dbd04a9ea1d3493ada727f476b6154b092a197a7
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-02-03  Mark Hahnenberg  <mhahnenberg@apple.com>
2
3         Fix the LLInt C loop
4
5         Rubber stamped by Mark Lam.
6
7         * llint/LLIntSlowPaths.cpp:
8         (JSC::LLInt::llint_write_barrier_slow):
9         * llint/LLIntSlowPaths.h:
10
11 2014-02-03  Dean Jackson  <dino@apple.com>
12
13         Feature flag for shape-inside
14         https://bugs.webkit.org/show_bug.cgi?id=128001
15
16         Reviewed by Simon Fraser.
17
18         Add CSS_SHAPE_INSIDE flag.
19
20         * Configurations/FeatureDefines.xcconfig:
21
22 2014-02-03  Oliver Hunt  <oliver@apple.com>
23
24         Deconstructed parameters aren't being placed in the correct scope
25         https://bugs.webkit.org/show_bug.cgi?id=128126
26
27         Reviewed by Antti Koivisto.
28
29         Make sure we declare the bound parameter names as variables when
30         we reparse.  In the BytecodeGenerator we now also directly ensure
31         that bound parameters are placed in the symbol table of the function
32         we're currently compiling.  We then delay binding until just before
33         we start codegen for the body of the function so that we can ensure
34         the function has completely initialised all scope details.
35
36         * bytecompiler/BytecodeGenerator.cpp:
37         (JSC::BytecodeGenerator::generate):
38         (JSC::BytecodeGenerator::BytecodeGenerator):
39         * bytecompiler/BytecodeGenerator.h:
40         * parser/Parser.cpp:
41         (JSC::Parser<LexerType>::Parser):
42         (JSC::Parser<LexerType>::createBindingPattern):
43
44 2014-02-03  Alexey Proskuryakov  <ap@apple.com>
45
46         Update JS whitespace definition for changes in Unicode 6.3
47         https://bugs.webkit.org/show_bug.cgi?id=127450
48
49         Reviewed by Oliver Hunt.
50
51         * parser/Lexer.h: (JSC::Lexer<UChar>::isWhiteSpace): Part 2 of the fix, update lexer too.
52
53 2014-02-03  Matthew Mirman  <mmirman@apple.com>
54
55         Added GetTypedArrayByteOffset to FTL
56         https://bugs.webkit.org/show_bug.cgi?id=127589
57
58         Reviewed by Filip Pizlo.
59
60         * ftl/FTLAbstractHeapRepository.h:
61         * ftl/FTLCapabilities.cpp:
62         (JSC::FTL::canCompile):
63         * ftl/FTLLowerDFGToLLVM.cpp:
64         (JSC::FTL::LowerDFGToLLVM::compileNode):
65         (JSC::FTL::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
66         * tests/stress/ftl-gettypedarrayoffset-simple.js: Added.
67         (foo):
68         * tests/stress/ftl-gettypedarrayoffset-wasteful.js: Added.
69         (foo):
70
71 2014-02-03  Mark Lam  <mark.lam@apple.com>
72
73         Debugger created JSActivations should account for CodeBlock::framePointerOffsetToGetActivationRegisters().
74         <https://webkit.org/b/128112>
75
76         Reviewed by Geoffrey Garen.
77
78         Currently, when the DebuggerCallFrame creates the JSActivation object
79         for a frame, it does not account for the framePointerOffsetToGetActivationRegisters()
80         offset that needs to be added for DFG frames.
81
82         Instead of special casing the fix in DebuggerCallFrame::scope(), we fix
83         this by adding CodeBlock::framePointerOffsetToGetActivationRegisters() to
84         callFrame->registers() in the JSActivation::create() method that does not
85         explicitly take a Register*. This ensures that JSActivation::create() will
86         always do the right thing instead of only being a special case for the
87         LLINT and baselineJIT.
88
89         Apart from the DebuggerCallFrame, this create() function is only called by
90         slow paths in the LLINT and baselineJIT. Hence, it is not performance
91         critical.
92
93         * runtime/JSActivation.h:
94         (JSC::JSActivation::create):
95
96 2014-01-31  Geoffrey Garen  <ggaren@apple.com>
97
98         Simplified name scope creation for function expressions
99         https://bugs.webkit.org/show_bug.cgi?id=128031
100
101         Reviewed by Mark Lam.
102
103         3X speedup on js/regress/script-tests/function-with-eval.js.
104
105         We used to emit bytecode to push a name into local scope every
106         time a function that needed such a name executed. Now, we push the name
107         into scope once on the function object, and leave it there.
108
109         This is faster, and it also reduces the number of variable resolution
110         modes you have to worry about when thinking about bytecode and the
111         debugger.
112
113         This patch is slightly complicated by the fact that we don't know if
114         a function needs a name scope until we parse its body. So, there's some
115         glue code in here to delay filling in a function's scope until we parse
116         its body for the first time.
117
118         * bytecode/UnlinkedCodeBlock.cpp:
119         (JSC::generateFunctionCodeBlock):
120         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
121         * bytecode/UnlinkedCodeBlock.h:
122         (JSC::UnlinkedFunctionExecutable::functionMode): Renamed
123         functionNameIsInScopeToggle to functionMode.
124
125         * bytecompiler/BytecodeGenerator.cpp:
126         (JSC::BytecodeGenerator::BytecodeGenerator): No need to emit convert_this
127         when debugging. The debugger will perform the conversion as needed.
128
129         (JSC::BytecodeGenerator::resolveCallee):
130         (JSC::BytecodeGenerator::addCallee): Simplified this code by removing
131         the "my function needs a name scope, but didn't allocate one" mode.
132
133         * interpreter/Interpreter.cpp:
134         (JSC::Interpreter::execute):
135         (JSC::Interpreter::executeCall):
136         (JSC::Interpreter::executeConstruct):
137         (JSC::Interpreter::prepareForRepeatCall): Pass a scope slot through to
138         CodeBlock generation, so we can add a function name scope if the parsed
139         function body requires one.
140
141         * jit/JITOperations.cpp:
142         * llint/LLIntSlowPaths.cpp:
143         (JSC::LLInt::setUpCall): Ditto.
144
145         * parser/NodeConstructors.h:
146         (JSC::FuncExprNode::FuncExprNode):
147         (JSC::FuncDeclNode::FuncDeclNode):
148         * parser/Nodes.cpp:
149         (JSC::FunctionBodyNode::finishParsing):
150         * parser/Nodes.h:
151         (JSC::FunctionBodyNode::functionMode): Updated for rename.
152
153         * parser/ParserModes.h:
154         (JSC::functionNameIsInScope):
155         (JSC::functionNameScopeIsDynamic): Helper functions for reasoning about
156         how crazy JavaScript language semantics are.
157
158         * runtime/ArrayPrototype.cpp:
159         (JSC::isNumericCompareFunction):
160         (JSC::attemptFastSort): Updated for interface changes above.
161
162         * runtime/Executable.cpp:
163         (JSC::ScriptExecutable::newCodeBlockFor):
164         (JSC::ScriptExecutable::prepareForExecutionImpl):
165         (JSC::FunctionExecutable::FunctionExecutable):
166         * runtime/Executable.h:
167         (JSC::ScriptExecutable::prepareForExecution):
168         (JSC::FunctionExecutable::functionMode):
169         * runtime/JSFunction.cpp:
170         (JSC::JSFunction::addNameScopeIfNeeded):
171         * runtime/JSFunction.h:
172         * runtime/JSNameScope.h:
173         (JSC::JSNameScope::create):
174         (JSC::JSNameScope::JSNameScope): Added machinery for pushing a function
175         name scope onto a function when we first discover that it's needed.
176
177 2014-01-25  Darin Adler  <darin@apple.com>
178
179         Stop using Unicode.h
180         https://bugs.webkit.org/show_bug.cgi?id=127633
181
182         Reviewed by Anders Carlsson.
183
184         * parser/Lexer.h:
185         * runtime/JSGlobalObjectFunctions.h:
186         * yarr/YarrCanonicalizeUCS2.h:
187         * yarr/YarrInterpreter.h:
188         * yarr/YarrParser.h:
189         * yarr/YarrPattern.h:
190         Removed includes of <wtf/unicode/Unicode.h>, adding includes of
191         ICU headers and <wtf/text/LChar.h> as needed to replace it.
192
193 2014-02-03  Dan Bernstein  <mitz@apple.com>
194
195         Correctly address Darin’s review comment on the last change.
196
197         * runtime/Watchdog.h: Changed an OS(DARWIN) guard around formerly PLATFORM(MAC)-only member
198         variables to the equivalent OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
199
200 2014-02-03  Dan Bernstein  <mitz@apple.com>
201
202         Stop using PLATFORM(MAC) in JavaScriptCore except where it means “OS X but not iOS”
203         https://bugs.webkit.org/show_bug.cgi?id=128098
204
205         Reviewed by Darin Adler.
206
207         * API/JSValueRef.cpp:
208         (JSValueUnprotect): Added an explicit !PLATFORM(IOS) in guards for the Evernote workaround,
209         which is only needed on OS X.
210
211         * API/tests/testapi.c:
212         (main): Changed PLATFORM(MAC) || PLATFORM(IOS) guards to OS(DARWIN), because they were
213         surrounding tests for code that is itself guarded by OS(DARWIN).
214
215         * runtime/Watchdog.h: Changed PLATFORM(MAC) to OS(DARWIN).
216
217         * tools/CodeProfiling.cpp:
218         (JSC::CodeProfiling::begin): Changed PLATFORM(MAC) to
219         OS(DARWIN) && !PLATFORM(EFL) && !PLATFORM(GTK).
220         (JSC::CodeProfiling::end): Ditto.
221
222 2014-02-02  Mark Lam  <mark.lam@apple.com>
223
224         Repatch code is passing the wrong args to lookupExceptionHandler.
225         <https://webkit.org/b/128085>
226
227         Reviewed by Oliver Hunt.
228
229         lookupExceptionHandler() is expecting 2 args: VM*, ExecState*.
230         The repatch code was only passing an ExecState*. A crash ensues.
231         This is now fixed.
232
233         * jit/JIT.cpp:
234         (JSC::JIT::privateCompileExceptionHandlers):
235         * jit/Repatch.cpp:
236         (JSC::generateProtoChainAccessStub):
237
238 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
239
240         JSC profiler's stub info profiling support should work again
241         https://bugs.webkit.org/show_bug.cgi?id=128057
242
243         Reviewed by Mark Lam.
244
245         * bytecode/CodeBlock.cpp:
246         (JSC::CodeBlock::printGetByIdCacheStatus): We want to know if the cache was ever reset by GC, since the DFG uses this information.
247         (JSC::CodeBlock::printLocationAndOp): This shouldn't have been inline.
248         (JSC::CodeBlock::printLocationOpAndRegisterOperand): Ditto.
249         (JSC::CodeBlock::dumpBytecode): Dump the profiling field, and make sure that the caller can pass a StubInfoMap, which is necessary for dumping StructureStubInfo profiling.
250         * bytecode/CodeBlock.h: Out-of-line some methods and add the StubInfoMap parameter.
251         * profiler/ProfilerBytecodeSequence.cpp:
252         (JSC::Profiler::BytecodeSequence::BytecodeSequence): Create a StubInfoMap before dumping bytecodes.
253
254 2014-02-01  Filip Pizlo  <fpizlo@apple.com>
255
256         JSC profiler should show reasons for jettison
257         https://bugs.webkit.org/show_bug.cgi?id=128047
258
259         Reviewed by Geoffrey Garen.
260         
261         Henceforth if you want to jettison a CodeBlock, you gotta tell the Profiler why you did
262         it. This makes figuring out convergence issues - where some code seems to take a long
263         time to get into the top tier compiler - a lot easier.
264
265         * CMakeLists.txt:
266         * GNUmakefile.list.am:
267         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
268         * JavaScriptCore.xcodeproj/project.pbxproj:
269         * bytecode/CodeBlock.cpp:
270         (JSC::CodeBlock::finalizeUnconditionally):
271         (JSC::CodeBlock::jettison):
272         (JSC::CodeBlock::addBreakpoint):
273         (JSC::CodeBlock::setSteppingMode):
274         * bytecode/CodeBlock.h:
275         * bytecode/CodeBlockJettisoningWatchpoint.cpp:
276         (JSC::CodeBlockJettisoningWatchpoint::fireInternal):
277         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
278         (JSC::ProfiledCodeBlockJettisoningWatchpoint::fireInternal):
279         * dfg/DFGOperations.cpp:
280         * jit/JITOperations.cpp:
281         * profiler/ProfilerCompilation.cpp:
282         (JSC::Profiler::Compilation::Compilation):
283         (JSC::Profiler::Compilation::toJS):
284         * profiler/ProfilerCompilation.h:
285         (JSC::Profiler::Compilation::setJettisonReason):
286         * profiler/ProfilerJettisonReason.cpp: Added.
287         (WTF::printInternal):
288         * profiler/ProfilerJettisonReason.h: Added.
289         * runtime/CommonIdentifiers.h:
290         * runtime/VM.cpp:
291         (JSC::SetEnabledProfilerFunctor::operator()):
292
293 2014-02-01  Mark Lam  <mark.lam@apple.com>
294
295         Saying "jitType() == JITCode::DFGJIT" is almost never correct.
296         <http://webkit.org/b/128045>
297
298         Reviewed by Filip Pizlo.
299
300         JITCode::isOptimizingJIT(jitType()) is the right way to say it.
301
302         * bytecode/CodeBlock.cpp:
303         (JSC::CodeBlock::addBreakpoint):
304         (JSC::CodeBlock::setSteppingMode):
305         * runtime/VM.cpp:
306         (JSC::SetEnabledProfilerFunctor::operator()):
307
308 2014-02-01  Michael Saboff  <msaboff@apple.com>
309
310         REGRESSION (r163027?): CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.JavaScriptCore: JSC::ArrayProfile::computeUpdatedPrediction + 4
311         https://bugs.webkit.org/show_bug.cgi?id=128037
312
313         Reviewed by Mark Lam.
314
315         op_call_varargs ops now needs an ArrayProfile since DFG inlines these since
316         change set r162739.
317
318         * bytecode/CodeBlock.cpp:
319         (JSC::CodeBlock::CodeBlock):
320         * bytecompiler/BytecodeGenerator.cpp:
321         (JSC::BytecodeGenerator::emitCallVarargs):
322
323 2014-01-31  Mark Lam  <mark.lam@apple.com>
324
325         Gardening: fix build breakage.
326
327         Not reviewed.
328
329         * interpreter/CallFrame.h:
330
331 2014-01-31  Mark Lam  <mark.lam@apple.com>
332
333         Gardening: Fix a merge problem to unbreak bots.
334
335         Not reviewed.
336
337         * bytecompiler/BytecodeGenerator.cpp:
338         (JSC::BytecodeGenerator::BytecodeGenerator):
339
340 2014-01-31  Oliver Hunt  <oliver@apple.com>
341
342         Rollout r163195 and related patches
343
344         * API/JSCallbackObjectFunctions.h:
345         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
346         (JSC::JSCallbackObject<Parent>::put):
347         (JSC::JSCallbackObject<Parent>::deleteProperty):
348         (JSC::JSCallbackObject<Parent>::getStaticValue):
349         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
350         (JSC::JSCallbackObject<Parent>::callbackGetter):
351         * CMakeLists.txt:
352         * DerivedSources.make:
353         * GNUmakefile.am:
354         * GNUmakefile.list.am:
355         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
356         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
357         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
358         * JavaScriptCore.vcxproj/copy-files.cmd:
359         * JavaScriptCore.xcodeproj/project.pbxproj:
360         * builtins/Array.prototype.js: Removed.
361         * builtins/BuiltinExecutables.cpp: Removed.
362         * builtins/BuiltinExecutables.h: Removed.
363         * bytecode/CodeBlock.cpp:
364         (JSC::CodeBlock::CodeBlock):
365         * bytecode/CodeBlock.h:
366         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
367         * bytecode/UnlinkedCodeBlock.cpp:
368         (JSC::generateFunctionCodeBlock):
369         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
370         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
371         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
372         * bytecode/UnlinkedCodeBlock.h:
373         (JSC::ExecutableInfo::ExecutableInfo):
374         (JSC::UnlinkedFunctionExecutable::create):
375         * bytecompiler/BytecodeGenerator.cpp:
376         (JSC::BytecodeGenerator::BytecodeGenerator):
377         * bytecompiler/BytecodeGenerator.h:
378         (JSC::BytecodeGenerator::makeFunction):
379         * bytecompiler/NodesCodegen.cpp:
380         (JSC::CallFunctionCallDotNode::emitBytecode):
381         (JSC::ApplyFunctionCallDotNode::emitBytecode):
382         * create_hash_table:
383         * dfg/DFGDominators.cpp:
384         * dfg/DFGJITCode.cpp:
385         * dfg/DFGOperations.cpp:
386         * generate-js-builtins: Removed.
387         * interpreter/CachedCall.h:
388         (JSC::CachedCall::CachedCall):
389         * interpreter/Interpreter.cpp:
390         * interpreter/ProtoCallFrame.cpp:
391         * jit/JITOpcodes.cpp:
392         * jit/JITOpcodes32_64.cpp:
393         * jit/JITOperations.cpp:
394         * jit/JITPropertyAccess.cpp:
395         * jit/JITPropertyAccess32_64.cpp:
396         * jsc.cpp:
397         * llint/LLIntOffsetsExtractor.cpp:
398         * llint/LLIntSlowPaths.cpp:
399         * parser/ASTBuilder.h:
400         (JSC::ASTBuilder::makeFunctionCallNode):
401         * parser/Lexer.cpp:
402         (JSC::Lexer<T>::Lexer):
403         (JSC::Lexer<LChar>::parseIdentifier):
404         (JSC::Lexer<UChar>::parseIdentifier):
405         (JSC::Lexer<T>::lex):
406         * parser/Lexer.h:
407         (JSC::Lexer<T>::lexExpectIdentifier):
408         * parser/Nodes.cpp:
409         * parser/Nodes.h:
410         * parser/Parser.cpp:
411         (JSC::Parser<LexerType>::Parser):
412         (JSC::Parser<LexerType>::parseInner):
413         (JSC::Parser<LexerType>::didFinishParsing):
414         (JSC::Parser<LexerType>::printUnexpectedTokenText):
415         * parser/Parser.h:
416         (JSC::parse):
417         * parser/ParserModes.h:
418         * parser/ParserTokens.h:
419         * runtime/Arguments.h:
420         * runtime/ArgumentsIteratorPrototype.cpp:
421         * runtime/ArrayPrototype.cpp:
422         (JSC::arrayProtoFuncEvery):
423         * runtime/CodeCache.cpp:
424         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
425         * runtime/CommonIdentifiers.cpp:
426         (JSC::CommonIdentifiers::CommonIdentifiers):
427         * runtime/CommonIdentifiers.h:
428         * runtime/CommonSlowPaths.cpp:
429         * runtime/CommonSlowPathsExceptions.cpp:
430         * runtime/ExceptionHelpers.cpp:
431         (JSC::createUndefinedVariableError):
432         * runtime/Executable.h:
433         (JSC::EvalExecutable::executableInfo):
434         (JSC::ProgramExecutable::executableInfo):
435         (JSC::isHostFunction):
436         * runtime/FunctionPrototype.cpp:
437         (JSC::functionProtoFuncToString):
438         * runtime/JSActivation.cpp:
439         (JSC::JSActivation::symbolTableGet):
440         (JSC::JSActivation::symbolTablePut):
441         (JSC::JSActivation::symbolTablePutWithAttributes):
442         * runtime/JSArgumentsIterator.cpp:
443         * runtime/JSArray.cpp:
444         * runtime/JSArrayIterator.cpp:
445         * runtime/JSCJSValue.cpp:
446         * runtime/JSCellInlines.h:
447         * runtime/JSFunction.cpp:
448         (JSC::JSFunction::calculatedDisplayName):
449         (JSC::JSFunction::sourceCode):
450         (JSC::JSFunction::callerGetter):
451         (JSC::JSFunction::getOwnPropertySlot):
452         (JSC::JSFunction::getOwnNonIndexPropertyNames):
453         (JSC::JSFunction::put):
454         (JSC::JSFunction::defineOwnProperty):
455         * runtime/JSFunction.h:
456         * runtime/JSFunctionInlines.h:
457         (JSC::JSFunction::nativeFunction):
458         (JSC::JSFunction::nativeConstructor):
459         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
460         * runtime/JSGenericTypedArrayViewInlines.h:
461         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
462         * runtime/JSGlobalObject.cpp:
463         (JSC::JSGlobalObject::reset):
464         (JSC::JSGlobalObject::visitChildren):
465         * runtime/JSGlobalObject.h:
466         (JSC::JSGlobalObject::symbolTableHasProperty):
467         * runtime/JSObject.cpp:
468         (JSC::getClassPropertyNames):
469         (JSC::JSObject::reifyStaticFunctionsForDelete):
470         * runtime/JSObject.h:
471         * runtime/JSPromiseConstructor.cpp:
472         * runtime/JSPromiseDeferred.cpp:
473         * runtime/JSPromisePrototype.cpp:
474         * runtime/JSPromiseReaction.h:
475         * runtime/JSPropertyNameIterator.cpp:
476         * runtime/JSPropertyNameIterator.h:
477         * runtime/JSString.h:
478         (JSC::JSString::getStringPropertySlot):
479         (JSC::inlineJSValueNotStringtoString):
480         (JSC::JSValue::toWTFStringInline):
481         * runtime/JSStringInlines.h: Removed.
482         * runtime/JSSymbolTableObject.cpp:
483         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
484         * runtime/JSSymbolTableObject.h:
485         (JSC::symbolTableGet):
486         (JSC::symbolTablePut):
487         (JSC::symbolTablePutWithAttributes):
488         * runtime/Lookup.cpp:
489         (JSC::setUpStaticFunctionSlot):
490         * runtime/Lookup.h:
491         (JSC::HashEntry::propertyGetter):
492         (JSC::HashEntry::propertyPutter):
493         (JSC::HashTable::entry):
494         (JSC::getStaticPropertySlot):
495         (JSC::getStaticValueSlot):
496         (JSC::putEntry):
497         * runtime/NativeErrorConstructor.cpp:
498         * runtime/NativeErrorConstructor.h:
499         (JSC::NativeErrorConstructor::finishCreation):
500         * runtime/PropertySlot.h:
501         * runtime/RegExpConstructor.cpp:
502         * runtime/RegExpPrototype.cpp:
503         * runtime/SetConstructor.cpp:
504         * runtime/StringObject.cpp:
505         * runtime/Structure.cpp:
506         * runtime/VM.cpp:
507         (JSC::VM::VM):
508         * runtime/VM.h:
509
510 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
511
512         DFG->FTL tier-up shouldn't assume that LoopHints stay at the tops of loops
513         https://bugs.webkit.org/show_bug.cgi?id=128030
514
515         Reviewed by Oliver Hunt.
516         
517         Remove a bogus assertion. The only thing that matters is that the LoopHint had at one
518         point in time been at the top of a loop header, and that it is now at the top of a
519         basic block. But the basic block that it's at the top of now doesn't have to be the
520         same as the loop header that it once was the top of.
521
522         * dfg/DFGTierUpCheckInjectionPhase.cpp:
523         (JSC::DFG::TierUpCheckInjectionPhase::run):
524         * tests/stress/tier-up-in-loop-with-cfg-simplification.js: Added.
525         (foo):
526
527 2014-01-31  Mark Lam  <mark.lam@apple.com>
528
529         Avoid eagerly creating the JSActivation when the debugger is attached.
530         <https://webkit.org/b/127910>
531
532         Reviewed by Oliver Hunt.
533
534         Octane scores for this patch:
535             baseline w/o WebInspector: 11621
536             patched  w/o WebInspector: 11801
537             baseline w/ WebInspector:  3295
538             patched  w/ WebInspector:  7070   2.1x improvement
539
540         1. Because debugger can potentially create a closure from any call frame,
541            we need every function to allocate an activation register and check for
542            the need to tear off the activation (if needed) on return.
543
544            However, we do not need to eagerly create the activation object.
545            This patch implements the optimization to defer creation of the
546            activation object until we actually need it i.e. when:
547
548            1. We encounter a "eval", "with", or "catch" statement.
549            2. We've paused in the debugger, and called DebuggerCallFrame::scope().
550
551         2. The UnlinkedCodeBlock provides a needsFullScopeChain flag that is used
552            to indicate whether the linked CodeBlock will need an activation
553            object or not. Under normal circumstances, needsFullScopeChain and
554            needsActivation are synonymous. However, with a debugger attached, we
555            want the CodeBlock to always allocate an activationRegister even if
556            it does not need a "full scope chain".
557
558            Hence, we apply the following definitions to the "flags":
559
560            1. UnlinkedCodeBlock::needsFullScopeChain() - this flag indicates that
561               the parser discovered JS artifacts (e.g. use of "eval", "with", etc.)
562               that requires an activation.
563
564               BytecodeGenerator's destinationForAssignResult() and leftHandSideNeedsCopy()
565               checks needsFullScopeChain().
566
567            2. UnlinkedCodeBlock::hasActivationRegister() - this flag indicates that
568               an activation register was created for the UnlinkedCodeBlock either
569               because it needsFullScopeChain() or because the debugger is attached.
570
571            3. CodeBlock::needsActivation() reflects UnlinkedCodeBlock's
572               hasActivationRegister().
573
574         3. Introduced BytecodeGenerator::emitPushFunctionNameScope() and
575            BytecodeGenerator::emitPushCatchScope() because the JSNameScope
576            pushed for a function name cannot be popped unlike the JSNameScope
577            pushed for a "catch". Hence, we have 2 functions to handle the 2 cases
578            differently.
579
580         4. Removed DebuggerCallFrame::evaluateWithCallFrame() and require that all
581            debugger evaluations go through the DebuggerCallFrame::evaluate(). This
582            ensures that debugger evaluations require a DebuggerCallFrame.
583
584            DebuggerCallFrame::evaluateWithCallFrame() was used previously because
585            we didn't want to instantiate a DebuggerCallFrame on every debug hook
586            callback. However, we now only call the debug hooks when needed, and
587            this no longer poses a performance problem.
588
589            In addition, when the debug hook does an eval to test a breakpoint
590            condition, it is incorrect to evaluate it without a DebuggerCallFrame
591            anyway.
592
593         5. Added some utility functions to the CallFrame to make it easier to work
594            with the activation register in the frame (if present). These utility
595            functions should only be called if the CodeBlock::needsActivation() is
596            true (which indicates the presence of the activation register). The
597            utlity functions are:
598
599            1. CallFrame::hasActivation()
600               - checks if the frame's activation object has been created.
601
602            2. CallFrame::activation()
603               - returns the frame's activation object.
604
605            3. CallFrame::uncheckedActivation()
606               - returns the JSValue in the frame's activation register. May be null.
607
608            4. CallFrame::setActivation()
609               - sets the frame's activation object.
610
611         * bytecode/CodeBlock.cpp:
612         (JSC::CodeBlock::dumpBytecode):
613         - added symbollic dumping of ResolveMode and ResolveType values for some
614           bytecodes.
615         (JSC::CodeBlock::CodeBlock):
616         * bytecode/CodeBlock.h:
617         (JSC::CodeBlock::activationRegister):
618         (JSC::CodeBlock::uncheckedActivationRegister):
619         (JSC::CodeBlock::needsActivation):
620         * bytecode/UnlinkedCodeBlock.h:
621         (JSC::UnlinkedCodeBlock::needsFullScopeChain):
622         (JSC::UnlinkedCodeBlock::hasActivationRegister):
623         * bytecompiler/BytecodeGenerator.cpp:
624         (JSC::BytecodeGenerator::BytecodeGenerator):
625         (JSC::BytecodeGenerator::resolveCallee):
626         (JSC::BytecodeGenerator::createActivationIfNecessary):
627         (JSC::BytecodeGenerator::emitCallEval):
628         (JSC::BytecodeGenerator::emitReturn):
629         (JSC::BytecodeGenerator::emitPushWithScope):
630         (JSC::BytecodeGenerator::emitPushFunctionNameScope):
631         (JSC::BytecodeGenerator::emitPushCatchScope):
632         * bytecompiler/BytecodeGenerator.h:
633         * bytecompiler/NodesCodegen.cpp:
634         (JSC::TryNode::emitBytecode):
635         * debugger/Debugger.cpp:
636         (JSC::Debugger::hasBreakpoint):
637         (JSC::Debugger::pauseIfNeeded):
638         * debugger/DebuggerCallFrame.cpp:
639         (JSC::DebuggerCallFrame::scope):
640         (JSC::DebuggerCallFrame::evaluate):
641         * debugger/DebuggerCallFrame.h:
642         * dfg/DFGByteCodeParser.cpp:
643         (JSC::DFG::ByteCodeParser::parseCodeBlock):
644         * dfg/DFGGraph.h:
645         - Removed an unused function DFGGraph::needsActivation().
646         * interpreter/CallFrame.cpp:
647         (JSC::CallFrame::activation):
648         (JSC::CallFrame::setActivation):
649         * interpreter/CallFrame.h:
650         (JSC::ExecState::hasActivation):
651         (JSC::ExecState::registers):
652         * interpreter/CallFrameInlines.h:
653         (JSC::CallFrame::uncheckedActivation):
654         * interpreter/Interpreter.cpp:
655         (JSC::unwindCallFrame):
656         (JSC::Interpreter::unwind):
657         * jit/JITOperations.cpp:
658         * llint/LLIntSlowPaths.cpp:
659         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
660         * runtime/CommonSlowPaths.cpp:
661         (JSC::SLOW_PATH_DECL):
662
663         * runtime/JSScope.cpp:
664         * runtime/JSScope.h:
665         (JSC::resolveModeName):
666         (JSC::resolveTypeName):
667         - utility functions for decoding names of the ResolveMode and ResolveType.
668           These are used in CodeBlock::dumpBytecode().
669
670 2014-01-31  Michael Saboff  <msaboff@apple.com>
671
672         REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
673         https://bugs.webkit.org/show_bug.cgi?id=128017
674
675         Reviewed by Filip Pizlo.
676
677         Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
678         to JSLock and JSLock::DropAllLocks.  The saved data is now stored in per-thread in
679         WTFThreadData.
680
681         * runtime/InitializeThreading.cpp:
682         (JSC::initializeThreading):
683         * runtime/JSLock.cpp:
684         (JSC::JSLock::lock):
685         (JSC::JSLock::unlock):
686         (JSC::JSLock::DropAllLocks::DropAllLocks):
687         (JSC::JSLock::DropAllLocks::~DropAllLocks):
688         * runtime/JSLock.h:
689         * runtime/VMEntryScope.cpp:
690         (JSC::VMEntryScope::VMEntryScope):
691         (JSC::VMEntryScope::~VMEntryScope):
692         * runtime/VMEntryScope.h:
693
694 2014-01-31  Mark Lam  <mark.lam@apple.com>
695
696         Don't need a JSNameScope for the callee name just for the debugger.
697         <https://webkit.org/b/128024>
698
699         Reviewed by Geoffrey Garen.
700
701         Currently, in the bytecode for a function, we push a JSNamedScope for
702         the name of the function when a debugger is attached. The name scope for
703         the function name is only needed for evals which can redefine the name
704         to resolve to something else, and can later delete the redefined name
705         which should revert the resolution of the name to the original function.
706         The debugger does not need this feature because it declares all new vars
707         in a temporary nested scope. Hence, we can remove the presence of the
708         debugger as a criteria for pushing the JSNameScope.
709
710         * bytecompiler/BytecodeGenerator.cpp:
711         (JSC::BytecodeGenerator::resolveCallee):
712         (JSC::BytecodeGenerator::addCallee):
713
714 2014-01-31  Filip Pizlo  <fpizlo@apple.com>
715
716         Unreviewed, build fix.
717
718         * ftl/FTLOSREntry.cpp:
719
720 2014-01-31  Oliver Hunt  <oliver@apple.com>
721
722         Fix windows
723
724         * generate-js-builtins:
725
726 2014-01-31  Oliver Hunt  <oliver@apple.com>
727
728         Fix 32bit.
729
730         * jit/JITPropertyAccess32_64.cpp:
731
732 2014-01-31  Mark Lam  <mark.lam@apple.com>
733
734         Add options to force debugger / profiler bytecode generation.
735         <https://webkit.org/b/128014>
736
737         Reviewed by Oliver Hunt.
738
739         Add Options::forceDebuggerBytecodeGeneration() and
740         Options::forceProfilerBytecodeGeneration(). These options make it more
741         convenient to do correctness testing when debugger / profiler bytecodes
742         are generated.
743
744         These options are disabled by default.
745
746         * bytecompiler/BytecodeGenerator.cpp:
747         (JSC::BytecodeGenerator::BytecodeGenerator):
748         * runtime/Options.h:
749
750 2014-01-29  Oliver Hunt  <oliver@apple.com>
751
752         Make it possible to implement JS builtins in JS
753         https://bugs.webkit.org/show_bug.cgi?id=127887
754
755         Reviewed by Michael Saboff.
756
757         This patch makes it possible to write builtin functions in JS.
758         The bindings, generators, and definitions are all created automatically
759         based on js files in the builtins/ directory.  This patch includes one
760         such case: Array.prototype.js with an implementation of every().
761
762         There's a lot of refactoring to make it possible for CommonIdentifiers
763         to include the output of the generated files (DerivedSources/JSCBuiltins.{h,cpp})
764         without breaking the offset extractor. The result of this refactoring
765         is that CommonIdentifiers, and a few other miscellaneous headers now
766         need to be included directly as they were formerly captured through other
767         paths.
768
769         In addition this adds a flag to the Lookup table's hashentry to indicate
770         that a static function is actually backed by JS. There is then a lot of
771         logic to thread the special nature of the functon to where it matters.
772         This allows toString(), .caller, etc to mimic the behaviour of a host
773         function.
774
775         Notes on writing builtins:
776          - Each function is compiled independently of the others, and those
777            implementations cannot currently capture all global properties (as
778            that could be potentially unsafe). If a function does capture a
779            global we will deliberately crash.
780          - For those "global" properties that we do want access to, we use
781            the @ prefix, e.g. Object(this) becomes @Object(this). The @ identifiers
782            are private names, and behave just like regular properties, only
783            without the risk of adulteration. Again, in the @Object case, we
784            explicitly duplicate the ObjectConstructor reference on the GlobalObject
785            so that we have guaranteed access to the original version of the
786            constructor.
787          - call, apply, eval, and Function are all rejected identifiers, again
788            to prevent anything from accidentally using an adulterated object.
789            Instead @call and @apply are available, and happily they completely
790            drop the neq_ptr instruction as they're defined as always being the
791            original call/apply functions.
792
793         These restrictions are just intended to make it harder to accidentally
794         make changes that are incorrect (for instance calling whatever has been
795         assigned to global.Object, instead of the original constructor function).
796         However, making a mistake like this should result in a purely semantic
797         error as fundamentally these functions are treated as though they were
798         regular JS code in the host global, and have no more privileges than
799         any other JS.
800
801         The initial proof of concept is Array.prototype.every, this shows a 65%
802         performance improvement, and that improvement is significantly hurt by
803         our poor optimisation of op_in.
804
805         As this is such a limited function, we have not yet exported all symbols
806         that we could possibly need, but as we implement more, the likelihood
807         of encountering missing features will reduce.
808
809         This did require breaking out a JSStringInlines header, and required
810         fixing a few objects that were trying to using PropertyName::publicName
811         rather than PropertyName::uid.
812
813         * API/JSCallbackObjectFunctions.h:
814         (JSC::JSCallbackObject<Parent>::getOwnPropertySlot):
815         (JSC::JSCallbackObject<Parent>::put):
816         (JSC::JSCallbackObject<Parent>::deleteProperty):
817         (JSC::JSCallbackObject<Parent>::getStaticValue):
818         (JSC::JSCallbackObject<Parent>::staticFunctionGetter):
819         (JSC::JSCallbackObject<Parent>::callbackGetter):
820         * CMakeLists.txt:
821         * DerivedSources.make:
822         * GNUmakefile.list.am:
823         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
824         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
825         * JavaScriptCore.xcodeproj/project.pbxproj:
826         * builtins/Array.prototype.js:
827         (every):
828         * builtins/BuiltinExecutables.cpp: Added.
829         (JSC::BuiltinExecutables::BuiltinExecutables):
830         (JSC::BuiltinExecutables::createBuiltinExecutable):
831         * builtins/BuiltinExecutables.h:
832         (JSC::BuiltinExecutables::create):
833         * bytecode/CodeBlock.cpp:
834         (JSC::CodeBlock::CodeBlock):
835         * bytecode/CodeBlock.h:
836         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
837         * bytecode/UnlinkedCodeBlock.cpp:
838         (JSC::generateFunctionCodeBlock):
839         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
840         (JSC::UnlinkedFunctionExecutable::codeBlockFor):
841         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
842         * bytecode/UnlinkedCodeBlock.h:
843         (JSC::ExecutableInfo::ExecutableInfo):
844         (JSC::UnlinkedFunctionExecutable::create):
845         (JSC::UnlinkedFunctionExecutable::toStrictness):
846         (JSC::UnlinkedFunctionExecutable::isBuiltinFunction):
847         (JSC::UnlinkedCodeBlock::isBuiltinFunction):
848         * bytecompiler/BytecodeGenerator.cpp:
849         (JSC::BytecodeGenerator::BytecodeGenerator):
850         * bytecompiler/BytecodeGenerator.h:
851         (JSC::BytecodeGenerator::isBuiltinFunction):
852         (JSC::BytecodeGenerator::makeFunction):
853         * bytecompiler/NodesCodegen.cpp:
854         (JSC::CallFunctionCallDotNode::emitBytecode):
855         (JSC::ApplyFunctionCallDotNode::emitBytecode):
856         * create_hash_table:
857         * dfg/DFGOperations.cpp:
858         * generate-js-builtins: Added.
859         (getCopyright):
860         (getFunctions):
861         (generateCode):
862         (mangleName):
863         (FunctionExecutable):
864         (Identifier):
865         (JSGlobalObject):
866         (SourceCode):
867         (UnlinkedFunctionExecutable):
868         (VM):
869         * interpreter/Interpreter.cpp:
870         * interpreter/ProtoCallFrame.cpp:
871         * jit/JITOpcodes.cpp:
872         * jit/JITOpcodes32_64.cpp:
873         * jit/JITOperations.cpp:
874         * jit/JITPropertyAccess.cpp:
875         * jit/JITPropertyAccess32_64.cpp:
876         * jsc.cpp:
877         * llint/LLIntSlowPaths.cpp:
878         * parser/ASTBuilder.h:
879         (JSC::ASTBuilder::makeFunctionCallNode):
880         * parser/Lexer.cpp:
881         (JSC::Lexer<T>::Lexer):
882         (JSC::isSafeIdentifier):
883         (JSC::Lexer<LChar>::parseIdentifier):
884         (JSC::Lexer<UChar>::parseIdentifier):
885         (JSC::Lexer<T>::lex):
886         * parser/Lexer.h:
887         (JSC::isSafeIdentifier):
888         (JSC::Lexer<T>::lexExpectIdentifier):
889         * parser/Nodes.cpp:
890         (JSC::ProgramNode::setClosedVariables):
891         * parser/Nodes.h:
892         (JSC::ScopeNode::capturedVariables):
893         (JSC::ScopeNode::setClosedVariables):
894         (JSC::ProgramNode::closedVariables):
895         * parser/Parser.cpp:
896         (JSC::Parser<LexerType>::Parser):
897         (JSC::Parser<LexerType>::parseInner):
898         (JSC::Parser<LexerType>::didFinishParsing):
899         (JSC::Parser<LexerType>::printUnexpectedTokenText):
900         * parser/Parser.h:
901         (JSC::Scope::getUsedVariables):
902         (JSC::Parser::closedVariables):
903         (JSC::parse):
904         * parser/ParserModes.h:
905         * parser/ParserTokens.h:
906         * runtime/ArgList.cpp:
907         * runtime/Arguments.cpp:
908         * runtime/Arguments.h:
909         * runtime/ArgumentsIteratorConstructor.cpp:
910         * runtime/ArgumentsIteratorPrototype.cpp:
911         * runtime/ArrayPrototype.cpp:
912         * runtime/CodeCache.cpp:
913         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
914         * runtime/CommonIdentifiers.cpp:
915         (JSC::CommonIdentifiers::CommonIdentifiers):
916         (JSC::CommonIdentifiers::getPrivateName):
917         (JSC::CommonIdentifiers::getPublicName):
918         * runtime/CommonIdentifiers.h:
919         * runtime/CommonSlowPaths.cpp:
920         * runtime/CommonSlowPathsExceptions.cpp:
921         * runtime/ExceptionHelpers.cpp:
922         (JSC::createUndefinedVariableError):
923         * runtime/Executable.h:
924         (JSC::EvalExecutable::executableInfo):
925         (JSC::ProgramExecutable::executableInfo):
926         (JSC::FunctionExecutable::isBuiltinFunction):
927         * runtime/FunctionPrototype.cpp:
928         (JSC::functionProtoFuncToString):
929         * runtime/JSActivation.cpp:
930         (JSC::JSActivation::symbolTableGet):
931         (JSC::JSActivation::symbolTablePut):
932         (JSC::JSActivation::symbolTablePutWithAttributes):
933         * runtime/JSArgumentsIterator.cpp:
934         * runtime/JSArray.cpp:
935         * runtime/JSArrayIterator.cpp:
936         * runtime/JSCJSValue.cpp:
937         * runtime/JSCellInlines.h:
938         * runtime/JSFunction.cpp:
939         (JSC::JSFunction::createBuiltinFunction):
940         (JSC::JSFunction::calculatedDisplayName):
941         (JSC::JSFunction::sourceCode):
942         (JSC::JSFunction::isHostOrBuiltinFunction):
943         (JSC::JSFunction::isBuiltinFunction):
944         (JSC::JSFunction::callerGetter):
945         (JSC::JSFunction::getOwnPropertySlot):
946         (JSC::JSFunction::getOwnNonIndexPropertyNames):
947         (JSC::JSFunction::put):
948         (JSC::JSFunction::defineOwnProperty):
949         * runtime/JSFunction.h:
950         * runtime/JSGenericTypedArrayViewConstructorInlines.h:
951         * runtime/JSGenericTypedArrayViewInlines.h:
952         * runtime/JSGenericTypedArrayViewPrototypeInlines.h:
953         * runtime/JSGlobalObject.cpp:
954         (JSC::JSGlobalObject::reset):
955         (JSC::JSGlobalObject::visitChildren):
956         * runtime/JSGlobalObject.h:
957         (JSC::JSGlobalObject::objectConstructor):
958         (JSC::JSGlobalObject::symbolTableHasProperty):
959         * runtime/JSObject.cpp:
960         (JSC::getClassPropertyNames):
961         (JSC::JSObject::reifyStaticFunctionsForDelete):
962         (JSC::JSObject::putDirectBuiltinFunction):
963         * runtime/JSObject.h:
964         * runtime/JSPropertyNameIterator.cpp:
965         * runtime/JSPropertyNameIterator.h:
966         * runtime/JSString.h:
967         * runtime/JSStringInlines.h: Added.
968         (JSC::JSString::getStringPropertySlot):
969         (JSC::inlineJSValueNotStringtoString):
970         (JSC::JSValue::toWTFStringInline):
971         * runtime/JSSymbolTableObject.cpp:
972         (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
973            Don't report private names.
974         * runtime/JSSymbolTableObject.h:
975         (JSC::symbolTableGet):
976         (JSC::symbolTablePut):
977         (JSC::symbolTablePutWithAttributes):
978         * runtime/Lookup.cpp:
979         (JSC::setUpStaticFunctionSlot):
980         * runtime/Lookup.h:
981         (JSC::HashEntry::builtinGenerator):
982         (JSC::HashEntry::propertyGetter):
983         (JSC::HashEntry::propertyPutter):
984         (JSC::HashTable::entry):
985         (JSC::getStaticPropertySlot):
986         (JSC::getStaticValueSlot):
987         (JSC::putEntry):
988         * runtime/NativeErrorConstructor.cpp:
989         (JSC::NativeErrorConstructor::finishCreation):
990         * runtime/NativeErrorConstructor.h:
991         * runtime/PropertySlot.h:
992         * runtime/RegExpPrototype.cpp:
993         * runtime/SetConstructor.cpp:
994         * runtime/StringObject.cpp:
995         * runtime/Structure.cpp:
996         * runtime/VM.cpp:
997         (JSC::VM::VM):
998         * runtime/VM.h:
999         (JSC::VM::builtinExecutables):
1000
1001 2014-01-31  Gabor Rapcsanyi  <rgabor@webkit.org>
1002
1003         Fix the ARM Thumb2 build after jsCStack branch merge
1004         https://bugs.webkit.org/show_bug.cgi?id=127903
1005
1006         Reviewed by Michael Saboff.
1007
1008         SP register cannot be used as a destination register of SUB or ADD on Thumb mode.
1009
1010         * llint/LowLevelInterpreter.asm:
1011         * llint/LowLevelInterpreter32_64.asm:
1012
1013 2014-01-31  Julien Brianceau  <jbriance@cisco.com>
1014
1015         [arm] Add missing pushPair/popPair implementations in MacroAssemblerARM.h
1016         https://bugs.webkit.org/show_bug.cgi?id=127904
1017
1018         Reviewed by Zoltan Herczeg.
1019
1020         * assembler/MacroAssemblerARM.h:
1021         (JSC::MacroAssemblerARM::popPair):
1022         (JSC::MacroAssemblerARM::pushPair):
1023
1024 2014-01-30  Martin Robinson  <mrobinson@igalia.com>
1025
1026         [GTK] [CMake] Add support for building against GTK+ 2
1027         https://bugs.webkit.org/show_bug.cgi?id=127959
1028
1029         Reviewed by Anders Carlsson.
1030
1031         * PlatformGTK.cmake: Use the new API version variable and don't use GTK3 directly.
1032
1033 2014-01-30  Andreas Kling  <akling@apple.com>
1034
1035         CodeBlock's cloned SymbolTables only need the captured names.
1036         <https://webkit.org/b/127978>
1037
1038         Renamed SymbolTable::clone() to SymbolTable::cloneCapturedNames()
1039         and make it skip over any symbols that aren't captured, since those
1040         won't be needed after codegen.
1041
1042         This is a first step towards getting rid of redundant symbol tables.
1043
1044         Reviewed by Geoffrey Garen.
1045
1046         * bytecode/CodeBlock.cpp:
1047         (JSC::CodeBlock::CodeBlock):
1048         * runtime/SymbolTable.cpp:
1049         (JSC::SymbolTable::cloneCapturedNames):
1050         * runtime/SymbolTable.h:
1051
1052 2014-01-28  Timothy Hatcher  <timothy@apple.com>
1053
1054         Add column number and call timing support to LegacyProfiler.
1055
1056         https://bugs.webkit.org/show_bug.cgi?id=127764
1057
1058         Reviewed by Joseph Pecoraro.
1059
1060         * interpreter/Interpreter.cpp:
1061         (JSC::Interpreter::execute):
1062         * profiler/CallIdentifier.h:
1063         (JSC::CallIdentifier::CallIdentifier):
1064         (JSC::CallIdentifier::functionName):
1065         (JSC::CallIdentifier::url):
1066         (JSC::CallIdentifier::lineNumber):
1067         (JSC::CallIdentifier::columnNumber):
1068         (JSC::CallIdentifier::operator==):
1069         (JSC::CallIdentifier::operator!=):
1070         (JSC::CallIdentifier::Hash::hash):
1071         (WTF::HashTraits<JSC::CallIdentifier>::constructDeletedValue):
1072         (WTF::HashTraits<JSC::CallIdentifier>::isDeletedValue):
1073         * profiler/LegacyProfiler.cpp:
1074         (JSC::LegacyProfiler::willExecute):
1075         (JSC::LegacyProfiler::didExecute):
1076         (JSC::LegacyProfiler::exceptionUnwind):
1077         (JSC::LegacyProfiler::createCallIdentifier):
1078         (JSC::createCallIdentifierFromFunctionImp):
1079         * profiler/LegacyProfiler.h:
1080         * profiler/Profile.cpp:
1081         (JSC::Profile::Profile):
1082         * profiler/Profile.h:
1083         (JSC::Profile::uid):
1084         (JSC::Profile::idleTime):
1085         (JSC::Profile::setIdleTime):
1086         * profiler/ProfileGenerator.cpp:
1087         (JSC::AddParentForConsoleStartFunctor::operator()):
1088         (JSC::ProfileGenerator::addParentForConsoleStart):
1089         (JSC::ProfileGenerator::willExecute):
1090         (JSC::ProfileGenerator::didExecute):
1091         (JSC::ProfileGenerator::stopProfiling):
1092         (JSC::ProfileGenerator::removeProfileStart):
1093         (JSC::ProfileGenerator::removeProfileEnd):
1094         * profiler/ProfileNode.cpp:
1095         (JSC::ProfileNode::ProfileNode):
1096         (JSC::ProfileNode::stopProfiling):
1097         (JSC::ProfileNode::endAndRecordCall):
1098         (JSC::ProfileNode::startTimer):
1099         (JSC::ProfileNode::debugPrintData):
1100         * profiler/ProfileNode.h:
1101         (JSC::ProfileNode::Call::Call):
1102         (JSC::ProfileNode::Call::startTime):
1103         (JSC::ProfileNode::Call::setStartTime):
1104         (JSC::ProfileNode::Call::totalTime):
1105         (JSC::ProfileNode::Call::setTotalTime):
1106         (JSC::ProfileNode::id):
1107         (JSC::ProfileNode::functionName):
1108         (JSC::ProfileNode::url):
1109         (JSC::ProfileNode::lineNumber):
1110         (JSC::ProfileNode::columnNumber):
1111         (JSC::ProfileNode::calls):
1112         (JSC::ProfileNode::lastCall):
1113         (JSC::ProfileNode::numberOfCalls):
1114
1115 2014-01-26  Timothy Hatcher  <timothy@apple.com>
1116
1117         Include profile with FunctionCall and EvaluateScript Timeline records.
1118
1119         https://bugs.webkit.org/show_bug.cgi?id=127663
1120
1121         Reviewed by Joseph Pecoraro.
1122
1123         * inspector/InjectedScriptBase.cpp:
1124         (Inspector::InjectedScriptBase::callFunctionWithEvalEnabled):
1125         * inspector/InspectorEnvironment.h:
1126         * inspector/JSGlobalObjectInspectorController.h:
1127
1128 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1129
1130         FTL should support GetById(Untyped:)
1131         https://bugs.webkit.org/show_bug.cgi?id=127750
1132
1133         Reviewed by Oliver Hunt.
1134         
1135         This was supposed to be easy. Indeed, the actual GetById UntypedUse case was easy. But
1136         then it expanded coverage by a lot and I got to deal with three bugs. So, this has
1137         some additional changes:
1138         
1139         Also make it safe for LLVM to duplicate calls to patchpoints and stackmaps. Previously
1140         we incorrectly assumed that if we emitted a patchpoint, then there would only be one
1141         copy of that patchpoint (with that ID) in the resulting machine code and in the
1142         stackmaps section. That's obviously a bad assumption - LLVM is allowed to do anything
1143         it wants so long as the outcome of executing the code has a semantically equivalent
1144         meaning to the IR we gave it, and duplicating code is trivially OK under this rule. We
1145         should be OK with it, too. The solution is to add Vectors in a bunch of places that
1146         previously just thought they only had one value. For example, an InlineCacheDescriptor
1147         now has a Vector of generators - one generator for each copy that LLVM stamped out.
1148         Normally there will only be one copy, of course - since duplication is usually
1149         unprofitable. But, if LLVM decides that copying would be groovy then we will no longer
1150         barf.
1151         
1152         Also fix SSA conversion. It turns out that we mishandled the case where a block had
1153         multiple Phi functions for the same local. If any of those CPS Phis fail to trivialize
1154         in the Aycock-Horspool fixpoint, we need to insert an SSA Phi. Previously, it was
1155         assuming that so long as the head CPS Phi was trivial, we could forego SSA Phi
1156         insertion. That's wrong if the head CPS Phi trivialized but ended up pointing to a
1157         non-trivial CPS Phi in the same block. This madness with trees of Phis occurs because
1158         we try to save on compile times: no Phi ever has more than three children even if the
1159         block has more than three predecessors; we just build out a tree of Phis to satisfy
1160         all predecessors. So weird.
1161         
1162         And finally, fix DFG->FTL OSR entry's reconstruction of 'this' in a constructor. That
1163         reconstruction code, JITCode::reconstruct(), had a work-around for the case where we
1164         were entering into a constructor at the prologue. In that case, 'this' is definitely
1165         unavailable. But the OSR code does reconstructions at LoopHints, which aren't at the
1166         prologue, and so 'this' should totally be available.
1167
1168         * dfg/DFGGraph.cpp:
1169         (JSC::DFG::Graph::dump):
1170         * dfg/DFGJITCode.cpp:
1171         (JSC::DFG::JITCode::reconstruct):
1172         * dfg/DFGNode.h:
1173         (JSC::DFG::Node::tryGetVariableAccessData):
1174         * dfg/DFGSSAConversionPhase.cpp:
1175         (JSC::DFG::SSAConversionPhase::run):
1176         * ftl/FTLCapabilities.cpp:
1177         (JSC::FTL::canCompile):
1178         * ftl/FTLCompile.cpp:
1179         (JSC::FTL::generateICFastPath):
1180         (JSC::FTL::fixFunctionBasedOnStackMaps):
1181         * ftl/FTLInlineCacheDescriptor.h:
1182         * ftl/FTLJITFinalizer.cpp:
1183         (JSC::FTL::JITFinalizer::codeSize):
1184         * ftl/FTLJSCall.cpp:
1185         (JSC::FTL::JSCall::JSCall):
1186         * ftl/FTLJSCall.h:
1187         * ftl/FTLLowerDFGToLLVM.cpp:
1188         (JSC::FTL::LowerDFGToLLVM::compileGetById):
1189         (JSC::FTL::LowerDFGToLLVM::getById):
1190         * ftl/FTLOSREntry.cpp:
1191         (JSC::FTL::prepareOSREntry):
1192         * ftl/FTLStackMaps.cpp:
1193         (JSC::FTL::StackMaps::getRecordMap):
1194         * ftl/FTLStackMaps.h:
1195         * tests/stress/get-by-id-untyped.js: Added.
1196         (foo):
1197
1198 2014-01-30  Geoffrey Garen  <ggaren@apple.com>
1199
1200         Part 2: REGRESSION: JavascriptCore crash during OS Installation (due to
1201         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1202         https://bugs.webkit.org/show_bug.cgi?id=127950
1203
1204         Reviewed by Mark Hahnenberg.
1205
1206         Scope the APICallbackShim to make sure that we re-acquire the lock
1207         before putting the heap back into the "unsafe to allocate" state.
1208         Otherwise, the heap will seem to be in the "unsafe to allocate" state
1209         during any GC that happens before we re-acquire the lock.
1210
1211         No regression test because threads.
1212
1213         * heap/DelayedReleaseScope.h:
1214         (JSC::DelayedReleaseScope::~DelayedReleaseScope):
1215
1216 2014-01-30  Filip Pizlo  <fpizlo@apple.com>
1217
1218         Update FTL StackMaps parser to stackSize change
1219         https://bugs.webkit.org/show_bug.cgi?id=127933
1220
1221         Reviewed by Oliver Hunt.
1222
1223         * ftl/FTLStackMaps.cpp:
1224         (JSC::FTL::StackMaps::parse):
1225
1226 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1227
1228         [GTK] Only disable -ftree-dce optimization when compiling with GCC
1229         https://bugs.webkit.org/show_bug.cgi?id=127911
1230
1231         Reviewed by Carlos Garcia Campos.
1232
1233         * GNUmakefile.am: Only disable the -ftree-dce optimization when using the GCC compiler.
1234         Some Clang versions/configurations don't support the flag.
1235
1236 2014-01-30  Zan Dobersek  <zdobersek@igalia.com>
1237
1238         [GTK] Disable optimizations for JSC that turned out malignant after jsCStack branch merge
1239         https://bugs.webkit.org/show_bug.cgi?id=127909
1240
1241         Reviewed by Carlos Garcia Campos.
1242
1243         * GNUmakefile.am: Disable the -fomit-frame-pointer optimization to achieve proper register usage
1244         in operationCallEval. Disable the -ftree-dce optimization since it is causing additional failures
1245         when using GCC 4.8, possibly due to a bug in the compiler itself.
1246
1247 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1248
1249         Remove ENABLE(JAVASCRIPT_DEBUGGER) leftovers
1250         https://bugs.webkit.org/show_bug.cgi?id=127845
1251
1252         Reviewed by Joseph Pecoraro.
1253
1254         * Configurations/FeatureDefines.xcconfig:
1255
1256 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1257
1258         Web Inspector: Play Breakpoint Sound in Frontend
1259         https://bugs.webkit.org/show_bug.cgi?id=127885
1260
1261         Reviewed by Timothy Hatcher.
1262
1263         * inspector/ScriptDebugListener.h:
1264         * inspector/ScriptDebugServer.cpp:
1265         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
1266         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
1267         * inspector/ScriptDebugServer.h:
1268         Pass the breakpoint action identifier through when the
1269         sound breakpoint action is triggered.
1270
1271         * inspector/protocol/Debugger.json:
1272         New "playBreakpointActionSound" event when a "sound" breakpoint action triggers.
1273
1274         * inspector/agents/InspectorDebuggerAgent.h:
1275         * inspector/agents/InspectorDebuggerAgent.cpp:
1276         (Inspector::InspectorDebuggerAgent::breakpointActionSound):
1277         Send the new event so the frontend can handle it.
1278
1279 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1280
1281         Merge final changesets from the jsCStack branch (r162969, r162975, r162992, r163004, r163069).
1282
1283     2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1284     
1285             DFG ArrayPop double array mishandles the NaN hole installation
1286             https://bugs.webkit.org/show_bug.cgi?id=127813
1287     
1288             Reviewed by Mark Rowe.
1289             
1290             Our object model for arrays inferred double dictates that we use quiet NaN (QNaN) to
1291             mark holes. Holes, in this context, are any entries in the allocated array buffer
1292             (i.e. from index 0 up to the vectorLength) that don't currently hold a value. Popping
1293             creates a hole, since it deletes the value at publicLength - 1.
1294             
1295             But, because of some sloppy copy-and-paste, we were storing (int64_t)0 when creating
1296             the hole, instead of storing QNaN. That's likely because for other kinds of arrays,
1297             64-bit zero is the hole marker, instead of QNaN.
1298             
1299             The attached test case illustrates the problem. In the LLInt and Baseline JIT, the
1300             result returned from foo() is "1.5,2.5,,4.5", since array.pop() removes 3.5 and
1301             replaces it with a hole and then the assignment "array[3] = 4.5" creates an element
1302             just beyond that hole. But, once we tier-up to the DFG, the result previously became
1303             "1.5,2.5,0,4.5", which is wrong. The 0 appeared because the IEEE double
1304             interpretation of 64-bit zero is simply zero.
1305             
1306             This patch fixes that problem. Now the DFG agrees with the other engines.
1307             
1308             This patch also fixes style. For some reason that copy-pasted code wasn't even
1309             indented correctly.
1310     
1311             * dfg/DFGSpeculativeJIT64.cpp:
1312             (JSC::DFG::SpeculativeJIT::compile):
1313             * tests/stress/array-pop-double-hole.js: Added.
1314             (foo):
1315     
1316     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1317     
1318             FTL should support ArrayPush
1319             https://bugs.webkit.org/show_bug.cgi?id=127748
1320     
1321             Not reviewed, remove some debug code.
1322     
1323             * ftl/FTLLowerDFGToLLVM.cpp:
1324             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1325     
1326     2014-01-27  Filip Pizlo  <fpizlo@apple.com>
1327     
1328             FTL should support ArrayPush
1329             https://bugs.webkit.org/show_bug.cgi?id=127748
1330     
1331             Reviewed by Oliver Hunt.
1332     
1333             * ftl/FTLAbstractHeapRepository.h:
1334             (JSC::FTL::AbstractHeapRepository::forArrayType):
1335             * ftl/FTLCapabilities.cpp:
1336             (JSC::FTL::canCompile):
1337             * ftl/FTLIntrinsicRepository.h:
1338             * ftl/FTLLowerDFGToLLVM.cpp:
1339             (JSC::FTL::LowerDFGToLLVM::compileNode):
1340             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1341             * tests/stress/array-push-contiguous.js: Added.
1342             (foo):
1343             * tests/stress/array-push-double.js: Added.
1344             (foo):
1345     
1346     2014-01-28  Filip Pizlo  <fpizlo@apple.com>
1347     
1348             FTL should support ArrayPop
1349             https://bugs.webkit.org/show_bug.cgi?id=127749
1350     
1351             Reviewed by Geoffrey Garen.
1352     
1353             * ftl/FTLCapabilities.cpp:
1354             (JSC::FTL::canCompile):
1355             * ftl/FTLIntrinsicRepository.h:
1356             * ftl/FTLLowerDFGToLLVM.cpp:
1357             (JSC::FTL::LowerDFGToLLVM::compileNode):
1358             (JSC::FTL::LowerDFGToLLVM::compileArrayPush):
1359             (JSC::FTL::LowerDFGToLLVM::compileArrayPop):
1360             * tests/stress/array-pop-contiguous.js: Added.
1361             (foo):
1362             * tests/stress/array-pop-double.js: Added.
1363             (foo):
1364             * tests/stress/array-pop-int32.js: Added.
1365             (foo):
1366     
1367 2014-01-29  Filip Pizlo  <fpizlo@apple.com>
1368
1369         DFG::ByteCodeParser::m_dfgCodeBlock is sometimes uninitialized
1370         <rdar://problem/15939032>
1371
1372         Reviewed by Dan Bernstein.
1373
1374         * dfg/DFGByteCodeParser.cpp:
1375         (JSC::DFG::ByteCodeParser::parse):
1376
1377 2014-01-29  Geoffrey Garen  <ggaren@apple.com>
1378
1379         50% time on Dromaeo Selector * benchmark spent allocating oversized backing stores (but not in Chrome)
1380         https://bugs.webkit.org/show_bug.cgi?id=127879
1381
1382         Reviewed by Gavin Barraclough.
1383
1384         Let's not dynamically resize an array whose size is statically known,
1385         mmmkay?
1386
1387         * runtime/ArrayPrototype.cpp:
1388         (JSC::arrayProtoFuncConcat): Use nullptr to disambiguate vs the numeric
1389         argument.
1390
1391         (JSC::arrayProtoFuncSlice): The fix.
1392
1393         (JSC::arrayProtoFuncSort):
1394         (JSC::arrayProtoFuncSplice):
1395         (JSC::arrayProtoFuncFilter):
1396         (JSC::arrayProtoFuncMap): Use nullptr.
1397
1398 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1399
1400         Web Inspector: Run JSC Inspector EventLoop in a custom run loop mode to prevent default observers from running
1401         https://bugs.webkit.org/show_bug.cgi?id=127865
1402
1403         Reviewed by Geoffrey Garen.
1404
1405         When hitting a breakpoint in a JSContext Inspector we want to entirely
1406         pause the process and all access to the JSContext and only move forward
1407         based on debugger commands. Having the nested run loop run in a default
1408         mode allowed NSTimers scheduled on the thread to regularly run and
1409         evaluate code in the JSContext. Using a custom run loop mode gets us
1410         a bit closer to locking down the context. This doesn't handle scenarios
1411         where background threads also access the JSContext, but it handles the
1412         most common scenario.
1413
1414         * inspector/EventLoop.cpp:
1415         (Inspector::EventLoop::cycle):
1416
1417 2014-01-29  Joseph Pecoraro  <pecoraro@apple.com>
1418
1419         Web Inspector: Deadlock hitting breakpoint while inspecting JSContext
1420         https://bugs.webkit.org/show_bug.cgi?id=127864
1421
1422         Reviewed by Geoffrey Garen.
1423
1424         Temporarily drop the lock while we run the nested runloop.
1425
1426         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1427         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1428
1429 2014-01-28  Oliver Hunt  <oliver@apple.com>
1430
1431         Make DOM attributes appear to be faux accessor properties
1432         https://bugs.webkit.org/show_bug.cgi?id=127797
1433
1434         Reviewed by Michael Saboff.
1435
1436         Add flag so we can identify which properties should have the old
1437         custom property semantics vs. the new faux accessors. Update the
1438         inspector protocol accordingly.
1439
1440         These faux accessors produce descriptors with "get" and "set"
1441         properties, but both values are undefined so can't be used
1442         directly. A few custom properties actually require their
1443         existing magical behaviour, so we now have a flag to 
1444         distinguish the expected output.
1445
1446         * inspector/InjectedScriptSource.js:
1447         (.):
1448         * runtime/JSObject.cpp:
1449         (JSC::JSObject::getOwnPropertyDescriptor):
1450         * runtime/PropertyDescriptor.cpp:
1451         (JSC::PropertyDescriptor::setCustomDescriptor):
1452         * runtime/PropertyDescriptor.h:
1453         * runtime/PropertySlot.h:
1454
1455 2014-01-29  Beth Dakin  <bdakin@apple.com>
1456
1457         Build fix.
1458
1459         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp:
1460         * llint/LowLevelInterpreter.cpp:
1461
1462 2014-01-29  Dan Bernstein  <mitz@apple.com>
1463
1464         Build fix.
1465
1466         * bytecode/ProfiledCodeBlockJettisoningWatchpoint.cpp: Added a newline at the end of the
1467         file.
1468
1469 2014-01-28  Michael Saboff  <msaboff@apple.com>
1470
1471         Merge the jsCStack branch
1472         https://bugs.webkit.org/show_bug.cgi?id=127763
1473
1474         Reviewed by Mark Hahnenberg.
1475
1476         Changes from http://svn.webkit.org/repository/webkit/branches/jsCStack
1477         up to changeset 162958.
1478
1479 2014-01-29  Csaba Osztrogonác  <ossy@webkit.org>
1480
1481         Remove ENABLE(JAVASCRIPT_DEBUGGER) guards
1482         https://bugs.webkit.org/show_bug.cgi?id=127840
1483
1484         Reviewed by Mark Lam.
1485
1486         * inspector/scripts/CodeGeneratorInspector.py:
1487
1488 2014-01-28  Commit Queue  <commit-queue@webkit.org>
1489
1490         Unreviewed, rolling out r162987.
1491         http://trac.webkit.org/changeset/162987
1492         https://bugs.webkit.org/show_bug.cgi?id=127825
1493
1494         Broke Mountain Lion build (Requested by andersca on #webkit).
1495
1496         * inspector/InjectedScriptSource.js:
1497         (.):
1498         * runtime/JSObject.cpp:
1499         (JSC::JSObject::getOwnPropertyDescriptor):
1500         * runtime/PropertyDescriptor.cpp:
1501         * runtime/PropertyDescriptor.h:
1502         * runtime/PropertySlot.h:
1503
1504 2014-01-28  Oliver Hunt  <oliver@apple.com>
1505
1506         Make DOM attributes appear to be faux accessor properties
1507         https://bugs.webkit.org/show_bug.cgi?id=127797
1508
1509         Reviewed by Michael Saboff.
1510
1511         Add flag so we can identify which properties should have the old
1512         custom property semantics vs. the new faux accessors. Update the
1513         inspector protocol accordingly.
1514
1515         These faux accessors produce descriptors with "get" and "set"
1516         properties, but both values are undefined so can't be used
1517         directly. A few custom properties actually require their
1518         existing magical behaviour, so we now have a flag to 
1519         distinguish the expected output.
1520
1521         * inspector/InjectedScriptSource.js:
1522         (.):
1523         * runtime/JSObject.cpp:
1524         (JSC::JSObject::getOwnPropertyDescriptor):
1525         * runtime/PropertyDescriptor.cpp:
1526         (JSC::PropertyDescriptor::setCustomDescriptor):
1527         * runtime/PropertyDescriptor.h:
1528         * runtime/PropertySlot.h:
1529
1530 2014-01-28  Mark Lam  <mark.lam@apple.com>
1531
1532         Remove some unneeded debugger code.
1533         https://bugs.webkit.org/show_bug.cgi?id=127805.
1534
1535         Reviewed by Oliver Hunt.
1536
1537         JSC will now always support the debugger. Hence, the #if ENABLE(JAVASCRIPT_DEBUGGER)
1538         checks can be removed.
1539
1540         DebuggerCallFrame::callFrame() is also unused and will be removed.
1541
1542         * debugger/Breakpoint.h:
1543         * debugger/Debugger.cpp:
1544         * debugger/DebuggerCallFrame.h:
1545         * inspector/InjectedScript.cpp:
1546         (Inspector::InjectedScript::wrapCallFrames):
1547         * inspector/InjectedScript.h:
1548         * inspector/JSGlobalObjectScriptDebugServer.cpp:
1549         * inspector/JSGlobalObjectScriptDebugServer.h:
1550         * inspector/JSJavaScriptCallFrame.cpp:
1551         * inspector/JSJavaScriptCallFrame.h:
1552         * inspector/JSJavaScriptCallFramePrototype.cpp:
1553         * inspector/JSJavaScriptCallFramePrototype.h:
1554         * inspector/JavaScriptCallFrame.cpp:
1555         * inspector/JavaScriptCallFrame.h:
1556         * inspector/ScriptDebugListener.h:
1557         * inspector/ScriptDebugServer.cpp:
1558         * inspector/ScriptDebugServer.h:
1559         * inspector/agents/InspectorDebuggerAgent.cpp:
1560         * inspector/agents/InspectorDebuggerAgent.h:
1561         * inspector/agents/InspectorRuntimeAgent.cpp:
1562         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
1563         (Inspector::setPauseOnExceptionsState):
1564         (Inspector::InspectorRuntimeAgent::evaluate):
1565         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1566         (Inspector::InspectorRuntimeAgent::getProperties):
1567         * inspector/agents/InspectorRuntimeAgent.h:
1568
1569 2014-01-28  Geoffrey Garen  <ggaren@apple.com>
1570
1571         REGRESSION: JavascriptCore crash during OS Installation (due to
1572         Heap::m_operationInProgress ASSERT vs DelayedReleaseScope)
1573         https://bugs.webkit.org/show_bug.cgi?id=127793
1574
1575         Reviewed by Mark Hahnenberg.
1576
1577         This was a mistaken ASSERT.
1578
1579         * API/tests/testapi.mm:
1580         (-[EvilAllocationObject doEvilThingsWithContext:]): Added a test to verify
1581         that GC from a DelayedReleaseScope doesn't crash.
1582
1583         * heap/DelayedReleaseScope.h:
1584         (JSC::DelayedReleaseScope::~DelayedReleaseScope): Our contract is that
1585         it is valid to do anything while running a DelayedReleaseScope -dealloc
1586         method, so the Heap must be ready for new allocations and collections.
1587
1588         Change the Heap's operationInProgress value to NoOperation while running
1589         -dealloc methods, so that it doesn't ASSERT in the face of new allocations
1590         and collections.
1591
1592         * heap/Heap.h: Made DelayedReleaseScope a friend because exposing a setter
1593         for m_operationInProgress seemed like the worse of the two options for
1594         encapsulation: we don't really want arbitrary clients to set the Heap's
1595         m_operationInProgress.
1596
1597 2014-01-28  Mark Lam  <mark.lam@apple.com>
1598
1599         Jettison DFG code when neither breakpoints or the profiler are active.
1600         <https://webkit.org/b/127766>
1601
1602         Reviewed by Geoffrey Garen.
1603
1604         We need to jettison the DFG CodeBlocks under the following circumstances:
1605         1. When adding breakpoints to a CodeBlock, jettison it if it is a DFG CodeBlock.
1606         2. When enabling stepping mode in a CodeBlock, jettison it if it a DFG CodeBlock.
1607         3. When settign the enabled profiler in the VM, we need to jettison all DFG
1608            CodeBlocks.
1609
1610         Instead of emitting speculation checks, the DFG code will now treat Breakpoint,
1611         ProfileWillCall, and ProfileDidCall as no-ops similar to a Phantom node. We
1612         still need to track these nodes so that they match the corresponding opcodes
1613         in the baseline JIT when we jettison and OSR exit. Without them, we would OSR
1614         exit to the wrong location in the baseline JIT code.
1615
1616         In DFGDriver's compileImpl() and DFGPlan's finalizeWithoutNotifyingCallback()
1617         we fail the compilation effort with a CompilationInvalidated result. This allows
1618         the DFG compiler to re-attampt the compilation of the function after some time
1619         if it is hot. The CompilationInvalidated result is supposed to cause the DFG
1620         to exercise an exponential back off before re-attempting compilation again
1621         (see runtime/CompilationResult.h).
1622
1623         This patch improves the Octane score from ~2950 to ~3067.
1624
1625         * bytecode/CodeBlock.cpp:
1626         (JSC::CodeBlock::addBreakpoint):
1627         (JSC::CodeBlock::setSteppingMode):
1628         * bytecode/CodeBlock.h:
1629         * debugger/Debugger.h:
1630         * dfg/DFGAbstractInterpreterInlines.h:
1631         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1632         * dfg/DFGClobberize.h:
1633         (JSC::DFG::clobberize):
1634         * dfg/DFGDriver.cpp:
1635         (JSC::DFG::compileImpl):
1636         * dfg/DFGPlan.cpp:
1637         (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
1638         * dfg/DFGSpeculativeJIT32_64.cpp:
1639         (JSC::DFG::SpeculativeJIT::compile):
1640         * dfg/DFGSpeculativeJIT64.cpp:
1641         (JSC::DFG::SpeculativeJIT::compile):
1642         * profiler/LegacyProfiler.cpp:
1643         (JSC::LegacyProfiler::startProfiling):
1644         (JSC::LegacyProfiler::stopProfiling):
1645         * runtime/VM.cpp:
1646         (JSC::VM::VM):
1647         (JSC::SetEnabledProfilerFunctor::operator()):
1648         (JSC::VM::setEnabledProfiler):
1649         * runtime/VM.h:
1650         (JSC::VM::enabledProfiler):
1651
1652 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1653
1654         -[JSContext evaluteScript:] calls JSEvaluteScript with startingLineNumber 0, later interpreted as a oneBasedInt
1655         https://bugs.webkit.org/show_bug.cgi?id=127648
1656
1657         Reviewed by Geoffrey Garen.
1658
1659         The actual bug being fixed here is that the line number for
1660         scripts evaluated via the JSC APIs is now sane. However,
1661         there is no good infrastructure in place right now to test that.
1662
1663         * API/tests/testapi.c:
1664         (main):
1665         * API/tests/testapi.mm:
1666         (testObjectiveCAPI):
1667         Add tests for exception line numbers and handling of bad
1668         startingLineNumbers in public APIs. These tests were already
1669         passing, I just add them to make sure they are not regressed
1670         in the future.
1671
1672         * API/JSBase.cpp:
1673         (JSEvaluateScript):
1674         (JSCheckScriptSyntax):
1675         * API/JSBase.h:
1676         * API/JSObjectRef.cpp:
1677         (JSObjectMakeFunction):
1678         * API/JSObjectRef.h:
1679         * API/JSScriptRef.cpp:
1680         * API/JSScriptRefPrivate.h:
1681         * API/JSStringRef.h:
1682         - Clarify documentation that startingLineNumber is 1 based and clamped.
1683         - Add clamping in the implementation to put sane values into JSC::SourceProvider.
1684
1685         * inspector/agents/InspectorDebuggerAgent.cpp:
1686         (Inspector::InspectorDebuggerAgent::didParseSource):
1687         Remove the FIXME now that the SourceProvider is giving us expected values.
1688
1689 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1690
1691         Web Inspector: CRASH when debugger closes remote inspecting JSContext
1692         https://bugs.webkit.org/show_bug.cgi?id=127738
1693
1694         Reviewed by Timothy Hatcher.
1695
1696         RemoteInspectorXPCConnection could be accessed in a background dispatch
1697         queue, while being deallocated on the main thread when a connection
1698         was suddenly terminated.
1699
1700         Make RemoteInspectorXPCConnection a ThreadSafeRefCounted object. Always
1701         keep the connection object ref'd until the main thread calls close()
1702         and removes its reference. At that point we can close the connection,
1703         queue, and deref safely on the background queue.
1704
1705         * inspector/remote/RemoteInspector.h:
1706         * inspector/remote/RemoteInspector.mm:
1707         (Inspector::RemoteInspector::setupXPCConnectionIfNeeded):
1708         (Inspector::RemoteInspector::xpcConnectionFailed):
1709         For simplicity RemoteInspectorXPCConnections's don't have any threading
1710         primatives to prevent client callbacks after they are closed. RemoteInspector
1711         does, so it just ignores possible callbacks from connections it no longer
1712         cares about.
1713
1714         * inspector/remote/RemoteInspectorXPCConnection.h:
1715         * inspector/remote/RemoteInspectorXPCConnection.mm:
1716         (Inspector::RemoteInspectorXPCConnection::RemoteInspectorXPCConnection):
1717         (Inspector::RemoteInspectorXPCConnection::~RemoteInspectorXPCConnection):
1718         (Inspector::RemoteInspectorXPCConnection::close):
1719         Keep the connection alive as long as the queue it can be used on
1720         is alive. Clean up everything on the queue when close() is called.
1721
1722         (Inspector::RemoteInspectorXPCConnection::handleEvent):
1723         Checking if closed here is not thread safe so it is meaningless.
1724         Remove the check.
1725
1726         (Inspector::RemoteInspectorXPCConnection::sendMessage):
1727         Bail based on the m_closed state.
1728
1729 2014-01-27  Joseph Pecoraro  <pecoraro@apple.com>
1730
1731         JavaScriptCore: Enable -Wimplicit-fallthrough and add FALLTHROUGH annotation where needed
1732         https://bugs.webkit.org/show_bug.cgi?id=127647
1733
1734         Reviewed by Anders Carlsson.
1735
1736         Explicitly annotate switch case fallthroughs in JavaScriptCore and
1737         enable warnings for unannotated fallthroughs.
1738
1739         * dfg/DFGArithMode.h:
1740         (doesOverflow):
1741         Only insert FALLTHROUGH in release builds. In debug builds, the
1742         FALLTHROUGH would be unreachable (due to the ASSERT_NOT_REACHED)
1743         and would through a warning.
1744
1745         * dfg/DFGSpeculativeJIT64.cpp:
1746         (JSC::DFG::SpeculativeJIT::fillSpeculateInt32Internal):
1747         (JSC::DFG::SpeculativeJIT::fillSpeculateInt52):
1748         Due to the templatized nature of this function, a fallthrough
1749         in one of the template expansions would be unreachable. Disable
1750         the warning for this function.
1751
1752         * Configurations/Base.xcconfig:
1753         * bytecode/CodeBlock.cpp:
1754         (JSC::CodeBlock::CodeBlock):
1755         * dfg/DFGCFGSimplificationPhase.cpp:
1756         (JSC::DFG::CFGSimplificationPhase::run):
1757         * dfg/DFGValidate.cpp:
1758         (JSC::DFG::Validate::validateCPS):
1759         * parser/Lexer.cpp:
1760         (JSC::Lexer<T>::lex):
1761         * parser/Parser.cpp:
1762         (JSC::Parser<LexerType>::parseStatement):
1763         (JSC::Parser<LexerType>::parseProperty):
1764         * runtime/JSArray.cpp:
1765         (JSC::JSArray::push):
1766         * runtime/JSONObject.cpp:
1767         (JSC::Walker::walk):
1768         * runtime/JSObject.cpp:
1769         (JSC::JSObject::putByIndex):
1770         (JSC::JSObject::putByIndexBeyondVectorLength):
1771         * runtime/JSObject.h:
1772         (JSC::JSObject::setIndexQuickly):
1773         (JSC::JSObject::initializeIndex):
1774         * runtime/LiteralParser.cpp:
1775         (JSC::LiteralParser<CharType>::parse):
1776         * yarr/YarrInterpreter.cpp:
1777         (JSC::Yarr::Interpreter::backtrackParenthesesOnceBegin):
1778         (JSC::Yarr::Interpreter::backtrackParenthesesOnceEnd):
1779         * yarr/YarrParser.h:
1780         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomPatternCharacter):
1781         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBuiltInCharacterClass):
1782         (JSC::Yarr::Parser::parseEscape):
1783         (JSC::Yarr::Parser::parseTokens):
1784
1785 2014-01-27  Andy Estes  <aestes@apple.com>
1786
1787         Scrub WebKit API headers of WTF macros
1788         https://bugs.webkit.org/show_bug.cgi?id=127706
1789
1790         Reviewed by David Kilzer.
1791
1792         * Configurations/FeatureDefines.xcconfig: Added ENABLE_INSPECTOR.
1793
1794 2014-01-27  Mark Lam  <mark.lam@apple.com>
1795
1796         Remove unused CodeBlock::createActivation().
1797         <https://webkit.org/b/127686>
1798
1799         Reviewed by Filip Pizlo.
1800
1801         * bytecode/CodeBlock.cpp:
1802         * bytecode/CodeBlock.h:
1803
1804 2014-01-26  Andreas Kling  <akling@apple.com>
1805
1806         JSC: Pack unlinked instructions harder.
1807         <https://webkit.org/b/127660>
1808
1809         Store UnlinkedCodeBlock's instructions in a variable-length stream
1810         to reduce memory usage. Compression rate ends up around 60-61%.
1811
1812         The format is very simple. Every instruction starts with a 1 byte
1813         opcode. It's followed by an opcode-dependent number of argument
1814         values, each encoded separately for maximum packing. There are
1815         7 packed value formats:
1816
1817             5-bit positive integer
1818             5-bit negative integer
1819             13-bit positive integer
1820             13-bit positive integer
1821             5-bit constant register index
1822             13-bit constant register index
1823             32-bit value (fallback)
1824
1825         27.5 MB progression on Membuster3. (~2% of total memory.)
1826
1827         Reviewed by Filip Pizlo.
1828
1829         * JavaScriptCore.xcodeproj/project.pbxproj:
1830         * bytecode/UnlinkedInstructionStream.h: Added.
1831         (JSC::UnlinkedInstructionStream::count):
1832         (JSC::UnlinkedInstructionStream::Reader::atEnd):
1833         * bytecode/UnlinkedInstructionStream.cpp: Added.
1834         (JSC::UnlinkedInstructionStream::Reader::Reader):
1835         (JSC::UnlinkedInstructionStream::Reader::read8):
1836         (JSC::UnlinkedInstructionStream::Reader::read32):
1837         (JSC::UnlinkedInstructionStream::Reader::next):
1838         (JSC::append8):
1839         (JSC::append32):
1840         (JSC::UnlinkedInstructionStream::UnlinkedInstructionStream):
1841         (JSC::UnlinkedInstructionStream::unpackForDebugging):
1842         * bytecompiler/BytecodeGenerator.cpp:
1843         * bytecode/CodeBlock.cpp:
1844         (JSC::CodeBlock::CodeBlock):
1845         * bytecode/UnlinkedCodeBlock.cpp:
1846         (JSC::UnlinkedCodeBlock::lineNumberForBytecodeOffset):
1847         (JSC::dumpLineColumnEntry):
1848         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
1849         (JSC::UnlinkedCodeBlock::setInstructions):
1850         (JSC::UnlinkedCodeBlock::instructions):
1851         * bytecode/UnlinkedCodeBlock.h:
1852         (JSC::BytecodeGenerator::generate):
1853
1854 2014-01-26  Joseph Pecoraro  <pecoraro@apple.com>
1855
1856         Web Inspector: Move InspectorDebuggerAgent into JavaScriptCore
1857         https://bugs.webkit.org/show_bug.cgi?id=127629
1858
1859         Rubber-stamped by Sam Weinig.
1860
1861         * CMakeLists.txt:
1862         * GNUmakefile.list.am:
1863         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1864         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1865         * JavaScriptCore.xcodeproj/project.pbxproj:
1866         - Add new files to the build.
1867         - Also, since non REMOTE_INSPECTOR ports cannot yet connect to a
1868           JSGlobalObject for inspection remove those files as they don't
1869           need to be built.
1870
1871         * inspector/EventLoop.cpp: Added.
1872         (Inspector::EventLoop::cycle):
1873         * inspector/EventLoop.h: Added.
1874         (Inspector::EventLoop::EventLoop):
1875         (Inspector::EventLoop::ended):
1876         Add a JavaScriptCore version of EventLoop. This is currently only
1877         used by the Mac port for JSGlobalObject remote inspection. Keep
1878         the WebCore/platform version alive because for the Mac port it does
1879         slightly different things involving AppKit.
1880
1881         * inspector/JSGlobalObjectInspectorController.cpp:
1882         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
1883         Create DebuggerAgent and hook up ScriptDebugServer where needed.
1884
1885         * inspector/JSGlobalObjectScriptDebugServer.cpp: Added.
1886         (Inspector::JSGlobalObjectScriptDebugServer::JSGlobalObjectScriptDebugServer):
1887         (Inspector::JSGlobalObjectScriptDebugServer::addListener):
1888         (Inspector::JSGlobalObjectScriptDebugServer::removeListener):
1889         (Inspector::JSGlobalObjectScriptDebugServer::recompileAllJSFunctions):
1890         (Inspector::JSGlobalObjectScriptDebugServer::runEventLoopWhilePaused):
1891         * inspector/JSGlobalObjectScriptDebugServer.h: Added.
1892         Simple implementation of ScriptDebugServer with a JSGlobalObject.
1893
1894         * inspector/agents/InspectorDebuggerAgent.cpp: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.cpp.
1895         * inspector/agents/InspectorDebuggerAgent.h: Renamed from Source/WebCore/inspector/InspectorDebuggerAgent.h.
1896         Copied from WebCore. A few methods need to be made virtual so that Web implementations
1897         can override and extend the funcitonality. E.g. sourceMapURLForScript and enable/disable.
1898         
1899         * inspector/agents/JSGlobalObjectDebuggerAgent.cpp: Added.
1900         * inspector/agents/JSGlobalObjectDebuggerAgent.h: Added.
1901         (Inspector::JSGlobalObjectDebuggerAgent::JSGlobalObjectDebuggerAgent):
1902         (Inspector::JSGlobalObjectDebuggerAgent::startListeningScriptDebugServer):
1903         (Inspector::JSGlobalObjectDebuggerAgent::stopListeningScriptDebugServer):
1904         (Inspector::JSGlobalObjectDebuggerAgent::injectedScriptForEval):
1905         Simple implementation of DebuggerAGent with a JSGlobalObject.
1906
1907 2014-01-25  Mark Lam  <mark.lam@apple.com>
1908
1909         Gardening: fix build breakage from previous commit.
1910
1911         Not reviewed.
1912
1913         * profiler/ProfileNode.cpp:
1914         (JSC::ProfileNode::debugPrintData):
1915         - Removed obsolete references to "visible" timers.
1916
1917 2014-01-25  Timothy Hatcher  <timothy@apple.com>
1918
1919         Remove dead code from the JSC profiler.
1920
1921         https://bugs.webkit.org/show_bug.cgi?id=127643
1922
1923         Reviewed by Mark Lam.
1924
1925         * profiler/Profile.cpp:
1926         * profiler/Profile.h:
1927         * profiler/ProfileGenerator.cpp:
1928         (JSC::ProfileGenerator::stopProfiling):
1929         * profiler/ProfileNode.cpp:
1930         (JSC::ProfileNode::ProfileNode):
1931         (JSC::ProfileNode::stopProfiling):
1932         (JSC::ProfileNode::endAndRecordCall):
1933         (JSC::ProfileNode::debugPrintData):
1934         (JSC::ProfileNode::debugPrintDataSampleStyle):
1935         * profiler/ProfileNode.h:
1936         (JSC::ProfileNode::totalTime):
1937         (JSC::ProfileNode::setTotalTime):
1938         (JSC::ProfileNode::selfTime):
1939         (JSC::ProfileNode::setSelfTime):
1940         (JSC::ProfileNode::totalPercent):
1941         (JSC::ProfileNode::selfPercent):
1942         Remove support for things like focus and exclude. The Inspector does those in JS now.
1943
1944 2014-01-25  Sam Weinig  <sam@webkit.org>
1945
1946         Remove unused support for DRAGGABLE_REGION
1947         https://bugs.webkit.org/show_bug.cgi?id=127642
1948
1949         Reviewed by Simon Fraser.
1950
1951         * Configurations/FeatureDefines.xcconfig:
1952
1953 2014-01-25  Darin Adler  <darin@apple.com>
1954
1955         Try to fix Mac build.
1956
1957         * runtime/DatePrototype.cpp: Put the include of <unicode/udat.h> inside
1958         a conditional since we don't have that header in our Mac build configuration.
1959
1960 2014-01-25  Darin Adler  <darin@apple.com>
1961
1962         Call deprecatedCharacters instead of characters at more call sites
1963         https://bugs.webkit.org/show_bug.cgi?id=127631
1964
1965         Reviewed by Sam Weinig.
1966
1967         * API/JSValueRef.cpp:
1968         (JSValueMakeFromJSONString):
1969         * API/OpaqueJSString.cpp:
1970         (OpaqueJSString::~OpaqueJSString):
1971         * bindings/ScriptValue.cpp:
1972         (Deprecated::jsToInspectorValue):
1973         * inspector/ContentSearchUtilities.cpp:
1974         (Inspector::ContentSearchUtilities::createSearchRegexSource):
1975         * inspector/InspectorValues.cpp:
1976         * runtime/Identifier.h:
1977         (JSC::Identifier::deprecatedCharacters):
1978         * runtime/JSStringBuilder.h:
1979         (JSC::JSStringBuilder::append):
1980         Use the new name.
1981
1982 2014-01-25  Darin Adler  <darin@apple.com>
1983
1984         Get rid of ICU_UNICODE and WCHAR_UNICODE remnants
1985         https://bugs.webkit.org/show_bug.cgi?id=127623
1986
1987         Reviewed by Anders Carlsson.
1988
1989         * runtime/DatePrototype.cpp: Removed USE(ICU_UNICODE) checks, since that's always true now.
1990
1991 2014-01-25  Darin Adler  <darin@apple.com>
1992
1993         [Mac] Rewrite locale-specific date formatting code to remove strange string creation
1994         https://bugs.webkit.org/show_bug.cgi?id=127624
1995
1996         Reviewed by Anders Carlsson.
1997
1998         * runtime/DatePrototype.cpp:
1999         (JSC::formatLocaleDate): Use some smart pointers and conversion operators we already
2000         have to do the formatting in a more straightforward way.
2001
2002 2014-01-25  Anders Carlsson  <andersca@apple.com>
2003
2004         Remove atomicIncrement/atomicDecrement
2005         https://bugs.webkit.org/show_bug.cgi?id=127625
2006
2007         Reviewed by Andreas Kling.
2008
2009         Replace atomicIncrement/atomicDecrement with std::atomic.
2010
2011         * bytecode/Watchpoint.h:
2012         * ftl/FTLLowerDFGToLLVM.cpp:
2013         (JSC::FTL::LowerDFGToLLVM::lower):
2014         * profiler/ProfilerDatabase.cpp:
2015         (JSC::Profiler::Database::Database):
2016         (JSC::Profiler::Database::addDatabaseToAtExit):
2017
2018 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2019
2020         Web Inspector: Move InspectorRuntimeAgent into JavaScriptCore
2021         https://bugs.webkit.org/show_bug.cgi?id=127605
2022
2023         Reviewed by Timothy Hatcher.
2024
2025         * CMakeLists.txt:
2026         * GNUmakefile.list.am:
2027         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2028         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2029         * JavaScriptCore.xcodeproj/project.pbxproj:
2030         Add new files to the build.
2031
2032         * inspector/agents/InspectorRuntimeAgent.h: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.h.
2033         * inspector/agents/InspectorRuntimeAgent.cpp: Renamed from Source/WebCore/inspector/InspectorRuntimeAgent.cpp.
2034         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
2035         (Inspector::InspectorRuntimeAgent::parse):
2036         (Inspector::InspectorRuntimeAgent::evaluate):
2037         (Inspector::InspectorRuntimeAgent::callFunctionOn):
2038         (Inspector::InspectorRuntimeAgent::getProperties):
2039         - Move the agent into JavaScriptCore.
2040         - Modernize and cleanup.
2041         - Make globalVM a pure virtual function for subclasses to implement.
2042
2043         * inspector/agents/JSGlobalObjectRuntimeAgent.h: Added.
2044         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp: Added.
2045         (Inspector::JSGlobalObjectRuntimeAgent::JSGlobalObjectRuntimeAgent):
2046         (Inspector::JSGlobalObjectRuntimeAgent::didCreateFrontendAndBackend):
2047         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
2048         (Inspector::JSGlobalObjectRuntimeAgent::globalVM):
2049         (Inspector::JSGlobalObjectRuntimeAgent::injectedScriptForEval):
2050         Straightforward JSGlobalObject implementation.
2051
2052         * inspector/JSGlobalObjectInspectorController.cpp:
2053         (Inspector::JSGlobalObjectInspectorController::JSGlobalObjectInspectorController):
2054         Add a runtime agent when inspecting a JSContext!
2055
2056 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2057
2058         Move JavaScriptCallFrame and ScriptDebugServer into JavaScriptCore for inspector
2059         https://bugs.webkit.org/show_bug.cgi?id=127543
2060
2061         Reviewed by Geoffrey Garen.
2062
2063         * CMakeLists.txt:
2064         * GNUmakefile.list.am:
2065         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2066         * JavaScriptCore.xcodeproj/project.pbxproj:
2067         Add new files.
2068
2069         * inspector/ScriptDebugListener.h:
2070         Extract WebCore knowledge from ScriptDebugServer. This will
2071         eventually be made to work outside of WebCore.
2072
2073         * inspector/ScriptDebugServer.h: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.h.
2074         * inspector/ScriptDebugServer.cpp: Renamed from Source/WebCore/bindings/js/ScriptDebugServer.cpp.
2075         (Inspector::ScriptDebugServer::evaluateBreakpointAction):
2076         (Inspector::ScriptDebugServer::dispatchDidPause):
2077         (Inspector::ScriptDebugServer::dispatchBreakpointActionLog):
2078         (Inspector::ScriptDebugServer::dispatchBreakpointActionSound):
2079         (Inspector::ScriptDebugServer::sourceParsed):
2080         (Inspector::ScriptDebugServer::dispatchFunctionToListeners):
2081         (Inspector::ScriptDebugServer::handlePause):
2082         Modernize code, and call the new ScriptDebugListener callbacks where appropriate.
2083
2084         * inspector/JSJavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JSJavaScriptCallFrameCustom.cpp.
2085         (Inspector::JSJavaScriptCallFrame::JSJavaScriptCallFrame):
2086         (Inspector::JSJavaScriptCallFrame::finishCreation):
2087         (Inspector::JSJavaScriptCallFrame::createPrototype):
2088         (Inspector::JSJavaScriptCallFrame::destroy):
2089         (Inspector::JSJavaScriptCallFrame::releaseImpl):
2090         (Inspector::JSJavaScriptCallFrame::~JSJavaScriptCallFrame):
2091         (Inspector::JSJavaScriptCallFrame::evaluate):
2092         (Inspector::JSJavaScriptCallFrame::scopeType):
2093         (Inspector::JSJavaScriptCallFrame::caller):
2094         (Inspector::JSJavaScriptCallFrame::sourceID):
2095         (Inspector::JSJavaScriptCallFrame::line):
2096         (Inspector::JSJavaScriptCallFrame::column):
2097         (Inspector::JSJavaScriptCallFrame::functionName):
2098         (Inspector::JSJavaScriptCallFrame::scopeChain):
2099         (Inspector::JSJavaScriptCallFrame::thisObject):
2100         (Inspector::JSJavaScriptCallFrame::type):
2101         (Inspector::toJS):
2102         (Inspector::toJSJavaScriptCallFrame):
2103         * inspector/JSJavaScriptCallFrame.h: Added.
2104         (Inspector::JSJavaScriptCallFrame::createStructure):
2105         (Inspector::JSJavaScriptCallFrame::create):
2106         (Inspector::JSJavaScriptCallFrame::impl):
2107         * inspector/JSJavaScriptCallFramePrototype.cpp: Added.
2108         (Inspector::JSJavaScriptCallFramePrototype::finishCreation):
2109         (Inspector::jsJavaScriptCallFramePrototypeFunctionEvaluate):
2110         (Inspector::jsJavaScriptCallFramePrototypeFunctionScopeType):
2111         (Inspector::jsJavaScriptCallFrameAttributeCaller):
2112         (Inspector::jsJavaScriptCallFrameAttributeSourceID):
2113         (Inspector::jsJavaScriptCallFrameAttributeLine):
2114         (Inspector::jsJavaScriptCallFrameAttributeColumn):
2115         (Inspector::jsJavaScriptCallFrameAttributeFunctionName):
2116         (Inspector::jsJavaScriptCallFrameAttributeScopeChain):
2117         (Inspector::jsJavaScriptCallFrameAttributeThisObject):
2118         (Inspector::jsJavaScriptCallFrameAttributeType):
2119         (Inspector::jsJavaScriptCallFrameConstantGLOBAL_SCOPE):
2120         (Inspector::jsJavaScriptCallFrameConstantLOCAL_SCOPE):
2121         (Inspector::jsJavaScriptCallFrameConstantWITH_SCOPE):
2122         (Inspector::jsJavaScriptCallFrameConstantCLOSURE_SCOPE):
2123         (Inspector::jsJavaScriptCallFrameConstantCATCH_SCOPE):
2124         * inspector/JSJavaScriptCallFramePrototype.h: Added.
2125         (Inspector::JSJavaScriptCallFramePrototype::create):
2126         (Inspector::JSJavaScriptCallFramePrototype::createStructure):
2127         (Inspector::JSJavaScriptCallFramePrototype::JSJavaScriptCallFramePrototype):
2128         * inspector/JavaScriptCallFrame.cpp: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.cpp.
2129         (Inspector::JavaScriptCallFrame::caller):
2130         * inspector/JavaScriptCallFrame.h: Renamed from Source/WebCore/bindings/js/JavaScriptCallFrame.h.
2131         Port of JavaScriptCallFrame.idl to a set of native JS classes.
2132
2133 2014-01-24  Mark Lam  <mark.lam@apple.com>
2134
2135         DebuggerCallFrame::evaluateWithCallFrame() should not execute a null executable.
2136         <https://webkit.org/b/127600>
2137
2138         Reviewed by Oliver Hunt.
2139
2140         In DebuggerCallFrame::evaluateWithCallFrame(), if the script string that
2141         is passed in is bad, it will fail to create an Executable i.e.
2142         EvalExecutable::create() returns a null pointer. However,
2143         DebuggerCallFrame::evaluateWithCallFrame() was just clearing the
2144         exception and proceeded to execute the null pointer as an Executable.
2145         A crash ensues.
2146
2147         Now, if an exception is detected while creating the Executable, we
2148         abort instead.
2149
2150         * debugger/DebuggerCallFrame.cpp:
2151         (JSC::DebuggerCallFrame::evaluateWithCallFrame):
2152
2153 2014-01-24  Oliver Hunt  <oliver@apple.com>
2154
2155         Put functions need to take a base object and a this value, and perform type checks on |this|
2156         https://bugs.webkit.org/show_bug.cgi?id=127594
2157
2158         Reviewed by Geoffrey Garen.
2159
2160         Change the signature for static setter functions, and update uses
2161
2162         * create_hash_table:
2163         * runtime/Lookup.h:
2164         (JSC::putEntry):
2165         * runtime/PutPropertySlot.h:
2166         * runtime/RegExpConstructor.cpp:
2167         (JSC::setRegExpConstructorInput):
2168         (JSC::setRegExpConstructorMultiline):
2169
2170 2014-01-24  Oliver Hunt  <oliver@apple.com>
2171
2172         Generic JSObject::put should handle static properties in the classinfo hierarchy
2173         https://bugs.webkit.org/show_bug.cgi?id=127523
2174
2175         Reviewed by Geoffrey Garen.
2176
2177         This patch makes JSObject::put correctly call static setters
2178         defined by the ClassInfo.
2179
2180         To make this not clobber performance, the ClassInfo HashTable
2181         now includes a flag to indicate that it contains setters. This
2182         required updating the lut generator so that it tracked (and emitted)
2183         this.
2184
2185         The rest of the change was making a number of the methods take
2186         a VM rather than an ExecState*, so that Structure could set the
2187         getter/setter flags during construction (if necessary).
2188
2189         This also means most objects do not need to perform a lookupPut
2190         manually anymore, so most custom ::put's are no longer needed.
2191         DOMWindow is the only exception as it has interesting security
2192         related semantics.
2193
2194         * create_hash_table:
2195         * interpreter/CallFrame.h:
2196         (JSC::ExecState::arrayConstructorTable):
2197         (JSC::ExecState::arrayPrototypeTable):
2198         (JSC::ExecState::booleanPrototypeTable):
2199         (JSC::ExecState::dataViewTable):
2200         (JSC::ExecState::dateTable):
2201         (JSC::ExecState::dateConstructorTable):
2202         (JSC::ExecState::errorPrototypeTable):
2203         (JSC::ExecState::globalObjectTable):
2204         (JSC::ExecState::jsonTable):
2205         (JSC::ExecState::numberConstructorTable):
2206         (JSC::ExecState::numberPrototypeTable):
2207         (JSC::ExecState::objectConstructorTable):
2208         (JSC::ExecState::privateNamePrototypeTable):
2209         (JSC::ExecState::regExpTable):
2210         (JSC::ExecState::regExpConstructorTable):
2211         (JSC::ExecState::regExpPrototypeTable):
2212         (JSC::ExecState::stringConstructorTable):
2213         (JSC::ExecState::promisePrototypeTable):
2214         (JSC::ExecState::promiseConstructorTable):
2215         * runtime/ArrayConstructor.cpp:
2216         (JSC::ArrayConstructor::getOwnPropertySlot):
2217         * runtime/ArrayPrototype.cpp:
2218         (JSC::ArrayPrototype::getOwnPropertySlot):
2219         * runtime/BooleanPrototype.cpp:
2220         (JSC::BooleanPrototype::getOwnPropertySlot):
2221         * runtime/ClassInfo.h:
2222         (JSC::ClassInfo::propHashTable):
2223         * runtime/DateConstructor.cpp:
2224         (JSC::DateConstructor::getOwnPropertySlot):
2225         * runtime/DatePrototype.cpp:
2226         (JSC::DatePrototype::getOwnPropertySlot):
2227         * runtime/ErrorPrototype.cpp:
2228         (JSC::ErrorPrototype::getOwnPropertySlot):
2229         * runtime/JSDataViewPrototype.cpp:
2230         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2231         * runtime/JSGlobalObject.cpp:
2232         (JSC::JSGlobalObject::getOwnPropertySlot):
2233         * runtime/JSONObject.cpp:
2234         (JSC::JSONObject::getOwnPropertySlot):
2235         * runtime/JSObject.cpp:
2236         (JSC::JSObject::put):
2237         (JSC::JSObject::deleteProperty):
2238         * runtime/JSPromiseConstructor.cpp:
2239         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2240         * runtime/JSPromisePrototype.cpp:
2241         (JSC::JSPromisePrototype::getOwnPropertySlot):
2242         * runtime/Lookup.h:
2243         (JSC::HashTable::copy):
2244         (JSC::putEntry):
2245         (JSC::lookupPut):
2246         * runtime/NamePrototype.cpp:
2247         (JSC::NamePrototype::getOwnPropertySlot):
2248         * runtime/NumberConstructor.cpp:
2249         (JSC::NumberConstructor::getOwnPropertySlot):
2250         * runtime/NumberConstructor.h:
2251         * runtime/NumberPrototype.cpp:
2252         (JSC::NumberPrototype::getOwnPropertySlot):
2253         * runtime/ObjectConstructor.cpp:
2254         (JSC::ObjectConstructor::getOwnPropertySlot):
2255         * runtime/RegExpConstructor.cpp:
2256         (JSC::RegExpConstructor::getOwnPropertySlot):
2257         * runtime/RegExpConstructor.h:
2258         * runtime/RegExpObject.cpp:
2259         (JSC::RegExpObject::getOwnPropertySlot):
2260         (JSC::RegExpObject::put):
2261         * runtime/RegExpPrototype.cpp:
2262         (JSC::RegExpPrototype::getOwnPropertySlot):
2263         * runtime/StringConstructor.cpp:
2264         (JSC::StringConstructor::getOwnPropertySlot):
2265         * runtime/Structure.cpp:
2266         (JSC::Structure::Structure):
2267         (JSC::Structure::freezeTransition):
2268         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2269
2270 2014-01-24  Commit Queue  <commit-queue@webkit.org>
2271
2272         Unreviewed, rolling out r162713.
2273         http://trac.webkit.org/changeset/162713
2274         https://bugs.webkit.org/show_bug.cgi?id=127593
2275
2276         broke media/network-no-source-const-shadow (Requested by
2277         thorton on #webkit).
2278
2279         * create_hash_table:
2280         * interpreter/CallFrame.h:
2281         (JSC::ExecState::arrayConstructorTable):
2282         (JSC::ExecState::arrayPrototypeTable):
2283         (JSC::ExecState::booleanPrototypeTable):
2284         (JSC::ExecState::dataViewTable):
2285         (JSC::ExecState::dateTable):
2286         (JSC::ExecState::dateConstructorTable):
2287         (JSC::ExecState::errorPrototypeTable):
2288         (JSC::ExecState::globalObjectTable):
2289         (JSC::ExecState::jsonTable):
2290         (JSC::ExecState::numberConstructorTable):
2291         (JSC::ExecState::numberPrototypeTable):
2292         (JSC::ExecState::objectConstructorTable):
2293         (JSC::ExecState::privateNamePrototypeTable):
2294         (JSC::ExecState::regExpTable):
2295         (JSC::ExecState::regExpConstructorTable):
2296         (JSC::ExecState::regExpPrototypeTable):
2297         (JSC::ExecState::stringConstructorTable):
2298         (JSC::ExecState::promisePrototypeTable):
2299         (JSC::ExecState::promiseConstructorTable):
2300         * runtime/ArrayConstructor.cpp:
2301         (JSC::ArrayConstructor::getOwnPropertySlot):
2302         * runtime/ArrayPrototype.cpp:
2303         (JSC::ArrayPrototype::getOwnPropertySlot):
2304         * runtime/BooleanPrototype.cpp:
2305         (JSC::BooleanPrototype::getOwnPropertySlot):
2306         * runtime/ClassInfo.h:
2307         (JSC::ClassInfo::propHashTable):
2308         * runtime/DateConstructor.cpp:
2309         (JSC::DateConstructor::getOwnPropertySlot):
2310         * runtime/DatePrototype.cpp:
2311         (JSC::DatePrototype::getOwnPropertySlot):
2312         * runtime/ErrorPrototype.cpp:
2313         (JSC::ErrorPrototype::getOwnPropertySlot):
2314         * runtime/JSDataViewPrototype.cpp:
2315         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2316         * runtime/JSGlobalObject.cpp:
2317         (JSC::JSGlobalObject::getOwnPropertySlot):
2318         * runtime/JSONObject.cpp:
2319         (JSC::JSONObject::getOwnPropertySlot):
2320         * runtime/JSObject.cpp:
2321         (JSC::JSObject::put):
2322         (JSC::JSObject::deleteProperty):
2323         * runtime/JSPromiseConstructor.cpp:
2324         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2325         * runtime/JSPromisePrototype.cpp:
2326         (JSC::JSPromisePrototype::getOwnPropertySlot):
2327         * runtime/Lookup.h:
2328         (JSC::HashTable::copy):
2329         (JSC::putEntry):
2330         (JSC::lookupPut):
2331         * runtime/NamePrototype.cpp:
2332         (JSC::NamePrototype::getOwnPropertySlot):
2333         * runtime/NumberConstructor.cpp:
2334         (JSC::NumberConstructor::getOwnPropertySlot):
2335         (JSC::NumberConstructor::put):
2336         * runtime/NumberConstructor.h:
2337         * runtime/NumberPrototype.cpp:
2338         (JSC::NumberPrototype::getOwnPropertySlot):
2339         * runtime/ObjectConstructor.cpp:
2340         (JSC::ObjectConstructor::getOwnPropertySlot):
2341         * runtime/RegExpConstructor.cpp:
2342         (JSC::RegExpConstructor::getOwnPropertySlot):
2343         (JSC::RegExpConstructor::put):
2344         * runtime/RegExpConstructor.h:
2345         * runtime/RegExpObject.cpp:
2346         (JSC::RegExpObject::getOwnPropertySlot):
2347         (JSC::RegExpObject::put):
2348         * runtime/RegExpPrototype.cpp:
2349         (JSC::RegExpPrototype::getOwnPropertySlot):
2350         * runtime/StringConstructor.cpp:
2351         (JSC::StringConstructor::getOwnPropertySlot):
2352         * runtime/Structure.cpp:
2353         (JSC::Structure::Structure):
2354         (JSC::Structure::freezeTransition):
2355
2356 2014-01-24  Mark Lam  <mark.lam@apple.com>
2357
2358         ASSERT(!m_markedSpace.m_currentDelayedReleaseScope) reloading page in inspector.
2359         <https://webkit.org/b/127582>
2360
2361         Reviewed by Mark Hahnenberg.
2362
2363         1. We should not enter a HeapIterationScope when we iterate the CodeBlocks.
2364            Apparently, iterating the CodeBlocks does not count as heap iteration.
2365
2366         2. If we're detaching the debugger due to the JSGlobalObject destructing,
2367            then we don't need to clear the debugger requests in the associated
2368            CodeBlocks. The JSGlobalObject destructing would mean that those
2369            CodeBlocks would be destructing too, and it may not be safe to access
2370            them anyway at this point.
2371
2372         The assertion failure is because we had entered a HeapIterationScope
2373         while the JSGlobalObject is destructing, which in turn means that GC
2374         sweeping is in progress. It's not legal to iterate the heap while the GC
2375         is sweeping. Once we fixed the above 2 issues, we will no longer have
2376         the conditions that manifests this assertion failure.
2377
2378         * debugger/Debugger.cpp:
2379         (JSC::Debugger::detach):
2380         (JSC::Debugger::setSteppingMode):
2381         (JSC::Debugger::toggleBreakpoint):
2382         (JSC::Debugger::clearBreakpoints):
2383         (JSC::Debugger::clearDebuggerRequests):
2384         * debugger/Debugger.h:
2385         * runtime/JSGlobalObject.cpp:
2386         (JSC::JSGlobalObject::~JSGlobalObject):
2387
2388 2014-01-24  Brent Fulgham  <bfulgham@apple.com>
2389
2390         [Win] Convert some NMake files to MSBuild project files
2391         https://bugs.webkit.org/show_bug.cgi?id=127579
2392
2393         Reviewed by Tim Horton.
2394
2395         * JavaScriptCore.vcxproj/JavaScriptCore.make: Removed.
2396         * JavaScriptCore.vcxproj/JavaScriptCore.proj: Added.
2397
2398 2014-01-24  Mark Lam  <mark.lam@apple.com>
2399
2400         Fixed a bad assertion in CodeBlock::removeBreakpoint().
2401         <https://webkit.org/b/127581>
2402
2403         Reviewed by Joseph Pecoraro.
2404
2405         * bytecode/CodeBlock.h:
2406         (JSC::CodeBlock::removeBreakpoint):
2407
2408 2014-01-24  Joseph Pecoraro  <pecoraro@apple.com>
2409
2410         fast/profiler tests ASSERTing after moving recompileAllJSFunctions off a timer
2411         https://bugs.webkit.org/show_bug.cgi?id=127566
2412
2413         Reviewed by Oliver Hunt.
2414
2415         Make the VM handle recompilation as soon as possible after it is requested.
2416
2417         * debugger/Debugger.cpp:
2418         (JSC::Debugger::recompileAllJSFunctions):
2419         When in a JavaScript stack, mark for recompilation when possible.
2420
2421         * runtime/VMEntryScope.h:
2422         (JSC::VMEntryScope::setRecompilationNeeded):
2423         * runtime/VMEntryScope.cpp:
2424         (JSC::VMEntryScope::VMEntryScope):
2425         (JSC::VMEntryScope::~VMEntryScope):
2426         Handle recompilation when the top VMEntryScope is popped.
2427         Pass the needs recompilation flag up the stack if needed.
2428
2429 2014-01-24  Oliver Hunt  <oliver@apple.com>
2430
2431         Generic JSObject::put should handle static properties in the classinfo hierarchy
2432         https://bugs.webkit.org/show_bug.cgi?id=127523
2433
2434         Reviewed by Geoffrey Garen.
2435
2436         This patch makes JSObject::put correctly call static setters
2437         defined by the ClassInfo.
2438
2439         To make this not clobber performance, the ClassInfo HashTable
2440         now includes a flag to indicate that it contains setters. This
2441         required updating the lut generator so that it tracked (and emitted)
2442         this.
2443
2444         The rest of the change was making a number of the methods take
2445         a VM rather than an ExecState*, so that Structure could set the
2446         getter/setter flags during construction (if necessary).
2447
2448         This also means most objects do not need to perform a lookupPut
2449         manually anymore, so most custom ::put's are no longer needed.
2450         DOMWindow is the only exception as it has interesting security
2451         related semantics.
2452
2453         * create_hash_table:
2454         * interpreter/CallFrame.h:
2455         (JSC::ExecState::arrayConstructorTable):
2456         (JSC::ExecState::arrayPrototypeTable):
2457         (JSC::ExecState::booleanPrototypeTable):
2458         (JSC::ExecState::dataViewTable):
2459         (JSC::ExecState::dateTable):
2460         (JSC::ExecState::dateConstructorTable):
2461         (JSC::ExecState::errorPrototypeTable):
2462         (JSC::ExecState::globalObjectTable):
2463         (JSC::ExecState::jsonTable):
2464         (JSC::ExecState::numberConstructorTable):
2465         (JSC::ExecState::numberPrototypeTable):
2466         (JSC::ExecState::objectConstructorTable):
2467         (JSC::ExecState::privateNamePrototypeTable):
2468         (JSC::ExecState::regExpTable):
2469         (JSC::ExecState::regExpConstructorTable):
2470         (JSC::ExecState::regExpPrototypeTable):
2471         (JSC::ExecState::stringConstructorTable):
2472         (JSC::ExecState::promisePrototypeTable):
2473         (JSC::ExecState::promiseConstructorTable):
2474         * runtime/ArrayConstructor.cpp:
2475         (JSC::ArrayConstructor::getOwnPropertySlot):
2476         * runtime/ArrayPrototype.cpp:
2477         (JSC::ArrayPrototype::getOwnPropertySlot):
2478         * runtime/BooleanPrototype.cpp:
2479         (JSC::BooleanPrototype::getOwnPropertySlot):
2480         * runtime/ClassInfo.h:
2481         (JSC::ClassInfo::propHashTable):
2482         * runtime/DateConstructor.cpp:
2483         (JSC::DateConstructor::getOwnPropertySlot):
2484         * runtime/DatePrototype.cpp:
2485         (JSC::DatePrototype::getOwnPropertySlot):
2486         * runtime/ErrorPrototype.cpp:
2487         (JSC::ErrorPrototype::getOwnPropertySlot):
2488         * runtime/JSDataViewPrototype.cpp:
2489         (JSC::JSDataViewPrototype::getOwnPropertySlot):
2490         * runtime/JSGlobalObject.cpp:
2491         (JSC::JSGlobalObject::getOwnPropertySlot):
2492         * runtime/JSONObject.cpp:
2493         (JSC::JSONObject::getOwnPropertySlot):
2494         * runtime/JSObject.cpp:
2495         (JSC::JSObject::put):
2496         (JSC::JSObject::deleteProperty):
2497         * runtime/JSPromiseConstructor.cpp:
2498         (JSC::JSPromiseConstructor::getOwnPropertySlot):
2499         * runtime/JSPromisePrototype.cpp:
2500         (JSC::JSPromisePrototype::getOwnPropertySlot):
2501         * runtime/Lookup.h:
2502         (JSC::HashTable::copy):
2503         (JSC::putEntry):
2504         (JSC::lookupPut):
2505         * runtime/NamePrototype.cpp:
2506         (JSC::NamePrototype::getOwnPropertySlot):
2507         * runtime/NumberConstructor.cpp:
2508         (JSC::NumberConstructor::getOwnPropertySlot):
2509         * runtime/NumberConstructor.h:
2510         * runtime/NumberPrototype.cpp:
2511         (JSC::NumberPrototype::getOwnPropertySlot):
2512         * runtime/ObjectConstructor.cpp:
2513         (JSC::ObjectConstructor::getOwnPropertySlot):
2514         * runtime/RegExpConstructor.cpp:
2515         (JSC::RegExpConstructor::getOwnPropertySlot):
2516         * runtime/RegExpConstructor.h:
2517         * runtime/RegExpObject.cpp:
2518         (JSC::RegExpObject::getOwnPropertySlot):
2519         (JSC::RegExpObject::put):
2520         * runtime/RegExpPrototype.cpp:
2521         (JSC::RegExpPrototype::getOwnPropertySlot):
2522         * runtime/StringConstructor.cpp:
2523         (JSC::StringConstructor::getOwnPropertySlot):
2524         * runtime/Structure.cpp:
2525         (JSC::Structure::Structure):
2526         (JSC::Structure::freezeTransition):
2527         (JSC::ClassInfo::hasStaticSetterOrReadonlyProperties):
2528
2529 2014-01-24  Mark Lam  <mark.lam@apple.com>
2530
2531         Skip op_profiler callbacks if !VM::m_enabledProfiler.
2532         https://bugs.webkit.org/show_bug.cgi?id=127567.
2533
2534         Reviewed by Geoffrey Garen.
2535
2536         The profiler may not be always active (recording). When it's not active
2537         (as in VM::m_enabledProfiler is null), then we might as well skip the
2538         op_profiler callbacks. The callbacks themselves were already previously
2539         gated by a VM::enabledProfiler() check. So, this change does not change
2540         any profiler behavior.
2541
2542         For the DFG, we'll turn the op_profiler handling into speculation checks
2543         and OSR exit to the baseline JIT if the profiler becomes active.
2544
2545         This brings the Octane score up to ~3000 from ~2840.
2546
2547         * dfg/DFGAbstractInterpreterInlines.h:
2548         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2549         * dfg/DFGByteCodeParser.cpp:
2550         (JSC::DFG::ByteCodeParser::parseBlock):
2551         * dfg/DFGClobberize.h:
2552         (JSC::DFG::clobberize):
2553         * dfg/DFGNodeType.h:
2554         * dfg/DFGSpeculativeJIT32_64.cpp:
2555         (JSC::DFG::SpeculativeJIT::compile):
2556         * dfg/DFGSpeculativeJIT64.cpp:
2557         (JSC::DFG::SpeculativeJIT::compile):
2558         * jit/JITOpcodes.cpp:
2559         (JSC::JIT::emit_op_profile_will_call):
2560         (JSC::JIT::emit_op_profile_did_call):
2561         * jit/JITOpcodes32_64.cpp:
2562         (JSC::JIT::emit_op_profile_will_call):
2563         (JSC::JIT::emit_op_profile_did_call):
2564         * llint/LowLevelInterpreter.asm:
2565         * runtime/VM.h:
2566         (JSC::VM::enabledProfilerAddress):
2567
2568 2014-01-24  Mark Lam  <mark.lam@apple.com>
2569
2570         Removing the need for Debugger* and m_shouldPause op_debug check.
2571         <https://webkit.org/b/127532>
2572
2573         Reviewed by Geoffrey Garen.
2574
2575         This patch replaces the checking of the Debugger::m_shouldPause flag
2576         with a procedure to set a SteppingMode flag on all CodeBlocks under
2577         the management of the debugger. This simplifies the op_debug checking
2578         logic in all the execution engines.
2579
2580         * bytecode/CodeBlock.cpp:
2581         * bytecode/CodeBlock.h:
2582         (JSC::CodeBlock::hasDebuggerRequests):
2583         (JSC::CodeBlock::debuggerRequestsAddress):
2584         (JSC::CodeBlock::setSteppingMode):
2585         (JSC::CodeBlock::clearDebuggerRequests):
2586         - CodeBlock::m_debuggerRequests is a union of m_numBreakpoints and the
2587           new m_steppingMode. The debugger can add/remove breakpoints to the
2588           CodeBlock as well as set the stepping mode. By having
2589           m_debuggerRequests as a union of the 2 bit fields, the op_debug code
2590           can now check if any of the 2 requests made on the CodeBlock is still
2591           in effect just by testing a single int.
2592
2593         * debugger/Debugger.cpp:
2594         (JSC::Debugger::Debugger):
2595         (JSC::Debugger::detach):
2596         - This was bug from before where I forgot to clear the CodeBlock
2597           breakpoints before detaching. We now take care of it by clearing all
2598           debugger requests made to the CodeBlock.
2599
2600         (JSC::Debugger::SetSteppingModeFunctor::SetSteppingModeFunctor):
2601         (JSC::Debugger::SetSteppingModeFunctor::operator()):
2602         (JSC::Debugger::setSteppingMode):
2603         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::ClearCodeBlockDebuggerRequestsFunctor):
2604         (JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor::operator()):
2605         (JSC::Debugger::clearBreakpoints):
2606
2607         (JSC::Debugger::ClearDebuggerRequestsFunctor::ClearDebuggerRequestsFunctor):
2608         (JSC::Debugger::ClearDebuggerRequestsFunctor::operator()):
2609         (JSC::Debugger::clearDebuggerRequests):
2610         - We need a distinct clearDebuggerRequests() from clearBreakpoints()
2611           because:
2612           1. When we detach a globalObject, we only want to clear the debugger
2613              requests in CodeBlocks from that global.
2614           2. Clearing the debugger requests in the CodeBlocks is not the same
2615              as clearing the breakpoints. The breakpoints are still in effect
2616              for the next time a globalObject is attached, or for other
2617              globalObjects that are still attached.
2618
2619         (JSC::Debugger::setPauseOnNextStatement):
2620         (JSC::Debugger::breakProgram):
2621         (JSC::Debugger::stepIntoStatement):
2622         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
2623         (JSC::Debugger::pauseIfNeeded):
2624         (JSC::Debugger::exception):
2625         (JSC::Debugger::willExecuteProgram):
2626         (JSC::Debugger::didReachBreakpoint):
2627         * debugger/Debugger.h:
2628         - We're always going to support the debugger. So, there's no longer
2629           a need to check ENABLE(JAVASCRIPT_DEBUGGER). Removed the unneeded code.
2630
2631         * dfg/DFGSpeculativeJIT32_64.cpp:
2632         (JSC::DFG::SpeculativeJIT::compile):
2633         * dfg/DFGSpeculativeJIT64.cpp:
2634         (JSC::DFG::SpeculativeJIT::compile):
2635         * interpreter/Interpreter.cpp:
2636         (JSC::Interpreter::debug):
2637         * jit/JITOpcodes.cpp:
2638         (JSC::JIT::emit_op_debug):
2639         * jit/JITOpcodes32_64.cpp:
2640         (JSC::JIT::emit_op_debug):
2641         * llint/LowLevelInterpreter.asm:
2642         * runtime/JSGlobalObject.h:
2643         (JSC::JSGlobalObject::setDebugger):
2644
2645 2014-01-24  Michael Saboff  <msaboff@apple.com>
2646
2647         ARM Offline assembler temporary register allocator has duplicate register when building fat binaries
2648         https://bugs.webkit.org/show_bug.cgi?id=127545
2649
2650         Reviewed by Mark Lam.
2651
2652         Eliminate the conditional addition of r11/r7 from getModifiedListARMCommon as the
2653         .concat will add the new register to ARM_EXTRA_GPRS.  If getModifiedListARMCommon is
2654         invoked a second time, there will be a second r11 or r7, which messes things up.
2655         Instead, r6 was added to ARM_EXTRA_GPRS.  r6 is currently an unused register.
2656
2657         * offlineasm/arm.rb:
2658
2659 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2660
2661         Move ContentSearchUtils, ScriptBreakpoint, and ScriptDebugListener into JavaScriptCore for inspector
2662         https://bugs.webkit.org/show_bug.cgi?id=127537
2663
2664         Reviewed by Timothy Hatcher.
2665
2666         * CMakeLists.txt:
2667         * GNUmakefile.list.am:
2668         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2669         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2670         * JavaScriptCore.xcodeproj/project.pbxproj:
2671         * inspector/ContentSearchUtilities.cpp: Renamed from Source/WebCore/inspector/ContentSearchUtils.cpp.
2672         (Inspector::ContentSearchUtilities::createSearchRegexSource):
2673         (Inspector::ContentSearchUtilities::sizetExtractor):
2674         (Inspector::ContentSearchUtilities::textPositionFromOffset):
2675         (Inspector::ContentSearchUtilities::getRegularExpressionMatchesByLines):
2676         (Inspector::ContentSearchUtilities::lineEndings):
2677         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
2678         (Inspector::ContentSearchUtilities::createSearchRegex):
2679         (Inspector::ContentSearchUtilities::countRegularExpressionMatches):
2680         (Inspector::ContentSearchUtilities::searchInTextByLines):
2681         (Inspector::ContentSearchUtilities::scriptCommentPattern):
2682         (Inspector::ContentSearchUtilities::stylesheetCommentPattern):
2683         (Inspector::ContentSearchUtilities::findMagicComment):
2684         (Inspector::ContentSearchUtilities::findScriptSourceURL):
2685         (Inspector::ContentSearchUtilities::findScriptSourceMapURL):
2686         (Inspector::ContentSearchUtilities::findStylesheetSourceMapURL):
2687         * inspector/ContentSearchUtilities.h: Renamed from Source/WebCore/inspector/ContentSearchUtils.h.
2688         * inspector/ScriptBreakpoint.h: Renamed from Source/WebCore/inspector/ScriptBreakpoint.h.
2689         (Inspector::ScriptBreakpointAction::ScriptBreakpointAction):
2690         (Inspector::ScriptBreakpoint::ScriptBreakpoint):
2691         * inspector/ScriptDebugListener.h: Renamed from Source/WebCore/inspector/ScriptDebugListener.h.
2692         (Inspector::ScriptDebugListener::Script::Script):
2693         (Inspector::ScriptDebugListener::~ScriptDebugListener):
2694         * runtime/RegExp.cpp:
2695         (JSC::RegExp::match):
2696
2697 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2698
2699         Move RegularExpression into JavaScriptCore for inspector
2700         https://bugs.webkit.org/show_bug.cgi?id=127526
2701
2702         Reviewed by Geoffrey Garen.
2703
2704         Move RegularExpression into JavaScriptCore/yarr so it can
2705         be used later on by JavaScriptCore/inspector. Convert to
2706         the JSC::Yarr namespace.
2707
2708         * CMakeLists.txt:
2709         * GNUmakefile.list.am:
2710         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2711         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2712         * JavaScriptCore.xcodeproj/project.pbxproj:
2713         * yarr/RegularExpression.cpp: Renamed from Source/WebCore/platform/text/RegularExpression.cpp.
2714         (JSC::Yarr::RegularExpression::Private::create):
2715         (JSC::Yarr::RegularExpression::Private::Private):
2716         (JSC::Yarr::RegularExpression::Private::compile):
2717         (JSC::Yarr::RegularExpression::RegularExpression):
2718         (JSC::Yarr::RegularExpression::~RegularExpression):
2719         (JSC::Yarr::RegularExpression::operator=):
2720         (JSC::Yarr::RegularExpression::match):
2721         (JSC::Yarr::RegularExpression::searchRev):
2722         (JSC::Yarr::RegularExpression::matchedLength):
2723         (JSC::Yarr::replace):
2724         (JSC::Yarr::RegularExpression::isValid):
2725         * yarr/RegularExpression.h: Renamed from Source/WebCore/platform/text/RegularExpression.h.
2726
2727 2014-01-23  Joseph Pecoraro  <pecoraro@apple.com>
2728
2729         Web Inspector: Remove recompileAllJSFunctions timer in ScriptDebugServer
2730         https://bugs.webkit.org/show_bug.cgi?id=127409
2731
2732         Reviewed by Geoffrey Garen.
2733
2734         * inspector/InspectorAgentBase.h:
2735         When disconnecting agents, provide a InspectorDisconnectReason for
2736         the disconnection. It could be that an inspector frontend is just
2737         disconnecting or that the inspected object is going away entirely
2738         and we can avoid doing some work.
2739
2740         * runtime/JSGlobalObjectDebuggable.h:
2741         * runtime/JSGlobalObjectDebuggable.cpp:
2742         (JSC::JSGlobalObjectDebuggable::~JSGlobalObjectDebuggable):
2743         (JSC::JSGlobalObjectDebuggable::disconnect):
2744         (JSC::JSGlobalObjectDebuggable::disconnectInternal):
2745         Pass different reasons for the different disconnects.
2746
2747         * inspector/InspectorAgentRegistry.cpp:
2748         (Inspector::InspectorAgentRegistry::willDestroyFrontendAndBackend):
2749         * inspector/InspectorAgentRegistry.h:
2750         * inspector/JSGlobalObjectInspectorController.cpp:
2751         (Inspector::JSGlobalObjectInspectorController::disconnectFrontend):
2752         * inspector/JSGlobalObjectInspectorController.h:
2753         * inspector/agents/InspectorAgent.cpp:
2754         (Inspector::InspectorAgent::willDestroyFrontendAndBackend):
2755         * inspector/agents/InspectorAgent.h:
2756         Pass InspectorDisconnectReason around where needed.
2757
2758 2014-01-23  Mark Lam  <mark.lam@apple.com>
2759
2760         Enable DFG for the Debugger and Profiler.
2761         <https://webkit.org/b/122847>
2762
2763         Reviewed by Geoffrey Garen.
2764
2765         In this patch, we implement DFG op_debug as a series of 3 checks:
2766         1. Check if the debugger pointer is non-null. This is needed in case
2767            the debugger has been detached but the DFG code is still running
2768            on the stack.
2769         2. Check if Debugger::m_shouldPause is true.
2770         3. Check if CodeBlock::m_numBreakpoints is non-zero.
2771
2772         These are the same 3 checks done in the LLINT and baselineJIT. But unlike
2773         the LLINT and baselineJIT, these DFG checks are implemented as
2774         speculationChecks. If the check fails, we OSR exit to the baselineJIT and
2775         let it do the work of servicing the op_debug callback.
2776
2777         Stepping through code in the debugger would work the same way. The top
2778         function being debugged has to be a LLINT or baselineJIT function because
2779         we would have OSR exited if there is a breakpoint in that function. When
2780         we step out of that function to its caller, we expect that the caller will
2781         call back to the debugger at the next op_debug. If the caller function is
2782         a DFG function, the op_debug site will fail its speculation check on
2783         Debugger::m_shouldPause and deopt into a baselineJIT function. Execution
2784         continues from there as usual, and the debugger gets its callback.
2785
2786         For the profile, op_profile_will_call and op_profile_did_call are
2787         implemented as simple runtime calls to service the profiler.
2788
2789         With this patch, Octane performance with the WebInspector open jump from
2790         ~2000 to ~2500 (25% progression).
2791
2792         * bytecode/CodeBlock.h:
2793         (JSC::CodeBlock::numBreakpointsAddress):
2794         * bytecode/ExitKind.cpp:
2795         (JSC::exitKindToString):
2796         * bytecode/ExitKind.h:
2797         * debugger/Debugger.cpp:
2798         (JSC::Debugger::toggleBreakpoint):
2799         - removed an obsolete assertion. The debugger can now handle DFG
2800           CodeBlocks too.
2801         * debugger/Debugger.h:
2802         * dfg/DFGAbstractInterpreterInlines.h:
2803         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2804         * dfg/DFGByteCodeParser.cpp:
2805         (JSC::DFG::ByteCodeParser::parseBlock):
2806         * dfg/DFGCapabilities.cpp:
2807         (JSC::DFG::capabilityLevel):
2808         * dfg/DFGClobberize.h:
2809         (JSC::DFG::clobberize):
2810         * dfg/DFGFixupPhase.cpp:
2811         (JSC::DFG::FixupPhase::fixupNode):
2812         * dfg/DFGNodeType.h:
2813         * dfg/DFGPredictionPropagationPhase.cpp:
2814         (JSC::DFG::PredictionPropagationPhase::propagate):
2815         * dfg/DFGSafeToExecute.h:
2816         (JSC::DFG::safeToExecute):
2817         * dfg/DFGSpeculativeJIT.h:
2818         (JSC::DFG::SpeculativeJIT::callOperation):
2819         * dfg/DFGSpeculativeJIT32_64.cpp:
2820         (JSC::DFG::SpeculativeJIT::compile):
2821         * dfg/DFGSpeculativeJIT64.cpp:
2822         (JSC::DFG::SpeculativeJIT::compile):
2823         * runtime/JSGlobalObject.h:
2824         (JSC::JSGlobalObject::debuggerAddress):
2825
2826 2014-01-23  Max Vujovic  <mvujovic@adobe.com>
2827
2828         Remove CSS Custom Filters code and tests
2829         https://bugs.webkit.org/show_bug.cgi?id=127382
2830
2831         Reviewed by Simon Fraser.
2832
2833         * Configurations/FeatureDefines.xcconfig:
2834
2835 2014-01-22  Brent Fulgham  <bfulgham@apple.com>
2836
2837         [Win] Update project and solution files for 64-bit builds.
2838         https://bugs.webkit.org/show_bug.cgi?id=127457
2839
2840         Reviewed by Eric Carlson.
2841
2842         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Add 64-bit target.
2843         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Update for VS2013
2844         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add missing
2845         file from project view.
2846         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Update for VS2013
2847         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Ditto
2848         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Ditto
2849
2850 2014-01-22  Mark Lam  <mark.lam@apple.com>
2851
2852         Poor man's fast breakpoints for a 2.3x debugger speedup.
2853         <https://webkit.org/b/122836>
2854
2855         Reviewed by Geoffrey Garen.
2856
2857         Previously we gained back some performance (run at baseline JIT speeds)
2858         when the WebInspector is opened provided no breakpoints are set. This
2859         was achieved by simply skipping all op_debug callbacks to the debugger
2860         if no breakpoints are set. If any breakpoints are set, the debugger will
2861         set a m_needsOpDebugCallbacks flag which causes the callbacks to be
2862         called, and we don't get the baseline JIT speeds anymore.
2863
2864         With this patch, we will now track the number of breakpoints set in the
2865         CodeBlock that they are set in. The LLINT and baseline JIT code will
2866         check CodeBlock::m_numBreakpoints to determine if the op_debug callbacks
2867         need to be called. With this, we will only enable op_debug callbacks for
2868         CodeBlocks that need it i.e. those with breakpoints set in them.
2869
2870         Debugger::m_needsOpDebugCallbacks is now obsoleted. The LLINT and baseline
2871         JIT code still needs to check Debugger::m_shouldPause to determine if the
2872         debugger is in stepping mode and hence, needs op_debug callbacks enabled
2873         for everything until the debugger "continues" the run and exit stepping
2874         mode.
2875
2876         Also in this patch, I fixed a regression in DOM breakpoints which relies
2877         Debugger::breakProgram() to pause the debugger.
2878
2879         * bytecode/CodeBlock.cpp:
2880         (JSC::CodeBlock::dumpBytecode):
2881         - Missed accounting for op_debug's new hasBreakpointFlag operand here when
2882           it was added.
2883         (JSC::CodeBlock::CodeBlock):
2884         (JSC::CodeBlock::hasOpDebugForLineAndColumn):
2885         - This is needed in Debugger::toggleBreakpoint() to determine if a
2886           breakpoint falls within a CodeBlock or not. Simply checking the bounds
2887           of the CodeBlock is insufficient. For example, let's say we have the
2888           following JS code:
2889
2890               // begin global scope
2891               function f1() {
2892                   function f2() {
2893                      ... // set breakpoint here.
2894                   }
2895               }
2896               // end global scope
2897
2898           Using the CodeBlock bounds alone, the breakpoint above will to appear
2899           to be in the global program CodeBlock, and the CodeBlocks for function
2900           f1() and f2(). With CodeBlock::hasOpDebugForLineAndColumn() we can
2901           rule out the global program CodeBlock and f1(), and only apply the
2902           breakpoint to f2(0 where it belongs.
2903
2904           CodeBlock::hasOpDebugForLineAndColumn() works by iterating over all
2905           the opcodes in the CodeBlock to look for op_debug's. For each op_debug,
2906           it calls CodeBlock::expressionRangeForBytecodeOffset() to do a binary
2907           seach to get the line and column info for that op_debug. This is a
2908           N * log(N) algorithm. However, a quick hands on test using the
2909           WebInspector (with this patch applied) to exercise setting, breaking
2910           on, and clearing breakpoints, as well as stepping through some code
2911           shows no noticeable degradation of the user experience compared to the
2912           baseline without this patch.
2913
2914         * bytecode/CodeBlock.h:
2915         (JSC::CodeBlock::numBreakpoints):
2916         (JSC::CodeBlock::numBreakpointsOffset):
2917         (JSC::CodeBlock::addBreakpoint):
2918         (JSC::CodeBlock::removeBreakpoint):
2919         (JSC::CodeBlock::clearAllBreakpoints):
2920         * debugger/Breakpoint.h:
2921         - defined Breakpoint::unspecifiedColumn so that we can explicitly indicate
2922           when the WebInspector was setting a line breakpoint and did not provide
2923           a column value. CodeBlock::hasOpDebugForLineAndColumn() needs this
2924           information in order to loosen its matching criteria for op_debug
2925           bytecodes for the specified breakpoint line and column values provided
2926           by the debugger.
2927
2928           Previously, we just hijack a 0 value column as an unspecified column.
2929           However, the WebInspector operates on 0-based ints for column values.
2930           Hence, 0 should be a valid column value and should not be hijacked to
2931           mean an unspecified column.
2932
2933         * debugger/Debugger.cpp:
2934         (JSC::Debugger::Debugger):
2935         - added tracking of the VM that the debugger is used with. This is
2936           needed by Debugger::breakProgram().
2937
2938           The VM pointer is attained from the first JSGlobalObject that the debugger
2939           attaches to. When the debugger detaches from the last JSGlobalObject, it
2940           will nullify its VM pointer to allow a new one to be set on the next
2941           attach.
2942
2943           We were always only using each debugger instance with one VM. This change
2944           makes it explicit with an assert to ensure that all globalObjects that
2945           the debugger attaches to beongs to the same VM.
2946
2947         (JSC::Debugger::attach):
2948         (JSC::Debugger::detach):
2949         (JSC::Debugger::setShouldPause):
2950
2951         (JSC::Debugger::registerCodeBlock):
2952         (JSC::Debugger::unregisterCodeBlock):
2953         - registerCodeBlock() is responsible for applying pre-existing breakpoints
2954           to new CodeBlocks being installed. Similarly, unregisterCodeBlock()
2955           clears the breakpoints.
2956
2957         (JSC::Debugger::toggleBreakpoint):
2958         - This is the workhorse function that checks if a breakpoint falls within
2959           a CodeBlock or not. If it does, then it can either enable or disable
2960           said breakpoint in the CodeBlock. In the current implementation,
2961           enabling/disabling the breakpoint simply means incrementing/decrementing
2962           the CodeBlock's m_numBreakpoints.
2963
2964         (JSC::Debugger::applyBreakpoints):
2965
2966         (JSC::Debugger::ToggleBreakpointFunctor::ToggleBreakpointFunctor):
2967         (JSC::Debugger::ToggleBreakpointFunctor::operator()):
2968         (JSC::Debugger::toggleBreakpoint):
2969         - Iterates all relevant CodeBlocks and apply the specified breakpoint
2970           if appropriate. This is called when a new breakpoint is being defined
2971           by the WebInspector and needs to be applied to an already installed
2972           CodeBlock.
2973
2974         (JSC::Debugger::setBreakpoint):
2975         (JSC::Debugger::removeBreakpoint):
2976         (JSC::Debugger::hasBreakpoint):
2977         (JSC::Debugger::ClearBreakpointsFunctor::ClearBreakpointsFunctor):
2978         (JSC::Debugger::ClearBreakpointsFunctor::operator()):
2979         (JSC::Debugger::clearBreakpoints):
2980
2981         (JSC::Debugger::breakProgram):
2982         - Fixed a regression that broke DOM breakpoints. The issue is that with
2983           the skipping of op_debug callbacks, we don't always have an updated
2984           m_currentCallFrame. Normally, m_currentCallFrame is provided as arg
2985           in the op_debug callback. In this case, we can get the CallFrame* from
2986           m_vm->topCallFrame.
2987
2988         (JSC::Debugger::updateCallFrameAndPauseIfNeeded):
2989         (JSC::Debugger::pauseIfNeeded):
2990         (JSC::Debugger::willExecuteProgram):
2991         * debugger/Debugger.h:
2992         (JSC::Debugger::Debugger):
2993         (JSC::Debugger::shouldPause):
2994
2995         * heap/CodeBlockSet.h:
2996         (JSC::CodeBlockSet::iterate):
2997         * heap/Heap.h:
2998         (JSC::Heap::forEachCodeBlock):
2999         - Added utility to iterate all CodeBlocks in the heap / VM.
3000
3001         * interpreter/Interpreter.cpp:
3002         (JSC::Interpreter::debug):
3003
3004         * jit/JITOpcodes.cpp:
3005         (JSC::JIT::emit_op_debug):
3006         * jit/JITOpcodes32_64.cpp:
3007         (JSC::JIT::emit_op_debug):
3008         * llint/LowLevelInterpreter.asm:
3009         - These now checks CodeBlock::m_numBreakpoints and Debugger::m_shouldPause
3010           instead of Debugger::m_needsOpDebugCallbacks.
3011
3012         * runtime/Executable.cpp:
3013         (JSC::ScriptExecutable::installCode):
3014
3015 2014-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
3016
3017         Remove CSS3_TEXT_DECORATION define
3018         https://bugs.webkit.org/show_bug.cgi?id=127333
3019
3020         This is required for unprefixing the text-decoration-* CSS properties.
3021
3022         Reviewed by Simon Fraser.
3023
3024         * Configurations/FeatureDefines.xcconfig:
3025
3026 2014-01-22  Alexey Proskuryakov  <ap@apple.com>
3027
3028         Update JS whitespace definition for changes in Unicode 6.3
3029         https://bugs.webkit.org/show_bug.cgi?id=127450
3030         <rdar://15863457>
3031
3032         Reviewed by Oliver Hunt.
3033
3034         Covered by existing tests when running against a Unicode back-end that supports
3035         Unicode 6.3 or higher.
3036
3037         * runtime/JSGlobalObjectFunctions.cpp: (JSC::isStrWhiteSpace): Explicitly allow
3038         U+180E MONGOLIAN VOWEL SEPARATOR, because we need to keep recognizing all characters
3039         that used to be whitespace.
3040
3041 2014-01-21  Mark Hahnenberg  <mhahnenberg@apple.com>
3042
3043         Registers used in writeBarrierOnOperand can cause clobbering on some platforms
3044         https://bugs.webkit.org/show_bug.cgi?id=127357
3045
3046         Reviewed by Filip Pizlo.
3047
3048         Some platforms use t0 and t1 for their first two arguments, so using those to load the 
3049         cell for the write barrier is a bad idea because it will get clobbered.
3050
3051         * llint/LowLevelInterpreter32_64.asm:
3052         * llint/LowLevelInterpreter64.asm:
3053
3054 2014-01-21  Mark Rowe  <mrowe@apple.com>
3055
3056         Mac production build fix.
3057
3058         Move the shell script build phase to copy jsc into JavaScriptCore.framework
3059         out of the jsc target and in to the All target so that it's not run during
3060         production builds. Xcode appears to the parent directories of paths referenced
3061         in the Output Files of the build phase, which leads to problems when the
3062         SYMROOT for the JavaScriptCore framework and the jsc executables are later merged.
3063
3064         I've also fixed the path to the Resources folder in the script while I'm here.
3065         On iOS the framework bundle is shallow so the correct destination is Resources/
3066         rather than Versions/A/Resources. This is handled by tweaking the
3067         JAVASCRIPTCORE_RESOURCES_DIR configuration setting to be relative rather than
3068         a complete path so we can reuse it in the script. The references in JSC.xcconfig
3069         and ToolExecutable.xcconfig are updated to prepend JAVASCRIPTCORE_FRAMEWORKS_DIR
3070         to preserve their former values.
3071
3072         * Configurations/Base.xcconfig:
3073         * Configurations/JSC.xcconfig:
3074         * Configurations/ToolExecutable.xcconfig:
3075         * JavaScriptCore.xcodeproj/project.pbxproj:
3076
3077 2014-01-19  Andreas Kling  <akling@apple.com>
3078
3079         JSC Parser: Shrink BindingNode.
3080         <https://webkit.org/b/127253>
3081
3082         The "divot" and "end" source locations are always identical for
3083         BindingNodes, so store only "start" and "end" instead.
3084
3085         1.19 MB progression on Membuster3.
3086
3087         Reviewed by Geoff Garen.
3088
3089         * bytecompiler/NodesCodegen.cpp:
3090         (JSC::BindingNode::bindValue):
3091         * parser/ASTBuilder.h:
3092         (JSC::ASTBuilder::createBindingLocation):
3093         * parser/NodeConstructors.h:
3094         (JSC::BindingNode::create):
3095         (JSC::BindingNode::BindingNode):
3096         * parser/Nodes.h:
3097         (JSC::BindingNode::divotStart):
3098         (JSC::BindingNode::divotEnd):
3099         * parser/Parser.cpp:
3100         (JSC::Parser<LexerType>::createBindingPattern):
3101         * parser/SyntaxChecker.h:
3102         (JSC::SyntaxChecker::operatorStackPop):
3103
3104 2014-01-20  Filip Pizlo  <fpizlo@apple.com>
3105
3106         op_captured_mov and op_new_captured_func in UnlinkedCodeBlocks should use the IdentifierMap instead of the strings directly
3107         https://bugs.webkit.org/show_bug.cgi?id=127311
3108         <rdar://problem/15853958>
3109
3110         Reviewed by Andreas Kling.
3111         
3112         This makes UnlinkedCodeBlocks use 32-bit instruction streams again.
3113
3114         * bytecode/CodeBlock.cpp:
3115         (JSC::CodeBlock::CodeBlock):
3116         * bytecode/UnlinkedCodeBlock.h:
3117         (JSC::UnlinkedInstruction::UnlinkedInstruction):
3118         * bytecompiler/BytecodeGenerator.cpp:
3119         (JSC::BytecodeGenerator::addVar):
3120         (JSC::BytecodeGenerator::emitInitLazyRegister):
3121         (JSC::BytecodeGenerator::createArgumentsIfNecessary):
3122         * bytecompiler/BytecodeGenerator.h:
3123         (JSC::BytecodeGenerator::watchableVariable):
3124         (JSC::BytecodeGenerator::hasWatchableVariable):
3125
3126 2014-01-20  Mark Lam  <mark.lam@apple.com>
3127
3128         Removing CodeBlock::opDebugBytecodeOffsetForLineAndColumn() and friends.
3129         <https://webkit.org/b/127321>
3130
3131         Reviewed by Geoffrey Garen.
3132
3133         We're changing plans and will be going with CodeBlock level breakpoints
3134         instead of bytecode level breakpoints. As a result, we no longer need
3135         the services of CodeBlock::opDebugBytecodeOffsetForLineAndColumn() (and
3136         friends). This patch will remove that unused code.
3137
3138         * GNUmakefile.list.am:
3139         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3140         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3141         * JavaScriptCore.xcodeproj/project.pbxproj:
3142         * bytecode/CodeBlock.cpp:
3143         * bytecode/CodeBlock.h:
3144         * bytecode/LineColumnInfo.h: Removed.
3145         * bytecode/UnlinkedCodeBlock.cpp:
3146         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
3147         * bytecode/UnlinkedCodeBlock.h:
3148
3149 2014-01-20  Mark Hahnenberg  <mhahnenberg@apple.com>
3150
3151         CodeBlockSet::traceMarked doesn't need to visit the ownerExecutable
3152         https://bugs.webkit.org/show_bug.cgi?id=127301
3153
3154         Reviewed by Oliver Hunt.
3155
3156         We used to just call CodeBlock::visitAggregate, but now we call visitChildren 
3157         on the ownerExecutable, which is unnecessary. 
3158
3159         * heap/CodeBlockSet.cpp:
3160         (JSC::CodeBlockSet::traceMarked):
3161
3162 2014-01-20  Anders Carlsson  <andersca@apple.com>
3163
3164         Fix build.
3165
3166         * heap/BlockAllocator.h:
3167
3168 2014-01-20  Anders Carlsson  <andersca@apple.com>
3169
3170         Stop using ThreadCondition in BlockAllocator
3171         https://bugs.webkit.org/show_bug.cgi?id=126313
3172
3173         Reviewed by Sam Weinig.
3174
3175         * heap/BlockAllocator.cpp:
3176         (JSC::BlockAllocator::~BlockAllocator):
3177         (JSC::BlockAllocator::waitForDuration):
3178         (JSC::BlockAllocator::blockFreeingThreadMain):
3179         * heap/BlockAllocator.h:
3180         (JSC::BlockAllocator::deallocate):
3181
3182 2014-01-19  Anders Carlsson  <andersca@apple.com>
3183
3184         Convert GCThreadSharedData over to STL threading primitives
3185         https://bugs.webkit.org/show_bug.cgi?id=127256
3186
3187         Reviewed by Andreas Kling.
3188
3189         * heap/GCThread.cpp:
3190         (JSC::GCThread::waitForNextPhase):
3191         (JSC::GCThread::gcThreadMain):
3192         * heap/GCThreadSharedData.cpp:
3193         (JSC::GCThreadSharedData::GCThreadSharedData):
3194         (JSC::GCThreadSharedData::~GCThreadSharedData):
3195         (JSC::GCThreadSharedData::startNextPhase):
3196         (JSC::GCThreadSharedData::endCurrentPhase):
3197         (JSC::GCThreadSharedData::didStartMarking):
3198         (JSC::GCThreadSharedData::didFinishMarking):
3199         * heap/GCThreadSharedData.h:
3200         * heap/SlotVisitor.cpp:
3201         (JSC::SlotVisitor::donateKnownParallel):
3202         (JSC::SlotVisitor::drainFromShared):
3203
3204 2014-01-18  Andreas Kling  <akling@apple.com>
3205
3206         CodeBlock: Size m_callLinkInfos and m_byValInfos to fit earlier.
3207         <https://webkit.org/b/127239>
3208
3209         Reviewed by Anders Carlsson.
3210
3211         * bytecode/CodeBlock.h:
3212         (JSC::CodeBlock::setNumberOfByValInfos):
3213         (JSC::CodeBlock::setNumberOfCallLinkInfos):
3214
3215             Use resizeToFit() instead of grow() for these vectors, since
3216             we know the final size here.
3217
3218         * bytecode/CodeBlock.cpp:
3219         (JSC::CodeBlock::shrinkToFit):
3220
3221             No need to shrink here anymore. We were not even shrinking
3222             m_byValInfo before!
3223
3224 2014-01-18  Andreas Kling  <akling@apple.com>
3225
3226         CodeBlock: Size m_function{Exprs,Decls} to fit from creation.
3227         <https://webkit.org/b/127238>
3228
3229         Reviewed by Anders Carlsson.
3230
3231         * bytecode/CodeBlock.cpp:
3232         (JSC::CodeBlock::CodeBlock):
3233
3234             Use resizeToFit() instead of grow() for m_functionExprs and
3235             m_functionDecls since we know they will never change size.
3236
3237         (JSC::CodeBlock::shrinkToFit):
3238
3239             No need to shrink them here anymore.
3240
3241 2014-01-18  Andreas Kling  <akling@apple.com>
3242
3243         Remove unused CodeBlock::m_additionalIdentifiers member.
3244         <https://webkit.org/b/127237>
3245
3246         Reviewed by Anders Carlsson.
3247
3248         * bytecode/CodeBlock.h:
3249         * bytecode/CodeBlock.cpp:
3250         (JSC::CodeBlock::CodeBlock):
3251         (JSC::CodeBlock::shrinkToFit):
3252
3253             Remove m_additionalIdentifiers, nothing uses it.
3254
3255 2014-01-18  Andreas Kling  <akling@apple.com>
3256
3257         Remove two unused CodeBlock functions.
3258         <https://webkit.org/b/127235>
3259
3260         Kill copyPostParseDataFrom() and copyPostParseDataFromAlternative()
3261         since they are not used.
3262
3263         Reviewed by Anders Carlsson.
3264
3265         * bytecode/CodeBlock.cpp:
3266         * bytecode/CodeBlock.h:
3267
3268 2014-01-18  Andreas Kling  <akling@apple.com>
3269
3270         CodeBlock: Size m_exceptionHandlers to fit from creation.
3271         <https://webkit.org/b/127234>
3272
3273         Avoid allocation churn for CodeBlock::m_exceptionHandlers.
3274
3275         Reviewed by Anders Carlsson.
3276
3277         * bytecode/CodeBlock.h:
3278
3279             Removed unused CodeBlock::allocateHandlers() function.
3280
3281         * bytecode/CodeBlock.cpp:
3282         (JSC::CodeBlock::CodeBlock):
3283
3284             Use resizeToFit() instead of grow() for m_exceptionHandlers
3285             since we know it's never going to change size.
3286
3287         (JSC::CodeBlock::shrinkToFit):
3288
3289             No need to shrink m_exceptionHandlers here since it's already
3290             the perfect size.
3291
3292 2014-01-18  Mark Lam  <mark.lam@apple.com>
3293
3294         Add a hasBreakpointFlag arg to the op_debug bytecode.
3295         https://bugs.webkit.org/show_bug.cgi?id=127230.
3296
3297         Reviewed by Geoffrey Garen.
3298
3299         This is in anticipation of upcoming changes to support bytecode level
3300         breakpoints. This patch adds the flag to the op_debug bytecode and
3301         initializes it, but does not use it yet.
3302
3303         * bytecode/Opcode.h:
3304         (JSC::padOpcodeName):
3305         * bytecompiler/BytecodeGenerator.cpp:
3306         (JSC::BytecodeGenerator::emitDebugHook):
3307         * llint/LowLevelInterpreter.asm:
3308
3309 2014-01-18  Alberto Garcia  <berto@igalia.com>
3310
3311         JavaScriptCore uses PLATFORM(MAC) when it means OS(DARWIN)
3312         https://bugs.webkit.org/show_bug.cgi?id=99683
3313
3314         Reviewed by Anders Carlsson.
3315
3316         * jit/ThunkGenerators.cpp:
3317         * tools/CodeProfile.cpp:
3318         (JSC::symbolName):
3319         (JSC::CodeProfile::sample):
3320
3321 2014-01-18  Anders Carlsson  <andersca@apple.com>
3322
3323         Remove ENABLE_THREADED_HTML_PARSER defines everywhere
3324         https://bugs.webkit.org/show_bug.cgi?id=127225
3325
3326         Reviewed by Andreas Kling.
3327
3328         This concludes the removal of over 8.8 million lines of threaded parser code.
3329
3330         * Configurations/FeatureDefines.xcconfig:
3331
3332 2014-01-18  Mark Lam  <mark.lam@apple.com>
3333
3334         Adding UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()..
3335         https://bugs.webkit.org/show_bug.cgi?id=127127.
3336
3337         Reviewed by Geoffrey Garen.
3338
3339         In order to implement bytecode level breakpoints, we need a mechanism
3340         for computing the best fit op_debug bytecode offset for any valid given
3341         line and column value in the source. The "best fit" op_debug bytecode
3342         in this case is defined below in the comment for
3343         UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn().
3344
3345         * GNUmakefile.list.am:
3346         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
3347         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
3348         * JavaScriptCore.xcodeproj/project.pbxproj:
3349         * bytecode/CodeBlock.cpp:
3350         (JSC::CodeBlock::opDebugBytecodeOffsetForLineAndColumn):
3351         - Convert the line and column to unlinked line and column values and
3352           pass them to UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn()
3353           to do the real work.
3354
3355         * bytecode/CodeBlock.h:
3356         * bytecode/LineColumnInfo.h: Added.
3357         (JSC::LineColumnInfo::operator <):
3358         (JSC::LineColumnInfo::LineColumnPair::LineColumnPair):
3359         (JSC::LineColumnInfo::operator ==):
3360         (JSC::LineColumnInfo::operator !=):
3361         (JSC::LineColumnInfo::operator <=):
3362         (JSC::LineColumnInfo::operator >):
3363         (JSC::LineColumnInfo::operator >=):
3364         * bytecode/LineInfo.h: Removed.
3365
3366         * bytecode/UnlinkedCodeBlock.cpp:
3367         (JSC::UnlinkedCodeBlock::decodeExpressionRangeLineAndColumn):
3368         - Factored this out of expressionRangeForBytecodeOffset() so that it can
3369           be called from multiple places.
3370         (JSC::dumpLineColumnEntry):
3371         (JSC::UnlinkedCodeBlock::dumpExpressionRangeInfo):
3372         (JSC::UnlinkedCodeBlock::dumpOpDebugLineColumnInfoList):
3373         - Some dumpers for debugging use only.
3374         (JSC::UnlinkedCodeBlock::expressionRangeForBytecodeOffset):
3375         (JSC::UnlinkedCodeBlock::opDebugBytecodeOffsetForLineAndColumn):
3376         - Finds the earliest op_debug bytecode whose line and column matches the
3377           specified line and column values. If an exact match is not found, then
3378           finds the nearest op_debug bytecode that precedes the specified line
3379           and column values. If there are more than one op_debug at that preceding
3380           line and column value, then the earliest of those op_debug bytecodes will
3381           be be selected. The offset of the selected bytecode will be returned.
3382