Web Inspector: Expanding event objects in console shows undefined for most values...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
2
3         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
4         https://bugs.webkit.org/show_bug.cgi?id=137306
5
6         Reviewed by Timothy Hatcher.
7
8         Provide another optional parameter to getProperties, to gather a list
9         of all own and getter properties.
10
11         * inspector/InjectedScript.cpp:
12         (Inspector::InjectedScript::getProperties):
13         * inspector/InjectedScript.h:
14         * inspector/InjectedScriptSource.js:
15         * inspector/agents/InspectorRuntimeAgent.cpp:
16         (Inspector::InspectorRuntimeAgent::getProperties):
17         * inspector/agents/InspectorRuntimeAgent.h:
18         * inspector/protocol/Runtime.json:
19
20 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
21
22         Web Inspector: Should show dynamic specificity values
23         https://bugs.webkit.org/show_bug.cgi?id=140647
24
25         Reviewed by Benjamin Poulain.
26
27         * inspector/protocol/CSS.json:
28         Clarify CSSSelector optional values and add "dynamic" property indicating
29         if the selector can be dynamic based on the element it is matched against.
30
31 2015-01-20  Commit Queue  <commit-queue@webkit.org>
32
33         Unreviewed, rolling out r178751.
34         https://bugs.webkit.org/show_bug.cgi?id=140694
35
36         Caused 32-bit JSC test failures (Requested by JoePeck on
37         #webkit).
38
39         Reverted changeset:
40
41         "put_by_val_direct need to check the property is index or not
42         for using putDirect / putDirectIndex"
43         https://bugs.webkit.org/show_bug.cgi?id=140426
44         http://trac.webkit.org/changeset/178751
45
46 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
47
48         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
49         https://bugs.webkit.org/show_bug.cgi?id=140426
50
51         Reviewed by Geoffrey Garen.
52
53         In the put_by_val_direct operation, we use JSObject::putDirect.
54         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
55         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
56         It forces callers to check the value is index or not explicitly.
57         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
58
59         * bytecode/GetByIdStatus.cpp:
60         (JSC::GetByIdStatus::computeFor):
61         * bytecode/PutByIdStatus.cpp:
62         (JSC::PutByIdStatus::computeFor):
63         * bytecompiler/BytecodeGenerator.cpp:
64         (JSC::BytecodeGenerator::emitDirectPutById):
65         * dfg/DFGOperations.cpp:
66         (JSC::DFG::operationPutByValInternal):
67         * jit/JITOperations.cpp:
68         * jit/Repatch.cpp:
69         (JSC::emitPutTransitionStubAndGetOldStructure):
70         * jsc.cpp:
71         * llint/LLIntSlowPaths.cpp:
72         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
73         * runtime/Arguments.cpp:
74         (JSC::Arguments::getOwnPropertySlot):
75         (JSC::Arguments::put):
76         (JSC::Arguments::deleteProperty):
77         (JSC::Arguments::defineOwnProperty):
78         * runtime/ArrayPrototype.cpp:
79         (JSC::arrayProtoFuncSort):
80         * runtime/JSArray.cpp:
81         (JSC::JSArray::defineOwnProperty):
82         * runtime/JSCJSValue.cpp:
83         (JSC::JSValue::putToPrimitive):
84         * runtime/JSGenericTypedArrayViewInlines.h:
85         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
86         (JSC::JSGenericTypedArrayView<Adaptor>::put):
87         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
88         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
89         * runtime/JSObject.cpp:
90         (JSC::JSObject::put):
91         (JSC::JSObject::putDirectAccessor):
92         (JSC::JSObject::putDirectCustomAccessor):
93         (JSC::JSObject::deleteProperty):
94         (JSC::JSObject::putDirectMayBeIndex):
95         (JSC::JSObject::defineOwnProperty):
96         * runtime/JSObject.h:
97         (JSC::JSObject::getOwnPropertySlot):
98         (JSC::JSObject::getPropertySlot):
99         (JSC::JSObject::putDirectInternal):
100         * runtime/JSString.cpp:
101         (JSC::JSString::getStringPropertyDescriptor):
102         * runtime/JSString.h:
103         (JSC::JSString::getStringPropertySlot):
104         * runtime/LiteralParser.cpp:
105         (JSC::LiteralParser<CharType>::parse):
106         * runtime/PropertyName.h:
107         (JSC::toUInt32FromCharacters):
108         (JSC::toUInt32FromStringImpl):
109         (JSC::PropertyName::asIndex):
110         * runtime/PropertyNameArray.cpp:
111         (JSC::PropertyNameArray::add):
112         * runtime/StringObject.cpp:
113         (JSC::StringObject::deleteProperty):
114         * runtime/Structure.cpp:
115         (JSC::Structure::prototypeChainMayInterceptStoreTo):
116
117 2015-01-20  Michael Saboff  <msaboff@apple.com>
118
119         REGRESSION(178696): Sporadic crashes while garbage collecting
120         https://bugs.webkit.org/show_bug.cgi?id=140688
121
122         Reviewed by Geoffrey Garen.
123
124         Added missing visitor.append(&thisObject->m_nullSetterFunction).
125
126         * runtime/JSGlobalObject.cpp:
127         (JSC::JSGlobalObject::visitChildren):
128
129 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
130
131         Web Replay: code generator should take supplemental specifications and allow cross-framework references
132         https://bugs.webkit.org/show_bug.cgi?id=136312
133
134         Reviewed by Joseph Pecoraro.
135
136         Some types are shared between replay inputs from different frameworks.
137         Previously, these type declarations were duplicated in every input
138         specification file in which they were used. This caused some type encoding
139         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
140
141         This patch teaches the replay inputs code generator to accept multiple
142         input specification files. Inputs can freely reference types from other
143         frameworks without duplicating declarations.
144
145         On the code generation side, the model could contain types and inputs from
146         frameworks that are not the target framework. Only generate code for the
147         target framework.
148
149         To properly generate cross-framework type encoding traits, use
150         Type.encoding_type_argument in more places, and add the export macro for WebCore
151         and the Test framework.
152
153         Adjust some tests so that enum coverage is preserved by moving the enum types
154         into "Test" (the target framework for tests).
155
156         * JavaScriptCore.vcxproj/copy-files.cmd:
157         For Windows, copy over JSInputs.json as if it were a private header.
158
159         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
160         * replay/JSInputs.json:
161         Put all primitive types and WTF types in this specification file.
162
163         * replay/scripts/CodeGeneratorReplayInputs.py:
164         (Input.__init__):
165         (InputsModel.__init__): Keep track of the input's framework.
166         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
167         and allow either types or inputs to be missing from a single file.
168
169         (InputsModel.parse_type_with_framework):
170         (InputsModel.parse_input_with_framework):
171         (Generator.should_generate_item): Added helper method.
172         (Generator.generate_header): Filter inputs to generate.
173         (Generator.generate_implementation): Filter inputs to generate.
174         (Generator.generate_enum_trait_declaration): Filter enums to generate.
175         Add WEBCORE_EXPORT macro to enum encoding traits.
176
177         (Generator.generate_for_each_macro): Filter inputs to generate.
178         (Generator.generate_enum_trait_implementation): Filter enums to generate.
179         (generate_from_specifications): Added.
180         (generate_from_specifications.parse_json_from_file):
181         (InputsModel.parse_toplevel): Deleted.
182         (InputsModel.parse_type_with_framework_name): Deleted.
183         (InputsModel.parse_input): Deleted.
184         (generate_from_specification): Deleted.
185         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
186         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
187         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
188         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
189         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
190         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
191         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
192         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
193         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
194         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
195         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
196         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
197         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
198         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
199         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
200         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
201         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
202         * replay/scripts/tests/fail-on-duplicate-input-names.json:
203         * replay/scripts/tests/fail-on-duplicate-type-names.json:
204         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
205         * replay/scripts/tests/fail-on-missing-input-member-name.json:
206         * replay/scripts/tests/fail-on-missing-input-name.json:
207         * replay/scripts/tests/fail-on-missing-input-queue.json:
208         * replay/scripts/tests/fail-on-missing-type-mode.json:
209         * replay/scripts/tests/fail-on-missing-type-name.json:
210         * replay/scripts/tests/fail-on-no-inputs.json:
211         Removed, no longer required to be in a single file.
212
213         * replay/scripts/tests/fail-on-no-types.json:
214         Removed, no longer required to be in a single file.
215
216         * replay/scripts/tests/fail-on-unknown-input-queue.json:
217         * replay/scripts/tests/fail-on-unknown-member-type.json:
218         * replay/scripts/tests/fail-on-unknown-type-mode.json:
219         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
220         * replay/scripts/tests/generate-enum-encoding-helpers.json:
221         * replay/scripts/tests/generate-enum-with-guard.json:
222         Include enums that are and are not generated.
223
224         * replay/scripts/tests/generate-enums-with-same-base-name.json:
225         * replay/scripts/tests/generate-event-loop-shape-types.json:
226         * replay/scripts/tests/generate-input-with-guard.json:
227         * replay/scripts/tests/generate-input-with-vector-members.json:
228         * replay/scripts/tests/generate-inputs-with-flags.json:
229         * replay/scripts/tests/generate-memoized-type-modes.json:
230
231 2015-01-20  Tomas Popela  <tpopela@redhat.com>
232
233         [GTK] Cannot compile 2.7.3 on PowerPC machines
234         https://bugs.webkit.org/show_bug.cgi?id=140616
235
236         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
237
238         Reviewed by Csaba Osztrogonác.
239
240         * runtime/BasicBlockLocation.cpp:
241
242 2015-01-19  Michael Saboff  <msaboff@apple.com>
243
244         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
245         https://bugs.webkit.org/show_bug.cgi?id=139418
246
247         Reviewed by Filip Pizlo.
248
249         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
250         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
251
252         * CMakeLists.txt:
253         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
254         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
255         * JavaScriptCore.xcodeproj/project.pbxproj:
256         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
257
258         * runtime/GetterSetter.h:
259         (JSC::GetterSetter::GetterSetter):
260         (JSC::GetterSetter::isSetterNull):
261         (JSC::GetterSetter::setSetter):
262         Change setter instances from using NullGetterFunction to using NullSetterFunction.
263
264         * runtime/JSGlobalObject.cpp:
265         (JSC::JSGlobalObject::init):
266         * runtime/JSGlobalObject.h:
267         (JSC::JSGlobalObject::nullSetterFunction):
268         Added m_nullSetterFunction and accessor.
269
270         * runtime/NullSetterFunction.cpp: Added.
271         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
272         (JSC::GetCallerStrictnessFunctor::operator()):
273         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
274         (JSC::callerIsStrict):
275         Method to determine if the caller is in strict mode.
276
277         (JSC::callReturnUndefined):
278         (JSC::constructReturnUndefined):
279         (JSC::NullSetterFunction::getCallData):
280         (JSC::NullSetterFunction::getConstructData):
281         * runtime/NullSetterFunction.h: Added.
282         (JSC::NullSetterFunction::create):
283         (JSC::NullSetterFunction::createStructure):
284         (JSC::NullSetterFunction::NullSetterFunction):
285         Class with handlers for a null setter.
286
287 2015-01-19  Saam Barati  <saambarati1@gmail.com>
288
289         Web Inspector: Provide a front end for JSC's Control Flow Profiler
290         https://bugs.webkit.org/show_bug.cgi?id=138454
291
292         Reviewed by Timothy Hatcher.
293
294         This patch puts the final touches on what JSC needs to provide
295         for the Web Inspector to show a UI for the control flow profiler.
296
297         * inspector/agents/InspectorRuntimeAgent.cpp:
298         (Inspector::recompileAllJSFunctionsForTypeProfiling):
299         * runtime/ControlFlowProfiler.cpp:
300         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
301         * runtime/FunctionHasExecutedCache.cpp:
302         (JSC::FunctionHasExecutedCache::getFunctionRanges):
303         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
304         * runtime/FunctionHasExecutedCache.h:
305
306 2015-01-19  David Kilzer  <ddkilzer@apple.com>
307
308         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
309         <http://webkit.org/b/140658>
310
311         Reviewed by Filip Pizlo.
312
313         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
314         only when building for 64-bit architectures.
315
316 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
317
318         ClosureCallStubRoutine no longer needs codeOrigin
319         https://bugs.webkit.org/show_bug.cgi?id=140659
320
321         Reviewed by Michael Saboff.
322         
323         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
324         would start with the CodeBlock according to the caller frame's call frame header. But if the
325         call was a closure call, the return PC would be inside some closure call stub. So if the
326         CodeBlock search failed, we would search *all* closure call stub routines to see which one
327         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
328         object. This was all a bunch of madness, and we actually got rid of it - we now determine
329         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
330         argument count.
331         
332         This patch removes the final vestiges of the madness:
333         
334         - Remove the totally unused method declaration for the thing that did the closure call stub
335           search.
336         
337         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
338           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
339           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
340           anymore.
341
342         * bytecode/CodeBlock.h:
343         * jit/ClosureCallStubRoutine.cpp:
344         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
345         * jit/ClosureCallStubRoutine.h:
346         (JSC::ClosureCallStubRoutine::executable):
347         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
348         * jit/Repatch.cpp:
349         (JSC::linkClosureCall):
350
351 2015-01-19  Saam Barati  <saambarati1@gmail.com>
352
353         Basic block start offsets should never be larger than end offsets in the control flow profiler
354         https://bugs.webkit.org/show_bug.cgi?id=140377
355
356         Reviewed by Filip Pizlo.
357
358         The bytecode generator will emit code more than once for some AST nodes. For instance, 
359         the finally block of TryNode will emit two code paths for its finally block: one for 
360         the normal path, and another for the path where an exception is thrown in the catch block. 
361         
362         This repeated code emission of the same AST node previously broke how the control 
363         flow profiler computed text ranges of basic blocks because when the same AST node 
364         is emitted multiple times, there is a good chance that there are ranges that span 
365         from the end offset of one of these duplicated nodes back to the start offset of 
366         the same duplicated node. This caused a basic block range to report a larger start 
367         offset than end offset. This was incorrect. Now, when this situation is encountered 
368         while linking a CodeBlock, the faulty range in question is ignored.
369
370         * bytecode/CodeBlock.cpp:
371         (JSC::CodeBlock::CodeBlock):
372         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
373         * bytecode/CodeBlock.h:
374         * bytecompiler/NodesCodegen.cpp:
375         (JSC::ForInNode::emitMultiLoopBytecode):
376         (JSC::ForOfNode::emitBytecode):
377         (JSC::TryNode::emitBytecode):
378         * parser/Parser.cpp:
379         (JSC::Parser<LexerType>::parseConditionalExpression):
380         * runtime/ControlFlowProfiler.cpp:
381         (JSC::ControlFlowProfiler::ControlFlowProfiler):
382         * runtime/ControlFlowProfiler.h:
383         (JSC::ControlFlowProfiler::dummyBasicBlock):
384
385 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
386
387         [SVG -> OTF Converter] Flip the switch on
388         https://bugs.webkit.org/show_bug.cgi?id=140592
389
390         Reviewed by Antti Koivisto.
391
392         * Configurations/FeatureDefines.xcconfig:
393
394 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
395
396         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
397         https://bugs.webkit.org/show_bug.cgi?id=140512
398
399         Reviewed by Chris Dumez.
400
401         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
402         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
403         input types, and the type traits macro is defined in namespace WTF.
404
405         * replay/NondeterministicInput.h: Make overridden methods public.
406         * replay/scripts/CodeGeneratorReplayInputs.py:
407         (Generator.generate_header):
408         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
409         (Generator.generate_input_type_trait_declaration): Added.
410         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
411         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
412         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
413         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
414         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
415         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
416         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
417         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
418         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
419
420 2015-01-19  Commit Queue  <commit-queue@webkit.org>
421
422         Unreviewed, rolling out r178653.
423         https://bugs.webkit.org/show_bug.cgi?id=140634
424
425         Broke multiple SVG tests on Mountain Lion (Requested by ap on
426         #webkit).
427
428         Reverted changeset:
429
430         "[SVG -> OTF Converter] Flip the switch on"
431         https://bugs.webkit.org/show_bug.cgi?id=140592
432         http://trac.webkit.org/changeset/178653
433
434 2015-01-18  Dean Jackson  <dino@apple.com>
435
436         ES6: Support Array.of construction
437         https://bugs.webkit.org/show_bug.cgi?id=140605
438         <rdar://problem/19513655>
439
440         Reviewed by Geoffrey Garen.
441
442         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
443         specification (15 Jan 2015). The Array.of() method creates a new Array
444         instance with a variable number of arguments, regardless of number or type
445         of the arguments.
446
447         * runtime/ArrayConstructor.cpp:
448         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
449         over the arguments, setting them to the appropriate index.
450
451 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
452
453         [SVG -> OTF Converter] Flip the switch on
454         https://bugs.webkit.org/show_bug.cgi?id=140592
455
456         Reviewed by Antti Koivisto.
457
458         * Configurations/FeatureDefines.xcconfig:
459
460 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
461
462         Web Inspector: highlight data for overlay should use protocol type builders
463         https://bugs.webkit.org/show_bug.cgi?id=129441
464
465         Reviewed by Timothy Hatcher.
466
467         Add a new domain for overlay types.
468
469         * CMakeLists.txt:
470         * DerivedSources.make:
471         * inspector/protocol/OverlayTypes.json: Added.
472
473 2015-01-17  Michael Saboff  <msaboff@apple.com>
474
475         Crash in JSScope::resolve() on tools.ups.com
476         https://bugs.webkit.org/show_bug.cgi?id=140579
477
478         Reviewed by Geoffrey Garen.
479
480         For op_resolve_scope of a global property or variable that needs to check for the var
481         injection check watchpoint, we need to keep the scope around with a Phantom.  The
482         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
483         fired.
484
485         * dfg/DFGByteCodeParser.cpp:
486         (JSC::DFG::ByteCodeParser::parseBlock):
487
488 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
489
490         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
491         https://bugs.webkit.org/show_bug.cgi?id=140557
492
493         Reviewed by Joseph Pecoraro.
494
495         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
496         This makes it longwinded and confusing to use the type in C++ code.
497
498         This patch adds a typedef for array type declarations, so types such as Console::CallStack
499         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
500
501         Some tests were updated to cover array type declarations used as parameters and type members.
502
503         * inspector/ScriptCallStack.cpp: Use the new typedef.
504         (Inspector::ScriptCallStack::buildInspectorArray):
505         * inspector/ScriptCallStack.h:
506         * inspector/scripts/codegen/cpp_generator.py:
507         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
508         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
509         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
510         (_generate_typedefs_for_domain.Inspector):
511         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
512         (ArrayType.__init__):
513         (Protocol.resolve_types):
514         (Protocol.lookup_type_reference):
515         * inspector/scripts/tests/commands-with-async-attribute.json:
516         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
517         * inspector/scripts/tests/events-with-optional-parameters.json:
518         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
519         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
520         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
521         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
522         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
523         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
524         * inspector/scripts/tests/type-declaration-object-type.json:
525
526 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
527
528         Web Replay: purge remaining PassRefPtr uses and minor cleanup
529         https://bugs.webkit.org/show_bug.cgi?id=140456
530
531         Reviewed by Andreas Kling.
532
533         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
534         Remove mistaken uses of AtomicString that were not removed as part of r174113.
535
536         * replay/EmptyInputCursor.h:
537         * replay/InputCursor.h:
538         (JSC::InputCursor::InputCursor):
539
540 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
541
542         Web Inspector: code generator should fail on duplicate parameter and member names
543         https://bugs.webkit.org/show_bug.cgi?id=140555
544
545         Reviewed by Timothy Hatcher.
546
547         * inspector/scripts/codegen/models.py:
548         (find_duplicates): Add a helper function to find duplicates in a list.
549         (Protocol.parse_type_declaration):
550         (Protocol.parse_command):
551         (Protocol.parse_event):
552         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
553         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
554         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
555         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
556         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
557         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
558         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
559         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
560
561 2015-01-16  Michael Saboff  <msaboff@apple.com>
562
563         REGRESSION (r174226): Header on huffingtonpost.com is too large
564         https://bugs.webkit.org/show_bug.cgi?id=140306
565
566         Reviewed by Filip Pizlo.
567
568         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
569         arguments register or whether we need to resolve "arguments".  If the arguments have
570         been captured, then they are stored in the lexical environment and the arguments
571         register is not used.
572
573         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
574         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
575         better indicate what we are checking.
576
577         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
578         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
579         incorrectly calculated the location of the reified callee frame.  This alignment resulted
580         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
581
582         * bytecompiler/BytecodeGenerator.cpp:
583         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
584         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
585         (JSC::BytecodeGenerator::emitCall):
586         (JSC::BytecodeGenerator::emitConstruct):
587         (JSC::BytecodeGenerator::emitEnumeration):
588         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
589         * bytecompiler/BytecodeGenerator.h:
590         * bytecompiler/NodesCodegen.cpp:
591         (JSC::BracketAccessorNode::emitBytecode):
592         (JSC::DotAccessorNode::emitBytecode):
593         (JSC::getArgumentByVal):
594         (JSC::ApplyFunctionCallDotNode::emitBytecode):
595         (JSC::ArrayPatternNode::emitDirectBinding):
596         * dfg/DFGOSRExitCompilerCommon.cpp:
597         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
598         * dfg/DFGOperations.cpp:
599         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
600         * dfg/DFGOperations.h:
601         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
602
603 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
604
605         Remove ENABLE(SQL_DATABASE) guards
606         https://bugs.webkit.org/show_bug.cgi?id=140434
607
608         Reviewed by Darin Adler.
609
610         * CMakeLists.txt:
611         * Configurations/FeatureDefines.xcconfig:
612         * DerivedSources.make:
613         * inspector/protocol/Database.json:
614
615 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
616
617         Web Inspector and regular console use different source code locations for messages
618         https://bugs.webkit.org/show_bug.cgi?id=140478
619
620         Reviewed by Brian Burg.
621
622         * inspector/ConsoleMessage.h: Expose computed source location.
623
624         * inspector/agents/InspectorConsoleAgent.cpp:
625         (Inspector::InspectorConsoleAgent::addMessageToConsole):
626         (Inspector::InspectorConsoleAgent::stopTiming):
627         (Inspector::InspectorConsoleAgent::count):
628         * inspector/agents/InspectorConsoleAgent.h:
629         addMessageToConsole() now takes a pre-made ConsoleMessage object.
630
631         * inspector/JSGlobalObjectConsoleClient.cpp:
632         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
633         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
634         * inspector/JSGlobalObjectInspectorController.cpp:
635         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
636         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
637         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
638         Updated for the above changes.
639
640 2015-01-15  Mark Lam  <mark.lam@apple.com>
641
642         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
643         <https://webkit.org/b/140093>
644
645         Reviewed by Geoffrey Garen.
646
647         * interpreter/StackVisitor.cpp:
648         (JSC::StackVisitor::Frame::createArguments):
649         - We should not fetching the lexicalEnvironment here.  The reason we've
650           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
651           may not be available to us at this point.  Instead, we'll just pass a nullptr.
652
653         * runtime/Arguments.cpp:
654         (JSC::Arguments::tearOffForCloning):
655         * runtime/Arguments.h:
656         (JSC::Arguments::finishCreation):
657         - Use the new tearOffForCloning() to tear off arguments right out of the values
658           passed on the stack.  tearOff() is not appropriate for this purpose because
659           it takes slowArgumentsData into account.
660
661 2015-01-14  Matthew Mirman  <mmirman@apple.com>
662
663         Removed accidental commit of "invalid_array.js" 
664         http://trac.webkit.org/changeset/178439
665
666         * tests/stress/invalid_array.js: Removed.
667
668 2015-01-14  Matthew Mirman  <mmirman@apple.com>
669
670         Fixes operationPutByIdOptimizes such that they check that the put didn't
671         change the structure of the object who's property access is being
672         cached.  Also removes uses of the new base value from the cache generation code.
673         https://bugs.webkit.org/show_bug.cgi?id=139500
674
675         Reviewed by Filip Pizlo.
676
677         * jit/JITOperations.cpp:
678         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
679         (JSC::operationPutByIdNonStrictOptimize): ditto.
680         (JSC::operationPutByIdDirectStrictOptimize): ditto.
681         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
682         * jit/Repatch.cpp:
683         (JSC::generateByIdStub):
684         (JSC::tryCacheGetByID):
685         (JSC::tryBuildGetByIDList):
686         (JSC::emitPutReplaceStub):
687         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
688         (JSC::tryCachePutByID):
689         (JSC::repatchPutByID):
690         (JSC::tryBuildPutByIdList):
691         (JSC::tryRepatchIn):
692         (JSC::emitPutTransitionStub): Deleted.
693         * jit/Repatch.h:
694         * llint/LLIntSlowPaths.cpp:
695         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
696         * runtime/JSPropertyNameEnumerator.h:
697         (JSC::genericPropertyNameEnumerator):
698         * runtime/Operations.h:
699         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
700         (JSC::normalizePrototypeChain): restructured to not use the base value.
701         * tests/mozilla/mozilla-tests.yaml:
702         * tests/stress/proto-setter.js: Added.
703         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
704         Added test that fails without this patch.
705
706 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
707
708         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
709         https://bugs.webkit.org/show_bug.cgi?id=140404
710
711         Reviewed by Timothy Hatcher.
712
713         * inspector/protocol/Timeline.json:
714
715 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
716
717         DFG can call PutByValDirect for generic arrays
718         https://bugs.webkit.org/show_bug.cgi?id=140389
719
720         Reviewed by Geoffrey Garen.
721
722         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
723         However, current DFG asserts that put_by_val_direct is not used for the generic array,
724         the assertion failure is raised.
725         This patch allow DFG to use put_by_val_direct to generic arrays.
726
727         And fix the DFG put_by_val_direct implementation for string properties.
728         At first, put_by_val_direct is inteded to be used for spread elements.
729         So the property keys were limited to numbers (indexes).
730         But now, it's also used for computed properties in object initializers.
731
732         * dfg/DFGOperations.cpp:
733         (JSC::DFG::operationPutByValInternal):
734         * dfg/DFGSpeculativeJIT64.cpp:
735         (JSC::DFG::SpeculativeJIT::compile):
736
737 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
738
739         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
740         https://bugs.webkit.org/show_bug.cgi?id=140397
741
742         Reviewed by Geoffrey Garen.
743
744         Patch by Alexey Proskuryakov.
745
746         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
747
748         No performance change.
749
750         No test, since this is a small past-the-end read, which is very
751         difficult to turn into a reproducible failing test -- and existing tests
752         crash reliably using ASan.
753
754         * bytecompiler/NodesCodegen.cpp:
755         (JSC::BracketAccessorNode::emitBytecode):
756         (JSC::DotAccessorNode::emitBytecode):
757         (JSC::FunctionCallBracketNode::emitBytecode):
758         (JSC::PostfixNode::emitResolve):
759         (JSC::DeleteBracketNode::emitBytecode):
760         (JSC::DeleteDotNode::emitBytecode):
761         (JSC::PrefixNode::emitResolve):
762         (JSC::UnaryOpNode::emitBytecode):
763         (JSC::BitwiseNotNode::emitBytecode):
764         (JSC::BinaryOpNode::emitBytecode):
765         (JSC::EqualNode::emitBytecode):
766         (JSC::StrictEqualNode::emitBytecode):
767         (JSC::ThrowableBinaryOpNode::emitBytecode):
768         (JSC::AssignDotNode::emitBytecode):
769         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
770         register used across a call to a function that might allocate a new
771         temporary register must be held in a RefPtr.
772
773 2015-01-12  Michael Saboff  <msaboff@apple.com>
774
775         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
776         https://bugs.webkit.org/show_bug.cgi?id=140348
777
778         Reviewed by Mark Lam.
779
780         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
781         because those registers may have been spilled on the stack and replaced with other values by
782         the time we call down to gatherFromCurrentThread().
783
784         Now we get the register contents at the same place that we demarcate the current top of
785         stack using the address of a local variable, in Heap::markRoots().  The register contents
786         buffer is passed along with the demarcation pointer.  These need to be done at this level 
787         in the call tree and no lower, as markRoots() calls various functions that visit object
788         pointers that may be latter proven dead.  Any of those pointers that are left on the
789         stack or in registers could be incorrectly marked as live if we scan the stack contents
790         from a called function or one of its callees.  The stack demarcation pointer and register
791         saving need to be done in the same function so that we have a consistent stack, active
792         and spilled registers.
793
794         Because we don't want to make unnecessary calls to get the register contents, we use
795         a macro to allocated, and possibly align, the register structure and get the actual
796         register contents.
797
798
799         * heap/Heap.cpp:
800         (JSC::Heap::markRoots):
801         (JSC::Heap::gatherStackRoots):
802         * heap/Heap.h:
803         * heap/MachineStackMarker.cpp:
804         (JSC::MachineThreads::gatherFromCurrentThread):
805         (JSC::MachineThreads::gatherConservativeRoots):
806         * heap/MachineStackMarker.h:
807
808 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
809
810         Add basic pattern matching support to the url filters
811         https://bugs.webkit.org/show_bug.cgi?id=140283
812
813         Reviewed by Andreas Kling.
814
815         * JavaScriptCore.xcodeproj/project.pbxproj:
816         Make YarrParser.h private in order to use it from WebCore.
817
818 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
819
820         Out of bounds read in IdentifierArena::makeIdentifier
821         https://bugs.webkit.org/show_bug.cgi?id=140376
822
823         Patch by Alexey Proskuryakov.
824
825         Reviewed and ChangeLogged by Geoffrey Garen.
826
827         No test, since this is a small past-the-end read, which is very
828         difficult to turn into a reproducible failing test -- and existing tests
829         crash reliably using ASan.
830
831         * parser/ParserArena.h:
832         (JSC::IdentifierArena::makeIdentifier):
833         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
834         zero-length string input, like we do in the literal parser, since it is
835         not valid to dereference characters in a zero-length string.
836
837         A zero-length string is allowed in JavaScript -- for example, "".
838
839 2015-01-11  Sam Weinig  <sam@webkit.org>
840
841         Remove support for SharedWorkers
842         https://bugs.webkit.org/show_bug.cgi?id=140344
843
844         Reviewed by Anders Carlsson.
845
846         * Configurations/FeatureDefines.xcconfig:
847
848 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
849
850         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
851         https://bugs.webkit.org/show_bug.cgi?id=136769
852
853         Reviewed by Antti Koivisto.
854
855         * Configurations/FeatureDefines.xcconfig:
856
857 2015-01-12  Commit Queue  <commit-queue@webkit.org>
858
859         Unreviewed, rolling out r178266.
860         https://bugs.webkit.org/show_bug.cgi?id=140363
861
862         Broke a JSC test (Requested by ap on #webkit).
863
864         Reverted changeset:
865
866         "Local JSArray* "keys" in objectConstructorKeys() is not
867         marked during garbage collection"
868         https://bugs.webkit.org/show_bug.cgi?id=140348
869         http://trac.webkit.org/changeset/178266
870
871 2015-01-12  Michael Saboff  <msaboff@apple.com>
872
873         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
874         https://bugs.webkit.org/show_bug.cgi?id=140348
875
876         Reviewed by Mark Lam.
877
878         Move the address of the local variable that is used to demarcate the top of the stack for 
879         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
880         the register values using setjmp().  That way we don't lose any callee save register
881         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
882         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
883         erroneously.
884
885         * heap/Heap.cpp:
886         (JSC::Heap::markRoots):
887         (JSC::Heap::gatherStackRoots):
888         * heap/Heap.h:
889         * heap/MachineStackMarker.cpp:
890         (JSC::MachineThreads::gatherFromCurrentThread):
891         (JSC::MachineThreads::gatherConservativeRoots):
892         * heap/MachineStackMarker.h:
893
894 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
895
896         Fix typo in testate.c error messages
897         https://bugs.webkit.org/show_bug.cgi?id=140305
898
899         Reviewed by Geoffrey Garen.
900
901         * API/tests/testapi.c:
902         (main): "... script did not timed out ..." -> "... script did not time out ..."
903
904 2015-01-09  Michael Saboff  <msaboff@apple.com>
905
906         Breakpoint doesn't fire in this HTML5 game
907         https://bugs.webkit.org/show_bug.cgi?id=140269
908
909         Reviewed by Mark Lam.
910
911         When parsing a single line cached function, use the lineStartOffset of the
912         location where we found the cached function instead of the cached lineStartOffset.
913         The cache location's lineStartOffset has not been adjusted for any possible
914         containing functions.
915
916         This change is not needed for multi-line cached functions.  Consider the
917         single line source:
918
919         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
920
921         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
922         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
923         character is at outer()'s outermost open brace.  That is what we should use for
924         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
925         to the saved location for inner1(), including the lineStartOffset of 0.  We need
926         to use the value of lineStartOffset before we started parsing inner1().  That is
927         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
928
929         For a multi-line function, the close brace is guaranteed to be on a different line
930         than the open brace.  Hence, its lineStartOffset will not change with the change of
931         the SourceCode start character
932
933         * parser/Parser.cpp:
934         (JSC::Parser<LexerType>::parseFunctionInfo):
935
936 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
937
938         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
939         https://bugs.webkit.org/show_bug.cgi?id=140279
940         rdar://problem/19422299
941
942         Reviewed by Oliver Hunt.
943
944         * runtime/MapData.cpp:
945         (JSC::MapData::replaceAndPackBackingStore):
946         The cell table also needs to have its values fixed.
947
948 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
949
950         Web Inspector: Remove or use TimelineAgent Resource related event types
951         https://bugs.webkit.org/show_bug.cgi?id=140155
952
953         Reviewed by Timothy Hatcher.
954
955         Remove unused / stale Timeline event types.
956
957         * inspector/protocol/Timeline.json:
958
959 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
960
961         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
962         https://bugs.webkit.org/show_bug.cgi?id=140098
963
964         Reviewed by Brian Burg.
965
966         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
967
968 2015-01-08  Mark Lam  <mark.lam@apple.com>
969
970         Argument object created by "Function dot arguments" should use a clone of the argument values.
971         <https://webkit.org/b/140093>
972
973         Reviewed by Geoffrey Garen.
974
975         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
976         test will crash.  The relevant code which manifests the issue is as follows:
977
978             function bar() {
979                 return foo.arguments;
980             }
981
982             function foo(p) {
983                 var x = 42;
984                 if (p)
985                     return (function() { return x; });
986                 else
987                     return bar();
988             }
989
990         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
991         has dead code eliminated the SetLocal that stores it into its designated local.
992         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
993         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
994         but instead, finds it to be uninitialized.  This results in a null pointer access
995         which causes a crash.
996
997         This can be resolved by having bar() instantiate a clone of the Arguments object
998         instead, and populate its elements with values fetched directly from foo's frame.
999         There's no need to reference foo's LexicalEnvironment (whether present or not).
1000
1001         * interpreter/StackVisitor.cpp:
1002         (JSC::StackVisitor::Frame::createArguments):
1003         * runtime/Arguments.h:
1004         (JSC::Arguments::finishCreation):
1005
1006 2015-01-08  Mark Lam  <mark.lam@apple.com>
1007
1008         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1009         <https://webkit.org/b/140236>
1010
1011         Reviewed by Geoffrey Garen.
1012
1013         Will change the DFG to use the operand on a subsequent pass.  For now,
1014         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1015         retain the old behavior of getting the lexicalEnviroment from the
1016         ExecState.
1017
1018         * bytecompiler/BytecodeGenerator.cpp:
1019         (JSC::BytecodeGenerator::BytecodeGenerator):
1020         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1021         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1022         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1023           instead of an empty JSValue as the lexicalEnvironment operand.
1024
1025         * dfg/DFGOperations.cpp:
1026         - Use the lexicalEnvironment from the ExecState for now.
1027
1028         * dfg/DFGSpeculativeJIT32_64.cpp:
1029         (JSC::DFG::SpeculativeJIT::compile):
1030         * dfg/DFGSpeculativeJIT64.cpp:
1031         (JSC::DFG::SpeculativeJIT::compile):
1032         - Use the operationCreateArgumentsForDFG() thunk for now.
1033
1034         * interpreter/CallFrame.cpp:
1035         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1036         * interpreter/CallFrame.h:
1037         - Added this convenience function to return either the
1038           lexicalEnvironment or a nullptr so that we don't need to do a
1039           conditional check on codeBlock->needsActivation() at multiple sites.
1040
1041         * interpreter/StackVisitor.cpp:
1042         (JSC::StackVisitor::Frame::createArguments):
1043         * jit/JIT.h:
1044         * jit/JITInlines.h:
1045         (JSC::JIT::callOperation):
1046         * jit/JITOpcodes.cpp:
1047         (JSC::JIT::emit_op_create_arguments):
1048         (JSC::JIT::emitSlow_op_get_argument_by_val):
1049         * jit/JITOpcodes32_64.cpp:
1050         (JSC::JIT::emit_op_create_arguments):
1051         (JSC::JIT::emitSlow_op_get_argument_by_val):
1052         * jit/JITOperations.cpp:
1053         * jit/JITOperations.h:
1054         * llint/LLIntSlowPaths.cpp:
1055         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1056         * runtime/Arguments.h:
1057         (JSC::Arguments::create):
1058         (JSC::Arguments::finishCreation):
1059         * runtime/CommonSlowPaths.cpp:
1060         (JSC::SLOW_PATH_DECL):
1061         * runtime/JSLexicalEnvironment.cpp:
1062         (JSC::JSLexicalEnvironment::argumentsGetter):
1063
1064 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1065
1066         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1067         https://bugs.webkit.org/show_bug.cgi?id=138991
1068
1069         Reviewed by Timothy Hatcher.
1070
1071         * debugger/Debugger.cpp:
1072         (JSC::Debugger::Debugger):
1073         (JSC::Debugger::pauseIfNeeded):
1074         (JSC::Debugger::didReachBreakpoint):
1075         When actually pausing, if we hit a breakpoint ensure the reason
1076         is PausedForBreakpoint, otherwise use the current reason.
1077
1078         * debugger/Debugger.h:
1079         Make pause reason and pausing breakpoint ID public.
1080
1081         * inspector/agents/InspectorDebuggerAgent.h:
1082         * inspector/agents/InspectorDebuggerAgent.cpp:
1083         (Inspector::buildAssertPauseReason):
1084         (Inspector::buildCSPViolationPauseReason):
1085         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1086         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1087         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1088         (Inspector::buildObjectForBreakpointCookie):
1089         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1090         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1091         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1092         (Inspector::InspectorDebuggerAgent::pause):
1093         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1094         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1095         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1096         Clean up creation of pause reason objects and other cleanup
1097         of PassRefPtr use and InjectedScript use.
1098
1099         (Inspector::InspectorDebuggerAgent::didPause):
1100         Clean up so that we first check for an Exception, and then fall
1101         back to including a Pause Reason derived from the Debugger.
1102
1103         * inspector/protocol/Debugger.json:
1104         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1105
1106 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1107
1108         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1109         https://bugs.webkit.org/show_bug.cgi?id=140209
1110
1111         Reviewed by Timothy Hatcher.
1112
1113         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1114         when the user can set an array of objects. Previously we were only type checking
1115         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1116
1117         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1118         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1119         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1120         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1121         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1122         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1123         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1124         * inspector/scripts/codegen/objc_generator.py:
1125         (ObjCGenerator.objc_class_for_array_type):
1126         (ObjCGenerator):
1127
1128 2015-01-07  Mark Lam  <mark.lam@apple.com>
1129
1130         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1131         <https://webkit.org/b/140233>
1132
1133         Reviewed by Filip Pizlo.
1134
1135         This patch only adds the operand to the bytecode.  It is not in use yet.
1136
1137         * bytecode/BytecodeList.json:
1138         * bytecode/BytecodeUseDef.h:
1139         (JSC::computeUsesForBytecodeOffset):
1140         * bytecode/CodeBlock.cpp:
1141         (JSC::CodeBlock::dumpBytecode):
1142         * bytecompiler/BytecodeGenerator.cpp:
1143         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1144         * llint/LowLevelInterpreter32_64.asm:
1145         * llint/LowLevelInterpreter64.asm:
1146
1147 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1148
1149         Investigate the character type of repeated string instead of checking is8Bit flag
1150         https://bugs.webkit.org/show_bug.cgi?id=140139
1151
1152         Reviewed by Darin Adler.
1153
1154         Instead of checking is8Bit flag of the repeated string, investigate
1155         the actual value of the repeated character since i8Bit flag give a false negative case.
1156
1157         * runtime/StringPrototype.cpp:
1158         (JSC::repeatCharacter):
1159         (JSC::stringProtoFuncRepeat):
1160         (JSC::repeatSmallString): Deleted.
1161
1162 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1163
1164         Web Inspector: ObjC Generate types from the GenericTypes domain
1165         https://bugs.webkit.org/show_bug.cgi?id=140229
1166
1167         Reviewed by Timothy Hatcher.
1168
1169         Generate types from the GenericTypes domain, as they are expected
1170         by other domains (like Page domain). Also, don't include the @protocol
1171         forward declaration for a domain if it doesn't have any commands.
1172
1173         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1174         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1175         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1176         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1177         * inspector/scripts/codegen/objc_generator.py:
1178         (ObjCGenerator):
1179         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1180         * inspector/scripts/tests/expected/enum-values.json-result:
1181         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1182         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1183         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1184         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1185         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1186         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1187         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1188         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1189         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1190
1191 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1192
1193         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1194         https://bugs.webkit.org/show_bug.cgi?id=140228
1195
1196         Reviewed by Timothy Hatcher.
1197
1198         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1199         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1200         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1201         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1202         * inspector/scripts/tests/expected/enum-values.json-result:
1203         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1204
1205 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1206
1207         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1208         https://bugs.webkit.org/show_bug.cgi?id=140165
1209
1210         Reviewed by Michael Saboff.
1211
1212         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1213         into the LLInt speeds up type profiling.
1214
1215         * llint/LLIntOffsetsExtractor.cpp:
1216         * llint/LowLevelInterpreter.asm:
1217         * llint/LowLevelInterpreter32_64.asm:
1218         * llint/LowLevelInterpreter64.asm:
1219         * runtime/CommonSlowPaths.cpp:
1220         (JSC::SLOW_PATH_DECL):
1221         * runtime/CommonSlowPaths.h:
1222         * runtime/TypeProfilerLog.h:
1223         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1224
1225 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1226
1227         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1228         https://bugs.webkit.org/show_bug.cgi?id=140053
1229
1230         Reviewed by Andreas Kling.
1231
1232         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1233         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1234         references are always non-null. These two refactorings have been combined since
1235         they tend to require similar changes to the code.
1236
1237         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1238         have been updated to take a Ref instead of RefPtr.
1239
1240         Builders for typed protocol objects now return a Ref. Since there is no implicit
1241         call to operator&, callsites now must explicitly call .release() to convert a
1242         builder object into the corresponding protocol object once required fields are set.
1243         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1244
1245         Tests for inspector protocol and replay inputs have been rebaselined.
1246
1247         * bindings/ScriptValue.cpp:
1248         (Deprecated::jsToInspectorValue):
1249         (Deprecated::ScriptValue::toInspectorValue):
1250         * bindings/ScriptValue.h:
1251         * inspector/ConsoleMessage.cpp:
1252         (Inspector::ConsoleMessage::addToFrontend):
1253         * inspector/ContentSearchUtilities.cpp:
1254         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1255         (Inspector::ContentSearchUtilities::searchInTextByLines):
1256         * inspector/ContentSearchUtilities.h:
1257         * inspector/InjectedScript.cpp:
1258         (Inspector::InjectedScript::getFunctionDetails):
1259         (Inspector::InjectedScript::getProperties):
1260         (Inspector::InjectedScript::getInternalProperties):
1261         (Inspector::InjectedScript::wrapCallFrames):
1262         (Inspector::InjectedScript::wrapObject):
1263         (Inspector::InjectedScript::wrapTable):
1264         * inspector/InjectedScript.h:
1265         * inspector/InjectedScriptBase.cpp:
1266         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1267         * inspector/InspectorBackendDispatcher.cpp:
1268         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1269         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1270         (Inspector::InspectorBackendDispatcher::create):
1271         (Inspector::InspectorBackendDispatcher::dispatch):
1272         (Inspector::InspectorBackendDispatcher::sendResponse):
1273         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1274         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1275         (Inspector::InspectorBackendDispatcher::getInteger):
1276         (Inspector::InspectorBackendDispatcher::getDouble):
1277         (Inspector::InspectorBackendDispatcher::getString):
1278         (Inspector::InspectorBackendDispatcher::getBoolean):
1279         (Inspector::InspectorBackendDispatcher::getObject):
1280         (Inspector::InspectorBackendDispatcher::getArray):
1281         (Inspector::InspectorBackendDispatcher::getValue):
1282         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1283         protocol error strings.
1284         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1285         Convert the supplemental dispatcher's reference to Ref since it is never null.
1286         * inspector/InspectorEnvironment.h:
1287         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1288         StructItemTraits. Add more versions of addItem to handle pushing various types.
1289         (Inspector::Protocol::Array::openAccessors):
1290         (Inspector::Protocol::Array::addItem):
1291         (Inspector::Protocol::Array::create):
1292         (Inspector::Protocol::StructItemTraits::push):
1293         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1294         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1295         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1296         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1297         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1298         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1299         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1300         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1301         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1302         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1303         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1304         the same call signature as other getters. Use Ref where possible.
1305         (Inspector::InspectorObjectBase::getBoolean):
1306         (Inspector::InspectorObjectBase::getString):
1307         (Inspector::InspectorObjectBase::getObject):
1308         (Inspector::InspectorObjectBase::getArray):
1309         (Inspector::InspectorObjectBase::getValue):
1310         (Inspector::InspectorObjectBase::writeJSON):
1311         (Inspector::InspectorArrayBase::get):
1312         (Inspector::InspectorObject::create):
1313         (Inspector::InspectorArray::create):
1314         (Inspector::InspectorValue::null):
1315         (Inspector::InspectorString::create):
1316         (Inspector::InspectorBasicValue::create):
1317         (Inspector::InspectorObjectBase::get): Deleted.
1318         * inspector/InspectorValues.h:
1319         (Inspector::InspectorObjectBase::setValue):
1320         (Inspector::InspectorObjectBase::setObject):
1321         (Inspector::InspectorObjectBase::setArray):
1322         (Inspector::InspectorArrayBase::pushValue):
1323         (Inspector::InspectorArrayBase::pushObject):
1324         (Inspector::InspectorArrayBase::pushArray):
1325         * inspector/JSGlobalObjectConsoleClient.cpp:
1326         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1327         (Inspector::JSGlobalObjectConsoleClient::count):
1328         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1329         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1330         * inspector/JSGlobalObjectConsoleClient.h:
1331         * inspector/JSGlobalObjectInspectorController.cpp:
1332         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1333         * inspector/JSGlobalObjectInspectorController.h:
1334         * inspector/ScriptCallFrame.cpp:
1335         (Inspector::ScriptCallFrame::buildInspectorObject):
1336         * inspector/ScriptCallFrame.h:
1337         * inspector/ScriptCallStack.cpp:
1338         (Inspector::ScriptCallStack::create):
1339         (Inspector::ScriptCallStack::buildInspectorArray):
1340         * inspector/ScriptCallStack.h:
1341         * inspector/agents/InspectorAgent.cpp:
1342         (Inspector::InspectorAgent::enable):
1343         (Inspector::InspectorAgent::inspect):
1344         (Inspector::InspectorAgent::activateExtraDomain):
1345         * inspector/agents/InspectorAgent.h:
1346         * inspector/agents/InspectorDebuggerAgent.cpp:
1347         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1348         (Inspector::buildObjectForBreakpointCookie):
1349         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1350         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1351         (Inspector::InspectorDebuggerAgent::continueToLocation):
1352         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1353         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1354         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1355         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1356         (Inspector::InspectorDebuggerAgent::didParseSource):
1357         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1358         (Inspector::InspectorDebuggerAgent::breakProgram):
1359         * inspector/agents/InspectorDebuggerAgent.h:
1360         * inspector/agents/InspectorRuntimeAgent.cpp:
1361         (Inspector::buildErrorRangeObject):
1362         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1363         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1364         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1365         * inspector/agents/InspectorRuntimeAgent.h:
1366         * inspector/scripts/codegen/cpp_generator.py:
1367         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1368         (CppGenerator.cpp_type_for_type_with_name):
1369         (CppGenerator.cpp_type_for_formal_async_parameter):
1370         (CppGenerator.should_use_references_for_type):
1371         (CppGenerator):
1372         * inspector/scripts/codegen/cpp_generator_templates.py:
1373         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1374         (CppBackendDispatcherHeaderGenerator.generate_output):
1375         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1376         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1377         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1378         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1379         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1380         (CppFrontendDispatcherHeaderGenerator.generate_output):
1381         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1382         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1383         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1384         (CppProtocolTypesHeaderGenerator.generate_output):
1385         (_generate_class_for_object_declaration):
1386         (_generate_unchecked_setter_for_member):
1387         (_generate_forward_declarations_for_binding_traits):
1388         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1389         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1390         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1391         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1392         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1393         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1394         (ObjCProtocolTypesImplementationGenerator.generate_output):
1395         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1396         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1397         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1398         * inspector/scripts/tests/expected/enum-values.json-result:
1399         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1400         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1401         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1402         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1403         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1404         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1405         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1406         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1407         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1408         * replay/EncodedValue.cpp:
1409         (JSC::EncodedValue::asObject):
1410         (JSC::EncodedValue::asArray):
1411         (JSC::EncodedValue::put<EncodedValue>):
1412         (JSC::EncodedValue::append<EncodedValue>):
1413         (JSC::EncodedValue::get<EncodedValue>):
1414         * replay/EncodedValue.h:
1415         * replay/scripts/CodeGeneratorReplayInputs.py:
1416         (Type.borrow_type):
1417         (Type.argument_type):
1418         (Generator.generate_member_move_expression):
1419         * runtime/ConsoleClient.cpp:
1420         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1421         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1422         (JSC::ConsoleClient::logWithLevel):
1423         (JSC::ConsoleClient::clear):
1424         (JSC::ConsoleClient::dir):
1425         (JSC::ConsoleClient::dirXML):
1426         (JSC::ConsoleClient::table):
1427         (JSC::ConsoleClient::trace):
1428         (JSC::ConsoleClient::assertCondition):
1429         (JSC::ConsoleClient::group):
1430         (JSC::ConsoleClient::groupCollapsed):
1431         (JSC::ConsoleClient::groupEnd):
1432         * runtime/ConsoleClient.h:
1433         * runtime/TypeSet.cpp:
1434         (JSC::TypeSet::allStructureRepresentations):
1435         (JSC::TypeSet::inspectorTypeSet):
1436         (JSC::StructureShape::inspectorRepresentation):
1437         * runtime/TypeSet.h:
1438
1439 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1440
1441         Unreviewed, rolling out r178039.
1442         https://bugs.webkit.org/show_bug.cgi?id=140187
1443
1444         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1445         #webkit).
1446
1447         Reverted changeset:
1448
1449         "Web Inspector: purge PassRefPtr from Inspector code and use
1450         Ref for typed and untyped protocol objects"
1451         https://bugs.webkit.org/show_bug.cgi?id=140053
1452         http://trac.webkit.org/changeset/178039
1453
1454 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1455
1456         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1457         https://bugs.webkit.org/show_bug.cgi?id=140053
1458
1459         Reviewed by Andreas Kling.
1460
1461         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1462         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1463         references are always non-null. These two refactorings have been combined since
1464         they tend to require similar changes to the code.
1465
1466         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1467         have been updated to take a Ref instead of RefPtr.
1468
1469         Builders for typed protocol objects now return a Ref. Since there is no implicit
1470         call to operator&, callsites now must explicitly call .release() to convert a
1471         builder object into the corresponding protocol object once required fields are set.
1472         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1473
1474         Tests for inspector protocol and replay inputs have been rebaselined.
1475
1476         * bindings/ScriptValue.cpp:
1477         (Deprecated::jsToInspectorValue):
1478         (Deprecated::ScriptValue::toInspectorValue):
1479         * bindings/ScriptValue.h:
1480         * inspector/ConsoleMessage.cpp:
1481         (Inspector::ConsoleMessage::addToFrontend):
1482         * inspector/ContentSearchUtilities.cpp:
1483         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1484         (Inspector::ContentSearchUtilities::searchInTextByLines):
1485         * inspector/ContentSearchUtilities.h:
1486         * inspector/InjectedScript.cpp:
1487         (Inspector::InjectedScript::getFunctionDetails):
1488         (Inspector::InjectedScript::getProperties):
1489         (Inspector::InjectedScript::getInternalProperties):
1490         (Inspector::InjectedScript::wrapCallFrames):
1491         (Inspector::InjectedScript::wrapObject):
1492         (Inspector::InjectedScript::wrapTable):
1493         * inspector/InjectedScript.h:
1494         * inspector/InjectedScriptBase.cpp:
1495         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1496         * inspector/InspectorBackendDispatcher.cpp:
1497         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1498         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1499         (Inspector::InspectorBackendDispatcher::create):
1500         (Inspector::InspectorBackendDispatcher::dispatch):
1501         (Inspector::InspectorBackendDispatcher::sendResponse):
1502         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1503         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1504         (Inspector::InspectorBackendDispatcher::getInteger):
1505         (Inspector::InspectorBackendDispatcher::getDouble):
1506         (Inspector::InspectorBackendDispatcher::getString):
1507         (Inspector::InspectorBackendDispatcher::getBoolean):
1508         (Inspector::InspectorBackendDispatcher::getObject):
1509         (Inspector::InspectorBackendDispatcher::getArray):
1510         (Inspector::InspectorBackendDispatcher::getValue):
1511         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1512         protocol error strings.
1513         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1514         Convert the supplemental dispatcher's reference to Ref since it is never null.
1515         * inspector/InspectorEnvironment.h:
1516         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1517         StructItemTraits. Add more versions of addItem to handle pushing various types.
1518         (Inspector::Protocol::Array::openAccessors):
1519         (Inspector::Protocol::Array::addItem):
1520         (Inspector::Protocol::Array::create):
1521         (Inspector::Protocol::StructItemTraits::push):
1522         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1523         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1524         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1525         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1526         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1527         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1528         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1529         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1530         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1531         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1532         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1533         the same call signature as other getters. Use Ref where possible.
1534         (Inspector::InspectorObjectBase::getBoolean):
1535         (Inspector::InspectorObjectBase::getString):
1536         (Inspector::InspectorObjectBase::getObject):
1537         (Inspector::InspectorObjectBase::getArray):
1538         (Inspector::InspectorObjectBase::getValue):
1539         (Inspector::InspectorObjectBase::writeJSON):
1540         (Inspector::InspectorArrayBase::get):
1541         (Inspector::InspectorObject::create):
1542         (Inspector::InspectorArray::create):
1543         (Inspector::InspectorValue::null):
1544         (Inspector::InspectorString::create):
1545         (Inspector::InspectorBasicValue::create):
1546         (Inspector::InspectorObjectBase::get): Deleted.
1547         * inspector/InspectorValues.h:
1548         (Inspector::InspectorObjectBase::setValue):
1549         (Inspector::InspectorObjectBase::setObject):
1550         (Inspector::InspectorObjectBase::setArray):
1551         (Inspector::InspectorArrayBase::pushValue):
1552         (Inspector::InspectorArrayBase::pushObject):
1553         (Inspector::InspectorArrayBase::pushArray):
1554         * inspector/JSGlobalObjectConsoleClient.cpp:
1555         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1556         (Inspector::JSGlobalObjectConsoleClient::count):
1557         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1558         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1559         * inspector/JSGlobalObjectConsoleClient.h:
1560         * inspector/JSGlobalObjectInspectorController.cpp:
1561         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1562         * inspector/JSGlobalObjectInspectorController.h:
1563         * inspector/ScriptCallFrame.cpp:
1564         (Inspector::ScriptCallFrame::buildInspectorObject):
1565         * inspector/ScriptCallFrame.h:
1566         * inspector/ScriptCallStack.cpp:
1567         (Inspector::ScriptCallStack::create):
1568         (Inspector::ScriptCallStack::buildInspectorArray):
1569         * inspector/ScriptCallStack.h:
1570         * inspector/agents/InspectorAgent.cpp:
1571         (Inspector::InspectorAgent::enable):
1572         (Inspector::InspectorAgent::inspect):
1573         (Inspector::InspectorAgent::activateExtraDomain):
1574         * inspector/agents/InspectorAgent.h:
1575         * inspector/agents/InspectorDebuggerAgent.cpp:
1576         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1577         (Inspector::buildObjectForBreakpointCookie):
1578         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1579         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1580         (Inspector::InspectorDebuggerAgent::continueToLocation):
1581         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1582         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1583         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1584         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1585         (Inspector::InspectorDebuggerAgent::didParseSource):
1586         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1587         (Inspector::InspectorDebuggerAgent::breakProgram):
1588         * inspector/agents/InspectorDebuggerAgent.h:
1589         * inspector/agents/InspectorRuntimeAgent.cpp:
1590         (Inspector::buildErrorRangeObject):
1591         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1592         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1593         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1594         * inspector/agents/InspectorRuntimeAgent.h:
1595         * inspector/scripts/codegen/cpp_generator.py:
1596         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1597         (CppGenerator.cpp_type_for_type_with_name):
1598         (CppGenerator.cpp_type_for_formal_async_parameter):
1599         (CppGenerator.should_use_references_for_type):
1600         (CppGenerator):
1601         * inspector/scripts/codegen/cpp_generator_templates.py:
1602         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1603         (CppBackendDispatcherHeaderGenerator.generate_output):
1604         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1605         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1606         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1607         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1608         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1609         (CppFrontendDispatcherHeaderGenerator.generate_output):
1610         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1611         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1612         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1613         (CppProtocolTypesHeaderGenerator.generate_output):
1614         (_generate_class_for_object_declaration):
1615         (_generate_unchecked_setter_for_member):
1616         (_generate_forward_declarations_for_binding_traits):
1617         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1618         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1619         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1620         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1621         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1622         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1623         (ObjCProtocolTypesImplementationGenerator.generate_output):
1624         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1625         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1626         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1627         * inspector/scripts/tests/expected/enum-values.json-result:
1628         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1629         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1630         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1631         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1632         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1633         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1634         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1635         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1636         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1637         * replay/EncodedValue.cpp:
1638         (JSC::EncodedValue::asObject):
1639         (JSC::EncodedValue::asArray):
1640         (JSC::EncodedValue::put<EncodedValue>):
1641         (JSC::EncodedValue::append<EncodedValue>):
1642         (JSC::EncodedValue::get<EncodedValue>):
1643         * replay/EncodedValue.h:
1644         * replay/scripts/CodeGeneratorReplayInputs.py:
1645         (Type.borrow_type):
1646         (Type.argument_type):
1647         (Generator.generate_member_move_expression):
1648         * runtime/ConsoleClient.cpp:
1649         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1650         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1651         (JSC::ConsoleClient::logWithLevel):
1652         (JSC::ConsoleClient::clear):
1653         (JSC::ConsoleClient::dir):
1654         (JSC::ConsoleClient::dirXML):
1655         (JSC::ConsoleClient::table):
1656         (JSC::ConsoleClient::trace):
1657         (JSC::ConsoleClient::assertCondition):
1658         (JSC::ConsoleClient::group):
1659         (JSC::ConsoleClient::groupCollapsed):
1660         (JSC::ConsoleClient::groupEnd):
1661         * runtime/ConsoleClient.h:
1662         * runtime/TypeSet.cpp:
1663         (JSC::TypeSet::allStructureRepresentations):
1664         (JSC::TypeSet::inspectorTypeSet):
1665         (JSC::StructureShape::inspectorRepresentation):
1666         * runtime/TypeSet.h:
1667
1668 2015-01-06  Chris Dumez  <cdumez@apple.com>
1669
1670         Drop ResourceResponseBase::connectionID and connectionReused members
1671         https://bugs.webkit.org/show_bug.cgi?id=140158
1672
1673         Reviewed by Sam Weinig.
1674
1675         Drop ResourceResponseBase::connectionID and connectionReused members.
1676         Those were needed by the Chromium port but are no longer used.
1677
1678         * inspector/protocol/Network.json:
1679
1680 2015-01-06  Mark Lam  <mark.lam@apple.com>
1681
1682         Add the lexicalEnvironment as an operand to op_create_arguments.
1683         <https://webkit.org/b/140148>
1684
1685         Reviewed by Geoffrey Garen.
1686
1687         This patch only adds the operand to the bytecode.  It is not in use yet.
1688
1689         * bytecode/BytecodeList.json:
1690         * bytecode/BytecodeUseDef.h:
1691         (JSC::computeUsesForBytecodeOffset):
1692         * bytecode/CodeBlock.cpp:
1693         (JSC::CodeBlock::dumpBytecode):
1694         * bytecompiler/BytecodeGenerator.cpp:
1695         (JSC::BytecodeGenerator::BytecodeGenerator):
1696         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1697         - Adds the lexicalEnvironment register (if present) as an operand to
1698           op_create_arguments.  Else, adds a constant empty JSValue.
1699         * llint/LowLevelInterpreter32_64.asm:
1700         * llint/LowLevelInterpreter64.asm:
1701
1702 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
1703
1704         ADDRESS_SANITIZER macro is overloaded
1705         https://bugs.webkit.org/show_bug.cgi?id=140130
1706
1707         Reviewed by Anders Carlsson.
1708
1709         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
1710         This code is nearly unused (only compiled in when JIT is disabled at build time),
1711         however I've been told that it's best to keep it.
1712
1713 2015-01-06  Mark Lam  <mark.lam@apple.com>
1714
1715         Fix Use details for op_create_arguments.
1716         <https://webkit.org/b/140110>
1717
1718         Rubber stamped by Filip Pizlo.
1719
1720         The previous patch was wrong about op_create_arguments not using its 1st operand.
1721         It does read from it (hence, used) to check if the Arguments object has already
1722         been created or not.  This patch reverts the change for op_create_arguments.
1723
1724         * bytecode/BytecodeUseDef.h:
1725         (JSC::computeUsesForBytecodeOffset):
1726
1727 2015-01-06  Mark Lam  <mark.lam@apple.com>
1728
1729         Fix Use details for op_create_lexical_environment and op_create_arguments.
1730         <https://webkit.org/b/140110>
1731
1732         Reviewed by Filip Pizlo.
1733
1734         The current "Use" details for op_create_lexical_environment and
1735         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
1736         1st operand (the output local).  op_create_lexical_environment uses its 2nd
1737         operand (the scope chain) instead of the 1st (the output local).
1738         This patch fixes them to specify the proper uses.
1739
1740         * bytecode/BytecodeUseDef.h:
1741         (JSC::computeUsesForBytecodeOffset):
1742
1743 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1744
1745         Implement ES6 String.prototype.repeat(count)
1746         https://bugs.webkit.org/show_bug.cgi?id=140047
1747
1748         Reviewed by Darin Adler.
1749
1750         Introducing ES6 String.prototype.repeat(count) function.
1751
1752         * runtime/JSString.h:
1753         * runtime/StringPrototype.cpp:
1754         (JSC::StringPrototype::finishCreation):
1755         (JSC::repeatSmallString):
1756         (JSC::stringProtoFuncRepeat):
1757
1758 2015-01-03  Michael Saboff  <msaboff@apple.com>
1759
1760         Crash in operationNewFunction when scrolling on Google+
1761         https://bugs.webkit.org/show_bug.cgi?id=140033
1762
1763         Reviewed by Oliver Hunt.
1764
1765         In DFG code, the scope register can be eliminated because all uses have been
1766         dead code eliminated.  In the case where one of the uses was creating a function
1767         that is never used, the baseline code will still create the function.  If we OSR
1768         exit to a path where that function gets created, check the scope register value
1769         and set the new, but dead, function to undefined instead of creating a new function.
1770
1771         * jit/JITOpcodes.cpp:
1772         (JSC::JIT::emit_op_new_func_exp):
1773
1774 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
1775
1776         String includes methods perform toString on searchString before toInt32 on a offset
1777         https://bugs.webkit.org/show_bug.cgi?id=140031
1778
1779         Reviewed by Darin Adler.
1780
1781         * runtime/StringPrototype.cpp:
1782         (JSC::stringProtoFuncStartsWith):
1783         (JSC::stringProtoFuncEndsWith):
1784         (JSC::stringProtoFuncIncludes):
1785
1786 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1787
1788         Change to return std::unique_ptr<> in fooCreate()
1789         https://bugs.webkit.org/show_bug.cgi?id=139983
1790
1791         Reviewed by Darin Adler.
1792
1793         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
1794
1795         * create_regex_tables:
1796         * yarr/YarrPattern.h:
1797         (JSC::Yarr::YarrPattern::reset):
1798         (JSC::Yarr::YarrPattern::newlineCharacterClass):
1799         (JSC::Yarr::YarrPattern::digitsCharacterClass):
1800         (JSC::Yarr::YarrPattern::spacesCharacterClass):
1801         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
1802         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
1803         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
1804         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
1805
1806 2015-01-01  Jeff Miller  <jeffm@apple.com>
1807
1808         Update user-visible copyright strings to include 2015
1809         https://bugs.webkit.org/show_bug.cgi?id=139880
1810
1811         Reviewed by Darin Adler.
1812
1813         * Info.plist:
1814
1815 2015-01-01  Darin Adler  <darin@apple.com>
1816
1817         We often misspell identifier as "identifer"
1818         https://bugs.webkit.org/show_bug.cgi?id=140025
1819
1820         Reviewed by Michael Saboff.
1821
1822         * runtime/ArrayConventions.h: Fix it.
1823
1824 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1825
1826         Move JavaScriptCore/yarr to std::unique_ptr
1827         https://bugs.webkit.org/show_bug.cgi?id=139621
1828
1829         Reviewed by Anders Carlsson.
1830
1831         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
1832
1833         * yarr/YarrInterpreter.cpp:
1834         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
1835         * yarr/YarrInterpreter.h:
1836         (JSC::Yarr::BytecodePattern::BytecodePattern):
1837         * yarr/YarrJIT.cpp:
1838         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
1839         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
1840         (JSC::Yarr::YarrGenerator::opCompileBody):
1841         * yarr/YarrPattern.cpp:
1842         (JSC::Yarr::CharacterClassConstructor::charClass):
1843         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
1844         (JSC::Yarr::YarrPatternConstructor::reset):
1845         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
1846         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
1847         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
1848         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
1849         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
1850         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
1851         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
1852         * yarr/YarrPattern.h:
1853         (JSC::Yarr::PatternDisjunction::addNewAlternative):
1854         (JSC::Yarr::YarrPattern::newlineCharacterClass):
1855         (JSC::Yarr::YarrPattern::digitsCharacterClass):
1856         (JSC::Yarr::YarrPattern::spacesCharacterClass):
1857         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
1858         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
1859         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
1860         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
1861
1862 2014-12-26  Dan Bernstein  <mitz@apple.com>
1863
1864         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
1865         https://bugs.webkit.org/show_bug.cgi?id=139950
1866
1867         Reviewed by David Kilzer.
1868
1869         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
1870         in a manner that works with Xcode 5.1.1.
1871
1872 2014-12-22  Mark Lam  <mark.lam@apple.com>
1873
1874         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
1875         <https://webkit.org/b/139892>
1876
1877         Reviewed by Michael Saboff.
1878
1879         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
1880         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
1881         This patch changes it to use the helper function consistently.
1882
1883         * jit/JITOperations.cpp:
1884
1885 2014-12-22  Mark Lam  <mark.lam@apple.com>
1886
1887         Fix some typos in a comment.
1888         <https://webkit.org/b/139882>
1889
1890         Reviewed by Michael Saboff.
1891
1892         * jit/JITPropertyAccess.cpp:
1893         (JSC::JIT::emit_op_get_by_val):
1894
1895 2014-12-22  Mark Lam  <mark.lam@apple.com>
1896
1897         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
1898         <https://webkit.org/b/138118>
1899
1900         Reviewed by Michael Saboff.
1901
1902         * runtime/JSObject.cpp:
1903         (JSC::JSObject::convertInt32ToArrayStorage):
1904         (JSC::JSObject::convertDoubleToArrayStorage):
1905         (JSC::JSObject::convertContiguousToArrayStorage):
1906
1907 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
1908
1909         [iOS] add optimized fullscreen API
1910         https://bugs.webkit.org/show_bug.cgi?id=139833
1911         <rdar://problem/18844486>
1912
1913         Reviewed by Simon Fraser.
1914
1915         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
1916
1917 2014-12-20  David Kilzer  <ddkilzer@apple.com>
1918
1919         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
1920         <http://webkit.org/b/139463>
1921
1922         Reviewed by Mark Rowe.
1923
1924         * Configurations/JavaScriptCore.xcconfig:
1925         - Simplify SECTORDER_FLAGS.
1926
1927 2014-12-19  Andreas Kling  <akling@apple.com>
1928
1929         Plug leak below LLVMCopyStringRepOfTargetData().
1930         <https://webkit.org/b/139832>
1931
1932         Reviewed by Michael Saboff.
1933
1934         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
1935         to free() it after we're done using it.
1936
1937         * ftl/FTLCompile.cpp:
1938         (JSC::FTL::mmAllocateDataSection):
1939
1940 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
1941
1942         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
1943         https://bugs.webkit.org/show_bug.cgi?id=139797
1944
1945         Reviewed by Mark Lam.
1946
1947         * debugger/Debugger.h:
1948         * debugger/Debugger.cpp:
1949         (JSC::Debugger::isAttached):
1950         Check if we are the debugger for a particular global object.
1951         (JSC::Debugger::pauseIfNeeded):
1952         Pass the global object on when hitting a brekapoint.
1953
1954         * inspector/ScriptDebugServer.h:
1955         * inspector/ScriptDebugServer.cpp:
1956         (Inspector::ScriptDebugServer::handleBreakpointHit):
1957         Stop evaluting breakpoint actions if a previous action caused the
1958         debugger to detach from this global object.
1959         (Inspector::ScriptDebugServer::handlePause):
1960         Standardize on passing JSGlobalObject parameter first.
1961
1962 2014-12-19  Mark Lam  <mark.lam@apple.com>
1963
1964         [Win] Endless compiler warnings created by DFGEdge.h.
1965         <https://webkit.org/b/139801>
1966
1967         Reviewed by Brent Fulgham.
1968
1969         Add a cast to fix the type just the way the 64-bit version does.
1970
1971         * dfg/DFGEdge.h:
1972         (JSC::DFG::Edge::makeWord):
1973
1974 2014-12-19  Commit Queue  <commit-queue@webkit.org>
1975
1976         Unreviewed, rolling out r177574.
1977         https://bugs.webkit.org/show_bug.cgi?id=139821
1978
1979         "Broke Production builds by installing
1980         libWebCoreTestSupport.dylib in the wrong directory" (Requested
1981         by ddkilzer on #webkit).
1982
1983         Reverted changeset:
1984
1985         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
1986         WebInspectorUI, WebKit, WebKit2"
1987         https://bugs.webkit.org/show_bug.cgi?id=139463
1988         http://trac.webkit.org/changeset/177574
1989
1990 2014-12-19  Michael Saboff  <msaboff@apple.com>
1991
1992         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
1993         https://bugs.webkit.org/show_bug.cgi?id=139808
1994
1995         Reviewed by Oliver Hunt.
1996
1997         There are three changes here.
1998         1) Create a VariableWatchpointSet for captured arguments variables.
1999         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2000         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2001
2002         * bytecompiler/BytecodeGenerator.cpp:
2003         (JSC::BytecodeGenerator::BytecodeGenerator):
2004         * llint/LowLevelInterpreter32_64.asm:
2005         * llint/LowLevelInterpreter64.asm:
2006
2007 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2008
2009         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2010         <http://webkit.org/b/139463>
2011
2012         Reviewed by Mark Rowe.
2013
2014         * Configurations/JavaScriptCore.xcconfig:
2015         - Simplify SECTORDER_FLAGS.
2016
2017 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2018
2019         Unreviewed build fix.
2020
2021         * jsc.cpp: Remove typo.
2022
2023 2014-12-17  Michael Saboff  <msaboff@apple.com>
2024
2025         Tests with infinite recursion frequently crash
2026         https://bugs.webkit.org/show_bug.cgi?id=139548
2027
2028         Reviewed by Geoffrey Garen.
2029
2030         While unwinding, if the call frame doesn't have a codeblock, then we
2031         are in native code, handle appropriately.
2032
2033         * interpreter/Interpreter.cpp:
2034         (JSC::unwindCallFrame):
2035         (JSC::UnwindFunctor::operator()):
2036         Added checks for null CodeBlock.
2037
2038         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2039
2040 2014-12-17  Chris Dumez  <cdumez@apple.com>
2041
2042         [iOS] Make it possible to toggle FeatureCounter support at runtime
2043         https://bugs.webkit.org/show_bug.cgi?id=139688
2044         <rdar://problem/19266254>
2045
2046         Reviewed by Andreas Kling.
2047
2048         Stop linking against AppSupport framework as the functionality is no
2049         longer in WTF (it was moved to WebCore).
2050
2051         * Configurations/JavaScriptCore.xcconfig:
2052
2053 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2054
2055         [Win] Correct DebugSuffix builds under MSBuild
2056         https://bugs.webkit.org/show_bug.cgi?id=139733
2057         <rdar://problem/19276880>
2058
2059         Reviewed by Simon Fraser.
2060
2061         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2062         '_debug' suffix when building the DebugSuffix target.
2063
2064 2014-12-16  Enrica Casucci  <enrica@apple.com>
2065
2066         Fix iOS builders for 8.0
2067         https://bugs.webkit.org/show_bug.cgi?id=139495
2068
2069         Reviewed by Michael Saboff.
2070
2071         * Configurations/LLVMForJSC.xcconfig:
2072         * llvm/library/LLVMExports.cpp:
2073         (initializeAndGetJSCLLVMAPI):
2074
2075 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2076
2077         Unreviewed, rolling out r177380.
2078         https://bugs.webkit.org/show_bug.cgi?id=139707
2079
2080         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2081         msaboff_ on #webkit).
2082
2083         Reverted changeset:
2084
2085         "Fixes operationPutByIdOptimizes such that they check that the
2086         put didn't"
2087         https://bugs.webkit.org/show_bug.cgi?id=139500
2088         http://trac.webkit.org/changeset/177380
2089
2090 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2091
2092         Fixes operationPutByIdOptimizes such that they check that the put didn't
2093         change the structure of the object who's property access is being
2094         cached.
2095         https://bugs.webkit.org/show_bug.cgi?id=139500
2096
2097         Reviewed by Geoffrey Garen.
2098
2099         * jit/JITOperations.cpp:
2100         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2101         (JSC::operationPutByIdNonStrictOptimize): ditto.
2102         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2103         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2104         * jit/Repatch.cpp:
2105         (JSC::tryCachePutByID): Added argument for the old structure
2106         (JSC::repatchPutByID): Added argument for the old structure
2107         * jit/Repatch.h:
2108         * tests/stress/put-by-id-build-list-order-recurse.js: 
2109         Added test that fails without this patch.
2110
2111 2014-12-15  Chris Dumez  <cdumez@apple.com>
2112
2113         [iOS] Add feature counting support
2114         https://bugs.webkit.org/show_bug.cgi?id=139652
2115         <rdar://problem/19255690>
2116
2117         Reviewed by Gavin Barraclough.
2118
2119         Link against AppSupport framework on iOS as we need it to implement
2120         the new FeatureCounter API in WTF.
2121
2122         * Configurations/JavaScriptCore.xcconfig:
2123
2124 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2125
2126         Unreviewed, rolling out r177284.
2127         https://bugs.webkit.org/show_bug.cgi?id=139658
2128
2129         "Breaks API tests and LayoutTests on Yosemite Debug"
2130         (Requested by msaboff on #webkit).
2131
2132         Reverted changeset:
2133
2134         "Make sure range based iteration of Vector<> still receives
2135         bounds checking"
2136         https://bugs.webkit.org/show_bug.cgi?id=138821
2137         http://trac.webkit.org/changeset/177284
2138
2139 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2140
2141         [EFL] FTL JIT not working on ARM64
2142         https://bugs.webkit.org/show_bug.cgi?id=139295
2143
2144         Reviewed by Michael Saboff.
2145
2146         Added the missing code for stack unwinding and some additional small fixes
2147         to get FTL working correctly.
2148
2149         * ftl/FTLCompile.cpp:
2150         (JSC::FTL::mmAllocateDataSection):
2151         * ftl/FTLUnwindInfo.cpp:
2152         (JSC::FTL::UnwindInfo::parse):
2153
2154 2014-12-15  Oliver Hunt  <oliver@apple.com>
2155
2156         Make sure range based iteration of Vector<> still receives bounds checking
2157         https://bugs.webkit.org/show_bug.cgi?id=138821
2158
2159         Reviewed by Mark Lam.
2160
2161         Update code to deal with slightly changed iterator semantics.
2162
2163         * bytecode/UnlinkedCodeBlock.cpp:
2164         (JSC::UnlinkedCodeBlock::visitChildren):
2165         * bytecompiler/BytecodeGenerator.cpp:
2166         (JSC::BytecodeGenerator::emitComplexPopScopes):
2167         * dfg/DFGSpeculativeJIT.cpp:
2168         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2169         * ftl/FTLAbbreviations.h:
2170         (JSC::FTL::mdNode):
2171         (JSC::FTL::buildCall):
2172         * llint/LLIntData.cpp:
2173         (JSC::LLInt::Data::performAssertions):
2174         * parser/Parser.h:
2175         (JSC::Scope::Scope):
2176         * runtime/JSArray.cpp:
2177         (JSC::JSArray::setLengthWithArrayStorage):
2178         (JSC::JSArray::sortCompactedVector):
2179         * tools/ProfileTreeNode.h:
2180         (JSC::ProfileTreeNode::dumpInternal):
2181         * yarr/YarrJIT.cpp:
2182         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2183
2184 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2185
2186         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2187         https://bugs.webkit.org/show_bug.cgi?id=139630
2188
2189         Reviewed by Oliver Hunt.
2190         
2191         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2192         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2193         deferral worked so I wrote my discoveries down.
2194
2195         * dfg/DFGInsertionSet.h:
2196         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2197         * dfg/DFGPutLocalSinkingPhase.cpp:
2198         * tests/stress/put-local-conservative.js: Added.
2199         (foo):
2200         (.result):
2201         (bar):
2202
2203 2014-12-14  Andreas Kling  <akling@apple.com>
2204
2205         Replace PassRef with Ref/Ref&& across the board.
2206         <https://webkit.org/b/139587>
2207
2208         Reviewed by Darin Adler.
2209
2210         * runtime/Identifier.cpp:
2211         (JSC::Identifier::add):
2212         (JSC::Identifier::add8):
2213         * runtime/Identifier.h:
2214         (JSC::Identifier::add):
2215         * runtime/IdentifierInlines.h:
2216         (JSC::Identifier::add):
2217
2218 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2219
2220         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2221         https://bugs.webkit.org/show_bug.cgi?id=139598
2222         <rdar://problem/18779367>
2223
2224         Reviewed by Filip Pizlo.
2225
2226         * runtime/JSArray.cpp:
2227         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2228         * tests/stress/sparse_splice.js: Added.
2229
2230 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2231
2232         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2233         https://bugs.webkit.org/show_bug.cgi?id=139532
2234
2235         Reviewed by Mark Lam.
2236
2237         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2238
2239         * builtins/BuiltinExecutables.h:
2240         * bytecode/CodeBlock.h:
2241         * bytecode/UnlinkedCodeBlock.cpp:
2242         (JSC::generateFunctionCodeBlock):
2243         * ftl/FTLAbstractHeap.cpp:
2244         (JSC::FTL::IndexedAbstractHeap::atSlow):
2245         * ftl/FTLAbstractHeap.h:
2246         * ftl/FTLCompile.cpp:
2247         (JSC::FTL::mmAllocateDataSection):
2248         * ftl/FTLJITFinalizer.h:
2249         * jsc.cpp:
2250         (jscmain):
2251         * parser/Lexer.h:
2252         * runtime/PropertyMapHashTable.h:
2253         (JSC::PropertyTable::clearDeletedOffsets):
2254         (JSC::PropertyTable::addDeletedOffset):
2255         * runtime/PropertyTable.cpp:
2256         (JSC::PropertyTable::PropertyTable):
2257         * runtime/RegExpObject.cpp:
2258         * runtime/SmallStrings.cpp:
2259         * runtime/Structure.cpp:
2260         * runtime/StructureIDTable.cpp:
2261         (JSC::StructureIDTable::StructureIDTable):
2262         (JSC::StructureIDTable::resize):
2263         * runtime/StructureIDTable.h:
2264         * runtime/StructureTransitionTable.h:
2265         * runtime/VM.cpp:
2266         (JSC::VM::VM):
2267         (JSC::VM::~VM):
2268         * runtime/VM.h:
2269         * tools/CodeProfile.h:
2270         (JSC::CodeProfile::CodeProfile):
2271         (JSC::CodeProfile::addChild):
2272
2273 2014-12-11  Dan Bernstein  <mitz@apple.com>
2274
2275         iOS Simulator production build fix.
2276
2277         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2278         Simulator, as we did prior to 177027.
2279
2280 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2281
2282         Explicitly export somre more RWIProtocol classes.
2283         rdar://problem/19220408
2284
2285         Unreviewed build fix.
2286
2287         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2288         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2289         * inspector/scripts/codegen/generate_objc_header.py:
2290         (ObjCHeaderGenerator._generate_event_interfaces):
2291         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2292         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2293         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2294         * inspector/scripts/tests/expected/enum-values.json-result:
2295         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2296         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2297         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2298         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2299         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2300         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2301         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2302         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2303         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2304
2305 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2306
2307         Explicitly export some RWIProtocol classes
2308         rdar://problem/19220408
2309
2310         * inspector/scripts/codegen/generate_objc_header.py:
2311         (ObjCHeaderGenerator._generate_type_interface):
2312         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2313         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2314         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2315         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2316         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2317         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2318         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2319
2320 2014-12-11  Mark Lam  <mark.lam@apple.com>
2321
2322         Fix broken build after r177146.
2323         https://bugs.webkit.org/show_bug.cgi?id=139533 
2324
2325         Not reviewed.
2326
2327         * interpreter/CallFrame.h:
2328         (JSC::ExecState::init):
2329         - Restored CallFrame::init() minus the unused JSScope* arg.
2330         * runtime/JSGlobalObject.cpp:
2331         (JSC::JSGlobalObject::init):
2332         - Remove JSScope* arg when calling CallFrame::init().
2333
2334 2014-12-11  Michael Saboff  <msaboff@apple.com>
2335
2336         REGRESSION: Use of undefined CallFrame::ScopeChain value
2337         https://bugs.webkit.org/show_bug.cgi?id=139533
2338
2339         Reviewed by Mark Lam.
2340
2341         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2342         all usages of these funcitons.  In some cases the scope is passed in or determined
2343         another way.  In some cases the scope is used to calculate other values.  Lastly
2344         were places where these functions where used that are no longer needed.  For
2345         example when making a call, the caller's ScopeChain was copied to the callee's
2346         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2347         That slot will be removed in a future patch.
2348
2349         * dfg/DFGByteCodeParser.cpp:
2350         (JSC::DFG::ByteCodeParser::parseBlock):
2351         * dfg/DFGSpeculativeJIT32_64.cpp:
2352         (JSC::DFG::SpeculativeJIT::compile):
2353         * dfg/DFGSpeculativeJIT64.cpp:
2354         (JSC::DFG::SpeculativeJIT::compile):
2355         * dfg/DFGSpeculativeJIT.h:
2356         (JSC::DFG::SpeculativeJIT::callOperation):
2357         * jit/JIT.h:
2358         * jit/JITInlines.h:
2359         (JSC::JIT::callOperation):
2360         * runtime/JSLexicalEnvironment.h:
2361         (JSC::JSLexicalEnvironment::create):
2362         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2363         * jit/JITOpcodes.cpp:
2364         (JSC::JIT::emit_op_create_lexical_environment):
2365         * jit/JITOpcodes32_64.cpp:
2366         (JSC::JIT::emit_op_create_lexical_environment):
2367         * jit/JITOperations.cpp:
2368         * jit/JITOperations.h:
2369         * llint/LLIntSlowPaths.cpp:
2370         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2371         (JSC::LLInt::handleHostCall):
2372         (JSC::LLInt::setUpCall):
2373         (JSC::LLInt::llint_throw_stack_overflow_error):
2374         Pass the current scope value to the helper operationCreateActivation() and
2375         the call to JSLexicalEnvironment::create() instead of using the stack frame
2376         scope chain value.
2377
2378         * dfg/DFGFixupPhase.cpp:
2379         (JSC::DFG::FixupPhase::fixupNode):
2380         CreateActivation now has a second child, the scope.
2381
2382         * interpreter/CallFrame.h:
2383         (JSC::ExecState::init): Deleted.  This is dead code.
2384         (JSC::ExecState::scope): Deleted.
2385         (JSC::ExecState::setScope): Deleted.
2386
2387         * interpreter/Interpreter.cpp:
2388         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2389         chain slot.  
2390         
2391         (JSC::Interpreter::execute):
2392         (JSC::Interpreter::executeCall):
2393         (JSC::Interpreter::executeConstruct):
2394         Changed process to find JSScope values on the stack or by some other means.
2395
2396         * runtime/JSWithScope.h:
2397         (JSC::JSWithScope::JSWithScope): Deleted.
2398         Eliminated unused constructor.
2399
2400         * runtime/StrictEvalActivation.cpp:
2401         (JSC::StrictEvalActivation::StrictEvalActivation):
2402         * runtime/StrictEvalActivation.h:
2403         (JSC::StrictEvalActivation::create):
2404         Changed to pass in the current scope.
2405
2406 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2407
2408         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2409         https://bugs.webkit.org/show_bug.cgi?id=139351
2410
2411         Reviewed by Filip Pizlo.
2412
2413         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2414
2415         * bytecode/SamplingTool.h:
2416         (JSC::SamplingTool::SamplingTool):
2417         * heap/CopiedBlock.h:
2418         (JSC::CopiedBlock::didSurviveGC):
2419         (JSC::CopiedBlock::pin):
2420         * heap/CopiedBlockInlines.h:
2421         (JSC::CopiedBlock::reportLiveBytes):
2422         * heap/GCActivityCallback.h:
2423         * heap/GCThread.cpp:
2424         * heap/Heap.h:
2425         * heap/HeapInlines.h:
2426         (JSC::Heap::markListSet):
2427         * jit/ExecutableAllocator.cpp:
2428         * jit/JIT.cpp:
2429         (JSC::JIT::privateCompile):
2430         * jit/JIT.h:
2431         * jit/JITThunks.cpp:
2432         (JSC::JITThunks::JITThunks):
2433         (JSC::JITThunks::clearHostFunctionStubs):
2434         * jit/JITThunks.h:
2435         * parser/Parser.cpp:
2436         (JSC::Parser<LexerType>::Parser):
2437         * parser/Parser.h:
2438         (JSC::Scope::Scope):
2439         (JSC::Scope::pushLabel):
2440         * parser/ParserArena.cpp:
2441         * parser/ParserArena.h:
2442         (JSC::ParserArena::identifierArena):
2443         * parser/SourceProviderCache.h:
2444         * runtime/CodeCache.h:
2445         * runtime/Executable.h:
2446         * runtime/JSArray.cpp:
2447         (JSC::JSArray::sortVector):
2448         * runtime/JSGlobalObject.h:
2449
2450 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2451
2452         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2453         https://bugs.webkit.org/show_bug.cgi?id=139501
2454
2455         Reviewed by Gavin Barraclough.
2456
2457         NSVersionOfLinkTimeLibrary only works if you link directly against
2458         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2459
2460         It's easy enough just to disable this check on Apple TV, since it has no
2461         backwards compatibility requirement.
2462
2463         * API/JSWrapperMap.mm:
2464         (supportsInitMethodConstructors):
2465
2466 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2467
2468         Fixes operationPutByIds such that they check that the put didn't
2469         change the structure of the object who's property access is being
2470         cached.
2471         https://bugs.webkit.org/show_bug.cgi?id=139196
2472
2473         Reviewed by Filip Pizlo.
2474
2475         * jit/JITOperations.cpp:
2476         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2477         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2478         (JSC::operationPutByIdNonStrictBuildList): ditto.
2479         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2480         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2481         * jit/Repatch.cpp:
2482         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2483         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2484         is the same as the new.
2485         (JSC::buildPutByIdList): Added an argument
2486         * jit/Repatch.h: 
2487         (JSC::buildPutByIdList): Added an argument
2488         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2489
2490 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2491
2492         URTBF after r177030.
2493
2494         Fix linking failure occured on ARM buildbots:
2495         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2496
2497         * runtime/NullGetterFunction.cpp:
2498
2499 2014-12-09  Michael Saboff  <msaboff@apple.com>
2500
2501         DFG Tries using an inner object's getter/setter when one hasn't been defined
2502         https://bugs.webkit.org/show_bug.cgi?id=139229
2503
2504         Reviewed by Filip Pizlo.
2505
2506         Added a new NullGetterFunction singleton class to use for getters and setters that
2507         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2508         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2509         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2510         helper methods.  
2511
2512         * CMakeLists.txt:
2513         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2514         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2515         * JavaScriptCore.xcodeproj/project.pbxproj:
2516         Added NullGetterFunction.cpp & .h to build files.
2517
2518         * dfg/DFGAbstractInterpreterInlines.h:
2519         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2520         * runtime/ObjectPrototype.cpp:
2521         (JSC::objectProtoFuncLookupGetter):
2522         (JSC::objectProtoFuncLookupSetter):
2523         * runtime/PropertyDescriptor.cpp:
2524         (JSC::PropertyDescriptor::setDescriptor):
2525         (JSC::PropertyDescriptor::setAccessorDescriptor):
2526         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
2527         helpers.
2528
2529         * inspector/JSInjectedScriptHostPrototype.cpp:
2530         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
2531         * inspector/JSJavaScriptCallFramePrototype.cpp:
2532         * jit/JITOperations.cpp:
2533         * llint/LLIntSlowPaths.cpp:
2534         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2535         * runtime/JSObject.cpp:
2536         (JSC::JSObject::putIndexedDescriptor):
2537         (JSC::putDescriptor):
2538         (JSC::JSObject::defineOwnNonIndexProperty):
2539         * runtime/MapPrototype.cpp:
2540         (JSC::MapPrototype::finishCreation):
2541         * runtime/SetPrototype.cpp:
2542         (JSC::SetPrototype::finishCreation):
2543         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
2544         and withSetter() to provide a global object.
2545
2546         * runtime/GetterSetter.cpp:
2547         (JSC::GetterSetter::withGetter):
2548         (JSC::GetterSetter::withSetter):
2549         (JSC::callGetter):
2550         (JSC::callSetter):
2551         * runtime/GetterSetter.h:
2552         (JSC::GetterSetter::GetterSetter):
2553         (JSC::GetterSetter::create):
2554         (JSC::GetterSetter::isGetterNull):
2555         (JSC::GetterSetter::isSetterNull):
2556         (JSC::GetterSetter::setGetter):
2557         (JSC::GetterSetter::setSetter):
2558         Changed to use NullGetterFunction for unspecified getters / setters.
2559
2560         * runtime/JSGlobalObject.cpp:
2561         (JSC::JSGlobalObject::init):
2562         (JSC::JSGlobalObject::createThrowTypeError):
2563         (JSC::JSGlobalObject::visitChildren):
2564         * runtime/JSGlobalObject.h:
2565         (JSC::JSGlobalObject::nullGetterFunction):
2566         (JSC::JSGlobalObject::evalFunction):
2567         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
2568         setGetter() and setSetter() to provide a global object.
2569
2570         * runtime/NullGetterFunction.cpp: Added.
2571         (JSC::callReturnUndefined):
2572         (JSC::constructReturnUndefined):
2573         (JSC::NullGetterFunction::getCallData):
2574         (JSC::NullGetterFunction::getConstructData):
2575         * runtime/NullGetterFunction.h: Added.
2576         (JSC::NullGetterFunction::create):
2577         (JSC::NullGetterFunction::createStructure):
2578         (JSC::NullGetterFunction::NullGetterFunction):
2579         New singleton class that returns undefined when called.
2580
2581 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
2582
2583         Re-enable function.arguments
2584         https://bugs.webkit.org/show_bug.cgi?id=139452
2585         <rdar://problem/18848149>
2586
2587         Reviewed by Sam Weinig.
2588
2589         Disabling function.arguments broke a few websites, and we don't have
2590         time right now to work through the details.
2591
2592         I'm re-enabling function.arguments but leaving in the infrastructure
2593         to re-disable it, so we can try this experiment again in the future.
2594
2595         * runtime/Options.h:
2596
2597 2014-12-09  David Kilzer  <ddkilzer@apple.com>
2598
2599         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
2600         <http://webkit.org/b/139212>
2601
2602         Reviewed by Joseph Pecoraro.
2603
2604         * Configurations/Base.xcconfig:
2605         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
2606           on OS X.
2607         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
2608           OS X.
2609         - Set JAVASCRIPTCORE_CONTENTS_DIR and
2610           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
2611
2612         * Configurations/DebugRelease.xcconfig:
2613         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
2614
2615         * Configurations/JSC.xcconfig:
2616         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
2617
2618         * Configurations/JavaScriptCore.xcconfig:
2619         - Set OTHER_LDFLAGS separately for iOS and OS X.
2620         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
2621           Production builds.
2622         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
2623
2624         * Configurations/LLVMForJSC.xcconfig:
2625         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
2626         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
2627           separately for iOS hardware and OS X.
2628         - Fix curly braces in LIBRARY_SEARCH_PATHS.
2629         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
2630           done before this patch.)
2631
2632         * Configurations/ToolExecutable.xcconfig:
2633         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
2634         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
2635         - Add missing newline.
2636
2637         * Configurations/Version.xcconfig:
2638         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
2639
2640 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2641
2642         Fix EFL build fix since r177001
2643         https://bugs.webkit.org/show_bug.cgi?id=139428
2644
2645         Unreviewed, EFL build fix.
2646
2647         Do not inherit duplicated class. ExpressionNode is already
2648         child of ParserArenaFreeable class.
2649
2650         * parser/Nodes.h:
2651
2652 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
2653
2654         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
2655         https://bugs.webkit.org/show_bug.cgi?id=139384
2656
2657         Reviewed by Mark Lam.
2658
2659         Fix Build Warning by using dataLog() function instead of dataLogF() function.
2660
2661         * runtime/ControlFlowProfiler.cpp:
2662         (JSC::ControlFlowProfiler::dumpData):
2663
2664 2014-12-08  Saam Barati  <saambarati1@gmail.com>
2665
2666         Web Inspector: Enable runtime API for JSC's control flow profiler
2667         https://bugs.webkit.org/show_bug.cgi?id=139346
2668
2669         Reviewed by Joseph Pecoraro.
2670
2671         This patch creates an API that the Web Inspector can use
2672         to get information about which basic blocks have exectued
2673         from JSC's control flow profiler.
2674
2675         * inspector/agents/InspectorRuntimeAgent.cpp:
2676         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2677         * inspector/agents/InspectorRuntimeAgent.h:
2678         * inspector/protocol/Runtime.json:
2679
2680 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
2681
2682         Removed some allocation and cruft from the parser
2683         https://bugs.webkit.org/show_bug.cgi?id=139416
2684
2685         Reviewed by Mark Lam.
2686
2687         Now, the only AST nodes that require a destructor are the ones that
2688         relate to pickling a function's arguments -- which will required some
2689         deeper thinking to resolve.
2690
2691         This is a < 1% parser speedup.
2692
2693         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2694         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2695         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
2696         was unused.
2697
2698         * bytecompiler/NodesCodegen.cpp:
2699         (JSC::CommaNode::emitBytecode):
2700         (JSC::SourceElements::lastStatement):
2701         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
2702
2703         * parser/ASTBuilder.h:
2704         (JSC::ASTBuilder::ASTBuilder):
2705         (JSC::ASTBuilder::varDeclarations):
2706         (JSC::ASTBuilder::funcDeclarations):
2707         (JSC::ASTBuilder::createFuncDeclStatement):
2708         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
2709         it wasn't buying us anything. We can just use Vector directly.
2710
2711         (JSC::ASTBuilder::createCommaExpr):
2712         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
2713         of a vector, to avoid allocating a vector with inline capacity in the
2714         common case in which an expression is not followed by a vector.
2715
2716         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
2717         up a Vector*.
2718
2719         (JSC::ASTBuilder::appendToComma): Deleted.
2720         (JSC::ASTBuilder::combineCommaNodes): Deleted.
2721
2722         * parser/Lexer.cpp:
2723
2724         * parser/NodeConstructors.h:
2725         (JSC::StatementNode::StatementNode):
2726         (JSC::CommaNode::CommaNode):
2727         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
2728
2729         * parser/NodeInfo.h: Removed.
2730
2731         * parser/Nodes.cpp:
2732         (JSC::SourceElements::append):
2733         (JSC::SourceElements::singleStatement): Use a linked list instead of a
2734         vector to track the statements in a list. This removes some allocation
2735         and it means that we don't need a destructor anymore.
2736
2737         (JSC::ScopeNode::ScopeNode):
2738         (JSC::ProgramNode::ProgramNode):
2739         (JSC::EvalNode::EvalNode):
2740         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
2741         since these values are never null.
2742
2743         * parser/Nodes.h:
2744         (JSC::StatementNode::next):
2745         (JSC::StatementNode::setNext):
2746         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
2747
2748         * parser/Parser.cpp:
2749         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
2750
2751         (JSC::Parser<LexerType>::parseVarDeclarationList):
2752         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
2753         an explicit list of CommaNodes, removing a use of vector and a destructor.
2754
2755         * parser/Parser.h:
2756         (JSC::Parser<LexerType>::parse):
2757         * parser/SyntaxChecker.h:
2758         (JSC::SyntaxChecker::createCommaExpr):
2759         (JSC::SyntaxChecker::appendToCommaExpr):
2760         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
2761
2762 2014-12-08  Commit Queue  <commit-queue@webkit.org>
2763
2764         Unreviewed, rolling out r176979.
2765         https://bugs.webkit.org/show_bug.cgi?id=139424
2766
2767         "New JSC test in this patch is failing" (Requested by mlam on
2768         #webkit).
2769
2770         Reverted changeset:
2771
2772         "Fixes operationPutByIds such that they check that the put
2773         didn't"
2774         https://bugs.webkit.org/show_bug.cgi?id=139196
2775         http://trac.webkit.org/changeset/176979
2776
2777 2014-12-08  Matthew Mirman  <mmirman@apple.com>
2778
2779         Fixes operationPutByIds such that they check that the put didn't
2780         change the structure of the object who's property access is being
2781         cached.
2782         https://bugs.webkit.org/show_bug.cgi?id=139196
2783
2784         Reviewed by Filip Pizlo.
2785
2786         * jit/JITOperations.cpp:
2787         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2788         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2789         (JSC::operationPutByIdNonStrictBuildList): ditto.
2790         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2791         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2792         * jit/Repatch.cpp:
2793         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2794         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2795         is the same as the new.
2796         (JSC::buildPutByIdList): Added an argument
2797         * jit/Repatch.h: 
2798         (JSC::buildPutByIdList): Added an argument
2799         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
2800         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2801
2802  
2803 2014-12-08  Anders Carlsson  <andersca@apple.com>
2804
2805         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
2806         https://bugs.webkit.org/show_bug.cgi?id=139410
2807
2808         Reviewed by Andreas Kling.
2809
2810         * API/JSContextRef.cpp:
2811         (JSContextGroupSetExecutionTimeLimit):
2812         (JSContextGroupClearExecutionTimeLimit):
2813         * runtime/Watchdog.cpp:
2814         (JSC::Watchdog::setTimeLimit):
2815         (JSC::Watchdog::didFire):
2816         (JSC::Watchdog::startCountdownIfNeeded):
2817         (JSC::Watchdog::startCountdown):
2818         * runtime/Watchdog.h:
2819         * runtime/WatchdogMac.cpp:
2820         (JSC::Watchdog::startTimer):
2821
2822 2014-12-08  Mark Lam  <mark.lam@apple.com>
2823
2824         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
2825         <https://webkit.org/b/139327>
2826
2827         Reviewed by Michael Saboff.
2828
2829         The code generator and runtime slow paths expects otherwise.  This patch fixes
2830         CFA to match the code generator's expectation.
2831
2832         * dfg/DFGArrayMode.h:
2833         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
2834         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
2835
2836 2014-12-08  Chris Dumez  <cdumez@apple.com>
2837
2838         Revert r176293 & r176275
2839
2840         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
2841         instead of size_t. There is some disagreement regarding the long-term direction
2842         of the API and we shouldn’t leave the API partly transitioned to unsigned type
2843         while making a decision.
2844
2845         * bytecode/PreciseJumpTargets.cpp:
2846         * replay/EncodedValue.h:
2847
2848 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
2849
2850         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
2851         https://bugs.webkit.org/show_bug.cgi?id=139373
2852
2853         Reviewed by Sam Weinig.
2854
2855         * interpreter/Interpreter.cpp:
2856
2857 2014-12-06  Anders Carlsson  <andersca@apple.com>
2858
2859         Fix build with newer versions of clang.
2860         rdar://problem/18978716
2861
2862         * ftl/FTLJITCode.h:
2863         Add missing overrides.
2864
2865 2014-12-05  Roger Fong  <roger_fong@apple.com>
2866
2867         [Win] proj files copying over too many resources..
2868         https://bugs.webkit.org/show_bug.cgi?id=139315.
2869         <rdar://problem/19148278>
2870
2871         Reviewed by Brent Fulgham.
2872
2873         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
2874
2875 2014-12-05  Juergen Ributzka  <juergen@apple.com>
2876
2877         [JSC][FTL] Add the data layout to the module and fix the pass order.
2878         https://bugs.webkit.org/show_bug.cgi?id=138748
2879
2880         Reviewed by Oliver Hunt.
2881
2882         This adds the data layout to the module, so it can be used by all
2883         optimization passes in the LLVM optimizer pipeline. This also allows
2884         FastISel to select more instructions, because less non-legal types are
2885         generated.
2886         
2887         Also fix the order of the alias analysis passes in the optimization
2888         pipeline.
2889
2890         * ftl/FTLCompile.cpp:
2891         (JSC::FTL::mmAllocateDataSection):
2892
2893 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
2894
2895         Removed an unused function.
2896
2897         Reviewed by Michael Saboff.
2898
2899         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
2900
2901         * parser/ParserArena.h:
2902
2903 2014-12-05  David Kilzer  <ddkilzer@apple.com>
2904
2905         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
2906         <http://webkit.org/b/139286>
2907
2908         Reviewed by Daniel Bates.
2909
2910         * Configurations/FeatureDefines.xcconfig: Switch back to using
2911         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
2912
2913 2014-12-04  Mark Rowe  <mrowe@apple.com>
2914
2915         Build fix after r176836.
2916
2917         Reviewed by Mark Lam.
2918
2919         * runtime/VM.h:
2920         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
2921         Doing so results in a weak external symbol being generated.
2922
2923 2014-12-04  Saam Barati  <saambarati1@gmail.com>
2924
2925         JavaScript Control Flow Profiler
2926         https://bugs.webkit.org/show_bug.cgi?id=137785
2927
2928         Reviewed by Filip Pizlo.
2929
2930         This patch introduces a mechanism for JavaScriptCore to profile
2931         which basic blocks have executed. This mechanism will then be
2932         used by the Web Inspector to indicate which basic blocks
2933         have and have not executed.
2934         
2935         The profiling works by compiling in an op_profile_control_flow
2936         at the start of every basic block. Then, whenever this op code 
2937         executes, we know that a particular basic block has executed.
2938         
2939         When we tier up a CodeBlock that contains an op_profile_control_flow
2940         that corresponds to an already executed basic block, we don't
2941         have to emit code for that particular op_profile_control_flow
2942         because the internal data structures used to keep track of 
2943         basic block locations has already recorded that the corresponding
2944         op_profile_control_flow has executed.
2945
2946         * CMakeLists.txt:
2947         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2948         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2949         * JavaScriptCore.xcodeproj/project.pbxproj:
2950         * bytecode/BytecodeList.json:
2951         * bytecode/BytecodeUseDef.h:
2952         (JSC::computeUsesForBytecodeOffset):
2953         (JSC::computeDefsForBytecodeOffset):
2954         * bytecode/CodeBlock.cpp:
2955         (JSC::CodeBlock::dumpBytecode):
2956         (JSC::CodeBlock::CodeBlock):
2957         * bytecode/Instruction.h:
2958         * bytecode/UnlinkedCodeBlock.cpp:
2959         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2960         * bytecode/UnlinkedCodeBlock.h:
2961         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
2962         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
2963         * bytecompiler/BytecodeGenerator.cpp:
2964         (JSC::BytecodeGenerator::emitProfileControlFlow):
2965         * bytecompiler/BytecodeGenerator.h:
2966         * bytecompiler/NodesCodegen.cpp:
2967         (JSC::ConditionalNode::emitBytecode):
2968         (JSC::IfElseNode::emitBytecode):
2969         (JSC::WhileNode::emitBytecode):
2970         (JSC::ForNode::emitBytecode):
2971         (JSC::ContinueNode::emitBytecode):
2972         (JSC::BreakNode::emitBytecode):
2973         (JSC::ReturnNode::emitBytecode):
2974         (JSC::CaseClauseNode::emitBytecode):
2975         (JSC::SwitchNode::emitBytecode):
2976         (JSC::ThrowNode::emitBytecode):
2977         (JSC::TryNode::emitBytecode):
2978         (JSC::ProgramNode::emitBytecode):
2979         (JSC::FunctionNode::emitBytecode):
2980         * dfg/DFGAbstractInterpreterInlines.h:
2981         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2982         * dfg/DFGByteCodeParser.cpp:
2983         (JSC::DFG::ByteCodeParser::parseBlock):
2984         * dfg/DFGCapabilities.cpp:
2985         (JSC::DFG::capabilityLevel):
2986         * dfg/DFGClobberize.h:
2987         (JSC::DFG::clobberize):
2988         * dfg/DFGDoesGC.cpp:
2989         (JSC::DFG::doesGC):
2990         * dfg/DFGFixupPhase.cpp:
2991         (JSC::DFG::FixupPhase::fixupNode):
2992         * dfg/DFGNode.h:
2993         (JSC::DFG::Node::basicBlockLocation):
2994         * dfg/DFGNodeType.h:
2995         * dfg/DFGPredictionPropagationPhase.cpp:
2996         (JSC::DFG::PredictionPropagationPhase::propagate):
2997         * dfg/DFGSafeToExecute.h:
2998         (JSC::DFG::safeToExecute):
2999         * dfg/DFGSpeculativeJIT32_64.cpp:
3000         (JSC::DFG::SpeculativeJIT::compile):
3001         * dfg/DFGSpeculativeJIT64.cpp:
3002         (JSC::DFG::SpeculativeJIT::compile):
3003         * inspector/agents/InspectorRuntimeAgent.cpp:
3004         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3005         * jit/JIT.cpp:
3006         (JSC::JIT::privateCompileMainPass):
3007         * jit/JIT.h:
3008         * jit/JITOpcodes.cpp:
3009         (JSC::JIT::emit_op_profile_control_flow):
3010         * jit/JITOpcodes32_64.cpp:
3011         (JSC::JIT::emit_op_profile_control_flow):
3012         * jsc.cpp:
3013         (GlobalObject::finishCreation):
3014         (functionFindTypeForExpression):
3015         (functionReturnTypeFor):
3016         (functionDumpBasicBlockExecutionRanges):
3017         * llint/LowLevelInterpreter.asm:
3018         * parser/ASTBuilder.h:
3019         (JSC::ASTBuilder::createFunctionExpr):
3020         (JSC::ASTBuilder::createGetterOrSetterProperty):
3021         (JSC::ASTBuilder::createFuncDeclStatement):
3022         (JSC::ASTBuilder::endOffset):
3023         (JSC::ASTBuilder::setStartOffset):
3024         * parser/NodeConstructors.h:
3025         (JSC::Node::Node):
3026         * parser/Nodes.h:
3027         (JSC::CaseClauseNode::setStartOffset):
3028         * parser/Parser.cpp:
3029         (JSC::Parser<LexerType>::parseSwitchClauses):
3030         (JSC::Parser<LexerType>::parseSwitchDefaultClause):
3031         (JSC::Parser<LexerType>::parseBlockStatement):
3032         (JSC::Parser<LexerType>::parseStatement):
3033         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3034         (JSC::Parser<LexerType>::parseIfStatement):
3035         (JSC::Parser<LexerType>::parseExpression):
3036         (JSC::Parser<LexerType>::parseConditionalExpression):
3037         (JSC::Parser<LexerType>::parseProperty):
3038         (JSC::Parser<LexerType>::parseMemberExpression):
3039         * parser/SyntaxChecker.h:
3040         (JSC::SyntaxChecker::createFunctionExpr):
3041         (JSC::SyntaxChecker::createFuncDeclStatement):
3042         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3043         (JSC::SyntaxChecker::operatorStackPop):
3044         * runtime/BasicBlockLocation.cpp: Added.
3045         (JSC::BasicBlockLocation::BasicBlockLocation):
3046         (JSC::BasicBlockLocation::insertGap):
3047         (JSC::BasicBlockLocation::getExecutedRanges):
3048         (JSC::BasicBlockLocation::dumpData):
3049         (JSC::BasicBlockLocation::emitExecuteCode):
3050         * runtime/BasicBlockLocation.h: Added.
3051         (JSC::BasicBlockLocation::startOffset):
3052         (JSC::BasicBlockLocation::endOffset):
3053         (JSC::BasicBlockLocation::setStartOffset):
3054         (JSC::BasicBlockLocation::setEndOffset):
3055         (JSC::BasicBlockLocation::hasExecuted):
3056         * runtime/CodeCache.cpp:
3057         (JSC::CodeCache::getGlobalCodeBlock):
3058         * runtime/ControlFlowProfiler.cpp: Added.
3059         (JSC::ControlFlowProfiler::~ControlFlowProfiler):
3060         (JSC::ControlFlowProfiler::getBasicBlockLocation):
3061         (JSC::ControlFlowProfiler::dumpData):
3062         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
3063         * runtime/ControlFlowProfiler.h: Added. This class is in 
3064         charge of generating BasicBlockLocations and also
3065         providing an interface that the Web Inspector can use to ping
3066         which basic blocks have executed based on the source id of a script.
3067
3068         (JSC::BasicBlockKey::BasicBlockKey):
3069         (JSC::BasicBlockKey::isHashTableDeletedValue):
3070         (JSC::BasicBlockKey::operator==):
3071         (JSC::BasicBlockKey::hash):
3072         (JSC::BasicBlockKeyHash::hash):
3073         (JSC::BasicBlockKeyHash::equal):
3074         * runtime/Executable.cpp:
3075         (JSC::ProgramExecutable::ProgramExecutable):
3076         (JSC::ProgramExecutable::initializeGlobalProperties):
3077         * runtime/FunctionHasExecutedCache.cpp:
3078         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges):
3079         * runtime/FunctionHasExecutedCache.h:
3080         * runtime/Options.h:
3081         * runtime/TypeProfiler.cpp:
3082         (JSC::TypeProfiler::logTypesForTypeLocation):
3083         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
3084         (JSC::TypeProfiler::findLocation):
3085         (JSC::TypeProfiler::dumpTypeProfilerData):
3086         * runtime/TypeProfiler.h:
3087         (JSC::TypeProfiler::functionHasExecutedCache): Deleted.
3088         * runtime/VM.cpp:
3089         (JSC::VM::VM):
3090         (JSC::enableProfilerWithRespectToCount):
3091         (JSC::disableProfilerWithRespectToCount):
3092         (JSC::VM::enableTypeProfiler):
3093         (JSC::VM::disableTypeProfiler):
3094         (JSC::VM::enableControlFlowProfiler):
3095         (JSC::VM::disableControlFlowProfiler):
3096         (JSC::VM::dumpTypeProfilerData):
3097         * runtime/VM.h:
3098         (JSC::VM::functionHasExecutedCache):
3099         (JSC::VM::controlFlowProfiler):
3100
3101 2014-12-04  Filip Pizlo  <fpizlo@apple.com>
3102
3103         printInternal(PrintStream& out, JSC::JITCode::JITType type) ends up dumping a literal %s
3104         https://bugs.webkit.org/show_bug.cgi?id=139274
3105
3106         Reviewed by Geoffrey Garen.
3107
3108         * jit/JITCode.cpp:
3109         (WTF::printInternal):
3110
3111 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3112
3113         Removed the concept of ParserArenaRefCounted
3114         https://bugs.webkit.org/show_bug.cgi?id=139277
3115
3116         Reviewed by Oliver Hunt.
3117
3118         This is a step toward a parser speedup.
3119
3120         Now that we have a clear root node type for each parse tree, there's no
3121         need to have a concept for "I might be refcounted or arena allocated".
3122         Instead, we can just use unique_ptr to manage the tree as a whole.
3123
3124         * API/JSScriptRef.cpp:
3125         (parseScript):
3126         * builtins/BuiltinExecutables.cpp:
3127         (JSC::BuiltinExecutables::createBuiltinExecutable): Updated for type change.
3128
3129         * bytecode/UnlinkedCodeBlock.cpp:
3130         (JSC::generateFunctionCodeBlock): Use unique_ptr. No need to call
3131         destroyData() explicitly: the unique_ptr destructor will do everything
3132         we need, as Bjarne intended.
3133
3134         * parser/NodeConstructors.h:
3135         (JSC::ParserArenaRoot::ParserArenaRoot):
3136         (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Deleted.
3137
3138         * parser/Nodes.cpp:
3139         (JSC::ScopeNode::ScopeNode):
3140         (JSC::ProgramNode::ProgramNode):
3141         (JSC::EvalNode::EvalNode):
3142         (JSC::FunctionNode::FunctionNode):
3143         (JSC::ProgramNode::create): Deleted.
3144         (JSC::EvalNode::create): Deleted.
3145         (JSC::FunctionNode::create): Deleted. All special create semantics can
3146         just go away now that we play by C++ constructor / destructor rules.
3147
3148         * parser/Nodes.h:
3149         (JSC::ParserArenaRoot::parserArena):
3150         (JSC::ParserArenaRoot::~ParserArenaRoot): Just a normal class now, which
3151         holds onto the whole parse tree by virtue of owning the arena in which
3152         all the parsed nodes (except for itself) were allocated.
3153
3154         (JSC::ProgramNode::closedVariables):
3155         (JSC::ParserArenaRefCounted::~ParserArenaRefCounted): Deleted.
3156
3157         (JSC::ScopeNode::destroyData): Deleted. No need to destroy anything
3158         explicitly anymore -- we can just rely on destructors.
3159
3160         (JSC::ScopeNode::parserArena): Deleted.
3161
3162         * parser/Parser.h:
3163         (JSC::Parser<LexerType>::parse):
3164         (JSC::parse): unique_ptr all the things.
3165
3166         * parser/ParserArena.cpp:
3167         (JSC::ParserArena::reset):
3168         (JSC::ParserArena::isEmpty):
3169         (JSC::ParserArena::contains): Deleted.
3170         (JSC::ParserArena::last): Deleted.
3171         (JSC::ParserArena::removeLast): Deleted.
3172         (JSC::ParserArena::derefWithArena): Deleted.
3173         * parser/ParserArena.h:
3174         (JSC::ParserArena::swap): Much delete. Such wow.
3175
3176         * runtime/CodeCache.cpp:
3177         (JSC::CodeCache::getGlobalCodeBlock):
3178         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
3179         * runtime/Completion.cpp:
3180         (JSC::checkSyntax):
3181         * runtime/Executable.cpp:
3182         (JSC::ProgramExecutable::checkSyntax): unique_ptr all the things.
3183
3184 2014-12-04  Andreas Kling  <akling@apple.com>
3185
3186         REGRESSION(r173188): Text inserted when trying to delete a word from the Twitter message box.
3187         <https://webkit.org/b/139076>
3188
3189         Reviewed by Geoffrey Garen.
3190
3191         The StringImpl* -> Weak<JSString> cache used by the DOM bindings
3192         had a bug where the key could become a stale pointer if the cached
3193         JSString had its internal StringImpl atomicized.
3194
3195         If a new StringImpl was then later constructed at the exact same
3196         address as the stale key, before the Weak<JSString> got booted out
3197         of the string cache, we'd now have a situation where asking the
3198         string cache for that key would return the old JSString.
3199
3200         Solve this by not allowing JSString::toExistingAtomicString() to
3201         change the JSString's internal StringImpl unless it's resolving a
3202         rope string. (The StringImpl nullity determines rope state.)
3203
3204         This means that calling toExistingAtomicString() may now have to
3205         query the AtomicString table on each call rather than just once.
3206         All clients of this API would be forced to do this regardless,
3207         since they return value will be used to key into containers with
3208         AtomicStringImpl* keys.
3209
3210         No test because this relies on malloc putting two StringImpls
3211         at the same address at different points in time and we have no
3212         mechanism to reliably test that.
3213
3214         * runtime/JSString.h:
3215         (JSC::JSString::toExistingAtomicString):
3216
3217 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3218
3219         Marked some final things final.
3220
3221         Reviewed by Andreas Kling.
3222
3223         * parser/Nodes.h:
3224
3225 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3226
3227         Split out FunctionNode from FunctionBodyNode
3228         https://bugs.webkit.org/show_bug.cgi?id=139273
3229
3230         Reviewed by Andreas Kling.
3231
3232         This is step toward a parser speedup.
3233
3234         We used to use FunctionBodyNode for two different purposes:
3235
3236         (1) "I am the root function you are currently parsing";
3237
3238         (2) "I am a lazy record of a nested function, which you will parse later".
3239
3240         This made for awkward lifetime semantics and interfaces.
3241
3242         Now, case (1) is handled by FunctionBodyNode, and case (2) is handled by
3243         a new node named FunctionNode.
3244
3245         Since case (1) no longer needs to handle being the root of the parse
3246         tree, FunctionBodyNode can be a normal arena-allocated node.
3247
3248         * bytecode/UnlinkedCodeBlock.cpp:
3249         (JSC::generateFunctionCodeBlock): Use FunctionNode instead of
3250         FunctionBodyNode, since we are producing the root of the function parse
3251         tree.
3252
3253         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Removed
3254         some unused data, and default-initialized other data, which isn't filled
3255         in meaningfully until recordParse() is called. (The previous values were
3256         incorrect / meaningless, since the FunctionBodyNode didn't have
3257         meaningful values in this case.)
3258
3259         * bytecode/UnlinkedCodeBlock.h: Ditto.
3260
3261         (JSC::UnlinkedFunctionExecutable::forceUsesArguments): Deleted.
3262
3263         * bytecompiler/BytecodeGenerator.cpp:
3264         (JSC::BytecodeGenerator::BytecodeGenerator): Use FunctionNode instead of
3265         FunctionBodyNode, since we are generating code starting at the root of
3266         the parse tree.
3267
3268         (JSC::BytecodeGenerator::resolveCallee):
3269         (JSC::BytecodeGenerator::addCallee):
3270         * bytecompiler/BytecodeGenerator.h: Ditto.
3271
3272         * bytecompiler/NodesCodegen.cpp:
3273         (JSC::FunctionBodyNode::emitBytecode):
3274         (JSC::FunctionNode::emitBytecode): Moved the emitBytecode implementation
3275         to FunctionNode, since we never generate code for FunctionBodyNode,
3276         since it's just a placeholder in the AST.
3277
3278         * parser/ASTBuilder.h:
3279         (JSC::ASTBuilder::createFunctionBody):
3280         (JSC::ASTBuilder::setUsesArguments): Deleted. Updated for interface
3281         changes.
3282
3283         * parser/Nodes.cpp:
3284         (JSC::FunctionBodyNode::FunctionBodyNode):
3285         (JSC::FunctionBodyNode::finishParsing):
3286         (JSC::FunctionBodyNode::setEndPosition):
3287         (JSC::FunctionNode::FunctionNode):
3288         (JSC::FunctionNode::create):
3289         (JSC::FunctionNode::finishParsing):
3290         (JSC::FunctionBodyNode::create): Deleted.
3291
3292         * parser/Nodes.h:
3293         (JSC::FunctionBodyNode::parameters):
3294         (JSC::FunctionBodyNode::source):
3295         (JSC::FunctionBodyNode::startStartOffset):
3296         (JSC::FunctionBodyNode::isInStrictContext):
3297         (JSC::FunctionNode::parameters):
3298         (JSC::FunctionNode::ident):
3299         (JSC::FunctionNode::functionMode):
3300         (JSC::FunctionNode::startColumn):
3301         (JSC::FunctionNode::endColumn):
3302         (JSC::ScopeNode::setSource): Deleted.
3303         (JSC::FunctionBodyNode::parameterCount): Deleted. Split out the differences
3304         between FunctionNode and FunctionBodyNode.
3305
3306         * parser/SyntaxChecker.h:
3307         (JSC::SyntaxChecker::createClauseList):
3308         (JSC::SyntaxChecker::setUsesArguments): Deleted. Removed setUsesArguments
3309         since it wasn't used.
3310
3311         * runtime/Executable.cpp:
3312         (JSC::ProgramExecutable::checkSyntax): Removed a branch that was always
3313         false.
3314
3315 2014-12-02  Brian J. Burg  <burg@cs.washington.edu>
3316
3317         Web Inspector: timeline probe records have inaccurate per-probe hit counts
3318         https://bugs.webkit.org/show_bug.cgi?id=138976
3319
3320         Reviewed by Joseph Pecoraro.
3321
3322         Previously, the DebuggerAgent was responsible for assigning unique ids to samples.
3323         However, this makes it impossible for the frontend's Timeline manager to associate
3324         a Probe Sample timeline record with the corresponding probe sample data. The record
3325         only included the probe batchId (misnamed as hitCount in ScriptDebugServer).
3326
3327         This patch moves both the batchId and sampleId counters into ScriptDebugServer, so
3328         any client of ScriptDebugListener will get the correct sampleId for each sample.
3329
3330         * inspector/ScriptDebugListener.h:
3331         * inspector/ScriptDebugServer.cpp:
3332         (Inspector::ScriptDebugServer::ScriptDebugServer):
3333         (Inspector::ScriptDebugServer::dispatchBreakpointActionProbe):
3334         (Inspector::ScriptDebugServer::handleBreakpointHit):
3335         * inspector/ScriptDebugServer.h:
3336         * inspector/agents/InspectorDebuggerAgent.cpp:
3337         (Inspector::InspectorDebuggerAgent::InspectorDebuggerAgent):
3338         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
3339         * inspector/agents/InspectorDebuggerAgent.h:
3340
3341 2014-12-04  Oliver Hunt  <oliver@apple.com>
3342
3343         Serialization of MapData object provides unsafe access to internal types
3344         https://bugs.webkit.org/show_bug.cgi?id=138653
3345
3346         Reviewed by Geoffrey Garen.
3347
3348         Converting these ASSERTs into RELEASE_ASSERTs, as it is now obvious
3349         that despite trying hard to be safe in all cases it's simply to easy
3350         to use an iterator in an unsafe state.
3351
3352         * runtime/MapData.h:
3353         (JSC::MapData::const_iterator::key):
3354         (JSC::MapData::const_iterator::value):
3355
3356 2014-12-03  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
3357
3358         Move JavaScriptCore/dfg to std::unique_ptr
3359         https://bugs.webkit.org/show_bug.cgi?id=139169
3360
3361         Reviewed by Filip Pizlo.
3362
3363         Use std::unique_ptr<>|std::make_unique<> in JavaScriptCore/dfg directory.
3364
3365         * dfg/DFGBasicBlock.h:
3366         * dfg/DFGJITCompiler.cpp:
3367         (JSC::DFG::JITCompiler::JITCompiler):
3368         (JSC::DFG::JITCompiler::compile):
3369         (JSC::DFG::JITCompiler::link):
3370         (JSC::DFG::JITCompiler::compileFunction):
3371         (JSC::DFG::JITCompiler::linkFunction):
3372         * dfg/DFGJITCompiler.h:
3373         * dfg/DFGPlan.cpp:
3374         (JSC::DFG::Plan::compileInThreadImpl):
3375         (JSC::DFG::Plan::cancel):
3376         * dfg/DFGPlan.h:
3377         * dfg/DFGSlowPathGenerator.h:
3378         * dfg/DFGWorklist.h:
3379         * ftl/FTLFail.cpp:
3380         (JSC::FTL::fail):
3381         * ftl/FTLState.cpp:
3382         (JSC::FTL::State::State):
3383
3384 2014-12-03  Michael Saboff  <msaboff@apple.com>
3385
3386         REGRESSION (r176479): DFG ASSERTION beneath emitOSRExitCall running Kraken/imaging-gaussian-blur.js.ftl-no-cjit-osr-validation and other tests