Optimize own property GetByVals with rope string subscripts.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2014-09-02  Andreas Kling  <akling@apple.com>
2
3         Optimize own property GetByVals with rope string subscripts.
4         <https://webkit.org/b/136458>
5
6         For simple JSObjects that don't override getOwnPropertySlot to implement
7         custom properties, we have a fast path that grabs directly at the object
8         property storage.
9
10         Make this fast path even faster when the property name is an unresolved
11         rope string by using JSString::toExistingAtomicString(). This is faster
12         because it avoids allocating a new StringImpl if the string is already
13         a known Identifier, which is guaranteed to be the case if it's present
14         as an own property on the object.)
15
16         ~10% speed-up on Dromaeo/dom-attr.html
17
18         Reviewed by Geoffrey Garen.
19
20         * dfg/DFGOperations.cpp:
21         * jit/JITOperations.cpp:
22         (JSC::getByVal):
23         * llint/LLIntSlowPaths.cpp:
24         (JSC::LLInt::getByVal):
25
26             When using the fastGetOwnProperty() optimization, get the String
27             out of JSString by using toExistingAtomicString(). This avoids
28             StringImpl allocation and lets us bypass the PropertyTable lookup
29             entirely if no AtomicString is found.
30
31         * runtime/JSCell.h:
32         * runtime/JSCellInlines.h:
33         (JSC::JSCell::fastGetOwnProperty):
34
35             Make fastGetOwnProperty() take a PropertyName instead of a String.
36             This avoids churning the ref count, since we don't need to create
37             a temporary wrapper around the AtomicStringImpl* found in GetByVal.
38
39         * runtime/PropertyName.h:
40         (JSC::PropertyName::PropertyName):
41
42             Add constructor: PropertyName(AtomicStringImpl*)
43
44         * runtime/PropertyMapHashTable.h:
45         (JSC::PropertyTable::get):
46         (JSC::PropertyTable::findWithString): Deleted.
47         * runtime/Structure.h:
48         * runtime/StructureInlines.h:
49         (JSC::Structure::get):
50
51             Remove code for querying a PropertyTable with an unhashed string key
52             since the only client is now gone.
53
54 2014-09-02  Dániel Bátyai  <dbatyai.u-szeged@partner.samsung.com>
55
56         [ARM] MacroAssembler generating incorrect code on ARM32 Traditional
57         https://bugs.webkit.org/show_bug.cgi?id=136429
58
59         Reviewed by Csaba Osztrogonác.
60
61         Changed test32 to use tst to check if reg is zero, instead of cmp.
62
63         * assembler/MacroAssemblerARM.h:
64         (JSC::MacroAssemblerARM::test32):
65
66 2014-09-02  Michael Saboff  <msaboff@apple.com>
67
68         Out of bounds write in vmEntryToJavaScript / JSC::JITCode::execute
69         https://bugs.webkit.org/show_bug.cgi?id=136305
70
71         Reviewed by Filip Pizlo.
72
73         While preparing the callee's CallFrame, ProtoCallFrame fixes any arity mismatch
74         and then JITCode::execute() calls the normal entrypoint.  This is incompatible
75         with the expectation of FTL generated functions.  Changed ProtoCallFrame to not 
76         perform the arity fix, but just flag an arity mismatch.  now JITCode::execute()
77         uses that arity mismatch condition to select the normal or arity check
78         entrypoint.  The entrypoint selection is only done for functions, programs
79         and eval always have one parameter.
80
81         * interpreter/ProtoCallFrame.cpp:
82         (JSC::ProtoCallFrame::init): Changed to flag arity mismatch instead of fixing it.
83         * interpreter/ProtoCallFrame.h:
84         (JSC::ProtoCallFrame::needArityCheck): New boolean to signify what entrypoint
85         should be called.
86         * jit/JITCode.cpp:
87         (JSC::JITCode::execute): Select normal or arity check entrypoint as appropriate.
88
89 2014-09-02  peavo@outlook.com  <peavo@outlook.com>
90
91         [WinCairo] testapi.exe is not built.
92         https://bugs.webkit.org/show_bug.cgi?id=136369
93
94         Reviewed by Alex Christensen.
95
96         The testapi project should be of type Application.
97
98         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Change project type to Application.
99         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Ditto.
100         * JavaScriptCore.vcxproj/testapi/testapiCommonCFLite.props: Compile and link fix.
101         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Change project type to Application.
102
103 2014-09-01  Akos Kiss  <akiss@inf.u-szeged.hu>
104
105         [CMAKE] Add missing offlineasm dependencies
106         https://bugs.webkit.org/show_bug.cgi?id=136437
107
108         Reviewed by Csaba Osztrogonác.
109
110         Add the ARM64, MIPS and SH4 backends to the dependencies.
111
112         * CMakeLists.txt:
113
114 2014-09-01  Brian J. Burg  <burg@cs.washington.edu>
115
116         Provide column numbers to DTrace willExecute/didExecute probes
117         https://bugs.webkit.org/show_bug.cgi?id=136434
118
119         Reviewed by Antti Koivisto.
120
121         Provide the columnNumber and update stubs for !HAVE(DTRACE).
122
123         * profiler/ProfileGenerator.cpp:
124         (JSC::ProfileGenerator::willExecute):
125         (JSC::ProfileGenerator::didExecute):
126         * runtime/Tracing.d:
127         * runtime/Tracing.h:
128
129 2014-09-01  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
130
131         [CMAKE] Build warning by INTERFACE_LINK_LIBRARIES
132         https://bugs.webkit.org/show_bug.cgi?id=136194
133
134         Reviewed by Csaba Osztrogonác.
135
136         Set the LINK_INTERFACE_LIBRARIES target property on the top level CMakeLists.txt.
137
138         * CMakeLists.txt:
139
140 2014-08-26  Maciej Stachowiak  <mjs@apple.com>
141
142         Use RetainPtr::autorelease in some places where it seems appropriate
143         https://bugs.webkit.org/show_bug.cgi?id=136280
144
145         Reviewed by Darin Adler.
146
147         * API/JSContext.mm:
148         (-[JSContext name]): Use RetainPtr::autorelease() in place of ObjC autorelease.
149         * API/JSValue.mm:
150         (valueToString): Make appropriate use of RetainPtr
151
152 2014-08-29  Akos Kiss  <akiss@inf.u-szeged.hu>
153
154         Ensure that the call frame passed from doVMEntry to the called function always contains the valid scope chain.
155         https://bugs.webkit.org/show_bug.cgi?id=136391
156
157         Reviewed by Michael Saboff.
158
159         Do not rely on calling conventions to fill in the CallerFrame component
160         of the ExecState* parameter of the called function.
161
162         * llint/LowLevelInterpreter32_64.asm:
163         * llint/LowLevelInterpreter64.asm:
164
165 2014-08-29  Saam Barati  <sbarati@apple.com>
166
167         emit op_profile_type for deconstruction assignments
168         https://bugs.webkit.org/show_bug.cgi?id=136274
169
170         Reviewed by Filip Pizlo.
171
172         Enable type profiling for ES6 deconstruction expressions.
173
174         * bytecompiler/NodesCodegen.cpp:
175         (JSC::BindingNode::bindValue):
176
177 2014-08-29  Joseph Pecoraro  <pecoraro@apple.com>
178
179         JavaScriptCore: Use ASCIILiteral where possible
180         https://bugs.webkit.org/show_bug.cgi?id=136179
181
182         Reviewed by Michael Saboff.
183
184         General string / character related changes. Use ASCIILiteral where
185         possible, jsNontrivialString where possible, and replace string
186         literals with character literals in some places.
187
188         No new tests, no changes to functionality.
189
190         * bytecode/CodeBlock.cpp:
191         (JSC::CodeBlock::nameForRegister):
192         * bytecompiler/NodesCodegen.cpp:
193         (JSC::PostfixNode::emitBytecode):
194         (JSC::PrefixNode::emitBytecode):
195         (JSC::AssignErrorNode::emitBytecode):
196         (JSC::ForInNode::emitMultiLoopBytecode):
197         (JSC::ForOfNode::emitBytecode):
198         (JSC::ObjectPatternNode::toString):
199         * dfg/DFGFunctionWhitelist.cpp:
200         (JSC::DFG::FunctionWhitelist::contains):
201         * dfg/DFGOperations.cpp:
202         (JSC::DFG::newTypedArrayWithSize):
203         (JSC::DFG::newTypedArrayWithOneArgument):
204         * inspector/ConsoleMessage.cpp:
205         (Inspector::ConsoleMessage::addToFrontend):
206         * inspector/InspectorBackendDispatcher.cpp:
207         (Inspector::InspectorBackendDispatcher::dispatch):
208         * inspector/ScriptCallStackFactory.cpp:
209         (Inspector::extractSourceInformationFromException):
210         * inspector/scripts/codegen/generator_templates.py:
211         * interpreter/StackVisitor.cpp:
212         (JSC::StackVisitor::Frame::functionName):
213         (JSC::StackVisitor::Frame::sourceURL):
214         * jit/JITOperations.cpp:
215         * jsc.cpp:
216         (functionDescribeArray):
217         (functionRun):
218         (functionLoad):
219         (functionReadFile):
220         (functionCheckSyntax):
221         (functionTransferArrayBuffer):
222         (runWithScripts):
223         (runInteractive):
224         * parser/Lexer.cpp:
225         (JSC::Lexer<T>::invalidCharacterMessage):
226         (JSC::Lexer<T>::parseString):
227         (JSC::Lexer<T>::parseStringSlowCase):
228         (JSC::Lexer<T>::lex):
229         * profiler/Profile.cpp:
230         (JSC::Profile::Profile):
231         * runtime/Arguments.cpp:
232         (JSC::argumentsFuncIterator):
233         * runtime/ArrayPrototype.cpp:
234         (JSC::performSlowSort):
235         (JSC::arrayProtoFuncSort):
236         * runtime/ExceptionHelpers.cpp:
237         (JSC::createError):
238         (JSC::createInvalidParameterError):
239         (JSC::createNotAConstructorError):
240         (JSC::createNotAFunctionError):
241         (JSC::createNotAnObjectError):
242         (JSC::createErrorForInvalidGlobalAssignment):
243         * runtime/FunctionPrototype.cpp:
244         (JSC::insertSemicolonIfNeeded):
245         * runtime/JSArray.cpp:
246         (JSC::JSArray::defineOwnProperty):
247         (JSC::JSArray::pop):
248         (JSC::JSArray::push):
249         * runtime/JSArrayBufferConstructor.cpp:
250         (JSC::JSArrayBufferConstructor::finishCreation):
251         * runtime/JSArrayBufferPrototype.cpp:
252         (JSC::arrayBufferProtoFuncSlice):
253         * runtime/JSDataView.cpp:
254         (JSC::JSDataView::create):
255         * runtime/JSDataViewPrototype.cpp:
256         (JSC::getData):
257         (JSC::setData):
258         * runtime/JSGlobalObject.cpp:
259         (JSC::JSGlobalObject::reset):
260         * runtime/JSGlobalObjectFunctions.cpp:
261         (JSC::globalFuncProtoSetter):
262         * runtime/JSPromiseConstructor.cpp:
263         (JSC::JSPromiseConstructor::finishCreation):
264         * runtime/LiteralParser.cpp:
265         (JSC::LiteralParser<CharType>::Lexer::lex):
266         (JSC::LiteralParser<CharType>::Lexer::lexString):
267         (JSC::LiteralParser<CharType>::parse):
268         * runtime/LiteralParser.h:
269         (JSC::LiteralParser::getErrorMessage):
270         * runtime/TypeSet.cpp:
271         (JSC::TypeSet::seenTypes):
272         (JSC::TypeSet::displayName):
273         (JSC::TypeSet::allPrimitiveTypeNames):
274         (JSC::StructureShape::propertyHash):
275         (JSC::StructureShape::stringRepresentation):
276
277 2014-08-29  Csaba Osztrogonác  <ossy@webkit.org>
278
279         Unreviwed, remove empty directories.
280
281         * qt: Removed.
282
283 2014-08-28  Mark Lam  <mark.lam@apple.com>
284
285         DebuggerCallFrame::scope() should return a DebuggerScope.
286         <https://webkit.org/b/134420>
287
288         Reviewed by Geoffrey Garen.
289
290         Rolling back in r170680 with the fix for <https://webkit.org/b/135656>.
291
292         Previously, DebuggerCallFrame::scope() returns a JSActivation (and relevant
293         peers) which the WebInspector will use to introspect CallFrame variables.
294         Instead, we should be returning a DebuggerScope as an abstraction layer that
295         provides the introspection functionality that the WebInspector needs.  This
296         is the first step towards not forcing every frame to have a JSActivation
297         object just because the debugger is enabled.
298
299         1. Instantiate the debuggerScopeStructure as a member of the JSGlobalObject
300            instead of the VM.  This allows JSObject::globalObject() to be able to
301            return the global object for the DebuggerScope.
302
303         2. On the DebuggerScope's life-cycle management:
304
305            The DebuggerCallFrame is designed to be "valid" only during a debugging session
306            (while the debugger is broken) through the use of a DebuggerCallFrameScope in
307            Debugger::pauseIfNeeded().  Once the debugger resumes from the break, the
308            DebuggerCallFrameScope destructs, and the DebuggerCallFrame will be invalidated.
309            We can't guarantee (from this code alone) that the Inspector code isn't still
310            holding a ref to the DebuggerCallFrame (though they shouldn't), but by contract,
311            the frame will be invalidated, and any attempt to query it will return null values.
312            This is pre-existing behavior.
313
314            Now, we're adding the DebuggerScope into the picture.  While a single debugger
315            pause session is in progress, the Inspector may request the scope from the
316            DebuggerCallFrame.  While the DebuggerCallFrame is still valid, we want
317            DebuggerCallFrame::scope() to always return the same DebuggerScope object.
318            This is why we hold on to the DebuggerScope with a strong ref.
319
320            If we use a weak ref instead, the following cooky behavior can manifest:
321            1. The Inspector calls Debugger::scope() to get the top scope.
322            2. The Inspector iterates down the scope chain and is now only holding a
323               reference to a parent scope.  It is no longer referencing the top scope.
324            3. A GC occurs, and the DebuggerCallFrame's weak m_scope ref to the top scope
325               gets cleared.
326            4. The Inspector calls DebuggerCallFrame::scope() to get the top scope again but gets
327               a different DebuggerScope instance.
328            5. The Inspector iterates down the scope chain but never sees the parent scope
329               instance that retained a ref to in step 2 above.  This is because when iterating
330               this new DebuggerScope instance (which has no knowledge of the previous parent
331               DebuggerScope instance), a new DebuggerScope instance will get created for the
332               same parent scope. 
333
334            Since the DebuggerScope is a JSObject, its liveness is determined by its reachability.
335            However, its "validity" is determined by the life-cycle of its owner DebuggerCallFrame.
336            When the owner DebuggerCallFrame gets invalidated, its debugger scope chain (if
337            instantiated) will also get invalidated.  This is why we need the
338            DebuggerScope::invalidateChain() method.  The Inspector should not be using the
339            DebuggerScope instance after its owner DebuggerCallFrame is invalidated.  If it does,
340            those methods will do nothing or returned a failed status.
341
342         Fix for <https://webkit.org/b/135656>:
343         3. DebuggerScope::getOwnPropertySlot() and DebuggerScope::put() need to set
344            m_thisValue in the returned slot to the wrapped scope object.  Previously,
345            it was pointing to the DebuggerScope though the rest of the fields in the
346            returned slot will be set to data pertaining the wrapped scope object.
347
348         4. DebuggerScope::getOwnPropertySlot() will invoke getPropertySlot() on its
349            wrapped scope.  This is because JSObject::getPropertySlot() cannot be
350            overridden, and when called on a DebuggerScope, will not know to look in
351            the ptototype chain of the DebuggerScope's wrapped scope.  Hence, we'll
352            treat all properties in the wrapped scope as own properties in the
353            DebuggerScope.  This is fine because the WebInspector does not presently
354            care about where in the prototype chain the scope property comes from.
355
356            Note that the DebuggerScope and the JSActivation objects that it wraps do
357            not have prototypes.  They are always jsNull().  This works perfectly with
358            the above change to use getPropertySlot() instead of getOwnPropertySlot().
359            To make this an explicit invariant, I also changed DebuggerScope::createStructure()
360            and JSActivation::createStructure() to not take a prototype argument, and
361            to always use jsNull() for their prototype value.
362
363         * debugger/Debugger.h:
364         * debugger/DebuggerCallFrame.cpp:
365         (JSC::DebuggerCallFrame::scope):
366         (JSC::DebuggerCallFrame::evaluate):
367         (JSC::DebuggerCallFrame::invalidate):
368         * debugger/DebuggerCallFrame.h:
369         * debugger/DebuggerScope.cpp:
370         (JSC::DebuggerScope::DebuggerScope):
371         (JSC::DebuggerScope::finishCreation):
372         (JSC::DebuggerScope::visitChildren):
373         (JSC::DebuggerScope::className):
374         (JSC::DebuggerScope::getOwnPropertySlot):
375         (JSC::DebuggerScope::put):
376         (JSC::DebuggerScope::deleteProperty):
377         (JSC::DebuggerScope::getOwnPropertyNames):
378         (JSC::DebuggerScope::defineOwnProperty):
379         (JSC::DebuggerScope::next):
380         (JSC::DebuggerScope::invalidateChain):
381         (JSC::DebuggerScope::isWithScope):
382         (JSC::DebuggerScope::isGlobalScope):
383         (JSC::DebuggerScope::isFunctionOrEvalScope):
384         * debugger/DebuggerScope.h:
385         (JSC::DebuggerScope::create):
386         (JSC::DebuggerScope::createStructure):
387         (JSC::DebuggerScope::iterator::iterator):
388         (JSC::DebuggerScope::iterator::get):
389         (JSC::DebuggerScope::iterator::operator++):
390         (JSC::DebuggerScope::iterator::operator==):
391         (JSC::DebuggerScope::iterator::operator!=):
392         (JSC::DebuggerScope::isValid):
393         (JSC::DebuggerScope::jsScope):
394         (JSC::DebuggerScope::begin):
395         (JSC::DebuggerScope::end):
396         * inspector/JSJavaScriptCallFrame.cpp:
397         (Inspector::JSJavaScriptCallFrame::scopeType):
398         (Inspector::JSJavaScriptCallFrame::scopeChain):
399         * inspector/JavaScriptCallFrame.h:
400         (Inspector::JavaScriptCallFrame::scopeChain):
401         * inspector/ScriptDebugServer.cpp:
402         * runtime/JSActivation.h:
403         (JSC::JSActivation::createStructure):
404         * runtime/JSGlobalObject.cpp:
405         (JSC::JSGlobalObject::reset):
406         (JSC::JSGlobalObject::visitChildren):
407         * runtime/JSGlobalObject.h:
408         (JSC::JSGlobalObject::debuggerScopeStructure):
409         * runtime/JSObject.cpp:
410         * runtime/JSObject.h:
411         (JSC::JSObject::isWithScope):
412         * runtime/JSScope.h:
413         * runtime/PropertySlot.h:
414         (JSC::PropertySlot::setThisValue):
415         * runtime/PutPropertySlot.h:
416         (JSC::PutPropertySlot::setThisValue):
417         * runtime/VM.cpp:
418         (JSC::VM::VM):
419         * runtime/VM.h:
420
421 2014-08-28  Andreas Kling  <akling@apple.com>
422
423         Use JSString::toIdentifier() in more places.
424         <https://webkit.org/b/136348>
425
426         Call sites that grab the WTF::String from a JSString using value() can
427         use the more efficient toIdentifier() if the string is going to be used
428         to construct an Identifier.
429
430         If the JSString is a rope that resolves to something that is already
431         present in the VM's Identifier table, using toIdentifier() can avoid
432         allocating a new StringImpl.
433
434         Reviewed by Geoffrey Garen.
435
436         * jit/JITOperations.cpp:
437         * llint/LLIntSlowPaths.cpp:
438         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
439         * runtime/CommonSlowPaths.cpp:
440         (JSC::SLOW_PATH_DECL):
441         * runtime/CommonSlowPaths.h:
442         (JSC::CommonSlowPaths::opIn):
443         * runtime/JSONObject.cpp:
444         (JSC::Stringifier::Stringifier):
445         * runtime/ObjectConstructor.cpp:
446         (JSC::objectConstructorGetOwnPropertyDescriptor):
447         (JSC::objectConstructorDefineProperty):
448         * runtime/ObjectPrototype.cpp:
449         (JSC::objectProtoFuncPropertyIsEnumerable):
450
451 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
452
453         DFG should compute immediate dominators using the O(n log n) form of Lengauer and Tarjan's "A Fast Algorithm for Finding Dominators in a Flowgraph"
454         https://bugs.webkit.org/show_bug.cgi?id=93361
455
456         Reviewed by Mark Hahnenberg.
457         
458         This patch also adds some new utilities for reasoning about block-keyed maps, block sets,
459         and block worklists. It changes preexisting code to use these abstractions.
460         
461         The main effect of this code is that all current clients of dominators end up using the
462         results of the new idom calculation. We convert the dom tree to a dominance test using
463         Dietz's pre/post number range check trick.
464
465         * CMakeLists.txt:
466         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
467         * JavaScriptCore.xcodeproj/project.pbxproj:
468         * dfg/DFGAnalysis.h:
469         (JSC::DFG::Analysis::computeIfNecessary):
470         (JSC::DFG::Analysis::computeDependencies):
471         * dfg/DFGBlockMap.h: Added.
472         (JSC::DFG::BlockMap::BlockMap):
473         (JSC::DFG::BlockMap::size):
474         (JSC::DFG::BlockMap::atIndex):
475         (JSC::DFG::BlockMap::operator[]):
476         * dfg/DFGBlockMapInlines.h: Added.
477         (JSC::DFG::BlockMap<T>::BlockMap):
478         * dfg/DFGBlockSet.h: Added.
479         (JSC::DFG::BlockSet::BlockSet):
480         (JSC::DFG::BlockSet::add):
481         (JSC::DFG::BlockSet::contains):
482         * dfg/DFGBlockWorklist.cpp: Added.
483         (JSC::DFG::BlockWorklist::BlockWorklist):
484         (JSC::DFG::BlockWorklist::~BlockWorklist):
485         (JSC::DFG::BlockWorklist::push):
486         (JSC::DFG::BlockWorklist::pop):
487         (JSC::DFG::PostOrderBlockWorklist::PostOrderBlockWorklist):
488         (JSC::DFG::PostOrderBlockWorklist::~PostOrderBlockWorklist):
489         (JSC::DFG::PostOrderBlockWorklist::pushPre):
490         (JSC::DFG::PostOrderBlockWorklist::pushPost):
491         (JSC::DFG::PostOrderBlockWorklist::pop):
492         * dfg/DFGBlockWorklist.h: Added.
493         (JSC::DFG::BlockWorklist::notEmpty):
494         (JSC::DFG::BlockWith::BlockWith):
495         (JSC::DFG::BlockWith::operator UnspecifiedBoolType*):
496         (JSC::DFG::ExtendedBlockWorklist::ExtendedBlockWorklist):
497         (JSC::DFG::ExtendedBlockWorklist::forcePush):
498         (JSC::DFG::ExtendedBlockWorklist::push):
499         (JSC::DFG::ExtendedBlockWorklist::notEmpty):
500         (JSC::DFG::ExtendedBlockWorklist::pop):
501         (JSC::DFG::BlockWithOrder::BlockWithOrder):
502         (JSC::DFG::BlockWithOrder::operator UnspecifiedBoolType*):
503         (JSC::DFG::PostOrderBlockWorklist::push):
504         (JSC::DFG::PostOrderBlockWorklist::notEmpty):
505         * dfg/DFGCSEPhase.cpp:
506         * dfg/DFGDominators.cpp:
507         (JSC::DFG::Dominators::compute):
508         (JSC::DFG::Dominators::naiveDominates):
509         (JSC::DFG::Dominators::dump):
510         (JSC::DFG::Dominators::pruneDominators): Deleted.
511         * dfg/DFGDominators.h:
512         (JSC::DFG::Dominators::strictlyDominates):
513         (JSC::DFG::Dominators::dominates):
514         (JSC::DFG::Dominators::BlockData::BlockData):
515         * dfg/DFGGraph.cpp:
516         (JSC::DFG::Graph::dumpBlockHeader):
517         (JSC::DFG::Graph::getBlocksInPreOrder):
518         (JSC::DFG::Graph::getBlocksInPostOrder):
519         * dfg/DFGInvalidationPointInjectionPhase.cpp:
520         (JSC::DFG::InvalidationPointInjectionPhase::run):
521         * dfg/DFGNaiveDominators.cpp: Added.
522         (JSC::DFG::NaiveDominators::NaiveDominators):
523         (JSC::DFG::NaiveDominators::~NaiveDominators):
524         (JSC::DFG::NaiveDominators::compute):
525         (JSC::DFG::NaiveDominators::pruneDominators):
526         (JSC::DFG::NaiveDominators::dump):
527         * dfg/DFGNaiveDominators.h: Added.
528         (JSC::DFG::NaiveDominators::dominates):
529         * dfg/DFGNaturalLoops.cpp:
530         (JSC::DFG::NaturalLoops::computeDependencies):
531         (JSC::DFG::NaturalLoops::compute):
532         * dfg/DFGNaturalLoops.h:
533
534 2014-08-27  Filip Pizlo  <fpizlo@apple.com>
535
536         FTL should be able to do polymorphic call inlining
537         https://bugs.webkit.org/show_bug.cgi?id=135145
538
539         Reviewed by Geoffrey Garen.
540         
541         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
542         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
543         inlining sites use the call edge profile if it is available, but they will still fall back
544         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
545         multiple possible callees can be inlined with a switch to guard them. The slow path may
546         either be an OSR exit or a virtual call.
547         
548         The call edge profiling added in this patch is very precise - it will tell you about every
549         call that has ever happened. It took some effort to reduce the overhead of this profiling.
550         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
551         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
552         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
553         I also experimented with reducing the precision of the profiling. This led to a significant
554         reduction in the speed-up, so I avoided this approach. I also explored making log processing
555         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
556         found that most of the overhead of this profiling is actually in putting things into the log
557         rather than in processing the log - that part appears to be surprisingly cheap.
558         
559         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
560         and if we guarded such inlining sites with some profiling mechanism to detect
561         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
562         it's actually monomorphic).
563         
564         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
565         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
566         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
567         highlighting the increase in profiling overhead. But since this doesn't show up on any major
568         score (code-load or SunSpider), it's probably not relevant.
569         
570         Relanding after fixing debug assertions in fast/storage/serialized-script-value.html.
571
572         * CMakeLists.txt:
573         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
574         * JavaScriptCore.xcodeproj/project.pbxproj:
575         * bytecode/CallEdge.cpp: Added.
576         (JSC::CallEdge::dump):
577         * bytecode/CallEdge.h: Added.
578         (JSC::CallEdge::operator!):
579         (JSC::CallEdge::callee):
580         (JSC::CallEdge::count):
581         (JSC::CallEdge::despecifiedClosure):
582         (JSC::CallEdge::CallEdge):
583         * bytecode/CallEdgeProfile.cpp: Added.
584         (JSC::CallEdgeProfile::callEdges):
585         (JSC::CallEdgeProfile::numCallsToKnownCells):
586         (JSC::worthDespecifying):
587         (JSC::CallEdgeProfile::worthDespecifying):
588         (JSC::CallEdgeProfile::visitWeak):
589         (JSC::CallEdgeProfile::addSlow):
590         (JSC::CallEdgeProfile::mergeBack):
591         (JSC::CallEdgeProfile::fadeByHalf):
592         (JSC::CallEdgeLog::CallEdgeLog):
593         (JSC::CallEdgeLog::~CallEdgeLog):
594         (JSC::CallEdgeLog::isEnabled):
595         (JSC::operationProcessCallEdgeLog):
596         (JSC::CallEdgeLog::emitLogCode):
597         (JSC::CallEdgeLog::processLog):
598         * bytecode/CallEdgeProfile.h: Added.
599         (JSC::CallEdgeProfile::numCallsToNotCell):
600         (JSC::CallEdgeProfile::numCallsToUnknownCell):
601         (JSC::CallEdgeProfile::totalCalls):
602         * bytecode/CallEdgeProfileInlines.h: Added.
603         (JSC::CallEdgeProfile::CallEdgeProfile):
604         (JSC::CallEdgeProfile::add):
605         * bytecode/CallLinkInfo.cpp:
606         (JSC::CallLinkInfo::visitWeak):
607         * bytecode/CallLinkInfo.h:
608         * bytecode/CallLinkStatus.cpp:
609         (JSC::CallLinkStatus::CallLinkStatus):
610         (JSC::CallLinkStatus::computeFromLLInt):
611         (JSC::CallLinkStatus::computeFor):
612         (JSC::CallLinkStatus::computeExitSiteData):
613         (JSC::CallLinkStatus::computeFromCallLinkInfo):
614         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
615         (JSC::CallLinkStatus::computeDFGStatuses):
616         (JSC::CallLinkStatus::isClosureCall):
617         (JSC::CallLinkStatus::makeClosureCall):
618         (JSC::CallLinkStatus::dump):
619         (JSC::CallLinkStatus::function): Deleted.
620         (JSC::CallLinkStatus::internalFunction): Deleted.
621         (JSC::CallLinkStatus::intrinsicFor): Deleted.
622         * bytecode/CallLinkStatus.h:
623         (JSC::CallLinkStatus::CallLinkStatus):
624         (JSC::CallLinkStatus::isSet):
625         (JSC::CallLinkStatus::couldTakeSlowPath):
626         (JSC::CallLinkStatus::edges):
627         (JSC::CallLinkStatus::size):
628         (JSC::CallLinkStatus::at):
629         (JSC::CallLinkStatus::operator[]):
630         (JSC::CallLinkStatus::canOptimize):
631         (JSC::CallLinkStatus::canTrustCounts):
632         (JSC::CallLinkStatus::isClosureCall): Deleted.
633         (JSC::CallLinkStatus::callTarget): Deleted.
634         (JSC::CallLinkStatus::executable): Deleted.
635         (JSC::CallLinkStatus::makeClosureCall): Deleted.
636         * bytecode/CallVariant.cpp: Added.
637         (JSC::CallVariant::dump):
638         * bytecode/CallVariant.h: Added.
639         (JSC::CallVariant::CallVariant):
640         (JSC::CallVariant::operator!):
641         (JSC::CallVariant::despecifiedClosure):
642         (JSC::CallVariant::rawCalleeCell):
643         (JSC::CallVariant::internalFunction):
644         (JSC::CallVariant::function):
645         (JSC::CallVariant::isClosureCall):
646         (JSC::CallVariant::executable):
647         (JSC::CallVariant::nonExecutableCallee):
648         (JSC::CallVariant::intrinsicFor):
649         (JSC::CallVariant::functionExecutable):
650         (JSC::CallVariant::isHashTableDeletedValue):
651         (JSC::CallVariant::operator==):
652         (JSC::CallVariant::operator!=):
653         (JSC::CallVariant::operator<):
654         (JSC::CallVariant::operator>):
655         (JSC::CallVariant::operator<=):
656         (JSC::CallVariant::operator>=):
657         (JSC::CallVariant::hash):
658         (JSC::CallVariant::deletedToken):
659         (JSC::CallVariantHash::hash):
660         (JSC::CallVariantHash::equal):
661         * bytecode/CodeOrigin.h:
662         (JSC::InlineCallFrame::isNormalCall):
663         * bytecode/ExitKind.cpp:
664         (JSC::exitKindToString):
665         * bytecode/ExitKind.h:
666         * bytecode/GetByIdStatus.cpp:
667         (JSC::GetByIdStatus::computeForStubInfo):
668         * bytecode/PutByIdStatus.cpp:
669         (JSC::PutByIdStatus::computeForStubInfo):
670         * dfg/DFGAbstractInterpreterInlines.h:
671         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
672         * dfg/DFGBackwardsPropagationPhase.cpp:
673         (JSC::DFG::BackwardsPropagationPhase::propagate):
674         * dfg/DFGBasicBlock.cpp:
675         (JSC::DFG::BasicBlock::~BasicBlock):
676         * dfg/DFGBasicBlock.h:
677         (JSC::DFG::BasicBlock::takeLast):
678         (JSC::DFG::BasicBlock::didLink):
679         * dfg/DFGByteCodeParser.cpp:
680         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
681         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
682         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
683         (JSC::DFG::ByteCodeParser::addCall):
684         (JSC::DFG::ByteCodeParser::handleCall):
685         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
686         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
687         (JSC::DFG::ByteCodeParser::inliningCost):
688         (JSC::DFG::ByteCodeParser::inlineCall):
689         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
690         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
691         (JSC::DFG::ByteCodeParser::handleInlining):
692         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
693         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
694         (JSC::DFG::ByteCodeParser::clearCaches):
695         (JSC::DFG::ByteCodeParser::parseBlock):
696         (JSC::DFG::ByteCodeParser::linkBlock):
697         (JSC::DFG::ByteCodeParser::linkBlocks):
698         (JSC::DFG::ByteCodeParser::parseCodeBlock):
699         * dfg/DFGCPSRethreadingPhase.cpp:
700         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
701         * dfg/DFGClobberize.h:
702         (JSC::DFG::clobberize):
703         * dfg/DFGCommon.h:
704         * dfg/DFGConstantFoldingPhase.cpp:
705         (JSC::DFG::ConstantFoldingPhase::foldConstants):
706         * dfg/DFGDoesGC.cpp:
707         (JSC::DFG::doesGC):
708         * dfg/DFGDriver.cpp:
709         (JSC::DFG::compileImpl):
710         * dfg/DFGFixupPhase.cpp:
711         (JSC::DFG::FixupPhase::fixupNode):
712         * dfg/DFGGraph.cpp:
713         (JSC::DFG::Graph::dump):
714         (JSC::DFG::Graph::getBlocksInPreOrder):
715         (JSC::DFG::Graph::visitChildren):
716         * dfg/DFGJITCompiler.cpp:
717         (JSC::DFG::JITCompiler::link):
718         * dfg/DFGLazyJSValue.cpp:
719         (JSC::DFG::LazyJSValue::switchLookupValue):
720         * dfg/DFGLazyJSValue.h:
721         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
722         * dfg/DFGNode.cpp:
723         (WTF::printInternal):
724         * dfg/DFGNode.h:
725         (JSC::DFG::OpInfo::OpInfo):
726         (JSC::DFG::Node::hasHeapPrediction):
727         (JSC::DFG::Node::hasCellOperand):
728         (JSC::DFG::Node::cellOperand):
729         (JSC::DFG::Node::setCellOperand):
730         (JSC::DFG::Node::canBeKnownFunction): Deleted.
731         (JSC::DFG::Node::hasKnownFunction): Deleted.
732         (JSC::DFG::Node::knownFunction): Deleted.
733         (JSC::DFG::Node::giveKnownFunction): Deleted.
734         (JSC::DFG::Node::hasFunction): Deleted.
735         (JSC::DFG::Node::function): Deleted.
736         (JSC::DFG::Node::hasExecutable): Deleted.
737         (JSC::DFG::Node::executable): Deleted.
738         * dfg/DFGNodeType.h:
739         * dfg/DFGPhantomCanonicalizationPhase.cpp:
740         (JSC::DFG::PhantomCanonicalizationPhase::run):
741         * dfg/DFGPhantomRemovalPhase.cpp:
742         (JSC::DFG::PhantomRemovalPhase::run):
743         * dfg/DFGPredictionPropagationPhase.cpp:
744         (JSC::DFG::PredictionPropagationPhase::propagate):
745         * dfg/DFGSafeToExecute.h:
746         (JSC::DFG::safeToExecute):
747         * dfg/DFGSpeculativeJIT.cpp:
748         (JSC::DFG::SpeculativeJIT::emitSwitch):
749         * dfg/DFGSpeculativeJIT32_64.cpp:
750         (JSC::DFG::SpeculativeJIT::emitCall):
751         (JSC::DFG::SpeculativeJIT::compile):
752         * dfg/DFGSpeculativeJIT64.cpp:
753         (JSC::DFG::SpeculativeJIT::emitCall):
754         (JSC::DFG::SpeculativeJIT::compile):
755         * dfg/DFGStructureRegistrationPhase.cpp:
756         (JSC::DFG::StructureRegistrationPhase::run):
757         * dfg/DFGTierUpCheckInjectionPhase.cpp:
758         (JSC::DFG::TierUpCheckInjectionPhase::run):
759         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
760         * dfg/DFGValidate.cpp:
761         (JSC::DFG::Validate::validate):
762         * dfg/DFGWatchpointCollectionPhase.cpp:
763         (JSC::DFG::WatchpointCollectionPhase::handle):
764         * ftl/FTLCapabilities.cpp:
765         (JSC::FTL::canCompile):
766         * ftl/FTLLowerDFGToLLVM.cpp:
767         (JSC::FTL::ftlUnreachable):
768         (JSC::FTL::LowerDFGToLLVM::lower):
769         (JSC::FTL::LowerDFGToLLVM::compileNode):
770         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
771         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
772         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
773         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
774         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
775         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
776         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
777         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
778         * heap/Heap.cpp:
779         (JSC::Heap::collect):
780         * jit/AssemblyHelpers.h:
781         (JSC::AssemblyHelpers::storeValue):
782         (JSC::AssemblyHelpers::loadValue):
783         * jit/CCallHelpers.h:
784         (JSC::CCallHelpers::setupArguments):
785         * jit/GPRInfo.h:
786         (JSC::JSValueRegs::uses):
787         * jit/JITCall.cpp:
788         (JSC::JIT::compileOpCall):
789         * jit/JITCall32_64.cpp:
790         (JSC::JIT::compileOpCall):
791         * runtime/Options.h:
792         * runtime/VM.cpp:
793         (JSC::VM::ensureCallEdgeLog):
794         * runtime/VM.h:
795         * tests/stress/fold-profiled-call-to-call.js: Added. This test pinpoints the problem we saw in fast/storage/serialized-script-value.html.
796         * tests/stress/new-array-then-exit.js: Added.
797         * tests/stress/poly-call-exit-this.js: Added.
798         * tests/stress/poly-call-exit.js: Added.
799
800 2014-08-28  Julien Brianceau   <jbriance@cisco.com>
801
802         Correct GC length unit and prevent division by 0 in showObjectStatistics.
803         https://bugs.webkit.org/show_bug.cgi?id=136340
804
805         Reviewed by Mark Hahnenberg.
806
807         * heap/HeapStatistics.cpp:
808         (JSC::HeapStatistics::showObjectStatistics):
809
810 2014-08-27  Akos Kiss  <akiss@inf.u-szeged.hu>
811
812         Ensure that the call frame passed from JIT code via JSC::operationCallEval to JSC::eval always contains the valid scope chain.
813         https://bugs.webkit.org/show_bug.cgi?id=136313
814
815         Reviewed by Michael Saboff.
816
817         Do not rely on calling conventions to fill in the CallerFrame component
818         of the execCallee parameter of JSC::operationCallEval.
819
820         * jit/JITOperations.cpp:
821
822 2014-08-27  Saam Barati  <sbarati@apple.com>
823
824         Deconstruction object pattern node emits the wrong start/end text positions
825         https://bugs.webkit.org/show_bug.cgi?id=136304
826
827         Reviewed by Geoffrey Garen.
828
829         Object pattern nodes that used the syntactic sugar binding: 
830         'var {foo} = {foo:20}' instead of 'var {foo:foo} = {foo:20}' 
831         would get the wrong text position for variable 'foo'. The position 
832         would be placed on the comma(s)/closing brace instead of the identifier. 
833         This patch fixes this bug by caching the identifier's JSToken before 
834         trying to parse an optional colon.
835
836         * parser/Parser.cpp:
837         (JSC::Parser<LexerType>::parseVarDeclarationList):
838         (JSC::Parser<LexerType>::createBindingPattern):
839         (JSC::Parser<LexerType>::parseDeconstructionPattern):
840         * parser/Parser.h:
841
842 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
843
844         [Win] Build fix after last commit.
845
846         Check in new DLLLauncherMain.cpp file.
847
848         * JavaScriptCore.vcxproj/jsc/DLLLauncherMain.cpp: Added.
849         (enableTerminationOnHeapCorruption):
850         (getStringValue):
851         (applePathFromRegistry):
852         (appleApplicationSupportDirectory):
853         (copyEnvironmentVariable):
854         (prependPath):
855         (fatalError):
856         (directoryExists):
857         (modifyPath):
858         (getLastErrorString):
859         (wWinMain):
860
861 2014-08-27  Brent Fulgham  <bfulgham@apple.com>
862
863         [Win] testapi and testRegExp need to find support libraries.
864         https://bugs.webkit.org/show_bug.cgi?id=136008.
865
866         Reviewed by Dean Jackson.
867
868         Revise the Windows build of jsc, testapi, and testRegExp so that they
869         find and use the proper runtime support libraries.
870
871         These locations vary between the Apple Windows build and WinCairo, and
872         are generally not in the system PATH environment setting. Consequently,
873         these applications fail on launch unless the user modifies their
874         PATH.
875
876         This patch revises these tools to work like WinLauncher and DumpRenderTree
877         so that they run reliably.
878
879         * API/tests/testapi.c:
880         (dllLauncherEntryPoint): Added.
881         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Add new build projects and
882           provide proper dependencies with existing projects.
883         * JavaScriptCore.vcxproj/JavaScriptCore.submit.sln: Ditto.
884         * JavaScriptCore.vcxproj/jsc/jsc.vcxproj: Switch to build
885           a DLL, rather than an executable.
886         * JavaScriptCore.vcxproj/jsc/jscCommon.props: Add shlwapi.lib
887           to the list of libraries needed at link-time, and to use
888           the DLL/Console combination entry point.
889         * JavaScriptCore.vcxproj/jsc/jscLauncher.vcxproj: Added.
890         * JavaScriptCore.vcxproj/jsc/jscLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd.
891         * JavaScriptCore.vcxproj/jsc/jscLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPreBuild.cmd.
892         * JavaScriptCore.vcxproj/jsc/jscLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/jsc/jscPreLink.cmd.
893         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Switch to build
894           a DLL, rather than an executable.
895         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Add shlwapi.lib
896           to the list of libraries needed at link-time, and to use
897           the DLL/Console combination entry point.
898         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncher.vcxproj: Added.
899         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd.
900         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd.
901         * JavaScriptCore.vcxproj/testRegExp/testRegExpLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd.
902         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Switch to build
903           a DLL, rather than an executable.
904         * JavaScriptCore.vcxproj/testapi/testapiLauncher.vcxproj: Added.
905         * JavaScriptCore.vcxproj/testapi/testapiCommon.props: Add shlwapi.lib
906           to the list of libraries needed at link-time, and to use
907           the DLL/Console combination entry point.
908         * JavaScriptCore.vcxproj/testapi/testapiLauncherPostBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd.
909         * JavaScriptCore.vcxproj/testapi/testapiLauncherPreBuild.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd.
910         * JavaScriptCore.vcxproj/testapi/testapiLauncherPreLink.cmd: Copied from JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd.
911         * jsc.cpp:
912         (dllLauncherEntryPoint): Added.
913         * testRegExp.cpp:
914         (dllLauncherEntryPoint): Added.
915
916 2014-08-27  Julien Brianceau   <jbriance@cisco.com>
917
918         Take advantage of 3 parameters or32() calls
919         https://bugs.webkit.org/show_bug.cgi?id=136287
920
921         Reviewed by Michael Saboff.
922
923         For specific architectures (arm and mips for instance), or32() calls
924         with 3 parameters are likely to produce a single instruction.
925
926         * dfg/DFGSpeculativeJIT32_64.cpp:
927         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
928         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
929         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
930         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
931         (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
932         (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
933         (JSC::DFG::SpeculativeJIT::branchIsOther):
934         (JSC::DFG::SpeculativeJIT::branchNotOther):
935
936 2014-08-26  Brian J. Burg  <burg@cs.washington.edu>
937
938         Web Inspector: put feature flags for Inspector domains in the protocol specification
939         https://bugs.webkit.org/show_bug.cgi?id=136027
940
941         Reviewed by Timothy Hatcher.
942
943         Remove the hardcoded map of domains to feature guards, and instead parse it from the specification.
944
945         Test: inspector/scripts/tests/generate-domains-with-feature-guards.json
946
947         * inspector/scripts/codegen/generator.py:
948         (Generator.wrap_with_guard_for_domain):
949         * inspector/scripts/codegen/models.py:
950         (Protocol.parse_domain):
951         (Domain.__init__):
952         (Domains):
953         * inspector/scripts/tests/generate-domains-with-feature-guards.json: Added.
954         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
955         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
956         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
957         * inspector/scripts/tests/expected/generate-domains-with-feature-guards.json-result:
958         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
959
960 2014-08-26  Andy Estes  <aestes@apple.com>
961
962         [Cocoa] Some projects are incorrectly installed to $BUILT_PRODUCTS_DIR
963         https://bugs.webkit.org/show_bug.cgi?id=136267
964
965         Reviewed by Dan Bernstein.
966
967         INSTALL_PATH was set to $BUILT_PRODUCTS_DIR for engineering configurations in r20225 as part of a build fix.
968         Not only is this no longer necessary to build, but it causes built products to be incorrectly installed in
969         engineering configurations.
970
971         Remove the setting of INSTALL_PATH from the pbxproj file so that the value specified in the xcconfig files is
972         used instead.
973
974         * JavaScriptCore.xcodeproj/project.pbxproj:
975
976 2014-08-26  Michael Saboff  <msaboff@apple.com>
977
978         [Win] 64-bit JavaScriptCore crashes on launch
979         https://bugs.webkit.org/show_bug.cgi?id=136241
980
981         Reviewed by Mark Lam.
982
983         * llint/LowLevelInterpreter.asm:
984         (vmEntryRecord): X86_64_WIN doesn't use "a0" (rax) for the first argument, it uses
985         "t2" (rcx).  Changed to get the input parameter using the correct register.
986
987 2014-08-26  Saam Barati  <sbarati@apple.com>
988
989         TypeSet caches structureIDs even after the corresponding Structure could be GCed
990         https://bugs.webkit.org/show_bug.cgi?id=136178
991
992         Reviewed by Geoffrey Garen.
993
994         Currently, TypeSet will never remove StructureIDs from its cache,
995         even after the corresponding Structures could be garbage collected.
996         Now, when the Garbage Collector collects, and type profiling is 
997         enabled, the Garbage Collector will invalidate all TypeSet caches.
998
999         * heap/Heap.cpp:
1000         (JSC::Heap::collect):
1001         * runtime/TypeSet.cpp:
1002         (JSC::TypeSet::addTypeInformation):
1003         (JSC::TypeSet::invalidateCache):
1004         * runtime/TypeSet.h:
1005         * runtime/VM.cpp:
1006         (JSC::VM::invalidateTypeSetCache):
1007         * runtime/VM.h:
1008
1009 2014-08-26  Michael Saboff  <msaboff@apple.com>
1010
1011         REGRESSION(r172794) + 32Bit build: for-in-base-reassigned-later-and-change-structure.js fail with NaN result
1012         https://bugs.webkit.org/show_bug.cgi?id=136187
1013
1014         Reviewed by Mark Hahnenberg.
1015
1016         Added two arg version for 32 bit builds of callOperation(J_JITOperation_ECJ, ...) that
1017         doesn't require a tag for the second argument, instead it fills in a CellTag.  This is
1018         used for the slow case of the GetDirectPname case in SpeculativeJIT::compile since we
1019         haven't set up a register with a tag and we know that argument 2 is a cell.
1020
1021         * dfg/DFGSpeculativeJIT.h:
1022         (JSC::DFG::SpeculativeJIT::callOperation): New version with implicit CellTag.
1023         * dfg/DFGSpeculativeJIT32_64.cpp:
1024         (JSC::DFG::SpeculativeJIT::compile): Eliminated extraneous filling of the scratchGPR
1025         with CellTag as it wasn't in the control flow for the slow path that needed the tag.
1026         Instead changed to calling new version of callOperation with an implicit CellTag.
1027
1028 2014-08-26  Commit Queue  <commit-queue@webkit.org>
1029
1030         Unreviewed, rolling out r172940.
1031         https://bugs.webkit.org/show_bug.cgi?id=136256
1032
1033         Caused assertions on fast/storage/serialized-script-
1034         value.html, and possibly flakiness on more tests (Requested by
1035         ap on #webkit).
1036
1037         Reverted changeset:
1038
1039         "FTL should be able to do polymorphic call inlining"
1040         https://bugs.webkit.org/show_bug.cgi?id=135145
1041         http://trac.webkit.org/changeset/172940
1042
1043 2014-08-26  Michael Saboff  <msaboff@apple.com>
1044
1045         REGRESSION(r172794) + 32Bit build: ASSERT failures in for-in-tests.js tests.
1046         https://bugs.webkit.org/show_bug.cgi?id=136165
1047
1048         Reviewed by Mark Hahnenberg.
1049
1050         Changed switch case GetDirectPname: to always use the slow path for X86 since it only has
1051         6 registers available, but the code requires 7.
1052
1053         * dfg/DFGSpeculativeJIT32_64.cpp:
1054         (JSC::DFG::SpeculativeJIT::compile):
1055
1056 2014-08-25  Saam Barati  <sbarati@apple.com>
1057
1058         TypeProfiler search breaks on return statements
1059         https://bugs.webkit.org/show_bug.cgi?id=136201
1060
1061         Reviewed by Filip Pizlo.
1062
1063         Searching for return statements in the TypeProfiler currently 
1064         breaks down because it expected to see the search descriptor 
1065         TypeProfilerSearchDescriptorFunctionReturn when looking for 
1066         return statements in the actual source code of the program. 
1067         But, TypeProfilerSearchDescriptorFunctionReturn search descriptor 
1068         is reserved for looking for return statements that aren't in the 
1069         actual source code of the program, but when asking for the 
1070         aggregate return type of a function. Now, searching for 
1071         return statements in the actual source code of the program will 
1072         work when passing in the search descriptor TypeProfilerSearchDescriptorNormal.  
1073
1074         * bytecode/CodeBlock.cpp:
1075         (JSC::CodeBlock::CodeBlock):
1076         * runtime/TypeProfiler.cpp:
1077         (JSC::TypeProfiler::findLocation):
1078         (JSC::descriptorMatchesTypeLocation): Deleted.
1079
1080 2014-08-25  Saam Barati  <sbarati@apple.com>
1081
1082         Return statement TypeSet's might be duplicated
1083         https://bugs.webkit.org/show_bug.cgi?id=136200
1084
1085         Reviewed by Filip Pizlo.
1086
1087         Currently, the globalTypeSet that converges the types of all 
1088         return statements in a function lives off of CodeBlock. It lives 
1089         off CodeBlock because of a faulty assumption that CodeBlock 
1090         will have a one to one mapping with a function in the source 
1091         text of the program. (Currently, there isn't an actual bug 
1092         with this design because TypeLocationCache will hash cons to 
1093         the same TypeLocation, but this is still an incorrect design). 
1094         In this patch, the globalTypeSet for function return statements  
1095         is moved to the FunctionExecutable object which does have a one 
1096         to one mapping with functions in the source text of a program.
1097
1098         * bytecode/CodeBlock.cpp:
1099         (JSC::CodeBlock::CodeBlock):
1100         * bytecode/CodeBlock.h:
1101         (JSC::CodeBlock::returnStatementTypeSet): Deleted.
1102         * runtime/Executable.h:
1103         (JSC::FunctionExecutable::returnStatementTypeSet):
1104
1105 2014-08-24  Filip Pizlo  <fpizlo@apple.com>
1106
1107         FTL should be able to do polymorphic call inlining
1108         https://bugs.webkit.org/show_bug.cgi?id=135145
1109
1110         Reviewed by Geoffrey Garen.
1111         
1112         Added a log-based high-fidelity call edge profiler that runs in DFG JIT (and optionally
1113         baseline JIT) code. Used it to do precise polymorphic inlining in the FTL. Potential
1114         inlining sites use the call edge profile if it is available, but they will still fall back
1115         on the call inline cache and rare case counts if it's not. Polymorphic inlining means that
1116         multiple possible callees can be inlined with a switch to guard them. The slow path may
1117         either be an OSR exit or a virtual call.
1118         
1119         The call edge profiling added in this patch is very precise - it will tell you about every
1120         call that has ever happened. It took some effort to reduce the overhead of this profiling.
1121         This mostly involved ensuring that we don't do it unnecessarily. For example, we avoid it
1122         in the baseline JIT (you can conditionally enable it but it's off by default) and we only do
1123         it in the DFG JIT if we know that the regular inline cache profiling wasn't precise enough.
1124         I also experimented with reducing the precision of the profiling. This led to a significant
1125         reduction in the speed-up, so I avoided this approach. I also explored making log processing
1126         concurrent, but that didn't help. Also, I tested the overhead of the log processing and
1127         found that most of the overhead of this profiling is actually in putting things into the log
1128         rather than in processing the log - that part appears to be surprisingly cheap.
1129         
1130         Polymorphic inlining could be enabled in the DFG if we enabled baseline call edge profiling,
1131         and if we guarded such inlining sites with some profiling mechanism to detect
1132         polyvariant monomorphisation opportunities (where the callsite being inlined reveals that
1133         it's actually monomorphic).
1134         
1135         This is a ~28% speed-up on deltablue and a ~7% speed-up on richards, with small speed-ups on
1136         other programs as well. It's about a 2% speed-up on Octane version 2, and never a regression
1137         on anything we care about. Some aggregates, like V8Spider, see a regression. This is
1138         highlighting the increase in profiling overhead. But since this doesn't show up on any major
1139         score (code-load or SunSpider), it's probably not relevant.
1140         
1141         * CMakeLists.txt:
1142         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1143         * JavaScriptCore.xcodeproj/project.pbxproj:
1144         * bytecode/CallEdge.cpp: Added.
1145         (JSC::CallEdge::dump):
1146         * bytecode/CallEdge.h: Added.
1147         (JSC::CallEdge::operator!):
1148         (JSC::CallEdge::callee):
1149         (JSC::CallEdge::count):
1150         (JSC::CallEdge::despecifiedClosure):
1151         (JSC::CallEdge::CallEdge):
1152         * bytecode/CallEdgeProfile.cpp: Added.
1153         (JSC::CallEdgeProfile::callEdges):
1154         (JSC::CallEdgeProfile::numCallsToKnownCells):
1155         (JSC::worthDespecifying):
1156         (JSC::CallEdgeProfile::worthDespecifying):
1157         (JSC::CallEdgeProfile::visitWeak):
1158         (JSC::CallEdgeProfile::addSlow):
1159         (JSC::CallEdgeProfile::mergeBack):
1160         (JSC::CallEdgeProfile::fadeByHalf):
1161         (JSC::CallEdgeLog::CallEdgeLog):
1162         (JSC::CallEdgeLog::~CallEdgeLog):
1163         (JSC::CallEdgeLog::isEnabled):
1164         (JSC::operationProcessCallEdgeLog):
1165         (JSC::CallEdgeLog::emitLogCode):
1166         (JSC::CallEdgeLog::processLog):
1167         * bytecode/CallEdgeProfile.h: Added.
1168         (JSC::CallEdgeProfile::numCallsToNotCell):
1169         (JSC::CallEdgeProfile::numCallsToUnknownCell):
1170         (JSC::CallEdgeProfile::totalCalls):
1171         * bytecode/CallEdgeProfileInlines.h: Added.
1172         (JSC::CallEdgeProfile::CallEdgeProfile):
1173         (JSC::CallEdgeProfile::add):
1174         * bytecode/CallLinkInfo.cpp:
1175         (JSC::CallLinkInfo::visitWeak):
1176         * bytecode/CallLinkInfo.h:
1177         * bytecode/CallLinkStatus.cpp:
1178         (JSC::CallLinkStatus::CallLinkStatus):
1179         (JSC::CallLinkStatus::computeFromLLInt):
1180         (JSC::CallLinkStatus::computeFor):
1181         (JSC::CallLinkStatus::computeExitSiteData):
1182         (JSC::CallLinkStatus::computeFromCallLinkInfo):
1183         (JSC::CallLinkStatus::computeFromCallEdgeProfile):
1184         (JSC::CallLinkStatus::computeDFGStatuses):
1185         (JSC::CallLinkStatus::isClosureCall):
1186         (JSC::CallLinkStatus::makeClosureCall):
1187         (JSC::CallLinkStatus::dump):
1188         (JSC::CallLinkStatus::function): Deleted.
1189         (JSC::CallLinkStatus::internalFunction): Deleted.
1190         (JSC::CallLinkStatus::intrinsicFor): Deleted.
1191         * bytecode/CallLinkStatus.h:
1192         (JSC::CallLinkStatus::CallLinkStatus):
1193         (JSC::CallLinkStatus::isSet):
1194         (JSC::CallLinkStatus::couldTakeSlowPath):
1195         (JSC::CallLinkStatus::edges):
1196         (JSC::CallLinkStatus::size):
1197         (JSC::CallLinkStatus::at):
1198         (JSC::CallLinkStatus::operator[]):
1199         (JSC::CallLinkStatus::canOptimize):
1200         (JSC::CallLinkStatus::canTrustCounts):
1201         (JSC::CallLinkStatus::isClosureCall): Deleted.
1202         (JSC::CallLinkStatus::callTarget): Deleted.
1203         (JSC::CallLinkStatus::executable): Deleted.
1204         (JSC::CallLinkStatus::makeClosureCall): Deleted.
1205         * bytecode/CallVariant.cpp: Added.
1206         (JSC::CallVariant::dump):
1207         * bytecode/CallVariant.h: Added.
1208         (JSC::CallVariant::CallVariant):
1209         (JSC::CallVariant::operator!):
1210         (JSC::CallVariant::despecifiedClosure):
1211         (JSC::CallVariant::rawCalleeCell):
1212         (JSC::CallVariant::internalFunction):
1213         (JSC::CallVariant::function):
1214         (JSC::CallVariant::isClosureCall):
1215         (JSC::CallVariant::executable):
1216         (JSC::CallVariant::nonExecutableCallee):
1217         (JSC::CallVariant::intrinsicFor):
1218         (JSC::CallVariant::functionExecutable):
1219         (JSC::CallVariant::isHashTableDeletedValue):
1220         (JSC::CallVariant::operator==):
1221         (JSC::CallVariant::operator!=):
1222         (JSC::CallVariant::operator<):
1223         (JSC::CallVariant::operator>):
1224         (JSC::CallVariant::operator<=):
1225         (JSC::CallVariant::operator>=):
1226         (JSC::CallVariant::hash):
1227         (JSC::CallVariant::deletedToken):
1228         (JSC::CallVariantHash::hash):
1229         (JSC::CallVariantHash::equal):
1230         * bytecode/CodeOrigin.h:
1231         (JSC::InlineCallFrame::isNormalCall):
1232         * bytecode/ExitKind.cpp:
1233         (JSC::exitKindToString):
1234         * bytecode/ExitKind.h:
1235         * bytecode/GetByIdStatus.cpp:
1236         (JSC::GetByIdStatus::computeForStubInfo):
1237         * bytecode/PutByIdStatus.cpp:
1238         (JSC::PutByIdStatus::computeForStubInfo):
1239         * dfg/DFGAbstractInterpreterInlines.h:
1240         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1241         * dfg/DFGBackwardsPropagationPhase.cpp:
1242         (JSC::DFG::BackwardsPropagationPhase::propagate):
1243         * dfg/DFGBasicBlock.cpp:
1244         (JSC::DFG::BasicBlock::~BasicBlock):
1245         * dfg/DFGBasicBlock.h:
1246         (JSC::DFG::BasicBlock::takeLast):
1247         (JSC::DFG::BasicBlock::didLink):
1248         * dfg/DFGByteCodeParser.cpp:
1249         (JSC::DFG::ByteCodeParser::processSetLocalQueue):
1250         (JSC::DFG::ByteCodeParser::removeLastNodeFromGraph):
1251         (JSC::DFG::ByteCodeParser::addCallWithoutSettingResult):
1252         (JSC::DFG::ByteCodeParser::addCall):
1253         (JSC::DFG::ByteCodeParser::handleCall):
1254         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
1255         (JSC::DFG::ByteCodeParser::undoFunctionChecks):
1256         (JSC::DFG::ByteCodeParser::inliningCost):
1257         (JSC::DFG::ByteCodeParser::inlineCall):
1258         (JSC::DFG::ByteCodeParser::cancelLinkingForBlock):
1259         (JSC::DFG::ByteCodeParser::attemptToInlineCall):
1260         (JSC::DFG::ByteCodeParser::handleInlining):
1261         (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
1262         (JSC::DFG::ByteCodeParser::prepareToParseBlock):
1263         (JSC::DFG::ByteCodeParser::clearCaches):
1264         (JSC::DFG::ByteCodeParser::parseBlock):
1265         (JSC::DFG::ByteCodeParser::linkBlock):
1266         (JSC::DFG::ByteCodeParser::linkBlocks):
1267         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1268         * dfg/DFGCPSRethreadingPhase.cpp:
1269         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
1270         * dfg/DFGClobberize.h:
1271         (JSC::DFG::clobberize):
1272         * dfg/DFGCommon.h:
1273         * dfg/DFGConstantFoldingPhase.cpp:
1274         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1275         * dfg/DFGDoesGC.cpp:
1276         (JSC::DFG::doesGC):
1277         * dfg/DFGDriver.cpp:
1278         (JSC::DFG::compileImpl):
1279         * dfg/DFGFixupPhase.cpp:
1280         (JSC::DFG::FixupPhase::fixupNode):
1281         * dfg/DFGGraph.cpp:
1282         (JSC::DFG::Graph::dump):
1283         (JSC::DFG::Graph::visitChildren):
1284         * dfg/DFGJITCompiler.cpp:
1285         (JSC::DFG::JITCompiler::link):
1286         * dfg/DFGLazyJSValue.cpp:
1287         (JSC::DFG::LazyJSValue::switchLookupValue):
1288         * dfg/DFGLazyJSValue.h:
1289         (JSC::DFG::LazyJSValue::switchLookupValue): Deleted.
1290         * dfg/DFGNode.cpp:
1291         (WTF::printInternal):
1292         * dfg/DFGNode.h:
1293         (JSC::DFG::OpInfo::OpInfo):
1294         (JSC::DFG::Node::hasHeapPrediction):
1295         (JSC::DFG::Node::hasCellOperand):
1296         (JSC::DFG::Node::cellOperand):
1297         (JSC::DFG::Node::setCellOperand):
1298         (JSC::DFG::Node::canBeKnownFunction): Deleted.
1299         (JSC::DFG::Node::hasKnownFunction): Deleted.
1300         (JSC::DFG::Node::knownFunction): Deleted.
1301         (JSC::DFG::Node::giveKnownFunction): Deleted.
1302         (JSC::DFG::Node::hasFunction): Deleted.
1303         (JSC::DFG::Node::function): Deleted.
1304         (JSC::DFG::Node::hasExecutable): Deleted.
1305         (JSC::DFG::Node::executable): Deleted.
1306         * dfg/DFGNodeType.h:
1307         * dfg/DFGPhantomCanonicalizationPhase.cpp:
1308         (JSC::DFG::PhantomCanonicalizationPhase::run):
1309         * dfg/DFGPhantomRemovalPhase.cpp:
1310         (JSC::DFG::PhantomRemovalPhase::run):
1311         * dfg/DFGPredictionPropagationPhase.cpp:
1312         (JSC::DFG::PredictionPropagationPhase::propagate):
1313         * dfg/DFGSafeToExecute.h:
1314         (JSC::DFG::safeToExecute):
1315         * dfg/DFGSpeculativeJIT.cpp:
1316         (JSC::DFG::SpeculativeJIT::emitSwitch):
1317         * dfg/DFGSpeculativeJIT32_64.cpp:
1318         (JSC::DFG::SpeculativeJIT::emitCall):
1319         (JSC::DFG::SpeculativeJIT::compile):
1320         * dfg/DFGSpeculativeJIT64.cpp:
1321         (JSC::DFG::SpeculativeJIT::emitCall):
1322         (JSC::DFG::SpeculativeJIT::compile):
1323         * dfg/DFGStructureRegistrationPhase.cpp:
1324         (JSC::DFG::StructureRegistrationPhase::run):
1325         * dfg/DFGTierUpCheckInjectionPhase.cpp:
1326         (JSC::DFG::TierUpCheckInjectionPhase::run):
1327         (JSC::DFG::TierUpCheckInjectionPhase::removeFTLProfiling):
1328         * dfg/DFGValidate.cpp:
1329         (JSC::DFG::Validate::validate):
1330         * dfg/DFGWatchpointCollectionPhase.cpp:
1331         (JSC::DFG::WatchpointCollectionPhase::handle):
1332         * ftl/FTLCapabilities.cpp:
1333         (JSC::FTL::canCompile):
1334         * ftl/FTLLowerDFGToLLVM.cpp:
1335         (JSC::FTL::ftlUnreachable):
1336         (JSC::FTL::LowerDFGToLLVM::lower):
1337         (JSC::FTL::LowerDFGToLLVM::compileNode):
1338         (JSC::FTL::LowerDFGToLLVM::compileCheckCell):
1339         (JSC::FTL::LowerDFGToLLVM::compileCheckBadCell):
1340         (JSC::FTL::LowerDFGToLLVM::compileGetExecutable):
1341         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
1342         (JSC::FTL::LowerDFGToLLVM::compileSwitch):
1343         (JSC::FTL::LowerDFGToLLVM::buildSwitch):
1344         (JSC::FTL::LowerDFGToLLVM::compileCheckFunction): Deleted.
1345         (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable): Deleted.
1346         * heap/Heap.cpp:
1347         (JSC::Heap::collect):
1348         * jit/AssemblyHelpers.h:
1349         (JSC::AssemblyHelpers::storeValue):
1350         (JSC::AssemblyHelpers::loadValue):
1351         * jit/CCallHelpers.h:
1352         (JSC::CCallHelpers::setupArguments):
1353         * jit/GPRInfo.h:
1354         (JSC::JSValueRegs::uses):
1355         * jit/JITCall.cpp:
1356         (JSC::JIT::compileOpCall):
1357         * jit/JITCall32_64.cpp:
1358         (JSC::JIT::compileOpCall):
1359         * runtime/Options.h:
1360         * runtime/VM.cpp:
1361         (JSC::VM::ensureCallEdgeLog):
1362         * runtime/VM.h:
1363         * tests/stress/new-array-then-exit.js: Added.
1364         (foo):
1365         * tests/stress/poly-call-exit-this.js: Added.
1366         * tests/stress/poly-call-exit.js: Added.
1367
1368 2014-08-22  Michael Saboff  <msaboff@apple.com>
1369
1370         After r172867 another crash in in js/dom/line-column-numbers.html
1371         https://bugs.webkit.org/show_bug.cgi?id=136192
1372
1373         Reviewed by Geoffrey Garen.
1374
1375         In lookupExceptionHandlerFromCallerFrame(), We need to use the caller's CallFrame
1376         and VMEntryFrame when calling genericUnwind().  NativeCallFrameTracerWithRestore()
1377         does that for us.
1378
1379         In general, NativeCallFrameTracerWithRestore(), restores the values because we may
1380         do more processing that requires the current callFrame and vmEntryFrame before we
1381         get to the catch handler where we change these to the catch values.  In this
1382         particular case, that restoration isn't currently needed, but we add complexity
1383         and possible future confusion if we create another NativeCallFrameTracerXXX()
1384         version that doesn't restore the values.
1385
1386         * jit/JITOperations.cpp:
1387         (JSC::lookupExceptionHandlerFromCallerFrame): Changed NativeCallFrameTracer() to
1388         NativeCallFrameTracerWithRestore() so that VM::topVMEntryFrame will be updated
1389         before calling genericUnwind().
1390
1391 2014-08-24  Brian J. Burg  <burg@cs.washington.edu>
1392
1393         Web Inspector: rename Inspector::TypeBuilder to Inspector::Protocol
1394         https://bugs.webkit.org/show_bug.cgi?id=136031
1395
1396         Reviewed by Timothy Hatcher.
1397
1398         Rename TypeBuilder namespace to Protocol. Disambiguate where
1399         necessary. Also rename InspectorTypeBuilder to ProtocolTypes.
1400
1401         * CMakeLists.txt:
1402         * DerivedSources.make:
1403         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1404         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1405         * JavaScriptCore.vcxproj/copy-files.cmd:
1406         * JavaScriptCore.xcodeproj/project.pbxproj:
1407         * inspector/ConsoleMessage.cpp:
1408         (Inspector::messageSourceValue):
1409         (Inspector::messageTypeValue):
1410         (Inspector::messageLevelValue):
1411         (Inspector::ConsoleMessage::addToFrontend):
1412         * inspector/ContentSearchUtilities.cpp:
1413         (Inspector::ContentSearchUtilities::buildObjectForSearchMatch):
1414         (Inspector::ContentSearchUtilities::searchInTextByLines):
1415         * inspector/ContentSearchUtilities.h:
1416         * inspector/InjectedScript.cpp:
1417         (Inspector::InjectedScript::evaluate):
1418         (Inspector::InjectedScript::callFunctionOn):
1419         (Inspector::InjectedScript::evaluateOnCallFrame):
1420         (Inspector::InjectedScript::getFunctionDetails):
1421         (Inspector::InjectedScript::getProperties):
1422         (Inspector::InjectedScript::getInternalProperties):
1423         (Inspector::InjectedScript::wrapCallFrames):
1424         (Inspector::InjectedScript::wrapObject):
1425         (Inspector::InjectedScript::wrapTable):
1426         * inspector/InjectedScript.h:
1427         * inspector/InjectedScriptBase.cpp:
1428         (Inspector::InjectedScriptBase::makeEvalCall):
1429         * inspector/InjectedScriptBase.h:
1430         * inspector/InspectorTypeBuilder.h: Removed.
1431         * inspector/ScriptCallFrame.cpp:
1432         (Inspector::ScriptCallFrame::buildInspectorObject):
1433         * inspector/ScriptCallFrame.h:
1434         * inspector/ScriptCallStack.cpp:
1435         (Inspector::ScriptCallStack::buildInspectorArray):
1436         * inspector/ScriptCallStack.h:
1437         * inspector/agents/InspectorAgent.cpp:
1438         (Inspector::InspectorAgent::inspect):
1439         * inspector/agents/InspectorAgent.h:
1440         * inspector/agents/InspectorDebuggerAgent.cpp:
1441         (Inspector::breakpointActionTypeForString):
1442         (Inspector::InspectorDebuggerAgent::setBreakpointByUrl):
1443         (Inspector::InspectorDebuggerAgent::setBreakpoint):
1444         (Inspector::InspectorDebuggerAgent::resolveBreakpoint):
1445         (Inspector::InspectorDebuggerAgent::searchInContent):
1446         (Inspector::InspectorDebuggerAgent::getFunctionDetails):
1447         (Inspector::InspectorDebuggerAgent::evaluateOnCallFrame):
1448         (Inspector::InspectorDebuggerAgent::currentCallFrames):
1449         (Inspector::InspectorDebuggerAgent::didParseSource):
1450         (Inspector::InspectorDebuggerAgent::breakpointActionProbe):
1451         * inspector/agents/InspectorDebuggerAgent.h:
1452         * inspector/agents/InspectorProfilerAgent.cpp:
1453         (Inspector::InspectorProfilerAgent::createProfileHeader):
1454         (Inspector::InspectorProfilerAgent::getProfileHeaders):
1455         (Inspector::buildInspectorObject):
1456         (Inspector::InspectorProfilerAgent::buildProfileInspectorObject):
1457         (Inspector::InspectorProfilerAgent::getCPUProfile):
1458         * inspector/agents/InspectorProfilerAgent.h:
1459         * inspector/agents/InspectorRuntimeAgent.cpp:
1460         (Inspector::buildErrorRangeObject):
1461         (Inspector::InspectorRuntimeAgent::parse):
1462         (Inspector::InspectorRuntimeAgent::evaluate):
1463         (Inspector::InspectorRuntimeAgent::callFunctionOn):
1464         (Inspector::InspectorRuntimeAgent::getProperties):
1465         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1466         * inspector/agents/InspectorRuntimeAgent.h:
1467         * inspector/scripts/codegen/__init__.py:
1468         * inspector/scripts/codegen/generate_backend_dispatcher_header.py:
1469         (BackendDispatcherHeaderGenerator.generate_output):
1470         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py:
1471         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
1472         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
1473         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py:
1474         (FrontendDispatcherHeaderGenerator.generate_output):
1475         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py:
1476         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
1477         * inspector/scripts/codegen/generate_type_builder_header.py: Removed.
1478         * inspector/scripts/codegen/generate_type_builder_implementation.py: Removed.
1479         * inspector/scripts/codegen/generator.py:
1480         (Generator.protocol_type_string_for_type):
1481         (Generator.protocol_type_string_for_type_member):
1482         (Generator.type_string_for_type_with_name):
1483         (Generator.type_string_for_formal_out_parameter):
1484         (Generator.type_string_for_formal_async_parameter):
1485         (Generator.type_string_for_stack_in_parameter):
1486         (Generator.type_string_for_stack_out_parameter):
1487         (Generator.assertion_method_for_type_member.assertion_method_for_type):
1488         (Generator.assertion_method_for_type_member):
1489         (Generator.type_builder_string_for_type): Deleted.
1490         (Generator.type_builder_string_for_type_member): Deleted.
1491         * inspector/scripts/codegen/generator_templates.py:
1492         (Inspector):
1493         * inspector/scripts/generate-inspector-protocol-bindings.py:
1494         (generate_from_specification):
1495         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
1496         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
1497         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
1498         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
1499         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
1500         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
1501         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
1502         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
1503         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
1504         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
1505         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
1506         * runtime/HighFidelityTypeProfiler.cpp:
1507         (JSC::HighFidelityTypeProfiler::getTypesForVariableAtOffsetForInspector):
1508         * runtime/HighFidelityTypeProfiler.h:
1509         * runtime/TypeSet.cpp:
1510         (JSC::TypeSet::allPrimitiveTypeNames):
1511         (JSC::TypeSet::allStructureRepresentations):
1512         (JSC::StructureShape::inspectorRepresentation):
1513         * runtime/TypeSet.h:
1514
1515 2014-08-24  Brian J. Burg  <burg@cs.washington.edu>
1516
1517         Web Inspector: Rename DOM.RGBA and remove workarounds in the bindings generator
1518         https://bugs.webkit.org/show_bug.cgi?id=136025
1519
1520         Reviewed by Joseph Pecoraro.
1521
1522         This workaround can be removed since it is no longer necessary.
1523
1524         * inspector/scripts/codegen/models.py:
1525         (TypeReference.__init__):
1526         (Type.raw_name):
1527         (TypeDeclaration.__init__):
1528         * inspector/scripts/tests/type-declaration-object-type.json: Remove related test input.
1529         * inspector/scripts/tests/expected/type-declaration-object-type.json-result: Rebaseline.
1530
1531 2014-08-23  Joseph Pecoraro  <pecoraro@apple.com>
1532
1533         Web Inspector: Do not copy large module source strings
1534         https://bugs.webkit.org/show_bug.cgi?id=136191
1535
1536         Reviewed by Benjamin Poulain.
1537
1538         * inspector/InjectedScriptManager.cpp:
1539         (Inspector::InjectedScriptManager::injectedScriptSource):
1540
1541 2014-08-21  Michael Saboff  <msaboff@apple.com>
1542
1543         REGRESSION(r163179): Sporadic crash in js/dom/line-column-numbers.html test
1544         https://bugs.webkit.org/show_bug.cgi?id=136111
1545
1546         Reviewed by Filip Pizlo.
1547
1548         The problem was that we weren't properly handling VM::topVMEntryFrame in two ways.
1549
1550         First in the case where we get an exception of a stack overflow during setup of the direct
1551         callee frame of a VM entry frame, we need to throw the exception in the caller's frame.
1552         This requires unrolling topVMEntryFrame while creating the exception object.  This is
1553         accomplished with the renamed NativeCallFrameTracerWithRestore object.  As part of this,
1554         split the JIT rollback exception handling to call a new helper,
1555         callLookupExceptionHandlerFromCallerFrame, which will unroll the callFrame and VMEntryFrame.
1556
1557         Second, when we unwind to find a handler, we also need to unwind topVMCallFrame for the
1558         case where we end up (re)throwing another exception after entering the catch block, but
1559         before another vmEntry call.  Added VM::vmEntryFrameForThrow as a way similar to
1560         VM::callFrameForThrow to pass the appropriate VMENtryFrame to the catch block.
1561
1562
1563         * dfg/DFGJITCompiler.cpp:
1564         (JSC::DFG::JITCompiler::compileExceptionHandlers):
1565         * ftl/FTLCompile.cpp:
1566         (JSC::FTL::fixFunctionBasedOnStackMaps):
1567         * jit/JIT.cpp:
1568         (JSC::JIT::privateCompileExceptionHandlers):
1569         Split out the unroll cases to use the new helper callLookupExceptionHandlerFromCallerFrame()
1570         to unwind both the callFrame and topVMEntryFrame.
1571
1572         * interpreter/Interpreter.cpp:
1573         (JSC::UnwindFunctor::UnwindFunctor):
1574         (JSC::UnwindFunctor::operator()):
1575         (JSC::Interpreter::unwind):
1576         * jit/JITExceptions.cpp:
1577         (JSC::genericUnwind):
1578         Added VMEntryFrame as another component to unwind.
1579
1580         * interpreter/Interpreter.h:
1581         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
1582         (JSC::NativeCallFrameTracerWithRestore::NativeCallFrameTracerWithRestore):
1583         (JSC::NativeCallFrameTracerWithRestore::~NativeCallFrameTracerWithRestore):
1584         Renamed and changed to save and restore topCallFrame and topVMEntryFrame around the setting of
1585         both values.
1586
1587         * interpreter/StackVisitor.cpp:
1588         (JSC::StackVisitor::gotoNextFrame):
1589         (JSC::StackVisitor::readNonInlinedFrame):
1590         * interpreter/StackVisitor.h:
1591         (JSC::StackVisitor::Frame::vmEntryFrame):
1592         Added code to unwind the VMEntryFrame.
1593
1594         * jit/CCallHelpers.h:
1595         (JSC::CCallHelpers::jumpToExceptionHandler): Updated comment to indicate that the value
1596         the handler should use for VM::topEntryFrame is in VM::vmEntryFrameForThrow.
1597
1598         * jit/JITOpcodes.cpp:
1599         (JSC::JIT::emit_op_catch):
1600         * jit/JITOpcodes32_64.cpp:
1601         (JSC::JIT::emit_op_catch):
1602         * llint/LowLevelInterpreter32_64.asm:
1603         * llint/LowLevelInterpreter64.asm:
1604         Added code to update VM::topVMEntryFrame from VM::vmEntryFrameForThrowOffset.
1605
1606         * jit/JITOperations.cpp:
1607         * jit/JITOperations.h:
1608         (JSC::operationThrowStackOverflowError):
1609         (JSC::operationCallArityCheck):
1610         (JSC::operationConstructArityCheck):
1611
1612         * runtime/VM.h:
1613         (JSC::VM::vmEntryFrameForThrowOffset):
1614         (JSC::VM::topVMEntryFrameOffset):
1615         Added as the side channel to return the topVMEntryFrame that the handler should use.
1616
1617 2014-08-22  Daniel Bates  <dabates@apple.com>
1618
1619         [iOS] Disable ENABLE_IOS_{GESTURE, TOUCH}_EVENTS, and temporarily disable ENABLE_TOUCH_EVENTS
1620         and ENABLE_XSLT when building with the iOS public SDK
1621         https://bugs.webkit.org/show_bug.cgi?id=135945
1622
1623         Reviewed by Andy Estes.
1624
1625         * Configurations/FeatureDefines.xcconfig:
1626
1627 2014-08-22  Jon Lee  <jonlee@apple.com>
1628
1629         Fix iOS build due to r172832 and move RUBBER_BANDING out of FeatureDefines.h
1630         https://bugs.webkit.org/show_bug.cgi?id=136157
1631
1632         Reviewed by Simon Fraser.
1633
1634         * Configurations/FeatureDefines.xcconfig: Add ENABLE(RUBBER_BANDING).
1635
1636 2014-08-21  Mark Lam  <mark.lam@apple.com>
1637
1638         r171362 accidentally increased the size of InlineCallFrame.
1639         <https://webkit.org/b/136141>
1640
1641         Reviewed by Filip Pizlo.
1642
1643         r171362 increased the size of InlineCallFrame::kind to 2 bits.  This increased
1644         the size of InlineCallFrame from 72 to 80 though not intentionally.  The fix
1645         is to reduce the size of InlineCallFrame::stackOffset to 29 bits.
1646
1647         Also added an assert to ensure that we never set a value that exceeds the size
1648         of InlineCallFrame::stackOffset.
1649
1650         * bytecode/CodeOrigin.h:
1651         (JSC::InlineCallFrame::setStackOffset):
1652         * dfg/DFGByteCodeParser.cpp:
1653         (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
1654
1655 2014-08-21  Joseph Pecoraro  <pecoraro@apple.com>
1656
1657         Web Inspector: RetainPtr misuse, CFRunLoopSource leak
1658         https://bugs.webkit.org/show_bug.cgi?id=136143
1659
1660         Reviewed by Timothy Hatcher.
1661
1662         Adopt a Create into the RetainPtr to avoid leaking.
1663
1664         * inspector/remote/RemoteInspectorDebuggableConnection.mm:
1665         (Inspector::RemoteInspectorDebuggableConnection::setupRunLoop):
1666
1667 2014-08-21  Mark Lam  <mark.lam@apple.com>
1668
1669         REGRESSION(r172808): It made 6 different tests fail on 32 bit platforms.
1670         <https://webkit.org/b/136123>
1671
1672         Reviewed by Filip Pizlo.
1673
1674         The original patch in r172808 removed the code to skip the top scope in
1675         the 64-bit port of JIT::emitResolveClosure() but not in the 32-bit port.
1676         This patch fixes that and achieves parity.
1677
1678         * jit/JITPropertyAccess32_64.cpp:
1679         (JSC::JIT::emitResolveClosure):
1680
1681 2014-08-21  Zalan Bujtas  <zalan@apple.com>
1682
1683         Enable SATURATED_LAYOUT_ARITHMETIC.
1684         https://bugs.webkit.org/show_bug.cgi?id=136106
1685
1686         Reviewed by Simon Fraser.
1687
1688         SATURATED_LAYOUT_ARITHMETIC protects LayoutUnit against arithmetic overflow.
1689         (No measurable performance regression on Mac.)
1690
1691         * Configurations/FeatureDefines.xcconfig:
1692
1693 2014-08-20  Saam Barati  <sbarati@apple.com>
1694
1695         Fix how CodeBlock dumps the opcode op_profile_type
1696         https://bugs.webkit.org/show_bug.cgi?id=136088
1697
1698         Reviewed by Filip Pizlo.
1699
1700         op_profile_type was modified to receive two extra arguments,
1701         but its dump in CodeBlock::dumpBytecode wasn't changed to 
1702         account for this, so it broke CodeBlock::dumpBytecode when
1703         op_profile_type was in the stream of bytecode instructions.
1704         CodeBlock::dumpBytecode now accounts for the change in 
1705         op_profile_type's arity.
1706
1707         * bytecode/CodeBlock.cpp:
1708         (JSC::CodeBlock::dumpBytecode):
1709
1710 2014-08-20  Saam Barati  <sbarati@apple.com>
1711
1712         Rename HighFidelityTypeProfiling variables for more clarity
1713         https://bugs.webkit.org/show_bug.cgi?id=135899
1714
1715         Reviewed by Geoffrey Garen.
1716
1717         Many names that are used in the type profiling infrastructure
1718         prefix themselves with "HighFidelity" or include the words "high"
1719         and/or "fidelity" in some way. But the words "high" and "fidelity" don't 
1720         add anything descriptive to the names surrounding type profiling. 
1721         So this patch removes all uses of "HighFidelity" and its variants.
1722
1723         Most renamings change "HighFidelity*" to "TypeProfiler*" or simply 
1724         drop the prefix "HighFidelity" all together. Now, almost all names 
1725         in relation to type profiling contain in them "TypeProfiler" or 
1726         "TypeProfiling" or some combination of the words "type" and "profile".
1727
1728         This patch also changes how we check if type profiling is enabled:
1729         We no longer call vm::isProfilingTypesWithHighFidelity. We now just 
1730         check that vm::typeProfiler is not null.
1731
1732         This patch also changes all calls to TypeProfilerLog::processLogEntries
1733         to use ASCIILiteral to form WTFStrings instead of vanilla C string literals.
1734
1735         * CMakeLists.txt:
1736         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1737         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1738         * JavaScriptCore.xcodeproj/project.pbxproj:
1739         * bytecode/BytecodeList.json:
1740         * bytecode/BytecodeUseDef.h:
1741         (JSC::computeUsesForBytecodeOffset):
1742         (JSC::computeDefsForBytecodeOffset):
1743         * bytecode/CodeBlock.cpp:
1744         (JSC::CodeBlock::dumpBytecode):
1745         (JSC::CodeBlock::CodeBlock):
1746         * bytecode/TypeLocation.h:
1747         * bytecode/UnlinkedCodeBlock.cpp:
1748         (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
1749         (JSC::UnlinkedCodeBlock::typeProfilerExpressionInfoForBytecodeOffset):
1750         (JSC::UnlinkedCodeBlock::addTypeProfilerExpressionInfo):
1751         (JSC::UnlinkedCodeBlock::highFidelityTypeProfileExpressionInfoForBytecodeOffset): Deleted.
1752         (JSC::UnlinkedCodeBlock::addHighFidelityTypeProfileExpressionInfo): Deleted.
1753         * bytecode/UnlinkedCodeBlock.h:
1754         (JSC::UnlinkedFunctionExecutable::typeProfilingStartOffset):
1755         (JSC::UnlinkedFunctionExecutable::typeProfilingEndOffset):
1756         (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingStartOffset): Deleted.
1757         (JSC::UnlinkedFunctionExecutable::highFidelityTypeProfilingEndOffset): Deleted.
1758         * bytecompiler/BytecodeGenerator.cpp:
1759         (JSC::BytecodeGenerator::generate):
1760         (JSC::BytecodeGenerator::BytecodeGenerator):
1761         (JSC::BytecodeGenerator::emitMove):
1762         (JSC::BytecodeGenerator::emitTypeProfilerExpressionInfo):
1763         (JSC::BytecodeGenerator::emitProfileType):
1764         (JSC::BytecodeGenerator::emitHighFidelityTypeProfilingExpressionInfo): Deleted.
1765         (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity): Deleted.
1766         * bytecompiler/BytecodeGenerator.h:
1767         (JSC::BytecodeGenerator::isProfilingTypesWithHighFidelity): Deleted.
1768         * bytecompiler/NodesCodegen.cpp:
1769         (JSC::ThisNode::emitBytecode):
1770         (JSC::ResolveNode::emitBytecode):
1771         (JSC::BracketAccessorNode::emitBytecode):
1772         (JSC::DotAccessorNode::emitBytecode):
1773         (JSC::FunctionCallValueNode::emitBytecode):
1774         (JSC::FunctionCallResolveNode::emitBytecode):
1775         (JSC::FunctionCallBracketNode::emitBytecode):
1776         (JSC::FunctionCallDotNode::emitBytecode):
1777         (JSC::CallFunctionCallDotNode::emitBytecode):
1778         (JSC::ApplyFunctionCallDotNode::emitBytecode):
1779         (JSC::PostfixNode::emitResolve):
1780         (JSC::PostfixNode::emitBracket):
1781         (JSC::PostfixNode::emitDot):
1782         (JSC::PrefixNode::emitResolve):
1783         (JSC::PrefixNode::emitBracket):
1784         (JSC::PrefixNode::emitDot):
1785         (JSC::ReadModifyResolveNode::emitBytecode):
1786         (JSC::AssignResolveNode::emitBytecode):
1787         (JSC::AssignDotNode::emitBytecode):
1788         (JSC::ReadModifyDotNode::emitBytecode):
1789         (JSC::AssignBracketNode::emitBytecode):
1790         (JSC::ReadModifyBracketNode::emitBytecode):
1791         (JSC::ConstDeclNode::emitCodeSingle):
1792         (JSC::EmptyVarExpression::emitBytecode):
1793         (JSC::ReturnNode::emitBytecode):
1794         (JSC::FunctionBodyNode::emitBytecode):
1795         * heap/Heap.cpp:
1796         (JSC::Heap::collect):
1797         * inspector/agents/InspectorRuntimeAgent.cpp:
1798         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
1799         (Inspector::recompileAllJSFunctionsForTypeProfiling):
1800         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
1801         (Inspector::InspectorRuntimeAgent::enableTypeProfiler):
1802         (Inspector::InspectorRuntimeAgent::disableTypeProfiler):
1803         (Inspector::InspectorRuntimeAgent::setTypeProfilerEnabledState):
1804         (Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling): Deleted.
1805         (Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling): Deleted.
1806         (Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState): Deleted.
1807         * inspector/agents/InspectorRuntimeAgent.h:
1808         * inspector/protocol/Runtime.json:
1809         * jit/JIT.cpp:
1810         (JSC::JIT::privateCompileMainPass):
1811         (JSC::JIT::privateCompile):
1812         * jit/JIT.h:
1813         * jit/JITOpcodes.cpp:
1814         (JSC::JIT::emit_op_profile_type):
1815         (JSC::JIT::emit_op_profile_types_with_high_fidelity): Deleted.
1816         * jit/JITOpcodes32_64.cpp:
1817         (JSC::JIT::emit_op_profile_type):
1818         (JSC::JIT::emit_op_profile_types_with_high_fidelity): Deleted.
1819         * jit/JITOperations.cpp:
1820         * jsc.cpp:
1821         (functionDumpTypesForAllVariables):
1822         * llint/LLIntSlowPaths.cpp:
1823         * llint/LowLevelInterpreter.asm:
1824         * runtime/CodeCache.cpp:
1825         (JSC::CodeCache::getGlobalCodeBlock):
1826         * runtime/CommonSlowPaths.cpp:
1827         (JSC::SLOW_PATH_DECL):
1828         * runtime/CommonSlowPaths.h:
1829         * runtime/Executable.cpp:
1830         (JSC::ScriptExecutable::ScriptExecutable):
1831         (JSC::ProgramExecutable::ProgramExecutable):
1832         (JSC::FunctionExecutable::FunctionExecutable):
1833         (JSC::ProgramExecutable::initializeGlobalProperties):
1834         * runtime/Executable.h:
1835         (JSC::ScriptExecutable::typeProfilingStartOffset):
1836         (JSC::ScriptExecutable::typeProfilingEndOffset):
1837         (JSC::ScriptExecutable::highFidelityTypeProfilingStartOffset): Deleted.
1838         (JSC::ScriptExecutable::highFidelityTypeProfilingEndOffset): Deleted.
1839         * runtime/HighFidelityLog.cpp: Removed.
1840         * runtime/HighFidelityLog.h: Removed.
1841         * runtime/HighFidelityTypeProfiler.cpp: Removed.
1842         * runtime/HighFidelityTypeProfiler.h: Removed.
1843         * runtime/Options.h:
1844         * runtime/SymbolTable.cpp:
1845         (JSC::SymbolTable::prepareForTypeProfiling):
1846         (JSC::SymbolTable::uniqueIDForVariable):
1847         (JSC::SymbolTable::uniqueIDForRegister):
1848         (JSC::SymbolTable::prepareForHighFidelityTypeProfiling): Deleted.
1849         * runtime/SymbolTable.h:
1850         * runtime/TypeProfiler.cpp: Added.
1851         (JSC::TypeProfiler::logTypesForTypeLocation):
1852         (JSC::TypeProfiler::insertNewLocation):
1853         (JSC::TypeProfiler::getTypesForVariableAtOffsetForInspector):
1854         (JSC::descriptorMatchesTypeLocation):
1855         (JSC::TypeProfiler::findLocation):
1856         * runtime/TypeProfiler.h: Added.
1857         (JSC::QueryKey::QueryKey):
1858         (JSC::QueryKey::isHashTableDeletedValue):
1859         (JSC::QueryKey::operator==):
1860         (JSC::QueryKey::hash):
1861         (JSC::QueryKeyHash::hash):
1862         (JSC::QueryKeyHash::equal):
1863         (JSC::TypeProfiler::functionHasExecutedCache):
1864         (JSC::TypeProfiler::typeLocationCache):
1865         * runtime/TypeProfilerLog.cpp: Added.
1866         (JSC::TypeProfilerLog::initializeLog):
1867         (JSC::TypeProfilerLog::~TypeProfilerLog):
1868         (JSC::TypeProfilerLog::processLogEntries):
1869         * runtime/TypeProfilerLog.h: Added.
1870         (JSC::TypeProfilerLog::LogEntry::structureIDOffset):
1871         (JSC::TypeProfilerLog::LogEntry::valueOffset):
1872         (JSC::TypeProfilerLog::LogEntry::locationOffset):
1873         (JSC::TypeProfilerLog::TypeProfilerLog):
1874         (JSC::TypeProfilerLog::recordTypeInformationForLocation):
1875         (JSC::TypeProfilerLog::logEndPtr):
1876         (JSC::TypeProfilerLog::logStartOffset):
1877         (JSC::TypeProfilerLog::currentLogEntryOffset):
1878         * runtime/VM.cpp:
1879         (JSC::VM::VM):
1880         (JSC::VM::enableTypeProfiler):
1881         (JSC::VM::disableTypeProfiler):
1882         (JSC::VM::dumpTypeProfilerData):
1883         (JSC::VM::enableHighFidelityTypeProfiling): Deleted.
1884         (JSC::VM::disableHighFidelityTypeProfiling): Deleted.
1885         (JSC::VM::dumpHighFidelityProfilingTypes): Deleted.
1886         * runtime/VM.h:
1887         (JSC::VM::typeProfilerLog):
1888         (JSC::VM::typeProfiler):
1889         (JSC::VM::isProfilingTypesWithHighFidelity): Deleted.
1890         (JSC::VM::highFidelityLog): Deleted.
1891         (JSC::VM::highFidelityTypeProfiler): Deleted.
1892
1893 2014-08-20  Csaba Osztrogonác  <ossy@webkit.org>
1894
1895         URTBF after r172799.
1896
1897         * disassembler/ARM64/A64DOpcode.cpp:
1898         * disassembler/ARM64Disassembler.cpp:
1899
1900 2014-08-20  Oliver Hunt  <oliver@apple.com>
1901
1902         Stop implicitly skipping a function's own activation when walking the scope chain
1903         https://bugs.webkit.org/show_bug.cgi?id=136118
1904
1905         Reviewed by Geoffrey Garen.
1906
1907         Remove the current logic that implicitly skips a function's
1908         own activation when walking the scope chain. This is ground
1909         work for ensuring that all closed variable access is made
1910         through the function's activation. This leads to a further
1911         10% regression on earley, but we're already tracking the
1912         overall performance regression.
1913
1914         * bytecode/CodeBlock.cpp:
1915         (JSC::CodeBlock::CodeBlock):
1916         * dfg/DFGAbstractInterpreterInlines.h:
1917         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
1918         * dfg/DFGByteCodeParser.cpp:
1919         (JSC::DFG::ByteCodeParser::getScope):
1920         (JSC::DFG::ByteCodeParser::parseBlock):
1921         * dfg/DFGClobberize.h:
1922         (JSC::DFG::clobberize):
1923         * dfg/DFGDoesGC.cpp:
1924         (JSC::DFG::doesGC):
1925         * dfg/DFGFixupPhase.cpp:
1926         (JSC::DFG::FixupPhase::fixupNode):
1927         * dfg/DFGHeapLocation.cpp:
1928         (WTF::printInternal):
1929         * dfg/DFGHeapLocation.h:
1930         * dfg/DFGNodeType.h:
1931         * dfg/DFGPredictionPropagationPhase.cpp:
1932         (JSC::DFG::PredictionPropagationPhase::propagate):
1933         * dfg/DFGSafeToExecute.h:
1934         (JSC::DFG::safeToExecute):
1935         * dfg/DFGSpeculativeJIT32_64.cpp:
1936         (JSC::DFG::SpeculativeJIT::compile):
1937         * dfg/DFGSpeculativeJIT64.cpp:
1938         (JSC::DFG::SpeculativeJIT::compile):
1939         * jit/JITPropertyAccess.cpp:
1940         (JSC::JIT::emitResolveClosure):
1941         * llint/LowLevelInterpreter32_64.asm:
1942         * llint/LowLevelInterpreter64.asm:
1943         * runtime/JSScope.cpp:
1944         (JSC::JSScope::abstractResolve):
1945         * runtime/JSScope.h:
1946
1947 2014-08-20  Michael Saboff  <msaboff@apple.com>
1948
1949         REGRESSION: Web Inspector crashes when reloading apple.com with Timeline recording active
1950         https://bugs.webkit.org/show_bug.cgi?id=136034
1951
1952         Reviewed by Mark Lam.
1953
1954         DebuggerCallFrame::positionForCallFrame is trying to unwind starting somewhere in the middle
1955         of the stack.  Hardened StackVisitor to skip over the frames between the current top frame
1956         and the requested start frame.
1957
1958         * interpreter/StackVisitor.cpp:
1959         (JSC::StackVisitor::StackVisitor):
1960
1961 2014-08-20  Brent Fulgham  <bfulgham@apple.com>
1962
1963         [Win] JavaScriptCore.dll is missing version information.
1964         https://bugs.webkit.org/show_bug.cgi?id=136105
1965         <rdar://problem/18075852>
1966
1967         Reviewed by Dean Jackson.
1968
1969         * JavaScriptCore.vcxproj/JavaScriptCorePreBuild.cmd: Add missing step to generate
1970         version information for intermediary build path.
1971
1972 2014-08-20  Saam Barati  <sbarati@apple.com>
1973
1974         Fix a memory leak in TypeSet
1975         https://bugs.webkit.org/show_bug.cgi?id=135913
1976
1977         Reviewed by Filip Pizlo.
1978
1979         Currently, TypeSet unconditionally allocates memory for its member
1980         variable m_structureHistory, but never deallocates it. Change this 
1981         from being a pointer that is unconditionally allocated to a member 
1982         variable that will be deallocated when TypeSet itself is deallocated.
1983
1984         * runtime/TypeSet.cpp:
1985         (JSC::TypeSet::TypeSet):
1986         (JSC::TypeSet::addTypeInformation):
1987         (JSC::TypeSet::seenTypes):
1988         (JSC::TypeSet::displayName):
1989         (JSC::TypeSet::allStructureRepresentations):
1990         (JSC::StructureShape::leastCommonAncestor):
1991         * runtime/TypeSet.h:
1992
1993 2014-08-20  peavo@outlook.com  <peavo@outlook.com>
1994
1995         [Win] Assertion fails when running JSC stress tests.
1996         https://bugs.webkit.org/show_bug.cgi?id=136103
1997
1998         Reviewed by Darin Adler.
1999
2000         Use unsigned bitfield member instead of enum bitfield member to avoid negative values.
2001
2002         * bytecode/CodeOrigin.h: Use unsigned bitfield member.
2003         (JSC::InlineCallFrame::specializationKind): Compile fix.
2004
2005 2014-08-20  Akos Kiss  <akiss@inf.u-szeged.hu>
2006
2007         Enable ARM64 disassembler on EFL
2008         https://bugs.webkit.org/show_bug.cgi?id=136089
2009
2010         Reviewed by Filip Pizlo.
2011
2012         * CMakeLists.txt:
2013         Added disassembler/ARM64Disassembler.cpp and
2014         disassembler/ARM64/A64DOpcode.cpp to JavaScriptCore_SOURCES.
2015
2016         * disassembler/ARM64/A64DOpcode.cpp:
2017         Added USE(ARM64_DISASSEMBLER) guard around implementation.
2018
2019         * disassembler/ARM64/A64DOpcode.h:
2020         (JSC::ARM64Disassembler::A64DOpcode::appendUnsignedImmediate64):
2021         (JSC::ARM64Disassembler::A64DOpcode::appendPCRelativeOffset):
2022         Made format strings portable by changing "%llx" to "%" PRIx64 for
2023         uint64_t arguments.
2024
2025 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2026
2027         REGRESSION(r172401): for-in optimization no longer works at all
2028         https://bugs.webkit.org/show_bug.cgi?id=136056
2029
2030         Reviewed by Geoffrey Garen.
2031         
2032         Roll this back in, along with a fix to make proxies work. Previously, for-in over proxies
2033         would instacrash every time.
2034
2035         * bytecompiler/BytecodeGenerator.cpp:
2036         (JSC::BytecodeGenerator::emitGetByVal):
2037         (JSC::BytecodeGenerator::pushIndexedForInScope):
2038         (JSC::BytecodeGenerator::pushStructureForInScope):
2039         * bytecompiler/BytecodeGenerator.h:
2040         (JSC::ForInContext::ForInContext):
2041         (JSC::StructureForInContext::StructureForInContext):
2042         (JSC::IndexedForInContext::IndexedForInContext):
2043         (JSC::ForInContext::base): Deleted.
2044         * bytecompiler/NodesCodegen.cpp:
2045         (JSC::ForInNode::emitMultiLoopBytecode):
2046         * runtime/JSProxy.cpp:
2047         (JSC::JSProxy::getStructurePropertyNames):
2048         (JSC::JSProxy::getGenericPropertyNames):
2049         * tests/stress/for-in-base-reassigned-later-and-change-structure.js: Added.
2050         (foo):
2051         * tests/stress/for-in-base-reassigned-later.js: Added.
2052         (foo):
2053         * tests/stress/for-in-base-reassigned.js: Added.
2054         (foo):
2055         * tests/stress/for-in-proxy-target-changed-structure.js: Added.
2056         (deleteAll):
2057         (foo):
2058         * tests/stress/for-in-proxy.js: Added.
2059         (foo):
2060
2061 2014-08-19  Jaehun Lim  <ljaehun.lim@samsung.com>
2062
2063         Unreviewed, fix EFL build after r17275
2064
2065         Fix error: ignoring #pragma clang diagnostic [-Werror=unknown-pragmas]
2066
2067         * runtime/JSDataViewPrototype.cpp:
2068         Add #if COMPILER(CLANG) and #endif.
2069
2070 2014-08-19  Michael Saboff  <msaboff@apple.com>
2071
2072         Crash in jsc-layout-tests.yaml/js/script-tests/reentrant-caching.js
2073         https://bugs.webkit.org/show_bug.cgi?id=136080
2074
2075         Reviewed by Mark Lam.
2076
2077         Update VM::topVMEntryFrame via NativeCallFrameTracer() when we pass the caller's frame
2078         to NativeCallFrameTracer() as the callee's frame may be the first callee from an entry
2079         frame.  In that case, the caller will have the prior VM entry frame.
2080
2081         The new NativeCallFrameTracer with a VMEntryFrame parameter should be used when throwing
2082         an exception from a caller frame.  The value to use for the VMEntryFrame should be a
2083         value possibly modified by CallFrame::callerFrame(&*VMEntryFrame) used to find the caller.
2084
2085         * interpreter/Interpreter.h:
2086         (JSC::NativeCallFrameTracer::NativeCallFrameTracer): Added a new constructor that takes a
2087         VMEntryFrame.  Added an ASSERT to both constructors to check that the updated topCallFrame
2088         is below the current vmEntryFrame.
2089
2090         * jit/JITOperations.cpp:
2091         (JSC::operationThrowStackOverflowError):
2092         (JSC::operationCallArityCheck):
2093         (JSC::operationConstructArityCheck):
2094         Set VM::topVMEntryFrame to the possibly updated VMEntryFrame after getting the caller's frame.
2095
2096 2014-08-19  Andy Estes  <aestes@apple.com>
2097
2098         [Cocoa] Offline Assembler build phase fails when $BUILT_PRODUCTS_DIR contains spaces
2099         https://bugs.webkit.org/show_bug.cgi?id=136086
2100
2101         Reviewed by Filip Pizlo.
2102
2103         Enclosed arguments to asm.rb containing $BUILT_PRODUCTS_DIR in double quotes so that they don't get split on
2104         whitespace. Also let Xcode have its way with an unrelated part of the project file.
2105
2106         * JavaScriptCore.xcodeproj/project.pbxproj:
2107
2108 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2109
2110         LLInt build should be way faster
2111         https://bugs.webkit.org/show_bug.cgi?id=136085
2112
2113         Reviewed by Geoffrey Garen.
2114         
2115         This does three things to improve the LLInt build performance. One of them is only for
2116         Xcode for now while the others should benefit all platforms:
2117         
2118         - Don't exponentially build settings combinations that correspond to being on two backends
2119           simultaneously. This is by far the biggest win.
2120         
2121         - Don't generate offset extraction code for backends that aren't supported by the current
2122           port. This currently only works on Xcode-based ports. This is a relatively small win.
2123         
2124         - Remove the ALWAYS_ALLOCATE_SLOW option. Each option increases build time, and we haven't
2125           used this one in a long time. Anyway, setting this option could be emulated by just
2126           directly hacking the code.
2127         
2128         This is an enormous speed-up in the LLInt build.
2129
2130         * JavaScriptCore.xcodeproj/project.pbxproj: Prune the set of backends that we should consider on Xcode-based platforms.
2131         * llint/LLIntOfflineAsmConfig.h: Remove ALWAYS_ALLOCATE_SLOW
2132         * llint/LowLevelInterpreter.asm: Remove ALWAYS_ALLOCATE_SLOW
2133         * offlineasm/backends.rb: Add infrastructure for reasoning about valid backends.
2134         * offlineasm/generate_offset_extractor.rb: Allow the client to specify a filtered set of valid backends.
2135         * offlineasm/settings.rb: Improve the construction of settings combinations so that it doesn't traverse the enourmous set of obviously invalid multi-backend combinations. Also glue into support for valid backends.
2136
2137 2014-08-19  Filip Pizlo  <fpizlo@apple.com>
2138
2139         Fix indentation and style in LowLevelInterpreter.asm
2140         https://bugs.webkit.org/show_bug.cgi?id=136083
2141
2142         Reviewed by Mark Lam.
2143
2144         * llint/LowLevelInterpreter.asm:
2145
2146 2014-08-19  Magnus Granberg  <zorry@gentoo.org>
2147
2148         TEXTREL in libjavascriptcoregtk-1.0.so.0.11.0 on x86 (or i586)
2149         https://bugs.webkit.org/show_bug.cgi?id=70610
2150
2151         Reviewed by Darin Adler.
2152
2153         Setup %ebx so we can use the plt.
2154
2155         * jit/ThunkGenerators.cpp:
2156
2157 2014-08-19  Zalan Bujtas  <zalan@apple.com>
2158
2159         Remove ENABLE(SUBPIXEL_LAYOUT).
2160         https://bugs.webkit.org/show_bug.cgi?id=136077
2161
2162         Reviewed by Simon Fraser.
2163
2164         Remove compile time flag SUBPIXEL_LAYOUT. All ports have it enabled for a while now.
2165
2166         * Configurations/FeatureDefines.xcconfig:
2167
2168 2014-08-19  Alex Christensen  <achristensen@webkit.org>
2169
2170         [CMake] Generate LLInt assembly correctly on Windows.
2171         https://bugs.webkit.org/show_bug.cgi?id=135888
2172
2173         Reviewed by Oliver Hunt.
2174
2175         * CMakeLists.txt:
2176         Generate LowLevelInterpreterWin.asm instead of LLIntAssembly.h on Windows like the existing build system.
2177         * PlatformWin.cmake:
2178         Don't build JSGlobalObjectInspectorController.cpp on Windows.
2179         * offlineasm/x86.rb:
2180         Detect non-cygwin ruby installations correctly.
2181
2182 2014-08-19  Michael Saboff  <msaboff@apple.com>
2183
2184         REGRESSION(r163179): It broke the build on ARM Thumb2 with GCC
2185         https://bugs.webkit.org/show_bug.cgi?id=136028
2186
2187         Reviewed by Oliver Hunt.
2188
2189         Added back ARMv7 conditionals around three op addp and subp since ARM Thumb2 spec says that
2190         the behavior for those ops are undefined.  This was originally done in changeset 163179.
2191
2192         * llint/LowLevelInterpreter32_64.asm:
2193
2194 2014-08-18  Commit Queue  <commit-queue@webkit.org>
2195
2196         Unreviewed, rolling out r172741.
2197         https://bugs.webkit.org/show_bug.cgi?id=136058
2198
2199         This change is breaking PLT. (Requested by mlam on #webkit).
2200
2201         Reverted changeset:
2202
2203         "REGRESSION(r172401): for-in optimization no longer works at
2204         all"
2205         https://bugs.webkit.org/show_bug.cgi?id=136056
2206         http://trac.webkit.org/changeset/172741
2207
2208 2014-08-18  Filip Pizlo  <fpizlo@apple.com>
2209
2210         REGRESSION(r172401): for-in optimization no longer works at all
2211         https://bugs.webkit.org/show_bug.cgi?id=136056
2212
2213         Reviewed by Mark Hahnenberg.
2214         
2215         This is a partial roll-out of r172401. It turns out that the fix wasn't actually fixing a
2216         real bug (since it's fine to use op_get_direct_pname on the wrong base because it has a
2217         structure check) and it was actually breaking the entire for-in optimization (since there is
2218         no way that we can statically prove that the base matches, because the base we see is a
2219         newly created temporary, and anyway doing it right would be really hard in our bytecode
2220         because it's 3AC form).
2221         
2222         But, I added a new test for the problem, and kept the original test. Both the old test and
2223         the new test prove that r172401 wasn't fixing what it thought it was fixing. To the extent
2224         that it resolved crashes it was because it just disabled the for-in optimization entirely.
2225
2226         * bytecompiler/BytecodeGenerator.cpp:
2227         (JSC::BytecodeGenerator::emitGetByVal):
2228         (JSC::BytecodeGenerator::pushIndexedForInScope):
2229         (JSC::BytecodeGenerator::pushStructureForInScope):
2230         * bytecompiler/BytecodeGenerator.h:
2231         (JSC::ForInContext::ForInContext):
2232         (JSC::StructureForInContext::StructureForInContext):
2233         (JSC::IndexedForInContext::IndexedForInContext):
2234         (JSC::ForInContext::base): Deleted.
2235         * bytecompiler/NodesCodegen.cpp:
2236         (JSC::ForInNode::emitMultiLoopBytecode):
2237         * tests/stress/for-in-base-reassigned.js: Added.
2238         * tests/stress/for-in-base-reassigned-later.js: Added.
2239         * tests/stress/for-in-base-reassigned-later-and-change-structure.js: Added.
2240
2241 2014-08-18  Mark Lam  <mark.lam@apple.com>
2242
2243         Gardening: build fix for non-Mac builds after r172737.
2244         https://bugs.webkit.org/show_bug.cgi?id=135750
2245
2246         Not reviewed.
2247
2248         * CMakeLists.txt:
2249         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2250         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2251
2252 2014-08-18  Filip Pizlo  <fpizlo@apple.com>
2253
2254         REGRESSION(r172129): ftlopt branch merge made performance tests flakey crash
2255         https://bugs.webkit.org/show_bug.cgi?id=135750
2256
2257         Reviewed by Mark Lam.
2258         
2259         This was caused by a rather embarrassing oversight in how the DFG tracks structures: we
2260         could sometimes perform an optimization that requires a structure to be alive but forget to
2261         ensure that the structure is actually kept alive. In particular, any watchpoint-based
2262         optimizations involve setting watchpoints even if the code that got optimized is eventually
2263         deleted because it is unreachable. All such optimizations would leave behind something in
2264         the IR to tell us that we are interested in the structure and that therefore it should be
2265         kept alive. But, IR can be deleted if it is unreachable.
2266         
2267         The solution is to ensure that as soon as the DFG is made aware of a structure, it adds it
2268         to the set of weak references.
2269
2270         * JavaScriptCore.xcodeproj/project.pbxproj:
2271         * dfg/DFGAbstractInterpreterInlines.h:
2272         (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
2273         * dfg/DFGAbstractValue.cpp:
2274         (JSC::DFG::AbstractValue::setOSREntryValue):
2275         (JSC::DFG::AbstractValue::set):
2276         (JSC::DFG::AbstractValue::normalizeClarity):
2277         (JSC::DFG::AbstractValue::assertIsRegistered):
2278         (JSC::DFG::AbstractValue::assertIsWatched): Deleted.
2279         * dfg/DFGAbstractValue.h:
2280         (JSC::DFG::AbstractValue::assertIsRegistered):
2281         (JSC::DFG::AbstractValue::assertIsWatched): Deleted.
2282         * dfg/DFGCommon.h:
2283         * dfg/DFGConstantFoldingPhase.cpp:
2284         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
2285         * dfg/DFGDesiredWeakReferences.cpp:
2286         (JSC::DFG::DesiredWeakReferences::addLazily):
2287         (JSC::DFG::DesiredWeakReferences::contains):
2288         (JSC::DFG::DesiredWeakReferences::reallyAdd):
2289         (JSC::DFG::DesiredWeakReferences::visitChildren):
2290         * dfg/DFGDesiredWeakReferences.h:
2291         * dfg/DFGFixupPhase.cpp:
2292         (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
2293         * dfg/DFGGraph.cpp:
2294         (JSC::DFG::Graph::Graph):
2295         (JSC::DFG::Graph::registerFrozenValues):
2296         (JSC::DFG::Graph::convertToConstant):
2297         (JSC::DFG::Graph::registerStructure):
2298         (JSC::DFG::Graph::assertIsRegistered):
2299         (JSC::DFG::Graph::assertIsWatched): Deleted.
2300         * dfg/DFGGraph.h:
2301         * dfg/DFGPlan.cpp:
2302         (JSC::DFG::Plan::compileInThreadImpl):
2303         * dfg/DFGStructureAbstractValue.cpp:
2304         (JSC::DFG::StructureAbstractValue::assertIsRegistered):
2305         (JSC::DFG::StructureAbstractValue::assertIsWatched): Deleted.
2306         * dfg/DFGStructureAbstractValue.h:
2307         (JSC::DFG::StructureAbstractValue::assertIsRegistered):
2308         (JSC::DFG::StructureAbstractValue::assertIsWatched): Deleted.
2309         * dfg/DFGStructureRegistrationPhase.cpp: Copied from Source/JavaScriptCore/dfg/DFGWatchableStructureWatchingPhase.cpp.
2310         (JSC::DFG::StructureRegistrationPhase::StructureRegistrationPhase):
2311         (JSC::DFG::StructureRegistrationPhase::run):
2312         (JSC::DFG::StructureRegistrationPhase::registerStructures):
2313         (JSC::DFG::StructureRegistrationPhase::registerStructure):
2314         (JSC::DFG::performStructureRegistration):
2315         (JSC::DFG::WatchableStructureWatchingPhase::WatchableStructureWatchingPhase): Deleted.
2316         (JSC::DFG::WatchableStructureWatchingPhase::run): Deleted.
2317         (JSC::DFG::WatchableStructureWatchingPhase::tryWatch): Deleted.
2318         (JSC::DFG::performWatchableStructureWatching): Deleted.
2319         * dfg/DFGStructureRegistrationPhase.h: Copied from Source/JavaScriptCore/dfg/DFGWatchableStructureWatchingPhase.h.
2320         * dfg/DFGWatchableStructureWatchingPhase.cpp: Removed.
2321         * dfg/DFGWatchableStructureWatchingPhase.h: Removed.
2322
2323 2014-08-18  Akos Kiss  <akiss@inf.u-szeged.hu>
2324
2325         Fix ASSERT in ARM64's JSC::GPRInfo::debugName
2326         https://bugs.webkit.org/show_bug.cgi?id=136050
2327
2328         Reviewed by Darin Adler.
2329
2330         Remove cast of GPRReg to unsigned to prevent signed/unsigned comparison
2331         error.
2332
2333         * jit/GPRInfo.h:
2334         (JSC::GPRInfo::debugName):
2335
2336 2014-08-18  Andreas Kling  <akling@apple.com>
2337
2338         REGRESSION(r168256): JSString can get 8-bit flag wrong when re-using AtomicStrings.
2339         <https://webkit.org/b/133574>
2340         <rdar://problem/18051847>
2341
2342         The optimization that resolves JSRopeStrings into an existing
2343         AtomicString (to save time and memory by avoiding StringImpl allocation)
2344         had a bug that it wasn't copying the 8-bit flag from the AtomicString.
2345
2346         This could lead to a situation where a 16-bit StringImpl containing
2347         only 8-bit characters is sitting in the AtomicString table, is found
2348         by the rope resolution optimization, and gives you a rope that thinks
2349         it's all 8-bit, but has a fiber with 16-bit characters.
2350
2351         Resolving that rope will then yield incorrect results.
2352
2353         This was all caught by an assertion, but very hard to reproduce.
2354
2355         Test: js/dopey-rope-with-16-bit-propertyname.html
2356
2357         Reviewed by Darin Adler.
2358
2359         * runtime/JSString.cpp:
2360         (JSC::JSRopeString::resolveRopeToAtomicString):
2361         (JSC::JSRopeString::resolveRopeToExistingAtomicString):
2362         * runtime/JSString.h:
2363         (JSC::JSString::setIs8Bit):
2364         (JSC::JSString::toExistingAtomicString):
2365
2366 2014-08-18  Matthew Mirman  <mmirman@apple.com>
2367
2368         Merges the two native inlining passes from the build.
2369         Also adds the AvailableExternallyLinkage assertion to linked 
2370         functions to allow unused and duplicate ones to be removed.
2371         https://bugs.webkit.org/show_bug.cgi?id=135526
2372
2373         Reviewed by Filip Pizlo.
2374
2375         * JavaScriptCore.xcodeproj/project.pbxproj: 
2376         Removed second generation of llvm binary files.
2377         Fixed the flags on the first pass. 
2378         * build-symbol-table-index.py: Modified some paths.
2379         * build-symbol-table-index.sh: Removed.
2380         * copy-llvm-ir-to-derived-sources.sh: Now calls build-symbol-table-index directly.
2381         * ftl/FTLLowerDFGToLLVM.cpp: Added LLVMAvailableExternallyLinkage assertion.
2382         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): 
2383         * runtime/ArrayPrototype.cpp: Removed static declarations. 
2384         * runtime/DateConstructor.cpp: ditto.
2385         (JSC::dateParse):
2386         (JSC::dateNow):
2387         (JSC::dateUTC):
2388         * runtime/DatePrototype.cpp: ditto.
2389         * runtime/JSDataViewPrototype.cpp: ditto on both.
2390         (JSC::dataViewProtoFuncGetInt8):
2391         (JSC::dataViewProtoFuncGetInt16):
2392         (JSC::dataViewProtoFuncGetInt32):
2393         (JSC::dataViewProtoFuncGetUint8):
2394         (JSC::dataViewProtoFuncGetUint16):
2395         (JSC::dataViewProtoFuncGetUint32):
2396         (JSC::dataViewProtoFuncGetFloat32):
2397         (JSC::dataViewProtoFuncGetFloat64):
2398         (JSC::dataViewProtoFuncSetInt8):
2399         (JSC::dataViewProtoFuncSetInt16):
2400         (JSC::dataViewProtoFuncSetInt32):
2401         (JSC::dataViewProtoFuncSetUint8):
2402         (JSC::dataViewProtoFuncSetUint16):
2403         (JSC::dataViewProtoFuncSetUint32):
2404         (JSC::dataViewProtoFuncSetFloat32):
2405         (JSC::dataViewProtoFuncSetFloat64):
2406         * runtime/JSONObject.cpp: ditto.
2407         * runtime/ObjectConstructor.cpp: ditto.
2408         * runtime/StringPrototype.cpp: ditto.
2409
2410 2014-08-18  Saam Barati  <sbarati@apple.com>
2411
2412         The parser should generate AST nodes the var declarations with no initializers
2413         https://bugs.webkit.org/show_bug.cgi?id=135545
2414
2415         Reviewed by Geoffrey Garen.
2416
2417         Currently, JSC's parser ignores variable declarations
2418         that have no assignment initializer value because all 
2419         variables are implicitly assigned to undefined. But, 
2420         type profiling needs an AST node to be generated for these 
2421         empty variable declarations because it needs to be able to 
2422         profile their text locations and to see that their type 
2423         is undefined.
2424
2425         * bytecompiler/NodesCodegen.cpp:
2426         (JSC::EmptyVarExpression::emitBytecode):
2427         * parser/ASTBuilder.h:
2428         (JSC::ASTBuilder::createVarStatement):
2429         (JSC::ASTBuilder::createEmptyVarExpression):
2430         * parser/NodeConstructors.h:
2431         (JSC::EmptyVarExpression::EmptyVarExpression):
2432         * parser/Nodes.h:
2433         * parser/Parser.cpp:
2434         (JSC::Parser<LexerType>::parseVarDeclarationList):
2435         * parser/SyntaxChecker.h:
2436         (JSC::SyntaxChecker::createEmptyVarExpression):
2437
2438 2014-08-18  Diego Pino Garcia  <dpino@igalia.com>
2439
2440         Completed iterator can be revived by adding more than one new entry to the target object
2441         https://bugs.webkit.org/show_bug.cgi?id=129993
2442
2443         Reviewed by Oliver Hunt.
2444
2445         When iterator reaches end, finish iterator.
2446
2447         * runtime/JSMapIterator.h:
2448         (JSC::JSMapIterator::finish):
2449         * runtime/JSSetIterator.h:
2450         (JSC::JSSetIterator::finish):
2451         * runtime/MapData.h:
2452         (JSC::MapData::const_iterator::finish): set index of iterator to max
2453         Int32.
2454         * runtime/MapIteratorPrototype.cpp:
2455         (JSC::MapIteratorPrototypeFuncNext):
2456         * runtime/SetIteratorPrototype.cpp:
2457         (JSC::SetIteratorPrototypeFuncNext):
2458
2459 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2460
2461         Web Inspector: rewrite CodeGeneratorInspector to be modular and testable
2462         https://bugs.webkit.org/show_bug.cgi?id=131596
2463
2464         Unreviewed gardening to rebaseline inspector generator tests after addressing review comments.
2465
2466         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result:
2467         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result:
2468         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result:
2469         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result:
2470         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result:
2471         * inspector/scripts/tests/expected/shadowed-optional-type-setters.json-result:
2472         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result:
2473         * inspector/scripts/tests/expected/type-declaration-array-type.json-result:
2474         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result:
2475         * inspector/scripts/tests/expected/type-declaration-object-type.json-result:
2476         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result:
2477
2478 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2479
2480         Unreviewed build fix for some GTK bots after r172655.
2481
2482         Some bots use Python 2.6, which lacks the 'flags' named parameter for re.sub.
2483
2484         * inspector/scripts/codegen/generator.py:
2485         (Generator.stylized_name_for_enum_value): Do things the old-school way.
2486
2487 2014-08-15  Michael Saboff  <msaboff@apple.com>
2488
2489         Change callToJavaScript and callToNativeFunction so their callFrames match the native calling conventions
2490         https://bugs.webkit.org/show_bug.cgi?id=131578
2491
2492         Reviewed by Geoffrey Garen.
2493
2494         Renamed callToJavaScript and callToNativeFunction to vmEntryToJavaScript and vmEntryToNative,
2495         respectively.  Eliminated the sentinel frame and replaced it with the structure VMEntryRecord
2496         that appears in the "locals" area of a VM entry stack frame.  Changed the order that
2497         vmEntryToJavaScript and vmEntryToNative creates their stack frames to be native calling
2498         convention compliant.  That is to save prior frame pointer, save callee save registers, then
2499         allocate and populate the VMEntryRecord, and finally allocate a CallFrame for the JS function
2500         that vmEntryToJavaScript will invoke.  The top most vm entry frame pointer is saved in
2501         VM::topVMEntryFrame.  The vmEntry functions save prior contents of VM::topVMEntryFrame
2502         along with the VM and VM::topCallFrame in the VMEntryRecord it places on the stack.  Starting
2503         at VM::topCallFrame, the stack can be walked using these VMEntryRecords.
2504
2505         Arbitrary stack unwinding is now handled either iteratively by loading VM::topVMEntryFrame
2506         into a local variable and using CallFrame::callerFrame(VMEntryFrame*&) or by using StackVisitor.
2507         Given that the stack is effectively a singly linked list, general stack unwinding needs to use
2508         one of these two methods.
2509
2510         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2511         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
2512         * JavaScriptCore.xcodeproj/project.pbxproj:
2513         Addition of VMEntryRecord.h
2514
2515         * bytecode/BytecodeList.json:
2516         Renaming of llint helper opcodes due to renaming callToJavaScript and callToNativeFunction.
2517
2518         * debugger/Debugger.cpp:
2519         (JSC::Debugger::stepOutOfFunction):
2520         (JSC::Debugger::returnEvent):
2521         (JSC::Debugger::didExecuteProgram):
2522         * jsc.cpp:
2523         (functionDumpCallFrame):
2524         * jit/JITOperations.cpp:
2525         Changed unwinding to use CallFrame::callerFrame(VMEntryFrame*&).
2526
2527         * bytecode/CodeBlock.cpp:
2528         (JSC::RecursionCheckFunctor::RecursionCheckFunctor):
2529         (JSC::RecursionCheckFunctor::operator()):
2530         (JSC::RecursionCheckFunctor::didRecurse):
2531         (JSC::CodeBlock::noticeIncomingCall):
2532         * debugger/DebuggerCallFrame.cpp:
2533         (JSC::FindCallerMidStackFunctor::FindCallerMidStackFunctor):
2534         (JSC::FindCallerMidStackFunctor::operator()):
2535         (JSC::FindCallerMidStackFunctor::getCallerFrame):
2536         (JSC::DebuggerCallFrame::callerFrame):
2537         * interpreter/VMInspector.cpp:
2538         (JSC::CountFramesFunctor::CountFramesFunctor):
2539         (JSC::CountFramesFunctor::operator()):
2540         (JSC::CountFramesFunctor::count):
2541         (JSC::VMInspector::countFrames):
2542         * runtime/VM.cpp:
2543         (JSC::VM::VM):
2544         (JSC::FindFirstCallerFrameWithCodeblockFunctor::FindFirstCallerFrameWithCodeblockFunctor):
2545         (JSC::FindFirstCallerFrameWithCodeblockFunctor::operator()):
2546         (JSC::FindFirstCallerFrameWithCodeblockFunctor::foundCallFrame):
2547         (JSC::FindFirstCallerFrameWithCodeblockFunctor::index):
2548         (JSC::VM::throwException):
2549         Changed unwinding to use StackVisitor including added functor classes.
2550
2551         * interpreter/CallFrame.cpp:
2552         (JSC::CallFrame::callerFrame):
2553         Added new flavor of callerFrame() that can iteratively unwind the stack.
2554
2555         * interpreter/CallFrame.h:
2556         (JSC::ExecState::callerFrame): Changed callerFrame() to use private common helper.
2557         (JSC::ExecState::callerFrameOrVMEntryFrame): Deleted.
2558         (JSC::ExecState::isVMEntrySentinel): Deleted.
2559         (JSC::ExecState::vmEntrySentinelCallerFrame): Deleted.
2560         (JSC::ExecState::initializeVMEntrySentinelFrame): Deleted.
2561         (JSC::ExecState::callerFrameSkippingVMEntrySentinel): Deleted.
2562         (JSC::ExecState::vmEntrySentinelCodeBlock): Deleted.
2563
2564         * interpreter/CallFrame.h:
2565         (JSC::ExecState::init):
2566         (JSC::ExecState::topOfFrame):
2567         (JSC::ExecState::currentVPC):
2568         (JSC::ExecState::setCurrentVPC):
2569         Eliminated unneded checking of sentinel frame.
2570
2571         * interpreter/Interpreter.cpp:
2572         (JSC::unwindCallFrame):
2573         (JSC::Interpreter::getStackTrace): Updated for unwidning changes.
2574         (JSC::Interpreter::unwind): Eliminated unneeded sentinel frame check.
2575
2576         * interpreter/Interpreter.cpp:
2577         (JSC::Interpreter::executeCall):
2578         (JSC::Interpreter::executeConstruct):
2579         * jit/JITStubs.h:
2580         * llint/LLIntThunks.cpp:
2581         (JSC::callToJavaScript): Deleted.
2582         (JSC::callToNativetion): Deleted.
2583         (JSC::vmEntryToJavaScript):
2584         (JSC::vmEntryToNative):
2585         * llint/LLIntThunks.h:
2586         Updated for vmEntryToJavaScript and vmEntryToNative name changes.
2587
2588         * interpreter/Interpreter.h:
2589         (JSC::TopCallFrameSetter::TopCallFrameSetter):
2590         (JSC::TopCallFrameSetter::~TopCallFrameSetter):
2591         Eliminated unneeded sentinel frame check.
2592
2593         * interpreter/Interpreter.h:
2594         (JSC::NativeCallFrameTracer::NativeCallFrameTracer):
2595         Removed sentinel specific constructor.
2596
2597         * interpreter/StackVisitor.cpp:
2598         (JSC::StackVisitor::StackVisitor):
2599         (JSC::StackVisitor::readFrame):
2600         (JSC::StackVisitor::readNonInlinedFrame):
2601         (JSC::StackVisitor::readInlinedFrame):
2602         (JSC::StackVisitor::Frame::print):
2603         * interpreter/StackVisitor.h:
2604         (JSC::StackVisitor::Frame::callerIsVMEntry):
2605         Changes for unwinding using CallFrame::callerFrame(VMEntryFrame*&).  Also added field that
2606         indicates when about to step over a VM entry frame.
2607
2608         * interpreter/VMEntryRecord.h: Added.
2609         (JSC::VMEntryRecord::prevTopCallFrame):
2610         (JSC::VMEntryRecord::prevTopVMEntryFrame):
2611         New struct to record prior state of VM's notion of VM entry and top call frames.
2612
2613         * jit/JITCode.cpp:
2614         (JSC::JITCode::execute):
2615         Use new vmEntryToJavaScript and vmEntryToNative name.
2616
2617         * llint/LLIntOffsetsExtractor.cpp: Added include for VMEntryRecord.h.
2618
2619         * llint/LowLevelInterpreter.asm:
2620         * llint/LowLevelInterpreter32_64.asm:
2621         * llint/LowLevelInterpreter64.asm:
2622         Offline assembly implementation of creating stack frame with VMEntryRecord and well as restoring 
2623         relevent VM fields when exiting the VM.  Added a helper that returns a VMEntryRecord given
2624         a pointer to the VM entry frame.
2625
2626         * llint/LLIntThunks.cpp:
2627         (JSC::vmEntryRecord):
2628         * llint/LowLevelInterpreter.cpp:
2629         (JSC::CLoop::execute):
2630         C Loop changes to mirror the assembly changes.
2631
2632         * runtime/VM.h:
2633         Added topVMEntryFrame field.
2634
2635 2014-08-15  Brian J. Burg  <burg@cs.washington.edu>
2636
2637         Web Inspector: rewrite CodeGeneratorInspector to be modular and testable
2638         https://bugs.webkit.org/show_bug.cgi?id=131596
2639
2640         Reviewed by Joseph Pecoraro.
2641
2642         Replace CodeGeneratorInspector.py with generate-inspector-protocol-bindings.py.
2643         The new generator decouples parsing and typechecking a model of the protocol from
2644         code generation. Each generated file is created by a different subclass of Generator.
2645         Helper methods to compute various type signatures are shared among generators.
2646
2647         This patch introduces a test harness and a test suite that covers all functionality.
2648
2649         Aside from hooking up the new inspector bindings generator to the build system,
2650         there are a few comingled changes that would be painful to split from the main
2651         patch:
2652
2653         Convert protocol enumeration types from struct-namespaced enums to C++ scoped enums.
2654
2655         Move all runtimeCast(), assertValueHasExpectedType(), and RuntimeCastHelper methods to static
2656         methods of BindingTraits specializations.
2657
2658         Together, these changes reduce duplication and make it possible to forward-declare
2659         all protocol enum and object types, reducing weird ordering dependencies between domains.
2660
2661         * CMakeLists.txt:
2662         * DerivedSources.make:
2663         * JavaScriptCore.vcxproj/copy-files.cmd:
2664         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
2665         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Add inspector scripts to solution filters.
2666         * JavaScriptCore.xcodeproj/project.pbxproj:
2667         * inspector/ConsoleMessage.cpp: Convert to scoped enums.
2668         (Inspector::messageSourceValue):
2669         (Inspector::messageTypeValue):
2670         (Inspector::messageLevelValue):
2671         * inspector/InjectedScript.cpp: Convert to scoped enums and BindingTraits.
2672         (Inspector::InjectedScript::getFunctionDetails):
2673         (Inspector::InjectedScript::getProperties):
2674         (Inspector::InjectedScript::getInternalProperties):
2675         (Inspector::InjectedScript::wrapCallFrames):
2676         (Inspector::InjectedScript::wrapObject):
2677         (Inspector::InjectedScript::wrapTable):
2678         * inspector/InjectedScriptBase.cpp: Convert InspectorValue::Type to a scoped enum.
2679         (Inspector::InjectedScriptBase::makeEvalCall):
2680         * inspector/InjectedScriptManager.cpp:
2681         (Inspector::InjectedScriptManager::injectedScriptForObjectId):
2682         * inspector/InspectorTypeBuilder.h:
2683         (Inspector::TypeBuilder::Array::create):
2684         (Inspector::TypeBuilder::StructItemTraits::pushRefPtr):
2685         (Inspector::TypeBuilder::ArrayItemHelper<String>::Traits::pushRaw):
2686         (Inspector::TypeBuilder::ArrayItemHelper<int>::Traits::pushRaw):
2687         (Inspector::TypeBuilder::ArrayItemHelper<double>::Traits::pushRaw):
2688         (Inspector::TypeBuilder::ArrayItemHelper<bool>::Traits::pushRaw):
2689         (Inspector::TypeBuilder::ArrayItemHelper<InspectorValue>::Traits::pushRefPtr):
2690         (Inspector::TypeBuilder::ArrayItemHelper<InspectorObject>::Traits::pushRefPtr):
2691         (Inspector::TypeBuilder::ArrayItemHelper<InspectorArray>::Traits::pushRefPtr):
2692         (Inspector::TypeBuilder::PrimitiveBindingTraits::assertValueHasExpectedType):
2693         (Inspector::TypeBuilder::BindingTraits<TypeBuilder::Array<T>>::runtimeCast):
2694         (Inspector::TypeBuilder::BindingTraits<TypeBuilder::Array<T>>::assertValueHasExpectedType):
2695         (Inspector::TypeBuilder::BindingTraits<InspectorValue>::assertValueHasExpectedType):
2696         (Inspector::TypeBuilder::BindingTraits<int>::assertValueHasExpectedType):
2697         (Inspector::TypeBuilder::ExactlyInt::ExactlyInt): Deleted. It was not used.
2698         (Inspector::TypeBuilder::ExactlyInt::operator int): Deleted.
2699         (Inspector::TypeBuilder::ExactlyInt::cast_to_int): Deleted.
2700         (Inspector::TypeBuilder::ExactlyInt::cast_to_int<int>): Deleted.
2701         (Inspector::TypeBuilder::int>): Deleted.
2702         (Inspector::TypeBuilder::RuntimeCastHelper::assertType): Deleted.
2703         (Inspector::TypeBuilder::RuntimeCastHelper::assertAny): Deleted.
2704         (Inspector::TypeBuilder::RuntimeCastHelper::assertInt): Deleted.
2705         (Inspector::TypeBuilder::Array::runtimeCast): Deleted.
2706         (Inspector::TypeBuilder::Array::assertCorrectValue): Deleted.
2707         (Inspector::TypeBuilder::StructItemTraits::assertCorrectValue): Deleted.
2708         (Inspector::TypeBuilder::ArrayItemHelper<String>::Traits::assertCorrectValue): Deleted.
2709         (Inspector::TypeBuilder::ArrayItemHelper<int>::Traits::assertCorrectValue): Deleted.
2710         (Inspector::TypeBuilder::ArrayItemHelper<double>::Traits::assertCorrectValue): Deleted.
2711         (Inspector::TypeBuilder::ArrayItemHelper<bool>::Traits::assertCorrectValue): Deleted.
2712         (Inspector::TypeBuilder::ArrayItemHelper<InspectorValue>::Traits::assertCorrectValue): Deleted.
2713         (Inspector::TypeBuilder::ArrayItemHelper<InspectorObject>::Traits::assertCorrectValue): Deleted.
2714         (Inspector::TypeBuilder::ArrayItemHelper<InspectorArray>::Traits::assertCorrectValue): Deleted.
2715         (Inspector::TypeBuilder::ArrayItemHelper<TypeBuilder::Array<T>>::Traits::assertCorrectValue): Deleted.
2716
2717         * inspector/InspectorValues.cpp: Convert InspectorValue::Type to a scoped enum.
2718         (Inspector::InspectorValue::writeJSON):
2719         (Inspector::InspectorBasicValue::asBoolean):
2720         (Inspector::InspectorBasicValue::asNumber):
2721         (Inspector::InspectorBasicValue::writeJSON):
2722         (Inspector::InspectorString::writeJSON):
2723         (Inspector::InspectorObjectBase::InspectorObjectBase):
2724         (Inspector::InspectorObjectBase::setArray): Take InspectorArrayBase.
2725         (Inspector::InspectorObjectBase::setObject): Take InspectorObjectBase.
2726         (Inspector::InspectorArrayBase::InspectorArrayBase):
2727         * inspector/InspectorValues.h:
2728
2729         * inspector/agents/InspectorDebuggerAgent.cpp: Convert to scoped enums.
2730         (Inspector::InspectorDebuggerAgent::schedulePauseOnNextStatement):
2731         (Inspector::InspectorDebuggerAgent::breakProgram):
2732         * inspector/agents/InspectorDebuggerAgent.h:
2733         * inspector/agents/InspectorRuntimeAgent.cpp:
2734         (Inspector::InspectorRuntimeAgent::parse):
2735         * inspector/agents/InspectorRuntimeAgent.h:
2736
2737         * inspector/scripts/CodeGeneratorInspector.py: Removed.
2738         * inspector/scripts/codegen/__init__.py: Added.
2739         * inspector/scripts/codegen/generate_backend_commands.py: Added.
2740         (BackendCommandsGenerator):
2741         (BackendCommandsGenerator.__init__):
2742         (BackendCommandsGenerator.model):
2743         (BackendCommandsGenerator.output_filename):
2744         (BackendCommandsGenerator.generate_license):
2745         (BackendCommandsGenerator.generate_output):
2746         (BackendCommandsGenerator.generate_domain):
2747         (BackendCommandsGenerator.generate_domain.is_anonymous_enum_member):
2748         (BackendCommandsGenerator.generate_domain.generate_parameter_object):
2749         * inspector/scripts/codegen/generate_backend_dispatcher_header.py: Added.
2750         (BackendDispatcherHeaderGenerator):
2751         (BackendDispatcherHeaderGenerator.__init__):
2752         (BackendDispatcherHeaderGenerator.model):
2753         (BackendDispatcherHeaderGenerator.output_filename):
2754         (BackendDispatcherHeaderGenerator.generate_license):
2755         (BackendDispatcherHeaderGenerator.generate_output):
2756         (BackendDispatcherHeaderGenerator.generate_output.for):
2757         (BackendDispatcherHeaderGenerator._generate_handler_declarations_for_domain):
2758         (BackendDispatcherHeaderGenerator._generate_anonymous_enum_for_parameter):
2759         (BackendDispatcherHeaderGenerator._generate_handler_declaration_for_command):
2760         (BackendDispatcherHeaderGenerator._generate_async_handler_declaration_for_command):
2761         (BackendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2762         (BackendDispatcherHeaderGenerator._generate_dispatcher_declaration_for_command):
2763         * inspector/scripts/codegen/generate_backend_dispatcher_implementation.py: Added.
2764         (BackendDispatcherImplementationGenerator):
2765         (BackendDispatcherImplementationGenerator.__init__):
2766         (BackendDispatcherImplementationGenerator.model):
2767         (BackendDispatcherImplementationGenerator.output_filename):
2768         (BackendDispatcherImplementationGenerator.generate_license):
2769         (BackendDispatcherImplementationGenerator.generate_output):
2770         (BackendDispatcherImplementationGenerator._generate_handler_class_destructor_for_domain):
2771         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2772         (BackendDispatcherImplementationGenerator._generate_small_dispatcher_switch_implementation_for_domain):
2773         (BackendDispatcherImplementationGenerator._generate_large_dispatcher_switch_implementation_for_domain):
2774         (BackendDispatcherImplementationGenerator._generate_async_dispatcher_class_for_domain):
2775         (BackendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_command):
2776         * inspector/scripts/codegen/generate_frontend_dispatcher_header.py: Added.
2777         (FrontendDispatcherHeaderGenerator):
2778         (FrontendDispatcherHeaderGenerator.__init__):
2779         (FrontendDispatcherHeaderGenerator.model):
2780         (FrontendDispatcherHeaderGenerator.output_filename):
2781         (FrontendDispatcherHeaderGenerator.generate_license):
2782         (FrontendDispatcherHeaderGenerator.generate_output):
2783         (FrontendDispatcherHeaderGenerator._generate_anonymous_enum_for_parameter):
2784         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declarations_for_domain):
2785         (FrontendDispatcherHeaderGenerator._generate_dispatcher_declaration_for_event):
2786         * inspector/scripts/codegen/generate_frontend_dispatcher_implementation.py: Added.
2787         (FrontendDispatcherImplementationGenerator):
2788         (FrontendDispatcherImplementationGenerator.__init__):
2789         (FrontendDispatcherImplementationGenerator.model):
2790         (FrontendDispatcherImplementationGenerator.output_filename):
2791         (FrontendDispatcherImplementationGenerator.generate_license):
2792         (FrontendDispatcherImplementationGenerator.generate_output):
2793         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementations_for_domain):
2794         (FrontendDispatcherImplementationGenerator._generate_dispatcher_implementation_for_event):
2795         * inspector/scripts/codegen/generate_type_builder_header.py: Added.
2796         (TypeBuilderHeaderGenerator):
2797         (TypeBuilderHeaderGenerator.__init__):
2798         (TypeBuilderHeaderGenerator.model):
2799         (TypeBuilderHeaderGenerator.output_filename):
2800         (TypeBuilderHeaderGenerator.generate_license):
2801         (TypeBuilderHeaderGenerator.generate_output):
2802         (TypeBuilderHeaderGenerator._generate_forward_declarations):
2803         (_generate_typedefs):
2804         (_generate_typedefs_for_domain):
2805         (_generate_builders_for_domain):
2806         (_generate_class_for_object_declaration):
2807         (_generate_struct_for_enum_declaration):
2808         (_generate_struct_for_anonymous_enum_member):
2809         (_generate_struct_for_anonymous_enum_member.apply_indentation):
2810         (_generate_struct_for_enum_type):
2811         (_generate_builder_state_enum):
2812         (_generate_builder_setter_for_member):
2813         (_generate_unchecked_setter_for_member):
2814         (_generate_forward_declarations_for_binding_traits):
2815         * inspector/scripts/codegen/generate_type_builder_implementation.py: Added.
2816         (TypeBuilderImplementationGenerator):
2817         (TypeBuilderImplementationGenerator.__init__):
2818         (TypeBuilderImplementationGenerator.model):
2819         (TypeBuilderImplementationGenerator.output_filename):
2820         (TypeBuilderImplementationGenerator.generate_license):
2821         (TypeBuilderImplementationGenerator.generate_output):
2822         (TypeBuilderImplementationGenerator._generate_enum_mapping):
2823         (TypeBuilderImplementationGenerator._generate_open_field_names):
2824         (TypeBuilderImplementationGenerator._generate_builders_for_domain):
2825         (TypeBuilderImplementationGenerator._generate_runtime_cast_for_object_declaration):
2826         (TypeBuilderImplementationGenerator._generate_assertion_for_object_declaration):
2827         (TypeBuilderImplementationGenerator._generate_assertion_for_enum):
2828         * inspector/scripts/codegen/generator.py: Added.
2829         (ucfirst):
2830         (Generator):
2831         (Generator.__init__):
2832         (Generator.model):
2833         (Generator.generate_license):
2834         (Generator.domains_to_generate):
2835         (Generator.generate_output):
2836         (Generator.output_filename):
2837         (Generator.encoding_for_enum_value):
2838         (Generator.assigned_enum_values):
2839         (Generator.type_needs_runtime_casts):
2840         (Generator.type_has_open_fields):
2841         (Generator.type_needs_shape_assertions):
2842         (Generator.calculate_types_requiring_shape_assertions):
2843         (Generator.calculate_types_requiring_shape_assertions.gather_transitively_referenced_types):
2844         (Generator._traverse_and_assign_enum_values):
2845         (Generator._assign_encoding_for_enum_value):
2846         (Generator.wrap_with_guard_for_domain):
2847         (Generator.stylized_name_for_enum_value):
2848         (Generator.stylized_name_for_enum_value.replaceCallback):
2849         (Generator.keyed_get_method_for_type):
2850         (Generator.keyed_set_method_for_type):
2851         (Generator.type_builder_string_for_type):
2852         (Generator.type_builder_string_for_type_member):
2853         (Generator.type_string_for_unchecked_formal_in_parameter):
2854         (Generator.type_string_for_checked_formal_event_parameter):
2855         (Generator.type_string_for_type_member):
2856         (Generator.type_string_for_type_with_name):
2857         (Generator.type_string_for_formal_out_parameter):
2858         (Generator.type_string_for_formal_async_parameter):
2859         (Generator.type_string_for_stack_in_parameter):
2860         (Generator.type_string_for_stack_out_parameter):
2861         (Generator.assertion_method_for_type_member):
2862         (Generator.assertion_method_for_type_member.assertion_method_for_type):
2863         (Generator.cpp_name_for_primitive_type):
2864         (Generator.js_name_for_parameter_type):
2865         (Generator.should_use_wrapper_for_return_type):
2866         (Generator.should_pass_by_copy_for_return_type):
2867         * inspector/scripts/codegen/generator_templates.py: Added.
2868         (GeneratorTemplates):
2869         (void):
2870         (HashMap):
2871         (Builder):
2872         (Inspector):
2873         * inspector/scripts/codegen/models.py: Added.
2874         (ucfirst):
2875         (ParseException):
2876         (TypecheckException):
2877         (Framework):
2878         (Framework.__init__):
2879         (Framework.setting):
2880         (Framework.fromString):
2881         (Frameworks):
2882         (TypeReference):
2883         (TypeReference.__init__):
2884         (TypeReference.referenced_name):
2885         (Type):
2886         (Type.__init__):
2887         (Type.__eq__):
2888         (Type.__hash__):
2889         (Type.raw_name):
2890         (Type.is_enum):
2891         (Type.type_domain):
2892         (Type.qualified_name):
2893         (Type.resolve_type_references):
2894         (PrimitiveType):
2895         (PrimitiveType.__init__):
2896         (PrimitiveType.__repr__):
2897         (PrimitiveType.type_domain):
2898         (PrimitiveType.qualified_name):
2899         (AliasedType):
2900         (AliasedType.__init__):
2901         (AliasedType.__repr__):
2902         (AliasedType.is_enum):
2903         (AliasedType.type_domain):
2904         (AliasedType.qualified_name):
2905         (AliasedType.resolve_type_references):
2906         (EnumType):
2907         (EnumType.__init__):
2908         (EnumType.__repr__):
2909         (EnumType.is_enum):
2910         (EnumType.type_domain):
2911         (EnumType.enum_values):
2912         (EnumType.qualified_name):
2913         (EnumType.resolve_type_references):
2914         (ArrayType):
2915         (ArrayType.__init__):
2916         (ArrayType.__repr__):
2917         (ArrayType.type_domain):
2918         (ArrayType.qualified_name):
2919         (ArrayType.resolve_type_references):
2920         (ObjectType):
2921         (ObjectType.__init__):
2922         (ObjectType.__repr__):
2923         (ObjectType.type_domain):
2924         (ObjectType.qualified_name):
2925         (check_for_required_properties):
2926         (Protocol):
2927         (Protocol.__init__):
2928         (Protocol.parse_specification):
2929         (Protocol.parse_domain):
2930         (Protocol.parse_type_declaration):
2931         (Protocol.parse_type_member):
2932         (Protocol.parse_command):
2933         (Protocol.parse_event):
2934         (Protocol.parse_call_or_return_parameter):
2935         (Protocol.resolve_types):
2936         (Protocol.lookup_type_for_declaration):
2937         (Protocol.lookup_type_reference):
2938         (Domain):
2939         (Domain.__init__):
2940         (Domain.resolve_type_references):
2941         (Domains):
2942         (TypeDeclaration):
2943         (TypeDeclaration.__init__):
2944         (TypeDeclaration.resolve_type_references):
2945         (TypeMember):
2946         (TypeMember.__init__):
2947         (TypeMember.resolve_type_references):
2948         (Parameter):
2949         (Parameter.__init__):
2950         (Parameter.resolve_type_references):
2951         (Command):
2952         (Command.__init__):
2953         (Command.resolve_type_references):
2954         (Event):
2955         (Event.__init__):
2956         (Event.resolve_type_references):
2957         * inspector/scripts/generate-inspector-protocol-bindings.py: Added.
2958         (IncrementalFileWriter):
2959         (IncrementalFileWriter.__init__):
2960         (IncrementalFileWriter.write):
2961         (IncrementalFileWriter.close):
2962         (generate_from_specification):
2963         (generate_from_specification.load_specification):
2964         * inspector/scripts/tests/commands-with-async-attribute.json: Added.
2965         * inspector/scripts/tests/commands-with-optional-call-return-parameters.json: Added.
2966         * inspector/scripts/tests/domains-with-varying-command-sizes.json: Added.
2967         * inspector/scripts/tests/events-with-optional-parameters.json: Added.
2968         * inspector/scripts/tests/expected/commands-with-async-attribute.json-result: Added.
2969         * inspector/scripts/tests/expected/commands-with-optional-call-return-parameters.json-result: Added.
2970         * inspector/scripts/tests/expected/domains-with-varying-command-sizes.json-result: Added.
2971         * inspector/scripts/tests/expected/events-with-optional-parameters.json-result: Added.
2972         * inspector/scripts/tests/fail-on-duplicate-type-declarations.json-error: Added.
2973         * inspector/scripts/tests/fail-on-enum-with-no-values.json-error: Added.
2974         * inspector/scripts/tests/fail-on-type-declaration-using-type-reference.json-error: Added.
2975         * inspector/scripts/tests/fail-on-type-with-lowercase-name.json-error: Added.
2976         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-declaration.json-error: Added.
2977         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-member.json-error: Added.
2978         * inspector/scripts/tests/expected/same-type-id-different-domain.json-result: Added.
2979         * inspector/scripts/tests/expected/type-declaration-aliased-primitive-type.json-result: Added.
2980         * inspector/scripts/tests/expected/type-declaration-array-type.json-result: Added.
2981         * inspector/scripts/tests/expected/type-declaration-enum-type.json-result: Added.
2982         * inspector/scripts/tests/expected/type-declaration-object-type.json-result: Added.
2983         * inspector/scripts/tests/expected/type-requiring-runtime-casts.json-result: Added.
2984         * inspector/scripts/tests/fail-on-duplicate-type-declarations.json: Added.
2985         * inspector/scripts/tests/fail-on-enum-with-no-values.json: Added.
2986         * inspector/scripts/tests/fail-on-type-declaration-using-type-reference.json: Added.
2987         * inspector/scripts/tests/fail-on-type-with-lowercase-name.json: Added.
2988         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-declaration.json: Added.
2989         * inspector/scripts/tests/fail-on-unknown-type-reference-in-type-member.json: Added.
2990         * inspector/scripts/tests/same-type-id-different-domain.json: Added.
2991         * inspector/scripts/tests/type-declaration-aliased-primitive-type.json: Added.
2992         * inspector/scripts/tests/type-declaration-array-type.json: Added.
2993         * inspector/scripts/tests/type-declaration-enum-type.json: Added.
2994         * inspector/scripts/tests/type-declaration-object-type.json: Added.
2995         * inspector/scripts/tests/type-requiring-runtime-casts.json: Added.
2996
2997 2014-08-15  Matthew Mirman  <mmirman@apple.com>
2998
2999         Made native inlining errors not segfault. 
3000         https://bugs.webkit.org/show_bug.cgi?id=135988
3001         
3002         Reviewed by Geoffrey Garen.
3003
3004         * ftl/FTLAbbreviations.h:
3005         (JSC::FTL::disposeMessage): Added.
3006         * ftl/FTLLowerDFGToLLVM.cpp:
3007         (JSC::FTL::LowerDFGToLLVM::compilePutById): 
3008         abstracted out Options::verboseCompilation as was the case in the rest of the file.
3009         (JSC::FTL::LowerDFGToLLVM::compileNativeCallOrConstruct):
3010         (JSC::FTL::LowerDFGToLLVM::getModuleByPathForSymbol): 
3011         added output error messages for llvm module loading.
3012
3013 2014-08-14  Andreas Kling  <akling@apple.com>
3014
3015         Allocate the whole RegExpMatchesArray backing store up front.
3016         <https://webkit.org/b/135217>
3017
3018         We were using the generic array backing store allocation path for
3019         RegExpMatchesArray which meant starting with 4 slots and then growing
3020         it dynamically as we append. Since we always know the final number of
3021         entries up front, allocate a perfectly-sized backing store right away.
3022
3023         ~2% progression on Octane/regexp.
3024
3025         Reviewed by Geoffrey Garen.
3026
3027         * runtime/JSArray.h:
3028         (JSC::createArrayButterflyWithExactLength):
3029         * runtime/RegExpMatchesArray.cpp:
3030         (JSC::RegExpMatchesArray::create):
3031
3032 2014-08-14  Saam Barati  <sbarati@apple.com>
3033
3034         Allow high fidelity type profiling to be enabled and disabled.
3035         https://bugs.webkit.org/show_bug.cgi?id=135423
3036
3037         Reviewed by Geoffrey Garen.
3038
3039         - Merged op_put_to_scope_with_profile and op_get_from_scope_with_profile into
3040           op_profile_types_with_high_fidelity by adding extra arguments to the opcode.
3041         - Altered SymbolTable to use less memory by adding a rare data structure for 
3042           type profiling.
3043         - Created an interface to turn on and off type profiling from the Web
3044           Inspector.
3045         - Refactored how entries are written to HighFidelityLog to make it
3046           easier to inline when generating machine code.
3047         - Implemented op_profile_types_with_high_fidelity in the baseline JIT
3048           by inlining the process of writing to the log and doing a small amount
3049           of type inference optimizations.
3050
3051         * bytecode/BytecodeList.json:
3052         * bytecode/BytecodeUseDef.h:
3053         (JSC::computeUsesForBytecodeOffset):
3054         (JSC::computeDefsForBytecodeOffset):
3055         * bytecode/CodeBlock.cpp:
3056         (JSC::CodeBlock::dumpBytecode):
3057         (JSC::CodeBlock::CodeBlock):
3058         (JSC::CodeBlock::finalizeUnconditionally):
3059         (JSC::CodeBlock::scopeDependentProfile): Deleted.
3060         * bytecode/CodeBlock.h:
3061         * bytecode/TypeLocation.h:
3062         (JSC::TypeLocation::TypeLocation):
3063         * bytecompiler/BytecodeGenerator.cpp:
3064         (JSC::BytecodeGenerator::generate):
3065         (JSC::BytecodeGenerator::emitMove):
3066         (JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
3067         (JSC::BytecodeGenerator::emitGetFromScopeWithProfile): Deleted.
3068         (JSC::BytecodeGenerator::emitPutToScopeWithProfile): Deleted.
3069         * bytecompiler/BytecodeGenerator.h:
3070         * bytecompiler/NodesCodegen.cpp:
3071         (JSC::ThisNode::emitBytecode):
3072         (JSC::ResolveNode::emitBytecode):
3073         (JSC::BracketAccessorNode::emitBytecode):
3074         (JSC::DotAccessorNode::emitBytecode):
3075         (JSC::FunctionCallValueNode::emitBytecode):
3076         (JSC::FunctionCallResolveNode::emitBytecode):
3077         (JSC::FunctionCallBracketNode::emitBytecode):
3078         (JSC::FunctionCallDotNode::emitBytecode):
3079         (JSC::CallFunctionCallDotNode::emitBytecode):
3080         (JSC::ApplyFunctionCallDotNode::emitBytecode):
3081         (JSC::PostfixNode::emitResolve):
3082         (JSC::PostfixNode::emitBracket):
3083         (JSC::PostfixNode::emitDot):
3084         (JSC::PrefixNode::emitResolve):
3085         (JSC::PrefixNode::emitBracket):
3086         (JSC::PrefixNode::emitDot):
3087         (JSC::ReadModifyResolveNode::emitBytecode):
3088         (JSC::AssignResolveNode::emitBytecode):
3089         (JSC::AssignDotNode::emitBytecode):
3090         (JSC::ReadModifyDotNode::emitBytecode):
3091         (JSC::AssignBracketNode::emitBytecode):
3092         (JSC::ReadModifyBracketNode::emitBytecode):
3093         (JSC::ReturnNode::emitBytecode):
3094         (JSC::FunctionBodyNode::emitBytecode):
3095         * inspector/agents/InspectorRuntimeAgent.cpp:
3096         (Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
3097         (Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
3098         (Inspector::TypeRecompiler::operator()):
3099         (Inspector::recompileAllJSFunctionsForTypeProfiling):
3100         (Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
3101         (Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling):
3102         (Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling):
3103         (Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState):
3104         * inspector/agents/InspectorRuntimeAgent.h:
3105         * inspector/agents/JSGlobalObjectRuntimeAgent.cpp:
3106         (Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):
3107         * inspector/protocol/Runtime.json:
3108         * jit/JIT.cpp:
3109         (JSC::JIT::privateCompileMainPass):
3110         (JSC::JIT::privateCompile):
3111         * jit/JIT.h:
3112         * jit/JITOpcodes.cpp:
3113         (JSC::JIT::emit_op_profile_types_with_high_fidelity):
3114         * jit/JITOpcodes32_64.cpp:
3115         (JSC::JIT::emit_op_profile_types_with_high_fidelity):
3116         * jit/JITOperations.cpp:
3117         * jit/JITOperations.h:
3118         * llint/LLIntSlowPaths.cpp:
3119         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
3120         (JSC::LLInt::getFromScopeCommon): Deleted.
3121         (JSC::LLInt::putToScopeCommon): Deleted.
3122         * llint/LLIntSlowPaths.h:
3123         * llint/LowLevelInterpreter.asm:
3124         * runtime/CodeCache.cpp:
3125         (JSC::CodeCache::getGlobalCodeBlock):
3126         * runtime/CommonSlowPaths.cpp:
3127         (JSC::SLOW_PATH_DECL):
3128         * runtime/CommonSlowPaths.h:
3129         * runtime/HighFidelityLog.cpp:
3130         (JSC::HighFidelityLog::initializeHighFidelityLog):
3131         (JSC::HighFidelityLog::~HighFidelityLog):
3132         (JSC::HighFidelityLog::processHighFidelityLog):
3133         * runtime/HighFidelityLog.h:
3134         (JSC::HighFidelityLog::LogEntry::structureIDOffset):
3135         (JSC::HighFidelityLog::LogEntry::valueOffset):
3136         (JSC::HighFidelityLog::LogEntry::locationOffset):
3137         (JSC::HighFidelityLog::recordTypeInformationForLocation):
3138         (JSC::HighFidelityLog::logEndPtr):
3139         (JSC::HighFidelityLog::logStartOffset):
3140         (JSC::HighFidelityLog::currentLogEntryOffset):
3141         * runtime/HighFidelityTypeProfiler.cpp:
3142         (JSC::HighFidelityTypeProfiler::logTypesForTypeLocation):
3143         (JSC::descriptorMatchesTypeLocation):
3144         * runtime/HighFidelityTypeProfiler.h:
3145         * runtime/SymbolTable.cpp:
3146         (JSC::SymbolTable::SymbolTable):
3147         (JSC::SymbolTable::cloneCapturedNames):
3148         (JSC::SymbolTable::prepareForHighFidelityTypeProfiling):
3149         (JSC::SymbolTable::uniqueIDForVariable):
3150         (JSC::SymbolTable::uniqueIDForRegister):
3151         (JSC::SymbolTable::globalTypeSetForRegister):
3152         (JSC::SymbolTable::globalTypeSetForVariable):
3153         * runtime/SymbolTable.h:
3154         (JSC::SymbolTable::add):
3155         (JSC::SymbolTable::set):
3156         * runtime/TypeLocationCache.cpp:
3157         (JSC::TypeLocationCache::getTypeLocation):
3158         * runtime/TypeSet.cpp:
3159         (JSC::TypeSet::getRuntimeTypeForValue):
3160         (JSC::TypeSet::addTypeInformation):
3161         (JSC::TypeSet::allPrimitiveTypeNames):
3162         (JSC::TypeSet::addTypeForValue): Deleted.
3163         * runtime/TypeSet.h:
3164         * runtime/VM.cpp:
3165         (JSC::VM::VM):
3166         (JSC::VM::nextTypeLocation):
3167         (JSC::VM::enableHighFidelityTypeProfiling):
3168         (JSC::VM::disableHighFidelityTypeProfiling):
3169         (JSC::VM::dumpHighFidelityProfilingTypes):
3170         * runtime/VM.h:
3171         (JSC::VM::nextLocation): Deleted.
3172
3173 2014-08-14  Oliver Hunt  <oliver@apple.com>
3174
3175         Update scope resolution to assume that the parent activation is always there
3176         https://bugs.webkit.org/show_bug.cgi?id=135947
3177
3178         Reviewed by Andreas Kling.
3179
3180         Another incremental step in removing the idea of lazily created
3181         activations.
3182
3183         * dfg/DFGSpeculativeJIT32_64.cpp:
3184         (JSC::DFG::SpeculativeJIT::compile):
3185         * dfg/DFGSpeculativeJIT64.cpp:
3186         (JSC::DFG::SpeculativeJIT::compile):
3187         * jit/JITPropertyAccess.cpp:
3188         (JSC::JIT::emitResolveClosure):
3189         * jit/JITPropertyAccess32_64.cpp:
3190         (JSC::JIT::emitResolveClosure):
3191         * llint/LowLevelInterpreter32_64.asm:
3192         * llint/LowLevelInterpreter64.asm:
3193
3194 2014-08-14  Oliver Hunt  <oliver@apple.com>
3195
3196         Create activations eagerly
3197         https://bugs.webkit.org/show_bug.cgi?id=135942
3198
3199         Reviewed by Geoffrey Garen.
3200
3201         Prepare to rewrite activation objects into a more
3202         sane implementation. Step 1 is reverting to eager
3203         creation of the activation object. This results in
3204         a 1.35x regression in earley, but otherwise has a
3205         minimal performance impact.
3206
3207         The earley regression is being tracked by bug #135943
3208
3209         * bytecompiler/BytecodeGenerator.cpp:
3210         (JSC::BytecodeGenerator::BytecodeGenerator):
3211         (JSC::BytecodeGenerator::emitNewFunctionInternal):
3212         (JSC::BytecodeGenerator::emitNewFunctionExpression):
3213         (JSC::BytecodeGenerator::emitCallEval):
3214         (JSC::BytecodeGenerator::emitPushWithScope):
3215         (JSC::BytecodeGenerator::emitPushCatchScope):
3216         (JSC::BytecodeGenerator::createActivationIfNecessary): Deleted.
3217         * bytecompiler/BytecodeGenerator.h:
3218         * jit/JITOpcodes.cpp:
3219         (JSC::JIT::emit_op_create_activation):
3220         * jit/JITOpcodes32_64.cpp:
3221         (JSC::JIT::emit_op_create_activation):
3222         * llint/LowLevelInterpreter32_64.asm:
3223         * llint/LowLevelInterpreter64.asm:
3224
3225 2014-08-14  Oliver Hunt  <oliver@apple.com>
3226
3227         Create activations eagerly
3228         https://bugs.webkit.org/show_bug.cgi?id=135942
3229
3230         Reviewed by Geoffrey Garen.
3231
3232         Prepare to rewrite activation objects into a more
3233         sane implementation. Step 1 is reverting to eager
3234         creation of the activation object. This results in
3235         a 1.35x regression in earley, but otherwise has a
3236         minimal performance impact.
3237
3238         The earley regression is being tracked by 
3239         http://webkit.org/b/135943
3240
3241         * bytecompiler/BytecodeGenerator.cpp:
3242         (JSC::BytecodeGenerator::BytecodeGenerator):
3243         (JSC::BytecodeGenerator::emitNewFunctionInternal):
3244         (JSC::BytecodeGenerator::emitNewFunctionExpression):
3245         (JSC::BytecodeGenerator::emitCallEval):
3246         (JSC::BytecodeGenerator::emitPushWithScope):
3247         (JSC::BytecodeGenerator::emitPushCatchScope):
3248         (JSC::BytecodeGenerator::createActivationIfNecessary): Deleted.
3249         * bytecompiler/BytecodeGenerator.h:
3250         * jit/JITOpcodes.cpp:
3251         (JSC::JIT::emit_op_create_activation):
3252         * jit/JITOpcodes32_64.cpp:
3253         (JSC::JIT::emit_op_create_activation):
3254         * llint/LowLevelInterpreter32_64.asm:
3255         * llint/LowLevelInterpreter64.asm:
3256
3257 2014-08-14  Tomas Popela  <tpopela@redhat.com>
3258
3259         Add support for ppc, ppc64, ppc64le, s390, s390x into the CMake build
3260         https://bugs.webkit.org/show_bug.cgi?id=135937
3261
3262         Reviewed by Carlos Garcia Campos.
3263
3264         * CMakeLists.txt:
3265
3266 2014-08-14  Akos Kiss  <akiss@inf.u-szeged.hu>
3267
3268         Fix JSC::ARM64Assembler::LinkRecord::RealTypes
3269         https://bugs.webkit.org/show_bug.cgi?id=135906
3270
3271         Reviewed by Michael Saboff.
3272
3273         JSC::ARM64Assembler::LinkRecord::RealTypes::m_compareRegister is defined
3274         to occupy 5 bits but JSC::ARM64Assembler::RegisterID needs 6 bits. So,
3275         increase the size of the bit field and also reorganize the struct to 
3276         better align with word boundaries.
3277
3278         * assembler/ARM64Assembler.h:
3279
3280 2014-08-13  Akos Kiss  <akiss@inf.u-szeged.hu>
3281
3282         Add ARM64 support to CMake-based builds
3283         https://bugs.webkit.org/show_bug.cgi?id=135912
3284
3285         Reviewed by Gyuyoung Kim.
3286
3287         This patch ensures that CMake does not fail with Unknown CPU error when
3288         building for ARM64.
3289
3290         * CMakeLists.txt:
3291
3292 2014-08-13  Wenson Hsieh  <wenson_hsieh@apple.com>
3293
3294         Enable CSS_SCROLL_SNAP for iOS
3295         https://bugs.webkit.org/show_bug.cgi?id=135915
3296
3297         Turn on CSS_SCROLL_SNAP for iOS and the iOS simulator.
3298
3299         Reviewed by Tim Horton.
3300
3301         * Configurations/FeatureDefines.xcconfig:
3302
3303 2014-08-13  Alex Christensen  <achristensen@webkit.org>
3304
3305         Progress towards CMake on Mac.
3306         https://bugs.webkit.org/show_bug.cgi?id=135819
3307
3308         Reviewed by Laszlo Gombos.
3309
3310         * CMakeLists.txt:
3311         Add the remote inspector headers to the forwarding headers list.
3312
3313 2014-08-13  Daniel Bates  <dabates@apple.com>
3314
3315         [iOS] Make JavaScriptCore and bmalloc build with the public SDK
3316         https://bugs.webkit.org/show_bug.cgi?id=135848
3317
3318         Reviewed by Geoffrey Garen.
3319
3320         * API/JSBase.h: Declare NSMap functions with external linkage when building for iOS without the
3321         header <Foundation/NSMapTablePriv.h>.
3322         * inspector/remote/RemoteInspector.mm: Define XPC functions with external linkage when building
3323         without the system header <xpc/xpc.h>.
3324         * inspector/remote/RemoteInspectorXPCConnection.h: Define xpc_connection_t and xpc_object_t when building
3325         without the system header <xpc/xpc.h>.
3326         * inspector/remote/RemoteInspectorXPCConnection.mm: Declare XPC functions with external linkage when
3327         building without without the system header <xpc/xpc.h>.
3328         (Inspector::RemoteInspectorXPCConnection::closeOnQueue): Fix code style; use nullptr instead of NULL.
3329         (Inspector::RemoteInspectorXPCConnection::sendMessage): Ditto.
3330
3331 2014-08-12  Peyton Randolph  <prandolph@apple.com>
3332
3333         Runtime switch for long mouse press gesture. Part of 135257 - Add long mouse press gesture.