Web Inspector: add protocol test for existing error handling performed by the backend
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-24  Brian Burg  <bburg@apple.com>
2
3         Web Inspector: add protocol test for existing error handling performed by the backend
4         https://bugs.webkit.org/show_bug.cgi?id=147097
5
6         Reviewed by Joseph Pecoraro.
7
8         A new test revealed that the protocol "method" parameter was being parsed in a naive way.
9         Rewrite it to use String::split and improve error checking to avoid failing later.
10
11         * inspector/InspectorBackendDispatcher.cpp:
12         (Inspector::BackendDispatcher::dispatch):
13
14 2015-08-24  Yusuke Suzuki  <utatane.tea@gmail.com>
15
16         [ES6] Return JSInternalPromise as result of evaluateModule
17         https://bugs.webkit.org/show_bug.cgi?id=148173
18
19         Reviewed by Saam Barati.
20
21         Now evaluateModule returns JSInternalPromise* as its result value.
22         When an error occurs while loading or executing the modules,
23         this promise is rejected by that error. By leveraging this, we implemented
24         asynchronous error reporting when executing the modules in JSC shell.
25
26         And this patch also changes the evaluateModule signature to accept the entry
27         point by the moduleName. By using it, JSC shell can start executing the modules
28         with the entry point module name.
29
30         * builtins/ModuleLoaderObject.js:
31         (loadModule):
32         * jsc.cpp:
33         (dumpException):
34         (runWithScripts):
35         * runtime/Completion.cpp:
36         (JSC::evaluateModule):
37         * runtime/Completion.h:
38         * runtime/JSInternalPromise.cpp:
39         (JSC::JSInternalPromise::then):
40         * runtime/JSInternalPromise.h:
41         * runtime/ModuleLoaderObject.cpp:
42         (JSC::ModuleLoaderObject::requestInstantiateAll):
43         (JSC::ModuleLoaderObject::loadModule):
44         (JSC::ModuleLoaderObject::resolve):
45         (JSC::ModuleLoaderObject::fetch):
46         (JSC::ModuleLoaderObject::translate):
47         (JSC::ModuleLoaderObject::instantiate):
48         (JSC::moduleLoaderObjectParseModule):
49         * runtime/ModuleLoaderObject.h:
50
51 2015-08-24  Basile Clement  <basile_clement@apple.com>
52
53         REPTACH is not a word
54         https://bugs.webkit.org/show_bug.cgi?id=148401
55
56         Reviewed by Saam Barati.
57
58         * assembler/MacroAssemblerX86_64.h:
59         (JSC::MacroAssemblerX86_64::callWithSlowPathReturnType):
60         (JSC::MacroAssemblerX86_64::call):
61         (JSC::MacroAssemblerX86_64::tailRecursiveCall):
62         (JSC::MacroAssemblerX86_64::makeTailRecursiveCall):
63         (JSC::MacroAssemblerX86_64::readCallTarget):
64         (JSC::MacroAssemblerX86_64::linkCall):
65         (JSC::MacroAssemblerX86_64::repatchCall):
66
67 2015-08-24  Mark Lam  <mark.lam@apple.com>
68
69         Add support for setting JSC options from a file.
70         https://bugs.webkit.org/show_bug.cgi?id=148394
71
72         Reviewed by Saam Barati.
73
74         This is needed for environments where the JSC executable does not have access to
75         environmental variables.  This is only needed for debugging, and is currently
76         guarded under a #define USE_OPTIONS_FILE in Options.cpp, and is disabled by
77         default.
78
79         Also fixed Options::setOptions() to be allow for whitespace that is not a single
80         ' '.  This makes setOptions() much more flexible and friendlier to use for loading
81         options in general.
82
83         For example, this current use case of loading options from a file may have '\n's
84         in the character stream, and this feature is easier to implement if setOptions()
85         just support more than 1 whitespace char between options, and recognize whitespace
86         characters other than ' '.
87
88         * runtime/Options.cpp:
89         (JSC::parse):
90         (JSC::Options::initialize):
91         (JSC::Options::setOptions):
92
93 2015-08-24  Filip Pizlo  <fpizlo@apple.com>
94
95         DFG::FixupPhase should use the lambda form of m_graph.doToChildren() rather than the old macro
96         https://bugs.webkit.org/show_bug.cgi?id=148397
97
98         Reviewed by Geoffrey Garen.
99
100         We used to iterate the edges of a node by using the DFG_NODE_DO_TO_CHILDREN macro. We
101         don't need to do that anymore since we have the lambda-based m_graph.doToChildren(). This
102         allows us to get rid of a bunch of helper methods in DFG::FixupPhase.
103
104         I also took the opportunity to give the injectTypeConversionsInBlock() method a more
105         generic name, since after https://bugs.webkit.org/show_bug.cgi?id=145204 it will be used
106         for fix-up of checks more broadly.
107
108         * dfg/DFGFixupPhase.cpp:
109         (JSC::DFG::FixupPhase::run):
110         (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
111         (JSC::DFG::FixupPhase::fixupChecksInBlock):
112         (JSC::DFG::FixupPhase::injectTypeConversionsInBlock): Deleted.
113         (JSC::DFG::FixupPhase::tryToRelaxRepresentation): Deleted.
114         (JSC::DFG::FixupPhase::fixEdgeRepresentation): Deleted.
115         (JSC::DFG::FixupPhase::injectTypeConversionsForEdge): Deleted.
116
117 2015-08-24  Geoffrey Garen  <ggaren@apple.com>
118
119         Some renaming to clarify CodeBlock and UnlinkedCodeBlock
120         https://bugs.webkit.org/show_bug.cgi?id=148391
121
122         Reviewed by Saam Barati.
123
124         * bytecode/UnlinkedFunctionExecutable.cpp:
125         (JSC::generateUnlinkedFunctionCodeBlock):
126         (JSC::UnlinkedFunctionExecutable::visitChildren):
127         (JSC::UnlinkedFunctionExecutable::fromGlobalCode):
128         (JSC::UnlinkedFunctionExecutable::unlinkedCodeBlockFor):
129         (JSC::generateFunctionCodeBlock): Deleted.
130         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
131         * bytecode/UnlinkedFunctionExecutable.h: Call our CodeBlocks "unlinked"
132         in the name for clarity, since we are unlinked. 
133
134         * heap/Heap.cpp:
135         (JSC::Heap::objectTypeCounts):
136         (JSC::Heap::deleteAllCodeBlocks):
137         (JSC::Heap::deleteAllUnlinkedCodeBlocks):
138         (JSC::Heap::clearUnmarkedExecutables):
139         (JSC::Heap::deleteOldCode):
140         (JSC::Heap::FinalizerOwner::finalize):
141         (JSC::Heap::addExecutable):
142         (JSC::Heap::collectAllGarbageIfNotDoneRecently):
143         (JSC::Heap::deleteAllCompiledCode): Deleted.
144         (JSC::Heap::deleteAllUnlinkedFunctionCode): Deleted.
145         (JSC::Heap::addCompiledCode): Deleted.
146         * heap/Heap.h:
147         (JSC::Heap::notifyIsSafeToCollect):
148         (JSC::Heap::isSafeToCollect):
149         (JSC::Heap::sizeBeforeLastFullCollection):
150         (JSC::Heap::sizeAfterLastFullCollection):
151         (JSC::Heap::compiledCode): Deleted.
152
153             deleteAllCompiledCode => deleteAllCodeBlocks because "compiled"
154             is a broad phrase these days.
155
156             m_compiledCode => m_executables for the same reason.
157
158             addCompiledCode => addExecutable for the same reason.
159
160             deleteAllUnlinkedFunctionCode => deleteAllUnlinkedCodeBlocks
161             for consistency.
162
163         * jsc.cpp:
164         (functionDeleteAllCompiledCode):
165
166         * runtime/Executable.cpp:
167         (JSC::ScriptExecutable::newCodeBlockFor): codeBlockFor => unlinkedCodeBlockFor
168
169         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation): Deleted.
170         It was strange to put this function on executable, since its name implied
171         that it only changed the executable, but it actually changed all cached
172         code. Now, a client that wants to change cached code must do so explicitly.
173
174         * runtime/Executable.h:
175         (JSC::ScriptExecutable::finishCreation):
176         * runtime/VM.cpp:
177         (JSC::VM::deleteAllCode):
178         * runtime/VMEntryScope.cpp:
179         (JSC::VMEntryScope::VMEntryScope): Updated for renames above.
180
181 2015-08-22  Filip Pizlo  <fpizlo@apple.com>
182
183         DFG::InsertionSet should be tolerant of occasional out-of-order insertions
184         https://bugs.webkit.org/show_bug.cgi?id=148367
185
186         Reviewed by Geoffrey Garen and Saam Barati.
187
188         Since forever, the DFG::InsertionSet has been the way we insert nodes into DFG IR, and it
189         requires that you walk a block in order and perform insertions in order: you can't insert
190         something at index J, then at index I where I < J, except if you do a second pass.
191
192         This restriction makes sense, because it enables a very fast algorithm. And it's very
193         rare that a phase would need to insert things out of order.
194
195         But sometimes - rarely - we need to insert things slightly out-of-order. For example we
196         may want to insert a node at index J, but to insert a check associated with that node, we
197         may need to use index I where I < J. This will come up from the work on
198         https://bugs.webkit.org/show_bug.cgi?id=145204. And it has already come up in the past.
199         It seems like it would be best to just lift this restriction.
200
201         * CMakeLists.txt:
202         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
203         * JavaScriptCore.xcodeproj/project.pbxproj:
204         * dfg/DFGInsertionSet.cpp: Added.
205         (JSC::DFG::InsertionSet::insertSlow):
206         * dfg/DFGInsertionSet.h:
207         (JSC::DFG::InsertionSet::InsertionSet):
208         (JSC::DFG::InsertionSet::graph):
209         (JSC::DFG::InsertionSet::insert):
210         (JSC::DFG::InsertionSet::execute):
211
212 2015-08-24  Yusuke Suzuki  <utatane.tea@gmail.com>
213
214         Create ById IC for ByVal operation only when the specific Id comes more than once
215         https://bugs.webkit.org/show_bug.cgi?id=148288
216
217         Reviewed by Geoffrey Garen.
218
219         After introducing byId ICs into byVal ops, byVal ops creates much ICs than before.
220         The failure fixed in r188767 figures out these ICs are created even if this op is executed only once.
221
222         The situation is the following;
223         In the current code, when byVal op is executed with the Id, we immediately set up the byId IC for that byVal op.
224         But setting up JITGetByIdGenerator generates the fast path IC code and consumes executable memory.
225         As a result, if we call eval("contains byVal ops") with the different strings repeatedly under no-llint environment, each eval call creates byId IC for byVal and consumes executable memory.
226
227         To solve it, we will add "seen" flag to ByValInfo.
228         And we will create the IC on the second byVal op call with the same Id.
229
230         * bytecode/ByValInfo.h:
231         (JSC::ByValInfo::ByValInfo):
232         * jit/JITOperations.cpp:
233         (JSC::tryGetByValOptimize):
234         * jit/JITPropertyAccess.cpp:
235         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
236         (JSC::JIT::privateCompilePutByValWithCachedId): Deleted.
237
238 2015-08-23  Benjamin Poulain  <bpoulain@apple.com>
239
240         [JSC] Get rid of NodePointerTraits
241         https://bugs.webkit.org/show_bug.cgi?id=148340
242
243         Reviewed by Anders Carlsson.
244
245         NodePointerTraits does exactly the same thing has the default trait.
246
247         * dfg/DFGBasicBlock.h:
248         * dfg/DFGCommon.h:
249         (JSC::DFG::NodePointerTraits::defaultValue): Deleted.
250         (JSC::DFG::NodePointerTraits::isEmptyForDump): Deleted.
251
252 2015-08-23  Benjamin Poulain  <bpoulain@apple.com>
253
254         [JSC] Reduce the memory usage of BytecodeLivenessAnalysis
255         https://bugs.webkit.org/show_bug.cgi?id=148353
256
257         Reviewed by Darin Adler.
258
259         BytecodeLivenessAnalysis easily takes kilobytes of memory for
260         non trivial blocks and that memory sticks around because
261         it stored on CodeBlock.
262
263         This patch reduces that memory use a bit.
264
265         Most of the memory is in the array of BytecodeBasicBlock.
266         BytecodeBasicBlock is shrunk by:
267         -Making it not ref-counted.
268         -Removing m_predecessors, it was only used for debugging and
269          is usually big.
270         -Added a shrinkToFit() phase to shrink the vectors once we are
271          done building the BytecodeBasicBlock.
272
273         There are more things we should do in the future:
274         -Store all the BytecodeBasicBlock direclty in the array.
275          We know the size ahead of time, this would be a pure win.
276          The only tricky part is changing m_successors to have the
277          index of the successor instead of a pointer.
278         -Stop putting duplicates in m_successors.
279
280         * bytecode/BytecodeBasicBlock.cpp:
281         (JSC::computeBytecodeBasicBlocks):
282         (JSC::BytecodeBasicBlock::shrinkToFit): Deleted.
283         (JSC::linkBlocks): Deleted.
284         * bytecode/BytecodeBasicBlock.h:
285         (JSC::BytecodeBasicBlock::addSuccessor):
286         (JSC::BytecodeBasicBlock::addPredecessor): Deleted.
287         (JSC::BytecodeBasicBlock::predecessors): Deleted.
288         * bytecode/BytecodeLivenessAnalysis.cpp:
289         (JSC::getLeaderOffsetForBasicBlock):
290         (JSC::findBasicBlockWithLeaderOffset):
291         (JSC::findBasicBlockForBytecodeOffset):
292         (JSC::stepOverInstruction):
293         (JSC::computeLocalLivenessForBytecodeOffset):
294         (JSC::computeLocalLivenessForBlock):
295         (JSC::BytecodeLivenessAnalysis::dumpResults): Deleted.
296         * bytecode/BytecodeLivenessAnalysis.h:
297
298 2015-08-23  Geoffrey Garen  <ggaren@apple.com>
299
300         Unreviewed, rolling back in r188792.
301         https://bugs.webkit.org/show_bug.cgi?id=148347
302
303         Previously reverted changesets:
304
305         "Unify code paths for manually deleting all code"
306         https://bugs.webkit.org/show_bug.cgi?id=148280
307         http://trac.webkit.org/changeset/188792
308
309         The previous patch caused some inspector tests to hang because it
310         introduced extra calls to sourceParsed, and sourceParsed is
311         pathologically slow in WK1 debug builds. This patch restores pre-existing
312         code to limit calls to sourceParsed, excluding code not being debugged
313         (i.e., inspector code).
314
315 2015-08-23  Geoffrey Garen  <ggaren@apple.com>
316
317         Unreviewed, rolling back in r188803.
318
319         Previously reverted changesets:
320
321         "Debugger's VM should never be null"
322         https://bugs.webkit.org/show_bug.cgi?id=148341
323         http://trac.webkit.org/changeset/188803
324
325         * debugger/Debugger.cpp:
326         (JSC::Debugger::Debugger):
327         (JSC::Debugger::attach):
328         (JSC::Debugger::detach):
329         (JSC::Debugger::isAttached):
330         (JSC::Debugger::setSteppingMode):
331         (JSC::Debugger::registerCodeBlock):
332         (JSC::Debugger::toggleBreakpoint):
333         (JSC::Debugger::recompileAllJSFunctions):
334         (JSC::Debugger::setBreakpoint):
335         (JSC::Debugger::clearBreakpoints):
336         (JSC::Debugger::clearDebuggerRequests):
337         (JSC::Debugger::setBreakpointsActivated):
338         (JSC::Debugger::breakProgram):
339         (JSC::Debugger::stepOutOfFunction):
340         (JSC::Debugger::returnEvent):
341         (JSC::Debugger::didExecuteProgram):
342         * debugger/Debugger.h:
343         * inspector/JSGlobalObjectScriptDebugServer.cpp:
344         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
345         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
346         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
347         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions): Deleted.
348         * inspector/JSGlobalObjectScriptDebugServer.h:
349         * inspector/ScriptDebugServer.cpp:
350         (Inspector::ScriptDebugServer::ScriptDebugServer):
351         * inspector/ScriptDebugServer.h:
352
353 2015-08-22  Filip Pizlo  <fpizlo@apple.com>
354
355         DFG string concatenation shouldn't be playing fast and loose with effects and OSR exit
356         https://bugs.webkit.org/show_bug.cgi?id=148338
357
358         Reviewed by Michael Saboff and Saam Barati.
359
360         Prior to this change, DFG string concatenation appeared to have various different ways of
361         creating an OSR exit right after a side effect. That's bad, because the exit will cause
362         us to reexecute the side effect. The code appears to have some hacks for avoiding this,
363         but some cases are basically unavoidable, like the OOM case of string concatenation: in
364         trunk that could cause two executions of the toString operation.
365
366         This changes the string concatenation code to either be speculative or effectful but
367         never both. It's already the case that when this code needs to be effectful, it also
368         needs to be slow (it does int->string conversions, calls JS functions, etc). So, this is
369         a small price to pay for sanity.
370
371         The biggest part of this change is the introduction of StrCat, which is like MakeRope but
372         does toString conversions on its own instead of relying on separate nodes. StrCat can
373         take either 2 or 3 children. It's the effectful but not speculative version of MakeRope.
374
375         * dfg/DFGAbstractInterpreterInlines.h:
376         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
377         * dfg/DFGBackwardsPropagationPhase.cpp:
378         (JSC::DFG::BackwardsPropagationPhase::propagate):
379         * dfg/DFGByteCodeParser.cpp:
380         (JSC::DFG::ByteCodeParser::parseBlock):
381         * dfg/DFGClobberize.h:
382         (JSC::DFG::clobberize):
383         * dfg/DFGDoesGC.cpp:
384         (JSC::DFG::doesGC):
385         * dfg/DFGFixupPhase.cpp:
386         (JSC::DFG::FixupPhase::fixupNode):
387         (JSC::DFG::FixupPhase::convertStringAddUse):
388         (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor):
389         (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
390         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
391         * dfg/DFGNodeType.h:
392         * dfg/DFGOperations.cpp:
393         * dfg/DFGOperations.h:
394         * dfg/DFGPredictionPropagationPhase.cpp:
395         (JSC::DFG::PredictionPropagationPhase::propagate):
396         * dfg/DFGSafeToExecute.h:
397         (JSC::DFG::safeToExecute):
398         * dfg/DFGSpeculativeJIT.h:
399         (JSC::DFG::SpeculativeJIT::callOperation):
400         (JSC::DFG::JSValueOperand::JSValueOperand):
401         (JSC::DFG::JSValueOperand::~JSValueOperand):
402         * dfg/DFGSpeculativeJIT32_64.cpp:
403         (JSC::DFG::SpeculativeJIT::compile):
404         * dfg/DFGSpeculativeJIT64.cpp:
405         (JSC::DFG::SpeculativeJIT::compile):
406         * dfg/DFGValidate.cpp:
407         (JSC::DFG::Validate::validate):
408         * ftl/FTLCapabilities.cpp:
409         (JSC::FTL::canCompile):
410         * ftl/FTLIntrinsicRepository.h:
411         * ftl/FTLLowerDFGToLLVM.cpp:
412         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
413         (JSC::FTL::DFG::LowerDFGToLLVM::compileValueAdd):
414         (JSC::FTL::DFG::LowerDFGToLLVM::compileStrCat):
415         (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
416         * jit/JITOperations.h:
417         * tests/stress/exception-effect-strcat.js: Added. This test previously failed.
418         * tests/stress/exception-in-strcat-string-overflow.js: Added. An earlier version of this patch made this fail.
419         * tests/stress/exception-in-strcat.js: Added.
420
421 2015-08-22  Andreas Kling  <akling@apple.com>
422
423         [JSC] Static hash tables should be 100% compile-time constant.
424         <https://webkit.org/b/148359>
425
426         Reviewed by Michael Saboff.
427
428         We were dirtying the memory pages containing static hash tables the
429         first time they were used, when a dynamically allocated index-to-key
430         table was built and cached in the HashTable struct.
431
432         It turns out that this "optimization" was completely useless, since
433         we've long since decoupled static hash tables from the JSC::VM and
434         we can get the key for an index via HashTable::values[index].m_key!
435
436         We also get rid of VM::keywords which was a little wrapper around
437         a VM-specific copy of JSC::mainTable. There was nothing VM-specific
438         about it at all, so clients now use JSC::mainTable directly.
439
440         After this change all fooHashTable structs end up in __DATA __const
441         and no runtime initialization/allocation takes place.
442
443         * create_hash_table:
444         * jsc.cpp:
445         * parser/Lexer.cpp:
446         (JSC::isLexerKeyword):
447         (JSC::Lexer<LChar>::parseIdentifier):
448         (JSC::Lexer<UChar>::parseIdentifier):
449         (JSC::Lexer<CharacterType>::parseIdentifierSlowCase):
450         (JSC::Keywords::Keywords): Deleted.
451         * parser/Lexer.h:
452         (JSC::Keywords::isKeyword): Deleted.
453         (JSC::Keywords::getKeyword): Deleted.
454         (JSC::Keywords::~Keywords): Deleted.
455         * runtime/LiteralParser.cpp:
456         (JSC::LiteralParser<CharType>::tryJSONPParse):
457         * runtime/Lookup.cpp:
458         (JSC::HashTable::createTable): Deleted.
459         (JSC::HashTable::deleteTable): Deleted.
460         * runtime/Lookup.h:
461         (JSC::HashTable::entry):
462         (JSC::HashTable::ConstIterator::key):
463         (JSC::HashTable::ConstIterator::skipInvalidKeys):
464         (JSC::HashTable::copy): Deleted.
465         (JSC::HashTable::initializeIfNeeded): Deleted.
466         (JSC::HashTable::begin): Deleted.
467         (JSC::HashTable::end): Deleted.
468         * runtime/VM.cpp:
469         (JSC::VM::VM): Deleted.
470         * runtime/VM.h:
471         * testRegExp.cpp:
472
473 2015-08-21  Commit Queue  <commit-queue@webkit.org>
474
475         Unreviewed, rolling out r188792 and r188803.
476         https://bugs.webkit.org/show_bug.cgi?id=148347
477
478         broke lots of tests, ggaren is going to investigate and reland
479         (Requested by thorton on #webkit).
480
481         Reverted changesets:
482
483         "Unify code paths for manually deleting all code"
484         https://bugs.webkit.org/show_bug.cgi?id=148280
485         http://trac.webkit.org/changeset/188792
486
487         "Debugger's VM should never be null"
488         https://bugs.webkit.org/show_bug.cgi?id=148341
489         http://trac.webkit.org/changeset/188803
490
491 2015-08-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
492
493         Parse control flow statements in WebAssembly
494         https://bugs.webkit.org/show_bug.cgi?id=148333
495
496         Reviewed by Geoffrey Garen.
497
498         Parse control flow statements in WebAssembly files generated by pack-asmjs
499         <https://github.com/WebAssembly/polyfill-prototype-1>.
500
501         * wasm/WASMConstants.h:
502         * wasm/WASMFunctionParser.cpp:
503         (JSC::WASMFunctionParser::parseStatement):
504         (JSC::WASMFunctionParser::parseIfStatement):
505         (JSC::WASMFunctionParser::parseIfElseStatement):
506         (JSC::WASMFunctionParser::parseWhileStatement):
507         (JSC::WASMFunctionParser::parseDoStatement):
508         (JSC::WASMFunctionParser::parseLabelStatement):
509         (JSC::WASMFunctionParser::parseBreakStatement):
510         (JSC::WASMFunctionParser::parseBreakLabelStatement):
511         (JSC::WASMFunctionParser::parseContinueStatement):
512         (JSC::WASMFunctionParser::parseContinueLabelStatement):
513         (JSC::WASMFunctionParser::parseSwitchStatement):
514         * wasm/WASMFunctionParser.h:
515         (JSC::WASMFunctionParser::WASMFunctionParser):
516         * wasm/WASMReader.cpp:
517         (JSC::WASMReader::readCompactInt32):
518         (JSC::WASMReader::readSwitchCase):
519         * wasm/WASMReader.h:
520
521 2015-08-21  Geoffrey Garen  <ggaren@apple.com>
522
523         Debugger's VM should never be null
524         https://bugs.webkit.org/show_bug.cgi?id=148341
525
526         Reviewed by Joseph Pecoraro.
527
528         It doesn't make sense for a Debugger's VM to be null, and code related
529         to maintaining that illusion just caused the Web Inspector to crash on
530         launch (https://bugs.webkit.org/show_bug.cgi?id=148312). So, let's stop
531         doing that.
532
533         Now, Debugger requires its subclass to provide a never-null VM&.
534
535         Also took the opportunity, based on review feedback, to remove some
536         confusion in the virtual recompileAllJSFunctions hierarchy, by eliminating
537         the pure virtual in ScriptDebugServer and the unnecessary override in
538         JSGlobalObjectScriptDebugServer.
539
540         * debugger/Debugger.cpp:
541         (JSC::Debugger::Debugger):
542         (JSC::Debugger::attach):
543         (JSC::Debugger::detach):
544         (JSC::Debugger::isAttached):
545         (JSC::Debugger::setSteppingMode):
546         (JSC::Debugger::registerCodeBlock):
547         (JSC::Debugger::toggleBreakpoint):
548         (JSC::Debugger::recompileAllJSFunctions):
549         (JSC::Debugger::setBreakpoint):
550         (JSC::Debugger::clearBreakpoints):
551         (JSC::Debugger::clearDebuggerRequests):
552         (JSC::Debugger::setBreakpointsActivated):
553         (JSC::Debugger::breakProgram):
554         (JSC::Debugger::stepOutOfFunction):
555         (JSC::Debugger::returnEvent):
556         (JSC::Debugger::didExecuteProgram):
557         * debugger/Debugger.h:
558         * inspector/JSGlobalObjectScriptDebugServer.cpp:
559         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
560         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
561         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
562         * inspector/ScriptDebugServer.cpp:
563         (Inspector::ScriptDebugServer::ScriptDebugServer):
564         * inspector/ScriptDebugServer.h:
565
566 2015-08-21  Basile Clement  <basile_clement@apple.com>
567
568         Remove unused code relative to allocation sinking
569         https://bugs.webkit.org/show_bug.cgi?id=148342
570
571         Reviewed by Mark Lam.
572
573         This removes two things:
574
575          - The DFGPromoteHeapAccess.h file which is a relic of the old sinking
576            phase and is no longer used (it has been subsumed by
577            ObjectAllocationSinking::promoteLocalHeap)
578
579          - Code in the allocation sinking phase for sinking
580            MaterializeCreateActivation and MaterializeNewObject. Handling those
581            is no longer necessary since the phase no longer runs in a fixpoint
582            and thus will never see those nodes, since no other phase creates
583            them.
584
585         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
586         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
587         * JavaScriptCore.xcodeproj/project.pbxproj:
588         * dfg/DFGObjectAllocationSinkingPhase.cpp:
589         * dfg/DFGPromoteHeapAccess.h: Removed.
590
591 2015-08-21  Geoffrey Garen  <ggaren@apple.com>
592
593         Unify code paths for manually deleting all code
594         https://bugs.webkit.org/show_bug.cgi?id=148280
595
596         Reviewed by Saam Barati.
597
598         We used to have three paths for manually deleting all code. Now we have
599         one shared path.
600
601         * debugger/Debugger.cpp:
602         (JSC::Debugger::attach): Notify the debugger of all previous code when
603         it attaches. We used to do this when recompiling, which was only correct
604         by accident.
605
606         (JSC::Debugger::recompileAllJSFunctions): Switch to the shared path.
607
608         * heap/Heap.h:
609         (JSC::Heap::compiledCode):
610
611         * inspector/agents/InspectorRuntimeAgent.cpp:
612         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
613         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
614         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
615         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
616         (Inspector::TypeRecompiler::visit): Deleted.
617         (Inspector::TypeRecompiler::operator()): Deleted.
618         (Inspector::recompileAllJSFunctionsForTypeProfiling): Deleted. Switch
619         to the shared path.
620
621         * runtime/VM.cpp:
622         (JSC::VM::afterVMExit): Added a helper for scheduling an activity after
623         VM exit. We can't delete code while it's on the stack, and we can't
624         delete auxiliary profiling data while profiling code is on the stack,
625         so in those cases, we schedule the deletion for the next time we exit.
626
627         (JSC::VM::deleteAllCode): Use afterVMExit because we might have code
628         on the stack when debugger, profiler, or watchdog state changes.
629
630         * runtime/VM.h:
631
632         * runtime/VMEntryScope.cpp:
633         (JSC::VMEntryScope::VMEntryScope):
634         (JSC::VMEntryScope::addDidPopListener):
635         (JSC::VMEntryScope::~VMEntryScope):
636         (JSC::VMEntryScope::setEntryScopeDidPopListener): Deleted.
637         * runtime/VMEntryScope.h:
638         (JSC::VMEntryScope::globalObject): Removed the uniquing feature from
639         the scope pop listener list because we don't have a client that wants
640         it, and it's not convenient to use correctly since you can't take
641         the address of a member function, a lambda, or an std::function. We can
642         add this feature back if we discover that we want it.
643
644 2015-08-21  Sukolsak Sakshuwong  <sukolsak@gmail.com>
645
646         Implement WebAssembly function parser
647         https://bugs.webkit.org/show_bug.cgi?id=147738
648
649         Reviewed by Filip Pizlo.
650
651         Implement WebAssembly function parser for WebAssembly files produced by pack-asmjs
652         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch parses only
653         some instructions on statements and int32 expressions. Parsing of the rest
654         will be implemented in subsequent patches. The instruction lists in WASMConstants.h
655         are slightly modified from
656         <https://github.com/WebAssembly/polyfill-prototype-1/blob/master/src/shared.h>.
657
658         * CMakeLists.txt:
659         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
660         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
661         * JavaScriptCore.xcodeproj/project.pbxproj:
662         * wasm/WASMConstants.h: Added.
663         * wasm/WASMFormat.h:
664         * wasm/WASMFunctionParser.cpp: Added.
665         (JSC::WASMFunctionParser::checkSyntax):
666         (JSC::WASMFunctionParser::parseFunction):
667         (JSC::WASMFunctionParser::parseLocalVariables):
668         (JSC::WASMFunctionParser::parseStatement):
669         (JSC::WASMFunctionParser::parseSetLocalStatement):
670         (JSC::WASMFunctionParser::parseReturnStatement):
671         (JSC::WASMFunctionParser::parseBlockStatement):
672         (JSC::WASMFunctionParser::parseExpression):
673         (JSC::WASMFunctionParser::parseExpressionI32):
674         (JSC::WASMFunctionParser::parseImmediateExpressionI32):
675         * wasm/WASMFunctionParser.h: Added.
676         (JSC::WASMFunctionParser::WASMFunctionParser):
677         * wasm/WASMFunctionSyntaxChecker.h: Renamed from Source/JavaScriptCore/wasm/WASMMagicNumber.h.
678         * wasm/WASMModuleParser.cpp:
679         (JSC::WASMModuleParser::WASMModuleParser):
680         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
681         (JSC::WASMModuleParser::parseFunctionDefinition):
682         * wasm/WASMModuleParser.h:
683         * wasm/WASMReader.cpp:
684         (JSC::WASMReader::readType):
685         (JSC::WASMReader::readExpressionType):
686         (JSC::WASMReader::readExportFormat):
687         (JSC::WASMReader::readOpStatement):
688         (JSC::WASMReader::readOpExpressionI32):
689         (JSC::WASMReader::readVariableTypes):
690         (JSC::WASMReader::readOp):
691         * wasm/WASMReader.h:
692         (JSC::WASMReader::offset):
693         (JSC::WASMReader::setOffset):
694
695 2015-08-21  Filip Pizlo  <fpizlo@apple.com>
696
697         DFG::PutStackSinkingPhase doesn't need to emit KillStack nodes
698         https://bugs.webkit.org/show_bug.cgi?id=148331
699
700         Reviewed by Geoffrey Garen.
701
702         PutStackSinkingPhase previously emitted a KillStack node when it sank a PutStack. This
703         isn't necessary because KillStack is only interesting for OSR exit, and PutStack nodes
704         that are relevant to OSR will already be preceded by a KillStack/MovHint pair.
705
706         * dfg/DFGPutStackSinkingPhase.cpp:
707
708 2015-08-21  Filip Pizlo  <fpizlo@apple.com>
709
710         DFG::NodeOrigin should have a flag determining if exiting is OK right now
711         https://bugs.webkit.org/show_bug.cgi?id=148323
712
713         Reviewed by Saam Barati.
714
715         * dfg/DFGByteCodeParser.cpp:
716         (JSC::DFG::ByteCodeParser::currentNodeOrigin):
717         (JSC::DFG::ByteCodeParser::branchData):
718         * dfg/DFGInsertionSet.h:
719         (JSC::DFG::InsertionSet::insertConstant):
720         (JSC::DFG::InsertionSet::insertConstantForUse):
721         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
722         * dfg/DFGIntegerCheckCombiningPhase.cpp:
723         (JSC::DFG::IntegerCheckCombiningPhase::handleBlock):
724         * dfg/DFGLICMPhase.cpp:
725         (JSC::DFG::LICMPhase::attemptHoist):
726         * dfg/DFGNodeOrigin.h:
727         (JSC::DFG::NodeOrigin::NodeOrigin):
728         (JSC::DFG::NodeOrigin::isSet):
729         (JSC::DFG::NodeOrigin::withSemantic):
730         * dfg/DFGObjectAllocationSinkingPhase.cpp:
731
732 2015-08-21  Saam barati  <sbarati@apple.com>
733
734         DFG callOperations should not implicitly emit an exception check. At callOperation call sites, we should explicitly emit exception checks
735         https://bugs.webkit.org/show_bug.cgi?id=147988
736
737         Reviewed by Geoffrey Garen.
738
739         This is in preparation for the DFG being able to handle exceptions. 
740         To do this, we need more control over when we emit exception checks.
741         Specifically, we want to be able to silentFill before emitting an exception check.
742         This patch does that. This patch also allows us to easily see which
743         operations do and do not emit exception checks. Finding this information
744         out before was a pain.
745
746         * assembler/AbortReason.h:
747         * dfg/DFGArrayifySlowPathGenerator.h:
748         * dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
749         * dfg/DFGCallCreateDirectArgumentsSlowPathGenerator.h:
750         * dfg/DFGJITCompiler.h:
751         (JSC::DFG::JITCompiler::appendCall):
752         (JSC::DFG::JITCompiler::exceptionCheck):
753         * dfg/DFGSaneStringGetByValSlowPathGenerator.h:
754         * dfg/DFGSlowPathGenerator.h:
755         (JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator):
756         (JSC::DFG::CallSlowPathGenerator::tearDown):
757         (JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::CallResultAndNoArgumentsSlowPathGenerator):
758         (JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::CallResultAndOneArgumentSlowPathGenerator):
759         (JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::CallResultAndTwoArgumentsSlowPathGenerator):
760         (JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::CallResultAndThreeArgumentsSlowPathGenerator):
761         (JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::CallResultAndFourArgumentsSlowPathGenerator):
762         (JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::CallResultAndFiveArgumentsSlowPathGenerator):
763         (JSC::DFG::slowPathCall):
764         * dfg/DFGSpeculativeJIT.cpp:
765         (JSC::DFG::SpeculativeJIT::compileIn):
766         (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
767         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
768         (JSC::DFG::SpeculativeJIT::compileArithRound):
769         (JSC::DFG::SpeculativeJIT::compileNewFunction):
770         (JSC::DFG::SpeculativeJIT::compileCreateActivation):
771         (JSC::DFG::SpeculativeJIT::compileCreateScopedArguments):
772         (JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
773         (JSC::DFG::SpeculativeJIT::compileNotifyWrite):
774         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
775         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
776         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
777         (JSC::DFG::SpeculativeJIT::compileToStringOrCallStringConstructorOnCell):
778         (JSC::DFG::SpeculativeJIT::emitSwitchImm):
779         (JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
780         * dfg/DFGSpeculativeJIT.h:
781         (JSC::DFG::SpeculativeJIT::callOperation):
782         (JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
783         (JSC::DFG::SpeculativeJIT::prepareForExternalCall):
784         (JSC::DFG::SpeculativeJIT::appendCall):
785         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnException):
786         (JSC::DFG::SpeculativeJIT::appendCallWithCallFrameRollbackOnExceptionSetResult):
787         (JSC::DFG::SpeculativeJIT::appendCallSetResult):
788         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck): Deleted.
789         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult): Deleted.
790         * dfg/DFGSpeculativeJIT32_64.cpp:
791         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
792         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
793         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
794         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
795         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
796         (JSC::DFG::SpeculativeJIT::emitCall):
797         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
798         (JSC::DFG::SpeculativeJIT::compile):
799         * dfg/DFGSpeculativeJIT64.cpp:
800         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
801         (JSC::DFG::CompareAndBoxBooleanSlowPathGenerator::CompareAndBoxBooleanSlowPathGenerator):
802         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
803         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
804         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
805         (JSC::DFG::SpeculativeJIT::emitCall):
806         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
807         (JSC::DFG::SpeculativeJIT::compile):
808         * ftl/FTLIntrinsicRepository.h:
809         * ftl/FTLLowerDFGToLLVM.cpp:
810         (JSC::FTL::DFG::LowerDFGToLLVM::callCheck):
811         * jit/AssemblyHelpers.cpp:
812         (JSC::AssemblyHelpers::jitAssertArgumentCountSane):
813         (JSC::AssemblyHelpers::jitAssertNoException):
814         (JSC::AssemblyHelpers::callExceptionFuzz):
815         (JSC::AssemblyHelpers::emitExceptionCheck):
816         * jit/AssemblyHelpers.h:
817         (JSC::AssemblyHelpers::jitAssertIsInt32):
818         (JSC::AssemblyHelpers::jitAssertIsJSInt32):
819         (JSC::AssemblyHelpers::jitAssertIsNull):
820         (JSC::AssemblyHelpers::jitAssertTagsInPlace):
821         (JSC::AssemblyHelpers::jitAssertArgumentCountSane):
822         (JSC::AssemblyHelpers::jitAssertNoException):
823         * jit/JITOperations.cpp:
824         * jit/JITOperations.h:
825         * runtime/VM.h:
826         (JSC::VM::scratchBufferForSize):
827         (JSC::VM::exceptionFuzzingBuffer):
828
829 2015-08-21  Geoffrey Garen  <ggaren@apple.com>
830
831         REGRESSION (r188714): RELEASE_ASSERT in JSC::Heap::incrementDeferralDepth() opening Web Inspector on daringfireball.net
832         https://bugs.webkit.org/show_bug.cgi?id=148312
833
834         Reviewed by Mark Lam.
835
836         * debugger/Debugger.cpp:
837         (JSC::Debugger::recompileAllJSFunctions): Use our vm argument instead of
838         m_vm because sometimes they are different and m_vm is null. (This behavior
839         is very strange, and we should probably eliminate it -- but we need a 
840         fix for this serious regression right now.)
841
842 2015-08-20  Yusuke Suzuki  <utatane.tea@gmail.com>
843
844         [ES6] prototyping module loader in JSC shell
845         https://bugs.webkit.org/show_bug.cgi?id=147876
846
847         Reviewed by Saam Barati.
848
849         This patch implements ES6 Module Loader part. The implementation is based on
850         the latest draft[1, 2]. The naive implementation poses several problems.
851         This patch attempts to solve the spec issues and proposes the fix[3, 4, 5].
852
853         We construct the JSC internal module loader based on the ES6 Promises.
854         The chain of the promises represents the dependency graph of the modules and
855         it automatically enables asynchronous module fetching.
856         To leverage the Promises internally, we use the InternalPromise landed in r188681.
857
858         The loader has several platform-dependent hooks. The platform can implement
859         these hooks to provide the functionality missing in the module loaders, like
860         "how to fetch the resources". The method table of the JSGlobalObject is extended
861         to accept these hooks from the platform.
862
863         This patch focus on the loading part. So we don't create the module environment
864         and don't link the modules yet.
865
866         To test the current module progress easily, we add the `-m` option to the JSC shell.
867         When this option is specified, we load the given script as the module. And to use
868         the module loading inside the JSC shell, we added the simple loader hook for fetching.
869         It fetches the module content from the file system.
870
871         And to use the ES6 Map in the Loader implementation, we added @get and @set methods to the Map.
872         But it conflicts with the existing `getPrivateName` method. Rename it to `lookUpPrivateName`.
873
874         [1]: https://whatwg.github.io/loader/
875         [2]: https://github.com/whatwg/loader/commit/214c7a6625b445bdf411c39984f36f01139a24be
876         [3]: https://github.com/whatwg/loader/pull/66
877         [4]: https://github.com/whatwg/loader/pull/67
878         [5]: https://github.com/whatwg/loader/issues/68
879         [6]: https://bugs.webkit.org/show_bug.cgi?id=148136
880
881         * CMakeLists.txt:
882         * DerivedSources.make:
883         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
884         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
885         * JavaScriptCore.xcodeproj/project.pbxproj:
886         * builtins/BuiltinNames.h:
887         (JSC::BuiltinNames::lookUpPrivateName):
888         (JSC::BuiltinNames::lookUpPublicName):
889         (JSC::BuiltinNames::getPrivateName): Deleted.
890         (JSC::BuiltinNames::getPublicName): Deleted.
891         * builtins/ModuleLoaderObject.js: Added.
892         (setStateToMax):
893         (newRegistryEntry):
894         (forceFulfillPromise):
895         (fulfillFetch):
896         (fulfillTranslate):
897         (fulfillInstantiate):
898         (instantiation):
899         (requestFetch):
900         (requestTranslate):
901         (requestInstantiate):
902         (requestResolveDependencies.resolveDependenciesPromise.this.requestInstantiate.then.):
903         (requestResolveDependencies.resolveDependenciesPromise.this.requestInstantiate.then):
904         (requestResolveDependencies):
905         (requestInstantiateAll):
906         (provide):
907         * jsc.cpp:
908         (stringFromUTF):
909         (jscSource):
910         (GlobalObject::moduleLoaderFetch):
911         (functionCheckModuleSyntax):
912         (dumpException):
913         (runWithScripts):
914         (printUsageStatement):
915         (CommandLine::parseArguments):
916         (jscmain):
917         (CommandLine::CommandLine): Deleted.
918         * parser/Lexer.cpp:
919         (JSC::Lexer<LChar>::parseIdentifier):
920         (JSC::Lexer<UChar>::parseIdentifier):
921         * parser/ModuleAnalyzer.cpp:
922         (JSC::ModuleAnalyzer::ModuleAnalyzer):
923         (JSC::ModuleAnalyzer::exportVariable):
924         (JSC::ModuleAnalyzer::analyze):
925         * parser/ModuleAnalyzer.h:
926         (JSC::ModuleAnalyzer::moduleRecord):
927         * parser/ModuleRecord.cpp:
928         (JSC::printableName): Deleted.
929         (JSC::ModuleRecord::dump): Deleted.
930         * parser/ModuleRecord.h:
931         (JSC::ModuleRecord::ImportEntry::isNamespace): Deleted.
932         (JSC::ModuleRecord::create): Deleted.
933         (JSC::ModuleRecord::appendRequestedModule): Deleted.
934         (JSC::ModuleRecord::addImportEntry): Deleted.
935         (JSC::ModuleRecord::addExportEntry): Deleted.
936         (JSC::ModuleRecord::addStarExportEntry): Deleted.
937         * parser/Nodes.h:
938         * parser/NodesAnalyzeModule.cpp:
939         (JSC::ImportDeclarationNode::analyzeModule):
940         (JSC::ExportAllDeclarationNode::analyzeModule):
941         (JSC::ExportNamedDeclarationNode::analyzeModule):
942         * runtime/CommonIdentifiers.cpp:
943         (JSC::CommonIdentifiers::lookUpPrivateName):
944         (JSC::CommonIdentifiers::lookUpPublicName):
945         (JSC::CommonIdentifiers::getPrivateName): Deleted.
946         (JSC::CommonIdentifiers::getPublicName): Deleted.
947         * runtime/CommonIdentifiers.h:
948         * runtime/Completion.cpp:
949         (JSC::checkModuleSyntax):
950         (JSC::evaluateModule):
951         * runtime/Completion.h:
952         * runtime/ExceptionHelpers.cpp:
953         (JSC::createUndefinedVariableError):
954         * runtime/Identifier.h:
955         * runtime/JSGlobalObject.cpp:
956         (JSC::JSGlobalObject::init):
957         (JSC::JSGlobalObject::visitChildren):
958         * runtime/JSGlobalObject.h:
959         (JSC::JSGlobalObject::moduleLoader):
960         (JSC::JSGlobalObject::moduleRecordStructure):
961         * runtime/JSModuleRecord.cpp: Renamed from Source/JavaScriptCore/parser/ModuleRecord.cpp.
962         (JSC::JSModuleRecord::destroy):
963         (JSC::JSModuleRecord::finishCreation):
964         (JSC::printableName):
965         (JSC::JSModuleRecord::dump):
966         * runtime/JSModuleRecord.h: Renamed from Source/JavaScriptCore/parser/ModuleRecord.h.
967         (JSC::JSModuleRecord::ImportEntry::isNamespace):
968         (JSC::JSModuleRecord::createStructure):
969         (JSC::JSModuleRecord::create):
970         (JSC::JSModuleRecord::requestedModules):
971         (JSC::JSModuleRecord::JSModuleRecord):
972         (JSC::JSModuleRecord::appendRequestedModule):
973         (JSC::JSModuleRecord::addImportEntry):
974         (JSC::JSModuleRecord::addExportEntry):
975         (JSC::JSModuleRecord::addStarExportEntry):
976         * runtime/MapPrototype.cpp:
977         (JSC::MapPrototype::finishCreation):
978         * runtime/ModuleLoaderObject.cpp: Added.
979         (JSC::ModuleLoaderObject::ModuleLoaderObject):
980         (JSC::ModuleLoaderObject::finishCreation):
981         (JSC::ModuleLoaderObject::getOwnPropertySlot):
982         (JSC::printableModuleKey):
983         (JSC::ModuleLoaderObject::provide):
984         (JSC::ModuleLoaderObject::requestInstantiateAll):
985         (JSC::ModuleLoaderObject::resolve):
986         (JSC::ModuleLoaderObject::fetch):
987         (JSC::ModuleLoaderObject::translate):
988         (JSC::ModuleLoaderObject::instantiate):
989         (JSC::moduleLoaderObjectParseModule):
990         (JSC::moduleLoaderObjectRequestedModules):
991         (JSC::moduleLoaderObjectResolve):
992         (JSC::moduleLoaderObjectFetch):
993         (JSC::moduleLoaderObjectTranslate):
994         (JSC::moduleLoaderObjectInstantiate):
995         * runtime/ModuleLoaderObject.h: Added.
996         (JSC::ModuleLoaderObject::create):
997         (JSC::ModuleLoaderObject::createStructure):
998         * runtime/Options.h:
999
1000 2015-08-20  Filip Pizlo  <fpizlo@apple.com>
1001
1002         DFG should have a KnownBooleanUse for cases where we are required to know that the child is a boolean and it's not OK to speculate
1003         https://bugs.webkit.org/show_bug.cgi?id=148286
1004
1005         Reviewed by Benjamin Poulain.
1006
1007         This enables us to ensure that the Branch or LogicalNot after an effectful CompareXYZ can
1008         be marked as !mayExit(). I need that for https://bugs.webkit.org/show_bug.cgi?id=145204.
1009
1010         * dfg/DFGFixupPhase.cpp:
1011         (JSC::DFG::FixupPhase::fixupNode):
1012         (JSC::DFG::FixupPhase::observeUseKindOnNode):
1013         * dfg/DFGSafeToExecute.h:
1014         (JSC::DFG::SafeToExecuteEdge::operator()):
1015         * dfg/DFGSpeculativeJIT.cpp:
1016         (JSC::DFG::SpeculativeJIT::speculate):
1017         * dfg/DFGSpeculativeJIT.h:
1018         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
1019         * dfg/DFGSpeculativeJIT32_64.cpp:
1020         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1021         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1022         (JSC::DFG::SpeculativeJIT::emitBranch):
1023         * dfg/DFGSpeculativeJIT64.cpp:
1024         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
1025         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
1026         (JSC::DFG::SpeculativeJIT::emitBranch):
1027         * dfg/DFGUseKind.cpp:
1028         (WTF::printInternal):
1029         * dfg/DFGUseKind.h:
1030         (JSC::DFG::typeFilterFor):
1031         (JSC::DFG::shouldNotHaveTypeCheck):
1032         * ftl/FTLCapabilities.cpp:
1033         (JSC::FTL::canCompile):
1034         * ftl/FTLLowerDFGToLLVM.cpp:
1035         (JSC::FTL::DFG::LowerDFGToLLVM::boolify):
1036         (JSC::FTL::DFG::LowerDFGToLLVM::lowBoolean):
1037
1038 2015-08-20  Filip Pizlo  <fpizlo@apple.com>
1039
1040         Overflow check elimination fails for a simple test case
1041         https://bugs.webkit.org/show_bug.cgi?id=147387
1042
1043         Reviewed by Benjamin Poulain.
1044
1045         Overflow check elimination was having issues when things got constant-folded, because whereas an
1046         Add or LessThan operation teaches us about relationships between the things being added or
1047         compared, we don't do that when we see a JSConstant. We don't create a relationship between every
1048         JSConstant and every other JSConstant. So, if we constant-fold an Add, we forget the relationships
1049         that it would have had with its inputs.
1050
1051         One solution would be to have every JSConstant create a relationship with every other JSConstant.
1052         This is dangerous, since it would create O(n^2) explosion of relationships.
1053
1054         Instead, this patch teaches filtration and merging how to behave "as if" there were inter-constant
1055         relationships. Normally those operations only work on two relationships involving the same node
1056         pair. But now, if we have @x op @c and @x op @d, where @c and @d are different nodes but both are
1057         constants, we will do merging or filtering by grokking the constant values.
1058
1059         This speeds up lots of tests in JSRegress, because it enables overflow check elimination on things
1060         like:
1061
1062         for (var i = 0; i < 100; ++i)
1063
1064         Previously, the fact that this was all constants would throw off the analysis because the analysis
1065         wouldn't "know" that 0 < 100.
1066
1067         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
1068
1069 2015-08-20  Geoffrey Garen  <ggaren@apple.com>
1070
1071         forEachCodeBlock should wait for all CodeBlocks automatically
1072         https://bugs.webkit.org/show_bug.cgi?id=148255
1073
1074         Add back a line of code I deleted by accident in my last patch due to
1075         incorrect merge.
1076
1077         Unreviewed.
1078
1079         * runtime/VM.cpp:
1080         (JSC::VM::deleteAllCode):
1081
1082 2015-08-20  Geoffrey Garen  <ggaren@apple.com>
1083
1084         forEachCodeBlock should wait for all CodeBlocks automatically
1085         https://bugs.webkit.org/show_bug.cgi?id=148255
1086
1087         Reviewed by Saam Barati.
1088
1089         Previously, all clients needed to wait manually before calling
1090         forEachCodeBlock. That's easy to get wrong, and at least one place
1091         got it wrong. Let's do this automatically instead.
1092
1093         * debugger/Debugger.cpp:
1094         (JSC::Debugger::Debugger):
1095         (JSC::Debugger::setSteppingMode):
1096         (JSC::Debugger::toggleBreakpoint): No need to wait manually;
1097         forEachCodeBlock will do it automatically now.
1098
1099         (JSC::Debugger::recompileAllJSFunctions): We still need to wait manually
1100         here because this is an iteration of the heap, which does not wait
1101         automatically. Use the new helper function for waiting.
1102
1103         (JSC::Debugger::clearBreakpoints):
1104         (JSC::Debugger::clearDebuggerRequests):
1105         (JSC::Debugger::setBreakpointsActivated):
1106         (JSC::Debugger::forEachCodeBlock): Deleted. No need to wait manually.
1107
1108         * debugger/Debugger.h:
1109
1110         * dfg/DFGWorklist.cpp:
1111         (JSC::DFG::completeAllPlansForVM):
1112         * dfg/DFGWorklist.h:
1113         (JSC::DFG::completeAllPlansForVM): Added a helper function that replaces
1114         vm.prepareToDeleteCode. This new function is clearer because we need
1115         to call it sometimes even if we are not going to delete code.
1116
1117         * heap/HeapInlines.h:
1118         (JSC::Heap::forEachCodeBlock): Moved.
1119
1120         * inspector/agents/InspectorRuntimeAgent.cpp:
1121         (Inspector::recompileAllJSFunctionsForTypeProfiling): Use the new helper
1122         function.
1123
1124         * runtime/JSCInlines.h:
1125         (JSC::Heap::forEachCodeBlock): Do the waiting automatically.
1126
1127         * runtime/VM.cpp:
1128         (JSC::VM::stopSampling):
1129         (JSC::VM::deleteAllCode):
1130         (JSC::VM::setEnabledProfiler):
1131         (JSC::VM::prepareToDeleteCode): Deleted.
1132         * runtime/VM.h: No need to wait manually.
1133
1134 2015-08-20  Commit Queue  <commit-queue@webkit.org>
1135
1136         Unreviewed, rolling out r188675.
1137         https://bugs.webkit.org/show_bug.cgi?id=148244
1138
1139         "caused a 17% Mac PLT regression" (Requested by ggaren on
1140         #webkit).
1141
1142         Reverted changeset:
1143
1144         "clearCode() should clear code"
1145         https://bugs.webkit.org/show_bug.cgi?id=148203
1146         http://trac.webkit.org/changeset/188675
1147
1148 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1149
1150         Introduce put_by_id like IC into put_by_val when the given name is String or Symbol
1151         https://bugs.webkit.org/show_bug.cgi?id=147760
1152
1153         Reviewed by Filip Pizlo.
1154
1155         This patch adds put_by_id IC to put_by_val by caching the one candidate id,
1156         it is the same thing to the get_by_val IC extension.
1157         It will encourage the use of ES6 Symbols and ES6 computed properties in the object literals.
1158
1159         In this patch, we leverage the existing CheckIdent and PutById / PutByVal in DFG,
1160         so this patch does not change FTL because the above operations are already supported in FTL.
1161
1162         And this patch also includes refactoring to leverage byValInfo->slowPathCount in the cached Id path.
1163
1164         Performance results report there's no regression in the existing tests. And in the synthetic
1165         benchmarks created by modifying put-by-id to put-by-val, we can see significant performance
1166         improvements up to 13.9x.
1167
1168         * bytecode/PutByIdStatus.cpp:
1169         (JSC::PutByIdStatus::computeForStubInfo):
1170         * bytecode/PutByIdStatus.h:
1171         * dfg/DFGByteCodeParser.cpp:
1172         (JSC::DFG::ByteCodeParser::parseBlock):
1173         * jit/JIT.h:
1174         (JSC::JIT::compilePutByValWithCachedId):
1175         * jit/JITOperations.cpp:
1176         (JSC::getByVal):
1177         (JSC::tryGetByValOptimize):
1178         * jit/JITOperations.h:
1179         * jit/JITPropertyAccess.cpp:
1180         (JSC::JIT::emitGetByValWithCachedId):
1181         (JSC::JIT::emit_op_put_by_val):
1182         (JSC::JIT::emitPutByValWithCachedId):
1183         (JSC::JIT::emitSlow_op_put_by_val):
1184         (JSC::JIT::emitIdentifierCheck):
1185         (JSC::JIT::privateCompilePutByValWithCachedId):
1186         * jit/JITPropertyAccess32_64.cpp:
1187         (JSC::JIT::emitGetByValWithCachedId):
1188         (JSC::JIT::emit_op_put_by_val):
1189         (JSC::JIT::emitPutByValWithCachedId):
1190         (JSC::JIT::emitSlow_op_put_by_val):
1191         * tests/stress/put-by-val-with-string-break.js: Added.
1192         (shouldBe):
1193         (assign):
1194         * tests/stress/put-by-val-with-string-generated.js: Added.
1195         (shouldBe):
1196         (gen1):
1197         (gen2):
1198         (assign):
1199         * tests/stress/put-by-val-with-string-generic.js: Added.
1200         (shouldBe):
1201         (assign):
1202         * tests/stress/put-by-val-with-symbol-break.js: Added.
1203         (shouldBe):
1204         (assign):
1205         * tests/stress/put-by-val-with-symbol-generic.js: Added.
1206         (shouldBe):
1207         (assign):
1208
1209 2015-08-20  Alex Christensen  <achristensen@webkit.org>
1210
1211         Clean up CMake build after r188673
1212         https://bugs.webkit.org/show_bug.cgi?id=148234
1213
1214         Reviewed by Tim Horton.
1215
1216         * shell/PlatformWin.cmake:
1217         Define WIN_CAIRO so the WinCairo jsc.exe can find the correct dlls.
1218
1219 2015-08-20  Mark Lam  <mark.lam@apple.com>
1220
1221         A watchdog tests is failing on Windows.
1222         https://bugs.webkit.org/show_bug.cgi?id=148228
1223
1224         Reviewed by Brent Fulgham.
1225
1226         The test just needed a little more time because Windows' timer resolution is low.
1227         After increasing the test deadlines, the test started passing.
1228
1229         * API/tests/ExecutionTimeLimitTest.cpp:
1230         (testExecutionTimeLimit):
1231
1232 2015-08-20  Mark Lam  <mark.lam@apple.com>
1233
1234         Fixed some warnings on Windows.
1235         https://bugs.webkit.org/show_bug.cgi?id=148224
1236
1237         Reviewed by Brent Fulgham.
1238
1239         The Windows build was complaining that function params were hiding a global variable.
1240         Since the function params were unused, I resolved this by removing the param names.
1241
1242         * API/tests/ExecutionTimeLimitTest.cpp:
1243         (currentCPUTimeAsJSFunctionCallback):
1244         (shouldTerminateCallback):
1245         (cancelTerminateCallback):
1246         (extendTerminateCallback):
1247
1248 2015-08-19  Yusuke Suzuki  <utatane.tea@gmail.com>
1249
1250         Add InternalPromise to use Promises safely in the internals
1251         https://bugs.webkit.org/show_bug.cgi?id=148136
1252
1253         Reviewed by Saam Barati.
1254
1255         This patch implements InternalPromise.
1256         It is completely different instance set (constructor, prototype, instance)
1257         but it has the same feature to the Promise.
1258
1259         In the Promise operations, when resolving the promise with the returned promise
1260         from the fulfill handler, we need to look up "then" method.
1261
1262         e.g.
1263             var p3 = p1.then(function handler(...) {
1264                 return p2;
1265             });
1266
1267         When handler is executed, we retrieve the returned `p2` promise. And to resolve
1268         the returned promise by "then" method (that is `p3`), we construct the chain by executing
1269         `p2.then(resolving function for p3)`. So if the user modify the Promise.prototype.then,
1270         we can observe the internal operations.
1271
1272         By using InternalPromise, we completely hide InternalPromise.prototype from the users.
1273         It allows JSC to use Promises internally; even if the user modify / override
1274         the Promise.prototype.then function, it does not effect on InternalPromise.
1275
1276         One limitation is that the implementation need to take care not to leak the InternalPromise instance
1277         to the user space.
1278
1279         * CMakeLists.txt:
1280         * DerivedSources.make:
1281         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1282         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1283         * JavaScriptCore.xcodeproj/project.pbxproj:
1284         * builtins/InternalPromiseConstructor.js: Added.
1285         (internalAll.newResolveElement):
1286         (internalAll):
1287         * builtins/Operations.Promise.js:
1288         (newPromiseDeferred): Deleted.
1289         * builtins/PromiseConstructor.js:
1290         (privateAll.newResolveElement): Deleted.
1291         (privateAll): Deleted.
1292         * runtime/CommonIdentifiers.h:
1293         * runtime/JSGlobalObject.cpp:
1294         (JSC::JSGlobalObject::init):
1295         (JSC::JSGlobalObject::visitChildren):
1296         * runtime/JSGlobalObject.h:
1297         (JSC::JSGlobalObject::promiseConstructor):
1298         (JSC::JSGlobalObject::internalPromiseConstructor):
1299         (JSC::JSGlobalObject::newPromiseCapabilityFunction):
1300         (JSC::JSGlobalObject::newPromiseDeferredFunction): Deleted.
1301         * runtime/JSInternalPromise.cpp: Copied from Source/JavaScriptCore/runtime/JSPromisePrototype.h.
1302         (JSC::JSInternalPromise::create):
1303         (JSC::JSInternalPromise::createStructure):
1304         (JSC::JSInternalPromise::JSInternalPromise):
1305         * runtime/JSInternalPromise.h: Copied from Source/JavaScriptCore/runtime/JSPromise.h.
1306         * runtime/JSInternalPromiseConstructor.cpp: Added.
1307         (JSC::JSInternalPromiseConstructor::create):
1308         (JSC::JSInternalPromiseConstructor::createStructure):
1309         (JSC::JSInternalPromiseConstructor::JSInternalPromiseConstructor):
1310         (JSC::constructPromise):
1311         (JSC::JSInternalPromiseConstructor::getConstructData):
1312         (JSC::JSInternalPromiseConstructor::getCallData):
1313         (JSC::JSInternalPromiseConstructor::getOwnPropertySlot):
1314         * runtime/JSInternalPromiseConstructor.h: Copied from Source/JavaScriptCore/runtime/JSPromiseConstructor.h.
1315         * runtime/JSInternalPromiseDeferred.cpp: Added.
1316         (JSC::JSInternalPromiseDeferred::create):
1317         (JSC::JSInternalPromiseDeferred::JSInternalPromiseDeferred):
1318         (JSC::JSInternalPromiseDeferred::promise):
1319         * runtime/JSInternalPromiseDeferred.h: Copied from Source/JavaScriptCore/runtime/JSPromisePrototype.h.
1320         * runtime/JSInternalPromisePrototype.cpp: Copied from Source/JavaScriptCore/runtime/JSPromisePrototype.cpp.
1321         (JSC::JSInternalPromisePrototype::create):
1322         (JSC::JSInternalPromisePrototype::createStructure):
1323         (JSC::JSInternalPromisePrototype::JSInternalPromisePrototype):
1324         * runtime/JSInternalPromisePrototype.h: Copied from Source/JavaScriptCore/runtime/JSPromise.h.
1325         * runtime/JSPromise.cpp:
1326         (JSC::JSPromise::create):
1327         (JSC::JSPromise::JSPromise):
1328         (JSC::JSPromise::initialize):
1329         * runtime/JSPromise.h:
1330         * runtime/JSPromiseConstructor.cpp:
1331         (JSC::JSPromiseConstructor::JSPromiseConstructor):
1332         (JSC::constructPromise):
1333         (JSC::JSPromiseConstructor::getOwnPropertySlot):
1334         (JSC::JSPromiseConstructor::finishCreation): Deleted.
1335         * runtime/JSPromiseConstructor.h:
1336         * runtime/JSPromiseDeferred.cpp:
1337         (JSC::newPromiseCapability):
1338         (JSC::JSPromiseDeferred::create):
1339         (JSC::JSPromiseDeferred::JSPromiseDeferred):
1340         * runtime/JSPromiseDeferred.h:
1341         * runtime/JSPromisePrototype.cpp:
1342         (JSC::JSPromisePrototype::getOwnPropertySlot):
1343         * runtime/JSPromisePrototype.h:
1344         * runtime/VM.cpp:
1345         (JSC::VM::VM):
1346         * runtime/VM.h:
1347
1348 2015-08-19  Filip Pizlo  <fpizlo@apple.com>
1349
1350         Remove WTF::SpinLock
1351         https://bugs.webkit.org/show_bug.cgi?id=148208
1352
1353         Reviewed by Geoffrey Garen.
1354
1355         Remove the one remaining use of SpinLock.
1356
1357         * API/JSValue.mm:
1358         (handerForStructTag):
1359
1360 2015-08-19  Geoffrey Garen  <ggaren@apple.com>
1361
1362         clearCode() should clear code
1363         https://bugs.webkit.org/show_bug.cgi?id=148203
1364
1365         Reviewed by Saam Barati.
1366
1367         Clearing code used to require two steps: clearCode() and
1368         clearUnlinkedCodeForRecompilation(). Unsurprisingly, clients sometimes
1369         did one or the other or both without much rhyme or reason.
1370
1371         This patch simplifies things by merging both functions into clearCode().
1372
1373         * bytecode/UnlinkedFunctionExecutable.h:
1374         * debugger/Debugger.cpp:
1375         * heap/Heap.cpp:
1376         (JSC::Heap::deleteAllCompiledCode):
1377         (JSC::Heap::clearUnmarkedExecutables):
1378         (JSC::Heap::deleteAllUnlinkedFunctionCode): Deleted. No need for this
1379         function anymore since it was only used by clients who already called
1380         clearCode() (and it would be terribly wrong to use without doing both.)
1381
1382         * heap/Heap.h:
1383         (JSC::Heap::sizeAfterLastFullCollection):
1384         * inspector/agents/InspectorRuntimeAgent.cpp:
1385         (Inspector::TypeRecompiler::visit):
1386         (Inspector::TypeRecompiler::operator()):
1387         * runtime/Executable.cpp:
1388         (JSC::FunctionExecutable::visitChildren):
1389         (JSC::FunctionExecutable::clearCode):
1390         (JSC::FunctionExecutable::clearUnlinkedCodeForRecompilation): Deleted.
1391         * runtime/Executable.h:
1392         * runtime/VM.cpp:
1393         (JSC::VM::deleteAllCode):
1394
1395 2015-08-19  Alex Christensen  <achristensen@webkit.org>
1396
1397         CMake Windows build should not include files directly from other Source directories
1398         https://bugs.webkit.org/show_bug.cgi?id=148198
1399
1400         Reviewed by Brent Fulgham.
1401
1402         * CMakeLists.txt:
1403         JavaScriptCore_FORWARDING_HEADERS_FILES is no longer necessary because all the headers
1404         that used to be in it are now in JavaScriptCore_FORWARDING_HEADERS_DIRECTORIES
1405         * PlatformEfl.cmake:
1406         * PlatformGTK.cmake:
1407         * PlatformMac.cmake:
1408         * PlatformWin.cmake:
1409
1410 2015-08-19  Eric Carlson  <eric.carlson@apple.com>
1411
1412         Remove ENABLE_WEBVTT_REGIONS
1413         https://bugs.webkit.org/show_bug.cgi?id=148184
1414
1415         Reviewed by Jer Noble.
1416
1417         * Configurations/FeatureDefines.xcconfig: Remove ENABLE_WEBVTT_REGIONS.
1418
1419 2015-08-19  Joseph Pecoraro  <pecoraro@apple.com>
1420
1421         Web Inspector: Unexpected node preview format for an element with newlines in className attribute
1422         https://bugs.webkit.org/show_bug.cgi?id=148192
1423
1424         Reviewed by Brian Burg.
1425
1426         * inspector/InjectedScriptSource.js:
1427         (InjectedScript.prototype._nodePreview):
1428         Replace whitespace blocks with single spaces to produce a simpler class string for previews.
1429
1430 2015-08-19  Mark Lam  <mark.lam@apple.com>
1431
1432         Add support for CheckWatchdogTimer as slow path in DFG and FTL.
1433         https://bugs.webkit.org/show_bug.cgi?id=147968
1434
1435         Reviewed by Michael Saboff.
1436
1437         Re-implement the DFG's CheckWatchdogTimer as a slow path instead of a speculation
1438         check.  Since the watchdog timer can fire spuriously, this allows the code to
1439         stay optimized if all we have are spurious fires.
1440
1441         Implement the equivalent slow path for CheckWatchdogTimer in the FTL. 
1442
1443         The watchdog tests in ExecutionTimeLimitTest.cpp has already been updated in
1444         https://bugs.webkit.org/show_bug.cgi?id=148125 to test for the FTL's watchdog
1445         implementation.
1446
1447         * dfg/DFGSpeculativeJIT32_64.cpp:
1448         (JSC::DFG::SpeculativeJIT::compile):
1449         * dfg/DFGSpeculativeJIT64.cpp:
1450         (JSC::DFG::SpeculativeJIT::compile):
1451         * ftl/FTLCapabilities.cpp:
1452         (JSC::FTL::canCompile):
1453         * ftl/FTLLowerDFGToLLVM.cpp:
1454         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1455         (JSC::FTL::DFG::LowerDFGToLLVM::compileMaterializeCreateActivation):
1456         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckWatchdogTimer):
1457         (JSC::FTL::DFG::LowerDFGToLLVM::isInlinableSize):
1458
1459         * jit/JIT.h:
1460         * jit/JITInlines.h:
1461         (JSC::JIT::callOperation):
1462         * jit/JITOperations.cpp:
1463         * jit/JITOperations.h:
1464         - Changed operationHandleWatchdogTimer() to return an unused nullptr.  This
1465           allows me to reuse the existing DFG slow path generator mechanism.  I didn't
1466           think that operationHandleWatchdogTimer() was worth introducing a whole new set
1467           of machinery just so we can have a slow path that returns void.
1468
1469 2015-08-19  Mark Lam  <mark.lam@apple.com>
1470
1471         Add ability to save and restore JSC options.
1472         https://bugs.webkit.org/show_bug.cgi?id=148125
1473
1474         Reviewed by Saam Barati.
1475
1476         * API/tests/ExecutionTimeLimitTest.cpp:
1477         (testExecutionTimeLimit):
1478         - Employ the new options getter/setter to run watchdog tests for each of the
1479           execution engine tiers.
1480         - Also altered the test scripts to be in a function instead of global code.
1481           This is one of 2 changes needed to give them an opportunity to be FTL compiled.
1482           The other is to add support for compiling CheckWatchdogTimer in the FTL (which
1483           will be addressed in a separate patch).
1484
1485         * jsc.cpp:
1486         (CommandLine::parseArguments):
1487         * runtime/Options.cpp:
1488         (JSC::parse):
1489         - Add the ability to clear a string option with a nullptr value.
1490           This is needed to restore a default string option value which may be null.
1491
1492         (JSC::OptionRange::init):
1493         - Add the ability to clear a range option with a null value.
1494           This is needed to restore a default range option value which may be null.
1495
1496         (JSC::Options::initialize):
1497         (JSC::Options::dumpOptionsIfNeeded):
1498         - Factor code to dump options out to dumpOptionsIfNeeded() since we will need
1499           that logic elsewhere.
1500
1501         (JSC::Options::setOptions):
1502         - Parse an options string and set each of the specified options.
1503
1504         (JSC::Options::dumpAllOptions):
1505         (JSC::Options::dumpAllOptionsInALine):
1506         (JSC::Options::dumpOption):
1507         (JSC::Option::dump):
1508         - Refactored so that the underlying dumper dumps to a StringBuilder instead of
1509           stderr.  This lets us reuse this code to serialize all the options into a
1510           single string for dumpAllOptionsInALine().
1511
1512         * runtime/Options.h:
1513         (JSC::OptionRange::rangeString):
1514
1515 2015-08-18  Filip Pizlo  <fpizlo@apple.com>
1516
1517         Replace all uses of std::mutex/std::condition_variable with WTF::Lock/WTF::Condition
1518         https://bugs.webkit.org/show_bug.cgi?id=148140
1519
1520         Reviewed by Geoffrey Garen.
1521
1522         * inspector/remote/RemoteInspector.h:
1523         * inspector/remote/RemoteInspector.mm:
1524         (Inspector::RemoteInspector::registerDebuggable):
1525         (Inspector::RemoteInspector::unregisterDebuggable):
1526         (Inspector::RemoteInspector::updateDebuggable):
1527         (Inspector::RemoteInspector::updateDebuggableAutomaticInspectCandidate):
1528         (Inspector::RemoteInspector::sendMessageToRemoteFrontend):
1529         (Inspector::RemoteInspector::setupFailed):
1530         (Inspector::RemoteInspector::setupCompleted):
1531         (Inspector::RemoteInspector::start):
1532         (Inspector::RemoteInspector::stop):
1533         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1534         (Inspector::RemoteInspector::setParentProcessInformation):
1535         (Inspector::RemoteInspector::xpcConnectionReceivedMessage):
1536         (Inspector::RemoteInspector::xpcConnectionFailed):
1537         (Inspector::RemoteInspector::pushListingSoon):
1538         (Inspector::RemoteInspector::receivedIndicateMessage):
1539         (Inspector::RemoteInspector::receivedProxyApplicationSetupMessage):
1540         * inspector/remote/RemoteInspectorXPCConnection.h:
1541         * inspector/remote/RemoteInspectorXPCConnection.mm:
1542         (Inspector::RemoteInspectorXPCConnection::close):
1543         (Inspector::RemoteInspectorXPCConnection::closeFromMessage):
1544         (Inspector::RemoteInspectorXPCConnection::deserializeMessage):
1545         (Inspector::RemoteInspectorXPCConnection::handleEvent):
1546
1547 2015-08-18  Joseph Pecoraro  <pecoraro@apple.com>
1548
1549         Web Inspector: Links for rules in <style> are incorrect, do not account for <style> offset in the document
1550         https://bugs.webkit.org/show_bug.cgi?id=148141
1551
1552         Reviewed by Brian Burg.
1553
1554         * inspector/protocol/CSS.json:
1555         Extend StyleSheetHeader to include start offset information and a bit
1556         for whether or not this was an inline style tag created by the parser.
1557         These match additions to Blink's protocol.
1558
1559 2015-08-18  Benjamin Poulain  <bpoulain@apple.com>
1560
1561         [JSC] Optimize more cases of something-compared-to-null/undefined
1562         https://bugs.webkit.org/show_bug.cgi?id=148157
1563
1564         Reviewed by Geoffrey Garen and Filip Pizlo.
1565
1566         CompareEq is fairly trivial if you assert one of the operands is either
1567         null or undefined. Under those conditions, the only way to have "true"
1568         is to have the other operand be null/undefined or have an object
1569         that masquerades to undefined.
1570
1571         JSC already had a fast path in CompareEqConstant.
1572         With this patch, I generalize this fast path to more cases and try
1573         to eliminate the checks whenever possible.
1574
1575         CompareEq now does the job of CompareEqConstant. If any operand can
1576         be proved to be undefined/other, its edge is set to OtherUse. Whenever
1577         any edge is OtherUse, we generate the fast code we had for CompareEqConstant.
1578
1579         The AbstractInterpreter has additional checks to reduce the node to a constant
1580         whenever possible.
1581
1582         There are two additional changes in this patch:
1583         -The Fixup Phase tries to set edges to OtherUse early. This is done correctly
1584          in ConstantFoldingPhase but setting it up early helps the phases relying
1585          on Clobberize.
1586         -The codegen for CompareEqConstant was improved. The reason is the comparison
1587          for ObjectOrOther could be faster just because the codegen was better.
1588
1589         * dfg/DFGAbstractInterpreterInlines.h:
1590         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1591         * dfg/DFGByteCodeParser.cpp:
1592         (JSC::DFG::ByteCodeParser::parseBlock):
1593         * dfg/DFGClobberize.h:
1594         (JSC::DFG::clobberize): Deleted.
1595         * dfg/DFGConstantFoldingPhase.cpp:
1596         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1597         * dfg/DFGDoesGC.cpp:
1598         (JSC::DFG::doesGC): Deleted.
1599         * dfg/DFGFixupPhase.cpp:
1600         (JSC::DFG::FixupPhase::fixupNode):
1601         * dfg/DFGNode.h:
1602         (JSC::DFG::Node::isUndefinedOrNullConstant):
1603         * dfg/DFGNodeType.h:
1604         * dfg/DFGPredictionPropagationPhase.cpp:
1605         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
1606         * dfg/DFGSafeToExecute.h:
1607         (JSC::DFG::safeToExecute): Deleted.
1608         * dfg/DFGSpeculativeJIT.cpp:
1609         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1610         (JSC::DFG::SpeculativeJIT::compare):
1611         * dfg/DFGSpeculativeJIT.h:
1612         (JSC::DFG::SpeculativeJIT::isKnownNotOther):
1613         * dfg/DFGSpeculativeJIT32_64.cpp:
1614         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
1615         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
1616         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
1617         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
1618         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
1619         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1620         * dfg/DFGSpeculativeJIT64.cpp:
1621         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
1622         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
1623         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull): Deleted.
1624         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull): Deleted.
1625         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull): Deleted.
1626         (JSC::DFG::SpeculativeJIT::compile): Deleted.
1627         * dfg/DFGValidate.cpp:
1628         (JSC::DFG::Validate::validate): Deleted.
1629         * dfg/DFGWatchpointCollectionPhase.cpp:
1630         (JSC::DFG::WatchpointCollectionPhase::handle):
1631         * ftl/FTLCapabilities.cpp:
1632         (JSC::FTL::canCompile):
1633         * ftl/FTLLowerDFGToLLVM.cpp:
1634         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEq):
1635         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
1636         (JSC::FTL::DFG::LowerDFGToLLVM::compileCompareEqConstant): Deleted.
1637         * tests/stress/compare-eq-on-null-and-undefined-non-peephole.js: Added.
1638         (string_appeared_here.useForMath):
1639         (testUseForMath):
1640         * tests/stress/compare-eq-on-null-and-undefined-optimized-in-constant-folding.js: Added.
1641         (string_appeared_here.unreachableCodeTest):
1642         (inlinedCompareToNull):
1643         (inlinedComparedToUndefined):
1644         (warmupInlineFunctions):
1645         (testInlineFunctions):
1646         * tests/stress/compare-eq-on-null-and-undefined.js: Added.
1647         (string_appeared_here.compareConstants):
1648         (opaqueNull):
1649         (opaqueUndefined):
1650         (compareConstantsAndDynamicValues):
1651         (compareDynamicValues):
1652         (compareDynamicValueToItself):
1653         (arrayTesting):
1654         (opaqueCompare1):
1655         (testNullComparatorUpdate):
1656         (opaqueCompare2):
1657         (testUndefinedComparatorUpdate):
1658         (opaqueCompare3):
1659         (testNullAndUndefinedComparatorUpdate):
1660
1661 2015-08-18  Yusuke Suzuki  <utatane.tea@gmail.com>
1662
1663         Introduce non-user-observable Promise functions to use Promises internally
1664         https://bugs.webkit.org/show_bug.cgi?id=148118
1665
1666         Reviewed by Saam Barati.
1667
1668         To leverage the Promises internally (like ES6 Module Loaders), we add
1669         the several non-user-observable private methods, like @then, @all. And
1670         refactor the existing Promises implementation to make it easy to use
1671         internally.
1672
1673         But still the trappable part remains. When resolving the promise with
1674         the returned value, we look up the "then" function. So users can trap
1675         by replacing "then" function of the Promise's prototype.
1676         To avoid this situation, we'll introduce completely differnt promise
1677         instances called InternalPromise in the subsequent patch[1].
1678
1679         No behavior change.
1680
1681         [1]: https://bugs.webkit.org/show_bug.cgi?id=148136
1682
1683         * builtins/PromiseConstructor.js:
1684         (privateAll.newResolveElement):
1685         (privateAll):
1686         * runtime/JSGlobalObject.cpp:
1687         (JSC::JSGlobalObject::init):
1688         (JSC::JSGlobalObject::visitChildren): Deleted.
1689         * runtime/JSGlobalObject.h:
1690         (JSC::JSGlobalObject::promiseConstructor): Deleted.
1691         (JSC::JSGlobalObject::promisePrototype): Deleted.
1692         (JSC::JSGlobalObject::promiseStructure): Deleted.
1693         * runtime/JSPromiseConstructor.cpp:
1694         (JSC::JSPromiseConstructor::finishCreation):
1695         * runtime/JSPromiseDeferred.cpp:
1696         (JSC::callFunction):
1697         (JSC::JSPromiseDeferred::resolve):
1698         (JSC::JSPromiseDeferred::reject):
1699         * runtime/JSPromiseDeferred.h:
1700         * runtime/JSPromisePrototype.cpp:
1701         (JSC::JSPromisePrototype::create):
1702         (JSC::JSPromisePrototype::JSPromisePrototype):
1703         * runtime/JSPromisePrototype.h:
1704
1705 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
1706
1707         Try to fix the CLOOP build.
1708
1709         Unreviewed.
1710
1711         * bytecode/CodeBlock.cpp:
1712
1713 2015-08-18  Geoffrey Garen  <ggaren@apple.com>
1714
1715         Split InlineCallFrame into its own file
1716         https://bugs.webkit.org/show_bug.cgi?id=148131
1717
1718         Reviewed by Saam Barati.
1719
1720         * CMakeLists.txt:
1721         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1722         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1723         * JavaScriptCore.xcodeproj/project.pbxproj:
1724         * bytecode/CallLinkStatus.cpp:
1725         * bytecode/CodeBlock.h:
1726         (JSC::ExecState::r):
1727         (JSC::baselineCodeBlockForInlineCallFrame): Deleted.
1728         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock): Deleted.
1729         * bytecode/CodeOrigin.cpp:
1730         (JSC::CodeOrigin::inlineStack):
1731         (JSC::CodeOrigin::codeOriginOwner):
1732         (JSC::CodeOrigin::stackOffset):
1733         (JSC::CodeOrigin::dump):
1734         (JSC::CodeOrigin::dumpInContext):
1735         (JSC::InlineCallFrame::calleeConstant): Deleted.
1736         (JSC::InlineCallFrame::visitAggregate): Deleted.
1737         (JSC::InlineCallFrame::calleeForCallFrame): Deleted.
1738         (JSC::InlineCallFrame::hash): Deleted.
1739         (JSC::InlineCallFrame::hashAsStringIfPossible): Deleted.
1740         (JSC::InlineCallFrame::inferredName): Deleted.
1741         (JSC::InlineCallFrame::baselineCodeBlock): Deleted.
1742         (JSC::InlineCallFrame::dumpBriefFunctionInformation): Deleted.
1743         (JSC::InlineCallFrame::dumpInContext): Deleted.
1744         (JSC::InlineCallFrame::dump): Deleted.
1745         (WTF::printInternal): Deleted.
1746         * bytecode/CodeOrigin.h:
1747         (JSC::CodeOrigin::deletedMarker):
1748         (JSC::CodeOrigin::hash):
1749         (JSC::CodeOrigin::operator==):
1750         (JSC::CodeOriginHash::hash):
1751         (JSC::CodeOriginHash::equal):
1752         (JSC::InlineCallFrame::kindFor): Deleted.
1753         (JSC::InlineCallFrame::varargsKindFor): Deleted.
1754         (JSC::InlineCallFrame::specializationKindFor): Deleted.
1755         (JSC::InlineCallFrame::isVarargs): Deleted.
1756         (JSC::InlineCallFrame::InlineCallFrame): Deleted.
1757         (JSC::InlineCallFrame::specializationKind): Deleted.
1758         (JSC::InlineCallFrame::setStackOffset): Deleted.
1759         (JSC::InlineCallFrame::callerFrameOffset): Deleted.
1760         (JSC::InlineCallFrame::returnPCOffset): Deleted.
1761         (JSC::CodeOrigin::stackOffset): Deleted.
1762         (JSC::CodeOrigin::codeOriginOwner): Deleted.
1763         * bytecode/InlineCallFrame.cpp: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.cpp.
1764         (JSC::InlineCallFrame::calleeConstant):
1765         (JSC::CodeOrigin::inlineDepthForCallFrame): Deleted.
1766         (JSC::CodeOrigin::inlineDepth): Deleted.
1767         (JSC::CodeOrigin::isApproximatelyEqualTo): Deleted.
1768         (JSC::CodeOrigin::approximateHash): Deleted.
1769         (JSC::CodeOrigin::inlineStack): Deleted.
1770         (JSC::CodeOrigin::dump): Deleted.
1771         (JSC::CodeOrigin::dumpInContext): Deleted.
1772         * bytecode/InlineCallFrame.h: Copied from Source/JavaScriptCore/bytecode/CodeOrigin.h.
1773         (JSC::InlineCallFrame::isVarargs):
1774         (JSC::InlineCallFrame::InlineCallFrame):
1775         (JSC::InlineCallFrame::specializationKind):
1776         (JSC::baselineCodeBlockForInlineCallFrame):
1777         (JSC::baselineCodeBlockForOriginAndBaselineCodeBlock):
1778         (JSC::CodeOrigin::CodeOrigin): Deleted.
1779         (JSC::CodeOrigin::isSet): Deleted.
1780         (JSC::CodeOrigin::operator!): Deleted.
1781         (JSC::CodeOrigin::isHashTableDeletedValue): Deleted.
1782         (JSC::CodeOrigin::operator!=): Deleted.
1783         (JSC::CodeOrigin::deletedMarker): Deleted.
1784         (JSC::CodeOrigin::stackOffset): Deleted.
1785         (JSC::CodeOrigin::hash): Deleted.
1786         (JSC::CodeOrigin::operator==): Deleted.
1787         (JSC::CodeOrigin::codeOriginOwner): Deleted.
1788         (JSC::CodeOriginHash::hash): Deleted.
1789         (JSC::CodeOriginHash::equal): Deleted.
1790         (JSC::CodeOriginApproximateHash::hash): Deleted.
1791         (JSC::CodeOriginApproximateHash::equal): Deleted.
1792         * bytecode/InlineCallFrameSet.cpp:
1793         * dfg/DFGCommonData.cpp:
1794         * dfg/DFGOSRExitBase.cpp:
1795         * dfg/DFGVariableEventStream.cpp:
1796         * ftl/FTLOperations.cpp:
1797         * interpreter/CallFrame.cpp:
1798         * interpreter/StackVisitor.cpp:
1799         * jit/AssemblyHelpers.h:
1800         * profiler/ProfilerOriginStack.cpp:
1801         * runtime/ClonedArguments.cpp:
1802
1803 2015-08-18  Mark Lam  <mark.lam@apple.com>
1804
1805         Removed an unused param in Interpreter::initialize().
1806         https://bugs.webkit.org/show_bug.cgi?id=148129
1807
1808         Reviewed by Michael Saboff.
1809
1810         * interpreter/Interpreter.cpp:
1811         (JSC::Interpreter::~Interpreter):
1812         (JSC::Interpreter::initialize):
1813         * interpreter/Interpreter.h:
1814         (JSC::Interpreter::stack):
1815         * runtime/VM.cpp:
1816         (JSC::VM::VM):
1817
1818 2015-08-17  Alex Christensen  <achristensen@webkit.org>
1819
1820         Add const to content extension parser
1821         https://bugs.webkit.org/show_bug.cgi?id=148044
1822
1823         Reviewed by Benjamin Poulain.
1824
1825         * runtime/JSObject.h:
1826         (JSC::JSObject::getIndexQuickly):
1827         (JSC::JSObject::tryGetIndexQuickly):
1828         (JSC::JSObject::getDirectIndex):
1829         (JSC::JSObject::getIndex):
1830         Added a few const keywords.
1831
1832 2015-08-17  Alex Christensen  <achristensen@webkit.org>
1833
1834         Build Debug Suffix on Windows with CMake
1835         https://bugs.webkit.org/show_bug.cgi?id=148083
1836
1837         Reviewed by Brent Fulgham.
1838
1839         * CMakeLists.txt:
1840         * PlatformWin.cmake:
1841         * shell/CMakeLists.txt:
1842         * shell/PlatformWin.cmake:
1843         Add DEBUG_SUFFIX
1844
1845 2015-08-17  Saam barati  <sbarati@apple.com>
1846
1847         Web Inspector: Type profiler return types aren't showing up
1848         https://bugs.webkit.org/show_bug.cgi?id=147348
1849
1850         Reviewed by Brian Burg.
1851
1852         Bug #145995 changed the starting offset of a function to 
1853         be the open parenthesis of the function's parameter list.
1854         This broke JSC's type profiler protocol of communicating 
1855         return types of a function to the web inspector. This
1856         is now fixed. The text offset used in the protocol is now
1857         the first letter of the function/get/set/method name.
1858         So "f" in "function a() {}", "s" in "set foo(){}", etc.
1859
1860         * bytecode/CodeBlock.cpp:
1861         (JSC::CodeBlock::CodeBlock):
1862         * jsc.cpp:
1863         (functionReturnTypeFor):
1864
1865 2015-08-17 Aleksandr Skachkov   <gskachkov@gmail.com>
1866
1867         [ES6] Implement ES6 arrow function syntax. Arrow function specific features. Lexical bind of this
1868         https://bugs.webkit.org/show_bug.cgi?id=144956
1869
1870         Reviewed by Saam Barati.
1871
1872         Added support of ES6 arrow function specific feature, lexical bind of this and no constructor. http://wiki.ecmascript.org/doku.php?id=harmony:arrow_function_syntax
1873         In patch were implemented the following cases:
1874            this - variable |this| is point to the |this| of the function where arrow function is declared. Lexical bind of |this|
1875            constructor - the using of the command |new| for arrow function leads to runtime error
1876            call(), apply(), bind()  - methods can only pass in arguments, but has no effect on |this| 
1877
1878
1879         * CMakeLists.txt:
1880         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1881         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1882         * JavaScriptCore.xcodeproj/project.pbxproj:
1883         * bytecode/BytecodeList.json:
1884         * bytecode/BytecodeUseDef.h:
1885         (JSC::computeUsesForBytecodeOffset):
1886         (JSC::computeDefsForBytecodeOffset):
1887         * bytecode/CodeBlock.cpp:
1888         (JSC::CodeBlock::dumpBytecode):
1889         * bytecode/ExecutableInfo.h:
1890         (JSC::ExecutableInfo::ExecutableInfo):
1891         (JSC::ExecutableInfo::isArrowFunction):
1892         * bytecode/UnlinkedCodeBlock.cpp:
1893         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
1894         * bytecode/UnlinkedCodeBlock.h:
1895         (JSC::UnlinkedCodeBlock::isArrowFunction):
1896         * bytecode/UnlinkedFunctionExecutable.cpp:
1897         (JSC::generateFunctionCodeBlock):
1898         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1899         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
1900         * bytecode/UnlinkedFunctionExecutable.h:
1901         * bytecompiler/BytecodeGenerator.cpp:
1902         (JSC::BytecodeGenerator::BytecodeGenerator):
1903         (JSC::BytecodeGenerator::emitNewFunctionCommon):
1904         (JSC::BytecodeGenerator::emitNewFunctionExpression):
1905         (JSC::BytecodeGenerator::emitNewArrowFunctionExpression):
1906         (JSC::BytecodeGenerator::emitLoadArrowFunctionThis):
1907         * bytecompiler/BytecodeGenerator.h:
1908         * bytecompiler/NodesCodegen.cpp:
1909         (JSC::ArrowFuncExprNode::emitBytecode):
1910         * dfg/DFGAbstractInterpreterInlines.h:
1911         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1912         * dfg/DFGByteCodeParser.cpp:
1913         (JSC::DFG::ByteCodeParser::parseBlock):
1914         * dfg/DFGCapabilities.cpp:
1915         (JSC::DFG::capabilityLevel):
1916         * dfg/DFGClobberize.h:
1917         (JSC::DFG::clobberize):
1918         * dfg/DFGDoesGC.cpp:
1919         (JSC::DFG::doesGC):
1920         * dfg/DFGFixupPhase.cpp:
1921         (JSC::DFG::FixupPhase::fixupNode):
1922         * dfg/DFGNode.h:
1923         (JSC::DFG::Node::convertToPhantomNewFunction):
1924         (JSC::DFG::Node::hasCellOperand):
1925         (JSC::DFG::Node::isFunctionAllocation):
1926         * dfg/DFGNodeType.h:
1927         * dfg/DFGObjectAllocationSinkingPhase.cpp:
1928         * dfg/DFGPredictionPropagationPhase.cpp:
1929         (JSC::DFG::PredictionPropagationPhase::propagate):
1930         * dfg/DFGPromotedHeapLocation.cpp:
1931         (WTF::printInternal):
1932         * dfg/DFGPromotedHeapLocation.h:
1933         * dfg/DFGSafeToExecute.h:
1934         (JSC::DFG::safeToExecute):
1935         * dfg/DFGSpeculativeJIT.cpp:
1936         (JSC::DFG::SpeculativeJIT::compileLoadArrowFunctionThis):
1937         (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon):
1938         (JSC::DFG::SpeculativeJIT::compileNewFunction):
1939         * dfg/DFGSpeculativeJIT.h:
1940         (JSC::DFG::SpeculativeJIT::callOperation):
1941         * dfg/DFGSpeculativeJIT32_64.cpp:
1942         (JSC::DFG::SpeculativeJIT::compile):
1943         * dfg/DFGSpeculativeJIT64.cpp:
1944         (JSC::DFG::SpeculativeJIT::compile):
1945         * dfg/DFGStoreBarrierInsertionPhase.cpp:
1946         * dfg/DFGStructureRegistrationPhase.cpp:
1947         (JSC::DFG::StructureRegistrationPhase::run):
1948         * ftl/FTLAbstractHeapRepository.cpp:
1949         * ftl/FTLAbstractHeapRepository.h:
1950         * ftl/FTLCapabilities.cpp:
1951         (JSC::FTL::canCompile):
1952         * ftl/FTLIntrinsicRepository.h:
1953         * ftl/FTLLowerDFGToLLVM.cpp:
1954         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
1955         (JSC::FTL::DFG::LowerDFGToLLVM::compileNewFunction):
1956         (JSC::FTL::DFG::LowerDFGToLLVM::compileLoadArrowFunctionThis):
1957         * ftl/FTLOperations.cpp:
1958         (JSC::FTL::operationMaterializeObjectInOSR):
1959         * interpreter/Interpreter.cpp:
1960         * interpreter/Interpreter.h:
1961         * jit/CCallHelpers.h:
1962         (JSC::CCallHelpers::setupArgumentsWithExecState): Added 3 arguments version for windows build.
1963         * jit/JIT.cpp:
1964         (JSC::JIT::privateCompileMainPass):
1965         * jit/JIT.h:
1966         * jit/JITInlines.h:
1967         (JSC::JIT::callOperation):
1968         * jit/JITOpcodes.cpp:
1969         (JSC::JIT::emit_op_load_arrowfunction_this):
1970         (JSC::JIT::emit_op_new_func_exp):
1971         (JSC::JIT::emitNewFuncExprCommon):
1972         (JSC::JIT::emit_op_new_arrow_func_exp):
1973         * jit/JITOpcodes32_64.cpp:
1974         (JSC::JIT::emit_op_load_arrowfunction_this):
1975         * jit/JITOperations.cpp:
1976         * jit/JITOperations.h:
1977         * llint/LLIntOffsetsExtractor.cpp:
1978         * llint/LLIntSlowPaths.cpp:
1979         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1980         (JSC::LLInt::setUpCall):
1981         * llint/LLIntSlowPaths.h:
1982         * llint/LowLevelInterpreter.asm:
1983         * llint/LowLevelInterpreter32_64.asm:
1984         * llint/LowLevelInterpreter64.asm:
1985         * parser/ASTBuilder.h:
1986         (JSC::ASTBuilder::createFunctionMetadata):
1987         (JSC::ASTBuilder::createArrowFunctionExpr):
1988         * parser/NodeConstructors.h:
1989         (JSC::BaseFuncExprNode::BaseFuncExprNode):
1990         (JSC::FuncExprNode::FuncExprNode):
1991         (JSC::ArrowFuncExprNode::ArrowFuncExprNode):
1992         * parser/Nodes.cpp:
1993         (JSC::FunctionMetadataNode::FunctionMetadataNode):
1994         * parser/Nodes.h:
1995         (JSC::ExpressionNode::isArrowFuncExprNode):
1996         * parser/Parser.cpp:
1997         (JSC::Parser<LexerType>::parseFunctionBody):
1998         (JSC::Parser<LexerType>::parseFunctionInfo):
1999         * parser/SyntaxChecker.h:
2000         (JSC::SyntaxChecker::createFunctionMetadata):
2001         * runtime/Executable.cpp:
2002         (JSC::ScriptExecutable::newCodeBlockFor):
2003         * runtime/Executable.h:
2004         * runtime/JSArrowFunction.cpp: Added.
2005         (JSC::JSArrowFunction::destroy):
2006         (JSC::JSArrowFunction::create):
2007         (JSC::JSArrowFunction::JSArrowFunction):
2008         (JSC::JSArrowFunction::createWithInvalidatedReallocationWatchpoint):
2009         (JSC::JSArrowFunction::visitChildren):
2010         (JSC::JSArrowFunction::getConstructData):
2011         * runtime/JSArrowFunction.h: Added.
2012         (JSC::JSArrowFunction::allocationSize):
2013         (JSC::JSArrowFunction::createImpl):
2014         (JSC::JSArrowFunction::boundThis):
2015         (JSC::JSArrowFunction::createStructure):
2016         (JSC::JSArrowFunction::offsetOfThisValue):
2017         * runtime/JSFunction.h:
2018         * runtime/JSFunctionInlines.h:
2019         (JSC::JSFunction::JSFunction):
2020         * runtime/JSGlobalObject.cpp:
2021         (JSC::JSGlobalObject::init):
2022         (JSC::JSGlobalObject::visitChildren):
2023         * runtime/JSGlobalObject.h:
2024         (JSC::JSGlobalObject::arrowFunctionStructure):
2025         * tests/stress/arrowfunction-activation-sink-osrexit-default-value-tdz-error.js: Added.
2026         * tests/stress/arrowfunction-activation-sink-osrexit-default-value.js: Added.
2027         * tests/stress/arrowfunction-activation-sink-osrexit.js: Added.
2028         * tests/stress/arrowfunction-activation-sink.js: Added.
2029         * tests/stress/arrowfunction-bound.js: Added.
2030         * tests/stress/arrowfunction-call.js: Added.
2031         * tests/stress/arrowfunction-constructor.js: Added.
2032         * tests/stress/arrowfunction-lexical-bind-this-1.js: Added.
2033         * tests/stress/arrowfunction-lexical-bind-this-2.js: Added.
2034         * tests/stress/arrowfunction-lexical-bind-this-3.js: Added.
2035         * tests/stress/arrowfunction-lexical-bind-this-4.js: Added.
2036         * tests/stress/arrowfunction-lexical-bind-this-5.js: Added.
2037         * tests/stress/arrowfunction-lexical-bind-this-6.js: Added.
2038         * tests/stress/arrowfunction-lexical-this-activation-sink-osrexit.js: Added.
2039         * tests/stress/arrowfunction-lexical-this-activation-sink.js: Added.
2040         * tests/stress/arrowfunction-lexical-this-sinking-no-double-allocate.js: Added.
2041         * tests/stress/arrowfunction-lexical-this-sinking-osrexit.js: Added.
2042         * tests/stress/arrowfunction-lexical-this-sinking-put.js: Added.
2043         * tests/stress/arrowfunction-others.js: Added.
2044         * tests/stress/arrowfunction-run-10-1.js: Added.
2045         * tests/stress/arrowfunction-run-10-2.js: Added.
2046         * tests/stress/arrowfunction-run-10000-1.js: Added.
2047         * tests/stress/arrowfunction-run-10000-2.js: Added.
2048         * tests/stress/arrowfunction-sinking-no-double-allocate.js: Added.
2049         * tests/stress/arrowfunction-sinking-osrexit.js: Added.
2050         * tests/stress/arrowfunction-sinking-put.js: Added.
2051         * tests/stress/arrowfunction-tdz.js: Added.
2052         * tests/stress/arrowfunction-typeof.js: Added.
2053
2054 2015-07-28  Sam Weinig  <sam@webkit.org>
2055
2056         Cleanup the builtin JavaScript files
2057         https://bugs.webkit.org/show_bug.cgi?id=147382
2058
2059         Reviewed by Geoffrey Garen.
2060
2061         * builtins/Array.prototype.js:
2062         * builtins/ArrayConstructor.js:
2063         * builtins/ArrayIterator.prototype.js:
2064         * builtins/Function.prototype.js:
2065         * builtins/Iterator.prototype.js:
2066         * builtins/ObjectConstructor.js:
2067         * builtins/StringConstructor.js:
2068         * builtins/StringIterator.prototype.js:
2069         Unify the style of the built JavaScript files.
2070
2071 2015-08-17  Alex Christensen  <achristensen@webkit.org>
2072
2073         Move some commands from ./CMakeLists.txt to Source/cmake
2074         https://bugs.webkit.org/show_bug.cgi?id=148003
2075
2076         Reviewed by Brent Fulgham.
2077
2078         * CMakeLists.txt:
2079         Added commands needed to build JSC by itself.
2080
2081 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
2082
2083         [ES6] Implement Reflect.get
2084         https://bugs.webkit.org/show_bug.cgi?id=147925
2085
2086         Reviewed by Geoffrey Garen.
2087
2088         This patch implements Reflect.get API.
2089         It can take the receiver object as the third argument.
2090         When the receiver is specified and there's a getter for the given property name,
2091         we call the getter with the receiver as the |this| value.
2092
2093         * runtime/ReflectObject.cpp:
2094         (JSC::reflectObjectGet):
2095         * runtime/SparseArrayValueMap.cpp:
2096         (JSC::SparseArrayEntry::get): Deleted.
2097         * runtime/SparseArrayValueMap.h:
2098         * tests/stress/reflect-get.js: Added.
2099         (shouldBe):
2100         (shouldThrow):
2101         (.get shouldThrow):
2102         (.get var):
2103         (get var.object.get hello):
2104         (.get shouldBe):
2105         (get var.object.set hello):
2106
2107 2015-08-17  Simon Fraser  <simon.fraser@apple.com>
2108
2109         will-change should sometimes trigger compositing
2110         https://bugs.webkit.org/show_bug.cgi?id=148072
2111
2112         Reviewed by Tim Horton.
2113         
2114         Include will-change as a reason for compositing.
2115
2116         * inspector/protocol/LayerTree.json:
2117
2118 2015-08-17  Yusuke Suzuki  <utatane.tea@gmail.com>
2119
2120         [ES6] Implement Reflect.getOwnPropertyDescriptor
2121         https://bugs.webkit.org/show_bug.cgi?id=147929
2122
2123         Reviewed by Geoffrey Garen.
2124
2125         Implement Reflect.getOwnPropertyDescriptor.
2126         The difference from the Object.getOwnPropertyDescriptor is
2127         Reflect.getOwnPropertyDescriptor does not perform ToObject onto
2128         the first argument. If the first argument is not an Object, it
2129         immediately raises the TypeError.
2130
2131         * runtime/ObjectConstructor.cpp:
2132         (JSC::objectConstructorGetOwnPropertyDescriptor):
2133         * runtime/ObjectConstructor.h:
2134         * runtime/ReflectObject.cpp:
2135         (JSC::reflectObjectGetOwnPropertyDescriptor):
2136         * tests/stress/reflect-get-own-property.js: Added.
2137         (shouldBe):
2138         (shouldThrow):
2139
2140 2015-08-16  Benjamin Poulain  <bpoulain@apple.com>
2141
2142         [JSC] Use (x + x) instead of (x * 2) when possible
2143         https://bugs.webkit.org/show_bug.cgi?id=148051
2144
2145         Reviewed by Michael Saboff.
2146
2147         When multiplying a number by 2, JSC was loading a constant "2"
2148         in register and multiplying it with the first number:
2149
2150             mov $0x4000000000000000, %rcx
2151             movd %rcx, %xmm0
2152             mulsd %xmm0, %xmm1
2153
2154         This is a problem for a few reasons.
2155         1) "movd %rcx, %xmm0" only set half of XMM0. This instruction
2156            has to wait for any preceding instruction on XMM0 to finish
2157            before executing.
2158         2) The load and transform itself is large and unecessary.
2159
2160         To fix that, I added a StrengthReductionPhase to transform
2161         multiplications by 2 into a addition.
2162
2163         Unfortunately, that turned the code into:
2164             movsd %xmm0 %xmm1
2165             mulsd %xmm1 %xmm0
2166
2167         The reason is GenerationInfo::canReuse() was not accounting
2168         for nodes using other nodes multiple times.
2169
2170         After fixing that too, we now have the multiplications by 2
2171         done as:
2172             addsd %xmm0 %xmm0
2173
2174         * dfg/DFGGenerationInfo.h:
2175         (JSC::DFG::GenerationInfo::useCount):
2176         (JSC::DFG::GenerationInfo::canReuse): Deleted.
2177         * dfg/DFGSpeculativeJIT.cpp:
2178         (JSC::DFG::FPRTemporary::FPRTemporary):
2179         * dfg/DFGSpeculativeJIT.h:
2180         (JSC::DFG::SpeculativeJIT::canReuse):
2181         (JSC::DFG::GPRTemporary::GPRTemporary):
2182         * dfg/DFGStrengthReductionPhase.cpp:
2183         (JSC::DFG::StrengthReductionPhase::handleNode):
2184
2185 2015-08-14  Basile Clement  <basile_clement@apple.com>
2186
2187         Occasional failure in v8-v6/v8-raytrace.js.ftl-eager
2188         https://bugs.webkit.org/show_bug.cgi?id=147165
2189
2190         Reviewed by Saam Barati.
2191
2192         The object allocation sinking phase was not properly checking that a
2193         MultiGetByOffset was safe to lower before lowering it.
2194         This makes it so that we only lower MultiGetByOffset if it only loads
2195         from direct properties of the object, and considers it as an escape in
2196         any other case (e.g. a load from the prototype).
2197
2198         It also ensure proper conversion of MultiGetByOffset into
2199         CheckStructureImmediate when needed.
2200
2201         * dfg/DFGObjectAllocationSinkingPhase.cpp:
2202         * ftl/FTLLowerDFGToLLVM.cpp:
2203         (JSC::FTL::DFG::LowerDFGToLLVM::checkStructure):
2204             We were not compiling properly CheckStructure and
2205             CheckStructureImmediate nodes with an empty StructureSet.
2206         * tests/stress/sink-multigetbyoffset.js: Regression test.
2207
2208 2015-08-14  Filip Pizlo  <fpizlo@apple.com>
2209
2210         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
2211         https://bugs.webkit.org/show_bug.cgi?id=147999
2212
2213         Reviewed by Geoffrey Garen.
2214
2215         * API/JSVirtualMachine.mm:
2216         (initWrapperCache):
2217         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
2218         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
2219         (wrapperCacheMutex): Deleted.
2220         * bytecode/SamplingTool.cpp:
2221         (JSC::SamplingTool::doRun):
2222         (JSC::SamplingTool::notifyOfScope):
2223         * bytecode/SamplingTool.h:
2224         * dfg/DFGThreadData.h:
2225         * dfg/DFGWorklist.cpp:
2226         (JSC::DFG::Worklist::~Worklist):
2227         (JSC::DFG::Worklist::isActiveForVM):
2228         (JSC::DFG::Worklist::enqueue):
2229         (JSC::DFG::Worklist::compilationState):
2230         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2231         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2232         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2233         (JSC::DFG::Worklist::visitWeakReferences):
2234         (JSC::DFG::Worklist::removeDeadPlans):
2235         (JSC::DFG::Worklist::queueLength):
2236         (JSC::DFG::Worklist::dump):
2237         (JSC::DFG::Worklist::runThread):
2238         * dfg/DFGWorklist.h:
2239         * disassembler/Disassembler.cpp:
2240         * heap/CopiedSpace.cpp:
2241         (JSC::CopiedSpace::doneFillingBlock):
2242         (JSC::CopiedSpace::doneCopying):
2243         * heap/CopiedSpace.h:
2244         * heap/CopiedSpaceInlines.h:
2245         (JSC::CopiedSpace::recycleBorrowedBlock):
2246         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2247         * heap/GCThread.cpp:
2248         (JSC::GCThread::waitForNextPhase):
2249         (JSC::GCThread::gcThreadMain):
2250         * heap/GCThreadSharedData.cpp:
2251         (JSC::GCThreadSharedData::GCThreadSharedData):
2252         (JSC::GCThreadSharedData::~GCThreadSharedData):
2253         (JSC::GCThreadSharedData::startNextPhase):
2254         (JSC::GCThreadSharedData::endCurrentPhase):
2255         (JSC::GCThreadSharedData::didStartMarking):
2256         (JSC::GCThreadSharedData::didFinishMarking):
2257         * heap/GCThreadSharedData.h:
2258         * heap/HeapTimer.h:
2259         * heap/MachineStackMarker.cpp:
2260         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2261         (JSC::ActiveMachineThreadsManager::add):
2262         (JSC::ActiveMachineThreadsManager::remove):
2263         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2264         (JSC::MachineThreads::~MachineThreads):
2265         (JSC::MachineThreads::addCurrentThread):
2266         (JSC::MachineThreads::removeThreadIfFound):
2267         (JSC::MachineThreads::tryCopyOtherThreadStack):
2268         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2269         (JSC::MachineThreads::gatherConservativeRoots):
2270         * heap/MachineStackMarker.h:
2271         * heap/SlotVisitor.cpp:
2272         (JSC::SlotVisitor::donateKnownParallel):
2273         (JSC::SlotVisitor::drain):
2274         (JSC::SlotVisitor::drainFromShared):
2275         (JSC::SlotVisitor::mergeOpaqueRoots):
2276         * heap/SlotVisitorInlines.h:
2277         (JSC::SlotVisitor::containsOpaqueRootTriState):
2278         * inspector/remote/RemoteInspectorDebuggableConnection.h:
2279         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
2280         (Inspector::RemoteInspectorHandleRunSourceGlobal):
2281         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
2282         (Inspector::RemoteInspectorInitializeGlobalQueue):
2283         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
2284         (Inspector::RemoteInspectorDebuggableConnection::setup):
2285         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
2286         (Inspector::RemoteInspectorDebuggableConnection::close):
2287         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
2288         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
2289         * interpreter/JSStack.cpp:
2290         (JSC::JSStack::JSStack):
2291         (JSC::JSStack::releaseExcessCapacity):
2292         (JSC::JSStack::addToCommittedByteCount):
2293         (JSC::JSStack::committedByteCount):
2294         (JSC::stackStatisticsMutex): Deleted.
2295         (JSC::JSStack::initializeThreading): Deleted.
2296         * interpreter/JSStack.h:
2297         (JSC::JSStack::gatherConservativeRoots):
2298         (JSC::JSStack::sanitizeStack):
2299         (JSC::JSStack::size):
2300         (JSC::JSStack::initializeThreading): Deleted.
2301         * jit/ExecutableAllocator.cpp:
2302         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2303         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2304         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2305         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2306         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2307         (JSC::DemandExecutableAllocator::allocators):
2308         (JSC::DemandExecutableAllocator::allocatorsMutex):
2309         * jit/JITThunks.cpp:
2310         (JSC::JITThunks::ctiStub):
2311         * jit/JITThunks.h:
2312         * profiler/ProfilerDatabase.cpp:
2313         (JSC::Profiler::Database::ensureBytecodesFor):
2314         (JSC::Profiler::Database::notifyDestruction):
2315         * profiler/ProfilerDatabase.h:
2316         * runtime/InitializeThreading.cpp:
2317         (JSC::initializeThreading):
2318         * runtime/JSLock.cpp:
2319         (JSC::GlobalJSLock::GlobalJSLock):
2320         (JSC::GlobalJSLock::~GlobalJSLock):
2321         (JSC::JSLockHolder::JSLockHolder):
2322         (JSC::GlobalJSLock::initialize): Deleted.
2323         * runtime/JSLock.h:
2324
2325 2015-08-14  Ryosuke Niwa  <rniwa@webkit.org>
2326
2327         ES6 class syntax should allow computed name method
2328         https://bugs.webkit.org/show_bug.cgi?id=142690
2329
2330         Reviewed by Saam Barati.
2331
2332         Added a new "attributes" attribute to op_put_getter_by_id, op_put_setter_by_id, op_put_getter_setter to specify
2333         the property descriptor options so that we can use use op_put_setter_by_id and op_put_getter_setter to define
2334         getters and setters for classes. Without this, getters and setters could erroneously override methods.
2335
2336         * bytecode/BytecodeList.json:
2337         * bytecode/BytecodeUseDef.h:
2338         (JSC::computeUsesForBytecodeOffset):
2339         * bytecode/CodeBlock.cpp:
2340         (JSC::CodeBlock::dumpBytecode):
2341         * bytecompiler/BytecodeGenerator.cpp:
2342         (JSC::BytecodeGenerator::emitDirectPutById):
2343         (JSC::BytecodeGenerator::emitPutGetterById):
2344         (JSC::BytecodeGenerator::emitPutSetterById):
2345         (JSC::BytecodeGenerator::emitPutGetterSetter):
2346         * bytecompiler/BytecodeGenerator.h:
2347         * bytecompiler/NodesCodegen.cpp:
2348         (JSC::PropertyListNode::emitBytecode): Always use emitPutGetterSetter to emit getters and setters for classes
2349         as done for object literals.
2350         (JSC::PropertyListNode::emitPutConstantProperty):
2351         (JSC::ClassExprNode::emitBytecode):
2352         * jit/CCallHelpers.h:
2353         (JSC::CCallHelpers::setupArgumentsWithExecState):
2354         * jit/JIT.h:
2355         * jit/JITInlines.h:
2356         (JSC::JIT::callOperation):
2357         * jit/JITOperations.cpp:
2358         * jit/JITOperations.h:
2359         * jit/JITPropertyAccess.cpp:
2360         (JSC::JIT::emit_op_put_getter_by_id):
2361         (JSC::JIT::emit_op_put_setter_by_id):
2362         (JSC::JIT::emit_op_put_getter_setter):
2363         (JSC::JIT::emit_op_del_by_id):
2364         * jit/JITPropertyAccess32_64.cpp:
2365         (JSC::JIT::emit_op_put_getter_by_id):
2366         (JSC::JIT::emit_op_put_setter_by_id):
2367         (JSC::JIT::emit_op_put_getter_setter):
2368         (JSC::JIT::emit_op_del_by_id):
2369         * llint/LLIntSlowPaths.cpp:
2370         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2371         * llint/LowLevelInterpreter.asm:
2372         * parser/ASTBuilder.h:
2373         (JSC::ASTBuilder::createProperty):
2374         (JSC::ASTBuilder::createPropertyList):
2375         * parser/NodeConstructors.h:
2376         (JSC::PropertyNode::PropertyNode):
2377         * parser/Nodes.h:
2378         (JSC::PropertyNode::expressionName):
2379         (JSC::PropertyNode::name):
2380         * parser/Parser.cpp:
2381         (JSC::Parser<LexerType>::parseClass): Added the support for computed property name. We don't support computed names
2382         for getters and setters.
2383         * parser/SyntaxChecker.h:
2384         (JSC::SyntaxChecker::createProperty):
2385         * runtime/JSObject.cpp:
2386         (JSC::JSObject::allowsAccessFrom):
2387         (JSC::JSObject::putGetter):
2388         (JSC::JSObject::putSetter):
2389         * runtime/JSObject.h:
2390         * runtime/PropertyDescriptor.h:
2391
2392 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2393
2394         Add InspectorInstrumentation builtin object to instrument the code in JS builtins like Promises
2395         https://bugs.webkit.org/show_bug.cgi?id=147942
2396
2397         Reviewed by Geoffrey Garen.
2398
2399         This patch adds new private global object, @InspectorInstrumentation.
2400         It is intended to be used as the namespace object (like Reflect/Math) for Inspector's
2401         instrumentation system and it is used to instrument the builtin JS code, like Promises.
2402
2403         * CMakeLists.txt:
2404         * DerivedSources.make:
2405         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2406         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2407         * JavaScriptCore.xcodeproj/project.pbxproj:
2408         * builtins/InspectorInstrumentationObject.js: Added.
2409         (debug):
2410         (promiseFulfilled):
2411         (promiseRejected):
2412         * builtins/Operations.Promise.js:
2413         (rejectPromise):
2414         (fulfillPromise):
2415         * runtime/CommonIdentifiers.h:
2416         * runtime/InspectorInstrumentationObject.cpp: Added.
2417         (JSC::InspectorInstrumentationObject::InspectorInstrumentationObject):
2418         (JSC::InspectorInstrumentationObject::finishCreation):
2419         (JSC::InspectorInstrumentationObject::getOwnPropertySlot):
2420         (JSC::InspectorInstrumentationObject::isEnabled):
2421         (JSC::InspectorInstrumentationObject::enable):
2422         (JSC::InspectorInstrumentationObject::disable):
2423         (JSC::inspectorInstrumentationObjectDataLogImpl):
2424         * runtime/InspectorInstrumentationObject.h: Added.
2425         (JSC::InspectorInstrumentationObject::create):
2426         (JSC::InspectorInstrumentationObject::createStructure):
2427         * runtime/JSGlobalObject.cpp:
2428         (JSC::JSGlobalObject::init):
2429
2430 2015-08-14  Commit Queue  <commit-queue@webkit.org>
2431
2432         Unreviewed, rolling out r188444.
2433         https://bugs.webkit.org/show_bug.cgi?id=148029
2434
2435         Broke GTK and EFL (see bug #148027) (Requested by philn on
2436         #webkit).
2437
2438         Reverted changeset:
2439
2440         "Use WTF::Lock and WTF::Condition instead of WTF::Mutex,
2441         WTF::ThreadCondition, std::mutex, and std::condition_variable"
2442         https://bugs.webkit.org/show_bug.cgi?id=147999
2443         http://trac.webkit.org/changeset/188444
2444
2445 2015-08-13  Filip Pizlo  <fpizlo@apple.com>
2446
2447         Use WTF::Lock and WTF::Condition instead of WTF::Mutex, WTF::ThreadCondition, std::mutex, and std::condition_variable
2448         https://bugs.webkit.org/show_bug.cgi?id=147999
2449
2450         Reviewed by Geoffrey Garen.
2451
2452         * API/JSVirtualMachine.mm:
2453         (initWrapperCache):
2454         (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
2455         (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
2456         (wrapperCacheMutex): Deleted.
2457         * bytecode/SamplingTool.cpp:
2458         (JSC::SamplingTool::doRun):
2459         (JSC::SamplingTool::notifyOfScope):
2460         * bytecode/SamplingTool.h:
2461         * dfg/DFGThreadData.h:
2462         * dfg/DFGWorklist.cpp:
2463         (JSC::DFG::Worklist::~Worklist):
2464         (JSC::DFG::Worklist::isActiveForVM):
2465         (JSC::DFG::Worklist::enqueue):
2466         (JSC::DFG::Worklist::compilationState):
2467         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
2468         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
2469         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
2470         (JSC::DFG::Worklist::visitWeakReferences):
2471         (JSC::DFG::Worklist::removeDeadPlans):
2472         (JSC::DFG::Worklist::queueLength):
2473         (JSC::DFG::Worklist::dump):
2474         (JSC::DFG::Worklist::runThread):
2475         * dfg/DFGWorklist.h:
2476         * disassembler/Disassembler.cpp:
2477         * heap/CopiedSpace.cpp:
2478         (JSC::CopiedSpace::doneFillingBlock):
2479         (JSC::CopiedSpace::doneCopying):
2480         * heap/CopiedSpace.h:
2481         * heap/CopiedSpaceInlines.h:
2482         (JSC::CopiedSpace::recycleBorrowedBlock):
2483         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
2484         * heap/GCThread.cpp:
2485         (JSC::GCThread::waitForNextPhase):
2486         (JSC::GCThread::gcThreadMain):
2487         * heap/GCThreadSharedData.cpp:
2488         (JSC::GCThreadSharedData::GCThreadSharedData):
2489         (JSC::GCThreadSharedData::~GCThreadSharedData):
2490         (JSC::GCThreadSharedData::startNextPhase):
2491         (JSC::GCThreadSharedData::endCurrentPhase):
2492         (JSC::GCThreadSharedData::didStartMarking):
2493         (JSC::GCThreadSharedData::didFinishMarking):
2494         * heap/GCThreadSharedData.h:
2495         * heap/HeapTimer.h:
2496         * heap/MachineStackMarker.cpp:
2497         (JSC::ActiveMachineThreadsManager::Locker::Locker):
2498         (JSC::ActiveMachineThreadsManager::add):
2499         (JSC::ActiveMachineThreadsManager::remove):
2500         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
2501         (JSC::MachineThreads::~MachineThreads):
2502         (JSC::MachineThreads::addCurrentThread):
2503         (JSC::MachineThreads::removeThreadIfFound):
2504         (JSC::MachineThreads::tryCopyOtherThreadStack):
2505         (JSC::MachineThreads::tryCopyOtherThreadStacks):
2506         (JSC::MachineThreads::gatherConservativeRoots):
2507         * heap/MachineStackMarker.h:
2508         * heap/SlotVisitor.cpp:
2509         (JSC::SlotVisitor::donateKnownParallel):
2510         (JSC::SlotVisitor::drain):
2511         (JSC::SlotVisitor::drainFromShared):
2512         (JSC::SlotVisitor::mergeOpaqueRoots):
2513         * heap/SlotVisitorInlines.h:
2514         (JSC::SlotVisitor::containsOpaqueRootTriState):
2515         * inspector/remote/RemoteInspectorDebuggableConnection.h:
2516         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
2517         (Inspector::RemoteInspectorHandleRunSourceGlobal):
2518         (Inspector::RemoteInspectorQueueTaskOnGlobalQueue):
2519         (Inspector::RemoteInspectorInitializeGlobalQueue):
2520         (Inspector::RemoteInspectorHandleRunSourceWithInfo):
2521         (Inspector::RemoteInspectorDebuggableConnection::setup):
2522         (Inspector::RemoteInspectorDebuggableConnection::closeFromDebuggable):
2523         (Inspector::RemoteInspectorDebuggableConnection::close):
2524         (Inspector::RemoteInspectorDebuggableConnection::sendMessageToBackend):
2525         (Inspector::RemoteInspectorDebuggableConnection::queueTaskOnPrivateRunLoop):
2526         * interpreter/JSStack.cpp:
2527         (JSC::JSStack::JSStack):
2528         (JSC::JSStack::releaseExcessCapacity):
2529         (JSC::JSStack::addToCommittedByteCount):
2530         (JSC::JSStack::committedByteCount):
2531         (JSC::stackStatisticsMutex): Deleted.
2532         (JSC::JSStack::initializeThreading): Deleted.
2533         * interpreter/JSStack.h:
2534         (JSC::JSStack::gatherConservativeRoots):
2535         (JSC::JSStack::sanitizeStack):
2536         (JSC::JSStack::size):
2537         (JSC::JSStack::initializeThreading): Deleted.
2538         * jit/ExecutableAllocator.cpp:
2539         (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
2540         (JSC::DemandExecutableAllocator::~DemandExecutableAllocator):
2541         (JSC::DemandExecutableAllocator::bytesAllocatedByAllAllocators):
2542         (JSC::DemandExecutableAllocator::bytesCommittedByAllocactors):
2543         (JSC::DemandExecutableAllocator::dumpProfileFromAllAllocators):
2544         (JSC::DemandExecutableAllocator::allocators):
2545         (JSC::DemandExecutableAllocator::allocatorsMutex):
2546         * jit/JITThunks.cpp:
2547         (JSC::JITThunks::ctiStub):
2548         * jit/JITThunks.h:
2549         * profiler/ProfilerDatabase.cpp:
2550         (JSC::Profiler::Database::ensureBytecodesFor):
2551         (JSC::Profiler::Database::notifyDestruction):
2552         * profiler/ProfilerDatabase.h:
2553         * runtime/InitializeThreading.cpp:
2554         (JSC::initializeThreading):
2555         * runtime/JSLock.cpp:
2556         (JSC::GlobalJSLock::GlobalJSLock):
2557         (JSC::GlobalJSLock::~GlobalJSLock):
2558         (JSC::JSLockHolder::JSLockHolder):
2559         (JSC::GlobalJSLock::initialize): Deleted.
2560         * runtime/JSLock.h:
2561
2562 2015-08-13  Commit Queue  <commit-queue@webkit.org>
2563
2564         Unreviewed, rolling out r188428.
2565         https://bugs.webkit.org/show_bug.cgi?id=148015
2566
2567         broke cmake build (Requested by alexchristensen on #webkit).
2568
2569         Reverted changeset:
2570
2571         "Move some commands from ./CMakeLists.txt to Source/cmake"
2572         https://bugs.webkit.org/show_bug.cgi?id=148003
2573         http://trac.webkit.org/changeset/188428
2574
2575 2015-08-13  Commit Queue  <commit-queue@webkit.org>
2576
2577         Unreviewed, rolling out r188431.
2578         https://bugs.webkit.org/show_bug.cgi?id=148013
2579
2580         JSC headers are too hard to understand (Requested by smfr on
2581         #webkit).
2582
2583         Reverted changeset:
2584
2585         "Remove a few includes from JSGlobalObject.h"
2586         https://bugs.webkit.org/show_bug.cgi?id=148004
2587         http://trac.webkit.org/changeset/188431
2588
2589 2015-08-13  Benjamin Poulain  <bpoulain@apple.com>
2590
2591         [JSC] Add support for GetByVal on arrays of Undecided shape
2592         https://bugs.webkit.org/show_bug.cgi?id=147814
2593
2594         Reviewed by Filip Pizlo.
2595
2596         Previously, GetByVal on Array::Undecided would just take
2597         the generic path. The problem is the generic path is so
2598         slow that it could take a significant amount of time
2599         even for unfrequent accesses.
2600
2601         With this patch, if the following conditions are met,
2602         the GetByVal just returns a "undefined" constant:
2603         -The object is an OriginalArray.
2604         -The prototype chain is sane.
2605         -The index is an integer.
2606         -The integer is positive (runtime check).
2607
2608         Ideally, the 4th conditions should be removed
2609         deducing a compile-time constant gives us so much better
2610         opportunities at getting rid of this code.
2611
2612         There are two cases where this patch removes the runtime
2613         check:
2614         -If the index is constant (uncommon but easy)
2615         -If the index is within a range known to be positive.
2616          (common case and made possible with DFGIntegerRangeOptimizationPhase).
2617
2618         When we get into those cases, DFG just nukes everything
2619         and all we have left is a structure check :)
2620
2621         This patch is a 14% improvement on audio-beat-detection,
2622         a few percent faster here and there and no regression.
2623
2624         * dfg/DFGAbstractInterpreterInlines.h:
2625         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2626         If the index is a positive constant, we can get rid of the GetByVal
2627         entirely. :)
2628
2629         * dfg/DFGArrayMode.cpp:
2630         (JSC::DFG::ArrayMode::fromObserved):
2631         The returned type is now Array::Undecided + profiling information.
2632         The useful type is set in ArrayMode::refine().
2633
2634         (JSC::DFG::ArrayMode::refine):
2635         If we meet the particular set conditions, we speculate an Undecided
2636         array type with sane chain. Anything else comes back to Generic.
2637
2638         (JSC::DFG::ArrayMode::originalArrayStructure):
2639         To enable the structure check for Undecided array.
2640
2641         (JSC::DFG::ArrayMode::alreadyChecked):
2642         * dfg/DFGArrayMode.h:
2643         (JSC::DFG::ArrayMode::withProfile):
2644         (JSC::DFG::ArrayMode::canCSEStorage):
2645         (JSC::DFG::ArrayMode::benefitsFromOriginalArray):
2646         (JSC::DFG::ArrayMode::lengthNeedsStorage): Deleted.
2647         (JSC::DFG::ArrayMode::isSpecific): Deleted.A
2648
2649         * dfg/DFGByteCodeParser.cpp:
2650         (JSC::DFG::ByteCodeParser::handleIntrinsic): Deleted.
2651         This is somewhat unrelated.
2652
2653         Having Array::Undecided on ArrayPush was impossible before
2654         since ArrayMode::fromObserved() used to return Array::Generic.
2655
2656         Now that Array::Undecided is possible, we must make sure not
2657         to provide it to ArrayPush since there is no code to handle it
2658         properly.
2659
2660         * dfg/DFGClobberize.h:
2661         (JSC::DFG::clobberize):
2662         The operation only depends on the index, it is pure.
2663
2664         * dfg/DFGFixupPhase.cpp:
2665         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2666         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
2667         * dfg/DFGSpeculativeJIT.cpp:
2668         (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
2669         (JSC::DFG::SpeculativeJIT::checkArray):
2670         * dfg/DFGSpeculativeJIT32_64.cpp:
2671         (JSC::DFG::SpeculativeJIT::compile):
2672         * dfg/DFGSpeculativeJIT64.cpp:
2673         (JSC::DFG::SpeculativeJIT::compile):
2674         * ftl/FTLCapabilities.cpp:
2675         (JSC::FTL::canCompile):
2676         * ftl/FTLLowerDFGToLLVM.cpp:
2677         (JSC::FTL::DFG::LowerDFGToLLVM::compileGetByVal):
2678         * tests/stress/get-by-val-on-undecided-array-type.js: Added.
2679         * tests/stress/get-by-val-on-undecided-sane-chain-1.js: Added.
2680         * tests/stress/get-by-val-on-undecided-sane-chain-2.js: Added.
2681         * tests/stress/get-by-val-on-undecided-sane-chain-3.js: Added.
2682         * tests/stress/get-by-val-on-undecided-sane-chain-4.js: Added.
2683         * tests/stress/get-by-val-on-undecided-sane-chain-5.js: Added.
2684         * tests/stress/get-by-val-on-undecided-sane-chain-6.js: Added.
2685
2686 2015-08-13  Simon Fraser  <simon.fraser@apple.com>
2687
2688         Remove a few includes from JSGlobalObject.h
2689         https://bugs.webkit.org/show_bug.cgi?id=148004
2690
2691         Reviewed by Tim Horton.
2692         
2693         Remove 4 #includes from JSGlobalObject.h, and fix the fallout.
2694
2695         * parser/VariableEnvironment.cpp:
2696         * parser/VariableEnvironment.h:
2697         * runtime/JSGlobalObject.h:
2698         * runtime/Structure.h:
2699         * runtime/StructureInlines.h:
2700
2701 2015-08-13  Alex Christensen  <achristensen@webkit.org>
2702
2703         Move some commands from ./CMakeLists.txt to Source/cmake
2704         https://bugs.webkit.org/show_bug.cgi?id=148003
2705
2706         Reviewed by Brent Fulgham.
2707
2708         * CMakeLists.txt:
2709         Added commands needed to build JSC by itself.
2710
2711 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2712
2713         Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
2714         https://bugs.webkit.org/show_bug.cgi?id=147353
2715
2716         Reviewed by Saam Barati.
2717
2718         This is the follow-up patch after r188355.
2719         It includes the following changes.
2720
2721         - Unify JSParserCodeType, FunctionParseMode and ModuleParseMode into SourceParseMode
2722         - Make SourceParseMode to C++ strongly-typed enum.
2723         - Fix the comments.
2724         - Rename ModuleSpecifier to ModuleName.
2725         - Add the type name `ImportEntry` before the C++11 uniform initialization.
2726         - Fix the thrown message for duplicate 'default' names.
2727         - Assert the all statements in the top-level source elements are the module declarations under the module analyzer phase.
2728
2729         * API/JSScriptRef.cpp:
2730         (parseScript):
2731         * builtins/BuiltinExecutables.cpp:
2732         (JSC::BuiltinExecutables::createExecutableInternal):
2733         * bytecode/UnlinkedFunctionExecutable.cpp:
2734         (JSC::generateFunctionCodeBlock):
2735         * bytecode/UnlinkedFunctionExecutable.h:
2736         * bytecompiler/BytecodeGenerator.h:
2737         (JSC::BytecodeGenerator::makeFunction):
2738         * parser/ASTBuilder.h:
2739         (JSC::ASTBuilder::createFunctionMetadata):
2740         (JSC::ASTBuilder::createModuleName):
2741         (JSC::ASTBuilder::createImportDeclaration):
2742         (JSC::ASTBuilder::createExportAllDeclaration):
2743         (JSC::ASTBuilder::createExportNamedDeclaration):
2744         (JSC::ASTBuilder::createModuleSpecifier): Deleted.
2745         * parser/ModuleAnalyzer.cpp:
2746         (JSC::ModuleAnalyzer::analyze):
2747         * parser/NodeConstructors.h:
2748         (JSC::ModuleNameNode::ModuleNameNode):
2749         (JSC::ImportDeclarationNode::ImportDeclarationNode):
2750         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
2751         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
2752         (JSC::ModuleSpecifierNode::ModuleSpecifierNode): Deleted.
2753         * parser/Nodes.cpp:
2754         (JSC::FunctionMetadataNode::FunctionMetadataNode):
2755         * parser/Nodes.h:
2756         (JSC::StatementNode::isModuleDeclarationNode):
2757         (JSC::ModuleDeclarationNode::isModuleDeclarationNode):
2758         (JSC::ImportDeclarationNode::moduleName):
2759         (JSC::ExportAllDeclarationNode::moduleName):
2760         (JSC::ExportNamedDeclarationNode::moduleName):
2761         (JSC::ImportDeclarationNode::moduleSpecifier): Deleted.
2762         (JSC::ExportAllDeclarationNode::moduleSpecifier): Deleted.
2763         (JSC::ExportNamedDeclarationNode::moduleSpecifier): Deleted.
2764         * parser/NodesAnalyzeModule.cpp:
2765         (JSC::SourceElements::analyzeModule):
2766         (JSC::ImportDeclarationNode::analyzeModule):
2767         (JSC::ExportAllDeclarationNode::analyzeModule):
2768         (JSC::ExportNamedDeclarationNode::analyzeModule):
2769         * parser/Parser.cpp:
2770         (JSC::Parser<LexerType>::Parser):
2771         (JSC::Parser<LexerType>::parseInner):
2772         (JSC::Parser<LexerType>::parseModuleSourceElements):
2773         (JSC::Parser<LexerType>::parseFunctionBody):
2774         (JSC::stringForFunctionMode):
2775         (JSC::Parser<LexerType>::parseFunctionParameters):
2776         (JSC::Parser<LexerType>::parseFunctionInfo):
2777         (JSC::Parser<LexerType>::parseFunctionDeclaration):
2778         (JSC::Parser<LexerType>::parseClass):
2779         (JSC::Parser<LexerType>::parseModuleName):
2780         (JSC::Parser<LexerType>::parseImportDeclaration):
2781         (JSC::Parser<LexerType>::parseExportDeclaration):
2782         (JSC::Parser<LexerType>::parsePropertyMethod):
2783         (JSC::Parser<LexerType>::parseGetterSetter):
2784         (JSC::Parser<LexerType>::parsePrimaryExpression):
2785         (JSC::Parser<LexerType>::parseArrowFunctionExpression):
2786         (JSC::Parser<LexerType>::parseModuleSpecifier): Deleted.
2787         * parser/Parser.h:
2788         (JSC::Parser<LexerType>::parse):
2789         (JSC::parse):
2790         * parser/ParserModes.h:
2791         (JSC::isFunctionParseMode):
2792         (JSC::isModuleParseMode):
2793         (JSC::isProgramParseMode):
2794         * parser/SyntaxChecker.h:
2795         (JSC::SyntaxChecker::createFunctionMetadata):
2796         (JSC::SyntaxChecker::createModuleName):
2797         (JSC::SyntaxChecker::createImportDeclaration):
2798         (JSC::SyntaxChecker::createExportAllDeclaration):
2799         (JSC::SyntaxChecker::createExportNamedDeclaration):
2800         (JSC::SyntaxChecker::createModuleSpecifier): Deleted.
2801         * runtime/CodeCache.cpp:
2802         (JSC::CodeCache::getGlobalCodeBlock):
2803         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
2804         * runtime/Completion.cpp:
2805         (JSC::checkSyntax):
2806         (JSC::checkModuleSyntax):
2807         * runtime/Executable.cpp:
2808         (JSC::ProgramExecutable::checkSyntax):
2809         * tests/stress/modules-syntax-error-with-names.js:
2810
2811 2015-08-13  Joseph Pecoraro  <pecoraro@apple.com>
2812
2813         Web Inspector: A {Map, WeakMap, Set, WeakSet} object contains itself will hang the console
2814         https://bugs.webkit.org/show_bug.cgi?id=147966
2815
2816         Reviewed by Timothy Hatcher.
2817
2818         * inspector/InjectedScriptSource.js:
2819         (InjectedScript.prototype._initialPreview):
2820         Renamed to initial preview. This is not a complete preview for
2821         this object, and it needs some processing in order to be a
2822         complete accurate preview.
2823
2824         (InjectedScript.RemoteObject.prototype._emptyPreview):
2825         This attempts to be an accurate empty preview for the given object.
2826         For types with entries, it adds an empty entries list and updates
2827         the overflow and lossless properties.
2828
2829         (InjectedScript.RemoteObject.prototype._createObjectPreviewForValue):
2830         Take a generatePreview parameter to generate a full preview or empty preview.
2831
2832         (InjectedScript.RemoteObject.prototype._appendPropertyPreviews):
2833         (InjectedScript.RemoteObject.prototype._appendEntryPreviews):
2834         (InjectedScript.RemoteObject.prototype._isPreviewableObject):
2835         Take care to avoid cycles.
2836
2837 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
2838
2839         Periodic code deletion should delete RegExp code
2840         https://bugs.webkit.org/show_bug.cgi?id=147990
2841
2842         Reviewed by Filip Pizlo.
2843
2844         The RegExp code cache was created for the sake of simple loops that
2845         re-created the same RegExps. It's reasonable to delete it periodically.
2846
2847         * heap/Heap.cpp:
2848         (JSC::Heap::deleteOldCode):
2849
2850 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
2851
2852         RegExpCache::finalize should not delete code
2853         https://bugs.webkit.org/show_bug.cgi?id=147987
2854
2855         Reviewed by Mark Lam.
2856
2857         The RegExp object already knows how to delete its own code in its
2858         destructor. Our job is just to clear our stale pointer.
2859
2860         * runtime/RegExpCache.cpp:
2861         (JSC::RegExpCache::finalize):
2862         (JSC::RegExpCache::addToStrongCache):
2863
2864 2015-08-13  Geoffrey Garen  <ggaren@apple.com>
2865
2866         Standardize on the phrase "delete code"
2867         https://bugs.webkit.org/show_bug.cgi?id=147984
2868
2869         Reviewed by Mark Lam.
2870
2871         Use "delete" when we talk about throwing away code, as opposed to
2872         "invalidate" or "discard".
2873
2874         * debugger/Debugger.cpp:
2875         (JSC::Debugger::forEachCodeBlock):
2876         (JSC::Debugger::setSteppingMode):
2877         (JSC::Debugger::recompileAllJSFunctions):
2878         * heap/Heap.cpp:
2879         (JSC::Heap::deleteAllCompiledCode):
2880         * inspector/agents/InspectorRuntimeAgent.cpp:
2881         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2882         * runtime/RegExp.cpp:
2883         (JSC::RegExp::match):
2884         (JSC::RegExp::deleteCode):
2885         (JSC::RegExp::invalidateCode): Deleted.
2886         * runtime/RegExp.h:
2887         * runtime/RegExpCache.cpp:
2888         (JSC::RegExpCache::finalize):
2889         (JSC::RegExpCache::addToStrongCache):
2890         (JSC::RegExpCache::deleteAllCode):
2891         (JSC::RegExpCache::invalidateCode): Deleted.
2892         * runtime/RegExpCache.h:
2893         * runtime/VM.cpp:
2894         (JSC::VM::stopSampling):
2895         (JSC::VM::prepareToDeleteCode):
2896         (JSC::VM::deleteAllCode):
2897         (JSC::VM::setEnabledProfiler):
2898         (JSC::VM::prepareToDiscardCode): Deleted.
2899         (JSC::VM::discardAllCode): Deleted.
2900         * runtime/VM.h:
2901         (JSC::VM::apiLock):
2902         (JSC::VM::codeCache):
2903         * runtime/Watchdog.cpp:
2904         (JSC::Watchdog::setTimeLimit):
2905
2906 2015-08-13  Yusuke Suzuki  <utatane.tea@gmail.com>
2907
2908         X.[[SetPrototypeOf]](Y) should succeed if X.[[Prototype]] is already Y even if X is not extensible
2909         https://bugs.webkit.org/show_bug.cgi?id=147930
2910
2911         Reviewed by Saam Barati.
2912
2913         When the passed prototype object to be set is the same to the existing
2914         prototype object, [[SetPrototypeOf]] just finishes its operation even
2915         if the extensibility of the target object is `false`.
2916
2917         * runtime/JSGlobalObjectFunctions.cpp:
2918         (JSC::globalFuncProtoSetter):
2919         * runtime/ObjectConstructor.cpp:
2920         (JSC::objectConstructorSetPrototypeOf):
2921         * runtime/ReflectObject.cpp:
2922         (JSC::reflectObjectSetPrototypeOf):
2923         * tests/stress/set-same-prototype.js: Added.
2924         (shouldBe):
2925         (shouldThrow):
2926
2927 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
2928
2929         Removed clearEvalCodeCache()
2930         https://bugs.webkit.org/show_bug.cgi?id=147957
2931
2932         Reviewed by Filip Pizlo.
2933
2934         It was unused.
2935
2936         * bytecode/CodeBlock.cpp:
2937         (JSC::CodeBlock::linkIncomingCall):
2938         (JSC::CodeBlock::install):
2939         (JSC::CodeBlock::clearEvalCache): Deleted.
2940         * bytecode/CodeBlock.h:
2941         (JSC::CodeBlock::numberOfJumpTargets):
2942         (JSC::CodeBlock::jumpTarget):
2943         (JSC::CodeBlock::numberOfArgumentValueProfiles):
2944
2945 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
2946
2947         [ES6] Implement Reflect.defineProperty
2948         https://bugs.webkit.org/show_bug.cgi?id=147943
2949
2950         Reviewed by Saam Barati.
2951
2952         This patch implements Reflect.defineProperty.
2953         The difference from the Object.defineProperty is,
2954
2955         1. Reflect.defineProperty does not perform ToObject operation onto the first argument.
2956         2. Reflect.defineProperty does not throw a TypeError when the [[DefineOwnProperty]] operation fails.
2957         3. Reflect.defineProperty returns the boolean value that represents whether [[DefineOwnProperty]] succeeded.
2958
2959         And this patch comments the links to the ES6 spec.
2960
2961         * builtins/ReflectObject.js:
2962         * runtime/ObjectConstructor.cpp:
2963         (JSC::toPropertyDescriptor):
2964         * runtime/ObjectConstructor.h:
2965         * runtime/ReflectObject.cpp:
2966         (JSC::reflectObjectDefineProperty):
2967         * tests/stress/reflect-define-property.js: Added.
2968         (shouldBe):
2969         (shouldThrow):
2970         (.set getter):
2971         (setter):
2972         (.get testDescriptor):
2973         (.set get var):
2974         (.set testDescriptor):
2975         (.set get testDescriptor):
2976         (.set get shouldThrow):
2977         (.get var):
2978
2979 2015-08-12  Filip Pizlo  <fpizlo@apple.com>
2980
2981         DFG::ByteCodeParser should attempt constant folding on loads from structures that are DFG-watchable
2982         https://bugs.webkit.org/show_bug.cgi?id=147950
2983
2984         Reviewed by Michael Saboff.
2985
2986         Previously we reduced the constant folding power of ByteCodeParser::load() because that code was
2987         responsible for memory corruption, since it would sometimes install watchpoints on structures that
2988         weren't being traced.  It seemed like the safest fix was to remove the constant folding rule
2989         entirely since later phases also do constant folding, and they do it without introducing the bug.
2990         Well, that change (http://trac.webkit.org/changeset/188292) caused a big regression, because we
2991         still have some constant folding rules that only exist in ByteCodeParser, and so ByteCodeParser must
2992         be maximally aggressive in constant-folding whenever possible.
2993
2994         So, this change now brings back that constant folding rule - for loads from object constants that
2995         have DFG-watchable structures - and implements it properly, by ensuring that we only call into
2996         tryGetConstantProperty() if we have registered the structure set.
2997
2998         * dfg/DFGByteCodeParser.cpp:
2999         (JSC::DFG::ByteCodeParser::load):
3000
3001 2015-08-12  Yusuke Suzuki  <utatane.tea@gmail.com>
3002
3003         [ES6] Add ES6 Modules preparsing phase to collect the dependencies
3004         https://bugs.webkit.org/show_bug.cgi?id=147353
3005
3006         Reviewed by Geoffrey Garen.
3007
3008         This patch implements ModuleRecord and ModuleAnalyzer.
3009         ModuleAnalyzer analyzes the produced AST from the parser.
3010         By collaborating with the parser, ModuleAnalyzer collects the information
3011         that is necessary to request the loading for the dependent modules and
3012         construct module's environment and namespace object before executing the actual
3013         module body.
3014
3015         In the parser, we annotate which variable is imported binding and which variable
3016         is exported from the current module. This information is leveraged in the ModuleAnalyzer
3017         to categorize the export entries.
3018
3019         To preparse the modules in the parser, we just add the new flag `ModuleParseMode`
3020         instead of introducing a new TreeContext type. This is because only 2 users use the
3021         parseModuleSourceElements; preparser and actual compiler. Adding the flag is simple
3022         enough to switch the context to the SyntaxChecker when parsing the non-module related
3023         statement in the preparsing phase.
3024
3025         To demonstrate the module analyzer, we added the new option dumpModuleRecord option
3026         into the JSC shell. By specifying this, the result of analysis is dumped when the module
3027         is parsed and analyzed.
3028
3029         * CMakeLists.txt:
3030         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3031         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3032         * JavaScriptCore.xcodeproj/project.pbxproj:
3033         * builtins/BuiltinNames.h:
3034         * parser/ASTBuilder.h:
3035         (JSC::ASTBuilder::createExportDefaultDeclaration):
3036         * parser/ModuleAnalyzer.cpp: Added.
3037         (JSC::ModuleAnalyzer::ModuleAnalyzer):
3038         (JSC::ModuleAnalyzer::exportedBinding):
3039         (JSC::ModuleAnalyzer::declareExportAlias):
3040         (JSC::ModuleAnalyzer::exportVariable):
3041         (JSC::ModuleAnalyzer::analyze):
3042         * parser/ModuleAnalyzer.h: Added.
3043         (JSC::ModuleAnalyzer::vm):
3044         (JSC::ModuleAnalyzer::moduleRecord):
3045         * parser/ModuleRecord.cpp: Added.
3046         (JSC::printableName):
3047         (JSC::ModuleRecord::dump):
3048         * parser/ModuleRecord.h: Added.
3049         (JSC::ModuleRecord::ImportEntry::isNamespace):
3050         (JSC::ModuleRecord::create):
3051         (JSC::ModuleRecord::appendRequestedModule):
3052         (JSC::ModuleRecord::addImportEntry):
3053         (JSC::ModuleRecord::addExportEntry):
3054         (JSC::ModuleRecord::addStarExportEntry):
3055         * parser/NodeConstructors.h:
3056         (JSC::ModuleDeclarationNode::ModuleDeclarationNode):
3057         (JSC::ImportDeclarationNode::ImportDeclarationNode):
3058         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
3059         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
3060         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
3061         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
3062         * parser/Nodes.h:
3063         (JSC::ExportDefaultDeclarationNode::localName):
3064         * parser/NodesAnalyzeModule.cpp: Added.
3065         (JSC::ScopeNode::analyzeModule):
3066         (JSC::SourceElements::analyzeModule):
3067         (JSC::ImportDeclarationNode::analyzeModule):
3068         (JSC::ExportAllDeclarationNode::analyzeModule):
3069         (JSC::ExportDefaultDeclarationNode::analyzeModule):
3070         (JSC::ExportLocalDeclarationNode::analyzeModule):
3071         (JSC::ExportNamedDeclarationNode::analyzeModule):
3072         * parser/Parser.cpp:
3073         (JSC::Parser<LexerType>::parseInner):
3074         (JSC::Parser<LexerType>::parseModuleSourceElements):
3075         (JSC::Parser<LexerType>::parseVariableDeclarationList):
3076         (JSC::Parser<LexerType>::createBindingPattern):
3077         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3078         (JSC::Parser<LexerType>::parseClassDeclaration):
3079         (JSC::Parser<LexerType>::parseImportClauseItem):
3080         (JSC::Parser<LexerType>::parseExportSpecifier):
3081         (JSC::Parser<LexerType>::parseExportDeclaration):
3082         * parser/Parser.h:
3083         (JSC::Scope::lexicalVariables):
3084         (JSC::Scope::declareLexicalVariable):
3085         (JSC::Parser::declareVariable):
3086         (JSC::Parser::exportName):
3087         (JSC::Parser<LexerType>::parse):
3088         (JSC::parse):
3089         * parser/ParserModes.h:
3090         * parser/SyntaxChecker.h:
3091         (JSC::SyntaxChecker::createExportDefaultDeclaration):
3092         * parser/VariableEnvironment.cpp:
3093         (JSC::VariableEnvironment::markVariableAsImported):
3094         (JSC::VariableEnvironment::markVariableAsExported):
3095         * parser/VariableEnvironment.h:
3096         (JSC::VariableEnvironmentEntry::isExported):
3097         (JSC::VariableEnvironmentEntry::isImported):
3098         (JSC::VariableEnvironmentEntry::setIsExported):
3099         (JSC::VariableEnvironmentEntry::setIsImported):
3100         * runtime/CommonIdentifiers.h:
3101         * runtime/Completion.cpp:
3102         (JSC::checkModuleSyntax):
3103         * runtime/Options.h:
3104
3105 2015-08-12  Geoffrey Garen  <ggaren@apple.com>
3106
3107         Re-land r188339, since Alex fixed it in r188341 by landing the WebCore half.
3108
3109         * jit/ExecutableAllocator.h:
3110         * jsc.cpp:
3111         (GlobalObject::finishCreation):
3112         (functionAddressOf):
3113         (functionVersion):
3114         (functionReleaseExecutableMemory): Deleted.
3115         * runtime/VM.cpp:
3116         (JSC::StackPreservingRecompiler::operator()):
3117         (JSC::VM::throwException):
3118         (JSC::VM::updateFTLLargestStackSize):
3119         (JSC::VM::gatherConservativeRoots):
3120         (JSC::VM::releaseExecutableMemory): Deleted.
3121         (JSC::releaseExecutableMemory): Deleted.
3122         * runtime/VM.h:
3123         (JSC::VM::isCollectorBusy):
3124         * runtime/Watchdog.cpp:
3125         (JSC::Watchdog::setTimeLimit):
3126
3127 2015-08-12  Jon Honeycutt  <jhoneycutt@apple.com>
3128
3129         Roll out r188339, which broke the build.
3130
3131         Unreviewed.
3132
3133         * jit/ExecutableAllocator.h:
3134         * jsc.cpp:
3135         (GlobalObject::finishCreation):
3136         (functionReleaseExecutableMemory):
3137         * runtime/VM.cpp:
3138         (JSC::StackPreservingRecompiler::visit):
3139         (JSC::StackPreservingRecompiler::operator()):
3140         (JSC::VM::releaseExecutableMemory):
3141         (JSC::releaseExecutableMemory):
3142         * runtime/VM.h:
3143         * runtime/Watchdog.cpp:
3144         (JSC::Watchdog::setTimeLimit):
3145
3146 2015-08-12  Alex Christensen  <achristensen@webkit.org>
3147
3148         Fix Debug CMake builds on Windows
3149         https://bugs.webkit.org/show_bug.cgi?id=147940
3150
3151         Reviewed by Chris Dumez.
3152
3153         * PlatformWin.cmake:
3154         Copy the plist to the JavaScriptCore.resources directory.
3155
3156 2015-08-11  Geoffrey Garen  <ggaren@apple.com>
3157
3158         Remove VM::releaseExecutableMemory
3159         https://bugs.webkit.org/show_bug.cgi?id=147915
3160
3161         Reviewed by Saam Barati.
3162
3163         releaseExecutableMemory() was only used in one place, where discardAllCode()
3164         would work just as well.
3165
3166         It's confusing to have two slightly different ways to discard code. Also,
3167         releaseExecutableMemory() is unused in any production code, and it seems
3168         to have bit-rotted.
3169
3170         * jit/ExecutableAllocator.h:
3171         * jsc.cpp:
3172         (GlobalObject::finishCreation):
3173         (functionAddressOf):
3174         (functionVersion):
3175         (functionReleaseExecutableMemory): Deleted.
3176         * runtime/VM.cpp:
3177         (JSC::StackPreservingRecompiler::operator()):
3178         (JSC::VM::throwException):
3179         (JSC::VM::updateFTLLargestStackSize):
3180         (JSC::VM::gatherConservativeRoots):
3181         (JSC::VM::releaseExecutableMemory): Deleted.
3182         (JSC::releaseExecutableMemory): Deleted.
3183         * runtime/VM.h:
3184         (JSC::VM::isCollectorBusy):
3185         * runtime/Watchdog.cpp:
3186         (JSC::Watchdog::setTimeLimit):
3187
3188 2015-08-12  Mark Lam  <mark.lam@apple.com>
3189
3190         Add a JSC option to enable the watchdog for testing.
3191         https://bugs.webkit.org/show_bug.cgi?id=147939
3192
3193         Reviewed by Michael Saboff.
3194
3195         * API/JSContextRef.cpp:
3196         (JSContextGroupSetExecutionTimeLimit):
3197         (createWatchdogIfNeeded): Deleted.
3198         * runtime/Options.h:
3199         * runtime/VM.cpp:
3200         (JSC::VM::VM):
3201         (JSC::VM::~VM):
3202         (JSC::VM::sharedInstanceInternal):
3203         (JSC::VM::ensureWatchdog):
3204         (JSC::thunkGeneratorForIntrinsic):
3205         * runtime/VM.h:
3206
3207 2015-08-11  Mark Lam  <mark.lam@apple.com>
3208
3209         Implementation JavaScript watchdog using WTF::WorkQueue.
3210         https://bugs.webkit.org/show_bug.cgi?id=147107
3211
3212         Reviewed by Geoffrey Garen.
3213
3214         How the Watchdog works?
3215         ======================
3216
3217         1. When do we start the Watchdog?
3218            =============================
3219            The watchdog should only be started if both the following conditions are true:
3220            1. A time limit has been set.
3221            2. We have entered the VM.
3222  
3223         2. CPU time vs Wall Clock time
3224            ===========================
3225            Why do we need 2 time deadlines: m_cpuDeadline and m_wallClockDeadline?
3226
3227            The watchdog uses WorkQueue dispatchAfter() to queue a timer to measure the watchdog time
3228            limit. WorkQueue timers measure time in monotonic wall clock time. m_wallClockDeadline
3229            indicates the wall clock time point when the WorkQueue timer is expected to fire.
3230
3231            The time limit for which we allow JS code to run should be measured in CPU time, which can
3232            differ from wall clock time.  m_cpuDeadline indicates the CPU time point when the watchdog
3233            should fire.
3234
3235            Note: the timer firing is not the same thing as the watchdog firing.  When the timer fires,
3236            we need to check if m_cpuDeadline has been reached.
3237
3238            If m_cpuDeadline has been reached, the watchdog is considered to have fired.
3239
3240            If not, then we have a remaining amount of CPU time, Tremainder, that we should allow JS
3241            code to continue to run for.  Hence, we need to start a new timer to fire again after
3242            Tremainder microseconds.
3243     
3244            See Watchdog::didFireSlow().
3245
3246         3. Spurious wake ups
3247            =================
3248            Because the WorkQueue timer cannot be cancelled, the watchdog needs to ignore stale timers.
3249            It does this by checking the m_wallClockDeadline.  A wakeup that occurs right after
3250            m_wallClockDeadline expires is considered to be the wakeup for the active timer.  All other
3251            wake ups are considered to be spurious and will be ignored.
3252  
3253            See Watchdog::didFireSlow().
3254  
3255         4. Minimizing Timer creation cost
3256            ==============================
3257            Conceptually, we could start a new timer every time we start the watchdog. But we can do better
3258            than this.
3259  
3260            In practice, the time limit of a watchdog tends to be long, and the amount of time a watchdog
3261            stays active tends to be short for well-behaved JS code. The user also tends to re-use the same
3262            time limit. Consider the following example:
3263  
3264                |---|-----|---|----------------|---------|
3265                t0  t1    t2  t3            t0 + L    t2 + L 
3266
3267                |<--- T1 --------------------->|
3268                          |<--- T2 --------------------->|
3269                |<-- Td ->|                    |<-- Td ->|
3270
3271            1. The user initializes the watchdog with time limit L.
3272            2. At t0, we enter the VM to execute JS code, and starts the watchdog timer, T1.
3273               The timer is set to expire at t0 + L.
3274            3. At t1, we exit the VM.
3275            4. At t2, we enter the VM again, and would like to start a new watchdog timer, T2.
3276          
3277               However, we can note that the expiration time for T2 would be after the expiration time
3278               of T1. Specifically, T2 would have expired at Td after T1 expires.
3279          
3280               Hence, we can just wait for T1 to expire, and then start a new timer T2' at time t0 + L
3281               for a period or Td instead.
3282
3283            Note that didFireSlow() already compensates for time differences between wall clock and CPU time,
3284            as well as handle spurious wake ups (see note 2 and 3 above).  As a result, didFireSlow() will
3285            automatically take care of starting a new timer for the difference Td in the example above.
3286            Instead of starting the new timer T2 and time t2, we just verify that if the active timer, T1's
3287            expiration is less than T2s, then we are already covered by T1 and there's no need to start T2.
3288
3289            The benefit:
3290
3291            1. we minimize the number of timer instances we have queued in the workqueue at the same time
3292               (ideally only 1 or 0), and use less peak memory usage.
3293
3294            2. we minimize the frequency of instantiating timer instances. By waiting for the current
3295               active timer to expire first, on average, we get to start one timer per time limit
3296               (which is infrequent because time limits tend to be long) instead of one timer per
3297               VM entry (which tends to be frequent).
3298
3299            See Watchdog::startTimer().
3300
3301         * API/JSContextRef.cpp:
3302         (createWatchdogIfNeeded):
3303         (JSContextGroupClearExecutionTimeLimit):
3304         - No need to create the watchdog (if not already created) just to clear it.
3305           If the watchdog is not created yet, then it is effectively cleared.
3306
3307         * API/tests/ExecutionTimeLimitTest.cpp:
3308         (currentCPUTimeAsJSFunctionCallback):
3309         (testExecutionTimeLimit):
3310         (currentCPUTime): Deleted.
3311         * API/tests/testapi.c:
3312         (main):
3313         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj:
3314         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters:
3315         - Enable watchdog tests for all platforms.
3316
3317         * CMakeLists.txt:
3318         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3319         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3320         * JavaScriptCore.xcodeproj/project.pbxproj:
3321         - Remove now unneeded WatchdogMac.cpp and WatchdogNone.cpp.
3322
3323         * PlatformEfl.cmake:
3324
3325         * dfg/DFGByteCodeParser.cpp:
3326         (JSC::DFG::ByteCodeParser::parseBlock):
3327         * dfg/DFGSpeculativeJIT32_64.cpp:
3328         * dfg/DFGSpeculativeJIT64.cpp:
3329         * interpreter/Interpreter.cpp:
3330         (JSC::Interpreter::execute):
3331         (JSC::Interpreter::executeCall):
3332         (JSC::Interpreter::executeConstruct):
3333         * jit/JITOpcodes.cpp:
3334         (JSC::JIT::emit_op_loop_hint):
3335         (JSC::JIT::emitSlow_op_loop_hint):
3336         * jit/JITOperations.cpp:
3337         * llint/LLIntOffsetsExtractor.cpp:
3338         * llint/LLIntSlowPaths.cpp:
3339         * runtime/VM.cpp:
3340         - #include Watchdog.h in these files directly instead of doing it via VM.h.
3341           These saves us from having to recompile the world when we change Watchdog.h.
3342
3343         * runtime/VM.h:
3344         - See comment in Watchdog::startTimer() below for why the Watchdog needs to be
3345           thread-safe ref counted.
3346
3347         * runtime/VMEntryScope.cpp:
3348         (JSC::VMEntryScope::VMEntryScope):
3349         (JSC::VMEntryScope::~VMEntryScope):
3350         - We have done away with the WatchdogScope and arming/disarming of the watchdog.
3351           Instead, the VMEntryScope will inform the watchdog of when we have entered and
3352           exited the VM.
3353
3354         * runtime/Watchdog.cpp:
3355         (JSC::currentWallClockTime):
3356         (JSC::Watchdog::Watchdog):
3357         (JSC::Watchdog::hasStartedTimer):
3358         (JSC::Watchdog::setTimeLimit):
3359         (JSC::Watchdog::didFireSlow):
3360         (JSC::Watchdog::hasTimeLimit):
3361         (JSC::Watchdog::fire):
3362         (JSC::Watchdog::enteredVM):
3363         (JSC::Watchdog::exitedVM):
3364