97765c9e4451b3ed47b1e4a62cd53e660e08020c
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-01-18  Andreas Kling  <akling@apple.com>
2
3         CodeBlock: Size m_exceptionHandlers to fit from creation.
4         <https://webkit.org/b/127234>
5
6         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
7
8         Reviewed by Anders Carlsson.
9
10         * bytecode/CodeBlock.h:
11
12             Removed unused CodeBlock::allocateHandlers() function.
13
14         * bytecode/CodeBlock.cpp:
15         (JSC::CodeBlock::CodeBlock):
16
17             Use resizeToFit() instead of grow() for m_exceptionHandlers
18             since we know it's never going to change size.
19
20         (JSC::CodeBlock::shrinkToFit):
21
22             No need to shrink m_exceptionHandlers here since it's already
23             the perfect size.
24
25 2014-01-18  Mark Lam  <mark.lam@apple.com>
26
27         Add a hasBreakpointFlag arg to the op_debug bytecode.
28         https://bugs.webkit.org/show_bug.cgi?id=127230.
29
30         Reviewed by Geoffrey Garen.
31
32         This is in anticipation of upcoming changes to support bytecode level
33         breakpoints. This patch adds the flag to the op_debug bytecode and
34         initializes it, but does not use it yet.
35
36         * bytecode/Opcode.h:
37         (JSC::padOpcodeName):
38         * bytecompiler/BytecodeGenerator.cpp:
39         (JSC::BytecodeGenerator::emitDebugHook):
40         * llint/LowLevelInterpreter.asm:
41
42 2014-01-18  Alberto Garcia  <berto@igalia.com>
43
44         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
45         https://bugs.webkit.org/show_bug.cgi?id=99683
46
47         Reviewed by Anders Carlsson.
48
49         * jit/ThunkGenerators.cpp:
50         * tools/CodeProfile.cpp:
51         (JSC::symbolName):
52         (JSC::CodeProfile::sample):
53
54 2014-01-18  Anders Carlsson  <andersca@apple.com>
55
56         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
57         https://bugs.webkit.org/show_bug.cgi?id=127225
58
59         Reviewed by Andreas Kling.
60
61         This concludes the removal of over 8.8 million lines of threaded parser code.
62
63         * Configurations/FeatureDefines.xcconfig:
64
65 2014-01-18  Mark Lam  <mark.lam@apple.com>
66
67         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
68         https://bugs.webkit.org/show_bug.cgi?id=127127.
69
70         Reviewed by Geoffrey Garen.
71
72         In order to implement bytecode level breakpoints, we need a mechanism
73         for computing the best fit op_debug bytecode offset for any valid given
74         line and column value in the source. The "best fit" op_debug bytecode
75         in this case is defined below in the comment for
76         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
77
78         * GNUmakefile.list.am:
79         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
80         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
81         * JavaScriptCore.xcodeproj/project.pbxproj:
82         * bytecode/CodeBlock.cpp:
83         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
84         - Convert the line and column to unlinked line and column values and
85           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
86           to do the real work.
87
88         * bytecode/CodeBlock.h:
89         * bytecode/LineColumnInfo.h: Added.
90         (JSC::LineColumnInfo::operator <):
91         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
92         (JSC::LineColumnInfo::operator ==):
93         (JSC::LineColumnInfo::operator !=):
94         (JSC::LineColumnInfo::operator <=):
95         (JSC::LineColumnInfo::operator >):
96         (JSC::LineColumnInfo::operator >=):
97         * bytecode/LineInfo.h: Removed.
98
99         * bytecode/UnlinkedCodeBlock.cpp:
100         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
101         - Factored this out of expressionRangeForBytecodeOffset() so that it can
102           be called from multiple places.
103         (JSC::dumpLineColumnEntry):
104         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
105         (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
106         - Some dumpers for debugging use only.
107         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
108         (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
109         - Finds the earliest op_debug bytecode whose line and column matches the
110           specified line and column values. If an exact match is not found, then
111           finds the nearest op_debug bytecode that precedes the specified line
112           and column values. If there are more than one op_debug at that preceding
113           line and column value, then the earliest of those op_debug bytecodes will
114           be be selected. The offset of the selected bytecode will be returned.
115
116           We want the earliest one because when we have multiple op_debug bytecodes
117           that map to a given line and column, a debugger user would expect to break
118           on the first one and step through the rest thereafter if needed.
119
120         (JSC::compareLineColumnInfo):
121         (JSC::UnlinkedCodeBlock::opDebugLineColumnInfoList):
122         - Creates the sorted opDebugLineColumnInfoList on demand. This list is
123           stored in the UnlinkedCodeBlock's rareData.
124         * bytecode/UnlinkedCodeBlock.h:
125
126 2014-01-18  Zan Dobersek  <zdobersek@igalia.com>
127
128         Inspector scripts are not compatible with Python v3
129         https://bugs.webkit.org/show_bug.cgi?id=127128
130
131         Reviewed by Benjamin Poulain.
132
133         * inspector/scripts/generate-combined-inspector-json.py: Turn print statements into print function calls.
134         * inspector/scripts/jsmin.py: Try importing the StringIO class from the StringIO module (which will work for
135         Python v2) or, on import error, import the class from the io module (which will work for Python v3).
136
137 2014-01-17  Anders Carlsson  <andersca@apple.com>
138
139         String::is8Bit() crashes if m_impl is null, handle this.
140
141         * API/OpaqueJSString.h:
142         (OpaqueJSString::OpaqueJSString):
143
144 2014-01-17  Anders Carlsson  <andersca@apple.com>
145
146         Try to fix the Windows build.
147
148         * API/OpaqueJSString.cpp:
149         (OpaqueJSString::~OpaqueJSString):
150         (OpaqueJSString::characters):
151         * API/OpaqueJSString.h:
152         (OpaqueJSString::OpaqueJSString):
153
154 2014-01-17  Anders Carlsson  <andersca@apple.com>
155
156         Get rid of OpaqueJSString::deprecatedCharacters()
157         https://bugs.webkit.org/show_bug.cgi?id=127161
158
159         Reviewed by Sam Weinig.
160
161         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
162         code paths for the 8-bit cases.
163         
164         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
165         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
166         is called and the backing string is 8-bit.
167         
168         This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
169         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
170         causing an unsafe upconversion to a 16-bit string).
171
172         * API/JSStringRef.cpp:
173         (JSStringGetCharactersPtr):
174         Call OpaqueJSString::characters.
175
176         (JSStringGetUTF8CString):
177         Add a code path that handles 8-bit strings.
178
179         (JSStringIsEqual):
180         Call OpaqueJSString::equal.
181
182         * API/JSStringRefCF.cpp:
183         (JSStringCreateWithCFString):
184         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
185
186         (JSStringCopyCFString):
187         Create an 8-bit CFStringRef if possible.
188
189         * API/OpaqueJSString.cpp:
190         (OpaqueJSString::create):
191         Use nullptr.
192
193         (OpaqueJSString::~OpaqueJSString):
194         Free m_characters.
195
196         (OpaqueJSString::characters):
197         Do the up-conversion and store the result in m_characters.
198
199         (OpaqueJSString::equal):
200         New helper function.
201
202         * API/OpaqueJSString.h:
203         (OpaqueJSString::is8Bit):
204         New function that returns whether a string is 8-bit or not.
205
206         (OpaqueJSString::characters8):
207         (OpaqueJSString::characters16):
208         Add getters.
209
210 2014-01-17  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
211
212         Remove workaround for compilers not supporting deleted functions
213         https://bugs.webkit.org/show_bug.cgi?id=127166
214
215         Reviewed by Andreas Kling.
216
217         * inspector/InspectorAgentRegistry.h:
218
219 2014-01-17  Commit Queue  <commit-queue@webkit.org>
220
221         Unreviewed, rolling out r162185, r162186, and r162187.
222         http://trac.webkit.org/changeset/162185
223         http://trac.webkit.org/changeset/162186
224         http://trac.webkit.org/changeset/162187
225         https://bugs.webkit.org/show_bug.cgi?id=127164
226
227         Broke JSStringCreateWithCharactersNoCopy, as evidenced by a
228         JSC API test (Requested by ap on #webkit).
229
230         * API/JSStringRef.cpp:
231         (JSStringGetCharactersPtr):
232         (JSStringGetUTF8CString):
233         (JSStringIsEqual):
234         * API/JSStringRefCF.cpp:
235         (JSStringCreateWithCFString):
236         (JSStringCopyCFString):
237         * API/OpaqueJSString.cpp:
238         (OpaqueJSString::create):
239         (OpaqueJSString::identifier):
240         * API/OpaqueJSString.h:
241         (OpaqueJSString::create):
242         (OpaqueJSString::characters):
243         (OpaqueJSString::deprecatedCharacters):
244         (OpaqueJSString::OpaqueJSString):
245
246 2014-01-16  Anders Carlsson  <andersca@apple.com>
247
248         Export OpaqueJSString destructor.
249
250         * API/OpaqueJSString.h:
251
252 2014-01-16  Anders Carlsson  <andersca@apple.com>
253
254         Build fix.
255
256         * API/OpaqueJSString.h:
257
258 2014-01-16  Anders Carlsson  <andersca@apple.com>
259
260         Get rid of OpaqueJSString::deprecatedCharacters()
261         https://bugs.webkit.org/show_bug.cgi?id=127161
262
263         Reviewed by Sam Weinig.
264
265         Handle OpaqueJSString::m_string being either 8-bit or 16-bit and add extra
266         code paths for the 8-bit cases.
267         
268         Unfortunately, JSStringGetCharactersPtr is still expected to return a 16-bit character pointer.
269         Handle this by storing a separate 16-bit string and initializing it on demand when JSStringGetCharactersPtr
270         is called. This has the nice side effect of making JSStringGetCharactersPtr thread-safe when it wasn't before.
271         (In theory, someone could have a JSStringRef backed by an 8-bit string and call JSStringGetCharactersPtr on it
272         causing an unsafe upconversion to a 16-bit string).
273
274         * API/JSStringRef.cpp:
275         (JSStringGetCharactersPtr):
276         Call OpaqueJSString::characters.
277
278         (JSStringGetUTF8CString):
279         Add a code path that handles 8-bit strings.
280
281         (JSStringIsEqual):
282         Call OpaqueJSString::equal.
283
284         * API/JSStringRefCF.cpp:
285         (JSStringCreateWithCFString):
286         Reformat the code to use an early return instead of putting most of the code inside the body of an if statement.
287
288         (JSStringCopyCFString):
289         Create an 8-bit CFStringRef if possible.
290
291         * API/OpaqueJSString.cpp:
292         (OpaqueJSString::create):
293         Use nullptr.
294
295         (OpaqueJSString::~OpaqueJSString):
296         Free m_characters.
297
298         (OpaqueJSString::characters):
299         Do the up-conversion and store the result in m_characters.
300
301         (OpaqueJSString::equal):
302         New helper function.
303
304         * API/OpaqueJSString.h:
305         (OpaqueJSString::is8Bit):
306         New function that returns whether a string is 8-bit or not.
307
308         (OpaqueJSString::characters8):
309         (OpaqueJSString::characters16):
310         Add getters.
311
312 2014-01-16  Anders Carlsson  <andersca@apple.com>
313
314         Change all uses of FINAL to final now that all our compilers support it
315         https://bugs.webkit.org/show_bug.cgi?id=127142
316
317         Reviewed by Benjamin Poulain.
318
319         * inspector/JSGlobalObjectInspectorController.h:
320         * inspector/agents/InspectorAgent.h:
321         * inspector/remote/RemoteInspector.h:
322         * inspector/remote/RemoteInspectorDebuggableConnection.h:
323         * inspector/scripts/CodeGeneratorInspector.py:
324         (Generator.go):
325         * runtime/JSGlobalObjectDebuggable.h:
326         * runtime/JSPromiseReaction.cpp:
327
328 2014-01-16  Oliver Hunt  <oliver@apple.com>
329
330         throwing an objc object (or general binding object) triggers an assertion
331         https://bugs.webkit.org/show_bug.cgi?id=127146
332
333         Reviewed by Alexey Proskuryakov.
334
335         This is simply a bogus assertion as we can't guarantee a bindings object
336         won't intercept assignment to .stack
337
338         * interpreter/Interpreter.cpp:
339         (JSC::Interpreter::unwind):
340
341 2014-01-16  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
342
343         Remove workaround for compilers not supporting explicit override control
344         https://bugs.webkit.org/show_bug.cgi?id=127111
345
346         Reviewed by Anders Carlsson.
347
348         Now all compilers support explicit override control, this workaround can be removed.
349
350         * API/JSAPIWrapperObject.mm:
351         * API/JSCallbackObject.h:
352         * API/JSManagedValue.mm:
353         * API/JSScriptRef.cpp:
354         * bytecode/CodeBlock.h:
355         * bytecode/CodeBlockJettisoningWatchpoint.h:
356         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.h:
357         * bytecode/StructureStubClearingWatchpoint.h:
358         * dfg/DFGArrayifySlowPathGenerator.h:
359         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
360         * dfg/DFGFailedFinalizer.h:
361         * dfg/DFGJITCode.h:
362         * dfg/DFGJITFinalizer.h:
363         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
364         * dfg/DFGSlowPathGenerator.h:
365         * dfg/DFGSpeculativeJIT64.cpp:
366         * heap/Heap.h:
367         * heap/IncrementalSweeper.h:
368         * heap/SuperRegion.h:
369         * inspector/InspectorValues.h:
370         * inspector/JSGlobalObjectInspectorController.h:
371         * inspector/agents/InspectorAgent.h:
372         * inspector/remote/RemoteInspector.h:
373         * inspector/remote/RemoteInspectorDebuggableConnection.h:
374         * inspector/scripts/CodeGeneratorInspector.py:
375         (Generator.go):
376         * jit/ClosureCallStubRoutine.h:
377         * jit/ExecutableAllocatorFixedVMPool.cpp:
378         * jit/GCAwareJITStubRoutine.h:
379         * jit/JITCode.h:
380         * jit/JITToDFGDeferredCompilationCallback.h:
381         * parser/Nodes.h:
382         * parser/SourceProvider.h:
383         * runtime/DataView.h:
384         * runtime/GCActivityCallback.h:
385         * runtime/GenericTypedArrayView.h:
386         * runtime/JSGlobalObjectDebuggable.h:
387         * runtime/JSPromiseReaction.cpp:
388         * runtime/RegExpCache.h:
389         * runtime/SimpleTypedArrayController.h:
390         * runtime/SymbolTable.h:
391         * runtime/WeakMapData.h:
392
393 2014-01-15  Joseph Pecoraro  <pecoraro@apple.com>
394
395         [iOS] Clean up REMOTE_INSPECTOR code in OpenSource after the iOS merge
396         https://bugs.webkit.org/show_bug.cgi?id=127069
397
398         Reviewed by Timothy Hatcher.
399
400         * JavaScriptCore.xcodeproj/project.pbxproj:
401         Export XPCConnection because it is needed by RemoteInspector.h.
402
403         * inspector/remote/RemoteInspectorXPCConnection.h:
404         * inspector/remote/RemoteInspector.h:
405         * inspector/remote/RemoteInspector.mm:
406         (Inspector::RemoteInspector::startDisabled):
407         (Inspector::RemoteInspector::shared):
408         Allow RemoteInspector singleton to start disabled.
409
410 2014-01-15  Brian Burg  <bburg@apple.com>
411
412         Web Inspector: capture probe samples on the backend
413         https://bugs.webkit.org/show_bug.cgi?id=126668
414
415         Reviewed by Joseph Pecoraro.
416
417         Add the 'probe' breakpoint action to the protocol. Change the setBreakpoint
418         commands to return a list of assigned breakpoint action identifiers
419         Add a type for breakpoint action identifiers. Add an event for sending
420         captured probe samples to the inspector frontend.
421
422         * inspector/protocol/Debugger.json:
423
424 2014-01-10  Mark Hahnenberg  <mhahnenberg@apple.com>
425
426         Copying should be generational
427         https://bugs.webkit.org/show_bug.cgi?id=126555
428
429         Reviewed by Geoffrey Garen.
430
431         This patch adds support for copying to our generational collector. Eden collections 
432         always trigger copying. Full collections use our normal fragmentation-based heuristics.
433
434         The way this works is that the CopiedSpace now has the notion of an old generation set of CopiedBlocks
435         and a new generation of CopiedBlocks. During each mutator cycle new CopiedSpace allocations reside
436         in the new generation. When a collection occurs, those blocks are moved to the old generation.
437
438         One key thing to remember is that both new and old generation objects in the MarkedSpace can
439         refer to old or new generation allocations in CopiedSpace. This is why we must fire write barriers 
440         when assigning to an old (MarkedSpace) object's Butterfly.
441
442         * heap/CopiedAllocator.h:
443         (JSC::CopiedAllocator::tryAllocateDuringCopying):
444         * heap/CopiedBlock.h:
445         (JSC::CopiedBlock::CopiedBlock):
446         (JSC::CopiedBlock::didEvacuateBytes):
447         (JSC::CopiedBlock::isOld):
448         (JSC::CopiedBlock::didPromote):
449         * heap/CopiedBlockInlines.h:
450         (JSC::CopiedBlock::reportLiveBytes):
451         (JSC::CopiedBlock::reportLiveBytesDuringCopying):
452         * heap/CopiedSpace.cpp:
453         (JSC::CopiedSpace::CopiedSpace):
454         (JSC::CopiedSpace::~CopiedSpace):
455         (JSC::CopiedSpace::init):
456         (JSC::CopiedSpace::tryAllocateOversize):
457         (JSC::CopiedSpace::tryReallocateOversize):
458         (JSC::CopiedSpace::doneFillingBlock):
459         (JSC::CopiedSpace::didStartFullCollection):
460         (JSC::CopiedSpace::doneCopying):
461         (JSC::CopiedSpace::size):
462         (JSC::CopiedSpace::capacity):
463         (JSC::CopiedSpace::isPagedOut):
464         * heap/CopiedSpace.h:
465         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
466         * heap/CopiedSpaceInlines.h:
467         (JSC::CopiedSpace::contains):
468         (JSC::CopiedSpace::recycleEvacuatedBlock):
469         (JSC::CopiedSpace::allocateBlock):
470         (JSC::CopiedSpace::startedCopying):
471         * heap/CopyVisitor.cpp:
472         (JSC::CopyVisitor::copyFromShared):
473         * heap/CopyVisitorInlines.h:
474         (JSC::CopyVisitor::allocateNewSpace):
475         (JSC::CopyVisitor::allocateNewSpaceSlow):
476         * heap/GCThreadSharedData.cpp:
477         (JSC::GCThreadSharedData::didStartCopying):
478         * heap/Heap.cpp:
479         (JSC::Heap::copyBackingStores):
480         * heap/SlotVisitorInlines.h:
481         (JSC::SlotVisitor::copyLater):
482         * heap/TinyBloomFilter.h:
483         (JSC::TinyBloomFilter::add):
484
485 2014-01-14  Mark Lam  <mark.lam@apple.com>
486
487         ASSERTION FAILED: !hasError() in JSC::Parser<LexerType>::createSavePoint().
488         https://bugs.webkit.org/show_bug.cgi?id=126990.
489
490         Reviewed by Geoffrey Garen.
491
492         * parser/Parser.cpp:
493         (JSC::Parser<LexerType>::parseConstDeclarationList):
494         - We were missing an error check after attempting to parse an initializer
495           expression. This is now fixed.
496
497 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
498
499         Web Inspector: For Remote Inspection link WebProcess's to their parent UIProcess
500         https://bugs.webkit.org/show_bug.cgi?id=126995
501
502         Reviewed by Timothy Hatcher.
503
504         * inspector/remote/RemoteInspector.mm:
505         (Inspector::RemoteInspector::listingForDebuggable):
506         For each WebView, list the parent process. Listing the parent per WebView
507         is already supported back when we supported processes that could host WebViews
508         for multiple applications.
509
510         * inspector/remote/RemoteInspectorConstants.h:
511         Add a separate key for the bundle identifier, separate from application identifier.
512
513         * inspector/remote/RemoteInspectorDebuggable.cpp:
514         (Inspector::RemoteInspectorDebuggable::info):
515         * inspector/remote/RemoteInspectorDebuggable.h:
516         (Inspector::RemoteInspectorDebuggableInfo::RemoteInspectorDebuggableInfo):
517         (Inspector::RemoteInspectorDebuggableInfo::hasParentProcess):
518         If a RemoteInspectorDebuggable has a non-zero parent process identifier
519         it is a proxy for the parent process.
520
521 2014-01-14  Brian J. Burg  <burg@cs.washington.edu>
522
523         Add ENABLE(WEB_REPLAY) feature flag to the build system
524         https://bugs.webkit.org/show_bug.cgi?id=126949
525
526         Reviewed by Joseph Pecoraro.
527
528         * Configurations/FeatureDefines.xcconfig:
529
530 2014-01-14  Peter Molnar  <pmolnar.u-szeged@partner.samsung.com>
531
532         [EFL] FTL buildfix, add missing includes
533         https://bugs.webkit.org/show_bug.cgi?id=126641
534
535         Reviewed by Csaba Osztrogonác.
536
537         * ftl/FTLOSREntry.cpp:
538         * ftl/FTLOSRExitCompiler.cpp:
539
540 2014-01-14  Joseph Pecoraro  <pecoraro@apple.com>
541
542         Web Inspector: RemoteInspector::updateDebuggable may miss a push
543         https://bugs.webkit.org/show_bug.cgi?id=126965
544
545         Reviewed by Timothy Hatcher.
546
547         * inspector/remote/RemoteInspector.mm:
548         (Inspector::RemoteInspector::updateDebuggable):
549         Always push an update. If a debuggable went from allowed to
550         not allowed, we would have missed pushing an update.
551
552 2014-01-13  Mark Hahnenberg  <mhahnenberg@apple.com>
553
554         Performance regression on dromaeo due to generational marking
555         https://bugs.webkit.org/show_bug.cgi?id=126901
556
557         Reviewed by Oliver Hunt.
558
559         We were seeing some performance regression with ENABLE_GGC == 0, so this patch
560         ifdefs out more things to get rid of the additional overhead.
561
562         * heap/Heap.cpp:
563         (JSC::Heap::markRoots):
564         (JSC::Heap::writeBarrier):
565         * heap/MarkedBlock.cpp:
566         (JSC::MarkedBlock::clearMarks):
567         (JSC::MarkedBlock::clearMarksWithCollectionType):
568         * heap/MarkedSpace.cpp:
569         (JSC::MarkedSpace::resetAllocators):
570         * heap/MarkedSpace.h:
571         (JSC::MarkedSpace::didAllocateInBlock):
572         * heap/SlotVisitorInlines.h:
573         (JSC::SlotVisitor::internalAppend):
574         (JSC::SlotVisitor::reportExtraMemoryUsage):
575
576 2014-01-13  Brian Burg  <bburg@apple.com>
577
578         Web Inspector: protocol generator should support integer-typed declarations
579         https://bugs.webkit.org/show_bug.cgi?id=126828
580
581         Reviewed by Joseph Pecoraro.
582
583         Add new binding classes for parameter/ad-hoc and normal integer type declarations.
584
585         * inspector/scripts/CodeGeneratorInspector.py:
586         (TypeBindings.create_type_declaration_):
587         (TypeBindings.create_type_declaration_.PlainInteger):
588         (TypeBindings.create_type_declaration_.PlainInteger.resolve_inner):
589         (TypeBindings.create_type_declaration_.PlainInteger.request_user_runtime_cast):
590         (TypeBindings.create_type_declaration_.PlainInteger.request_internal_runtime_cast):
591         (TypeBindings.create_type_declaration_.PlainInteger.get_code_generator):
592         (TypeBindings.create_type_declaration_.PlainInteger.get_validator_call_text):
593         (TypeBindings.create_type_declaration_.PlainInteger.reduce_to_raw_type):
594         (TypeBindings.create_type_declaration_.PlainInteger.get_type_model):
595         (TypeBindings.create_type_declaration_.PlainInteger.get_setter_value_expression_pattern):
596         (TypeBindings.create_type_declaration_.PlainInteger.get_array_item_c_type_text):
597         (TypeBindings.create_type_declaration_.TypedefInteger):
598         (TypeBindings.create_type_declaration_.TypedefInteger.resolve_inner):
599         (TypeBindings.create_type_declaration_.TypedefInteger.request_user_runtime_cast):
600         (TypeBindings.create_type_declaration_.TypedefInteger.request_internal_runtime_cast):
601         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator):
602         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator):
603         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder):
604         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.generate_type_builder.int):
605         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.register_use):
606         (TypeBindings.create_type_declaration_.TypedefInteger.get_code_generator.CodeGenerator.get_generate_pass_id):
607         (TypeBindings.create_type_declaration_.TypedefInteger.get_validator_call_text):
608         (TypeBindings.create_type_declaration_.TypedefInteger.reduce_to_raw_type):
609         (TypeBindings.create_type_declaration_.TypedefInteger.get_type_model):
610         (TypeBindings.create_type_declaration_.TypedefInteger.get_setter_value_expression_pattern):
611         (TypeBindings.create_type_declaration_.TypedefInteger.get_array_item_c_type_text):
612
613 2014-01-13  Zalan Bujtas  <zalan@apple.com>
614
615         Enable SUBPIXEL_LAYOUT on Mac
616         <https://webkit.org/b/126283>
617
618         Reviewed by Simon Fraser.
619
620         * Configurations/FeatureDefines.xcconfig:
621
622 2014-01-13  Zan Dobersek  <zdobersek@igalia.com>
623
624         Unreviewed. Changes in r161686 are exposing a bug in GCC where the global .cfi_startproc directive
625         is not inserted early enough into the generated assembler code when building in debug mode, causing
626         compilation failures on ports using the GCC compilers. To work around the problem, only utilize the
627         OFFLINE_ASM_* macros that use .cfi_ directives when compiling with Clang.
628
629         * llint/LowLevelInterpreter.cpp:
630
631 2014-01-12  Commit Queue  <commit-queue@webkit.org>
632
633         Unreviewed, rolling out r161840.
634         http://trac.webkit.org/changeset/161840
635         https://bugs.webkit.org/show_bug.cgi?id=126870
636
637         Caused jsscore and layout test failures (Requested by smfr on
638         #webkit).
639
640         * API/JSValueRef.cpp:
641         (JSValueMakeFromJSONString):
642         * bindings/ScriptValue.cpp:
643         (Deprecated::jsToInspectorValue):
644         * inspector/InspectorValues.cpp:
645         * runtime/DatePrototype.cpp:
646         (JSC::formatLocaleDate):
647         * runtime/Identifier.h:
648         (JSC::Identifier::characters):
649         * runtime/JSStringBuilder.h:
650         (JSC::JSStringBuilder::append):
651
652 2014-01-12  Darin Adler  <darin@apple.com>
653
654         Add deprecatedCharacters as a synonym for characters and convert most call sites
655         https://bugs.webkit.org/show_bug.cgi?id=126858
656
657         Reviewed by Anders Carlsson.
658
659         * API/JSStringRef.cpp:
660         (JSStringGetCharactersPtr):
661         (JSStringGetUTF8CString):
662         (JSStringIsEqual):
663         * API/JSStringRefCF.cpp:
664         (JSStringCopyCFString):
665         * API/OpaqueJSString.h:
666         (OpaqueJSString::characters):
667         (OpaqueJSString::deprecatedCharacters):
668         (OpaqueJSString::length):
669         (OpaqueJSString::OpaqueJSString):
670         * inspector/InspectorValues.cpp:
671         (Inspector::InspectorValue::parseJSON):
672         * runtime/JSGlobalObjectFunctions.cpp:
673         (JSC::parseInt):
674         * runtime/StringPrototype.cpp:
675         (JSC::localeCompare):
676         (JSC::stringProtoFuncFontsize):
677         (JSC::stringProtoFuncLink):
678         Use deprecatedCharacters instead of characters.
679
680 2014-01-12  Darin Adler  <darin@apple.com>
681
682         Reduce use of String::characters
683         https://bugs.webkit.org/show_bug.cgi?id=126854
684
685         Reviewed by Sam Weinig.
686
687         * API/JSValueRef.cpp:
688         (JSValueMakeFromJSONString): Use characters16 instead of characters for 16-bit case.
689         Had to remove length check because an empty string could be either 8 bit or 16 bit.
690         Don't need a null string check before calling is8Bit because JSStringRef can't hold
691         a null string.
692
693         * bindings/ScriptValue.cpp:
694         (Deprecated::jsToInspectorValue): Use the existing string here instead of creating
695         a new one by calling characters and length on the old string. I think this may be
696         left over from when string types were not the same in JavaScriptCore and WebCore.
697         Also rewrite the property names loop to use modern for syntax and fewer locals.
698
699         * inspector/InspectorValues.cpp:
700         (Inspector::escapeChar): Changed to use appendLiteral instead of hard-coding string
701         lengths. Moved handling of "<" and ">" in here instead of at the call site.
702         (Inspector::doubleQuoteString): Simplify the code so there is no use of characters
703         and length. This is still an inefficient way of doing this job and could use a rethink.
704
705         * runtime/DatePrototype.cpp:
706         (JSC::formatLocaleDate): Use RetainPtr, createCFString, and the conversion from
707         CFStringRef to WTF::String to remove a lot of unneeded code.
708
709         * runtime/Identifier.h: Removed unneeded Identifier::characters function.
710
711         * runtime/JSStringBuilder.h:
712         (JSC::JSStringBuilder::append): Use characters16 instead of characters function here,
713         since we have already checked is8Bit above.
714
715 2014-01-12  Andy Estes  <aestes@apple.com>
716
717         [iOS] Enable the JSC Objective-C API
718
719         Rubber-stamped by Simon Fraser.
720
721         * API/JSBase.h:
722
723 2014-01-12  Carlos Garcia Campos  <cgarcia@igalia.com>
724
725         Unreviewed. Fix make distcheck.
726
727         * GNUmakefile.am: Add inline-and-minify-stylesheets-and-scripts.py
728         to EXTRA_DIST and fix InjectedScriptSource.h generation rule.
729         * GNUmakefile.list.am: Move InjectedScriptSource.h to
730         built_nosources to make sure it's not disted.
731
732 2014-01-11  Anders Carlsson  <andersca@apple.com>
733
734         Try again to fix the build.
735
736         * inspector/InspectorAgentRegistry.cpp:
737         * inspector/InspectorAgentRegistry.h:
738
739 2014-01-11  Anders Carlsson  <andersca@apple.com>
740
741         Try to prevent the Vector copy constructor from being instantiated.
742
743         * inspector/InspectorAgentRegistry.cpp:
744         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
745         * inspector/InspectorAgentRegistry.h:
746
747 2014-01-11  Anders Carlsson  <andersca@apple.com>
748
749         Try something else.
750
751         * inspector/InspectorAgentRegistry.cpp:
752         (Inspector::InspectorAgentRegistry::~InspectorAgentRegistry):
753         * inspector/InspectorAgentRegistry.h:
754
755 2014-01-11  Dean Jackson  <dino@apple.com>
756
757         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
758         https://bugs.webkit.org/show_bug.cgi?id=126754
759
760         Reviewed by Filip Pizlo.
761
762         The ECMAScript specification forbids calling the typed array
763         constructors without using "new". Change the call data to return
764         none so we throw and exception in these cases.
765
766         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
767         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
768
769 2014-01-11  Anders Carlsson  <andersca@apple.com>
770
771         Try to fix the build by introducing a constructor.
772
773         * inspector/InspectorAgentRegistry.cpp:
774         (Inspector::InspectorAgentRegistry::InspectorAgentRegistry):
775         * inspector/InspectorAgentRegistry.h:
776
777 2014-01-11  Anders Carlsson  <andersca@apple.com>
778
779         * inspector/InspectorAgentRegistry.h:
780
781         Remove an unused function.
782
783 2014-01-11  Anders Carlsson  <andersca@apple.com>
784
785         InspectorAgentRegistry should use std::unique_ptr
786         https://bugs.webkit.org/show_bug.cgi?id=126826
787
788         Reviewed by Sam Weinig.
789
790         * inspector/InspectorAgentRegistry.cpp:
791         (Inspector::InspectorAgentRegistry::append):
792         * inspector/InspectorAgentRegistry.h:
793         * inspector/JSGlobalObjectInspectorController.cpp:
794         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
795         * inspector/agents/InspectorAgent.h:
796
797 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
798
799         Web Inspector: Push InspectorAgent down into JSC, give JSC an InspectorController
800         https://bugs.webkit.org/show_bug.cgi?id=126763
801
802         Reviewed by Timothy Hatcher.
803
804         Introduce JSGlobalObjectInspectorController. This is the InspectorController
805         for a JSContext. It is created by the JSGlobalObject Remote Inspector Debuggable
806         when a remote frontend connects, and is destroyed when the remote frontend
807         disconnects of the JSGlobalObject is destroyed.
808
809         * inspector/JSGlobalObjectInspectorController.h: Added.
810         * inspector/JSGlobalObjectInspectorController.cpp: Added.
811         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
812         (Inspector::JSGlobalObjectInspectorController::~JSGlobalObjectInspectorController):
813         (Inspector::JSGlobalObjectInspectorController::connectFrontend):
814         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
815         (Inspector::JSGlobalObjectInspectorController::dispatchMessageFromFrontend):
816         (Inspector::JSGlobalObjectInspectorController::functionCallHandler):
817         (Inspector::JSGlobalObjectInspectorController::evaluateHandler):
818         Create/destory agents, create/destroy dispatches, implement InspectorEnvironment.
819
820         * runtime/JSGlobalObjectDebuggable.h:
821         * runtime/JSGlobalObjectDebuggable.cpp:
822         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
823         (JSC::JSGlobalObjectDebuggable::connect):
824         (JSC::JSGlobalObjectDebuggable::disconnect):
825         (JSC::JSGlobalObjectDebuggable::dispatchMessageFromRemoteFrontend):
826         Forward actions to the InspectorController object.
827
828         * inspector/agents/InspectorAgent.h: Renamed from Source/WebCore/inspector/InspectorAgent.h.
829         * inspector/agents/InspectorAgent.cpp: Renamed from Source/WebCore/inspector/InspectorAgent.cpp.
830         (Inspector::InspectorAgent::InspectorAgent):
831         (Inspector::InspectorAgent::~InspectorAgent):
832         (Inspector::InspectorAgent::didCreateFrontendAndBackend):
833         (Inspector::InspectorAgent::inspect):
834         (Inspector::InspectorAgent::evaluateForTestInFrontend):
835         Implement InspectorAgent in JavaScriptCore in namespace Inspector.
836
837         * JavaScriptCore.xcodeproj/project.pbxproj:
838         * CMakeLists.txt:
839         * ChangeLog:
840         * GNUmakefile.am:
841         * GNUmakefile.list.am:
842         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
843         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
844         * JavaScriptCore.vcxproj/copy-files.cmd:
845         Add files and new inspector/agents subdirectory.
846
847 2014-01-10  Commit Queue  <commit-queue@webkit.org>
848
849         Unreviewed, rolling out r161702.
850         http://trac.webkit.org/changeset/161702
851         https://bugs.webkit.org/show_bug.cgi?id=126803
852
853         Broke multiple tests (Requested by ap on #webkit).
854
855         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
856         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
857
858 2014-01-10  David Kilzer  <ddkilzer@apple.com>
859
860         Clean up architectures in xcconfig files
861         <http://webkit.org/b/126794>
862
863         Reviewed by Andy Estes.
864
865         * Configurations/Base.xcconfig:
866         * Configurations/JavaScriptCore.xcconfig: Remove armv6, ppc.
867         * Configurations/ToolExecutable.xcconfig: Sort.
868         - Add new arch.
869
870 2014-01-10  Dean Jackson  <dino@apple.com>
871
872         [JSC] Revise typed array implementations to match ECMAScript and WebGL Specification
873         https://bugs.webkit.org/show_bug.cgi?id=126754
874
875         Reviewed by Filip Pizlo.
876
877         The ECMAScript specification forbids calling the typed array
878         constructors without using "new". Change the call data to return
879         none so we throw and exception in these cases.
880
881         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
882         (JSC::JSGenericTypedArrayViewConstructor<ViewClass>::getCallData):
883
884 2014-01-10  Benjamin Poulain  <bpoulain@apple.com>
885
886         Remove the BlackBerry port from trunk
887         https://bugs.webkit.org/show_bug.cgi?id=126715
888
889         Reviewed by Anders Carlsson.
890
891         * assembler/ARMAssembler.h:
892         (JSC::ARMAssembler::cacheFlush):
893         * assembler/ARMv7Assembler.h:
894         (JSC::ARMv7Assembler::replaceWithJump):
895         (JSC::ARMv7Assembler::maxJumpReplacementSize):
896         (JSC::ARMv7Assembler::cacheFlush):
897         * assembler/MacroAssemblerARMv7.h:
898         (JSC::MacroAssemblerARMv7::revertJumpReplacementToBranchPtrWithPatch):
899         * heap/MachineStackMarker.cpp:
900         (JSC::getPlatformThreadRegisters):
901         (JSC::otherThreadStackPointer):
902         (JSC::freePlatformThreadRegisters):
903         * jit/ExecutableAllocator.h:
904
905 2014-01-10  Joseph Pecoraro  <pecoraro@apple.com>
906
907         Web Inspector: Remove unimplemented or static ScriptDebugServer features
908         https://bugs.webkit.org/show_bug.cgi?id=126784
909
910         Reviewed by Timothy Hatcher.
911
912         * inspector/protocol/Debugger.json:
913
914 2014-01-10  Michael Saboff  <msaboff@apple.com>
915
916         REGRESSION(C stack work): stack traces no longer work in CrashTracer, lldb, and other tools
917         https://bugs.webkit.org/show_bug.cgi?id=126764
918
919         Reviewed by Geoffrey Garen.
920
921         Updated callToJavaScript and cllToNativeFunction to properly replicate the caller's
922         return PC and frame pointer in the sentinel frame.  For X86-64, added .cfi_
923         directives to create eh_frame info for all LLInt symbols so that the various
924         unwinding code understands that we are using a separate JS stack referenced
925         by BP and at what offsets in that frame the prior PC (register 16) and prior
926         BP (register 6) can be found.  These two changes are sufficient for stack tracing
927         to work for Mac OSX.
928
929         * llint/LowLevelInterpreter.cpp:
930         * llint/LowLevelInterpreter64.asm:
931
932 2014-01-10  Tamas Gergely  <tgergely.u-szeged@partner.samsung.com>
933
934         [EFL][JSC] Enable udis86 disassembler on efl.
935         https://bugs.webkit.org/show_bug.cgi?id=125502
936
937         Reviewed by Michael Saboff.
938
939         Enable udis86 disassembler on efl and fix build warnings.
940
941         * CMakeLists.txt:
942           Add udis86 disassembler source files.
943         * disassembler/udis86/udis86_decode.c:
944         (decode_modrm_rm):
945           Build warning fixes.
946         * disassembler/udis86/udis86_syn-att.c:
947         (gen_operand):
948           Build warning fixes.
949         * disassembler/udis86/udis86_syn-intel.c:
950         (gen_operand):
951           Build warning fixes.
952         * disassembler/udis86/udis86_types.h:
953           Correct FMT64 for uint64_t.
954
955 2014-01-09  Benjamin Poulain  <bpoulain@apple.com>
956
957         Remove the BlackBerry files outside WebCore
958         https://bugs.webkit.org/show_bug.cgi?id=126715
959
960         Reviewed by Anders Carlsson.
961
962         * PlatformBlackBerry.cmake: Removed.
963         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
964         * shell/PlatformBlackBerry.cmake: Removed.
965
966 2014-01-10  Geoffrey Garen  <ggaren@apple.com>
967
968         Removed Blackberry #ifdefs and platform code from JavaScriptCore
969         https://bugs.webkit.org/show_bug.cgi?id=126757
970
971         Reviewed by Sam Weinig.
972
973         * PlatformBlackBerry.cmake: Removed.
974         * heap/HeapTimer.cpp:
975         * heap/HeapTimer.h:
976         * heap/IncrementalSweeper.cpp:
977         * heap/IncrementalSweeper.h:
978         * jsc.cpp:
979         (main):
980         * runtime/GCActivityCallbackBlackBerry.cpp: Removed.
981         * runtime/MemoryStatistics.cpp:
982         (JSC::globalMemoryStatistics):
983
984 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
985
986         Marking should be generational
987         https://bugs.webkit.org/show_bug.cgi?id=126552
988
989         Reviewed by Geoffrey Garen.
990
991         Re-marking the same objects over and over is a waste of effort. This patch implements 
992         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
993         overhead during garbage collection caused by rescanning objects.
994
995         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
996         only visit new objects or objects that were added to the remembered set by a write barrier.
997         FullCollections are normal collections that visit all objects regardless of their 
998         generation.
999
1000         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1001         https://bugs.webkit.org/show_bug.cgi?id=126555.
1002
1003         * bytecode/CodeBlock.cpp:
1004         (JSC::CodeBlock::visitAggregate):
1005         * bytecode/CodeBlock.h:
1006         (JSC::CodeBlockSet::mark):
1007         * dfg/DFGOperations.cpp:
1008         * heap/CodeBlockSet.cpp:
1009         (JSC::CodeBlockSet::add):
1010         (JSC::CodeBlockSet::traceMarked):
1011         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1012         * heap/CodeBlockSet.h:
1013         * heap/CopiedBlockInlines.h:
1014         (JSC::CopiedBlock::reportLiveBytes):
1015         * heap/CopiedSpace.cpp:
1016         (JSC::CopiedSpace::didStartFullCollection):
1017         * heap/CopiedSpace.h:
1018         (JSC::CopiedSpace::heap):
1019         * heap/Heap.cpp:
1020         (JSC::Heap::Heap):
1021         (JSC::Heap::didAbandon):
1022         (JSC::Heap::markRoots):
1023         (JSC::Heap::copyBackingStores):
1024         (JSC::Heap::addToRememberedSet):
1025         (JSC::Heap::collectAllGarbage):
1026         (JSC::Heap::collect):
1027         (JSC::Heap::didAllocate):
1028         (JSC::Heap::writeBarrier):
1029         * heap/Heap.h:
1030         (JSC::Heap::isInRememberedSet):
1031         (JSC::Heap::operationInProgress):
1032         (JSC::Heap::shouldCollect):
1033         (JSC::Heap::isCollecting):
1034         (JSC::Heap::isWriteBarrierEnabled):
1035         (JSC::Heap::writeBarrier):
1036         * heap/HeapOperation.h:
1037         * heap/MarkStack.cpp:
1038         (JSC::MarkStackArray::~MarkStackArray):
1039         (JSC::MarkStackArray::clear):
1040         (JSC::MarkStackArray::fillVector):
1041         * heap/MarkStack.h:
1042         * heap/MarkedAllocator.cpp:
1043         (JSC::isListPagedOut):
1044         (JSC::MarkedAllocator::isPagedOut):
1045         (JSC::MarkedAllocator::tryAllocateHelper):
1046         (JSC::MarkedAllocator::addBlock):
1047         (JSC::MarkedAllocator::removeBlock):
1048         (JSC::MarkedAllocator::reset):
1049         * heap/MarkedAllocator.h:
1050         (JSC::MarkedAllocator::MarkedAllocator):
1051         * heap/MarkedBlock.cpp:
1052         (JSC::MarkedBlock::clearMarks):
1053         (JSC::MarkedBlock::clearRememberedSet):
1054         (JSC::MarkedBlock::clearMarksWithCollectionType):
1055         (JSC::MarkedBlock::lastChanceToFinalize):
1056         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1057         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1058         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1059         (JSC::MarkedBlock::setRemembered):
1060         (JSC::MarkedBlock::clearRemembered):
1061         (JSC::MarkedBlock::atomicClearRemembered):
1062         (JSC::MarkedBlock::isRemembered):
1063         * heap/MarkedSpace.cpp:
1064         (JSC::MarkedSpace::~MarkedSpace):
1065         (JSC::MarkedSpace::resetAllocators):
1066         (JSC::MarkedSpace::visitWeakSets):
1067         (JSC::MarkedSpace::reapWeakSets):
1068         (JSC::VerifyMarked::operator()):
1069         (JSC::MarkedSpace::clearMarks):
1070         * heap/MarkedSpace.h:
1071         (JSC::ClearMarks::operator()):
1072         (JSC::ClearRememberedSet::operator()):
1073         (JSC::MarkedSpace::didAllocateInBlock):
1074         (JSC::MarkedSpace::clearRememberedSet):
1075         * heap/SlotVisitor.cpp:
1076         (JSC::SlotVisitor::~SlotVisitor):
1077         (JSC::SlotVisitor::clearMarkStack):
1078         * heap/SlotVisitor.h:
1079         (JSC::SlotVisitor::markStack):
1080         (JSC::SlotVisitor::sharedData):
1081         * heap/SlotVisitorInlines.h:
1082         (JSC::SlotVisitor::internalAppend):
1083         (JSC::SlotVisitor::unconditionallyAppend):
1084         (JSC::SlotVisitor::copyLater):
1085         (JSC::SlotVisitor::reportExtraMemoryUsage):
1086         (JSC::SlotVisitor::heap):
1087         * jit/Repatch.cpp:
1088         * runtime/JSGenericTypedArrayViewInlines.h:
1089         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1090         * runtime/JSPropertyNameIterator.h:
1091         (JSC::StructureRareData::setEnumerationCache):
1092         * runtime/JSString.cpp:
1093         (JSC::JSString::visitChildren):
1094         * runtime/StructureRareDataInlines.h:
1095         (JSC::StructureRareData::setPreviousID):
1096         (JSC::StructureRareData::setObjectToStringValue):
1097         * runtime/WeakMapData.cpp:
1098         (JSC::WeakMapData::visitChildren):
1099
1100 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1101
1102         Unreviewed Windows build fix for r161563.
1103
1104         Copy all scripts, some may not be .py.
1105
1106         * JavaScriptCore.vcxproj/copy-files.cmd:
1107
1108 2014-01-09  Filip Pizlo  <fpizlo@apple.com>
1109
1110         AI for CreateArguments should pass through non-SpecEmpty input values
1111         https://bugs.webkit.org/show_bug.cgi?id=126709
1112
1113         Reviewed by Mark Hahnenberg.
1114
1115         * dfg/DFGAbstractInterpreterInlines.h:
1116         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1117         * tests/stress/use-arguments-as-object-pointer.js: Added.
1118         (foo):
1119
1120 2014-01-09  Mark Hahnenberg  <mhahnenberg@apple.com>
1121
1122         Constructors for Objective-C classes do not work properly with instanceof
1123         https://bugs.webkit.org/show_bug.cgi?id=126670
1124
1125         Reviewed by Oliver Hunt.
1126
1127         This bug is due to the fact that the JS constructors created for Objective-C classes via the JSC 
1128         API inherit from JSCallbackObject, which overrides hasInstance with its own customHasInstance. 
1129         JSCallbackObject::customHasInstance only checks the JSClassRefs for hasInstance callbacks. 
1130         If it doesn't find any callbacks, it returns false.
1131
1132         This patch adds a hasInstance callback to constructors created for Objective-C wrapper classes.
1133
1134         * API/JSWrapperMap.mm:
1135         (constructorHasInstance):
1136         (constructorWithCustomBrand):
1137         (allocateConstructorForCustomClass):
1138         * API/tests/testapi.mm:
1139
1140 2014-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1141
1142         Web Inspector: Move InjectedScript classes into JavaScriptCore
1143         https://bugs.webkit.org/show_bug.cgi?id=126598
1144
1145         Reviewed by Timothy Hatcher.
1146
1147         Part 5: Move InjectedScript classes into JavaScriptCore
1148
1149         There are pieces of logic that WebCore wants to hook into in the InjectedScript
1150         execution (e.g. for CommandLineAPIModule and InspectorInstrumentation). Create
1151         hooks for those in a base class called InspectorEnvironment. For now, the
1152         InspectorControllers (Page, JSGlobalObject, Worker) will be the InspectorEnvironments
1153         and provide answers to its hooks.
1154
1155         * inspector/InspectorEnvironment.h: Added.
1156         New hooks needed by WebCore in various places. Mostly stubbed in JavaScriptCore.
1157
1158         * inspector/InjectedScript.cpp: Renamed from Source/WebCore/inspector/InjectedScript.cpp.
1159         * inspector/InjectedScript.h: Added.
1160         * inspector/InjectedScriptBase.cpp: Renamed from Source/WebCore/inspector/InjectedScriptBase.cpp.
1161         * inspector/InjectedScriptBase.h: Renamed from Source/WebCore/inspector/InjectedScriptBase.h.
1162         * inspector/InjectedScriptModule.cpp: Renamed from Source/WebCore/inspector/InjectedScriptModule.cpp.
1163         * inspector/InjectedScriptModule.h: Renamed from Source/WebCore/inspector/InjectedScriptModule.h.
1164         Cleanup the style of these files (nullptr, formatting, whitespace, etc).
1165         Use the InspectorEnvironments call/evaluate function for ScriptFunctionCalls and checking access
1166
1167         * inspector/InjectedScriptManager.cpp: Renamed from Source/WebCore/inspector/InjectedScriptManager.cpp.
1168         * inspector/InjectedScriptManager.h: Renamed from Source/WebCore/inspector/InjectedScriptManager.h.
1169         Take an InspectorEnvironment with multiple hooks, instead of a single hook function.
1170
1171         * inspector/InjectedScriptHost.cpp: Added.
1172         * inspector/InjectedScriptHost.h: Added.
1173         * inspector/JSInjectedScriptHost.cpp: Renamed from Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp.
1174         * inspector/JSInjectedScriptHost.h: Added.
1175         * inspector/JSInjectedScriptHostPrototype.cpp: Added.
1176         * inspector/JSInjectedScriptHostPrototype.h: Added.
1177         Implementation of InjectedScriptHost which is passed into the script (InjectedScriptSource.js)
1178         that we inject into the page. This is mostly copied from the original autogenerated code,
1179         then simplified and cleaned up. InjectedScriptHost can be subclasses to provide specialized
1180         implementations of isHTMLAllCollection and type for Web/DOM types unknown to a pure JS context.
1181
1182
1183         Part 4: Move all inspector scripts into JavaScriptCore and update generators.
1184
1185         For OS X be sure to export the scripts as if they are private headers.
1186
1187         * GNUmakefile.am:
1188         * JavaScriptCore.xcodeproj/project.pbxproj:
1189         * inspector/scripts/cssmin.py: Renamed from Source/WebCore/inspector/Scripts/cssmin.py.
1190         * inspector/scripts/inline-and-minify-stylesheets-and-scripts.py: Renamed from Source/WebCore/inspector/Scripts/inline-and-minify-stylesheets-and-scripts.py.
1191         * inspector/scripts/jsmin.py: Renamed from Source/WebCore/inspector/Scripts/jsmin.py.
1192         * inspector/scripts/xxd.pl: Renamed from Source/WebCore/inspector/xxd.pl.
1193
1194
1195         Part 3: Update CodeGeneratorInspector to avoid inlining virtual destructors.
1196
1197         This avoids build errors about duplicate exported virtual inlined methods
1198         are included from multiple places. Just put empty destructors in the
1199         implementation file instead of inlined.
1200
1201         * inspector/scripts/CodeGeneratorInspector.py:
1202         (Generator):
1203         (Generator.go):
1204         * inspector/scripts/CodeGeneratorInspectorStrings.py:
1205
1206
1207         Part 2: Move InjectedScriptSource and generation into JavaScriptCore.
1208
1209         Move InjectedScriptSource.js and derived sources generation.
1210
1211         * CMakeLists.txt:
1212         * DerivedSources.make:
1213         * GNUmakefile.am:
1214         * GNUmakefile.list.am:
1215         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1216         * JavaScriptCore.xcodeproj/project.pbxproj:
1217         * inspector/InjectedScriptSource.js: Renamed from Source/WebCore/inspector/InjectedScriptSource.js.
1218
1219 2014-01-09  Balazs Kilvady  <kilvadyb@homejinni.com>
1220
1221         Regression: failing RegExp tests on 32 bit architectures.
1222         https://bugs.webkit.org/show_bug.cgi?id=126699
1223
1224         Reviewed by Michael Saboff.
1225
1226         Fix setRegExpConstructor functions for 32 bit architectures.
1227
1228         * runtime/RegExpConstructor.cpp:
1229         (JSC::setRegExpConstructorInput):
1230         (JSC::setRegExpConstructorMultiline):
1231
1232 2014-01-09  Commit Queue  <commit-queue@webkit.org>
1233
1234         Unreviewed, rolling out r161540.
1235         http://trac.webkit.org/changeset/161540
1236         https://bugs.webkit.org/show_bug.cgi?id=126704
1237
1238         Caused assertion failures on multiple tests (Requested by ap
1239         on #webkit).
1240
1241         * bytecode/CodeBlock.cpp:
1242         (JSC::CodeBlock::visitAggregate):
1243         * bytecode/CodeBlock.h:
1244         (JSC::CodeBlockSet::mark):
1245         * dfg/DFGOperations.cpp:
1246         * heap/CodeBlockSet.cpp:
1247         (JSC::CodeBlockSet::add):
1248         (JSC::CodeBlockSet::traceMarked):
1249         * heap/CodeBlockSet.h:
1250         * heap/CopiedBlockInlines.h:
1251         (JSC::CopiedBlock::reportLiveBytes):
1252         * heap/CopiedSpace.cpp:
1253         * heap/CopiedSpace.h:
1254         * heap/Heap.cpp:
1255         (JSC::Heap::Heap):
1256         (JSC::Heap::didAbandon):
1257         (JSC::Heap::markRoots):
1258         (JSC::Heap::copyBackingStores):
1259         (JSC::Heap::collectAllGarbage):
1260         (JSC::Heap::collect):
1261         (JSC::Heap::didAllocate):
1262         * heap/Heap.h:
1263         (JSC::Heap::shouldCollect):
1264         (JSC::Heap::isCollecting):
1265         (JSC::Heap::isWriteBarrierEnabled):
1266         (JSC::Heap::writeBarrier):
1267         * heap/HeapOperation.h:
1268         * heap/MarkStack.cpp:
1269         (JSC::MarkStackArray::~MarkStackArray):
1270         * heap/MarkStack.h:
1271         * heap/MarkedAllocator.cpp:
1272         (JSC::MarkedAllocator::isPagedOut):
1273         (JSC::MarkedAllocator::tryAllocateHelper):
1274         (JSC::MarkedAllocator::addBlock):
1275         (JSC::MarkedAllocator::removeBlock):
1276         * heap/MarkedAllocator.h:
1277         (JSC::MarkedAllocator::MarkedAllocator):
1278         (JSC::MarkedAllocator::reset):
1279         * heap/MarkedBlock.cpp:
1280         * heap/MarkedBlock.h:
1281         (JSC::MarkedBlock::lastChanceToFinalize):
1282         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1283         (JSC::MarkedBlock::clearMarks):
1284         * heap/MarkedSpace.cpp:
1285         (JSC::MarkedSpace::~MarkedSpace):
1286         (JSC::MarkedSpace::resetAllocators):
1287         (JSC::MarkedSpace::visitWeakSets):
1288         (JSC::MarkedSpace::reapWeakSets):
1289         * heap/MarkedSpace.h:
1290         (JSC::ClearMarks::operator()):
1291         (JSC::MarkedSpace::clearMarks):
1292         * heap/SlotVisitor.cpp:
1293         (JSC::SlotVisitor::~SlotVisitor):
1294         * heap/SlotVisitor.h:
1295         (JSC::SlotVisitor::sharedData):
1296         * heap/SlotVisitorInlines.h:
1297         (JSC::SlotVisitor::internalAppend):
1298         (JSC::SlotVisitor::copyLater):
1299         (JSC::SlotVisitor::reportExtraMemoryUsage):
1300         * jit/Repatch.cpp:
1301         * runtime/JSGenericTypedArrayViewInlines.h:
1302         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1303         * runtime/JSPropertyNameIterator.h:
1304         (JSC::StructureRareData::setEnumerationCache):
1305         * runtime/JSString.cpp:
1306         (JSC::JSString::visitChildren):
1307         * runtime/StructureRareDataInlines.h:
1308         (JSC::StructureRareData::setPreviousID):
1309         (JSC::StructureRareData::setObjectToStringValue):
1310         * runtime/WeakMapData.cpp:
1311         (JSC::WeakMapData::visitChildren):
1312
1313 2014-01-09  Andreas Kling  <akling@apple.com>
1314
1315         Shrink WatchpointSet.
1316         <https://webkit.org/b/126694>
1317
1318         Reorder the members of WatchpointSet, shrinking it by 8 bytes.
1319         767 kB progression on Membuster3.
1320
1321         Reviewed by Antti Koivisto.
1322
1323         * bytecode/Watchpoint.h:
1324
1325 2014-01-08  Mark Hahnenberg  <mhahnenberg@apple.com>
1326
1327         Reverting accidental GC logging
1328
1329         * heap/Heap.cpp:
1330
1331 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1332
1333         Marking should be generational
1334         https://bugs.webkit.org/show_bug.cgi?id=126552
1335
1336         Reviewed by Geoffrey Garen.
1337
1338         Re-marking the same objects over and over is a waste of effort. This patch implements 
1339         the sticky mark bit algorithm (along with our already-present write barriers) to reduce 
1340         overhead during garbage collection caused by rescanning objects.
1341
1342         There are now two collection modes, EdenCollection and FullCollection. EdenCollections
1343         only visit new objects or objects that were added to the remembered set by a write barrier.
1344         FullCollections are normal collections that visit all objects regardless of their 
1345         generation.
1346
1347         In this patch EdenCollections do not do anything in CopiedSpace. This will be fixed in 
1348         https://bugs.webkit.org/show_bug.cgi?id=126555.
1349
1350         * bytecode/CodeBlock.cpp:
1351         (JSC::CodeBlock::visitAggregate):
1352         * bytecode/CodeBlock.h:
1353         (JSC::CodeBlockSet::mark):
1354         * dfg/DFGOperations.cpp:
1355         * heap/CodeBlockSet.cpp:
1356         (JSC::CodeBlockSet::add):
1357         (JSC::CodeBlockSet::traceMarked):
1358         (JSC::CodeBlockSet::rememberCurrentlyExecutingCodeBlocks):
1359         * heap/CodeBlockSet.h:
1360         * heap/CopiedBlockInlines.h:
1361         (JSC::CopiedBlock::reportLiveBytes):
1362         * heap/CopiedSpace.cpp:
1363         (JSC::CopiedSpace::didStartFullCollection):
1364         * heap/CopiedSpace.h:
1365         (JSC::CopiedSpace::heap):
1366         * heap/Heap.cpp:
1367         (JSC::Heap::Heap):
1368         (JSC::Heap::didAbandon):
1369         (JSC::Heap::markRoots):
1370         (JSC::Heap::copyBackingStores):
1371         (JSC::Heap::addToRememberedSet):
1372         (JSC::Heap::collectAllGarbage):
1373         (JSC::Heap::collect):
1374         (JSC::Heap::didAllocate):
1375         (JSC::Heap::writeBarrier):
1376         * heap/Heap.h:
1377         (JSC::Heap::isInRememberedSet):
1378         (JSC::Heap::operationInProgress):
1379         (JSC::Heap::shouldCollect):
1380         (JSC::Heap::isCollecting):
1381         (JSC::Heap::isWriteBarrierEnabled):
1382         (JSC::Heap::writeBarrier):
1383         * heap/HeapOperation.h:
1384         * heap/MarkStack.cpp:
1385         (JSC::MarkStackArray::~MarkStackArray):
1386         (JSC::MarkStackArray::clear):
1387         (JSC::MarkStackArray::fillVector):
1388         * heap/MarkStack.h:
1389         * heap/MarkedAllocator.cpp:
1390         (JSC::isListPagedOut):
1391         (JSC::MarkedAllocator::isPagedOut):
1392         (JSC::MarkedAllocator::tryAllocateHelper):
1393         (JSC::MarkedAllocator::addBlock):
1394         (JSC::MarkedAllocator::removeBlock):
1395         (JSC::MarkedAllocator::reset):
1396         * heap/MarkedAllocator.h:
1397         (JSC::MarkedAllocator::MarkedAllocator):
1398         * heap/MarkedBlock.cpp:
1399         (JSC::MarkedBlock::clearMarks):
1400         (JSC::MarkedBlock::clearRememberedSet):
1401         (JSC::MarkedBlock::clearMarksWithCollectionType):
1402         (JSC::MarkedBlock::lastChanceToFinalize):
1403         * heap/MarkedBlock.h: Changed atomSize to 16 bytes because we have no objects smaller
1404         than 16 bytes. This is also to pay for the additional Bitmap for the remembered set.
1405         (JSC::MarkedBlock::didConsumeEmptyFreeList):
1406         (JSC::MarkedBlock::setRemembered):
1407         (JSC::MarkedBlock::clearRemembered):
1408         (JSC::MarkedBlock::atomicClearRemembered):
1409         (JSC::MarkedBlock::isRemembered):
1410         * heap/MarkedSpace.cpp:
1411         (JSC::MarkedSpace::~MarkedSpace):
1412         (JSC::MarkedSpace::resetAllocators):
1413         (JSC::MarkedSpace::visitWeakSets):
1414         (JSC::MarkedSpace::reapWeakSets):
1415         (JSC::VerifyMarked::operator()):
1416         (JSC::MarkedSpace::clearMarks):
1417         * heap/MarkedSpace.h:
1418         (JSC::ClearMarks::operator()):
1419         (JSC::ClearRememberedSet::operator()):
1420         (JSC::MarkedSpace::didAllocateInBlock):
1421         (JSC::MarkedSpace::clearRememberedSet):
1422         * heap/SlotVisitor.cpp:
1423         (JSC::SlotVisitor::~SlotVisitor):
1424         (JSC::SlotVisitor::clearMarkStack):
1425         * heap/SlotVisitor.h:
1426         (JSC::SlotVisitor::markStack):
1427         (JSC::SlotVisitor::sharedData):
1428         * heap/SlotVisitorInlines.h:
1429         (JSC::SlotVisitor::internalAppend):
1430         (JSC::SlotVisitor::unconditionallyAppend):
1431         (JSC::SlotVisitor::copyLater):
1432         (JSC::SlotVisitor::reportExtraMemoryUsage):
1433         (JSC::SlotVisitor::heap):
1434         * jit/Repatch.cpp:
1435         * runtime/JSGenericTypedArrayViewInlines.h:
1436         (JSC::JSGenericTypedArrayView<Adaptor>::visitChildren):
1437         * runtime/JSPropertyNameIterator.h:
1438         (JSC::StructureRareData::setEnumerationCache):
1439         * runtime/JSString.cpp:
1440         (JSC::JSString::visitChildren):
1441         * runtime/StructureRareDataInlines.h:
1442         (JSC::StructureRareData::setPreviousID):
1443         (JSC::StructureRareData::setObjectToStringValue):
1444         * runtime/WeakMapData.cpp:
1445         (JSC::WeakMapData::visitChildren):
1446
1447 2014-01-08  Sam Weinig  <sam@webkit.org>
1448
1449         [JS] Should be able to create a promise by calling the Promise constructor as a function
1450         https://bugs.webkit.org/show_bug.cgi?id=126561
1451
1452         Reviewed by Geoffrey Garen.
1453
1454         * runtime/JSPromiseConstructor.cpp:
1455         (JSC::JSPromiseConstructor::getCallData):
1456         Add support for calling the Promise constructor as a function (e.g. var p = Promise(...), note
1457         the missing "new").
1458
1459 2014-01-08  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
1460
1461         [EFL] Make FTL buildable
1462         https://bugs.webkit.org/show_bug.cgi?id=125777
1463
1464         Reviewed by Csaba Osztrogonác.
1465
1466         * CMakeLists.txt:
1467         * ftl/FTLOSREntry.cpp:
1468         * ftl/FTLOSRExitCompiler.cpp:
1469         * llvm/library/config_llvm.h:
1470
1471 2014-01-08  Zan Dobersek  <zdobersek@igalia.com>
1472
1473         [Automake] Scripts for generated build targets do not necessarily produce their output
1474         https://bugs.webkit.org/show_bug.cgi?id=126378
1475
1476         Reviewed by Carlos Garcia Campos.
1477
1478         * GNUmakefile.am: Touch the build targets that are generated through helper scripts that don't
1479         assure the output is generated every time the script is invoked, most commonly due to unchanged
1480         input. This assures the build targets are up-to-date and can't be older that their dependencies,
1481         which would result in constant regeneration at every build.
1482
1483 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1484
1485         DFG fixup phase should be responsible for inserting ValueToInt32's as needed and it should use Phantom to keep the original values alive in case of OSR exit
1486         https://bugs.webkit.org/show_bug.cgi?id=126600
1487
1488         Reviewed by Michael Saboff.
1489         
1490         This fixes an embarrassing OSR exit liveness bug. It also simplifies the code. We were
1491         already using FixupPhase as the place where conversion nodes get inserted. ValueToInt32
1492         was the only exception to that rule, and that was one of the reasons why we had this bug.
1493         
1494         Henceforth ValueToInt32 is only inserted by FixupPhase, and only when it is necessary:
1495         we have a BitOp that will want a ToInt32 conversion and the operand is not predicted to
1496         already be an int32. If FixupPhase inserts any ValueToInt32's then the BitOp will no
1497         longer appear to use the original operand, which will make OSR exit think that the
1498         original operand is dead. We work around this they way we always do: insert a Phantom on
1499         the original operands right after the BitOp. This ensures that any OSR exit in any of the
1500         ValueToInt32's or in the BitOp itself will have values for the original inputs.
1501
1502         * dfg/DFGBackwardsPropagationPhase.cpp:
1503         (JSC::DFG::BackwardsPropagationPhase::isWithinPowerOfTwo):
1504         (JSC::DFG::BackwardsPropagationPhase::propagate):
1505         * dfg/DFGByteCodeParser.cpp:
1506         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1507         (JSC::DFG::ByteCodeParser::parseBlock):
1508         * dfg/DFGFixupPhase.cpp:
1509         (JSC::DFG::FixupPhase::fixupNode):
1510         (JSC::DFG::FixupPhase::fixIntEdge):
1511         (JSC::DFG::FixupPhase::fixBinaryIntEdges):
1512         * dfg/DFGPredictionPropagationPhase.cpp:
1513         (JSC::DFG::PredictionPropagationPhase::propagate):
1514         * tests/stress/bit-op-value-to-int32-input-liveness.js: Added.
1515         (foo):
1516
1517 2014-01-07  Mark Hahnenberg  <mhahnenberg@apple.com>
1518
1519         Repatch write barrier slow path call doesn't align the stack in the presence of saved registers
1520         https://bugs.webkit.org/show_bug.cgi?id=126093
1521
1522         Reviewed by Geoffrey Garen.
1523
1524         * jit/Repatch.cpp: Reworked the stack alignment code for calling out to C code on the write barrier slow path.
1525         We need to properly account for the number of reused registers that were saved to the stack, so we have to 
1526         pass the ScratchRegisterAllocator around.
1527         (JSC::storeToWriteBarrierBuffer):
1528         (JSC::writeBarrier):
1529         (JSC::emitPutReplaceStub):
1530         (JSC::emitPutTransitionStub):
1531         * jit/ScratchRegisterAllocator.h: Previously the ScratchRegisterAllocator only knew whether or not it had
1532         reused registers, but not how many. In order to correctly align the stack for calls to C slow paths for 
1533         the write barriers in inline caches we need to know how the stack is aligned. So now ScratchRegisterAllocator
1534         tracks how many registers it has reused.
1535         (JSC::ScratchRegisterAllocator::ScratchRegisterAllocator):
1536         (JSC::ScratchRegisterAllocator::allocateScratch):
1537         (JSC::ScratchRegisterAllocator::didReuseRegisters):
1538         (JSC::ScratchRegisterAllocator::numberOfReusedRegisters):
1539         (JSC::ScratchRegisterAllocator::preserveReusedRegistersByPushing):
1540         (JSC::ScratchRegisterAllocator::restoreReusedRegistersByPopping):
1541         * llint/LowLevelInterpreter64.asm: Random typo fix.
1542
1543 2014-01-07  Mark Lam  <mark.lam@apple.com>
1544
1545         r161364 caused JSC tests regression on non-DFG builds (e.g. C Loop and Windows).
1546         https://bugs.webkit.org/show_bug.cgi?id=126589.
1547
1548         Reviewed by Filip Pizlo.
1549
1550         After the removal of ENABLE(VALUE_PROFILER), the LLINT is now expecting the
1551         relevant opcode operands to point to ValueProfiler data structures and will
1552         write profiling data into them. Hence, we need to allocate these data
1553         structures even though the profiling data won't be used in non-DFG builds.
1554
1555         * bytecode/CodeBlock.cpp:
1556         (JSC::CodeBlock::CodeBlock):
1557
1558 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1559
1560         ASSERT in compileArithNegate on pdfjs
1561         https://bugs.webkit.org/show_bug.cgi?id=126584
1562
1563         Reviewed by Mark Hahnenberg.
1564         
1565         Check negative zero when we should check it, not when we shouldn't check it. :-/
1566
1567         * dfg/DFGSpeculativeJIT.cpp:
1568         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1569
1570 2014-01-07  Gabor Rapcsanyi  <rgabor@webkit.org>
1571
1572         pushFinallyContext saves wrong m_labelScopes size
1573         https://bugs.webkit.org/show_bug.cgi?id=124529
1574
1575         Remove free label scopes before saving finally context.
1576
1577         Reviewed by Geoffrey Garen.
1578
1579         * bytecompiler/BytecodeGenerator.cpp:
1580         (JSC::BytecodeGenerator::pushFinallyContext):
1581
1582 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1583
1584         Heap::collect shouldn't be responsible for sweeping
1585         https://bugs.webkit.org/show_bug.cgi?id=126556
1586
1587         Reviewed by Geoffrey Garen.
1588
1589         Sweeping happens at an awkward time during collection due to the fact that destructors can 
1590         cause arbitrary reentry into the VM. This patch separates collecting and sweeping, and delays 
1591         sweeping until after collection has completely finished.
1592
1593         * heap/Heap.cpp:
1594         (JSC::Heap::collectAllGarbage):
1595         (JSC::Heap::collect):
1596         (JSC::Heap::collectIfNecessaryOrDefer):
1597         * heap/Heap.h:
1598         * heap/MarkedSpace.cpp:
1599         (JSC::MarkedSpace::sweep):
1600         * runtime/GCActivityCallback.cpp:
1601         (JSC::DefaultGCActivityCallback::doWork):
1602
1603 2014-01-07  Mark Rowe  <mrowe@apple.com>
1604
1605         <https://webkit.org/b/126567> Remove the legacy WebKit availability macros
1606
1607         They're no longer used.
1608
1609         Reviewed by Ryosuke Niwa.
1610
1611         * API/WebKitAvailability.h:
1612
1613 2014-01-07  Filip Pizlo  <fpizlo@apple.com>
1614
1615         SetLocal for a FlushedArguments should not claim that the dataFormat is DataFormatJS
1616         https://bugs.webkit.org/show_bug.cgi?id=126563
1617
1618         Reviewed by Gavin Barraclough.
1619         
1620         This was a rookie arguments simplification mistake: the SetLocal needs to record the fact
1621         that although it set JSValue(), OSR should think it set Arguments. DataFormatArguments
1622         conveys this, and dataFormatFor(FlushFormat) will do the right thing.
1623
1624         * dfg/DFGSpeculativeJIT32_64.cpp:
1625         (JSC::DFG::SpeculativeJIT::compile):
1626         * dfg/DFGSpeculativeJIT64.cpp:
1627         (JSC::DFG::SpeculativeJIT::compile):
1628         * tests/stress/phantom-arguments-set-local-then-exit-in-same-block.js: Added.
1629         (foo):
1630
1631 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1632
1633         Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
1634         https://bugs.webkit.org/show_bug.cgi?id=125519
1635
1636         Reviewed by Geoffrey Garen.
1637         
1638         Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
1639         checks and overflows the node should do. Previously this would be deduced from
1640         backwards analysis results.
1641         
1642         This also makes "unchecked" variants really mean that you want the int32 wrapped
1643         result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
1644         constant folder needs to compute exactly the result implied by ArithMode, instead of
1645         just folding the double result.
1646
1647         * CMakeLists.txt:
1648         * GNUmakefile.list.am:
1649         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1650         * JavaScriptCore.xcodeproj/project.pbxproj:
1651         * dfg/DFGAbstractInterpreterInlines.h:
1652         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1653         * dfg/DFGArithMode.cpp: Added.
1654         (WTF::printInternal):
1655         * dfg/DFGArithMode.h: Added.
1656         (JSC::DFG::doesOverflow):
1657         (JSC::DFG::shouldCheckOverflow):
1658         (JSC::DFG::shouldCheckNegativeZero):
1659         * dfg/DFGCSEPhase.cpp:
1660         (JSC::DFG::CSEPhase::pureCSE):
1661         (JSC::DFG::CSEPhase::performNodeCSE):
1662         * dfg/DFGConstantFoldingPhase.cpp:
1663         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1664         * dfg/DFGFixupPhase.cpp:
1665         (JSC::DFG::FixupPhase::fixupNode):
1666         (JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):
1667         * dfg/DFGGraph.cpp:
1668         (JSC::DFG::Graph::dump):
1669         * dfg/DFGNode.h:
1670         (JSC::DFG::Node::Node):
1671         (JSC::DFG::Node::hasArithMode):
1672         (JSC::DFG::Node::arithMode):
1673         (JSC::DFG::Node::setArithMode):
1674         * dfg/DFGSpeculativeJIT.cpp:
1675         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
1676         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
1677         (JSC::DFG::SpeculativeJIT::compileAdd):
1678         (JSC::DFG::SpeculativeJIT::compileArithSub):
1679         (JSC::DFG::SpeculativeJIT::compileArithNegate):
1680         (JSC::DFG::SpeculativeJIT::compileArithMul):
1681         (JSC::DFG::SpeculativeJIT::compileArithDiv):
1682         (JSC::DFG::SpeculativeJIT::compileArithMod):
1683         * dfg/DFGSpeculativeJIT.h:
1684         * dfg/DFGSpeculativeJIT32_64.cpp:
1685         (JSC::DFG::SpeculativeJIT::compile):
1686         * dfg/DFGSpeculativeJIT64.cpp:
1687         (JSC::DFG::SpeculativeJIT::compile):
1688         * ftl/FTLLowerDFGToLLVM.cpp:
1689         (JSC::FTL::LowerDFGToLLVM::compileAddSub):
1690         (JSC::FTL::LowerDFGToLLVM::compileArithMul):
1691         (JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
1692         (JSC::FTL::LowerDFGToLLVM::compileArithNegate):
1693         (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
1694
1695 2014-01-06  Mark Hahnenberg  <mhahnenberg@apple.com>
1696
1697         Add write barriers to the LLInt
1698         https://bugs.webkit.org/show_bug.cgi?id=126527
1699
1700         Reviewed by Filip Pizlo.
1701
1702         This patch takes a similar approach to how write barriers work in the baseline JIT.
1703         We execute the write barrier at the beginning of the opcode so we don't have to 
1704         worry about saving and restoring live registers across write barrier slow path calls 
1705         to C code.
1706
1707         * llint/LLIntOfflineAsmConfig.h:
1708         * llint/LLIntSlowPaths.cpp:
1709         (JSC::LLInt::llint_write_barrier_slow):
1710         * llint/LLIntSlowPaths.h:
1711         * llint/LowLevelInterpreter.asm:
1712         * llint/LowLevelInterpreter32_64.asm:
1713         * llint/LowLevelInterpreter64.asm:
1714         * offlineasm/arm64.rb:
1715         * offlineasm/instructions.rb:
1716         * offlineasm/x86.rb:
1717
1718 2014-01-05  Sam Weinig  <sam@webkit.org>
1719
1720         [JS] Implement Promise.all()
1721         https://bugs.webkit.org/show_bug.cgi?id=126510
1722
1723         Reviewed by Gavin Barraclough.
1724
1725         Add Promise.all() implementation and factor out performing resolves and rejects
1726         on deferreds to share a bit of code. Also moves the abruptRejection helper to
1727         JSPromiseDeferred so it can be used in JSPromiseFunctions.
1728
1729         * runtime/CommonIdentifiers.h:
1730         * runtime/JSPromiseConstructor.cpp:
1731         (JSC::JSPromiseConstructorFuncCast):
1732         (JSC::JSPromiseConstructorFuncResolve):
1733         (JSC::JSPromiseConstructorFuncReject):
1734         (JSC::JSPromiseConstructorFuncAll):
1735         * runtime/JSPromiseDeferred.cpp:
1736         (JSC::updateDeferredFromPotentialThenable):
1737         (JSC::performDeferredResolve):
1738         (JSC::performDeferredReject):
1739         (JSC::abruptRejection):
1740         * runtime/JSPromiseDeferred.h:
1741         * runtime/JSPromiseFunctions.cpp:
1742         (JSC::promiseAllCountdownFunction):
1743         (JSC::createPromiseAllCountdownFunction):
1744         * runtime/JSPromiseFunctions.h:
1745         * runtime/JSPromiseReaction.cpp:
1746         (JSC::ExecutePromiseReactionMicrotask::run):
1747
1748 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1749
1750         Get rid of ENABLE(VALUE_PROFILER). It's on all the time now.
1751
1752         Rubber stamped by Mark Hahnenberg.
1753
1754         * bytecode/CallLinkStatus.cpp:
1755         (JSC::CallLinkStatus::computeFor):
1756         * bytecode/CodeBlock.cpp:
1757         (JSC::CodeBlock::dumpValueProfiling):
1758         (JSC::CodeBlock::dumpArrayProfiling):
1759         (JSC::CodeBlock::dumpRareCaseProfile):
1760         (JSC::CodeBlock::dumpBytecode):
1761         (JSC::CodeBlock::CodeBlock):
1762         (JSC::CodeBlock::setNumParameters):
1763         (JSC::CodeBlock::shrinkToFit):
1764         (JSC::CodeBlock::shouldOptimizeNow):
1765         * bytecode/CodeBlock.h:
1766         (JSC::CodeBlock::valueProfileForBytecodeOffset):
1767         * bytecode/GetByIdStatus.cpp:
1768         (JSC::GetByIdStatus::computeForChain):
1769         (JSC::GetByIdStatus::computeFor):
1770         * bytecode/LazyOperandValueProfile.cpp:
1771         * bytecode/LazyOperandValueProfile.h:
1772         * bytecode/PutByIdStatus.cpp:
1773         (JSC::PutByIdStatus::computeFor):
1774         * bytecode/ValueProfile.h:
1775         * bytecompiler/BytecodeGenerator.cpp:
1776         (JSC::BytecodeGenerator::newArrayProfile):
1777         (JSC::BytecodeGenerator::newArrayAllocationProfile):
1778         (JSC::BytecodeGenerator::emitProfiledOpcode):
1779         * jit/GPRInfo.h:
1780         * jit/JIT.cpp:
1781         (JSC::JIT::JIT):
1782         (JSC::JIT::privateCompileSlowCases):
1783         (JSC::JIT::privateCompile):
1784         * jit/JIT.h:
1785         * jit/JITArithmetic.cpp:
1786         (JSC::JIT::compileBinaryArithOp):
1787         (JSC::JIT::emit_op_mul):
1788         (JSC::JIT::emit_op_div):
1789         * jit/JITArithmetic32_64.cpp:
1790         (JSC::JIT::emitBinaryDoubleOp):
1791         (JSC::JIT::emit_op_mul):
1792         (JSC::JIT::emitSlow_op_mul):
1793         (JSC::JIT::emit_op_div):
1794         * jit/JITCall.cpp:
1795         (JSC::JIT::emitPutCallResult):
1796         * jit/JITCall32_64.cpp:
1797         (JSC::JIT::emitPutCallResult):
1798         * jit/JITInlines.h:
1799         (JSC::JIT::appendCallWithExceptionCheckSetJSValueResultWithProfile):
1800         (JSC::JIT::emitValueProfilingSite):
1801         (JSC::JIT::emitArrayProfilingSiteForBytecodeIndex):
1802         (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
1803         (JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
1804         (JSC::arrayProfileSaw):
1805         (JSC::JIT::chooseArrayMode):
1806         * jit/JITOpcodes.cpp:
1807         (JSC::JIT::emit_op_get_argument_by_val):
1808         * jit/JITOpcodes32_64.cpp:
1809         (JSC::JIT::emit_op_get_argument_by_val):
1810         * jit/JITPropertyAccess.cpp:
1811         (JSC::JIT::emit_op_get_by_val):
1812         (JSC::JIT::emitSlow_op_get_by_val):
1813         (JSC::JIT::emit_op_get_by_id):
1814         (JSC::JIT::emit_op_get_from_scope):
1815         * jit/JITPropertyAccess32_64.cpp:
1816         (JSC::JIT::emit_op_get_by_val):
1817         (JSC::JIT::emitSlow_op_get_by_val):
1818         (JSC::JIT::emit_op_get_by_id):
1819         (JSC::JIT::emit_op_get_from_scope):
1820         * llint/LLIntOfflineAsmConfig.h:
1821         * llint/LLIntSlowPaths.cpp:
1822         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1823         * llint/LowLevelInterpreter.asm:
1824         * llint/LowLevelInterpreter32_64.asm:
1825         * llint/LowLevelInterpreter64.asm:
1826         * profiler/ProfilerBytecodeSequence.cpp:
1827         (JSC::Profiler::BytecodeSequence::BytecodeSequence):
1828         * runtime/CommonSlowPaths.cpp:
1829
1830 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1831
1832         LLInt shouldn't check for ENABLE(JIT).
1833
1834         Rubber stamped by Mark Hahnenberg.
1835
1836         * llint/LLIntCommon.h:
1837         * llint/LLIntOfflineAsmConfig.h:
1838         * llint/LLIntSlowPaths.cpp:
1839         (JSC::LLInt::entryOSR):
1840         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1841         * llint/LowLevelInterpreter.asm:
1842
1843 2014-01-06  Filip Pizlo  <fpizlo@apple.com>
1844
1845         LLInt shouldnt check for ENABLE(JAVASCRIPT_DEBUGGER).
1846
1847         Rubber stamped by Mark Hahnenberg.
1848
1849         * debugger/Debugger.h:
1850         (JSC::Debugger::Debugger):
1851         * llint/LLIntOfflineAsmConfig.h:
1852         * llint/LowLevelInterpreter.asm:
1853
1854 2014-01-05  Sam Weinig  <sam@webkit.org>
1855
1856         [JS] Implement Promise.race()
1857         https://bugs.webkit.org/show_bug.cgi?id=126506
1858
1859         Reviewed by Oliver Hunt.
1860
1861         * runtime/CommonIdentifiers.h:
1862         Add identifier for "cast".
1863     
1864         * runtime/JSPromiseConstructor.cpp:
1865         (JSC::abruptRejection):
1866         Helper for the RejectIfAbrupt abstract operation.
1867   
1868         (JSC::JSPromiseConstructorFuncRace):
1869         Add implementation of Promise.race()
1870
1871 2014-01-05  Martin Robinson  <mrobinson@igalia.com>
1872
1873         [GTK] [CMake] Ensure that the autotools build and the CMake install the same files
1874         https://bugs.webkit.org/show_bug.cgi?id=116379
1875
1876         Reviewed by Gustavo Noronha Silva.
1877
1878         * PlatformGTK.cmake: Install API headers, gir files, and the pkg-config file.
1879
1880 2014-01-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1881
1882         Use Compiler macros instead of raw "final" and "override"
1883         https://bugs.webkit.org/show_bug.cgi?id=126490
1884
1885         Reviewed by Sam Weinig.
1886
1887         * runtime/JSPromiseReaction.cpp:
1888
1889 2014-01-04  Martin Robinson  <mrobinson@igalia.com>
1890
1891         [GTK] [CMake] Improve the way we locate gobject-introspection
1892         https://bugs.webkit.org/show_bug.cgi?id=126452
1893
1894         Reviewed by Philippe Normand.
1895
1896         * PlatformGTK.cmake: Use the new introspection variables.
1897
1898 2014-01-04  Zan Dobersek  <zdobersek@igalia.com>
1899
1900         Explicitly use the std:: nested name specifier when using std::pair, std::make_pair
1901         https://bugs.webkit.org/show_bug.cgi?id=126439
1902
1903         Reviewed by Andreas Kling.
1904
1905         Instead of relying on std::pair and std::make_pair symbols being present in the current scope
1906         through the pair and make_pair symbols, the std:: specifier should be used explicitly.
1907
1908         * bytecode/Opcode.cpp:
1909         (JSC::compareOpcodePairIndices):
1910         (JSC::OpcodeStats::~OpcodeStats):
1911         * bytecompiler/BytecodeGenerator.cpp:
1912         (JSC::BytecodeGenerator::BytecodeGenerator):
1913         * parser/ASTBuilder.h:
1914         (JSC::ASTBuilder::makeBinaryNode):
1915         * parser/Parser.cpp:
1916         (JSC::Parser<LexerType>::parseIfStatement):
1917         * runtime/Structure.cpp:
1918         (JSC::StructureTransitionTable::contains):
1919         (JSC::StructureTransitionTable::get):
1920         (JSC::StructureTransitionTable::add):
1921
1922 2014-01-03  David Farler  <dfarler@apple.com>
1923
1924         [super dealloc] missing in Source/JavaScriptCore/API/tests/testapi.mm, fails to build with -Werror,-Wobjc-missing-super-calls
1925         https://bugs.webkit.org/show_bug.cgi?id=126454
1926
1927         Reviewed by Geoffrey Garen.
1928
1929         * API/tests/testapi.mm:
1930         (-[TextXYZ dealloc]):
1931         add [super dealloc]
1932         (-[EvilAllocationObject dealloc]):
1933         add [super dealloc]
1934
1935 2014-01-02  Carlos Garcia Campos  <cgarcia@igalia.com>
1936
1937         REGRESSION(r160304): [GTK] Disable libtool fast install
1938         https://bugs.webkit.org/show_bug.cgi?id=126381
1939
1940         Reviewed by Martin Robinson.
1941
1942         Remove -no-fast-install ld flag since fast install is now disabled
1943         globally.
1944
1945         * GNUmakefile.am:
1946
1947 2014-01-02  Sam Weinig  <sam@webkit.org>
1948
1949         Update Promises to the https://github.com/domenic/promises-unwrapping spec
1950         https://bugs.webkit.org/show_bug.cgi?id=120954
1951
1952         Reviewed by Filip Pizlo.
1953
1954         Update Promises to the revised spec. Notable changes:
1955         - JSPromiseResolver is gone.
1956         - TaskContext has been renamed Microtask and now has a virtual run() function.
1957         - Instead of using custom InternalFunction subclasses, JSFunctions are used
1958           with PrivateName properties for internal slots.
1959
1960         * CMakeLists.txt:
1961         * DerivedSources.make:
1962         * GNUmakefile.list.am:
1963         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1964         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1965         * JavaScriptCore.xcodeproj/project.pbxproj:
1966         * interpreter/CallFrame.h:
1967         (JSC::ExecState::promiseConstructorTable):
1968         * runtime/CommonIdentifiers.cpp:
1969         (JSC::CommonIdentifiers::CommonIdentifiers):
1970         * runtime/CommonIdentifiers.h:
1971         * runtime/JSGlobalObject.cpp:
1972         (JSC::JSGlobalObject::reset):
1973         (JSC::JSGlobalObject::visitChildren):
1974         (JSC::JSGlobalObject::queueMicrotask):
1975         * runtime/JSGlobalObject.h:
1976         (JSC::JSGlobalObject::promiseConstructor):
1977         (JSC::JSGlobalObject::promisePrototype):
1978         (JSC::JSGlobalObject::promiseStructure):
1979         * runtime/JSPromise.cpp:
1980         (JSC::JSPromise::create):
1981         (JSC::JSPromise::JSPromise):
1982         (JSC::JSPromise::finishCreation):
1983         (JSC::JSPromise::visitChildren):
1984         (JSC::JSPromise::reject):
1985         (JSC::JSPromise::resolve):
1986         (JSC::JSPromise::appendResolveReaction):
1987         (JSC::JSPromise::appendRejectReaction):
1988         (JSC::triggerPromiseReactions):
1989         * runtime/JSPromise.h:
1990         (JSC::JSPromise::status):
1991         (JSC::JSPromise::result):
1992         (JSC::JSPromise::constructor):
1993         * runtime/JSPromiseCallback.cpp: Removed.
1994         * runtime/JSPromiseCallback.h: Removed.
1995         * runtime/JSPromiseConstructor.cpp:
1996         (JSC::constructPromise):
1997         (JSC::JSPromiseConstructor::getCallData):
1998         (JSC::JSPromiseConstructorFuncCast):
1999         (JSC::JSPromiseConstructorFuncResolve):
2000         (JSC::JSPromiseConstructorFuncReject):
2001         * runtime/JSPromiseConstructor.h:
2002         * runtime/JSPromiseDeferred.cpp: Added.
2003         (JSC::JSPromiseDeferred::create):
2004         (JSC::JSPromiseDeferred::JSPromiseDeferred):
2005         (JSC::JSPromiseDeferred::finishCreation):
2006         (JSC::JSPromiseDeferred::visitChildren):
2007         (JSC::createJSPromiseDeferredFromConstructor):
2008         (JSC::updateDeferredFromPotentialThenable):
2009         * runtime/JSPromiseDeferred.h: Added.
2010         (JSC::JSPromiseDeferred::createStructure):
2011         (JSC::JSPromiseDeferred::promise):
2012         (JSC::JSPromiseDeferred::resolve):
2013         (JSC::JSPromiseDeferred::reject):
2014         * runtime/JSPromiseFunctions.cpp: Added.
2015         (JSC::deferredConstructionFunction):
2016         (JSC::createDeferredConstructionFunction):
2017         (JSC::identifyFunction):
2018         (JSC::createIdentifyFunction):
2019         (JSC::promiseAllCountdownFunction):
2020         (JSC::createPromiseAllCountdownFunction):
2021         (JSC::promiseResolutionHandlerFunction):
2022         (JSC::createPromiseResolutionHandlerFunction):
2023         (JSC::rejectPromiseFunction):
2024         (JSC::createRejectPromiseFunction):
2025         (JSC::resolvePromiseFunction):
2026         (JSC::createResolvePromiseFunction):
2027         (JSC::throwerFunction):
2028         (JSC::createThrowerFunction):
2029         * runtime/JSPromiseFunctions.h: Added.
2030         * runtime/JSPromisePrototype.cpp:
2031         (JSC::JSPromisePrototypeFuncThen):
2032         (JSC::JSPromisePrototypeFuncCatch):
2033         * runtime/JSPromiseReaction.cpp: Added.
2034         (JSC::createExecutePromiseReactionMicroTask):
2035         (JSC::ExecutePromiseReactionMicroTask::run):
2036         (JSC::JSPromiseReaction::create):
2037         (JSC::JSPromiseReaction::JSPromiseReaction):
2038         (JSC::JSPromiseReaction::finishCreation):
2039         (JSC::JSPromiseReaction::visitChildren):
2040         * runtime/JSPromiseReaction.h: Added.
2041         (JSC::JSPromiseReaction::createStructure):
2042         (JSC::JSPromiseReaction::deferred):
2043         (JSC::JSPromiseReaction::handler):
2044         * runtime/JSPromiseResolver.cpp: Removed.
2045         * runtime/JSPromiseResolver.h: Removed.
2046         * runtime/JSPromiseResolverConstructor.cpp: Removed.
2047         * runtime/JSPromiseResolverConstructor.h: Removed.
2048         * runtime/JSPromiseResolverPrototype.cpp: Removed.
2049         * runtime/JSPromiseResolverPrototype.h: Removed.
2050         * runtime/Microtask.h: Added.
2051         * runtime/VM.cpp:
2052         (JSC::VM::VM):
2053         (JSC::VM::~VM):
2054         * runtime/VM.h:
2055
2056 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2057
2058         Add support for StoreBarrier and friends to the FTL
2059         https://bugs.webkit.org/show_bug.cgi?id=126040
2060
2061         Reviewed by Filip Pizlo.
2062
2063         * ftl/FTLAbstractHeapRepository.h:
2064         * ftl/FTLCapabilities.cpp:
2065         (JSC::FTL::canCompile):
2066         * ftl/FTLIntrinsicRepository.h:
2067         * ftl/FTLLowerDFGToLLVM.cpp:
2068         (JSC::FTL::LowerDFGToLLVM::compileNode):
2069         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrier):
2070         (JSC::FTL::LowerDFGToLLVM::compileConditionalStoreBarrier):
2071         (JSC::FTL::LowerDFGToLLVM::compileStoreBarrierWithNullCheck):
2072         (JSC::FTL::LowerDFGToLLVM::loadMarkByte):
2073         (JSC::FTL::LowerDFGToLLVM::emitStoreBarrier):
2074         * heap/Heap.cpp:
2075         (JSC::Heap::Heap):
2076         * heap/Heap.h:
2077         (JSC::Heap::writeBarrierBuffer):
2078
2079 2014-01-02  Mark Hahnenberg  <mhahnenberg@apple.com>
2080
2081         Storing new CopiedSpace memory into a JSObject should fire a write barrier
2082         https://bugs.webkit.org/show_bug.cgi?id=126025
2083
2084         Reviewed by Filip Pizlo.
2085
2086         Technically this is creating a pointer between a (potentially) old generation object and a young 
2087         generation chunk of memory, thus there needs to be a barrier.
2088
2089         * JavaScriptCore.xcodeproj/project.pbxproj:
2090         * dfg/DFGOperations.cpp:
2091         * heap/CopyWriteBarrier.h: Added. This class functions similarly to the WriteBarrier class. It 
2092         acts as a proxy for pointers to CopiedSpace. Assignments to the field cause a write barrier to 
2093         fire for the object that is the owner of the CopiedSpace memory. This is to ensure during nursery 
2094         collections that objects with new backing stores are visited, even if they are old generation objects. 
2095         (JSC::CopyWriteBarrier::CopyWriteBarrier):
2096         (JSC::CopyWriteBarrier::operator!):
2097         (JSC::CopyWriteBarrier::operator UnspecifiedBoolType*):
2098         (JSC::CopyWriteBarrier::get):
2099         (JSC::CopyWriteBarrier::operator*):
2100         (JSC::CopyWriteBarrier::operator->):
2101         (JSC::CopyWriteBarrier::set):
2102         (JSC::CopyWriteBarrier::setWithoutWriteBarrier):
2103         (JSC::CopyWriteBarrier::clear):
2104         * heap/Heap.h:
2105         * runtime/JSArray.cpp:
2106         (JSC::JSArray::unshiftCountSlowCase):
2107         (JSC::JSArray::shiftCountWithArrayStorage):
2108         (JSC::JSArray::unshiftCountWithArrayStorage):
2109         * runtime/JSCell.h:
2110         (JSC::JSCell::unvalidatedStructure):
2111         * runtime/JSGenericTypedArrayViewInlines.h:
2112         (JSC::JSGenericTypedArrayView<Adaptor>::slowDownAndWasteMemory):
2113         * runtime/JSObject.cpp:
2114         (JSC::JSObject::copyButterfly):
2115         (JSC::JSObject::getOwnPropertySlotByIndex):
2116         (JSC::JSObject::putByIndex):
2117         (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
2118         (JSC::JSObject::createInitialIndexedStorage):
2119         (JSC::JSObject::createArrayStorage):
2120         (JSC::JSObject::deletePropertyByIndex):
2121         (JSC::JSObject::getOwnPropertyNames):
2122         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
2123         (JSC::JSObject::countElements):
2124         (JSC::JSObject::increaseVectorLength):
2125         (JSC::JSObject::ensureLengthSlow):
2126         * runtime/JSObject.h:
2127         (JSC::JSObject::butterfly):
2128         (JSC::JSObject::setStructureAndButterfly):
2129         (JSC::JSObject::setButterflyWithoutChangingStructure):
2130         (JSC::JSObject::JSObject):
2131         (JSC::JSObject::putDirectInternal):
2132         (JSC::JSObject::putDirectWithoutTransition):
2133         * runtime/MapData.cpp:
2134         (JSC::MapData::ensureSpaceForAppend):
2135         * runtime/Structure.cpp:
2136         (JSC::Structure::materializePropertyMap):
2137
2138 2013-12-23  Oliver Hunt  <oliver@apple.com>
2139
2140         Refactor PutPropertySlot to be aware of custom properties
2141         https://bugs.webkit.org/show_bug.cgi?id=126187
2142
2143         Reviewed by Antti Koivisto.
2144
2145         Refactor PutPropertySlot, making the constructor take the thisValue
2146         used as a target.  This results in a wide range of boilerplate changes
2147         to pass the new parameter.
2148
2149         * API/JSObjectRef.cpp:
2150         (JSObjectSetProperty):
2151         * dfg/DFGOperations.cpp:
2152         (JSC::DFG::operationPutByValInternal):
2153         * interpreter/Interpreter.cpp:
2154         (JSC::Interpreter::execute):
2155         * jit/JITOperations.cpp:
2156         * llint/LLIntSlowPaths.cpp:
2157         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2158         * runtime/Arguments.cpp:
2159         (JSC::Arguments::putByIndex):
2160         * runtime/ArrayPrototype.cpp:
2161         (JSC::putProperty):
2162         (JSC::arrayProtoFuncPush):
2163         * runtime/JSCJSValue.cpp:
2164         (JSC::JSValue::putToPrimitiveByIndex):
2165         * runtime/JSCell.cpp:
2166         (JSC::JSCell::putByIndex):
2167         * runtime/JSFunction.cpp:
2168         (JSC::JSFunction::put):
2169         * runtime/JSGenericTypedArrayViewInlines.h:
2170         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2171         * runtime/JSONObject.cpp:
2172         (JSC::Walker::walk):
2173         * runtime/JSObject.cpp:
2174         (JSC::JSObject::putByIndex):
2175         (JSC::JSObject::putDirectNonIndexAccessor):
2176         (JSC::JSObject::deleteProperty):
2177         * runtime/JSObject.h:
2178         (JSC::JSObject::putDirect):
2179         * runtime/Lookup.h:
2180         (JSC::putEntry):
2181         (JSC::lookupPut):
2182         * runtime/PutPropertySlot.h:
2183         (JSC::PutPropertySlot::PutPropertySlot):
2184         (JSC::PutPropertySlot::setCustomProperty):
2185         (JSC::PutPropertySlot::thisValue):
2186         (JSC::PutPropertySlot::isCacheable):
2187
2188 2014-01-01  Filip Pizlo  <fpizlo@apple.com>
2189
2190         Rationalize DFG DCE
2191         https://bugs.webkit.org/show_bug.cgi?id=125523
2192
2193         Reviewed by Mark Hahnenberg.
2194         
2195         Adds the ability to DCE more things. It's now the case that if a node is completely
2196         pure, we clear NodeMustGenerate and the node becomes a DCE candidate.
2197
2198         * dfg/DFGAbstractInterpreterInlines.h:
2199         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2200         * dfg/DFGCSEPhase.cpp:
2201         (JSC::DFG::CSEPhase::performNodeCSE):
2202         * dfg/DFGClobberize.h:
2203         (JSC::DFG::clobberize):
2204         * dfg/DFGDCEPhase.cpp:
2205         (JSC::DFG::DCEPhase::cleanVariables):
2206         * dfg/DFGFixupPhase.cpp:
2207         (JSC::DFG::FixupPhase::fixupNode):
2208         * dfg/DFGGraph.h:
2209         (JSC::DFG::Graph::clobbersWorld):
2210         * dfg/DFGNodeType.h:
2211         * dfg/DFGSpeculativeJIT.cpp:
2212         (JSC::DFG::SpeculativeJIT::compileAdd):
2213         * dfg/DFGSpeculativeJIT.h:
2214         * dfg/DFGSpeculativeJIT32_64.cpp:
2215         (JSC::DFG::SpeculativeJIT::compile):
2216         * dfg/DFGSpeculativeJIT64.cpp:
2217         (JSC::DFG::SpeculativeJIT::compile):
2218         * ftl/FTLLowerDFGToLLVM.cpp:
2219         (JSC::FTL::LowerDFGToLLVM::compileNode):
2220         (JSC::FTL::LowerDFGToLLVM::compileValueAdd):
2221
2222 2014-01-02  Benjamin Poulain  <benjamin@webkit.org>
2223
2224         Attempt to fix the build of WebCore's code generator on CMake based system
2225         https://bugs.webkit.org/show_bug.cgi?id=126271
2226
2227         Reviewed by Sam Weinig.
2228
2229         * CMakeLists.txt:
2230
2231 2013-12-30  Commit Queue  <commit-queue@webkit.org>
2232
2233         Unreviewed, rolling out r161157, r161158, r161160, r161161,
2234         r161163, and r161165.
2235         http://trac.webkit.org/changeset/161157
2236         http://trac.webkit.org/changeset/161158
2237         http://trac.webkit.org/changeset/161160
2238         http://trac.webkit.org/changeset/161161
2239         http://trac.webkit.org/changeset/161163
2240         http://trac.webkit.org/changeset/161165
2241         https://bugs.webkit.org/show_bug.cgi?id=126332
2242
2243         Broke WebKit2 on Mountain Lion (Requested by ap on #webkit).
2244
2245         * heap/BlockAllocator.cpp:
2246         (JSC::BlockAllocator::~BlockAllocator):
2247         (JSC::BlockAllocator::waitForRelativeTimeWhileHoldingLock):
2248         (JSC::BlockAllocator::waitForRelativeTime):
2249         (JSC::BlockAllocator::blockFreeingThreadMain):
2250         * heap/BlockAllocator.h:
2251         (JSC::BlockAllocator::deallocate):
2252
2253 2013-12-30  Anders Carlsson  <andersca@apple.com>
2254
2255         Fix build.
2256
2257         * heap/BlockAllocator.h:
2258
2259 2013-12-30  Anders Carlsson  <andersca@apple.com>
2260
2261         Stop using ThreadCondition in BlockAllocator
2262         https://bugs.webkit.org/show_bug.cgi?id=126313
2263
2264         Reviewed by Sam Weinig.
2265
2266         * heap/BlockAllocator.cpp:
2267         (JSC::BlockAllocator::~BlockAllocator):
2268         (JSC::BlockAllocator::waitForDuration):
2269         (JSC::BlockAllocator::blockFreeingThreadMain):
2270         * heap/BlockAllocator.h:
2271         (JSC::BlockAllocator::deallocate):
2272
2273 2013-12-30  Anders Carlsson  <andersca@apple.com>
2274
2275         Stop using ThreadCondition in jsc.cpp
2276         https://bugs.webkit.org/show_bug.cgi?id=126311
2277
2278         Reviewed by Sam Weinig.
2279
2280         * jsc.cpp:
2281         (timeoutThreadMain):
2282         (main):
2283
2284 2013-12-30  Anders Carlsson  <andersca@apple.com>
2285
2286         Replace WTF::ThreadingOnce with std::call_once
2287         https://bugs.webkit.org/show_bug.cgi?id=126215
2288
2289         Reviewed by Sam Weinig.
2290
2291         * dfg/DFGWorklist.cpp:
2292         (JSC::DFG::globalWorklist):
2293         * runtime/InitializeThreading.cpp:
2294         (JSC::initializeThreading):
2295
2296 2013-12-30  Martin Robinson  <mrobinson@igalia.com>
2297
2298         [CMake] [GTK] Add support for GObject introspection
2299         https://bugs.webkit.org/show_bug.cgi?id=126162
2300
2301         Reviewed by Daniel Bates.
2302
2303         * PlatformGTK.cmake: Add the GIR targets.
2304
2305 2013-12-28  Filip Pizlo  <fpizlo@apple.com>
2306
2307         Get rid of DFG forward exiting
2308         https://bugs.webkit.org/show_bug.cgi?id=125531
2309
2310         Reviewed by Oliver Hunt.
2311         
2312         This finally gets rid of forward exiting. Forward exiting was always a fragile concept
2313         since it involved the compiler trying to figure out how to "roll forward" the
2314         execution from some DFG node to the next bytecode index. It was always easy to find
2315         counterexamples where it broke, and it has always served as an obstacle to adding
2316         compiler improvements - the latest being http://webkit.org/b/125523, which tried to
2317         make DCE work for more things.
2318         
2319         This change finishes the work of removing forward exiting. A lot of forward exiting
2320         was already removed in some other bugs, but SetLocal still did forward exits. SetLocal
2321         is in many ways the hardest to remove, since the forward exiting of SetLocal also
2322         implied that any conversion nodes inserted before the SetLocal would then also be
2323         marked as forward-exiting. Hence SetLocal's forward-exiting made a bunch of other
2324         things also forward-exiting, and this was always a source of weirdo bugs.
2325         
2326         SetLocal must be able to exit in case it performs a hoisted type speculation. Nodes
2327         inserted just before SetLocal must also be able to exit - for example type check
2328         hoisting may insert a CheckStructure, or fixup phase may insert something like
2329         Int32ToDouble. But if any of those nodes tried to backward exit, then this could lead
2330         to the reexecution of a side-effecting operation, for example:
2331         
2332             a: Call(...)
2333             b: SetLocal(@a, r1)
2334         
2335         For a long time it seemed like SetLocal *had* to exit forward because of this. But
2336         this change side-steps the problem by changing the ByteCodeParser to always emit a
2337         kind of "two-phase commit" for stores to local variables. Now when the ByteCodeParser
2338         wishes to store to a local, it first emits a MovHint and then enqueues a SetLocal.
2339         The SetLocal isn't actually emitted until the beginning of the next bytecode
2340         instruction (which the exception of op_enter and op_ret, which emit theirs immediately
2341         since it's always safe to reexecute those bytecode instructions and since deferring
2342         SetLocals would be weird there - op_enter has many SetLocals and op_ret is a set
2343         followed by a jump in case of inlining, so we'd have to emit the SetLocal "after" the
2344         jump and that would be awkward). This means that the above IR snippet would look
2345         something like:
2346         
2347             a: Call(..., bc#42)
2348             b: MovHint(@a, r1, bc#42)
2349             c: SetLocal(@a, r1, bc#47)
2350         
2351         Where the SetLocal exits "backwards" but appears at the beginning of the next bytecode
2352         instruction. This means that by the time we get to that SetLocal, the OSR exit
2353         analysis already knows that r1 is associated with @a, and it means that the SetLocal
2354         or anything hoisted above it can exit backwards as normal.
2355         
2356         This change also means that the "forward rewiring" can be killed. Previously, we might
2357         have inserted a conversion node on SetLocal and then the SetLocal died (i.e. turned
2358         into a MovHint) and the conversion node either died completely or had its lifetime
2359         truncated to be less than the actual value's bytecode lifetime. This no longer happens
2360         since conversion nodes are only inserted at SetLocals.
2361         
2362         More precisely, this change introduces two laws that we were basically already
2363         following anyway:
2364         
2365         1) A MovHint's child should never be changed except if all other uses of that child
2366            are also replaced. Specifically, this prohibits insertion of conversion nodes at
2367            MovHints.
2368         
2369         2) Anytime any child is replaced with something else, and all other uses aren't also
2370            replaced, we must insert a Phantom use of the original child.
2371
2372         This is a slight compile-time regression but has no effect on code-gen. It unlocks a
2373         bunch of optimization opportunities so I think it's worth it.
2374
2375         * bytecode/CodeBlock.cpp:
2376         (JSC::CodeBlock::dumpAssumingJITType):
2377         * bytecode/CodeBlock.h:
2378         (JSC::CodeBlock::instructionCount):
2379         * dfg/DFGAbstractInterpreterInlines.h:
2380         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2381         * dfg/DFGArgumentsSimplificationPhase.cpp:
2382         (JSC::DFG::ArgumentsSimplificationPhase::run):
2383         * dfg/DFGArrayifySlowPathGenerator.h:
2384         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
2385         * dfg/DFGBackwardsPropagationPhase.cpp:
2386         (JSC::DFG::BackwardsPropagationPhase::propagate):
2387         * dfg/DFGByteCodeParser.cpp:
2388         (JSC::DFG::ByteCodeParser::setDirect):
2389         (JSC::DFG::ByteCodeParser::DelayedSetLocal::DelayedSetLocal):
2390         (JSC::DFG::ByteCodeParser::DelayedSetLocal::execute):
2391         (JSC::DFG::ByteCodeParser::handleInlining):
2392         (JSC::DFG::ByteCodeParser::parseBlock):
2393         * dfg/DFGCSEPhase.cpp:
2394         (JSC::DFG::CSEPhase::eliminate):
2395         * dfg/DFGClobberize.h:
2396         (JSC::DFG::clobberize):
2397         * dfg/DFGCommon.h:
2398         * dfg/DFGConstantFoldingPhase.cpp:
2399         (JSC::DFG::ConstantFoldingPhase::foldConstants):
2400         * dfg/DFGDCEPhase.cpp:
2401         (JSC::DFG::DCEPhase::run):
2402         (JSC::DFG::DCEPhase::fixupBlock):
2403         (JSC::DFG::DCEPhase::cleanVariables):
2404         * dfg/DFGFixupPhase.cpp:
2405         (JSC::DFG::FixupPhase::fixupNode):
2406         (JSC::DFG::FixupPhase::fixEdge):
2407         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
2408         * dfg/DFGLICMPhase.cpp:
2409         (JSC::DFG::LICMPhase::run):
2410         (JSC::DFG::LICMPhase::attemptHoist):
2411         * dfg/DFGMinifiedNode.cpp:
2412         (JSC::DFG::MinifiedNode::fromNode):
2413         * dfg/DFGMinifiedNode.h:
2414         (JSC::DFG::belongsInMinifiedGraph):
2415         (JSC::DFG::MinifiedNode::constantNumber):
2416         (JSC::DFG::MinifiedNode::weakConstant):
2417         * dfg/DFGNode.cpp:
2418         (JSC::DFG::Node::hasVariableAccessData):
2419         * dfg/DFGNode.h:
2420         (JSC::DFG::Node::convertToPhantom):
2421         (JSC::DFG::Node::convertToPhantomUnchecked):
2422         (JSC::DFG::Node::convertToIdentity):
2423         (JSC::DFG::Node::containsMovHint):
2424         (JSC::DFG::Node::hasUnlinkedLocal):
2425         (JSC::DFG::Node::willHaveCodeGenOrOSR):
2426         * dfg/DFGNodeFlags.cpp:
2427         (JSC::DFG::dumpNodeFlags):
2428         * dfg/DFGNodeFlags.h:
2429         * dfg/DFGNodeType.h:
2430         * dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
2431         (JSC::DFG::OSRAvailabilityAnalysisPhase::run):
2432         * dfg/DFGOSREntrypointCreationPhase.cpp:
2433         (JSC::DFG::OSREntrypointCreationPhase::run):
2434         * dfg/DFGOSRExit.cpp:
2435         * dfg/DFGOSRExit.h:
2436         * dfg/DFGOSRExitBase.cpp:
2437         * dfg/DFGOSRExitBase.h:
2438         (JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
2439         * dfg/DFGPredictionPropagationPhase.cpp:
2440         (JSC::DFG::PredictionPropagationPhase::propagate):
2441         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
2442         * dfg/DFGSSAConversionPhase.cpp:
2443         (JSC::DFG::SSAConversionPhase::run):
2444         * dfg/DFGSafeToExecute.h:
2445         (JSC::DFG::safeToExecute):
2446         * dfg/DFGSpeculativeJIT.cpp:
2447         (JSC::DFG::SpeculativeJIT::speculationCheck):
2448         (JSC::DFG::SpeculativeJIT::emitInvalidationPoint):
2449         (JSC::DFG::SpeculativeJIT::typeCheck):
2450         (JSC::DFG::SpeculativeJIT::compileMovHint):
2451         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2452         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
2453         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2454         * dfg/DFGSpeculativeJIT.h:
2455         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2456         (JSC::DFG::SpeculativeJIT::needsTypeCheck):
2457         * dfg/DFGSpeculativeJIT32_64.cpp:
2458         (JSC::DFG::SpeculativeJIT::compile):
2459         * dfg/DFGSpeculativeJIT64.cpp:
2460         (JSC::DFG::SpeculativeJIT::compile):
2461         * dfg/DFGTypeCheckHoistingPhase.cpp:
2462         (JSC::DFG::TypeCheckHoistingPhase::run):
2463         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
2464         (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
2465         * dfg/DFGValidate.cpp:
2466         (JSC::DFG::Validate::validateCPS):
2467         * dfg/DFGVariableAccessData.h:
2468         (JSC::DFG::VariableAccessData::VariableAccessData):
2469         * dfg/DFGVariableEventStream.cpp:
2470         (JSC::DFG::VariableEventStream::reconstruct):
2471         * ftl/FTLCapabilities.cpp:
2472         (JSC::FTL::canCompile):
2473         * ftl/FTLLowerDFGToLLVM.cpp:
2474         (JSC::FTL::LowerDFGToLLVM::compileNode):
2475         (JSC::FTL::LowerDFGToLLVM::compileGetArgument):
2476         (JSC::FTL::LowerDFGToLLVM::compileSetLocal):
2477         (JSC::FTL::LowerDFGToLLVM::compileMovHint):
2478         (JSC::FTL::LowerDFGToLLVM::compileZombieHint):
2479         (JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
2480         (JSC::FTL::LowerDFGToLLVM::speculate):
2481         (JSC::FTL::LowerDFGToLLVM::typeCheck):
2482         (JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
2483         (JSC::FTL::LowerDFGToLLVM::appendOSRExit):
2484         (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
2485         * ftl/FTLOSRExit.cpp:
2486         * ftl/FTLOSRExit.h:
2487         * tests/stress/dead-int32-to-double.js: Added.
2488         (foo):
2489         * tests/stress/dead-uint32-to-number.js: Added.
2490         (foo):
2491
2492 2013-12-25  Commit Queue  <commit-queue@webkit.org>
2493
2494         Unreviewed, rolling out r161033 and r161074.
2495         http://trac.webkit.org/changeset/161033
2496         http://trac.webkit.org/changeset/161074
2497         https://bugs.webkit.org/show_bug.cgi?id=126240
2498
2499         Oliver says that a rollout would be better (Requested by ap on
2500         #webkit).
2501
2502         * API/JSObjectRef.cpp:
2503         (JSObjectSetProperty):
2504         * dfg/DFGOperations.cpp:
2505         (JSC::DFG::operationPutByValInternal):
2506         * interpreter/Interpreter.cpp:
2507         (JSC::Interpreter::execute):
2508         * jit/JITOperations.cpp:
2509         * llint/LLIntSlowPaths.cpp:
2510         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2511         * runtime/Arguments.cpp:
2512         (JSC::Arguments::putByIndex):
2513         * runtime/ArrayPrototype.cpp:
2514         (JSC::putProperty):
2515         (JSC::arrayProtoFuncPush):
2516         * runtime/JSCJSValue.cpp:
2517         (JSC::JSValue::putToPrimitiveByIndex):
2518         * runtime/JSCell.cpp:
2519         (JSC::JSCell::putByIndex):
2520         * runtime/JSFunction.cpp:
2521         (JSC::JSFunction::put):
2522         * runtime/JSGenericTypedArrayViewInlines.h:
2523         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2524         * runtime/JSONObject.cpp:
2525         (JSC::Walker::walk):
2526         * runtime/JSObject.cpp:
2527         (JSC::JSObject::putByIndex):
2528         (JSC::JSObject::putDirectNonIndexAccessor):
2529         (JSC::JSObject::deleteProperty):
2530         * runtime/JSObject.h:
2531         (JSC::JSObject::putDirect):
2532         * runtime/Lookup.h:
2533         (JSC::putEntry):
2534         (JSC::lookupPut):
2535         * runtime/PutPropertySlot.h:
2536         (JSC::PutPropertySlot::PutPropertySlot):
2537         (JSC::PutPropertySlot::setNewProperty):
2538         (JSC::PutPropertySlot::isCacheable):
2539
2540 2013-12-25  Filip Pizlo  <fpizlo@apple.com>
2541
2542         DFG PhantomArguments shouldn't rely on a dead Phi graph
2543         https://bugs.webkit.org/show_bug.cgi?id=126218
2544
2545         Reviewed by Oliver Hunt.
2546         
2547         This change dramatically rationalizes our handling of PhantomArguments (i.e.
2548         speculative elision of arguments object allocation).
2549         
2550         It's now the case that if we decide that we can elide arguments allocation, we just
2551         turn the arguments-creating node into a PhantomArguments and mark all locals that
2552         it's stored to as being arguments aliases. Being an arguments alias and being a
2553         PhantomArguments means basically the same thing: in DFG execution you have the empty
2554         value, on OSR exit an arguments object is allocated in your place, and all operations
2555         that use the value now just refer directly to the actual arguments in the call frame
2556         header (or the arguments we know that we passed to the call, in case of inlining).
2557         
2558         This means that we no longer have arguments simplification creating a dead Phi graph
2559         that then has to be interpreted by the OSR exit logic. That sort of never made any
2560         sense.
2561         
2562         This means that PhantomArguments now has a clear story in SSA: basically SSA just
2563         gets rid of the "locals" but everything else is the same.
2564         
2565         Finally, this means that we can more easily get rid of forward exiting. As I was
2566         working on the code to get rid of forward exiting, I realized that I'd have to
2567         carefully preserve the special meanings of MovHint and SetLocal in the case of
2568         PhantomArguments. It was really bizarre: even the semantics of MovHint were tied to
2569         our specific treatment of PhantomArguments. After this change this is no longer the
2570         case.
2571         
2572         One of the really cool things about this change is that arguments reification now
2573         just becomes a special kind of FlushFormat. This further unifies things: it means
2574         that a MovHint(PhantomArguments) and a SetLocal(PhantomArguments) both have the same
2575         meaning, since both of them dictate that the way we recover the local on exit is by
2576         reifying arguments. Previously, the SetLocal(PhantomArguments) case needed some
2577         special handling to accomplish this.
2578         
2579         A downside of this approach is that we will now emit code to store the empty value
2580         into aliased arguments variables, and we will even emit code to load that empty value
2581         as well. As far as I can tell this doesn't cost anything, since PhantomArguments are
2582         most profitable in cases where it allows us to simplify control flow and kill the
2583         arguments locals entirely. Of course, this isn't an issue in SSA form since SSA form
2584         also eliminates the locals.
2585
2586         * dfg/DFGArgumentsSimplificationPhase.cpp:
2587         (JSC::DFG::ArgumentsSimplificationPhase::run):
2588         (JSC::DFG::ArgumentsSimplificationPhase::detypeArgumentsReferencingPhantomChild):
2589         * dfg/DFGFlushFormat.cpp:
2590         (WTF::printInternal):
2591         * dfg/DFGFlushFormat.h:
2592         (JSC::DFG::resultFor):
2593         (JSC::DFG::useKindFor):
2594         (JSC::DFG::dataFormatFor):
2595         * dfg/DFGSpeculativeJIT.cpp:
2596         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
2597         * dfg/DFGSpeculativeJIT32_64.cpp:
2598         (JSC::DFG::SpeculativeJIT::compile):
2599         * dfg/DFGSpeculativeJIT64.cpp:
2600         (JSC::DFG::SpeculativeJIT::compile):
2601         * dfg/DFGValueSource.h:
2602         (JSC::DFG::ValueSource::ValueSource):
2603         (JSC::DFG::ValueSource::forFlushFormat):
2604         * dfg/DFGVariableAccessData.h:
2605         (JSC::DFG::VariableAccessData::flushFormat):
2606         * ftl/FTLLowerDFGToLLVM.cpp:
2607         (JSC::FTL::LowerDFGToLLVM::buildExitArguments):
2608
2609 2013-12-23  Oliver Hunt  <oliver@apple.com>
2610
2611         Refactor PutPropertySlot to be aware of custom properties
2612         https://bugs.webkit.org/show_bug.cgi?id=126187
2613
2614         Reviewed by msaboff.
2615
2616         Refactor PutPropertySlot, making the constructor take the thisValue
2617         used as a target.  This results in a wide range of boilerplate changes
2618         to pass the new parameter.
2619
2620         * API/JSObjectRef.cpp:
2621         (JSObjectSetProperty):
2622         * dfg/DFGOperations.cpp:
2623         (JSC::DFG::operationPutByValInternal):
2624         * interpreter/Interpreter.cpp:
2625         (JSC::Interpreter::execute):
2626         * jit/JITOperations.cpp:
2627         * llint/LLIntSlowPaths.cpp:
2628         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2629         * runtime/Arguments.cpp:
2630         (JSC::Arguments::putByIndex):
2631         * runtime/ArrayPrototype.cpp:
2632         (JSC::putProperty):
2633         (JSC::arrayProtoFuncPush):
2634         * runtime/JSCJSValue.cpp:
2635         (JSC::JSValue::putToPrimitiveByIndex):
2636         * runtime/JSCell.cpp:
2637         (JSC::JSCell::putByIndex):
2638         * runtime/JSFunction.cpp:
2639         (JSC::JSFunction::put):
2640         * runtime/JSGenericTypedArrayViewInlines.h:
2641         (JSC::JSGenericTypedArrayView<Adaptor>::putByIndex):
2642         * runtime/JSONObject.cpp:
2643         (JSC::Walker::walk):
2644         * runtime/JSObject.cpp:
2645         (JSC::JSObject::putByIndex):
2646         (JSC::JSObject::putDirectNonIndexAccessor):
2647         (JSC::JSObject::deleteProperty):
2648         * runtime/JSObject.h:
2649         (JSC::JSObject::putDirect):
2650         * runtime/Lookup.h:
2651         (JSC::putEntry):
2652         (JSC::lookupPut):
2653         * runtime/PutPropertySlot.h:
2654         (JSC::PutPropertySlot::PutPropertySlot):
2655         (JSC::PutPropertySlot::setCustomProperty):
2656         (JSC::PutPropertySlot::thisValue):
2657         (JSC::PutPropertySlot::isCacheable):
2658
2659 2013-12-23  Benjamin Poulain  <benjamin@webkit.org>
2660
2661         Add class matching to the Selector Code Generator
2662         https://bugs.webkit.org/show_bug.cgi?id=126176
2663
2664         Reviewed by Antti Koivisto and Oliver Hunt.
2665
2666         Add test and branch based on BaseIndex addressing for x86_64.
2667         Fast loops are needed to compete with clang on tight loops.
2668
2669         * assembler/MacroAssembler.h:
2670         * assembler/MacroAssemblerX86_64.h:
2671         (JSC::MacroAssemblerX86_64::branch64):
2672         (JSC::MacroAssemblerX86_64::branchPtr):
2673         * assembler/X86Assembler.h:
2674         (JSC::X86Assembler::cmpq_rm):
2675
2676 2013-12-23  Oliver Hunt  <oliver@apple.com>
2677
2678         Update custom setter implementations to perform type checks
2679         https://bugs.webkit.org/show_bug.cgi?id=126171
2680
2681         Reviewed by Daniel Bates.
2682
2683         Modify the setter function signature to take encoded values
2684         as we're changing the setter usage everywhere anyway.
2685
2686         * runtime/Lookup.h:
2687         (JSC::putEntry):
2688
2689 2013-12-23  Lucas Forschler  <lforschler@apple.com>
2690
2691         <rdar://problem/15682948> Update copyright strings
2692         
2693         Reviewed by Dan Bernstein.
2694
2695         * Info.plist:
2696         * JavaScriptCore.vcxproj/JavaScriptCore.resources/Info.plist:
2697
2698 2013-12-23  Zan Dobersek  <zdobersek@igalia.com>
2699
2700         [GTK] Clean up compiler optimizations flags for libWTF, libJSC
2701         https://bugs.webkit.org/show_bug.cgi?id=126157
2702
2703         Reviewed by Gustavo Noronha Silva.
2704
2705         * GNUmakefile.am: Remove the -fstrict-aliasing and -O3 compiler flags for libWTF.la. -O3 gets
2706         overridden by -O2 that's listed in CXXFLAGS (or -O0 in case of debug builds) and -fstrict-aliasing
2707         is enabled when -O2 is used (and shouldn't be enabled in debug builds anyway).
2708
2709 2013-12-22  Martin Robinson  <mrobinson@igalia.com>
2710
2711         [CMake] Fix typo from r160812
2712         https://bugs.webkit.org/show_bug.cgi?id=126145
2713
2714         Reviewed by Gustavo Noronha Silva.
2715
2716         * CMakeLists.txt: Fix typo when detecting the type of library.
2717
2718 2013-12-22  Martin Robinson  <mrobinson@igalia.com>
2719
2720         [GTK][CMake] libtool-compatible soversion calculation
2721         https://bugs.webkit.org/show_bug.cgi?id=125511
2722
2723         Reviewed by Gustavo Noronha Silva.
2724
2725         * CMakeLists.txt: Use the POPULATE_LIBRARY_VERSION macro and the
2726         library-specific version information.
2727
2728 2013-12-23  Gustavo Noronha Silva  <gns@gnome.org>
2729
2730         [GTK] [CMake] Generate pkg-config files
2731         https://bugs.webkit.org/show_bug.cgi?id=125685
2732
2733         Reviewed by Martin Robinson.
2734
2735         * PlatformGTK.cmake: Added. Generate javascriptcoregtk-3.0.pc.
2736
2737 2013-12-22  Benjamin Poulain  <benjamin@webkit.org>
2738
2739         Create a skeleton for CSS Selector code generation
2740         https://bugs.webkit.org/show_bug.cgi?id=126044
2741
2742         Reviewed by Antti Koivisto and Gavin Barraclough.
2743
2744         * assembler/LinkBuffer.h:
2745         Add a new owner UID for code compiled for CSS.
2746         Export the symbols needed to link code from WebCore.
2747
2748 2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2749
2750         Clean up DFG write barriers
2751         https://bugs.webkit.org/show_bug.cgi?id=126047
2752
2753         Reviewed by Filip Pizlo.
2754
2755         * dfg/DFGSpeculativeJIT.cpp:
2756         (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): Use the register allocator to 
2757         determine which registers need saving instead of saving every single one of them.
2758         (JSC::DFG::SpeculativeJIT::osrWriteBarrier): We don't need to save live register state 
2759         because the write barriers during OSR execute when there are no live registers. Also we  
2760         don't need to use pushes to pad the stack pointer for pokes on x86; we can just use an add.
2761         (JSC::DFG::SpeculativeJIT::writeBarrier):
2762         * dfg/DFGSpeculativeJIT.h:
2763         * jit/Repatch.cpp:
2764         (JSC::emitPutReplaceStub):
2765         (JSC::emitPutTransitionStub):
2766         * runtime/VM.h: Get rid of writeBarrierRegisterBuffer since it's no longer used.
2767
2768 2013-12-20  Balazs Kilvady  <kilvadyb@homejinni.com>
2769
2770         [MIPS] Missing MacroAssemblerMIPS::branchTest8(ResultCondition, BaseIndex, TrustedImm32)
2771         https://bugs.webkit.org/show_bug.cgi?id=126062
2772
2773         Reviewed by Mark Hahnenberg.
2774
2775         * assembler/MacroAssemblerMIPS.h:
2776         (JSC::MacroAssemblerMIPS::branchTest8):
2777
2778 2013-12-20  Julien Brianceau  <jbriance@cisco.com>
2779
2780         [sh4] Add missing implementation in MacroAssembler to fix build.
2781         https://bugs.webkit.org/show_bug.cgi?id=126063
2782
2783         Reviewed by Mark Hahnenberg.
2784
2785         * assembler/MacroAssemblerSH4.h:
2786         (JSC::MacroAssemblerSH4::branchTest8):
2787
2788 2013-12-20  Julien Brianceau  <jbriance@cisco.com>
2789
2790         [arm] Add missing implementation in MacroAssembler to fix CPU(ARM_TRADITIONAL) build.
2791         https://bugs.webkit.org/show_bug.cgi?id=126064
2792
2793         Reviewed by Mark Hahnenberg.
2794
2795         * assembler/MacroAssemblerARM.h:
2796         (JSC::MacroAssemblerARM::branchTest8):
2797
2798 2013-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2799
2800         Web Inspector: Add InspectorFrontendHost.debuggableType to let the frontend know it's backend is JavaScript or Web
2801         https://bugs.webkit.org/show_bug.cgi?id=126016
2802
2803         Reviewed by Timothy Hatcher.
2804
2805         * inspector/remote/RemoteInspector.mm:
2806         (Inspector::RemoteInspector::listingForDebuggable):
2807         * inspector/remote/RemoteInspectorConstants.h:
2808         Include a debuggable type identifier in the debuggable listing,
2809         so the remote frontend can know if it is debugging a Web Page
2810         or JS Context.
2811
2812 2013-12-19  Benjamin Poulain  <benjamin@webkit.org>
2813
2814         Add an utility class to simplify generating function calls
2815         https://bugs.webkit.org/show_bug.cgi?id=125972
2816
2817         Reviewed by Geoffrey Garen.
2818
2819         Split branchTest32 in two functions: test32AndSetFlags and branchOnFlags.
2820         This is done to allow code where the flags are set, multiple operation that
2821         do not modify the flags occur, then the flags are used.
2822
2823         This is used for function calls to test the return value while discarding the
2824         return register.
2825
2826         * assembler/MacroAssemblerX86Common.h:
2827         (JSC::MacroAssemblerX86Common::test32AndSetFlags):
2828         (JSC::MacroAssemblerX86Common::branchOnFlags):
2829         (JSC::MacroAssemblerX86Common::branchTest32):
2830
2831 2013-12-19  Mark Hahnenberg  <mhahnenberg@apple.com>
2832
2833         Put write barriers in the right places in the baseline JIT
2834         https://bugs.webkit.org/show_bug.cgi?id=125975
2835
2836         Reviewed by Filip Pizlo.
2837
2838         * jit/JIT.cpp:
2839         (JSC::JIT::privateCompileSlowCases):
2840         * jit/JIT.h:
2841         * jit/JITInlines.h:
2842         (JSC::JIT::callOperation):
2843         (JSC::JIT::emitArrayProfilingSite):
2844         * jit/JITOpcodes.cpp:
2845         (JSC::JIT::emit_op_enter):
2846         (JSC::JIT::emitSlow_op_enter):
2847         * jit/JITOpcodes32_64.cpp:
2848         (JSC::JIT::emit_op_enter):
2849         (JSC::JIT::emitSlow_op_enter):
2850         * jit/JITPropertyAccess.cpp:
2851         (JSC::JIT::emit_op_put_by_val):
2852         (JSC::JIT::emitGenericContiguousPutByVal):
2853         (JSC::JIT::emitArrayStoragePutByVal):
2854         (JSC::JIT::emit_op_put_by_id):
2855         (JSC::JIT::emitPutGlobalProperty):
2856         (JSC::JIT::emitPutGlobalVar):
2857         (JSC::JIT::emitPutClosureVar):
2858         (JSC::JIT::emit_op_init_global_const):
2859         (JSC::JIT::checkMarkWord):
2860         (JSC::JIT::emitWriteBarrier):
2861         (JSC::JIT::privateCompilePutByVal):
2862         * jit/JITPropertyAccess32_64.cpp:
2863         (JSC::JIT::emitGenericContiguousPutByVal):
2864         (JSC::JIT::emitArrayStoragePutByVal):
2865         (JSC::JIT::emit_op_put_by_id):
2866         (JSC::JIT::emitSlow_op_put_by_id):
2867         (JSC::JIT::emitPutGlobalProperty):
2868         (JSC::JIT::emitPutGlobalVar):
2869         (JSC::JIT::emitPutClosureVar):
2870         (JSC::JIT::emit_op_init_global_const):
2871         * jit/Repatch.cpp:
2872         (JSC::emitPutReplaceStub):
2873         (JSC::emitPutTransitionStub):
2874         (JSC::repatchPutByID):
2875         * runtime/CommonSlowPaths.cpp:
2876         (JSC::SLOW_PATH_DECL):
2877         * runtime/CommonSlowPaths.h:
2878
2879 2013-12-19  Brent Fulgham  <bfulgham@apple.com>
2880
2881         Implement ArrayBuffer.isView
2882         https://bugs.webkit.org/show_bug.cgi?id=126004
2883
2884         Reviewed by Filip Pizlo.
2885
2886         Test coverage in webgl/1.0.2/resources/webgl_test_files/conformance/typedarrays/array-unit-tests.html
2887
2888         * runtime/JSArrayBufferConstructor.cpp:
2889         (JSC::JSArrayBufferConstructor::finishCreation): Add 'isView' to object constructor.
2890         (JSC::arrayBufferFuncIsView): New method.
2891
2892 2013-12-19  Mark Lam  <mark.lam@apple.com>
2893
2894         Fix broken C loop LLINT build.
2895         https://bugs.webkit.org/show_bug.cgi?id=126024.
2896
2897         Reviewed by Oliver Hunt.
2898
2899         * runtime/VM.h:
2900
2901 2013-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
2902
2903         DelayedReleaseScope is in the wrong place
2904         https://bugs.webkit.org/show_bug.cgi?id=125876
2905
2906         Reviewed by Geoffrey Garen.
2907
2908         The DelayedReleaseScope needs to be around the free list sweeping in MarkedAllocator::tryAllocateHelper. 
2909         This location gives us a good safe point between getting ready to allocate  (i.e. identifying a non-empty 
2910         free list) and doing the actual allocation (popping the free list).
2911
2912         * heap/MarkedAllocator.cpp:
2913         (JSC::MarkedAllocator::tryAllocateHelper):
2914         (JSC::MarkedAllocator::allocateSlowCase):
2915         (JSC::MarkedAllocator::addBlock):
2916         * runtime/JSCellInlines.h:
2917         (JSC::allocateCell):
2918
2919 2013-12-18  Gustavo Noronha Silva  <gns@gnome.org>
2920
2921         [GTK][CMake] make libjavascriptcoregtk a public shared library again
2922         https://bugs.webkit.org/show_bug.cgi?id=125512
2923
2924         Reviewed by Martin Robinson.
2925
2926         * CMakeLists.txt: use target type instead of SHARED_CORE to decide whether
2927         JavaScriptCore is a shared library, since it's always shared for GTK+ regardless
2928         of SHARED_CORE.
2929
2930 2013-12-18  Benjamin Poulain  <benjamin@webkit.org>
2931
2932         Add a simple stack abstraction for x86_64
2933         https://bugs.webkit.org/show_bug.cgi?id=125908
2934
2935         Reviewed by Geoffrey Garen.
2936
2937         * assembler/MacroAssemblerX86_64.h:
2938         (JSC::MacroAssemblerX86_64::addPtrNoFlags):
2939         Add an explicit abstraction for the "lea" instruction. This is needed
2940         by the experimental JIT to have add and substract without changing the flags.
2941
2942         This is useful for function calls to test the return value, restore the registers,
2943         then branch on the flags from the return value.
2944
2945 2013-12-18  Mark Hahnenberg  <mhahnenberg@apple.com>
2946
2947         DFG should have a separate StoreBarrier node
2948         https://bugs.webkit.org/show_bug.cgi?id=125530
2949
2950         Reviewed by Filip Pizlo.
2951
2952         This is in preparation for GenGC. We use a separate StoreBarrier node instead of making them implicitly 
2953         part of other nodes so that it's easier to run analyses on them, e.g. for the StoreBarrierElisionPhase. 
2954         They are inserted during the fixup phase. Initially they do not generate any code.
2955
2956         * CMakeLists.txt:
2957         * GNUmakefile.list.am:
2958         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2959         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2960         * JavaScriptCore.xcodeproj/project.pbxproj:
2961         * dfg/DFGAbstractHeap.h:
2962         * dfg/DFGAbstractInterpreter.h:
2963         (JSC::DFG::AbstractInterpreter::isKnownNotCell):
2964         * dfg/DFGAbstractInterpreterInlines.h:
2965         (JSC::DFG::::executeEffects):
2966         * dfg/DFGClobberize.h:
2967         (JSC::DFG::clobberizeForAllocation):
2968         (JSC::DFG::clobberize):
2969         * dfg/DFGConstantFoldingPhase.cpp:
2970         (JSC::DFG::ConstantFoldingPhase::foldConstants): Whenever we insert new nodes that require StoreBarriers,
2971         we have to add those new StoreBarriers too. It's important to note that AllocatePropertyStorage and 
2972         ReallocatePropertyStorage nodes require their StoreBarriers to come after them since they allocate first,
2973         which could cause a GC, and then store the resulting buffer into their JSCell, which requires the barrier.
2974         If we ever require that write barriers occur before stores, we'll have to split these nodes into 
2975         AllocatePropertyStorage + StoreBarrier + PutPropertyStorage.
2976         * dfg/DFGFixupPhase.cpp:
2977         (JSC::DFG::FixupPhase::fixupNode):
2978         (JSC::DFG::FixupPhase::insertStoreBarrier):
2979         * dfg/DFGNode.h:
2980         (JSC::DFG::Node::isStoreBarrier):
2981         * dfg/DFGNodeType.h:
2982         * dfg/DFGOSRExitCompiler32_64.cpp:
2983         (JSC::DFG::OSRExitCompiler::compileExit):
2984         * dfg/DFGOSRExitCompiler64.cpp:
2985         (JSC::DFG::OSRExitCompiler::compileExit):
2986         * dfg/DFGPlan.cpp:
2987         (JSC::DFG::Plan::compileInThreadImpl):
2988         * dfg/DFGPredictionPropagationPhase.cpp:
2989         (JSC::DFG::PredictionPropagationPhase::propagate):
2990         * dfg/DFGSafeToExecute.h:
2991         (JSC::DFG::safeToExecute):
2992         * dfg/DFGSpeculativeJIT.cpp:
2993         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2994         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2995         (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
2996         (JSC::DFG::SpeculativeJIT::genericWriteBarrier): The fast path write barrier check. It loads the 
2997         byte that contains the mark bit of the object. 
2998         (JSC::DFG::SpeculativeJIT::storeToWriteBarrierBuffer): If the fast path check fails we try to store the 
2999         cell in the WriteBarrierBuffer so as to avoid frequently flushing all registers in order to make a C call.
3000         (JSC::DFG::SpeculativeJIT::writeBarrier):
3001         (JSC::DFG::SpeculativeJIT::osrWriteBarrier): More barebones version of the write barrier to be executed 
3002         during an OSR exit into baseline code. We must do this so that the baseline JIT object and array profiles 
3003         are properly cleared during GC.
3004         * dfg/DFGSpeculativeJIT.h:
3005         (JSC::DFG::SpeculativeJIT::callOperation):
3006         * dfg/DFGSpeculativeJIT32_64.cpp:
3007         (JSC::DFG::SpeculativeJIT::cachedPutById):
3008         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
3009         (JSC::DFG::SpeculativeJIT::compile):
3010         (JSC::DFG::SpeculativeJIT::writeBarrier):
3011         * dfg/DFGSpeculativeJIT64.cpp:
3012         (JSC::DFG::SpeculativeJIT::cachedPutById):
3013         (JSC::DFG::SpeculativeJIT::compileBaseValueStoreBarrier):
3014         (JSC::DFG::SpeculativeJIT::compile):
3015         (JSC::DFG::SpeculativeJIT::writeBarrier):
3016         * dfg/DFGStoreBarrierElisionPhase.cpp: Added. New DFG phase that does block-local elision of redundant
3017         StoreBarriers. Every time a StoreBarrier on a particular object is executed, a bit is set indicating that 
3018         that object doesn't need any more StoreBarriers. 
3019         (JSC::DFG::StoreBarrierElisionPhase::StoreBarrierElisionPhase):
3020         (JSC::DFG::StoreBarrierElisionPhase::couldCauseGC): Nodes that could cause a GC reset the bits for all of the 
3021         objects known in the current block. 
3022         (JSC::DFG::StoreBarrierElisionPhase::allocatesFreshObject): A node that creates a new object automatically 
3023         sets the bit for that object since if a GC occurred as the result of that object's allocation then that 
3024         object would not need a barrier since it would be guaranteed to be a young generation object until the 
3025         next GC point.
3026         (JSC::DFG::StoreBarrierElisionPhase::noticeFreshObject):
3027         (JSC::DFG::StoreBarrierElisionPhase::getBaseOfStore):
3028         (JSC::DFG::StoreBarrierElisionPhase::shouldBeElided):
3029         (JSC::DFG::StoreBarrierElisionPhase::elideBarrier):
3030         (JSC::DFG::StoreBarrierElisionPhase::handleNode):
3031         (JSC::DFG::StoreBarrierElisionPhase::handleBlock):
3032         (JSC::DFG::StoreBarrierElisionPhase::run):
3033         (JSC::DFG::performStoreBarrierElision):
3034         * dfg/DFGStoreBarrierElisionPhase.h: Added.
3035         * heap/Heap.cpp:
3036         (JSC::Heap::Heap):
3037         (JSC::Heap::flushWriteBarrierBuffer):
3038         * heap/Heap.h:
3039         (JSC::Heap::writeBarrier):
3040         * heap/MarkedBlock.h:
3041         (JSC::MarkedBlock::offsetOfMarks):
3042         * heap/WriteBarrierBuffer.cpp: Added. The WriteBarrierBuffer buffers a set of JSCells that are awaiting 
3043         a pending WriteBarrier. This buffer is used by the DFG to avoid the overhead of calling out to C repeatedly
3044         to invoke a write barrier on a single JSCell. Instead the DFG has inline code to fill the WriteBarrier buffer
3045         until its full, and then to call out to C to flush it. The WriteBarrierBuffer will also be flushed prior to 
3046         each EdenCollection.
3047         (JSC::WriteBarrierBuffer::WriteBarrierBuffer):
3048         (JSC::WriteBarrierBuffer::~WriteBarrierBuffer):
3049         (JSC::WriteBarrierBuffer::flush):
3050         (JSC::WriteBarrierBuffer::reset):
3051         (JSC::WriteBarrierBuffer::add):
3052         * heap/WriteBarrierBuffer.h: Added.
3053         (JSC::WriteBarrierBuffer::currentIndexOffset):
3054         (JSC::WriteBarrierBuffer::capacityOffset):
3055         (JSC::WriteBarrierBuffer::bufferOffset):
3056         * jit/JITOperations.cpp:
3057         * jit/JITOperations.h:
3058         * runtime/VM.h:
3059
3060 2013-12-18  Carlos Garcia Campos  <cgarcia@igalia.com>
3061
3062         Unreviewed. Fix make distcheck.
3063
3064         * GNUmakefile.am:
3065
3066 2013-12-17  Julien Brianceau  <jbriance@cisco.com>
3067
3068         Fix armv7 and sh4 builds.
3069         https://bugs.webkit.org/show_bug.cgi?id=125848
3070
3071         Reviewed by Csaba Osztrogonác.
3072
3073         * assembler/ARMv7Assembler.h: Include limits.h for INT_MIN.
3074         * assembler/SH4Assembler.h: Include limits.h for INT_MIN.
3075
3076 2013-12-16  Oliver Hunt  <oliver@apple.com>
3077
3078         Avoid indirect function calls for custom getters
3079         https://bugs.webkit.org/show_bug.cgi?id=125821
3080
3081         Reviewed by Mark Hahnenberg.
3082
3083         Rather than invoking a helper function to perform an indirect call
3084         through a function pointer, just have the JIT call the function directly.
3085
3086         Unfortunately this only works in JSVALUE64 at the moment as there
3087         is not an obvious way to pass two EncodedJSValues uniformly over
3088         the various effected JITs.
3089
3090         * jit/CCallHelpers.h:
3091         (JSC::CCallHelpers::setupArguments):
3092         * jit/Repatch.cpp:
3093         (JSC::generateProtoChainAccessStub):
3094         (JSC::tryBuildGetByIDList):
3095
3096 2013-12-16  Joseph Pecoraro  <pecoraro@apple.com>
3097
3098         Fix some whitespace issues in inspector code
3099         https://bugs.webkit.org/show_bug.cgi?id=125814
3100
3101         Reviewed by Darin Adler.
3102
3103         * inspector/protocol/Debugger.json:
3104         * inspector/protocol/Runtime.json:
3105         * inspector/scripts/CodeGeneratorInspector.py:
3106         (Generator.process_command):
3107
3108 2013-12-16  Mark Hahnenberg  <mhahnenberg@apple.com>
3109
3110         Add some missing functions to MacroAssembler
3111         https://bugs.webkit.org/show_bug.cgi?id=125809
3112
3113         Reviewed by Oliver Hunt.
3114
3115         * assembler/AbstractMacroAssembler.h:
3116         * assembler/AssemblerBuffer.h:
3117         * assembler/LinkBuffer.cpp:
3118         * assembler/MacroAssembler.h:
3119         (JSC::MacroAssembler::storePtr):
3120         (JSC::MacroAssembler::andPtr):
3121         * assembler/MacroAssemblerARM64.h:
3122         (JSC::MacroAssemblerARM64::and64):
3123         (JSC::MacroAssemblerARM64::branchTest8):
3124         * assembler/MacroAssemblerARMv7.h:
3125         (JSC::MacroAssemblerARMv7::branchTest8):
3126         * assembler/X86Assembler.h:
3127
3128 2013-12-16  Brent Fulgham  <bfulgham@apple.com>
3129
3130         [Win] Remove dead code after conversion to VS2013
3131         https://bugs.webkit.org/show_bug.cgi?id=125795
3132
3133         Reviewed by Darin Adler.
3134
3135         * API/tests/testapi.c: Remove local nan implementation
3136
3137 2013-12-16  Oliver Hunt  <oliver@apple.com>
3138
3139         Cache getters and custom accessors on the prototype chain
3140         https://bugs.webkit.org/show_bug.cgi?id=125602
3141
3142         Reviewed by Michael Saboff.
3143
3144         Support caching of custom getters and accessors on the prototype chain.
3145         This is relatively trivial and just requires a little work compared to
3146         the direct access mode as we're under more register pressure.
3147
3148         * bytecode/StructureStubInfo.h:
3149           Removed the unsued initGetByIdProto as it was confusing to still have it present.
3150         * jit/Repatch.cpp:
3151         (JSC::generateProtoChainAccessStub):
3152         (JSC::tryCacheGetByID):
3153         (JSC::tryBuildGetByIDList):
3154
3155 2013-12-16  Mark Lam  <mark.lam@apple.com>
3156
3157         Change slow path result to take a void* instead of a ExecState*.
3158         https://bugs.webkit.org/show_bug.cgi?id=125802.
3159
3160         Reviewed by Filip Pizlo.
3161
3162         This is in preparation for C Stack OSR entry work that is coming soon.
3163         In the OSR entry case, we'll be returning a topOfFrame pointer value
3164         instead of the ExecState*.
3165
3166         * offlineasm/cloop.rb:
3167         * runtime/CommonSlowPaths.h:
3168         (JSC::encodeResult):
3169         (JSC::decodeResult):
3170
3171 2013-12-16  Alex Christensen  <achristensen@webkit.org>
3172
3173         Fixed Win64 build on VS2013.
3174         https://bugs.webkit.org/show_bug.cgi?id=125753
3175
3176         Reviewed by Brent Fulgham.
3177
3178         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3179         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj:
3180         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj:
3181         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj:
3182         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
3183         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj:
3184         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
3185         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
3186         Added correct PlatformToolset for 64-bit builds.
3187
3188 2013-12-16  Peter Szanka  <h868064@stud.u-szeged.hu>
3189
3190         Delete RVCT related code parts.
3191         https://bugs.webkit.org/show_bug.cgi?id=125626
3192
3193         Reviewed by Darin Adler.
3194
3195         * assembler/ARMAssembler.cpp:
3196         * assembler/ARMAssembler.h:
3197         (JSC::ARMAssembler::cacheFlush):
3198         * assembler/MacroAssemblerARM.cpp:
3199         (JSC::isVFPPresent):
3200         * jit/JITStubsARM.h:
3201         * jit/JITStubsARMv7.h:
3202
3203 2013-12-15  Ryosuke Niwa  <rniwa@webkit.org>
3204
3205         REGRESSION: 2x regression on Dromaeo DOM query tests
3206         https://bugs.webkit.org/show_bug.cgi?id=125377
3207
3208         Reviewed by Filip Pizlo.
3209
3210         The bug was caused by JSC not JIT'ing property access on "document" due to its type info having
3211         HasImpureGetOwnPropertySlot flag.
3212
3213         Fixed the bug by new type info flag NewImpurePropertyFiresWatchpoints, which allows the baseline
3214         JIT to generate byte code for access properties on an object with named properties (a.k.a.
3215         custom name getter) in DOM. When a new named property appears on the object, VM is notified via
3216         VM::addImpureProperty and fires StructureStubClearingWatchpoint added during the repatch.
3217
3218         * bytecode/GetByIdStatus.cpp:
3219         (JSC::GetByIdStatus::computeFromLLInt): Take the slow path if we have any object with impure
3220         properties in the prototype chain.
3221         (JSC::GetByIdStatus::computeForChain): Ditto.
3222
3223         * jit/Repatch.cpp:
3224         (JSC::repatchByIdSelfAccess): Throw away the byte code when a new impure property is added on any
3225         object in the prototype chain via StructureStubClearingWatchpoint.
3226         (JSC::generateProtoChainAccessStub): Ditto.
3227         (JSC::tryCacheGetByID):
3228         (JSC::tryBuildGetByIDList):
3229         (JSC::tryRepatchIn): Ditto.
3230
3231         * runtime/JSTypeInfo.h: Added NewImpurePropertyFiresWatchpoints.
3232         (JSC::TypeInfo::newImpurePropertyFiresWatchpoints): Added.
3233
3234         * runtime/Operations.h:
3235         (JSC::normalizePrototypeChainForChainAccess): Don't exit early if VM will be notified of new
3236         impure property even if the object had impure properties.
3237
3238         * runtime/Structure.h:
3239         (JSC::Structure::takesSlowPathInDFGForImpureProperty): Added. Wraps hasImpureGetOwnPropertySlot and
3240         asserts that newImpurePropertyFiresWatchpoints is true whenever hasImpureGetOwnPropertySlot is true.
3241
3242         * runtime/VM.cpp:
3243         (JSC::VM::registerWatchpointForImpureProperty): Added.
3244         (JSC::VM::addImpureProperty): Added. HTMLDocument calls it to notify JSC of a new impure property.
3245
3246         * runtime/VM.h:
3247
3248 2013-12-15  Andy Estes  <aestes@apple.com>
3249
3250         [iOS] Upstream changes to FeatureDefines.xcconfig
3251         https://bugs.webkit.org/show_bug.cgi?id=125742
3252
3253         Reviewed by Dan Bernstein.
3254
3255         * Configurations/FeatureDefines.xcconfig:
3256
3257 2013-12-14  Filip Pizlo  <fpizlo@apple.com>
3258
3259         FTL should *really* know when things are flushed
3260         https://bugs.webkit.org/show_bug.cgi?id=125747
3261
3262         Reviewed by Sam Weinig.
3263         
3264         Fix more codegen badness. This makes V8v7's crypto am3() function run faster in the FTL
3265         than in DFG. This means that even if we just compile those functions in V8v7 that don't
3266         make calls, the FTL gives us a 2% speed-up over the DFG. That's pretty good considering
3267         that we have still more optimizations to fix and we can make calls work.
3268
3269         * dfg/DFGSSAConversionPhase.cpp:
3270         (JSC::DFG::SSAConversionPhase::run):
3271         * ftl/FTLCompile.cpp:
3272         (JSC::FTL::fixFunctionBasedOnStackMaps):
3273
3274 2013-12-14  Andy Estes  <aestes@apple.com>
3275
3276         Unify FeatureDefines.xcconfig
3277         https://bugs.webkit.org/show_bug.cgi?id=125741
3278
3279         Rubber-stamped by Dan Bernstein.
3280
3281         * Configurations/FeatureDefines.xcconfig: Enable ENABLE_MEDIA_SOURCE.
3282
3283 2013-12-14  Mark Rowe  <mrowe@apple.com>
3284
3285         Build fix after r160557.
3286
3287         r160557 added the first generated header to JavaScriptCore that needs to be installed in to
3288         the framework wrapper. Sadly JavaScriptCore's Derived Sources target was not set to generate
3289         headers when invoked as part of the installhdrs action. This resulted in the build failing
3290         due to Xcode being unable to find the header file to install. The fix for this is to configure
3291         the Derived Sources target to use JavaScriptCore.xcconfig, which sets INSTALLHDRS_SCRIPT_PHASE
3292         to YES and allows Xcode to generate derived sources during the installhdrs action.
3293
3294         Enabling INSTALLHDRS_SCRIPT_PHASE required tweaking the Generate Derived Sources script build
3295         phase to skip running code related to offlineasm that depends on JSCLLIntOffsetExtractor
3296         having been compiled, which isn't the case at installhdrs time.
3297
3298         * JavaScriptCore.xcodeproj/project.pbxproj:
3299
3300 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3301
3302         Some Set and Map prototype functions have incorrect function lengths
3303         https://bugs.webkit.org/show_bug.cgi?id=125732
3304
3305         Reviewed by Oliver Hunt.
3306
3307         * runtime/MapPrototype.cpp:
3308         (JSC::MapPrototype::finishCreation):
3309         * runtime/SetPrototype.cpp:
3310         (JSC::SetPrototype::finishCreation):
3311
3312 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3313
3314         Web Inspector: Move Inspector and Debugger protocol domains into JavaScriptCore
3315         https://bugs.webkit.org/show_bug.cgi?id=125707
3316
3317         Reviewed by Timothy Hatcher.
3318
3319         * CMakeLists.txt:
3320         * DerivedSources.make:
3321         * GNUmakefile.am:
3322         * inspector/protocol/Debugger.json: Renamed from Source/WebCore/inspector/protocol/Debugger.json.
3323         * inspector/protocol/GenericTypes.json: Added.
3324         * inspector/protocol/InspectorDomain.json: Renamed from Source/WebCore/inspector/protocol/InspectorDomain.json.
3325         Add new files to inspector generation.
3326
3327         * inspector/scripts/CodeGeneratorInspector.py:
3328         (Generator.go):
3329         Only build TypeBuilder output if the domain only has types. Avoid
3330         backend/frontend dispatchers and backend commands.
3331
3332         (TypeBindings.create_type_declaration_.EnumBinding.get_setter_value_expression_pattern):
3333         (format_setter_value_expression):
3334         (Generator.process_command):
3335         (Generator.generate_send_method):
3336         * inspector/scripts/CodeGeneratorInspectorStrings.py:
3337         Export and name the get{JS,Web}EnumConstant function.
3338
3339 2013-12-11  Filip Pizlo  <fpizlo@apple.com>
3340
3341         Get rid of forward exit on UInt32ToNumber by adding an op_unsigned bytecode instruction
3342         https://bugs.webkit.org/show_bug.cgi?id=125553
3343
3344         Reviewed by Oliver Hunt.
3345         
3346         UInt32ToNumber was a super complicated node because it had to do a speculation, but it
3347         would do it after we already had computed the urshift. It couldn't just back to the
3348         beginning of the urshift because the inputs to the urshift weren't necessarily live
3349         anymore. We couldn't jump forward to the beginning of the next instruction because the
3350         result of the urshift was not yet unsigned-converted.
3351         
3352         For a while we solved this by forward-exiting in UInt32ToNumber. But that's really
3353         gross and I want to get rid of all forward exits. They cause a lot of bugs.
3354         
3355         We could also have turned UInt32ToNumber to a backwards exit by forcing the inputs to
3356         the urshift to be live. I figure that this might be a bit too extreme.
3357         
3358         So, I just created a new place that we can exit to: I split op_urshift into op_urshift
3359         followed by op_unsigned. op_unsigned is an "unsigned cast" along the lines of what
3360         UInt32ToNumber does. This allows me to get rid of all of the nastyness in the DFG for
3361         forward exiting in UInt32ToNumber.
3362         
3363         This patch enables massive code carnage in the DFG and FTL, and brings us closer to
3364         eliminating one of the DFG's most confusing concepts. On the flipside, it does make the
3365         bytecode slightly more complex (one new instruction). This is a profitable trade. We
3366         want the DFG and FTL to trend towards simplicity, since they are both currently too
3367         complicated.
3368
3369         * bytecode/BytecodeUseDef.h:
3370         (JSC::computeUsesForBytecodeOffset):
3371         (JSC::computeDefsForBytecodeOffset):
3372         * bytecode/CodeBlock.cpp:
3373         (JSC::CodeBlock::dumpBytecode):
3374         * bytecode/Opcode.h:
3375         (JSC::padOpcodeName):
3376         * bytecode/ValueRecovery.cpp:
3377         (JSC::ValueRecovery::dumpInContext):
3378         * bytecode/ValueRecovery.h:
3379         (JSC::ValueRecovery::gpr):
3380         * bytecompiler/NodesCodegen.cpp:
3381         (JSC::BinaryOpNode::emitBytecode):
3382         (JSC::emitReadModifyAssignment):
3383         * dfg/DFGByteCodeParser.cpp:
3384         (JSC::DFG::ByteCodeParser::toInt32):
3385         (JSC::DFG::ByteCodeParser::parseBlock):
3386         * dfg/DFGClobberize.h:
3387         (JSC::DFG::clobberize):
3388         * dfg/DFGNodeType.h:
3389         * dfg/DFGOSRExitCompiler32_64.cpp:
3390         (JSC::DFG::OSRExitCompiler::compileExit):
3391         * dfg/DFGOSRExitCompiler64.cpp:
3392         (JSC::DFG::OSRExitCompiler::compileExit):
3393         * dfg/DFGSpeculativeJIT.cpp:
3394         (JSC::DFG::SpeculativeJIT::compileMovHint):
3395         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
3396         * dfg/DFGSpeculativeJIT.h:
3397         * dfg/DFGSpeculativeJIT32_64.cpp:
3398         * dfg/DFGSpeculativeJIT64.cpp:
3399         * dfg/DFGStrengthReductionPhase.cpp:
3400         (JSC::DFG::StrengthReductionPhase::handleNode):
3401         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild):
3402         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild1):
3403         (JSC::DFG::StrengthReductionPhase::convertToIdentityOverChild2):
3404         * ftl/FTLFormattedValue.h:
3405         (JSC::FTL::int32Value):
3406         * ftl/FTLLowerDFGToLLVM.cpp:
3407         (JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
3408         * ftl/FTLValueFormat.cpp:
3409         (JSC::FTL::reboxAccordingToFormat):
3410         (WTF::printInternal):
3411         * ftl/FTLValueFormat.h:
3412         * jit/JIT.cpp:
3413         (JSC::JIT::privateCompileMainPass):
3414         (JSC::JIT::privateCompileSlowCases):
3415         * jit/JIT.h:
3416         * jit/JITArithmetic.cpp:
3417         (JSC::JIT::emit_op_urshift):
3418         (JSC::JIT::emitSlow_op_urshift):
3419         (JSC::JIT::emit_op_unsigned):
3420         (JSC::JIT::emitSlow_op_unsigned):
3421         * jit/JITArithmetic32_64.cpp:
3422         (JSC::JIT::emitRightShift):
3423         (JSC::JIT::emitRightShiftSlowCase):
3424         (JSC::JIT::emit_op_unsigned):
3425         (JSC::JIT::emitSlow_op_unsigned):
3426         * llint/LowLevelInterpreter32_64.asm:
3427         * llint/LowLevelInterpreter64.asm:
3428         * runtime/CommonSlowPaths.cpp:
3429         (JSC::SLOW_PATH_DECL):
3430         * runtime/CommonSlowPaths.h:
3431
3432 2013-12-13  Mark Hahnenberg  <mhahnenberg@apple.com>
3433
3434         LLInt should not conditionally branch to to labels outside of its function
3435         https://bugs.webkit.org/show_bug.cgi?id=125713
3436
3437         Reviewed by Geoffrey Garen.
3438
3439         Conditional branches are insufficient for jumping to out-of-function labels.
3440         The fix is to use an unconditional jmp to the label combined with a conditional branch around the jmp.
3441
3442         * llint/LowLevelInterpreter32_64.asm:
3443         * llint/LowLevelInterpreter64.asm:
3444
3445 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3446
3447         [GTK] Remove Warnings in building about duplicate INSPECTOR variables
3448         https://bugs.webkit.org/show_bug.cgi?id=125710
3449
3450         Reviewed by Tim Horton.
3451
3452         * GNUmakefile.am:
3453
3454 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3455
3456         Cleanup CodeGeneratorInspectorStrings a bit
3457         https://bugs.webkit.org/show_bug.cgi?id=125705
3458
3459         Reviewed by Timothy Hatcher.
3460
3461         * inspector/scripts/CodeGeneratorInspectorStrings.py:
3462         Use ${foo} variable syntax and add an ASCIILiteral.
3463
3464 2013-12-13  Brent Fulgham  <bfulgham@apple.com>
3465
3466         [Win] Unreviewed build fix after r160563
3467
3468         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Missed the Debug
3469         target in my last patch.
3470
3471 2013-12-13  Brent Fulgham  <bfulgham@apple.com>
3472
3473         [Win] Unreviewed build fix after r160548
3474
3475         * JavaScriptCore.vcxproj/JavaScriptCoreGenerated.vcxproj: Specify
3476         that we are using the vs12_xp target for Makefile-based projects.
3477         * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/LLIntAssembly.vcxproj: Ditto
3478         * JavaScriptCore.vcxproj/LLInt/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: Ditto.
3479
3480 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3481
3482         Make inspector folder groups smarter in JavaScriptCore.xcodeproj
3483         https://bugs.webkit.org/show_bug.cgi?id=125663
3484
3485         Reviewed by Darin Adler.
3486
3487         * JavaScriptCore.xcodeproj/project.pbxproj:
3488
3489 2013-12-13  Joseph Pecoraro  <pecoraro@apple.com>
3490
3491         Web Inspector: Add Inspector Code Generation to JavaScriptCore for Runtime Domain
3492         https://bugs.webkit.org/show_bug.cgi?id=125595
3493
3494         Reviewed by Timothy Hatcher.
3495
3496           - Move CodeGeneration scripts from WebCore into JavaScriptCore/inspector/scripts
3497           - For ports that build WebKit frameworks separately, export the scripts as PrivateHeaders
3498           - Update CodeGeneratorInspector.py in a few ways:
3499             - output dynamic filenames, so JavaScriptCore generates InspectorJSFoo.* and WebCore generates InspectorWebFoo.*
3500             - take in more then one protocol JSON file. The first contains domains to generate, the others are dependencies
3501               that are generated elsewhere that we can depend on for Types.
3502           - Add DerivedSources build step to generate the Inspector Interfaces
3503
3504         * CMakeLists.txt:
3505         * DerivedSources.make:
3506         * GNUmakefile.am:
3507         * GNUmakefile.list.am:
3508         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3509         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3510         * JavaScriptCore.vcxproj/copy-files.cmd:
3511         * JavaScriptCore.xcodeproj/project.pbxproj:
3512         Add scripts and code generation.
3513
3514         * inspector/protocol/Runtime.json: Renamed from Source/WebCore/inspector/protocol/Runtime.json.
3515         Move protocol file into JavaScriptCore so its types will be generated in JavaScriptCore.
3516
3517         * inspector/scripts/CodeGeneratorInspector.py: Renamed from Source/WebCore/inspector/CodeGeneratorInspector.py.
3518         Updates to the script as listed above.
3519
3520         * inspector/scripts/CodeGeneratorInspectorStrings.py: Renamed from Source/WebCore/inspector/CodeGeneratorInspectorStrings.py.
3521         * inspector/scripts/generate-combined-inspector-json.py: Renamed from Source/WebCore/inspector/Scripts/generate-combined-inspector-json.py.
3522         Moved from WebCore into JavaScriptCore for code generation.
3523
3524 2013-12-13  Peter Szanka  <h868064@stud.u-szeged.hu>
3525
3526         Delete INTEL C compiler related code parts.
3527         https://bugs.webkit.org/show_bug.cgi?id=125625
3528
3529         Reviewed by Darin Adler.
3530
3531         * jsc.cpp:
3532         * testRegExp.cpp:
3533
3534 2013-12-13  Brent Fulgham  <bfulgham@apple.com>
3535
3536         [Win] Switch WebKit solution to Visual Studio 2013
3537         https://bugs.webkit.org/show_bug.cgi?id=125192
3538
3539         Reviewed by Anders Carlsson.
3540
3541         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
3542         * JavaScriptCore.vcxproj/LLInt/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj:
3543         Ditto
3544         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Ditto
3545         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
3546         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
3547
3548 2013-12-12  Joseph Pecoraro  <pecoraro@apple.com>
3549
3550         Add a few more ASCIILiterals
3551         https://bugs.webkit.org/show_bug.cgi?id=125662
3552
3553         Reviewed by Darin Adler.
3554
3555         * inspector/InspectorBackendDispatcher.cpp:
3556         (Inspector::InspectorBackendDispatcher::dispatch):
3557
3558 2013-12-12  Joseph Pecoraro  <pecoraro@apple.com>
3559
3560         Test new JSContext name APIs
3561         https://bugs.webkit.org/show_bug.cgi?id=125607
3562
3563         Reviewed by Darin Adler.
3564
3565         * API/JSContext.h:
3566         * API/JSContextRef.h:
3567         Fix whitespace issues.
3568
3569         * API/tests/testapi.c:
3570         (globalContextNameTest):
3571         (main):
3572         * API/tests/testapi.mm:
3573         Add tests for JSContext set/get name APIs.
3574
3575 2013-12-11  Filip Pizlo  <fpizlo@apple.com>
3576
3577         ARM64: Hang running pdfjs test, suspect DFG generated code for "in"
3578         https://bugs.webkit.org/show_bug.cgi?id=124727
3579         <rdar://problem/15566923>
3580
3581         Reviewed by Michael Saboff.
3582         
3583         Get rid of In's hackish use of StructureStubInfo. Previously it was using hotPathBegin,
3584         and it was the only IC that used that field, which was wasteful. Moreover, it used it
3585         to store two separate locations: the label for patching the jump and the label right
3586         after the jump. The code was relying on those two being the same label, which is true
3587         on X86 and some other platforms, but it isn't true on ARM64.
3588         
3589         This gets rid of hotPathBegin and makes In express those two locations as offsets from
3590         the callReturnLocation, which is analogous to what the other IC's do.
3591         
3592         This fixes a bug where any successful In patching would result in a trivially infinite
3593         loop - and hence a hang - on ARM64.
3594
3595         * bytecode/StructureStubInfo.h:
3596         * dfg/DFGJITCompiler.cpp:
3597         (JSC::DFG::JITCompiler::link):
3598         * dfg/DFGJITCompiler.h:
3599         (JSC::DFG::InRecord::InRecord):
3600         * dfg/DFGSpeculativeJIT.cpp:
3601         (JSC::DFG::SpeculativeJIT::compileIn):
3602         * jit/JITInlineCacheGenerator.cpp:
3603         (JSC::JITByIdGenerator::finalize):
3604         * jit/Repatch.cpp:
3605         (JSC::replaceWithJump):
3606         (JSC::patchJumpToGetByIdStub):
3607         (JSC::tryCachePutByID):
3608         (JSC::tryBuildPutByIdList):
3609         (JSC::tryRepatchIn):
3610         (JSC::resetGetByID):
3611         (JSC::resetPutByID):
3612         (JSC::resetIn):
3613
3614 2013-12-11  Joseph Pecoraro  <pecoraro@apple.com>
3615
3616         Web Inspector: Push More Inspector Required Classes Down into JavaScriptCore
3617         https://bugs.webkit.org/show_bug.cgi?id=125324
3618
3619         Reviewed by Timothy Hatcher.
3620
3621         * CMakeLists.txt:
3622         * GNUmakefile.am:
3623         * GNUmakefile.list.am:
3624         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3625         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3626         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
3627         * JavaScriptCore.vcxproj/copy-files.cmd:
3628         * JavaScriptCore.xcodeproj/project.pbxproj:
3629         * bindings/ScriptFunctionCall.cpp: Renamed from Source/WebCore/bindings/js/ScriptFunctionCall.cpp.
3630         * bindings/ScriptFunctionCall.h: Renamed from Source/WebCore/bindings/js/ScriptFunctionCall.h.
3631         * bindings/ScriptObject.cpp: Copied from Source/WebCore/inspector/WorkerConsoleAgent.cpp.
3632         * bindings/ScriptObject.h: Renamed from Source/WebCore/inspector/InspectorBaseAgent.h.
3633         * bindings/ScriptValue.cpp: Renamed from Source/WebCore/bindings/js/ScriptValue.cpp.
3634         * bindings/ScriptValue.h: Renamed from Source/WebCore/bindings/js/ScriptValue.h.
3635         * inspector/InspectorAgentBase.h: Copied from Source/WebCore/inspector/InspectorAgentRegistry.h.
3636         * inspector/InspectorAgentRegistry.cpp: Renamed from Source/WebCore/inspector/InspectorAgentRegistry.cpp.
3637         * inspector/InspectorBackendDispatcher.h: Renamed from Source/WebCore/inspector/InspectorBackendDispatcher.h.
3638         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
3639         (Inspector::InspectorSupplementalBackendDispatcher::~InspectorSupplementalBackendDispatcher):
3640         * inspector/InspectorValues.cpp: Renamed from Source/WebCore/inspector/InspectorValues.cpp.
3641         * inspector/InspectorValues.h: Renamed from Source/WebCore/inspector/InspectorValues.h.
3642
3643 2013-12-11  Laszlo Vidacs  <lac@inf.u-szeged.hu>
3644
3645         Store SHA1 hash in std::array
3646         https://bugs.webkit.org/show_bug.cgi?id=125446
3647
3648         Reviewed by Darin Adler.
3649
3650         Change Vector to std::array and use typedef.
3651
3652         * bytecode/CodeBlockHash.cpp:
3653         (JSC::CodeBlockHash::CodeBlockHash):
3654
3655 2013-12-11  Mark Rowe  <mrowe@apple.com>
3656
3657         <https://webkit.org/b/125141> Modernize the JavaScriptCore API headers
3658         <rdar://problem/15540121>
3659
3660         This consists of three main changes:
3661         1) Converting the return type of initializer methods to instancetype.
3662         2) Declaring properties rather than getters and setters.
3663         3) Tagging C API methods with information about their memory management semantics.
3664
3665         Changing the declarations from getters and setters to properties also required
3666         updating the headerdoc in a number of places.
3667
3668         Reviewed by Anders Carlsson.
3669
3670         * API/JSContext.h:
3671         * API/JSContext.mm:
3672         * API/JSManagedValue.h:
3673         * API/JSManagedValue.mm:
3674         * API/JSStringRefCF.h:
3675         * API/JSValue.h:
3676         * API/JSVirtualMachine.h:
3677         * API/JSVirtualMachine.mm:
3678
3679 2013-12-11  Mark Rowe  <mrowe@apple.com>
3680
3681         <https://webkit.org/b/125559> Move JavaScriptCore off the legacy WebKit availability macros
3682
3683         The legacy WebKit availability macros are verbose, confusing, and provide no benefit over
3684         using the system availability macros directly. The original vision was that they'd serve
3685         a cross-platform purpose but that never came to be.
3686
3687         Map from WebKit version to OS X version based on the mapping in WebKitAvailability.h.
3688         All iOS versions are specified as 7.0 as that is when the JavaScriptCore C API was made
3689         public.
3690
3691         Part of <rdar://problem/15512304>.
3692
3693         Reviewed by Anders Carlsson.
3694
3695         * API/JSBasePrivate.h:
3696         * API/JSContextRef.h:
3697         * API/JSContextRefPrivate.h:
3698         * API/JSObjectRef.h:
3699         * API/JSValueRef.h:
3700
3701 2013-12-10  Filip Pizlo  <fpizlo@apple.com>
3702
3703         Get rid of forward exit on DoubleAsInt32
3704         https://bugs.webkit.org/show_bug.cgi?id=125552
3705
3706         Reviewed by Oliver Hunt.
3707         
3708         The forward exit was just there so that we wouldn't have to keep the inputs alive up to
3709         the DoubleAsInt32. That's dumb. Forward exits are a complicated piece of machinery and
3710         we shouldn't have it just for a bit of liveness micro-optimization.
3711         
3712         Also add a bunch of machinery to test this case on X86.
3713
3714         * assembler/AbstractMacroAssembler.h:
3715         (JSC::optimizeForARMv7s):
3716         (JSC::optimizeForARM64):
3717         (JSC::optimizeForX86):
3718         * dfg/DFGFixupPhase.cpp:
3719         (JSC::DFG::FixupPhase::fixupNode):
3720         * dfg/DFGNodeType.h:
3721         * dfg/DFGSpeculativeJIT.cpp:
3722         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
3723         * runtime/Options.h:
3724         * tests/stress/double-as-int32.js: Added.
3725         (foo):
3726         (test):
3727
3728 2013-12-10  Filip Pizlo  <fpizlo@apple.com>
3729
3730         Simplify CSE's treatment of NodeRelevantToOSR
3731         https://bugs.webkit.org/show_bug.cgi?id=125538
3732
3733         Reviewed by Oliver Hunt.
3734         
3735         Make the NodeRelevantToOSR thing obvious: if there is any MovHint on a node then the
3736         node is relevant to OSR.
3737
3738         * dfg/DFGCSEPhase.cpp:
3739         (JSC::DFG::CSEPhase::run):
3740         (JSC::DFG::CSEPhase::performNodeCSE):
3741         (JSC::DFG::CSEPhase::performBlockCSE):
3742
3743 2013-12-10  Filip Pizlo  <fpizlo@apple.com>
3744
3745         Get rid of forward exit in GetByVal on Uint32Array
3746         https://bugs.webkit.org/show_bug.cgi?id=125543
3747
3748         Reviewed by Oliver Hunt.
3749
3750         * dfg/DFGSpeculativeJIT.cpp:
3751         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
3752         * ftl/FTLLowerDFGToLLVM.cpp:
3753         (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
3754
3755 2013-12-10  Balazs Kilvady  <kilvadyb@homejinni.com>
3756
3757         [MIPS] Redundant instructions in code generated from offlineasm.
3758         https://bugs.webkit.org/show_bug.cgi?id=125528
3759
3760         Reviewed by Michael Saboff.
3761
3762         Optimize lowering of offlineasm BaseIndex Addresses.
3763
3764         * offlineasm/mips.rb:
3765
3766 2013-12-10  Oliver Hunt  <oliver@apple.com>
3767
3768         Reduce the mass templatizing of the JS parser
3769         https://bugs.webkit.org/show_bug.cgi?id=125535
3770
3771         Reviewed by Michael Saboff.
3772
3773         The various caches we have now have removed the need for many of
3774         the template vs. regular parameters.  This patch converts those
3775         template parameters to regular parameters and updates the call
3776         sites.  This reduces the code size of the parser by around 15%.
3777
3778         * parser/ASTBuilder.h:
3779         (JSC::ASTBuilder::createGetterOrSetterProperty):
3780         (JSC::ASTBuilder::createProperty):
3781         * parser/Parser.cpp:
3782         (JSC::::parseInner):
3783         (JSC::::parseSourceElements):
3784         (JSC::::parseVarDeclarationList):
3785         (JSC::::createBindingPattern):
3786         (JSC::::tryParseDeconstructionPatternExpression):
3787         (JSC::::parseDeconstructionPattern):
3788         (JSC::::parseSwitchClauses):
3789         (JSC::::parseSwitchDefaultClause):
3790         (JSC::::parseBlockStatement):
3791         (JSC::::parseFormalParameters):
3792         (JSC::::parseFunctionInfo):
3793         (JSC::::parseFunctionDeclaration):
3794         (JSC::::parseProperty):
3795         (JSC::::parseObjectLiteral):
3796         (JSC::::parseStrictObjectLiteral):
3797         (JSC::::parseMemberExpression):
3798         * parser/Parser.h:
3799         * parser/SyntaxChecker.h:
3800         (JSC::SyntaxChecker::createProperty):
3801         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3802
3803 2013-12-10  Mark Hahnenberg  <mhahnenberg@apple.com>
3804
3805         ASSERT !heap.vm()->isInitializingObject() when finishing DFG compilation at beginning of GC
3806         https://bugs.webkit.org/show_bug.cgi?id=125472
3807
3808         Reviewed by Geoff Garen.
3809
3810         This patch makes it look like it's okay to allocate so that the DFG plan finalization stuff 
3811         can do what it needs to do. We already expected that we might do allocation during plan 
3812         finalization and we increased the deferral depth to handle this, but we need to fix this other 
3813         ASSERT stuff too.
3814
3815         * GNUmakefile.list.am:
3816         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3817         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3818         * JavaScriptCore.xcodeproj/project.pbxproj:
3819         * heap/Heap.cpp:
3820         (JSC::Heap::collect):
3821         * heap/Heap.h:
3822         * heap/RecursiveAllocationScope.h: Added.
3823         (JSC::RecursiveAllocationScope::RecursiveAllocationScope):
3824         (JSC::RecursiveAllocationScope::~RecursiveAllocationScope):
3825         * runtime/VM.h:
3826
3827 2013-12-09  Filip Pizlo  <fpizlo@apple.com>
3828
3829         Impose and enforce some basic rules of sanity for where Phi functions are allowed to occur and where their (optional) corresponding MovHints can be
3830         https://bugs.webkit.org/show_bug.cgi?id=125480
3831
3832         Reviewed by Geoffrey Garen.
3833         
3834         Previously, if you wanted to insert some speculation right after where a value was
3835         produced, you'd get super confused if that value was produced by a Phi node.  You can't
3836         necessarily insert speculations after a Phi node because Phi nodes appear in this
3837         special sequence of Phis and MovHints that establish the OSR exit state for a block.
3838         So, you'd probably want to search for the next place where it's safe to insert things.
3839         We already do this "search for beginning of next bytecode instruction" search by
3840         looking at the next node that has a different CodeOrigin.  But this would be hard for a
3841         Phi because those Phis and MovHints have basically random CodeOrigins and they can all
3842         have different CodeOrigins.
3843
3844         This change imposes some sanity for this situation:
3845
3846         - Phis must have unset CodeOrigins.
3847
3848         - In each basic block, all nodes that have unset CodeOrigins must come before all nodes
3849           that have set CodeOrigins.
3850
3851         This all ends up working out just great because prior to this change we didn't have a 
3852         use for unset CodeOrigins.  I think it's appropriate to make "unset CodeOrigin" mean
3853         that we're in the prologue of a basic block.
3854
3855         It's interesting what this means for block merging, which we don't yet do in SSA.
3856         Consider merging the edge A->B.  One possibility is that the block merger is now
3857         required to clean up Phi/Upsilons, and reascribe the MovHints to have the CodeOrigin of
3858         the A's block terminal.  But an answer that might be better is that the originless
3859         nodes at the top of the B are just given the origin of the terminal and we keep the
3860         Phis.  That would require changing the above rules.  We'll see how it goes, and what we
3861         end up picking...
3862
3863         Overall, this special-things-at-the-top rule is analogous to what other SSA-based
3864         compilers do.  For example, LLVM has rules mandating that Phis appear at the top of a
3865         block.
3866
3867         * bytecode/CodeOrigin.cpp:
3868         (JSC::CodeOrigin::dump):
3869         * dfg/DFGOSRExitBase.h:
3870         (JSC::DFG::OSRExitBase::OSRExitBase):
3871         * dfg/DFGSSAConversionPhase.cpp:
3872         (JSC::DFG::SSAConversionPhase::run):
3873         * dfg/DFGValidate.cpp:
3874         (JSC::DFG::Validate::validate):
3875         (JSC::DFG::Validate::validateSSA):
3876
3877 2013-12-08  Filip Pizlo  <fpizlo@apple.com>
3878
3879         Reveal array bounds checks in DFG IR
3880         https://bugs.webkit.org/show_bug.cgi?id=125253
3881
3882         Reviewed by Oliver Hunt and Mark Hahnenberg.
3883         
3884         In SSA mode, this reveals array bounds checks and the load of array length in DFG IR,
3885         making this a candidate for LICM.
3886
3887         This also fixes a long-standing performance bug where the JSObject slow paths would
3888         always create contiguous storage, rather than type-specialized storage, when doing a
3889         "storage creating" storage, like:
3890         
3891             var o = {};
3892             o[0] = 42;
3893
3894         * CMakeLists.txt:
3895         * GNUmakefile.list.am:
3896         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3897         * JavaScriptCore.xcodeproj/project.pbxproj:
3898         * bytecode/ExitKind.cpp:
3899         (JSC::exitKindToString):
3900         (JSC::exitKindIsCountable):
3901         * bytecode/ExitKind.h:
3902         * dfg/DFGAbstractInterpreterInlines.h:
3903         (JSC::DFG::::executeEffects):
3904         * dfg/DFGArrayMode.cpp:
3905         (JSC::DFG::permitsBoundsCheckLowering):
3906         (JSC::DFG::ArrayMode::permitsBoundsCheckLowering):
3907         * dfg/DFGArrayMode.h:
3908         (JSC::DFG::ArrayMode::lengthNeedsStorage):
3909         * dfg/DFGClobberize.h:
3910         (JSC::DFG::clobberize):
3911         * dfg/DFGConstantFoldingPhase.cpp:
3912         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3913         * dfg/DFGFixupPhase.cpp:
3914         (JSC::DFG::FixupPhase::fixupNode):
3915         * dfg/DFGNodeType.h:
3916         * dfg/DFGPlan.cpp:
3917         (JSC::DFG::Plan::compileInThreadImpl):
3918         * dfg/DFGPredictionPropagationPhase.cpp:
3919         (JSC::DFG::PredictionPropagationPhase::propagate):
3920         * dfg/DFGSSALoweringPhase.cpp: Added.
3921         (JSC::DFG::SSALoweringPhase::SSALoweringPhase):
3922         (JSC::DFG::SSALoweringPhase::run):
3923         (JSC::DFG::SSALoweringPhase::handleNode):
3924         (JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
3925         (JSC::DFG::performSSALowering):
3926         * dfg/DFGSSALoweringPhase.h: Added.
3927         * dfg/DFGSafeToExecute.h:
3928         (JSC::DFG::safeToExecute):
3929         * dfg/DFGSpeculativeJIT.cpp:
3930         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
3931         * dfg/DFGSpeculativeJIT32_64.cpp:
3932         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
3933         (JSC::DFG::SpeculativeJIT::compile):
3934         * dfg/DFGSpeculativeJIT64.cpp:
3935         (JSC::DFG::SpeculativeJIT::compile):
3936         * ftl/FTLCapabilities.cpp:
3937         (JSC::FTL::canCompile):
3938         * ftl/FTLLowerDFGToLLVM.cpp:
3939         (JSC::FTL::LowerDFGToLLVM::compileNode):
3940         (JSC::FTL::LowerDFGToLLVM::compileCheckInBounds):
3941         (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
3942         (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
3943         (JSC::FTL::LowerDFGToLLVM::contiguousPutByValOutOfBounds):
3944         * runtime/JSObject.cpp:
3945         (JSC::JSObject::convertUndecidedForValue):
3946         (JSC::JSObject::createInitialForValueAndSet):
3947         (JSC::JSObject::putByIndexBeyondVectorLength):
3948         (JSC::JSObject::putDirectIndexBeyondVectorLength):
3949         * runtime/JSObject.h:
3950         * tests/stress/float32array-out-of-bounds.js: Added.
3951         (make):
3952         (foo):
3953         (test):
3954         * tests/stress/int32-object-out-of-bounds.js: Added.
3955         (make):
3956         (foo):
3957         (test):
3958         * tests/stress/int32-out-of-bounds.js: Added.
3959         (foo):
3960         (test):
3961
3962 2013-12-09  Sam Weinig  <sam@webkit.org>
3963
3964         Replace use of WTF::FixedArray with std::array
3965         https://bugs.webkit.org/show_bug.cgi?id=125475
3966
3967         Reviewed by Anders Carlsson.
3968
3969         * bytecode/CodeBlockHash.cpp:
3970         (JSC::CodeBlockHash::dump):
3971         * bytecode/Opcode.cpp:
3972         (JSC::OpcodeStats::~OpcodeStats):
3973         * dfg/DFGCSEPhase.cpp:
3974         * ftl/FTLAbstractHeap.h:
3975         * heap/MarkedSpace.h:
3976         * parser/ParserArena.h:
3977         * runtime/CodeCache.h:
3978         * runtime/DateInstanceCache.h:
3979         * runtime/JSGlobalObject.cpp:
3980         (JSC::JSGlobalObject::reset):
3981         * runtime/JSGlobalObject.h:
3982         * runtime/JSString.h: