REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-03  David Kilzer  <ddkilzer@apple.com>
2
3         REGRESSION (r167325): (null) entry added to Xcode project file when JSBoundFunction.h was removed
4         <http://webkit.org/b/136509>
5
6         Reviewed by Daniel Bates.
7
8         * JavaScriptCore.xcodeproj/project.pbxproj: Remove the (null)
9         entry left behind when JSBoundFunction.h was removed.
10
11 2014-09-03  Joseph Pecoraro  <pecoraro@apple.com>
12
13         Avoid warning if a process does not have access to com.apple.webinspector
14         https://bugs.webkit.org/show_bug.cgi?id=136473
15
16         Reviewed by Alexey Proskuryakov.
17
18         Pre-check for access to the mach port to avoid emitting warnings
19         in syslog for processes that do not have access.
20
21         * inspector/remote/RemoteInspector.mm:
22         (Inspector::canAccessWebInspectorMachPort):
23         (Inspector::RemoteInspector::shared):
24
25 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
26
27         Temporarily disable call edge profiling. It is causing crashes and I'm still investigating
28         them.
29
30         * runtime/Options.h:
31
32 2014-09-03  Balazs Kilvady  <kilvadyb@homejinni.com>
33
34         [MIPS] Wrong register usage in LLInt op_catch.
35         https://bugs.webkit.org/show_bug.cgi?id=125168
36
37         Reviewed by Geoffrey Garen.
38
39         Fix register usage and add PIC header to all the ops in LLInt.
40
41         * offlineasm/instructions.rb:
42         * offlineasm/mips.rb:
43
44 2014-09-03  Saam Barati  <saambarati1@gmail.com>
45
46         Create tests for type profiling
47         https://bugs.webkit.org/show_bug.cgi?id=136161
48
49         Reviewed by Geoffrey Garen.
50
51         The type profiler is now being tested. These are basic tests that don't 
52         check every edge case, but will catch any major failures in the type profiler. 
53         These tests cover:
54         - The basic, inheritance-based type system in TypeSet.
55         - Function return types.
56         - Correct merging of types for multiple assignments to one variable.
57
58         This patch also provides an API for writing new tests for
59         the type profiler. The API works by passing in a function and a 
60         unique substring of an expression contained in that function, and 
61         returns an object representing type information for that expression.
62
63         * jsc.cpp:
64         (GlobalObject::finishCreation):
65         (functionFindTypeForExpression):
66         (functionReturnTypeFor):
67         * runtime/TypeProfiler.cpp:
68         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
69         * runtime/TypeProfiler.h:
70         * runtime/TypeProfilerLog.h:
71         * runtime/TypeSet.cpp:
72         (JSC::TypeSet::toJSONString):
73         (JSC::StructureShape::toJSONString):
74         * runtime/TypeSet.h:
75         * tests/typeProfiler: Added.
76         * tests/typeProfiler.yaml: Added.
77         * tests/typeProfiler/basic.js: Added.
78         (wrapper.foo):
79         (wrapper):
80         * tests/typeProfiler/captured.js: Added.
81         (wrapper.changeFoo):
82         (wrapper):
83         * tests/typeProfiler/driver: Added.
84         * tests/typeProfiler/driver/driver.js: Added.
85         (assert):
86         * tests/typeProfiler/inheritance.js: Added.
87         (wrapper.A):
88         (wrapper.B):
89         (wrapper.C):
90         (wrapper):
91         * tests/typeProfiler/return.js: Added.
92         (foo):
93         (Ctor):
94
95 2014-09-03  Julien Brianceau   <jbriance@cisco.com>
96
97         Add missing implementations to fix build for sh4 architecture
98         https://bugs.webkit.org/show_bug.cgi?id=136455
99
100         Reviewed by Geoffrey Garen.
101
102         * assembler/MacroAssemblerSH4.h:
103         (JSC::MacroAssemblerSH4::store8):
104         (JSC::MacroAssemblerSH4::moveWithPatch):
105         (JSC::MacroAssemblerSH4::branchAdd32):
106         (JSC::MacroAssemblerSH4::branch32WithPatch):
107         (JSC::MacroAssemblerSH4::abortWithReason):
108         (JSC::MacroAssemblerSH4::canJumpReplacePatchableBranch32WithPatch):
109         (JSC::MacroAssemblerSH4::startOfPatchableBranch32WithPatchOnAddress):
110         (JSC::MacroAssemblerSH4::revertJumpReplacementToPatchableBranch32WithPatch):
111         * jit/AssemblyHelpers.h:
112         (JSC::AssemblyHelpers::emitFunctionPrologue):
113         (JSC::AssemblyHelpers::emitFunctionEpilogue):
114
115 2014-09-03  Dan Bernstein  <mitz@apple.com>
116
117         Get rid of HIGH_DPI_CANVAS leftovers
118         https://bugs.webkit.org/show_bug.cgi?id=136491
119
120         Reviewed by Benjamin Poulain.
121
122         * Configurations/FeatureDefines.xcconfig: Removed definition of ENABLE_HIGH_DPI_CANVAS
123         and removed it from FEATURE_DEFINES.
124
125 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
126
127         CallEdgeProfile::visitWeak() should gracefully handle the case where primaryCallee duplicates an entry in otherCallees
128         https://bugs.webkit.org/show_bug.cgi?id=136490
129
130         Reviewed by Geoffrey Garen.
131
132         * bytecode/CallEdgeProfile.cpp:
133         (JSC::CallEdgeProfile::visitWeak):
134
135 2014-09-03  Filip Pizlo  <fpizlo@apple.com>
136
137         FTL In implementation sets callReturnLocation incorrectly leading to crashes beneath repatchCall()
138         https://bugs.webkit.org/show_bug.cgi?id=136488
139
140         Reviewed by Mark Hahnenberg.
141
142         * ftl/FTLCompile.cpp:
143         (JSC::FTL::generateCheckInICFastPath): The call is in the slow path.
144         * tests/stress/ftl-in-overflow.js: Added. This used to crash with 100% with FTL enabled.
145         (foo):
146
147 2014-09-03  Akos Kiss  <akiss@inf.u-szeged.hu>
148
149         Don't generate superfluous mov instructions for move immediate on ARM64.
150         https://bugs.webkit.org/show_bug.cgi?id=136435
151
152         Reviewed by Michael Saboff.
153
154         On ARM64, the size of an immediate operand for a mov instruction is 16
155         bits. Thus, a move immediate offlineasm instruction may potentially be
156         split up to several machine level instructions. The current
157         implementation always emits a mov for the least significant 16 bits of
158         the value. However, if any of the bits 63:16 are significant then the
159         first emitted mov already filled bits 15:0 with zeroes (or ones, for
160         negative values). So, if bits 15:0 of the value are all zeroes (or ones)
161         then the last mov does not need to be emitted.
162
163         * offlineasm/arm64.rb:
164
165 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
166
167         LegacyProfiler: remove redundant ProfileNode members and other cleanup
168         https://bugs.webkit.org/show_bug.cgi?id=136380
169
170         Reviewed by Timothy Hatcher.
171
172         ProfileNode's selfTime and totalTime members are redundant and only used
173         for dumping profile data from debug-only code. Remove the members and compute
174         the same data on-demand when necessary using a postorder traversal functor.
175
176         Remove ProfileNode.head since it is only used to calculate percentages for
177         dumped profile data. This can be explicitly passed around when needed.
178
179         Rename Profile.head to Profile.rootNode, and other various renamings.
180
181         Rearrange some header includes so that touching LegacyProfiler-related headers
182         will no longer cause a full rebuild.
183
184         * inspector/JSConsoleClient.cpp: Add header include.
185         * inspector/agents/InspectorProfilerAgent.cpp:
186         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
187         * inspector/protocol/Profiler.json: Remove unused Profile.idleTime member.
188         * jit/JIT.h: Remove header include.
189         * jit/JITCode.h: Remove header include.
190         * jit/JITOperations.cpp: Sort and add header include.
191         * llint/LLIntSlowPaths.cpp: Sort and add header include.
192         * profiler/Profile.cpp: Rename the debug dumping functions. Move the node
193         postorder traversal code to ProfileNode so we can traverse any subtree.
194         (JSC::Profile::Profile):
195         (JSC::Profile::debugPrint):
196         (JSC::Profile::debugPrintSampleStyle):
197         (JSC::Profile::forEach): Deleted.
198         (JSC::Profile::debugPrintData): Deleted.
199         (JSC::Profile::debugPrintDataSampleStyle): Deleted.
200         * profiler/Profile.h:
201         * profiler/ProfileGenerator.cpp:
202         (JSC::ProfileGenerator::ProfileGenerator):
203         (JSC::AddParentForConsoleStartFunctor::AddParentForConsoleStartFunctor):
204         (JSC::AddParentForConsoleStartFunctor::operator()):
205         (JSC::ProfileGenerator::addParentForConsoleStart):
206         (JSC::ProfileGenerator::didExecute):
207         (JSC::StopProfilingFunctor::operator()):
208         (JSC::ProfileGenerator::stopProfiling):
209         (JSC::ProfileGenerator::removeProfileStart):
210         (JSC::ProfileGenerator::removeProfileEnd):
211         * profiler/ProfileGenerator.h:
212         * profiler/ProfileNode.cpp:
213         (JSC::ProfileNode::ProfileNode):
214         (JSC::ProfileNode::willExecute):
215         (JSC::ProfileNode::removeChild):
216         (JSC::ProfileNode::stopProfiling):
217         (JSC::ProfileNode::endAndRecordCall):
218         (JSC::ProfileNode::debugPrint):
219         (JSC::ProfileNode::debugPrintSampleStyle):
220         (JSC::ProfileNode::debugPrintRecursively):
221         (JSC::ProfileNode::debugPrintSampleStyleRecursively):
222         (JSC::ProfileNode::debugPrintData): Deleted.
223         (JSC::ProfileNode::debugPrintDataSampleStyle): Deleted.
224         * profiler/ProfileNode.h: Calculate per-node self and total times using a postorder traversal.
225         The forEachNodePostorder functor traverses the subtree rooted at |this|.
226         (JSC::ProfileNode::create):
227         (JSC::ProfileNode::calls):
228         (JSC::ProfileNode::forEachNodePostorder):
229         (JSC::CalculateProfileSubtreeDataFunctor::returnValue):
230         (JSC::CalculateProfileSubtreeDataFunctor::operator()):
231         (JSC::ProfileNode::head): Deleted.
232         (JSC::ProfileNode::setHead): Deleted.
233         (JSC::ProfileNode::totalTime): Deleted.
234         (JSC::ProfileNode::setTotalTime): Deleted.
235         (JSC::ProfileNode::selfTime): Deleted.
236         (JSC::ProfileNode::setSelfTime): Deleted.
237         (JSC::ProfileNode::totalPercent): Deleted.
238         (JSC::ProfileNode::selfPercent): Deleted.
239         * runtime/ConsoleClient.h: Remove header include.
240
241 2014-09-02  Brian J. Burg  <burg@cs.washington.edu>
242
243         Web Inspector: remove ProfilerAgent and legacy profiler files in the frontend
244         https://bugs.webkit.org/show_bug.cgi?id=136462
245
246         Reviewed by Timothy Hatcher.
247
248         It's not used by the frontend anymore.
249
250         * CMakeLists.txt:
251         * DerivedSources.make:
252         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
253         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
254         * JavaScriptCore.xcodeproj/project.pbxproj:
255
256         * inspector/JSConsoleClient.cpp:
257         (Inspector::JSConsoleClient::JSConsoleClient): Stub out console.profile/profileEnd
258         methods since they didn't work for JSContexts anyway.
259         (Inspector::JSConsoleClient::profile):
260         (Inspector::JSConsoleClient::profileEnd):
261         * inspector/JSConsoleClient.h:
262
263         * inspector/JSGlobalObjectInspectorController.cpp:
264         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
265         * inspector/agents/InspectorProfilerAgent.cpp: Removed.
266         * inspector/agents/InspectorProfilerAgent.h: Removed.
267         * inspector/agents/JSGlobalObjectProfilerAgent.cpp: Removed.
268         * inspector/agents/JSGlobalObjectProfilerAgent.h: Removed.
269         * inspector/protocol/Profiler.json: Removed.
270
271 2014-09-02  Andreas Kling  <akling@apple.com>
272
273         Optimize own property GetByVals with rope string subscripts.
274         <https://webkit.org/b/136458>
275
276         For simple JSObjects that don't override getOwnPropertySlot to implement
277         custom properties, we have a fast path that grabs directly at the object
278         property storage.
279
280         Make this fast path even faster when the property name is an unresolved
281         rope string by using JSString::toExistingAtomicString(). This is faster
282         because it avoids allocating a new StringImpl if the string is already
283         a known Identifier, which is guaranteed to be the case if it's present
284         as an own property on the object.)
285
286         ~10% speed-up on Dromaeo/dom-attr.html
287
288         Reviewed by Geoffrey Garen.
289
290         * dfg/DFGOperations.cpp:
291         * jit/JITOperations.cpp:
292         (JSC::getByVal):
293         * llint/LLIntSlowPaths.cpp:
294         (JSC::LLInt::getByVal):
295
296             When using the fastGetOwnProperty() optimization, get the String
297             out of JSString by using toExistingAtomicString(). This avoids
298             StringImpl allocation and lets us bypass the PropertyTable lookup
299             entirely if no AtomicString is found.
300
301         * runtime/JSCell.h:
302         * runtime/JSCellInlines.h:
303         (JSC::JSCell::fastGetOwnProperty):
304
305             Make fastGetOwnProperty() take a PropertyName instead of a String.
306             This avoids churning the ref count, since we don't need to create
307             a temporary wrapper around the AtomicStringImpl* found in GetByVal.
308
309         * runtime/PropertyName.h:
310         (JSC::PropertyName::PropertyName):
311
312             Add constructor: PropertyName(AtomicStringImpl*)
313
314         * runtime/PropertyMapHashTable.h:
315         (JSC::PropertyTable::get):
316         (JSC::PropertyTable::findWithString): Deleted.
317         * runtime/Structure.h:
318         * runtime/StructureInlines.h:
319         (JSC::Structure::get):
320
321             Remove code for querying a PropertyTable with an unhashed string key
322             since the only client is now gone.
323
324 2014-09-02  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
325
326         [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
327         https://bugs.webkit.org/show_bug.cgi?id=136429
328
329         Reviewed by Csaba Osztrogonác.
330
331         Changed test32 to use tst to check if reg is zero, instead of cmp.
332
333         * assembler/MacroAssemblerARM.h:
334         (JSC::MacroAssemblerARM::test32):
335
336 2014-09-02  Michael Saboff  <msaboff@apple.com>
337
338         Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
339         https://bugs.webkit.org/show_bug.cgi?id=136305
340
341         Reviewed by Filip Pizlo.
342
343         While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
344         and then JITCode::execute() calls the normal entrypoint.  This is incompatible
345         with the expectation of FTL generated functions.  Changed ProtoCallFrame to not 
346         perform the arity fix, but just flag an arity mismatch.  now JITCode::execute()
347         uses that arity mismatch condition to select the normal or arity check
348         entrypoint.  The entrypoint selection is only done for functions, programs
349         and eval always have one parameter.
350
351         * interpreter/ProtoCallFrame.cpp:
352         (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
353         * interpreter/ProtoCallFrame.h:
354         (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
355         should be called.
356         * jit/JITCode.cpp:
357         (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
358
359 2014-09-02  peavo@outlook.com  <peavo@outlook.com>
360
361         [WinCairo] testapi.exe is not built.
362         https://bugs.webkit.org/show_bug.cgi?id=136369
363
364         Reviewed by Alex Christensen.
365
366         The testapi project should be of type Application.
367
368         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
369         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
370         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
371         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
372
373 2014-09-01  Akos Kiss  <akiss@inf.u-szeged.hu>
374
375         [CMAKE] Add missing offlineasm dependencies
376         https://bugs.webkit.org/show_bug.cgi?id=136437
377
378         Reviewed by Csaba Osztrogonác.
379
380         Add the ARM64, MIPS and SH4 backends to the dependencies.
381
382         * CMakeLists.txt:
383
384 2014-09-01  Brian J. Burg  <burg@cs.washington.edu>
385
386         Provide column numbers to DTrace willExecute/didExecute probes
387         https://bugs.webkit.org/show_bug.cgi?id=136434
388
389         Reviewed by Antti Koivisto.
390
391         Provide the columnNumber and update stubs for !HAVE(DTRACE).
392
393         * profiler/ProfileGenerator.cpp:
394         (JSC::ProfileGenerator::willExecute):
395         (JSC::ProfileGenerator::didExecute):
396         * runtime/Tracing.d:
397         * runtime/Tracing.h:
398
399 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
400
401         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
402         https://bugs.webkit.org/show_bug.cgi?id=136194
403
404         Reviewed by Csaba Osztrogonác.
405
406         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
407
408         * CMakeLists.txt:
409
410 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
411
412         Use RetainPtr::autorelease in some places where it seems appropriate
413         https://bugs.webkit.org/show_bug.cgi?id=136280
414
415         Reviewed by Darin Adler.
416
417         * API/JSContext.mm:
418         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
419         * API/JSValue.mm:
420         (valueToString): Make appropriate use of RetainPtr
421
422 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
423
424         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
425         https://bugs.webkit.org/show_bug.cgi?id=136391
426
427         Reviewed by Michael Saboff.
428
429         Do not rely on calling conventions to fill in the CallerFrame component
430         of the ExecState* parameter of the called function.
431
432         * llint/LowLevelInterpreter32_64.asm:
433         * llint/LowLevelInterpreter64.asm:
434
435 2014-08-29  Saam Barati  <sbarati@apple.com>
436
437         emit op_profile_type for deconstruction assignments
438         https://bugs.webkit.org/show_bug.cgi?id=136274
439
440         Reviewed by Filip Pizlo.
441
442         Enable type profiling for ES6 deconstruction expressions.
443
444         * bytecompiler/NodesCodegen.cpp:
445         (JSC::BindingNode::bindValue):
446
447 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
448
449         JavaScriptCore: Use ASCIILiteral where possible
450         https://bugs.webkit.org/show_bug.cgi?id=136179
451
452         Reviewed by Michael Saboff.
453
454         General string / character related changes. Use ASCIILiteral where
455         possible, jsNontrivialString where possible, and replace string
456         literals with character literals in some places.
457
458         No new tests, no changes to functionality.
459
460         * bytecode/CodeBlock.cpp:
461         (JSC::CodeBlock::nameForRegister):
462         * bytecompiler/NodesCodegen.cpp:
463         (JSC::PostfixNode::emitBytecode):
464         (JSC::PrefixNode::emitBytecode):
465         (JSC::AssignErrorNode::emitBytecode):
466         (JSC::ForInNode::emitMultiLoopBytecode):
467         (JSC::ForOfNode::emitBytecode):
468         (JSC::ObjectPatternNode::toString):
469         * dfg/DFGFunctionWhitelist.cpp:
470         (JSC::DFG::FunctionWhitelist::contains):
471         * dfg/DFGOperations.cpp:
472         (JSC::DFG::newTypedArrayWithSize):
473         (JSC::DFG::newTypedArrayWithOneArgument):
474         * inspector/ConsoleMessage.cpp:
475         (Inspector::ConsoleMessage::addToFrontend):
476         * inspector/InspectorBackendDispatcher.cpp:
477         (Inspector::InspectorBackendDispatcher::dispatch):
478         * inspector/ScriptCallStackFactory.cpp:
479         (Inspector::extractSourceInformationFromException):
480         * inspector/scripts/codegen/generator_templates.py:
481         * interpreter/StackVisitor.cpp:
482         (JSC::StackVisitor::Frame::functionName):
483         (JSC::StackVisitor::Frame::sourceURL):
484         * jit/JITOperations.cpp:
485         * jsc.cpp:
486         (functionDescribeArray):
487         (functionRun):
488         (functionLoad):
489         (functionReadFile):
490         (functionCheckSyntax):
491         (functionTransferArrayBuffer):
492         (runWithScripts):
493         (runInteractive):
494         * parser/Lexer.cpp:
495         (JSC::Lexer<T>::invalidCharacterMessage):
496         (JSC::Lexer<T>::parseString):
497         (JSC::Lexer<T>::parseStringSlowCase):
498         (JSC::Lexer<T>::lex):
499         * profiler/Profile.cpp:
500         (JSC::Profile::Profile):
501         * runtime/Arguments.cpp:
502         (JSC::argumentsFuncIterator):
503         * runtime/ArrayPrototype.cpp:
504         (JSC::performSlowSort):
505         (JSC::arrayProtoFuncSort):
506         * runtime/ExceptionHelpers.cpp:
507         (JSC::createError):
508         (JSC::createInvalidParameterError):
509         (JSC::createNotAConstructorError):
510         (JSC::createNotAFunctionError):
511         (JSC::createNotAnObjectError):
512         (JSC::createErrorForInvalidGlobalAssignment):
513         * runtime/FunctionPrototype.cpp:
514         (JSC::insertSemicolonIfNeeded):
515         * runtime/JSArray.cpp:
516         (JSC::JSArray::defineOwnProperty):
517         (JSC::JSArray::pop):
518         (JSC::JSArray::push):
519         * runtime/JSArrayBufferConstructor.cpp:
520         (JSC::JSArrayBufferConstructor::finishCreation):
521         * runtime/JSArrayBufferPrototype.cpp:
522         (JSC::arrayBufferProtoFuncSlice):
523         * runtime/JSDataView.cpp:
524         (JSC::JSDataView::create):
525         * runtime/JSDataViewPrototype.cpp:
526         (JSC::getData):
527         (JSC::setData):
528         * runtime/JSGlobalObject.cpp:
529         (JSC::JSGlobalObject::reset):
530         * runtime/JSGlobalObjectFunctions.cpp:
531         (JSC::globalFuncProtoSetter):
532         * runtime/JSPromiseConstructor.cpp:
533         (JSC::JSPromiseConstructor::finishCreation):
534         * runtime/LiteralParser.cpp:
535         (JSC::LiteralParser<CharType>::Lexer::lex):
536         (JSC::LiteralParser<CharType>::Lexer::lexString):
537         (JSC::LiteralParser<CharType>::parse):
538         * runtime/LiteralParser.h:
539         (JSC::LiteralParser::getErrorMessage):
540         * runtime/TypeSet.cpp:
541         (JSC::TypeSet::seenTypes):
542         (JSC::TypeSet::displayName):
543         (JSC::TypeSet::allPrimitiveTypeNames):
544         (JSC::StructureShape::propertyHash):
545         (JSC::StructureShape::stringRepresentation):
546
547 2014-08-29  Csaba Osztrogonác  <ossy@webkit.org>
548
549         Unreviwed, remove empty directories.
550
551         * qt: Removed.
552
553 2014-08-28  Mark Lam  <mark.lam@apple.com>
554
555         DebuggerCallFrame::scope() should return a DebuggerScope.
556         <https://webkit.org/b/134420>
557
558         Reviewed by Geoffrey Garen.
559
560         Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
561
562         Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
563         peers) which the WebInspector will use to introspect CallFrame variables.
564         Instead, we should be returning a DebuggerScope as an abstraction layer that
565         provides the introspection functionality that the WebInspector needs.  This
566         is the first step towards not forcing every frame to have a JSActivation
567         object just because the debugger is enabled.
568
569         1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
570            instead of the VM.  This allows JSObject::globalObject() to be able to
571            return the global object for the DebuggerScope.
572
573         2. On the DebuggerScope's life-cycle management:
574
575            The DebuggerCallFrame is designed to be "valid" only during a debugging session
576            (while the debugger is broken) through the use of a DebuggerCallFrameScope in
577            Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
578            DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
579            We can't guarantee (from this code alone) that the Inspector code isn't still
580            holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
581            the frame will be invalidated, and any attempt to query it will return null values.
582            This is pre-existing behavior.
583
584            Now, we're adding the DebuggerScope into the picture.  While a single debugger
585            pause session is in progress, the Inspector may request the scope from the
586            DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
587            DebuggerCallFrame::scope() to always return the same DebuggerScope object.
588            This is why we hold on to the DebuggerScope with a strong ref.
589
590            If we use a weak ref instead, the following cooky behavior can manifest:
591            1. The Inspector calls Debugger::scope() to get the top scope.
592            2. The Inspector iterates down the scope chain and is now only holding a
593               reference to a parent scope.  It is no longer referencing the top scope.
594            3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
595               gets cleared.
596            4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
597               a different DebuggerScope instance.
598            5. The Inspector iterates down the scope chain but never sees the parent scope
599               instance that retained a ref to in step 2 above.  This is because when iterating
600               this new DebuggerScope instance (which has no knowledge of the previous parent
601               DebuggerScope instance), a new DebuggerScope instance will get created for the
602               same parent scope. 
603
604            Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
605            However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
606            When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
607            instantiated) will also get invalidated.  This is why we need the
608            DebuggerScope::invalidateChain() method.  The Inspector should not be using the
609            DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
610            those methods will do nothing or returned a failed status.
611
612         Fix for <https://webkit.org/b/135656>:
613         3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
614            m_thisValue in the returned slot to the wrapped scope object.  Previously,
615            it was pointing to the DebuggerScope though the rest of the fields in the
616            returned slot will be set to data pertaining the wrapped scope object.
617
618         4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
619            wrapped scope.  This is because JSObject::getPropertySlot() cannot be
620            overridden, and when called on a DebuggerScope, will not know to look in
621            the ptototype chain of the DebuggerScope's wrapped scope.  Hence, we'll
622            treat all properties in the wrapped scope as own properties in the
623            DebuggerScope.  This is fine because the WebInspector does not presently
624            care about where in the prototype chain the scope property comes from.
625
626            Note that the DebuggerScope and the JSActivation objects that it wraps do
627            not have prototypes.  They are always jsNull().  This works perfectly with
628            the above change to use getPropertySlot() instead of getOwnPropertySlot().
629            To make this an explicit invariant, I also changed DebuggerScope::createStructure()
630            and JSActivation::createStructure() to not take a prototype argument, and
631            to always use jsNull() for their prototype value.
632
633         * debugger/Debugger.h:
634         * debugger/DebuggerCallFrame.cpp:
635         (JSC::DebuggerCallFrame::scope):
636         (JSC::DebuggerCallFrame::evaluate):
637         (JSC::DebuggerCallFrame::invalidate):
638         * debugger/DebuggerCallFrame.h:
639         * debugger/DebuggerScope.cpp:
640         (JSC::DebuggerScope::DebuggerScope):
641         (JSC::DebuggerScope::finishCreation):
642         (JSC::DebuggerScope::visitChildren):
643         (JSC::DebuggerScope::className):
644         (JSC::DebuggerScope::getOwnPropertySlot):
645         (JSC::DebuggerScope::put):
646         (JSC::DebuggerScope::deleteProperty):
647         (JSC::DebuggerScope::getOwnPropertyNames):
648         (JSC::DebuggerScope::defineOwnProperty):
649         (JSC::DebuggerScope::next):
650         (JSC::DebuggerScope::invalidateChain):
651         (JSC::DebuggerScope::isWithScope):
652         (JSC::DebuggerScope::isGlobalScope):
653         (JSC::DebuggerScope::isFunctionOrEvalScope):
654         * debugger/DebuggerScope.h:
655         (JSC::DebuggerScope::create):
656         (JSC::DebuggerScope::createStructure):
657         (JSC::DebuggerScope::iterator::iterator):
658         (JSC::DebuggerScope::iterator::get):
659         (JSC::DebuggerScope::iterator::operator++):
660         (JSC::DebuggerScope::iterator::operator==):
661         (JSC::DebuggerScope::iterator::operator!=):
662         (JSC::DebuggerScope::isValid):
663         (JSC::DebuggerScope::jsScope):
664         (JSC::DebuggerScope::begin):
665         (JSC::DebuggerScope::end):
666         * inspector/JSJavaScriptCallFrame.cpp:
667         (Inspector::JSJavaScriptCallFrame::scopeType):
668         (Inspector::JSJavaScriptCallFrame::scopeChain):
669         * inspector/JavaScriptCallFrame.h:
670         (Inspector::JavaScriptCallFrame::scopeChain):
671         * inspector/ScriptDebugServer.cpp:
672         * runtime/JSActivation.h:
673         (JSC::JSActivation::createStructure):
674         * runtime/JSGlobalObject.cpp:
675         (JSC::JSGlobalObject::reset):
676         (JSC::JSGlobalObject::visitChildren):
677         * runtime/JSGlobalObject.h:
678         (JSC::JSGlobalObject::debuggerScopeStructure):
679         * runtime/JSObject.cpp:
680         * runtime/JSObject.h:
681         (JSC::JSObject::isWithScope):
682         * runtime/JSScope.h:
683         * runtime/PropertySlot.h:
684         (JSC::PropertySlot::setThisValue):
685         * runtime/PutPropertySlot.h:
686         (JSC::PutPropertySlot::setThisValue):
687         * runtime/VM.cpp:
688         (JSC::VM::VM):
689         * runtime/VM.h:
690
691 2014-08-28  Andreas Kling  <akling@apple.com>
692
693         Use JSString::toIdentifier() in more places.
694         <https://webkit.org/b/136348>
695
696         Call sites that grab the WTF::String from a JSString using value() can
697         use the more efficient toIdentifier() if the string is going to be used
698         to construct an Identifier.
699
700         If the JSString is a rope that resolves to something that is already
701         present in the VM's Identifier table, using toIdentifier() can avoid
702         allocating a new StringImpl.
703
704         Reviewed by Geoffrey Garen.
705
706         * jit/JITOperations.cpp:
707         * llint/LLIntSlowPaths.cpp:
708         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
709         * runtime/CommonSlowPaths.cpp:
710         (JSC::SLOW_PATH_DECL):
711         * runtime/CommonSlowPaths.h:
712         (JSC::CommonSlowPaths::opIn):
713         * runtime/JSONObject.cpp:
714         (JSC::Stringifier::Stringifier):
715         * runtime/ObjectConstructor.cpp:
716         (JSC::objectConstructorGetOwnPropertyDescriptor):
717         (JSC::objectConstructorDefineProperty):
718         * runtime/ObjectPrototype.cpp:
719         (JSC::objectProtoFuncPropertyIsEnumerable):
720
721 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
722
723         DFG should compute immediate dominators using the O(n log n) form of Lengauer and Tarjan's "A Fast Algorithm for Finding Dominators in a Flowgraph"
724         https://bugs.webkit.org/show_bug.cgi?id=93361
725
726         Reviewed by Mark Hahnenberg.
727         
728         This patch also adds some new utilities for reasoning about block-keyed maps, block sets,
729         and block worklists. It changes preexisting code to use these abstractions.
730         
731         The main effect of this code is that all current clients of dominators end up using the
732         results of the new idom calculation. We convert the dom tree to a dominance test using
733         Dietz's pre/post number range check trick.
734
735         * CMakeLists.txt:
736         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
737         * JavaScriptCore.xcodeproj/project.pbxproj:
738         * dfg/DFGAnalysis.h:
739         (JSC::DFG::Analysis::computeIfNecessary):
740         (JSC::DFG::Analysis::computeDependencies):
741         * dfg/DFGBlockMap.h: Added.
742         (JSC::DFG::BlockMap::BlockMap):
743         (JSC::DFG::BlockMap::size):
744         (JSC::DFG::BlockMap::atIndex):
745         (JSC::DFG::BlockMap::operator[]):
746         * dfg/DFGBlockMapInlines.h: Added.
747         (JSC::DFG::BlockMap<T>::BlockMap):
748         * dfg/DFGBlockSet.h: Added.
749         (JSC::DFG::BlockSet::BlockSet):
750         (JSC::DFG::BlockSet::add):
751         (JSC::DFG::BlockSet::contains):
752         * dfg/DFGBlockWorklist.cpp: Added.
753         (JSC::DFG::BlockWorklist::BlockWorklist):
754         (JSC::DFG::BlockWorklist::~BlockWorklist):
755         (JSC::DFG::BlockWorklist::push):
756         (JSC::DFG::BlockWorklist::pop):
757         (JSC::DFG::PostOrderBlockWorklist::PostOrderBlockWorklist):
758         (JSC::DFG::PostOrderBlockWorklist::~PostOrderBlockWorklist):
759         (JSC::DFG::PostOrderBlockWorklist::pushPre):
760         (JSC::DFG::PostOrderBlockWorklist::pushPost):
761         (JSC::DFG::PostOrderBlockWorklist::pop):
762         * dfg/DFGBlockWorklist.h: Added.
763         (JSC::DFG::BlockWorklist::notEmpty):
764         (JSC::DFG::BlockWith::BlockWith):
765         (JSC::DFG::BlockWith::operator UnspecifiedBoolType*):
766         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist):
767         (JSC::DFG::ExtendedBlockWorklist::forcePush):
768         (JSC::DFG::ExtendedBlockWorklist::push):
769         (JSC::DFG::ExtendedBlockWorklist::notEmpty):
770         (JSC::DFG::ExtendedBlockWorklist::pop):
771         (JSC::DFG::BlockWithOrder::BlockWithOrder):
772         (JSC::DFG::BlockWithOrder::operator UnspecifiedBoolType*):
773         (JSC::DFG::PostOrderBlockWorklist::push):
774         (JSC::DFG::PostOrderBlockWorklist::notEmpty):
775         * dfg/DFGCSEPhase.cpp:
776         * dfg/DFGDominators.cpp:
777         (JSC::DFG::Dominators::compute):
778         (JSC::DFG::Dominators::naiveDominates):
779         (JSC::DFG::Dominators::dump):
780         (JSC::DFG::Dominators::pruneDominators): Deleted.
781         * dfg/DFGDominators.h:
782         (JSC::DFG::Dominators::strictlyDominates):
783         (JSC::DFG::Dominators::dominates):
784         (JSC::DFG::Dominators::BlockData::BlockData):
785         * dfg/DFGGraph.cpp:
786         (JSC::DFG::Graph::dumpBlockHeader):
787         (JSC::DFG::Graph::getBlocksInPreOrder):
788         (JSC::DFG::Graph::getBlocksInPostOrder):
789         * dfg/DFGInvalidationPointInjectionPhase.cpp:
790         (JSC::DFG::InvalidationPointInjectionPhase::run):
791         * dfg/DFGNaiveDominators.cpp: Added.
792         (JSC::DFG::NaiveDominators::NaiveDominators):
793         (JSC::DFG::NaiveDominators::~NaiveDominators):
794         (JSC::DFG::NaiveDominators::compute):
795         (JSC::DFG::NaiveDominators::pruneDominators):
796         (JSC::DFG::NaiveDominators::dump):
797         * dfg/DFGNaiveDominators.h: Added.
798         (JSC::DFG::NaiveDominators::dominates):
799         * dfg/DFGNaturalLoops.cpp:
800         (JSC::DFG::NaturalLoops::computeDependencies):
801         (JSC::DFG::NaturalLoops::compute):
802         * dfg/DFGNaturalLoops.h:
803
804 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
805
806         FTL should be able to do polymorphic call inlining
807         https://bugs.webkit.org/show_bug.cgi?id=135145
808
809         Reviewed by Geoffrey Garen.
810         
811         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
812         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
813         inlining sites use the call edge profile if it is available, but they will still fall back
814         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
815         multiple possible callees can be inlined with a switch to guard them. The slow path may
816         either be an OSR exit or a virtual call.
817         
818         The call edge profiling added in this patch is very precise - it will tell you about every
819         call that has ever happened. It took some effort to reduce the overhead of this profiling.
820         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
821         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
822         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
823         I also experimented with reducing the precision of the profiling. This led to a significant
824         reduction in the speed-up, so I avoided this approach. I also explored making log processing
825         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
826         found that most of the overhead of this profiling is actually in putting things into the log
827         rather than in processing the log - that part appears to be surprisingly cheap.
828         
829         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
830         and if we guarded such inlining sites with some profiling mechanism to detect
831         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
832         it's actually monomorphic).
833         
834         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
835         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
836         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
837         highlighting the increase in profiling overhead. But since this doesn't show up on any major
838         score (code-load or SunSpider), it's probably not relevant.
839         
840         Relanding after fixing debug assertions in fast/storage/serialized-script-value.html.
841
842         * CMakeLists.txt:
843         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
844         * JavaScriptCore.xcodeproj/project.pbxproj:
845         * bytecode/CallEdge.cpp: Added.
846         (JSC::CallEdge::dump):
847         * bytecode/CallEdge.h: Added.
848         (JSC::CallEdge::operator!):
849         (JSC::CallEdge::callee):
850         (JSC::CallEdge::count):
851         (JSC::CallEdge::despecifiedClosure):
852         (JSC::CallEdge::CallEdge):
853         * bytecode/CallEdgeProfile.cpp: Added.
854         (JSC::CallEdgeProfile::callEdges):
855         (JSC::CallEdgeProfile::numCallsToKnownCells):
856         (JSC::worthDespecifying):
857         (JSC::CallEdgeProfile::worthDespecifying):
858         (JSC::CallEdgeProfile::visitWeak):
859         (JSC::CallEdgeProfile::addSlow):
860         (JSC::CallEdgeProfile::mergeBack):
861         (JSC::CallEdgeProfile::fadeByHalf):
862         (JSC::CallEdgeLog::CallEdgeLog):
863         (JSC::CallEdgeLog::~CallEdgeLog):
864         (JSC::CallEdgeLog::isEnabled):
865         (JSC::operationProcessCallEdgeLog):
866         (JSC::CallEdgeLog::emitLogCode):
867         (JSC::CallEdgeLog::processLog):
868         * bytecode/CallEdgeProfile.h: Added.
869         (JSC::CallEdgeProfile::numCallsToNotCell):
870         (JSC::CallEdgeProfile::numCallsToUnknownCell):
871         (JSC::CallEdgeProfile::totalCalls):
872         * bytecode/CallEdgeProfileInlines.h: Added.
873         (JSC::CallEdgeProfile::CallEdgeProfile):
874         (JSC::CallEdgeProfile::add):
875         * bytecode/CallLinkInfo.cpp:
876         (JSC::CallLinkInfo::visitWeak):
877         * bytecode/CallLinkInfo.h:
878         * bytecode/CallLinkStatus.cpp:
879         (JSC::CallLinkStatus::CallLinkStatus):
880         (JSC::CallLinkStatus::computeFromLLInt):
881         (JSC::CallLinkStatus::computeFor):
882         (JSC::CallLinkStatus::computeExitSiteData):
883         (JSC::CallLinkStatus::computeFromCallLinkInfo):
884         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
885         (JSC::CallLinkStatus::computeDFGStatuses):
886         (JSC::CallLinkStatus::isClosureCall):
887         (JSC::CallLinkStatus::makeClosureCall):
888         (JSC::CallLinkStatus::dump):
889         (JSC::CallLinkStatus::function): Deleted.
890         (JSC::CallLinkStatus::internalFunction): Deleted.
891         (JSC::CallLinkStatus::intrinsicFor): Deleted.
892         * bytecode/CallLinkStatus.h:
893         (JSC::CallLinkStatus::CallLinkStatus):
894         (JSC::CallLinkStatus::isSet):
895         (JSC::CallLinkStatus::couldTakeSlowPath):
896         (JSC::CallLinkStatus::edges):
897         (JSC::CallLinkStatus::size):
898         (JSC::CallLinkStatus::at):
899         (JSC::CallLinkStatus::operator[]):
900         (JSC::CallLinkStatus::canOptimize):
901         (JSC::CallLinkStatus::canTrustCounts):
902         (JSC::CallLinkStatus::isClosureCall): Deleted.
903         (JSC::CallLinkStatus::callTarget): Deleted.
904         (JSC::CallLinkStatus::executable): Deleted.
905         (JSC::CallLinkStatus::makeClosureCall): Deleted.
906         * bytecode/CallVariant.cpp: Added.
907         (JSC::CallVariant::dump):
908         * bytecode/CallVariant.h: Added.
909         (JSC::CallVariant::CallVariant):
910         (JSC::CallVariant::operator!):
911         (JSC::CallVariant::despecifiedClosure):
912         (JSC::CallVariant::rawCalleeCell):
913         (JSC::CallVariant::internalFunction):
914         (JSC::CallVariant::function):
915         (JSC::CallVariant::isClosureCall):
916         (JSC::CallVariant::executable):
917         (JSC::CallVariant::nonExecutableCallee):
918         (JSC::CallVariant::intrinsicFor):
919         (JSC::CallVariant::functionExecutable):
920         (JSC::CallVariant::isHashTableDeletedValue):
921         (JSC::CallVariant::operator==):
922         (JSC::CallVariant::operator!=):
923         (JSC::CallVariant::operator<):
924         (JSC::CallVariant::operator>):
925         (JSC::CallVariant::operator<=):
926         (JSC::CallVariant::operator>=):
927         (JSC::CallVariant::hash):
928         (JSC::CallVariant::deletedToken):
929         (JSC::CallVariantHash::hash):
930         (JSC::CallVariantHash::equal):
931         * bytecode/CodeOrigin.h:
932         (JSC::InlineCallFrame::isNormalCall):
933         * bytecode/ExitKind.cpp:
934         (JSC::exitKindToString):
935         * bytecode/ExitKind.h:
936         * bytecode/GetByIdStatus.cpp:
937         (JSC::GetByIdStatus::computeForStubInfo):
938         * bytecode/PutByIdStatus.cpp:
939         (JSC::PutByIdStatus::computeForStubInfo):
940         * dfg/DFGAbstractInterpreterInlines.h:
941         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
942         * dfg/DFGBackwardsPropagationPhase.cpp:
943         (JSC::DFG::BackwardsPropagationPhase::propagate):
944         * dfg/DFGBasicBlock.cpp:
945         (JSC::DFG::BasicBlock::~BasicBlock):
946         * dfg/DFGBasicBlock.h:
947         (JSC::DFG::BasicBlock::takeLast):
948         (JSC::DFG::BasicBlock::didLink):
949         * dfg/DFGByteCodeParser.cpp:
950         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
951         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
952         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
953         (JSC::DFG::ByteCodeParser::addCall):
954         (JSC::DFG::ByteCodeParser::handleCall):
955         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
956         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
957         (JSC::DFG::ByteCodeParser::inliningCost):
958         (JSC::DFG::ByteCodeParser::inlineCall):
959         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
960         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
961         (JSC::DFG::ByteCodeParser::handleInlining):
962         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
963         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
964         (JSC::DFG::ByteCodeParser::clearCaches):
965         (JSC::DFG::ByteCodeParser::parseBlock):
966         (JSC::DFG::ByteCodeParser::linkBlock):
967         (JSC::DFG::ByteCodeParser::linkBlocks):
968         (JSC::DFG::ByteCodeParser::parseCodeBlock):
969         * dfg/DFGCPSRethreadingPhase.cpp:
970         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
971         * dfg/DFGClobberize.h:
972         (JSC::DFG::clobberize):
973         * dfg/DFGCommon.h:
974         * dfg/DFGConstantFoldingPhase.cpp:
975         (JSC::DFG::ConstantFoldingPhase::foldConstants):
976         * dfg/DFGDoesGC.cpp:
977         (JSC::DFG::doesGC):
978         * dfg/DFGDriver.cpp:
979         (JSC::DFG::compileImpl):
980         * dfg/DFGFixupPhase.cpp:
981         (JSC::DFG::FixupPhase::fixupNode):
982         * dfg/DFGGraph.cpp:
983         (JSC::DFG::Graph::dump):
984         (JSC::DFG::Graph::getBlocksInPreOrder):
985         (JSC::DFG::Graph::visitChildren):
986         * dfg/DFGJITCompiler.cpp:
987         (JSC::DFG::JITCompiler::link):
988         * dfg/DFGLazyJSValue.cpp:
989         (JSC::DFG::LazyJSValue::switchLookupValue):
990         * dfg/DFGLazyJSValue.h:
991         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
992         * dfg/DFGNode.cpp:
993         (WTF::printInternal):
994         * dfg/DFGNode.h:
995         (JSC::DFG::OpInfo::OpInfo):
996         (JSC::DFG::Node::hasHeapPrediction):
997         (JSC::DFG::Node::hasCellOperand):
998         (JSC::DFG::Node::cellOperand):
999         (JSC::DFG::Node::setCellOperand):
1000         (JSC::DFG::Node::canBeKnownFunction): Deleted.
1001         (JSC::DFG::Node::hasKnownFunction): Deleted.
1002         (JSC::DFG::Node::knownFunction): Deleted.
1003         (JSC::DFG::Node::giveKnownFunction): Deleted.
1004         (JSC::DFG::Node::hasFunction): Deleted.
1005         (JSC::DFG::Node::function): Deleted.
1006         (JSC::DFG::Node::hasExecutable): Deleted.
1007         (JSC::DFG::Node::executable): Deleted.
1008         * dfg/DFGNodeType.h:
1009         * dfg/DFGPhantomCanonicalizationPhase.cpp:
1010         (JSC::DFG::PhantomCanonicalizationPhase::run):
1011         * dfg/DFGPhantomRemovalPhase.cpp:
1012         (JSC::DFG::PhantomRemovalPhase::run):
1013         * dfg/DFGPredictionPropagationPhase.cpp:
1014         (JSC::DFG::PredictionPropagationPhase::propagate):
1015         * dfg/DFGSafeToExecute.h:
1016         (JSC::DFG::safeToExecute):
1017         * dfg/DFGSpeculativeJIT.cpp:
1018         (JSC::DFG::SpeculativeJIT::emitSwitch):
1019         * dfg/DFGSpeculativeJIT32_64.cpp:
1020         (JSC::DFG::SpeculativeJIT::emitCall):
1021         (JSC::DFG::SpeculativeJIT::compile):
1022         * dfg/DFGSpeculativeJIT64.cpp:
1023         (JSC::DFG::SpeculativeJIT::emitCall):
1024         (JSC::DFG::SpeculativeJIT::compile):
1025         * dfg/DFGStructureRegistrationPhase.cpp:
1026         (JSC::DFG::StructureRegistrationPhase::run):
1027         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1028         (JSC::DFG::TierUpCheckInjectionPhase::run):
1029         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
1030         * dfg/DFGValidate.cpp:
1031         (JSC::DFG::Validate::validate):
1032         * dfg/DFGWatchpointCollectionPhase.cpp:
1033         (JSC::DFG::WatchpointCollectionPhase::handle):
1034         * ftl/FTLCapabilities.cpp:
1035         (JSC::FTL::canCompile):
1036         * ftl/FTLLowerDFGToLLVM.cpp:
1037         (JSC::FTL::ftlUnreachable):
1038         (JSC::FTL::LowerDFGToLLVM::lower):
1039         (JSC::FTL::LowerDFGToLLVM::compileNode):
1040         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
1041         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
1042         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
1043         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1044         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
1045         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
1046         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
1047         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
1048         * heap/Heap.cpp:
1049         (JSC::Heap::collect):
1050         * jit/AssemblyHelpers.h:
1051         (JSC::AssemblyHelpers::storeValue):
1052         (JSC::AssemblyHelpers::loadValue):
1053         * jit/CCallHelpers.h:
1054         (JSC::CCallHelpers::setupArguments):
1055         * jit/GPRInfo.h:
1056         (JSC::JSValueRegs::uses):
1057         * jit/JITCall.cpp:
1058         (JSC::JIT::compileOpCall):
1059         * jit/JITCall32_64.cpp:
1060         (JSC::JIT::compileOpCall):
1061         * runtime/Options.h:
1062         * runtime/VM.cpp:
1063         (JSC::VM::ensureCallEdgeLog):
1064         * runtime/VM.h:
1065         * tests/stress/fold-profiled-call-to-call.js: Added. This test pinpoints the problem we saw in fast/storage/serialized-script-value.html.
1066         * tests/stress/new-array-then-exit.js: Added.
1067         * tests/stress/poly-call-exit-this.js: Added.
1068         * tests/stress/poly-call-exit.js: Added.
1069
1070 2014-08-28  Julien Brianceau   <jbriance@cisco.com>
1071
1072         Correct GC length unit and prevent division by 0 in showObjectStatistics.
1073         https://bugs.webkit.org/show_bug.cgi?id=136340
1074
1075         Reviewed by Mark Hahnenberg.
1076
1077         * heap/HeapStatistics.cpp:
1078         (JSC::HeapStatistics::showObjectStatistics):
1079
1080 2014-08-27  Akos Kiss  <akiss@inf.u-szeged.hu>
1081
1082         Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
1083         https://bugs.webkit.org/show_bug.cgi?id=136313
1084
1085         Reviewed by Michael Saboff.
1086
1087         Do not rely on calling conventions to fill in the CallerFrame component
1088         of the execCallee parameter of JSC::operationCallEval.
1089
1090         * jit/JITOperations.cpp:
1091
1092 2014-08-27  Saam Barati  <sbarati@apple.com>
1093
1094         Deconstruction object pattern node emits the wrong start/end text positions
1095         https://bugs.webkit.org/show_bug.cgi?id=136304
1096
1097         Reviewed by Geoffrey Garen.
1098
1099         Object pattern nodes that used the syntactic sugar binding: 
1100         'var {foo} = {foo:20}' instead of 'var {foo:foo} = {foo:20}' 
1101         would get the wrong text position for variable 'foo'. The position 
1102         would be placed on the comma(s)/closing brace instead of the identifier. 
1103         This patch fixes this bug by caching the identifier's JSToken before 
1104         trying to parse an optional colon.
1105
1106         * parser/Parser.cpp:
1107         (JSC::Parser<LexerType>::parseVarDeclarationList):
1108         (JSC::Parser<LexerType>::createBindingPattern):
1109         (JSC::Parser<LexerType>::parseDeconstructionPattern):
1110         * parser/Parser.h:
1111
1112 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
1113
1114         [Win] Build fix after last commit.
1115
1116         Check in new DLLLauncherMain.cpp file.
1117
1118         * JavaScriptCore.vcxproj/jsc/DLLLauncherMain.cpp: Added.
1119         (enableTerminationOnHeapCorruption):
1120         (getStringValue):
1121         (applePathFromRegistry):
1122         (appleApplicationSupportDirectory):
1123         (copyEnvironmentVariable):
1124         (prependPath):
1125         (fatalError):
1126         (directoryExists):
1127         (modifyPath):
1128         (getLastErrorString):
1129         (wWinMain):
1130
1131 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
1132
1133         [Win] testapi and testRegExp need to find support libraries.
1134         https://bugs.webkit.org/show_bug.cgi?id=136008.
1135
1136         Reviewed by Dean Jackson.
1137
1138         Revise the Windows build of jsc, testapi, and testRegExp so that they
1139         find and use the proper runtime support libraries.
1140
1141         These locations vary between the Apple Windows build and WinCairo, and
1142         are generally not in the system PATH environment setting. Consequently,
1143         these applications fail on launch unless the user modifies their
1144         PATH.
1145
1146         This patch revises these tools to work like WinLauncher and DumpRenderTree
1147         so that they run reliably.
1148
1149         * API/tests/testapi.c:
1150         (dllLauncherEntryPoint): Added.
1151         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Add new build projects and
1152           provide proper dependencies with existing projects.
1153         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Ditto.
1154         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Switch to build
1155           a DLL, rather than an executable.
1156         * JavaScriptCore.vcxproj/jsc/jscCommon.props: Add shlwapi.lib
1157           to the list of libraries needed at link-time, and to use
1158           the DLL/Console combination entry point.
1159         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Added.
1160         * JavaScriptCore.vcxproj/jsc/jscLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd.
1161         * JavaScriptCore.vcxproj/jsc/jscLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPreBuild.cmd.
1162         * JavaScriptCore.vcxproj/jsc/jscLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPreLink.cmd.
1163         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Switch to build
1164           a DLL, rather than an executable.
1165         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Add shlwapi.lib
1166           to the list of libraries needed at link-time, and to use
1167           the DLL/Console combination entry point.
1168         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Added.
1169         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd.
1170         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd.
1171         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd.
1172         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Switch to build
1173           a DLL, rather than an executable.
1174         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Added.
1175         * JavaScriptCore.vcxproj/testapi/testapiCommon.props: Add shlwapi.lib
1176           to the list of libraries needed at link-time, and to use
1177           the DLL/Console combination entry point.
1178         * JavaScriptCore.vcxproj/testapi/testapiLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd.
1179         * JavaScriptCore.vcxproj/testapi/testapiLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd.
1180         * JavaScriptCore.vcxproj/testapi/testapiLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd.
1181         * jsc.cpp:
1182         (dllLauncherEntryPoint): Added.
1183         * testRegExp.cpp:
1184         (dllLauncherEntryPoint): Added.
1185
1186 2014-08-27  Julien Brianceau   <jbriance@cisco.com>
1187
1188         Take advantage of 3 parameters or32() calls
1189         https://bugs.webkit.org/show_bug.cgi?id=136287
1190
1191         Reviewed by Michael Saboff.
1192
1193         For specific architectures (arm and mips for instance), or32() calls
1194         with 3 parameters are likely to produce a single instruction.
1195
1196         * dfg/DFGSpeculativeJIT32_64.cpp:
1197         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
1198         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
1199         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
1200         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
1201         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
1202         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
1203         (JSC::DFG::SpeculativeJIT::branchIsOther):
1204         (JSC::DFG::SpeculativeJIT::branchNotOther):
1205
1206 2014-08-26  Brian J. Burg  <burg@cs.washington.edu>
1207
1208         Web Inspector: put feature flags for Inspector domains in the protocol specification
1209         https://bugs.webkit.org/show_bug.cgi?id=136027
1210
1211         Reviewed by Timothy Hatcher.
1212
1213         Remove the hardcoded map of domains to feature guards, and instead parse it from the specification.
1214
1215         Test: inspector/scripts/tests/generate-domains-with-feature-guards.json
1216
1217         * inspector/scripts/codegen/generator.py:
1218         (Generator.wrap_with_guard_for_domain):
1219         * inspector/scripts/codegen/models.py:
1220         (Protocol.parse_domain):
1221         (Domain.__init__):
1222         (Domains):
1223         * inspector/scripts/tests/generate-domains-with-feature-guards.json: Added.
1224         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1225         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1226         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1227         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1228         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1229
1230 2014-08-26  Andy Estes  <aestes@apple.com>
1231
1232         [Cocoa] Some projects are incorrectly installed to $BUILT_PRODUCTS_DIR
1233         https://bugs.webkit.org/show_bug.cgi?id=136267
1234
1235         Reviewed by Dan Bernstein.
1236
1237         INSTALL_PATH was set to $BUILT_PRODUCTS_DIR for engineering configurations in r20225 as part of a build fix.
1238         Not only is this no longer necessary to build, but it causes built products to be incorrectly installed in
1239         engineering configurations.
1240
1241         Remove the setting of INSTALL_PATH from the pbxproj file so that the value specified in the xcconfig files is
1242         used instead.
1243
1244         * JavaScriptCore.xcodeproj/project.pbxproj:
1245
1246 2014-08-26  Michael Saboff  <msaboff@apple.com>
1247
1248         [Win] 64-bit JavaScriptCore crashes on launch
1249         https://bugs.webkit.org/show_bug.cgi?id=136241
1250
1251         Reviewed by Mark Lam.
1252
1253         * llint/LowLevelInterpreter.asm:
1254         (vmEntryRecord): X86_64_WIN doesn't use "a0" (rax) for the first argument, it uses
1255         "t2" (rcx).  Changed to get the input parameter using the correct register.
1256
1257 2014-08-26  Saam Barati  <sbarati@apple.com>
1258
1259         TypeSet caches structureIDs even after the corresponding Structure could be GCed
1260         https://bugs.webkit.org/show_bug.cgi?id=136178
1261
1262         Reviewed by Geoffrey Garen.
1263
1264         Currently, TypeSet will never remove StructureIDs from its cache,
1265         even after the corresponding Structures could be garbage collected.
1266         Now, when the Garbage Collector collects, and type profiling is 
1267         enabled, the Garbage Collector will invalidate all TypeSet caches.
1268
1269         * heap/Heap.cpp:
1270         (JSC::Heap::collect):
1271         * runtime/TypeSet.cpp:
1272         (JSC::TypeSet::addTypeInformation):
1273         (JSC::TypeSet::invalidateCache):
1274         * runtime/TypeSet.h:
1275         * runtime/VM.cpp:
1276         (JSC::VM::invalidateTypeSetCache):
1277         * runtime/VM.h:
1278
1279 2014-08-26  Michael Saboff  <msaboff@apple.com>
1280
1281         REGRESSION(r172794) + 32Bit build: for-in-base-reassigned-later-and-change-structure.js fail with NaN result
1282         https://bugs.webkit.org/show_bug.cgi?id=136187
1283
1284         Reviewed by Mark Hahnenberg.
1285
1286         Added two arg version for 32 bit builds of callOperation(J_JITOperation_ECJ, ...) that
1287         doesn't require a tag for the second argument, instead it fills in a CellTag.  This is
1288         used for the slow case of the GetDirectPname case in SpeculativeJIT::compile since we
1289         haven't set up a register with a tag and we know that argument 2 is a cell.
1290
1291         * dfg/DFGSpeculativeJIT.h:
1292         (JSC::DFG::SpeculativeJIT::callOperation): New version with implicit CellTag.
1293         * dfg/DFGSpeculativeJIT32_64.cpp:
1294         (JSC::DFG::SpeculativeJIT::compile): Eliminated extraneous filling of the scratchGPR
1295         with CellTag as it wasn't in the control flow for the slow path that needed the tag.
1296         Instead changed to calling new version of callOperation with an implicit CellTag.
1297
1298 2014-08-26  Commit Queue  <commit-queue@webkit.org>
1299
1300         Unreviewed, rolling out r172940.
1301         https://bugs.webkit.org/show_bug.cgi?id=136256
1302
1303         Caused assertions on fast/storage/serialized-script-
1304         value.html, and possibly flakiness on more tests (Requested by
1305         ap on #webkit).
1306
1307         Reverted changeset:
1308
1309         "FTL should be able to do polymorphic call inlining"
1310         https://bugs.webkit.org/show_bug.cgi?id=135145
1311         http://trac.webkit.org/changeset/172940
1312
1313 2014-08-26  Michael Saboff  <msaboff@apple.com>
1314
1315         REGRESSION(r172794) + 32Bit build: ASSERT failures in for-in-tests.js tests.
1316         https://bugs.webkit.org/show_bug.cgi?id=136165
1317
1318         Reviewed by Mark Hahnenberg.
1319
1320         Changed switch case GetDirectPname: to always use the slow path for X86 since it only has
1321         6 registers available, but the code requires 7.
1322
1323         * dfg/DFGSpeculativeJIT32_64.cpp:
1324         (JSC::DFG::SpeculativeJIT::compile):
1325
1326 2014-08-25  Saam Barati  <sbarati@apple.com>
1327
1328         TypeProfiler search breaks on return statements
1329         https://bugs.webkit.org/show_bug.cgi?id=136201
1330
1331         Reviewed by Filip Pizlo.
1332
1333         Searching for return statements in the TypeProfiler currently 
1334         breaks down because it expected to see the search descriptor 
1335         TypeProfilerSearchDescriptorFunctionReturn when looking for 
1336         return statements in the actual source code of the program. 
1337         But, TypeProfilerSearchDescriptorFunctionReturn search descriptor 
1338         is reserved for looking for return statements that aren't in the 
1339         actual source code of the program, but when asking for the 
1340         aggregate return type of a function. Now, searching for 
1341         return statements in the actual source code of the program will 
1342         work when passing in the search descriptor TypeProfilerSearchDescriptorNormal.  
1343
1344         * bytecode/CodeBlock.cpp:
1345         (JSC::CodeBlock::CodeBlock):
1346         * runtime/TypeProfiler.cpp:
1347         (JSC::TypeProfiler::findLocation):
1348         (JSC::descriptorMatchesTypeLocation): Deleted.
1349
1350 2014-08-25  Saam Barati  <sbarati@apple.com>
1351
1352         Return statement TypeSet's might be duplicated
1353         https://bugs.webkit.org/show_bug.cgi?id=136200
1354
1355         Reviewed by Filip Pizlo.
1356
1357         Currently, the globalTypeSet that converges the types of all 
1358         return statements in a function lives off of CodeBlock. It lives 
1359         off CodeBlock because of a faulty assumption that CodeBlock 
1360         will have a one to one mapping with a function in the source 
1361         text of the program. (Currently, there isn't an actual bug 
1362         with this design because TypeLocationCache will hash cons to 
1363         the same TypeLocation, but this is still an incorrect design). 
1364         In this patch, the globalTypeSet for function return statements  
1365         is moved to the FunctionExecutable object which does have a one 
1366         to one mapping with functions in the source text of a program.
1367
1368         * bytecode/CodeBlock.cpp:
1369         (JSC::CodeBlock::CodeBlock):
1370         * bytecode/CodeBlock.h:
1371         (JSC::CodeBlock::returnStatementTypeSet): Deleted.
1372         * runtime/Executable.h:
1373         (JSC::FunctionExecutable::returnStatementTypeSet):
1374
1375 2014-08-24  Filip Pizlo  <fpizlo@apple.com>
1376
1377         FTL should be able to do polymorphic call inlining
1378         https://bugs.webkit.org/show_bug.cgi?id=135145
1379
1380         Reviewed by Geoffrey Garen.
1381         
1382         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
1383         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
1384         inlining sites use the call edge profile if it is available, but they will still fall back
1385         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
1386         multiple possible callees can be inlined with a switch to guard them. The slow path may
1387         either be an OSR exit or a virtual call.
1388         
1389         The call edge profiling added in this patch is very precise - it will tell you about every
1390         call that has ever happened. It took some effort to reduce the overhead of this profiling.
1391         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
1392         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
1393         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
1394         I also experimented with reducing the precision of the profiling. This led to a significant
1395         reduction in the speed-up, so I avoided this approach. I also explored making log processing
1396         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
1397         found that most of the overhead of this profiling is actually in putting things into the log
1398         rather than in processing the log - that part appears to be surprisingly cheap.
1399         
1400         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
1401         and if we guarded such inlining sites with some profiling mechanism to detect
1402         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
1403         it's actually monomorphic).
1404         
1405         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
1406         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
1407         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
1408         highlighting the increase in profiling overhead. But since this doesn't show up on any major
1409         score (code-load or SunSpider), it's probably not relevant.
1410         
1411         * CMakeLists.txt:
1412         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1413         * JavaScriptCore.xcodeproj/project.pbxproj:
1414         * bytecode/CallEdge.cpp: Added.
1415         (JSC::CallEdge::dump):
1416         * bytecode/CallEdge.h: Added.
1417         (JSC::CallEdge::operator!):
1418         (JSC::CallEdge::callee):
1419         (JSC::CallEdge::count):
1420         (JSC::CallEdge::despecifiedClosure):
1421         (JSC::CallEdge::CallEdge):
1422         * bytecode/CallEdgeProfile.cpp: Added.
1423         (JSC::CallEdgeProfile::callEdges):
1424         (JSC::CallEdgeProfile::numCallsToKnownCells):
1425         (JSC::worthDespecifying):
1426         (JSC::CallEdgeProfile::worthDespecifying):
1427         (JSC::CallEdgeProfile::visitWeak):
1428         (JSC::CallEdgeProfile::addSlow):
1429         (JSC::CallEdgeProfile::mergeBack):
1430         (JSC::CallEdgeProfile::fadeByHalf):
1431         (JSC::CallEdgeLog::CallEdgeLog):
1432         (JSC::CallEdgeLog::~CallEdgeLog):
1433         (JSC::CallEdgeLog::isEnabled):
1434         (JSC::operationProcessCallEdgeLog):
1435         (JSC::CallEdgeLog::emitLogCode):
1436         (JSC::CallEdgeLog::processLog):
1437         * bytecode/CallEdgeProfile.h: Added.
1438         (JSC::CallEdgeProfile::numCallsToNotCell):
1439         (JSC::CallEdgeProfile::numCallsToUnknownCell):
1440         (JSC::CallEdgeProfile::totalCalls):
1441         * bytecode/CallEdgeProfileInlines.h: Added.
1442         (JSC::CallEdgeProfile::CallEdgeProfile):
1443         (JSC::CallEdgeProfile::add):
1444         * bytecode/CallLinkInfo.cpp:
1445         (JSC::CallLinkInfo::visitWeak):
1446         * bytecode/CallLinkInfo.h:
1447         * bytecode/CallLinkStatus.cpp:
1448         (JSC::CallLinkStatus::CallLinkStatus):
1449         (JSC::CallLinkStatus::computeFromLLInt):
1450         (JSC::CallLinkStatus::computeFor):
1451         (JSC::CallLinkStatus::computeExitSiteData):
1452         (JSC::CallLinkStatus::computeFromCallLinkInfo):
1453         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
1454         (JSC::CallLinkStatus::computeDFGStatuses):
1455         (JSC::CallLinkStatus::isClosureCall):
1456         (JSC::CallLinkStatus::makeClosureCall):
1457         (JSC::CallLinkStatus::dump):
1458         (JSC::CallLinkStatus::function): Deleted.
1459         (JSC::CallLinkStatus::internalFunction): Deleted.
1460         (JSC::CallLinkStatus::intrinsicFor): Deleted.
1461         * bytecode/CallLinkStatus.h:
1462         (JSC::CallLinkStatus::CallLinkStatus):
1463         (JSC::CallLinkStatus::isSet):
1464         (JSC::CallLinkStatus::couldTakeSlowPath):
1465         (JSC::CallLinkStatus::edges):
1466         (JSC::CallLinkStatus::size):
1467         (JSC::CallLinkStatus::at):
1468         (JSC::CallLinkStatus::operator[]):
1469         (JSC::CallLinkStatus::canOptimize):
1470         (JSC::CallLinkStatus::canTrustCounts):
1471         (JSC::CallLinkStatus::isClosureCall): Deleted.
1472         (JSC::CallLinkStatus::callTarget): Deleted.
1473         (JSC::CallLinkStatus::executable): Deleted.
1474         (JSC::CallLinkStatus::makeClosureCall): Deleted.
1475         * bytecode/CallVariant.cpp: Added.
1476         (JSC::CallVariant::dump):
1477         * bytecode/CallVariant.h: Added.
1478         (JSC::CallVariant::CallVariant):
1479         (JSC::CallVariant::operator!):
1480         (JSC::CallVariant::despecifiedClosure):
1481         (JSC::CallVariant::rawCalleeCell):
1482         (JSC::CallVariant::internalFunction):
1483         (JSC::CallVariant::function):
1484         (JSC::CallVariant::isClosureCall):
1485         (JSC::CallVariant::executable):
1486         (JSC::CallVariant::nonExecutableCallee):
1487         (JSC::CallVariant::intrinsicFor):
1488         (JSC::CallVariant::functionExecutable):
1489         (JSC::CallVariant::isHashTableDeletedValue):
1490         (JSC::CallVariant::operator==):
1491         (JSC::CallVariant::operator!=):
1492         (JSC::CallVariant::operator<):
1493         (JSC::CallVariant::operator>):
1494         (JSC::CallVariant::operator<=):
1495         (JSC::CallVariant::operator>=):
1496         (JSC::CallVariant::hash):
1497         (JSC::CallVariant::deletedToken):
1498         (JSC::CallVariantHash::hash):
1499         (JSC::CallVariantHash::equal):
1500         * bytecode/CodeOrigin.h:
1501         (JSC::InlineCallFrame::isNormalCall):
1502         * bytecode/ExitKind.cpp:
1503         (JSC::exitKindToString):
1504         * bytecode/ExitKind.h:
1505         * bytecode/GetByIdStatus.cpp:
1506         (JSC::GetByIdStatus::computeForStubInfo):
1507         * bytecode/PutByIdStatus.cpp:
1508         (JSC::PutByIdStatus::computeForStubInfo):
1509         * dfg/DFGAbstractInterpreterInlines.h:
1510         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1511         * dfg/DFGBackwardsPropagationPhase.cpp:
1512         (JSC::DFG::BackwardsPropagationPhase::propagate):
1513         * dfg/DFGBasicBlock.cpp:
1514         (JSC::DFG::BasicBlock::~BasicBlock):
1515         * dfg/DFGBasicBlock.h:
1516         (JSC::DFG::BasicBlock::takeLast):
1517         (JSC::DFG::BasicBlock::didLink):
1518         * dfg/DFGByteCodeParser.cpp:
1519         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
1520         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
1521         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
1522         (JSC::DFG::ByteCodeParser::addCall):
1523         (JSC::DFG::ByteCodeParser::handleCall):
1524         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
1525         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
1526         (JSC::DFG::ByteCodeParser::inliningCost):
1527         (JSC::DFG::ByteCodeParser::inlineCall):
1528         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
1529         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
1530         (JSC::DFG::ByteCodeParser::handleInlining):
1531         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1532         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
1533         (JSC::DFG::ByteCodeParser::clearCaches):
1534         (JSC::DFG::ByteCodeParser::parseBlock):
1535         (JSC::DFG::ByteCodeParser::linkBlock):
1536         (JSC::DFG::ByteCodeParser::linkBlocks):
1537         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1538         * dfg/DFGCPSRethreadingPhase.cpp:
1539         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
1540         * dfg/DFGClobberize.h:
1541         (JSC::DFG::clobberize):
1542         * dfg/DFGCommon.h:
1543         * dfg/DFGConstantFoldingPhase.cpp:
1544         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1545         * dfg/DFGDoesGC.cpp:
1546         (JSC::DFG::doesGC):
1547         * dfg/DFGDriver.cpp:
1548         (JSC::DFG::compileImpl):
1549         * dfg/DFGFixupPhase.cpp:
1550         (JSC::DFG::FixupPhase::fixupNode):
1551         * dfg/DFGGraph.cpp:
1552         (JSC::DFG::Graph::dump):
1553         (JSC::DFG::Graph::visitChildren):
1554         * dfg/DFGJITCompiler.cpp:
1555         (JSC::DFG::JITCompiler::link):
1556         * dfg/DFGLazyJSValue.cpp:
1557         (JSC::DFG::LazyJSValue::switchLookupValue):
1558         * dfg/DFGLazyJSValue.h:
1559         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
1560         * dfg/DFGNode.cpp:
1561         (WTF::printInternal):
1562         * dfg/DFGNode.h:
1563         (JSC::DFG::OpInfo::OpInfo):
1564         (JSC::DFG::Node::hasHeapPrediction):
1565         (JSC::DFG::Node::hasCellOperand):
1566         (JSC::DFG::Node::cellOperand):
1567         (JSC::DFG::Node::setCellOperand):
1568         (JSC::DFG::Node::canBeKnownFunction): Deleted.
1569         (JSC::DFG::Node::hasKnownFunction): Deleted.
1570         (JSC::DFG::Node::knownFunction): Deleted.
1571         (JSC::DFG::Node::giveKnownFunction): Deleted.
1572         (JSC::DFG::Node::hasFunction): Deleted.
1573         (JSC::DFG::Node::function): Deleted.
1574         (JSC::DFG::Node::hasExecutable): Deleted.
1575         (JSC::DFG::Node::executable): Deleted.
1576         * dfg/DFGNodeType.h:
1577         * dfg/DFGPhantomCanonicalizationPhase.cpp:
1578         (JSC::DFG::PhantomCanonicalizationPhase::run):
1579         * dfg/DFGPhantomRemovalPhase.cpp:
1580         (JSC::DFG::PhantomRemovalPhase::run):
1581         * dfg/DFGPredictionPropagationPhase.cpp:
1582         (JSC::DFG::PredictionPropagationPhase::propagate):
1583         * dfg/DFGSafeToExecute.h:
1584         (JSC::DFG::safeToExecute):
1585         * dfg/DFGSpeculativeJIT.cpp:
1586         (JSC::DFG::SpeculativeJIT::emitSwitch):
1587         * dfg/DFGSpeculativeJIT32_64.cpp:
1588         (JSC::DFG::SpeculativeJIT::emitCall):
1589         (JSC::DFG::SpeculativeJIT::compile):
1590         * dfg/DFGSpeculativeJIT64.cpp:
1591         (JSC::DFG::SpeculativeJIT::emitCall):
1592         (JSC::DFG::SpeculativeJIT::compile):
1593         * dfg/DFGStructureRegistrationPhase.cpp:
1594         (JSC::DFG::StructureRegistrationPhase::run):
1595         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1596         (JSC::DFG::TierUpCheckInjectionPhase::run):
1597         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
1598         * dfg/DFGValidate.cpp:
1599         (JSC::DFG::Validate::validate):
1600         * dfg/DFGWatchpointCollectionPhase.cpp:
1601         (JSC::DFG::WatchpointCollectionPhase::handle):
1602         * ftl/FTLCapabilities.cpp:
1603         (JSC::FTL::canCompile):
1604         * ftl/FTLLowerDFGToLLVM.cpp:
1605         (JSC::FTL::ftlUnreachable):
1606         (JSC::FTL::LowerDFGToLLVM::lower):
1607         (JSC::FTL::LowerDFGToLLVM::compileNode):
1608         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
1609         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
1610         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
1611         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1612         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
1613         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
1614         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
1615         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
1616         * heap/Heap.cpp:
1617         (JSC::Heap::collect):
1618         * jit/AssemblyHelpers.h:
1619         (JSC::AssemblyHelpers::storeValue):
1620         (JSC::AssemblyHelpers::loadValue):
1621         * jit/CCallHelpers.h:
1622         (JSC::CCallHelpers::setupArguments):
1623         * jit/GPRInfo.h:
1624         (JSC::JSValueRegs::uses):
1625         * jit/JITCall.cpp:
1626         (JSC::JIT::compileOpCall):
1627         * jit/JITCall32_64.cpp:
1628         (JSC::JIT::compileOpCall):
1629         * runtime/Options.h:
1630         * runtime/VM.cpp:
1631         (JSC::VM::ensureCallEdgeLog):
1632         * runtime/VM.h:
1633         * tests/stress/new-array-then-exit.js: Added.
1634         (foo):
1635         * tests/stress/poly-call-exit-this.js: Added.
1636         * tests/stress/poly-call-exit.js: Added.
1637
1638 2014-08-22  Michael Saboff  <msaboff@apple.com>
1639
1640         After r172867 another crash in in js/dom/line-column-numbers.html
1641         https://bugs.webkit.org/show_bug.cgi?id=136192
1642
1643         Reviewed by Geoffrey Garen.
1644
1645         In lookupExceptionHandlerFromCallerFrame(), We need to use the caller's CallFrame
1646         and VMEntryFrame when calling genericUnwind().  NativeCallFrameTracerWithRestore()
1647         does that for us.
1648
1649         In general, NativeCallFrameTracerWithRestore(), restores the values because we may
1650         do more processing that requires the current callFrame and vmEntryFrame before we
1651         get to the catch handler where we change these to the catch values.  In this
1652         particular case, that restoration isn't currently needed, but we add complexity
1653         and possible future confusion if we create another NativeCallFrameTracerXXX()
1654         version that doesn't restore the values.
1655
1656         * jit/JITOperations.cpp:
1657         (JSC::lookupExceptionHandlerFromCallerFrame): Changed NativeCallFrameTracer() to
1658         NativeCallFrameTracerWithRestore() so that VM::topVMEntryFrame will be updated
1659         before calling genericUnwind().
1660
1661 2014-08-24  Brian J. Burg  <burg@cs.washington.edu>
1662
1663         Web Inspector: rename Inspector::TypeBuilder to Inspector::Protocol
1664         https://bugs.webkit.org/show_bug.cgi?id=136031
1665
1666         Reviewed by Timothy Hatcher.
1667
1668         Rename TypeBuilder namespace to Protocol. Disambiguate where
1669         necessary. Also rename InspectorTypeBuilder to ProtocolTypes.
1670
1671         * CMakeLists.txt:
1672         * DerivedSources.make:
1673         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1674         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1675         * JavaScriptCore.vcxproj/copy-files.cmd:
1676         * JavaScriptCore.xcodeproj/project.pbxproj:
1677         * inspector/ConsoleMessage.cpp:
1678         (Inspector::messageSourceValue):
1679         (Inspector::messageTypeValue):
1680         (Inspector::messageLevelValue):
1681         (Inspector::ConsoleMessage::addToFrontend):
1682         * inspector/ContentSearchUtilities.cpp:
1683         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1684         (Inspector::ContentSearchUtilities::searchInTextByLines):
1685         * inspector/ContentSearchUtilities.h:
1686         * inspector/InjectedScript.cpp:
1687         (Inspector::InjectedScript::evaluate):
1688         (Inspector::InjectedScript::callFunctionOn):
1689         (Inspector::InjectedScript::evaluateOnCallFrame):
1690         (Inspector::InjectedScript::getFunctionDetails):
1691         (Inspector::InjectedScript::getProperties):
1692         (Inspector::InjectedScript::getInternalProperties):
1693         (Inspector::InjectedScript::wrapCallFrames):
1694         (Inspector::InjectedScript::wrapObject):
1695         (Inspector::InjectedScript::wrapTable):
1696         * inspector/InjectedScript.h:
1697         * inspector/InjectedScriptBase.cpp:
1698         (Inspector::InjectedScriptBase::makeEvalCall):
1699         * inspector/InjectedScriptBase.h:
1700         * inspector/InspectorTypeBuilder.h: Removed.
1701         * inspector/ScriptCallFrame.cpp:
1702         (Inspector::ScriptCallFrame::buildInspectorObject):
1703         * inspector/ScriptCallFrame.h:
1704         * inspector/ScriptCallStack.cpp:
1705         (Inspector::ScriptCallStack::buildInspectorArray):
1706         * inspector/ScriptCallStack.h:
1707         * inspector/agents/InspectorAgent.cpp:
1708         (Inspector::InspectorAgent::inspect):
1709         * inspector/agents/InspectorAgent.h:
1710         * inspector/agents/InspectorDebuggerAgent.cpp:
1711         (Inspector::breakpointActionTypeForString):
1712         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1713         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1714         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1715         (Inspector::InspectorDebuggerAgent::searchInContent):
1716         (Inspector::InspectorDebuggerAgent::getFunctionDetails):
1717         (Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
1718         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1719         (Inspector::InspectorDebuggerAgent::didParseSource):
1720         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1721         * inspector/agents/InspectorDebuggerAgent.h:
1722         * inspector/agents/InspectorProfilerAgent.cpp:
1723         (Inspector::InspectorProfilerAgent::createProfileHeader):
1724         (Inspector::InspectorProfilerAgent::getProfileHeaders):
1725         (Inspector::buildInspectorObject):
1726         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
1727         (Inspector::InspectorProfilerAgent::getCPUProfile):
1728         * inspector/agents/InspectorProfilerAgent.h:
1729         * inspector/agents/InspectorRuntimeAgent.cpp:
1730         (Inspector::buildErrorRangeObject):
1731         (Inspector::InspectorRuntimeAgent::parse):
1732         (Inspector::InspectorRuntimeAgent::evaluate):
1733         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1734         (Inspector::InspectorRuntimeAgent::getProperties):
1735         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1736         * inspector/agents/InspectorRuntimeAgent.h:
1737         * inspector/scripts/codegen/__init__.py:
1738         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
1739         (BackendDispatcherHeaderGenerator.generate_output):
1740         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
1741         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
1742         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1743         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
1744         (FrontendDispatcherHeaderGenerator.generate_output):
1745         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
1746         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1747         * inspector/scripts/codegen/generate_type_builder_header.py: Removed.
1748         * inspector/scripts/codegen/generate_type_builder_implementation.py: Removed.
1749         * inspector/scripts/codegen/generator.py:
1750         (Generator.protocol_type_string_for_type):
1751         (Generator.protocol_type_string_for_type_member):
1752         (Generator.type_string_for_type_with_name):
1753         (Generator.type_string_for_formal_out_parameter):
1754         (Generator.type_string_for_formal_async_parameter):
1755         (Generator.type_string_for_stack_in_parameter):
1756         (Generator.type_string_for_stack_out_parameter):
1757         (Generator.assertion_method_for_type_member.assertion_method_for_type):
1758         (Generator.assertion_method_for_type_member):
1759         (Generator.type_builder_string_for_type): Deleted.
1760         (Generator.type_builder_string_for_type_member): Deleted.
1761         * inspector/scripts/codegen/generator_templates.py:
1762         (Inspector):
1763         * inspector/scripts/generate-inspector-protocol-bindings.py:
1764         (generate_from_specification):
1765         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1766         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1767         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1768         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1769         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1770         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1771         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1772         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1773         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1774         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1775         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1776         * runtime/HighFidelityTypeProfiler.cpp:
1777         (JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector):
1778         * runtime/HighFidelityTypeProfiler.h:
1779         * runtime/TypeSet.cpp:
1780         (JSC::TypeSet::allPrimitiveTypeNames):
1781         (JSC::TypeSet::allStructureRepresentations):
1782         (JSC::StructureShape::inspectorRepresentation):
1783         * runtime/TypeSet.h:
1784
1785 2014-08-24  Brian J. Burg  <burg@cs.washington.edu>
1786
1787         Web Inspector: Rename DOM.RGBA and remove workarounds in the bindings generator
1788         https://bugs.webkit.org/show_bug.cgi?id=136025
1789
1790         Reviewed by Joseph Pecoraro.
1791
1792         This workaround can be removed since it is no longer necessary.
1793
1794         * inspector/scripts/codegen/models.py:
1795         (TypeReference.__init__):
1796         (Type.raw_name):
1797         (TypeDeclaration.__init__):
1798         * inspector/scripts/tests/type-declaration-object-type.json: Remove related test input.
1799         * inspector/scripts/tests/expected/type-declaration-object-type.json-result: Rebaseline.
1800
1801 2014-08-23  Joseph Pecoraro  <pecoraro@apple.com>
1802
1803         Web Inspector: Do not copy large module source strings
1804         https://bugs.webkit.org/show_bug.cgi?id=136191
1805
1806         Reviewed by Benjamin Poulain.
1807
1808         * inspector/InjectedScriptManager.cpp:
1809         (Inspector::InjectedScriptManager::injectedScriptSource):
1810
1811 2014-08-21  Michael Saboff  <msaboff@apple.com>
1812
1813         REGRESSION(r163179): Sporadic crash in js/dom/line-column-numbers.html test
1814         https://bugs.webkit.org/show_bug.cgi?id=136111
1815
1816         Reviewed by Filip Pizlo.
1817
1818         The problem was that we weren't properly handling VM::topVMEntryFrame in two ways.
1819
1820         First in the case where we get an exception of a stack overflow during setup of the direct
1821         callee frame of a VM entry frame, we need to throw the exception in the caller's frame.
1822         This requires unrolling topVMEntryFrame while creating the exception object.  This is
1823         accomplished with the renamed NativeCallFrameTracerWithRestore object.  As part of this,
1824         split the JIT rollback exception handling to call a new helper,
1825         callLookupExceptionHandlerFromCallerFrame, which will unroll the callFrame and VMEntryFrame.
1826
1827         Second, when we unwind to find a handler, we also need to unwind topVMCallFrame for the
1828         case where we end up (re)throwing another exception after entering the catch block, but
1829         before another vmEntry call.  Added VM::vmEntryFrameForThrow as a way similar to
1830         VM::callFrameForThrow to pass the appropriate VMENtryFrame to the catch block.
1831
1832
1833         * dfg/DFGJITCompiler.cpp:
1834         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1835         * ftl/FTLCompile.cpp:
1836         (JSC::FTL::fixFunctionBasedOnStackMaps):
1837         * jit/JIT.cpp:
1838         (JSC::JIT::privateCompileExceptionHandlers):
1839         Split out the unroll cases to use the new helper callLookupExceptionHandlerFromCallerFrame()
1840         to unwind both the callFrame and topVMEntryFrame.
1841
1842         * interpreter/Interpreter.cpp:
1843         (JSC::UnwindFunctor::UnwindFunctor):
1844         (JSC::UnwindFunctor::operator()):
1845         (JSC::Interpreter::unwind):
1846         * jit/JITExceptions.cpp:
1847         (JSC::genericUnwind):
1848         Added VMEntryFrame as another component to unwind.
1849
1850         * interpreter/Interpreter.h:
1851         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
1852         (JSC::NativeCallFrameTracerWithRestore::NativeCallFrameTracerWithRestore):
1853         (JSC::NativeCallFrameTracerWithRestore::~NativeCallFrameTracerWithRestore):
1854         Renamed and changed to save and restore topCallFrame and topVMEntryFrame around the setting of
1855         both values.
1856
1857         * interpreter/StackVisitor.cpp:
1858         (JSC::StackVisitor::gotoNextFrame):
1859         (JSC::StackVisitor::readNonInlinedFrame):
1860         * interpreter/StackVisitor.h:
1861         (JSC::StackVisitor::Frame::vmEntryFrame):
1862         Added code to unwind the VMEntryFrame.
1863
1864         * jit/CCallHelpers.h:
1865         (JSC::CCallHelpers::jumpToExceptionHandler): Updated comment to indicate that the value
1866         the handler should use for VM::topEntryFrame is in VM::vmEntryFrameForThrow.
1867
1868         * jit/JITOpcodes.cpp:
1869         (JSC::JIT::emit_op_catch):
1870         * jit/JITOpcodes32_64.cpp:
1871         (JSC::JIT::emit_op_catch):
1872         * llint/LowLevelInterpreter32_64.asm:
1873         * llint/LowLevelInterpreter64.asm:
1874         Added code to update VM::topVMEntryFrame from VM::vmEntryFrameForThrowOffset.
1875
1876         * jit/JITOperations.cpp:
1877         * jit/JITOperations.h:
1878         (JSC::operationThrowStackOverflowError):
1879         (JSC::operationCallArityCheck):
1880         (JSC::operationConstructArityCheck):
1881
1882         * runtime/VM.h:
1883         (JSC::VM::vmEntryFrameForThrowOffset):
1884         (JSC::VM::topVMEntryFrameOffset):
1885         Added as the side channel to return the topVMEntryFrame that the handler should use.
1886
1887 2014-08-22  Daniel Bates  <dabates@apple.com>
1888
1889         [iOS] Disable ENABLE_IOS_{GESTURE, TOUCH}_EVENTS, and temporarily disable ENABLE_TOUCH_EVENTS
1890         and ENABLE_XSLT when building with the iOS public SDK
1891         https://bugs.webkit.org/show_bug.cgi?id=135945
1892
1893         Reviewed by Andy Estes.
1894
1895         * Configurations/FeatureDefines.xcconfig:
1896
1897 2014-08-22  Jon Lee  <jonlee@apple.com>
1898
1899         Fix iOS build due to r172832 and move RUBBER_BANDING out of FeatureDefines.h
1900         https://bugs.webkit.org/show_bug.cgi?id=136157
1901
1902         Reviewed by Simon Fraser.
1903
1904         * Configurations/FeatureDefines.xcconfig: Add ENABLE(RUBBER_BANDING).
1905
1906 2014-08-21  Mark Lam  <mark.lam@apple.com>
1907
1908         r171362 accidentally increased the size of InlineCallFrame.
1909         <https://webkit.org/b/136141>
1910
1911         Reviewed by Filip Pizlo.
1912
1913         r171362 increased the size of InlineCallFrame::kind to 2 bits.  This increased
1914         the size of InlineCallFrame from 72 to 80 though not intentionally.  The fix
1915         is to reduce the size of InlineCallFrame::stackOffset to 29 bits.
1916
1917         Also added an assert to ensure that we never set a value that exceeds the size
1918         of InlineCallFrame::stackOffset.
1919
1920         * bytecode/CodeOrigin.h:
1921         (JSC::InlineCallFrame::setStackOffset):
1922         * dfg/DFGByteCodeParser.cpp:
1923         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1924
1925 2014-08-21  Joseph Pecoraro  <pecoraro@apple.com>
1926
1927         Web Inspector: RetainPtr misuse, CFRunLoopSource leak
1928         https://bugs.webkit.org/show_bug.cgi?id=136143
1929
1930         Reviewed by Timothy Hatcher.
1931
1932         Adopt a Create into the RetainPtr to avoid leaking.
1933
1934         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1935         (Inspector::RemoteInspectorDebuggableConnection::setupRunLoop):
1936
1937 2014-08-21  Mark Lam  <mark.lam@apple.com>
1938
1939         REGRESSION(r172808): It made 6 different tests fail on 32 bit platforms.
1940         <https://webkit.org/b/136123>
1941
1942         Reviewed by Filip Pizlo.
1943
1944         The original patch in r172808 removed the code to skip the top scope in
1945         the 64-bit port of JIT::emitResolveClosure() but not in the 32-bit port.
1946         This patch fixes that and achieves parity.
1947
1948         * jit/JITPropertyAccess32_64.cpp:
1949         (JSC::JIT::emitResolveClosure):
1950
1951 2014-08-21  Zalan Bujtas  <zalan@apple.com>
1952
1953         Enable SATURATED_LAYOUT_ARITHMETIC.
1954         https://bugs.webkit.org/show_bug.cgi?id=136106
1955
1956         Reviewed by Simon Fraser.
1957
1958         SATURATED_LAYOUT_ARITHMETIC protects LayoutUnit against arithmetic overflow.
1959         (No measurable performance regression on Mac.)
1960
1961         * Configurations/FeatureDefines.xcconfig:
1962
1963 2014-08-20  Saam Barati  <sbarati@apple.com>
1964
1965         Fix how CodeBlock dumps the opcode op_profile_type
1966         https://bugs.webkit.org/show_bug.cgi?id=136088
1967
1968         Reviewed by Filip Pizlo.
1969
1970         op_profile_type was modified to receive two extra arguments,
1971         but its dump in CodeBlock::dumpBytecode wasn't changed to 
1972         account for this, so it broke CodeBlock::dumpBytecode when
1973         op_profile_type was in the stream of bytecode instructions.
1974         CodeBlock::dumpBytecode now accounts for the change in 
1975         op_profile_type's arity.
1976
1977         * bytecode/CodeBlock.cpp:
1978         (JSC::CodeBlock::dumpBytecode):
1979
1980 2014-08-20  Saam Barati  <sbarati@apple.com>
1981
1982         Rename HighFidelityTypeProfiling variables for more clarity
1983         https://bugs.webkit.org/show_bug.cgi?id=135899
1984
1985         Reviewed by Geoffrey Garen.
1986
1987         Many names that are used in the type profiling infrastructure
1988         prefix themselves with "HighFidelity" or include the words "high"
1989         and/or "fidelity" in some way. But the words "high" and "fidelity" don't 
1990         add anything descriptive to the names surrounding type profiling. 
1991         So this patch removes all uses of "HighFidelity" and its variants.
1992
1993         Most renamings change "HighFidelity*" to "TypeProfiler*" or simply 
1994         drop the prefix "HighFidelity" all together. Now, almost all names 
1995         in relation to type profiling contain in them "TypeProfiler" or 
1996         "TypeProfiling" or some combination of the words "type" and "profile".
1997
1998         This patch also changes how we check if type profiling is enabled:
1999         We no longer call vm::isProfilingTypesWithHighFidelity. We now just 
2000         check that vm::typeProfiler is not null.
2001
2002         This patch also changes all calls to TypeProfilerLog::processLogEntries
2003         to use ASCIILiteral to form WTFStrings instead of vanilla C string literals.
2004
2005         * CMakeLists.txt:
2006         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2007         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2008         * JavaScriptCore.xcodeproj/project.pbxproj:
2009         * bytecode/BytecodeList.json:
2010         * bytecode/BytecodeUseDef.h:
2011         (JSC::computeUsesForBytecodeOffset):
2012         (JSC::computeDefsForBytecodeOffset):
2013         * bytecode/CodeBlock.cpp:
2014         (JSC::CodeBlock::dumpBytecode):
2015         (JSC::CodeBlock::CodeBlock):
2016         * bytecode/TypeLocation.h:
2017         * bytecode/UnlinkedCodeBlock.cpp:
2018         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
2019         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
2020         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
2021         (JSC::UnlinkedCodeBlock::highFidelityTypeProfileExpressionInfoForBytecodeOffset): Deleted.
2022         (JSC::UnlinkedCodeBlock::addHighFidelityTypeProfileExpressionInfo): Deleted.
2023         * bytecode/UnlinkedCodeBlock.h:
2024         (JSC::UnlinkedFunctionExecutable::typeProfilingStartOffset):
2025         (JSC::UnlinkedFunctionExecutable::typeProfilingEndOffset):
2026         (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingStartOffset): Deleted.
2027         (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingEndOffset): Deleted.
2028         * bytecompiler/BytecodeGenerator.cpp:
2029         (JSC::BytecodeGenerator::generate):
2030         (JSC::BytecodeGenerator::BytecodeGenerator):
2031         (JSC::BytecodeGenerator::emitMove):
2032         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
2033         (JSC::BytecodeGenerator::emitProfileType):
2034         (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo): Deleted.
2035         (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): Deleted.
2036         * bytecompiler/BytecodeGenerator.h:
2037         (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity): Deleted.
2038         * bytecompiler/NodesCodegen.cpp:
2039         (JSC::ThisNode::emitBytecode):
2040         (JSC::ResolveNode::emitBytecode):
2041         (JSC::BracketAccessorNode::emitBytecode):
2042         (JSC::DotAccessorNode::emitBytecode):
2043         (JSC::FunctionCallValueNode::emitBytecode):
2044         (JSC::FunctionCallResolveNode::emitBytecode):
2045         (JSC::FunctionCallBracketNode::emitBytecode):
2046         (JSC::FunctionCallDotNode::emitBytecode):
2047         (JSC::CallFunctionCallDotNode::emitBytecode):
2048         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2049         (JSC::PostfixNode::emitResolve):
2050         (JSC::PostfixNode::emitBracket):
2051         (JSC::PostfixNode::emitDot):
2052         (JSC::PrefixNode::emitResolve):
2053         (JSC::PrefixNode::emitBracket):
2054         (JSC::PrefixNode::emitDot):
2055         (JSC::ReadModifyResolveNode::emitBytecode):
2056         (JSC::AssignResolveNode::emitBytecode):
2057         (JSC::AssignDotNode::emitBytecode):
2058         (JSC::ReadModifyDotNode::emitBytecode):
2059         (JSC::AssignBracketNode::emitBytecode):
2060         (JSC::ReadModifyBracketNode::emitBytecode):
2061         (JSC::ConstDeclNode::emitCodeSingle):
2062         (JSC::EmptyVarExpression::emitBytecode):
2063         (JSC::ReturnNode::emitBytecode):
2064         (JSC::FunctionBodyNode::emitBytecode):
2065         * heap/Heap.cpp:
2066         (JSC::Heap::collect):
2067         * inspector/agents/InspectorRuntimeAgent.cpp:
2068         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
2069         (Inspector::recompileAllJSFunctionsForTypeProfiling):
2070         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
2071         (Inspector::InspectorRuntimeAgent::enableTypeProfiler):
2072         (Inspector::InspectorRuntimeAgent::disableTypeProfiler):
2073         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
2074         (Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling): Deleted.
2075         (Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling): Deleted.
2076         (Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState): Deleted.
2077         * inspector/agents/InspectorRuntimeAgent.h:
2078         * inspector/protocol/Runtime.json:
2079         * jit/JIT.cpp:
2080         (JSC::JIT::privateCompileMainPass):
2081         (JSC::JIT::privateCompile):
2082         * jit/JIT.h:
2083         * jit/JITOpcodes.cpp:
2084         (JSC::JIT::emit_op_profile_type):
2085         (JSC::JIT::emit_op_profile_types_with_high_fidelity): Deleted.
2086         * jit/JITOpcodes32_64.cpp:
2087         (JSC::JIT::emit_op_profile_type):
2088         (JSC::JIT::emit_op_profile_types_with_high_fidelity): Deleted.
2089         * jit/JITOperations.cpp:
2090         * jsc.cpp:
2091         (functionDumpTypesForAllVariables):
2092         * llint/LLIntSlowPaths.cpp:
2093         * llint/LowLevelInterpreter.asm:
2094         * runtime/CodeCache.cpp:
2095         (JSC::CodeCache::getGlobalCodeBlock):
2096         * runtime/CommonSlowPaths.cpp:
2097         (JSC::SLOW_PATH_DECL):
2098         * runtime/CommonSlowPaths.h:
2099         * runtime/Executable.cpp:
2100         (JSC::ScriptExecutable::ScriptExecutable):
2101         (JSC::ProgramExecutable::ProgramExecutable):
2102         (JSC::FunctionExecutable::FunctionExecutable):
2103         (JSC::ProgramExecutable::initializeGlobalProperties):
2104         * runtime/Executable.h:
2105         (JSC::ScriptExecutable::typeProfilingStartOffset):
2106         (JSC::ScriptExecutable::typeProfilingEndOffset):
2107         (JSC::ScriptExecutable::highFidelityTypeProfilingStartOffset): Deleted.
2108         (JSC::ScriptExecutable::highFidelityTypeProfilingEndOffset): Deleted.
2109         * runtime/HighFidelityLog.cpp: Removed.
2110         * runtime/HighFidelityLog.h: Removed.
2111         * runtime/HighFidelityTypeProfiler.cpp: Removed.
2112         * runtime/HighFidelityTypeProfiler.h: Removed.
2113         * runtime/Options.h:
2114         * runtime/SymbolTable.cpp:
2115         (JSC::SymbolTable::prepareForTypeProfiling):
2116         (JSC::SymbolTable::uniqueIDForVariable):
2117         (JSC::SymbolTable::uniqueIDForRegister):
2118         (JSC::SymbolTable::prepareForHighFidelityTypeProfiling): Deleted.
2119         * runtime/SymbolTable.h:
2120         * runtime/TypeProfiler.cpp: Added.
2121         (JSC::TypeProfiler::logTypesForTypeLocation):
2122         (JSC::TypeProfiler::insertNewLocation):
2123         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector):
2124         (JSC::descriptorMatchesTypeLocation):
2125         (JSC::TypeProfiler::findLocation):
2126         * runtime/TypeProfiler.h: Added.
2127         (JSC::QueryKey::QueryKey):
2128         (JSC::QueryKey::isHashTableDeletedValue):
2129         (JSC::QueryKey::operator==):
2130         (JSC::QueryKey::hash):
2131         (JSC::QueryKeyHash::hash):
2132         (JSC::QueryKeyHash::equal):
2133         (JSC::TypeProfiler::functionHasExecutedCache):
2134         (JSC::TypeProfiler::typeLocationCache):
2135         * runtime/TypeProfilerLog.cpp: Added.
2136         (JSC::TypeProfilerLog::initializeLog):
2137         (JSC::TypeProfilerLog::~TypeProfilerLog):
2138         (JSC::TypeProfilerLog::processLogEntries):
2139         * runtime/TypeProfilerLog.h: Added.
2140         (JSC::TypeProfilerLog::LogEntry::structureIDOffset):
2141         (JSC::TypeProfilerLog::LogEntry::valueOffset):
2142         (JSC::TypeProfilerLog::LogEntry::locationOffset):
2143         (JSC::TypeProfilerLog::TypeProfilerLog):
2144         (JSC::TypeProfilerLog::recordTypeInformationForLocation):
2145         (JSC::TypeProfilerLog::logEndPtr):
2146         (JSC::TypeProfilerLog::logStartOffset):
2147         (JSC::TypeProfilerLog::currentLogEntryOffset):
2148         * runtime/VM.cpp:
2149         (JSC::VM::VM):
2150         (JSC::VM::enableTypeProfiler):
2151         (JSC::VM::disableTypeProfiler):
2152         (JSC::VM::dumpTypeProfilerData):
2153         (JSC::VM::enableHighFidelityTypeProfiling): Deleted.
2154         (JSC::VM::disableHighFidelityTypeProfiling): Deleted.
2155         (JSC::VM::dumpHighFidelityProfilingTypes): Deleted.
2156         * runtime/VM.h:
2157         (JSC::VM::typeProfilerLog):
2158         (JSC::VM::typeProfiler):
2159         (JSC::VM::isProfilingTypesWithHighFidelity): Deleted.
2160         (JSC::VM::highFidelityLog): Deleted.
2161         (JSC::VM::highFidelityTypeProfiler): Deleted.
2162
2163 2014-08-20  Csaba Osztrogonác  <ossy@webkit.org>
2164
2165         URTBF after r172799.
2166
2167         * disassembler/ARM64/A64DOpcode.cpp:
2168         * disassembler/ARM64Disassembler.cpp:
2169
2170 2014-08-20  Oliver Hunt  <oliver@apple.com>
2171
2172         Stop implicitly skipping a function's own activation when walking the scope chain
2173         https://bugs.webkit.org/show_bug.cgi?id=136118
2174
2175         Reviewed by Geoffrey Garen.
2176
2177         Remove the current logic that implicitly skips a function's
2178         own activation when walking the scope chain. This is ground
2179         work for ensuring that all closed variable access is made
2180         through the function's activation. This leads to a further
2181         10% regression on earley, but we're already tracking the
2182         overall performance regression.
2183
2184         * bytecode/CodeBlock.cpp:
2185         (JSC::CodeBlock::CodeBlock):
2186         * dfg/DFGAbstractInterpreterInlines.h:
2187         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2188         * dfg/DFGByteCodeParser.cpp:
2189         (JSC::DFG::ByteCodeParser::getScope):
2190         (JSC::DFG::ByteCodeParser::parseBlock):
2191         * dfg/DFGClobberize.h:
2192         (JSC::DFG::clobberize):
2193         * dfg/DFGDoesGC.cpp:
2194         (JSC::DFG::doesGC):
2195         * dfg/DFGFixupPhase.cpp:
2196         (JSC::DFG::FixupPhase::fixupNode):
2197         * dfg/DFGHeapLocation.cpp:
2198         (WTF::printInternal):
2199         * dfg/DFGHeapLocation.h:
2200         * dfg/DFGNodeType.h:
2201         * dfg/DFGPredictionPropagationPhase.cpp:
2202         (JSC::DFG::PredictionPropagationPhase::propagate):
2203         * dfg/DFGSafeToExecute.h:
2204         (JSC::DFG::safeToExecute):
2205         * dfg/DFGSpeculativeJIT32_64.cpp:
2206         (JSC::DFG::SpeculativeJIT::compile):
2207         * dfg/DFGSpeculativeJIT64.cpp:
2208         (JSC::DFG::SpeculativeJIT::compile):
2209         * jit/JITPropertyAccess.cpp:
2210         (JSC::JIT::emitResolveClosure):
2211         * llint/LowLevelInterpreter32_64.asm:
2212         * llint/LowLevelInterpreter64.asm:
2213         * runtime/JSScope.cpp:
2214         (JSC::JSScope::abstractResolve):
2215         * runtime/JSScope.h:
2216
2217 2014-08-20  Michael Saboff  <msaboff@apple.com>
2218
2219         REGRESSION: Web Inspector crashes when reloading apple.com with Timeline recording active
2220         https://bugs.webkit.org/show_bug.cgi?id=136034
2221
2222         Reviewed by Mark Lam.
2223
2224         DebuggerCallFrame::positionForCallFrame is trying to unwind starting somewhere in the middle
2225         of the stack.  Hardened StackVisitor to skip over the frames between the current top frame
2226         and the requested start frame.
2227
2228         * interpreter/StackVisitor.cpp:
2229         (JSC::StackVisitor::StackVisitor):
2230
2231 2014-08-20  Brent Fulgham  <bfulgham@apple.com>
2232
2233         [Win] JavaScriptCore.dll is missing version information.
2234         https://bugs.webkit.org/show_bug.cgi?id=136105
2235         <rdar://problem/18075852>
2236
2237         Reviewed by Dean Jackson.
2238
2239         * JavaScriptCore.vcxproj/JavaScriptCorePreBuild.cmd: Add missing step to generate
2240         version information for intermediary build path.
2241
2242 2014-08-20  Saam Barati  <sbarati@apple.com>
2243
2244         Fix a memory leak in TypeSet
2245         https://bugs.webkit.org/show_bug.cgi?id=135913
2246
2247         Reviewed by Filip Pizlo.
2248
2249         Currently, TypeSet unconditionally allocates memory for its member
2250         variable m_structureHistory, but never deallocates it. Change this 
2251         from being a pointer that is unconditionally allocated to a member 
2252         variable that will be deallocated when TypeSet itself is deallocated.
2253
2254         * runtime/TypeSet.cpp:
2255         (JSC::TypeSet::TypeSet):
2256         (JSC::TypeSet::addTypeInformation):
2257         (JSC::TypeSet::seenTypes):
2258         (JSC::TypeSet::displayName):
2259         (JSC::TypeSet::allStructureRepresentations):
2260         (JSC::StructureShape::leastCommonAncestor):
2261         * runtime/TypeSet.h:
2262
2263 2014-08-20  peavo@outlook.com  <peavo@outlook.com>
2264
2265         [Win] Assertion fails when running JSC stress tests.
2266         https://bugs.webkit.org/show_bug.cgi?id=136103
2267
2268         Reviewed by Darin Adler.
2269
2270         Use unsigned bitfield member instead of enum bitfield member to avoid negative values.
2271
2272         * bytecode/CodeOrigin.h: Use unsigned bitfield member.
2273         (JSC::InlineCallFrame::specializationKind): Compile fix.
2274
2275 2014-08-20  Akos Kiss  <akiss@inf.u-szeged.hu>
2276
2277         Enable ARM64 disassembler on EFL
2278         https://bugs.webkit.org/show_bug.cgi?id=136089
2279
2280         Reviewed by Filip Pizlo.
2281
2282         * CMakeLists.txt:
2283         Added disassembler/ARM64Disassembler.cpp and
2284         disassembler/ARM64/A64DOpcode.cpp to JavaScriptCore_SOURCES.
2285
2286         * disassembler/ARM64/A64DOpcode.cpp:
2287         Added USE(ARM64_DISASSEMBLER) guard around implementation.
2288
2289         * disassembler/ARM64/A64DOpcode.h:
2290         (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate64):
2291         (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
2292         Made format strings portable by changing "%llx" to "%" PRIx64 for
2293         uint64_t arguments.
2294
2295 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2296
2297         REGRESSION(r172401): for-in optimization no longer works at all
2298         https://bugs.webkit.org/show_bug.cgi?id=136056
2299
2300         Reviewed by Geoffrey Garen.
2301         
2302         Roll this back in, along with a fix to make proxies work. Previously, for-in over proxies
2303         would instacrash every time.
2304
2305         * bytecompiler/BytecodeGenerator.cpp:
2306         (JSC::BytecodeGenerator::emitGetByVal):
2307         (JSC::BytecodeGenerator::pushIndexedForInScope):
2308         (JSC::BytecodeGenerator::pushStructureForInScope):
2309         * bytecompiler/BytecodeGenerator.h:
2310         (JSC::ForInContext::ForInContext):
2311         (JSC::StructureForInContext::StructureForInContext):
2312         (JSC::IndexedForInContext::IndexedForInContext):
2313         (JSC::ForInContext::base): Deleted.
2314         * bytecompiler/NodesCodegen.cpp:
2315         (JSC::ForInNode::emitMultiLoopBytecode):
2316         * runtime/JSProxy.cpp:
2317         (JSC::JSProxy::getStructurePropertyNames):
2318         (JSC::JSProxy::getGenericPropertyNames):
2319         * tests/stress/for-in-base-reassigned-later-and-change-structure.js: Added.
2320         (foo):
2321         * tests/stress/for-in-base-reassigned-later.js: Added.
2322         (foo):
2323         * tests/stress/for-in-base-reassigned.js: Added.
2324         (foo):
2325         * tests/stress/for-in-proxy-target-changed-structure.js: Added.
2326         (deleteAll):
2327         (foo):
2328         * tests/stress/for-in-proxy.js: Added.
2329         (foo):
2330
2331 2014-08-19  Jaehun Lim  <ljaehun.lim@samsung.com>
2332
2333         Unreviewed, fix EFL build after r17275
2334
2335         Fix error: ignoring #pragma clang diagnostic [-Werror=unknown-pragmas]
2336
2337         * runtime/JSDataViewPrototype.cpp:
2338         Add #if COMPILER(CLANG) and #endif.
2339
2340 2014-08-19  Michael Saboff  <msaboff@apple.com>
2341
2342         Crash in jsc-layout-tests.yaml/js/script-tests/reentrant-caching.js
2343         https://bugs.webkit.org/show_bug.cgi?id=136080
2344
2345         Reviewed by Mark Lam.
2346
2347         Update VM::topVMEntryFrame via NativeCallFrameTracer() when we pass the caller's frame
2348         to NativeCallFrameTracer() as the callee's frame may be the first callee from an entry
2349         frame.  In that case, the caller will have the prior VM entry frame.
2350
2351         The new NativeCallFrameTracer with a VMEntryFrame parameter should be used when throwing
2352         an exception from a caller frame.  The value to use for the VMEntryFrame should be a
2353         value possibly modified by CallFrame::callerFrame(&*VMEntryFrame) used to find the caller.
2354
2355         * interpreter/Interpreter.h:
2356         (JSC::NativeCallFrameTracer::NativeCallFrameTracer): Added a new constructor that takes a
2357         VMEntryFrame.  Added an ASSERT to both constructors to check that the updated topCallFrame
2358         is below the current vmEntryFrame.
2359
2360         * jit/JITOperations.cpp:
2361         (JSC::operationThrowStackOverflowError):
2362         (JSC::operationCallArityCheck):
2363         (JSC::operationConstructArityCheck):
2364         Set VM::topVMEntryFrame to the possibly updated VMEntryFrame after getting the caller's frame.
2365
2366 2014-08-19  Andy Estes  <aestes@apple.com>
2367
2368         [Cocoa] Offline Assembler build phase fails when $BUILT_PRODUCTS_DIR contains spaces
2369         https://bugs.webkit.org/show_bug.cgi?id=136086
2370
2371         Reviewed by Filip Pizlo.
2372
2373         Enclosed arguments to asm.rb containing $BUILT_PRODUCTS_DIR in double quotes so that they don't get split on
2374         whitespace. Also let Xcode have its way with an unrelated part of the project file.
2375
2376         * JavaScriptCore.xcodeproj/project.pbxproj:
2377
2378 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2379
2380         LLInt build should be way faster
2381         https://bugs.webkit.org/show_bug.cgi?id=136085
2382
2383         Reviewed by Geoffrey Garen.
2384         
2385         This does three things to improve the LLInt build performance. One of them is only for
2386         Xcode for now while the others should benefit all platforms:
2387         
2388         - Don't exponentially build settings combinations that correspond to being on two backends
2389           simultaneously. This is by far the biggest win.
2390         
2391         - Don't generate offset extraction code for backends that aren't supported by the current
2392           port. This currently only works on Xcode-based ports. This is a relatively small win.
2393         
2394         - Remove the ALWAYS_ALLOCATE_SLOW option. Each option increases build time, and we haven't
2395           used this one in a long time. Anyway, setting this option could be emulated by just
2396           directly hacking the code.
2397         
2398         This is an enormous speed-up in the LLInt build.
2399
2400         * JavaScriptCore.xcodeproj/project.pbxproj: Prune the set of backends that we should consider on Xcode-based platforms.
2401         * llint/LLIntOfflineAsmConfig.h: Remove ALWAYS_ALLOCATE_SLOW
2402         * llint/LowLevelInterpreter.asm: Remove ALWAYS_ALLOCATE_SLOW
2403         * offlineasm/backends.rb: Add infrastructure for reasoning about valid backends.
2404         * offlineasm/generate_offset_extractor.rb: Allow the client to specify a filtered set of valid backends.
2405         * offlineasm/settings.rb: Improve the construction of settings combinations so that it doesn't traverse the enourmous set of obviously invalid multi-backend combinations. Also glue into support for valid backends.
2406
2407 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2408
2409         Fix indentation and style in LowLevelInterpreter.asm
2410         https://bugs.webkit.org/show_bug.cgi?id=136083
2411
2412         Reviewed by Mark Lam.
2413
2414         * llint/LowLevelInterpreter.asm:
2415
2416 2014-08-19  Magnus Granberg  <zorry@gentoo.org>
2417
2418         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
2419         https://bugs.webkit.org/show_bug.cgi?id=70610
2420
2421         Reviewed by Darin Adler.
2422
2423         Setup %ebx so we can use the plt.
2424
2425         * jit/ThunkGenerators.cpp:
2426
2427 2014-08-19  Zalan Bujtas  <zalan@apple.com>
2428
2429         Remove ENABLE(SUBPIXEL_LAYOUT).
2430         https://bugs.webkit.org/show_bug.cgi?id=136077
2431
2432         Reviewed by Simon Fraser.
2433
2434         Remove compile time flag SUBPIXEL_LAYOUT. All ports have it enabled for a while now.
2435
2436         * Configurations/FeatureDefines.xcconfig:
2437
2438 2014-08-19  Alex Christensen  <achristensen@webkit.org>
2439
2440         [CMake] Generate LLInt assembly correctly on Windows.
2441         https://bugs.webkit.org/show_bug.cgi?id=135888
2442
2443         Reviewed by Oliver Hunt.
2444
2445         * CMakeLists.txt:
2446         Generate LowLevelInterpreterWin.asm instead of LLIntAssembly.h on Windows like the existing build system.
2447         * PlatformWin.cmake:
2448         Don't build JSGlobalObjectInspectorController.cpp on Windows.
2449         * offlineasm/x86.rb:
2450         Detect non-cygwin ruby installations correctly.
2451
2452 2014-08-19  Michael Saboff  <msaboff@apple.com>
2453
2454         REGRESSION(r163179): It broke the build on ARM Thumb2 with GCC
2455         https://bugs.webkit.org/show_bug.cgi?id=136028
2456
2457         Reviewed by Oliver Hunt.
2458
2459         Added back ARMv7 conditionals around three op addp and subp since ARM Thumb2 spec says that
2460         the behavior for those ops are undefined.  This was originally done in changeset 163179.
2461
2462         * llint/LowLevelInterpreter32_64.asm:
2463
2464 2014-08-18  Commit Queue  <commit-queue@webkit.org>
2465
2466         Unreviewed, rolling out r172741.
2467         https://bugs.webkit.org/show_bug.cgi?id=136058
2468
2469         This change is breaking PLT. (Requested by mlam on #webkit).
2470
2471         Reverted changeset:
2472
2473         "REGRESSION(r172401): for-in optimization no longer works at
2474         all"
2475         https://bugs.webkit.org/show_bug.cgi?id=136056
2476         http://trac.webkit.org/changeset/172741
2477
2478 2014-08-18  Filip Pizlo  <fpizlo@apple.com>
2479
2480         REGRESSION(r172401): for-in optimization no longer works at all
2481         https://bugs.webkit.org/show_bug.cgi?id=136056
2482
2483         Reviewed by Mark Hahnenberg.
2484         
2485         This is a partial roll-out of r172401. It turns out that the fix wasn't actually fixing a
2486         real bug (since it's fine to use op_get_direct_pname on the wrong base because it has a
2487         structure check) and it was actually breaking the entire for-in optimization (since there is
2488         no way that we can statically prove that the base matches, because the base we see is a
2489         newly created temporary, and anyway doing it right would be really hard in our bytecode
2490         because it's 3AC form).
2491         
2492         But, I added a new test for the problem, and kept the original test. Both the old test and
2493         the new test prove that r172401 wasn't fixing what it thought it was fixing. To the extent
2494         that it resolved crashes it was because it just disabled the for-in optimization entirely.
2495
2496         * bytecompiler/BytecodeGenerator.cpp:
2497         (JSC::BytecodeGenerator::emitGetByVal):
2498         (JSC::BytecodeGenerator::pushIndexedForInScope):
2499         (JSC::BytecodeGenerator::pushStructureForInScope):
2500         * bytecompiler/BytecodeGenerator.h:
2501         (JSC::ForInContext::ForInContext):
2502         (JSC::StructureForInContext::StructureForInContext):
2503         (JSC::IndexedForInContext::IndexedForInContext):
2504         (JSC::ForInContext::base): Deleted.
2505         * bytecompiler/NodesCodegen.cpp:
2506         (JSC::ForInNode::emitMultiLoopBytecode):
2507         * tests/stress/for-in-base-reassigned.js: Added.
2508         * tests/stress/for-in-base-reassigned-later.js: Added.
2509         * tests/stress/for-in-base-reassigned-later-and-change-structure.js: Added.
2510
2511 2014-08-18  Mark Lam  <mark.lam@apple.com>
2512
2513         Gardening: build fix for non-Mac builds after r172737.
2514         https://bugs.webkit.org/show_bug.cgi?id=135750
2515
2516         Not reviewed.
2517
2518         * CMakeLists.txt:
2519         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2520         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2521
2522 2014-08-18  Filip Pizlo  <fpizlo@apple.com>
2523
2524         REGRESSION(r172129): ftlopt branch merge made performance tests flakey crash
2525         https://bugs.webkit.org/show_bug.cgi?id=135750
2526
2527         Reviewed by Mark Lam.
2528         
2529         This was caused by a rather embarrassing oversight in how the DFG tracks structures: we
2530         could sometimes perform an optimization that requires a structure to be alive but forget to
2531         ensure that the structure is actually kept alive. In particular, any watchpoint-based
2532         optimizations involve setting watchpoints even if the code that got optimized is eventually
2533         deleted because it is unreachable. All such optimizations would leave behind something in
2534         the IR to tell us that we are interested in the structure and that therefore it should be
2535         kept alive. But, IR can be deleted if it is unreachable.
2536         
2537         The solution is to ensure that as soon as the DFG is made aware of a structure, it adds it
2538         to the set of weak references.
2539
2540         * JavaScriptCore.xcodeproj/project.pbxproj:
2541         * dfg/DFGAbstractInterpreterInlines.h:
2542         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2543         * dfg/DFGAbstractValue.cpp:
2544         (JSC::DFG::AbstractValue::setOSREntryValue):
2545         (JSC::DFG::AbstractValue::set):
2546         (JSC::DFG::AbstractValue::normalizeClarity):
2547         (JSC::DFG::AbstractValue::assertIsRegistered):
2548         (JSC::DFG::AbstractValue::assertIsWatched): Deleted.
2549         * dfg/DFGAbstractValue.h:
2550         (JSC::DFG::AbstractValue::assertIsRegistered):
2551         (JSC::DFG::AbstractValue::assertIsWatched): Deleted.
2552         * dfg/DFGCommon.h:
2553         * dfg/DFGConstantFoldingPhase.cpp:
2554         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2555         * dfg/DFGDesiredWeakReferences.cpp:
2556         (JSC::DFG::DesiredWeakReferences::addLazily):
2557         (JSC::DFG::DesiredWeakReferences::contains):
2558         (JSC::DFG::DesiredWeakReferences::reallyAdd):
2559         (JSC::DFG::DesiredWeakReferences::visitChildren):
2560         * dfg/DFGDesiredWeakReferences.h:
2561         * dfg/DFGFixupPhase.cpp:
2562         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
2563         * dfg/DFGGraph.cpp:
2564         (JSC::DFG::Graph::Graph):
2565         (JSC::DFG::Graph::registerFrozenValues):
2566         (JSC::DFG::Graph::convertToConstant):
2567         (JSC::DFG::Graph::registerStructure):
2568         (JSC::DFG::Graph::assertIsRegistered):
2569         (JSC::DFG::Graph::assertIsWatched): Deleted.
2570         * dfg/DFGGraph.h:
2571         * dfg/DFGPlan.cpp:
2572         (JSC::DFG::Plan::compileInThreadImpl):
2573         * dfg/DFGStructureAbstractValue.cpp:
2574         (JSC::DFG::StructureAbstractValue::assertIsRegistered):
2575         (JSC::DFG::StructureAbstractValue::assertIsWatched): Deleted.
2576         * dfg/DFGStructureAbstractValue.h:
2577         (JSC::DFG::StructureAbstractValue::assertIsRegistered):
2578         (JSC::DFG::StructureAbstractValue::assertIsWatched): Deleted.
2579         * dfg/DFGStructureRegistrationPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGWatchableStructureWatchingPhase.cpp.
2580         (JSC::DFG::StructureRegistrationPhase::StructureRegistrationPhase):
2581         (JSC::DFG::StructureRegistrationPhase::run):
2582         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2583         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2584         (JSC::DFG::performStructureRegistration):
2585         (JSC::DFG::WatchableStructureWatchingPhase::WatchableStructureWatchingPhase): Deleted.
2586         (JSC::DFG::WatchableStructureWatchingPhase::run): Deleted.
2587         (JSC::DFG::WatchableStructureWatchingPhase::tryWatch): Deleted.
2588         (JSC::DFG::performWatchableStructureWatching): Deleted.
2589         * dfg/DFGStructureRegistrationPhase.h: Copied from Source/JavaScriptCore/dfg/DFGWatchableStructureWatchingPhase.h.
2590         * dfg/DFGWatchableStructureWatchingPhase.cpp: Removed.
2591         * dfg/DFGWatchableStructureWatchingPhase.h: Removed.
2592
2593 2014-08-18  Akos Kiss  <akiss@inf.u-szeged.hu>
2594
2595         Fix ASSERT in ARM64's JSC::GPRInfo::debugName
2596         https://bugs.webkit.org/show_bug.cgi?id=136050
2597
2598         Reviewed by Darin Adler.
2599
2600         Remove cast of GPRReg to unsigned to prevent signed/unsigned comparison
2601         error.
2602
2603         * jit/GPRInfo.h:
2604         (JSC::GPRInfo::debugName):
2605
2606 2014-08-18  Andreas Kling  <akling@apple.com>
2607
2608         REGRESSION(r168256): JSString can get 8-bit flag wrong when re-using AtomicStrings.
2609         <https://webkit.org/b/133574>
2610         <rdar://problem/18051847>
2611
2612         The optimization that resolves JSRopeStrings into an existing
2613         AtomicString (to save time and memory by avoiding StringImpl allocation)
2614         had a bug that it wasn't copying the 8-bit flag from the AtomicString.
2615
2616         This could lead to a situation where a 16-bit StringImpl containing
2617         only 8-bit characters is sitting in the AtomicString table, is found
2618         by the rope resolution optimization, and gives you a rope that thinks
2619         it's all 8-bit, but has a fiber with 16-bit characters.
2620
2621         Resolving that rope will then yield incorrect results.
2622
2623         This was all caught by an assertion, but very hard to reproduce.
2624
2625         Test: js/dopey-rope-with-16-bit-propertyname.html
2626
2627         Reviewed by Darin Adler.
2628
2629         * runtime/JSString.cpp:
2630         (JSC::JSRopeString::resolveRopeToAtomicString):
2631         (JSC::JSRopeString::resolveRopeToExistingAtomicString):
2632         * runtime/JSString.h:
2633         (JSC::JSString::setIs8Bit):
2634         (JSC::JSString::toExistingAtomicString):
2635
2636 2014-08-18  Matthew Mirman  <mmirman@apple.com>
2637
2638         Merges the two native inlining passes from the build.
2639         Also adds the AvailableExternallyLinkage assertion to linked 
2640         functions to allow unused and duplicate ones to be removed.
2641         https://bugs.webkit.org/show_bug.cgi?id=135526
2642
2643         Reviewed by Filip Pizlo.
2644
2645         * JavaScriptCore.xcodeproj/project.pbxproj: 
2646         Removed second generation of llvm binary files.
2647         Fixed the flags on the first pass. 
2648         * build-symbol-table-index.py: Modified some paths.
2649         * build-symbol-table-index.sh: Removed.
2650         * copy-llvm-ir-to-derived-sources.sh: Now calls build-symbol-table-index directly.
2651         * ftl/FTLLowerDFGToLLVM.cpp: Added LLVMAvailableExternallyLinkage assertion.
2652         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): 
2653         * runtime/ArrayPrototype.cpp: Removed static declarations. 
2654         * runtime/DateConstructor.cpp: ditto.
2655         (JSC::dateParse):
2656         (JSC::dateNow):
2657         (JSC::dateUTC):
2658         * runtime/DatePrototype.cpp: ditto.
2659         * runtime/JSDataViewPrototype.cpp: ditto on both.
2660         (JSC::dataViewProtoFuncGetInt8):
2661         (JSC::dataViewProtoFuncGetInt16):
2662         (JSC::dataViewProtoFuncGetInt32):
2663         (JSC::dataViewProtoFuncGetUint8):
2664         (JSC::dataViewProtoFuncGetUint16):
2665         (JSC::dataViewProtoFuncGetUint32):
2666         (JSC::dataViewProtoFuncGetFloat32):
2667         (JSC::dataViewProtoFuncGetFloat64):
2668         (JSC::dataViewProtoFuncSetInt8):
2669         (JSC::dataViewProtoFuncSetInt16):
2670         (JSC::dataViewProtoFuncSetInt32):
2671         (JSC::dataViewProtoFuncSetUint8):
2672         (JSC::dataViewProtoFuncSetUint16):
2673         (JSC::dataViewProtoFuncSetUint32):
2674         (JSC::dataViewProtoFuncSetFloat32):
2675         (JSC::dataViewProtoFuncSetFloat64):
2676         * runtime/JSONObject.cpp: ditto.
2677         * runtime/ObjectConstructor.cpp: ditto.
2678         * runtime/StringPrototype.cpp: ditto.
2679
2680 2014-08-18  Saam Barati  <sbarati@apple.com>
2681
2682         The parser should generate AST nodes the var declarations with no initializers
2683         https://bugs.webkit.org/show_bug.cgi?id=135545
2684
2685         Reviewed by Geoffrey Garen.
2686
2687         Currently, JSC's parser ignores variable declarations
2688         that have no assignment initializer value because all 
2689         variables are implicitly assigned to undefined. But, 
2690         type profiling needs an AST node to be generated for these 
2691         empty variable declarations because it needs to be able to 
2692         profile their text locations and to see that their type 
2693         is undefined.
2694
2695         * bytecompiler/NodesCodegen.cpp:
2696         (JSC::EmptyVarExpression::emitBytecode):
2697         * parser/ASTBuilder.h:
2698         (JSC::ASTBuilder::createVarStatement):
2699         (JSC::ASTBuilder::createEmptyVarExpression):
2700         * parser/NodeConstructors.h:
2701         (JSC::EmptyVarExpression::EmptyVarExpression):
2702         * parser/Nodes.h:
2703         * parser/Parser.cpp:
2704         (JSC::Parser<LexerType>::parseVarDeclarationList):
2705         * parser/SyntaxChecker.h:
2706         (JSC::SyntaxChecker::createEmptyVarExpression):
2707
2708 2014-08-18  Diego Pino Garcia  <dpino@igalia.com>
2709
2710         Completed iterator can be revived by adding more than one new entry to the target object
2711         https://bugs.webkit.org/show_bug.cgi?id=129993
2712
2713         Reviewed by Oliver Hunt.
2714
2715         When iterator reaches end, finish iterator.
2716
2717         * runtime/JSMapIterator.h:
2718         (JSC::JSMapIterator::finish):
2719         * runtime/JSSetIterator.h:
2720         (JSC::JSSetIterator::finish):
2721         * runtime/MapData.h:
2722         (JSC::MapData::const_iterator::finish): set index of iterator to max
2723         Int32.
2724         * runtime/MapIteratorPrototype.cpp:
2725         (JSC::MapIteratorPrototypeFuncNext):
2726         * runtime/SetIteratorPrototype.cpp:
2727         (JSC::SetIteratorPrototypeFuncNext):
2728
2729 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2730
2731         Web Inspector: rewrite CodeGeneratorInspector to be modular and testable
2732         https://bugs.webkit.org/show_bug.cgi?id=131596
2733
2734         Unreviewed gardening to rebaseline inspector generator tests after addressing review comments.
2735
2736         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2737         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2738         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2739         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2740         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2741         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2742         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2743         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2744         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2745         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2746         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2747
2748 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2749
2750         Unreviewed build fix for some GTK bots after r172655.
2751
2752         Some bots use Python 2.6, which lacks the 'flags' named parameter for re.sub.
2753
2754         * inspector/scripts/codegen/generator.py:
2755         (Generator.stylized_name_for_enum_value): Do things the old-school way.
2756
2757 2014-08-15  Michael Saboff  <msaboff@apple.com>
2758
2759         Change callToJavaScript and callToNativeFunction so their callFrames match the native calling conventions
2760         https://bugs.webkit.org/show_bug.cgi?id=131578
2761
2762         Reviewed by Geoffrey Garen.
2763
2764         Renamed callToJavaScript and callToNativeFunction to vmEntryToJavaScript and vmEntryToNative,
2765         respectively.  Eliminated the sentinel frame and replaced it with the structure VMEntryRecord
2766         that appears in the "locals" area of a VM entry stack frame.  Changed the order that
2767         vmEntryToJavaScript and vmEntryToNative creates their stack frames to be native calling
2768         convention compliant.  That is to save prior frame pointer, save callee save registers, then
2769         allocate and populate the VMEntryRecord, and finally allocate a CallFrame for the JS function
2770         that vmEntryToJavaScript will invoke.  The top most vm entry frame pointer is saved in
2771         VM::topVMEntryFrame.  The vmEntry functions save prior contents of VM::topVMEntryFrame
2772         along with the VM and VM::topCallFrame in the VMEntryRecord it places on the stack.  Starting
2773         at VM::topCallFrame, the stack can be walked using these VMEntryRecords.
2774
2775         Arbitrary stack unwinding is now handled either iteratively by loading VM::topVMEntryFrame
2776         into a local variable and using CallFrame::callerFrame(VMEntryFrame*&) or by using StackVisitor.
2777         Given that the stack is effectively a singly linked list, general stack unwinding needs to use
2778         one of these two methods.
2779
2780         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2781         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2782         * JavaScriptCore.xcodeproj/project.pbxproj:
2783         Addition of VMEntryRecord.h
2784
2785         * bytecode/BytecodeList.json:
2786         Renaming of llint helper opcodes due to renaming callToJavaScript and callToNativeFunction.
2787
2788         * debugger/Debugger.cpp:
2789         (JSC::Debugger::stepOutOfFunction):
2790         (JSC::Debugger::returnEvent):
2791         (JSC::Debugger::didExecuteProgram):
2792         * jsc.cpp:
2793         (functionDumpCallFrame):
2794         * jit/JITOperations.cpp:
2795         Changed unwinding to use CallFrame::callerFrame(VMEntryFrame*&).
2796
2797         * bytecode/CodeBlock.cpp:
2798         (JSC::RecursionCheckFunctor::RecursionCheckFunctor):
2799         (JSC::RecursionCheckFunctor::operator()):
2800         (JSC::RecursionCheckFunctor::didRecurse):
2801         (JSC::CodeBlock::noticeIncomingCall):
2802         * debugger/DebuggerCallFrame.cpp:
2803         (JSC::FindCallerMidStackFunctor::FindCallerMidStackFunctor):
2804         (JSC::FindCallerMidStackFunctor::operator()):
2805         (JSC::FindCallerMidStackFunctor::getCallerFrame):
2806         (JSC::DebuggerCallFrame::callerFrame):
2807         * interpreter/VMInspector.cpp:
2808         (JSC::CountFramesFunctor::CountFramesFunctor):
2809         (JSC::CountFramesFunctor::operator()):
2810         (JSC::CountFramesFunctor::count):
2811         (JSC::VMInspector::countFrames):
2812         * runtime/VM.cpp:
2813         (JSC::VM::VM):
2814         (JSC::FindFirstCallerFrameWithCodeblockFunctor::FindFirstCallerFrameWithCodeblockFunctor):
2815         (JSC::FindFirstCallerFrameWithCodeblockFunctor::operator()):
2816         (JSC::FindFirstCallerFrameWithCodeblockFunctor::foundCallFrame):
2817         (JSC::FindFirstCallerFrameWithCodeblockFunctor::index):
2818         (JSC::VM::throwException):
2819         Changed unwinding to use StackVisitor including added functor classes.
2820
2821         * interpreter/CallFrame.cpp:
2822         (JSC::CallFrame::callerFrame):
2823         Added new flavor of callerFrame() that can iteratively unwind the stack.
2824
2825         * interpreter/CallFrame.h:
2826         (JSC::ExecState::callerFrame): Changed callerFrame() to use private common helper.
2827         (JSC::ExecState::callerFrameOrVMEntryFrame): Deleted.
2828         (JSC::ExecState::isVMEntrySentinel): Deleted.
2829         (JSC::ExecState::vmEntrySentinelCallerFrame): Deleted.
2830         (JSC::ExecState::initializeVMEntrySentinelFrame): Deleted.
2831         (JSC::ExecState::callerFrameSkippingVMEntrySentinel): Deleted.
2832         (JSC::ExecState::vmEntrySentinelCodeBlock): Deleted.
2833
2834         * interpreter/CallFrame.h:
2835         (JSC::ExecState::init):
2836         (JSC::ExecState::topOfFrame):
2837         (JSC::ExecState::currentVPC):
2838         (JSC::ExecState::setCurrentVPC):
2839         Eliminated unneded checking of sentinel frame.
2840
2841         * interpreter/Interpreter.cpp:
2842         (JSC::unwindCallFrame):
2843         (JSC::Interpreter::getStackTrace): Updated for unwidning changes.
2844         (JSC::Interpreter::unwind): Eliminated unneeded sentinel frame check.
2845
2846         * interpreter/Interpreter.cpp:
2847         (JSC::Interpreter::executeCall):
2848         (JSC::Interpreter::executeConstruct):
2849         * jit/JITStubs.h:
2850         * llint/LLIntThunks.cpp:
2851         (JSC::callToJavaScript): Deleted.
2852         (JSC::callToNativetion): Deleted.
2853         (JSC::vmEntryToJavaScript):
2854         (JSC::vmEntryToNative):
2855         * llint/LLIntThunks.h:
2856         Updated for vmEntryToJavaScript and vmEntryToNative name changes.
2857
2858         * interpreter/Interpreter.h:
2859         (JSC::TopCallFrameSetter::TopCallFrameSetter):
2860         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
2861         Eliminated unneeded sentinel frame check.
2862
2863         * interpreter/Interpreter.h:
2864         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
2865         Removed sentinel specific constructor.
2866
2867         * interpreter/StackVisitor.cpp:
2868         (JSC::StackVisitor::StackVisitor):
2869         (JSC::StackVisitor::readFrame):
2870         (JSC::StackVisitor::readNonInlinedFrame):
2871         (JSC::StackVisitor::readInlinedFrame):
2872         (JSC::StackVisitor::Frame::print):
2873         * interpreter/StackVisitor.h:
2874         (JSC::StackVisitor::Frame::callerIsVMEntry):
2875         Changes for unwinding using CallFrame::callerFrame(VMEntryFrame*&).  Also added field that
2876         indicates when about to step over a VM entry frame.
2877
2878         * interpreter/VMEntryRecord.h: Added.
2879         (JSC::VMEntryRecord::prevTopCallFrame):
2880         (JSC::VMEntryRecord::prevTopVMEntryFrame):
2881         New struct to record prior state of VM's notion of VM entry and top call frames.
2882
2883         * jit/JITCode.cpp:
2884         (JSC::JITCode::execute):
2885         Use new vmEntryToJavaScript and vmEntryToNative name.
2886
2887         * llint/LLIntOffsetsExtractor.cpp: Added include for VMEntryRecord.h.
2888
2889         * llint/LowLevelInterpreter.asm:
2890         * llint/LowLevelInterpreter32_64.asm:
2891         * llint/LowLevelInterpreter64.asm:
2892         Offline assembly implementation of creating stack frame with VMEntryRecord and well as restoring 
2893         relevent VM fields when exiting the VM.  Added a helper that returns a VMEntryRecord given
2894         a pointer to the VM entry frame.
2895
2896         * llint/LLIntThunks.cpp:
2897         (JSC::vmEntryRecord):
2898         * llint/LowLevelInterpreter.cpp:
2899         (JSC::CLoop::execute):
2900         C Loop changes to mirror the assembly changes.
2901
2902         * runtime/VM.h:
2903         Added topVMEntryFrame field.
2904
2905 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2906
2907         Web Inspector: rewrite CodeGeneratorInspector to be modular and testable
2908         https://bugs.webkit.org/show_bug.cgi?id=131596
2909
2910         Reviewed by Joseph Pecoraro.
2911
2912         Replace CodeGeneratorInspector.py with generate-inspector-protocol-bindings.py.
2913         The new generator decouples parsing and typechecking a model of the protocol from
2914         code generation. Each generated file is created by a different subclass of Generator.
2915         Helper methods to compute various type signatures are shared among generators.
2916
2917         This patch introduces a test harness and a test suite that covers all functionality.
2918
2919         Aside from hooking up the new inspector bindings generator to the build system,
2920         there are a few comingled changes that would be painful to split from the main
2921         patch:
2922
2923         Convert protocol enumeration types from struct-namespaced enums to C++ scoped enums.
2924
2925         Move all runtimeCast(), assertValueHasExpectedType(), and RuntimeCastHelper methods to static
2926         methods of BindingTraits specializations.
2927
2928         Together, these changes reduce duplication and make it possible to forward-declare
2929         all protocol enum and object types, reducing weird ordering dependencies between domains.
2930
2931         * CMakeLists.txt:
2932         * DerivedSources.make:
2933         * JavaScriptCore.vcxproj/copy-files.cmd:
2934         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2935         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add inspector scripts to solution filters.
2936         * JavaScriptCore.xcodeproj/project.pbxproj:
2937         * inspector/ConsoleMessage.cpp: Convert to scoped enums.
2938         (Inspector::messageSourceValue):
2939         (Inspector::messageTypeValue):
2940         (Inspector::messageLevelValue):
2941         * inspector/InjectedScript.cpp: Convert to scoped enums and BindingTraits.
2942         (Inspector::InjectedScript::getFunctionDetails):
2943         (Inspector::InjectedScript::getProperties):
2944         (Inspector::InjectedScript::getInternalProperties):
2945         (Inspector::InjectedScript::wrapCallFrames):
2946         (Inspector::InjectedScript::wrapObject):
2947         (Inspector::InjectedScript::wrapTable):
2948         * inspector/InjectedScriptBase.cpp: Convert InspectorValue::Type to a scoped enum.
2949         (Inspector::InjectedScriptBase::makeEvalCall):
2950         * inspector/InjectedScriptManager.cpp:
2951         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
2952         * inspector/InspectorTypeBuilder.h:
2953         (Inspector::TypeBuilder::Array::create):
2954         (Inspector::TypeBuilder::StructItemTraits::pushRefPtr):
2955         (Inspector::TypeBuilder::ArrayItemHelper<String>::Traits::pushRaw):
2956         (Inspector::TypeBuilder::ArrayItemHelper<int>::Traits::pushRaw):
2957         (Inspector::TypeBuilder::ArrayItemHelper<double>::Traits::pushRaw):
2958         (Inspector::TypeBuilder::ArrayItemHelper<bool>::Traits::pushRaw):
2959         (Inspector::TypeBuilder::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr):
2960         (Inspector::TypeBuilder::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr):
2961         (Inspector::TypeBuilder::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr):
2962         (Inspector::TypeBuilder::PrimitiveBindingTraits::assertValueHasExpectedType):
2963         (Inspector::TypeBuilder::BindingTraits<TypeBuilder::Array<T>>::runtimeCast):
2964         (Inspector::TypeBuilder::BindingTraits<TypeBuilder::Array<T>>::assertValueHasExpectedType):
2965         (Inspector::TypeBuilder::BindingTraits<InspectorValue>::assertValueHasExpectedType):
2966         (Inspector::TypeBuilder::BindingTraits<int>::assertValueHasExpectedType):
2967         (Inspector::TypeBuilder::ExactlyInt::ExactlyInt): Deleted. It was not used.
2968         (Inspector::TypeBuilder::ExactlyInt::operator int): Deleted.
2969         (Inspector::TypeBuilder::ExactlyInt::cast_to_int): Deleted.
2970         (Inspector::TypeBuilder::ExactlyInt::cast_to_int<int>): Deleted.
2971         (Inspector::TypeBuilder::int>): Deleted.
2972         (Inspector::TypeBuilder::RuntimeCastHelper::assertType): Deleted.
2973         (Inspector::TypeBuilder::RuntimeCastHelper::assertAny): Deleted.
2974         (Inspector::TypeBuilder::RuntimeCastHelper::assertInt): Deleted.
2975         (Inspector::TypeBuilder::Array::runtimeCast): Deleted.
2976         (Inspector::TypeBuilder::Array::assertCorrectValue): Deleted.
2977         (Inspector::TypeBuilder::StructItemTraits::assertCorrectValue): Deleted.
2978         (Inspector::TypeBuilder::ArrayItemHelper<String>::Traits::assertCorrectValue): Deleted.
2979         (Inspector::TypeBuilder::ArrayItemHelper<int>::Traits::assertCorrectValue): Deleted.
2980         (Inspector::TypeBuilder::ArrayItemHelper<double>::Traits::assertCorrectValue): Deleted.
2981         (Inspector::TypeBuilder::ArrayItemHelper<bool>::Traits::assertCorrectValue): Deleted.
2982         (Inspector::TypeBuilder::ArrayItemHelper<InspectorValue>::Traits::assertCorrectValue): Deleted.
2983         (Inspector::TypeBuilder::ArrayItemHelper<InspectorObject>::Traits::assertCorrectValue): Deleted.
2984         (Inspector::TypeBuilder::ArrayItemHelper<InspectorArray>::Traits::assertCorrectValue): Deleted.
2985         (Inspector::TypeBuilder::ArrayItemHelper<TypeBuilder::Array<T>>::Traits::assertCorrectValue): Deleted.
2986
2987         * inspector/InspectorValues.cpp: Convert InspectorValue::Type to a scoped enum.
2988         (Inspector::InspectorValue::writeJSON):
2989         (Inspector::InspectorBasicValue::asBoolean):
2990         (Inspector::InspectorBasicValue::asNumber):
2991         (Inspector::InspectorBasicValue::writeJSON):
2992         (Inspector::InspectorString::writeJSON):
2993         (Inspector::InspectorObjectBase::InspectorObjectBase):
2994         (Inspector::InspectorObjectBase::setArray): Take InspectorArrayBase.
2995         (Inspector::InspectorObjectBase::setObject): Take InspectorObjectBase.
2996         (Inspector::InspectorArrayBase::InspectorArrayBase):
2997         * inspector/InspectorValues.h:
2998
2999         * inspector/agents/InspectorDebuggerAgent.cpp: Convert to scoped enums.
3000         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
3001         (Inspector::InspectorDebuggerAgent::breakProgram):
3002         * inspector/agents/InspectorDebuggerAgent.h:
3003         * inspector/agents/InspectorRuntimeAgent.cpp:
3004         (Inspector::InspectorRuntimeAgent::parse):
3005         * inspector/agents/InspectorRuntimeAgent.h:
3006
3007         * inspector/scripts/CodeGeneratorInspector.py: Removed.
3008         * inspector/scripts/codegen/__init__.py: Added.
3009         * inspector/scripts/codegen/generate_backend_commands.py: Added.
3010         (BackendCommandsGenerator):
3011         (BackendCommandsGenerator.__init__):
3012         (BackendCommandsGenerator.model):
3013         (BackendCommandsGenerator.output_filename):
3014         (BackendCommandsGenerator.generate_license):
3015         (BackendCommandsGenerator.generate_output):
3016         (BackendCommandsGenerator.generate_domain):
3017         (BackendCommandsGenerator.generate_domain.is_anonymous_enum_member):
3018         (BackendCommandsGenerator.generate_domain.generate_parameter_object):
3019         * inspector/scripts/codegen/generate_backend_dispatcher_header.py: Added.
3020         (BackendDispatcherHeaderGenerator):
3021         (BackendDispatcherHeaderGenerator.__init__):
3022         (BackendDispatcherHeaderGenerator.model):
3023         (BackendDispatcherHeaderGenerator.output_filename):
3024         (BackendDispatcherHeaderGenerator.generate_license):
3025         (BackendDispatcherHeaderGenerator.generate_output):
3026         (BackendDispatcherHeaderGenerator.generate_output.for):
3027         (BackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
3028         (BackendDispatcherHeaderGenerator._generate_anonymous_enum_for_parameter):
3029         (BackendDispatcherHeaderGenerator._generate_handler_declaration_for_command):
3030         (BackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
3031         (BackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
3032         (BackendDispatcherHeaderGenerator._generate_dispatcher_declaration_for_command):
3033         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py: Added.
3034         (BackendDispatcherImplementationGenerator):
3035         (BackendDispatcherImplementationGenerator.__init__):
3036         (BackendDispatcherImplementationGenerator.model):
3037         (BackendDispatcherImplementationGenerator.output_filename):
3038         (BackendDispatcherImplementationGenerator.generate_license):
3039         (BackendDispatcherImplementationGenerator.generate_output):
3040         (BackendDispatcherImplementationGenerator._generate_handler_class_destructor_for_domain):
3041         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
3042         (BackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
3043         (BackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
3044         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
3045         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
3046         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py: Added.
3047         (FrontendDispatcherHeaderGenerator):
3048         (FrontendDispatcherHeaderGenerator.__init__):
3049         (FrontendDispatcherHeaderGenerator.model):
3050         (FrontendDispatcherHeaderGenerator.output_filename):
3051         (FrontendDispatcherHeaderGenerator.generate_license):
3052         (FrontendDispatcherHeaderGenerator.generate_output):
3053         (FrontendDispatcherHeaderGenerator._generate_anonymous_enum_for_parameter):
3054         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
3055         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declaration_for_event):
3056         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py: Added.
3057         (FrontendDispatcherImplementationGenerator):
3058         (FrontendDispatcherImplementationGenerator.__init__):
3059         (FrontendDispatcherImplementationGenerator.model):
3060         (FrontendDispatcherImplementationGenerator.output_filename):
3061         (FrontendDispatcherImplementationGenerator.generate_license):
3062         (FrontendDispatcherImplementationGenerator.generate_output):
3063         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
3064         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
3065         * inspector/scripts/codegen/generate_type_builder_header.py: Added.
3066         (TypeBuilderHeaderGenerator):
3067         (TypeBuilderHeaderGenerator.__init__):
3068         (TypeBuilderHeaderGenerator.model):
3069         (TypeBuilderHeaderGenerator.output_filename):
3070         (TypeBuilderHeaderGenerator.generate_license):
3071         (TypeBuilderHeaderGenerator.generate_output):
3072         (TypeBuilderHeaderGenerator._generate_forward_declarations):
3073         (_generate_typedefs):
3074         (_generate_typedefs_for_domain):
3075         (_generate_builders_for_domain):
3076         (_generate_class_for_object_declaration):
3077         (_generate_struct_for_enum_declaration):
3078         (_generate_struct_for_anonymous_enum_member):
3079         (_generate_struct_for_anonymous_enum_member.apply_indentation):
3080         (_generate_struct_for_enum_type):
3081         (_generate_builder_state_enum):
3082         (_generate_builder_setter_for_member):
3083         (_generate_unchecked_setter_for_member):
3084         (_generate_forward_declarations_for_binding_traits):
3085         * inspector/scripts/codegen/generate_type_builder_implementation.py: Added.
3086         (TypeBuilderImplementationGenerator):
3087         (TypeBuilderImplementationGenerator.__init__):
3088         (TypeBuilderImplementationGenerator.model):
3089         (TypeBuilderImplementationGenerator.output_filename):
3090         (TypeBuilderImplementationGenerator.generate_license):
3091         (TypeBuilderImplementationGenerator.generate_output):
3092         (TypeBuilderImplementationGenerator._generate_enum_mapping):
3093         (TypeBuilderImplementationGenerator._generate_open_field_names):
3094         (TypeBuilderImplementationGenerator._generate_builders_for_domain):
3095         (TypeBuilderImplementationGenerator._generate_runtime_cast_for_object_declaration):
3096         (TypeBuilderImplementationGenerator._generate_assertion_for_object_declaration):
3097         (TypeBuilderImplementationGenerator._generate_assertion_for_enum):
3098         * inspector/scripts/codegen/generator.py: Added.
3099         (ucfirst):
3100         (Generator):
3101         (Generator.__init__):
3102         (Generator.model):
3103         (Generator.generate_license):
3104         (Generator.domains_to_generate):
3105         (Generator.generate_output):
3106         (Generator.output_filename):
3107         (Generator.encoding_for_enum_value):
3108         (Generator.assigned_enum_values):
3109         (Generator.type_needs_runtime_casts):
3110         (Generator.type_has_open_fields):
3111         (Generator.type_needs_shape_assertions):
3112         (Generator.calculate_types_requiring_shape_assertions):
3113         (Generator.calculate_types_requiring_shape_assertions.gather_transitively_referenced_types):
3114         (Generator._traverse_and_assign_enum_values):
3115         (Generator._assign_encoding_for_enum_value):
3116         (Generator.wrap_with_guard_for_domain):
3117         (Generator.stylized_name_for_enum_value):
3118         (Generator.stylized_name_for_enum_value.replaceCallback):
3119         (Generator.keyed_get_method_for_type):
3120         (Generator.keyed_set_method_for_type):
3121         (Generator.type_builder_string_for_type):
3122         (Generator.type_builder_string_for_type_member):
3123         (Generator.type_string_for_unchecked_formal_in_parameter):
3124         (Generator.type_string_for_checked_formal_event_parameter):
3125         (Generator.type_string_for_type_member):
3126         (Generator.type_string_for_type_with_name):
3127         (Generator.type_string_for_formal_out_parameter):
3128         (Generator.type_string_for_formal_async_parameter):
3129         (Generator.type_string_for_stack_in_parameter):
3130         (Generator.type_string_for_stack_out_parameter):
3131         (Generator.assertion_method_for_type_member):
3132         (Generator.assertion_method_for_type_member.assertion_method_for_type):
3133         (Generator.cpp_name_for_primitive_type):
3134         (Generator.js_name_for_parameter_type):
3135         (Generator.should_use_wrapper_for_return_type):
3136         (Generator.should_pass_by_copy_for_return_type):
3137         * inspector/scripts/codegen/generator_templates.py: Added.
3138         (GeneratorTemplates):
3139         (void):
3140         (HashMap):
3141         (Builder):
3142         (Inspector):
3143         * inspector/scripts/codegen/models.py: Added.
3144         (ucfirst):
3145         (ParseException):
3146         (TypecheckException):
3147         (Framework):
3148         (Framework.__init__):
3149         (Framework.setting):
3150         (Framework.fromString):
3151         (Frameworks):
3152         (TypeReference):
3153         (TypeReference.__init__):
3154         (TypeReference.referenced_name):
3155         (Type):
3156         (Type.__init__):
3157         (Type.__eq__):
3158         (Type.__hash__):
3159         (Type.raw_name):
3160         (Type.is_enum):
3161         (Type.type_domain):
3162         (Type.qualified_name):
3163         (Type.resolve_type_references):
3164         (PrimitiveType):
3165         (PrimitiveType.__init__):
3166         (PrimitiveType.__repr__):
3167         (PrimitiveType.type_domain):
3168         (PrimitiveType.qualified_name):
3169         (AliasedType):
3170         (AliasedType.__init__):
3171         (AliasedType.__repr__):
3172         (AliasedType.is_enum):
3173         (AliasedType.type_domain):
3174         (AliasedType.qualified_name):
3175         (AliasedType.resolve_type_references):
3176         (EnumType):
3177         (EnumType.__init__):
3178         (EnumType.__repr__):
3179         (EnumType.is_enum):
3180         (EnumType.type_domain):
3181         (EnumType.enum_values):
3182         (EnumType.qualified_name):
3183         (EnumType.resolve_type_references):
3184         (ArrayType):
3185         (ArrayType.__init__):
3186         (ArrayType.__repr__):
3187         (ArrayType.type_domain):
3188         (ArrayType.qualified_name):
3189         (ArrayType.resolve_type_references):
3190         (ObjectType):
3191         (ObjectType.__init__):
3192         (ObjectType.__repr__):
3193         (ObjectType.type_domain):
3194         (ObjectType.qualified_name):
3195         (check_for_required_properties):
3196         (Protocol):
3197         (Protocol.__init__):
3198         (Protocol.parse_specification):
3199         (Protocol.parse_domain):
3200         (Protocol.parse_type_declaration):
3201         (Protocol.parse_type_member):
3202         (Protocol.parse_command):
3203         (Protocol.parse_event):
3204         (Protocol.parse_call_or_return_parameter):
3205         (Protocol.resolve_types):
3206         (Protocol.lookup_type_for_declaration):
3207         (Protocol.lookup_type_reference):
3208         (Domain):
3209         (Domain.__init__):
3210         (Domain.resolve_type_references):
3211         (Domains):
3212         (TypeDeclaration):
3213         (TypeDeclaration.__init__):
3214         (TypeDeclaration.resolve_type_references):
3215         (TypeMember):
3216         (TypeMember.__init__):
3217         (TypeMember.resolve_type_references):
3218         (Parameter):
3219         (Parameter.__init__):
3220         (Parameter.resolve_type_references):
3221         (Command):
3222         (Command.__init__):
3223         (Command.resolve_type_references):
3224         (Event):
3225         (Event.__init__):
3226         (Event.resolve_type_references):
3227         * inspector/scripts/generate-inspector-protocol-bindings.py: Added.
3228         (IncrementalFileWriter):
3229         (IncrementalFileWriter.__init__):
3230         (IncrementalFileWriter.write):
3231         (IncrementalFileWriter.close):
3232         (generate_from_specification):
3233         (generate_from_specification.load_specification):
3234         * inspector/scripts/tests/commands-with-async-attribute.json: Added.
3235         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json: Added.
3236         * inspector/scripts/tests/domains-with-varying-command-sizes.json: Added.
3237         * inspector/scripts/tests/events-with-optional-parameters.json: Added.
3238         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result: Added.
3239         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result: Added.
3240         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result: Added.
3241         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result: Added.
3242         * inspector/scripts/tests/fail-on-duplicate-type-declarations.json-error: Added.
3243         * inspector/scripts/tests/fail-on-enum-with-no-values.json-error: Added.
3244         * inspector/scripts/tests/fail-on-type-declaration-using-type-reference.json-error: Added.
3245         * inspector/scripts/tests/fail-on-type-with-lowercase-name.json-error: Added.
3246         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-declaration.json-error: Added.
3247         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-member.json-error: Added.
3248         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result: Added.
3249         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result: Added.
3250         * inspector/scripts/tests/expected/type-declaration-array-type.json-result: Added.
3251         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result: Added.
3252         * inspector/scripts/tests/expected/type-declaration-object-type.json-result: Added.
3253         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result: Added.
3254         * inspector/scripts/tests/fail-on-duplicate-type-declarations.json: Added.
3255         * inspector/scripts/tests/fail-on-enum-with-no-values.json: Added.
3256         * inspector/scripts/tests/fail-on-type-declaration-using-type-reference.json: Added.
3257         * inspector/scripts/tests/fail-on-type-with-lowercase-name.json: Added.
3258         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-declaration.json: Added.
3259         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-member.json: Added.
3260         * inspector/scripts/tests/same-type-id-different-domain.json: Added.
3261         * inspector/scripts/tests/type-declaration-aliased-primitive-type.json: Added.
3262         * inspector/scripts/tests/type-declaration-array-type.json: Added.
3263         * inspector/scripts/tests/type-declaration-enum-type.json: Added.
3264         * inspector/scripts/tests/type-declaration-object-type.json: Added.
3265         * inspector/scripts/tests/type-requiring-runtime-casts.json: Added.
3266
3267 2014-08-15  Matthew Mirman  <mmirman@apple.com>
3268
3269         Made native inlining errors not segfault. 
3270         https://bugs.webkit.org/show_bug.cgi?id=135988
3271         
3272         Reviewed by Geoffrey Garen.
3273
3274         * ftl/FTLAbbreviations.h:
3275         (JSC::FTL::disposeMessage): Added.
3276         * ftl/FTLLowerDFGToLLVM.cpp:
3277         (JSC::FTL::LowerDFGToLLVM::compilePutById): 
3278         abstracted out Options::verboseCompilation as was the case in the rest of the file.
3279         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
3280         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): 
3281         added output error messages for llvm module loading.
3282
3283 2014-08-14  Andreas Kling  <akling@apple.com>
3284
3285         Allocate the whole RegExpMatchesArray backing store up front.
3286         <https://webkit.org/b/135217>
3287
3288         We were using the generic array backing store allocation path for
3289         RegExpMatchesArray which meant starting with 4 slots and then growing
3290         it dynamically as we append. Since we always know the final number of
3291         entries up front, allocate a perfectly-sized backing store right away.
3292
3293         ~2% progression on Octane/regexp.
3294
3295         Reviewed by Geoffrey Garen.
3296
3297         * runtime/JSArray.h:
3298         (JSC::createArrayButterflyWithExactLength):
3299         * runtime/RegExpMatchesArray.cpp:
3300         (JSC::RegExpMatchesArray::create):
3301
3302 2014-08-14  Saam Barati  <sbarati@apple.com>
3303
3304         Allow high fidelity type profiling to be enabled and disabled.
3305         https://bugs.webkit.org/show_bug.cgi?id=135423
3306
3307         Reviewed by Geoffrey Garen.
3308
3309         - Merged op_put_to_scope_with_profile and op_get_from_scope_with_profile into
3310           op_profile_types_with_high_fidelity by adding extra arguments to the opcode.
3311         - Altered SymbolTable to use less memory by adding a rare data structure for 
3312           type profiling.
3313         - Created an interface to turn on and off type profiling from the Web
3314           Inspector.
3315         - Refactored how entries are written to HighFidelityLog to make it
3316           easier to inline when generating machine code.
3317         - Implemented op_profile_types_with_high_fidelity in the baseline JIT
3318           by inlining the process of writing to the log and doing a small amount
3319           of type inference optimizations.
3320
3321         * bytecode/BytecodeList.json:
3322         * bytecode/BytecodeUseDef.h:
3323         (JSC::computeUsesForBytecodeOffset):
3324         (JSC::computeDefsForBytecodeOffset):
3325         * bytecode/CodeBlock.cpp:
3326         (JSC::CodeBlock::dumpBytecode):
3327         (JSC::CodeBlock::CodeBlock):
3328         (JSC::CodeBlock::finalizeUnconditionally):
3329         (JSC::CodeBlock::scopeDependentProfile): Deleted.
3330         * bytecode/CodeBlock.h:
3331  &nbs