cdc3b8120d4ef1bab51ffb0787f909f6baa06b06
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
2
3         [ES6] Implement Reflect.has
4         https://bugs.webkit.org/show_bug.cgi?id=147875
5
6         Reviewed by Sam Weinig.
7
8         This patch implements Reflect.has[1].
9         Since the semantics is the same to the `in` operator in the JS[2],
10         we can implement it in builtin JS code.
11
12         [1]: http://www.ecma-international.org/ecma-262/6.0/#sec-reflect.has
13         [2]: http://www.ecma-international.org/ecma-262/6.0/#sec-relational-operators-runtime-semantics-evaluation
14
15         * builtins/ReflectObject.js:
16         (has):
17         * runtime/ReflectObject.cpp:
18         * tests/stress/reflect-has.js: Added.
19         (shouldBe):
20         (shouldThrow):
21
22 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
23
24         [ES6] Implement Reflect.getPrototypeOf and Reflect.setPrototypeOf
25         https://bugs.webkit.org/show_bug.cgi?id=147874
26
27         Reviewed by Darin Adler.
28
29         This patch implements ES6 Reflect.{getPrototypeOf, setPrototypeOf}.
30         The difference from the Object.* one is
31
32         1. They dont not perform ToObject onto the non-object arguments. They make it as a TypeError.
33         2. Reflect.setPrototyeOf returns false when the operation is failed. In Object.setPrototypeOf, it raises a TypeError.
34
35         * runtime/ObjectConstructor.cpp:
36         (JSC::ObjectConstructorGetPrototypeOfFunctor::ObjectConstructorGetPrototypeOfFunctor):
37         (JSC::ObjectConstructorGetPrototypeOfFunctor::result):
38         (JSC::ObjectConstructorGetPrototypeOfFunctor::operator()):
39         (JSC::objectConstructorGetPrototypeOf):
40         * runtime/ObjectConstructor.h:
41         * runtime/ReflectObject.cpp:
42         (JSC::reflectObjectGetPrototypeOf):
43         (JSC::reflectObjectSetPrototypeOf):
44         * tests/stress/reflect-get-prototype-of.js: Added.
45         (shouldBe):
46         (shouldThrow):
47         (Base):
48         (Derived):
49         * tests/stress/reflect-set-prototype-of.js: Added.
50         (shouldBe):
51         (shouldThrow):
52
53 2015-08-11  Ting-Wei Lan  <lantw44@gmail.com>
54
55         Fix debug build when optimization is enabled
56         https://bugs.webkit.org/show_bug.cgi?id=147816
57
58         Reviewed by Alexey Proskuryakov.
59
60         * llint/LLIntEntrypoint.cpp:
61         * runtime/FunctionExecutableDump.cpp:
62
63 2015-08-11  Yusuke Suzuki  <utatane.tea@gmail.com>
64
65         Ensure that Reflect.enumerate does not produce the deleted keys
66         https://bugs.webkit.org/show_bug.cgi?id=147677
67
68         Reviewed by Darin Adler.
69
70         Add tests for Reflect.enumerate that delete the property keys during the enumeration.
71
72         * tests/stress/reflect-enumerate.js:
73
74 2015-08-10  Geoffrey Garen  <ggaren@apple.com>
75
76         Start beating UnlinkedCodeBlock.h/.cpp with the "One Class per File" stick
77         https://bugs.webkit.org/show_bug.cgi?id=147856
78
79         Reviewed by Saam Barati.
80
81         Split out UnlinkedFunctionExecutable.h/.cpp and ExecutableInfo.h into separate files.
82
83         * CMakeLists.txt:
84         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
85         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
86         * JavaScriptCore.xcodeproj/project.pbxproj:
87         * bytecode/ExecutableInfo.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
88         (JSC::ExecutableInfo::ExecutableInfo):
89         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
90         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
91         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
92         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
93         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
94         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
95         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
96         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
97         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
98         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
99         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
100         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
101         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
102         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
103         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
104         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
105         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
106         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
107         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
108         (JSC::UnlinkedCodeBlock::regexp): Deleted.
109         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
110         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
111         (JSC::UnlinkedCodeBlock::identifier): Deleted.
112         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
113         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
114         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
115         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
116         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
117         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
118         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
119         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
120         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
121         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
122         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
123         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
124         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
125         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
126         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
127         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
128         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
129         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
130         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
131         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
132         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
133         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
134         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
135         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
136         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
137         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
138         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
139         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
140         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
141         (JSC::UnlinkedCodeBlock::vm): Deleted.
142         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
143         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
144         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
145         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
146         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
147         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
148         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
149         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
150         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
151         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
152         (JSC::UnlinkedCodeBlock::codeType): Deleted.
153         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
154         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
155         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
156         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
157         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
158         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
159         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
160         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
161         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
162         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
163         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
164         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
165         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
166         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
167         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
168         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
169         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
170         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
171         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
172         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
173         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
174         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
175         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
176         * bytecode/UnlinkedCodeBlock.cpp:
177         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
178         (JSC::generateFunctionCodeBlock): Deleted.
179         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable): Deleted.
180         (JSC::UnlinkedFunctionExecutable::visitChildren): Deleted.
181         (JSC::UnlinkedFunctionExecutable::link): Deleted.
182         (JSC::UnlinkedFunctionExecutable::fromGlobalCode): Deleted.
183         (JSC::UnlinkedFunctionExecutable::codeBlockFor): Deleted.
184         * bytecode/UnlinkedCodeBlock.h:
185         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
186         (JSC::ExecutableInfo::needsActivation): Deleted.
187         (JSC::ExecutableInfo::usesEval): Deleted.
188         (JSC::ExecutableInfo::isStrictMode): Deleted.
189         (JSC::ExecutableInfo::isConstructor): Deleted.
190         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
191         (JSC::ExecutableInfo::constructorKind): Deleted.
192         * bytecode/UnlinkedFunctionExecutable.cpp: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp.
193         (JSC::generateFunctionCodeBlock):
194         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
195         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock): Deleted.
196         (JSC::UnlinkedCodeBlock::visitChildren): Deleted.
197         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset): Deleted.
198         (JSC::UnlinkedCodeBlock::getLineAndColumn): Deleted.
199         (JSC::dumpLineColumnEntry): Deleted.
200         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo): Deleted.
201         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset): Deleted.
202         (JSC::UnlinkedCodeBlock::addExpressionInfo): Deleted.
203         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset): Deleted.
204         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo): Deleted.
205         (JSC::UnlinkedProgramCodeBlock::visitChildren): Deleted.
206         (JSC::UnlinkedCodeBlock::~UnlinkedCodeBlock): Deleted.
207         (JSC::UnlinkedProgramCodeBlock::destroy): Deleted.
208         (JSC::UnlinkedEvalCodeBlock::destroy): Deleted.
209         (JSC::UnlinkedFunctionCodeBlock::destroy): Deleted.
210         (JSC::UnlinkedFunctionExecutable::destroy): Deleted.
211         (JSC::UnlinkedCodeBlock::setInstructions): Deleted.
212         (JSC::UnlinkedCodeBlock::instructions): Deleted.
213         * bytecode/UnlinkedFunctionExecutable.h: Copied from Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h.
214         (JSC::ExecutableInfo::ExecutableInfo): Deleted.
215         (JSC::ExecutableInfo::needsActivation): Deleted.
216         (JSC::ExecutableInfo::usesEval): Deleted.
217         (JSC::ExecutableInfo::isStrictMode): Deleted.
218         (JSC::ExecutableInfo::isConstructor): Deleted.
219         (JSC::ExecutableInfo::isBuiltinFunction): Deleted.
220         (JSC::ExecutableInfo::constructorKind): Deleted.
221         (JSC::UnlinkedStringJumpTable::offsetForValue): Deleted.
222         (JSC::UnlinkedSimpleJumpTable::add): Deleted.
223         (JSC::UnlinkedInstruction::UnlinkedInstruction): Deleted.
224         (JSC::UnlinkedCodeBlock::isConstructor): Deleted.
225         (JSC::UnlinkedCodeBlock::isStrictMode): Deleted.
226         (JSC::UnlinkedCodeBlock::usesEval): Deleted.
227         (JSC::UnlinkedCodeBlock::needsFullScopeChain): Deleted.
228         (JSC::UnlinkedCodeBlock::hasExpressionInfo): Deleted.
229         (JSC::UnlinkedCodeBlock::setThisRegister): Deleted.
230         (JSC::UnlinkedCodeBlock::setScopeRegister): Deleted.
231         (JSC::UnlinkedCodeBlock::setActivationRegister): Deleted.
232         (JSC::UnlinkedCodeBlock::usesGlobalObject): Deleted.
233         (JSC::UnlinkedCodeBlock::setGlobalObjectRegister): Deleted.
234         (JSC::UnlinkedCodeBlock::globalObjectRegister): Deleted.
235         (JSC::UnlinkedCodeBlock::setNumParameters): Deleted.
236         (JSC::UnlinkedCodeBlock::addParameter): Deleted.
237         (JSC::UnlinkedCodeBlock::numParameters): Deleted.
238         (JSC::UnlinkedCodeBlock::addRegExp): Deleted.
239         (JSC::UnlinkedCodeBlock::numberOfRegExps): Deleted.
240         (JSC::UnlinkedCodeBlock::regexp): Deleted.
241         (JSC::UnlinkedCodeBlock::numberOfIdentifiers): Deleted.
242         (JSC::UnlinkedCodeBlock::addIdentifier): Deleted.
243         (JSC::UnlinkedCodeBlock::identifier): Deleted.
244         (JSC::UnlinkedCodeBlock::identifiers): Deleted.
245         (JSC::UnlinkedCodeBlock::addConstant): Deleted.
246         (JSC::UnlinkedCodeBlock::registerIndexForLinkTimeConstant): Deleted.
247         (JSC::UnlinkedCodeBlock::constantRegisters): Deleted.
248         (JSC::UnlinkedCodeBlock::constantRegister): Deleted.
249         (JSC::UnlinkedCodeBlock::isConstantRegisterIndex): Deleted.
250         (JSC::UnlinkedCodeBlock::constantsSourceCodeRepresentation): Deleted.
251         (JSC::UnlinkedCodeBlock::numberOfJumpTargets): Deleted.
252         (JSC::UnlinkedCodeBlock::addJumpTarget): Deleted.
253         (JSC::UnlinkedCodeBlock::jumpTarget): Deleted.
254         (JSC::UnlinkedCodeBlock::lastJumpTarget): Deleted.
255         (JSC::UnlinkedCodeBlock::isBuiltinFunction): Deleted.
256         (JSC::UnlinkedCodeBlock::constructorKind): Deleted.
257         (JSC::UnlinkedCodeBlock::shrinkToFit): Deleted.
258         (JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables): Deleted.
259         (JSC::UnlinkedCodeBlock::addSwitchJumpTable): Deleted.
260         (JSC::UnlinkedCodeBlock::switchJumpTable): Deleted.
261         (JSC::UnlinkedCodeBlock::numberOfStringSwitchJumpTables): Deleted.
262         (JSC::UnlinkedCodeBlock::addStringSwitchJumpTable): Deleted.
263         (JSC::UnlinkedCodeBlock::stringSwitchJumpTable): Deleted.
264         (JSC::UnlinkedCodeBlock::addFunctionDecl): Deleted.
265         (JSC::UnlinkedCodeBlock::functionDecl): Deleted.
266         (JSC::UnlinkedCodeBlock::numberOfFunctionDecls): Deleted.
267         (JSC::UnlinkedCodeBlock::addFunctionExpr): Deleted.
268         (JSC::UnlinkedCodeBlock::functionExpr): Deleted.
269         (JSC::UnlinkedCodeBlock::numberOfFunctionExprs): Deleted.
270         (JSC::UnlinkedCodeBlock::numberOfExceptionHandlers): Deleted.
271         (JSC::UnlinkedCodeBlock::addExceptionHandler): Deleted.
272         (JSC::UnlinkedCodeBlock::exceptionHandler): Deleted.
273         (JSC::UnlinkedCodeBlock::vm): Deleted.
274         (JSC::UnlinkedCodeBlock::addArrayProfile): Deleted.
275         (JSC::UnlinkedCodeBlock::numberOfArrayProfiles): Deleted.
276         (JSC::UnlinkedCodeBlock::addArrayAllocationProfile): Deleted.
277         (JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles): Deleted.
278         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile): Deleted.
279         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles): Deleted.
280         (JSC::UnlinkedCodeBlock::addValueProfile): Deleted.
281         (JSC::UnlinkedCodeBlock::numberOfValueProfiles): Deleted.
282         (JSC::UnlinkedCodeBlock::addLLIntCallLinkInfo): Deleted.
283         (JSC::UnlinkedCodeBlock::numberOfLLintCallLinkInfos): Deleted.
284         (JSC::UnlinkedCodeBlock::codeType): Deleted.
285         (JSC::UnlinkedCodeBlock::thisRegister): Deleted.
286         (JSC::UnlinkedCodeBlock::scopeRegister): Deleted.
287         (JSC::UnlinkedCodeBlock::activationRegister): Deleted.
288         (JSC::UnlinkedCodeBlock::hasActivationRegister): Deleted.
289         (JSC::UnlinkedCodeBlock::addPropertyAccessInstruction): Deleted.
290         (JSC::UnlinkedCodeBlock::numberOfPropertyAccessInstructions): Deleted.
291         (JSC::UnlinkedCodeBlock::propertyAccessInstructions): Deleted.
292         (JSC::UnlinkedCodeBlock::constantBufferCount): Deleted.
293         (JSC::UnlinkedCodeBlock::addConstantBuffer): Deleted.
294         (JSC::UnlinkedCodeBlock::constantBuffer): Deleted.
295         (JSC::UnlinkedCodeBlock::hasRareData): Deleted.
296         (JSC::UnlinkedCodeBlock::recordParse): Deleted.
297         (JSC::UnlinkedCodeBlock::codeFeatures): Deleted.
298         (JSC::UnlinkedCodeBlock::hasCapturedVariables): Deleted.
299         (JSC::UnlinkedCodeBlock::firstLine): Deleted.
300         (JSC::UnlinkedCodeBlock::lineCount): Deleted.
301         (JSC::UnlinkedCodeBlock::startColumn): Deleted.
302         (JSC::UnlinkedCodeBlock::endColumn): Deleted.
303         (JSC::UnlinkedCodeBlock::addOpProfileControlFlowBytecodeOffset): Deleted.
304         (JSC::UnlinkedCodeBlock::opProfileControlFlowBytecodeOffsets): Deleted.
305         (JSC::UnlinkedCodeBlock::finishCreation): Deleted.
306         (JSC::UnlinkedCodeBlock::createRareDataIfNecessary): Deleted.
307         (JSC::UnlinkedGlobalCodeBlock::UnlinkedGlobalCodeBlock): Deleted.
308         * runtime/Executable.h:
309
310 2015-08-10  Mark Lam  <mark.lam@apple.com>
311
312         Refactor LiveObjectList and LiveObjectData into their own files.
313         https://bugs.webkit.org/show_bug.cgi?id=147843
314
315         Reviewed by Saam Barati.
316
317         There is no behavior change in this patch.
318
319         * CMakeLists.txt:
320         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
321         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
322         * JavaScriptCore.xcodeproj/project.pbxproj:
323         * heap/HeapVerifier.cpp:
324         (JSC::HeapVerifier::HeapVerifier):
325         (JSC::LiveObjectList::findObject): Deleted.
326         * heap/HeapVerifier.h:
327         (JSC::LiveObjectData::LiveObjectData): Deleted.
328         (JSC::LiveObjectList::LiveObjectList): Deleted.
329         (JSC::LiveObjectList::reset): Deleted.
330         * heap/LiveObjectData.h: Added.
331         (JSC::LiveObjectData::LiveObjectData):
332         * heap/LiveObjectList.cpp: Added.
333         (JSC::LiveObjectList::findObject):
334         * heap/LiveObjectList.h: Added.
335         (JSC::LiveObjectList::LiveObjectList):
336         (JSC::LiveObjectList::reset):
337
338 2015-08-07  Geoffrey Garen  <ggaren@apple.com>
339
340         Let's rename FunctionBodyNode
341         https://bugs.webkit.org/show_bug.cgi?id=147292
342
343         Reviewed by Mark Lam & Saam Barati.
344
345         FunctionBodyNode => FunctionMetadataNode
346
347         Make FunctionMetadataNode inherit from Node instead of StatementNode
348         because a FunctionMetadataNode can appear in expression context and does
349         not have a next statement.
350
351         (I decided to continue allocating FunctionMetadataNode in the AST arena,
352         and to retain "Node" in its name, because it really is a parsing
353         construct, and we transform its data before consuming it elsewhere.
354
355         There is still room for a future patch to distill and simplify the
356         metadata we track about functions between FunDeclNode/FuncExprNode,
357         FunctionMetadataNode, and UnlinkedFunctionExecutable. But this is a start.)
358
359         * builtins/BuiltinExecutables.cpp:
360         (JSC::BuiltinExecutables::createExecutableInternal):
361         * bytecode/UnlinkedCodeBlock.cpp:
362         (JSC::generateFunctionCodeBlock):
363         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
364         * bytecode/UnlinkedCodeBlock.h:
365         * bytecompiler/BytecodeGenerator.cpp:
366         (JSC::BytecodeGenerator::generate):
367         (JSC::BytecodeGenerator::BytecodeGenerator):
368         (JSC::BytecodeGenerator::emitNewArray):
369         (JSC::BytecodeGenerator::emitNewFunction):
370         (JSC::BytecodeGenerator::emitNewFunctionExpression):
371         * bytecompiler/BytecodeGenerator.h:
372         (JSC::BytecodeGenerator::makeFunction):
373         * bytecompiler/NodesCodegen.cpp:
374         (JSC::EvalNode::emitBytecode):
375         (JSC::FunctionNode::emitBytecode):
376         (JSC::FunctionBodyNode::emitBytecode): Deleted.
377         * parser/ASTBuilder.h:
378         (JSC::ASTBuilder::createFunctionExpr):
379         (JSC::ASTBuilder::createFunctionBody):
380         * parser/NodeConstructors.h:
381         (JSC::FunctionParameters::FunctionParameters):
382         (JSC::FuncExprNode::FuncExprNode):
383         (JSC::FuncDeclNode::FuncDeclNode):
384         * parser/Nodes.cpp:
385         (JSC::EvalNode::EvalNode):
386         (JSC::FunctionMetadataNode::FunctionMetadataNode):
387         (JSC::FunctionMetadataNode::finishParsing):
388         (JSC::FunctionMetadataNode::setEndPosition):
389         (JSC::FunctionBodyNode::FunctionBodyNode): Deleted.
390         (JSC::FunctionBodyNode::finishParsing): Deleted.
391         (JSC::FunctionBodyNode::setEndPosition): Deleted.
392         * parser/Nodes.h:
393         (JSC::FuncExprNode::body):
394         (JSC::FuncDeclNode::body):
395         * parser/Parser.h:
396         (JSC::Parser::isFunctionMetadataNode):
397         (JSC::Parser::next):
398         (JSC::Parser<LexerType>::parse):
399         (JSC::Parser::isFunctionBodyNode): Deleted.
400         * runtime/CodeCache.cpp:
401         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
402         * runtime/CodeCache.h:
403
404 2015-08-09  Chris Dumez  <cdumez@apple.com>
405
406         Regression(r188105): Seems to have caused crashes during PLT on some iPads
407         https://bugs.webkit.org/show_bug.cgi?id=147818
408
409         Unreviewed, roll out r188105.
410
411         * bytecode/ByValInfo.h:
412         (JSC::ByValInfo::ByValInfo):
413         * bytecode/CodeBlock.cpp:
414         (JSC::CodeBlock::getByValInfoMap): Deleted.
415         (JSC::CodeBlock::addByValInfo): Deleted.
416         * bytecode/CodeBlock.h:
417         (JSC::CodeBlock::getByValInfo):
418         (JSC::CodeBlock::setNumberOfByValInfos):
419         (JSC::CodeBlock::numberOfByValInfos):
420         (JSC::CodeBlock::byValInfo):
421         * bytecode/ExitKind.cpp:
422         (JSC::exitKindToString): Deleted.
423         * bytecode/ExitKind.h:
424         * bytecode/GetByIdStatus.cpp:
425         (JSC::GetByIdStatus::computeFor):
426         (JSC::GetByIdStatus::computeForStubInfo):
427         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted.
428         * bytecode/GetByIdStatus.h:
429         * dfg/DFGAbstractInterpreterInlines.h:
430         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
431         * dfg/DFGByteCodeParser.cpp:
432         (JSC::DFG::ByteCodeParser::parseBlock):
433         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry): Deleted.
434         * dfg/DFGClobberize.h:
435         (JSC::DFG::clobberize): Deleted.
436         * dfg/DFGConstantFoldingPhase.cpp:
437         (JSC::DFG::ConstantFoldingPhase::foldConstants): Deleted.
438         * dfg/DFGDoesGC.cpp:
439         (JSC::DFG::doesGC): Deleted.
440         * dfg/DFGFixupPhase.cpp:
441         (JSC::DFG::FixupPhase::fixupNode): Deleted.
442         (JSC::DFG::FixupPhase::observeUseKindOnNode): Deleted.
443         * dfg/DFGNode.h:
444         (JSC::DFG::Node::hasUidOperand): Deleted.
445         (JSC::DFG::Node::uidOperand): Deleted.
446         * dfg/DFGNodeType.h:
447         * dfg/DFGPredictionPropagationPhase.cpp:
448         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
449         * dfg/DFGSafeToExecute.h:
450         (JSC::DFG::SafeToExecuteEdge::operator()): Deleted.
451         (JSC::DFG::safeToExecute): Deleted.
452         * dfg/DFGSpeculativeJIT.cpp:
453         (JSC::DFG::SpeculativeJIT::compileCheckIdent): Deleted.
454         (JSC::DFG::SpeculativeJIT::speculateSymbol): Deleted.
455         (JSC::DFG::SpeculativeJIT::speculate): Deleted.
456         * dfg/DFGSpeculativeJIT.h:
457         * dfg/DFGSpeculativeJIT32_64.cpp:
458         (JSC::DFG::SpeculativeJIT::compile): Deleted.
459         * dfg/DFGSpeculativeJIT64.cpp:
460         (JSC::DFG::SpeculativeJIT::compile): Deleted.
461         * dfg/DFGUseKind.cpp:
462         (WTF::printInternal): Deleted.
463         * dfg/DFGUseKind.h:
464         (JSC::DFG::typeFilterFor): Deleted.
465         (JSC::DFG::isCell): Deleted.
466         * ftl/FTLAbstractHeapRepository.h:
467         * ftl/FTLCapabilities.cpp:
468         (JSC::FTL::canCompile): Deleted.
469         * ftl/FTLLowerDFGToLLVM.cpp:
470         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
471         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent): Deleted.
472         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol): Deleted.
473         (JSC::FTL::DFG::LowerDFGToLLVM::speculate): Deleted.
474         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol): Deleted.
475         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol): Deleted.
476         * jit/JIT.cpp:
477         (JSC::JIT::privateCompile):
478         * jit/JIT.h:
479         (JSC::ByValCompilationInfo::ByValCompilationInfo):
480         (JSC::JIT::compileGetByValWithCachedId): Deleted.
481         * jit/JITInlines.h:
482         (JSC::JIT::callOperation): Deleted.
483         * jit/JITOpcodes.cpp:
484         (JSC::JIT::emit_op_has_indexed_property):
485         (JSC::JIT::emitSlow_op_has_indexed_property):
486         * jit/JITOpcodes32_64.cpp:
487         (JSC::JIT::emit_op_has_indexed_property):
488         (JSC::JIT::emitSlow_op_has_indexed_property):
489         * jit/JITOperations.cpp:
490         (JSC::getByVal):
491         * jit/JITOperations.h:
492         * jit/JITPropertyAccess.cpp:
493         (JSC::JIT::emit_op_get_by_val):
494         (JSC::JIT::emitSlow_op_get_by_val):
495         (JSC::JIT::emit_op_put_by_val):
496         (JSC::JIT::emitSlow_op_put_by_val):
497         (JSC::JIT::emitGetByValWithCachedId): Deleted.
498         (JSC::JIT::privateCompileGetByVal): Deleted.
499         (JSC::JIT::privateCompileGetByValWithCachedId): Deleted.
500         * jit/JITPropertyAccess32_64.cpp:
501         (JSC::JIT::emit_op_get_by_val):
502         (JSC::JIT::emitSlow_op_get_by_val):
503         (JSC::JIT::emit_op_put_by_val):
504         (JSC::JIT::emitSlow_op_put_by_val):
505         (JSC::JIT::emitGetByValWithCachedId): Deleted.
506         * runtime/Symbol.h:
507         * tests/stress/get-by-val-with-string-constructor.js: Removed.
508         * tests/stress/get-by-val-with-string-exit.js: Removed.
509         * tests/stress/get-by-val-with-string-generated.js: Removed.
510         * tests/stress/get-by-val-with-string-getter.js: Removed.
511         * tests/stress/get-by-val-with-string.js: Removed.
512         * tests/stress/get-by-val-with-symbol-constructor.js: Removed.
513         * tests/stress/get-by-val-with-symbol-exit.js: Removed.
514         * tests/stress/get-by-val-with-symbol-getter.js: Removed.
515         * tests/stress/get-by-val-with-symbol.js: Removed.
516
517 2015-08-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
518
519         Reduce uses of PassRefPtr in bindings
520         https://bugs.webkit.org/show_bug.cgi?id=147781
521
522         Reviewed by Chris Dumez.
523
524         Use RefPtr when function can return null or an instance. If not, Ref is used.
525
526         * runtime/JSGenericTypedArrayView.h:
527         (JSC::toNativeTypedView):
528
529 2015-08-07  Alex Christensen  <achristensen@webkit.org>
530
531         Build more testing binaries with CMake on Windows
532         https://bugs.webkit.org/show_bug.cgi?id=147799
533
534         Reviewed by Brent Fulgham.
535
536         * shell/PlatformWin.cmake: Added.
537         Build jsc.dll and jsc.exe to find Apple Application Support or WinCairo dlls before using them.
538
539 2015-08-07  Filip Pizlo  <fpizlo@apple.com>
540
541         Lightweight locks should be adaptive
542         https://bugs.webkit.org/show_bug.cgi?id=147545
543
544         Reviewed by Geoffrey Garen.
545
546         * dfg/DFGCommon.cpp:
547         (JSC::DFG::startCrashing):
548         * heap/CopiedBlock.h:
549         (JSC::CopiedBlock::workListLock):
550         * heap/CopiedBlockInlines.h:
551         (JSC::CopiedBlock::shouldReportLiveBytes):
552         (JSC::CopiedBlock::reportLiveBytes):
553         * heap/CopiedSpace.cpp:
554         (JSC::CopiedSpace::doneFillingBlock):
555         * heap/CopiedSpace.h:
556         (JSC::CopiedSpace::CopiedGeneration::CopiedGeneration):
557         * heap/CopiedSpaceInlines.h:
558         (JSC::CopiedSpace::recycleEvacuatedBlock):
559         * heap/GCThreadSharedData.cpp:
560         (JSC::GCThreadSharedData::didStartCopying):
561         * heap/GCThreadSharedData.h:
562         (JSC::GCThreadSharedData::getNextBlocksToCopy):
563         * heap/ListableHandler.h:
564         (JSC::ListableHandler::List::addThreadSafe):
565         (JSC::ListableHandler::List::addNotThreadSafe):
566         * heap/MachineStackMarker.cpp:
567         (JSC::MachineThreads::tryCopyOtherThreadStacks):
568         * heap/SlotVisitorInlines.h:
569         (JSC::SlotVisitor::copyLater):
570         * parser/SourceProvider.cpp:
571         (JSC::SourceProvider::~SourceProvider):
572         (JSC::SourceProvider::getID):
573         * profiler/ProfilerDatabase.cpp:
574         (JSC::Profiler::Database::addDatabaseToAtExit):
575         (JSC::Profiler::Database::removeDatabaseFromAtExit):
576         (JSC::Profiler::Database::removeFirstAtExitDatabase):
577         * runtime/TypeProfilerLog.h:
578
579 2015-08-07  Mark Lam  <mark.lam@apple.com>
580
581         Rename some variables in the JSC watchdog implementation.
582         https://bugs.webkit.org/show_bug.cgi?id=147790
583
584         Rubber stamped by Benjamin Poulain.
585
586         This is just a refactoring patch to give the variable better names that describe their
587         intended use.  There is no behavior change.
588
589         * runtime/Watchdog.cpp:
590         (JSC::Watchdog::Watchdog):
591         (JSC::Watchdog::setTimeLimit):
592         (JSC::Watchdog::didFire):
593         (JSC::Watchdog::isEnabled):
594         (JSC::Watchdog::fire):
595         (JSC::Watchdog::startCountdownIfNeeded):
596         * runtime/Watchdog.h:
597
598 2015-08-07  Saam barati  <saambarati1@gmail.com>
599
600         Interpreter::unwind shouldn't be responsible for assigning the correct scope.
601         https://bugs.webkit.org/show_bug.cgi?id=147666
602
603         Reviewed by Geoffrey Garen.
604
605         If we make the bytecode generator know about every local scope it 
606         creates, and if we give each local scope a unique register, the
607         bytecode generator has all the information it needs to assign
608         the correct scope to a catch handler. Because the bytecode generator
609         knows this information, it's a better separation of responsibilties
610         for it to set up the proper scope instead of relying on the exception
611         handling runtime to find the scope.
612
613         * bytecode/BytecodeList.json:
614         * bytecode/BytecodeUseDef.h:
615         (JSC::computeUsesForBytecodeOffset):
616         * bytecode/CodeBlock.cpp:
617         (JSC::CodeBlock::dumpBytecode):
618         (JSC::CodeBlock::CodeBlock):
619         * bytecode/HandlerInfo.h:
620         (JSC::UnlinkedHandlerInfo::UnlinkedHandlerInfo):
621         (JSC::HandlerInfo::initialize):
622         * bytecompiler/BytecodeGenerator.cpp:
623         (JSC::BytecodeGenerator::generate):
624         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
625         (JSC::BytecodeGenerator::emitGetScope):
626         (JSC::BytecodeGenerator::emitPushWithScope):
627         (JSC::BytecodeGenerator::emitGetParentScope):
628         (JSC::BytecodeGenerator::emitPopScope):
629         (JSC::BytecodeGenerator::emitPopWithScope):
630         (JSC::BytecodeGenerator::allocateAndEmitScope):
631         (JSC::BytecodeGenerator::emitComplexPopScopes):
632         (JSC::BytecodeGenerator::pushTry):
633         (JSC::BytecodeGenerator::popTryAndEmitCatch):
634         (JSC::BytecodeGenerator::localScopeDepth):
635         (JSC::BytecodeGenerator::calculateTargetScopeDepthForExceptionHandler): Deleted.
636         * bytecompiler/BytecodeGenerator.h:
637         * bytecompiler/NodesCodegen.cpp:
638         (JSC::WithNode::emitBytecode):
639         * interpreter/Interpreter.cpp:
640         (JSC::Interpreter::unwind):
641         * jit/JITOpcodes.cpp:
642         (JSC::JIT::emit_op_push_with_scope):
643         (JSC::JIT::compileOpStrictEq):
644         * jit/JITOpcodes32_64.cpp:
645         (JSC::JIT::emit_op_push_with_scope):
646         (JSC::JIT::emit_op_to_number):
647         * jit/JITOperations.cpp:
648         * jit/JITOperations.h:
649         * llint/LLIntSlowPaths.cpp:
650         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
651         * llint/LLIntSlowPaths.h:
652         * llint/LowLevelInterpreter.asm:
653         * runtime/CommonSlowPaths.cpp:
654         (JSC::SLOW_PATH_DECL):
655         * runtime/CommonSlowPaths.h:
656         * runtime/JSScope.cpp:
657         (JSC::JSScope::objectAtScope):
658         (JSC::isUnscopable):
659         (JSC::JSScope::depth): Deleted.
660         * runtime/JSScope.h:
661
662 2015-08-07  Yusuke Suzuki  <utatane.tea@gmail.com>
663
664         Add MacroAssembler::patchableBranch64 and fix ARM64's patchableBranchPtr
665         https://bugs.webkit.org/show_bug.cgi?id=147761
666
667         Reviewed by Mark Lam.
668
669         This patch implements MacroAssembler::patchableBranch64 in 64bit environments.
670         And fix the existing MacroAssemblerARM64::patchableBranchPtr, before this patch,
671         it truncates the immediate pointer into the 32bit immediate.
672         And use patchableBranch64 in the baseline JIT under the JSVALUE64 configuration.
673
674         * assembler/MacroAssemblerARM64.h:
675         (JSC::MacroAssemblerARM64::patchableBranchPtr):
676         (JSC::MacroAssemblerARM64::patchableBranch64):
677         * assembler/MacroAssemblerX86_64.h:
678         (JSC::MacroAssemblerX86_64::patchableBranch64):
679         * jit/JIT.h:
680         * jit/JITInlines.h:
681         (JSC::JIT::emitPatchableJumpIfNotImmediateInteger):
682         * jit/JITPropertyAccess.cpp:
683         (JSC::JIT::emit_op_get_by_val):
684
685 2015-08-06  Yusuke Suzuki  <utatane.tea@gmail.com>
686
687         Introduce get_by_id like IC into get_by_val when the given name is String or Symbol
688         https://bugs.webkit.org/show_bug.cgi?id=147480
689
690         Reviewed by Filip Pizlo.
691
692         This patch adds get_by_id IC to get_by_val operation by caching the string / symbol id.
693         The IC site only caches one id. After checking that the given id is the same to the
694         cached one, we perform the get_by_id IC onto it.
695         And by collecting IC StructureStubInfo information, we pass it to the DFG and DFG
696         compiles get_by_val op code into CheckIdent (with edge type check) and GetById related
697         operations when the given get_by_val leverages the property load with the cached id.
698
699         To ensure the incoming value is the expected id, in DFG layer, we use SymbolUse and
700         StringIdentUse to enforce the type. To use it, this patch implements SymbolUse.
701         This can be leveraged to optimize symbol operations in DFG.
702
703         And since byValInfo is frequently used, we align the byValInfo design to the stubInfo like one.
704         Allocated by the Bag and operations take the raw byValInfo pointer directly instead of performing
705         binary search onto m_byValInfos. And by storing ArrayProfile* under the ByValInfo, we replaced the
706         argument ArrayProfile* in the operations with ByValInfo*.
707
708         * bytecode/ByValInfo.h:
709         (JSC::ByValInfo::ByValInfo):
710         * bytecode/CodeBlock.cpp:
711         (JSC::CodeBlock::getByValInfoMap):
712         (JSC::CodeBlock::addByValInfo):
713         * bytecode/CodeBlock.h:
714         (JSC::CodeBlock::getByValInfo): Deleted.
715         (JSC::CodeBlock::setNumberOfByValInfos): Deleted.
716         (JSC::CodeBlock::numberOfByValInfos): Deleted.
717         (JSC::CodeBlock::byValInfo): Deleted.
718         * bytecode/ExitKind.cpp:
719         (JSC::exitKindToString):
720         * bytecode/ExitKind.h:
721         * bytecode/GetByIdStatus.cpp:
722         (JSC::GetByIdStatus::computeFor):
723         (JSC::GetByIdStatus::computeForStubInfo):
724         (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback):
725         * bytecode/GetByIdStatus.h:
726         * dfg/DFGAbstractInterpreterInlines.h:
727         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
728         * dfg/DFGByteCodeParser.cpp:
729         (JSC::DFG::ByteCodeParser::parseBlock):
730         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
731         * dfg/DFGClobberize.h:
732         (JSC::DFG::clobberize):
733         * dfg/DFGConstantFoldingPhase.cpp:
734         (JSC::DFG::ConstantFoldingPhase::foldConstants):
735         * dfg/DFGDoesGC.cpp:
736         (JSC::DFG::doesGC):
737         * dfg/DFGFixupPhase.cpp:
738         (JSC::DFG::FixupPhase::fixupNode):
739         (JSC::DFG::FixupPhase::observeUseKindOnNode):
740         * dfg/DFGNode.h:
741         (JSC::DFG::Node::hasUidOperand):
742         (JSC::DFG::Node::uidOperand):
743         * dfg/DFGNodeType.h:
744         * dfg/DFGPredictionPropagationPhase.cpp:
745         (JSC::DFG::PredictionPropagationPhase::propagate):
746         * dfg/DFGSafeToExecute.h:
747         (JSC::DFG::SafeToExecuteEdge::operator()):
748         (JSC::DFG::safeToExecute):
749         * dfg/DFGSpeculativeJIT.cpp:
750         (JSC::DFG::SpeculativeJIT::compileCheckIdent):
751         (JSC::DFG::SpeculativeJIT::speculateSymbol):
752         (JSC::DFG::SpeculativeJIT::speculate):
753         * dfg/DFGSpeculativeJIT.h:
754         * dfg/DFGSpeculativeJIT32_64.cpp:
755         (JSC::DFG::SpeculativeJIT::compile):
756         * dfg/DFGSpeculativeJIT64.cpp:
757         (JSC::DFG::SpeculativeJIT::compile):
758         * dfg/DFGUseKind.cpp:
759         (WTF::printInternal):
760         * dfg/DFGUseKind.h:
761         (JSC::DFG::typeFilterFor):
762         (JSC::DFG::isCell):
763         * ftl/FTLAbstractHeapRepository.h:
764         * ftl/FTLCapabilities.cpp:
765         (JSC::FTL::canCompile):
766         * ftl/FTLLowerDFGToLLVM.cpp:
767         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
768         (JSC::FTL::DFG::LowerDFGToLLVM::compileCheckIdent):
769         (JSC::FTL::DFG::LowerDFGToLLVM::lowSymbol):
770         (JSC::FTL::DFG::LowerDFGToLLVM::speculate):
771         (JSC::FTL::DFG::LowerDFGToLLVM::isNotSymbol):
772         (JSC::FTL::DFG::LowerDFGToLLVM::speculateSymbol):
773         * jit/JIT.cpp:
774         (JSC::JIT::privateCompile):
775         * jit/JIT.h:
776         (JSC::ByValCompilationInfo::ByValCompilationInfo):
777         (JSC::JIT::compileGetByValWithCachedId):
778         * jit/JITInlines.h:
779         (JSC::JIT::callOperation):
780         * jit/JITOpcodes.cpp:
781         (JSC::JIT::emit_op_has_indexed_property):
782         (JSC::JIT::emitSlow_op_has_indexed_property):
783         * jit/JITOpcodes32_64.cpp:
784         (JSC::JIT::emit_op_has_indexed_property):
785         (JSC::JIT::emitSlow_op_has_indexed_property):
786         * jit/JITOperations.cpp:
787         (JSC::getByVal):
788         * jit/JITOperations.h:
789         * jit/JITPropertyAccess.cpp:
790         (JSC::JIT::emit_op_get_by_val):
791         (JSC::JIT::emitGetByValWithCachedId):
792         (JSC::JIT::emitSlow_op_get_by_val):
793         (JSC::JIT::emit_op_put_by_val):
794         (JSC::JIT::emitSlow_op_put_by_val):
795         (JSC::JIT::privateCompileGetByVal):
796         (JSC::JIT::privateCompileGetByValWithCachedId):
797         * jit/JITPropertyAccess32_64.cpp:
798         (JSC::JIT::emit_op_get_by_val):
799         (JSC::JIT::emitGetByValWithCachedId):
800         (JSC::JIT::emitSlow_op_get_by_val):
801         (JSC::JIT::emit_op_put_by_val):
802         (JSC::JIT::emitSlow_op_put_by_val):
803         * runtime/Symbol.h:
804         * tests/stress/get-by-val-with-string-constructor.js: Added.
805         (Hello):
806         (get Hello.prototype.generate):
807         (ok):
808         * tests/stress/get-by-val-with-string-exit.js: Added.
809         (shouldBe):
810         (getByVal):
811         (getStr1):
812         (getStr2):
813         * tests/stress/get-by-val-with-string-generated.js: Added.
814         (shouldBe):
815         (getByVal):
816         (getStr1):
817         (getStr2):
818         * tests/stress/get-by-val-with-string-getter.js: Added.
819         (object.get hello):
820         (ok):
821         * tests/stress/get-by-val-with-string.js: Added.
822         (shouldBe):
823         (getByVal):
824         (getStr1):
825         (getStr2):
826         * tests/stress/get-by-val-with-symbol-constructor.js: Added.
827         (Hello):
828         (get Hello.prototype.generate):
829         (ok):
830         * tests/stress/get-by-val-with-symbol-exit.js: Added.
831         (shouldBe):
832         (getByVal):
833         (getSym1):
834         (getSym2):
835         * tests/stress/get-by-val-with-symbol-getter.js: Added.
836         (object.get hello):
837         (.get ok):
838         * tests/stress/get-by-val-with-symbol.js: Added.
839         (shouldBe):
840         (getByVal):
841         (getSym1):
842         (getSym2):
843
844 2015-08-06  Sukolsak Sakshuwong  <sukolsak@gmail.com>
845
846         Parse the entire WebAssembly modules
847         https://bugs.webkit.org/show_bug.cgi?id=147393
848
849         Reviewed by Geoffrey Garen.
850
851         Parse the entire WebAssembly modules from files produced by pack-asmjs
852         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch can only
853         parse modules whose function definition section contains only functions that
854         have "return 0;" as their only statement. Parsing of any functions will be
855         implemented in a subsequent patch.
856
857         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
858         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
859         * JavaScriptCore.xcodeproj/project.pbxproj:
860         * wasm/JSWASMModule.cpp:
861         (JSC::JSWASMModule::destroy):
862         * wasm/JSWASMModule.h:
863         (JSC::JSWASMModule::i32Constants):
864         (JSC::JSWASMModule::f32Constants):
865         (JSC::JSWASMModule::f64Constants):
866         (JSC::JSWASMModule::signatures):
867         (JSC::JSWASMModule::functionImports):
868         (JSC::JSWASMModule::functionImportSignatures):
869         (JSC::JSWASMModule::globalVariableTypes):
870         (JSC::JSWASMModule::functionDeclarations):
871         (JSC::JSWASMModule::functionPointerTables):
872         * wasm/WASMFormat.h: Added.
873         * wasm/WASMModuleParser.cpp:
874         (JSC::WASMModuleParser::parse):
875         (JSC::WASMModuleParser::parseModule):
876         (JSC::WASMModuleParser::parseConstantPoolSection):
877         (JSC::WASMModuleParser::parseSignatureSection):
878         (JSC::WASMModuleParser::parseFunctionImportSection):
879         (JSC::WASMModuleParser::parseGlobalSection):
880         (JSC::WASMModuleParser::parseFunctionDeclarationSection):
881         (JSC::WASMModuleParser::parseFunctionPointerTableSection):
882         (JSC::WASMModuleParser::parseFunctionDefinitionSection):
883         (JSC::WASMModuleParser::parseFunctionDefinition):
884         (JSC::WASMModuleParser::parseExportSection):
885         * wasm/WASMModuleParser.h:
886         * wasm/WASMReader.cpp:
887         (JSC::WASMReader::readUInt32):
888         (JSC::WASMReader::readCompactUInt32):
889         (JSC::WASMReader::readString):
890         (JSC::WASMReader::readType):
891         (JSC::WASMReader::readExpressionType):
892         (JSC::WASMReader::readExportFormat):
893         (JSC::WASMReader::readByte):
894         (JSC::WASMReader::readUnsignedInt32): Deleted.
895         * wasm/WASMReader.h:
896
897 2015-08-06  Keith Miller  <keith_miller@apple.com>
898
899         The typedArrayLength function in FTLLowerDFGToLLVM is dead code.
900         https://bugs.webkit.org/show_bug.cgi?id=147749
901
902         Reviewed by Filip Pizlo.
903
904         Removed dead code elimination. the TypedArray length is compiled in compileGetArrayLength()
905         thus no one calls this code.
906
907         * ftl/FTLLowerDFGToLLVM.cpp:
908         (JSC::FTL::DFG::LowerDFGToLLVM::typedArrayLength): Deleted.
909
910 2015-08-06  Keith Miller  <keith_miller@apple.com>
911
912         The JSONP parser incorrectly parsers -0 as +0.
913         https://bugs.webkit.org/show_bug.cgi?id=147590
914
915         Reviewed by Michael Saboff.
916
917         In the LiteralParser we should use a double to store the accumulator for numerical tokens
918         rather than an int. Using an int means that -0 is, incorrectly, parsed as +0.
919
920         * runtime/LiteralParser.cpp:
921         (JSC::LiteralParser<CharType>::Lexer::lexNumber):
922
923 2015-08-06  Filip Pizlo  <fpizlo@apple.com>
924
925         Structures used for tryGetConstantProperty() should be registered first
926         https://bugs.webkit.org/show_bug.cgi?id=147750
927
928         Reviewed by Saam Barati and Michael Saboff.
929
930         * dfg/DFGGraph.cpp:
931         (JSC::DFG::Graph::tryGetConstantProperty): Add an assertion to that effect. This should catch the bug sooner.
932         * dfg/DFGGraph.h:
933         (JSC::DFG::Graph::addStructureSet): Register structures when we make a structure set. That ensures that we won't call tryGetConstantProperty() on a structure that hasn't been registered yet.
934         * dfg/DFGStructureRegistrationPhase.cpp:
935         (JSC::DFG::StructureRegistrationPhase::run): Don't register structure sets here anymore. Registering them before we get here means there is no chance of the code being DCE'd before the structures get registered. It also enables the tryGetConstantProperty() assertion, since that code runs before StructureRegisterationPhase.
936         (JSC::DFG::StructureRegistrationPhase::registerStructures):
937         (JSC::DFG::StructureRegistrationPhase::registerStructure):
938         (JSC::DFG::StructureRegistrationPhase::assertAreRegistered):
939         (JSC::DFG::StructureRegistrationPhase::assertIsRegistered):
940         (JSC::DFG::performStructureRegistration):
941
942 2015-08-06  Keith Miller  <keith_miller@apple.com>
943
944         Remove UnspecifiedBoolType from JSC
945         https://bugs.webkit.org/show_bug.cgi?id=147597
946
947         Reviewed by Mark Lam.
948
949         We were using the safe bool pattern in the code base for implicit casting to booleans.
950         With C++11 this is no longer necessary and we can instead create an operator bool.
951
952         * API/JSRetainPtr.h:
953         (JSRetainPtr::operator bool):
954         (JSRetainPtr::operator UnspecifiedBoolType): Deleted.
955         * dfg/DFGEdge.h:
956         (JSC::DFG::Edge::operator bool):
957         (JSC::DFG::Edge::operator UnspecifiedBoolType*): Deleted.
958         * dfg/DFGIntegerRangeOptimizationPhase.cpp:
959         * heap/Weak.h:
960         * heap/WeakInlines.h:
961         (JSC::bool):
962         (JSC::UnspecifiedBoolType): Deleted.
963
964 2015-08-05  Ryosuke Niwa  <rniwa@webkit.org>
965
966         [ES6] Class parser does not allow methods named set and get.
967         https://bugs.webkit.org/show_bug.cgi?id=147150
968
969         Reviewed by Oliver Hunt.
970
971         The bug was caused by parseClass assuming identifiers "get" and "set" could only appear
972         as the leading token for getter and setter methods. Fixed the bug by generalizing the code
973         so that we only treat them as such when it's followed by another token that could be a method name.
974
975         * parser/Parser.cpp:
976         (JSC::Parser<LexerType>::parseClass):
977
978 2015-08-05  Filip Pizlo  <fpizlo@apple.com>
979
980         Unreviewed, roll out http://trac.webkit.org/changeset/187972.
981
982         * bytecode/SamplingTool.cpp:
983         (JSC::SamplingTool::doRun):
984         (JSC::SamplingTool::notifyOfScope):
985         * bytecode/SamplingTool.h:
986         * dfg/DFGThreadData.h:
987         * dfg/DFGWorklist.cpp:
988         (JSC::DFG::Worklist::~Worklist):
989         (JSC::DFG::Worklist::isActiveForVM):
990         (JSC::DFG::Worklist::enqueue):
991         (JSC::DFG::Worklist::compilationState):
992         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
993         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
994         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
995         (JSC::DFG::Worklist::visitWeakReferences):
996         (JSC::DFG::Worklist::removeDeadPlans):
997         (JSC::DFG::Worklist::queueLength):
998         (JSC::DFG::Worklist::dump):
999         (JSC::DFG::Worklist::runThread):
1000         * dfg/DFGWorklist.h:
1001         * disassembler/Disassembler.cpp:
1002         * heap/CopiedSpace.cpp:
1003         (JSC::CopiedSpace::doneFillingBlock):
1004         (JSC::CopiedSpace::doneCopying):
1005         * heap/CopiedSpace.h:
1006         * heap/CopiedSpaceInlines.h:
1007         (JSC::CopiedSpace::recycleBorrowedBlock):
1008         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1009         * heap/HeapTimer.h:
1010         * heap/MachineStackMarker.cpp:
1011         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1012         (JSC::ActiveMachineThreadsManager::add):
1013         (JSC::ActiveMachineThreadsManager::remove):
1014         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1015         (JSC::MachineThreads::~MachineThreads):
1016         (JSC::MachineThreads::addCurrentThread):
1017         (JSC::MachineThreads::removeThreadIfFound):
1018         (JSC::MachineThreads::tryCopyOtherThreadStack):
1019         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1020         (JSC::MachineThreads::gatherConservativeRoots):
1021         * heap/MachineStackMarker.h:
1022         * interpreter/JSStack.cpp:
1023         (JSC::stackStatisticsMutex):
1024         (JSC::JSStack::addToCommittedByteCount):
1025         (JSC::JSStack::committedByteCount):
1026         * jit/JITThunks.h:
1027         * profiler/ProfilerDatabase.h:
1028
1029 2015-08-05  Saam barati  <saambarati1@gmail.com>
1030
1031         Bytecodegenerator emits crappy code for returns in a lexical scope.
1032         https://bugs.webkit.org/show_bug.cgi?id=147688
1033
1034         Reviewed by Mark Lam.
1035
1036         When returning, we only need to emit complex pop scopes if we're in 
1037         a finally block. Otherwise, we can just return like normal. This saves
1038         us from inefficiently emitting unnecessary pop scopes.
1039
1040         * bytecompiler/BytecodeGenerator.h:
1041         (JSC::BytecodeGenerator::isInFinallyBlock):
1042         (JSC::BytecodeGenerator::hasFinaliser): Deleted.
1043         * bytecompiler/NodesCodegen.cpp:
1044         (JSC::ReturnNode::emitBytecode):
1045
1046 2015-08-05  Benjamin Poulain  <benjamin@webkit.org>
1047
1048         Add the Intl API to the status page
1049
1050         * features.json:
1051         Andy VanWagoner landed the skeleton of the API and it is
1052         enabled by default.
1053
1054 2015-08-04  Filip Pizlo  <fpizlo@apple.com>
1055
1056         Rename Mutex to DeprecatedMutex
1057         https://bugs.webkit.org/show_bug.cgi?id=147675
1058
1059         Reviewed by Geoffrey Garen.
1060
1061         * bytecode/SamplingTool.cpp:
1062         (JSC::SamplingTool::doRun):
1063         (JSC::SamplingTool::notifyOfScope):
1064         * bytecode/SamplingTool.h:
1065         * dfg/DFGThreadData.h:
1066         * dfg/DFGWorklist.cpp:
1067         (JSC::DFG::Worklist::~Worklist):
1068         (JSC::DFG::Worklist::isActiveForVM):
1069         (JSC::DFG::Worklist::enqueue):
1070         (JSC::DFG::Worklist::compilationState):
1071         (JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
1072         (JSC::DFG::Worklist::removeAllReadyPlansForVM):
1073         (JSC::DFG::Worklist::completeAllReadyPlansForVM):
1074         (JSC::DFG::Worklist::visitWeakReferences):
1075         (JSC::DFG::Worklist::removeDeadPlans):
1076         (JSC::DFG::Worklist::queueLength):
1077         (JSC::DFG::Worklist::dump):
1078         (JSC::DFG::Worklist::runThread):
1079         * dfg/DFGWorklist.h:
1080         * disassembler/Disassembler.cpp:
1081         * heap/CopiedSpace.cpp:
1082         (JSC::CopiedSpace::doneFillingBlock):
1083         (JSC::CopiedSpace::doneCopying):
1084         * heap/CopiedSpace.h:
1085         * heap/CopiedSpaceInlines.h:
1086         (JSC::CopiedSpace::recycleBorrowedBlock):
1087         (JSC::CopiedSpace::allocateBlockForCopyingPhase):
1088         * heap/HeapTimer.h:
1089         * heap/MachineStackMarker.cpp:
1090         (JSC::ActiveMachineThreadsManager::Locker::Locker):
1091         (JSC::ActiveMachineThreadsManager::add):
1092         (JSC::ActiveMachineThreadsManager::remove):
1093         (JSC::ActiveMachineThreadsManager::ActiveMachineThreadsManager):
1094         (JSC::MachineThreads::~MachineThreads):
1095         (JSC::MachineThreads::addCurrentThread):
1096         (JSC::MachineThreads::removeThreadIfFound):
1097         (JSC::MachineThreads::tryCopyOtherThreadStack):
1098         (JSC::MachineThreads::tryCopyOtherThreadStacks):
1099         (JSC::MachineThreads::gatherConservativeRoots):
1100         * heap/MachineStackMarker.h:
1101         * interpreter/JSStack.cpp:
1102         (JSC::stackStatisticsMutex):
1103         (JSC::JSStack::addToCommittedByteCount):
1104         (JSC::JSStack::committedByteCount):
1105         * jit/JITThunks.h:
1106         * profiler/ProfilerDatabase.h:
1107
1108 2015-08-05  Saam barati  <saambarati1@gmail.com>
1109
1110         Replace JSFunctionNameScope with JSLexicalEnvironment for the function name scope.
1111         https://bugs.webkit.org/show_bug.cgi?id=147657
1112
1113         Reviewed by Mark Lam.
1114
1115         This kills the last of the name scope objects. Function name scopes are
1116         now built on top of the scoping mechanisms introduced with ES6 block scoping.
1117         A name scope is now just a JSLexicalEnvironment.  We treat assignments to the
1118         function name scoped variable carefully depending on if the function is in
1119         strict mode. If we're in strict mode, then we treat the variable exactly
1120         like a "const" variable. If we're not in strict mode, we can't treat
1121         this variable like like ES6 "const" because that would cause the bytecode
1122         generator to throw an exception when it shouldn't.
1123
1124         * CMakeLists.txt:
1125         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1126         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1127         * JavaScriptCore.xcodeproj/project.pbxproj:
1128         * bytecode/BytecodeList.json:
1129         * bytecode/BytecodeUseDef.h:
1130         (JSC::computeUsesForBytecodeOffset):
1131         (JSC::computeDefsForBytecodeOffset):
1132         * bytecode/CodeBlock.cpp:
1133         (JSC::CodeBlock::dumpBytecode):
1134         * bytecompiler/BytecodeGenerator.cpp:
1135         (JSC::BytecodeGenerator::BytecodeGenerator):
1136         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
1137         (JSC::BytecodeGenerator::pushLexicalScope):
1138         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
1139         (JSC::BytecodeGenerator::variable):
1140         (JSC::BytecodeGenerator::resolveType):
1141         (JSC::BytecodeGenerator::emitThrowTypeError):
1142         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
1143         (JSC::BytecodeGenerator::pushScopedControlFlowContext):
1144         (JSC::BytecodeGenerator::emitPushCatchScope):
1145         * bytecompiler/BytecodeGenerator.h:
1146         * bytecompiler/NodesCodegen.cpp:
1147         * debugger/DebuggerScope.cpp:
1148         * dfg/DFGOperations.cpp:
1149         * interpreter/Interpreter.cpp:
1150         * jit/JIT.cpp:
1151         (JSC::JIT::privateCompileMainPass):
1152         * jit/JIT.h:
1153         * jit/JITOpcodes.cpp:
1154         (JSC::JIT::emit_op_to_string):
1155         (JSC::JIT::emit_op_catch):
1156         (JSC::JIT::emit_op_push_name_scope): Deleted.
1157         * jit/JITOpcodes32_64.cpp:
1158         (JSC::JIT::emitSlow_op_to_string):
1159         (JSC::JIT::emit_op_catch):
1160         (JSC::JIT::emit_op_push_name_scope): Deleted.
1161         * jit/JITOperations.cpp:
1162         (JSC::pushNameScope): Deleted.
1163         * llint/LLIntSlowPaths.cpp:
1164         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
1165         * llint/LLIntSlowPaths.h:
1166         * llint/LowLevelInterpreter.asm:
1167         * parser/Nodes.cpp:
1168         * runtime/CommonSlowPaths.cpp:
1169         * runtime/Executable.cpp:
1170         (JSC::ScriptExecutable::newCodeBlockFor):
1171         * runtime/JSFunctionNameScope.cpp: Removed.
1172         * runtime/JSFunctionNameScope.h: Removed.
1173         * runtime/JSGlobalObject.cpp:
1174         (JSC::JSGlobalObject::init):
1175         (JSC::JSGlobalObject::visitChildren):
1176         * runtime/JSGlobalObject.h:
1177         (JSC::JSGlobalObject::withScopeStructure):
1178         (JSC::JSGlobalObject::strictEvalActivationStructure):
1179         (JSC::JSGlobalObject::activationStructure):
1180         (JSC::JSGlobalObject::directArgumentsStructure):
1181         (JSC::JSGlobalObject::scopedArgumentsStructure):
1182         (JSC::JSGlobalObject::outOfBandArgumentsStructure):
1183         (JSC::JSGlobalObject::functionNameScopeStructure): Deleted.
1184         * runtime/JSNameScope.cpp: Removed.
1185         * runtime/JSNameScope.h: Removed.
1186         * runtime/JSObject.cpp:
1187         (JSC::JSObject::toThis):
1188         (JSC::JSObject::seal):
1189         (JSC::JSObject::isFunctionNameScopeObject): Deleted.
1190         * runtime/JSObject.h:
1191         * runtime/JSScope.cpp:
1192         (JSC::JSScope::isCatchScope):
1193         (JSC::JSScope::isFunctionNameScopeObject):
1194         (JSC::resolveModeName):
1195         * runtime/JSScope.h:
1196         * runtime/JSSymbolTableObject.cpp:
1197         * runtime/SymbolTable.h:
1198         * runtime/VM.cpp:
1199
1200 2015-08-05  Joseph Pecoraro  <pecoraro@apple.com>
1201
1202         Web Inspector: Improve Support for PropertyName Iterator (Reflect.enumerate) in Inspector
1203         https://bugs.webkit.org/show_bug.cgi?id=147679
1204
1205         Reviewed by Timothy Hatcher.
1206
1207         Improve native iterator support for the PropertyName Iterator by
1208         allowing inspection of the internal object within the iterator
1209         and peeking of the next upcoming values of the iterator.
1210
1211         * inspector/JSInjectedScriptHost.cpp:
1212         (Inspector::JSInjectedScriptHost::subtype):
1213         (Inspector::JSInjectedScriptHost::getInternalProperties):
1214         (Inspector::JSInjectedScriptHost::iteratorEntries):
1215         * runtime/JSPropertyNameIterator.h:
1216         (JSC::JSPropertyNameIterator::iteratedValue):
1217
1218 2015-08-04  Brent Fulgham  <bfulgham@apple.com>
1219
1220         [Win] Update Apple Windows build for VS2015
1221         https://bugs.webkit.org/show_bug.cgi?id=147653
1222
1223         Reviewed by Dean Jackson.
1224
1225         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Drive-by-fix.
1226         Show JSC files in proper project locations in IDE.
1227
1228 2015-08-04  Joseph Pecoraro  <pecoraro@apple.com>
1229
1230         Web Inspector: Object previews for SVG elements shows SVGAnimatedString instead of text
1231         https://bugs.webkit.org/show_bug.cgi?id=147328
1232
1233         Reviewed by Timothy Hatcher.
1234
1235         * inspector/InjectedScriptSource.js:
1236         Use classList and classList.toString instead of className.
1237
1238 2015-08-04  Yusuke Suzuki  <utatane.tea@gmail.com>
1239
1240         [ES6] Support Module Syntax
1241         https://bugs.webkit.org/show_bug.cgi?id=147422
1242
1243         Reviewed by Saam Barati.
1244
1245         This patch introduces ES6 Modules syntax parsing part.
1246         In this patch, ASTBuilder just produces the corresponding nodes to the ES6 Modules syntax,
1247         and this patch does not include the code generator part.
1248
1249         Modules require 2 phase parsing. In the first pass, we just analyze the dependent modules
1250         and do not execute the body or construct the AST. And after analyzing all the dependent
1251         modules, we will parse the dependent modules next.
1252         After all analyzing part is done, we will start the second pass. In the second pass, we
1253         will parse the module, produce the AST, and execute the body.
1254         If we don't do so, we need to create all the ASTs in the module's dependent graph at first
1255         because the given module can be executed after the all dependent modules are executed. It
1256         means that we need to hold so many parser arenas. To avoid this, the first pass only extracts
1257         the dependent modules' information.
1258
1259         In this patch, we don't add this analyzing part yet. This patch only implements the second pass.
1260         This patch aims at just implementing the syntax parsing functionality correctly.
1261         After this patch is landed, we will create the ModuleDependencyAnalyzer that inherits SyntaxChecker
1262         to collect the dependent modules fast[1].
1263
1264         To test the parsing, we added the "checkModuleSyntax" function into jsc shell.
1265         By using this, we can parse the given string as the module.
1266
1267         [1]: https://bugs.webkit.org/show_bug.cgi?id=147353
1268
1269         * bytecompiler/NodesCodegen.cpp:
1270         (JSC::ModuleProgramNode::emitBytecode):
1271         (JSC::ImportDeclarationNode::emitBytecode):
1272         (JSC::ExportAllDeclarationNode::emitBytecode):
1273         (JSC::ExportDefaultDeclarationNode::emitBytecode):
1274         (JSC::ExportLocalDeclarationNode::emitBytecode):
1275         (JSC::ExportNamedDeclarationNode::emitBytecode):
1276         * jsc.cpp:
1277         (GlobalObject::finishCreation):
1278         (functionCheckModuleSyntax):
1279         * parser/ASTBuilder.h:
1280         (JSC::ASTBuilder::createModuleSpecifier):
1281         (JSC::ASTBuilder::createImportSpecifier):
1282         (JSC::ASTBuilder::createImportSpecifierList):
1283         (JSC::ASTBuilder::appendImportSpecifier):
1284         (JSC::ASTBuilder::createImportDeclaration):
1285         (JSC::ASTBuilder::createExportAllDeclaration):
1286         (JSC::ASTBuilder::createExportDefaultDeclaration):
1287         (JSC::ASTBuilder::createExportLocalDeclaration):
1288         (JSC::ASTBuilder::createExportNamedDeclaration):
1289         (JSC::ASTBuilder::createExportSpecifier):
1290         (JSC::ASTBuilder::createExportSpecifierList):
1291         (JSC::ASTBuilder::appendExportSpecifier):
1292         * parser/Keywords.table:
1293         * parser/NodeConstructors.h:
1294         (JSC::ModuleSpecifierNode::ModuleSpecifierNode):
1295         (JSC::ImportSpecifierNode::ImportSpecifierNode):
1296         (JSC::ImportDeclarationNode::ImportDeclarationNode):
1297         (JSC::ExportAllDeclarationNode::ExportAllDeclarationNode):
1298         (JSC::ExportDefaultDeclarationNode::ExportDefaultDeclarationNode):
1299         (JSC::ExportLocalDeclarationNode::ExportLocalDeclarationNode):
1300         (JSC::ExportNamedDeclarationNode::ExportNamedDeclarationNode):
1301         (JSC::ExportSpecifierNode::ExportSpecifierNode):
1302         * parser/Nodes.cpp:
1303         (JSC::ModuleProgramNode::ModuleProgramNode):
1304         * parser/Nodes.h:
1305         (JSC::ModuleProgramNode::startColumn):
1306         (JSC::ModuleProgramNode::endColumn):
1307         (JSC::ModuleSpecifierNode::moduleName):
1308         (JSC::ImportSpecifierNode::importedName):
1309         (JSC::ImportSpecifierNode::localName):
1310         (JSC::ImportSpecifierListNode::specifiers):
1311         (JSC::ImportSpecifierListNode::append):
1312         (JSC::ImportDeclarationNode::specifierList):
1313         (JSC::ImportDeclarationNode::moduleSpecifier):
1314         (JSC::ExportAllDeclarationNode::moduleSpecifier):
1315         (JSC::ExportDefaultDeclarationNode::declaration):
1316         (JSC::ExportLocalDeclarationNode::declaration):
1317         (JSC::ExportSpecifierNode::exportedName):
1318         (JSC::ExportSpecifierNode::localName):
1319         (JSC::ExportSpecifierListNode::specifiers):
1320         (JSC::ExportSpecifierListNode::append):
1321         (JSC::ExportNamedDeclarationNode::specifierList):
1322         (JSC::ExportNamedDeclarationNode::moduleSpecifier):
1323         * parser/Parser.cpp:
1324         (JSC::Parser<LexerType>::Parser):
1325         (JSC::Parser<LexerType>::parseInner):
1326         (JSC::Parser<LexerType>::parseModuleSourceElements):
1327         (JSC::Parser<LexerType>::parseVariableDeclaration):
1328         (JSC::Parser<LexerType>::parseVariableDeclarationList):
1329         (JSC::Parser<LexerType>::createBindingPattern):
1330         (JSC::Parser<LexerType>::tryParseDestructuringPatternExpression):
1331         (JSC::Parser<LexerType>::parseDestructuringPattern):
1332         (JSC::Parser<LexerType>::parseForStatement):
1333         (JSC::Parser<LexerType>::parseFormalParameters):
1334         (JSC::Parser<LexerType>::parseFunctionParameters):
1335         (JSC::Parser<LexerType>::parseFunctionDeclaration):
1336         (JSC::Parser<LexerType>::parseClassDeclaration):
1337         (JSC::Parser<LexerType>::parseModuleSpecifier):
1338         (JSC::Parser<LexerType>::parseImportClauseItem):
1339         (JSC::Parser<LexerType>::parseImportDeclaration):
1340         (JSC::Parser<LexerType>::parseExportSpecifier):
1341         (JSC::Parser<LexerType>::parseExportDeclaration):
1342         (JSC::Parser<LexerType>::parseMemberExpression):
1343         * parser/Parser.h:
1344         (JSC::isIdentifierOrKeyword):
1345         (JSC::ModuleScopeData::create):
1346         (JSC::ModuleScopeData::exportedBindings):
1347         (JSC::ModuleScopeData::exportName):
1348         (JSC::ModuleScopeData::exportBinding):
1349         (JSC::Scope::Scope):
1350         (JSC::Scope::setIsModule):
1351         (JSC::Scope::moduleScopeData):
1352         (JSC::Parser::matchContextualKeyword):
1353         (JSC::Parser::matchIdentifierOrKeyword):
1354         (JSC::Parser::isofToken): Deleted.
1355         * parser/ParserModes.h:
1356         * parser/ParserTokens.h:
1357         * parser/SyntaxChecker.h:
1358         (JSC::SyntaxChecker::createModuleSpecifier):
1359         (JSC::SyntaxChecker::createImportSpecifier):
1360         (JSC::SyntaxChecker::createImportSpecifierList):
1361         (JSC::SyntaxChecker::appendImportSpecifier):
1362         (JSC::SyntaxChecker::createImportDeclaration):
1363         (JSC::SyntaxChecker::createExportAllDeclaration):
1364         (JSC::SyntaxChecker::createExportDefaultDeclaration):
1365         (JSC::SyntaxChecker::createExportLocalDeclaration):
1366         (JSC::SyntaxChecker::createExportNamedDeclaration):
1367         (JSC::SyntaxChecker::createExportSpecifier):
1368         (JSC::SyntaxChecker::createExportSpecifierList):
1369         (JSC::SyntaxChecker::appendExportSpecifier):
1370         * runtime/CommonIdentifiers.cpp:
1371         (JSC::CommonIdentifiers::CommonIdentifiers):
1372         * runtime/CommonIdentifiers.h:
1373         * runtime/Completion.cpp:
1374         (JSC::checkModuleSyntax):
1375         * runtime/Completion.h:
1376         * tests/stress/modules-syntax-error-with-names.js: Added.
1377         (shouldThrow):
1378         * tests/stress/modules-syntax-error.js: Added.
1379         (shouldThrow):
1380         (checkModuleSyntaxError.checkModuleSyntaxError.checkModuleSyntaxError):
1381         * tests/stress/modules-syntax.js: Added.
1382         (prototype.checkModuleSyntax):
1383         (checkModuleSyntax):
1384         * tests/stress/tagged-templates-syntax.js:
1385
1386 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
1387
1388         Introduce COMPILER(GCC_OR_CLANG) guard and make COMPILER(GCC) true only for GCC
1389         https://bugs.webkit.org/show_bug.cgi?id=146833
1390
1391         Reviewed by Alexey Proskuryakov.
1392
1393         * assembler/ARM64Assembler.h:
1394         * assembler/ARMAssembler.h:
1395         (JSC::ARMAssembler::cacheFlush):
1396         * assembler/MacroAssemblerARM.cpp:
1397         (JSC::isVFPPresent):
1398         * assembler/MacroAssemblerX86Common.h:
1399         (JSC::MacroAssemblerX86Common::isSSE2Present):
1400         * heap/MachineStackMarker.h:
1401         * interpreter/StackVisitor.cpp: Removed redundant COMPILER(CLANG) guards.
1402         (JSC::logF):
1403         * jit/HostCallReturnValue.h:
1404         * jit/JIT.h:
1405         * jit/JITOperations.cpp:
1406         * jit/JITStubsARM.h:
1407         * jit/JITStubsARMv7.h:
1408         * jit/JITStubsX86.h:
1409         * jit/JITStubsX86Common.h:
1410         * jit/JITStubsX86_64.h:
1411         * jit/ThunkGenerators.cpp:
1412         * runtime/JSExportMacros.h:
1413         * runtime/MathCommon.h: Removed redundant COMPILER(CLANG) guard.
1414         (JSC::clz32):
1415
1416 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1417
1418         Unreviewed, fix uninitialized property leading to an assert.
1419
1420         * runtime/PutPropertySlot.h:
1421         (JSC::PutPropertySlot::PutPropertySlot):
1422
1423 2015-08-03  Filip Pizlo  <fpizlo@apple.com>
1424
1425         Unreviewed, fix Windows.
1426
1427         * bytecode/ObjectPropertyConditionSet.h:
1428         (JSC::ObjectPropertyConditionSet::fromRawPointer):
1429
1430 2015-07-31  Filip Pizlo  <fpizlo@apple.com>
1431
1432         DFG should have adaptive structure watchpoints
1433         https://bugs.webkit.org/show_bug.cgi?id=146929
1434
1435         Reviewed by Geoffrey Garen.
1436
1437         Before this change, if you wanted to efficiently validate whether an object has (or doesn't have) a
1438         property, you'd check that the object still has the structure that you first saw the object have. We
1439         optimized this a bit with transition watchpoints on the structure, which sometimes allowed us to
1440         elide the structure check.
1441
1442         But this approach fails when that object frequently has new properties added to it. This would
1443         change the structure and fire the transition watchpoint, so the code we emitted would be invalid and
1444         we'd have to recompile either the IC or an entire code block.
1445
1446         This change introduces a new concept: an object property condition. This value describes some
1447         condition involving a property on some object. There are four kinds: presence, absence,
1448         absence-of-setter, and equivalence. For example, a presence condition says that we expect that the
1449         object has some property at some offset with some attributes. This allows us to implement a new kind
1450         of watchpoint, which knows about the object property condition that it's being used to enforce. If
1451         the watchpoint fires because of a structure transition, the watchpoint may simply reinstall itself
1452         on the new structure.
1453
1454         Object property conditions are used on the prototype chain of PutById transitions, GetById misses,
1455         and prototype accesses. They are also used for any DFG accesses to object constants, including
1456         global property accesses.
1457
1458         Mostly because of the effect on global property access, this is a 9% speed-up on Kraken. It's
1459         neutral on most other things. It's a 68x speed-up on a microbenchmark that illustrates the prototype
1460         chain situation. It's also a small speed-up on getter-richards.
1461
1462         * CMakeLists.txt:
1463         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1464         * JavaScriptCore.xcodeproj/project.pbxproj:
1465         * bytecode/CodeBlock.cpp:
1466         (JSC::CodeBlock::printGetByIdCacheStatus):
1467         (JSC::CodeBlock::printPutByIdCacheStatus):
1468         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
1469         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
1470         * bytecode/ComplexGetStatus.cpp:
1471         (JSC::ComplexGetStatus::computeFor):
1472         * bytecode/ComplexGetStatus.h:
1473         (JSC::ComplexGetStatus::ComplexGetStatus):
1474         (JSC::ComplexGetStatus::takesSlowPath):
1475         (JSC::ComplexGetStatus::kind):
1476         (JSC::ComplexGetStatus::offset):
1477         (JSC::ComplexGetStatus::conditionSet):
1478         (JSC::ComplexGetStatus::attributes): Deleted.
1479         (JSC::ComplexGetStatus::specificValue): Deleted.
1480         (JSC::ComplexGetStatus::chain): Deleted.
1481         * bytecode/ConstantStructureCheck.cpp: Removed.
1482         * bytecode/ConstantStructureCheck.h: Removed.
1483         * bytecode/GetByIdStatus.cpp:
1484         (JSC::GetByIdStatus::computeForStubInfo):
1485         * bytecode/GetByIdVariant.cpp:
1486         (JSC::GetByIdVariant::GetByIdVariant):
1487         (JSC::GetByIdVariant::~GetByIdVariant):
1488         (JSC::GetByIdVariant::operator=):
1489         (JSC::GetByIdVariant::attemptToMerge):
1490         (JSC::GetByIdVariant::dumpInContext):
1491         (JSC::GetByIdVariant::baseStructure): Deleted.
1492         * bytecode/GetByIdVariant.h:
1493         (JSC::GetByIdVariant::operator!):
1494         (JSC::GetByIdVariant::structureSet):
1495         (JSC::GetByIdVariant::conditionSet):
1496         (JSC::GetByIdVariant::offset):
1497         (JSC::GetByIdVariant::callLinkStatus):
1498         (JSC::GetByIdVariant::constantChecks): Deleted.
1499         (JSC::GetByIdVariant::alternateBase): Deleted.
1500         * bytecode/ObjectPropertyCondition.cpp: Added.
1501         (JSC::ObjectPropertyCondition::dumpInContext):
1502         (JSC::ObjectPropertyCondition::dump):
1503         (JSC::ObjectPropertyCondition::structureEnsuresValidityAssumingImpurePropertyWatchpoint):
1504         (JSC::ObjectPropertyCondition::validityRequiresImpurePropertyWatchpoint):
1505         (JSC::ObjectPropertyCondition::isStillValid):
1506         (JSC::ObjectPropertyCondition::structureEnsuresValidity):
1507         (JSC::ObjectPropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
1508         (JSC::ObjectPropertyCondition::isWatchable):
1509         (JSC::ObjectPropertyCondition::isStillLive):
1510         (JSC::ObjectPropertyCondition::validateReferences):
1511         (JSC::ObjectPropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
1512         * bytecode/ObjectPropertyCondition.h: Added.
1513         (JSC::ObjectPropertyCondition::ObjectPropertyCondition):
1514         (JSC::ObjectPropertyCondition::presenceWithoutBarrier):
1515         (JSC::ObjectPropertyCondition::presence):
1516         (JSC::ObjectPropertyCondition::absenceWithoutBarrier):
1517         (JSC::ObjectPropertyCondition::absence):
1518         (JSC::ObjectPropertyCondition::absenceOfSetterWithoutBarrier):
1519         (JSC::ObjectPropertyCondition::absenceOfSetter):
1520         (JSC::ObjectPropertyCondition::equivalenceWithoutBarrier):
1521         (JSC::ObjectPropertyCondition::equivalence):
1522         (JSC::ObjectPropertyCondition::operator!):
1523         (JSC::ObjectPropertyCondition::object):
1524         (JSC::ObjectPropertyCondition::condition):
1525         (JSC::ObjectPropertyCondition::kind):
1526         (JSC::ObjectPropertyCondition::uid):
1527         (JSC::ObjectPropertyCondition::hasOffset):
1528         (JSC::ObjectPropertyCondition::offset):
1529         (JSC::ObjectPropertyCondition::hasAttributes):
1530         (JSC::ObjectPropertyCondition::attributes):
1531         (JSC::ObjectPropertyCondition::hasPrototype):
1532         (JSC::ObjectPropertyCondition::prototype):
1533         (JSC::ObjectPropertyCondition::hasRequiredValue):
1534         (JSC::ObjectPropertyCondition::requiredValue):
1535         (JSC::ObjectPropertyCondition::hash):
1536         (JSC::ObjectPropertyCondition::operator==):
1537         (JSC::ObjectPropertyCondition::isHashTableDeletedValue):
1538         (JSC::ObjectPropertyCondition::isCompatibleWith):
1539         (JSC::ObjectPropertyCondition::watchingRequiresStructureTransitionWatchpoint):
1540         (JSC::ObjectPropertyCondition::watchingRequiresReplacementWatchpoint):
1541         (JSC::ObjectPropertyCondition::isValidValueForPresence):
1542         (JSC::ObjectPropertyConditionHash::hash):
1543         (JSC::ObjectPropertyConditionHash::equal):
1544         * bytecode/ObjectPropertyConditionSet.cpp: Added.
1545         (JSC::ObjectPropertyConditionSet::forObject):
1546         (JSC::ObjectPropertyConditionSet::forConditionKind):
1547         (JSC::ObjectPropertyConditionSet::numberOfConditionsWithKind):
1548         (JSC::ObjectPropertyConditionSet::hasOneSlotBaseCondition):
1549         (JSC::ObjectPropertyConditionSet::slotBaseCondition):
1550         (JSC::ObjectPropertyConditionSet::mergedWith):
1551         (JSC::ObjectPropertyConditionSet::structuresEnsureValidity):
1552         (JSC::ObjectPropertyConditionSet::structuresEnsureValidityAssumingImpurePropertyWatchpoint):
1553         (JSC::ObjectPropertyConditionSet::needImpurePropertyWatchpoint):
1554         (JSC::ObjectPropertyConditionSet::areStillLive):
1555         (JSC::ObjectPropertyConditionSet::dumpInContext):
1556         (JSC::ObjectPropertyConditionSet::dump):
1557         (JSC::generateConditionsForPropertyMiss):
1558         (JSC::generateConditionsForPropertySetterMiss):
1559         (JSC::generateConditionsForPrototypePropertyHit):
1560         (JSC::generateConditionsForPrototypePropertyHitCustom):
1561         (JSC::generateConditionsForPropertySetterMissConcurrently):
1562         * bytecode/ObjectPropertyConditionSet.h: Added.
1563         (JSC::ObjectPropertyConditionSet::ObjectPropertyConditionSet):
1564         (JSC::ObjectPropertyConditionSet::invalid):
1565         (JSC::ObjectPropertyConditionSet::nonEmpty):
1566         (JSC::ObjectPropertyConditionSet::isValid):
1567         (JSC::ObjectPropertyConditionSet::isEmpty):
1568         (JSC::ObjectPropertyConditionSet::begin):
1569         (JSC::ObjectPropertyConditionSet::end):
1570         (JSC::ObjectPropertyConditionSet::releaseRawPointer):
1571         (JSC::ObjectPropertyConditionSet::adoptRawPointer):
1572         (JSC::ObjectPropertyConditionSet::fromRawPointer):
1573         (JSC::ObjectPropertyConditionSet::Data::Data):
1574         * bytecode/PolymorphicGetByIdList.cpp:
1575         (JSC::GetByIdAccess::GetByIdAccess):
1576         (JSC::GetByIdAccess::~GetByIdAccess):
1577         (JSC::GetByIdAccess::visitWeak):
1578         * bytecode/PolymorphicGetByIdList.h:
1579         (JSC::GetByIdAccess::GetByIdAccess):
1580         (JSC::GetByIdAccess::structure):
1581         (JSC::GetByIdAccess::conditionSet):
1582         (JSC::GetByIdAccess::stubRoutine):
1583         (JSC::GetByIdAccess::chain): Deleted.
1584         (JSC::GetByIdAccess::chainCount): Deleted.
1585         * bytecode/PolymorphicPutByIdList.cpp:
1586         (JSC::PutByIdAccess::fromStructureStubInfo):
1587         (JSC::PutByIdAccess::visitWeak):
1588         * bytecode/PolymorphicPutByIdList.h:
1589         (JSC::PutByIdAccess::PutByIdAccess):
1590         (JSC::PutByIdAccess::transition):
1591         (JSC::PutByIdAccess::setter):
1592         (JSC::PutByIdAccess::newStructure):
1593         (JSC::PutByIdAccess::conditionSet):
1594         (JSC::PutByIdAccess::stubRoutine):
1595         (JSC::PutByIdAccess::chain): Deleted.
1596         (JSC::PutByIdAccess::chainCount): Deleted.
1597         * bytecode/PropertyCondition.cpp: Added.
1598         (JSC::PropertyCondition::dumpInContext):
1599         (JSC::PropertyCondition::dump):
1600         (JSC::PropertyCondition::isStillValidAssumingImpurePropertyWatchpoint):
1601         (JSC::PropertyCondition::validityRequiresImpurePropertyWatchpoint):
1602         (JSC::PropertyCondition::isStillValid):
1603         (JSC::PropertyCondition::isWatchableWhenValid):
1604         (JSC::PropertyCondition::isWatchableAssumingImpurePropertyWatchpoint):
1605         (JSC::PropertyCondition::isWatchable):
1606         (JSC::PropertyCondition::isStillLive):
1607         (JSC::PropertyCondition::validateReferences):
1608         (JSC::PropertyCondition::isValidValueForAttributes):
1609         (JSC::PropertyCondition::isValidValueForPresence):
1610         (JSC::PropertyCondition::attemptToMakeEquivalenceWithoutBarrier):
1611         (WTF::printInternal):
1612         * bytecode/PropertyCondition.h: Added.
1613         (JSC::PropertyCondition::PropertyCondition):
1614         (JSC::PropertyCondition::presenceWithoutBarrier):
1615         (JSC::PropertyCondition::presence):
1616         (JSC::PropertyCondition::absenceWithoutBarrier):
1617         (JSC::PropertyCondition::absence):
1618         (JSC::PropertyCondition::absenceOfSetterWithoutBarrier):
1619         (JSC::PropertyCondition::absenceOfSetter):
1620         (JSC::PropertyCondition::equivalenceWithoutBarrier):
1621         (JSC::PropertyCondition::equivalence):
1622         (JSC::PropertyCondition::operator!):
1623         (JSC::PropertyCondition::kind):
1624         (JSC::PropertyCondition::uid):
1625         (JSC::PropertyCondition::hasOffset):
1626         (JSC::PropertyCondition::offset):
1627         (JSC::PropertyCondition::hasAttributes):
1628         (JSC::PropertyCondition::attributes):
1629         (JSC::PropertyCondition::hasPrototype):
1630         (JSC::PropertyCondition::prototype):
1631         (JSC::PropertyCondition::hasRequiredValue):
1632         (JSC::PropertyCondition::requiredValue):
1633         (JSC::PropertyCondition::hash):
1634         (JSC::PropertyCondition::operator==):
1635         (JSC::PropertyCondition::isHashTableDeletedValue):
1636         (JSC::PropertyCondition::isCompatibleWith):
1637         (JSC::PropertyCondition::watchingRequiresStructureTransitionWatchpoint):
1638         (JSC::PropertyCondition::watchingRequiresReplacementWatchpoint):
1639         (JSC::PropertyConditionHash::hash):
1640         (JSC::PropertyConditionHash::equal):
1641         * bytecode/PutByIdStatus.cpp:
1642         (JSC::PutByIdStatus::computeFromLLInt):
1643         (JSC::PutByIdStatus::computeFor):
1644         (JSC::PutByIdStatus::computeForStubInfo):
1645         * bytecode/PutByIdVariant.cpp:
1646         (JSC::PutByIdVariant::operator=):
1647         (JSC::PutByIdVariant::transition):
1648         (JSC::PutByIdVariant::setter):
1649         (JSC::PutByIdVariant::makesCalls):
1650         (JSC::PutByIdVariant::attemptToMerge):
1651         (JSC::PutByIdVariant::attemptToMergeTransitionWithReplace):
1652         (JSC::PutByIdVariant::dumpInContext):
1653         (JSC::PutByIdVariant::baseStructure): Deleted.
1654         * bytecode/PutByIdVariant.h:
1655         (JSC::PutByIdVariant::PutByIdVariant):
1656         (JSC::PutByIdVariant::kind):
1657         (JSC::PutByIdVariant::structure):
1658         (JSC::PutByIdVariant::structureSet):
1659         (JSC::PutByIdVariant::oldStructure):
1660         (JSC::PutByIdVariant::conditionSet):
1661         (JSC::PutByIdVariant::offset):
1662         (JSC::PutByIdVariant::callLinkStatus):
1663         (JSC::PutByIdVariant::constantChecks): Deleted.
1664         (JSC::PutByIdVariant::alternateBase): Deleted.
1665         * bytecode/StructureStubClearingWatchpoint.cpp:
1666         (JSC::StructureStubClearingWatchpoint::~StructureStubClearingWatchpoint):
1667         (JSC::StructureStubClearingWatchpoint::push):
1668         (JSC::StructureStubClearingWatchpoint::fireInternal):
1669         (JSC::WatchpointsOnStructureStubInfo::~WatchpointsOnStructureStubInfo):
1670         (JSC::WatchpointsOnStructureStubInfo::addWatchpoint):
1671         (JSC::WatchpointsOnStructureStubInfo::ensureReferenceAndAddWatchpoint):
1672         * bytecode/StructureStubClearingWatchpoint.h:
1673         (JSC::StructureStubClearingWatchpoint::StructureStubClearingWatchpoint):
1674         (JSC::WatchpointsOnStructureStubInfo::codeBlock):
1675         (JSC::WatchpointsOnStructureStubInfo::stubInfo):
1676         * bytecode/StructureStubInfo.cpp:
1677         (JSC::StructureStubInfo::deref):
1678         (JSC::StructureStubInfo::visitWeakReferences):
1679         * bytecode/StructureStubInfo.h:
1680         (JSC::StructureStubInfo::initPutByIdTransition):
1681         (JSC::StructureStubInfo::initPutByIdReplace):
1682         (JSC::StructureStubInfo::setSeen):
1683         (JSC::StructureStubInfo::addWatchpoint):
1684         * dfg/DFGAbstractInterpreterInlines.h:
1685         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1686         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.cpp: Added.
1687         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::AdaptiveInferredPropertyValueWatchpoint):
1688         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::install):
1689         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::fire):
1690         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::fireInternal):
1691         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::fireInternal):
1692         * dfg/DFGAdaptiveInferredPropertyValueWatchpoint.h: Added.
1693         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::key):
1694         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::StructureWatchpoint::StructureWatchpoint):
1695         (JSC::DFG::AdaptiveInferredPropertyValueWatchpoint::PropertyWatchpoint::PropertyWatchpoint):
1696         * dfg/DFGAdaptiveStructureWatchpoint.cpp: Added.
1697         (JSC::DFG::AdaptiveStructureWatchpoint::AdaptiveStructureWatchpoint):
1698         (JSC::DFG::AdaptiveStructureWatchpoint::install):
1699         (JSC::DFG::AdaptiveStructureWatchpoint::fireInternal):
1700         * dfg/DFGAdaptiveStructureWatchpoint.h: Added.
1701         (JSC::DFG::AdaptiveStructureWatchpoint::key):
1702         * dfg/DFGByteCodeParser.cpp:
1703         (JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
1704         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1705         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1706         (JSC::DFG::ByteCodeParser::handlePutByOffset):
1707         (JSC::DFG::ByteCodeParser::check):
1708         (JSC::DFG::ByteCodeParser::promoteToConstant):
1709         (JSC::DFG::ByteCodeParser::planLoad):
1710         (JSC::DFG::ByteCodeParser::load):
1711         (JSC::DFG::ByteCodeParser::presenceLike):
1712         (JSC::DFG::ByteCodeParser::checkPresenceLike):
1713         (JSC::DFG::ByteCodeParser::store):
1714         (JSC::DFG::ByteCodeParser::handleGetById):
1715         (JSC::DFG::ByteCodeParser::handlePutById):
1716         (JSC::DFG::ByteCodeParser::parseBlock):
1717         (JSC::DFG::ByteCodeParser::emitChecks): Deleted.
1718         * dfg/DFGCommonData.cpp:
1719         (JSC::DFG::CommonData::validateReferences):
1720         * dfg/DFGCommonData.h:
1721         * dfg/DFGConstantFoldingPhase.cpp:
1722         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1723         (JSC::DFG::ConstantFoldingPhase::emitGetByOffset):
1724         (JSC::DFG::ConstantFoldingPhase::addBaseCheck):
1725         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
1726         (JSC::DFG::ConstantFoldingPhase::addChecks): Deleted.
1727         * dfg/DFGDesiredWatchpoints.cpp:
1728         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::add):
1729         (JSC::DFG::InferredValueAdaptor::add):
1730         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::add):
1731         (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
1732         (JSC::DFG::DesiredWatchpoints::addLazily):
1733         (JSC::DFG::DesiredWatchpoints::consider):
1734         (JSC::DFG::DesiredWatchpoints::reallyAdd):
1735         (JSC::DFG::DesiredWatchpoints::areStillValid):
1736         (JSC::DFG::DesiredWatchpoints::dumpInContext):
1737         * dfg/DFGDesiredWatchpoints.h:
1738         (JSC::DFG::SetPointerAdaptor::add):
1739         (JSC::DFG::SetPointerAdaptor::hasBeenInvalidated):
1740         (JSC::DFG::SetPointerAdaptor::dumpInContext):
1741         (JSC::DFG::InferredValueAdaptor::hasBeenInvalidated):
1742         (JSC::DFG::InferredValueAdaptor::dumpInContext):
1743         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::hasBeenInvalidated):
1744         (JSC::DFG::ArrayBufferViewWatchpointAdaptor::dumpInContext):
1745         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::hasBeenInvalidated):
1746         (JSC::DFG::AdaptiveStructureWatchpointAdaptor::dumpInContext):
1747         (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
1748         (JSC::DFG::GenericDesiredWatchpoints::isWatched):
1749         (JSC::DFG::GenericDesiredWatchpoints::dumpInContext):
1750         (JSC::DFG::DesiredWatchpoints::isWatched):
1751         (JSC::DFG::GenericSetAdaptor::add): Deleted.
1752         (JSC::DFG::GenericSetAdaptor::hasBeenInvalidated): Deleted.
1753         * dfg/DFGDesiredWeakReferences.cpp:
1754         (JSC::DFG::DesiredWeakReferences::addLazily):
1755         (JSC::DFG::DesiredWeakReferences::contains):
1756         * dfg/DFGDesiredWeakReferences.h:
1757         * dfg/DFGGraph.cpp:
1758         (JSC::DFG::Graph::dump):
1759         (JSC::DFG::Graph::clearFlagsOnAllNodes):
1760         (JSC::DFG::Graph::watchCondition):
1761         (JSC::DFG::Graph::isSafeToLoad):
1762         (JSC::DFG::Graph::livenessFor):
1763         (JSC::DFG::Graph::tryGetConstantProperty):
1764         (JSC::DFG::Graph::visitChildren):
1765         * dfg/DFGGraph.h:
1766         (JSC::DFG::Graph::identifiers):
1767         (JSC::DFG::Graph::watchpoints):
1768         * dfg/DFGMultiGetByOffsetData.cpp: Added.
1769         (JSC::DFG::GetByOffsetMethod::dumpInContext):
1770         (JSC::DFG::GetByOffsetMethod::dump):
1771         (JSC::DFG::MultiGetByOffsetCase::dumpInContext):
1772         (JSC::DFG::MultiGetByOffsetCase::dump):
1773         (WTF::printInternal):
1774         * dfg/DFGMultiGetByOffsetData.h: Added.
1775         (JSC::DFG::GetByOffsetMethod::GetByOffsetMethod):
1776         (JSC::DFG::GetByOffsetMethod::constant):
1777         (JSC::DFG::GetByOffsetMethod::load):
1778         (JSC::DFG::GetByOffsetMethod::loadFromPrototype):
1779         (JSC::DFG::GetByOffsetMethod::operator!):
1780         (JSC::DFG::GetByOffsetMethod::kind):
1781         (JSC::DFG::GetByOffsetMethod::prototype):
1782         (JSC::DFG::GetByOffsetMethod::offset):
1783         (JSC::DFG::MultiGetByOffsetCase::MultiGetByOffsetCase):
1784         (JSC::DFG::MultiGetByOffsetCase::set):
1785         (JSC::DFG::MultiGetByOffsetCase::method):
1786         * dfg/DFGNode.h:
1787         * dfg/DFGSafeToExecute.h:
1788         (JSC::DFG::safeToExecute):
1789         * dfg/DFGStructureRegistrationPhase.cpp:
1790         (JSC::DFG::StructureRegistrationPhase::run):
1791         * ftl/FTLLowerDFGToLLVM.cpp:
1792         (JSC::FTL::DFG::LowerDFGToLLVM::compileMultiGetByOffset):
1793         * jit/Repatch.cpp:
1794         (JSC::repatchByIdSelfAccess):
1795         (JSC::checkObjectPropertyCondition):
1796         (JSC::checkObjectPropertyConditions):
1797         (JSC::replaceWithJump):
1798         (JSC::generateByIdStub):
1799         (JSC::actionForCell):
1800         (JSC::tryBuildGetByIDList):
1801         (JSC::emitPutReplaceStub):
1802         (JSC::emitPutTransitionStub):
1803         (JSC::tryCachePutByID):
1804         (JSC::tryBuildPutByIdList):
1805         (JSC::tryRepatchIn):
1806         (JSC::addStructureTransitionCheck): Deleted.
1807         (JSC::emitPutTransitionStubAndGetOldStructure): Deleted.
1808         * runtime/IntendedStructureChain.cpp: Removed.
1809         * runtime/IntendedStructureChain.h: Removed.
1810         * runtime/JSCJSValue.h:
1811         * runtime/JSObject.cpp:
1812         (JSC::throwTypeError):
1813         (JSC::JSObject::convertToDictionary):
1814         (JSC::JSObject::shiftButterflyAfterFlattening):
1815         * runtime/JSObject.h:
1816         (JSC::JSObject::flattenDictionaryObject):
1817         (JSC::JSObject::convertToDictionary): Deleted.
1818         * runtime/Operations.h:
1819         (JSC::normalizePrototypeChain):
1820         (JSC::normalizePrototypeChainForChainAccess): Deleted.
1821         (JSC::isPrototypeChainNormalized): Deleted.
1822         * runtime/PropertySlot.h:
1823         (JSC::PropertySlot::PropertySlot):
1824         (JSC::PropertySlot::slotBase):
1825         * runtime/Structure.cpp:
1826         (JSC::Structure::addPropertyTransition):
1827         (JSC::Structure::attributeChangeTransition):
1828         (JSC::Structure::toDictionaryTransition):
1829         (JSC::Structure::toCacheableDictionaryTransition):
1830         (JSC::Structure::toUncacheableDictionaryTransition):
1831         (JSC::Structure::ensurePropertyReplacementWatchpointSet):
1832         (JSC::Structure::startWatchingPropertyForReplacements):
1833         (JSC::Structure::didCachePropertyReplacement):
1834         (JSC::Structure::dump):
1835         * runtime/Structure.h:
1836         * runtime/VM.h:
1837         * tests/stress/fold-multi-get-by-offset-to-get-by-offset-without-folding-the-structure-check-new.js: Added.
1838         (foo):
1839         (bar):
1840         (baz):
1841         * tests/stress/multi-get-by-offset-self-or-proto.js: Added.
1842         (foo):
1843         * tests/stress/replacement-watchpoint-dictionary.js: Added.
1844         (foo):
1845         * tests/stress/replacement-watchpoint.js: Added.
1846         (foo):
1847         * tests/stress/undefined-access-dictionary-then-proto-change.js: Added.
1848         (foo):
1849         * tests/stress/undefined-access-then-proto-change.js: Added.
1850         (foo):
1851
1852 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1853
1854         JavascriptCore Crash in JSC::ASTBuilder::Property JSC::Parser<JSC::Lexer<unsigned char> >::parseProperty<JSC::ASTBuilder>(JSC::ASTBuilder&, bool)
1855         https://bugs.webkit.org/show_bug.cgi?id=147538
1856
1857         Reviewed by Geoffrey Garen.
1858
1859         Due to the order of the ARROWFUNCTION token in JSTokenType enum, it is categorized as the one of the Keyword.
1860         As a result, when lexing the property name that can take the keywords, the ARROWFUNCTION token is accidentally accepted.
1861         This patch changes the order of the ARROWFUNCTION token in JSTokenType to make it the operator token.
1862
1863         * parser/ParserTokens.h:
1864         * tests/stress/arrow-function-token-is-not-keyword.js: Added.
1865         (testSyntaxError):
1866
1867 2015-08-03  Keith Miller  <keith_miller@apple.com>
1868
1869         Clean up the naming for AST expression generation.
1870         https://bugs.webkit.org/show_bug.cgi?id=147581
1871
1872         Reviewed by Yusuke Suzuki.
1873
1874         * parser/ASTBuilder.h:
1875         (JSC::ASTBuilder::createThisExpr):
1876         (JSC::ASTBuilder::createSuperExpr):
1877         (JSC::ASTBuilder::createNewTargetExpr):
1878         (JSC::ASTBuilder::thisExpr): Deleted.
1879         (JSC::ASTBuilder::superExpr): Deleted.
1880         (JSC::ASTBuilder::newTargetExpr): Deleted.
1881         * parser/Parser.cpp:
1882         (JSC::Parser<LexerType>::parsePrimaryExpression):
1883         (JSC::Parser<LexerType>::parseMemberExpression):
1884         * parser/SyntaxChecker.h:
1885         (JSC::SyntaxChecker::createThisExpr):
1886         (JSC::SyntaxChecker::createSuperExpr):
1887         (JSC::SyntaxChecker::createNewTargetExpr):
1888         (JSC::SyntaxChecker::thisExpr): Deleted.
1889         (JSC::SyntaxChecker::superExpr): Deleted.
1890         (JSC::SyntaxChecker::newTargetExpr): Deleted.
1891
1892 2015-08-03  Yusuke Suzuki  <utatane.tea@gmail.com>
1893
1894         Don't set up the callsite to operationGetByValDefault when the optimization is already done
1895         https://bugs.webkit.org/show_bug.cgi?id=147577
1896
1897         Reviewed by Filip Pizlo.
1898
1899         operationGetByValDefault should be called only when the IC is not set.
1900         operationGetByValString breaks this invariant and `ASSERT(!byValInfo.stubRoutine)` in
1901         operationGetByValDefault raises the assertion failure.
1902         In this patch, we change the callsite setting up code in operationGetByValString when
1903         the IC is already set. And to make the operation's meaning explicitly, we changed the
1904         name operationGetByValDefault to operationGetByValOptimize, that is aligned to the
1905         GetById case.
1906
1907         * jit/JITOperations.cpp:
1908         * jit/JITOperations.h:
1909         * jit/JITPropertyAccess.cpp:
1910         (JSC::JIT::emitSlow_op_get_by_val):
1911         * jit/JITPropertyAccess32_64.cpp:
1912         (JSC::JIT::emitSlow_op_get_by_val):
1913         * tests/stress/operation-get-by-val-default-should-not-called-for-already-optimized-site.js: Added.
1914         (hello):
1915
1916 2015-08-03  Csaba Osztrogon√°c  <ossy@webkit.org>
1917
1918         [FTL] Remove unused scripts related to native call inlining
1919         https://bugs.webkit.org/show_bug.cgi?id=147448
1920
1921         Reviewed by Filip Pizlo.
1922
1923         * build-symbol-table-index.py: Removed.
1924         * copy-llvm-ir-to-derived-sources.sh: Removed.
1925         * create-llvm-ir-from-source-file.py: Removed.
1926         * create-symbol-table-index.py: Removed.
1927
1928 2015-08-02  Benjamin Poulain  <bpoulain@apple.com>
1929
1930         Investigate HashTable::HashTable(const HashTable&) and HashTable::operator=(const HashTable&) performance for hash-based static analyses
1931         https://bugs.webkit.org/show_bug.cgi?id=118455
1932
1933         Reviewed by Filip Pizlo.
1934
1935         LivenessAnalysisPhase lights up like a christmas tree in profiles.
1936
1937         This patch cuts its cost by 4.
1938         About half of the gains come from removing many rehash() when copying
1939         the HashSet.
1940         The last quarter is achieved by having a special add() function for initializing
1941         a HashSet.
1942
1943         This makes benchmarks progress by 1-2% here and there. Nothing massive.
1944
1945         * dfg/DFGLivenessAnalysisPhase.cpp:
1946         (JSC::DFG::LivenessAnalysisPhase::process):
1947         The m_live HashSet is only useful per block. When we are done with it,
1948         we can transfer it to liveAtHead to avoid a copy.
1949
1950 2015-08-01  Saam barati  <saambarati1@gmail.com>
1951
1952         Unreviewed. Remove unintentional "print" statement in test case.
1953         https://bugs.webkit.org/show_bug.cgi?id=142567
1954
1955         * tests/stress/class-syntax-definition-semantics.js:
1956         (shouldBeSyntaxError):
1957
1958 2015-07-31  Alex Christensen  <achristensen@webkit.org>
1959
1960         Prepare for VS2015
1961         https://bugs.webkit.org/show_bug.cgi?id=146579
1962
1963         Reviewed by Jon Honeycutt.
1964
1965         * heap/Heap.h:
1966         Fix compiler error by explicitly casting zombifiedBits to the size of a pointer.
1967
1968 2015-07-31  Saam barati  <saambarati1@gmail.com>
1969
1970         ES6 class syntax should use block scoping
1971         https://bugs.webkit.org/show_bug.cgi?id=142567
1972
1973         Reviewed by Geoffrey Garen.
1974
1975         We treat class declarations like we do "let" declarations.
1976         The class name is under TDZ until the class declaration
1977         statement is evaluated. Class declarations also follow
1978         the same rules as "let": No duplicate definitions inside
1979         a lexical environment.
1980
1981         * parser/ASTBuilder.h:
1982         (JSC::ASTBuilder::createClassDeclStatement):
1983         * parser/Parser.cpp:
1984         (JSC::Parser<LexerType>::parseClassDeclaration):
1985         * tests/stress/class-syntax-block-scoping.js: Added.
1986         (assert):
1987         (truth):
1988         (.):
1989         * tests/stress/class-syntax-definition-semantics.js: Added.
1990         (shouldBeSyntaxError):
1991         (shouldNotBeSyntaxError):
1992         (truth):
1993         * tests/stress/class-syntax-tdz.js:
1994         (assert):
1995         (shouldThrowTDZ):
1996         (truth):
1997         (.):
1998
1999 2015-07-31  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2000
2001         Implement WebAssembly module parser
2002         https://bugs.webkit.org/show_bug.cgi?id=147293
2003
2004         Reviewed by Mark Lam.
2005
2006         Re-landing after fix for the "..\..\jsc.cpp(46): fatal error C1083: Cannot open
2007         include file: 'JSWASMModule.h'" issue on Windows.
2008
2009         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2010         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2011         the magic number at the beginning of the files. Parsing of the rest will be
2012         implemented in a subsequent patch.
2013
2014         * CMakeLists.txt:
2015         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2016         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2017         * JavaScriptCore.xcodeproj/project.pbxproj:
2018         * jsc.cpp:
2019         (GlobalObject::finishCreation):
2020         (functionLoadWebAssembly):
2021         * parser/SourceProvider.h:
2022         (JSC::WebAssemblySourceProvider::create):
2023         (JSC::WebAssemblySourceProvider::data):
2024         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2025         * runtime/JSGlobalObject.cpp:
2026         (JSC::JSGlobalObject::init):
2027         (JSC::JSGlobalObject::visitChildren):
2028         * runtime/JSGlobalObject.h:
2029         (JSC::JSGlobalObject::wasmModuleStructure):
2030         * wasm/WASMMagicNumber.h: Added.
2031         * wasm/WASMModuleParser.cpp: Added.
2032         (JSC::WASMModuleParser::WASMModuleParser):
2033         (JSC::WASMModuleParser::parse):
2034         (JSC::WASMModuleParser::parseModule):
2035         (JSC::parseWebAssembly):
2036         * wasm/WASMModuleParser.h: Added.
2037         * wasm/WASMReader.cpp: Added.
2038         (JSC::WASMReader::readUnsignedInt32):
2039         (JSC::WASMReader::readFloat):
2040         (JSC::WASMReader::readDouble):
2041         * wasm/WASMReader.h: Added.
2042         (JSC::WASMReader::WASMReader):
2043
2044 2015-07-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2045
2046         Add the "wasm" directory to the Additional Include Directories for jsc.exe
2047         https://bugs.webkit.org/show_bug.cgi?id=147443
2048
2049         Reviewed by Mark Lam.
2050
2051         This patch should fix the "..\..\jsc.cpp(46): fatal error C1083:
2052         Cannot open include file: 'JSWASMModule.h'" error in the Windows build.
2053
2054         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2055
2056 2015-07-30  Chris Dumez  <cdumez@apple.com>
2057
2058         Mark more classes as fast allocated
2059         https://bugs.webkit.org/show_bug.cgi?id=147440
2060
2061         Reviewed by Sam Weinig.
2062
2063         Mark more classes as fast allocated for performance. We heap-allocate
2064         objects of those types throughout the code base.
2065
2066         * API/JSCallbackObject.h:
2067         * API/ObjCCallbackFunction.mm:
2068         * bytecode/BytecodeKills.h:
2069         * bytecode/BytecodeLivenessAnalysis.h:
2070         * bytecode/CallLinkStatus.h:
2071         * bytecode/FullBytecodeLiveness.h:
2072         * bytecode/SamplingTool.h:
2073         * bytecompiler/BytecodeGenerator.h:
2074         * dfg/DFGBasicBlock.h:
2075         * dfg/DFGBlockMap.h:
2076         * dfg/DFGInPlaceAbstractState.h:
2077         * dfg/DFGThreadData.h:
2078         * heap/HeapVerifier.h:
2079         * heap/SlotVisitor.h:
2080         * parser/Lexer.h:
2081         * runtime/ControlFlowProfiler.h:
2082         * runtime/TypeProfiler.h:
2083         * runtime/TypeProfilerLog.h:
2084         * runtime/Watchdog.h:
2085
2086 2015-07-29  Filip Pizlo  <fpizlo@apple.com>
2087
2088         DFG::ArgumentsEliminationPhase should emit a PutStack for all of the GetStacks that the ByteCodeParser emitted
2089         https://bugs.webkit.org/show_bug.cgi?id=147433
2090         rdar://problem/21668986
2091
2092         Reviewed by Mark Lam.
2093
2094         Ideally, the ByteCodeParser would only emit SetArgument nodes for named arguments.  But
2095         currently that's not what it does - it emits a SetArgument for every argument that a varargs
2096         call may pass.  Each SetArgument gets turned into a GetStack.  This means that if
2097         ArgumentsEliminationPhase optimizes away PutStacks for those varargs arguments that didn't
2098         get passed or used, we get degenerate IR where we have a GetStack of something that didn't
2099         have a PutStack.
2100
2101         This fixes the bug by removing the code to optimize away PutStacks in
2102         ArgumentsEliminationPhase.
2103
2104         * dfg/DFGArgumentsEliminationPhase.cpp:
2105         * tests/stress/varargs-inlining-underflow.js: Added.
2106         (baz):
2107         (bar):
2108         (foo):
2109
2110 2015-07-29  Andy VanWagoner  <thetalecrafter@gmail.com>
2111
2112         Implement basic types for ECMAScript Internationalization API
2113         https://bugs.webkit.org/show_bug.cgi?id=146926
2114
2115         Reviewed by Benjamin Poulain.
2116
2117         Adds basic types for ECMA-402 2nd edition, but does not implement the full locale-aware features yet.
2118         http://www.ecma-international.org/ecma-402/2.0/ECMA-402.pdf
2119
2120         * CMakeLists.txt: Added new Intl files.
2121         * Configurations/FeatureDefines.xcconfig: Enable INTL.
2122         * DerivedSources.make: Added Intl files.
2123         * JavaScriptCore.xcodeproj/project.pbxproj: Added Intl files.
2124         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added Intl files.
2125         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added Intl files.
2126         * runtime/CommonIdentifiers.h: Added Collator, NumberFormat, and DateTimeFormat.
2127         * runtime/DateConstructor.cpp: Made Date.now public.
2128         * runtime/DateConstructor.h: Made Date.now public.
2129         * runtime/IntlCollator.cpp: Added.
2130         (JSC::IntlCollator::create):
2131         (JSC::IntlCollator::createStructure):
2132         (JSC::IntlCollator::IntlCollator):
2133         (JSC::IntlCollator::finishCreation):
2134         (JSC::IntlCollator::destroy):
2135         (JSC::IntlCollator::visitChildren):
2136         (JSC::IntlCollator::setBoundCompare):
2137         (JSC::IntlCollatorFuncCompare): Added placeholder implementation using codePointCompare.
2138         * runtime/IntlCollator.h: Added.
2139         (JSC::IntlCollator::constructor):
2140         (JSC::IntlCollator::boundCompare):
2141         * runtime/IntlCollatorConstructor.cpp: Added.
2142         (JSC::IntlCollatorConstructor::create):
2143         (JSC::IntlCollatorConstructor::createStructure):
2144         (JSC::IntlCollatorConstructor::IntlCollatorConstructor):
2145         (JSC::IntlCollatorConstructor::finishCreation):
2146         (JSC::constructIntlCollator): Added Collator constructor (10.1.2).
2147         (JSC::callIntlCollator): Added Collator constructor (10.1.2).
2148         (JSC::IntlCollatorConstructor::getConstructData):
2149         (JSC::IntlCollatorConstructor::getCallData):
2150         (JSC::IntlCollatorConstructor::getOwnPropertySlot):
2151         (JSC::IntlCollatorConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2152         (JSC::IntlCollatorConstructor::visitChildren):
2153         * runtime/IntlCollatorConstructor.h: Added.
2154         (JSC::IntlCollatorConstructor::collatorStructure):
2155         * runtime/IntlCollatorPrototype.cpp: Added.
2156         (JSC::IntlCollatorPrototype::create):
2157         (JSC::IntlCollatorPrototype::createStructure):
2158         (JSC::IntlCollatorPrototype::IntlCollatorPrototype):
2159         (JSC::IntlCollatorPrototype::finishCreation):
2160         (JSC::IntlCollatorPrototype::getOwnPropertySlot):
2161         (JSC::IntlCollatorPrototypeGetterCompare): Added compare getter (10.3.3)
2162         (JSC::IntlCollatorPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2163         * runtime/IntlCollatorPrototype.h: Added.
2164         * runtime/IntlDateTimeFormat.cpp: Added.
2165         (JSC::IntlDateTimeFormat::create):
2166         (JSC::IntlDateTimeFormat::createStructure):
2167         (JSC::IntlDateTimeFormat::IntlDateTimeFormat):
2168         (JSC::IntlDateTimeFormat::finishCreation):
2169         (JSC::IntlDateTimeFormat::destroy):
2170         (JSC::IntlDateTimeFormat::visitChildren):
2171         (JSC::IntlDateTimeFormat::setBoundFormat):
2172         (JSC::IntlDateTimeFormatFuncFormatDateTime): Added placeholder implementation returning new Date(value).toString().
2173         * runtime/IntlDateTimeFormat.h: Added.
2174         (JSC::IntlDateTimeFormat::constructor):
2175         (JSC::IntlDateTimeFormat::boundFormat):
2176         * runtime/IntlDateTimeFormatConstructor.cpp: Added.
2177         (JSC::IntlDateTimeFormatConstructor::create):
2178         (JSC::IntlDateTimeFormatConstructor::createStructure):
2179         (JSC::IntlDateTimeFormatConstructor::IntlDateTimeFormatConstructor):
2180         (JSC::IntlDateTimeFormatConstructor::finishCreation):
2181         (JSC::constructIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2182         (JSC::callIntlDateTimeFormat): Added DateTimeFormat constructor (12.1.2).
2183         (JSC::IntlDateTimeFormatConstructor::getConstructData):
2184         (JSC::IntlDateTimeFormatConstructor::getCallData):
2185         (JSC::IntlDateTimeFormatConstructor::getOwnPropertySlot):
2186         (JSC::IntlDateTimeFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2187         (JSC::IntlDateTimeFormatConstructor::visitChildren):
2188         * runtime/IntlDateTimeFormatConstructor.h: Added.
2189         (JSC::IntlDateTimeFormatConstructor::dateTimeFormatStructure):
2190         * runtime/IntlDateTimeFormatPrototype.cpp: Added.
2191         (JSC::IntlDateTimeFormatPrototype::create):
2192         (JSC::IntlDateTimeFormatPrototype::createStructure):
2193         (JSC::IntlDateTimeFormatPrototype::IntlDateTimeFormatPrototype):
2194         (JSC::IntlDateTimeFormatPrototype::finishCreation):
2195         (JSC::IntlDateTimeFormatPrototype::getOwnPropertySlot):
2196         (JSC::IntlDateTimeFormatPrototypeGetterFormat): Added format getter (12.3.3).
2197         (JSC::IntlDateTimeFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2198         * runtime/IntlDateTimeFormatPrototype.h: Added.
2199         * runtime/IntlNumberFormat.cpp: Added.
2200         (JSC::IntlNumberFormat::create):
2201         (JSC::IntlNumberFormat::createStructure):
2202         (JSC::IntlNumberFormat::IntlNumberFormat):
2203         (JSC::IntlNumberFormat::finishCreation):
2204         (JSC::IntlNumberFormat::destroy):
2205         (JSC::IntlNumberFormat::visitChildren):
2206         (JSC::IntlNumberFormat::setBoundFormat):
2207         (JSC::IntlNumberFormatFuncFormatNumber): Added placeholder implementation returning Number(value).toString().
2208         * runtime/IntlNumberFormat.h: Added.
2209         (JSC::IntlNumberFormat::constructor):
2210         (JSC::IntlNumberFormat::boundFormat):
2211         * runtime/IntlNumberFormatConstructor.cpp: Added.
2212         (JSC::IntlNumberFormatConstructor::create):
2213         (JSC::IntlNumberFormatConstructor::createStructure):
2214         (JSC::IntlNumberFormatConstructor::IntlNumberFormatConstructor):
2215         (JSC::IntlNumberFormatConstructor::finishCreation):
2216         (JSC::constructIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2217         (JSC::callIntlNumberFormat): Added NumberFormat constructor (11.1.2).
2218         (JSC::IntlNumberFormatConstructor::getConstructData):
2219         (JSC::IntlNumberFormatConstructor::getCallData):
2220         (JSC::IntlNumberFormatConstructor::getOwnPropertySlot):
2221         (JSC::IntlNumberFormatConstructorFuncSupportedLocalesOf): Added placeholder implementation returning [].
2222         (JSC::IntlNumberFormatConstructor::visitChildren):
2223         * runtime/IntlNumberFormatConstructor.h: Added.
2224         (JSC::IntlNumberFormatConstructor::numberFormatStructure):
2225         * runtime/IntlNumberFormatPrototype.cpp: Added.
2226         (JSC::IntlNumberFormatPrototype::create):
2227         (JSC::IntlNumberFormatPrototype::createStructure):
2228         (JSC::IntlNumberFormatPrototype::IntlNumberFormatPrototype):
2229         (JSC::IntlNumberFormatPrototype::finishCreation):
2230         (JSC::IntlNumberFormatPrototype::getOwnPropertySlot):
2231         (JSC::IntlNumberFormatPrototypeGetterFormat): Added format getter (11.3.3).
2232         (JSC::IntlNumberFormatPrototypeFuncResolvedOptions): Added placeholder implementation returning {}.
2233         * runtime/IntlNumberFormatPrototype.h: Added.
2234         * runtime/IntlObject.cpp:
2235         (JSC::IntlObject::create):
2236         (JSC::IntlObject::finishCreation): Added Collator, NumberFormat, and DateTimeFormat properties (8.1).
2237         (JSC::IntlObject::visitChildren):
2238         * runtime/IntlObject.h:
2239         (JSC::IntlObject::collatorConstructor):
2240         (JSC::IntlObject::collatorPrototype):
2241         (JSC::IntlObject::collatorStructure):
2242         (JSC::IntlObject::numberFormatConstructor):
2243         (JSC::IntlObject::numberFormatPrototype):
2244         (JSC::IntlObject::numberFormatStructure):
2245         (JSC::IntlObject::dateTimeFormatConstructor):
2246         (JSC::IntlObject::dateTimeFormatPrototype):
2247         (JSC::IntlObject::dateTimeFormatStructure):
2248         * runtime/JSGlobalObject.cpp:
2249         (JSC::JSGlobalObject::init):
2250
2251 2015-07-29  Commit Queue  <commit-queue@webkit.org>
2252
2253         Unreviewed, rolling out r187550.
2254         https://bugs.webkit.org/show_bug.cgi?id=147420
2255
2256         Broke Windows build (again) (Requested by smfr on #webkit).
2257
2258         Reverted changeset:
2259
2260         "Implement WebAssembly module parser"
2261         https://bugs.webkit.org/show_bug.cgi?id=147293
2262         http://trac.webkit.org/changeset/187550
2263
2264 2015-07-29  Basile Clement  <basile_clement@apple.com>
2265
2266         Remove native call inlining
2267         https://bugs.webkit.org/show_bug.cgi?id=147417
2268
2269         Rubber Stamped by Filip Pizlo.
2270
2271         * CMakeLists.txt:
2272         * dfg/DFGAbstractInterpreterInlines.h:
2273         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): Deleted.
2274         * dfg/DFGByteCodeParser.cpp:
2275         (JSC::DFG::ByteCodeParser::handleCall): Deleted.
2276         * dfg/DFGClobberize.h:
2277         (JSC::DFG::clobberize): Deleted.
2278         * dfg/DFGDoesGC.cpp:
2279         (JSC::DFG::doesGC): Deleted.
2280         * dfg/DFGFixupPhase.cpp:
2281         (JSC::DFG::FixupPhase::fixupNode): Deleted.
2282         * dfg/DFGNode.h:
2283         (JSC::DFG::Node::hasHeapPrediction): Deleted.
2284         (JSC::DFG::Node::hasCellOperand): Deleted.
2285         * dfg/DFGNodeType.h:
2286         * dfg/DFGPredictionPropagationPhase.cpp:
2287         (JSC::DFG::PredictionPropagationPhase::propagate): Deleted.
2288         * dfg/DFGSafeToExecute.h:
2289         (JSC::DFG::safeToExecute): Deleted.
2290         * dfg/DFGSpeculativeJIT32_64.cpp:
2291         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2292         * dfg/DFGSpeculativeJIT64.cpp:
2293         (JSC::DFG::SpeculativeJIT::compile): Deleted.
2294         * ftl/FTLCapabilities.cpp:
2295         (JSC::FTL::canCompile): Deleted.
2296         * ftl/FTLLowerDFGToLLVM.cpp:
2297         (JSC::FTL::DFG::LowerDFGToLLVM::lower): Deleted.
2298         (JSC::FTL::DFG::LowerDFGToLLVM::compileNode): Deleted.
2299         (JSC::FTL::DFG::LowerDFGToLLVM::compileNativeCallOrConstruct): Deleted.
2300         (JSC::FTL::DFG::LowerDFGToLLVM::getFunctionBySymbol): Deleted.
2301         (JSC::FTL::DFG::LowerDFGToLLVM::getModuleByPathForSymbol): Deleted.
2302         (JSC::FTL::DFG::LowerDFGToLLVM::didOverflowStack): Deleted.
2303         * ftl/FTLState.cpp:
2304         (JSC::FTL::State::State): Deleted.
2305         * ftl/FTLState.h:
2306         * runtime/BundlePath.cpp: Removed.
2307         (JSC::bundlePath): Deleted.
2308         * runtime/JSDataViewPrototype.cpp:
2309         (JSC::getData):
2310         (JSC::setData):
2311         * runtime/Options.h:
2312
2313 2015-07-29  Basile Clement  <basile_clement@apple.com>
2314
2315         Unreviewed, skipping a test that is too complex for its own good
2316         https://bugs.webkit.org/show_bug.cgi?id=147167
2317
2318         * tests/stress/math-pow-coherency.js:
2319
2320 2015-07-29  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2321
2322         Implement WebAssembly module parser
2323         https://bugs.webkit.org/show_bug.cgi?id=147293
2324
2325         Reviewed by Mark Lam.
2326
2327         Reupload the patch, since r187539 should fix the "Cannot open include file:
2328         'JSWASMModule.h'" issue in the Windows build.
2329
2330         * CMakeLists.txt:
2331         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2332         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2333         * JavaScriptCore.xcodeproj/project.pbxproj:
2334         * jsc.cpp:
2335         (GlobalObject::finishCreation):
2336         (functionLoadWebAssembly):
2337         * parser/SourceProvider.h:
2338         (JSC::WebAssemblySourceProvider::create):
2339         (JSC::WebAssemblySourceProvider::data):
2340         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2341         * runtime/JSGlobalObject.cpp:
2342         (JSC::JSGlobalObject::init):
2343         (JSC::JSGlobalObject::visitChildren):
2344         * runtime/JSGlobalObject.h:
2345         (JSC::JSGlobalObject::wasmModuleStructure):
2346         * wasm/WASMMagicNumber.h: Added.
2347         * wasm/WASMModuleParser.cpp: Added.
2348         (JSC::WASMModuleParser::WASMModuleParser):
2349         (JSC::WASMModuleParser::parse):
2350         (JSC::WASMModuleParser::parseModule):
2351         (JSC::parseWebAssembly):
2352         * wasm/WASMModuleParser.h: Added.
2353         * wasm/WASMReader.cpp: Added.
2354         (JSC::WASMReader::readUnsignedInt32):
2355         (JSC::WASMReader::readFloat):
2356         (JSC::WASMReader::readDouble):
2357         * wasm/WASMReader.h: Added.
2358         (JSC::WASMReader::WASMReader):
2359
2360 2015-07-29  Basile Clement  <basile_clement@apple.com>
2361
2362         Unreviewed, lower the number of test iterations to prevent timing out on Debug builds
2363         https://bugs.webkit.org/show_bug.cgi?id=147167
2364
2365         * tests/stress/math-pow-coherency.js:
2366
2367 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2368
2369         Add the "wasm" directory to Visual Studio project files
2370         https://bugs.webkit.org/show_bug.cgi?id=147400
2371
2372         Reviewed by Simon Fraser.
2373
2374         This patch should fix the "Cannot open include file: 'JSWASMModule.h'" issue
2375         in the Windows build.
2376
2377         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
2378         * JavaScriptCore.vcxproj/copy-files.cmd:
2379
2380 2015-07-28  Commit Queue  <commit-queue@webkit.org>
2381
2382         Unreviewed, rolling out r187531.
2383         https://bugs.webkit.org/show_bug.cgi?id=147397
2384
2385         Broke Windows bild (Requested by smfr on #webkit).
2386
2387         Reverted changeset:
2388
2389         "Implement WebAssembly module parser"
2390         https://bugs.webkit.org/show_bug.cgi?id=147293
2391         http://trac.webkit.org/changeset/187531
2392
2393 2015-07-28  Benjamin Poulain  <bpoulain@apple.com>
2394
2395         Speed up the Stringifier::toJSON() fast case
2396         https://bugs.webkit.org/show_bug.cgi?id=147383
2397
2398         Reviewed by Andreas Kling.
2399
2400         * runtime/JSONObject.cpp:
2401         (JSC::Stringifier::toJSON):
2402         (JSC::Stringifier::toJSONImpl):
2403
2404 2015-07-28  Sukolsak Sakshuwong  <sukolsak@gmail.com>
2405
2406         Implement WebAssembly module parser
2407         https://bugs.webkit.org/show_bug.cgi?id=147293
2408
2409         Reviewed by Geoffrey Garen.
2410
2411         Implement WebAssembly module parser for WebAssembly files produced by pack-asmjs
2412         <https://github.com/WebAssembly/polyfill-prototype-1>. This patch only checks
2413         the magic number at the beginning of the files. Parsing of the rest will be
2414         implemented in a subsequent patch.
2415
2416         * CMakeLists.txt:
2417         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2418         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2419         * JavaScriptCore.xcodeproj/project.pbxproj:
2420         * jsc.cpp:
2421         (GlobalObject::finishCreation):
2422         (functionLoadWebAssembly):
2423         * parser/SourceProvider.h:
2424         (JSC::WebAssemblySourceProvider::create):
2425         (JSC::WebAssemblySourceProvider::data):
2426         (JSC::WebAssemblySourceProvider::WebAssemblySourceProvider):
2427         * runtime/JSGlobalObject.cpp:
2428         (JSC::JSGlobalObject::init):
2429         (JSC::JSGlobalObject::visitChildren):
2430         * runtime/JSGlobalObject.h:
2431         (JSC::JSGlobalObject::wasmModuleStructure):
2432         * wasm/WASMMagicNumber.h: Added.
2433         * wasm/WASMModuleParser.cpp: Added.
2434         (JSC::WASMModuleParser::WASMModuleParser):
2435         (JSC::WASMModuleParser::parse):
2436         (JSC::WASMModuleParser::parseModule):
2437         (JSC::parseWebAssembly):
2438         * wasm/WASMModuleParser.h: Added.
2439         * wasm/WASMReader.cpp: Added.
2440         (JSC::WASMReader::readUnsignedInt32):
2441         (JSC::WASMReader::readFloat):
2442         (JSC::WASMReader::readDouble):
2443         * wasm/WASMReader.h: Added.
2444         (JSC::WASMReader::WASMReader):
2445
2446 2015-07-28  Yusuke Suzuki  <utatane.tea@gmail.com>
2447
2448         [ES6] Add ENABLE_ES6_MODULES compile time flag with the default value "false"
2449         https://bugs.webkit.org/show_bug.cgi?id=147350
2450
2451         Reviewed by Sam Weinig.
2452
2453         * Configurations/FeatureDefines.xcconfig:
2454
2455 2015-07-28  Saam barati  <saambarati1@gmail.com>
2456
2457         Make the type profiler work with lexical scoping and add tests
2458         https://bugs.webkit.org/show_bug.cgi?id=145438
2459
2460         Reviewed by Geoffrey Garen.
2461
2462         op_profile_type now knows how to resolve variables allocated within
2463         the local scope stack. This means it knows how to resolve "let"
2464         and "const" variables. Also, some refactoring was done inside
2465         the BytecodeGenerator to make writing code to support the type
2466         profiler much simpler and clearer.
2467
2468         * bytecode/CodeBlock.cpp:
2469         (JSC::CodeBlock::CodeBlock):
2470         * bytecode/CodeBlock.h:
2471         (JSC::CodeBlock::symbolTable): Deleted.
2472         * bytecode/UnlinkedCodeBlock.h:
2473         (JSC::UnlinkedCodeBlock::addExceptionHandler):
2474         (JSC::UnlinkedCodeBlock::exceptionHandler):
2475         (JSC::UnlinkedCodeBlock::vm):
2476         (JSC::UnlinkedCodeBlock::addArrayProfile):
2477         (JSC::UnlinkedCodeBlock::setSymbolTableConstantIndex): Deleted.
2478         (JSC::UnlinkedCodeBlock::symbolTableConstantIndex): Deleted.
2479         * bytecompiler/BytecodeGenerator.cpp:
2480         (JSC::BytecodeGenerator::BytecodeGenerator):
2481         (JSC::BytecodeGenerator::emitMove):
2482         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
2483         (JSC::BytecodeGenerator::emitProfileType):
2484         (JSC::BytecodeGenerator::emitProfileControlFlow):
2485         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2486         * bytecompiler/BytecodeGenerator.h:
2487         (JSC::BytecodeGenerator::emitNodeForLeftHandSide):
2488         * bytecompiler/NodesCodegen.cpp:
2489         (JSC::ThisNode::emitBytecode):
2490         (JSC::ResolveNode::emitBytecode):
2491         (JSC::BracketAccessorNode::emitBytecode):
2492         (JSC::DotAccessorNode::emitBytecode):
2493         (JSC::FunctionCallValueNode::emitBytecode):
2494         (JSC::FunctionCallResolveNode::emitBytecode):
2495         (JSC::FunctionCallBracketNode::emitBytecode):
2496         (JSC::FunctionCallDotNode::emitBytecode):
2497         (JSC::CallFunctionCallDotNode::emitBytecode):
2498         (JSC::ApplyFunctionCallDotNode::emitBytecode):
2499         (JSC::PostfixNode::emitResolve):
2500         (JSC::PostfixNode::emitBracket):
2501         (JSC::PostfixNode::emitDot):
2502         (JSC::PrefixNode::emitResolve):
2503         (JSC::PrefixNode::emitBracket):
2504         (JSC::PrefixNode::emitDot):
2505         (JSC::ReadModifyResolveNode::emitBytecode):
2506         (JSC::AssignResolveNode::emitBytecode):
2507         (JSC::AssignDotNode::emitBytecode):
2508         (JSC::ReadModifyDotNode::emitBytecode):
2509         (JSC::AssignBracketNode::emitBytecode):
2510         (JSC::ReadModifyBracketNode::emitBytecode):
2511         (JSC::EmptyVarExpression::emitBytecode):
2512         (JSC::EmptyLetExpression::emitBytecode):
2513         (JSC::ForInNode::emitLoopHeader):
2514         (JSC::ForOfNode::emitBytecode):
2515         (JSC::ReturnNode::emitBytecode):
2516         (JSC::FunctionNode::emitBytecode):
2517         (JSC::BindingNode::bindValue):
2518         * dfg/DFGSpeculativeJIT32_64.cpp:
2519         (JSC::DFG::SpeculativeJIT::compile):
2520         * dfg/DFGSpeculativeJIT64.cpp:
2521         (JSC::DFG::SpeculativeJIT::compile):
2522         * jit/JITOpcodes.cpp:
2523         (JSC::JIT::emit_op_profile_type):
2524         * jit/JITOpcodes32_64.cpp:
2525         (JSC::JIT::emit_op_profile_type):
2526         * llint/LowLevelInterpreter32_64.asm:
2527         * llint/LowLevelInterpreter64.asm:
2528         * tests/typeProfiler/es6-block-scoping.js: Added.
2529         (noop):
2530         (arr):
2531         (wrapper.changeFoo):
2532         (wrapper.scoping):
2533         (wrapper.scoping2):
2534         (wrapper):
2535         * tests/typeProfiler/es6-classes.js: Added.
2536         (noop):
2537         (wrapper.Animal):
2538         (wrapper.Animal.prototype.methodA):
2539         (wrapper.Dog):
2540         (wrapper.Dog.prototype.methodB):
2541         (wrapper):
2542
2543 2015-07-28  Saam barati  <saambarati1@gmail.com>
2544
2545         Implement catch scope using lexical scoping constructs introduced with "let" scoping patch
2546         https://bugs.webkit.org/show_bug.cgi?id=146979
2547
2548         Reviewed by Geoffrey Garen.
2549
2550         Now that BytecodeGenerator has a notion of local scope depth,
2551         we can easily implement a catch scope that doesn't claim that
2552         all variables are dynamically scoped. This means that functions
2553         that use try/catch can have local variable resolution. This also
2554         means that all functions that use try/catch don't have all
2555         their variables marked as being captured.
2556
2557         Catch scopes now behave like a "let" scope (sans the TDZ logic) with a 
2558         single variable. Catch scopes are now just JSLexicalEnvironments and the 
2559         symbol table backing the catch scope knows that it corresponds to a catch scope.
2560
2561         * CMakeLists.txt:
2562         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2563         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2564         * JavaScriptCore.xcodeproj/project.pbxproj:
2565         * bytecode/CodeBlock.cpp:
2566         (JSC::CodeBlock::dumpBytecode):
2567         * bytecode/EvalCodeCache.h:
2568         (JSC::EvalCodeCache::isCacheable):
2569         * bytecompiler/BytecodeGenerator.cpp:
2570         (JSC::BytecodeGenerator::initializeDefaultParameterValuesAndSetupFunctionScopeStack):
2571         (JSC::BytecodeGenerator::emitLoadGlobalObject):
2572         (JSC::BytecodeGenerator::pushLexicalScope):
2573         (JSC::BytecodeGenerator::pushLexicalScopeInternal):
2574         (JSC::BytecodeGenerator::popLexicalScope):
2575         (JSC::BytecodeGenerator::popLexicalScopeInternal):
2576         (JSC::BytecodeGenerator::prepareLexicalScopeForNextForLoopIteration):
2577         (JSC::BytecodeGenerator::variable):
2578         (JSC::BytecodeGenerator::resolveType):
2579         (JSC::BytecodeGenerator::emitResolveScope):
2580         (JSC::BytecodeGenerator::emitPopScope):
2581         (JSC::BytecodeGenerator::emitPopWithScope):
2582         (JSC::BytecodeGenerator::emitDebugHook):
2583         (JSC::BytecodeGenerator::popScopedControlFlowContext):
2584         (JSC::BytecodeGenerator::emitPushCatchScope):
2585         (JSC::BytecodeGenerator::emitPopCatchScope):
2586         (JSC::BytecodeGenerator::beginSwitch):
2587         (JSC::BytecodeGenerator::emitPopWithOrCatchScope): Deleted.
2588         * bytecompiler/BytecodeGenerator.h:
2589         (JSC::BytecodeGenerator::lastOpcodeID):
2590         * bytecompiler/NodesCodegen.cpp:
2591         (JSC::AssignResolveNode::emitBytecode):
2592         (JSC::WithNode::emitBytecode):
2593         (JSC::TryNode::emitBytecode):
2594         * debugger/DebuggerScope.cpp:
2595         (JSC::DebuggerScope::isCatchScope):
2596         (JSC::DebuggerScope::isFunctionNameScope):
2597         (JSC::DebuggerScope::isFunctionOrEvalScope):
2598         (JSC::DebuggerScope::caughtValue):
2599         * debugger/DebuggerScope.h:
2600         * inspector/ScriptDebugServer.cpp:
2601         (Inspector::ScriptDebugServer::exceptionOrCaughtValue):
2602         * interpreter/Interpreter.cpp:
2603         (JSC::Interpreter::execute):
2604         * jit/JITOpcodes.cpp:
2605         (JSC::JIT::emit_op_push_name_scope):
2606         * jit/JITOpcodes32_64.cpp:
2607         (JSC::JIT::emit_op_push_name_scope):
2608         * jit/JITOperations.cpp:
2609         * jit/JITOperations.h:
2610         * parser/ASTBuilder.h:
2611         (JSC::ASTBuilder::createContinueStatement):
2612         (JSC::ASTBuilder::createTryStatement):
2613         * parser/NodeConstructors.h:
2614         (JSC::ThrowNode::ThrowNode):
2615         (JSC::TryNode::TryNode):
2616         (JSC::FunctionParameters::FunctionParameters):
2617         * parser/Nodes.h:
2618         * parser/Parser.cpp:
2619         (JSC::Parser<LexerType>::parseTryStatement):
2620         * parser/SyntaxChecker.h:
2621         (JSC::SyntaxChecker::createBreakStatement):
2622         (JSC::SyntaxChecker::createContinueStatement):
2623         (JSC::SyntaxChecker::createTryStatement):
2624         (JSC::SyntaxChecker::createSwitchStatement):
2625         (JSC::SyntaxChecker::createWhileStatement):
2626         (JSC::SyntaxChecker::createWithStatement):
2627         * runtime/JSCatchScope.cpp:
2628         * runtime/JSCatchScope.h:
2629         (JSC::JSCatchScope::JSCatchScope): Deleted.
2630         (JSC::JSCatchScope::create): Deleted.
2631         (JSC::JSCatchScope::createStructure): Deleted.
2632         * runtime/JSFunctionNameScope.h:
2633         (JSC::JSFunctionNameScope::JSFunctionNameScope):
2634         * runtime/JSGlobalObject.cpp:
2635         (JSC::JSGlobalObject::init):
2636         (JSC::JSGlobalObject::visitChildren):
2637         * runtime/JSGlobalObject.h:
2638         (JSC::JSGlobalObject::withScopeStructure):
2639         (JSC::JSGlobalObject::strictEvalActivationStructure):
2640         (JSC::JSGlobalObject::activationStructure):
2641         (JSC::JSGlobalObject::functionNameScopeStructure):
2642         (JSC::JSGlobalObject::directArgumentsStructure):
2643         (JSC::JSGlobalObject::scopedArgumentsStructure):
2644         (JSC::JSGlobalObject::catchScopeStructure): Deleted.
2645         * runtime/JSNameScope.cpp:
2646         (JSC::JSNameScope::create):
2647         (JSC::JSNameScope::toThis):
2648         * runtime/JSNameScope.h:
2649         * runtime/JSObject.cpp:
2650         (JSC::JSObject::toThis):
2651         (JSC::JSObject::isFunctionNameScopeObject):
2652         (JSC::JSObject::isCatchScopeObject): Deleted.
2653         * runtime/JSObject.h:
2654         * runtime/JSScope.cpp:
2655         (JSC::JSScope::collectVariablesUnderTDZ):
2656         (JSC::JSScope::isLexicalScope):
2657         (JSC::JSScope::isCatchScope):
2658         (JSC::resolveModeName):
2659         * runtime/JSScope.h:
2660         * runtime/SymbolTable.cpp:
2661         (JSC::SymbolTable::SymbolTable):
2662         (JSC::SymbolTable::cloneScopePart):
2663         * runtime/SymbolTable.h:
2664         * tests/stress/const-semantics.js:
2665         (.):
2666
2667 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
2668
2669         DFG::ArgumentsEliminationPhase has a redundant check for inserting CheckInBounds when converting GetByVal to GetStack in the inline non-varargs case
2670         https://bugs.webkit.org/show_bug.cgi?id=147373
2671
2672         Reviewed by Mark Lam.
2673
2674         The code was doing a check for "index >= inlineCallFrame->arguments.size() - 1" in code where
2675         safeToGetStack is true and we aren't in varargs context, but in a non-varargs context,
2676         safeToGetStack can only be true if "index < inlineCallFrame->arguments.size() - 1".
2677
2678         When converting a GetByVal to GetStack, there are three possibilities:
2679
2680         1) Impossible to convert. This can happen if the GetByVal is out-of-bounds of the things we
2681            know to have stored to the stack. For example, if we inline a function that does
2682            "arguments[42]" at a call that passes no arguments.
2683
2684         2) Possible to convert, but we cannot prove statically that the GetByVal was in bounds. This
2685            can happen for "arguments[42]" with no inline call frame (since we don't know statically
2686            how many arguments we will be passed) or in a varargs call frame.
2687
2688         3) Possible to convert, and we know statically that the GetByVal is in bounds. This can
2689            happen for "arguments[42]" if we have an inline call frame, and it's not a varargs call
2690            frame, and we know that the caller passed 42 or more arguments.
2691
2692         The way the phase handles this is it first determines that we're not in case (1). This is
2693         called safeToGetStack. safeToGetStack is true if we have case (2) or (3). For inline call
2694         frames that have no varargs, this means that safeToGetStack is true exactly when the GetByVal
2695         is in-bounds (i.e. case (3)).
2696
2697         But the phase was again doing a check for whether the index is in-bounds for non-varargs
2698         inline call frames even when safeToGetStack was true. That check is redundant and should be
2699         eliminated, since it makes the code confusing.
2700
2701         * dfg/DFGArgumentsEliminationPhase.cpp:
2702
2703 2015-07-28  Filip Pizlo  <fpizlo@apple.com>
2704
2705         DFG::PutStackSinkingPhase should be more aggressive about its "no GetStack until put" rule
2706         https://bugs.webkit.org/show_bug.cgi?id=147371
2707
2708         Reviewed by Mark Lam.
2709
2710         Two fixes:
2711
2712         - Make ConflictingFlush really mean that you can't load from the stack slot. This means not
2713           using ConflictingFlush for arguments.
2714
2715         - Assert that a GetStack never sees ConflictingFlush.
2716
2717         * dfg/DFGPutStackSinkingPhase.cpp:
2718
2719 2015-07-28  Basile Clement  <basile_clement@apple.com>
2720
2721         Misleading error message: "At least one digit must occur after a decimal point"
2722         https://bugs.webkit.org/show_bug.cgi?id=146238
2723
2724         Reviewed by Geoffrey Garen.
2725
2726         Interestingly, we had a comment explaining what this error message was
2727         about that is much clearer than the error message itself. This patch
2728         simply replaces the error message with the explanation from the
2729         comment.
2730
2731         * parser/Lexer.cpp:
2732         (JSC::Lexer<T>::lex):
2733
2734 2015-07-28  Basile Clement  <basile_clement@apple.com>
2735
2736         Simplify call linking
2737         https://bugs.webkit.org/show_bug.cgi?id=147363
2738
2739         Reviewed by Filip Pizlo.
2740
2741         Previously, we were passing both the CallLinkInfo and a
2742         (CodeSpecializationKind, RegisterPreservationMode) pair to the
2743         different call linking slow paths. However, the CallLinkInfo already
2744         has all of that information, and we don't gain anything by having them
2745         in additional static parameters - except possibly a very small
2746         performance gain in presence of inlining. However since those are
2747         already slow paths, this performance loss (if it exists) will not be
2748         visible in practice.
2749
2750         This patch removes the various specialized thunks and JIT operations
2751         for regular and polymorphic call linking with a single thunk and
2752         operation for each case. Moreover, it removes the four specialized
2753         virtual call thunks and operations with one virtual call thunk for each
2754         call link info, allowing for better branch prediction by the CPU and
2755         fixing a pre-existing FIXME.
2756
2757         * bytecode/CallLinkInfo.cpp:
2758         (JSC::CallLinkInfo::unlink):
2759         (JSC::CallLinkInfo::dummy): Deleted.
2760         * bytecode/CallLinkInfo.h:
2761         (JSC::CallLinkInfo::CallLinkInfo):
2762         (JSC::CallLinkInfo::registerPreservationMode):
2763         (JSC::CallLinkInfo::setUpCallFromFTL):
2764         (JSC::CallLinkInfo::setSlowStub):
2765         (JSC::CallLinkInfo::clearSlowStub):
2766         (JSC::CallLinkInfo::slowStub):
2767         * dfg/DFGDriver.cpp:
2768         (JSC::DFG::compileImpl):
2769         * dfg/DFGJITCompiler.cpp:
2770         (JSC::DFG::JITCompiler::link):
2771         * ftl/FTLJSCallBase.cpp:
2772         (JSC::FTL::JSCallBase::link):
2773         * jit/JITCall.cpp:
2774         (JSC::JIT::compileCallEvalSlowCase):
2775         (JSC::JIT::compileOpCall):
2776         (JSC::JIT::compileOpCallSlowCase):
2777         * jit/JITCall32_64.cpp:
2778         (JSC::JIT::compileCallEvalSlowCase):
2779         (JSC::JIT::compileOpCall):
2780         (JSC::JIT::compileOpCallSlowCase):
2781         * jit/JITOperations.cpp:
2782         * jit/JITOperations.h:
2783         (JSC::operationLinkFor): Deleted.
2784         (JSC::operationVirtualFor): Deleted.
2785         (JSC::operationLinkPolymorphicCallFor): Deleted.
2786         * jit/Repatch.cpp:
2787         (JSC::generateByIdStub):
2788         (JSC::linkSlowFor):
2789         (JSC::linkFor):
2790         (JSC::revertCall):
2791         (JSC::unlinkFor):
2792         (JSC::linkVirtualFor):
2793         (JSC::linkPolymorphicCall):
2794         * jit/Repatch.h:
2795         * jit/ThunkGenerators.cpp:
2796         (JSC::linkCallThunkGenerator):
2797         (JSC::linkPolymorphicCallThunkGenerator):
2798         (JSC::virtualThunkFor):
2799         (JSC::linkForThunkGenerator): Deleted.
2800         (JSC::linkConstructThunkGenerator): Deleted.
2801         (JSC::linkCallThatPreservesRegsThunkGenerator): Deleted.
2802         (JSC::linkConstructThatPreservesRegsThunkGenerator): Deleted.
2803         (JSC::linkPolymorphicCallForThunkGenerator): Deleted.
2804         (JSC::linkPolymorphicCallThatPreservesRegsThunkGenerator): Deleted.
2805         (JSC::virtualForThunkGenerator): Deleted.
2806         (JSC::virtualCallThunkGenerator): Deleted.
2807         (JSC::virtualConstructThunkGenerator): Deleted.
2808         (JSC::virtualCallThatPreservesRegsThunkGenerator): Deleted.
2809         (JSC::virtualConstructThatPreservesRegsThunkGenerator): Deleted.
2810         * jit/ThunkGenerators.h:
2811         (JSC::linkThunkGeneratorFor): Deleted.
2812         (JSC::linkPolymorphicCallThunkGeneratorFor): Deleted.
2813         (JSC::virtualThunkGeneratorFor): Deleted.
2814
2815 2015-07-28  Basile Clement  <basile_clement@apple.com>
2816
2817         stress/math-pow-with-constants.js fails in cloop
2818         https://bugs.webkit.org/show_bug.cgi?id=147167
2819
2820         Reviewed by Geoffrey Garen.
2821
2822         Baseline JIT, DFG and FTL are using a fast exponentiation fast path
2823         when computing Math.pow() with an integer exponent that is not taken in
2824         the LLInt (or the DFG abstract interpreter). This leads to the result
2825         of pow changing depending on the compilation tier or the fact that
2826         constant propagation kicks in, which is undesirable.
2827
2828         This patch adds the fast path to the slow operationMathPow in order to
2829         maintain an illusion of consistency.
2830
2831         * runtime/MathCommon.cpp:
2832         (JSC::operationMathPow):
2833         * tests/stress/math-pow-coherency.js: Added.
2834         (pow42):
2835         (build42AsDouble.opaqueAdd):
2836         (build42AsDouble):
2837         (powDouble42):
2838         (clobber):
2839         (pow42NoConstantFolding):
2840         (powDouble42NoConstantFolding):
2841
2842 2015-07-28  Joseph Pecoraro  <pecoraro@apple.com>
2843
2844         Web Inspector: Show Pseudo Elements in DOM Tree
2845         https://bugs.webkit.org/show_bug.cgi?id=139612
2846
2847         Reviewed by Timothy Hatcher.
2848
2849         * inspector/protocol/DOM.json:
2850         Add new properties to DOMNode if it is a pseudo element or if it has
2851         pseudo element children. Add new events for if a pseudo element is
2852         added or removed dynamically to an existing DOMNode.
2853
2854 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
2855
2856         Add logging when executable code gets deallocated
2857         https://bugs.webkit.org/show_bug.cgi?id=147355
2858
2859         Reviewed by Mark Lam.
2860
2861         * ftl/FTLJITCode.cpp:
2862         (JSC::FTL::JITCode::~JITCode): Print something when this is freed.
2863         * jit/JITCode.cpp:
2864         (JSC::JITCodeWithCodeRef::~JITCodeWithCodeRef): Print something when this is freed.
2865
2866 2015-07-27  Filip Pizlo  <fpizlo@apple.com>
2867
2868         DFG::safeToExecute() cases for GetByOffset/PutByOffset don't handle clobbered structure abstract values correctly
2869         https://bugs.webkit.org/show_bug.cgi?id=147354
2870
2871         Reviewed by Michael Saboff.
2872
2873         If m_structure.isClobbered(), it means that we had a side effect that clobbered
2874         the abstract value but it may recover back to its original value at the next
2875         invalidation point. Since the invalidation point hasn't been reached yet, we need
2876         to conservatively treat the clobbered state as if it was top. At the invalidation
2877         point, the clobbered set will return back to being unclobbered.
2878
2879         In addition to fixing the bug, this introduces isInfinite(), which should be used
2880         in places where it's tempting to just use isTop().
2881
2882         * dfg/DFGSafeToExecute.h:
2883         (JSC::DFG::safeToExecute): Fix the bug.
2884         * dfg/DFGStructureAbstractValue.cpp:
2885         (JSC::DFG::StructureAbstractValue::contains): Switch to using isInfinite().
2886         (JSC::DFG::StructureAbstractValue::isSubsetOf): Switch to using isInfinite().
2887         (JSC::DFG::StructureAbstractValue::isSupersetOf): Switch to using isInfinite().
2888         (JSC::DFG::StructureAbstractValue::overlaps): Switch to using isInfinite().
2889         * dfg/DFGStructureAbstractValue.h:
2890         (JSC::DFG::StructureAbstractValue::isFinite): New convenience method.
2891         (JSC::DFG::StructureAbstractValue::isInfinite): New convenience method.
2892         (JSC::DFG::StructureAbstractValue::onlyStructure): Switch to using isInfinite().
2893
2894 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2895
2896         [ES6] Implement Reflect.enumerate
2897         https://bugs.webkit.org/show_bug.cgi?id=147347
2898
2899         Reviewed by Sam Weinig.
2900
2901         This patch implements Reflect.enumerate.
2902         It returns the iterator that iterates the enumerable keys of the given object.
2903         It follows the for-in's enumeration order.
2904
2905         To implement it, we write down the same logic to the for-in's enumeration code in C++.
2906
2907         * CMakeLists.txt:
2908         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2909         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2910         * JavaScriptCore.xcodeproj/project.pbxproj:
2911         * runtime/JSGlobalObject.cpp:
2912         (JSC::JSGlobalObject::init):
2913         (JSC::JSGlobalObject::visitChildren):
2914         * runtime/JSGlobalObject.h:
2915         (JSC::JSGlobalObject::propertyNameIteratorStructure):
2916         * runtime/JSPropertyNameIterator.cpp: Added.
2917         (JSC::JSPropertyNameIterator::JSPropertyNameIterator):
2918         (JSC::JSPropertyNameIterator::clone):
2919         (JSC::JSPropertyNameIterator::create):
2920         (JSC::JSPropertyNameIterator::finishCreation):
2921         (JSC::JSPropertyNameIterator::visitChildren):
2922         (JSC::JSPropertyNameIterator::next):
2923         (JSC::propertyNameIteratorFuncNext):
2924         * runtime/JSPropertyNameIterator.h: Added.
2925         (JSC::JSPropertyNameIterator::createStructure):
2926         * runtime/ReflectObject.cpp:
2927         (JSC::reflectObjectEnumerate):
2928         * tests/stress/reflect-enumerate.js: Added.
2929         (shouldBe):
2930         (shouldThrow):
2931
2932 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2933
2934         [ES6] Implement Reflect.preventExtensions
2935         https://bugs.webkit.org/show_bug.cgi?id=147331
2936
2937         Reviewed by Sam Weinig.
2938
2939         Implement Reflect.preventExtensions.
2940         This is different from Object.preventExensions.
2941
2942         1. When preventExtensions is called onto the non-object, it raises the TypeError.
2943         2. Reflect.preventExtensions does not raise the TypeError when the preventExtensions operation is failed.
2944
2945         For the (2) case, since there is no Proxy implementation currently, Reflect.preventExtensions always succeed.
2946
2947         * runtime/ReflectObject.cpp:
2948         (JSC::reflectObjectPreventExtensions):
2949         * tests/stress/reflect-prevent-extensions.js: Added.
2950         (shouldBe):
2951         (shouldThrow):
2952
2953 2015-07-27  Alex Christensen  <achristensen@webkit.org>
2954
2955         Use Ninja on Windows.
2956         https://bugs.webkit.org/show_bug.cgi?id=147228
2957
2958         Reviewed by Martin Robinson.
2959
2960         * CMakeLists.txt:
2961         Set the working directory when generating LowLevelInterpreterWin.asm to put LowLevelInterpreterWin.asm.sym in the right place.
2962
2963 2015-07-27  Yusuke Suzuki  <utatane.tea@gmail.com>
2964
2965         SparseValueMap check is skipped when the butterfly's vectorLength is larger than the access-requested index
2966         https://bugs.webkit.org/show_bug.cgi?id=147265
2967
2968         Reviewed by Geoffrey Garen.
2969
2970         JSObject's vector holds the indexed values and we leverage it to represent stored values and holes.
2971         By checking that the given index is in-bound of the vector's length, we can look up the property fast.
2972         And for the sparse array, we have also the separated SparseValueMap to hold the pairs.
2973         And we need to take care that the length of the vector should not overlap the indices stored in the SparseValueMap.
2974
2975         The vector only holds the pure JS values to avoid additional checking for accessors when looking up the value
2976         from the vector. To achieve this, we also store the accessors (and attributed properties) to SparseValueMap
2977         even the index is less than MIN_SPARSE_ARRAY_INDEX.
2978
2979         As a result, if the length of the vector overlaps the indices of the accessors stored in the SparseValueMap,
2980         we accidentally skip the phase looking up from the SparseValueMap. Instead, we just load from the vector and
2981         if the loaded value is an array hole, we decide the given object does not have the value for the given index.
2982
2983         This patch fixes the problem.
2984         When defining the attributed value that index is smaller than the length of the vector, we throw away the vector
2985         and change the object to DictionaryIndexingMode. Since we can assume that indexed accessors rarely exist in
2986         practice, we expect this does not hurt the performance while keeping the fast property access system without
2987         checking the sparse map.
2988
2989         * runtime/JSObject.cpp:
2990         (JSC::JSObject::putDirectIndexBeyondVectorLength):
2991         * tests/stress/sparse-map-non-overlapping.js: Added.
2992         (shouldBe):
2993         (testing):
2994         (object.get 1000):
2995         * tests/stress/sparse-map-non-skip-getter-overriding.js: Added.
2996         (shouldBe):
2997         (obj.get 1):
2998         (testing):
2999         * tests/stress/sparse-map-non-skip.js: Added.
3000         (shouldBe):
3001         (testing):
3002         (testing2):
3003         (.get for):
3004
3005 2015-07-27  Saam barati  <saambarati1@gmail.com>
3006
3007         Reduce execution time for "let" and "const" tests
3008         https://bugs.webkit.org/show_bug.cgi?id=147291
3009
3010         Reviewed by Geoffrey Garen.
3011
3012         We don't need to loop so many times for things that will not make it 
3013         into the DFG.  Also, we can loop a lot less for almost all the tests 
3014         because they're mostly testing the bytecode generator.
3015
3016         * tests/stress/const-and-with-statement.js:
3017         * tests/stress/const-exception-handling.js:
3018         * tests/stress/const-loop-semantics.js:
3019         * tests/stress/const-not-strict-mode.js:
3020         * tests/stress/const-semantics.js:
3021         * tests/stress/const-tdz.js:
3022         * tests/stress/lexical-let-and-with-statement.js:
3023         * tests/stress/lexical-let-exception-handling.js:
3024         (assert):
3025         * tests/stress/lexical-let-loop-semantics.js:
3026         (assert):
3027         (shouldThrowTDZ):
3028         (.):
3029         * tests/stress/lexical-let-not-strict-mode.js:
3030         * tests/stress/lexical-let-semantics.js:
3031         (.):
3032         * tests/stress/lexical-let-tdz.js:
3033         (shouldThrowTDZ):
3034         (.):
3035
3036 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3037
3038         Rename PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols
3039         https://bugs.webkit.org/show_bug.cgi?id=147311
3040
3041         Reviewed by Sam Weinig.
3042
3043         To make the meaning clear in the user side (PropertyNameArray array(exec, PropertyNameMode::StringsAndSymbols)),
3044         this patch renames PropertyNameMode::Both to PropertyNameMode::StringsAndSymbols.
3045
3046         * bytecode/ObjectAllocationProfile.h:
3047         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3048         * runtime/EnumerationMode.h:
3049         * runtime/ObjectConstructor.cpp:
3050         (JSC::ownEnumerablePropertyKeys):
3051         (JSC::defineProperties):
3052         (JSC::objectConstructorSeal):
3053         (JSC::objectConstructorFreeze):
3054         (JSC::objectConstructorIsSealed):
3055         (JSC::objectConstructorIsFrozen):
3056         (JSC::ownPropertyKeys):
3057         * runtime/ReflectObject.cpp:
3058         (JSC::reflectObjectOwnKeys):
3059
3060 2015-07-27  Saam barati  <saambarati1@gmail.com>
3061
3062         Added a comment explaining that all "addVar()"s should happen before
3063         emitting bytecode for a function's default parameter expressions
3064
3065         Rubber Stamped by Mark Lam.
3066
3067         * bytecompiler/BytecodeGenerator.cpp:
3068         (JSC::BytecodeGenerator::BytecodeGenerator):
3069
3070 2015-07-26  Sam Weinig  <sam@webkit.org>
3071
3072         Add missing builtin files to the JavaScriptCore Xcode project
3073         https://bugs.webkit.org/show_bug.cgi?id=147312
3074
3075         Reviewed by Darin Adler.
3076
3077         * JavaScriptCore.xcodeproj/project.pbxproj:
3078         Add missing files.
3079
3080 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3081
3082         [ES6] Implement Reflect.isExtensible
3083         https://bugs.webkit.org/show_bug.cgi?id=147308
3084
3085         Reviewed by Sam Weinig.
3086
3087         This patch implements Reflect.isExtensible.
3088         It is similar to Object.isExtensible.
3089         The difference is that it raises an error if the first argument is not an object.
3090
3091         * runtime/ReflectObject.cpp:
3092         (JSC::reflectObjectIsExtensible):
3093         * tests/stress/reflect-is-extensible.js: Added.
3094         (shouldBe):
3095         (shouldThrow):
3096
3097 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3098
3099         Unreviewed, fix the debug build due to touching the non-declared variable in ASSERT
3100         https://bugs.webkit.org/show_bug.cgi?id=147307
3101
3102         * runtime/ObjectConstructor.cpp:
3103         (JSC::ownPropertyKeys):
3104
3105 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3106
3107         [ES6] Implement Reflect.ownKeys
3108         https://bugs.webkit.org/show_bug.cgi?id=147307
3109
3110         Reviewed by Sam Weinig.
3111
3112         This patch implements Reflect.ownKeys.
3113         In this patch, we refactor the existing code to list up own keys in the object.
3114         Such code is used by Object.getOwnPropertyNames, Object.getOwnPropertyKeys, Object.keys and @ownEnumerableKeys.
3115         We factor out the listing up own keys as ownPropertyKeys function and also use it in Reflect.ownKeys.
3116
3117         * runtime/ObjectConstructor.cpp:
3118         (JSC::objectConstructorGetOwnPropertyNames):
3119         (JSC::objectConstructorGetOwnPropertySymbols):
3120         (JSC::objectConstructorKeys):
3121         (JSC::ownEnumerablePropertyKeys):
3122         (JSC::ownPropertyKeys):
3123         * runtime/ObjectConstructor.h:
3124         * runtime/ReflectObject.cpp:
3125         (JSC::reflectObjectOwnKeys):
3126         * tests/stress/reflect-own-keys.js: Added.
3127         (shouldBe):
3128         (shouldThrow):
3129         (shouldBeArray):
3130
3131 2015-07-26  Yusuke Suzuki  <utatane.tea@gmail.com>
3132
3133         [ES6] Implement Reflect.apply
3134         https://bugs.webkit.org/show_bug.cgi?id=147306
3135
3136         Reviewed by Sam Weinig.
3137
3138         Implement Reflect.apply.
3139         The large part of this can be implemented by the @apply builtin annotation.
3140         The only thing which is different from the Funciton.prototype.apply is the third parameter,
3141         "argumentsList" is needed to be an object.
3142
3143         * builtins/ReflectObject.js:
3144         (apply):
3145         (deleteProperty):
3146         * runtime/ReflectObject.cpp:
3147         * tests/stress/reflect-apply.js: Added.
3148         (shouldBe):
3149         (shouldThrow):
3150         (get shouldThrow):
3151         (.get shouldThrow):
3152         (get var.array.get length):
3153         (get var.array.get 0):
3154         (.get var):
3155         * tests/stress/reflect-delete-property.js:
3156
3157 2015-07-25  Yusuke Suzuki  <utatane.tea@gmail.com>
3158
3159         [ES6] Add Reflect namespace and add Reflect.deleteProperty
3160         https://bugs.webkit.org/show_bug.cgi?id=147287
3161
3162         Reviewed by Sam Weinig.
3163
3164         This patch just creates the namespace for ES6 Reflect APIs.
3165         And add template files to implement the actual code.
3166
3167         Not to keep the JS generated properties C array empty,
3168         we added one small method, Reflect.deleteProperty in this patch.
3169
3170         * CMakeLists.txt:
3171         * DerivedSources.make:
3172         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3173         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3174         * JavaScriptCore.xcodeproj/project.pbxproj:
3175         * builtins/ReflectObject.js: Added.
3176         (deleteProperty):
3177         * runtime/CommonIdentifiers.h:
3178         * runtime/JSGlobalObject.cpp:
3179         (JSC::JSGlobalObject::init):
3180         * runtime/ReflectObject.cpp: Added.
3181         (JSC::ReflectObject::ReflectObject):
3182         (JSC::ReflectObject::finishCreation):
3183         (JSC::ReflectObject::getOwnPropertySlot):
3184         * runtime/ReflectObject.h: Added.
3185         (JSC::ReflectObject::create):
3186         (JSC::ReflectObject::createStructure):
3187         * tests/stress/reflect-delete-property.js: Added.
3188         (shouldBe):
3189         (shouldThrow):
3190
3191 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3192
3193         Avoid 2 times name iteration in Object.assign
3194         https://bugs.webkit.org/show_bug.cgi?id=147268
3195
3196         Reviewed by Geoffrey Garen.
3197
3198         Object.assign calls Object.getOwnPropertyNames & Object.getOwnPropertySymbols to collect all the names.
3199         But exposing the private API that collects both at the same time makes the API efficient when the given Object has so many non-indexed properties.
3200         Since Object.assign is so generic API (some form of utility API), the form of the given Object is not expected.
3201         So the taken object may have so many non-indexed properties.
3202
3203         In this patch, we introduce `ownEnumerablePropertyKeys` private function.
3204         It is minor changed version of `[[OwnPropertyKeys]]` in the ES6 spec;
3205         It only includes enumerable properties.
3206
3207         By filtering out the non-enumerable properties in the exposed private function,
3208         we avoid calling @objectGetOwnPropertyDescriptor for each property at the same time.
3209
3210         * builtins/ObjectConstructor.js:
3211         (assign):
3212         * runtime/CommonIdentifiers.h:
3213         * runtime/EnumerationMode.h:
3214         * runtime/JSGlobalObject.cpp:
3215         (JSC::JSGlobalObject::init):
3216         * runtime/ObjectConstructor.cpp:
3217         (JSC::ownEnumerablePropertyKeys):
3218         * runtime/ObjectConstructor.h:
3219         * tests/stress/object-assign-enumerable.js: Added.
3220         (shouldBe):
3221         * tests/stress/object-assign-order.js: Added.
3222         (shouldBe):
3223
3224 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3225
3226         Remove runtime flags for symbols
3227         https://bugs.webkit.org/show_bug.cgi?id=147246
3228
3229         Reviewed by Alex Christensen.
3230
3231         * runtime/ArrayPrototype.cpp:
3232         (JSC::ArrayPrototype::finishCreation):
3233         * runtime/JSGlobalObject.cpp:
3234         (JSC::JSGlobalObject::init): Deleted.
3235         * runtime/JSGlobalObject.h:
3236         * runtime/ObjectConstructor.cpp:
3237         (JSC::ObjectConstructor::finishCreation):
3238         * runtime/RuntimeFlags.h:
3239
3240 2015-07-24  Yusuke Suzuki  <utatane.tea@gmail.com>
3241
3242         Object.getOwnPropertySymbols on large list takes very long
3243         https://bugs.webkit.org/show_bug.cgi?id=146137
3244
3245         Reviewed by Mark Lam.
3246
3247         Before this patch, Object.getOwnPropertySymbols collects all the names including strings.
3248         And after it's done, filter the names to only retrieve the symbols.
3249         But it's so time consuming if the given object is a large non-holed array since it has
3250         many indexed properties and all the indexes have to be converted to uniqued_strings and
3251         added to the collection of property names (though they may not be of the requested type
3252         and will be filtered out later)
3253
3254         This patch introduces PropertyNameMode.
3255         We leverage this mode in 2 places.
3256
3257         1. PropertyNameArray side
3258         It is set in PropertyNameArray and it filters the incoming added identifiers based on the mode.
3259         It ensures that PropertyNameArray doesn't become so large in the pathological case.
3260         And it ensures that non-expected typed keys by the filter (Symbols or Strings) are never added
3261         to the property name array collections.
3262         However it does not solve the whole problem because the huge array still incurs the many
3263         "indexed property to uniqued string" conversion and the large iteration before adding the keys
3264         to the property name array.
3265
3266         2. getOwnPropertyNames side
3267         So we can use the PropertyNameMode in the caller side (getOwnPropertyNames) as a **hint**.
3268         When the large iteration may occur, the caller side can use the PropertyNameMode as a hint to
3269         avoid the iteration.
3270         But we cannot exclusively rely on these caller side checks because it would require that we
3271         exhaustively add the checks to all custom implementations of getOwnPropertyNames as well.
3272         This process requires manual inspection of many pieces of code, and is error prone. Instead,
3273         we only apply the caller side check in a few strategic places where it is known to yield
3274         performance benefits; and we rely on the filter in PropertyNameArray::add() to reject the wrong
3275         types of properties for all other calls to PropertyNameArray::add().
3276
3277         In this patch, there's a concept in use that is not clear just from reading the code, and hence
3278         should be documented here. When selecting the PropertyNameMode for the PropertyNameArray to be
3279         instantiated, we apply the following logic:
3280
3281         1. Only JavaScriptCore code is aware of ES6 Symbols.
3282         We can assume that pre-existing external code that interfaces JSC are only looking for string named properties. This includes:
3283             a. WebCore bindings
3284             b. Serializer bindings
3285             c. NPAPI bindings
3286             d. Objective C bindings
3287         2. In JSC, code that compute object storage space needs to iterate both Symbol and String named properties. Hence, use PropertyNameMode::Both.
3288         3. In JSC, ES6 APIs that work with Symbols should use PropertyNameMode::Symbols.
3289         4. In JSC, ES6 APIs that work with String named properties should use PropertyNameMode::Strings.
3290
3291         * API/JSObjectRef.cpp:
3292         (JSObjectCopyPropertyNames):
3293         * bindings/ScriptValue.cpp:
3294         (Deprecated::jsToInspectorValue):
3295         * bytecode/ObjectAllocationProfile.h:
3296         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount):
3297         * runtime/EnumerationMode.h:
3298         (JSC::EnumerationMode::EnumerationMode):
3299         (JSC::EnumerationMode::includeSymbolProperties): Deleted.
3300         * runtime/GenericArgumentsInlines.h:
3301         (JSC::GenericArguments<Type>::getOwnPropertyNames):
3302         * runtime/JSGenericTypedArrayViewInlines.h:
3303         (JSC::JSGenericTypedArrayView<Adaptor>::getOwnPropertyNames):
3304         * runtime/JSLexicalEnvironment.cpp:
3305         (JSC::JSLexicalEnvironment::getOwnNonIndexPropertyNames):
3306         * runtime/JSONObject.cpp:
3307         (JSC::Stringifier::Stringifier):
3308         (JSC::Stringifier::Holder::appendNextProperty):
3309         (JSC::Walker::walk):
3310         * runtime/JSObject.cpp:
3311         (JSC::JSObject::getOwnPropertyNames):
3312         * runtime/JSPropertyNameEnumerator.cpp:
3313         (JSC::JSPropertyNameEnumerator::create):
3314         * runtime/JSPropertyNameEnumerator.h:
3315         (JSC::propertyNameEnumerator):
3316         * runtime/JSSymbolTableObject.cpp:
3317         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
3318         * runtime/ObjectConstructor.cpp:
3319         (JSC::objectConstructorGetOwnPropertyNames):
3320         (JSC::objectConstructorGetOwnPropertySymbols):
3321         (JSC::objectConstructorKeys):
3322         (JSC::defineProperties):
3323         (JSC::objectConstructorSeal):
3324         (JSC::objectConstructorFreeze):
3325         (JSC::objectConstructorIsSealed):
3326         (JSC::objectConstructorIsFrozen):
3327         * runtime/PropertyNameArray.h:
3328         (JSC::PropertyNameArray::PropertyNameArray):
3329         (JSC::PropertyNameArray::mode):
3330         (JSC::PropertyNameArray::addKnownUnique):
3331         (JSC::PropertyNameArray::add):
3332         (JSC::PropertyNameArray::isUidMatchedToTypeMode):
3333         (JSC::PropertyNameArray::includeSymbolProperties):
3334         (JSC::PropertyNameArray::includeStringProperties):
3335         * runtime/StringObject.cpp:
3336         (JSC::StringObject::getOwnPropertyNames):
3337         * runtime/Structure.cpp:
3338         (JSC::Structure::getPropertyNamesFromStructure):
3339
3340 2015-07-24  Saam barati  <saambarati1@gmail.com>
3341
3342         [ES6] Add support for default parameters
3343         https://bugs.webkit.org/show_bug.cgi?id=38409
3344
3345         Reviewed by Filip Pizlo.
3346
3347         This patch implements ES6 default parameters according to the ES6
3348         specification. This patch builds off the components introduced with 
3349         "let" scoping and parsing function parameters in the same parser
3350         arena as the function itself. "let" scoping allows functions with default 
3351         parameter values to place their parameters under the TDZ. Parsing function
3352         parameters in the same parser arena allows the FunctionParameters AST node
3353         refer to ExpressionNodes.
3354
3355         The most subtle part of this patch is how we allocate lexical environments
3356 &nb