away PutStacks in
2879         ArgumentsEliminationPhase.
2880
2881         * dfg/DFGArgumentsEliminationPhase.cpp:
2882         * tests/stress/varargs-inlining-underflow.js: Added.
2883         (baz):
2884         (bar):
2885         (foo):
2886
2887 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
2888
2889         Implement basic types for ECMAScript Internationalization API
2890         https://bugs.webkit.org/show_bug.cgi?id=146926
2891
2892         Reviewed by Benjamin Poulain.
2893
2894         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
2895         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
2896
2897         * CMakeLists.txt: Added new Intl files.
2898         * Configurations/FeatureDefines.xcconfig: Enable INTL.
2899         * DerivedSources.make: Added Intl files.
2900         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
2901         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
2902         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
2903         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
2904         * runtime/DateConstructor.cpp: Made Date.now public.
2905         * runtime/DateConstructor.h: Made Date.now public.
2906         * runtime/IntlCollator.cpp: Added.
2907         (JSC::IntlCollator::create):
2908         (JSC::IntlCollator::createStructure):
2909         (JSC::IntlCollator::IntlCollator):
2910         (JSC::IntlCollator::finishCreation):
2911         (JSC::IntlCollator::destroy):
2912         (JSC::IntlCollator::visitChildren):
2913         (JSC::IntlCollator::setBoundCompare):
2914         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
2915         * runtime/IntlCollator.h: Added.
2916         (JSC::IntlCollator::constructor):
2917         (JSC::IntlCollator::boundCompare):
2918         * runtime/IntlCollatorConstructor.cpp: Added.
2919         (JSC::IntlCollatorConstructor::create):
2920         (JSC::IntlCollatorConstructor::createStructure):
2921         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
2922         (JSC::IntlCollatorConstructor::finishCreation):
2923         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
2924         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
2925         (JSC::IntlCollatorConstructor::getConstructData):
2926         (JSC::IntlCollatorConstructor::getCallData):
2927         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2928         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2929         (JSC::IntlCollatorConstructor::visitChildren):
2930         * runtime/IntlCollatorConstructor.h: Added.
2931         (JSC::IntlCollatorConstructor::collatorStructure):
2932         * runtime/IntlCollatorPrototype.cpp: Added.
2933         (JSC::IntlCollatorPrototype::create):
2934         (JSC::IntlCollatorPrototype::createStructure):
2935         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
2936         (JSC::IntlCollatorPrototype::finishCreation):
2937         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
2938         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
2939         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2940         * runtime/IntlCollatorPrototype.h: Added.
2941         * runtime/IntlDateTimeFormat.cpp: Added.
2942         (JSC::IntlDateTimeFormat::create):
2943         (JSC::IntlDateTimeFormat::createStructure):
2944         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
2945         (JSC::IntlDateTimeFormat::finishCreation):
2946         (JSC::IntlDateTimeFormat::destroy):
2947         (JSC::IntlDateTimeFormat::visitChildren):
2948         (JSC::IntlDateTimeFormat::setBoundFormat):
2949         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
2950         * runtime/IntlDateTimeFormat.h: Added.
2951         (JSC::IntlDateTimeFormat::constructor):
2952         (JSC::IntlDateTimeFormat::boundFormat):
2953         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
2954         (JSC::IntlDateTimeFormatConstructor::create):
2955         (JSC::IntlDateTimeFormatConstructor::createStructure):
2956         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
2957         (JSC::IntlDateTimeFormatConstructor::finishCreation):
2958         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2959         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2960         (JSC::IntlDateTimeFormatConstructor::getConstructData):
2961         (JSC::IntlDateTimeFormatConstructor::getCallData):
2962         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2963         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2964         (JSC::IntlDateTimeFormatConstructor::visitChildren):
2965         * runtime/IntlDateTimeFormatConstructor.h: Added.
2966         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
2967         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
2968         (JSC::IntlDateTimeFormatPrototype::create):
2969         (JSC::IntlDateTimeFormatPrototype::createStructure):
2970         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
2971         (JSC::IntlDateTimeFormatPrototype::finishCreation):
2972         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2973         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
2974         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2975         * runtime/IntlDateTimeFormatPrototype.h: Added.
2976         * runtime/IntlNumberFormat.cpp: Added.
2977         (JSC::IntlNumberFormat::create):
2978         (JSC::IntlNumberFormat::createStructure):
2979         (JSC::IntlNumberFormat::IntlNumberFormat):
2980         (JSC::IntlNumberFormat::finishCreation):
2981         (JSC::IntlNumberFormat::destroy):
2982         (JSC::IntlNumberFormat::visitChildren):
2983         (JSC::IntlNumberFormat::setBoundFormat):
2984         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
2985         * runtime/IntlNumberFormat.h: Added.
2986         (JSC::IntlNumberFormat::constructor):
2987         (JSC::IntlNumberFormat::boundFormat):
2988         * runtime/IntlNumberFormatConstructor.cpp: Added.
2989         (JSC::IntlNumberFormatConstructor::create):
2990         (JSC::IntlNumberFormatConstructor::createStructure):
2991         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
2992         (JSC::IntlNumberFormatConstructor::finishCreation):
2993         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2994         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2995         (JSC::IntlNumberFormatConstructor::getConstructData):
2996         (JSC::IntlNumberFormatConstructor::getCallData):
2997         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2998         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2999         (JSC::IntlNumberFormatConstructor::visitChildren):
3000         * runtime/IntlNumberFormatConstructor.h: Added.
3001         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
3002         * runtime/IntlNumberFormatPrototype.cpp: Added.
3003         (JSC::IntlNumberFormatPrototype::create):
3004         (JSC::IntlNumberFormatPrototype::createStructure):
3005         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
3006         (JSC::IntlNumberFormatPrototype::finishCreation):
3007         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
3008         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
3009         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
3010         * runtime/IntlNumberFormatPrototype.h: Added.
3011         * runtime/IntlObject.cpp:
3012         (JSC::IntlObject::create):
3013         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
3014         (JSC::IntlObject::visitChildren):
3015         * runtime/IntlObject.h:
3016         (JSC::IntlObject::collatorConstructor):
3017         (JSC::IntlObject::collatorPrototype):
3018         (JSC::IntlObject::collatorStructure):
3019         (JSC::IntlObject::numberFormatConstructor):
3020         (JSC::IntlObject::numberFormatPrototype):
3021         (JSC::IntlObject::numberFormatStructure):
3022         (JSC::IntlObject::dateTimeFormatConstructor):
3023         (JSC::IntlObject::dateTimeFormatPrototype):
3024         (JSC::IntlObject::dateTimeFormatStructure):
3025         * runtime/JSGlobalObject.cpp:
3026         (JSC::JSGlobalObject::init):
3027
3028 2015-07-29  Commit Queue  <commit-queue@webkit.org>
3029
3030         Unreviewed, rolling out r187550.
3031         https://bugs.webkit.org/show_bug.cgi?id=147420
3032
3033         Broke Windows build (again) (Requested by smfr on #webkit).
3034
3035         Reverted changeset:
3036
3037         "Implement WebAssembly module parser"
3038         https://bugs.webkit.org/show_bug.cgi?id=147293
3039         http://trac.webkit.org/changeset/187550
3040
3041 2015-07-29  Basile Clement  <basile_clement@apple.com>
3042
3043         Remove native call inlining
3044         https://bugs.webkit.org/show_bug.cgi?id=147417
3045
3046         Rubber Stamped by Filip Pizlo.
3047
3048         * CMakeLists.txt:
3049         * dfg/DFGAbstractInterpreterInlines.h:
3050         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
3051         * dfg/DFGByteCodeParser.cpp:
3052         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
3053         * dfg/DFGClobberize.h:
3054         (JSC::DFG::clobberize): Deleted.
3055         * dfg/DFGDoesGC.cpp:
3056         (JSC::DFG::doesGC): Deleted.
3057         * dfg/DFGFixupPhase.cpp:
3058         (JSC::DFG::FixupPhase::fixupNode): Deleted.
3059         * dfg/DFGNode.h:
3060         (JSC::DFG::Node::hasHeapPrediction): Deleted.
3061         (JSC::DFG::Node::hasCellOperand): Deleted.
3062         * dfg/DFGNodeType.h:
3063         * dfg/DFGPredictionPropagationPhase.cpp:
3064         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
3065         * dfg/DFGSafeToExecute.h:
3066         (JSC::DFG::safeToExecute): Deleted.
3067         * dfg/DFGSpeculativeJIT32_64.cpp:
3068         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3069         * dfg/DFGSpeculativeJIT64.cpp:
3070         (JSC::DFG::SpeculativeJIT::compile): Deleted.
3071         * ftl/FTLCapabilities.cpp:
3072         (JSC::FTL::canCompile): Deleted.
3073         * ftl/FTLLowerDFGToLLVM.cpp:
3074         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
3075         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
3076         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
3077         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
3078         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
3079         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
3080         * ftl/FTLState.cpp:
3081         (JSC::FTL::State::State): Deleted.
3082         * ftl/FTLState.h:
3083         * runtime/BundlePath.cpp: Removed.
3084         (JSC::bundlePath): Deleted.
3085         * runtime/JSDataViewPrototype.cpp:
3086         (JSC::getData):
3087         (JSC::setData):
3088         * runtime/Options.h:
3089
3090 2015-07-29  Basile Clement  <basile_clement@apple.com>
3091
3092         Unreviewed, skipping a test that is too complex for its own good
3093         https://bugs.webkit.org/show_bug.cgi?id=147167
3094
3095         * tests/stress/math-pow-coherency.js:
3096
3097 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3098
3099         Implement WebAssembly module parser
3100         https://bugs.webkit.org/show_bug.cgi?id=147293
3101
3102         Reviewed by Mark Lam.
3103
3104         Reupload the patch, since r187539 should fix the "Cannot open include file:
3105         'JSWASMModule.h'" issue in the Windows build.
3106
3107         * CMakeLists.txt:
3108         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3109         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3110         * JavaScriptCore.xcodeproj/project.pbxproj:
3111         * jsc.cpp:
3112         (GlobalObject::finishCreation):
3113         (functionLoadWebAssembly):
3114         * parser/SourceProvider.h:
3115         (JSC::WebAssemblySourceProvider::create):
3116         (JSC::WebAssemblySourceProvider::data):
3117         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3118         * runtime/JSGlobalObject.cpp:
3119         (JSC::JSGlobalObject::init):
3120         (JSC::JSGlobalObject::visitChildren):
3121         * runtime/JSGlobalObject.h:
3122         (JSC::JSGlobalObject::wasmModuleStructure):
3123         * wasm/WASMMagicNumber.h: Added.
3124         * wasm/WASMModuleParser.cpp: Added.
3125         (JSC::WASMModuleParser::WASMModuleParser):
3126         (JSC::WASMModuleParser::parse):
3127         (JSC::WASMModuleParser::parseModule):
3128         (JSC::parseWebAssembly):
3129         * wasm/WASMModuleParser.h: Added.
3130         * wasm/WASMReader.cpp: Added.
3131         (JSC::WASMReader::readUnsignedInt32):
3132         (JSC::WASMReader::readFloat):
3133         (JSC::WASMReader::readDouble):
3134         * wasm/WASMReader.h: Added.
3135         (JSC::WASMReader::WASMReader):
3136
3137 2015-07-29  Basile Clement  <basile_clement@apple.com>
3138
3139         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
3140         https://bugs.webkit.org/show_bug.cgi?id=147167
3141
3142         * tests/stress/math-pow-coherency.js:
3143
3144 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3145
3146         Add the "wasm" directory to Visual Studio project files
3147         https://bugs.webkit.org/show_bug.cgi?id=147400
3148
3149         Reviewed by Simon Fraser.
3150
3151         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
3152         in the Windows build.
3153
3154         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3155         * JavaScriptCore.vcxproj/copy-files.cmd:
3156
3157 2015-07-28  Commit Queue  <commit-queue@webkit.org>
3158
3159         Unreviewed, rolling out r187531.
3160         https://bugs.webkit.org/show_bug.cgi?id=147397
3161
3162         Broke Windows bild (Requested by smfr on #webkit).
3163
3164         Reverted changeset:
3165
3166         "Implement WebAssembly module parser"
3167         https://bugs.webkit.org/show_bug.cgi?id=147293
3168         http://trac.webkit.org/changeset/187531
3169
3170 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
3171
3172         Speed up the Stringifier::toJSON() fast case
3173         https://bugs.webkit.org/show_bug.cgi?id=147383
3174
3175         Reviewed by Andreas Kling.
3176
3177         * runtime/JSONObject.cpp:
3178         (JSC::Stringifier::toJSON):
3179         (JSC::Stringifier::toJSONImpl):
3180
3181 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
3182
3183         Implement WebAssembly module parser
3184         https://bugs.webkit.org/show_bug.cgi?id=147293
3185
3186         Reviewed by Geoffrey Garen.
3187
3188         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
3189         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
3190         the magic number at the beginning of the files. Parsing of the rest will be
3191         implemented in a subsequent patch.
3192
3193         * CMakeLists.txt:
3194         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3195         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3196         * JavaScriptCore.xcodeproj/project.pbxproj:
3197         * jsc.cpp:
3198         (GlobalObject::finishCreation):
3199         (functionLoadWebAssembly):
3200         * parser/SourceProvider.h:
3201         (JSC::WebAssemblySourceProvider::create):
3202         (JSC::WebAssemblySourceProvider::data):
3203         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
3204         * runtime/JSGlobalObject.cpp:
3205         (JSC::JSGlobalObject::init):
3206         (JSC::JSGlobalObject::visitChildren):
3207         * runtime/JSGlobalObject.h:
3208         (JSC::JSGlobalObject::wasmModuleStructure):
3209         * wasm/WASMMagicNumber.h: Added.
3210         * wasm/WASMModuleParser.cpp: Added.
3211         (JSC::WASMModuleParser::WASMModuleParser):
3212         (JSC::WASMModuleParser::parse):
3213         (JSC::WASMModuleParser::parseModule):
3214         (JSC::parseWebAssembly):
3215         * wasm/WASMModuleParser.h: Added.
3216         * wasm/WASMReader.cpp: Added.
3217         (JSC::WASMReader::readUnsignedInt32):
3218         (JSC::WASMReader::readFloat):
3219         (JSC::WASMReader::readDouble):
3220         * wasm/WASMReader.h: Added.
3221         (JSC::WASMReader::WASMReader):
3222
3223 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
3224
3225         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
3226         https://bugs.webkit.org/show_bug.cgi?id=147350
3227
3228         Reviewed by Sam Weinig.
3229
3230         * Configurations/FeatureDefines.xcconfig:
3231
3232 2015-07-28  Saam barati  <saambarati1@gmail.com>
3233
3234         Make the type profiler work with lexical scoping and add tests
3235         https://bugs.webkit.org/show_bug.cgi?id=145438
3236
3237         Reviewed by Geoffrey Garen.
3238
3239         op_profile_type now knows how to resolve variables allocated within
3240         the local scope stack. This means it knows how to resolve "let"
3241         and "const" variables. Also, some refactoring was done inside
3242         the BytecodeGenerator to make writing code to support the type
3243         profiler much simpler and clearer.
3244
3245         * bytecode/CodeBlock.cpp:
3246         (JSC::CodeBlock::CodeBlock):
3247         * bytecode/CodeBlock.h:
3248         (JSC::CodeBlock::symbolTable): Deleted.
3249         * bytecode/UnlinkedCodeBlock.h:
3250         (JSC::UnlinkedCodeBlock::addExceptionHandler):
3251         (JSC::UnlinkedCodeBlock::exceptionHandler):
3252         (JSC::UnlinkedCodeBlock::vm):
3253         (JSC::UnlinkedCodeBlock::addArrayProfile):
3254         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
3255         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
3256         * bytecompiler/BytecodeGenerator.cpp:
3257         (JSC::BytecodeGenerator::BytecodeGenerator):
3258         (JSC::BytecodeGenerator::emitMove):
3259         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
3260         (JSC::BytecodeGenerator::emitProfileType):
3261         (JSC::BytecodeGenerator::emitProfileControlFlow):
3262         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3263         * bytecompiler/BytecodeGenerator.h:
3264         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
3265         * bytecompiler/NodesCodegen.cpp:
3266         (JSC::ThisNode::emitBytecode):
3267         (JSC::ResolveNode::emitBytecode):
3268         (JSC::BracketAccessorNode::emitBytecode):
3269         (JSC::DotAccessorNode::emitBytecode):
3270         (JSC::FunctionCallValueNode::emitBytecode):
3271         (JSC::FunctionCallResolveNode::emitBytecode):
3272         (JSC::FunctionCallBracketNode::emitBytecode):
3273         (JSC::FunctionCallDotNode::emitBytecode):
3274         (JSC::CallFunctionCallDotNode::emitBytecode):
3275         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3276         (JSC::PostfixNode::emitResolve):
3277         (JSC::PostfixNode::emitBracket):
3278         (JSC::PostfixNode::emitDot):
3279         (JSC::PrefixNode::emitResolve):
3280         (JSC::PrefixNode::emitBracket):
3281         (JSC::PrefixNode::emitDot):
3282         (JSC::ReadModifyResolveNode::emitBytecode):
3283         (JSC::AssignResolveNode::emitBytecode):
3284         (JSC::AssignDotNode::emitBytecode):
3285         (JSC::ReadModifyDotNode::emitBytecode):
3286         (JSC::AssignBracketNode::emitBytecode):
3287         (JSC::ReadModifyBracketNode::emitBytecode):
3288         (JSC::EmptyVarExpression::emitBytecode):
3289         (JSC::EmptyLetExpression::emitBytecode):
3290         (JSC::ForInNode::emitLoopHeader):
3291         (JSC::ForOfNode::emitBytecode):
3292         (JSC::ReturnNode::emitBytecode):
3293         (JSC::FunctionNode::emitBytecode):
3294         (JSC::BindingNode::bindValue):
3295         * dfg/DFGSpeculativeJIT32_64.cpp:
3296         (JSC::DFG::SpeculativeJIT::compile):
3297         * dfg/DFGSpeculativeJIT64.cpp:
3298         (JSC::DFG::SpeculativeJIT::compile):
3299         * jit/JITOpcodes.cpp:
3300         (JSC::JIT::emit_op_profile_type):
3301         * jit/JITOpcodes32_64.cpp:
3302         (JSC::JIT::emit_op_profile_type):
3303         * llint/LowLevelInterpreter32_64.asm:
3304         * llint/LowLevelInterpreter64.asm:
3305         * tests/typeProfiler/es6-block-scoping.js: Added.
3306         (noop):
3307         (arr):
3308         (wrapper.changeFoo):
3309         (wrapper.scoping):
3310         (wrapper.scoping2):
3311         (wrapper):
3312         * tests/typeProfiler/es6-classes.js: Added.
3313         (noop):
3314         (wrapper.Animal):
3315         (wrapper.Animal.prototype.methodA):
3316         (wrapper.Dog):
3317         (wrapper.Dog.prototype.methodB):
3318         (wrapper):
3319
3320 2015-07-28  Saam barati  <saambarati1@gmail.com>
3321
3322         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
3323         https://bugs.webkit.org/show_bug.cgi?id=146979
3324
3325         Reviewed by Geoffrey Garen.
3326
3327         Now that BytecodeGenerator has a notion of local scope depth,
3328         we can easily implement a catch scope that doesn't claim that
3329         all variables are dynamically scoped. This means that functions
3330         that use try/catch can have local variable resolution. This also
3331         means that all functions that use try/catch don't have all
3332         their variables marked as being captured.
3333
3334         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
3335         single variable. Catch scopes are now just JSLexicalEnvironments and the 
3336         symbol table backing the catch scope knows that it corresponds to a catch scope.
3337
3338         * CMakeLists.txt:
3339         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3340         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3341         * JavaScriptCore.xcodeproj/project.pbxproj:
3342         * bytecode/CodeBlock.cpp:
3343         (JSC::CodeBlock::dumpBytecode):
3344         * bytecode/EvalCodeCache.h:
3345         (JSC::EvalCodeCache::isCacheable):
3346         * bytecompiler/BytecodeGenerator.cpp:
3347         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
3348         (JSC::BytecodeGenerator::emitLoadGlobalObject):
3349         (JSC::BytecodeGenerator::pushLexicalScope):
3350         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
3351         (JSC::BytecodeGenerator::popLexicalScope):
3352         (JSC::BytecodeGenerator::popLexicalScopeInternal):
3353      &