96118be30fd80724b3b2d407c8d11e3c44add3bd
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-21  Matthew Mirman  <mmirman@apple.com>
2
3         Updated split such that it does not include the empty end of input string match.
4         https://bugs.webkit.org/show_bug.cgi?id=138129
5         <rdar://problem/18807403>
6
7         Reviewed by Filip Pizlo.
8
9         * runtime/StringPrototype.cpp:
10         (JSC::stringProtoFuncSplit):
11         * tests/stress/empty_eos_regex_split.js: Added.
12
13 2015-01-21  Michael Saboff  <msaboff@apple.com>
14
15         Eliminate Scope slot from JavaScript CallFrame
16         https://bugs.webkit.org/show_bug.cgi?id=136724
17
18         Reviewed by Geoffrey Garen.
19
20         This finishes the removal of the scope chain slot from the call frame header.
21
22         * dfg/DFGOSRExitCompilerCommon.cpp:
23         (JSC::DFG::reifyInlinedCallFrames):
24         * dfg/DFGPreciseLocalClobberize.h:
25         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
26         * dfg/DFGSpeculativeJIT32_64.cpp:
27         (JSC::DFG::SpeculativeJIT::emitCall):
28         * dfg/DFGSpeculativeJIT64.cpp:
29         (JSC::DFG::SpeculativeJIT::emitCall):
30         * ftl/FTLJSCall.cpp:
31         (JSC::FTL::JSCall::emit):
32         * ftl/FTLLowerDFGToLLVM.cpp:
33         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
34         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
35         * interpreter/JSStack.h:
36         * interpreter/VMInspector.cpp:
37         (JSC::VMInspector::dumpFrame):
38         * jit/JITCall.cpp:
39         (JSC::JIT::compileOpCall):
40         * jit/JITCall32_64.cpp:
41         (JSC::JIT::compileOpCall):
42         * jit/JITOpcodes32_64.cpp:
43         (JSC::JIT::privateCompileCTINativeCall):
44         * jit/Repatch.cpp:
45         (JSC::generateByIdStub):
46         (JSC::linkClosureCall):
47         * jit/ThunkGenerators.cpp:
48         (JSC::virtualForThunkGenerator):
49         (JSC::nativeForGenerator):
50         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
51         read or set.  In most cases this was where we make JS calls.
52
53         * interpreter/CallFrameClosure.h:
54         (JSC::CallFrameClosure::setArgument):
55         (JSC::CallFrameClosure::resetCallFrame): Deleted.
56         * interpreter/Interpreter.cpp:
57         (JSC::Interpreter::execute):
58         (JSC::Interpreter::executeCall):
59         (JSC::Interpreter::executeConstruct):
60         (JSC::Interpreter::prepareForRepeatCall):
61         * interpreter/ProtoCallFrame.cpp:
62         (JSC::ProtoCallFrame::init):
63         * interpreter/ProtoCallFrame.h:
64         (JSC::ProtoCallFrame::scope): Deleted.
65         (JSC::ProtoCallFrame::setScope): Deleted.
66         * llint/LLIntData.cpp:
67         (JSC::LLInt::Data::performAssertions):
68         * llint/LowLevelInterpreter.asm:
69         * llint/LowLevelInterpreter64.asm:
70         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
71         registers that needed to be copied from the ProtoCallFrame to a callee's frame
72         from 5 to 4.
73
74         * llint/LowLevelInterpreter32_64.asm:
75         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
76
77 2015-01-21  Michael Saboff  <msaboff@apple.com>
78
79         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
80         https://bugs.webkit.org/show_bug.cgi?id=140708
81
82         Reviewed by Mark Lam.
83
84         Eliminated construct methods and change getConstructData() for both classes to return
85         ConstructTypeNone as they can never be called.
86
87         * runtime/NullGetterFunction.cpp:
88         (JSC::NullGetterFunction::getConstructData):
89         (JSC::constructReturnUndefined): Deleted.
90         * runtime/NullSetterFunction.cpp:
91         (JSC::NullSetterFunction::getConstructData):
92         (JSC::constructReturnUndefined): Deleted.
93
94 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
95
96         Remove ENABLE(INSPECTOR) ifdef guards
97         https://bugs.webkit.org/show_bug.cgi?id=140668
98
99         Reviewed by Darin Adler.
100
101         * Configurations/FeatureDefines.xcconfig:
102         * bindings/ScriptValue.cpp:
103         (Deprecated::ScriptValue::toInspectorValue):
104         * bindings/ScriptValue.h:
105         * inspector/ConsoleMessage.cpp:
106         * inspector/ConsoleMessage.h:
107         * inspector/ContentSearchUtilities.cpp:
108         * inspector/ContentSearchUtilities.h:
109         * inspector/IdentifiersFactory.cpp:
110         * inspector/IdentifiersFactory.h:
111         * inspector/InjectedScript.cpp:
112         * inspector/InjectedScript.h:
113         * inspector/InjectedScriptBase.cpp:
114         * inspector/InjectedScriptBase.h:
115         * inspector/InjectedScriptHost.cpp:
116         * inspector/InjectedScriptHost.h:
117         * inspector/InjectedScriptManager.cpp:
118         * inspector/InjectedScriptManager.h:
119         * inspector/InjectedScriptModule.cpp:
120         * inspector/InjectedScriptModule.h:
121         * inspector/InspectorAgentRegistry.cpp:
122         * inspector/InspectorBackendDispatcher.cpp:
123         * inspector/InspectorBackendDispatcher.h:
124         * inspector/InspectorProtocolTypes.h:
125         * inspector/JSGlobalObjectConsoleClient.cpp:
126         * inspector/JSGlobalObjectInspectorController.cpp:
127         * inspector/JSGlobalObjectInspectorController.h:
128         * inspector/JSGlobalObjectScriptDebugServer.cpp:
129         * inspector/JSGlobalObjectScriptDebugServer.h:
130         * inspector/JSInjectedScriptHost.cpp:
131         * inspector/JSInjectedScriptHost.h:
132         * inspector/JSInjectedScriptHostPrototype.cpp:
133         * inspector/JSInjectedScriptHostPrototype.h:
134         * inspector/JSJavaScriptCallFrame.cpp:
135         * inspector/JSJavaScriptCallFrame.h:
136         * inspector/JSJavaScriptCallFramePrototype.cpp:
137         * inspector/JSJavaScriptCallFramePrototype.h:
138         * inspector/JavaScriptCallFrame.cpp:
139         * inspector/JavaScriptCallFrame.h:
140         * inspector/ScriptCallFrame.cpp:
141         (Inspector::ScriptCallFrame::buildInspectorObject):
142         * inspector/ScriptCallFrame.h:
143         * inspector/ScriptCallStack.cpp:
144         (Inspector::ScriptCallStack::buildInspectorArray):
145         * inspector/ScriptCallStack.h:
146         * inspector/ScriptDebugServer.cpp:
147         * inspector/agents/InspectorAgent.cpp:
148         * inspector/agents/InspectorAgent.h:
149         * inspector/agents/InspectorConsoleAgent.cpp:
150         * inspector/agents/InspectorConsoleAgent.h:
151         * inspector/agents/InspectorDebuggerAgent.cpp:
152         * inspector/agents/InspectorDebuggerAgent.h:
153         * inspector/agents/InspectorRuntimeAgent.cpp:
154         * inspector/agents/InspectorRuntimeAgent.h:
155         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
156         * inspector/agents/JSGlobalObjectConsoleAgent.h:
157         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
158         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
159         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
160         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
161         * inspector/scripts/codegen/cpp_generator_templates.py:
162         (CppGeneratorTemplates):
163         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
164         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
165         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
166         * inspector/scripts/tests/expected/enum-values.json-result:
167         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
168         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
169         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
170         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
171         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
172         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
173         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
174         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
175         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
176         * runtime/TypeSet.cpp:
177         (JSC::TypeSet::inspectorTypeSet):
178         (JSC::StructureShape::inspectorRepresentation):
179
180 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
181
182         Web Inspector: Clean up InjectedScriptSource.js
183         https://bugs.webkit.org/show_bug.cgi?id=140709
184
185         Reviewed by Timothy Hatcher.
186
187         This patch includes some relevant Blink patches and small changes.
188         
189         Patch by <aandrey@chromium.org>
190         DevTools: Remove console last result $_ on console clear.
191         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
192
193         Patch by <eustas@chromium.org>
194         [Inspect DOM properties] incorrect CSS Selector Syntax
195         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
196
197         * inspector/InjectedScriptSource.js:
198
199 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
200
201         Web Inspector: Cleanup RuntimeAgent a bit
202         https://bugs.webkit.org/show_bug.cgi?id=140706
203
204         Reviewed by Timothy Hatcher.
205
206         * inspector/InjectedScript.h:
207         * inspector/InspectorBackendDispatcher.h:
208         * inspector/ScriptCallFrame.cpp:
209         * inspector/agents/InspectorRuntimeAgent.cpp:
210         (Inspector::InspectorRuntimeAgent::evaluate):
211         (Inspector::InspectorRuntimeAgent::getProperties):
212         (Inspector::InspectorRuntimeAgent::run):
213         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
214         (Inspector::recompileAllJSFunctionsForTypeProfiling):
215         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
216
217 2015-01-20  Matthew Mirman  <mmirman@apple.com>
218
219         Made Identity in the DFG allocate a new temp register and move 
220         the old data to it.
221         https://bugs.webkit.org/show_bug.cgi?id=140700
222         <rdar://problem/19339106>
223
224         Reviewed by Filip Pizlo.
225
226         * dfg/DFGSpeculativeJIT64.cpp:
227         (JSC::DFG::SpeculativeJIT::compile): 
228         Added scratch registers for Identity. 
229         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
230
231 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
232
233         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
234         https://bugs.webkit.org/show_bug.cgi?id=137306
235
236         Reviewed by Timothy Hatcher.
237
238         Provide another optional parameter to getProperties, to gather a list
239         of all own and getter properties.
240
241         * inspector/InjectedScript.cpp:
242         (Inspector::InjectedScript::getProperties):
243         * inspector/InjectedScript.h:
244         * inspector/InjectedScriptSource.js:
245         * inspector/agents/InspectorRuntimeAgent.cpp:
246         (Inspector::InspectorRuntimeAgent::getProperties):
247         * inspector/agents/InspectorRuntimeAgent.h:
248         * inspector/protocol/Runtime.json:
249
250 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
251
252         Web Inspector: Should show dynamic specificity values
253         https://bugs.webkit.org/show_bug.cgi?id=140647
254
255         Reviewed by Benjamin Poulain.
256
257         * inspector/protocol/CSS.json:
258         Clarify CSSSelector optional values and add "dynamic" property indicating
259         if the selector can be dynamic based on the element it is matched against.
260
261 2015-01-20  Commit Queue  <commit-queue@webkit.org>
262
263         Unreviewed, rolling out r178751.
264         https://bugs.webkit.org/show_bug.cgi?id=140694
265
266         Caused 32-bit JSC test failures (Requested by JoePeck on
267         #webkit).
268
269         Reverted changeset:
270
271         "put_by_val_direct need to check the property is index or not
272         for using putDirect / putDirectIndex"
273         https://bugs.webkit.org/show_bug.cgi?id=140426
274         http://trac.webkit.org/changeset/178751
275
276 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
277
278         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
279         https://bugs.webkit.org/show_bug.cgi?id=140426
280
281         Reviewed by Geoffrey Garen.
282
283         In the put_by_val_direct operation, we use JSObject::putDirect.
284         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
285         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
286         It forces callers to check the value is index or not explicitly.
287         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
288
289         * bytecode/GetByIdStatus.cpp:
290         (JSC::GetByIdStatus::computeFor):
291         * bytecode/PutByIdStatus.cpp:
292         (JSC::PutByIdStatus::computeFor):
293         * bytecompiler/BytecodeGenerator.cpp:
294         (JSC::BytecodeGenerator::emitDirectPutById):
295         * dfg/DFGOperations.cpp:
296         (JSC::DFG::operationPutByValInternal):
297         * jit/JITOperations.cpp:
298         * jit/Repatch.cpp:
299         (JSC::emitPutTransitionStubAndGetOldStructure):
300         * jsc.cpp:
301         * llint/LLIntSlowPaths.cpp:
302         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
303         * runtime/Arguments.cpp:
304         (JSC::Arguments::getOwnPropertySlot):
305         (JSC::Arguments::put):
306         (JSC::Arguments::deleteProperty):
307         (JSC::Arguments::defineOwnProperty):
308         * runtime/ArrayPrototype.cpp:
309         (JSC::arrayProtoFuncSort):
310         * runtime/JSArray.cpp:
311         (JSC::JSArray::defineOwnProperty):
312         * runtime/JSCJSValue.cpp:
313         (JSC::JSValue::putToPrimitive):
314         * runtime/JSGenericTypedArrayViewInlines.h:
315         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
316         (JSC::JSGenericTypedArrayView<Adaptor>::put):
317         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
318         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
319         * runtime/JSObject.cpp:
320         (JSC::JSObject::put):
321         (JSC::JSObject::putDirectAccessor):
322         (JSC::JSObject::putDirectCustomAccessor):
323         (JSC::JSObject::deleteProperty):
324         (JSC::JSObject::putDirectMayBeIndex):
325         (JSC::JSObject::defineOwnProperty):
326         * runtime/JSObject.h:
327         (JSC::JSObject::getOwnPropertySlot):
328         (JSC::JSObject::getPropertySlot):
329         (JSC::JSObject::putDirectInternal):
330         * runtime/JSString.cpp:
331         (JSC::JSString::getStringPropertyDescriptor):
332         * runtime/JSString.h:
333         (JSC::JSString::getStringPropertySlot):
334         * runtime/LiteralParser.cpp:
335         (JSC::LiteralParser<CharType>::parse):
336         * runtime/PropertyName.h:
337         (JSC::toUInt32FromCharacters):
338         (JSC::toUInt32FromStringImpl):
339         (JSC::PropertyName::asIndex):
340         * runtime/PropertyNameArray.cpp:
341         (JSC::PropertyNameArray::add):
342         * runtime/StringObject.cpp:
343         (JSC::StringObject::deleteProperty):
344         * runtime/Structure.cpp:
345         (JSC::Structure::prototypeChainMayInterceptStoreTo):
346
347 2015-01-20  Michael Saboff  <msaboff@apple.com>
348
349         REGRESSION(178696): Sporadic crashes while garbage collecting
350         https://bugs.webkit.org/show_bug.cgi?id=140688
351
352         Reviewed by Geoffrey Garen.
353
354         Added missing visitor.append(&thisObject->m_nullSetterFunction).
355
356         * runtime/JSGlobalObject.cpp:
357         (JSC::JSGlobalObject::visitChildren):
358
359 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
360
361         Web Replay: code generator should take supplemental specifications and allow cross-framework references
362         https://bugs.webkit.org/show_bug.cgi?id=136312
363
364         Reviewed by Joseph Pecoraro.
365
366         Some types are shared between replay inputs from different frameworks.
367         Previously, these type declarations were duplicated in every input
368         specification file in which they were used. This caused some type encoding
369         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
370
371         This patch teaches the replay inputs code generator to accept multiple
372         input specification files. Inputs can freely reference types from other
373         frameworks without duplicating declarations.
374
375         On the code generation side, the model could contain types and inputs from
376         frameworks that are not the target framework. Only generate code for the
377         target framework.
378
379         To properly generate cross-framework type encoding traits, use
380         Type.encoding_type_argument in more places, and add the export macro for WebCore
381         and the Test framework.
382
383         Adjust some tests so that enum coverage is preserved by moving the enum types
384         into "Test" (the target framework for tests).
385
386         * JavaScriptCore.vcxproj/copy-files.cmd:
387         For Windows, copy over JSInputs.json as if it were a private header.
388
389         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
390         * replay/JSInputs.json:
391         Put all primitive types and WTF types in this specification file.
392
393         * replay/scripts/CodeGeneratorReplayInputs.py:
394         (Input.__init__):
395         (InputsModel.__init__): Keep track of the input's framework.
396         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
397         and allow either types or inputs to be missing from a single file.
398
399         (InputsModel.parse_type_with_framework):
400         (InputsModel.parse_input_with_framework):
401         (Generator.should_generate_item): Added helper method.
402         (Generator.generate_header): Filter inputs to generate.
403         (Generator.generate_implementation): Filter inputs to generate.
404         (Generator.generate_enum_trait_declaration): Filter enums to generate.
405         Add WEBCORE_EXPORT macro to enum encoding traits.
406
407         (Generator.generate_for_each_macro): Filter inputs to generate.
408         (Generator.generate_enum_trait_implementation): Filter enums to generate.
409         (generate_from_specifications): Added.
410         (generate_from_specifications.parse_json_from_file):
411         (InputsModel.parse_toplevel): Deleted.
412         (InputsModel.parse_type_with_framework_name): Deleted.
413         (InputsModel.parse_input): Deleted.
414         (generate_from_specification): Deleted.
415         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
416         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
417         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
418         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
419         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
420         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
421         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
422         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
423         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
424         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
425         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
426         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
427         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
428         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
429         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
430         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
431         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
432         * replay/scripts/tests/fail-on-duplicate-input-names.json:
433         * replay/scripts/tests/fail-on-duplicate-type-names.json:
434         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
435         * replay/scripts/tests/fail-on-missing-input-member-name.json:
436         * replay/scripts/tests/fail-on-missing-input-name.json:
437         * replay/scripts/tests/fail-on-missing-input-queue.json:
438         * replay/scripts/tests/fail-on-missing-type-mode.json:
439         * replay/scripts/tests/fail-on-missing-type-name.json:
440         * replay/scripts/tests/fail-on-no-inputs.json:
441         Removed, no longer required to be in a single file.
442
443         * replay/scripts/tests/fail-on-no-types.json:
444         Removed, no longer required to be in a single file.
445
446         * replay/scripts/tests/fail-on-unknown-input-queue.json:
447         * replay/scripts/tests/fail-on-unknown-member-type.json:
448         * replay/scripts/tests/fail-on-unknown-type-mode.json:
449         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
450         * replay/scripts/tests/generate-enum-encoding-helpers.json:
451         * replay/scripts/tests/generate-enum-with-guard.json:
452         Include enums that are and are not generated.
453
454         * replay/scripts/tests/generate-enums-with-same-base-name.json:
455         * replay/scripts/tests/generate-event-loop-shape-types.json:
456         * replay/scripts/tests/generate-input-with-guard.json:
457         * replay/scripts/tests/generate-input-with-vector-members.json:
458         * replay/scripts/tests/generate-inputs-with-flags.json:
459         * replay/scripts/tests/generate-memoized-type-modes.json:
460
461 2015-01-20  Tomas Popela  <tpopela@redhat.com>
462
463         [GTK] Cannot compile 2.7.3 on PowerPC machines
464         https://bugs.webkit.org/show_bug.cgi?id=140616
465
466         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
467
468         Reviewed by Csaba Osztrogonác.
469
470         * runtime/BasicBlockLocation.cpp:
471
472 2015-01-19  Michael Saboff  <msaboff@apple.com>
473
474         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
475         https://bugs.webkit.org/show_bug.cgi?id=139418
476
477         Reviewed by Filip Pizlo.
478
479         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
480         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
481
482         * CMakeLists.txt:
483         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
484         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
485         * JavaScriptCore.xcodeproj/project.pbxproj:
486         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
487
488         * runtime/GetterSetter.h:
489         (JSC::GetterSetter::GetterSetter):
490         (JSC::GetterSetter::isSetterNull):
491         (JSC::GetterSetter::setSetter):
492         Change setter instances from using NullGetterFunction to using NullSetterFunction.
493
494         * runtime/JSGlobalObject.cpp:
495         (JSC::JSGlobalObject::init):
496         * runtime/JSGlobalObject.h:
497         (JSC::JSGlobalObject::nullSetterFunction):
498         Added m_nullSetterFunction and accessor.
499
500         * runtime/NullSetterFunction.cpp: Added.
501         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
502         (JSC::GetCallerStrictnessFunctor::operator()):
503         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
504         (JSC::callerIsStrict):
505         Method to determine if the caller is in strict mode.
506
507         (JSC::callReturnUndefined):
508         (JSC::constructReturnUndefined):
509         (JSC::NullSetterFunction::getCallData):
510         (JSC::NullSetterFunction::getConstructData):
511         * runtime/NullSetterFunction.h: Added.
512         (JSC::NullSetterFunction::create):
513         (JSC::NullSetterFunction::createStructure):
514         (JSC::NullSetterFunction::NullSetterFunction):
515         Class with handlers for a null setter.
516
517 2015-01-19  Saam Barati  <saambarati1@gmail.com>
518
519         Web Inspector: Provide a front end for JSC's Control Flow Profiler
520         https://bugs.webkit.org/show_bug.cgi?id=138454
521
522         Reviewed by Timothy Hatcher.
523
524         This patch puts the final touches on what JSC needs to provide
525         for the Web Inspector to show a UI for the control flow profiler.
526
527         * inspector/agents/InspectorRuntimeAgent.cpp:
528         (Inspector::recompileAllJSFunctionsForTypeProfiling):
529         * runtime/ControlFlowProfiler.cpp:
530         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
531         * runtime/FunctionHasExecutedCache.cpp:
532         (JSC::FunctionHasExecutedCache::getFunctionRanges):
533         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
534         * runtime/FunctionHasExecutedCache.h:
535
536 2015-01-19  David Kilzer  <ddkilzer@apple.com>
537
538         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
539         <http://webkit.org/b/140658>
540
541         Reviewed by Filip Pizlo.
542
543         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
544         only when building for 64-bit architectures.
545
546 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
547
548         ClosureCallStubRoutine no longer needs codeOrigin
549         https://bugs.webkit.org/show_bug.cgi?id=140659
550
551         Reviewed by Michael Saboff.
552         
553         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
554         would start with the CodeBlock according to the caller frame's call frame header. But if the
555         call was a closure call, the return PC would be inside some closure call stub. So if the
556         CodeBlock search failed, we would search *all* closure call stub routines to see which one
557         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
558         object. This was all a bunch of madness, and we actually got rid of it - we now determine
559         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
560         argument count.
561         
562         This patch removes the final vestiges of the madness:
563         
564         - Remove the totally unused method declaration for the thing that did the closure call stub
565           search.
566         
567         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
568           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
569           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
570           anymore.
571
572         * bytecode/CodeBlock.h:
573         * jit/ClosureCallStubRoutine.cpp:
574         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
575         * jit/ClosureCallStubRoutine.h:
576         (JSC::ClosureCallStubRoutine::executable):
577         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
578         * jit/Repatch.cpp:
579         (JSC::linkClosureCall):
580
581 2015-01-19  Saam Barati  <saambarati1@gmail.com>
582
583         Basic block start offsets should never be larger than end offsets in the control flow profiler
584         https://bugs.webkit.org/show_bug.cgi?id=140377
585
586         Reviewed by Filip Pizlo.
587
588         The bytecode generator will emit code more than once for some AST nodes. For instance, 
589         the finally block of TryNode will emit two code paths for its finally block: one for 
590         the normal path, and another for the path where an exception is thrown in the catch block. 
591         
592         This repeated code emission of the same AST node previously broke how the control 
593         flow profiler computed text ranges of basic blocks because when the same AST node 
594         is emitted multiple times, there is a good chance that there are ranges that span 
595         from the end offset of one of these duplicated nodes back to the start offset of 
596         the same duplicated node. This caused a basic block range to report a larger start 
597         offset than end offset. This was incorrect. Now, when this situation is encountered 
598         while linking a CodeBlock, the faulty range in question is ignored.
599
600         * bytecode/CodeBlock.cpp:
601         (JSC::CodeBlock::CodeBlock):
602         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
603         * bytecode/CodeBlock.h:
604         * bytecompiler/NodesCodegen.cpp:
605         (JSC::ForInNode::emitMultiLoopBytecode):
606         (JSC::ForOfNode::emitBytecode):
607         (JSC::TryNode::emitBytecode):
608         * parser/Parser.cpp:
609         (JSC::Parser<LexerType>::parseConditionalExpression):
610         * runtime/ControlFlowProfiler.cpp:
611         (JSC::ControlFlowProfiler::ControlFlowProfiler):
612         * runtime/ControlFlowProfiler.h:
613         (JSC::ControlFlowProfiler::dummyBasicBlock):
614
615 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
616
617         [SVG -> OTF Converter] Flip the switch on
618         https://bugs.webkit.org/show_bug.cgi?id=140592
619
620         Reviewed by Antti Koivisto.
621
622         * Configurations/FeatureDefines.xcconfig:
623
624 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
625
626         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
627         https://bugs.webkit.org/show_bug.cgi?id=140512
628
629         Reviewed by Chris Dumez.
630
631         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
632         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
633         input types, and the type traits macro is defined in namespace WTF.
634
635         * replay/NondeterministicInput.h: Make overridden methods public.
636         * replay/scripts/CodeGeneratorReplayInputs.py:
637         (Generator.generate_header):
638         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
639         (Generator.generate_input_type_trait_declaration): Added.
640         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
641         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
642         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
643         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
644         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
645         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
646         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
647         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
648         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
649
650 2015-01-19  Commit Queue  <commit-queue@webkit.org>
651
652         Unreviewed, rolling out r178653.
653         https://bugs.webkit.org/show_bug.cgi?id=140634
654
655         Broke multiple SVG tests on Mountain Lion (Requested by ap on
656         #webkit).
657
658         Reverted changeset:
659
660         "[SVG -> OTF Converter] Flip the switch on"
661         https://bugs.webkit.org/show_bug.cgi?id=140592
662         http://trac.webkit.org/changeset/178653
663
664 2015-01-18  Dean Jackson  <dino@apple.com>
665
666         ES6: Support Array.of construction
667         https://bugs.webkit.org/show_bug.cgi?id=140605
668         <rdar://problem/19513655>
669
670         Reviewed by Geoffrey Garen.
671
672         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
673         specification (15 Jan 2015). The Array.of() method creates a new Array
674         instance with a variable number of arguments, regardless of number or type
675         of the arguments.
676
677         * runtime/ArrayConstructor.cpp:
678         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
679         over the arguments, setting them to the appropriate index.
680
681 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
682
683         [SVG -> OTF Converter] Flip the switch on
684         https://bugs.webkit.org/show_bug.cgi?id=140592
685
686         Reviewed by Antti Koivisto.
687
688         * Configurations/FeatureDefines.xcconfig:
689
690 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
691
692         Web Inspector: highlight data for overlay should use protocol type builders
693         https://bugs.webkit.org/show_bug.cgi?id=129441
694
695         Reviewed by Timothy Hatcher.
696
697         Add a new domain for overlay types.
698
699         * CMakeLists.txt:
700         * DerivedSources.make:
701         * inspector/protocol/OverlayTypes.json: Added.
702
703 2015-01-17  Michael Saboff  <msaboff@apple.com>
704
705         Crash in JSScope::resolve() on tools.ups.com
706         https://bugs.webkit.org/show_bug.cgi?id=140579
707
708         Reviewed by Geoffrey Garen.
709
710         For op_resolve_scope of a global property or variable that needs to check for the var
711         injection check watchpoint, we need to keep the scope around with a Phantom.  The
712         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
713         fired.
714
715         * dfg/DFGByteCodeParser.cpp:
716         (JSC::DFG::ByteCodeParser::parseBlock):
717
718 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
719
720         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
721         https://bugs.webkit.org/show_bug.cgi?id=140557
722
723         Reviewed by Joseph Pecoraro.
724
725         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
726         This makes it longwinded and confusing to use the type in C++ code.
727
728         This patch adds a typedef for array type declarations, so types such as Console::CallStack
729         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
730
731         Some tests were updated to cover array type declarations used as parameters and type members.
732
733         * inspector/ScriptCallStack.cpp: Use the new typedef.
734         (Inspector::ScriptCallStack::buildInspectorArray):
735         * inspector/ScriptCallStack.h:
736         * inspector/scripts/codegen/cpp_generator.py:
737         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
738         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
739         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
740         (_generate_typedefs_for_domain.Inspector):
741         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
742         (ArrayType.__init__):
743         (Protocol.resolve_types):
744         (Protocol.lookup_type_reference):
745         * inspector/scripts/tests/commands-with-async-attribute.json:
746         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
747         * inspector/scripts/tests/events-with-optional-parameters.json:
748         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
749         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
750         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
751         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
752         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
753         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
754         * inspector/scripts/tests/type-declaration-object-type.json:
755
756 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
757
758         Web Replay: purge remaining PassRefPtr uses and minor cleanup
759         https://bugs.webkit.org/show_bug.cgi?id=140456
760
761         Reviewed by Andreas Kling.
762
763         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
764         Remove mistaken uses of AtomicString that were not removed as part of r174113.
765
766         * replay/EmptyInputCursor.h:
767         * replay/InputCursor.h:
768         (JSC::InputCursor::InputCursor):
769
770 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
771
772         Web Inspector: code generator should fail on duplicate parameter and member names
773         https://bugs.webkit.org/show_bug.cgi?id=140555
774
775         Reviewed by Timothy Hatcher.
776
777         * inspector/scripts/codegen/models.py:
778         (find_duplicates): Add a helper function to find duplicates in a list.
779         (Protocol.parse_type_declaration):
780         (Protocol.parse_command):
781         (Protocol.parse_event):
782         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
783         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
784         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
785         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
786         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
787         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
788         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
789         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
790
791 2015-01-16  Michael Saboff  <msaboff@apple.com>
792
793         REGRESSION (r174226): Header on huffingtonpost.com is too large
794         https://bugs.webkit.org/show_bug.cgi?id=140306
795
796         Reviewed by Filip Pizlo.
797
798         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
799         arguments register or whether we need to resolve "arguments".  If the arguments have
800         been captured, then they are stored in the lexical environment and the arguments
801         register is not used.
802
803         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
804         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
805         better indicate what we are checking.
806
807         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
808         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
809         incorrectly calculated the location of the reified callee frame.  This alignment resulted
810         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
811
812         * bytecompiler/BytecodeGenerator.cpp:
813         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
814         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
815         (JSC::BytecodeGenerator::emitCall):
816         (JSC::BytecodeGenerator::emitConstruct):
817         (JSC::BytecodeGenerator::emitEnumeration):
818         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
819         * bytecompiler/BytecodeGenerator.h:
820         * bytecompiler/NodesCodegen.cpp:
821         (JSC::BracketAccessorNode::emitBytecode):
822         (JSC::DotAccessorNode::emitBytecode):
823         (JSC::getArgumentByVal):
824         (JSC::ApplyFunctionCallDotNode::emitBytecode):
825         (JSC::ArrayPatternNode::emitDirectBinding):
826         * dfg/DFGOSRExitCompilerCommon.cpp:
827         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
828         * dfg/DFGOperations.cpp:
829         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
830         * dfg/DFGOperations.h:
831         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
832
833 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
834
835         Remove ENABLE(SQL_DATABASE) guards
836         https://bugs.webkit.org/show_bug.cgi?id=140434
837
838         Reviewed by Darin Adler.
839
840         * CMakeLists.txt:
841         * Configurations/FeatureDefines.xcconfig:
842         * DerivedSources.make:
843         * inspector/protocol/Database.json:
844
845 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
846
847         Web Inspector and regular console use different source code locations for messages
848         https://bugs.webkit.org/show_bug.cgi?id=140478
849
850         Reviewed by Brian Burg.
851
852         * inspector/ConsoleMessage.h: Expose computed source location.
853
854         * inspector/agents/InspectorConsoleAgent.cpp:
855         (Inspector::InspectorConsoleAgent::addMessageToConsole):
856         (Inspector::InspectorConsoleAgent::stopTiming):
857         (Inspector::InspectorConsoleAgent::count):
858         * inspector/agents/InspectorConsoleAgent.h:
859         addMessageToConsole() now takes a pre-made ConsoleMessage object.
860
861         * inspector/JSGlobalObjectConsoleClient.cpp:
862         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
863         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
864         * inspector/JSGlobalObjectInspectorController.cpp:
865         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
866         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
867         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
868         Updated for the above changes.
869
870 2015-01-15  Mark Lam  <mark.lam@apple.com>
871
872         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
873         <https://webkit.org/b/140093>
874
875         Reviewed by Geoffrey Garen.
876
877         * interpreter/StackVisitor.cpp:
878         (JSC::StackVisitor::Frame::createArguments):
879         - We should not fetching the lexicalEnvironment here.  The reason we've
880           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
881           may not be available to us at this point.  Instead, we'll just pass a nullptr.
882
883         * runtime/Arguments.cpp:
884         (JSC::Arguments::tearOffForCloning):
885         * runtime/Arguments.h:
886         (JSC::Arguments::finishCreation):
887         - Use the new tearOffForCloning() to tear off arguments right out of the values
888           passed on the stack.  tearOff() is not appropriate for this purpose because
889           it takes slowArgumentsData into account.
890
891 2015-01-14  Matthew Mirman  <mmirman@apple.com>
892
893         Removed accidental commit of "invalid_array.js" 
894         http://trac.webkit.org/changeset/178439
895
896         * tests/stress/invalid_array.js: Removed.
897
898 2015-01-14  Matthew Mirman  <mmirman@apple.com>
899
900         Fixes operationPutByIdOptimizes such that they check that the put didn't
901         change the structure of the object who's property access is being
902         cached.  Also removes uses of the new base value from the cache generation code.
903         https://bugs.webkit.org/show_bug.cgi?id=139500
904
905         Reviewed by Filip Pizlo.
906
907         * jit/JITOperations.cpp:
908         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
909         (JSC::operationPutByIdNonStrictOptimize): ditto.
910         (JSC::operationPutByIdDirectStrictOptimize): ditto.
911         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
912         * jit/Repatch.cpp:
913         (JSC::generateByIdStub):
914         (JSC::tryCacheGetByID):
915         (JSC::tryBuildGetByIDList):
916         (JSC::emitPutReplaceStub):
917         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
918         (JSC::tryCachePutByID):
919         (JSC::repatchPutByID):
920         (JSC::tryBuildPutByIdList):
921         (JSC::tryRepatchIn):
922         (JSC::emitPutTransitionStub): Deleted.
923         * jit/Repatch.h:
924         * llint/LLIntSlowPaths.cpp:
925         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
926         * runtime/JSPropertyNameEnumerator.h:
927         (JSC::genericPropertyNameEnumerator):
928         * runtime/Operations.h:
929         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
930         (JSC::normalizePrototypeChain): restructured to not use the base value.
931         * tests/mozilla/mozilla-tests.yaml:
932         * tests/stress/proto-setter.js: Added.
933         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
934         Added test that fails without this patch.
935
936 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
937
938         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
939         https://bugs.webkit.org/show_bug.cgi?id=140404
940
941         Reviewed by Timothy Hatcher.
942
943         * inspector/protocol/Timeline.json:
944
945 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
946
947         DFG can call PutByValDirect for generic arrays
948         https://bugs.webkit.org/show_bug.cgi?id=140389
949
950         Reviewed by Geoffrey Garen.
951
952         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
953         However, current DFG asserts that put_by_val_direct is not used for the generic array,
954         the assertion failure is raised.
955         This patch allow DFG to use put_by_val_direct to generic arrays.
956
957         And fix the DFG put_by_val_direct implementation for string properties.
958         At first, put_by_val_direct is inteded to be used for spread elements.
959         So the property keys were limited to numbers (indexes).
960         But now, it's also used for computed properties in object initializers.
961
962         * dfg/DFGOperations.cpp:
963         (JSC::DFG::operationPutByValInternal):
964         * dfg/DFGSpeculativeJIT64.cpp:
965         (JSC::DFG::SpeculativeJIT::compile):
966
967 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
968
969         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
970         https://bugs.webkit.org/show_bug.cgi?id=140397
971
972         Reviewed by Geoffrey Garen.
973
974         Patch by Alexey Proskuryakov.
975
976         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
977
978         No performance change.
979
980         No test, since this is a small past-the-end read, which is very
981         difficult to turn into a reproducible failing test -- and existing tests
982         crash reliably using ASan.
983
984         * bytecompiler/NodesCodegen.cpp:
985         (JSC::BracketAccessorNode::emitBytecode):
986         (JSC::DotAccessorNode::emitBytecode):
987         (JSC::FunctionCallBracketNode::emitBytecode):
988         (JSC::PostfixNode::emitResolve):
989         (JSC::DeleteBracketNode::emitBytecode):
990         (JSC::DeleteDotNode::emitBytecode):
991         (JSC::PrefixNode::emitResolve):
992         (JSC::UnaryOpNode::emitBytecode):
993         (JSC::BitwiseNotNode::emitBytecode):
994         (JSC::BinaryOpNode::emitBytecode):
995         (JSC::EqualNode::emitBytecode):
996         (JSC::StrictEqualNode::emitBytecode):
997         (JSC::ThrowableBinaryOpNode::emitBytecode):
998         (JSC::AssignDotNode::emitBytecode):
999         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1000         register used across a call to a function that might allocate a new
1001         temporary register must be held in a RefPtr.
1002
1003 2015-01-12  Michael Saboff  <msaboff@apple.com>
1004
1005         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1006         https://bugs.webkit.org/show_bug.cgi?id=140348
1007
1008         Reviewed by Mark Lam.
1009
1010         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1011         because those registers may have been spilled on the stack and replaced with other values by
1012         the time we call down to gatherFromCurrentThread().
1013
1014         Now we get the register contents at the same place that we demarcate the current top of
1015         stack using the address of a local variable, in Heap::markRoots().  The register contents
1016         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1017         in the call tree and no lower, as markRoots() calls various functions that visit object
1018         pointers that may be latter proven dead.  Any of those pointers that are left on the
1019         stack or in registers could be incorrectly marked as live if we scan the stack contents
1020         from a called function or one of its callees.  The stack demarcation pointer and register
1021         saving need to be done in the same function so that we have a consistent stack, active
1022         and spilled registers.
1023
1024         Because we don't want to make unnecessary calls to get the register contents, we use
1025         a macro to allocated, and possibly align, the register structure and get the actual
1026         register contents.
1027
1028
1029         * heap/Heap.cpp:
1030         (JSC::Heap::markRoots):
1031         (JSC::Heap::gatherStackRoots):
1032         * heap/Heap.h:
1033         * heap/MachineStackMarker.cpp:
1034         (JSC::MachineThreads::gatherFromCurrentThread):
1035         (JSC::MachineThreads::gatherConservativeRoots):
1036         * heap/MachineStackMarker.h:
1037
1038 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1039
1040         Add basic pattern matching support to the url filters
1041         https://bugs.webkit.org/show_bug.cgi?id=140283
1042
1043         Reviewed by Andreas Kling.
1044
1045         * JavaScriptCore.xcodeproj/project.pbxproj:
1046         Make YarrParser.h private in order to use it from WebCore.
1047
1048 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1049
1050         Out of bounds read in IdentifierArena::makeIdentifier
1051         https://bugs.webkit.org/show_bug.cgi?id=140376
1052
1053         Patch by Alexey Proskuryakov.
1054
1055         Reviewed and ChangeLogged by Geoffrey Garen.
1056
1057         No test, since this is a small past-the-end read, which is very
1058         difficult to turn into a reproducible failing test -- and existing tests
1059         crash reliably using ASan.
1060
1061         * parser/ParserArena.h:
1062         (JSC::IdentifierArena::makeIdentifier):
1063         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1064         zero-length string input, like we do in the literal parser, since it is
1065         not valid to dereference characters in a zero-length string.
1066
1067         A zero-length string is allowed in JavaScript -- for example, "".
1068
1069 2015-01-11  Sam Weinig  <sam@webkit.org>
1070
1071         Remove support for SharedWorkers
1072         https://bugs.webkit.org/show_bug.cgi?id=140344
1073
1074         Reviewed by Anders Carlsson.
1075
1076         * Configurations/FeatureDefines.xcconfig:
1077
1078 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1079
1080         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1081         https://bugs.webkit.org/show_bug.cgi?id=136769
1082
1083         Reviewed by Antti Koivisto.
1084
1085         * Configurations/FeatureDefines.xcconfig:
1086
1087 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1088
1089         Unreviewed, rolling out r178266.
1090         https://bugs.webkit.org/show_bug.cgi?id=140363
1091
1092         Broke a JSC test (Requested by ap on #webkit).
1093
1094         Reverted changeset:
1095
1096         "Local JSArray* "keys" in objectConstructorKeys() is not
1097         marked during garbage collection"
1098         https://bugs.webkit.org/show_bug.cgi?id=140348
1099         http://trac.webkit.org/changeset/178266
1100
1101 2015-01-12  Michael Saboff  <msaboff@apple.com>
1102
1103         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1104         https://bugs.webkit.org/show_bug.cgi?id=140348
1105
1106         Reviewed by Mark Lam.
1107
1108         Move the address of the local variable that is used to demarcate the top of the stack for 
1109         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1110         the register values using setjmp().  That way we don't lose any callee save register
1111         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1112         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1113         erroneously.
1114
1115         * heap/Heap.cpp:
1116         (JSC::Heap::markRoots):
1117         (JSC::Heap::gatherStackRoots):
1118         * heap/Heap.h:
1119         * heap/MachineStackMarker.cpp:
1120         (JSC::MachineThreads::gatherFromCurrentThread):
1121         (JSC::MachineThreads::gatherConservativeRoots):
1122         * heap/MachineStackMarker.h:
1123
1124 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1125
1126         Fix typo in testate.c error messages
1127         https://bugs.webkit.org/show_bug.cgi?id=140305
1128
1129         Reviewed by Geoffrey Garen.
1130
1131         * API/tests/testapi.c:
1132         (main): "... script did not timed out ..." -> "... script did not time out ..."
1133
1134 2015-01-09  Michael Saboff  <msaboff@apple.com>
1135
1136         Breakpoint doesn't fire in this HTML5 game
1137         https://bugs.webkit.org/show_bug.cgi?id=140269
1138
1139         Reviewed by Mark Lam.
1140
1141         When parsing a single line cached function, use the lineStartOffset of the
1142         location where we found the cached function instead of the cached lineStartOffset.
1143         The cache location's lineStartOffset has not been adjusted for any possible
1144         containing functions.
1145
1146         This change is not needed for multi-line cached functions.  Consider the
1147         single line source:
1148
1149         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1150
1151         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1152         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1153         character is at outer()'s outermost open brace.  That is what we should use for
1154         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1155         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1156         to use the value of lineStartOffset before we started parsing inner1().  That is
1157         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1158
1159         For a multi-line function, the close brace is guaranteed to be on a different line
1160         than the open brace.  Hence, its lineStartOffset will not change with the change of
1161         the SourceCode start character
1162
1163         * parser/Parser.cpp:
1164         (JSC::Parser<LexerType>::parseFunctionInfo):
1165
1166 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1167
1168         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1169         https://bugs.webkit.org/show_bug.cgi?id=140279
1170         rdar://problem/19422299
1171
1172         Reviewed by Oliver Hunt.
1173
1174         * runtime/MapData.cpp:
1175         (JSC::MapData::replaceAndPackBackingStore):
1176         The cell table also needs to have its values fixed.
1177
1178 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1179
1180         Web Inspector: Remove or use TimelineAgent Resource related event types
1181         https://bugs.webkit.org/show_bug.cgi?id=140155
1182
1183         Reviewed by Timothy Hatcher.
1184
1185         Remove unused / stale Timeline event types.
1186
1187         * inspector/protocol/Timeline.json:
1188
1189 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1190
1191         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1192         https://bugs.webkit.org/show_bug.cgi?id=140098
1193
1194         Reviewed by Brian Burg.
1195
1196         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1197
1198 2015-01-08  Mark Lam  <mark.lam@apple.com>
1199
1200         Argument object created by "Function dot arguments" should use a clone of the argument values.
1201         <https://webkit.org/b/140093>
1202
1203         Reviewed by Geoffrey Garen.
1204
1205         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1206         test will crash.  The relevant code which manifests the issue is as follows:
1207
1208             function bar() {
1209                 return foo.arguments;
1210             }
1211
1212             function foo(p) {
1213                 var x = 42;
1214                 if (p)
1215                     return (function() { return x; });
1216                 else
1217                     return bar();
1218             }
1219
1220         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1221         has dead code eliminated the SetLocal that stores it into its designated local.
1222         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1223         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1224         but instead, finds it to be uninitialized.  This results in a null pointer access
1225         which causes a crash.
1226
1227         This can be resolved by having bar() instantiate a clone of the Arguments object
1228         instead, and populate its elements with values fetched directly from foo's frame.
1229         There's no need to reference foo's LexicalEnvironment (whether present or not).
1230
1231         * interpreter/StackVisitor.cpp:
1232         (JSC::StackVisitor::Frame::createArguments):
1233         * runtime/Arguments.h:
1234         (JSC::Arguments::finishCreation):
1235
1236 2015-01-08  Mark Lam  <mark.lam@apple.com>
1237
1238         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1239         <https://webkit.org/b/140236>
1240
1241         Reviewed by Geoffrey Garen.
1242
1243         Will change the DFG to use the operand on a subsequent pass.  For now,
1244         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1245         retain the old behavior of getting the lexicalEnviroment from the
1246         ExecState.
1247
1248         * bytecompiler/BytecodeGenerator.cpp:
1249         (JSC::BytecodeGenerator::BytecodeGenerator):
1250         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1251         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1252         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1253           instead of an empty JSValue as the lexicalEnvironment operand.
1254
1255         * dfg/DFGOperations.cpp:
1256         - Use the lexicalEnvironment from the ExecState for now.
1257
1258         * dfg/DFGSpeculativeJIT32_64.cpp:
1259         (JSC::DFG::SpeculativeJIT::compile):
1260         * dfg/DFGSpeculativeJIT64.cpp:
1261         (JSC::DFG::SpeculativeJIT::compile):
1262         - Use the operationCreateArgumentsForDFG() thunk for now.
1263
1264         * interpreter/CallFrame.cpp:
1265         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1266         * interpreter/CallFrame.h:
1267         - Added this convenience function to return either the
1268           lexicalEnvironment or a nullptr so that we don't need to do a
1269           conditional check on codeBlock->needsActivation() at multiple sites.
1270
1271         * interpreter/StackVisitor.cpp:
1272         (JSC::StackVisitor::Frame::createArguments):
1273         * jit/JIT.h:
1274         * jit/JITInlines.h:
1275         (JSC::JIT::callOperation):
1276         * jit/JITOpcodes.cpp:
1277         (JSC::JIT::emit_op_create_arguments):
1278         (JSC::JIT::emitSlow_op_get_argument_by_val):
1279         * jit/JITOpcodes32_64.cpp:
1280         (JSC::JIT::emit_op_create_arguments):
1281         (JSC::JIT::emitSlow_op_get_argument_by_val):
1282         * jit/JITOperations.cpp:
1283         * jit/JITOperations.h:
1284         * llint/LLIntSlowPaths.cpp:
1285         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1286         * runtime/Arguments.h:
1287         (JSC::Arguments::create):
1288         (JSC::Arguments::finishCreation):
1289         * runtime/CommonSlowPaths.cpp:
1290         (JSC::SLOW_PATH_DECL):
1291         * runtime/JSLexicalEnvironment.cpp:
1292         (JSC::JSLexicalEnvironment::argumentsGetter):
1293
1294 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1295
1296         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1297         https://bugs.webkit.org/show_bug.cgi?id=138991
1298
1299         Reviewed by Timothy Hatcher.
1300
1301         * debugger/Debugger.cpp:
1302         (JSC::Debugger::Debugger):
1303         (JSC::Debugger::pauseIfNeeded):
1304         (JSC::Debugger::didReachBreakpoint):
1305         When actually pausing, if we hit a breakpoint ensure the reason
1306         is PausedForBreakpoint, otherwise use the current reason.
1307
1308         * debugger/Debugger.h:
1309         Make pause reason and pausing breakpoint ID public.
1310
1311         * inspector/agents/InspectorDebuggerAgent.h:
1312         * inspector/agents/InspectorDebuggerAgent.cpp:
1313         (Inspector::buildAssertPauseReason):
1314         (Inspector::buildCSPViolationPauseReason):
1315         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1316         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1317         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1318         (Inspector::buildObjectForBreakpointCookie):
1319         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1320         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1321         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1322         (Inspector::InspectorDebuggerAgent::pause):
1323         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1324         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1325         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1326         Clean up creation of pause reason objects and other cleanup
1327         of PassRefPtr use and InjectedScript use.
1328
1329         (Inspector::InspectorDebuggerAgent::didPause):
1330         Clean up so that we first check for an Exception, and then fall
1331         back to including a Pause Reason derived from the Debugger.
1332
1333         * inspector/protocol/Debugger.json:
1334         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1335
1336 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1337
1338         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1339         https://bugs.webkit.org/show_bug.cgi?id=140209
1340
1341         Reviewed by Timothy Hatcher.
1342
1343         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1344         when the user can set an array of objects. Previously we were only type checking
1345         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1346
1347         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1348         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1349         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1350         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1351         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1352         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1353         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1354         * inspector/scripts/codegen/objc_generator.py:
1355         (ObjCGenerator.objc_class_for_array_type):
1356         (ObjCGenerator):
1357
1358 2015-01-07  Mark Lam  <mark.lam@apple.com>
1359
1360         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1361         <https://webkit.org/b/140233>
1362
1363         Reviewed by Filip Pizlo.
1364
1365         This patch only adds the operand to the bytecode.  It is not in use yet.
1366
1367         * bytecode/BytecodeList.json:
1368         * bytecode/BytecodeUseDef.h:
1369         (JSC::computeUsesForBytecodeOffset):
1370         * bytecode/CodeBlock.cpp:
1371         (JSC::CodeBlock::dumpBytecode):
1372         * bytecompiler/BytecodeGenerator.cpp:
1373         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1374         * llint/LowLevelInterpreter32_64.asm:
1375         * llint/LowLevelInterpreter64.asm:
1376
1377 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1378
1379         Investigate the character type of repeated string instead of checking is8Bit flag
1380         https://bugs.webkit.org/show_bug.cgi?id=140139
1381
1382         Reviewed by Darin Adler.
1383
1384         Instead of checking is8Bit flag of the repeated string, investigate
1385         the actual value of the repeated character since i8Bit flag give a false negative case.
1386
1387         * runtime/StringPrototype.cpp:
1388         (JSC::repeatCharacter):
1389         (JSC::stringProtoFuncRepeat):
1390         (JSC::repeatSmallString): Deleted.
1391
1392 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1393
1394         Web Inspector: ObjC Generate types from the GenericTypes domain
1395         https://bugs.webkit.org/show_bug.cgi?id=140229
1396
1397         Reviewed by Timothy Hatcher.
1398
1399         Generate types from the GenericTypes domain, as they are expected
1400         by other domains (like Page domain). Also, don't include the @protocol
1401         forward declaration for a domain if it doesn't have any commands.
1402
1403         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1404         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1405         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1406         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1407         * inspector/scripts/codegen/objc_generator.py:
1408         (ObjCGenerator):
1409         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1410         * inspector/scripts/tests/expected/enum-values.json-result:
1411         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1412         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1413         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1414         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1415         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1416         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1417         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1418         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1419         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1420
1421 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1422
1423         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1424         https://bugs.webkit.org/show_bug.cgi?id=140228
1425
1426         Reviewed by Timothy Hatcher.
1427
1428         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1429         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1430         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1431         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1432         * inspector/scripts/tests/expected/enum-values.json-result:
1433         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1434
1435 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1436
1437         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1438         https://bugs.webkit.org/show_bug.cgi?id=140165
1439
1440         Reviewed by Michael Saboff.
1441
1442         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1443         into the LLInt speeds up type profiling.
1444
1445         * llint/LLIntOffsetsExtractor.cpp:
1446         * llint/LowLevelInterpreter.asm:
1447         * llint/LowLevelInterpreter32_64.asm:
1448         * llint/LowLevelInterpreter64.asm:
1449         * runtime/CommonSlowPaths.cpp:
1450         (JSC::SLOW_PATH_DECL):
1451         * runtime/CommonSlowPaths.h:
1452         * runtime/TypeProfilerLog.h:
1453         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1454
1455 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1456
1457         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1458         https://bugs.webkit.org/show_bug.cgi?id=140053
1459
1460         Reviewed by Andreas Kling.
1461
1462         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1463         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1464         references are always non-null. These two refactorings have been combined since
1465         they tend to require similar changes to the code.
1466
1467         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1468         have been updated to take a Ref instead of RefPtr.
1469
1470         Builders for typed protocol objects now return a Ref. Since there is no implicit
1471         call to operator&, callsites now must explicitly call .release() to convert a
1472         builder object into the corresponding protocol object once required fields are set.
1473         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1474
1475         Tests for inspector protocol and replay inputs have been rebaselined.
1476
1477         * bindings/ScriptValue.cpp:
1478         (Deprecated::jsToInspectorValue):
1479         (Deprecated::ScriptValue::toInspectorValue):
1480         * bindings/ScriptValue.h:
1481         * inspector/ConsoleMessage.cpp:
1482         (Inspector::ConsoleMessage::addToFrontend):
1483         * inspector/ContentSearchUtilities.cpp:
1484         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1485         (Inspector::ContentSearchUtilities::searchInTextByLines):
1486         * inspector/ContentSearchUtilities.h:
1487         * inspector/InjectedScript.cpp:
1488         (Inspector::InjectedScript::getFunctionDetails):
1489         (Inspector::InjectedScript::getProperties):
1490         (Inspector::InjectedScript::getInternalProperties):
1491         (Inspector::InjectedScript::wrapCallFrames):
1492         (Inspector::InjectedScript::wrapObject):
1493         (Inspector::InjectedScript::wrapTable):
1494         * inspector/InjectedScript.h:
1495         * inspector/InjectedScriptBase.cpp:
1496         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1497         * inspector/InspectorBackendDispatcher.cpp:
1498         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1499         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1500         (Inspector::InspectorBackendDispatcher::create):
1501         (Inspector::InspectorBackendDispatcher::dispatch):
1502         (Inspector::InspectorBackendDispatcher::sendResponse):
1503         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1504         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1505         (Inspector::InspectorBackendDispatcher::getInteger):
1506         (Inspector::InspectorBackendDispatcher::getDouble):
1507         (Inspector::InspectorBackendDispatcher::getString):
1508         (Inspector::InspectorBackendDispatcher::getBoolean):
1509         (Inspector::InspectorBackendDispatcher::getObject):
1510         (Inspector::InspectorBackendDispatcher::getArray):
1511         (Inspector::InspectorBackendDispatcher::getValue):
1512         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1513         protocol error strings.
1514         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1515         Convert the supplemental dispatcher's reference to Ref since it is never null.
1516         * inspector/InspectorEnvironment.h:
1517         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1518         StructItemTraits. Add more versions of addItem to handle pushing various types.
1519         (Inspector::Protocol::Array::openAccessors):
1520         (Inspector::Protocol::Array::addItem):
1521         (Inspector::Protocol::Array::create):
1522         (Inspector::Protocol::StructItemTraits::push):
1523         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1524         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1525         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1526         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1527         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1528         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1529         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1530         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1531         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1532         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1533         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1534         the same call signature as other getters. Use Ref where possible.
1535         (Inspector::InspectorObjectBase::getBoolean):
1536         (Inspector::InspectorObjectBase::getString):
1537         (Inspector::InspectorObjectBase::getObject):
1538         (Inspector::InspectorObjectBase::getArray):
1539         (Inspector::InspectorObjectBase::getValue):
1540         (Inspector::InspectorObjectBase::writeJSON):
1541         (Inspector::InspectorArrayBase::get):
1542         (Inspector::InspectorObject::create):
1543         (Inspector::InspectorArray::create):
1544         (Inspector::InspectorValue::null):
1545         (Inspector::InspectorString::create):
1546         (Inspector::InspectorBasicValue::create):
1547         (Inspector::InspectorObjectBase::get): Deleted.
1548         * inspector/InspectorValues.h:
1549         (Inspector::InspectorObjectBase::setValue):
1550         (Inspector::InspectorObjectBase::setObject):
1551         (Inspector::InspectorObjectBase::setArray):
1552         (Inspector::InspectorArrayBase::pushValue):
1553         (Inspector::InspectorArrayBase::pushObject):
1554         (Inspector::InspectorArrayBase::pushArray):
1555         * inspector/JSGlobalObjectConsoleClient.cpp:
1556         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1557         (Inspector::JSGlobalObjectConsoleClient::count):
1558         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1559         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1560         * inspector/JSGlobalObjectConsoleClient.h:
1561         * inspector/JSGlobalObjectInspectorController.cpp:
1562         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1563         * inspector/JSGlobalObjectInspectorController.h:
1564         * inspector/ScriptCallFrame.cpp:
1565         (Inspector::ScriptCallFrame::buildInspectorObject):
1566         * inspector/ScriptCallFrame.h:
1567         * inspector/ScriptCallStack.cpp:
1568         (Inspector::ScriptCallStack::create):
1569         (Inspector::ScriptCallStack::buildInspectorArray):
1570         * inspector/ScriptCallStack.h:
1571         * inspector/agents/InspectorAgent.cpp:
1572         (Inspector::InspectorAgent::enable):
1573         (Inspector::InspectorAgent::inspect):
1574         (Inspector::InspectorAgent::activateExtraDomain):
1575         * inspector/agents/InspectorAgent.h:
1576         * inspector/agents/InspectorDebuggerAgent.cpp:
1577         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1578         (Inspector::buildObjectForBreakpointCookie):
1579         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1580         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1581         (Inspector::InspectorDebuggerAgent::continueToLocation):
1582         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1583         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1584         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1585         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1586         (Inspector::InspectorDebuggerAgent::didParseSource):
1587         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1588         (Inspector::InspectorDebuggerAgent::breakProgram):
1589         * inspector/agents/InspectorDebuggerAgent.h:
1590         * inspector/agents/InspectorRuntimeAgent.cpp:
1591         (Inspector::buildErrorRangeObject):
1592         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1593         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1594         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1595         * inspector/agents/InspectorRuntimeAgent.h:
1596         * inspector/scripts/codegen/cpp_generator.py:
1597         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1598         (CppGenerator.cpp_type_for_type_with_name):
1599         (CppGenerator.cpp_type_for_formal_async_parameter):
1600         (CppGenerator.should_use_references_for_type):
1601         (CppGenerator):
1602         * inspector/scripts/codegen/cpp_generator_templates.py:
1603         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1604         (CppBackendDispatcherHeaderGenerator.generate_output):
1605         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1606         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1607         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1608         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1609         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1610         (CppFrontendDispatcherHeaderGenerator.generate_output):
1611         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1612         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1613         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1614         (CppProtocolTypesHeaderGenerator.generate_output):
1615         (_generate_class_for_object_declaration):
1616         (_generate_unchecked_setter_for_member):
1617         (_generate_forward_declarations_for_binding_traits):
1618         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1619         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1620         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1621         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1622         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1623         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1624         (ObjCProtocolTypesImplementationGenerator.generate_output):
1625         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1626         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1627         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1628         * inspector/scripts/tests/expected/enum-values.json-result:
1629         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1630         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1631         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1632         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1633         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1634         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1635         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1636         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1637         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1638         * replay/EncodedValue.cpp:
1639         (JSC::EncodedValue::asObject):
1640         (JSC::EncodedValue::asArray):
1641         (JSC::EncodedValue::put<EncodedValue>):
1642         (JSC::EncodedValue::append<EncodedValue>):
1643         (JSC::EncodedValue::get<EncodedValue>):
1644         * replay/EncodedValue.h:
1645         * replay/scripts/CodeGeneratorReplayInputs.py:
1646         (Type.borrow_type):
1647         (Type.argument_type):
1648         (Generator.generate_member_move_expression):
1649         * runtime/ConsoleClient.cpp:
1650         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1651         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1652         (JSC::ConsoleClient::logWithLevel):
1653         (JSC::ConsoleClient::clear):
1654         (JSC::ConsoleClient::dir):
1655         (JSC::ConsoleClient::dirXML):
1656         (JSC::ConsoleClient::table):
1657         (JSC::ConsoleClient::trace):
1658         (JSC::ConsoleClient::assertCondition):
1659         (JSC::ConsoleClient::group):
1660         (JSC::ConsoleClient::groupCollapsed):
1661         (JSC::ConsoleClient::groupEnd):
1662         * runtime/ConsoleClient.h:
1663         * runtime/TypeSet.cpp:
1664         (JSC::TypeSet::allStructureRepresentations):
1665         (JSC::TypeSet::inspectorTypeSet):
1666         (JSC::StructureShape::inspectorRepresentation):
1667         * runtime/TypeSet.h:
1668
1669 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1670
1671         Unreviewed, rolling out r178039.
1672         https://bugs.webkit.org/show_bug.cgi?id=140187
1673
1674         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1675         #webkit).
1676
1677         Reverted changeset:
1678
1679         "Web Inspector: purge PassRefPtr from Inspector code and use
1680         Ref for typed and untyped protocol objects"
1681         https://bugs.webkit.org/show_bug.cgi?id=140053
1682         http://trac.webkit.org/changeset/178039
1683
1684 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1685
1686         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1687         https://bugs.webkit.org/show_bug.cgi?id=140053
1688
1689         Reviewed by Andreas Kling.
1690
1691         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1692         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1693         references are always non-null. These two refactorings have been combined since
1694         they tend to require similar changes to the code.
1695
1696         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1697         have been updated to take a Ref instead of RefPtr.
1698
1699         Builders for typed protocol objects now return a Ref. Since there is no implicit
1700         call to operator&, callsites now must explicitly call .release() to convert a
1701         builder object into the corresponding protocol object once required fields are set.
1702         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1703
1704         Tests for inspector protocol and replay inputs have been rebaselined.
1705
1706         * bindings/ScriptValue.cpp:
1707         (Deprecated::jsToInspectorValue):
1708         (Deprecated::ScriptValue::toInspectorValue):
1709         * bindings/ScriptValue.h:
1710         * inspector/ConsoleMessage.cpp:
1711         (Inspector::ConsoleMessage::addToFrontend):
1712         * inspector/ContentSearchUtilities.cpp:
1713         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1714         (Inspector::ContentSearchUtilities::searchInTextByLines):
1715         * inspector/ContentSearchUtilities.h:
1716         * inspector/InjectedScript.cpp:
1717         (Inspector::InjectedScript::getFunctionDetails):
1718         (Inspector::InjectedScript::getProperties):
1719         (Inspector::InjectedScript::getInternalProperties):
1720         (Inspector::InjectedScript::wrapCallFrames):
1721         (Inspector::InjectedScript::wrapObject):
1722         (Inspector::InjectedScript::wrapTable):
1723         * inspector/InjectedScript.h:
1724         * inspector/InjectedScriptBase.cpp:
1725         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1726         * inspector/InspectorBackendDispatcher.cpp:
1727         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1728         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1729         (Inspector::InspectorBackendDispatcher::create):
1730         (Inspector::InspectorBackendDispatcher::dispatch):
1731         (Inspector::InspectorBackendDispatcher::sendResponse):
1732         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1733         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1734         (Inspector::InspectorBackendDispatcher::getInteger):
1735         (Inspector::InspectorBackendDispatcher::getDouble):
1736         (Inspector::InspectorBackendDispatcher::getString):
1737         (Inspector::InspectorBackendDispatcher::getBoolean):
1738         (Inspector::InspectorBackendDispatcher::getObject):
1739         (Inspector::InspectorBackendDispatcher::getArray):
1740         (Inspector::InspectorBackendDispatcher::getValue):
1741         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1742         protocol error strings.
1743         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1744         Convert the supplemental dispatcher's reference to Ref since it is never null.
1745         * inspector/InspectorEnvironment.h:
1746         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1747         StructItemTraits. Add more versions of addItem to handle pushing various types.
1748         (Inspector::Protocol::Array::openAccessors):
1749         (Inspector::Protocol::Array::addItem):
1750         (Inspector::Protocol::Array::create):
1751         (Inspector::Protocol::StructItemTraits::push):
1752         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1753         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1754         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1755         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1756         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1757         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1758         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1759         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1760         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1761         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1762         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1763         the same call signature as other getters. Use Ref where possible.
1764         (Inspector::InspectorObjectBase::getBoolean):
1765         (Inspector::InspectorObjectBase::getString):
1766         (Inspector::InspectorObjectBase::getObject):
1767         (Inspector::InspectorObjectBase::getArray):
1768         (Inspector::InspectorObjectBase::getValue):
1769         (Inspector::InspectorObjectBase::writeJSON):
1770         (Inspector::InspectorArrayBase::get):
1771         (Inspector::InspectorObject::create):
1772         (Inspector::InspectorArray::create):
1773         (Inspector::InspectorValue::null):
1774         (Inspector::InspectorString::create):
1775         (Inspector::InspectorBasicValue::create):
1776         (Inspector::InspectorObjectBase::get): Deleted.
1777         * inspector/InspectorValues.h:
1778         (Inspector::InspectorObjectBase::setValue):
1779         (Inspector::InspectorObjectBase::setObject):
1780         (Inspector::InspectorObjectBase::setArray):
1781         (Inspector::InspectorArrayBase::pushValue):
1782         (Inspector::InspectorArrayBase::pushObject):
1783         (Inspector::InspectorArrayBase::pushArray):
1784         * inspector/JSGlobalObjectConsoleClient.cpp:
1785         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1786         (Inspector::JSGlobalObjectConsoleClient::count):
1787         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1788         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1789         * inspector/JSGlobalObjectConsoleClient.h:
1790         * inspector/JSGlobalObjectInspectorController.cpp:
1791         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1792         * inspector/JSGlobalObjectInspectorController.h:
1793         * inspector/ScriptCallFrame.cpp:
1794         (Inspector::ScriptCallFrame::buildInspectorObject):
1795         * inspector/ScriptCallFrame.h:
1796         * inspector/ScriptCallStack.cpp:
1797         (Inspector::ScriptCallStack::create):
1798         (Inspector::ScriptCallStack::buildInspectorArray):
1799         * inspector/ScriptCallStack.h:
1800         * inspector/agents/InspectorAgent.cpp:
1801         (Inspector::InspectorAgent::enable):
1802         (Inspector::InspectorAgent::inspect):
1803         (Inspector::InspectorAgent::activateExtraDomain):
1804         * inspector/agents/InspectorAgent.h:
1805         * inspector/agents/InspectorDebuggerAgent.cpp:
1806         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1807         (Inspector::buildObjectForBreakpointCookie):
1808         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1809         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1810         (Inspector::InspectorDebuggerAgent::continueToLocation):
1811         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1812         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1813         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1814         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1815         (Inspector::InspectorDebuggerAgent::didParseSource):
1816         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1817         (Inspector::InspectorDebuggerAgent::breakProgram):
1818         * inspector/agents/InspectorDebuggerAgent.h:
1819         * inspector/agents/InspectorRuntimeAgent.cpp:
1820         (Inspector::buildErrorRangeObject):
1821         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1822         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1823         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1824         * inspector/agents/InspectorRuntimeAgent.h:
1825         * inspector/scripts/codegen/cpp_generator.py:
1826         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1827         (CppGenerator.cpp_type_for_type_with_name):
1828         (CppGenerator.cpp_type_for_formal_async_parameter):
1829         (CppGenerator.should_use_references_for_type):
1830         (CppGenerator):
1831         * inspector/scripts/codegen/cpp_generator_templates.py:
1832         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1833         (CppBackendDispatcherHeaderGenerator.generate_output):
1834         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1835         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1836         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1837         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1838         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1839         (CppFrontendDispatcherHeaderGenerator.generate_output):
1840         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1841         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1842         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1843         (CppProtocolTypesHeaderGenerator.generate_output):
1844         (_generate_class_for_object_declaration):
1845         (_generate_unchecked_setter_for_member):
1846         (_generate_forward_declarations_for_binding_traits):
1847         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1848         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1849         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1850         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1851         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1852         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1853         (ObjCProtocolTypesImplementationGenerator.generate_output):
1854         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1855         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1856         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1857         * inspector/scripts/tests/expected/enum-values.json-result:
1858         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1859         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1860         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1861         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1862         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1863         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1864         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1865         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1866         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1867         * replay/EncodedValue.cpp:
1868         (JSC::EncodedValue::asObject):
1869         (JSC::EncodedValue::asArray):
1870         (JSC::EncodedValue::put<EncodedValue>):
1871         (JSC::EncodedValue::append<EncodedValue>):
1872         (JSC::EncodedValue::get<EncodedValue>):
1873         * replay/EncodedValue.h:
1874         * replay/scripts/CodeGeneratorReplayInputs.py:
1875         (Type.borrow_type):
1876         (Type.argument_type):
1877         (Generator.generate_member_move_expression):
1878         * runtime/ConsoleClient.cpp:
1879         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1880         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1881         (JSC::ConsoleClient::logWithLevel):
1882         (JSC::ConsoleClient::clear):
1883         (JSC::ConsoleClient::dir):
1884         (JSC::ConsoleClient::dirXML):
1885         (JSC::ConsoleClient::table):
1886         (JSC::ConsoleClient::trace):
1887         (JSC::ConsoleClient::assertCondition):
1888         (JSC::ConsoleClient::group):
1889         (JSC::ConsoleClient::groupCollapsed):
1890         (JSC::ConsoleClient::groupEnd):
1891         * runtime/ConsoleClient.h:
1892         * runtime/TypeSet.cpp:
1893         (JSC::TypeSet::allStructureRepresentations):
1894         (JSC::TypeSet::inspectorTypeSet):
1895         (JSC::StructureShape::inspectorRepresentation):
1896         * runtime/TypeSet.h:
1897
1898 2015-01-06  Chris Dumez  <cdumez@apple.com>
1899
1900         Drop ResourceResponseBase::connectionID and connectionReused members
1901         https://bugs.webkit.org/show_bug.cgi?id=140158
1902
1903         Reviewed by Sam Weinig.
1904
1905         Drop ResourceResponseBase::connectionID and connectionReused members.
1906         Those were needed by the Chromium port but are no longer used.
1907
1908         * inspector/protocol/Network.json:
1909
1910 2015-01-06  Mark Lam  <mark.lam@apple.com>
1911
1912         Add the lexicalEnvironment as an operand to op_create_arguments.
1913         <https://webkit.org/b/140148>
1914
1915         Reviewed by Geoffrey Garen.
1916
1917         This patch only adds the operand to the bytecode.  It is not in use yet.
1918
1919         * bytecode/BytecodeList.json:
1920         * bytecode/BytecodeUseDef.h:
1921         (JSC::computeUsesForBytecodeOffset):
1922         * bytecode/CodeBlock.cpp:
1923         (JSC::CodeBlock::dumpBytecode):
1924         * bytecompiler/BytecodeGenerator.cpp:
1925         (JSC::BytecodeGenerator::BytecodeGenerator):
1926         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1927         - Adds the lexicalEnvironment register (if present) as an operand to
1928           op_create_arguments.  Else, adds a constant empty JSValue.
1929         * llint/LowLevelInterpreter32_64.asm:
1930         * llint/LowLevelInterpreter64.asm:
1931
1932 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
1933
1934         ADDRESS_SANITIZER macro is overloaded
1935         https://bugs.webkit.org/show_bug.cgi?id=140130
1936
1937         Reviewed by Anders Carlsson.
1938
1939         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
1940         This code is nearly unused (only compiled in when JIT is disabled at build time),
1941         however I've been told that it's best to keep it.
1942
1943 2015-01-06  Mark Lam  <mark.lam@apple.com>
1944
1945         Fix Use details for op_create_arguments.
1946         <https://webkit.org/b/140110>
1947
1948         Rubber stamped by Filip Pizlo.
1949
1950         The previous patch was wrong about op_create_arguments not using its 1st operand.
1951         It does read from it (hence, used) to check if the Arguments object has already
1952         been created or not.  This patch reverts the change for op_create_arguments.
1953
1954         * bytecode/BytecodeUseDef.h:
1955         (JSC::computeUsesForBytecodeOffset):
1956
1957 2015-01-06  Mark Lam  <mark.lam@apple.com>
1958
1959         Fix Use details for op_create_lexical_environment and op_create_arguments.
1960         <https://webkit.org/b/140110>
1961
1962         Reviewed by Filip Pizlo.
1963
1964         The current "Use" details for op_create_lexical_environment and
1965         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
1966         1st operand (the output local).  op_create_lexical_environment uses its 2nd
1967         operand (the scope chain) instead of the 1st (the output local).
1968         This patch fixes them to specify the proper uses.
1969
1970         * bytecode/BytecodeUseDef.h:
1971         (JSC::computeUsesForBytecodeOffset):
1972
1973 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1974
1975         Implement ES6 String.prototype.repeat(count)
1976         https://bugs.webkit.org/show_bug.cgi?id=140047
1977
1978         Reviewed by Darin Adler.
1979
1980         Introducing ES6 String.prototype.repeat(count) function.
1981
1982         * runtime/JSString.h:
1983         * runtime/StringPrototype.cpp:
1984         (JSC::StringPrototype::finishCreation):
1985         (JSC::repeatSmallString):
1986         (JSC::stringProtoFuncRepeat):
1987
1988 2015-01-03  Michael Saboff  <msaboff@apple.com>
1989
1990         Crash in operationNewFunction when scrolling on Google+
1991         https://bugs.webkit.org/show_bug.cgi?id=140033
1992
1993         Reviewed by Oliver Hunt.
1994
1995         In DFG code, the scope register can be eliminated because all uses have been
1996         dead code eliminated.  In the case where one of the uses was creating a function
1997         that is never used, the baseline code will still create the function.  If we OSR
1998         exit to a path where that function gets created, check the scope register value
1999         and set the new, but dead, function to undefined instead of creating a new function.
2000
2001         * jit/JITOpcodes.cpp:
2002         (JSC::JIT::emit_op_new_func_exp):
2003
2004 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2005
2006         String includes methods perform toString on searchString before toInt32 on a offset
2007         https://bugs.webkit.org/show_bug.cgi?id=140031
2008
2009         Reviewed by Darin Adler.
2010
2011         * runtime/StringPrototype.cpp:
2012         (JSC::stringProtoFuncStartsWith):
2013         (JSC::stringProtoFuncEndsWith):
2014         (JSC::stringProtoFuncIncludes):
2015
2016 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2017
2018         Change to return std::unique_ptr<> in fooCreate()
2019         https://bugs.webkit.org/show_bug.cgi?id=139983
2020
2021         Reviewed by Darin Adler.
2022
2023         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2024
2025         * create_regex_tables:
2026         * yarr/YarrPattern.h:
2027         (JSC::Yarr::YarrPattern::reset):
2028         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2029         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2030         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2031         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2032         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2033         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2034         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2035
2036 2015-01-01  Jeff Miller  <jeffm@apple.com>
2037
2038         Update user-visible copyright strings to include 2015
2039         https://bugs.webkit.org/show_bug.cgi?id=139880
2040
2041         Reviewed by Darin Adler.
2042
2043         * Info.plist:
2044
2045 2015-01-01  Darin Adler  <darin@apple.com>
2046
2047         We often misspell identifier as "identifer"
2048         https://bugs.webkit.org/show_bug.cgi?id=140025
2049
2050         Reviewed by Michael Saboff.
2051
2052         * runtime/ArrayConventions.h: Fix it.
2053
2054 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2055
2056         Move JavaScriptCore/yarr to std::unique_ptr
2057         https://bugs.webkit.org/show_bug.cgi?id=139621
2058
2059         Reviewed by Anders Carlsson.
2060
2061         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2062
2063         * yarr/YarrInterpreter.cpp:
2064         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2065         * yarr/YarrInterpreter.h:
2066         (JSC::Yarr::BytecodePattern::BytecodePattern):
2067         * yarr/YarrJIT.cpp:
2068         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2069         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2070         (JSC::Yarr::YarrGenerator::opCompileBody):
2071         * yarr/YarrPattern.cpp:
2072         (JSC::Yarr::CharacterClassConstructor::charClass):
2073         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2074         (JSC::Yarr::YarrPatternConstructor::reset):
2075         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2076         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2077         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2078         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2079         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2080         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2081         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2082         * yarr/YarrPattern.h:
2083         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2084         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2085         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2086         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2087         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2088         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2089         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2090         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2091
2092 2014-12-26  Dan Bernstein  <mitz@apple.com>
2093
2094         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2095         https://bugs.webkit.org/show_bug.cgi?id=139950
2096
2097         Reviewed by David Kilzer.
2098
2099         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2100         in a manner that works with Xcode 5.1.1.
2101
2102 2014-12-22  Mark Lam  <mark.lam@apple.com>
2103
2104         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2105         <https://webkit.org/b/139892>
2106
2107         Reviewed by Michael Saboff.
2108
2109         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2110         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2111         This patch changes it to use the helper function consistently.
2112
2113         * jit/JITOperations.cpp:
2114
2115 2014-12-22  Mark Lam  <mark.lam@apple.com>
2116
2117         Fix some typos in a comment.
2118         <https://webkit.org/b/139882>
2119
2120         Reviewed by Michael Saboff.
2121
2122         * jit/JITPropertyAccess.cpp:
2123         (JSC::JIT::emit_op_get_by_val):
2124
2125 2014-12-22  Mark Lam  <mark.lam@apple.com>
2126
2127         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2128         <https://webkit.org/b/138118>
2129
2130         Reviewed by Michael Saboff.
2131
2132         * runtime/JSObject.cpp:
2133         (JSC::JSObject::convertInt32ToArrayStorage):
2134         (JSC::JSObject::convertDoubleToArrayStorage):
2135         (JSC::JSObject::convertContiguousToArrayStorage):
2136
2137 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2138
2139         [iOS] add optimized fullscreen API
2140         https://bugs.webkit.org/show_bug.cgi?id=139833
2141         <rdar://problem/18844486>
2142
2143         Reviewed by Simon Fraser.
2144
2145         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2146
2147 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2148
2149         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2150         <http://webkit.org/b/139463>
2151
2152         Reviewed by Mark Rowe.
2153
2154         * Configurations/JavaScriptCore.xcconfig:
2155         - Simplify SECTORDER_FLAGS.
2156
2157 2014-12-19  Andreas Kling  <akling@apple.com>
2158
2159         Plug leak below LLVMCopyStringRepOfTargetData().
2160         <https://webkit.org/b/139832>
2161
2162         Reviewed by Michael Saboff.
2163
2164         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2165         to free() it after we're done using it.
2166
2167         * ftl/FTLCompile.cpp:
2168         (JSC::FTL::mmAllocateDataSection):
2169
2170 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2171
2172         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2173         https://bugs.webkit.org/show_bug.cgi?id=139797
2174
2175         Reviewed by Mark Lam.
2176
2177         * debugger/Debugger.h:
2178         * debugger/Debugger.cpp:
2179         (JSC::Debugger::isAttached):
2180         Check if we are the debugger for a particular global object.
2181         (JSC::Debugger::pauseIfNeeded):
2182         Pass the global object on when hitting a brekapoint.
2183
2184         * inspector/ScriptDebugServer.h:
2185         * inspector/ScriptDebugServer.cpp:
2186         (Inspector::ScriptDebugServer::handleBreakpointHit):
2187         Stop evaluting breakpoint actions if a previous action caused the
2188         debugger to detach from this global object.
2189         (Inspector::ScriptDebugServer::handlePause):
2190         Standardize on passing JSGlobalObject parameter first.
2191
2192 2014-12-19  Mark Lam  <mark.lam@apple.com>
2193
2194         [Win] Endless compiler warnings created by DFGEdge.h.
2195         <https://webkit.org/b/139801>
2196
2197         Reviewed by Brent Fulgham.
2198
2199         Add a cast to fix the type just the way the 64-bit version does.
2200
2201         * dfg/DFGEdge.h:
2202         (JSC::DFG::Edge::makeWord):
2203
2204 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2205
2206         Unreviewed, rolling out r177574.
2207         https://bugs.webkit.org/show_bug.cgi?id=139821
2208
2209         "Broke Production builds by installing
2210         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2211         by ddkilzer on #webkit).
2212
2213         Reverted changeset:
2214
2215         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2216         WebInspectorUI, WebKit, WebKit2"
2217         https://bugs.webkit.org/show_bug.cgi?id=139463
2218         http://trac.webkit.org/changeset/177574
2219
2220 2014-12-19  Michael Saboff  <msaboff@apple.com>
2221
2222         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2223         https://bugs.webkit.org/show_bug.cgi?id=139808
2224
2225         Reviewed by Oliver Hunt.
2226
2227         There are three changes here.
2228         1) Create a VariableWatchpointSet for captured arguments variables.
2229         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2230         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2231
2232         * bytecompiler/BytecodeGenerator.cpp:
2233         (JSC::BytecodeGenerator::BytecodeGenerator):
2234         * llint/LowLevelInterpreter32_64.asm:
2235         * llint/LowLevelInterpreter64.asm:
2236
2237 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2238
2239         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2240         <http://webkit.org/b/139463>
2241
2242         Reviewed by Mark Rowe.
2243
2244         * Configurations/JavaScriptCore.xcconfig:
2245         - Simplify SECTORDER_FLAGS.
2246
2247 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2248
2249         Unreviewed build fix.
2250
2251         * jsc.cpp: Remove typo.
2252
2253 2014-12-17  Michael Saboff  <msaboff@apple.com>
2254
2255         Tests with infinite recursion frequently crash
2256         https://bugs.webkit.org/show_bug.cgi?id=139548
2257
2258         Reviewed by Geoffrey Garen.
2259
2260         While unwinding, if the call frame doesn't have a codeblock, then we
2261         are in native code, handle appropriately.
2262
2263         * interpreter/Interpreter.cpp:
2264         (JSC::unwindCallFrame):
2265         (JSC::UnwindFunctor::operator()):
2266         Added checks for null CodeBlock.
2267
2268         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2269
2270 2014-12-17  Chris Dumez  <cdumez@apple.com>
2271
2272         [iOS] Make it possible to toggle FeatureCounter support at runtime
2273         https://bugs.webkit.org/show_bug.cgi?id=139688
2274         <rdar://problem/19266254>
2275
2276         Reviewed by Andreas Kling.
2277
2278         Stop linking against AppSupport framework as the functionality is no
2279         longer in WTF (it was moved to WebCore).
2280
2281         * Configurations/JavaScriptCore.xcconfig:
2282
2283 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2284
2285         [Win] Correct DebugSuffix builds under MSBuild
2286         https://bugs.webkit.org/show_bug.cgi?id=139733
2287         <rdar://problem/19276880>
2288
2289         Reviewed by Simon Fraser.
2290
2291         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2292         '_debug' suffix when building the DebugSuffix target.
2293
2294 2014-12-16  Enrica Casucci  <enrica@apple.com>
2295
2296         Fix iOS builders for 8.0
2297         https://bugs.webkit.org/show_bug.cgi?id=139495
2298
2299         Reviewed by Michael Saboff.
2300
2301         * Configurations/LLVMForJSC.xcconfig:
2302         * llvm/library/LLVMExports.cpp:
2303         (initializeAndGetJSCLLVMAPI):
2304
2305 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2306
2307         Unreviewed, rolling out r177380.
2308         https://bugs.webkit.org/show_bug.cgi?id=139707
2309
2310         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2311         msaboff_ on #webkit).
2312
2313         Reverted changeset:
2314
2315         "Fixes operationPutByIdOptimizes such that they check that the
2316         put didn't"
2317         https://bugs.webkit.org/show_bug.cgi?id=139500
2318         http://trac.webkit.org/changeset/177380
2319
2320 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2321
2322         Fixes operationPutByIdOptimizes such that they check that the put didn't
2323         change the structure of the object who's property access is being
2324         cached.
2325         https://bugs.webkit.org/show_bug.cgi?id=139500
2326
2327         Reviewed by Geoffrey Garen.
2328
2329         * jit/JITOperations.cpp:
2330         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2331         (JSC::operationPutByIdNonStrictOptimize): ditto.
2332         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2333         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2334         * jit/Repatch.cpp:
2335         (JSC::tryCachePutByID): Added argument for the old structure
2336         (JSC::repatchPutByID): Added argument for the old structure
2337         * jit/Repatch.h:
2338         * tests/stress/put-by-id-build-list-order-recurse.js: 
2339         Added test that fails without this patch.
2340
2341 2014-12-15  Chris Dumez  <cdumez@apple.com>
2342
2343         [iOS] Add feature counting support
2344         https://bugs.webkit.org/show_bug.cgi?id=139652
2345         <rdar://problem/19255690>
2346
2347         Reviewed by Gavin Barraclough.
2348
2349         Link against AppSupport framework on iOS as we need it to implement
2350         the new FeatureCounter API in WTF.
2351
2352         * Configurations/JavaScriptCore.xcconfig:
2353
2354 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2355
2356         Unreviewed, rolling out r177284.
2357         https://bugs.webkit.org/show_bug.cgi?id=139658
2358
2359         "Breaks API tests and LayoutTests on Yosemite Debug"
2360         (Requested by msaboff on #webkit).
2361
2362         Reverted changeset:
2363
2364         "Make sure range based iteration of Vector<> still receives
2365         bounds checking"
2366         https://bugs.webkit.org/show_bug.cgi?id=138821
2367         http://trac.webkit.org/changeset/177284
2368
2369 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2370
2371         [EFL] FTL JIT not working on ARM64
2372         https://bugs.webkit.org/show_bug.cgi?id=139295
2373
2374         Reviewed by Michael Saboff.
2375
2376         Added the missing code for stack unwinding and some additional small fixes
2377         to get FTL working correctly.
2378
2379         * ftl/FTLCompile.cpp:
2380         (JSC::FTL::mmAllocateDataSection):
2381         * ftl/FTLUnwindInfo.cpp:
2382         (JSC::FTL::UnwindInfo::parse):
2383
2384 2014-12-15  Oliver Hunt  <oliver@apple.com>
2385
2386         Make sure range based iteration of Vector<> still receives bounds checking
2387         https://bugs.webkit.org/show_bug.cgi?id=138821
2388
2389         Reviewed by Mark Lam.
2390
2391         Update code to deal with slightly changed iterator semantics.
2392
2393         * bytecode/UnlinkedCodeBlock.cpp:
2394         (JSC::UnlinkedCodeBlock::visitChildren):
2395         * bytecompiler/BytecodeGenerator.cpp:
2396         (JSC::BytecodeGenerator::emitComplexPopScopes):
2397         * dfg/DFGSpeculativeJIT.cpp:
2398         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2399         * ftl/FTLAbbreviations.h:
2400         (JSC::FTL::mdNode):
2401         (JSC::FTL::buildCall):
2402         * llint/LLIntData.cpp:
2403         (JSC::LLInt::Data::performAssertions):
2404         * parser/Parser.h:
2405         (JSC::Scope::Scope):
2406         * runtime/JSArray.cpp:
2407         (JSC::JSArray::setLengthWithArrayStorage):
2408         (JSC::JSArray::sortCompactedVector):
2409         * tools/ProfileTreeNode.h:
2410         (JSC::ProfileTreeNode::dumpInternal):
2411         * yarr/YarrJIT.cpp:
2412         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2413
2414 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2415
2416         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2417         https://bugs.webkit.org/show_bug.cgi?id=139630
2418
2419         Reviewed by Oliver Hunt.
2420         
2421         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2422         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2423         deferral worked so I wrote my discoveries down.
2424
2425         * dfg/DFGInsertionSet.h:
2426         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2427         * dfg/DFGPutLocalSinkingPhase.cpp:
2428         * tests/stress/put-local-conservative.js: Added.
2429         (foo):
2430         (.result):
2431         (bar):
2432
2433 2014-12-14  Andreas Kling  <akling@apple.com>
2434
2435         Replace PassRef with Ref/Ref&& across the board.
2436         <https://webkit.org/b/139587>
2437
2438         Reviewed by Darin Adler.
2439
2440         * runtime/Identifier.cpp:
2441         (JSC::Identifier::add):
2442         (JSC::Identifier::add8):
2443         * runtime/Identifier.h:
2444         (JSC::Identifier::add):
2445         * runtime/IdentifierInlines.h:
2446         (JSC::Identifier::add):
2447
2448 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2449
2450         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2451         https://bugs.webkit.org/show_bug.cgi?id=139598
2452         <rdar://problem/18779367>
2453
2454         Reviewed by Filip Pizlo.
2455
2456         * runtime/JSArray.cpp:
2457         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2458         * tests/stress/sparse_splice.js: Added.
2459
2460 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2461
2462         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2463         https://bugs.webkit.org/show_bug.cgi?id=139532
2464
2465         Reviewed by Mark Lam.
2466
2467         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2468
2469         * builtins/BuiltinExecutables.h:
2470         * bytecode/CodeBlock.h:
2471         * bytecode/UnlinkedCodeBlock.cpp:
2472         (JSC::generateFunctionCodeBlock):
2473         * ftl/FTLAbstractHeap.cpp:
2474         (JSC::FTL::IndexedAbstractHeap::atSlow):
2475         * ftl/FTLAbstractHeap.h:
2476         * ftl/FTLCompile.cpp:
2477         (JSC::FTL::mmAllocateDataSection):
2478         * ftl/FTLJITFinalizer.h:
2479         * jsc.cpp:
2480         (jscmain):
2481         * parser/Lexer.h:
2482         * runtime/PropertyMapHashTable.h:
2483         (JSC::PropertyTable::clearDeletedOffsets):
2484         (JSC::PropertyTable::addDeletedOffset):
2485         * runtime/PropertyTable.cpp:
2486         (JSC::PropertyTable::PropertyTable):
2487         * runtime/RegExpObject.cpp:
2488         * runtime/SmallStrings.cpp:
2489         * runtime/Structure.cpp:
2490         * runtime/StructureIDTable.cpp:
2491         (JSC::StructureIDTable::StructureIDTable):
2492         (JSC::StructureIDTable::resize):
2493         * runtime/StructureIDTable.h:
2494         * runtime/StructureTransitionTable.h:
2495         * runtime/VM.cpp:
2496         (JSC::VM::VM):
2497         (JSC::VM::~VM):
2498         * runtime/VM.h:
2499         * tools/CodeProfile.h:
2500         (JSC::CodeProfile::CodeProfile):
2501         (JSC::CodeProfile::addChild):
2502
2503 2014-12-11  Dan Bernstein  <mitz@apple.com>
2504
2505         iOS Simulator production build fix.
2506
2507         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2508         Simulator, as we did prior to 177027.
2509
2510 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2511
2512         Explicitly export somre more RWIProtocol classes.
2513         rdar://problem/19220408
2514
2515         Unreviewed build fix.
2516
2517         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2518         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2519         * inspector/scripts/codegen/generate_objc_header.py:
2520         (ObjCHeaderGenerator._generate_event_interfaces):
2521         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2522         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2523         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2524         * inspector/scripts/tests/expected/enum-values.json-result:
2525         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2526         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2527         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2528         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2529         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2530         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2531         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2532         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2533         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2534
2535 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2536
2537         Explicitly export some RWIProtocol classes
2538         rdar://problem/19220408
2539
2540         * inspector/scripts/codegen/generate_objc_header.py:
2541         (ObjCHeaderGenerator._generate_type_interface):
2542         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2543         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2544         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2545         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2546         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2547         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2548         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2549
2550 2014-12-11  Mark Lam  <mark.lam@apple.com>
2551
2552         Fix broken build after r177146.
2553         https://bugs.webkit.org/show_bug.cgi?id=139533 
2554
2555         Not reviewed.
2556
2557         * interpreter/CallFrame.h:
2558         (JSC::ExecState::init):
2559         - Restored CallFrame::init() minus the unused JSScope* arg.
2560         * runtime/JSGlobalObject.cpp:
2561         (JSC::JSGlobalObject::init):
2562         - Remove JSScope* arg when calling CallFrame::init().
2563
2564 2014-12-11  Michael Saboff  <msaboff@apple.com>
2565
2566         REGRESSION: Use of undefined CallFrame::ScopeChain value
2567         https://bugs.webkit.org/show_bug.cgi?id=139533
2568
2569         Reviewed by Mark Lam.
2570
2571         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2572         all usages of these funcitons.  In some cases the scope is passed in or determined
2573         another way.  In some cases the scope is used to calculate other values.  Lastly
2574         were places where these functions where used that are no longer needed.  For
2575         example when making a call, the caller's ScopeChain was copied to the callee's
2576         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2577         That slot will be removed in a future patch.
2578
2579         * dfg/DFGByteCodeParser.cpp:
2580         (JSC::DFG::ByteCodeParser::parseBlock):
2581         * dfg/DFGSpeculativeJIT32_64.cpp:
2582         (JSC::DFG::SpeculativeJIT::compile):
2583         * dfg/DFGSpeculativeJIT64.cpp:
2584         (JSC::DFG::SpeculativeJIT::compile):
2585         * dfg/DFGSpeculativeJIT.h:
2586         (JSC::DFG::SpeculativeJIT::callOperation):
2587         * jit/JIT.h:
2588         * jit/JITInlines.h:
2589         (JSC::JIT::callOperation):
2590         * runtime/JSLexicalEnvironment.h:
2591         (JSC::JSLexicalEnvironment::create):
2592         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2593         * jit/JITOpcodes.cpp:
2594         (JSC::JIT::emit_op_create_lexical_environment):
2595         * jit/JITOpcodes32_64.cpp:
2596         (JSC::JIT::emit_op_create_lexical_environment):
2597         * jit/JITOperations.cpp:
2598         * jit/JITOperations.h:
2599         * llint/LLIntSlowPaths.cpp:
2600         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2601         (JSC::LLInt::handleHostCall):
2602         (JSC::LLInt::setUpCall):
2603         (JSC::LLInt::llint_throw_stack_overflow_error):
2604         Pass the current scope value to the helper operationCreateActivation() and
2605         the call to JSLexicalEnvironment::create() instead of using the stack frame
2606         scope chain value.
2607
2608         * dfg/DFGFixupPhase.cpp:
2609         (JSC::DFG::FixupPhase::fixupNode):
2610         CreateActivation now has a second child, the scope.
2611
2612         * interpreter/CallFrame.h:
2613         (JSC::ExecState::init): Deleted.  This is dead code.
2614         (JSC::ExecState::scope): Deleted.
2615         (JSC::ExecState::setScope): Deleted.
2616
2617         * interpreter/Interpreter.cpp:
2618         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2619         chain slot.  
2620         
2621         (JSC::Interpreter::execute):
2622         (JSC::Interpreter::executeCall):
2623         (JSC::Interpreter::executeConstruct):
2624         Changed process to find JSScope values on the stack or by some other means.
2625
2626         * runtime/JSWithScope.h:
2627         (JSC::JSWithScope::JSWithScope): Deleted.
2628         Eliminated unused constructor.
2629
2630         * runtime/StrictEvalActivation.cpp:
2631         (JSC::StrictEvalActivation::StrictEvalActivation):
2632         * runtime/StrictEvalActivation.h:
2633         (JSC::StrictEvalActivation::create):
2634         Changed to pass in the current scope.
2635
2636 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2637
2638         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2639         https://bugs.webkit.org/show_bug.cgi?id=139351
2640
2641         Reviewed by Filip Pizlo.
2642
2643         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2644
2645         * bytecode/SamplingTool.h:
2646         (JSC::SamplingTool::SamplingTool):
2647         * heap/CopiedBlock.h:
2648         (JSC::CopiedBlock::didSurviveGC):
2649         (JSC::CopiedBlock::pin):
2650         * heap/CopiedBlockInlines.h:
2651         (JSC::CopiedBlock::reportLiveBytes):
2652         * heap/GCActivityCallback.h:
2653         * heap/GCThread.cpp:
2654         * heap/Heap.h:
2655         * heap/HeapInlines.h:
2656         (JSC::Heap::markListSet):
2657         * jit/ExecutableAllocator.cpp:
2658         * jit/JIT.cpp:
2659         (JSC::JIT::privateCompile):
2660         * jit/JIT.h:
2661         * jit/JITThunks.cpp:
2662         (JSC::JITThunks::JITThunks):
2663         (JSC::JITThunks::clearHostFunctionStubs):
2664         * jit/JITThunks.h:
2665         * parser/Parser.cpp:
2666         (JSC::Parser<LexerType>::Parser):
2667         * parser/Parser.h:
2668         (JSC::Scope::Scope):
2669         (JSC::Scope::pushLabel):
2670         * parser/ParserArena.cpp:
2671         * parser/ParserArena.h:
2672         (JSC::ParserArena::identifierArena):
2673         * parser/SourceProviderCache.h:
2674         * runtime/CodeCache.h:
2675         * runtime/Executable.h:
2676         * runtime/JSArray.cpp:
2677         (JSC::JSArray::sortVector):
2678         * runtime/JSGlobalObject.h:
2679
2680 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2681
2682         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2683         https://bugs.webkit.org/show_bug.cgi?id=139501
2684
2685         Reviewed by Gavin Barraclough.
2686
2687         NSVersionOfLinkTimeLibrary only works if you link directly against
2688         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2689
2690         It's easy enough just to disable this check on Apple TV, since it has no
2691         backwards compatibility requirement.
2692
2693         * API/JSWrapperMap.mm:
2694         (supportsInitMethodConstructors):
2695
2696 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2697
2698         Fixes operationPutByIds such that they check that the put didn't
2699         change the structure of the object who's property access is being
2700         cached.
2701         https://bugs.webkit.org/show_bug.cgi?id=139196
2702
2703         Reviewed by Filip Pizlo.
2704
2705         * jit/JITOperations.cpp:
2706         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2707         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2708         (JSC::operationPutByIdNonStrictBuildList): ditto.
2709         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2710         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2711         * jit/Repatch.cpp:
2712         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2713         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2714         is the same as the new.
2715         (JSC::buildPutByIdList): Added an argument
2716         * jit/Repatch.h: 
2717         (JSC::buildPutByIdList): Added an argument
2718         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2719
2720 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2721
2722         URTBF after r177030.
2723
2724         Fix linking failure occured on ARM buildbots:
2725         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2726
2727         * runtime/NullGetterFunction.cpp:
2728
2729 2014-12-09  Michael Saboff  <msaboff@apple.com>
2730
2731         DFG Tries using an inner object's getter/setter when one hasn't been defined
2732         https://bugs.webkit.org/show_bug.cgi?id=139229
2733
2734         Reviewed by Filip Pizlo.
2735
2736         Added a new NullGetterFunction singleton class to use for getters and setters that
2737         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2738         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2739         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2740         helper methods.  
2741
2742         * CMakeLists.txt:
2743         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2744         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2745         * JavaScriptCore.xcodeproj/project.pbxproj:
2746         Added NullGetterFunction.cpp & .h to build files.
2747
2748         * dfg/DFGAbstractInterpreterInlines.h:
2749         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2750         * runtime/ObjectPrototype.cpp:
2751         (JSC::objectProtoFuncLookupGetter):
2752         (JSC::objectProtoFuncLookupSetter):
2753         * runtime/PropertyDescriptor.cpp:
2754         (JSC::PropertyDescriptor::setDescriptor):
2755         (JSC::PropertyDescriptor::setAccessorDescriptor):
2756         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
2757         helpers.
2758
2759         * inspector/JSInjectedScriptHostPrototype.cpp:
2760         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
2761         * inspector/JSJavaScriptCallFramePrototype.cpp:
2762         * jit/JITOperations.cpp:
2763         * llint/LLIntSlowPaths.cpp:
2764         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2765         * runtime/JSObject.cpp:
2766         (JSC::JSObject::putIndexedDescriptor):
2767         (JSC::putDescriptor):
2768         (JSC::JSObject::defineOwnNonIndexProperty):
2769         * runtime/MapPrototype.cpp:
2770         (JSC::MapPrototype::finishCreation):
2771         * runtime/SetPrototype.cpp:
2772         (JSC::SetPrototype::finishCreation):
2773         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
2774         and withSetter() to provide a global object.
2775
2776         * runtime/GetterSetter.cpp:
2777         (JSC::GetterSetter::withGetter):
2778         (JSC::GetterSetter::withSetter):
2779         (JSC::callGetter):
2780         (JSC::callSetter):
2781         * runtime/GetterSetter.h:
2782         (JSC::GetterSetter::GetterSetter):
2783         (JSC::GetterSetter::create):
2784         (JSC::GetterSetter::isGetterNull):
2785         (JSC::GetterSetter::isSetterNull):
2786         (JSC::GetterSetter::setGetter):
2787         (JSC::GetterSetter::setSetter):
2788         Changed to use NullGetterFunction for unspecified getters / setters.
2789
2790         * runtime/JSGlobalObject.cpp:
2791         (JSC::JSGlobalObject::init):
2792         (JSC::JSGlobalObject::createThrowTypeError):
2793         (JSC::JSGlobalObject::visitChildren):
2794         * runtime/JSGlobalObject.h:
2795         (JSC::JSGlobalObject::nullGetterFunction):
2796         (JSC::JSGlobalObject::evalFunction):
2797         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
2798         setGetter() and setSetter() to provide a global object.
2799
2800         * runtime/NullGetterFunction.cpp: Added.
2801         (JSC::callReturnUndefined):
2802         (JSC::constructReturnUndefined):
2803         (JSC::NullGetterFunction::getCallData):
2804         (JSC::NullGetterFunction::getConstructData):
2805         * runtime/NullGetterFunction.h: Added.
2806         (JSC::NullGetterFunction::create):
2807         (JSC::NullGetterFunction::createStructure):
2808         (JSC::NullGetterFunction::NullGetterFunction):
2809         New singleton class that returns undefined when called.
2810
2811 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
2812
2813         Re-enable function.arguments
2814         https://bugs.webkit.org/show_bug.cgi?id=139452
2815         <rdar://problem/18848149>
2816
2817         Reviewed by Sam Weinig.
2818
2819         Disabling function.arguments broke a few websites, and we don't have
2820         time right now to work through the details.
2821
2822         I'm re-enabling function.arguments but leaving in the infrastructure
2823         to re-disable it, so we can try this experiment again in the future.
2824
2825         * runtime/Options.h:
2826
2827 2014-12-09  David Kilzer  <ddkilzer@apple.com>
2828
2829         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
2830         <http://webkit.org/b/139212>
2831
2832         Reviewed by Joseph Pecoraro.
2833
2834         * Configurations/Base.xcconfig:
2835         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
2836           on OS X.
2837         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
2838           OS X.
2839         - Set JAVASCRIPTCORE_CONTENTS_DIR and
2840           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
2841
2842         * Configurations/DebugRelease.xcconfig:
2843         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
2844
2845         * Configurations/JSC.xcconfig:
2846         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
2847
2848         * Configurations/JavaScriptCore.xcconfig:
2849         - Set OTHER_LDFLAGS separately for iOS and OS X.
2850         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
2851           Production builds.
2852         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
2853
2854         * Configurations/LLVMForJSC.xcconfig:
2855         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
2856         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
2857           separately for iOS hardware and OS X.
2858         - Fix curly braces in LIBRARY_SEARCH_PATHS.
2859         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
2860           done before this patch.)
2861
2862         * Configurations/ToolExecutable.xcconfig:
2863         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
2864         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
2865         - Add missing newline.
2866
2867         * Configurations/Version.xcconfig:
2868         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
2869
2870 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2871
2872         Fix EFL build fix since r177001
2873         https://bugs.webkit.org/show_bug.cgi?id=139428
2874
2875         Unreviewed, EFL build fix.
2876
2877         Do not inherit duplicated class. ExpressionNode is already
2878         child of ParserArenaFreeable class.
2879
2880         * parser/Nodes.h:
2881
2882 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
2883
2884         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
2885         https://bugs.webkit.org/show_bug.cgi?id=139384
2886
2887         Reviewed by Mark Lam.
2888
2889         Fix Build Warning by using dataLog() function instead of dataLogF() function.
2890
2891         * runtime/ControlFlowProfiler.cpp:
2892         (JSC::ControlFlowProfiler::dumpData):
2893
2894 2014-12-08  Saam Barati  <saambarati1@gmail.com>
2895
2896         Web Inspector: Enable runtime API for JSC's control flow profiler
2897         https://bugs.webkit.org/show_bug.cgi?id=139346
2898
2899         Reviewed by Joseph Pecoraro.
2900
2901         This patch creates an API that the Web Inspector can use
2902         to get information about which basic blocks have exectued
2903         from JSC's control flow profiler.
2904
2905         * inspector/agents/InspectorRuntimeAgent.cpp:
2906         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2907         * inspector/agents/InspectorRuntimeAgent.h:
2908         * inspector/protocol/Runtime.json:
2909
2910 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
2911
2912         Removed some allocation and cruft from the parser
2913         https://bugs.webkit.org/show_bug.cgi?id=139416
2914
2915         Reviewed by Mark Lam.
2916
2917         Now, the only AST nodes that require a destructor are the ones that
2918         relate to pickling a function's arguments -- which will required some
2919         deeper thinking to resolve.
2920
2921         This is a < 1% parser speedup.
2922
2923         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2924         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2925         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
2926         was unused.
2927
2928         * bytecompiler/NodesCodegen.cpp:
2929         (JSC::CommaNode::emitBytecode):
2930         (JSC::SourceElements::lastStatement):
2931         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
2932
2933         * parser/ASTBuilder.h:
2934         (JSC::ASTBuilder::ASTBuilder):
2935         (JSC::ASTBuilder::varDeclarations):
2936         (JSC::ASTBuilder::funcDeclarations):
2937         (JSC::ASTBuilder::createFuncDeclStatement):
2938         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
2939         it wasn't buying us anything. We can just use Vector directly.
2940
2941         (JSC::ASTBuilder::createCommaExpr):
2942         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
2943         of a vector, to avoid allocating a vector with inline capacity in the
2944         common case in which an expression is not followed by a vector.
2945
2946         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
2947         up a Vector*.
2948
2949         (JSC::ASTBuilder::appendToComma): Deleted.
2950         (JSC::ASTBuilder::combineCommaNodes): Deleted.
2951
2952         * parser/Lexer.cpp:
2953
2954         * parser/NodeConstructors.h:
2955         (JSC::StatementNode::StatementNode):
2956         (JSC::CommaNode::CommaNode):
2957         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
2958
2959         * parser/NodeInfo.h: Removed.
2960
2961         * parser/Nodes.cpp:
2962         (JSC::SourceElements::append):
2963         (JSC::SourceElements::singleStatement): Use a linked list instead of a
2964         vector to track the statements in a list. This removes some allocation
2965         and it means that we don't need a destructor anymore.
2966
2967         (JSC::ScopeNode::ScopeNode):
2968         (JSC::ProgramNode::ProgramNode):
2969         (JSC::EvalNode::EvalNode):
2970         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
2971         since these values are never null.
2972
2973         * parser/Nodes.h:
2974         (JSC::StatementNode::next):
2975         (JSC::StatementNode::setNext):
2976         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
2977
2978         * parser/Parser.cpp:
2979         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
2980
2981         (JSC::Parser<LexerType>::parseVarDeclarationList):
2982         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
2983         an explicit list of CommaNodes, removing a use of vector and a destructor.
2984
2985         * parser/Parser.h:
2986         (JSC::Parser<LexerType>::parse):
2987         * parser/SyntaxChecker.h:
2988         (JSC::SyntaxChecker::createCommaExpr):
2989         (JSC::SyntaxChecker::appendToCommaExpr):
2990         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
2991
2992 2014-12-08  Commit Queue  <commit-queue@webkit.org>
2993
2994         Unreviewed, rolling out r176979.
2995         https://bugs.webkit.org/show_bug.cgi?id=139424
2996
2997         "New JSC test in this patch is failing" (Requested by mlam on
2998         #webkit).
2999
3000         Reverted changeset:
3001
3002         "Fixes operationPutByIds such that they check that the put
3003         didn't"
3004         https://bugs.webkit.org/show_bug.cgi?id=139196
3005         http://trac.webkit.org/changeset/176979
3006
3007 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3008
3009         Fixes operationPutByIds such that they check that the put didn't
3010         change the structure of the object who's property access is being
3011         cached.
3012         https://bugs.webkit.org/show_bug.cgi?id=139196
3013
3014         Reviewed by Filip Pizlo.
3015
3016         * jit/JITOperations.cpp:
3017         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3018         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3019         (JSC::operationPutByIdNonStrictBuildList): ditto.
3020         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3021         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3022         * jit/Repatch.cpp:
3023         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3024         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3025         is the same as the new.
3026         (JSC::buildPutByIdList): Added an argument
3027         * jit/Repatch.h: 
3028         (JSC::buildPutByIdList): Added an argument
3029         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3030         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3031
3032  
3033 2014-12-08  Anders Carlsson  <andersca@apple.com>
3034
3035         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3036         https://bugs.webkit.org/show_bug.cgi?id=139410
3037
3038         Reviewed by Andreas Kling.
3039
3040         * API/JSContextRef.cpp:
3041         (JSContextGroupSetExecutionTimeLimit):
3042         (JSContextGroupClearExecutionTimeLimit):
3043         * runtime/Watchdog.cpp:
3044         (JSC::Watchdog::setTimeLimit):
3045         (JSC::Watchdog::didFire):
3046         (JSC::Watchdog::startCountdownIfNeeded):
3047         (JSC::Watchdog::startCountdown):
3048         * runtime/Watchdog.h:
3049         * runtime/WatchdogMac.cpp:
3050         (JSC::Watchdog::startTimer):
3051
3052 2014-12-08  Mark Lam  <mark.lam@apple.com>
3053
3054         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3055         <https://webkit.org/b/139327>
3056
3057         Reviewed by Michael Saboff.
3058
3059         The code generator and runtime slow paths expects otherwise.  This patch fixes
3060         CFA to match the code generator's expectation.
3061
3062         * dfg/DFGArrayMode.h:
3063         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3064         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3065
3066 2014-12-08  Chris Dumez  <cdumez@apple.com>
3067
3068         Revert r176293 & r176275
3069
3070         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3071         instead of size_t. There is some disagreement regarding the long-term direction
3072         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3073         while making a decision.
3074
3075         * bytecode/PreciseJumpTargets.cpp:
3076         * replay/EncodedValue.h:
3077
3078 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3079
3080         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3081         https://bugs.webkit.org/show_bug.cgi?id=139373
3082
3083         Reviewed by Sam Weinig.
3084
3085         * interpreter/Interpreter.cpp:
3086
3087 2014-12-06  Anders Carlsson  <andersca@apple.com>
3088
3089         Fix build with newer versions of clang.
3090         rdar://problem/18978716
3091
3092         * ftl/FTLJITCode.h:
3093         Add missing overrides.
3094
3095 2014-12-05  Roger Fong  <roger_fong@apple.com>
3096
3097         [Win] proj files copying over too many resources..
3098         https://bugs.webkit.org/show_bug.cgi?id=139315.
3099         <rdar://problem/19148278>
3100
3101         Reviewed by Brent Fulgham.
3102
3103         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3104
3105 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3106
3107         [JSC][FTL] Add the data layout to the module and fix the pass order.
3108         https://bugs.webkit.org/show_bug.cgi?id=138748
3109
3110         Reviewed by Oliver Hunt.
3111
3112         This adds the data layout to the module, so it can be used by all
3113         optimization passes in the LLVM optimizer pipeline. This also allows
3114         FastISel to select more instructions, because less non-legal types are
3115         generated.
3116         
3117         Also fix the order of the alias analysis passes in the optimization
3118         pipeline.
3119
3120         * ftl/FTLCompile.cpp:
3121         (JSC::FTL::mmAllocateDataSection):
3122
3123 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3124
3125         Removed an unused function.
3126
3127         Reviewed by Michael Saboff.
3128
3129         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3130
3131         * parser/ParserArena.h:
3132
3133 2014-12-05  David Kilzer  <ddkilzer@apple.com>
3134
3135         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
3136         <http://webkit.org/b/139286>
3137
3138         Reviewed by Daniel Bates.
3139
3140         * Configurations/FeatureDefines.xcconfig: Switch back to using
3141         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
3142
3143 2014-12-04  Mark Rowe  <mrowe@apple.com>
3144
3145         Build fix after r176836.
3146
3147         Reviewed by Mark Lam.
3148
3149         * runtime/VM.h:
3150         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
3151         Doing so results in a weak external symbol being generated.
3152
3153 2014-12-04  Saam Barati  <saambarati1@gmail.com>
3154
3155         JavaScript Control Flow Profiler
3156         https://bugs.webkit.org/show_bug.cgi?id=137785
3157
3158         Reviewed by Filip Pizlo.
3159
3160         This patch introduces a mechanism for JavaScriptCore to profile
3161         which basic blocks have executed. This mechanism will then be
3162         used by the Web Inspector to indicate which basic blocks
3163         have and have not executed.
3164         
3165         The profiling works by compiling in an op_profile_control_flow
3166         at the start of every basic block. Then, whenever this op code 
3167         executes, we know that a particular basic block has executed.
3168         
3169         When we tier up a CodeBlock that contains an op_profile_control_flow
3170         that corresponds to an already executed basic block, we don't
3171         have to emit code for that particular op_profile_control_flow
3172         because the internal data structures used to keep track of 
3173         basic block locations has already recorded that the corresponding
3174         op_profile_control_flow has executed.
3175
3176         * CMakeLists.txt:
3177         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3178         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3179         * JavaScriptCore.xcodeproj/project.pbxproj:
3180         * bytecode/BytecodeList.json:
3181         * bytecode/BytecodeUseDef.h:
3182         (JSC::computeUsesForBytecodeOffset):
3183         (JSC::computeDefsForBytecodeOffset):
3184         * bytecode/CodeBlock.cpp:
3185         (JSC::CodeBlock::dumpBytecode):
3186         (JSC::CodeBlock::CodeBlock):
3187         * bytecode/Instruction.h:
3188         * bytecode/UnlinkedCodeBlock.cpp:
3189         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3190         * bytecode/UnlinkedCodeBlock.h:
3191         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3192         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
3193         * bytecompiler/BytecodeGenerator.cpp:
3194         (JSC::BytecodeGenerator::emitProfileControlFlow):
3195         * bytecompiler/BytecodeGenerator.h:
3196         * bytecompiler/NodesCodegen.cpp:
3197         (JSC::ConditionalNode::emitBytecode):
3198         (JSC::IfElseNode::emitBytecode):
3199         (JSC::WhileNode::emitBytecode):
3200         (JSC::ForNode::emitBytecode):
3201         (JSC::ContinueNode::emitBytecode):
3202         (JSC::BreakNode::emitBytecode):
3203         (JSC::ReturnNode::emitBytecode):
3204         (JSC::CaseClauseNode::emitBytecode):
3205         (JSC::SwitchNode::emitBytecode):
3206         (JSC::ThrowNode::emitBytecode):
3207         (JSC::TryNode::emitBytecode):
3208         (JSC::ProgramNode::emitBytecode):
3209         (JSC::FunctionNode::emitBytecode):
3210         * dfg/DFGAbstractInterpreterInlines.h:
3211         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3212         * dfg/DFGByteCodeParser.cpp:
3213         (JSC::DFG::ByteCodeParser::parseBlock):
3214         * dfg/DFGCapabilities.cpp:
3215         (JSC::DFG::capabilityLevel):
3216         * dfg/DFGClobberize.h:
3217         (JSC::DFG::clobberize):
3218         * dfg/DFGDoesGC.cpp:
3219         (JSC::DFG::doesGC):
3220         * dfg/DFGFixupPhase.cpp:
3221         (JSC::DFG::FixupPhase::fixupNode):
3222         * dfg/DFGNode.h:
3223         (JSC::DFG::Node::basicBlockLocation):
3224         * dfg/DFGNodeType.h:
3225         * dfg/DFGPredictionPropagationPhase.cpp:
3226         (JSC::DFG::PredictionPropagationPhase::propagate):
3227         * dfg/DFGSafeToExecute.h:
3228         (JSC::DFG::safeToExecute):
3229         * dfg/DFGSpeculativeJIT32_64.cpp:
3230         (JSC::DFG::SpeculativeJIT::compile):
3231         * dfg/DFGSpeculativeJIT64.cpp:
3232         (JSC::DFG::SpeculativeJIT::compile):
3233         * inspector/agents/InspectorRuntimeAgent.cpp:
3234         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3235         * jit/JIT.cpp:
3236         (JSC::JIT::privateCompileMainPass):
3237         * jit/JIT.h:
3238         * jit/JITOpcodes.cpp:
3239         (JSC::JIT::emit_op_profile_control_flow):
3240         * jit/JITOpcodes32_64.cpp:
3241         (JSC::JIT::emit_op_profile_control_flow):
3242         * jsc.cpp:
3243         (GlobalObject::finishCreation):
3244         (functionFindTypeForExpression):
3245         (functionReturnTypeFor):
3246         (functionDumpBasicBlockExecutionRanges):
3247         * llint/LowLevelInterpreter.asm:
3248         * parser/ASTBuilder.h:
3249         (JSC::ASTBuilder::createFunctionExpr):
3250         (JSC::ASTBuilder::createGetterOrSetterProperty):
3251         (JSC::ASTBuilder::createFuncDeclStatement):
3252         (JSC::ASTBuilder::endOffset):
3253         (JSC::ASTBuilder::setStartOffset):
3254         * parser/NodeConstructors.h:
3255         (JSC::Node::Node):
3256         * parser/Nodes.h:
3257         (JSC::CaseClauseNode::setStartOffset):
3258         * parser/Parser.cpp:
3259         (JSC::Parser<LexerType>::parseSwitchClauses):
3260         (JSC::Parser<LexerType>::parseSwitchDefaultClause):
3261         (JSC::Parser<LexerType>::parseBlockStatement):
3262         (JSC::Parser<LexerType>::parseStatement):
3263         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3264         (JSC::Parser<LexerType>::parseIfStatement):
3265         (JSC::Parser<LexerType>::parseExpression):
3266         (JSC::Parser<LexerType>::parseConditionalExpression):
3267         (JSC::Parser<LexerType>::parseProperty):
3268         (JSC::Parser<LexerType>::parseMemberExpression):
3269         * parser/SyntaxChecker.h:
3270         (JSC::SyntaxChecker::createFunctionExpr):
3271         (JSC::SyntaxChecker::createFuncDeclStatement):
3272         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3273         (JSC::SyntaxChecker::operatorStackPop):
3274         * runtime/BasicBlockLocation.cpp: Added.
3275         (JSC::BasicBlockLocation::BasicBlockLocation):
3276         (JSC::BasicBlockLocation::insertGap):
3277         (JSC::BasicBlockLocation::getExecutedRanges):
3278         (JSC::BasicBlockLocation::dumpData):
3279         (JSC::BasicBlockLocation::emitExecuteCode):
3280         * runtime/BasicBlockLocation.h: Added.
3281         (JSC::BasicBlockLocation::startOffset):
3282         (JSC::BasicBlockLocation::endOffset):
3283         (JSC::BasicBlockLocation::setStartOffset):
3284         (JSC::BasicBlockLocation::setEndOffset):
3285         (JSC::BasicBlockLocation::hasExecuted):
3286         * runtime/CodeCache.cpp:
3287         (JSC::CodeCache::getGlobalCodeBlock):
3288         * runtime/ControlFlowProfiler.cpp: Added.
3289         (JSC::ControlFlowProfiler::~ControlFlowProfiler):
3290         (JSC::ControlFlowProfiler::getBasicBlockLocation):
3291         (JSC::ControlFlowProfiler::dumpData):
3292         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
3293         * runtime/ControlFlowProfiler.h: Added. This class is in 
3294         charge of generating BasicBlockLocations and also
3295         providing an interface that the Web Inspector can use to ping
3296         which basic blocks have executed based on the source id of a script.
3297
3298         (JSC::BasicBlockKey::BasicBlockKey):
3299         (JSC::BasicBlockKey::isHashTableDeletedValue):
3300         (JSC::BasicBlockKey::operator==):
3301         (JSC::BasicBlockKey::hash):
3302         (JSC::BasicBlockKeyHash::hash):
3303         (JSC::BasicBlockKeyHash::equal):
3304         * runtime/Executable.cpp:
3305         (JSC::ProgramExecutable::ProgramExecutable):
3306         (JSC::ProgramExecutable::initializeGlobalProperties):
3307         * runtime/FunctionHasExecutedCache.cpp:
3308         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges):
3309         * runtime/FunctionHasExecutedCache.h:
3310         * runtime/Options.h:
3311         * runtime/TypeProfiler.cpp:
3312         (JSC::TypeProfiler::logTypesForTypeLocation):
3313         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
3314         (JSC::TypeProfiler::findLocation):
3315         (JSC::TypeProfiler::dumpTypeProfilerData):
3316         * runtime/TypeProfiler.h:
3317         (JSC::TypeProfiler::functionHasExecutedCache): Deleted.
3318         * runtime/VM.cpp:
3319         (JSC::VM::VM):
3320         (JSC::enableProfilerWithRespectToCount):
3321         (JSC::disableProfilerWithRespectToCount):
3322         (JSC::VM::enableTypeProfiler):
3323         (JSC::VM::disableTypeProfiler):
3324         (JSC::VM::enableControlFlowProfiler):
3325         (JSC::VM::disableControlFlowProfiler):
3326         (JSC::VM::dumpTypeProfilerData):
3327         * runtime/VM.h:
3328         (JSC::VM::functionHasExecutedCache):
3329         (JSC::VM::controlFlowProfiler):
3330
3331 2014-12-04  Filip Pizlo  <fpizlo@apple.com>
3332
3333         printInternal(PrintStream& out, JSC::JITCode::JITType type) ends up dumping a literal %s
3334         https://bugs.webkit.org/show_bug.cgi?id=139274
3335
3336         Reviewed by Geoffrey Garen.
3337
3338         * jit/JITCode.cpp:
3339         (WTF::printInternal):
3340
3341 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3342
3343         Removed the concept of ParserArenaRefCounted
3344         https://bugs.webkit.org/show_bug.cgi?id=139277
3345
3346         Reviewed by Oliver Hunt.
3347
3348         This is a step toward a parser speedup.
3349
3350         Now that we have a clear root node type for each parse tree, there's no
3351         need to have a concept for "I might be refcounted or arena allocated".
3352         Instead, we can just use unique_ptr to manage the tree as a whole.
3353
3354         * API/JSScriptRef.cpp:
3355         (parseScript):
3356         * builtins/BuiltinExecutables.cpp:
3357         (JSC::BuiltinExecutables::createBuiltinExecutable): Updated for type change.
3358
3359         * bytecode/UnlinkedCodeBlock.cpp:
3360         (JSC::generateFunctionCodeBlock): Use unique_ptr. No need to call
3361         destroyData() explicitly: the unique_ptr destructor will do everything
3362         we need, as Bjarne intended.
3363
3364         * parser/NodeConstructors.h:
3365         (JSC::ParserArenaRoot::ParserArenaRoot):
3366         (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Deleted.
3367
3368         * parser/Nodes.cpp:
3369         (JSC::ScopeNode::ScopeNode):
3370         (JSC::ProgramNode::ProgramNode):
3371         (JSC::EvalNode::EvalNode):
3372         (JSC::FunctionNode::FunctionNode):
3373         (JSC::ProgramNode::create): Deleted.
3374         (JSC::EvalNode::create): Deleted.
3375         (JSC::FunctionNode::create): Deleted. All special create semantics can
3376         just go away now that we play by C++ constructor / destructor rules.
3377
3378         * parser/Nodes.h:
3379         (JSC::ParserArenaRoot::parserArena):
3380         (JSC::ParserArenaRoot::~ParserArenaRoot): Just a normal class now, which
3381         holds onto the whole parse tree by virtue of owning the arena in which
3382         all the parsed nodes (except for itself) were allocated.
3383
3384         (JSC::ProgramNode::closedVariables):
3385         (JSC::ParserArenaRefCounted::~ParserArenaRefCounted): Deleted.
3386
3387         (JSC::ScopeNode::destroyData): Deleted. No need to destroy anything
3388         explicitly anymore -- we can just rely on destructors.
3389
3390         (JSC::ScopeNode::parserArena): Deleted.
3391
3392         * parser/Parser.h:
3393         (JSC::Parser<LexerType>::parse):
3394         (JSC::parse): unique_ptr all the things.
3395
3396         * parser/ParserArena.cpp:
3397         (JSC::ParserArena::reset):
3398         (JSC::ParserArena::isEmpty):
3399         (JSC::ParserArena::contains): Deleted.
3400         (JSC::ParserArena::last): Deleted.
3401         (JSC::ParserArena::removeLast): Deleted.
3402         (JSC::ParserArena::derefWithArena): Deleted.
3403         * parser/ParserArena.h:
3404         (JSC::ParserArena::swap): Much delete. Such wow.
3405
3406         * runtime/CodeCache.cpp:
3407         (JSC::CodeCache::getGlobalCodeBlock):
3408         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
3409         * runtime/Completion.cpp:
3410         (JSC::checkSyntax):
3411         * runtime/Executable.cpp:
3412         (JSC::ProgramExecutable::checkSyntax): unique_ptr all the things.
3413
3414 2014-12-04  Andreas Kling  <akling@apple.com>
3415
3416         REGRESSION(r173188): Text inserted when trying to delete a word from the Twitter message box.
3417         <https://webkit.org/b/139076>
3418
3419         Reviewed by Geoffrey Garen.
3420
3421         The StringImpl* -> Weak<JSString> cache used by the DOM bindings
3422         had a bug where the key could become a stale pointer if the cached
3423         JSString had its internal StringImpl atomicized.
3424
3425         If a new StringImpl was then later constructed at the exact same
3426         address as the stale key, before the Weak<JSString> got booted out
3427         of the string cache, we'd now have a situation where asking the
3428         string cache for that key would return the old JSString.
3429
3430         Solve this by not allowing JSString::toExistingAtomicString() to
3431         change the JSString's internal StringImpl unless it's resolving a
3432         rope string. (The StringImpl nullity determines rope state.)
3433
3434         This means that calling toExistingAtomicString() may now have to
3435         query the AtomicString table on each call rather than just once.
3436         All clients of this API would be forced to do this regardless,
3437         since they return value will be used to key into containers with
3438         AtomicStringImpl* keys.
3439
3440         No test because this relies on malloc putting two StringImpls
3441         at the same address at different points in time and we have no
3442         mechanism to reliably test that.
3443
3444         * runtime/JSString.h:
3445         (JSC::JSString::toExistingAtomicString):
3446
3447 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3448
3449         Marked some final things final.
3450
3451         Reviewed by Andreas Kling.
3452
3453         * parser/Nodes.h:
3454
3455 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3456
3457         Split out FunctionNode from FunctionBodyNode
3458         https://bugs.webkit.org/show_bug.cgi?id=139273
3459
3460         Reviewed by Andreas Kling.
3461
3462         This is step toward a parser speedup.
3463
3464         We used to use FunctionBodyNode for two different purposes:
3465
3466         (1) "I am the root function you are currently parsing";
3467
3468         (2) "I am a lazy record of a nested function, which you will parse later".
3469
3470         This made for awkward lifetime semantics and interfaces.
3471
3472         Now, case (1) is handled by FunctionBodyNode, and case (2) is handled by
3473         a new node named FunctionNode.
3474
3475         Since case (1) no longer needs to handle being the root of the parse
3476         tree, FunctionBodyNode can be a normal arena-allocated node.
3477
3478         * bytecode/UnlinkedCodeBlock.cpp:
3479         (JSC::generateFunctionCodeBlock): Use FunctionNode instead of
3480         FunctionBodyNode, since we are producing the root of the function parse
3481         tree.
3482
3483         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Removed
3484         some unused data, and default-initialized other data, which isn't filled
3485         in meaningfully until recordParse() is called. (The previous values were
3486         incorrect / meaningless, since the FunctionBodyNode didn't have
3487         meaningful values in this case.)
3488
3489         * bytecode/UnlinkedCodeBlock.h: Ditto.
3490
3491         (JSC::UnlinkedFunctionExecutable::forceUsesArguments): Deleted.
3492
3493         * bytecompiler/BytecodeGenerator.cpp:
3494         (JSC::BytecodeGenerator::BytecodeGenerator): Use FunctionNode instead of
3495         FunctionBodyNode, since we are generating code starting at the root of
3496         the parse tree.
3497
3498         (JSC::BytecodeGenerator::resolveCallee):
3499         (JSC::BytecodeGenerator::addCallee):
3500         * bytecompiler/BytecodeGenerator.h: Ditto.
3501
3502         * bytecompiler/NodesCodegen.cpp:
3503         (JSC::FunctionBodyNode::emitBytecode):
3504         (JSC::FunctionNode::emitBytecode): Moved the emitBytecode implementation
3505         to FunctionNode, since we never generate code for FunctionBodyNode,
3506         since it's just a placeholder in the AST.
3507
3508         * parser/ASTBuilder.h:
3509         (JSC::ASTBuilder::createFunctionBody):
3510         (JSC::ASTBuilder::setUsesArguments): Deleted. Updated for interface
3511         changes.
3512
3513         * parser/Nodes.cpp:
3514         (JSC::FunctionBodyNode::FunctionBodyNode):
3515         (JSC::FunctionBodyNode::finishParsing):
3516         (JSC::FunctionBodyNode::setEndPosition):
3517         (JSC::FunctionNode::FunctionNode):
3518         (JSC::FunctionNode::create):
3519         (JSC::FunctionNode::finishParsing):
3520         (JSC::FunctionBodyNode::create): Deleted.
3521
3522         * parser/Nodes.h:
3523         (JSC::FunctionBodyNode::parameters):
3524         (JSC::FunctionBodyNode::source):
3525         (JSC::FunctionBodyNode::startStartOffset):
3526         (JSC::FunctionBodyNode::isInStrictContext):
3527         (JSC::FunctionNode::parameters):
3528         (JSC::FunctionNode::ident):
3529         (JSC::FunctionNode::functionMode):
3530         (JSC::FunctionNode::startColumn):
3531         (JSC::FunctionNode::endColumn):
3532         (JSC::ScopeNode::setSource): Deleted.
3533         (JSC::FunctionBodyNode::parameterCount): Deleted. Split out the differences
3534         between FunctionNode and FunctionBodyNode.
3535
3536         * parser/SyntaxChecker.h:
3537         (JSC::SyntaxChecker::createClauseList):
3538         (JSC::SyntaxChecker::setUsesArguments): Deleted. Removed setUsesArguments
3539         since it wasn't used.
3540
3541         * runtime/Executable.cpp:
3542         (JSC::ProgramExecutable::checkSyntax): Removed a branch that was always
3543         false.
3544
3545 2014-12-02  Brian J. Burg  <burg@cs.washington.edu>
3546
3547         Web Inspector: timeline probe records have inaccurate per-probe hit counts
3548         https://bugs.webkit.org/show_bug.cgi?id=138976
3549
3550         Reviewed by Joseph Pecoraro.
3551
3552         Previously, the DebuggerAgent was responsible for assigning unique ids to samples.
3553         However, this makes it impossible for the frontend's Timeline manager to associate
3554         a Probe Sample timeline record with the corresponding probe sample data. The record
3555         only included the probe batchId (misnamed as hitCount in ScriptDebugServer).
3556
3557         This patch moves both the batchId and sampleId counters into ScriptDebugServer, so
3558         any client of ScriptDebugListener will get the correct sampleId for each sample.
3559
3560         * inspector/ScriptDebugListener.h:
3561         * inspector/ScriptDebugServer.cpp:
3562         (Inspector::ScriptDebugServer::ScriptDebugServer):
3563         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
3564         (Inspector::ScriptDebugServer::handleBreakpointHit):
3565         * inspector/ScriptDebugServer.h:
3566         * inspector/agents/InspectorDebuggerAgent.cpp:
3567         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
3568         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3569         * inspector/agents/InspectorDebuggerAgent.h:
3570
3571 2014-12-04  Oliver Hunt  <oliver@apple.com>
3572
3573         Serialization of MapData object provides unsafe access to internal types
3574         https://bugs.webkit.org/show_bug.cgi?id=138653
3575
3576         Reviewed by Geoffrey Garen.
3577
3578         Converting these ASSERTs into RELEASE_ASSERTs, as it is now obvious
3579         that despite trying hard to be safe in all cases it's simply to easy
3580         to use an iterator in an unsafe state.
3581
3582         * runtime/MapData.h:
3583         (JSC::MapData::const_iterator::key):
3584         (JSC::MapData::const_iterator::value):
3585
3586 2014-12-03  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3587
3588         Move JavaScriptCore/dfg to std::unique_ptr
3589         https://bugs.webkit.org/show_bug.cgi?id=139169
3590
3591         Reviewed by Filip Pizlo.
3592
3593         Use std::unique_ptr<>|std::make_unique<> in JavaScriptCore/dfg directory.
3594
3595         * dfg/DFGBasicBlock.h:
3596         * dfg/DFGJITCompiler.cpp:
3597         (JSC::DFG::JITCompiler::JITCompiler):
3598         (JSC::DFG::JITCompiler::compile):
3599         (JSC::DFG::JITCompiler::link):
3600         (JSC::DFG::JITCompiler::compileFunction):
3601         (JSC::DFG::JITCompiler::linkFunction):
3602         * dfg/DFGJITCompiler.h:
3603         * dfg/DFGPlan.cpp:
3604         (JSC::DFG::Plan::compileInThreadImpl):
3605         (JSC::DFG::Plan::cancel):
3606         * dfg/DFGPlan.h:
3607         * dfg/DFGSlowPathGenerator.h:
3608         * dfg/DFGWorklist.h:
3609         * ftl/FTLFail.cpp:
3610         (JSC::FTL::fail):
3611         * ftl/FTLState.cpp:
3612         (JSC::FTL::State::State):
3613
3614 2014-12-03  Michael Saboff  <msaboff@apple.com>
3615
3616         REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests
3617         https://bugs.webkit.org/show_bug.cgi?id=139246
3618
3619         Reviewed by Geoffrey Garen.
3620
3621         * ftl/FTLLowerDFGToLLVM.cpp:
3622         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
3623         The DFG_ASSERT that checks liveness at exit time doesn't properly
3624         handle the case where the local is not available at OSR exit time,
3625         but the local is live in the bytecode.  This now happens with the
3626         allocated scope register when we are compiling for FTLForOSREntryMode
3627         due to DCE done when the control flow was changed and a new entrypoint
3628         was added in the OSR entrypoint creation phase.  Therefore we silence
3629         the assert when compiling for FTLForOSREntryMode.
3630
3631 2014-12-03  Geoffrey Garen  <ggaren@apple.com>
3632
3633         Removed the global parser arena
3634         https://bugs.webkit.org/show_bug.cgi?id=139236
3635
3636         Reviewed by Sam Weinig.
3637
3638         Simplifies parser lifetime logic.
3639
3640         There's no need to keep a global arena. We can create a new arena
3641         each time we parse.
3642
3643         * bytecompiler/BytecodeGenerator.h: Global replace to pass around a
3644         ParserArena instead of VM*, since the VM no longer owns the arena.
3645         (JSC::BytecodeGenerator::parserArena):
3646
3647         * bytecompiler/NodesCodegen.cpp: Ditto.
3648         (JSC::ArrayNode::toArgumentList):
3649         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3650         * parser/ASTBuilder.h: Ditto.
3651         (JSC::ASTBuilder::ASTBuilder):
3652         (JSC::ASTBuilder::createSourceElements):
3653         (JSC::ASTBuilder::createCommaExpr):
3654         (JSC::ASTBuilder::createLogicalNot):
3655         (JSC::ASTBuilder::createUnaryPlus):
3656         (JSC::ASTBuilder::createVoid):
3657         (JSC::ASTBuilder::thisExpr):
3658         (JSC::ASTBuilder::createResolve):
3659         (JSC::ASTBuilder::createObjectLiteral):
3660         (JSC::ASTBuilder::createArray):
3661         (JSC::ASTBuilder::createNumberExpr):
3662         (JSC::ASTBuilder::createString):
3663         (JSC::ASTBuilder::createBoolean):
3664         (JSC::ASTBuilder::createNull):
3665         (JSC::ASTBuilder::createBracketAccess):
3666         (JSC::ASTBuilder::createDotAccess):
3667         (JSC::ASTBuilder::createSpreadExpression):
3668         (JSC::ASTBuilder::createRegExp):
3669         (JSC::ASTBuilder::createNewExpr):
3670         (JSC::ASTBuilder::createConditionalExpr):
3671         (JSC::ASTBuilder::createAssignResolve):
3672         (JSC::ASTBuilder::createFunctionExpr):
3673         (JSC::ASTBuilder::createFunctionBody):
3674         (JSC::ASTBuilder::createGetterOrSetterProperty):
3675         (JSC::ASTBuilder::createArguments):
3676         (JSC::ASTBuilder::createArgumentsList):
3677         (JSC::ASTBuilder::createProperty):
3678         (JSC::ASTBuilder::createPropertyList):
3679         (JSC::ASTBuilder::createElementList):
3680         (JSC::ASTBuilder::createFormalParameterList):
3681         (JSC::ASTBuilder::createClause):
3682         (JSC::ASTBuilder::createClauseList):
3683         (JSC::ASTBuilder::createFuncDeclStatement):
3684         (JSC::ASTBuilder::createBlockStatement):
3685         (JSC::ASTBuilder::createExprStatement):
3686         (JSC::ASTBuilder::createIfStatement):
3687         (JSC::ASTBuilder::createForLoop):
3688         (JSC::ASTBuilder::createForInLoop):
3689         (JSC::ASTBuilder::createForOfLoop):
3690         (JSC::ASTBuilder::createEmptyStatement):
3691         (JSC::ASTBuilder::createVarStatement):
3692         (JSC::ASTBuilder::createEmptyVarExpression):
3693         (JSC::ASTBuilder::createReturnStatement):
3694         (JSC::ASTBuilder::createBreakStatement):
3695         (JSC::ASTBuilder::createContinueStatement):
3696         (JSC::ASTBuilder::createTryStatement):
3697         (JSC::ASTBuilder::createSwitchStatement):
3698         (JSC::ASTBuilder::createWhileStatement):
3699         (JSC::ASTBuilder::createDoWhileStatement):
3700         (JSC::ASTBuilder::createLabelStatement):
3701         (JSC::ASTBuilder::createWithStatement):
3702         (JSC::ASTBuilder::createThrowStatement):
3703         (JSC::ASTBuilder::createDebugger):
3704         (JSC::ASTBuilder::createConstStatement):
3705         (JSC::ASTBuilder::appendConstDecl):
3706         (JSC::ASTBuilder::combineCommaNodes):
3707         (JSC::ASTBuilder::createDeconstructingAssignment):
3708         (JSC::ASTBuilder::Scope::Scope):
3709         (JSC::ASTBuilder::createNumber):
3710         (JSC::ASTBuilder::makeTypeOfNode):
3711         (JSC::ASTBuilder::makeDeleteNode):
3712         (JSC::ASTBuilder::makeNegateNode):
3713         (JSC::ASTBuilder::makeBitwiseNotNode):
3714         (JSC::ASTBuilder::makeMultNode):
3715         (JSC::ASTBuilder::makeDivNode):
3716         (JSC::ASTBuilder::makeModNode):
3717         (JSC::ASTBuilder::makeAddNode):
3718         (JSC::ASTBuilder::makeSubNode):
3719         (JSC::ASTBuilder::makeLeftShiftNode):
3720         (JSC::ASTBuilder::makeRightShiftNode):
3721         (JSC::ASTBuilder::makeURightShiftNode):
3722         (JSC::ASTBuilder::makeBitOrNode):
3723         (JSC::ASTBuilder::makeBitAndNode):
3724         (JSC::ASTBuilder::makeBitXOrNode):
3725         (JSC::ASTBuilder::makeFunctionCallNode):
3726         (JSC::ASTBuilder::makeBinaryNode):
3727         (JSC::ASTBuilder::makeAssignNode):
3728         (JSC::ASTBuilder::makePrefixNode):
3729         (JSC::ASTBuilder::makePostfixNode):
3730
3731         * parser/NodeConstructors.h: Ditto.
3732         (JSC::ParserArenaFreeable::operator new):
3733         (JSC::ParserArenaDeletable::operator new):
3734         (JSC::ParserArenaRefCounted::ParserArenaRefCounted):
3735
3736         * parser/Nodes.cpp: Ditto.
3737         (JSC::ScopeNode::ScopeNode):
3738         (JSC::ProgramNode::ProgramNode):
3739         (JSC::ProgramNode::create):
3740         (JSC::EvalNode::EvalNode):
3741         (JSC::EvalNode::create):
3742         (JSC::FunctionBodyNode::FunctionBodyNode):
3743         (JSC::FunctionBodyNode::create):
3744
3745         * parser/Nodes.h: Ditto.
3746         (JSC::ScopeNode::parserArena):
3747
3748         * parser/Parser.cpp:
3749         (JSC::Parser<LexerType>::Parser):
3750         (JSC::Parser<LexerType>::parseInner):
3751         (JSC::Parser<LexerType>::parseProperty): The parser now owns its own
3752         arena, and transfers ownership of its contents when invoking the ScopeNode
3753         constructor.
3754
3755         * parser/Parser.h:
3756         (JSC::Parser<LexerType>::parse): No need to explicitly reset the arena,
3757         since its lifetime is tied to the parser's lifetime now.
3758
3759         * parser/SyntaxChecker.h:
3760         (JSC::SyntaxChecker::createProperty):
3761         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3762
3763         * runtime/VM.cpp:
3764         (JSC::VM::VM):
3765         * runtime/VM.h: The point of the patch: no more global.
3766
3767 2014-12-03  Geoffrey Garen  <ggaren@apple.com>
3768
3769         The parser should allocate all pieces of the AST
3770         https://bugs.webkit.org/show_bug.cgi?id=139230
3771
3772         Reviewed by Oliver Hunt.
3773
3774         This is a step toward a 14% parsing speedup.
3775
3776         Previously, allocation was split between the parser and certain node
3777         constructor functions. This made for some duplicated code and circular
3778         dependencies.
3779
3780         * parser/ASTBuilder.h:
3781         (JSC::ASTBuilder::createGetterOrSetterProperty): No need to pass through
3782         the VM, since our callee no longer needs to allocate anything.
3783
3784         (JSC::ASTBuilder::createProperty): Allocate the identifier for our
3785         callee, since that is simpler than requiring our callee to notice that
3786         we didn't do so, and do it for us.
3787
3788         (JSC::ASTBuilder::createForInLoop): Allocate the DeconstructingAssignmentNode
3789         for our callee, since that is simpler than requiring our callee to notice
3790         that we didn't do so, and do it for us.
3791
3792         Also, reuse some code instead of duplicating it.
3793
3794         (JSC::ASTBuilder::createForOfLoop): Ditto.
3795
3796         (JSC::ASTBuilder::createArrayPattern):
3797         (JSC::ASTBuilder::createObjectPattern):
3798         (JSC::ASTBuilder::createBindingLocation): No need to pass through a VM
3799         pointer, since our callee no longer needs to allocate anything.
3800
3801         (JSC::ASTBuilder::createBreakStatement): Deleted.
3802         (JSC::ASTBuilder::createContinueStatement): Deleted.
3803
3804         * parser/NodeConstructors.h:
3805         (JSC::PropertyNode::PropertyNode):
3806         (JSC::DeconstructionPatternNode::DeconstructionPatternNode):
3807         (JSC::ArrayPatternNode::ArrayPatternNode):
3808         (JSC::ArrayPatternNode::create):
3809         (JSC::ObjectPatternNode::ObjectPatternNode):
3810         (JSC::ObjectPatternNode::create):
3811         (JSC::BindingNode::create):
3812         (JSC::BindingNode::BindingNode):
3813         (JSC::ContinueNode::ContinueNode): Deleted.
3814         (JSC::BreakNode::BreakNode): Deleted.
3815         (JSC::EnumerationNode::EnumerationNode): Deleted.
3816         (JSC::ForInNode::ForInNode): Deleted.
3817         (JSC::ForOfNode::ForOfNode): Deleted. Deleted a bunch of special cases
3818         that don't exist anymore, now that the parser allocates all pieces of
3819         the AST unconditionally.
3820
3821         * parser/Nodes.h: Ditto.
3822
3823         * parser/Parser.cpp:
3824         (JSC::Parser<LexerType>::parseBreakStatement):
3825         (JSC::Parser<LexerType>::parseContinueStatement): Allocate the null
3826         identifier for our callee, since that is simpler than requiring our
3827         callee to notice that we didn't do so, and do it for us.
3828
3829         (JSC::Parser<LexerType>::parseProperty):
3830         * parser/SyntaxChecker.h:
3831         (JSC::SyntaxChecker::createProperty): No need to pass through a VM
3832         pointer, since our callee no longer needs to allocate anything.
3833
3834 2014-12-03  Zsolt Borbely  <zsborbely.u-szeged@partner.samsung.com>
3835
3836         Remove unused JSC runtime options
3837         https://bugs.webkit.org/show_bug.cgi?id=133070
3838
3839         Reviewed by Csaba Osztrogonác.
3840
3841         * runtime/Options.h:
3842
3843 2014-12-02  Mark Lam  <mark.lam@apple.com>
3844
3845         Rolling out r176592, r176603, r176616, and r176705 until build and perf issues are resolved.
3846         https://bugs.webkit.org/show_bug.cgi?id=138821
3847
3848         Not reviewed.
3849
3850         * bytecode/UnlinkedCodeBlock.cpp:
3851         (JSC::UnlinkedCodeBlock::visitChildren):
3852         * bytecompiler/BytecodeGenerator.cpp:
3853         (JSC::BytecodeGenerator::emitComplexPopScopes):
3854         * dfg/DFGSpeculativeJIT.cpp:
3855         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
3856         * ftl/FTLAbbreviations.h:
3857         (JSC::FTL::mdNode):
3858         (JSC::FTL::buildCall):
3859         * llint/LLIntData.cpp:
3860         (JSC::LLInt::Data::performAssertions):
3861         * parser/Parser.h:
3862         (JSC::Scope::Scope):
3863         * runtime/JSArray.cpp:
3864         (JSC::JSArray::setLengthWithArrayStorage):
3865         (JSC::JSArray::sortCompactedVector):
3866         * tools/ProfileTreeNode.h:
3867         (JSC::ProfileTreeNode::dumpInternal):
3868         * yarr/YarrJIT.cpp:
3869         (JSC::Yarr::YarrGenerator::matchCharacterClass):
3870
3871 2014-12-02  Michael Saboff  <msaboff@apple.com>
3872
3873         Change CallFrame::globalThisValue() to not use CallFrame::scope()
3874         https://bugs.webkit.org/show_bug.cgi?id=139202
3875
3876         Reviewed by Mark Lam.
3877
3878         Changed to use the globalThis() on the globalObject associated with the
3879         callee.  Moved the inline definition to JSGlobalObject.h instead of
3880         including JSGlobalObject.h in JSScope.h.  Also moved it as JSScope
3881         objects are no longer involved in getting the value.
3882
3883         * runtime/JSGlobalObject.h:
3884         (JSC::ExecState::globalThisValue):
3885         * runtime/JSScope.h:
3886         (JSC::ExecState::globalThisValue): Deleted.
3887
3888 2014-12-02  Matthew Mirman  <mmirman@apple.com>
3889
3890         Fixes inline cache fast path accessing nonexistant getters.
3891         <rdar://problem/18416918>
3892         https://bugs.webkit.org/show_bug.cgi?id=136961
3893
3894         Reviewed by Filip Pizlo.
3895
3896         Fixes a bug in inline caching where getters would have been able to 
3897         modify the property they are getting during 
3898         building the inline cache and then accessing that 
3899         property through the inline cache site causing a recursive 
3900         inline cache building and allowing the fast path of the cache to 
3901         try to load a getter for the property that no longer exists.
3902                 
3903         * jit/JITOperations.cpp: Switched use of get to getPropertySlot.
3904         * runtime/JSCJSValue.h: 
3905         added getPropertySlot for when you don't want to perform the get quite yet but want 
3906         to fill out the slot.
3907         * runtime/JSCJSValueInlines.h: Added implementation for getPropertySlot
3908         (JSC::JSValue::get): changed to simply call getPropertySlot
3909         (JSC::JSValue::getPropertySlot): added.
3910         * tests/stress/recursive_property_redefine_during_inline_caching.js: Added test case for bug.
3911         (test):
3912         
3913 2014-12-01  Michael Saboff  <msaboff@apple.com>
3914
3915         Remove GetMyScope node from DFG
3916         https://bugs.webkit.org/show_bug.cgi?id=139166
3917
3918         Reviewed by Oliver Hunt.
3919
3920         Eliminated GetMyScope DFG node type.
3921
3922         * dfg/DFGAbstractInterpreterInlines.h:
3923         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3924         * dfg/DFGClobberize.h:
3925         (JSC::DFG::clobberize):
3926         * dfg/DFGDoesGC.cpp:
3927         (JSC::DFG::doesGC):
3928         * dfg/DFGFixupPhase.cpp:
3929         (JSC::DFG::FixupPhase::fixupNode):
3930         * dfg/DFGGraph.cpp:
3931         (JSC::DFG::Graph::isLiveInBytecode):
3932         * dfg/DFGNodeType.h:
3933         * dfg/DFGPredictionPropagationPhase.cpp:
3934         (JSC::DFG::PredictionPropagationPhase::propagate):
3935         * dfg/DFGSafeToExecute.h:
3936         (JSC::DFG::safeToExecute):
3937         * dfg/DFGSpeculativeJIT32_64.cpp:
3938         (JSC::DFG::SpeculativeJIT::compile):
3939         * dfg/DFGSpeculativeJIT64.cpp:
3940         (JSC::DFG::SpeculativeJIT::compile):
3941         * ftl/FTLCapabilities.cpp:
3942         (JSC::FTL::canCompile):
3943         * ftl/FTLLowerDFGToLLVM.cpp:
3944         (JSC::FTL::LowerDFGToLLVM::compileNode):
3945         (JSC::FTL::LowerDFGToLLVM::compileGetMyScope): Deleted.
3946
3947 2014-12-01  Michael Saboff  <msaboff@apple.com>
3948
3949         Crash (integer overflow) beneath ByteCodeParser::handleGetById typing in search field on weather.com
3950         https://bugs.webkit.org/show_bug.cgi?id=139165
3951
3952         Reviewed by Oliver Hunt.
3953
3954         If we don't have any getById or putById variants, emit non-cached versions of these operations.
3955
3956         * dfg/DFGByteCodeParser.cpp:
3957         (JSC::DFG::ByteCodeParser::handleGetById):
3958         (JSC::DFG::ByteCodePar