Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertV...
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-01-21  Joseph Pecoraro  <pecoraro@apple.com>
2
3         Web Inspector: ASSERT expanding objects in console PrimitiveBindingTraits<T>::assertValueHasExpectedType
4         https://bugs.webkit.org/show_bug.cgi?id=140746
5
6         Reviewed by Timothy Hatcher.
7
8         * inspector/InjectedScriptSource.js:
9         Do not add impure properties to the descriptor object that will
10         eventually be sent to the frontend.
11
12 2015-01-21  Matthew Mirman  <mmirman@apple.com>
13
14         Updated split such that it does not include the empty end of input string match.
15         https://bugs.webkit.org/show_bug.cgi?id=138129
16         <rdar://problem/18807403>
17
18         Reviewed by Filip Pizlo.
19
20         * runtime/StringPrototype.cpp:
21         (JSC::stringProtoFuncSplit):
22         * tests/stress/empty_eos_regex_split.js: Added.
23
24 2015-01-21  Michael Saboff  <msaboff@apple.com>
25
26         Eliminate Scope slot from JavaScript CallFrame
27         https://bugs.webkit.org/show_bug.cgi?id=136724
28
29         Reviewed by Geoffrey Garen.
30
31         This finishes the removal of the scope chain slot from the call frame header.
32
33         * dfg/DFGOSRExitCompilerCommon.cpp:
34         (JSC::DFG::reifyInlinedCallFrames):
35         * dfg/DFGPreciseLocalClobberize.h:
36         (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
37         * dfg/DFGSpeculativeJIT32_64.cpp:
38         (JSC::DFG::SpeculativeJIT::emitCall):
39         * dfg/DFGSpeculativeJIT64.cpp:
40         (JSC::DFG::SpeculativeJIT::emitCall):
41         * ftl/FTLJSCall.cpp:
42         (JSC::FTL::JSCall::emit):
43         * ftl/FTLLowerDFGToLLVM.cpp:
44         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
45         (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct):
46         * interpreter/JSStack.h:
47         * interpreter/VMInspector.cpp:
48         (JSC::VMInspector::dumpFrame):
49         * jit/JITCall.cpp:
50         (JSC::JIT::compileOpCall):
51         * jit/JITCall32_64.cpp:
52         (JSC::JIT::compileOpCall):
53         * jit/JITOpcodes32_64.cpp:
54         (JSC::JIT::privateCompileCTINativeCall):
55         * jit/Repatch.cpp:
56         (JSC::generateByIdStub):
57         (JSC::linkClosureCall):
58         * jit/ThunkGenerators.cpp:
59         (JSC::virtualForThunkGenerator):
60         (JSC::nativeForGenerator):
61         Deleted ScopeChain slot from JSStack.  Removed all code where ScopeChain was being
62         read or set.  In most cases this was where we make JS calls.
63
64         * interpreter/CallFrameClosure.h:
65         (JSC::CallFrameClosure::setArgument):
66         (JSC::CallFrameClosure::resetCallFrame): Deleted.
67         * interpreter/Interpreter.cpp:
68         (JSC::Interpreter::execute):
69         (JSC::Interpreter::executeCall):
70         (JSC::Interpreter::executeConstruct):
71         (JSC::Interpreter::prepareForRepeatCall):
72         * interpreter/ProtoCallFrame.cpp:
73         (JSC::ProtoCallFrame::init):
74         * interpreter/ProtoCallFrame.h:
75         (JSC::ProtoCallFrame::scope): Deleted.
76         (JSC::ProtoCallFrame::setScope): Deleted.
77         * llint/LLIntData.cpp:
78         (JSC::LLInt::Data::performAssertions):
79         * llint/LowLevelInterpreter.asm:
80         * llint/LowLevelInterpreter64.asm:
81         Removed the related scopeChainValue member from ProtoCallFrame.  Reduced the number of
82         registers that needed to be copied from the ProtoCallFrame to a callee's frame
83         from 5 to 4.
84
85         * llint/LowLevelInterpreter32_64.asm:
86         In addition to the prior changes, also deleted the unused macro getDeBruijnScope.
87
88 2015-01-21  Michael Saboff  <msaboff@apple.com>
89
90         Eliminate construct methods from NullGetterFunction and NullSetterFunction classes
91         https://bugs.webkit.org/show_bug.cgi?id=140708
92
93         Reviewed by Mark Lam.
94
95         Eliminated construct methods and change getConstructData() for both classes to return
96         ConstructTypeNone as they can never be called.
97
98         * runtime/NullGetterFunction.cpp:
99         (JSC::NullGetterFunction::getConstructData):
100         (JSC::constructReturnUndefined): Deleted.
101         * runtime/NullSetterFunction.cpp:
102         (JSC::NullSetterFunction::getConstructData):
103         (JSC::constructReturnUndefined): Deleted.
104
105 2015-01-21  Csaba Osztrogonác  <ossy@webkit.org>
106
107         Remove ENABLE(INSPECTOR) ifdef guards
108         https://bugs.webkit.org/show_bug.cgi?id=140668
109
110         Reviewed by Darin Adler.
111
112         * Configurations/FeatureDefines.xcconfig:
113         * bindings/ScriptValue.cpp:
114         (Deprecated::ScriptValue::toInspectorValue):
115         * bindings/ScriptValue.h:
116         * inspector/ConsoleMessage.cpp:
117         * inspector/ConsoleMessage.h:
118         * inspector/ContentSearchUtilities.cpp:
119         * inspector/ContentSearchUtilities.h:
120         * inspector/IdentifiersFactory.cpp:
121         * inspector/IdentifiersFactory.h:
122         * inspector/InjectedScript.cpp:
123         * inspector/InjectedScript.h:
124         * inspector/InjectedScriptBase.cpp:
125         * inspector/InjectedScriptBase.h:
126         * inspector/InjectedScriptHost.cpp:
127         * inspector/InjectedScriptHost.h:
128         * inspector/InjectedScriptManager.cpp:
129         * inspector/InjectedScriptManager.h:
130         * inspector/InjectedScriptModule.cpp:
131         * inspector/InjectedScriptModule.h:
132         * inspector/InspectorAgentRegistry.cpp:
133         * inspector/InspectorBackendDispatcher.cpp:
134         * inspector/InspectorBackendDispatcher.h:
135         * inspector/InspectorProtocolTypes.h:
136         * inspector/JSGlobalObjectConsoleClient.cpp:
137         * inspector/JSGlobalObjectInspectorController.cpp:
138         * inspector/JSGlobalObjectInspectorController.h:
139         * inspector/JSGlobalObjectScriptDebugServer.cpp:
140         * inspector/JSGlobalObjectScriptDebugServer.h:
141         * inspector/JSInjectedScriptHost.cpp:
142         * inspector/JSInjectedScriptHost.h:
143         * inspector/JSInjectedScriptHostPrototype.cpp:
144         * inspector/JSInjectedScriptHostPrototype.h:
145         * inspector/JSJavaScriptCallFrame.cpp:
146         * inspector/JSJavaScriptCallFrame.h:
147         * inspector/JSJavaScriptCallFramePrototype.cpp:
148         * inspector/JSJavaScriptCallFramePrototype.h:
149         * inspector/JavaScriptCallFrame.cpp:
150         * inspector/JavaScriptCallFrame.h:
151         * inspector/ScriptCallFrame.cpp:
152         (Inspector::ScriptCallFrame::buildInspectorObject):
153         * inspector/ScriptCallFrame.h:
154         * inspector/ScriptCallStack.cpp:
155         (Inspector::ScriptCallStack::buildInspectorArray):
156         * inspector/ScriptCallStack.h:
157         * inspector/ScriptDebugServer.cpp:
158         * inspector/agents/InspectorAgent.cpp:
159         * inspector/agents/InspectorAgent.h:
160         * inspector/agents/InspectorConsoleAgent.cpp:
161         * inspector/agents/InspectorConsoleAgent.h:
162         * inspector/agents/InspectorDebuggerAgent.cpp:
163         * inspector/agents/InspectorDebuggerAgent.h:
164         * inspector/agents/InspectorRuntimeAgent.cpp:
165         * inspector/agents/InspectorRuntimeAgent.h:
166         * inspector/agents/JSGlobalObjectConsoleAgent.cpp:
167         * inspector/agents/JSGlobalObjectConsoleAgent.h:
168         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
169         * inspector/agents/JSGlobalObjectDebuggerAgent.h:
170         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
171         * inspector/agents/JSGlobalObjectRuntimeAgent.h:
172         * inspector/scripts/codegen/cpp_generator_templates.py:
173         (CppGeneratorTemplates):
174         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
175         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
176         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
177         * inspector/scripts/tests/expected/enum-values.json-result:
178         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
179         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
180         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
181         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
182         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
183         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
184         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
185         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
186         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
187         * runtime/TypeSet.cpp:
188         (JSC::TypeSet::inspectorTypeSet):
189         (JSC::StructureShape::inspectorRepresentation):
190
191 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
192
193         Web Inspector: Clean up InjectedScriptSource.js
194         https://bugs.webkit.org/show_bug.cgi?id=140709
195
196         Reviewed by Timothy Hatcher.
197
198         This patch includes some relevant Blink patches and small changes.
199         
200         Patch by <aandrey@chromium.org>
201         DevTools: Remove console last result $_ on console clear.
202         https://src.chromium.org/viewvc/blink?revision=179179&view=revision
203
204         Patch by <eustas@chromium.org>
205         [Inspect DOM properties] incorrect CSS Selector Syntax
206         https://src.chromium.org/viewvc/blink?revision=156903&view=revision
207
208         * inspector/InjectedScriptSource.js:
209
210 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
211
212         Web Inspector: Cleanup RuntimeAgent a bit
213         https://bugs.webkit.org/show_bug.cgi?id=140706
214
215         Reviewed by Timothy Hatcher.
216
217         * inspector/InjectedScript.h:
218         * inspector/InspectorBackendDispatcher.h:
219         * inspector/ScriptCallFrame.cpp:
220         * inspector/agents/InspectorRuntimeAgent.cpp:
221         (Inspector::InspectorRuntimeAgent::evaluate):
222         (Inspector::InspectorRuntimeAgent::getProperties):
223         (Inspector::InspectorRuntimeAgent::run):
224         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
225         (Inspector::recompileAllJSFunctionsForTypeProfiling):
226         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
227
228 2015-01-20  Matthew Mirman  <mmirman@apple.com>
229
230         Made Identity in the DFG allocate a new temp register and move 
231         the old data to it.
232         https://bugs.webkit.org/show_bug.cgi?id=140700
233         <rdar://problem/19339106>
234
235         Reviewed by Filip Pizlo.
236
237         * dfg/DFGSpeculativeJIT64.cpp:
238         (JSC::DFG::SpeculativeJIT::compile): 
239         Added scratch registers for Identity. 
240         * tests/mozilla/mozilla-tests.yaml: enabled previously failing test
241
242 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
243
244         Web Inspector: Expanding event objects in console shows undefined for most values, it should have real values
245         https://bugs.webkit.org/show_bug.cgi?id=137306
246
247         Reviewed by Timothy Hatcher.
248
249         Provide another optional parameter to getProperties, to gather a list
250         of all own and getter properties.
251
252         * inspector/InjectedScript.cpp:
253         (Inspector::InjectedScript::getProperties):
254         * inspector/InjectedScript.h:
255         * inspector/InjectedScriptSource.js:
256         * inspector/agents/InspectorRuntimeAgent.cpp:
257         (Inspector::InspectorRuntimeAgent::getProperties):
258         * inspector/agents/InspectorRuntimeAgent.h:
259         * inspector/protocol/Runtime.json:
260
261 2015-01-20  Joseph Pecoraro  <pecoraro@apple.com>
262
263         Web Inspector: Should show dynamic specificity values
264         https://bugs.webkit.org/show_bug.cgi?id=140647
265
266         Reviewed by Benjamin Poulain.
267
268         * inspector/protocol/CSS.json:
269         Clarify CSSSelector optional values and add "dynamic" property indicating
270         if the selector can be dynamic based on the element it is matched against.
271
272 2015-01-20  Commit Queue  <commit-queue@webkit.org>
273
274         Unreviewed, rolling out r178751.
275         https://bugs.webkit.org/show_bug.cgi?id=140694
276
277         Caused 32-bit JSC test failures (Requested by JoePeck on
278         #webkit).
279
280         Reverted changeset:
281
282         "put_by_val_direct need to check the property is index or not
283         for using putDirect / putDirectIndex"
284         https://bugs.webkit.org/show_bug.cgi?id=140426
285         http://trac.webkit.org/changeset/178751
286
287 2015-01-20  Yusuke Suzuki  <utatane.tea@gmail.com>
288
289         put_by_val_direct need to check the property is index or not for using putDirect / putDirectIndex
290         https://bugs.webkit.org/show_bug.cgi?id=140426
291
292         Reviewed by Geoffrey Garen.
293
294         In the put_by_val_direct operation, we use JSObject::putDirect.
295         However, it only accepts non-index property. For index property, we need to use JSObject::putDirectIndex.
296         This patch changes Identifier::asIndex() to return Optional<uint32_t>.
297         It forces callers to check the value is index or not explicitly.
298         Additionally, it checks toString-ed Identifier is index or not to choose putDirect / putDirectIndex.
299
300         * bytecode/GetByIdStatus.cpp:
301         (JSC::GetByIdStatus::computeFor):
302         * bytecode/PutByIdStatus.cpp:
303         (JSC::PutByIdStatus::computeFor):
304         * bytecompiler/BytecodeGenerator.cpp:
305         (JSC::BytecodeGenerator::emitDirectPutById):
306         * dfg/DFGOperations.cpp:
307         (JSC::DFG::operationPutByValInternal):
308         * jit/JITOperations.cpp:
309         * jit/Repatch.cpp:
310         (JSC::emitPutTransitionStubAndGetOldStructure):
311         * jsc.cpp:
312         * llint/LLIntSlowPaths.cpp:
313         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
314         * runtime/Arguments.cpp:
315         (JSC::Arguments::getOwnPropertySlot):
316         (JSC::Arguments::put):
317         (JSC::Arguments::deleteProperty):
318         (JSC::Arguments::defineOwnProperty):
319         * runtime/ArrayPrototype.cpp:
320         (JSC::arrayProtoFuncSort):
321         * runtime/JSArray.cpp:
322         (JSC::JSArray::defineOwnProperty):
323         * runtime/JSCJSValue.cpp:
324         (JSC::JSValue::putToPrimitive):
325         * runtime/JSGenericTypedArrayViewInlines.h:
326         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertySlot):
327         (JSC::JSGenericTypedArrayView<Adaptor>::put):
328         (JSC::JSGenericTypedArrayView<Adaptor>::defineOwnProperty):
329         (JSC::JSGenericTypedArrayView<Adaptor>::deleteProperty):
330         * runtime/JSObject.cpp:
331         (JSC::JSObject::put):
332         (JSC::JSObject::putDirectAccessor):
333         (JSC::JSObject::putDirectCustomAccessor):
334         (JSC::JSObject::deleteProperty):
335         (JSC::JSObject::putDirectMayBeIndex):
336         (JSC::JSObject::defineOwnProperty):
337         * runtime/JSObject.h:
338         (JSC::JSObject::getOwnPropertySlot):
339         (JSC::JSObject::getPropertySlot):
340         (JSC::JSObject::putDirectInternal):
341         * runtime/JSString.cpp:
342         (JSC::JSString::getStringPropertyDescriptor):
343         * runtime/JSString.h:
344         (JSC::JSString::getStringPropertySlot):
345         * runtime/LiteralParser.cpp:
346         (JSC::LiteralParser<CharType>::parse):
347         * runtime/PropertyName.h:
348         (JSC::toUInt32FromCharacters):
349         (JSC::toUInt32FromStringImpl):
350         (JSC::PropertyName::asIndex):
351         * runtime/PropertyNameArray.cpp:
352         (JSC::PropertyNameArray::add):
353         * runtime/StringObject.cpp:
354         (JSC::StringObject::deleteProperty):
355         * runtime/Structure.cpp:
356         (JSC::Structure::prototypeChainMayInterceptStoreTo):
357
358 2015-01-20  Michael Saboff  <msaboff@apple.com>
359
360         REGRESSION(178696): Sporadic crashes while garbage collecting
361         https://bugs.webkit.org/show_bug.cgi?id=140688
362
363         Reviewed by Geoffrey Garen.
364
365         Added missing visitor.append(&thisObject->m_nullSetterFunction).
366
367         * runtime/JSGlobalObject.cpp:
368         (JSC::JSGlobalObject::visitChildren):
369
370 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
371
372         Web Replay: code generator should take supplemental specifications and allow cross-framework references
373         https://bugs.webkit.org/show_bug.cgi?id=136312
374
375         Reviewed by Joseph Pecoraro.
376
377         Some types are shared between replay inputs from different frameworks.
378         Previously, these type declarations were duplicated in every input
379         specification file in which they were used. This caused some type encoding
380         traits to be emitted twice if used from WebCore inputs and WebKit2 inputs.
381
382         This patch teaches the replay inputs code generator to accept multiple
383         input specification files. Inputs can freely reference types from other
384         frameworks without duplicating declarations.
385
386         On the code generation side, the model could contain types and inputs from
387         frameworks that are not the target framework. Only generate code for the
388         target framework.
389
390         To properly generate cross-framework type encoding traits, use
391         Type.encoding_type_argument in more places, and add the export macro for WebCore
392         and the Test framework.
393
394         Adjust some tests so that enum coverage is preserved by moving the enum types
395         into "Test" (the target framework for tests).
396
397         * JavaScriptCore.vcxproj/copy-files.cmd:
398         For Windows, copy over JSInputs.json as if it were a private header.
399
400         * JavaScriptCore.xcodeproj/project.pbxproj: Make JSInputs.json a private header.
401         * replay/JSInputs.json:
402         Put all primitive types and WTF types in this specification file.
403
404         * replay/scripts/CodeGeneratorReplayInputs.py:
405         (Input.__init__):
406         (InputsModel.__init__): Keep track of the input's framework.
407         (InputsModel.parse_specification): Parse the framework here. Adjust to new format,
408         and allow either types or inputs to be missing from a single file.
409
410         (InputsModel.parse_type_with_framework):
411         (InputsModel.parse_input_with_framework):
412         (Generator.should_generate_item): Added helper method.
413         (Generator.generate_header): Filter inputs to generate.
414         (Generator.generate_implementation): Filter inputs to generate.
415         (Generator.generate_enum_trait_declaration): Filter enums to generate.
416         Add WEBCORE_EXPORT macro to enum encoding traits.
417
418         (Generator.generate_for_each_macro): Filter inputs to generate.
419         (Generator.generate_enum_trait_implementation): Filter enums to generate.
420         (generate_from_specifications): Added.
421         (generate_from_specifications.parse_json_from_file):
422         (InputsModel.parse_toplevel): Deleted.
423         (InputsModel.parse_type_with_framework_name): Deleted.
424         (InputsModel.parse_input): Deleted.
425         (generate_from_specification): Deleted.
426         * replay/scripts/CodeGeneratorReplayInputsTemplates.py:
427         * replay/scripts/tests/expected/fail-on-no-inputs.json-error: Removed.
428         * replay/scripts/tests/expected/fail-on-no-types.json-error: Removed.
429         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.cpp:
430         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
431         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.cpp:
432         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
433         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.cpp:
434         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
435         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.cpp:
436         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
437         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
438         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
439         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
440         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
441         * replay/scripts/tests/fail-on-c-style-enum-no-storage.json:
442         * replay/scripts/tests/fail-on-duplicate-enum-type.json:
443         * replay/scripts/tests/fail-on-duplicate-input-names.json:
444         * replay/scripts/tests/fail-on-duplicate-type-names.json:
445         * replay/scripts/tests/fail-on-enum-type-missing-values.json:
446         * replay/scripts/tests/fail-on-missing-input-member-name.json:
447         * replay/scripts/tests/fail-on-missing-input-name.json:
448         * replay/scripts/tests/fail-on-missing-input-queue.json:
449         * replay/scripts/tests/fail-on-missing-type-mode.json:
450         * replay/scripts/tests/fail-on-missing-type-name.json:
451         * replay/scripts/tests/fail-on-no-inputs.json:
452         Removed, no longer required to be in a single file.
453
454         * replay/scripts/tests/fail-on-no-types.json:
455         Removed, no longer required to be in a single file.
456
457         * replay/scripts/tests/fail-on-unknown-input-queue.json:
458         * replay/scripts/tests/fail-on-unknown-member-type.json:
459         * replay/scripts/tests/fail-on-unknown-type-mode.json:
460         * replay/scripts/tests/generate-enum-encoding-helpers-with-guarded-values.json:
461         * replay/scripts/tests/generate-enum-encoding-helpers.json:
462         * replay/scripts/tests/generate-enum-with-guard.json:
463         Include enums that are and are not generated.
464
465         * replay/scripts/tests/generate-enums-with-same-base-name.json:
466         * replay/scripts/tests/generate-event-loop-shape-types.json:
467         * replay/scripts/tests/generate-input-with-guard.json:
468         * replay/scripts/tests/generate-input-with-vector-members.json:
469         * replay/scripts/tests/generate-inputs-with-flags.json:
470         * replay/scripts/tests/generate-memoized-type-modes.json:
471
472 2015-01-20  Tomas Popela  <tpopela@redhat.com>
473
474         [GTK] Cannot compile 2.7.3 on PowerPC machines
475         https://bugs.webkit.org/show_bug.cgi?id=140616
476
477         Include climits for INT_MAX and wtf/DataLog.h for dataLogF
478
479         Reviewed by Csaba Osztrogonác.
480
481         * runtime/BasicBlockLocation.cpp:
482
483 2015-01-19  Michael Saboff  <msaboff@apple.com>
484
485         A "cached" null setter should throw a TypeException when called in strict mode and doesn't
486         https://bugs.webkit.org/show_bug.cgi?id=139418
487
488         Reviewed by Filip Pizlo.
489
490         Made a new NullSetterFunction class similar to NullGetterFunction.  The difference is that 
491         NullSetterFunction will throw a TypeError per the ECMA262 spec for a strict mode caller.
492
493         * CMakeLists.txt:
494         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
495         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
496         * JavaScriptCore.xcodeproj/project.pbxproj:
497         Added new files NullSetterFunction.cpp and NullSetterFunction.h.
498
499         * runtime/GetterSetter.h:
500         (JSC::GetterSetter::GetterSetter):
501         (JSC::GetterSetter::isSetterNull):
502         (JSC::GetterSetter::setSetter):
503         Change setter instances from using NullGetterFunction to using NullSetterFunction.
504
505         * runtime/JSGlobalObject.cpp:
506         (JSC::JSGlobalObject::init):
507         * runtime/JSGlobalObject.h:
508         (JSC::JSGlobalObject::nullSetterFunction):
509         Added m_nullSetterFunction and accessor.
510
511         * runtime/NullSetterFunction.cpp: Added.
512         (JSC::GetCallerStrictnessFunctor::GetCallerStrictnessFunctor):
513         (JSC::GetCallerStrictnessFunctor::operator()):
514         (JSC::GetCallerStrictnessFunctor::callerIsStrict):
515         (JSC::callerIsStrict):
516         Method to determine if the caller is in strict mode.
517
518         (JSC::callReturnUndefined):
519         (JSC::constructReturnUndefined):
520         (JSC::NullSetterFunction::getCallData):
521         (JSC::NullSetterFunction::getConstructData):
522         * runtime/NullSetterFunction.h: Added.
523         (JSC::NullSetterFunction::create):
524         (JSC::NullSetterFunction::createStructure):
525         (JSC::NullSetterFunction::NullSetterFunction):
526         Class with handlers for a null setter.
527
528 2015-01-19  Saam Barati  <saambarati1@gmail.com>
529
530         Web Inspector: Provide a front end for JSC's Control Flow Profiler
531         https://bugs.webkit.org/show_bug.cgi?id=138454
532
533         Reviewed by Timothy Hatcher.
534
535         This patch puts the final touches on what JSC needs to provide
536         for the Web Inspector to show a UI for the control flow profiler.
537
538         * inspector/agents/InspectorRuntimeAgent.cpp:
539         (Inspector::recompileAllJSFunctionsForTypeProfiling):
540         * runtime/ControlFlowProfiler.cpp:
541         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
542         * runtime/FunctionHasExecutedCache.cpp:
543         (JSC::FunctionHasExecutedCache::getFunctionRanges):
544         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges): Deleted.
545         * runtime/FunctionHasExecutedCache.h:
546
547 2015-01-19  David Kilzer  <ddkilzer@apple.com>
548
549         [iOS] Only use LLVM static library arguments on 64-bit builds of libllvmForJSC.dylib
550         <http://webkit.org/b/140658>
551
552         Reviewed by Filip Pizlo.
553
554         * Configurations/LLVMForJSC.xcconfig: Set OTHER_LDFLAGS_LLVM
555         only when building for 64-bit architectures.
556
557 2015-01-19  Filip Pizlo  <fpizlo@apple.com>
558
559         ClosureCallStubRoutine no longer needs codeOrigin
560         https://bugs.webkit.org/show_bug.cgi?id=140659
561
562         Reviewed by Michael Saboff.
563         
564         Once upon a time, we would look for the CodeOrigin associated with a return PC. This search
565         would start with the CodeBlock according to the caller frame's call frame header. But if the
566         call was a closure call, the return PC would be inside some closure call stub. So if the
567         CodeBlock search failed, we would search *all* closure call stub routines to see which one
568         encompasses the return PC. Then, we would use the CodeOrigin stored in the stub routine
569         object. This was all a bunch of madness, and we actually got rid of it - we now determine
570         the CodeOrigin for a call frame using the encoded code origin bits inside the tag of the
571         argument count.
572         
573         This patch removes the final vestiges of the madness:
574         
575         - Remove the totally unused method declaration for the thing that did the closure call stub
576           search.
577         
578         - Remove the CodeOrigin field from the ClosureCallStubRoutine. Except for that crazy search
579           that we no longer do, everyone else who finds a ClosureCallStubRoutine will find it via
580           the CallLinkInfo. The CallLinkInfo also has the CodeOrigin, so we don't need this field
581           anymore.
582
583         * bytecode/CodeBlock.h:
584         * jit/ClosureCallStubRoutine.cpp:
585         (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
586         * jit/ClosureCallStubRoutine.h:
587         (JSC::ClosureCallStubRoutine::executable):
588         (JSC::ClosureCallStubRoutine::codeOrigin): Deleted.
589         * jit/Repatch.cpp:
590         (JSC::linkClosureCall):
591
592 2015-01-19  Saam Barati  <saambarati1@gmail.com>
593
594         Basic block start offsets should never be larger than end offsets in the control flow profiler
595         https://bugs.webkit.org/show_bug.cgi?id=140377
596
597         Reviewed by Filip Pizlo.
598
599         The bytecode generator will emit code more than once for some AST nodes. For instance, 
600         the finally block of TryNode will emit two code paths for its finally block: one for 
601         the normal path, and another for the path where an exception is thrown in the catch block. 
602         
603         This repeated code emission of the same AST node previously broke how the control 
604         flow profiler computed text ranges of basic blocks because when the same AST node 
605         is emitted multiple times, there is a good chance that there are ranges that span 
606         from the end offset of one of these duplicated nodes back to the start offset of 
607         the same duplicated node. This caused a basic block range to report a larger start 
608         offset than end offset. This was incorrect. Now, when this situation is encountered 
609         while linking a CodeBlock, the faulty range in question is ignored.
610
611         * bytecode/CodeBlock.cpp:
612         (JSC::CodeBlock::CodeBlock):
613         (JSC::CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler):
614         * bytecode/CodeBlock.h:
615         * bytecompiler/NodesCodegen.cpp:
616         (JSC::ForInNode::emitMultiLoopBytecode):
617         (JSC::ForOfNode::emitBytecode):
618         (JSC::TryNode::emitBytecode):
619         * parser/Parser.cpp:
620         (JSC::Parser<LexerType>::parseConditionalExpression):
621         * runtime/ControlFlowProfiler.cpp:
622         (JSC::ControlFlowProfiler::ControlFlowProfiler):
623         * runtime/ControlFlowProfiler.h:
624         (JSC::ControlFlowProfiler::dummyBasicBlock):
625
626 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
627
628         [SVG -> OTF Converter] Flip the switch on
629         https://bugs.webkit.org/show_bug.cgi?id=140592
630
631         Reviewed by Antti Koivisto.
632
633         * Configurations/FeatureDefines.xcconfig:
634
635 2015-01-19  Brian J. Burg  <burg@cs.washington.edu>
636
637         Web Replay: convert to is<T> and downcast<T> for decoding replay inputs
638         https://bugs.webkit.org/show_bug.cgi?id=140512
639
640         Reviewed by Chris Dumez.
641
642         Generate a SPECIALIZE_TYPE_TRAITS_* chunk of code for each input. This cannot
643         be done using REPLAY_INPUT_NAMES_FOR_EACH macro since that doesn't fully qualify
644         input types, and the type traits macro is defined in namespace WTF.
645
646         * replay/NondeterministicInput.h: Make overridden methods public.
647         * replay/scripts/CodeGeneratorReplayInputs.py:
648         (Generator.generate_header):
649         (Generator.qualified_input_name): Allow forcing qualification. WTF is never a target framework.
650         (Generator.generate_input_type_trait_declaration): Added.
651         * replay/scripts/CodeGeneratorReplayInputsTemplates.py: Add a template.
652         * replay/scripts/tests/expected/generate-enum-encoding-helpers-with-guarded-values.json-TestReplayInputs.h:
653         * replay/scripts/tests/expected/generate-enum-encoding-helpers.json-TestReplayInputs.h:
654         * replay/scripts/tests/expected/generate-enum-with-guard.json-TestReplayInputs.h:
655         * replay/scripts/tests/expected/generate-enums-with-same-base-name.json-TestReplayInputs.h:
656         * replay/scripts/tests/expected/generate-input-with-guard.json-TestReplayInputs.h:
657         * replay/scripts/tests/expected/generate-input-with-vector-members.json-TestReplayInputs.h:
658         * replay/scripts/tests/expected/generate-inputs-with-flags.json-TestReplayInputs.h:
659         * replay/scripts/tests/expected/generate-memoized-type-modes.json-TestReplayInputs.h:
660
661 2015-01-19  Commit Queue  <commit-queue@webkit.org>
662
663         Unreviewed, rolling out r178653.
664         https://bugs.webkit.org/show_bug.cgi?id=140634
665
666         Broke multiple SVG tests on Mountain Lion (Requested by ap on
667         #webkit).
668
669         Reverted changeset:
670
671         "[SVG -> OTF Converter] Flip the switch on"
672         https://bugs.webkit.org/show_bug.cgi?id=140592
673         http://trac.webkit.org/changeset/178653
674
675 2015-01-18  Dean Jackson  <dino@apple.com>
676
677         ES6: Support Array.of construction
678         https://bugs.webkit.org/show_bug.cgi?id=140605
679         <rdar://problem/19513655>
680
681         Reviewed by Geoffrey Garen.
682
683         Add and implementation of Array.of, described in 22.1.2.3 of the ES6
684         specification (15 Jan 2015). The Array.of() method creates a new Array
685         instance with a variable number of arguments, regardless of number or type
686         of the arguments.
687
688         * runtime/ArrayConstructor.cpp:
689         (JSC::arrayConstructorOf): Create a new empty Array, then iterate
690         over the arguments, setting them to the appropriate index.
691
692 2015-01-19  Myles C. Maxfield  <mmaxfield@apple.com>
693
694         [SVG -> OTF Converter] Flip the switch on
695         https://bugs.webkit.org/show_bug.cgi?id=140592
696
697         Reviewed by Antti Koivisto.
698
699         * Configurations/FeatureDefines.xcconfig:
700
701 2015-01-17  Brian J. Burg  <burg@cs.washington.edu>
702
703         Web Inspector: highlight data for overlay should use protocol type builders
704         https://bugs.webkit.org/show_bug.cgi?id=129441
705
706         Reviewed by Timothy Hatcher.
707
708         Add a new domain for overlay types.
709
710         * CMakeLists.txt:
711         * DerivedSources.make:
712         * inspector/protocol/OverlayTypes.json: Added.
713
714 2015-01-17  Michael Saboff  <msaboff@apple.com>
715
716         Crash in JSScope::resolve() on tools.ups.com
717         https://bugs.webkit.org/show_bug.cgi?id=140579
718
719         Reviewed by Geoffrey Garen.
720
721         For op_resolve_scope of a global property or variable that needs to check for the var
722         injection check watchpoint, we need to keep the scope around with a Phantom.  The
723         baseline JIT slowpath for op_resolve_scope needs the scope value if the watchpoint
724         fired.
725
726         * dfg/DFGByteCodeParser.cpp:
727         (JSC::DFG::ByteCodeParser::parseBlock):
728
729 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
730
731         Web Inspector: code generator should introduce typedefs for protocol types that are arrays
732         https://bugs.webkit.org/show_bug.cgi?id=140557
733
734         Reviewed by Joseph Pecoraro.
735
736         Currently, there is no generated type name for "array" type declarations such as Console.CallStack.
737         This makes it longwinded and confusing to use the type in C++ code.
738
739         This patch adds a typedef for array type declarations, so types such as Console::CallStack
740         can be referred to directly, rather than using Inspector::Protocol::Array<Console::CallFrame>.
741
742         Some tests were updated to cover array type declarations used as parameters and type members.
743
744         * inspector/ScriptCallStack.cpp: Use the new typedef.
745         (Inspector::ScriptCallStack::buildInspectorArray):
746         * inspector/ScriptCallStack.h:
747         * inspector/scripts/codegen/cpp_generator.py:
748         (CppGenerator.cpp_protocol_type_for_type): If an ArrayType is nominal, use the typedef'd name instead.
749         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
750         (_generate_typedefs_for_domain): Also generate typedefs for array type declarations.
751         (_generate_typedefs_for_domain.Inspector):
752         * inspector/scripts/codegen/models.py: Save the name of an ArrayType when it is a type declaration.
753         (ArrayType.__init__):
754         (Protocol.resolve_types):
755         (Protocol.lookup_type_reference):
756         * inspector/scripts/tests/commands-with-async-attribute.json:
757         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json:
758         * inspector/scripts/tests/events-with-optional-parameters.json:
759         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
760         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
761         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
762         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
763         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
764         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
765         * inspector/scripts/tests/type-declaration-object-type.json:
766
767 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
768
769         Web Replay: purge remaining PassRefPtr uses and minor cleanup
770         https://bugs.webkit.org/show_bug.cgi?id=140456
771
772         Reviewed by Andreas Kling.
773
774         Get rid of PassRefPtr. Introduce default initializers where it makes sense.
775         Remove mistaken uses of AtomicString that were not removed as part of r174113.
776
777         * replay/EmptyInputCursor.h:
778         * replay/InputCursor.h:
779         (JSC::InputCursor::InputCursor):
780
781 2015-01-16  Brian J. Burg  <burg@cs.washington.edu>
782
783         Web Inspector: code generator should fail on duplicate parameter and member names
784         https://bugs.webkit.org/show_bug.cgi?id=140555
785
786         Reviewed by Timothy Hatcher.
787
788         * inspector/scripts/codegen/models.py:
789         (find_duplicates): Add a helper function to find duplicates in a list.
790         (Protocol.parse_type_declaration):
791         (Protocol.parse_command):
792         (Protocol.parse_event):
793         * inspector/scripts/tests/expected/fail-on-duplicate-command-call-parameter-names.json-error: Added.
794         * inspector/scripts/tests/expected/fail-on-duplicate-command-return-parameter-names.json-error: Added.
795         * inspector/scripts/tests/expected/fail-on-duplicate-event-parameter-names.json-error: Added.
796         * inspector/scripts/tests/expected/fail-on-duplicate-type-member-names.json-error: Added.
797         * inspector/scripts/tests/fail-on-duplicate-command-call-parameter-names.json: Added.
798         * inspector/scripts/tests/fail-on-duplicate-command-return-parameter-names.json: Added.
799         * inspector/scripts/tests/fail-on-duplicate-event-parameter-names.json: Added.
800         * inspector/scripts/tests/fail-on-duplicate-type-member-names.json: Added.
801
802 2015-01-16  Michael Saboff  <msaboff@apple.com>
803
804         REGRESSION (r174226): Header on huffingtonpost.com is too large
805         https://bugs.webkit.org/show_bug.cgi?id=140306
806
807         Reviewed by Filip Pizlo.
808
809         BytecodeGenerator::willResolveToArguments() is used to check to see if we can use the
810         arguments register or whether we need to resolve "arguments".  If the arguments have
811         been captured, then they are stored in the lexical environment and the arguments
812         register is not used.
813
814         Changed BytecodeGenerator::willResolveToArguments() to also check to see if the arguments
815         register is captured.  Renamed the function to willResolveToArgumentsRegister() to
816         better indicate what we are checking.
817
818         Aligned 32 and 64 bit paths in ArgumentsRecoveryGenerator::generateFor() for creating
819         an arguments object that was optimized out of an inlined callFrame.  The 32 bit path
820         incorrectly calculated the location of the reified callee frame.  This alignment resulted
821         in the removal of operationCreateInlinedArgumentsDuringOSRExit()
822
823         * bytecompiler/BytecodeGenerator.cpp:
824         (JSC::BytecodeGenerator::willResolveToArgumentsRegister):
825         (JSC::BytecodeGenerator::uncheckedLocalArgumentsRegister):
826         (JSC::BytecodeGenerator::emitCall):
827         (JSC::BytecodeGenerator::emitConstruct):
828         (JSC::BytecodeGenerator::emitEnumeration):
829         (JSC::BytecodeGenerator::willResolveToArguments): Deleted.
830         * bytecompiler/BytecodeGenerator.h:
831         * bytecompiler/NodesCodegen.cpp:
832         (JSC::BracketAccessorNode::emitBytecode):
833         (JSC::DotAccessorNode::emitBytecode):
834         (JSC::getArgumentByVal):
835         (JSC::ApplyFunctionCallDotNode::emitBytecode):
836         (JSC::ArrayPatternNode::emitDirectBinding):
837         * dfg/DFGOSRExitCompilerCommon.cpp:
838         (JSC::DFG::ArgumentsRecoveryGenerator::generateFor):
839         * dfg/DFGOperations.cpp:
840         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
841         * dfg/DFGOperations.h:
842         (JSC::operationCreateInlinedArgumentsDuringOSRExit): Deleted.
843
844 2015-01-15  Csaba Osztrogonác  <ossy@webkit.org>
845
846         Remove ENABLE(SQL_DATABASE) guards
847         https://bugs.webkit.org/show_bug.cgi?id=140434
848
849         Reviewed by Darin Adler.
850
851         * CMakeLists.txt:
852         * Configurations/FeatureDefines.xcconfig:
853         * DerivedSources.make:
854         * inspector/protocol/Database.json:
855
856 2015-01-14  Alexey Proskuryakov  <ap@apple.com>
857
858         Web Inspector and regular console use different source code locations for messages
859         https://bugs.webkit.org/show_bug.cgi?id=140478
860
861         Reviewed by Brian Burg.
862
863         * inspector/ConsoleMessage.h: Expose computed source location.
864
865         * inspector/agents/InspectorConsoleAgent.cpp:
866         (Inspector::InspectorConsoleAgent::addMessageToConsole):
867         (Inspector::InspectorConsoleAgent::stopTiming):
868         (Inspector::InspectorConsoleAgent::count):
869         * inspector/agents/InspectorConsoleAgent.h:
870         addMessageToConsole() now takes a pre-made ConsoleMessage object.
871
872         * inspector/JSGlobalObjectConsoleClient.cpp:
873         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
874         (Inspector::JSGlobalObjectConsoleClient::warnUnimplemented):
875         * inspector/JSGlobalObjectInspectorController.cpp:
876         (Inspector::JSGlobalObjectInspectorController::reportAPIException):
877         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp:
878         (Inspector::JSGlobalObjectDebuggerAgent::breakpointActionLog):
879         Updated for the above changes.
880
881 2015-01-15  Mark Lam  <mark.lam@apple.com>
882
883         [Part 2] Argument object created by "Function dot arguments" should use a clone of argument values.
884         <https://webkit.org/b/140093>
885
886         Reviewed by Geoffrey Garen.
887
888         * interpreter/StackVisitor.cpp:
889         (JSC::StackVisitor::Frame::createArguments):
890         - We should not fetching the lexicalEnvironment here.  The reason we've
891           introduced the ClonedArgumentsCreationMode is because the lexicalEnvironment
892           may not be available to us at this point.  Instead, we'll just pass a nullptr.
893
894         * runtime/Arguments.cpp:
895         (JSC::Arguments::tearOffForCloning):
896         * runtime/Arguments.h:
897         (JSC::Arguments::finishCreation):
898         - Use the new tearOffForCloning() to tear off arguments right out of the values
899           passed on the stack.  tearOff() is not appropriate for this purpose because
900           it takes slowArgumentsData into account.
901
902 2015-01-14  Matthew Mirman  <mmirman@apple.com>
903
904         Removed accidental commit of "invalid_array.js" 
905         http://trac.webkit.org/changeset/178439
906
907         * tests/stress/invalid_array.js: Removed.
908
909 2015-01-14  Matthew Mirman  <mmirman@apple.com>
910
911         Fixes operationPutByIdOptimizes such that they check that the put didn't
912         change the structure of the object who's property access is being
913         cached.  Also removes uses of the new base value from the cache generation code.
914         https://bugs.webkit.org/show_bug.cgi?id=139500
915
916         Reviewed by Filip Pizlo.
917
918         * jit/JITOperations.cpp:
919         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
920         (JSC::operationPutByIdNonStrictOptimize): ditto.
921         (JSC::operationPutByIdDirectStrictOptimize): ditto.
922         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
923         * jit/Repatch.cpp:
924         (JSC::generateByIdStub):
925         (JSC::tryCacheGetByID):
926         (JSC::tryBuildGetByIDList):
927         (JSC::emitPutReplaceStub):
928         (JSC::emitPutTransitionStubAndGetOldStructure): Added.
929         (JSC::tryCachePutByID):
930         (JSC::repatchPutByID):
931         (JSC::tryBuildPutByIdList):
932         (JSC::tryRepatchIn):
933         (JSC::emitPutTransitionStub): Deleted.
934         * jit/Repatch.h:
935         * llint/LLIntSlowPaths.cpp:
936         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
937         * runtime/JSPropertyNameEnumerator.h:
938         (JSC::genericPropertyNameEnumerator):
939         * runtime/Operations.h:
940         (JSC::normalizePrototypeChainForChainAccess): restructured to not use the base value.
941         (JSC::normalizePrototypeChain): restructured to not use the base value.
942         * tests/mozilla/mozilla-tests.yaml:
943         * tests/stress/proto-setter.js: Added.
944         * tests/stress/put-by-id-build-list-order-recurse.js: Added.
945         Added test that fails without this patch.
946
947 2015-01-13  Joseph Pecoraro  <pecoraro@apple.com>
948
949         Web Inspector: Remove unused ResizeImage and DecodeImageData timeline events
950         https://bugs.webkit.org/show_bug.cgi?id=140404
951
952         Reviewed by Timothy Hatcher.
953
954         * inspector/protocol/Timeline.json:
955
956 2015-01-13  Yusuke Suzuki  <utatane.tea@gmail.com>
957
958         DFG can call PutByValDirect for generic arrays
959         https://bugs.webkit.org/show_bug.cgi?id=140389
960
961         Reviewed by Geoffrey Garen.
962
963         Computed properties in object initializers (ES6) use the put_by_val_direct operation.
964         However, current DFG asserts that put_by_val_direct is not used for the generic array,
965         the assertion failure is raised.
966         This patch allow DFG to use put_by_val_direct to generic arrays.
967
968         And fix the DFG put_by_val_direct implementation for string properties.
969         At first, put_by_val_direct is inteded to be used for spread elements.
970         So the property keys were limited to numbers (indexes).
971         But now, it's also used for computed properties in object initializers.
972
973         * dfg/DFGOperations.cpp:
974         (JSC::DFG::operationPutByValInternal):
975         * dfg/DFGSpeculativeJIT64.cpp:
976         (JSC::DFG::SpeculativeJIT::compile):
977
978 2015-01-13  Geoffrey Garen  <ggaren@apple.com>
979
980         Out of bounds access in BytecodeGenerator::emitGetById under DotAccessorNode::emitBytecode
981         https://bugs.webkit.org/show_bug.cgi?id=140397
982
983         Reviewed by Geoffrey Garen.
984
985         Patch by Alexey Proskuryakov.
986
987         Reviewed, performance tested, and ChangeLogged by Geoffrey Garen.
988
989         No performance change.
990
991         No test, since this is a small past-the-end read, which is very
992         difficult to turn into a reproducible failing test -- and existing tests
993         crash reliably using ASan.
994
995         * bytecompiler/NodesCodegen.cpp:
996         (JSC::BracketAccessorNode::emitBytecode):
997         (JSC::DotAccessorNode::emitBytecode):
998         (JSC::FunctionCallBracketNode::emitBytecode):
999         (JSC::PostfixNode::emitResolve):
1000         (JSC::DeleteBracketNode::emitBytecode):
1001         (JSC::DeleteDotNode::emitBytecode):
1002         (JSC::PrefixNode::emitResolve):
1003         (JSC::UnaryOpNode::emitBytecode):
1004         (JSC::BitwiseNotNode::emitBytecode):
1005         (JSC::BinaryOpNode::emitBytecode):
1006         (JSC::EqualNode::emitBytecode):
1007         (JSC::StrictEqualNode::emitBytecode):
1008         (JSC::ThrowableBinaryOpNode::emitBytecode):
1009         (JSC::AssignDotNode::emitBytecode):
1010         (JSC::AssignBracketNode::emitBytecode): Use RefPtr in more places. Any
1011         register used across a call to a function that might allocate a new
1012         temporary register must be held in a RefPtr.
1013
1014 2015-01-12  Michael Saboff  <msaboff@apple.com>
1015
1016         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1017         https://bugs.webkit.org/show_bug.cgi?id=140348
1018
1019         Reviewed by Mark Lam.
1020
1021         We used to read registers in MachineThreads::gatherFromCurrentThread(), but that is too late
1022         because those registers may have been spilled on the stack and replaced with other values by
1023         the time we call down to gatherFromCurrentThread().
1024
1025         Now we get the register contents at the same place that we demarcate the current top of
1026         stack using the address of a local variable, in Heap::markRoots().  The register contents
1027         buffer is passed along with the demarcation pointer.  These need to be done at this level 
1028         in the call tree and no lower, as markRoots() calls various functions that visit object
1029         pointers that may be latter proven dead.  Any of those pointers that are left on the
1030         stack or in registers could be incorrectly marked as live if we scan the stack contents
1031         from a called function or one of its callees.  The stack demarcation pointer and register
1032         saving need to be done in the same function so that we have a consistent stack, active
1033         and spilled registers.
1034
1035         Because we don't want to make unnecessary calls to get the register contents, we use
1036         a macro to allocated, and possibly align, the register structure and get the actual
1037         register contents.
1038
1039
1040         * heap/Heap.cpp:
1041         (JSC::Heap::markRoots):
1042         (JSC::Heap::gatherStackRoots):
1043         * heap/Heap.h:
1044         * heap/MachineStackMarker.cpp:
1045         (JSC::MachineThreads::gatherFromCurrentThread):
1046         (JSC::MachineThreads::gatherConservativeRoots):
1047         * heap/MachineStackMarker.h:
1048
1049 2015-01-12  Benjamin Poulain  <benjamin@webkit.org>
1050
1051         Add basic pattern matching support to the url filters
1052         https://bugs.webkit.org/show_bug.cgi?id=140283
1053
1054         Reviewed by Andreas Kling.
1055
1056         * JavaScriptCore.xcodeproj/project.pbxproj:
1057         Make YarrParser.h private in order to use it from WebCore.
1058
1059 2015-01-12  Geoffrey Garen  <ggaren@apple.com>
1060
1061         Out of bounds read in IdentifierArena::makeIdentifier
1062         https://bugs.webkit.org/show_bug.cgi?id=140376
1063
1064         Patch by Alexey Proskuryakov.
1065
1066         Reviewed and ChangeLogged by Geoffrey Garen.
1067
1068         No test, since this is a small past-the-end read, which is very
1069         difficult to turn into a reproducible failing test -- and existing tests
1070         crash reliably using ASan.
1071
1072         * parser/ParserArena.h:
1073         (JSC::IdentifierArena::makeIdentifier):
1074         (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
1075         zero-length string input, like we do in the literal parser, since it is
1076         not valid to dereference characters in a zero-length string.
1077
1078         A zero-length string is allowed in JavaScript -- for example, "".
1079
1080 2015-01-11  Sam Weinig  <sam@webkit.org>
1081
1082         Remove support for SharedWorkers
1083         https://bugs.webkit.org/show_bug.cgi?id=140344
1084
1085         Reviewed by Anders Carlsson.
1086
1087         * Configurations/FeatureDefines.xcconfig:
1088
1089 2015-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
1090
1091         Allow targetting the SVG->OTF font converter with ENABLE(SVG_OTF_CONVERTER)
1092         https://bugs.webkit.org/show_bug.cgi?id=136769
1093
1094         Reviewed by Antti Koivisto.
1095
1096         * Configurations/FeatureDefines.xcconfig:
1097
1098 2015-01-12  Commit Queue  <commit-queue@webkit.org>
1099
1100         Unreviewed, rolling out r178266.
1101         https://bugs.webkit.org/show_bug.cgi?id=140363
1102
1103         Broke a JSC test (Requested by ap on #webkit).
1104
1105         Reverted changeset:
1106
1107         "Local JSArray* "keys" in objectConstructorKeys() is not
1108         marked during garbage collection"
1109         https://bugs.webkit.org/show_bug.cgi?id=140348
1110         http://trac.webkit.org/changeset/178266
1111
1112 2015-01-12  Michael Saboff  <msaboff@apple.com>
1113
1114         Local JSArray* "keys" in objectConstructorKeys() is not marked during garbage collection
1115         https://bugs.webkit.org/show_bug.cgi?id=140348
1116
1117         Reviewed by Mark Lam.
1118
1119         Move the address of the local variable that is used to demarcate the top of the stack for 
1120         conservative roots down to MachineThreads::gatherFromCurrentThread() since it also gets
1121         the register values using setjmp().  That way we don't lose any callee save register
1122         contents between Heap::markRoots(), where it was set, and gatherFromCurrentThread().
1123         If we lose any JSObject* that are only in callee save registers, they will be GC'ed
1124         erroneously.
1125
1126         * heap/Heap.cpp:
1127         (JSC::Heap::markRoots):
1128         (JSC::Heap::gatherStackRoots):
1129         * heap/Heap.h:
1130         * heap/MachineStackMarker.cpp:
1131         (JSC::MachineThreads::gatherFromCurrentThread):
1132         (JSC::MachineThreads::gatherConservativeRoots):
1133         * heap/MachineStackMarker.h:
1134
1135 2015-01-11  Eric Carlson  <eric.carlson@apple.com>
1136
1137         Fix typo in testate.c error messages
1138         https://bugs.webkit.org/show_bug.cgi?id=140305
1139
1140         Reviewed by Geoffrey Garen.
1141
1142         * API/tests/testapi.c:
1143         (main): "... script did not timed out ..." -> "... script did not time out ..."
1144
1145 2015-01-09  Michael Saboff  <msaboff@apple.com>
1146
1147         Breakpoint doesn't fire in this HTML5 game
1148         https://bugs.webkit.org/show_bug.cgi?id=140269
1149
1150         Reviewed by Mark Lam.
1151
1152         When parsing a single line cached function, use the lineStartOffset of the
1153         location where we found the cached function instead of the cached lineStartOffset.
1154         The cache location's lineStartOffset has not been adjusted for any possible
1155         containing functions.
1156
1157         This change is not needed for multi-line cached functions.  Consider the
1158         single line source:
1159
1160         function outer(){function inner1(){doStuff();}; (function inner2() {doMoreStuff()})()}
1161
1162         The first parser pass, we parse and cache inner1() and inner2() with a lineStartOffset
1163         of 0.  Later when we parse outer() and find inner1() in the cache, SourceCode start
1164         character is at outer()'s outermost open brace.  That is what we should use for
1165         lineStartOffset for inner1().  When done parsing inner1() we set the parsing token
1166         to the saved location for inner1(), including the lineStartOffset of 0.  We need
1167         to use the value of lineStartOffset before we started parsing inner1().  That is
1168         what the fix does.  When we parse inner2() the lineStartOffset will be correct.
1169
1170         For a multi-line function, the close brace is guaranteed to be on a different line
1171         than the open brace.  Hence, its lineStartOffset will not change with the change of
1172         the SourceCode start character
1173
1174         * parser/Parser.cpp:
1175         (JSC::Parser<LexerType>::parseFunctionInfo):
1176
1177 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1178
1179         Web Inspector: Uncaught Exception in ProbeManager deleting breakpoint
1180         https://bugs.webkit.org/show_bug.cgi?id=140279
1181         rdar://problem/19422299
1182
1183         Reviewed by Oliver Hunt.
1184
1185         * runtime/MapData.cpp:
1186         (JSC::MapData::replaceAndPackBackingStore):
1187         The cell table also needs to have its values fixed.
1188
1189 2015-01-09  Joseph Pecoraro  <pecoraro@apple.com>
1190
1191         Web Inspector: Remove or use TimelineAgent Resource related event types
1192         https://bugs.webkit.org/show_bug.cgi?id=140155
1193
1194         Reviewed by Timothy Hatcher.
1195
1196         Remove unused / stale Timeline event types.
1197
1198         * inspector/protocol/Timeline.json:
1199
1200 2015-01-09  Csaba Osztrogonác  <ossy@webkit.org>
1201
1202         REGRESSION(r177925): It broke the !ENABLE(INSPECTOR) build
1203         https://bugs.webkit.org/show_bug.cgi?id=140098
1204
1205         Reviewed by Brian Burg.
1206
1207         * inspector/InspectorBackendDispatcher.h: Missing ENABLE(INSPECTOR) guard added.
1208
1209 2015-01-08  Mark Lam  <mark.lam@apple.com>
1210
1211         Argument object created by "Function dot arguments" should use a clone of the argument values.
1212         <https://webkit.org/b/140093>
1213
1214         Reviewed by Geoffrey Garen.
1215
1216         After the change in <https://webkit.org/b/139827>, the dfg-tear-off-arguments-not-activation.js
1217         test will crash.  The relevant code which manifests the issue is as follows:
1218
1219             function bar() {
1220                 return foo.arguments;
1221             }
1222
1223             function foo(p) {
1224                 var x = 42;
1225                 if (p)
1226                     return (function() { return x; });
1227                 else
1228                     return bar();
1229             }
1230
1231         In this case, foo() has no knowledge of bar() needing its LexicalEnvironment and
1232         has dead code eliminated the SetLocal that stores it into its designated local.
1233         In bar(), the factory for the Arguments object (for creating foo.arguments) tries
1234         to read foo's LexicalEnvironment from its designated lexicalEnvironment local,
1235         but instead, finds it to be uninitialized.  This results in a null pointer access
1236         which causes a crash.
1237
1238         This can be resolved by having bar() instantiate a clone of the Arguments object
1239         instead, and populate its elements with values fetched directly from foo's frame.
1240         There's no need to reference foo's LexicalEnvironment (whether present or not).
1241
1242         * interpreter/StackVisitor.cpp:
1243         (JSC::StackVisitor::Frame::createArguments):
1244         * runtime/Arguments.h:
1245         (JSC::Arguments::finishCreation):
1246
1247 2015-01-08  Mark Lam  <mark.lam@apple.com>
1248
1249         Make the LLINT and Baseline JIT's op_create_arguments and op_get_argument_by_val use their lexicalEnvironment operand.
1250         <https://webkit.org/b/140236>
1251
1252         Reviewed by Geoffrey Garen.
1253
1254         Will change the DFG to use the operand on a subsequent pass.  For now,
1255         the DFG uses a temporary thunk (operationCreateArgumentsForDFG()) to
1256         retain the old behavior of getting the lexicalEnviroment from the
1257         ExecState.
1258
1259         * bytecompiler/BytecodeGenerator.cpp:
1260         (JSC::BytecodeGenerator::BytecodeGenerator):
1261         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1262         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1263         - When the lexicalEnvironment is not available, pass the invalid VirtualRegister
1264           instead of an empty JSValue as the lexicalEnvironment operand.
1265
1266         * dfg/DFGOperations.cpp:
1267         - Use the lexicalEnvironment from the ExecState for now.
1268
1269         * dfg/DFGSpeculativeJIT32_64.cpp:
1270         (JSC::DFG::SpeculativeJIT::compile):
1271         * dfg/DFGSpeculativeJIT64.cpp:
1272         (JSC::DFG::SpeculativeJIT::compile):
1273         - Use the operationCreateArgumentsForDFG() thunk for now.
1274
1275         * interpreter/CallFrame.cpp:
1276         (JSC::CallFrame::lexicalEnvironmentOrNullptr):
1277         * interpreter/CallFrame.h:
1278         - Added this convenience function to return either the
1279           lexicalEnvironment or a nullptr so that we don't need to do a
1280           conditional check on codeBlock->needsActivation() at multiple sites.
1281
1282         * interpreter/StackVisitor.cpp:
1283         (JSC::StackVisitor::Frame::createArguments):
1284         * jit/JIT.h:
1285         * jit/JITInlines.h:
1286         (JSC::JIT::callOperation):
1287         * jit/JITOpcodes.cpp:
1288         (JSC::JIT::emit_op_create_arguments):
1289         (JSC::JIT::emitSlow_op_get_argument_by_val):
1290         * jit/JITOpcodes32_64.cpp:
1291         (JSC::JIT::emit_op_create_arguments):
1292         (JSC::JIT::emitSlow_op_get_argument_by_val):
1293         * jit/JITOperations.cpp:
1294         * jit/JITOperations.h:
1295         * llint/LLIntSlowPaths.cpp:
1296         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1297         * runtime/Arguments.h:
1298         (JSC::Arguments::create):
1299         (JSC::Arguments::finishCreation):
1300         * runtime/CommonSlowPaths.cpp:
1301         (JSC::SLOW_PATH_DECL):
1302         * runtime/JSLexicalEnvironment.cpp:
1303         (JSC::JSLexicalEnvironment::argumentsGetter):
1304
1305 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1306
1307         Web Inspector: Pause Reason Improvements (Breakpoint, Debugger Statement, Pause on Next Statement)
1308         https://bugs.webkit.org/show_bug.cgi?id=138991
1309
1310         Reviewed by Timothy Hatcher.
1311
1312         * debugger/Debugger.cpp:
1313         (JSC::Debugger::Debugger):
1314         (JSC::Debugger::pauseIfNeeded):
1315         (JSC::Debugger::didReachBreakpoint):
1316         When actually pausing, if we hit a breakpoint ensure the reason
1317         is PausedForBreakpoint, otherwise use the current reason.
1318
1319         * debugger/Debugger.h:
1320         Make pause reason and pausing breakpoint ID public.
1321
1322         * inspector/agents/InspectorDebuggerAgent.h:
1323         * inspector/agents/InspectorDebuggerAgent.cpp:
1324         (Inspector::buildAssertPauseReason):
1325         (Inspector::buildCSPViolationPauseReason):
1326         (Inspector::InspectorDebuggerAgent::buildBreakpointPauseReason):
1327         (Inspector::InspectorDebuggerAgent::buildExceptionPauseReason):
1328         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1329         (Inspector::buildObjectForBreakpointCookie):
1330         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1331         (Inspector::InspectorDebuggerAgent::removeBreakpoint):
1332         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1333         (Inspector::InspectorDebuggerAgent::pause):
1334         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1335         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1336         (Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState):
1337         Clean up creation of pause reason objects and other cleanup
1338         of PassRefPtr use and InjectedScript use.
1339
1340         (Inspector::InspectorDebuggerAgent::didPause):
1341         Clean up so that we first check for an Exception, and then fall
1342         back to including a Pause Reason derived from the Debugger.
1343
1344         * inspector/protocol/Debugger.json:
1345         Add new DebuggerStatement, Breakpoint, and PauseOnNextStatement reasons.
1346
1347 2015-01-08  Joseph Pecoraro  <pecoraro@apple.com>
1348
1349         Web Inspector: Type check NSArray's in ObjC Interfaces have the right object types
1350         https://bugs.webkit.org/show_bug.cgi?id=140209
1351
1352         Reviewed by Timothy Hatcher.
1353
1354         Check the types of objects in NSArrays for all interfaces (commands, events, types)
1355         when the user can set an array of objects. Previously we were only type checking
1356         they were RWIJSONObjects, now we add an explicit check for the exact object type.
1357
1358         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1359         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1360         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1361         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1362         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1363         (ObjCProtocolTypesImplementationGenerator._generate_init_method_for_required_members):
1364         (ObjCProtocolTypesImplementationGenerator._generate_setter_for_member):
1365         * inspector/scripts/codegen/objc_generator.py:
1366         (ObjCGenerator.objc_class_for_array_type):
1367         (ObjCGenerator):
1368
1369 2015-01-07  Mark Lam  <mark.lam@apple.com>
1370
1371         Add the lexicalEnvironment as an operand to op_get_argument_by_val.
1372         <https://webkit.org/b/140233>
1373
1374         Reviewed by Filip Pizlo.
1375
1376         This patch only adds the operand to the bytecode.  It is not in use yet.
1377
1378         * bytecode/BytecodeList.json:
1379         * bytecode/BytecodeUseDef.h:
1380         (JSC::computeUsesForBytecodeOffset):
1381         * bytecode/CodeBlock.cpp:
1382         (JSC::CodeBlock::dumpBytecode):
1383         * bytecompiler/BytecodeGenerator.cpp:
1384         (JSC::BytecodeGenerator::emitGetArgumentByVal):
1385         * llint/LowLevelInterpreter32_64.asm:
1386         * llint/LowLevelInterpreter64.asm:
1387
1388 2015-01-07  Yusuke Suzuki  <utatane.tea@gmail.com>
1389
1390         Investigate the character type of repeated string instead of checking is8Bit flag
1391         https://bugs.webkit.org/show_bug.cgi?id=140139
1392
1393         Reviewed by Darin Adler.
1394
1395         Instead of checking is8Bit flag of the repeated string, investigate
1396         the actual value of the repeated character since i8Bit flag give a false negative case.
1397
1398         * runtime/StringPrototype.cpp:
1399         (JSC::repeatCharacter):
1400         (JSC::stringProtoFuncRepeat):
1401         (JSC::repeatSmallString): Deleted.
1402
1403 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1404
1405         Web Inspector: ObjC Generate types from the GenericTypes domain
1406         https://bugs.webkit.org/show_bug.cgi?id=140229
1407
1408         Reviewed by Timothy Hatcher.
1409
1410         Generate types from the GenericTypes domain, as they are expected
1411         by other domains (like Page domain). Also, don't include the @protocol
1412         forward declaration for a domain if it doesn't have any commands.
1413
1414         * inspector/scripts/codegen/generate_objc_backend_dispatcher_header.py:
1415         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations):
1416         (ObjCBackendDispatcherHeaderGenerator): Deleted.
1417         (ObjCBackendDispatcherHeaderGenerator._generate_objc_forward_declarations_for_domains): Deleted.
1418         * inspector/scripts/codegen/objc_generator.py:
1419         (ObjCGenerator):
1420         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1421         * inspector/scripts/tests/expected/enum-values.json-result:
1422         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1423         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1424         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1425         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1426         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1427         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1428         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1429         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1430         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1431
1432 2015-01-07  Joseph Pecoraro  <pecoraro@apple.com>
1433
1434         Web Inspector: Remove unnecessary copyRef for paramsObject in generated dispatchers
1435         https://bugs.webkit.org/show_bug.cgi?id=140228
1436
1437         Reviewed by Timothy Hatcher.
1438
1439         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1440         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1441         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1442         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1443         * inspector/scripts/tests/expected/enum-values.json-result:
1444         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1445
1446 2015-01-07  Saam Barati  <saambarati1@gmail.com>
1447
1448         interpret op_profile_type in the LLInt instead of unconditionally calling into the slow path
1449         https://bugs.webkit.org/show_bug.cgi?id=140165
1450
1451         Reviewed by Michael Saboff.
1452
1453         Inlining the functionality of TypeProfilerLog::recordTypeInformationForLocation
1454         into the LLInt speeds up type profiling.
1455
1456         * llint/LLIntOffsetsExtractor.cpp:
1457         * llint/LowLevelInterpreter.asm:
1458         * llint/LowLevelInterpreter32_64.asm:
1459         * llint/LowLevelInterpreter64.asm:
1460         * runtime/CommonSlowPaths.cpp:
1461         (JSC::SLOW_PATH_DECL):
1462         * runtime/CommonSlowPaths.h:
1463         * runtime/TypeProfilerLog.h:
1464         (JSC::TypeProfilerLog::recordTypeInformationForLocation): Deleted.
1465
1466 2015-01-07  Brian J. Burg  <burg@cs.washington.edu>
1467
1468         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1469         https://bugs.webkit.org/show_bug.cgi?id=140053
1470
1471         Reviewed by Andreas Kling.
1472
1473         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1474         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1475         references are always non-null. These two refactorings have been combined since
1476         they tend to require similar changes to the code.
1477
1478         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1479         have been updated to take a Ref instead of RefPtr.
1480
1481         Builders for typed protocol objects now return a Ref. Since there is no implicit
1482         call to operator&, callsites now must explicitly call .release() to convert a
1483         builder object into the corresponding protocol object once required fields are set.
1484         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1485
1486         Tests for inspector protocol and replay inputs have been rebaselined.
1487
1488         * bindings/ScriptValue.cpp:
1489         (Deprecated::jsToInspectorValue):
1490         (Deprecated::ScriptValue::toInspectorValue):
1491         * bindings/ScriptValue.h:
1492         * inspector/ConsoleMessage.cpp:
1493         (Inspector::ConsoleMessage::addToFrontend):
1494         * inspector/ContentSearchUtilities.cpp:
1495         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1496         (Inspector::ContentSearchUtilities::searchInTextByLines):
1497         * inspector/ContentSearchUtilities.h:
1498         * inspector/InjectedScript.cpp:
1499         (Inspector::InjectedScript::getFunctionDetails):
1500         (Inspector::InjectedScript::getProperties):
1501         (Inspector::InjectedScript::getInternalProperties):
1502         (Inspector::InjectedScript::wrapCallFrames):
1503         (Inspector::InjectedScript::wrapObject):
1504         (Inspector::InjectedScript::wrapTable):
1505         * inspector/InjectedScript.h:
1506         * inspector/InjectedScriptBase.cpp:
1507         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1508         * inspector/InspectorBackendDispatcher.cpp:
1509         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1510         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1511         (Inspector::InspectorBackendDispatcher::create):
1512         (Inspector::InspectorBackendDispatcher::dispatch):
1513         (Inspector::InspectorBackendDispatcher::sendResponse):
1514         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1515         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1516         (Inspector::InspectorBackendDispatcher::getInteger):
1517         (Inspector::InspectorBackendDispatcher::getDouble):
1518         (Inspector::InspectorBackendDispatcher::getString):
1519         (Inspector::InspectorBackendDispatcher::getBoolean):
1520         (Inspector::InspectorBackendDispatcher::getObject):
1521         (Inspector::InspectorBackendDispatcher::getArray):
1522         (Inspector::InspectorBackendDispatcher::getValue):
1523         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1524         protocol error strings.
1525         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1526         Convert the supplemental dispatcher's reference to Ref since it is never null.
1527         * inspector/InspectorEnvironment.h:
1528         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1529         StructItemTraits. Add more versions of addItem to handle pushing various types.
1530         (Inspector::Protocol::Array::openAccessors):
1531         (Inspector::Protocol::Array::addItem):
1532         (Inspector::Protocol::Array::create):
1533         (Inspector::Protocol::StructItemTraits::push):
1534         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1535         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1536         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1537         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1538         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1539         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1540         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1541         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1542         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1543         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1544         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1545         the same call signature as other getters. Use Ref where possible.
1546         (Inspector::InspectorObjectBase::getBoolean):
1547         (Inspector::InspectorObjectBase::getString):
1548         (Inspector::InspectorObjectBase::getObject):
1549         (Inspector::InspectorObjectBase::getArray):
1550         (Inspector::InspectorObjectBase::getValue):
1551         (Inspector::InspectorObjectBase::writeJSON):
1552         (Inspector::InspectorArrayBase::get):
1553         (Inspector::InspectorObject::create):
1554         (Inspector::InspectorArray::create):
1555         (Inspector::InspectorValue::null):
1556         (Inspector::InspectorString::create):
1557         (Inspector::InspectorBasicValue::create):
1558         (Inspector::InspectorObjectBase::get): Deleted.
1559         * inspector/InspectorValues.h:
1560         (Inspector::InspectorObjectBase::setValue):
1561         (Inspector::InspectorObjectBase::setObject):
1562         (Inspector::InspectorObjectBase::setArray):
1563         (Inspector::InspectorArrayBase::pushValue):
1564         (Inspector::InspectorArrayBase::pushObject):
1565         (Inspector::InspectorArrayBase::pushArray):
1566         * inspector/JSGlobalObjectConsoleClient.cpp:
1567         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1568         (Inspector::JSGlobalObjectConsoleClient::count):
1569         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1570         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1571         * inspector/JSGlobalObjectConsoleClient.h:
1572         * inspector/JSGlobalObjectInspectorController.cpp:
1573         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1574         * inspector/JSGlobalObjectInspectorController.h:
1575         * inspector/ScriptCallFrame.cpp:
1576         (Inspector::ScriptCallFrame::buildInspectorObject):
1577         * inspector/ScriptCallFrame.h:
1578         * inspector/ScriptCallStack.cpp:
1579         (Inspector::ScriptCallStack::create):
1580         (Inspector::ScriptCallStack::buildInspectorArray):
1581         * inspector/ScriptCallStack.h:
1582         * inspector/agents/InspectorAgent.cpp:
1583         (Inspector::InspectorAgent::enable):
1584         (Inspector::InspectorAgent::inspect):
1585         (Inspector::InspectorAgent::activateExtraDomain):
1586         * inspector/agents/InspectorAgent.h:
1587         * inspector/agents/InspectorDebuggerAgent.cpp:
1588         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1589         (Inspector::buildObjectForBreakpointCookie):
1590         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1591         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1592         (Inspector::InspectorDebuggerAgent::continueToLocation):
1593         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1594         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1595         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1596         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1597         (Inspector::InspectorDebuggerAgent::didParseSource):
1598         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1599         (Inspector::InspectorDebuggerAgent::breakProgram):
1600         * inspector/agents/InspectorDebuggerAgent.h:
1601         * inspector/agents/InspectorRuntimeAgent.cpp:
1602         (Inspector::buildErrorRangeObject):
1603         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1604         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1605         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1606         * inspector/agents/InspectorRuntimeAgent.h:
1607         * inspector/scripts/codegen/cpp_generator.py:
1608         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1609         (CppGenerator.cpp_type_for_type_with_name):
1610         (CppGenerator.cpp_type_for_formal_async_parameter):
1611         (CppGenerator.should_use_references_for_type):
1612         (CppGenerator):
1613         * inspector/scripts/codegen/cpp_generator_templates.py:
1614         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1615         (CppBackendDispatcherHeaderGenerator.generate_output):
1616         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1617         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1618         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1619         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1620         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1621         (CppFrontendDispatcherHeaderGenerator.generate_output):
1622         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1623         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1624         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1625         (CppProtocolTypesHeaderGenerator.generate_output):
1626         (_generate_class_for_object_declaration):
1627         (_generate_unchecked_setter_for_member):
1628         (_generate_forward_declarations_for_binding_traits):
1629         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1630         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1631         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1632         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1633         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1634         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1635         (ObjCProtocolTypesImplementationGenerator.generate_output):
1636         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1637         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1638         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1639         * inspector/scripts/tests/expected/enum-values.json-result:
1640         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1641         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1642         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1643         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1644         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1645         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1646         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1647         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1648         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1649         * replay/EncodedValue.cpp:
1650         (JSC::EncodedValue::asObject):
1651         (JSC::EncodedValue::asArray):
1652         (JSC::EncodedValue::put<EncodedValue>):
1653         (JSC::EncodedValue::append<EncodedValue>):
1654         (JSC::EncodedValue::get<EncodedValue>):
1655         * replay/EncodedValue.h:
1656         * replay/scripts/CodeGeneratorReplayInputs.py:
1657         (Type.borrow_type):
1658         (Type.argument_type):
1659         (Generator.generate_member_move_expression):
1660         * runtime/ConsoleClient.cpp:
1661         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1662         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1663         (JSC::ConsoleClient::logWithLevel):
1664         (JSC::ConsoleClient::clear):
1665         (JSC::ConsoleClient::dir):
1666         (JSC::ConsoleClient::dirXML):
1667         (JSC::ConsoleClient::table):
1668         (JSC::ConsoleClient::trace):
1669         (JSC::ConsoleClient::assertCondition):
1670         (JSC::ConsoleClient::group):
1671         (JSC::ConsoleClient::groupCollapsed):
1672         (JSC::ConsoleClient::groupEnd):
1673         * runtime/ConsoleClient.h:
1674         * runtime/TypeSet.cpp:
1675         (JSC::TypeSet::allStructureRepresentations):
1676         (JSC::TypeSet::inspectorTypeSet):
1677         (JSC::StructureShape::inspectorRepresentation):
1678         * runtime/TypeSet.h:
1679
1680 2015-01-07  Commit Queue  <commit-queue@webkit.org>
1681
1682         Unreviewed, rolling out r178039.
1683         https://bugs.webkit.org/show_bug.cgi?id=140187
1684
1685         Breaks ObjC Inspector Protocol (Requested by JoePeck on
1686         #webkit).
1687
1688         Reverted changeset:
1689
1690         "Web Inspector: purge PassRefPtr from Inspector code and use
1691         Ref for typed and untyped protocol objects"
1692         https://bugs.webkit.org/show_bug.cgi?id=140053
1693         http://trac.webkit.org/changeset/178039
1694
1695 2015-01-06  Brian J. Burg  <burg@cs.washington.edu>
1696
1697         Web Inspector: purge PassRefPtr from Inspector code and use Ref for typed and untyped protocol objects
1698         https://bugs.webkit.org/show_bug.cgi?id=140053
1699
1700         Reviewed by Andreas Kling.
1701
1702         This patch replaces uses of PassRefPtr with uses of RefPtr&& and WTF::move() in code
1703         related to Web Inspector. It also converts many uses of RefPtr to Ref where
1704         references are always non-null. These two refactorings have been combined since
1705         they tend to require similar changes to the code.
1706
1707         Creation methods for subclasses of InspectorValue now return a Ref, and callsites
1708         have been updated to take a Ref instead of RefPtr.
1709
1710         Builders for typed protocol objects now return a Ref. Since there is no implicit
1711         call to operator&, callsites now must explicitly call .release() to convert a
1712         builder object into the corresponding protocol object once required fields are set.
1713         Update callsites and use auto to eliminate repetition of longwinded protocol types.
1714
1715         Tests for inspector protocol and replay inputs have been rebaselined.
1716
1717         * bindings/ScriptValue.cpp:
1718         (Deprecated::jsToInspectorValue):
1719         (Deprecated::ScriptValue::toInspectorValue):
1720         * bindings/ScriptValue.h:
1721         * inspector/ConsoleMessage.cpp:
1722         (Inspector::ConsoleMessage::addToFrontend):
1723         * inspector/ContentSearchUtilities.cpp:
1724         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1725         (Inspector::ContentSearchUtilities::searchInTextByLines):
1726         * inspector/ContentSearchUtilities.h:
1727         * inspector/InjectedScript.cpp:
1728         (Inspector::InjectedScript::getFunctionDetails):
1729         (Inspector::InjectedScript::getProperties):
1730         (Inspector::InjectedScript::getInternalProperties):
1731         (Inspector::InjectedScript::wrapCallFrames):
1732         (Inspector::InjectedScript::wrapObject):
1733         (Inspector::InjectedScript::wrapTable):
1734         * inspector/InjectedScript.h:
1735         * inspector/InjectedScriptBase.cpp:
1736         (Inspector::InjectedScriptBase::makeEvalCall): Split the early exits.
1737         * inspector/InspectorBackendDispatcher.cpp:
1738         (Inspector::InspectorBackendDispatcher::CallbackBase::CallbackBase):
1739         (Inspector::InspectorBackendDispatcher::CallbackBase::sendIfActive):
1740         (Inspector::InspectorBackendDispatcher::create):
1741         (Inspector::InspectorBackendDispatcher::dispatch):
1742         (Inspector::InspectorBackendDispatcher::sendResponse):
1743         (Inspector::InspectorBackendDispatcher::reportProtocolError):
1744         (Inspector::getPropertyValue): Add a comment to clarify what this clever code does.
1745         (Inspector::InspectorBackendDispatcher::getInteger):
1746         (Inspector::InspectorBackendDispatcher::getDouble):
1747         (Inspector::InspectorBackendDispatcher::getString):
1748         (Inspector::InspectorBackendDispatcher::getBoolean):
1749         (Inspector::InspectorBackendDispatcher::getObject):
1750         (Inspector::InspectorBackendDispatcher::getArray):
1751         (Inspector::InspectorBackendDispatcher::getValue):
1752         * inspector/InspectorBackendDispatcher.h: Use a typed protocol object to collect
1753         protocol error strings.
1754         (Inspector::InspectorSupplementalBackendDispatcher::InspectorSupplementalBackendDispatcher):
1755         Convert the supplemental dispatcher's reference to Ref since it is never null.
1756         * inspector/InspectorEnvironment.h:
1757         * inspector/InspectorProtocolTypes.h: Get rid of ArrayItemHelper and
1758         StructItemTraits. Add more versions of addItem to handle pushing various types.
1759         (Inspector::Protocol::Array::openAccessors):
1760         (Inspector::Protocol::Array::addItem):
1761         (Inspector::Protocol::Array::create):
1762         (Inspector::Protocol::StructItemTraits::push):
1763         (Inspector::Protocol::BindingTraits<Protocol::Array<T>>::runtimeCast): Assert argument.
1764         (Inspector::Protocol::StructItemTraits::pushRefPtr): Deleted.
1765         (Inspector::Protocol::ArrayItemHelper<String>::Traits::pushRaw): Deleted.
1766         (Inspector::Protocol::ArrayItemHelper<int>::Traits::pushRaw): Deleted.
1767         (Inspector::Protocol::ArrayItemHelper<double>::Traits::pushRaw): Deleted.
1768         (Inspector::Protocol::ArrayItemHelper<bool>::Traits::pushRaw): Deleted.
1769         (Inspector::Protocol::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr): Deleted.
1770         (Inspector::Protocol::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr): Deleted.
1771         (Inspector::Protocol::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr): Deleted.
1772         (Inspector::Protocol::ArrayItemHelper<Protocol::Array<T>>::Traits::pushRefPtr): Deleted.
1773         * inspector/InspectorValues.cpp: Straighten out getArray and getObject to have
1774         the same call signature as other getters. Use Ref where possible.
1775         (Inspector::InspectorObjectBase::getBoolean):
1776         (Inspector::InspectorObjectBase::getString):
1777         (Inspector::InspectorObjectBase::getObject):
1778         (Inspector::InspectorObjectBase::getArray):
1779         (Inspector::InspectorObjectBase::getValue):
1780         (Inspector::InspectorObjectBase::writeJSON):
1781         (Inspector::InspectorArrayBase::get):
1782         (Inspector::InspectorObject::create):
1783         (Inspector::InspectorArray::create):
1784         (Inspector::InspectorValue::null):
1785         (Inspector::InspectorString::create):
1786         (Inspector::InspectorBasicValue::create):
1787         (Inspector::InspectorObjectBase::get): Deleted.
1788         * inspector/InspectorValues.h:
1789         (Inspector::InspectorObjectBase::setValue):
1790         (Inspector::InspectorObjectBase::setObject):
1791         (Inspector::InspectorObjectBase::setArray):
1792         (Inspector::InspectorArrayBase::pushValue):
1793         (Inspector::InspectorArrayBase::pushObject):
1794         (Inspector::InspectorArrayBase::pushArray):
1795         * inspector/JSGlobalObjectConsoleClient.cpp:
1796         (Inspector::JSGlobalObjectConsoleClient::messageWithTypeAndLevel):
1797         (Inspector::JSGlobalObjectConsoleClient::count):
1798         (Inspector::JSGlobalObjectConsoleClient::timeEnd):
1799         (Inspector::JSGlobalObjectConsoleClient::timeStamp):
1800         * inspector/JSGlobalObjectConsoleClient.h:
1801         * inspector/JSGlobalObjectInspectorController.cpp:
1802         (Inspector::JSGlobalObjectInspectorController::executionStopwatch):
1803         * inspector/JSGlobalObjectInspectorController.h:
1804         * inspector/ScriptCallFrame.cpp:
1805         (Inspector::ScriptCallFrame::buildInspectorObject):
1806         * inspector/ScriptCallFrame.h:
1807         * inspector/ScriptCallStack.cpp:
1808         (Inspector::ScriptCallStack::create):
1809         (Inspector::ScriptCallStack::buildInspectorArray):
1810         * inspector/ScriptCallStack.h:
1811         * inspector/agents/InspectorAgent.cpp:
1812         (Inspector::InspectorAgent::enable):
1813         (Inspector::InspectorAgent::inspect):
1814         (Inspector::InspectorAgent::activateExtraDomain):
1815         * inspector/agents/InspectorAgent.h:
1816         * inspector/agents/InspectorDebuggerAgent.cpp:
1817         (Inspector::InspectorDebuggerAgent::handleConsoleAssert):
1818         (Inspector::buildObjectForBreakpointCookie):
1819         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1820         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1821         (Inspector::InspectorDebuggerAgent::continueToLocation):
1822         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1823         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
1824         (Inspector::InspectorDebuggerAgent::scriptExecutionBlockedByCSP):
1825         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1826         (Inspector::InspectorDebuggerAgent::didParseSource):
1827         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1828         (Inspector::InspectorDebuggerAgent::breakProgram):
1829         * inspector/agents/InspectorDebuggerAgent.h:
1830         * inspector/agents/InspectorRuntimeAgent.cpp:
1831         (Inspector::buildErrorRangeObject):
1832         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1833         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1834         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
1835         * inspector/agents/InspectorRuntimeAgent.h:
1836         * inspector/scripts/codegen/cpp_generator.py:
1837         (CppGenerator.cpp_type_for_unchecked_formal_in_parameter):
1838         (CppGenerator.cpp_type_for_type_with_name):
1839         (CppGenerator.cpp_type_for_formal_async_parameter):
1840         (CppGenerator.should_use_references_for_type):
1841         (CppGenerator):
1842         * inspector/scripts/codegen/cpp_generator_templates.py:
1843         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_header.py:
1844         (CppBackendDispatcherHeaderGenerator.generate_output):
1845         (CppBackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
1846         * inspector/scripts/codegen/generate_cpp_backend_dispatcher_implementation.py:
1847         (CppBackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
1848         (CppBackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1849         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_header.py:
1850         (CppFrontendDispatcherHeaderGenerator.generate_output):
1851         * inspector/scripts/codegen/generate_cpp_frontend_dispatcher_implementation.py:
1852         (CppFrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1853         * inspector/scripts/codegen/generate_cpp_protocol_types_header.py:
1854         (CppProtocolTypesHeaderGenerator.generate_output):
1855         (_generate_class_for_object_declaration):
1856         (_generate_unchecked_setter_for_member):
1857         (_generate_forward_declarations_for_binding_traits):
1858         * inspector/scripts/codegen/generate_objc_backend_dispatcher_implementation.py:
1859         (ObjCConfigurationImplementationGenerator._generate_success_block_for_command):
1860         * inspector/scripts/codegen/generate_objc_frontend_dispatcher_implementation.py:
1861         (ObjCFrontendDispatcherImplementationGenerator._generate_event):
1862         (ObjCFrontendDispatcherImplementationGenerator._generate_event_out_parameters):
1863         * inspector/scripts/codegen/generate_objc_protocol_types_implementation.py:
1864         (ObjCProtocolTypesImplementationGenerator.generate_output):
1865         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1866         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1867         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1868         * inspector/scripts/tests/expected/enum-values.json-result:
1869         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1870         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
1871         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1872         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1873         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1874         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1875         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1876         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1877         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1878         * replay/EncodedValue.cpp:
1879         (JSC::EncodedValue::asObject):
1880         (JSC::EncodedValue::asArray):
1881         (JSC::EncodedValue::put<EncodedValue>):
1882         (JSC::EncodedValue::append<EncodedValue>):
1883         (JSC::EncodedValue::get<EncodedValue>):
1884         * replay/EncodedValue.h:
1885         * replay/scripts/CodeGeneratorReplayInputs.py:
1886         (Type.borrow_type):
1887         (Type.argument_type):
1888         (Generator.generate_member_move_expression):
1889         * runtime/ConsoleClient.cpp:
1890         (JSC::ConsoleClient::printConsoleMessageWithArguments):
1891         (JSC::ConsoleClient::internalMessageWithTypeAndLevel):
1892         (JSC::ConsoleClient::logWithLevel):
1893         (JSC::ConsoleClient::clear):
1894         (JSC::ConsoleClient::dir):
1895         (JSC::ConsoleClient::dirXML):
1896         (JSC::ConsoleClient::table):
1897         (JSC::ConsoleClient::trace):
1898         (JSC::ConsoleClient::assertCondition):
1899         (JSC::ConsoleClient::group):
1900         (JSC::ConsoleClient::groupCollapsed):
1901         (JSC::ConsoleClient::groupEnd):
1902         * runtime/ConsoleClient.h:
1903         * runtime/TypeSet.cpp:
1904         (JSC::TypeSet::allStructureRepresentations):
1905         (JSC::TypeSet::inspectorTypeSet):
1906         (JSC::StructureShape::inspectorRepresentation):
1907         * runtime/TypeSet.h:
1908
1909 2015-01-06  Chris Dumez  <cdumez@apple.com>
1910
1911         Drop ResourceResponseBase::connectionID and connectionReused members
1912         https://bugs.webkit.org/show_bug.cgi?id=140158
1913
1914         Reviewed by Sam Weinig.
1915
1916         Drop ResourceResponseBase::connectionID and connectionReused members.
1917         Those were needed by the Chromium port but are no longer used.
1918
1919         * inspector/protocol/Network.json:
1920
1921 2015-01-06  Mark Lam  <mark.lam@apple.com>
1922
1923         Add the lexicalEnvironment as an operand to op_create_arguments.
1924         <https://webkit.org/b/140148>
1925
1926         Reviewed by Geoffrey Garen.
1927
1928         This patch only adds the operand to the bytecode.  It is not in use yet.
1929
1930         * bytecode/BytecodeList.json:
1931         * bytecode/BytecodeUseDef.h:
1932         (JSC::computeUsesForBytecodeOffset):
1933         * bytecode/CodeBlock.cpp:
1934         (JSC::CodeBlock::dumpBytecode):
1935         * bytecompiler/BytecodeGenerator.cpp:
1936         (JSC::BytecodeGenerator::BytecodeGenerator):
1937         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
1938         - Adds the lexicalEnvironment register (if present) as an operand to
1939           op_create_arguments.  Else, adds a constant empty JSValue.
1940         * llint/LowLevelInterpreter32_64.asm:
1941         * llint/LowLevelInterpreter64.asm:
1942
1943 2015-01-06  Alexey Proskuryakov  <ap@apple.com>
1944
1945         ADDRESS_SANITIZER macro is overloaded
1946         https://bugs.webkit.org/show_bug.cgi?id=140130
1947
1948         Reviewed by Anders Carlsson.
1949
1950         * interpreter/JSStack.cpp: (JSC::JSStack::sanitizeStack): Use the new macro.
1951         This code is nearly unused (only compiled in when JIT is disabled at build time),
1952         however I've been told that it's best to keep it.
1953
1954 2015-01-06  Mark Lam  <mark.lam@apple.com>
1955
1956         Fix Use details for op_create_arguments.
1957         <https://webkit.org/b/140110>
1958
1959         Rubber stamped by Filip Pizlo.
1960
1961         The previous patch was wrong about op_create_arguments not using its 1st operand.
1962         It does read from it (hence, used) to check if the Arguments object has already
1963         been created or not.  This patch reverts the change for op_create_arguments.
1964
1965         * bytecode/BytecodeUseDef.h:
1966         (JSC::computeUsesForBytecodeOffset):
1967
1968 2015-01-06  Mark Lam  <mark.lam@apple.com>
1969
1970         Fix Use details for op_create_lexical_environment and op_create_arguments.
1971         <https://webkit.org/b/140110>
1972
1973         Reviewed by Filip Pizlo.
1974
1975         The current "Use" details for op_create_lexical_environment and
1976         op_create_arguments are wrong.  op_create_argument uses nothing instead of the
1977         1st operand (the output local).  op_create_lexical_environment uses its 2nd
1978         operand (the scope chain) instead of the 1st (the output local).
1979         This patch fixes them to specify the proper uses.
1980
1981         * bytecode/BytecodeUseDef.h:
1982         (JSC::computeUsesForBytecodeOffset):
1983
1984 2015-01-06  Yusuke Suzuki  <utatane.tea@gmail.com>
1985
1986         Implement ES6 String.prototype.repeat(count)
1987         https://bugs.webkit.org/show_bug.cgi?id=140047
1988
1989         Reviewed by Darin Adler.
1990
1991         Introducing ES6 String.prototype.repeat(count) function.
1992
1993         * runtime/JSString.h:
1994         * runtime/StringPrototype.cpp:
1995         (JSC::StringPrototype::finishCreation):
1996         (JSC::repeatSmallString):
1997         (JSC::stringProtoFuncRepeat):
1998
1999 2015-01-03  Michael Saboff  <msaboff@apple.com>
2000
2001         Crash in operationNewFunction when scrolling on Google+
2002         https://bugs.webkit.org/show_bug.cgi?id=140033
2003
2004         Reviewed by Oliver Hunt.
2005
2006         In DFG code, the scope register can be eliminated because all uses have been
2007         dead code eliminated.  In the case where one of the uses was creating a function
2008         that is never used, the baseline code will still create the function.  If we OSR
2009         exit to a path where that function gets created, check the scope register value
2010         and set the new, but dead, function to undefined instead of creating a new function.
2011
2012         * jit/JITOpcodes.cpp:
2013         (JSC::JIT::emit_op_new_func_exp):
2014
2015 2015-01-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2016
2017         String includes methods perform toString on searchString before toInt32 on a offset
2018         https://bugs.webkit.org/show_bug.cgi?id=140031
2019
2020         Reviewed by Darin Adler.
2021
2022         * runtime/StringPrototype.cpp:
2023         (JSC::stringProtoFuncStartsWith):
2024         (JSC::stringProtoFuncEndsWith):
2025         (JSC::stringProtoFuncIncludes):
2026
2027 2015-01-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2028
2029         Change to return std::unique_ptr<> in fooCreate()
2030         https://bugs.webkit.org/show_bug.cgi?id=139983
2031
2032         Reviewed by Darin Adler.
2033
2034         To avoid unnecessary std::unique_ptr<> casting, fooCreate() returns std::unique_ptr<> directly.
2035
2036         * create_regex_tables:
2037         * yarr/YarrPattern.h:
2038         (JSC::Yarr::YarrPattern::reset):
2039         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2040         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2041         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2042         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2043         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2044         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2045         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2046
2047 2015-01-01  Jeff Miller  <jeffm@apple.com>
2048
2049         Update user-visible copyright strings to include 2015
2050         https://bugs.webkit.org/show_bug.cgi?id=139880
2051
2052         Reviewed by Darin Adler.
2053
2054         * Info.plist:
2055
2056 2015-01-01  Darin Adler  <darin@apple.com>
2057
2058         We often misspell identifier as "identifer"
2059         https://bugs.webkit.org/show_bug.cgi?id=140025
2060
2061         Reviewed by Michael Saboff.
2062
2063         * runtime/ArrayConventions.h: Fix it.
2064
2065 2014-12-29  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2066
2067         Move JavaScriptCore/yarr to std::unique_ptr
2068         https://bugs.webkit.org/show_bug.cgi?id=139621
2069
2070         Reviewed by Anders Carlsson.
2071
2072         Final clean up OwnPtr|PassOwnPtr in JavaScriptCore/yarr.
2073
2074         * yarr/YarrInterpreter.cpp:
2075         (JSC::Yarr::ByteCompiler::atomParenthesesSubpatternEnd):
2076         * yarr/YarrInterpreter.h:
2077         (JSC::Yarr::BytecodePattern::BytecodePattern):
2078         * yarr/YarrJIT.cpp:
2079         (JSC::Yarr::YarrGenerator::opCompileParenthesesSubpattern):
2080         (JSC::Yarr::YarrGenerator::opCompileParentheticalAssertion):
2081         (JSC::Yarr::YarrGenerator::opCompileBody):
2082         * yarr/YarrPattern.cpp:
2083         (JSC::Yarr::CharacterClassConstructor::charClass):
2084         (JSC::Yarr::YarrPatternConstructor::YarrPatternConstructor):
2085         (JSC::Yarr::YarrPatternConstructor::reset):
2086         (JSC::Yarr::YarrPatternConstructor::atomPatternCharacter):
2087         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassEnd):
2088         (JSC::Yarr::YarrPatternConstructor::atomParenthesesSubpatternBegin):
2089         (JSC::Yarr::YarrPatternConstructor::atomParentheticalAssertionBegin):
2090         (JSC::Yarr::YarrPatternConstructor::copyDisjunction):
2091         (JSC::Yarr::YarrPatternConstructor::checkForTerminalParentheses):
2092         (JSC::Yarr::YarrPatternConstructor::optimizeDotStarWrappedExpressions):
2093         * yarr/YarrPattern.h:
2094         (JSC::Yarr::PatternDisjunction::addNewAlternative):
2095         (JSC::Yarr::YarrPattern::newlineCharacterClass):
2096         (JSC::Yarr::YarrPattern::digitsCharacterClass):
2097         (JSC::Yarr::YarrPattern::spacesCharacterClass):
2098         (JSC::Yarr::YarrPattern::wordcharCharacterClass):
2099         (JSC::Yarr::YarrPattern::nondigitsCharacterClass):
2100         (JSC::Yarr::YarrPattern::nonspacesCharacterClass):
2101         (JSC::Yarr::YarrPattern::nonwordcharCharacterClass):
2102
2103 2014-12-26  Dan Bernstein  <mitz@apple.com>
2104
2105         <rdar://problem/19348208> REGRESSION (r177027): iOS builds use the wrong toolchain
2106         https://bugs.webkit.org/show_bug.cgi?id=139950
2107
2108         Reviewed by David Kilzer.
2109
2110         * Configurations/Base.xcconfig: Only define TOOLCHAINS when building for OS X, doing so
2111         in a manner that works with Xcode 5.1.1.
2112
2113 2014-12-22  Mark Lam  <mark.lam@apple.com>
2114
2115         Use ctiPatchCallByReturnAddress() in JITOperations.cpp.
2116         <https://webkit.org/b/139892>
2117
2118         Reviewed by Michael Saboff.
2119
2120         The code in JITOperations.cpp sometimes calls RepatchBuffer::relinkCallerToFunction()
2121         directly, and sometimes uses a helper function, ctiPatchCallByReturnAddress().
2122         This patch changes it to use the helper function consistently.
2123
2124         * jit/JITOperations.cpp:
2125
2126 2014-12-22  Mark Lam  <mark.lam@apple.com>
2127
2128         Fix some typos in a comment.
2129         <https://webkit.org/b/139882>
2130
2131         Reviewed by Michael Saboff.
2132
2133         * jit/JITPropertyAccess.cpp:
2134         (JSC::JIT::emit_op_get_by_val):
2135
2136 2014-12-22  Mark Lam  <mark.lam@apple.com>
2137
2138         Assert that Array elements not copied when changing shape to ArrayStorage type are indeed holes.
2139         <https://webkit.org/b/138118>
2140
2141         Reviewed by Michael Saboff.
2142
2143         * runtime/JSObject.cpp:
2144         (JSC::JSObject::convertInt32ToArrayStorage):
2145         (JSC::JSObject::convertDoubleToArrayStorage):
2146         (JSC::JSObject::convertContiguousToArrayStorage):
2147
2148 2014-12-20  Eric Carlson  <eric.carlson@apple.com>
2149
2150         [iOS] add optimized fullscreen API
2151         https://bugs.webkit.org/show_bug.cgi?id=139833
2152         <rdar://problem/18844486>
2153
2154         Reviewed by Simon Fraser.
2155
2156         * Configurations/FeatureDefines.xcconfig: Add ENABLE_VIDEO_PRESENTATION_MODE.
2157
2158 2014-12-20  David Kilzer  <ddkilzer@apple.com>
2159
2160         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2161         <http://webkit.org/b/139463>
2162
2163         Reviewed by Mark Rowe.
2164
2165         * Configurations/JavaScriptCore.xcconfig:
2166         - Simplify SECTORDER_FLAGS.
2167
2168 2014-12-19  Andreas Kling  <akling@apple.com>
2169
2170         Plug leak below LLVMCopyStringRepOfTargetData().
2171         <https://webkit.org/b/139832>
2172
2173         Reviewed by Michael Saboff.
2174
2175         LLVMCopyStringRepOfTargetData() returns a strdup()'ed string, so make sure
2176         to free() it after we're done using it.
2177
2178         * ftl/FTLCompile.cpp:
2179         (JSC::FTL::mmAllocateDataSection):
2180
2181 2014-12-19  Joseph Pecoraro  <pecoraro@apple.com>
2182
2183         Web Inspector: CRASH inspector-protocol/debugger/breakpoint-action-detach.html
2184         https://bugs.webkit.org/show_bug.cgi?id=139797
2185
2186         Reviewed by Mark Lam.
2187
2188         * debugger/Debugger.h:
2189         * debugger/Debugger.cpp:
2190         (JSC::Debugger::isAttached):
2191         Check if we are the debugger for a particular global object.
2192         (JSC::Debugger::pauseIfNeeded):
2193         Pass the global object on when hitting a brekapoint.
2194
2195         * inspector/ScriptDebugServer.h:
2196         * inspector/ScriptDebugServer.cpp:
2197         (Inspector::ScriptDebugServer::handleBreakpointHit):
2198         Stop evaluting breakpoint actions if a previous action caused the
2199         debugger to detach from this global object.
2200         (Inspector::ScriptDebugServer::handlePause):
2201         Standardize on passing JSGlobalObject parameter first.
2202
2203 2014-12-19  Mark Lam  <mark.lam@apple.com>
2204
2205         [Win] Endless compiler warnings created by DFGEdge.h.
2206         <https://webkit.org/b/139801>
2207
2208         Reviewed by Brent Fulgham.
2209
2210         Add a cast to fix the type just the way the 64-bit version does.
2211
2212         * dfg/DFGEdge.h:
2213         (JSC::DFG::Edge::makeWord):
2214
2215 2014-12-19  Commit Queue  <commit-queue@webkit.org>
2216
2217         Unreviewed, rolling out r177574.
2218         https://bugs.webkit.org/show_bug.cgi?id=139821
2219
2220         "Broke Production builds by installing
2221         libWebCoreTestSupport.dylib in the wrong directory" (Requested
2222         by ddkilzer on #webkit).
2223
2224         Reverted changeset:
2225
2226         "Switch from using PLATFORM_NAME to SDK selectors in WebCore,
2227         WebInspectorUI, WebKit, WebKit2"
2228         https://bugs.webkit.org/show_bug.cgi?id=139463
2229         http://trac.webkit.org/changeset/177574
2230
2231 2014-12-19  Michael Saboff  <msaboff@apple.com>
2232
2233         REGRESSION(174226): Captured arguments in a using function compiled by the DFG have the initial value when the closure was invoked
2234         https://bugs.webkit.org/show_bug.cgi?id=139808
2235
2236         Reviewed by Oliver Hunt.
2237
2238         There are three changes here.
2239         1) Create a VariableWatchpointSet for captured arguments variables.
2240         2) Properly use the VariableWatchpointSet* found in op_put_to_scope in the 64 bit LLInt code.
2241         3) Add the same putLocalClosureVar path to the 32 bit LLInt code that exists in the 64 bit version.
2242
2243         * bytecompiler/BytecodeGenerator.cpp:
2244         (JSC::BytecodeGenerator::BytecodeGenerator):
2245         * llint/LowLevelInterpreter32_64.asm:
2246         * llint/LowLevelInterpreter64.asm:
2247
2248 2014-12-19  David Kilzer  <ddkilzer@apple.com>
2249
2250         Switch from using PLATFORM_NAME to SDK selectors in WebCore, WebInspectorUI, WebKit, WebKit2
2251         <http://webkit.org/b/139463>
2252
2253         Reviewed by Mark Rowe.
2254
2255         * Configurations/JavaScriptCore.xcconfig:
2256         - Simplify SECTORDER_FLAGS.
2257
2258 2014-12-18  Brent Fulgham  <bfulgham@apple.com>
2259
2260         Unreviewed build fix.
2261
2262         * jsc.cpp: Remove typo.
2263
2264 2014-12-17  Michael Saboff  <msaboff@apple.com>
2265
2266         Tests with infinite recursion frequently crash
2267         https://bugs.webkit.org/show_bug.cgi?id=139548
2268
2269         Reviewed by Geoffrey Garen.
2270
2271         While unwinding, if the call frame doesn't have a codeblock, then we
2272         are in native code, handle appropriately.
2273
2274         * interpreter/Interpreter.cpp:
2275         (JSC::unwindCallFrame):
2276         (JSC::UnwindFunctor::operator()):
2277         Added checks for null CodeBlock.
2278
2279         (JSC::Interpreter::unwind): Removed wrong ASSERT.
2280
2281 2014-12-17  Chris Dumez  <cdumez@apple.com>
2282
2283         [iOS] Make it possible to toggle FeatureCounter support at runtime
2284         https://bugs.webkit.org/show_bug.cgi?id=139688
2285         <rdar://problem/19266254>
2286
2287         Reviewed by Andreas Kling.
2288
2289         Stop linking against AppSupport framework as the functionality is no
2290         longer in WTF (it was moved to WebCore).
2291
2292         * Configurations/JavaScriptCore.xcconfig:
2293
2294 2014-12-17  Brent Fulgham  <bfulgham@apple.com>
2295
2296         [Win] Correct DebugSuffix builds under MSBuild
2297         https://bugs.webkit.org/show_bug.cgi?id=139733
2298         <rdar://problem/19276880>
2299
2300         Reviewed by Simon Fraser.
2301
2302         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Make sure to use the
2303         '_debug' suffix when building the DebugSuffix target.
2304
2305 2014-12-16  Enrica Casucci  <enrica@apple.com>
2306
2307         Fix iOS builders for 8.0
2308         https://bugs.webkit.org/show_bug.cgi?id=139495
2309
2310         Reviewed by Michael Saboff.
2311
2312         * Configurations/LLVMForJSC.xcconfig:
2313         * llvm/library/LLVMExports.cpp:
2314         (initializeAndGetJSCLLVMAPI):
2315
2316 2014-12-16  Commit Queue  <commit-queue@webkit.org>
2317
2318         Unreviewed, rolling out r177380.
2319         https://bugs.webkit.org/show_bug.cgi?id=139707
2320
2321         "Breaks js/regres/elidable-new-object-* tests" (Requested by
2322         msaboff_ on #webkit).
2323
2324         Reverted changeset:
2325
2326         "Fixes operationPutByIdOptimizes such that they check that the
2327         put didn't"
2328         https://bugs.webkit.org/show_bug.cgi?id=139500
2329         http://trac.webkit.org/changeset/177380
2330
2331 2014-12-16  Matthew Mirman  <mmirman@apple.com>
2332
2333         Fixes operationPutByIdOptimizes such that they check that the put didn't
2334         change the structure of the object who's property access is being
2335         cached.
2336         https://bugs.webkit.org/show_bug.cgi?id=139500
2337
2338         Reviewed by Geoffrey Garen.
2339
2340         * jit/JITOperations.cpp:
2341         (JSC::operationPutByIdStrictOptimize): saved the structure before the put.
2342         (JSC::operationPutByIdNonStrictOptimize): ditto.
2343         (JSC::operationPutByIdDirectStrictOptimize): ditto.
2344         (JSC::operationPutByIdDirectNonStrictOptimize): ditto.
2345         * jit/Repatch.cpp:
2346         (JSC::tryCachePutByID): Added argument for the old structure
2347         (JSC::repatchPutByID): Added argument for the old structure
2348         * jit/Repatch.h:
2349         * tests/stress/put-by-id-build-list-order-recurse.js: 
2350         Added test that fails without this patch.
2351
2352 2014-12-15  Chris Dumez  <cdumez@apple.com>
2353
2354         [iOS] Add feature counting support
2355         https://bugs.webkit.org/show_bug.cgi?id=139652
2356         <rdar://problem/19255690>
2357
2358         Reviewed by Gavin Barraclough.
2359
2360         Link against AppSupport framework on iOS as we need it to implement
2361         the new FeatureCounter API in WTF.
2362
2363         * Configurations/JavaScriptCore.xcconfig:
2364
2365 2014-12-15  Commit Queue  <commit-queue@webkit.org>
2366
2367         Unreviewed, rolling out r177284.
2368         https://bugs.webkit.org/show_bug.cgi?id=139658
2369
2370         "Breaks API tests and LayoutTests on Yosemite Debug"
2371         (Requested by msaboff on #webkit).
2372
2373         Reverted changeset:
2374
2375         "Make sure range based iteration of Vector<> still receives
2376         bounds checking"
2377         https://bugs.webkit.org/show_bug.cgi?id=138821
2378         http://trac.webkit.org/changeset/177284
2379
2380 2014-12-15  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
2381
2382         [EFL] FTL JIT not working on ARM64
2383         https://bugs.webkit.org/show_bug.cgi?id=139295
2384
2385         Reviewed by Michael Saboff.
2386
2387         Added the missing code for stack unwinding and some additional small fixes
2388         to get FTL working correctly.
2389
2390         * ftl/FTLCompile.cpp:
2391         (JSC::FTL::mmAllocateDataSection):
2392         * ftl/FTLUnwindInfo.cpp:
2393         (JSC::FTL::UnwindInfo::parse):
2394
2395 2014-12-15  Oliver Hunt  <oliver@apple.com>
2396
2397         Make sure range based iteration of Vector<> still receives bounds checking
2398         https://bugs.webkit.org/show_bug.cgi?id=138821
2399
2400         Reviewed by Mark Lam.
2401
2402         Update code to deal with slightly changed iterator semantics.
2403
2404         * bytecode/UnlinkedCodeBlock.cpp:
2405         (JSC::UnlinkedCodeBlock::visitChildren):
2406         * bytecompiler/BytecodeGenerator.cpp:
2407         (JSC::BytecodeGenerator::emitComplexPopScopes):
2408         * dfg/DFGSpeculativeJIT.cpp:
2409         (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
2410         * ftl/FTLAbbreviations.h:
2411         (JSC::FTL::mdNode):
2412         (JSC::FTL::buildCall):
2413         * llint/LLIntData.cpp:
2414         (JSC::LLInt::Data::performAssertions):
2415         * parser/Parser.h:
2416         (JSC::Scope::Scope):
2417         * runtime/JSArray.cpp:
2418         (JSC::JSArray::setLengthWithArrayStorage):
2419         (JSC::JSArray::sortCompactedVector):
2420         * tools/ProfileTreeNode.h:
2421         (JSC::ProfileTreeNode::dumpInternal):
2422         * yarr/YarrJIT.cpp:
2423         (JSC::Yarr::YarrGenerator::matchCharacterClass):
2424
2425 2014-12-14  Filip Pizlo  <fpizlo@apple.com>
2426
2427         PutLocalSinkingPhase has an invalid assertion about incoming values, because both liveness and deferral analyses are conservative
2428         https://bugs.webkit.org/show_bug.cgi?id=139630
2429
2430         Reviewed by Oliver Hunt.
2431         
2432         Replaces a faulty assertion with code to handle an awesome special case. Also adds a lot of
2433         comments that reconstruct my reasoning about this code. I had to work hard to remember how
2434         deferral worked so I wrote my discoveries down.
2435
2436         * dfg/DFGInsertionSet.h:
2437         (JSC::DFG::InsertionSet::insertBottomConstantForUse):
2438         * dfg/DFGPutLocalSinkingPhase.cpp:
2439         * tests/stress/put-local-conservative.js: Added.
2440         (foo):
2441         (.result):
2442         (bar):
2443
2444 2014-12-14  Andreas Kling  <akling@apple.com>
2445
2446         Replace PassRef with Ref/Ref&& across the board.
2447         <https://webkit.org/b/139587>
2448
2449         Reviewed by Darin Adler.
2450
2451         * runtime/Identifier.cpp:
2452         (JSC::Identifier::add):
2453         (JSC::Identifier::add8):
2454         * runtime/Identifier.h:
2455         (JSC::Identifier::add):
2456         * runtime/IdentifierInlines.h:
2457         (JSC::Identifier::add):
2458
2459 2014-12-12  Matthew Mirman  <mmirman@apple.com>
2460
2461         shiftCountWithArrayStorage should exit to slow path if the object has a sparse map.
2462         https://bugs.webkit.org/show_bug.cgi?id=139598
2463         <rdar://problem/18779367>
2464
2465         Reviewed by Filip Pizlo.
2466
2467         * runtime/JSArray.cpp:
2468         (JSC::JSArray::shiftCountWithArrayStorage): Added check for object having a sparse map.
2469         * tests/stress/sparse_splice.js: Added.
2470
2471 2014-12-12  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2472
2473         Final clean up OwnPtr in JSC - runtime, ftl, and tool directories
2474         https://bugs.webkit.org/show_bug.cgi?id=139532
2475
2476         Reviewed by Mark Lam.
2477
2478         Final remove OwnPtr, PassOwnPtr in runtime, ftl, and tools directories of JSC.
2479
2480         * builtins/BuiltinExecutables.h:
2481         * bytecode/CodeBlock.h:
2482         * bytecode/UnlinkedCodeBlock.cpp:
2483         (JSC::generateFunctionCodeBlock):
2484         * ftl/FTLAbstractHeap.cpp:
2485         (JSC::FTL::IndexedAbstractHeap::atSlow):
2486         * ftl/FTLAbstractHeap.h:
2487         * ftl/FTLCompile.cpp:
2488         (JSC::FTL::mmAllocateDataSection):
2489         * ftl/FTLJITFinalizer.h:
2490         * jsc.cpp:
2491         (jscmain):
2492         * parser/Lexer.h:
2493         * runtime/PropertyMapHashTable.h:
2494         (JSC::PropertyTable::clearDeletedOffsets):
2495         (JSC::PropertyTable::addDeletedOffset):
2496         * runtime/PropertyTable.cpp:
2497         (JSC::PropertyTable::PropertyTable):
2498         * runtime/RegExpObject.cpp:
2499         * runtime/SmallStrings.cpp:
2500         * runtime/Structure.cpp:
2501         * runtime/StructureIDTable.cpp:
2502         (JSC::StructureIDTable::StructureIDTable):
2503         (JSC::StructureIDTable::resize):
2504         * runtime/StructureIDTable.h:
2505         * runtime/StructureTransitionTable.h:
2506         * runtime/VM.cpp:
2507         (JSC::VM::VM):
2508         (JSC::VM::~VM):
2509         * runtime/VM.h:
2510         * tools/CodeProfile.h:
2511         (JSC::CodeProfile::CodeProfile):
2512         (JSC::CodeProfile::addChild):
2513
2514 2014-12-11  Dan Bernstein  <mitz@apple.com>
2515
2516         iOS Simulator production build fix.
2517
2518         * Configurations/JavaScriptCore.xcconfig: Don’t use an order file when building for the iOS
2519         Simulator, as we did prior to 177027.
2520
2521 2014-12-11  Joseph Pecoraro  <pecoraro@apple.com>
2522
2523         Explicitly export somre more RWIProtocol classes.
2524         rdar://problem/19220408
2525
2526         Unreviewed build fix.
2527
2528         * inspector/scripts/codegen/generate_objc_configuration_header.py:
2529         (ObjCConfigurationHeaderGenerator._generate_configuration_interface_for_domains):
2530         * inspector/scripts/codegen/generate_objc_header.py:
2531         (ObjCHeaderGenerator._generate_event_interfaces):
2532         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2533         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2534         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2535         * inspector/scripts/tests/expected/enum-values.json-result:
2536         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2537         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2538         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2539         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2540         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2541         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2542         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2543         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2544         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2545
2546 2014-12-11  Alexey Proskuryakov  <ap@apple.com>
2547
2548         Explicitly export some RWIProtocol classes
2549         rdar://problem/19220408
2550
2551         * inspector/scripts/codegen/generate_objc_header.py:
2552         (ObjCHeaderGenerator._generate_type_interface):
2553         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2554         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2555         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2556         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
2557         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2558         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2559         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2560
2561 2014-12-11  Mark Lam  <mark.lam@apple.com>
2562
2563         Fix broken build after r177146.
2564         https://bugs.webkit.org/show_bug.cgi?id=139533 
2565
2566         Not reviewed.
2567
2568         * interpreter/CallFrame.h:
2569         (JSC::ExecState::init):
2570         - Restored CallFrame::init() minus the unused JSScope* arg.
2571         * runtime/JSGlobalObject.cpp:
2572         (JSC::JSGlobalObject::init):
2573         - Remove JSScope* arg when calling CallFrame::init().
2574
2575 2014-12-11  Michael Saboff  <msaboff@apple.com>
2576
2577         REGRESSION: Use of undefined CallFrame::ScopeChain value
2578         https://bugs.webkit.org/show_bug.cgi?id=139533
2579
2580         Reviewed by Mark Lam.
2581
2582         Removed CallFrame::scope() and CallFrame::setScope() and eliminated or changed
2583         all usages of these funcitons.  In some cases the scope is passed in or determined
2584         another way.  In some cases the scope is used to calculate other values.  Lastly
2585         were places where these functions where used that are no longer needed.  For
2586         example when making a call, the caller's ScopeChain was copied to the callee's
2587         ScopeChain.  This change no longer uses the ScopeChain call frame header slot.
2588         That slot will be removed in a future patch.
2589
2590         * dfg/DFGByteCodeParser.cpp:
2591         (JSC::DFG::ByteCodeParser::parseBlock):
2592         * dfg/DFGSpeculativeJIT32_64.cpp:
2593         (JSC::DFG::SpeculativeJIT::compile):
2594         * dfg/DFGSpeculativeJIT64.cpp:
2595         (JSC::DFG::SpeculativeJIT::compile):
2596         * dfg/DFGSpeculativeJIT.h:
2597         (JSC::DFG::SpeculativeJIT::callOperation):
2598         * jit/JIT.h:
2599         * jit/JITInlines.h:
2600         (JSC::JIT::callOperation):
2601         * runtime/JSLexicalEnvironment.h:
2602         (JSC::JSLexicalEnvironment::create):
2603         (JSC::JSLexicalEnvironment::JSLexicalEnvironment):
2604         * jit/JITOpcodes.cpp:
2605         (JSC::JIT::emit_op_create_lexical_environment):
2606         * jit/JITOpcodes32_64.cpp:
2607         (JSC::JIT::emit_op_create_lexical_environment):
2608         * jit/JITOperations.cpp:
2609         * jit/JITOperations.h:
2610         * llint/LLIntSlowPaths.cpp:
2611         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2612         (JSC::LLInt::handleHostCall):
2613         (JSC::LLInt::setUpCall):
2614         (JSC::LLInt::llint_throw_stack_overflow_error):
2615         Pass the current scope value to the helper operationCreateActivation() and
2616         the call to JSLexicalEnvironment::create() instead of using the stack frame
2617         scope chain value.
2618
2619         * dfg/DFGFixupPhase.cpp:
2620         (JSC::DFG::FixupPhase::fixupNode):
2621         CreateActivation now has a second child, the scope.
2622
2623         * interpreter/CallFrame.h:
2624         (JSC::ExecState::init): Deleted.  This is dead code.
2625         (JSC::ExecState::scope): Deleted.
2626         (JSC::ExecState::setScope): Deleted.
2627
2628         * interpreter/Interpreter.cpp:
2629         (JSC::Interpreter::dumpRegisters): Changed so we didn't access the scope
2630         chain slot.  
2631         
2632         (JSC::Interpreter::execute):
2633         (JSC::Interpreter::executeCall):
2634         (JSC::Interpreter::executeConstruct):
2635         Changed process to find JSScope values on the stack or by some other means.
2636
2637         * runtime/JSWithScope.h:
2638         (JSC::JSWithScope::JSWithScope): Deleted.
2639         Eliminated unused constructor.
2640
2641         * runtime/StrictEvalActivation.cpp:
2642         (JSC::StrictEvalActivation::StrictEvalActivation):
2643         * runtime/StrictEvalActivation.h:
2644         (JSC::StrictEvalActivation::create):
2645         Changed to pass in the current scope.
2646
2647 2014-12-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2648
2649         Use std::unique_ptr instead of OwnPtr in JSC - heap, jit, runtime, and parser directories
2650         https://bugs.webkit.org/show_bug.cgi?id=139351
2651
2652         Reviewed by Filip Pizlo.
2653
2654         As a step to use std::unique_ptr<>, this cleans up OwnPtr and PassOwnPtr.
2655
2656         * bytecode/SamplingTool.h:
2657         (JSC::SamplingTool::SamplingTool):
2658         * heap/CopiedBlock.h:
2659         (JSC::CopiedBlock::didSurviveGC):
2660         (JSC::CopiedBlock::pin):
2661         * heap/CopiedBlockInlines.h:
2662         (JSC::CopiedBlock::reportLiveBytes):
2663         * heap/GCActivityCallback.h:
2664         * heap/GCThread.cpp:
2665         * heap/Heap.h:
2666         * heap/HeapInlines.h:
2667         (JSC::Heap::markListSet):
2668         * jit/ExecutableAllocator.cpp:
2669         * jit/JIT.cpp:
2670         (JSC::JIT::privateCompile):
2671         * jit/JIT.h:
2672         * jit/JITThunks.cpp:
2673         (JSC::JITThunks::JITThunks):
2674         (JSC::JITThunks::clearHostFunctionStubs):
2675         * jit/JITThunks.h:
2676         * parser/Parser.cpp:
2677         (JSC::Parser<LexerType>::Parser):
2678         * parser/Parser.h:
2679         (JSC::Scope::Scope):
2680         (JSC::Scope::pushLabel):
2681         * parser/ParserArena.cpp:
2682         * parser/ParserArena.h:
2683         (JSC::ParserArena::identifierArena):
2684         * parser/SourceProviderCache.h:
2685         * runtime/CodeCache.h:
2686         * runtime/Executable.h:
2687         * runtime/JSArray.cpp:
2688         (JSC::JSArray::sortVector):
2689         * runtime/JSGlobalObject.h:
2690
2691 2014-12-10  Geoffrey Garen  <ggaren@apple.com>
2692
2693         Please disable the webkitFirstVersionWithInitConstructorSupport check on Apple TV
2694         https://bugs.webkit.org/show_bug.cgi?id=139501
2695
2696         Reviewed by Gavin Barraclough.
2697
2698         NSVersionOfLinkTimeLibrary only works if you link directly against
2699         JavaScriptCore, which is a bit awkward for our Apple TV client to do.
2700
2701         It's easy enough just to disable this check on Apple TV, since it has no
2702         backwards compatibility requirement.
2703
2704         * API/JSWrapperMap.mm:
2705         (supportsInitMethodConstructors):
2706
2707 2014-12-10  Matthew Mirman  <mmirman@apple.com>
2708
2709         Fixes operationPutByIds such that they check that the put didn't
2710         change the structure of the object who's property access is being
2711         cached.
2712         https://bugs.webkit.org/show_bug.cgi?id=139196
2713
2714         Reviewed by Filip Pizlo.
2715
2716         * jit/JITOperations.cpp:
2717         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
2718         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
2719         (JSC::operationPutByIdNonStrictBuildList): ditto.
2720         (JSC::operationPutByIdDirectStrictBuildList): ditto.
2721         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
2722         * jit/Repatch.cpp:
2723         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
2724         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
2725         is the same as the new.
2726         (JSC::buildPutByIdList): Added an argument
2727         * jit/Repatch.h: 
2728         (JSC::buildPutByIdList): Added an argument
2729         * tests/stress/put-by-id-strict-build-list-order.js: Added.
2730
2731 2014-12-10  Csaba Osztrogonác  <ossy@webkit.org>
2732
2733         URTBF after r177030.
2734
2735         Fix linking failure occured on ARM buildbots:
2736         lib/libjavascriptcore_efl.so.1.11.0: undefined reference to `JSC::Structure::get(JSC::VM&, JSC::PropertyName, unsigned int&)'
2737
2738         * runtime/NullGetterFunction.cpp:
2739
2740 2014-12-09  Michael Saboff  <msaboff@apple.com>
2741
2742         DFG Tries using an inner object's getter/setter when one hasn't been defined
2743         https://bugs.webkit.org/show_bug.cgi?id=139229
2744
2745         Reviewed by Filip Pizlo.
2746
2747         Added a new NullGetterFunction singleton class to use for getters and setters that
2748         haven't been set to a user defined value.  The NullGetterFunction callReturnUndefined()
2749         and createReturnUndefined() methods return undefined.  Changed all null checks of the
2750         getter and setter pointers to the newly added isGetterNull() and isSetterNull()
2751         helper methods.  
2752
2753         * CMakeLists.txt:
2754         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2755         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2756         * JavaScriptCore.xcodeproj/project.pbxproj:
2757         Added NullGetterFunction.cpp & .h to build files.
2758
2759         * dfg/DFGAbstractInterpreterInlines.h:
2760         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2761         * runtime/ObjectPrototype.cpp:
2762         (JSC::objectProtoFuncLookupGetter):
2763         (JSC::objectProtoFuncLookupSetter):
2764         * runtime/PropertyDescriptor.cpp:
2765         (JSC::PropertyDescriptor::setDescriptor):
2766         (JSC::PropertyDescriptor::setAccessorDescriptor):
2767         Changed checking getter and setter to null to use new isGetterNull() and isSetterNull()
2768         helpers.
2769
2770         * inspector/JSInjectedScriptHostPrototype.cpp:
2771         (Inspector::JSInjectedScriptHostPrototype::finishCreation):
2772         * inspector/JSJavaScriptCallFramePrototype.cpp:
2773         * jit/JITOperations.cpp:
2774         * llint/LLIntSlowPaths.cpp:
2775         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2776         * runtime/JSObject.cpp:
2777         (JSC::JSObject::putIndexedDescriptor):
2778         (JSC::putDescriptor):
2779         (JSC::JSObject::defineOwnNonIndexProperty):
2780         * runtime/MapPrototype.cpp:
2781         (JSC::MapPrototype::finishCreation):
2782         * runtime/SetPrototype.cpp:
2783         (JSC::SetPrototype::finishCreation):
2784         Updated calls to GetterSetter::create(), setGetter(), setSetter(), withGetter()
2785         and withSetter() to provide a global object.
2786
2787         * runtime/GetterSetter.cpp:
2788         (JSC::GetterSetter::withGetter):
2789         (JSC::GetterSetter::withSetter):
2790         (JSC::callGetter):
2791         (JSC::callSetter):
2792         * runtime/GetterSetter.h:
2793         (JSC::GetterSetter::GetterSetter):
2794         (JSC::GetterSetter::create):
2795         (JSC::GetterSetter::isGetterNull):
2796         (JSC::GetterSetter::isSetterNull):
2797         (JSC::GetterSetter::setGetter):
2798         (JSC::GetterSetter::setSetter):
2799         Changed to use NullGetterFunction for unspecified getters / setters.
2800
2801         * runtime/JSGlobalObject.cpp:
2802         (JSC::JSGlobalObject::init):
2803         (JSC::JSGlobalObject::createThrowTypeError):
2804         (JSC::JSGlobalObject::visitChildren):
2805         * runtime/JSGlobalObject.h:
2806         (JSC::JSGlobalObject::nullGetterFunction):
2807         (JSC::JSGlobalObject::evalFunction):
2808         Added m_nullGetterFunction singleton.  Updated calls to GetterSetter::create(),
2809         setGetter() and setSetter() to provide a global object.
2810
2811         * runtime/NullGetterFunction.cpp: Added.
2812         (JSC::callReturnUndefined):
2813         (JSC::constructReturnUndefined):
2814         (JSC::NullGetterFunction::getCallData):
2815         (JSC::NullGetterFunction::getConstructData):
2816         * runtime/NullGetterFunction.h: Added.
2817         (JSC::NullGetterFunction::create):
2818         (JSC::NullGetterFunction::createStructure):
2819         (JSC::NullGetterFunction::NullGetterFunction):
2820         New singleton class that returns undefined when called.
2821
2822 2014-12-09  Geoffrey Garen  <ggaren@apple.com>
2823
2824         Re-enable function.arguments
2825         https://bugs.webkit.org/show_bug.cgi?id=139452
2826         <rdar://problem/18848149>
2827
2828         Reviewed by Sam Weinig.
2829
2830         Disabling function.arguments broke a few websites, and we don't have
2831         time right now to work through the details.
2832
2833         I'm re-enabling function.arguments but leaving in the infrastructure
2834         to re-disable it, so we can try this experiment again in the future.
2835
2836         * runtime/Options.h:
2837
2838 2014-12-09  David Kilzer  <ddkilzer@apple.com>
2839
2840         Switch from using PLATFORM_NAME to SDK selectors in ANGLE, bmalloc, gtest, JavaScriptCore, WTF
2841         <http://webkit.org/b/139212>
2842
2843         Reviewed by Joseph Pecoraro.
2844
2845         * Configurations/Base.xcconfig:
2846         - Only set GCC_ENABLE_OBJC_GC, GCC_MODEL_TUNING and TOOLCHAINS
2847           on OS X.
2848         - Only set LLVM_LOCAL_HEADER_PATH and LLVM_SYSTEM_HEADER_PATH on
2849           OS X.
2850         - Set JAVASCRIPTCORE_CONTENTS_DIR and
2851           JAVASCRIPTCORE_FRAMEWORKS_DIR separately for iOS and OS X.
2852
2853         * Configurations/DebugRelease.xcconfig:
2854         - Only set MACOSX_DEPLOYMENT_TARGET and SDKROOT on OS X.
2855
2856         * Configurations/JSC.xcconfig:
2857         - Only set CODE_SIGN_ENTITLEMENTS for iOS hardware builds.
2858
2859         * Configurations/JavaScriptCore.xcconfig:
2860         - Set OTHER_LDFLAGS separately for iOS and OS X.
2861         - Set SECTORDER_FLAGS separately for iOS and OS X, but only for
2862           Production builds.
2863         - Only set EXCLUDED_SOURCE_FILE_NAMES for iOS.
2864
2865         * Configurations/LLVMForJSC.xcconfig:
2866         - Rename LLVM_LIBS_iphoneos to LLVM_LIBS_ios.
2867         - Set LLVM_LIBRARY_PATHS and OTHER_LDFLAGS_LLVM_ENABLE_FTL_JIT
2868           separately for iOS hardware and OS X.
2869         - Fix curly braces in LIBRARY_SEARCH_PATHS.
2870         - Merge OTHER_LDFLAGS_BASE into OTHER_LDFLAGS. (Could have been
2871           done before this patch.)
2872
2873         * Configurations/ToolExecutable.xcconfig:
2874         - Only set CODE_SIGN_ENTITLEMENTS for iOS, per target.
2875         - Only set CLANG_ENABLE_OBJC_ARC for i386 on the iOS Simulator.
2876         - Add missing newline.
2877
2878         * Configurations/Version.xcconfig:
2879         - Set SYSTEM_VERSION_PREFIX separately for iOS and OS X.
2880
2881 2014-12-08  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
2882
2883         Fix EFL build fix since r177001
2884         https://bugs.webkit.org/show_bug.cgi?id=139428
2885
2886         Unreviewed, EFL build fix.
2887
2888         Do not inherit duplicated class. ExpressionNode is already
2889         child of ParserArenaFreeable class.
2890
2891         * parser/Nodes.h:
2892
2893 2014-12-08  Shivakumar JM  <shiva.jm@samsung.com>
2894
2895         Fix Build Warning in JavaScriptCore ControlFlowProfiler::dumpData() api.
2896         https://bugs.webkit.org/show_bug.cgi?id=139384
2897
2898         Reviewed by Mark Lam.
2899
2900         Fix Build Warning by using dataLog() function instead of dataLogF() function.
2901
2902         * runtime/ControlFlowProfiler.cpp:
2903         (JSC::ControlFlowProfiler::dumpData):
2904
2905 2014-12-08  Saam Barati  <saambarati1@gmail.com>
2906
2907         Web Inspector: Enable runtime API for JSC's control flow profiler
2908         https://bugs.webkit.org/show_bug.cgi?id=139346
2909
2910         Reviewed by Joseph Pecoraro.
2911
2912         This patch creates an API that the Web Inspector can use
2913         to get information about which basic blocks have exectued
2914         from JSC's control flow profiler.
2915
2916         * inspector/agents/InspectorRuntimeAgent.cpp:
2917         (Inspector::InspectorRuntimeAgent::getBasicBlocks):
2918         * inspector/agents/InspectorRuntimeAgent.h:
2919         * inspector/protocol/Runtime.json:
2920
2921 2014-12-08  Geoffrey Garen  <ggaren@apple.com>
2922
2923         Removed some allocation and cruft from the parser
2924         https://bugs.webkit.org/show_bug.cgi?id=139416
2925
2926         Reviewed by Mark Lam.
2927
2928         Now, the only AST nodes that require a destructor are the ones that
2929         relate to pickling a function's arguments -- which will required some
2930         deeper thinking to resolve.
2931
2932         This is a < 1% parser speedup.
2933
2934         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2935         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2936         * JavaScriptCore.xcodeproj/project.pbxproj: Removed NodeInfo because it
2937         was unused.
2938
2939         * bytecompiler/NodesCodegen.cpp:
2940         (JSC::CommaNode::emitBytecode):
2941         (JSC::SourceElements::lastStatement):
2942         (JSC::SourceElements::emitBytecode): Updated for interface change to linked list.
2943
2944         * parser/ASTBuilder.h:
2945         (JSC::ASTBuilder::ASTBuilder):
2946         (JSC::ASTBuilder::varDeclarations):
2947         (JSC::ASTBuilder::funcDeclarations):
2948         (JSC::ASTBuilder::createFuncDeclStatement):
2949         (JSC::ASTBuilder::addVar): Removed the ParserArenaData abstraction because
2950         it wasn't buying us anything. We can just use Vector directly.
2951
2952         (JSC::ASTBuilder::createCommaExpr):
2953         (JSC::ASTBuilder::appendToCommaExpr): Changed to use a linked list instead
2954         of a vector, to avoid allocating a vector with inline capacity in the
2955         common case in which an expression is not followed by a vector.
2956
2957         (JSC::ASTBuilder::Scope::Scope): Use Vector directly to avoid new'ing
2958         up a Vector*.
2959
2960         (JSC::ASTBuilder::appendToComma): Deleted.
2961         (JSC::ASTBuilder::combineCommaNodes): Deleted.
2962
2963         * parser/Lexer.cpp:
2964
2965         * parser/NodeConstructors.h:
2966         (JSC::StatementNode::StatementNode):
2967         (JSC::CommaNode::CommaNode):
2968         (JSC::SourceElements::SourceElements): Updated for interface change to linked list.
2969
2970         * parser/NodeInfo.h: Removed.
2971
2972         * parser/Nodes.cpp:
2973         (JSC::SourceElements::append):
2974         (JSC::SourceElements::singleStatement): Use a linked list instead of a
2975         vector to track the statements in a list. This removes some allocation
2976         and it means that we don't need a destructor anymore.
2977
2978         (JSC::ScopeNode::ScopeNode):
2979         (JSC::ProgramNode::ProgramNode):
2980         (JSC::EvalNode::EvalNode):
2981         (JSC::FunctionNode::FunctionNode): Updated for interface change to reference,
2982         since these values are never null.
2983
2984         * parser/Nodes.h:
2985         (JSC::StatementNode::next):
2986         (JSC::StatementNode::setNext):
2987         (JSC::CommaNode::append): Deleted. Updated for interface change to linked list.
2988
2989         * parser/Parser.cpp:
2990         (JSC::Parser<LexerType>::didFinishParsing): Updated for interface change to reference.
2991
2992         (JSC::Parser<LexerType>::parseVarDeclarationList):
2993         (JSC::Parser<LexerType>::parseExpression): Track comma expressions as
2994         an explicit list of CommaNodes, removing a use of vector and a destructor.
2995
2996         * parser/Parser.h:
2997         (JSC::Parser<LexerType>::parse):
2998         * parser/SyntaxChecker.h:
2999         (JSC::SyntaxChecker::createCommaExpr):
3000         (JSC::SyntaxChecker::appendToCommaExpr):
3001         (JSC::SyntaxChecker::appendToComma): Deleted. Updated for interface changes.
3002
3003 2014-12-08  Commit Queue  <commit-queue@webkit.org>
3004
3005         Unreviewed, rolling out r176979.
3006         https://bugs.webkit.org/show_bug.cgi?id=139424
3007
3008         "New JSC test in this patch is failing" (Requested by mlam on
3009         #webkit).
3010
3011         Reverted changeset:
3012
3013         "Fixes operationPutByIds such that they check that the put
3014         didn't"
3015         https://bugs.webkit.org/show_bug.cgi?id=139196
3016         http://trac.webkit.org/changeset/176979
3017
3018 2014-12-08  Matthew Mirman  <mmirman@apple.com>
3019
3020         Fixes operationPutByIds such that they check that the put didn't
3021         change the structure of the object who's property access is being
3022         cached.
3023         https://bugs.webkit.org/show_bug.cgi?id=139196
3024
3025         Reviewed by Filip Pizlo.
3026
3027         * jit/JITOperations.cpp:
3028         (JSC::operationGetByIdOptimize): changed get to getPropertySlot
3029         (JSC::operationPutByIdStrictBuildList): saved the structure before the put.
3030         (JSC::operationPutByIdNonStrictBuildList): ditto.
3031         (JSC::operationPutByIdDirectStrictBuildList): ditto.
3032         (JSC::operationPutByIdDirectNonStrictBuildList): ditto.
3033         * jit/Repatch.cpp:
3034         (JSC::tryCachePutByID): fixed structure() to use the existant vm. 
3035         (JSC::tryBuildPutByIdList): Added a check that the old structure's id 
3036         is the same as the new.
3037         (JSC::buildPutByIdList): Added an argument
3038         * jit/Repatch.h: 
3039         (JSC::buildPutByIdList): Added an argument
3040         * tests/stress/put-by-id-build-list-order-recurse.js: Test that failed before the change
3041         * tests/stress/put-by-id-strict-build-list-order.js: Added.
3042
3043  
3044 2014-12-08  Anders Carlsson  <andersca@apple.com>
3045
3046         Change WTF::currentCPUTime to return std::chrono::microseconds and get rid of currentCPUTimeMS
3047         https://bugs.webkit.org/show_bug.cgi?id=139410
3048
3049         Reviewed by Andreas Kling.
3050
3051         * API/JSContextRef.cpp:
3052         (JSContextGroupSetExecutionTimeLimit):
3053         (JSContextGroupClearExecutionTimeLimit):
3054         * runtime/Watchdog.cpp:
3055         (JSC::Watchdog::setTimeLimit):
3056         (JSC::Watchdog::didFire):
3057         (JSC::Watchdog::startCountdownIfNeeded):
3058         (JSC::Watchdog::startCountdown):
3059         * runtime/Watchdog.h:
3060         * runtime/WatchdogMac.cpp:
3061         (JSC::Watchdog::startTimer):
3062
3063 2014-12-08  Mark Lam  <mark.lam@apple.com>
3064
3065         CFA wrongly assumes that a speculation for SlowPutArrayStorageShape disallows ArrayStorageShape arrays.
3066         <https://webkit.org/b/139327>
3067
3068         Reviewed by Michael Saboff.
3069
3070         The code generator and runtime slow paths expects otherwise.  This patch fixes
3071         CFA to match the code generator's expectation.
3072
3073         * dfg/DFGArrayMode.h:
3074         (JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
3075         (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes):
3076
3077 2014-12-08  Chris Dumez  <cdumez@apple.com>
3078
3079         Revert r176293 & r176275
3080
3081         Unreviewed, revert r176293 & r176275 changing the Vector API to use unsigned type
3082         instead of size_t. There is some disagreement regarding the long-term direction
3083         of the API and we shouldn’t leave the API partly transitioned to unsigned type
3084         while making a decision.
3085
3086         * bytecode/PreciseJumpTargets.cpp:
3087         * replay/EncodedValue.h:
3088
3089 2014-12-07  Csaba Osztrogonác  <ossy@webkit.org>
3090
3091         Remove the unused WTF_USE_GCC_COMPUTED_GOTO_WORKAROUND after r129453.
3092         https://bugs.webkit.org/show_bug.cgi?id=139373
3093
3094         Reviewed by Sam Weinig.
3095
3096         * interpreter/Interpreter.cpp:
3097
3098 2014-12-06  Anders Carlsson  <andersca@apple.com>
3099
3100         Fix build with newer versions of clang.
3101         rdar://problem/18978716
3102
3103         * ftl/FTLJITCode.h:
3104         Add missing overrides.
3105
3106 2014-12-05  Roger Fong  <roger_fong@apple.com>
3107
3108         [Win] proj files copying over too many resources..
3109         https://bugs.webkit.org/show_bug.cgi?id=139315.
3110         <rdar://problem/19148278>
3111
3112         Reviewed by Brent Fulgham.
3113
3114         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Only copy resource folders and JavaScriptCore.dll.
3115
3116 2014-12-05  Juergen Ributzka  <juergen@apple.com>
3117
3118         [JSC][FTL] Add the data layout to the module and fix the pass order.
3119         https://bugs.webkit.org/show_bug.cgi?id=138748
3120
3121         Reviewed by Oliver Hunt.
3122
3123         This adds the data layout to the module, so it can be used by all
3124         optimization passes in the LLVM optimizer pipeline. This also allows
3125         FastISel to select more instructions, because less non-legal types are
3126         generated.
3127         
3128         Also fix the order of the alias analysis passes in the optimization
3129         pipeline.
3130
3131         * ftl/FTLCompile.cpp:
3132         (JSC::FTL::mmAllocateDataSection):
3133
3134 2014-12-05  Geoffrey Garen  <ggaren@apple.com>
3135
3136         Removed an unused function.
3137
3138         Reviewed by Michael Saboff.
3139
3140         Broken out from https://bugs.webkit.org/show_bug.cgi?id=139305.
3141
3142         * parser/ParserArena.h:
3143
3144 2014-12-05  David Kilzer  <ddkilzer@apple.com>
3145
3146         FeatureDefines.xcconfig: Workaround bug in Xcode 5.1.1 when defining ENABLE_WEB_REPLAY
3147         <http://webkit.org/b/139286>
3148
3149         Reviewed by Daniel Bates.
3150
3151         * Configurations/FeatureDefines.xcconfig: Switch back to using
3152         PLATFORM_NAME to workaround a bug in Xcode 5.1.1 on 10.8.
3153
3154 2014-12-04  Mark Rowe  <mrowe@apple.com>
3155
3156         Build fix after r176836.
3157
3158         Reviewed by Mark Lam.
3159
3160         * runtime/VM.h:
3161         (JSC::VM::controlFlowProfiler): Don't try to export an inline function.
3162         Doing so results in a weak external symbol being generated.
3163
3164 2014-12-04  Saam Barati  <saambarati1@gmail.com>
3165
3166         JavaScript Control Flow Profiler
3167         https://bugs.webkit.org/show_bug.cgi?id=137785
3168
3169         Reviewed by Filip Pizlo.
3170
3171         This patch introduces a mechanism for JavaScriptCore to profile
3172         which basic blocks have executed. This mechanism will then be
3173         used by the Web Inspector to indicate which basic blocks
3174         have and have not executed.
3175         
3176         The profiling works by compiling in an op_profile_control_flow
3177         at the start of every basic block. Then, whenever this op code 
3178         executes, we know that a particular basic block has executed.
3179         
3180         When we tier up a CodeBlock that contains an op_profile_control_flow
3181         that corresponds to an already executed basic block, we don't
3182         have to emit code for that particular op_profile_control_flow
3183         because the internal data structures used to keep track of 
3184         basic block locations has already recorded that the corresponding
3185         op_profile_control_flow has executed.
3186
3187         * CMakeLists.txt:
3188         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3189         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3190         * JavaScriptCore.xcodeproj/project.pbxproj:
3191         * bytecode/BytecodeList.json:
3192         * bytecode/BytecodeUseDef.h:
3193         (JSC::computeUsesForBytecodeOffset):
3194         (JSC::computeDefsForBytecodeOffset):
3195         * bytecode/CodeBlock.cpp:
3196         (JSC::CodeBlock::dumpBytecode):
3197         (JSC::CodeBlock::CodeBlock):
3198         * bytecode/Instruction.h:
3199         * bytecode/UnlinkedCodeBlock.cpp:
3200         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
3201         * bytecode/UnlinkedCodeBlock.h:
3202         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset):
3203         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets):
3204         * bytecompiler/BytecodeGenerator.cpp:
3205         (JSC::BytecodeGenerator::emitProfileControlFlow):
3206         * bytecompiler/BytecodeGenerator.h:
3207         * bytecompiler/NodesCodegen.cpp:
3208         (JSC::ConditionalNode::emitBytecode):
3209         (JSC::IfElseNode::emitBytecode):
3210         (JSC::WhileNode::emitBytecode):
3211         (JSC::ForNode::emitBytecode):
3212         (JSC::ContinueNode::emitBytecode):
3213         (JSC::BreakNode::emitBytecode):
3214         (JSC::ReturnNode::emitBytecode):
3215         (JSC::CaseClauseNode::emitBytecode):
3216         (JSC::SwitchNode::emitBytecode):
3217         (JSC::ThrowNode::emitBytecode):
3218         (JSC::TryNode::emitBytecode):
3219         (JSC::ProgramNode::emitBytecode):
3220         (JSC::FunctionNode::emitBytecode):
3221         * dfg/DFGAbstractInterpreterInlines.h:
3222         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
3223         * dfg/DFGByteCodeParser.cpp:
3224         (JSC::DFG::ByteCodeParser::parseBlock):
3225         * dfg/DFGCapabilities.cpp:
3226         (JSC::DFG::capabilityLevel):
3227         * dfg/DFGClobberize.h:
3228         (JSC::DFG::clobberize):
3229         * dfg/DFGDoesGC.cpp:
3230         (JSC::DFG::doesGC):
3231         * dfg/DFGFixupPhase.cpp:
3232         (JSC::DFG::FixupPhase::fixupNode):
3233         * dfg/DFGNode.h:
3234         (JSC::DFG::Node::basicBlockLocation):
3235         * dfg/DFGNodeType.h:
3236         * dfg/DFGPredictionPropagationPhase.cpp:
3237         (JSC::DFG::PredictionPropagationPhase::propagate):
3238         * dfg/DFGSafeToExecute.h:
3239         (JSC::DFG::safeToExecute):
3240         * dfg/DFGSpeculativeJIT32_64.cpp:
3241         (JSC::DFG::SpeculativeJIT::compile):
3242         * dfg/DFGSpeculativeJIT64.cpp:
3243         (JSC::DFG::SpeculativeJIT::compile):
3244         * inspector/agents/InspectorRuntimeAgent.cpp:
3245         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3246         * jit/JIT.cpp:
3247         (JSC::JIT::privateCompileMainPass):
3248         * jit/JIT.h:
3249         * jit/JITOpcodes.cpp:
3250         (JSC::JIT::emit_op_profile_control_flow):
3251         * jit/JITOpcodes32_64.cpp:
3252         (JSC::JIT::emit_op_profile_control_flow):
3253         * jsc.cpp:
3254         (GlobalObject::finishCreation):
3255         (functionFindTypeForExpression):
3256         (functionReturnTypeFor):
3257         (functionDumpBasicBlockExecutionRanges):
3258         * llint/LowLevelInterpreter.asm:
3259         * parser/ASTBuilder.h:
3260         (JSC::ASTBuilder::createFunctionExpr):
3261         (JSC::ASTBuilder::createGetterOrSetterProperty):
3262         (JSC::ASTBuilder::createFuncDeclStatement):
3263         (JSC::ASTBuilder::endOffset):
3264         (JSC::ASTBuilder::setStartOffset):
3265         * parser/NodeConstructors.h:
3266         (JSC::Node::Node):
3267         * parser/Nodes.h:
3268         (JSC::CaseClauseNode::setStartOffset):
3269         * parser/Parser.cpp:
3270         (JSC::Parser<LexerType>::parseSwitchClauses):
3271         (JSC::Parser<LexerType>::parseSwitchDefaultClause):
3272         (JSC::Parser<LexerType>::parseBlockStatement):
3273         (JSC::Parser<LexerType>::parseStatement):
3274         (JSC::Parser<LexerType>::parseFunctionDeclaration):
3275         (JSC::Parser<LexerType>::parseIfStatement):
3276         (JSC::Parser<LexerType>::parseExpression):
3277         (JSC::Parser<LexerType>::parseConditionalExpression):
3278         (JSC::Parser<LexerType>::parseProperty):
3279         (JSC::Parser<LexerType>::parseMemberExpression):
3280         * parser/SyntaxChecker.h:
3281         (JSC::SyntaxChecker::createFunctionExpr):
3282         (JSC::SyntaxChecker::createFuncDeclStatement):
3283         (JSC::SyntaxChecker::createGetterOrSetterProperty):
3284         (JSC::SyntaxChecker::operatorStackPop):
3285         * runtime/BasicBlockLocation.cpp: Added.
3286         (JSC::BasicBlockLocation::BasicBlockLocation):
3287         (JSC::BasicBlockLocation::insertGap):
3288         (JSC::BasicBlockLocation::getExecutedRanges):
3289         (JSC::BasicBlockLocation::dumpData):
3290         (JSC::BasicBlockLocation::emitExecuteCode):
3291         * runtime/BasicBlockLocation.h: Added.
3292         (JSC::BasicBlockLocation::startOffset):
3293         (JSC::BasicBlockLocation::endOffset):
3294         (JSC::BasicBlockLocation::setStartOffset):
3295         (JSC::BasicBlockLocation::setEndOffset):
3296         (JSC::BasicBlockLocation::hasExecuted):
3297         * runtime/CodeCache.cpp:
3298         (JSC::CodeCache::getGlobalCodeBlock):
3299         * runtime/ControlFlowProfiler.cpp: Added.
3300         (JSC::ControlFlowProfiler::~ControlFlowProfiler):
3301         (JSC::ControlFlowProfiler::getBasicBlockLocation):
3302         (JSC::ControlFlowProfiler::dumpData):
3303         (JSC::ControlFlowProfiler::getBasicBlocksForSourceID):
3304         * runtime/ControlFlowProfiler.h: Added. This class is in 
3305         charge of generating BasicBlockLocations and also
3306         providing an interface that the Web Inspector can use to ping
3307         which basic blocks have executed based on the source id of a script.
3308
3309         (JSC::BasicBlockKey::BasicBlockKey):
3310         (JSC::BasicBlockKey::isHashTableDeletedValue):
3311         (JSC::BasicBlockKey::operator==):
3312         (JSC::BasicBlockKey::hash):
3313         (JSC::BasicBlockKeyHash::hash):
3314         (JSC::BasicBlockKeyHash::equal):
3315         * runtime/Executable.cpp:
3316         (JSC::ProgramExecutable::ProgramExecutable):
3317         (JSC::ProgramExecutable::initializeGlobalProperties):
3318         * runtime/FunctionHasExecutedCache.cpp:
3319         (JSC::FunctionHasExecutedCache::getUnexecutedFunctionRanges):
3320         * runtime/FunctionHasExecutedCache.h:
3321         * runtime/Options.h:
3322         * runtime/TypeProfiler.cpp:
3323         (JSC::TypeProfiler::logTypesForTypeLocation):
3324         (JSC::TypeProfiler::typeInformationForExpressionAtOffset):
3325         (JSC::TypeProfiler::findLocation):
3326         (JSC::TypeProfiler::dumpTypeProfilerData):
3327         * runtime/TypeProfiler.h:
3328         (JSC::TypeProfiler::functionHasExecutedCache): Deleted.
3329         * runtime/VM.cpp:
3330         (JSC::VM::VM):
3331         (JSC::enableProfilerWithRespectToCount):
3332         (JSC::disableProfilerWithRespectToCount):
3333         (JSC::VM::enableTypeProfiler):
3334         (JSC::VM::disableTypeProfiler):
3335         (JSC::VM::enableControlFlowProfiler):
3336         (JSC::VM::disableControlFlowProfiler):
3337         (JSC::VM::dumpTypeProfilerData):
3338         * runtime/VM.h:
3339         (JSC::VM::functionHasExecutedCache):
3340         (JSC::VM::controlFlowProfiler):
3341
3342 2014-12-04  Filip Pizlo  <fpizlo@apple.com>
3343
3344         printInternal(PrintStream& out, JSC::JITCode::JITType type) ends up dumping a literal %s
3345         https://bugs.webkit.org/show_bug.cgi?id=139274
3346
3347         Reviewed by Geoffrey Garen.
3348
3349         * jit/JITCode.cpp:
3350         (WTF::printInternal):
3351
3352 2014-12-04  Geoffrey Garen  <ggaren@apple.com>
3353
3354         Removed the concept of ParserArenaRefCounted
3355         https://bugs.webkit.org/show_bug.cgi?id=139277
3356
3357         Reviewed by Oliver Hunt.
3358
3359         This is a step toward a parser speedup.
3360
3361         Now that we have a clear root node type for each parse tree, there's no
3362         need to have a concept for "I might be refcounted or arena allocated".
3363         Instead, we can just use unique_ptr to manage the tree as a whole.
3364
3365         * API/JSScriptRef.cpp:
3366         (parseScript):
3367         * builtins/BuiltinExecutables.cpp:
3368         (JSC::BuiltinExecutables::createBuiltinExecutable): Updated for type change.
3369
3370         * bytecode/UnlinkedCodeBlock.cpp:
3371         (JSC::generateFunctionCodeBlock): Use unique_ptr. No need to call
3372         destroyData() explicitly: the unique_ptr destructor will do everything
3373         we need, as Bjarne intended.
3374
3375         * parser/NodeConstructors.h:
3376         (JSC::ParserArenaRoot::ParserArenaRoot):
3377         (JSC::ParserArenaRefCounted::ParserArenaRefCounted): Deleted.
3378
3379         * parser/Nodes.cpp:
3380         (JSC::ScopeNode::ScopeNode):
3381         (JSC::ProgramNode::ProgramNode):
3382         (JSC::EvalNode::EvalNode):
3383         (JSC::FunctionNode::FunctionNode):
3384         (JSC::ProgramNode::create): Deleted.
3385         (JSC::EvalNode::create): Deleted.
3386